ip_output.c revision 99891
1/* 2 * Copyright (c) 1982, 1986, 1988, 1990, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 34 * $FreeBSD: head/sys/netinet/ip_output.c 99891 2002-07-12 22:08:47Z luigi $ 35 */ 36 37#define _IP_VHL 38 39#include "opt_ipfw.h" 40#include "opt_ipdn.h" 41#include "opt_ipdivert.h" 42#include "opt_ipfilter.h" 43#include "opt_ipsec.h" 44#include "opt_pfil_hooks.h" 45#include "opt_random_ip_id.h" 46 47#include <sys/param.h> 48#include <sys/systm.h> 49#include <sys/kernel.h> 50#include <sys/malloc.h> 51#include <sys/mbuf.h> 52#include <sys/protosw.h> 53#include <sys/socket.h> 54#include <sys/socketvar.h> 55 56#include <net/if.h> 57#include <net/route.h> 58 59#include <netinet/in.h> 60#include <netinet/in_systm.h> 61#include <netinet/ip.h> 62#include <netinet/in_pcb.h> 63#include <netinet/in_var.h> 64#include <netinet/ip_var.h> 65 66#include <machine/in_cksum.h> 67 68static MALLOC_DEFINE(M_IPMOPTS, "ip_moptions", "internet multicast options"); 69 70#ifdef IPSEC 71#include <netinet6/ipsec.h> 72#include <netkey/key.h> 73#ifdef IPSEC_DEBUG 74#include <netkey/key_debug.h> 75#else 76#define KEYDEBUG(lev,arg) 77#endif 78#endif /*IPSEC*/ 79 80#include <netinet/ip_fw.h> 81#include <netinet/ip_dummynet.h> 82 83#define print_ip(x, a, y) printf("%s %d.%d.%d.%d%s",\ 84 x, (ntohl(a.s_addr)>>24)&0xFF,\ 85 (ntohl(a.s_addr)>>16)&0xFF,\ 86 (ntohl(a.s_addr)>>8)&0xFF,\ 87 (ntohl(a.s_addr))&0xFF, y); 88 89u_short ip_id; 90 91static struct mbuf *ip_insertoptions(struct mbuf *, struct mbuf *, int *); 92static struct ifnet *ip_multicast_if(struct in_addr *, int *); 93static void ip_mloopback 94 (struct ifnet *, struct mbuf *, struct sockaddr_in *, int); 95static int ip_getmoptions 96 (struct sockopt *, struct ip_moptions *); 97static int ip_pcbopts(int, struct mbuf **, struct mbuf *); 98static int ip_setmoptions 99 (struct sockopt *, struct ip_moptions **); 100 101int ip_optcopy(struct ip *, struct ip *); 102 103 104extern struct protosw inetsw[]; 105 106/* 107 * IP output. The packet in mbuf chain m contains a skeletal IP 108 * header (with len, off, ttl, proto, tos, src, dst). 109 * The mbuf chain containing the packet will be freed. 110 * The mbuf opt, if present, will not be freed. 111 */ 112int 113ip_output(m0, opt, ro, flags, imo) 114 struct mbuf *m0; 115 struct mbuf *opt; 116 struct route *ro; 117 int flags; 118 struct ip_moptions *imo; 119{ 120 struct ip *ip, *mhip; 121 struct ifnet *ifp = NULL; /* keep compiler happy */ 122 struct mbuf *m; 123 int hlen = sizeof (struct ip); 124 int len, off, error = 0; 125 struct sockaddr_in *dst = NULL; /* keep compiler happy */ 126 struct in_ifaddr *ia = NULL; 127 int isbroadcast, sw_csum; 128 struct in_addr pkt_dst; 129#ifdef IPSEC 130 struct route iproute; 131 struct socket *so = NULL; 132 struct secpolicy *sp = NULL; 133#endif 134 struct ip_fw_args args; 135 int src_was_INADDR_ANY = 0; /* as the name says... */ 136#ifdef PFIL_HOOKS 137 struct packet_filter_hook *pfh; 138 struct mbuf *m1; 139 int rv; 140#endif /* PFIL_HOOKS */ 141 142 args.eh = NULL; 143 args.rule = NULL; 144 args.next_hop = NULL; 145 args.divert_rule = 0; /* divert cookie */ 146 147 /* Grab info from MT_TAG mbufs prepended to the chain. */ 148 for (; m0 && m0->m_type == MT_TAG; m0 = m0->m_next) { 149 switch(m0->m_tag_id) { 150 default: 151 printf("ip_output: unrecognised MT_TAG tag %d\n", 152 m0->m_tag_id); 153 break; 154 155 case PACKET_TAG_DUMMYNET: 156 /* 157 * the packet was already tagged, so part of the 158 * processing was already done, and we need to go down. 159 * Get parameters from the header. 160 */ 161 args.rule = ((struct dn_pkt *)m0)->rule; 162 opt = NULL ; 163 ro = & ( ((struct dn_pkt *)m0)->ro ) ; 164 imo = NULL ; 165 dst = ((struct dn_pkt *)m0)->dn_dst ; 166 ifp = ((struct dn_pkt *)m0)->ifp ; 167 flags = ((struct dn_pkt *)m0)->flags ; 168 break; 169 170 case PACKET_TAG_DIVERT: 171 args.divert_rule = (intptr_t)m0->m_data & 0xffff; 172 break; 173 174 case PACKET_TAG_IPFORWARD: 175 args.next_hop = (struct sockaddr_in *)m0->m_data; 176 break; 177 } 178 } 179 m = m0; 180 181 KASSERT(!m || (m->m_flags & M_PKTHDR) != 0, ("ip_output: no HDR")); 182 183 KASSERT(ro != NULL, ("ip_output: no route, proto %d", 184 mtod(m, struct ip *)->ip_p)); 185 186#ifdef IPSEC 187 so = ipsec_getsocket(m); 188 (void)ipsec_setsocket(m, NULL); 189#endif 190 if (args.rule != NULL) { /* dummynet already saw us */ 191 ip = mtod(m, struct ip *); 192 hlen = IP_VHL_HL(ip->ip_vhl) << 2 ; 193 if (ro->ro_rt) 194 ia = ifatoia(ro->ro_rt->rt_ifa); 195 goto sendit; 196 } 197 198 if (opt) { 199 m = ip_insertoptions(m, opt, &len); 200 hlen = len; 201 } 202 ip = mtod(m, struct ip *); 203 pkt_dst = args.next_hop ? args.next_hop->sin_addr : ip->ip_dst; 204 205 /* 206 * Fill in IP header. 207 */ 208 if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) { 209 ip->ip_vhl = IP_MAKE_VHL(IPVERSION, hlen >> 2); 210 ip->ip_off &= IP_DF; 211#ifdef RANDOM_IP_ID 212 ip->ip_id = ip_randomid(); 213#else 214 ip->ip_id = htons(ip_id++); 215#endif 216 ipstat.ips_localout++; 217 } else { 218 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 219 } 220 221 dst = (struct sockaddr_in *)&ro->ro_dst; 222 /* 223 * If there is a cached route, 224 * check that it is to the same destination 225 * and is still up. If not, free it and try again. 226 * The address family should also be checked in case of sharing the 227 * cache with IPv6. 228 */ 229 if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 || 230 dst->sin_family != AF_INET || 231 dst->sin_addr.s_addr != pkt_dst.s_addr)) { 232 RTFREE(ro->ro_rt); 233 ro->ro_rt = (struct rtentry *)0; 234 } 235 if (ro->ro_rt == 0) { 236 bzero(dst, sizeof(*dst)); 237 dst->sin_family = AF_INET; 238 dst->sin_len = sizeof(*dst); 239 dst->sin_addr = pkt_dst; 240 } 241 /* 242 * If routing to interface only, 243 * short circuit routing lookup. 244 */ 245 if (flags & IP_ROUTETOIF) { 246 if ((ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == 0 && 247 (ia = ifatoia(ifa_ifwithnet(sintosa(dst)))) == 0) { 248 ipstat.ips_noroute++; 249 error = ENETUNREACH; 250 goto bad; 251 } 252 ifp = ia->ia_ifp; 253 ip->ip_ttl = 1; 254 isbroadcast = in_broadcast(dst->sin_addr, ifp); 255 } else if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) && 256 imo != NULL && imo->imo_multicast_ifp != NULL) { 257 /* 258 * Bypass the normal routing lookup for multicast 259 * packets if the interface is specified. 260 */ 261 ifp = imo->imo_multicast_ifp; 262 IFP_TO_IA(ifp, ia); 263 isbroadcast = 0; /* fool gcc */ 264 } else { 265 /* 266 * If this is the case, we probably don't want to allocate 267 * a protocol-cloned route since we didn't get one from the 268 * ULP. This lets TCP do its thing, while not burdening 269 * forwarding or ICMP with the overhead of cloning a route. 270 * Of course, we still want to do any cloning requested by 271 * the link layer, as this is probably required in all cases 272 * for correct operation (as it is for ARP). 273 */ 274 if (ro->ro_rt == 0) 275 rtalloc_ign(ro, RTF_PRCLONING); 276 if (ro->ro_rt == 0) { 277 ipstat.ips_noroute++; 278 error = EHOSTUNREACH; 279 goto bad; 280 } 281 ia = ifatoia(ro->ro_rt->rt_ifa); 282 ifp = ro->ro_rt->rt_ifp; 283 ro->ro_rt->rt_use++; 284 if (ro->ro_rt->rt_flags & RTF_GATEWAY) 285 dst = (struct sockaddr_in *)ro->ro_rt->rt_gateway; 286 if (ro->ro_rt->rt_flags & RTF_HOST) 287 isbroadcast = (ro->ro_rt->rt_flags & RTF_BROADCAST); 288 else 289 isbroadcast = in_broadcast(dst->sin_addr, ifp); 290 } 291 if (IN_MULTICAST(ntohl(pkt_dst.s_addr))) { 292 struct in_multi *inm; 293 294 m->m_flags |= M_MCAST; 295 /* 296 * IP destination address is multicast. Make sure "dst" 297 * still points to the address in "ro". (It may have been 298 * changed to point to a gateway address, above.) 299 */ 300 dst = (struct sockaddr_in *)&ro->ro_dst; 301 /* 302 * See if the caller provided any multicast options 303 */ 304 if (imo != NULL) { 305 ip->ip_ttl = imo->imo_multicast_ttl; 306 if (imo->imo_multicast_vif != -1) 307 ip->ip_src.s_addr = 308 ip_mcast_src(imo->imo_multicast_vif); 309 } else 310 ip->ip_ttl = IP_DEFAULT_MULTICAST_TTL; 311 /* 312 * Confirm that the outgoing interface supports multicast. 313 */ 314 if ((imo == NULL) || (imo->imo_multicast_vif == -1)) { 315 if ((ifp->if_flags & IFF_MULTICAST) == 0) { 316 ipstat.ips_noroute++; 317 error = ENETUNREACH; 318 goto bad; 319 } 320 } 321 /* 322 * If source address not specified yet, use address 323 * of outgoing interface. 324 */ 325 if (ip->ip_src.s_addr == INADDR_ANY) { 326 /* Interface may have no addresses. */ 327 if (ia != NULL) 328 ip->ip_src = IA_SIN(ia)->sin_addr; 329 } 330 331 if (ip_mrouter && (flags & IP_FORWARDING) == 0) { 332 /* 333 * XXX 334 * delayed checksums are not currently 335 * compatible with IP multicast routing 336 */ 337 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 338 in_delayed_cksum(m); 339 m->m_pkthdr.csum_flags &= 340 ~CSUM_DELAY_DATA; 341 } 342 } 343 IN_LOOKUP_MULTI(pkt_dst, ifp, inm); 344 if (inm != NULL && 345 (imo == NULL || imo->imo_multicast_loop)) { 346 /* 347 * If we belong to the destination multicast group 348 * on the outgoing interface, and the caller did not 349 * forbid loopback, loop back a copy. 350 */ 351 ip_mloopback(ifp, m, dst, hlen); 352 } 353 else { 354 /* 355 * If we are acting as a multicast router, perform 356 * multicast forwarding as if the packet had just 357 * arrived on the interface to which we are about 358 * to send. The multicast forwarding function 359 * recursively calls this function, using the 360 * IP_FORWARDING flag to prevent infinite recursion. 361 * 362 * Multicasts that are looped back by ip_mloopback(), 363 * above, will be forwarded by the ip_input() routine, 364 * if necessary. 365 */ 366 if (ip_mrouter && (flags & IP_FORWARDING) == 0) { 367 /* 368 * Check if rsvp daemon is running. If not, don't 369 * set ip_moptions. This ensures that the packet 370 * is multicast and not just sent down one link 371 * as prescribed by rsvpd. 372 */ 373 if (!rsvp_on) 374 imo = NULL; 375 if (ip_mforward(ip, ifp, m, imo) != 0) { 376 m_freem(m); 377 goto done; 378 } 379 } 380 } 381 382 /* 383 * Multicasts with a time-to-live of zero may be looped- 384 * back, above, but must not be transmitted on a network. 385 * Also, multicasts addressed to the loopback interface 386 * are not sent -- the above call to ip_mloopback() will 387 * loop back a copy if this host actually belongs to the 388 * destination group on the loopback interface. 389 */ 390 if (ip->ip_ttl == 0 || ifp->if_flags & IFF_LOOPBACK) { 391 m_freem(m); 392 goto done; 393 } 394 395 goto sendit; 396 } 397#ifndef notdef 398 /* 399 * If the source address is not specified yet, use the address 400 * of the outoing interface. In case, keep note we did that, so 401 * if the the firewall changes the next-hop causing the output 402 * interface to change, we can fix that. 403 */ 404 if (ip->ip_src.s_addr == INADDR_ANY) { 405 /* Interface may have no addresses. */ 406 if (ia != NULL) { 407 ip->ip_src = IA_SIN(ia)->sin_addr; 408 src_was_INADDR_ANY = 1; 409 } 410 } 411#endif /* notdef */ 412 /* 413 * Verify that we have any chance at all of being able to queue 414 * the packet or packet fragments 415 */ 416 if ((ifp->if_snd.ifq_len + ip->ip_len / ifp->if_mtu + 1) >= 417 ifp->if_snd.ifq_maxlen) { 418 error = ENOBUFS; 419 ipstat.ips_odropped++; 420 goto bad; 421 } 422 423 /* 424 * Look for broadcast address and 425 * verify user is allowed to send 426 * such a packet. 427 */ 428 if (isbroadcast) { 429 if ((ifp->if_flags & IFF_BROADCAST) == 0) { 430 error = EADDRNOTAVAIL; 431 goto bad; 432 } 433 if ((flags & IP_ALLOWBROADCAST) == 0) { 434 error = EACCES; 435 goto bad; 436 } 437 /* don't allow broadcast messages to be fragmented */ 438 if ((u_short)ip->ip_len > ifp->if_mtu) { 439 error = EMSGSIZE; 440 goto bad; 441 } 442 m->m_flags |= M_BCAST; 443 } else { 444 m->m_flags &= ~M_BCAST; 445 } 446 447sendit: 448#ifdef IPSEC 449 /* get SP for this packet */ 450 if (so == NULL) 451 sp = ipsec4_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND, flags, &error); 452 else 453 sp = ipsec4_getpolicybysock(m, IPSEC_DIR_OUTBOUND, so, &error); 454 455 if (sp == NULL) { 456 ipsecstat.out_inval++; 457 goto bad; 458 } 459 460 error = 0; 461 462 /* check policy */ 463 switch (sp->policy) { 464 case IPSEC_POLICY_DISCARD: 465 /* 466 * This packet is just discarded. 467 */ 468 ipsecstat.out_polvio++; 469 goto bad; 470 471 case IPSEC_POLICY_BYPASS: 472 case IPSEC_POLICY_NONE: 473 /* no need to do IPsec. */ 474 goto skip_ipsec; 475 476 case IPSEC_POLICY_IPSEC: 477 if (sp->req == NULL) { 478 /* acquire a policy */ 479 error = key_spdacquire(sp); 480 goto bad; 481 } 482 break; 483 484 case IPSEC_POLICY_ENTRUST: 485 default: 486 printf("ip_output: Invalid policy found. %d\n", sp->policy); 487 } 488 { 489 struct ipsec_output_state state; 490 bzero(&state, sizeof(state)); 491 state.m = m; 492 if (flags & IP_ROUTETOIF) { 493 state.ro = &iproute; 494 bzero(&iproute, sizeof(iproute)); 495 } else 496 state.ro = ro; 497 state.dst = (struct sockaddr *)dst; 498 499 ip->ip_sum = 0; 500 501 /* 502 * XXX 503 * delayed checksums are not currently compatible with IPsec 504 */ 505 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 506 in_delayed_cksum(m); 507 m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; 508 } 509 510 ip->ip_len = htons(ip->ip_len); 511 ip->ip_off = htons(ip->ip_off); 512 513 error = ipsec4_output(&state, sp, flags); 514 515 m = state.m; 516 if (flags & IP_ROUTETOIF) { 517 /* 518 * if we have tunnel mode SA, we may need to ignore 519 * IP_ROUTETOIF. 520 */ 521 if (state.ro != &iproute || state.ro->ro_rt != NULL) { 522 flags &= ~IP_ROUTETOIF; 523 ro = state.ro; 524 } 525 } else 526 ro = state.ro; 527 dst = (struct sockaddr_in *)state.dst; 528 if (error) { 529 /* mbuf is already reclaimed in ipsec4_output. */ 530 m0 = NULL; 531 switch (error) { 532 case EHOSTUNREACH: 533 case ENETUNREACH: 534 case EMSGSIZE: 535 case ENOBUFS: 536 case ENOMEM: 537 break; 538 default: 539 printf("ip4_output (ipsec): error code %d\n", error); 540 /*fall through*/ 541 case ENOENT: 542 /* don't show these error codes to the user */ 543 error = 0; 544 break; 545 } 546 goto bad; 547 } 548 } 549 550 /* be sure to update variables that are affected by ipsec4_output() */ 551 ip = mtod(m, struct ip *); 552#ifdef _IP_VHL 553 hlen = IP_VHL_HL(ip->ip_vhl) << 2; 554#else 555 hlen = ip->ip_hl << 2; 556#endif 557 if (ro->ro_rt == NULL) { 558 if ((flags & IP_ROUTETOIF) == 0) { 559 printf("ip_output: " 560 "can't update route after IPsec processing\n"); 561 error = EHOSTUNREACH; /*XXX*/ 562 goto bad; 563 } 564 } else { 565 ia = ifatoia(ro->ro_rt->rt_ifa); 566 ifp = ro->ro_rt->rt_ifp; 567 } 568 569 /* make it flipped, again. */ 570 ip->ip_len = ntohs(ip->ip_len); 571 ip->ip_off = ntohs(ip->ip_off); 572skip_ipsec: 573#endif /*IPSEC*/ 574 575 /* 576 * IpHack's section. 577 * - Xlate: translate packet's addr/port (NAT). 578 * - Firewall: deny/allow/etc. 579 * - Wrap: fake packet's addr/port <unimpl.> 580 * - Encapsulate: put it in another IP and send out. <unimp.> 581 */ 582#ifdef PFIL_HOOKS 583 /* 584 * Run through list of hooks for output packets. 585 */ 586 m1 = m; 587 pfh = pfil_hook_get(PFIL_OUT, &inetsw[ip_protox[IPPROTO_IP]].pr_pfh); 588 for (; pfh; pfh = TAILQ_NEXT(pfh, pfil_link)) 589 if (pfh->pfil_func) { 590 rv = pfh->pfil_func(ip, hlen, ifp, 1, &m1); 591 if (rv) { 592 error = EHOSTUNREACH; 593 goto done; 594 } 595 m = m1; 596 if (m == NULL) 597 goto done; 598 ip = mtod(m, struct ip *); 599 } 600#endif /* PFIL_HOOKS */ 601 602 /* 603 * Check with the firewall... 604 * but not if we are already being fwd'd from a firewall. 605 */ 606 if (fw_enable && IPFW_LOADED && !args.next_hop) { 607 struct sockaddr_in *old = dst; 608 609 args.m = m; 610 args.next_hop = dst; 611 args.oif = ifp; 612 off = ip_fw_chk_ptr(&args); 613 m = args.m; 614 dst = args.next_hop; 615 616 /* 617 * On return we must do the following: 618 * m == NULL -> drop the pkt (old interface, deprecated) 619 * (off & IP_FW_PORT_DENY_FLAG) -> drop the pkt (new interface) 620 * 1<=off<= 0xffff -> DIVERT 621 * (off & IP_FW_PORT_DYNT_FLAG) -> send to a DUMMYNET pipe 622 * (off & IP_FW_PORT_TEE_FLAG) -> TEE the packet 623 * dst != old -> IPFIREWALL_FORWARD 624 * off==0, dst==old -> accept 625 * If some of the above modules are not compiled in, then 626 * we should't have to check the corresponding condition 627 * (because the ipfw control socket should not accept 628 * unsupported rules), but better play safe and drop 629 * packets in case of doubt. 630 */ 631 if ( (off & IP_FW_PORT_DENY_FLAG) || m == NULL) { 632 if (m) 633 m_freem(m); 634 error = EACCES; 635 goto done; 636 } 637 ip = mtod(m, struct ip *); 638 if (off == 0 && dst == old) /* common case */ 639 goto pass; 640 if (DUMMYNET_LOADED && (off & IP_FW_PORT_DYNT_FLAG) != 0) { 641 /* 642 * pass the pkt to dummynet. Need to include 643 * pipe number, m, ifp, ro, dst because these are 644 * not recomputed in the next pass. 645 * All other parameters have been already used and 646 * so they are not needed anymore. 647 * XXX note: if the ifp or ro entry are deleted 648 * while a pkt is in dummynet, we are in trouble! 649 */ 650 args.ro = ro; 651 args.dst = dst; 652 args.flags = flags; 653 654 error = ip_dn_io_ptr(m, off & 0xffff, DN_TO_IP_OUT, 655 &args); 656 goto done; 657 } 658#ifdef IPDIVERT 659 if (off != 0 && (off & IP_FW_PORT_DYNT_FLAG) == 0) { 660 struct mbuf *clone = NULL; 661 662 /* Clone packet if we're doing a 'tee' */ 663 if ((off & IP_FW_PORT_TEE_FLAG) != 0) 664 clone = m_dup(m, M_DONTWAIT); 665 666 /* 667 * XXX 668 * delayed checksums are not currently compatible 669 * with divert sockets. 670 */ 671 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 672 in_delayed_cksum(m); 673 m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; 674 } 675 676 /* Restore packet header fields to original values */ 677 ip->ip_len = htons(ip->ip_len); 678 ip->ip_off = htons(ip->ip_off); 679 680 /* Deliver packet to divert input routine */ 681 divert_packet(m, 0, off & 0xffff, args.divert_rule); 682 683 /* If 'tee', continue with original packet */ 684 if (clone != NULL) { 685 m = clone; 686 ip = mtod(m, struct ip *); 687 goto pass; 688 } 689 goto done; 690 } 691#endif 692 693 /* IPFIREWALL_FORWARD */ 694 /* 695 * Check dst to make sure it is directly reachable on the 696 * interface we previously thought it was. 697 * If it isn't (which may be likely in some situations) we have 698 * to re-route it (ie, find a route for the next-hop and the 699 * associated interface) and set them here. This is nested 700 * forwarding which in most cases is undesirable, except where 701 * such control is nigh impossible. So we do it here. 702 * And I'm babbling. 703 */ 704 if (off == 0 && old != dst) { /* FORWARD, dst has changed */ 705#if 0 706 /* 707 * XXX To improve readability, this block should be 708 * changed into a function call as below: 709 */ 710 error = ip_ipforward(&m, &dst, &ifp); 711 if (error) 712 goto bad; 713 if (m == NULL) /* ip_input consumed the mbuf */ 714 goto done; 715#else 716 struct in_ifaddr *ia; 717 718 /* 719 * XXX sro_fwd below is static, and a pointer 720 * to it gets passed to routines downstream. 721 * This could have surprisingly bad results in 722 * practice, because its content is overwritten 723 * by subsequent packets. 724 */ 725 /* There must be a better way to do this next line... */ 726 static struct route sro_fwd; 727 struct route *ro_fwd = &sro_fwd; 728 729#if 0 730 print_ip("IPFIREWALL_FORWARD: New dst ip: ", 731 dst->sin_addr, "\n"); 732#endif 733 734 /* 735 * We need to figure out if we have been forwarded 736 * to a local socket. If so, then we should somehow 737 * "loop back" to ip_input, and get directed to the 738 * PCB as if we had received this packet. This is 739 * because it may be dificult to identify the packets 740 * you want to forward until they are being output 741 * and have selected an interface. (e.g. locally 742 * initiated packets) If we used the loopback inteface, 743 * we would not be able to control what happens 744 * as the packet runs through ip_input() as 745 * it is done through a ISR. 746 */ 747 LIST_FOREACH(ia, 748 INADDR_HASH(dst->sin_addr.s_addr), ia_hash) { 749 /* 750 * If the addr to forward to is one 751 * of ours, we pretend to 752 * be the destination for this packet. 753 */ 754 if (IA_SIN(ia)->sin_addr.s_addr == 755 dst->sin_addr.s_addr) 756 break; 757 } 758 if (ia) { /* tell ip_input "dont filter" */ 759 struct m_hdr tag; 760 761 tag.mh_type = MT_TAG; 762 tag.mh_flags = PACKET_TAG_IPFORWARD; 763 tag.mh_data = (caddr_t)args.next_hop; 764 tag.mh_next = m; 765 766 if (m->m_pkthdr.rcvif == NULL) 767 m->m_pkthdr.rcvif = ifunit("lo0"); 768 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 769 m->m_pkthdr.csum_flags |= 770 CSUM_DATA_VALID | CSUM_PSEUDO_HDR; 771 m0->m_pkthdr.csum_data = 0xffff; 772 } 773 m->m_pkthdr.csum_flags |= 774 CSUM_IP_CHECKED | CSUM_IP_VALID; 775 ip->ip_len = htons(ip->ip_len); 776 ip->ip_off = htons(ip->ip_off); 777 ip_input((struct mbuf *)&tag); 778 goto done; 779 } 780 /* Some of the logic for this was 781 * nicked from above. 782 * 783 * This rewrites the cached route in a local PCB. 784 * Is this what we want to do? 785 */ 786 bcopy(dst, &ro_fwd->ro_dst, sizeof(*dst)); 787 788 ro_fwd->ro_rt = 0; 789 rtalloc_ign(ro_fwd, RTF_PRCLONING); 790 791 if (ro_fwd->ro_rt == 0) { 792 ipstat.ips_noroute++; 793 error = EHOSTUNREACH; 794 goto bad; 795 } 796 797 ia = ifatoia(ro_fwd->ro_rt->rt_ifa); 798 ifp = ro_fwd->ro_rt->rt_ifp; 799 ro_fwd->ro_rt->rt_use++; 800 if (ro_fwd->ro_rt->rt_flags & RTF_GATEWAY) 801 dst = (struct sockaddr_in *) 802 ro_fwd->ro_rt->rt_gateway; 803 if (ro_fwd->ro_rt->rt_flags & RTF_HOST) 804 isbroadcast = 805 (ro_fwd->ro_rt->rt_flags & RTF_BROADCAST); 806 else 807 isbroadcast = in_broadcast(dst->sin_addr, ifp); 808 if (ro->ro_rt) 809 RTFREE(ro->ro_rt); 810 ro->ro_rt = ro_fwd->ro_rt; 811 dst = (struct sockaddr_in *)&ro_fwd->ro_dst; 812 813#endif /* ... block to be put into a function */ 814 /* 815 * If we added a default src ip earlier, 816 * which would have been gotten from the-then 817 * interface, do it again, from the new one. 818 */ 819 if (src_was_INADDR_ANY) 820 ip->ip_src = IA_SIN(ia)->sin_addr; 821 goto pass ; 822 } 823 824 /* 825 * if we get here, none of the above matches, and 826 * we have to drop the pkt 827 */ 828 m_freem(m); 829 error = EACCES; /* not sure this is the right error msg */ 830 goto done; 831 } 832 833pass: 834 /* 127/8 must not appear on wire - RFC1122. */ 835 if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || 836 (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { 837 if ((ifp->if_flags & IFF_LOOPBACK) == 0) { 838 ipstat.ips_badaddr++; 839 error = EADDRNOTAVAIL; 840 goto bad; 841 } 842 } 843 844 m->m_pkthdr.csum_flags |= CSUM_IP; 845 sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_hwassist; 846 if (sw_csum & CSUM_DELAY_DATA) { 847 in_delayed_cksum(m); 848 sw_csum &= ~CSUM_DELAY_DATA; 849 } 850 m->m_pkthdr.csum_flags &= ifp->if_hwassist; 851 852 /* 853 * If small enough for interface, or the interface will take 854 * care of the fragmentation for us, can just send directly. 855 */ 856 if ((u_short)ip->ip_len <= ifp->if_mtu || 857 ifp->if_hwassist & CSUM_FRAGMENT) { 858 ip->ip_len = htons(ip->ip_len); 859 ip->ip_off = htons(ip->ip_off); 860 ip->ip_sum = 0; 861 if (sw_csum & CSUM_DELAY_IP) { 862 if (ip->ip_vhl == IP_VHL_BORING) { 863 ip->ip_sum = in_cksum_hdr(ip); 864 } else { 865 ip->ip_sum = in_cksum(m, hlen); 866 } 867 } 868 869 /* Record statistics for this interface address. */ 870 if (!(flags & IP_FORWARDING) && ia) { 871 ia->ia_ifa.if_opackets++; 872 ia->ia_ifa.if_obytes += m->m_pkthdr.len; 873 } 874 875#ifdef IPSEC 876 /* clean ipsec history once it goes out of the node */ 877 ipsec_delaux(m); 878#endif 879 880 error = (*ifp->if_output)(ifp, m, 881 (struct sockaddr *)dst, ro->ro_rt); 882 goto done; 883 } 884 /* 885 * Too large for interface; fragment if possible. 886 * Must be able to put at least 8 bytes per fragment. 887 */ 888 if (ip->ip_off & IP_DF) { 889 error = EMSGSIZE; 890 /* 891 * This case can happen if the user changed the MTU 892 * of an interface after enabling IP on it. Because 893 * most netifs don't keep track of routes pointing to 894 * them, there is no way for one to update all its 895 * routes when the MTU is changed. 896 */ 897 if ((ro->ro_rt->rt_flags & (RTF_UP | RTF_HOST)) 898 && !(ro->ro_rt->rt_rmx.rmx_locks & RTV_MTU) 899 && (ro->ro_rt->rt_rmx.rmx_mtu > ifp->if_mtu)) { 900 ro->ro_rt->rt_rmx.rmx_mtu = ifp->if_mtu; 901 } 902 ipstat.ips_cantfrag++; 903 goto bad; 904 } 905 len = (ifp->if_mtu - hlen) &~ 7; 906 if (len < 8) { 907 error = EMSGSIZE; 908 goto bad; 909 } 910 911 /* 912 * if the interface will not calculate checksums on 913 * fragmented packets, then do it here. 914 */ 915 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA && 916 (ifp->if_hwassist & CSUM_IP_FRAGS) == 0) { 917 in_delayed_cksum(m); 918 m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; 919 } 920 921 if (len > PAGE_SIZE) { 922 /* 923 * Fragement large datagrams such that each segment 924 * contains a multiple of PAGE_SIZE amount of data, 925 * plus headers. This enables a receiver to perform 926 * page-flipping zero-copy optimizations. 927 */ 928 929 int newlen; 930 struct mbuf *mtmp; 931 932 for (mtmp = m, off = 0; 933 mtmp && ((off + mtmp->m_len) <= ifp->if_mtu); 934 mtmp = mtmp->m_next) { 935 off += mtmp->m_len; 936 } 937 /* 938 * firstlen (off - hlen) must be aligned on an 939 * 8-byte boundary 940 */ 941 if (off < hlen) 942 goto smart_frag_failure; 943 off = ((off - hlen) & ~7) + hlen; 944 newlen = (~PAGE_MASK) & ifp->if_mtu; 945 if ((newlen + sizeof (struct ip)) > ifp->if_mtu) { 946 /* we failed, go back the default */ 947smart_frag_failure: 948 newlen = len; 949 off = hlen + len; 950 } 951 952/* printf("ipfrag: len = %d, hlen = %d, mhlen = %d, newlen = %d, off = %d\n", 953 len, hlen, sizeof (struct ip), newlen, off);*/ 954 955 len = newlen; 956 957 } else { 958 off = hlen + len; 959 } 960 961 962 963 { 964 int mhlen, firstlen = off - hlen; 965 struct mbuf **mnext = &m->m_nextpkt; 966 int nfrags = 1; 967 968 /* 969 * Loop through length of segment after first fragment, 970 * make new header and copy data of each part and link onto chain. 971 */ 972 m0 = m; 973 mhlen = sizeof (struct ip); 974 for (; off < (u_short)ip->ip_len; off += len) { 975 MGETHDR(m, M_DONTWAIT, MT_HEADER); 976 if (m == 0) { 977 error = ENOBUFS; 978 ipstat.ips_odropped++; 979 goto sendorfree; 980 } 981 m->m_flags |= (m0->m_flags & M_MCAST) | M_FRAG; 982 m->m_data += max_linkhdr; 983 mhip = mtod(m, struct ip *); 984 *mhip = *ip; 985 if (hlen > sizeof (struct ip)) { 986 mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip); 987 mhip->ip_vhl = IP_MAKE_VHL(IPVERSION, mhlen >> 2); 988 } 989 m->m_len = mhlen; 990 mhip->ip_off = ((off - hlen) >> 3) + ip->ip_off; 991 if (off + len >= (u_short)ip->ip_len) 992 len = (u_short)ip->ip_len - off; 993 else 994 mhip->ip_off |= IP_MF; 995 mhip->ip_len = htons((u_short)(len + mhlen)); 996 m->m_next = m_copy(m0, off, len); 997 if (m->m_next == 0) { 998 (void) m_free(m); 999 error = ENOBUFS; /* ??? */ 1000 ipstat.ips_odropped++; 1001 goto sendorfree; 1002 } 1003 m->m_pkthdr.len = mhlen + len; 1004 m->m_pkthdr.rcvif = (struct ifnet *)0; 1005 m->m_pkthdr.csum_flags = m0->m_pkthdr.csum_flags; 1006 mhip->ip_off = htons(mhip->ip_off); 1007 mhip->ip_sum = 0; 1008 if (sw_csum & CSUM_DELAY_IP) { 1009 if (mhip->ip_vhl == IP_VHL_BORING) { 1010 mhip->ip_sum = in_cksum_hdr(mhip); 1011 } else { 1012 mhip->ip_sum = in_cksum(m, mhlen); 1013 } 1014 } 1015 *mnext = m; 1016 mnext = &m->m_nextpkt; 1017 nfrags++; 1018 } 1019 ipstat.ips_ofragments += nfrags; 1020 1021 /* set first/last markers for fragment chain */ 1022 m->m_flags |= M_LASTFRAG; 1023 m0->m_flags |= M_FIRSTFRAG | M_FRAG; 1024 m0->m_pkthdr.csum_data = nfrags; 1025 1026 /* 1027 * Update first fragment by trimming what's been copied out 1028 * and updating header, then send each fragment (in order). 1029 */ 1030 m = m0; 1031 m_adj(m, hlen + firstlen - (u_short)ip->ip_len); 1032 m->m_pkthdr.len = hlen + firstlen; 1033 ip->ip_len = htons((u_short)m->m_pkthdr.len); 1034 ip->ip_off |= IP_MF; 1035 ip->ip_off = htons(ip->ip_off); 1036 ip->ip_sum = 0; 1037 if (sw_csum & CSUM_DELAY_IP) { 1038 if (ip->ip_vhl == IP_VHL_BORING) { 1039 ip->ip_sum = in_cksum_hdr(ip); 1040 } else { 1041 ip->ip_sum = in_cksum(m, hlen); 1042 } 1043 } 1044sendorfree: 1045 for (m = m0; m; m = m0) { 1046 m0 = m->m_nextpkt; 1047 m->m_nextpkt = 0; 1048#ifdef IPSEC 1049 /* clean ipsec history once it goes out of the node */ 1050 ipsec_delaux(m); 1051#endif 1052 if (error == 0) { 1053 /* Record statistics for this interface address. */ 1054 if (ia != NULL) { 1055 ia->ia_ifa.if_opackets++; 1056 ia->ia_ifa.if_obytes += m->m_pkthdr.len; 1057 } 1058 1059 error = (*ifp->if_output)(ifp, m, 1060 (struct sockaddr *)dst, ro->ro_rt); 1061 } else 1062 m_freem(m); 1063 } 1064 1065 if (error == 0) 1066 ipstat.ips_fragmented++; 1067 } 1068done: 1069#ifdef IPSEC 1070 if (ro == &iproute && ro->ro_rt) { 1071 RTFREE(ro->ro_rt); 1072 ro->ro_rt = NULL; 1073 } 1074 if (sp != NULL) { 1075 KEYDEBUG(KEYDEBUG_IPSEC_STAMP, 1076 printf("DP ip_output call free SP:%p\n", sp)); 1077 key_freesp(sp); 1078 } 1079#endif /* IPSEC */ 1080 return (error); 1081bad: 1082 m_freem(m); 1083 goto done; 1084} 1085 1086void 1087in_delayed_cksum(struct mbuf *m) 1088{ 1089 struct ip *ip; 1090 u_short csum, offset; 1091 1092 ip = mtod(m, struct ip *); 1093 offset = IP_VHL_HL(ip->ip_vhl) << 2 ; 1094 csum = in_cksum_skip(m, ip->ip_len, offset); 1095 if (m->m_pkthdr.csum_flags & CSUM_UDP && csum == 0) 1096 csum = 0xffff; 1097 offset += m->m_pkthdr.csum_data; /* checksum offset */ 1098 1099 if (offset + sizeof(u_short) > m->m_len) { 1100 printf("delayed m_pullup, m->len: %d off: %d p: %d\n", 1101 m->m_len, offset, ip->ip_p); 1102 /* 1103 * XXX 1104 * this shouldn't happen, but if it does, the 1105 * correct behavior may be to insert the checksum 1106 * in the existing chain instead of rearranging it. 1107 */ 1108 m = m_pullup(m, offset + sizeof(u_short)); 1109 } 1110 *(u_short *)(m->m_data + offset) = csum; 1111} 1112 1113/* 1114 * Insert IP options into preformed packet. 1115 * Adjust IP destination as required for IP source routing, 1116 * as indicated by a non-zero in_addr at the start of the options. 1117 * 1118 * XXX This routine assumes that the packet has no options in place. 1119 */ 1120static struct mbuf * 1121ip_insertoptions(m, opt, phlen) 1122 register struct mbuf *m; 1123 struct mbuf *opt; 1124 int *phlen; 1125{ 1126 register struct ipoption *p = mtod(opt, struct ipoption *); 1127 struct mbuf *n; 1128 register struct ip *ip = mtod(m, struct ip *); 1129 unsigned optlen; 1130 1131 optlen = opt->m_len - sizeof(p->ipopt_dst); 1132 if (optlen + (u_short)ip->ip_len > IP_MAXPACKET) 1133 return (m); /* XXX should fail */ 1134 if (p->ipopt_dst.s_addr) 1135 ip->ip_dst = p->ipopt_dst; 1136 if (m->m_flags & M_EXT || m->m_data - optlen < m->m_pktdat) { 1137 MGETHDR(n, M_DONTWAIT, MT_HEADER); 1138 if (n == 0) 1139 return (m); 1140 n->m_pkthdr.rcvif = (struct ifnet *)0; 1141 n->m_pkthdr.len = m->m_pkthdr.len + optlen; 1142 m->m_len -= sizeof(struct ip); 1143 m->m_data += sizeof(struct ip); 1144 n->m_next = m; 1145 m = n; 1146 m->m_len = optlen + sizeof(struct ip); 1147 m->m_data += max_linkhdr; 1148 (void)memcpy(mtod(m, void *), ip, sizeof(struct ip)); 1149 } else { 1150 m->m_data -= optlen; 1151 m->m_len += optlen; 1152 m->m_pkthdr.len += optlen; 1153 ovbcopy((caddr_t)ip, mtod(m, caddr_t), sizeof(struct ip)); 1154 } 1155 ip = mtod(m, struct ip *); 1156 bcopy(p->ipopt_list, ip + 1, optlen); 1157 *phlen = sizeof(struct ip) + optlen; 1158 ip->ip_vhl = IP_MAKE_VHL(IPVERSION, *phlen >> 2); 1159 ip->ip_len += optlen; 1160 return (m); 1161} 1162 1163/* 1164 * Copy options from ip to jp, 1165 * omitting those not copied during fragmentation. 1166 */ 1167int 1168ip_optcopy(ip, jp) 1169 struct ip *ip, *jp; 1170{ 1171 register u_char *cp, *dp; 1172 int opt, optlen, cnt; 1173 1174 cp = (u_char *)(ip + 1); 1175 dp = (u_char *)(jp + 1); 1176 cnt = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof (struct ip); 1177 for (; cnt > 0; cnt -= optlen, cp += optlen) { 1178 opt = cp[0]; 1179 if (opt == IPOPT_EOL) 1180 break; 1181 if (opt == IPOPT_NOP) { 1182 /* Preserve for IP mcast tunnel's LSRR alignment. */ 1183 *dp++ = IPOPT_NOP; 1184 optlen = 1; 1185 continue; 1186 } 1187 1188 KASSERT(cnt >= IPOPT_OLEN + sizeof(*cp), 1189 ("ip_optcopy: malformed ipv4 option")); 1190 optlen = cp[IPOPT_OLEN]; 1191 KASSERT(optlen >= IPOPT_OLEN + sizeof(*cp) && optlen <= cnt, 1192 ("ip_optcopy: malformed ipv4 option")); 1193 1194 /* bogus lengths should have been caught by ip_dooptions */ 1195 if (optlen > cnt) 1196 optlen = cnt; 1197 if (IPOPT_COPIED(opt)) { 1198 bcopy(cp, dp, optlen); 1199 dp += optlen; 1200 } 1201 } 1202 for (optlen = dp - (u_char *)(jp+1); optlen & 0x3; optlen++) 1203 *dp++ = IPOPT_EOL; 1204 return (optlen); 1205} 1206 1207/* 1208 * IP socket option processing. 1209 */ 1210int 1211ip_ctloutput(so, sopt) 1212 struct socket *so; 1213 struct sockopt *sopt; 1214{ 1215 struct inpcb *inp = sotoinpcb(so); 1216 int error, optval; 1217 1218 error = optval = 0; 1219 if (sopt->sopt_level != IPPROTO_IP) { 1220 return (EINVAL); 1221 } 1222 1223 switch (sopt->sopt_dir) { 1224 case SOPT_SET: 1225 switch (sopt->sopt_name) { 1226 case IP_OPTIONS: 1227#ifdef notyet 1228 case IP_RETOPTS: 1229#endif 1230 { 1231 struct mbuf *m; 1232 if (sopt->sopt_valsize > MLEN) { 1233 error = EMSGSIZE; 1234 break; 1235 } 1236 MGET(m, sopt->sopt_td ? M_TRYWAIT : M_DONTWAIT, MT_HEADER); 1237 if (m == 0) { 1238 error = ENOBUFS; 1239 break; 1240 } 1241 m->m_len = sopt->sopt_valsize; 1242 error = sooptcopyin(sopt, mtod(m, char *), m->m_len, 1243 m->m_len); 1244 1245 return (ip_pcbopts(sopt->sopt_name, &inp->inp_options, 1246 m)); 1247 } 1248 1249 case IP_TOS: 1250 case IP_TTL: 1251 case IP_RECVOPTS: 1252 case IP_RECVRETOPTS: 1253 case IP_RECVDSTADDR: 1254 case IP_RECVIF: 1255 case IP_FAITH: 1256 error = sooptcopyin(sopt, &optval, sizeof optval, 1257 sizeof optval); 1258 if (error) 1259 break; 1260 1261 switch (sopt->sopt_name) { 1262 case IP_TOS: 1263 inp->inp_ip_tos = optval; 1264 break; 1265 1266 case IP_TTL: 1267 inp->inp_ip_ttl = optval; 1268 break; 1269#define OPTSET(bit) \ 1270 if (optval) \ 1271 inp->inp_flags |= bit; \ 1272 else \ 1273 inp->inp_flags &= ~bit; 1274 1275 case IP_RECVOPTS: 1276 OPTSET(INP_RECVOPTS); 1277 break; 1278 1279 case IP_RECVRETOPTS: 1280 OPTSET(INP_RECVRETOPTS); 1281 break; 1282 1283 case IP_RECVDSTADDR: 1284 OPTSET(INP_RECVDSTADDR); 1285 break; 1286 1287 case IP_RECVIF: 1288 OPTSET(INP_RECVIF); 1289 break; 1290 1291 case IP_FAITH: 1292 OPTSET(INP_FAITH); 1293 break; 1294 } 1295 break; 1296#undef OPTSET 1297 1298 case IP_MULTICAST_IF: 1299 case IP_MULTICAST_VIF: 1300 case IP_MULTICAST_TTL: 1301 case IP_MULTICAST_LOOP: 1302 case IP_ADD_MEMBERSHIP: 1303 case IP_DROP_MEMBERSHIP: 1304 error = ip_setmoptions(sopt, &inp->inp_moptions); 1305 break; 1306 1307 case IP_PORTRANGE: 1308 error = sooptcopyin(sopt, &optval, sizeof optval, 1309 sizeof optval); 1310 if (error) 1311 break; 1312 1313 switch (optval) { 1314 case IP_PORTRANGE_DEFAULT: 1315 inp->inp_flags &= ~(INP_LOWPORT); 1316 inp->inp_flags &= ~(INP_HIGHPORT); 1317 break; 1318 1319 case IP_PORTRANGE_HIGH: 1320 inp->inp_flags &= ~(INP_LOWPORT); 1321 inp->inp_flags |= INP_HIGHPORT; 1322 break; 1323 1324 case IP_PORTRANGE_LOW: 1325 inp->inp_flags &= ~(INP_HIGHPORT); 1326 inp->inp_flags |= INP_LOWPORT; 1327 break; 1328 1329 default: 1330 error = EINVAL; 1331 break; 1332 } 1333 break; 1334 1335#ifdef IPSEC 1336 case IP_IPSEC_POLICY: 1337 { 1338 caddr_t req; 1339 size_t len = 0; 1340 int priv; 1341 struct mbuf *m; 1342 int optname; 1343 1344 if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */ 1345 break; 1346 if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */ 1347 break; 1348 priv = (sopt->sopt_td != NULL && 1349 suser(sopt->sopt_td) != 0) ? 0 : 1; 1350 req = mtod(m, caddr_t); 1351 len = m->m_len; 1352 optname = sopt->sopt_name; 1353 error = ipsec4_set_policy(inp, optname, req, len, priv); 1354 m_freem(m); 1355 break; 1356 } 1357#endif /*IPSEC*/ 1358 1359 default: 1360 error = ENOPROTOOPT; 1361 break; 1362 } 1363 break; 1364 1365 case SOPT_GET: 1366 switch (sopt->sopt_name) { 1367 case IP_OPTIONS: 1368 case IP_RETOPTS: 1369 if (inp->inp_options) 1370 error = sooptcopyout(sopt, 1371 mtod(inp->inp_options, 1372 char *), 1373 inp->inp_options->m_len); 1374 else 1375 sopt->sopt_valsize = 0; 1376 break; 1377 1378 case IP_TOS: 1379 case IP_TTL: 1380 case IP_RECVOPTS: 1381 case IP_RECVRETOPTS: 1382 case IP_RECVDSTADDR: 1383 case IP_RECVIF: 1384 case IP_PORTRANGE: 1385 case IP_FAITH: 1386 switch (sopt->sopt_name) { 1387 1388 case IP_TOS: 1389 optval = inp->inp_ip_tos; 1390 break; 1391 1392 case IP_TTL: 1393 optval = inp->inp_ip_ttl; 1394 break; 1395 1396#define OPTBIT(bit) (inp->inp_flags & bit ? 1 : 0) 1397 1398 case IP_RECVOPTS: 1399 optval = OPTBIT(INP_RECVOPTS); 1400 break; 1401 1402 case IP_RECVRETOPTS: 1403 optval = OPTBIT(INP_RECVRETOPTS); 1404 break; 1405 1406 case IP_RECVDSTADDR: 1407 optval = OPTBIT(INP_RECVDSTADDR); 1408 break; 1409 1410 case IP_RECVIF: 1411 optval = OPTBIT(INP_RECVIF); 1412 break; 1413 1414 case IP_PORTRANGE: 1415 if (inp->inp_flags & INP_HIGHPORT) 1416 optval = IP_PORTRANGE_HIGH; 1417 else if (inp->inp_flags & INP_LOWPORT) 1418 optval = IP_PORTRANGE_LOW; 1419 else 1420 optval = 0; 1421 break; 1422 1423 case IP_FAITH: 1424 optval = OPTBIT(INP_FAITH); 1425 break; 1426 } 1427 error = sooptcopyout(sopt, &optval, sizeof optval); 1428 break; 1429 1430 case IP_MULTICAST_IF: 1431 case IP_MULTICAST_VIF: 1432 case IP_MULTICAST_TTL: 1433 case IP_MULTICAST_LOOP: 1434 case IP_ADD_MEMBERSHIP: 1435 case IP_DROP_MEMBERSHIP: 1436 error = ip_getmoptions(sopt, inp->inp_moptions); 1437 break; 1438 1439#ifdef IPSEC 1440 case IP_IPSEC_POLICY: 1441 { 1442 struct mbuf *m = NULL; 1443 caddr_t req = NULL; 1444 size_t len = 0; 1445 1446 if (m != 0) { 1447 req = mtod(m, caddr_t); 1448 len = m->m_len; 1449 } 1450 error = ipsec4_get_policy(sotoinpcb(so), req, len, &m); 1451 if (error == 0) 1452 error = soopt_mcopyout(sopt, m); /* XXX */ 1453 if (error == 0) 1454 m_freem(m); 1455 break; 1456 } 1457#endif /*IPSEC*/ 1458 1459 default: 1460 error = ENOPROTOOPT; 1461 break; 1462 } 1463 break; 1464 } 1465 return (error); 1466} 1467 1468/* 1469 * Set up IP options in pcb for insertion in output packets. 1470 * Store in mbuf with pointer in pcbopt, adding pseudo-option 1471 * with destination address if source routed. 1472 */ 1473static int 1474ip_pcbopts(optname, pcbopt, m) 1475 int optname; 1476 struct mbuf **pcbopt; 1477 register struct mbuf *m; 1478{ 1479 register int cnt, optlen; 1480 register u_char *cp; 1481 u_char opt; 1482 1483 /* turn off any old options */ 1484 if (*pcbopt) 1485 (void)m_free(*pcbopt); 1486 *pcbopt = 0; 1487 if (m == (struct mbuf *)0 || m->m_len == 0) { 1488 /* 1489 * Only turning off any previous options. 1490 */ 1491 if (m) 1492 (void)m_free(m); 1493 return (0); 1494 } 1495 1496 if (m->m_len % sizeof(int32_t)) 1497 goto bad; 1498 /* 1499 * IP first-hop destination address will be stored before 1500 * actual options; move other options back 1501 * and clear it when none present. 1502 */ 1503 if (m->m_data + m->m_len + sizeof(struct in_addr) >= &m->m_dat[MLEN]) 1504 goto bad; 1505 cnt = m->m_len; 1506 m->m_len += sizeof(struct in_addr); 1507 cp = mtod(m, u_char *) + sizeof(struct in_addr); 1508 ovbcopy(mtod(m, caddr_t), (caddr_t)cp, (unsigned)cnt); 1509 bzero(mtod(m, caddr_t), sizeof(struct in_addr)); 1510 1511 for (; cnt > 0; cnt -= optlen, cp += optlen) { 1512 opt = cp[IPOPT_OPTVAL]; 1513 if (opt == IPOPT_EOL) 1514 break; 1515 if (opt == IPOPT_NOP) 1516 optlen = 1; 1517 else { 1518 if (cnt < IPOPT_OLEN + sizeof(*cp)) 1519 goto bad; 1520 optlen = cp[IPOPT_OLEN]; 1521 if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) 1522 goto bad; 1523 } 1524 switch (opt) { 1525 1526 default: 1527 break; 1528 1529 case IPOPT_LSRR: 1530 case IPOPT_SSRR: 1531 /* 1532 * user process specifies route as: 1533 * ->A->B->C->D 1534 * D must be our final destination (but we can't 1535 * check that since we may not have connected yet). 1536 * A is first hop destination, which doesn't appear in 1537 * actual IP option, but is stored before the options. 1538 */ 1539 if (optlen < IPOPT_MINOFF - 1 + sizeof(struct in_addr)) 1540 goto bad; 1541 m->m_len -= sizeof(struct in_addr); 1542 cnt -= sizeof(struct in_addr); 1543 optlen -= sizeof(struct in_addr); 1544 cp[IPOPT_OLEN] = optlen; 1545 /* 1546 * Move first hop before start of options. 1547 */ 1548 bcopy((caddr_t)&cp[IPOPT_OFFSET+1], mtod(m, caddr_t), 1549 sizeof(struct in_addr)); 1550 /* 1551 * Then copy rest of options back 1552 * to close up the deleted entry. 1553 */ 1554 ovbcopy((caddr_t)(&cp[IPOPT_OFFSET+1] + 1555 sizeof(struct in_addr)), 1556 (caddr_t)&cp[IPOPT_OFFSET+1], 1557 (unsigned)cnt + sizeof(struct in_addr)); 1558 break; 1559 } 1560 } 1561 if (m->m_len > MAX_IPOPTLEN + sizeof(struct in_addr)) 1562 goto bad; 1563 *pcbopt = m; 1564 return (0); 1565 1566bad: 1567 (void)m_free(m); 1568 return (EINVAL); 1569} 1570 1571/* 1572 * XXX 1573 * The whole multicast option thing needs to be re-thought. 1574 * Several of these options are equally applicable to non-multicast 1575 * transmission, and one (IP_MULTICAST_TTL) totally duplicates a 1576 * standard option (IP_TTL). 1577 */ 1578 1579/* 1580 * following RFC1724 section 3.3, 0.0.0.0/8 is interpreted as interface index. 1581 */ 1582static struct ifnet * 1583ip_multicast_if(a, ifindexp) 1584 struct in_addr *a; 1585 int *ifindexp; 1586{ 1587 int ifindex; 1588 struct ifnet *ifp; 1589 1590 if (ifindexp) 1591 *ifindexp = 0; 1592 if (ntohl(a->s_addr) >> 24 == 0) { 1593 ifindex = ntohl(a->s_addr) & 0xffffff; 1594 if (ifindex < 0 || if_index < ifindex) 1595 return NULL; 1596 ifp = ifnet_byindex(ifindex); 1597 if (ifindexp) 1598 *ifindexp = ifindex; 1599 } else { 1600 INADDR_TO_IFP(*a, ifp); 1601 } 1602 return ifp; 1603} 1604 1605/* 1606 * Set the IP multicast options in response to user setsockopt(). 1607 */ 1608static int 1609ip_setmoptions(sopt, imop) 1610 struct sockopt *sopt; 1611 struct ip_moptions **imop; 1612{ 1613 int error = 0; 1614 int i; 1615 struct in_addr addr; 1616 struct ip_mreq mreq; 1617 struct ifnet *ifp; 1618 struct ip_moptions *imo = *imop; 1619 struct route ro; 1620 struct sockaddr_in *dst; 1621 int ifindex; 1622 int s; 1623 1624 if (imo == NULL) { 1625 /* 1626 * No multicast option buffer attached to the pcb; 1627 * allocate one and initialize to default values. 1628 */ 1629 imo = (struct ip_moptions*)malloc(sizeof(*imo), M_IPMOPTS, 1630 M_WAITOK); 1631 1632 if (imo == NULL) 1633 return (ENOBUFS); 1634 *imop = imo; 1635 imo->imo_multicast_ifp = NULL; 1636 imo->imo_multicast_addr.s_addr = INADDR_ANY; 1637 imo->imo_multicast_vif = -1; 1638 imo->imo_multicast_ttl = IP_DEFAULT_MULTICAST_TTL; 1639 imo->imo_multicast_loop = IP_DEFAULT_MULTICAST_LOOP; 1640 imo->imo_num_memberships = 0; 1641 } 1642 1643 switch (sopt->sopt_name) { 1644 /* store an index number for the vif you wanna use in the send */ 1645 case IP_MULTICAST_VIF: 1646 if (legal_vif_num == 0) { 1647 error = EOPNOTSUPP; 1648 break; 1649 } 1650 error = sooptcopyin(sopt, &i, sizeof i, sizeof i); 1651 if (error) 1652 break; 1653 if (!legal_vif_num(i) && (i != -1)) { 1654 error = EINVAL; 1655 break; 1656 } 1657 imo->imo_multicast_vif = i; 1658 break; 1659 1660 case IP_MULTICAST_IF: 1661 /* 1662 * Select the interface for outgoing multicast packets. 1663 */ 1664 error = sooptcopyin(sopt, &addr, sizeof addr, sizeof addr); 1665 if (error) 1666 break; 1667 /* 1668 * INADDR_ANY is used to remove a previous selection. 1669 * When no interface is selected, a default one is 1670 * chosen every time a multicast packet is sent. 1671 */ 1672 if (addr.s_addr == INADDR_ANY) { 1673 imo->imo_multicast_ifp = NULL; 1674 break; 1675 } 1676 /* 1677 * The selected interface is identified by its local 1678 * IP address. Find the interface and confirm that 1679 * it supports multicasting. 1680 */ 1681 s = splimp(); 1682 ifp = ip_multicast_if(&addr, &ifindex); 1683 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) { 1684 splx(s); 1685 error = EADDRNOTAVAIL; 1686 break; 1687 } 1688 imo->imo_multicast_ifp = ifp; 1689 if (ifindex) 1690 imo->imo_multicast_addr = addr; 1691 else 1692 imo->imo_multicast_addr.s_addr = INADDR_ANY; 1693 splx(s); 1694 break; 1695 1696 case IP_MULTICAST_TTL: 1697 /* 1698 * Set the IP time-to-live for outgoing multicast packets. 1699 * The original multicast API required a char argument, 1700 * which is inconsistent with the rest of the socket API. 1701 * We allow either a char or an int. 1702 */ 1703 if (sopt->sopt_valsize == 1) { 1704 u_char ttl; 1705 error = sooptcopyin(sopt, &ttl, 1, 1); 1706 if (error) 1707 break; 1708 imo->imo_multicast_ttl = ttl; 1709 } else { 1710 u_int ttl; 1711 error = sooptcopyin(sopt, &ttl, sizeof ttl, 1712 sizeof ttl); 1713 if (error) 1714 break; 1715 if (ttl > 255) 1716 error = EINVAL; 1717 else 1718 imo->imo_multicast_ttl = ttl; 1719 } 1720 break; 1721 1722 case IP_MULTICAST_LOOP: 1723 /* 1724 * Set the loopback flag for outgoing multicast packets. 1725 * Must be zero or one. The original multicast API required a 1726 * char argument, which is inconsistent with the rest 1727 * of the socket API. We allow either a char or an int. 1728 */ 1729 if (sopt->sopt_valsize == 1) { 1730 u_char loop; 1731 error = sooptcopyin(sopt, &loop, 1, 1); 1732 if (error) 1733 break; 1734 imo->imo_multicast_loop = !!loop; 1735 } else { 1736 u_int loop; 1737 error = sooptcopyin(sopt, &loop, sizeof loop, 1738 sizeof loop); 1739 if (error) 1740 break; 1741 imo->imo_multicast_loop = !!loop; 1742 } 1743 break; 1744 1745 case IP_ADD_MEMBERSHIP: 1746 /* 1747 * Add a multicast group membership. 1748 * Group must be a valid IP multicast address. 1749 */ 1750 error = sooptcopyin(sopt, &mreq, sizeof mreq, sizeof mreq); 1751 if (error) 1752 break; 1753 1754 if (!IN_MULTICAST(ntohl(mreq.imr_multiaddr.s_addr))) { 1755 error = EINVAL; 1756 break; 1757 } 1758 s = splimp(); 1759 /* 1760 * If no interface address was provided, use the interface of 1761 * the route to the given multicast address. 1762 */ 1763 if (mreq.imr_interface.s_addr == INADDR_ANY) { 1764 bzero((caddr_t)&ro, sizeof(ro)); 1765 dst = (struct sockaddr_in *)&ro.ro_dst; 1766 dst->sin_len = sizeof(*dst); 1767 dst->sin_family = AF_INET; 1768 dst->sin_addr = mreq.imr_multiaddr; 1769 rtalloc(&ro); 1770 if (ro.ro_rt == NULL) { 1771 error = EADDRNOTAVAIL; 1772 splx(s); 1773 break; 1774 } 1775 ifp = ro.ro_rt->rt_ifp; 1776 rtfree(ro.ro_rt); 1777 } 1778 else { 1779 ifp = ip_multicast_if(&mreq.imr_interface, NULL); 1780 } 1781 1782 /* 1783 * See if we found an interface, and confirm that it 1784 * supports multicast. 1785 */ 1786 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) { 1787 error = EADDRNOTAVAIL; 1788 splx(s); 1789 break; 1790 } 1791 /* 1792 * See if the membership already exists or if all the 1793 * membership slots are full. 1794 */ 1795 for (i = 0; i < imo->imo_num_memberships; ++i) { 1796 if (imo->imo_membership[i]->inm_ifp == ifp && 1797 imo->imo_membership[i]->inm_addr.s_addr 1798 == mreq.imr_multiaddr.s_addr) 1799 break; 1800 } 1801 if (i < imo->imo_num_memberships) { 1802 error = EADDRINUSE; 1803 splx(s); 1804 break; 1805 } 1806 if (i == IP_MAX_MEMBERSHIPS) { 1807 error = ETOOMANYREFS; 1808 splx(s); 1809 break; 1810 } 1811 /* 1812 * Everything looks good; add a new record to the multicast 1813 * address list for the given interface. 1814 */ 1815 if ((imo->imo_membership[i] = 1816 in_addmulti(&mreq.imr_multiaddr, ifp)) == NULL) { 1817 error = ENOBUFS; 1818 splx(s); 1819 break; 1820 } 1821 ++imo->imo_num_memberships; 1822 splx(s); 1823 break; 1824 1825 case IP_DROP_MEMBERSHIP: 1826 /* 1827 * Drop a multicast group membership. 1828 * Group must be a valid IP multicast address. 1829 */ 1830 error = sooptcopyin(sopt, &mreq, sizeof mreq, sizeof mreq); 1831 if (error) 1832 break; 1833 1834 if (!IN_MULTICAST(ntohl(mreq.imr_multiaddr.s_addr))) { 1835 error = EINVAL; 1836 break; 1837 } 1838 1839 s = splimp(); 1840 /* 1841 * If an interface address was specified, get a pointer 1842 * to its ifnet structure. 1843 */ 1844 if (mreq.imr_interface.s_addr == INADDR_ANY) 1845 ifp = NULL; 1846 else { 1847 ifp = ip_multicast_if(&mreq.imr_interface, NULL); 1848 if (ifp == NULL) { 1849 error = EADDRNOTAVAIL; 1850 splx(s); 1851 break; 1852 } 1853 } 1854 /* 1855 * Find the membership in the membership array. 1856 */ 1857 for (i = 0; i < imo->imo_num_memberships; ++i) { 1858 if ((ifp == NULL || 1859 imo->imo_membership[i]->inm_ifp == ifp) && 1860 imo->imo_membership[i]->inm_addr.s_addr == 1861 mreq.imr_multiaddr.s_addr) 1862 break; 1863 } 1864 if (i == imo->imo_num_memberships) { 1865 error = EADDRNOTAVAIL; 1866 splx(s); 1867 break; 1868 } 1869 /* 1870 * Give up the multicast address record to which the 1871 * membership points. 1872 */ 1873 in_delmulti(imo->imo_membership[i]); 1874 /* 1875 * Remove the gap in the membership array. 1876 */ 1877 for (++i; i < imo->imo_num_memberships; ++i) 1878 imo->imo_membership[i-1] = imo->imo_membership[i]; 1879 --imo->imo_num_memberships; 1880 splx(s); 1881 break; 1882 1883 default: 1884 error = EOPNOTSUPP; 1885 break; 1886 } 1887 1888 /* 1889 * If all options have default values, no need to keep the mbuf. 1890 */ 1891 if (imo->imo_multicast_ifp == NULL && 1892 imo->imo_multicast_vif == -1 && 1893 imo->imo_multicast_ttl == IP_DEFAULT_MULTICAST_TTL && 1894 imo->imo_multicast_loop == IP_DEFAULT_MULTICAST_LOOP && 1895 imo->imo_num_memberships == 0) { 1896 free(*imop, M_IPMOPTS); 1897 *imop = NULL; 1898 } 1899 1900 return (error); 1901} 1902 1903/* 1904 * Return the IP multicast options in response to user getsockopt(). 1905 */ 1906static int 1907ip_getmoptions(sopt, imo) 1908 struct sockopt *sopt; 1909 register struct ip_moptions *imo; 1910{ 1911 struct in_addr addr; 1912 struct in_ifaddr *ia; 1913 int error, optval; 1914 u_char coptval; 1915 1916 error = 0; 1917 switch (sopt->sopt_name) { 1918 case IP_MULTICAST_VIF: 1919 if (imo != NULL) 1920 optval = imo->imo_multicast_vif; 1921 else 1922 optval = -1; 1923 error = sooptcopyout(sopt, &optval, sizeof optval); 1924 break; 1925 1926 case IP_MULTICAST_IF: 1927 if (imo == NULL || imo->imo_multicast_ifp == NULL) 1928 addr.s_addr = INADDR_ANY; 1929 else if (imo->imo_multicast_addr.s_addr) { 1930 /* return the value user has set */ 1931 addr = imo->imo_multicast_addr; 1932 } else { 1933 IFP_TO_IA(imo->imo_multicast_ifp, ia); 1934 addr.s_addr = (ia == NULL) ? INADDR_ANY 1935 : IA_SIN(ia)->sin_addr.s_addr; 1936 } 1937 error = sooptcopyout(sopt, &addr, sizeof addr); 1938 break; 1939 1940 case IP_MULTICAST_TTL: 1941 if (imo == 0) 1942 optval = coptval = IP_DEFAULT_MULTICAST_TTL; 1943 else 1944 optval = coptval = imo->imo_multicast_ttl; 1945 if (sopt->sopt_valsize == 1) 1946 error = sooptcopyout(sopt, &coptval, 1); 1947 else 1948 error = sooptcopyout(sopt, &optval, sizeof optval); 1949 break; 1950 1951 case IP_MULTICAST_LOOP: 1952 if (imo == 0) 1953 optval = coptval = IP_DEFAULT_MULTICAST_LOOP; 1954 else 1955 optval = coptval = imo->imo_multicast_loop; 1956 if (sopt->sopt_valsize == 1) 1957 error = sooptcopyout(sopt, &coptval, 1); 1958 else 1959 error = sooptcopyout(sopt, &optval, sizeof optval); 1960 break; 1961 1962 default: 1963 error = ENOPROTOOPT; 1964 break; 1965 } 1966 return (error); 1967} 1968 1969/* 1970 * Discard the IP multicast options. 1971 */ 1972void 1973ip_freemoptions(imo) 1974 register struct ip_moptions *imo; 1975{ 1976 register int i; 1977 1978 if (imo != NULL) { 1979 for (i = 0; i < imo->imo_num_memberships; ++i) 1980 in_delmulti(imo->imo_membership[i]); 1981 free(imo, M_IPMOPTS); 1982 } 1983} 1984 1985/* 1986 * Routine called from ip_output() to loop back a copy of an IP multicast 1987 * packet to the input queue of a specified interface. Note that this 1988 * calls the output routine of the loopback "driver", but with an interface 1989 * pointer that might NOT be a loopback interface -- evil, but easier than 1990 * replicating that code here. 1991 */ 1992static void 1993ip_mloopback(ifp, m, dst, hlen) 1994 struct ifnet *ifp; 1995 register struct mbuf *m; 1996 register struct sockaddr_in *dst; 1997 int hlen; 1998{ 1999 register struct ip *ip; 2000 struct mbuf *copym; 2001 2002 copym = m_copy(m, 0, M_COPYALL); 2003 if (copym != NULL && (copym->m_flags & M_EXT || copym->m_len < hlen)) 2004 copym = m_pullup(copym, hlen); 2005 if (copym != NULL) { 2006 /* 2007 * We don't bother to fragment if the IP length is greater 2008 * than the interface's MTU. Can this possibly matter? 2009 */ 2010 ip = mtod(copym, struct ip *); 2011 ip->ip_len = htons(ip->ip_len); 2012 ip->ip_off = htons(ip->ip_off); 2013 ip->ip_sum = 0; 2014 if (ip->ip_vhl == IP_VHL_BORING) { 2015 ip->ip_sum = in_cksum_hdr(ip); 2016 } else { 2017 ip->ip_sum = in_cksum(copym, hlen); 2018 } 2019 /* 2020 * NB: 2021 * It's not clear whether there are any lingering 2022 * reentrancy problems in other areas which might 2023 * be exposed by using ip_input directly (in 2024 * particular, everything which modifies the packet 2025 * in-place). Yet another option is using the 2026 * protosw directly to deliver the looped back 2027 * packet. For the moment, we'll err on the side 2028 * of safety by using if_simloop(). 2029 */ 2030#if 1 /* XXX */ 2031 if (dst->sin_family != AF_INET) { 2032 printf("ip_mloopback: bad address family %d\n", 2033 dst->sin_family); 2034 dst->sin_family = AF_INET; 2035 } 2036#endif 2037 2038#ifdef notdef 2039 copym->m_pkthdr.rcvif = ifp; 2040 ip_input(copym); 2041#else 2042 /* if the checksum hasn't been computed, mark it as valid */ 2043 if (copym->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 2044 copym->m_pkthdr.csum_flags |= 2045 CSUM_DATA_VALID | CSUM_PSEUDO_HDR; 2046 copym->m_pkthdr.csum_data = 0xffff; 2047 } 2048 if_simloop(ifp, copym, dst->sin_family, 0); 2049#endif 2050 } 2051} 2052