FreeBSD kernel IPv4 code
ip_output.c
Go to the documentation of this file.
1/*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1982, 1986, 1988, 1990, 1993
5 * The Regents of the University of California. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 * @(#)ip_output.c 8.3 (Berkeley) 1/21/94
32 */
33
34#include <sys/cdefs.h>
35__FBSDID("$FreeBSD$");
36
37#include "opt_inet.h"
38#include "opt_ipsec.h"
39#include "opt_kern_tls.h"
40#include "opt_mbuf_stress_test.h"
41#include "opt_ratelimit.h"
42#include "opt_route.h"
43#include "opt_rss.h"
44#include "opt_sctp.h"
45
46#include <sys/param.h>
47#include <sys/systm.h>
48#include <sys/kernel.h>
49#include <sys/ktls.h>
50#include <sys/lock.h>
51#include <sys/malloc.h>
52#include <sys/mbuf.h>
53#include <sys/priv.h>
54#include <sys/proc.h>
55#include <sys/protosw.h>
56#include <sys/sdt.h>
57#include <sys/socket.h>
58#include <sys/socketvar.h>
59#include <sys/sysctl.h>
60#include <sys/ucred.h>
61
62#include <net/if.h>
63#include <net/if_var.h>
64#include <net/if_vlan_var.h>
65#include <net/if_llatbl.h>
66#include <net/ethernet.h>
67#include <net/netisr.h>
68#include <net/pfil.h>
69#include <net/route.h>
70#include <net/route/nhop.h>
71#include <net/rss_config.h>
72#include <net/vnet.h>
73
74#include <netinet/in.h>
75#include <netinet/in_fib.h>
76#include <netinet/in_kdtrace.h>
77#include <netinet/in_systm.h>
78#include <netinet/ip.h>
79#include <netinet/in_fib.h>
80#include <netinet/in_pcb.h>
81#include <netinet/in_rss.h>
82#include <netinet/in_var.h>
83#include <netinet/ip_var.h>
84#include <netinet/ip_options.h>
85
86#include <netinet/udp.h>
87#include <netinet/udp_var.h>
88
89#if defined(SCTP) || defined(SCTP_SUPPORT)
90#include <netinet/sctp.h>
91#include <netinet/sctp_crc32.h>
92#endif
93
94#include <netipsec/ipsec_support.h>
95
96#include <machine/in_cksum.h>
97
98#include <security/mac/mac_framework.h>
99
100#ifdef MBUF_STRESS_TEST
101static int mbuf_frag_size = 0;
102SYSCTL_INT(_net_inet_ip, OID_AUTO, mbuf_frag_size, CTLFLAG_RW,
103 &mbuf_frag_size, 0, "Fragment outgoing mbufs to this size");
104#endif
105
106static void ip_mloopback(struct ifnet *, const struct mbuf *, int);
107
108extern int in_mcast_loop;
109extern struct protosw inetsw[];
110
111static inline int
112ip_output_pfil(struct mbuf **mp, struct ifnet *ifp, int flags,
113 struct inpcb *inp, struct sockaddr_in *dst, int *fibnum, int *error)
114{
115 struct m_tag *fwd_tag = NULL;
116 struct mbuf *m;
117 struct in_addr odst;
118 struct ip *ip;
119 int pflags = PFIL_OUT;
120
121 if (flags & IP_FORWARDING)
122 pflags |= PFIL_FWD;
123
124 m = *mp;
125 ip = mtod(m, struct ip *);
126
127 /* Run through list of hooks for output packets. */
128 odst.s_addr = ip->ip_dst.s_addr;
129 switch (pfil_run_hooks(V_inet_pfil_head, mp, ifp, pflags, inp)) {
130 case PFIL_DROPPED:
131 *error = EACCES;
132 /* FALLTHROUGH */
133 case PFIL_CONSUMED:
134 return 1; /* Finished */
135 case PFIL_PASS:
136 *error = 0;
137 }
138 m = *mp;
139 ip = mtod(m, struct ip *);
140
141 /* See if destination IP address was changed by packet filter. */
142 if (odst.s_addr != ip->ip_dst.s_addr) {
143 m->m_flags |= M_SKIP_FIREWALL;
144 /* If destination is now ourself drop to ip_input(). */
145 if (in_localip(ip->ip_dst)) {
146 m->m_flags |= M_FASTFWD_OURS;
147 if (m->m_pkthdr.rcvif == NULL)
148 m->m_pkthdr.rcvif = V_loif;
149 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
150 m->m_pkthdr.csum_flags |=
151 CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
152 m->m_pkthdr.csum_data = 0xffff;
153 }
154 m->m_pkthdr.csum_flags |=
155 CSUM_IP_CHECKED | CSUM_IP_VALID;
156#if defined(SCTP) || defined(SCTP_SUPPORT)
157 if (m->m_pkthdr.csum_flags & CSUM_SCTP)
158 m->m_pkthdr.csum_flags |= CSUM_SCTP_VALID;
159#endif
160 *error = netisr_queue(NETISR_IP, m);
161 return 1; /* Finished */
162 }
163
164 bzero(dst, sizeof(*dst));
165 dst->sin_family = AF_INET;
166 dst->sin_len = sizeof(*dst);
167 dst->sin_addr = ip->ip_dst;
168
169 return -1; /* Reloop */
170 }
171 /* See if fib was changed by packet filter. */
172 if ((*fibnum) != M_GETFIB(m)) {
173 m->m_flags |= M_SKIP_FIREWALL;
174 *fibnum = M_GETFIB(m);
175 return -1; /* Reloop for FIB change */
176 }
177
178 /* See if local, if yes, send it to netisr with IP_FASTFWD_OURS. */
179 if (m->m_flags & M_FASTFWD_OURS) {
180 if (m->m_pkthdr.rcvif == NULL)
181 m->m_pkthdr.rcvif = V_loif;
182 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
183 m->m_pkthdr.csum_flags |=
184 CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
185 m->m_pkthdr.csum_data = 0xffff;
186 }
187#if defined(SCTP) || defined(SCTP_SUPPORT)
188 if (m->m_pkthdr.csum_flags & CSUM_SCTP)
189 m->m_pkthdr.csum_flags |= CSUM_SCTP_VALID;
190#endif
191 m->m_pkthdr.csum_flags |=
192 CSUM_IP_CHECKED | CSUM_IP_VALID;
193
194 *error = netisr_queue(NETISR_IP, m);
195 return 1; /* Finished */
196 }
197 /* Or forward to some other address? */
198 if ((m->m_flags & M_IP_NEXTHOP) &&
199 ((fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL)) != NULL)) {
200 bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in));
201 m->m_flags |= M_SKIP_FIREWALL;
202 m->m_flags &= ~M_IP_NEXTHOP;
203 m_tag_delete(m, fwd_tag);
204
205 return -1; /* Reloop for CHANGE of dst */
206 }
207
208 return 0;
209}
210
211static int
212ip_output_send(struct inpcb *inp, struct ifnet *ifp, struct mbuf *m,
213 const struct sockaddr *gw, struct route *ro, bool stamp_tag)
214{
215#ifdef KERN_TLS
216 struct ktls_session *tls = NULL;
217#endif
218 struct m_snd_tag *mst;
219 int error;
220
221 MPASS((m->m_pkthdr.csum_flags & CSUM_SND_TAG) == 0);
222 mst = NULL;
223
224#ifdef KERN_TLS
225 /*
226 * If this is an unencrypted TLS record, save a reference to
227 * the record. This local reference is used to call
228 * ktls_output_eagain after the mbuf has been freed (thus
229 * dropping the mbuf's reference) in if_output.
230 */
231 if (m->m_next != NULL && mbuf_has_tls_session(m->m_next)) {
232 tls = ktls_hold(m->m_next->m_epg_tls);
233 mst = tls->snd_tag;
234
235 /*
236 * If a TLS session doesn't have a valid tag, it must
237 * have had an earlier ifp mismatch, so drop this
238 * packet.
239 */
240 if (mst == NULL) {
241 m_freem(m);
242 error = EAGAIN;
243 goto done;
244 }
245 /*
246 * Always stamp tags that include NIC ktls.
247 */
248 stamp_tag = true;
249 }
250#endif
251#ifdef RATELIMIT
252 if (inp != NULL && mst == NULL) {
253 if ((inp->inp_flags2 & INP_RATE_LIMIT_CHANGED) != 0 ||
254 (inp->inp_snd_tag != NULL &&
255 inp->inp_snd_tag->ifp != ifp))
256 in_pcboutput_txrtlmt(inp, ifp, m);
257
258 if (inp->inp_snd_tag != NULL)
259 mst = inp->inp_snd_tag;
260 }
261#endif
262 if (stamp_tag && mst != NULL) {
263 KASSERT(m->m_pkthdr.rcvif == NULL,
264 ("trying to add a send tag to a forwarded packet"));
265 if (mst->ifp != ifp) {
266 m_freem(m);
267 error = EAGAIN;
268 goto done;
269 }
270
271 /* stamp send tag on mbuf */
272 m->m_pkthdr.snd_tag = m_snd_tag_ref(mst);
273 m->m_pkthdr.csum_flags |= CSUM_SND_TAG;
274 }
275
276 error = (*ifp->if_output)(ifp, m, gw, ro);
277
278done:
279 /* Check for route change invalidating send tags. */
280#ifdef KERN_TLS
281 if (tls != NULL) {
282 if (error == EAGAIN)
283 error = ktls_output_eagain(inp, tls);
284 ktls_free(tls);
285 }
286#endif
287#ifdef RATELIMIT
288 if (error == EAGAIN)
289 in_pcboutput_eagain(inp);
290#endif
291 return (error);
292}
293
294/* rte<>ro_flags translation */
295static inline void
296rt_update_ro_flags(struct route *ro, const struct nhop_object *nh)
297{
298 int nh_flags = nh->nh_flags;
299
300 ro->ro_flags &= ~ (RT_REJECT|RT_BLACKHOLE|RT_HAS_GW);
301
302 ro->ro_flags |= (nh_flags & NHF_REJECT) ? RT_REJECT : 0;
303 ro->ro_flags |= (nh_flags & NHF_BLACKHOLE) ? RT_BLACKHOLE : 0;
304 ro->ro_flags |= (nh_flags & NHF_GATEWAY) ? RT_HAS_GW : 0;
305}
306
307/*
308 * IP output. The packet in mbuf chain m contains a skeletal IP
309 * header (with len, off, ttl, proto, tos, src, dst).
310 * The mbuf chain containing the packet will be freed.
311 * The mbuf opt, if present, will not be freed.
312 * If route ro is present and has ro_rt initialized, route lookup would be
313 * skipped and ro->ro_rt would be used. If ro is present but ro->ro_rt is NULL,
314 * then result of route lookup is stored in ro->ro_rt.
315 *
316 * In the IP forwarding case, the packet will arrive with options already
317 * inserted, so must have a NULL opt pointer.
318 */
319int
320ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags,
321 struct ip_moptions *imo, struct inpcb *inp)
322{
323 struct ip *ip;
324 struct ifnet *ifp = NULL; /* keep compiler happy */
325 struct mbuf *m0;
326 int hlen = sizeof (struct ip);
327 int mtu = 0;
328 int error = 0;
329 int vlan_pcp = -1;
330 struct sockaddr_in *dst;
331 const struct sockaddr *gw;
332 struct in_ifaddr *ia = NULL;
333 struct in_addr src;
334 int isbroadcast;
335 uint16_t ip_len, ip_off;
336 struct route iproute;
337 uint32_t fibnum;
338#if defined(IPSEC) || defined(IPSEC_SUPPORT)
339 int no_route_but_check_spd = 0;
340#endif
341
342 M_ASSERTPKTHDR(m);
343 NET_EPOCH_ASSERT();
344
345 if (inp != NULL) {
346 INP_LOCK_ASSERT(inp);
347 M_SETFIB(m, inp->inp_inc.inc_fibnum);
348 if ((flags & IP_NODEFAULTFLOWID) == 0) {
349 m->m_pkthdr.flowid = inp->inp_flowid;
350 M_HASHTYPE_SET(m, inp->inp_flowtype);
351 }
352 if ((inp->inp_flags2 & INP_2PCP_SET) != 0)
353 vlan_pcp = (inp->inp_flags2 & INP_2PCP_MASK) >>
354 INP_2PCP_SHIFT;
355#ifdef NUMA
356 m->m_pkthdr.numa_domain = inp->inp_numa_domain;
357#endif
358 }
359
360 if (opt) {
361 int len = 0;
362 m = ip_insertoptions(m, opt, &len);
363 if (len != 0)
364 hlen = len; /* ip->ip_hl is updated above */
365 }
366 ip = mtod(m, struct ip *);
367 ip_len = ntohs(ip->ip_len);
368 ip_off = ntohs(ip->ip_off);
369
370 if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) {
371 ip->ip_v = IPVERSION;
372 ip->ip_hl = hlen >> 2;
373 ip_fillid(ip);
374 } else {
375 /* Header already set, fetch hlen from there */
376 hlen = ip->ip_hl << 2;
377 }
378 if ((flags & IP_FORWARDING) == 0)
379 IPSTAT_INC(ips_localout);
380
381 /*
382 * dst/gw handling:
383 *
384 * gw is readonly but can point either to dst OR rt_gateway,
385 * therefore we need restore gw if we're redoing lookup.
386 */
387 fibnum = (inp != NULL) ? inp->inp_inc.inc_fibnum : M_GETFIB(m);
388 if (ro == NULL) {
389 ro = &iproute;
390 bzero(ro, sizeof (*ro));
391 }
392 dst = (struct sockaddr_in *)&ro->ro_dst;
393 if (ro->ro_nh == NULL) {
394 dst->sin_family = AF_INET;
395 dst->sin_len = sizeof(*dst);
396 dst->sin_addr = ip->ip_dst;
397 }
398 gw = (const struct sockaddr *)dst;
399again:
400 /*
401 * Validate route against routing table additions;
402 * a better/more specific route might have been added.
403 */
404 if (inp != NULL && ro->ro_nh != NULL)
405 NH_VALIDATE(ro, &inp->inp_rt_cookie, fibnum);
406 /*
407 * If there is a cached route,
408 * check that it is to the same destination
409 * and is still up. If not, free it and try again.
410 * The address family should also be checked in case of sharing the
411 * cache with IPv6.
412 * Also check whether routing cache needs invalidation.
413 */
414 if (ro->ro_nh != NULL &&
415 ((!NH_IS_VALID(ro->ro_nh)) || dst->sin_family != AF_INET ||
416 dst->sin_addr.s_addr != ip->ip_dst.s_addr))
417 RO_INVALIDATE_CACHE(ro);
418 ia = NULL;
419 /*
420 * If routing to interface only, short circuit routing lookup.
421 * The use of an all-ones broadcast address implies this; an
422 * interface is specified by the broadcast address of an interface,
423 * or the destination address of a ptp interface.
424 */
425 if (flags & IP_SENDONES) {
426 if ((ia = ifatoia(ifa_ifwithbroadaddr(sintosa(dst),
427 M_GETFIB(m)))) == NULL &&
428 (ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst),
429 M_GETFIB(m)))) == NULL) {
430 IPSTAT_INC(ips_noroute);
431 error = ENETUNREACH;
432 goto bad;
433 }
434 ip->ip_dst.s_addr = INADDR_BROADCAST;
435 dst->sin_addr = ip->ip_dst;
436 ifp = ia->ia_ifp;
437 mtu = ifp->if_mtu;
438 ip->ip_ttl = 1;
439 isbroadcast = 1;
440 src = IA_SIN(ia)->sin_addr;
441 } else if (flags & IP_ROUTETOIF) {
442 if ((ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst),
443 M_GETFIB(m)))) == NULL &&
444 (ia = ifatoia(ifa_ifwithnet(sintosa(dst), 0,
445 M_GETFIB(m)))) == NULL) {
446 IPSTAT_INC(ips_noroute);
447 error = ENETUNREACH;
448 goto bad;
449 }
450 ifp = ia->ia_ifp;
451 mtu = ifp->if_mtu;
452 ip->ip_ttl = 1;
453 isbroadcast = ifp->if_flags & IFF_BROADCAST ?
454 in_ifaddr_broadcast(dst->sin_addr, ia) : 0;
455 src = IA_SIN(ia)->sin_addr;
456 } else if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) &&
457 imo != NULL && imo->imo_multicast_ifp != NULL) {
458 /*
459 * Bypass the normal routing lookup for multicast
460 * packets if the interface is specified.
461 */
462 ifp = imo->imo_multicast_ifp;
463 mtu = ifp->if_mtu;
464 IFP_TO_IA(ifp, ia);
465 isbroadcast = 0; /* fool gcc */
466 /* Interface may have no addresses. */
467 if (ia != NULL)
468 src = IA_SIN(ia)->sin_addr;
469 else
470 src.s_addr = INADDR_ANY;
471 } else if (ro != &iproute) {
472 if (ro->ro_nh == NULL) {
473 /*
474 * We want to do any cloning requested by the link
475 * layer, as this is probably required in all cases
476 * for correct operation (as it is for ARP).
477 */
478 uint32_t flowid;
479 flowid = m->m_pkthdr.flowid;
480 ro->ro_nh = fib4_lookup(fibnum, dst->sin_addr, 0,
481 NHR_REF, flowid);
482
483 if (ro->ro_nh == NULL || (!NH_IS_VALID(ro->ro_nh))) {
484#if defined(IPSEC) || defined(IPSEC_SUPPORT)
485 /*
486 * There is no route for this packet, but it is
487 * possible that a matching SPD entry exists.
488 */
489 no_route_but_check_spd = 1;
490 goto sendit;
491#endif
492 IPSTAT_INC(ips_noroute);
493 error = EHOSTUNREACH;
494 goto bad;
495 }
496 }
497 struct nhop_object *nh = ro->ro_nh;
498
499 ia = ifatoia(nh->nh_ifa);
500 ifp = nh->nh_ifp;
501 counter_u64_add(nh->nh_pksent, 1);
502 rt_update_ro_flags(ro, nh);
503 if (nh->nh_flags & NHF_GATEWAY)
504 gw = &nh->gw_sa;
505 if (nh->nh_flags & NHF_HOST)
506 isbroadcast = (nh->nh_flags & NHF_BROADCAST);
507 else if ((ifp->if_flags & IFF_BROADCAST) && (gw->sa_family == AF_INET))
508 isbroadcast = in_ifaddr_broadcast(((const struct sockaddr_in *)gw)->sin_addr, ia);
509 else
510 isbroadcast = 0;
511 mtu = nh->nh_mtu;
512 src = IA_SIN(ia)->sin_addr;
513 } else {
514 struct nhop_object *nh;
515
516 nh = fib4_lookup(M_GETFIB(m), ip->ip_dst, 0, NHR_NONE,
517 m->m_pkthdr.flowid);
518 if (nh == NULL) {
519#if defined(IPSEC) || defined(IPSEC_SUPPORT)
520 /*
521 * There is no route for this packet, but it is
522 * possible that a matching SPD entry exists.
523 */
524 no_route_but_check_spd = 1;
525 goto sendit;
526#endif
527 IPSTAT_INC(ips_noroute);
528 error = EHOSTUNREACH;
529 goto bad;
530 }
531 ifp = nh->nh_ifp;
532 mtu = nh->nh_mtu;
533 rt_update_ro_flags(ro, nh);
534 if (nh->nh_flags & NHF_GATEWAY)
535 gw = &nh->gw_sa;
536 ia = ifatoia(nh->nh_ifa);
537 src = IA_SIN(ia)->sin_addr;
538 isbroadcast = (((nh->nh_flags & (NHF_HOST | NHF_BROADCAST)) ==
539 (NHF_HOST | NHF_BROADCAST)) ||
540 ((ifp->if_flags & IFF_BROADCAST) &&
541 (gw->sa_family == AF_INET) &&
542 in_ifaddr_broadcast(((const struct sockaddr_in *)gw)->sin_addr, ia)));
543 }
544
545 /* Catch a possible divide by zero later. */
546 KASSERT(mtu > 0, ("%s: mtu %d <= 0, ro=%p (nh_flags=0x%08x) ifp=%p",
547 __func__, mtu, ro,
548 (ro != NULL && ro->ro_nh != NULL) ? ro->ro_nh->nh_flags : 0, ifp));
549
550 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
551 m->m_flags |= M_MCAST;
552 /*
553 * IP destination address is multicast. Make sure "gw"
554 * still points to the address in "ro". (It may have been
555 * changed to point to a gateway address, above.)
556 */
557 gw = (const struct sockaddr *)dst;
558 /*
559 * See if the caller provided any multicast options
560 */
561 if (imo != NULL) {
562 ip->ip_ttl = imo->imo_multicast_ttl;
563 if (imo->imo_multicast_vif != -1)
564 ip->ip_src.s_addr =
565 ip_mcast_src ?
566 ip_mcast_src(imo->imo_multicast_vif) :
567 INADDR_ANY;
568 } else
569 ip->ip_ttl = IP_DEFAULT_MULTICAST_TTL;
570 /*
571 * Confirm that the outgoing interface supports multicast.
572 */
573 if ((imo == NULL) || (imo->imo_multicast_vif == -1)) {
574 if ((ifp->if_flags & IFF_MULTICAST) == 0) {
575 IPSTAT_INC(ips_noroute);
576 error = ENETUNREACH;
577 goto bad;
578 }
579 }
580 /*
581 * If source address not specified yet, use address
582 * of outgoing interface.
583 */
584 if (ip->ip_src.s_addr == INADDR_ANY)
585 ip->ip_src = src;
586
587 if ((imo == NULL && in_mcast_loop) ||
588 (imo && imo->imo_multicast_loop)) {
589 /*
590 * Loop back multicast datagram if not expressly
591 * forbidden to do so, even if we are not a member
592 * of the group; ip_input() will filter it later,
593 * thus deferring a hash lookup and mutex acquisition
594 * at the expense of a cheap copy using m_copym().
595 */
596 ip_mloopback(ifp, m, hlen);
597 } else {
598 /*
599 * If we are acting as a multicast router, perform
600 * multicast forwarding as if the packet had just
601 * arrived on the interface to which we are about
602 * to send. The multicast forwarding function
603 * recursively calls this function, using the
604 * IP_FORWARDING flag to prevent infinite recursion.
605 *
606 * Multicasts that are looped back by ip_mloopback(),
607 * above, will be forwarded by the ip_input() routine,
608 * if necessary.
609 */
610 if (V_ip_mrouter && (flags & IP_FORWARDING) == 0) {
611 /*
612 * If rsvp daemon is not running, do not
613 * set ip_moptions. This ensures that the packet
614 * is multicast and not just sent down one link
615 * as prescribed by rsvpd.
616 */
617 if (!V_rsvp_on)
618 imo = NULL;
619 if (ip_mforward &&
620 ip_mforward(ip, ifp, m, imo) != 0) {
621 m_freem(m);
622 goto done;
623 }
624 }
625 }
626
627 /*
628 * Multicasts with a time-to-live of zero may be looped-
629 * back, above, but must not be transmitted on a network.
630 * Also, multicasts addressed to the loopback interface
631 * are not sent -- the above call to ip_mloopback() will
632 * loop back a copy. ip_input() will drop the copy if
633 * this host does not belong to the destination group on
634 * the loopback interface.
635 */
636 if (ip->ip_ttl == 0 || ifp->if_flags & IFF_LOOPBACK) {
637 m_freem(m);
638 goto done;
639 }
640
641 goto sendit;
642 }
643
644 /*
645 * If the source address is not specified yet, use the address
646 * of the outoing interface.
647 */
648 if (ip->ip_src.s_addr == INADDR_ANY)
649 ip->ip_src = src;
650
651 /*
652 * Look for broadcast address and
653 * verify user is allowed to send
654 * such a packet.
655 */
656 if (isbroadcast) {
657 if ((ifp->if_flags & IFF_BROADCAST) == 0) {
658 error = EADDRNOTAVAIL;
659 goto bad;
660 }
661 if ((flags & IP_ALLOWBROADCAST) == 0) {
662 error = EACCES;
663 goto bad;
664 }
665 /* don't allow broadcast messages to be fragmented */
666 if (ip_len > mtu) {
667 error = EMSGSIZE;
668 goto bad;
669 }
670 m->m_flags |= M_BCAST;
671 } else {
672 m->m_flags &= ~M_BCAST;
673 }
674
675sendit:
676#if defined(IPSEC) || defined(IPSEC_SUPPORT)
677 if (IPSEC_ENABLED(ipv4)) {
678 if ((error = IPSEC_OUTPUT(ipv4, m, inp)) != 0) {
679 if (error == EINPROGRESS)
680 error = 0;
681 goto done;
682 }
683 }
684 /*
685 * Check if there was a route for this packet; return error if not.
686 */
687 if (no_route_but_check_spd) {
688 IPSTAT_INC(ips_noroute);
689 error = EHOSTUNREACH;
690 goto bad;
691 }
692 /* Update variables that are affected by ipsec4_output(). */
693 ip = mtod(m, struct ip *);
694 hlen = ip->ip_hl << 2;
695#endif /* IPSEC */
696
697 /* Jump over all PFIL processing if hooks are not active. */
698 if (PFIL_HOOKED_OUT(V_inet_pfil_head)) {
699 switch (ip_output_pfil(&m, ifp, flags, inp, dst, &fibnum,
700 &error)) {
701 case 1: /* Finished */
702 goto done;
703
704 case 0: /* Continue normally */
705 ip = mtod(m, struct ip *);
706 break;
707
708 case -1: /* Need to try again */
709 /* Reset everything for a new round */
710 if (ro != NULL) {
711 RO_NHFREE(ro);
712 ro->ro_prepend = NULL;
713 }
714 gw = (const struct sockaddr *)dst;
715 ip = mtod(m, struct ip *);
716 goto again;
717 }
718 }
719
720 if (vlan_pcp > -1)
721 EVL_APPLY_PRI(m, vlan_pcp);
722
723 /* IN_LOOPBACK must not appear on the wire - RFC1122. */
724 if (IN_LOOPBACK(ntohl(ip->ip_dst.s_addr)) ||
725 IN_LOOPBACK(ntohl(ip->ip_src.s_addr))) {
726 if ((ifp->if_flags & IFF_LOOPBACK) == 0) {
727 IPSTAT_INC(ips_badaddr);
728 error = EADDRNOTAVAIL;
729 goto bad;
730 }
731 }
732
733 /* Ensure the packet data is mapped if the interface requires it. */
734 if ((ifp->if_capenable & IFCAP_MEXTPG) == 0) {
735 m = mb_unmapped_to_ext(m);
736 if (m == NULL) {
737 IPSTAT_INC(ips_odropped);
738 error = ENOBUFS;
739 goto bad;
740 }
741 }
742
743 m->m_pkthdr.csum_flags |= CSUM_IP;
744 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA & ~ifp->if_hwassist) {
745 in_delayed_cksum(m);
746 m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
747 }
748#if defined(SCTP) || defined(SCTP_SUPPORT)
749 if (m->m_pkthdr.csum_flags & CSUM_SCTP & ~ifp->if_hwassist) {
750 sctp_delayed_cksum(m, (uint32_t)(ip->ip_hl << 2));
751 m->m_pkthdr.csum_flags &= ~CSUM_SCTP;
752 }
753#endif
754
755 /*
756 * If small enough for interface, or the interface will take
757 * care of the fragmentation for us, we can just send directly.
758 * Note that if_vxlan could have requested TSO even though the outer
759 * frame is UDP. It is correct to not fragment such datagrams and
760 * instead just pass them on to the driver.
761 */
762 if (ip_len <= mtu ||
763 (m->m_pkthdr.csum_flags & ifp->if_hwassist &
764 (CSUM_TSO | CSUM_INNER_TSO)) != 0) {
765 ip->ip_sum = 0;
766 if (m->m_pkthdr.csum_flags & CSUM_IP & ~ifp->if_hwassist) {
767 ip->ip_sum = in_cksum(m, hlen);
768 m->m_pkthdr.csum_flags &= ~CSUM_IP;
769 }
770
771 /*
772 * Record statistics for this interface address.
773 * With CSUM_TSO the byte/packet count will be slightly
774 * incorrect because we count the IP+TCP headers only
775 * once instead of for every generated packet.
776 */
777 if (!(flags & IP_FORWARDING) && ia) {
778 if (m->m_pkthdr.csum_flags &
779 (CSUM_TSO | CSUM_INNER_TSO))
780 counter_u64_add(ia->ia_ifa.ifa_opackets,
781 m->m_pkthdr.len / m->m_pkthdr.tso_segsz);
782 else
783 counter_u64_add(ia->ia_ifa.ifa_opackets, 1);
784
785 counter_u64_add(ia->ia_ifa.ifa_obytes, m->m_pkthdr.len);
786 }
787#ifdef MBUF_STRESS_TEST
788 if (mbuf_frag_size && m->m_pkthdr.len > mbuf_frag_size)
789 m = m_fragment(m, M_NOWAIT, mbuf_frag_size);
790#endif
791 /*
792 * Reset layer specific mbuf flags
793 * to avoid confusing lower layers.
794 */
795 m_clrprotoflags(m);
796 IP_PROBE(send, NULL, NULL, ip, ifp, ip, NULL);
797 error = ip_output_send(inp, ifp, m, gw, ro,
798 (flags & IP_NO_SND_TAG_RL) ? false : true);
799 goto done;
800 }
801
802 /* Balk when DF bit is set or the interface didn't support TSO. */
803 if ((ip_off & IP_DF) ||
804 (m->m_pkthdr.csum_flags & (CSUM_TSO | CSUM_INNER_TSO))) {
805 error = EMSGSIZE;
806 IPSTAT_INC(ips_cantfrag);
807 goto bad;
808 }
809
810 /*
811 * Too large for interface; fragment if possible. If successful,
812 * on return, m will point to a list of packets to be sent.
813 */
814 error = ip_fragment(ip, &m, mtu, ifp->if_hwassist);
815 if (error)
816 goto bad;
817 for (; m; m = m0) {
818 m0 = m->m_nextpkt;
819 m->m_nextpkt = 0;
820 if (error == 0) {
821 /* Record statistics for this interface address. */
822 if (ia != NULL) {
823 counter_u64_add(ia->ia_ifa.ifa_opackets, 1);
824 counter_u64_add(ia->ia_ifa.ifa_obytes,
825 m->m_pkthdr.len);
826 }
827 /*
828 * Reset layer specific mbuf flags
829 * to avoid confusing upper layers.
830 */
831 m_clrprotoflags(m);
832
833 IP_PROBE(send, NULL, NULL, mtod(m, struct ip *), ifp,
834 mtod(m, struct ip *), NULL);
835 error = ip_output_send(inp, ifp, m, gw, ro, true);
836 } else
837 m_freem(m);
838 }
839
840 if (error == 0)
841 IPSTAT_INC(ips_fragmented);
842
843done:
844 return (error);
845 bad:
846 m_freem(m);
847 goto done;
848}
849
850/*
851 * Create a chain of fragments which fit the given mtu. m_frag points to the
852 * mbuf to be fragmented; on return it points to the chain with the fragments.
853 * Return 0 if no error. If error, m_frag may contain a partially built
854 * chain of fragments that should be freed by the caller.
855 *
856 * if_hwassist_flags is the hw offload capabilities (see if_data.ifi_hwassist)
857 */
858int
859ip_fragment(struct ip *ip, struct mbuf **m_frag, int mtu,
860 u_long if_hwassist_flags)
861{
862 int error = 0;
863 int hlen = ip->ip_hl << 2;
864 int len = (mtu - hlen) & ~7; /* size of payload in each fragment */
865 int off;
866 struct mbuf *m0 = *m_frag; /* the original packet */
867 int firstlen;
868 struct mbuf **mnext;
869 int nfrags;
870 uint16_t ip_len, ip_off;
871
872 ip_len = ntohs(ip->ip_len);
873 ip_off = ntohs(ip->ip_off);
874
875 if (ip_off & IP_DF) { /* Fragmentation not allowed */
876 IPSTAT_INC(ips_cantfrag);
877 return EMSGSIZE;
878 }
879
880 /*
881 * Must be able to put at least 8 bytes per fragment.
882 */
883 if (len < 8)
884 return EMSGSIZE;
885
886 /*
887 * If the interface will not calculate checksums on
888 * fragmented packets, then do it here.
889 */
890 if (m0->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
891 in_delayed_cksum(m0);
892 m0->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
893 }
894#if defined(SCTP) || defined(SCTP_SUPPORT)
895 if (m0->m_pkthdr.csum_flags & CSUM_SCTP) {
896 sctp_delayed_cksum(m0, hlen);
897 m0->m_pkthdr.csum_flags &= ~CSUM_SCTP;
898 }
899#endif
900 if (len > PAGE_SIZE) {
901 /*
902 * Fragment large datagrams such that each segment
903 * contains a multiple of PAGE_SIZE amount of data,
904 * plus headers. This enables a receiver to perform
905 * page-flipping zero-copy optimizations.
906 *
907 * XXX When does this help given that sender and receiver
908 * could have different page sizes, and also mtu could
909 * be less than the receiver's page size ?
910 */
911 int newlen;
912
913 off = MIN(mtu, m0->m_pkthdr.len);
914
915 /*
916 * firstlen (off - hlen) must be aligned on an
917 * 8-byte boundary
918 */
919 if (off < hlen)
920 goto smart_frag_failure;
921 off = ((off - hlen) & ~7) + hlen;
922 newlen = (~PAGE_MASK) & mtu;
923 if ((newlen + sizeof (struct ip)) > mtu) {
924 /* we failed, go back the default */
925smart_frag_failure:
926 newlen = len;
927 off = hlen + len;
928 }
929 len = newlen;
930
931 } else {
932 off = hlen + len;
933 }
934
935 firstlen = off - hlen;
936 mnext = &m0->m_nextpkt; /* pointer to next packet */
937
938 /*
939 * Loop through length of segment after first fragment,
940 * make new header and copy data of each part and link onto chain.
941 * Here, m0 is the original packet, m is the fragment being created.
942 * The fragments are linked off the m_nextpkt of the original
943 * packet, which after processing serves as the first fragment.
944 */
945 for (nfrags = 1; off < ip_len; off += len, nfrags++) {
946 struct ip *mhip; /* ip header on the fragment */
947 struct mbuf *m;
948 int mhlen = sizeof (struct ip);
949
950 m = m_gethdr(M_NOWAIT, MT_DATA);
951 if (m == NULL) {
952 error = ENOBUFS;
953 IPSTAT_INC(ips_odropped);
954 goto done;
955 }
956 /*
957 * Make sure the complete packet header gets copied
958 * from the originating mbuf to the newly created
959 * mbuf. This also ensures that existing firewall
960 * classification(s), VLAN tags and so on get copied
961 * to the resulting fragmented packet(s):
962 */
963 if (m_dup_pkthdr(m, m0, M_NOWAIT) == 0) {
964 m_free(m);
965 error = ENOBUFS;
966 IPSTAT_INC(ips_odropped);
967 goto done;
968 }
969 /*
970 * In the first mbuf, leave room for the link header, then
971 * copy the original IP header including options. The payload
972 * goes into an additional mbuf chain returned by m_copym().
973 */
974 m->m_data += max_linkhdr;
975 mhip = mtod(m, struct ip *);
976 *mhip = *ip;
977 if (hlen > sizeof (struct ip)) {
978 mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip);
979 mhip->ip_v = IPVERSION;
980 mhip->ip_hl = mhlen >> 2;
981 }
982 m->m_len = mhlen;
983 /* XXX do we need to add ip_off below ? */
984 mhip->ip_off = ((off - hlen) >> 3) + ip_off;
985 if (off + len >= ip_len)
986 len = ip_len - off;
987 else
988 mhip->ip_off |= IP_MF;
989 mhip->ip_len = htons((u_short)(len + mhlen));
990 m->m_next = m_copym(m0, off, len, M_NOWAIT);
991 if (m->m_next == NULL) { /* copy failed */
992 m_free(m);
993 error = ENOBUFS; /* ??? */
994 IPSTAT_INC(ips_odropped);
995 goto done;
996 }
997 m->m_pkthdr.len = mhlen + len;
998#ifdef MAC
999 mac_netinet_fragment(m0, m);
1000#endif
1001 mhip->ip_off = htons(mhip->ip_off);
1002 mhip->ip_sum = 0;
1003 if (m->m_pkthdr.csum_flags & CSUM_IP & ~if_hwassist_flags) {
1004 mhip->ip_sum = in_cksum(m, mhlen);
1005 m->m_pkthdr.csum_flags &= ~CSUM_IP;
1006 }
1007 *mnext = m;
1008 mnext = &m->m_nextpkt;
1009 }
1010 IPSTAT_ADD(ips_ofragments, nfrags);
1011
1012 /*
1013 * Update first fragment by trimming what's been copied out
1014 * and updating header.
1015 */
1016 m_adj(m0, hlen + firstlen - ip_len);
1017 m0->m_pkthdr.len = hlen + firstlen;
1018 ip->ip_len = htons((u_short)m0->m_pkthdr.len);
1019 ip->ip_off = htons(ip_off | IP_MF);
1020 ip->ip_sum = 0;
1021 if (m0->m_pkthdr.csum_flags & CSUM_IP & ~if_hwassist_flags) {
1022 ip->ip_sum = in_cksum(m0, hlen);
1023 m0->m_pkthdr.csum_flags &= ~CSUM_IP;
1024 }
1025
1026done:
1027 *m_frag = m0;
1028 return error;
1029}
1030
1031void
1032in_delayed_cksum(struct mbuf *m)
1033{
1034 struct ip *ip;
1035 struct udphdr *uh;
1036 uint16_t cklen, csum, offset;
1037
1038 ip = mtod(m, struct ip *);
1039 offset = ip->ip_hl << 2 ;
1040
1041 if (m->m_pkthdr.csum_flags & CSUM_UDP) {
1042 /* if udp header is not in the first mbuf copy udplen */
1043 if (offset + sizeof(struct udphdr) > m->m_len) {
1044 m_copydata(m, offset + offsetof(struct udphdr,
1045 uh_ulen), sizeof(cklen), (caddr_t)&cklen);
1046 cklen = ntohs(cklen);
1047 } else {
1048 uh = (struct udphdr *)mtodo(m, offset);
1049 cklen = ntohs(uh->uh_ulen);
1050 }
1051 csum = in_cksum_skip(m, cklen + offset, offset);
1052 if (csum == 0)
1053 csum = 0xffff;
1054 } else {
1055 cklen = ntohs(ip->ip_len);
1056 csum = in_cksum_skip(m, cklen, offset);
1057 }
1058 offset += m->m_pkthdr.csum_data; /* checksum offset */
1059
1060 if (offset + sizeof(csum) > m->m_len)
1061 m_copyback(m, offset, sizeof(csum), (caddr_t)&csum);
1062 else
1063 *(u_short *)mtodo(m, offset) = csum;
1064}
1065
1066/*
1067 * IP socket option processing.
1068 */
1069int
1070ip_ctloutput(struct socket *so, struct sockopt *sopt)
1071{
1072 struct inpcb *inp = sotoinpcb(so);
1073 int error, optval;
1074#ifdef RSS
1075 uint32_t rss_bucket;
1076 int retval;
1077#endif
1078
1079 error = optval = 0;
1080 if (sopt->sopt_level != IPPROTO_IP) {
1081 error = EINVAL;
1082
1083 if (sopt->sopt_level == SOL_SOCKET &&
1084 sopt->sopt_dir == SOPT_SET) {
1085 switch (sopt->sopt_name) {
1086 case SO_REUSEADDR:
1087 INP_WLOCK(inp);
1088 if ((so->so_options & SO_REUSEADDR) != 0)
1089 inp->inp_flags2 |= INP_REUSEADDR;
1090 else
1091 inp->inp_flags2 &= ~INP_REUSEADDR;
1092 INP_WUNLOCK(inp);
1093 error = 0;
1094 break;
1095 case SO_REUSEPORT:
1096 INP_WLOCK(inp);
1097 if ((so->so_options & SO_REUSEPORT) != 0)
1098 inp->inp_flags2 |= INP_REUSEPORT;
1099 else
1100 inp->inp_flags2 &= ~INP_REUSEPORT;
1101 INP_WUNLOCK(inp);
1102 error = 0;
1103 break;
1104 case SO_REUSEPORT_LB:
1105 INP_WLOCK(inp);
1106 if ((so->so_options & SO_REUSEPORT_LB) != 0)
1107 inp->inp_flags2 |= INP_REUSEPORT_LB;
1108 else
1109 inp->inp_flags2 &= ~INP_REUSEPORT_LB;
1110 INP_WUNLOCK(inp);
1111 error = 0;
1112 break;
1113 case SO_SETFIB:
1114 INP_WLOCK(inp);
1115 inp->inp_inc.inc_fibnum = so->so_fibnum;
1116 INP_WUNLOCK(inp);
1117 error = 0;
1118 break;
1119 case SO_MAX_PACING_RATE:
1120#ifdef RATELIMIT
1121 INP_WLOCK(inp);
1122 inp->inp_flags2 |= INP_RATE_LIMIT_CHANGED;
1123 INP_WUNLOCK(inp);
1124 error = 0;
1125#else
1126 error = EOPNOTSUPP;
1127#endif
1128 break;
1129 default:
1130 break;
1131 }
1132 }
1133 return (error);
1134 }
1135
1136 switch (sopt->sopt_dir) {
1137 case SOPT_SET:
1138 switch (sopt->sopt_name) {
1139 case IP_OPTIONS:
1140#ifdef notyet
1141 case IP_RETOPTS:
1142#endif
1143 {
1144 struct mbuf *m;
1145 if (sopt->sopt_valsize > MLEN) {
1146 error = EMSGSIZE;
1147 break;
1148 }
1149 m = m_get(sopt->sopt_td ? M_WAITOK : M_NOWAIT, MT_DATA);
1150 if (m == NULL) {
1151 error = ENOBUFS;
1152 break;
1153 }
1154 m->m_len = sopt->sopt_valsize;
1155 error = sooptcopyin(sopt, mtod(m, char *), m->m_len,
1156 m->m_len);
1157 if (error) {
1158 m_free(m);
1159 break;
1160 }
1161 INP_WLOCK(inp);
1162 error = ip_pcbopts(inp, sopt->sopt_name, m);
1163 INP_WUNLOCK(inp);
1164 return (error);
1165 }
1166
1167 case IP_BINDANY:
1168 if (sopt->sopt_td != NULL) {
1169 error = priv_check(sopt->sopt_td,
1170 PRIV_NETINET_BINDANY);
1171 if (error)
1172 break;
1173 }
1174 /* FALLTHROUGH */
1175 case IP_BINDMULTI:
1176#ifdef RSS
1177 case IP_RSS_LISTEN_BUCKET:
1178#endif
1179 case IP_TOS:
1180 case IP_TTL:
1181 case IP_MINTTL:
1182 case IP_RECVOPTS:
1183 case IP_RECVRETOPTS:
1184 case IP_ORIGDSTADDR:
1185 case IP_RECVDSTADDR:
1186 case IP_RECVTTL:
1187 case IP_RECVIF:
1188 case IP_ONESBCAST:
1189 case IP_DONTFRAG:
1190 case IP_RECVTOS:
1191 case IP_RECVFLOWID:
1192#ifdef RSS
1193 case IP_RECVRSSBUCKETID:
1194#endif
1195 case IP_VLAN_PCP:
1196 error = sooptcopyin(sopt, &optval, sizeof optval,
1197 sizeof optval);
1198 if (error)
1199 break;
1200
1201 switch (sopt->sopt_name) {
1202 case IP_TOS:
1203 inp->inp_ip_tos = optval;
1204 break;
1205
1206 case IP_TTL:
1207 inp->inp_ip_ttl = optval;
1208 break;
1209
1210 case IP_MINTTL:
1211 if (optval >= 0 && optval <= MAXTTL)
1212 inp->inp_ip_minttl = optval;
1213 else
1214 error = EINVAL;
1215 break;
1216
1217#define OPTSET(bit) do { \
1218 INP_WLOCK(inp); \
1219 if (optval) \
1220 inp->inp_flags |= bit; \
1221 else \
1222 inp->inp_flags &= ~bit; \
1223 INP_WUNLOCK(inp); \
1224} while (0)
1225
1226#define OPTSET2(bit, val) do { \
1227 INP_WLOCK(inp); \
1228 if (val) \
1229 inp->inp_flags2 |= bit; \
1230 else \
1231 inp->inp_flags2 &= ~bit; \
1232 INP_WUNLOCK(inp); \
1233} while (0)
1234
1235 case IP_RECVOPTS:
1236 OPTSET(INP_RECVOPTS);
1237 break;
1238
1239 case IP_RECVRETOPTS:
1240 OPTSET(INP_RECVRETOPTS);
1241 break;
1242
1243 case IP_RECVDSTADDR:
1244 OPTSET(INP_RECVDSTADDR);
1245 break;
1246
1247 case IP_ORIGDSTADDR:
1248 OPTSET2(INP_ORIGDSTADDR, optval);
1249 break;
1250
1251 case IP_RECVTTL:
1252 OPTSET(INP_RECVTTL);
1253 break;
1254
1255 case IP_RECVIF:
1256 OPTSET(INP_RECVIF);
1257 break;
1258
1259 case IP_ONESBCAST:
1260 OPTSET(INP_ONESBCAST);
1261 break;
1262 case IP_DONTFRAG:
1263 OPTSET(INP_DONTFRAG);
1264 break;
1265 case IP_BINDANY:
1266 OPTSET(INP_BINDANY);
1267 break;
1268 case IP_RECVTOS:
1269 OPTSET(INP_RECVTOS);
1270 break;
1271 case IP_BINDMULTI:
1272 OPTSET2(INP_BINDMULTI, optval);
1273 break;
1274 case IP_RECVFLOWID:
1275 OPTSET2(INP_RECVFLOWID, optval);
1276 break;
1277#ifdef RSS
1278 case IP_RSS_LISTEN_BUCKET:
1279 if ((optval >= 0) &&
1280 (optval < rss_getnumbuckets())) {
1281 inp->inp_rss_listen_bucket = optval;
1282 OPTSET2(INP_RSS_BUCKET_SET, 1);
1283 } else {
1284 error = EINVAL;
1285 }
1286 break;
1287 case IP_RECVRSSBUCKETID:
1288 OPTSET2(INP_RECVRSSBUCKETID, optval);
1289 break;
1290#endif
1291 case IP_VLAN_PCP:
1292 if ((optval >= -1) && (optval <=
1293 (INP_2PCP_MASK >> INP_2PCP_SHIFT))) {
1294 if (optval == -1) {
1295 INP_WLOCK(inp);
1296 inp->inp_flags2 &=
1297 ~(INP_2PCP_SET |
1298 INP_2PCP_MASK);
1299 INP_WUNLOCK(inp);
1300 } else {
1301 INP_WLOCK(inp);
1302 inp->inp_flags2 |=
1303 INP_2PCP_SET;
1304 inp->inp_flags2 &=
1305 ~INP_2PCP_MASK;
1306 inp->inp_flags2 |=
1307 optval << INP_2PCP_SHIFT;
1308 INP_WUNLOCK(inp);
1309 }
1310 } else
1311 error = EINVAL;
1312 break;
1313 }
1314 break;
1315#undef OPTSET
1316#undef OPTSET2
1317
1318 /*
1319 * Multicast socket options are processed by the in_mcast
1320 * module.
1321 */
1322 case IP_MULTICAST_IF:
1323 case IP_MULTICAST_VIF:
1324 case IP_MULTICAST_TTL:
1325 case IP_MULTICAST_LOOP:
1326 case IP_ADD_MEMBERSHIP:
1327 case IP_DROP_MEMBERSHIP:
1328 case IP_ADD_SOURCE_MEMBERSHIP:
1329 case IP_DROP_SOURCE_MEMBERSHIP:
1330 case IP_BLOCK_SOURCE:
1331 case IP_UNBLOCK_SOURCE:
1332 case IP_MSFILTER:
1333 case MCAST_JOIN_GROUP:
1334 case MCAST_LEAVE_GROUP:
1335 case MCAST_JOIN_SOURCE_GROUP:
1336 case MCAST_LEAVE_SOURCE_GROUP:
1337 case MCAST_BLOCK_SOURCE:
1338 case MCAST_UNBLOCK_SOURCE:
1339 error = inp_setmoptions(inp, sopt);
1340 break;
1341
1342 case IP_PORTRANGE:
1343 error = sooptcopyin(sopt, &optval, sizeof optval,
1344 sizeof optval);
1345 if (error)
1346 break;
1347
1348 INP_WLOCK(inp);
1349 switch (optval) {
1350 case IP_PORTRANGE_DEFAULT:
1351 inp->inp_flags &= ~(INP_LOWPORT);
1352 inp->inp_flags &= ~(INP_HIGHPORT);
1353 break;
1354
1355 case IP_PORTRANGE_HIGH:
1356 inp->inp_flags &= ~(INP_LOWPORT);
1357 inp->inp_flags |= INP_HIGHPORT;
1358 break;
1359
1360 case IP_PORTRANGE_LOW:
1361 inp->inp_flags &= ~(INP_HIGHPORT);
1362 inp->inp_flags |= INP_LOWPORT;
1363 break;
1364
1365 default:
1366 error = EINVAL;
1367 break;
1368 }
1369 INP_WUNLOCK(inp);
1370 break;
1371
1372#if defined(IPSEC) || defined(IPSEC_SUPPORT)
1373 case IP_IPSEC_POLICY:
1374 if (IPSEC_ENABLED(ipv4)) {
1375 error = IPSEC_PCBCTL(ipv4, inp, sopt);
1376 break;
1377 }
1378 /* FALLTHROUGH */
1379#endif /* IPSEC */
1380
1381 default:
1382 error = ENOPROTOOPT;
1383 break;
1384 }
1385 break;
1386
1387 case SOPT_GET:
1388 switch (sopt->sopt_name) {
1389 case IP_OPTIONS:
1390 case IP_RETOPTS:
1391 INP_RLOCK(inp);
1392 if (inp->inp_options) {
1393 struct mbuf *options;
1394
1395 options = m_copym(inp->inp_options, 0,
1396 M_COPYALL, M_NOWAIT);
1397 INP_RUNLOCK(inp);
1398 if (options != NULL) {
1399 error = sooptcopyout(sopt,
1400 mtod(options, char *),
1401 options->m_len);
1402 m_freem(options);
1403 } else
1404 error = ENOMEM;
1405 } else {
1406 INP_RUNLOCK(inp);
1407 sopt->sopt_valsize = 0;
1408 }
1409 break;
1410
1411 case IP_TOS:
1412 case IP_TTL:
1413 case IP_MINTTL:
1414 case IP_RECVOPTS:
1415 case IP_RECVRETOPTS:
1416 case IP_ORIGDSTADDR:
1417 case IP_RECVDSTADDR:
1418 case IP_RECVTTL:
1419 case IP_RECVIF:
1420 case IP_PORTRANGE:
1421 case IP_ONESBCAST:
1422 case IP_DONTFRAG:
1423 case IP_BINDANY:
1424 case IP_RECVTOS:
1425 case IP_BINDMULTI:
1426 case IP_FLOWID:
1427 case IP_FLOWTYPE:
1428 case IP_RECVFLOWID:
1429#ifdef RSS
1430 case IP_RSSBUCKETID:
1431 case IP_RECVRSSBUCKETID:
1432#endif
1433 case IP_VLAN_PCP:
1434 switch (sopt->sopt_name) {
1435 case IP_TOS:
1436 optval = inp->inp_ip_tos;
1437 break;
1438
1439 case IP_TTL:
1440 optval = inp->inp_ip_ttl;
1441 break;
1442
1443 case IP_MINTTL:
1444 optval = inp->inp_ip_minttl;
1445 break;
1446
1447#define OPTBIT(bit) (inp->inp_flags & bit ? 1 : 0)
1448#define OPTBIT2(bit) (inp->inp_flags2 & bit ? 1 : 0)
1449
1450 case IP_RECVOPTS:
1451 optval = OPTBIT(INP_RECVOPTS);
1452 break;
1453
1454 case IP_RECVRETOPTS:
1455 optval = OPTBIT(INP_RECVRETOPTS);
1456 break;
1457
1458 case IP_RECVDSTADDR:
1459 optval = OPTBIT(INP_RECVDSTADDR);
1460 break;
1461
1462 case IP_ORIGDSTADDR:
1463 optval = OPTBIT2(INP_ORIGDSTADDR);
1464 break;
1465
1466 case IP_RECVTTL:
1467 optval = OPTBIT(INP_RECVTTL);
1468 break;
1469
1470 case IP_RECVIF:
1471 optval = OPTBIT(INP_RECVIF);
1472 break;
1473
1474 case IP_PORTRANGE:
1475 if (inp->inp_flags & INP_HIGHPORT)
1476 optval = IP_PORTRANGE_HIGH;
1477 else if (inp->inp_flags & INP_LOWPORT)
1478 optval = IP_PORTRANGE_LOW;
1479 else
1480 optval = 0;
1481 break;
1482
1483 case IP_ONESBCAST:
1484 optval = OPTBIT(INP_ONESBCAST);
1485 break;
1486 case IP_DONTFRAG:
1487 optval = OPTBIT(INP_DONTFRAG);
1488 break;
1489 case IP_BINDANY:
1490 optval = OPTBIT(INP_BINDANY);
1491 break;
1492 case IP_RECVTOS:
1493 optval = OPTBIT(INP_RECVTOS);
1494 break;
1495 case IP_FLOWID:
1496 optval = inp->inp_flowid;
1497 break;
1498 case IP_FLOWTYPE:
1499 optval = inp->inp_flowtype;
1500 break;
1501 case IP_RECVFLOWID:
1502 optval = OPTBIT2(INP_RECVFLOWID);
1503 break;
1504#ifdef RSS
1505 case IP_RSSBUCKETID:
1506 retval = rss_hash2bucket(inp->inp_flowid,
1507 inp->inp_flowtype,
1508 &rss_bucket);
1509 if (retval == 0)
1510 optval = rss_bucket;
1511 else
1512 error = EINVAL;
1513 break;
1514 case IP_RECVRSSBUCKETID:
1515 optval = OPTBIT2(INP_RECVRSSBUCKETID);
1516 break;
1517#endif
1518 case IP_BINDMULTI:
1519 optval = OPTBIT2(INP_BINDMULTI);
1520 break;
1521 case IP_VLAN_PCP:
1522 if (OPTBIT2(INP_2PCP_SET)) {
1523 optval = (inp->inp_flags2 &
1524 INP_2PCP_MASK) >> INP_2PCP_SHIFT;
1525 } else {
1526 optval = -1;
1527 }
1528 break;
1529 }
1530 error = sooptcopyout(sopt, &optval, sizeof optval);
1531 break;
1532
1533 /*
1534 * Multicast socket options are processed by the in_mcast
1535 * module.
1536 */
1537 case IP_MULTICAST_IF:
1538 case IP_MULTICAST_VIF:
1539 case IP_MULTICAST_TTL:
1540 case IP_MULTICAST_LOOP:
1541 case IP_MSFILTER:
1542 error = inp_getmoptions(inp, sopt);
1543 break;
1544
1545#if defined(IPSEC) || defined(IPSEC_SUPPORT)
1546 case IP_IPSEC_POLICY:
1547 if (IPSEC_ENABLED(ipv4)) {
1548 error = IPSEC_PCBCTL(ipv4, inp, sopt);
1549 break;
1550 }
1551 /* FALLTHROUGH */
1552#endif /* IPSEC */
1553
1554 default:
1555 error = ENOPROTOOPT;
1556 break;
1557 }
1558 break;
1559 }
1560 return (error);
1561}
1562
1563/*
1564 * Routine called from ip_output() to loop back a copy of an IP multicast
1565 * packet to the input queue of a specified interface. Note that this
1566 * calls the output routine of the loopback "driver", but with an interface
1567 * pointer that might NOT be a loopback interface -- evil, but easier than
1568 * replicating that code here.
1569 */
1570static void
1571ip_mloopback(struct ifnet *ifp, const struct mbuf *m, int hlen)
1572{
1573 struct ip *ip;
1574 struct mbuf *copym;
1575
1576 /*
1577 * Make a deep copy of the packet because we're going to
1578 * modify the pack in order to generate checksums.
1579 */
1580 copym = m_dup(m, M_NOWAIT);
1581 if (copym != NULL && (!M_WRITABLE(copym) || copym->m_len < hlen))
1582 copym = m_pullup(copym, hlen);
1583 if (copym != NULL) {
1584 /* If needed, compute the checksum and mark it as valid. */
1585 if (copym->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
1586 in_delayed_cksum(copym);
1587 copym->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA;
1588 copym->m_pkthdr.csum_flags |=
1589 CSUM_DATA_VALID | CSUM_PSEUDO_HDR;
1590 copym->m_pkthdr.csum_data = 0xffff;
1591 }
1592 /*
1593 * We don't bother to fragment if the IP length is greater
1594 * than the interface's MTU. Can this possibly matter?
1595 */
1596 ip = mtod(copym, struct ip *);
1597 ip->ip_sum = 0;
1598 ip->ip_sum = in_cksum(copym, hlen);
1599 if_simloop(ifp, copym, AF_INET, 0);
1600 }
1601}
SYSCTL_INT
SYSCTL_INT(_net_inet_accf_http, OID_AUTO, parsehttpversion, CTLFLAG_RW, &parse_http_version, 1, "Parse http version so that non 1.x requests work")
in_ifaddr_broadcast
int in_ifaddr_broadcast(struct in_addr in, struct in_ifaddr *ia)
Definition: in.c:1191
in_localip
bool in_localip(struct in_addr in)
Definition: in.c:131
uint32_t
__uint32_t uint32_t
Definition: in.h:62
uint16_t
__uint16_t uint16_t
Definition: in.h:57
INADDR_BROADCAST
#define INADDR_BROADCAST
Definition: in.h:49
INADDR_ANY
#define INADDR_ANY
Definition: in.h:48
sintosa
#define sintosa(sin)
Definition: in.h:679
ifatoia
#define ifatoia(ifa)
Definition: in.h:680
IPPROTO_IP
#define IPPROTO_IP
Definition: in.h:43
in_cksum_skip
u_short in_cksum_skip(struct mbuf *m, int len, int skip)
Definition: in_cksum.c:228
in_fib.h
fib4_lookup
struct nhop_object * fib4_lookup(uint32_t fibnum, struct in_addr dst, uint32_t scopeid, uint32_t flags, uint32_t flowid)
in_kdtrace.h
IP_PROBE
#define IP_PROBE(probe, arg0, arg1, arg2, arg3, arg4, arg5)
Definition: in_kdtrace.h:33
inp_setmoptions
int inp_setmoptions(struct inpcb *inp, struct sockopt *sopt)
Definition: in_mcast.c:2713
inp_getmoptions
int inp_getmoptions(struct inpcb *inp, struct sockopt *sopt)
Definition: in_mcast.c:1743
in_pcb.h
INP_RECVRETOPTS
#define INP_RECVRETOPTS
Definition: in_pcb.h:621
INP_DONTFRAG
#define INP_DONTFRAG
Definition: in_pcb.h:631
INP_LOCK_ASSERT
#define INP_LOCK_ASSERT(inp)
Definition: in_pcb.h:527
INP_RSS_BUCKET_SET
#define INP_RSS_BUCKET_SET
Definition: in_pcb.h:670
INP_ORIGDSTADDR
#define INP_ORIGDSTADDR
Definition: in_pcb.h:674
INP_WLOCK
#define INP_WLOCK(inp)
Definition: in_pcb.h:518
INP_HIGHPORT
#define INP_HIGHPORT
Definition: in_pcb.h:624
INP_2PCP_SET
#define INP_2PCP_SET
Definition: in_pcb.h:680
INP_RUNLOCK
#define INP_RUNLOCK(inp)
Definition: in_pcb.h:521
INP_RECVTTL
#define INP_RECVTTL
Definition: in_pcb.h:630
sotoinpcb
#define sotoinpcb(so)
Definition: in_pcb.h:701
INP_RECVTOS
#define INP_RECVTOS
Definition: in_pcb.h:634
INP_BINDMULTI
#define INP_BINDMULTI
Definition: in_pcb.h:669
INP_RECVFLOWID
#define INP_RECVFLOWID
Definition: in_pcb.h:671
INP_ONESBCAST
#define INP_ONESBCAST
Definition: in_pcb.h:645
INP_REUSEPORT_LB
#define INP_REUSEPORT_LB
Definition: in_pcb.h:676
INP_RECVDSTADDR
#define INP_RECVDSTADDR
Definition: in_pcb.h:622
INP_2PCP_SHIFT
#define INP_2PCP_SHIFT
Definition: in_pcb.h:686
INP_RATE_LIMIT_CHANGED
#define INP_RATE_LIMIT_CHANGED
Definition: in_pcb.h:673
INP_RECVRSSBUCKETID
#define INP_RECVRSSBUCKETID
Definition: in_pcb.h:672
INP_BINDANY
#define INP_BINDANY
Definition: in_pcb.h:632
INP_RECVOPTS
#define INP_RECVOPTS
Definition: in_pcb.h:620
INP_WUNLOCK
#define INP_WUNLOCK(inp)
Definition: in_pcb.h:522
INP_REUSEADDR
#define INP_REUSEADDR
Definition: in_pcb.h:668
INP_REUSEPORT
#define INP_REUSEPORT
Definition: in_pcb.h:666
INP_LOWPORT
#define INP_LOWPORT
Definition: in_pcb.h:625
INP_RLOCK
#define INP_RLOCK(inp)
Definition: in_pcb.h:517
INP_2PCP_MASK
#define INP_2PCP_MASK
Definition: in_pcb.h:685
INP_RECVIF
#define INP_RECVIF
Definition: in_pcb.h:627
in_rss.h
in_systm.h
in_var.h
IA_SIN
#define IA_SIN(ia)
Definition: in_var.h:96
IFP_TO_IA
#define IFP_TO_IA(ifp, ia)
Definition: in_var.h:159
ip_len
u_short ip_len
Definition: ip.h:9
ip_off
u_short ip_off
Definition: ip.h:11
MAXTTL
#define MAXTTL
Definition: ip.h:211
IPVERSION
#define IPVERSION
Definition: ip.h:46
IP_DF
#define IP_DF
Definition: ip.h:13
IP_MF
#define IP_MF
Definition: ip.h:14
ip_fillid
void ip_fillid(struct ip *ip)
Definition: ip_id.c:243
ip_insertoptions
struct mbuf * ip_insertoptions(struct mbuf *m, struct mbuf *opt, int *phlen)
Definition: ip_options.c:507
ip_pcbopts
int ip_pcbopts(struct inpcb *inp, int optname, struct mbuf *m)
Definition: ip_options.c:601
ip_optcopy
int ip_optcopy(struct ip *ip, struct ip *jp)
Definition: ip_options.c:557
ip_options.h
inetsw
struct protosw inetsw[]
ip_ctloutput
int ip_ctloutput(struct socket *so, struct sockopt *sopt)
Definition: ip_output.c:1070
ip_output_send
static int ip_output_send(struct inpcb *inp, struct ifnet *ifp, struct mbuf *m, const struct sockaddr *gw, struct route *ro, bool stamp_tag)
Definition: ip_output.c:212
OPTSET
#define OPTSET(bit)
ip_output
int ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags, struct ip_moptions *imo, struct inpcb *inp)
Definition: ip_output.c:320
in_mcast_loop
int in_mcast_loop
Definition: in_mcast.c:188
ip_fragment
int ip_fragment(struct ip *ip, struct mbuf **m_frag, int mtu, u_long if_hwassist_flags)
Definition: ip_output.c:859
ip_mloopback
static void ip_mloopback(struct ifnet *, const struct mbuf *, int)
Definition: ip_output.c:1571
OPTSET2
#define OPTSET2(bit, val)
__FBSDID
__FBSDID("$FreeBSD$")
ip_output_pfil
static int ip_output_pfil(struct mbuf **mp, struct ifnet *ifp, int flags, struct inpcb *inp, struct sockaddr_in *dst, int *fibnum, int *error)
Definition: ip_output.c:112
OPTBIT2
#define OPTBIT2(bit)
in_delayed_cksum
void in_delayed_cksum(struct mbuf *m)
Definition: ip_output.c:1032
rt_update_ro_flags
static void rt_update_ro_flags(struct route *ro, const struct nhop_object *nh)
Definition: ip_output.c:296
OPTBIT
#define OPTBIT(bit)
nfrags
static u_int __exclusive_cache_line nfrags
Definition: ip_reass.c:140
ip_var.h
IPSTAT_INC
#define IPSTAT_INC(name)
Definition: ip_var.h:151
IP_FORWARDING
#define IP_FORWARDING
Definition: ip_var.h:165
IP_RAWOUTPUT
#define IP_RAWOUTPUT
Definition: ip_var.h:166
IP_NODEFAULTFLOWID
#define IP_NODEFAULTFLOWID
Definition: ip_var.h:171
IP_SENDONES
#define IP_SENDONES
Definition: ip_var.h:167
V_rsvp_on
#define V_rsvp_on
Definition: ip_var.h:210
IP_ROUTETOIF
#define IP_ROUTETOIF
Definition: ip_var.h:169
V_ip_mrouter
#define V_ip_mrouter
Definition: ip_var.h:209
IP_ALLOWBROADCAST
#define IP_ALLOWBROADCAST
Definition: ip_var.h:170
IPSTAT_ADD
#define IPSTAT_ADD(name, val)
Definition: ip_var.h:148
ip_mforward
int(* ip_mforward)(struct ip *, struct ifnet *, struct mbuf *, struct ip_moptions *)
ip_mcast_src
u_long(* ip_mcast_src)(int)
V_inet_pfil_head
#define V_inet_pfil_head
Definition: ip_var.h:249
IP_NO_SND_TAG_RL
#define IP_NO_SND_TAG_RL
Definition: ip_var.h:172
sctp_crc32.h
in_addr
Definition: in.h:83
in_addr::s_addr
in_addr_t s_addr
Definition: in.h:84
in_conninfo::inc_fibnum
u_int16_t inc_fibnum
Definition: in_pcb.h:116
in_ifaddr
Definition: in_var.h:75
in_ifaddr::ia_ifa
struct ifaddr ia_ifa
Definition: in_var.h:76
inpcb
Definition: in_pcb.h:217
inpcb::inp_rss_listen_bucket
uint32_t inp_rss_listen_bucket
Definition: in_pcb.h:267
inpcb::inp_rt_cookie
rt_gen_t inp_rt_cookie
Definition: in_pcb.h:299
inpcb::inp_ip_minttl
u_char inp_ip_minttl
Definition: in_pcb.h:263
inpcb::inp_flags
int inp_flags
Definition: in_pcb.h:246
inpcb::inp_flags2
int inp_flags2
Definition: in_pcb.h:247
inpcb::inp_flowtype
uint32_t inp_flowtype
Definition: in_pcb.h:266
inpcb::inp_options
struct mbuf * inp_options
Definition: in_pcb.h:279
inpcb::inp_ip_ttl
u_char inp_ip_ttl
Definition: in_pcb.h:261
inpcb::inp_snd_tag
struct m_snd_tag * inp_snd_tag
Definition: in_pcb.h:265
inpcb::inp_numa_domain
uint8_t inp_numa_domain
Definition: in_pcb.h:252
inpcb::inp_ip_tos
u_char inp_ip_tos
Definition: in_pcb.h:278
inpcb::inp_flowid
uint32_t inp_flowid
Definition: in_pcb.h:264
inpcb::inp_inc
struct in_conninfo inp_inc
Definition: in_pcb.h:270
ip
Definition: ip.h:51
ip::ip_dst
struct in_addr ip_src ip_dst
Definition: ip.h:71
ip::ip_hl
u_char ip_hl
Definition: ip.h:53
ip::ip_sum
u_short ip_sum
Definition: ip.h:70
ip::ip_len
u_short ip_len
Definition: ip.h:61
ip::ip_v
u_char ip_v
Definition: ip.h:54
ip::ip_ttl
u_char ip_ttl
Definition: ip.h:68
ip::ip_off
u_short ip_off
Definition: ip.h:63
sockaddr_in
Definition: in.h:97
sockaddr_in::sin_addr
struct in_addr sin_addr
Definition: in.h:101
sockaddr_in::sin_len
uint8_t sin_len
Definition: in.h:98
sockaddr_in::sin_family
sa_family_t sin_family
Definition: in.h:99
udphdr
Definition: udp.h:45
udphdr::uh_ulen
u_short uh_ulen
Definition: udp.h:48
udp_var.h