1 /* $NetBSD: ip_output.c,v 1.324 2022/11/21 09:51:13 knakahara Exp $ */
2
3 /*
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the project nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 /*
33 * Copyright (c) 1998 The NetBSD Foundation, Inc.
34 * All rights reserved.
35 *
36 * This code is derived from software contributed to The NetBSD Foundation
37 * by Public Access Networks Corporation ("Panix"). It was developed under
38 * contract to Panix by Eric Haszlakiewicz and Thor Lancelot Simon.
39 *
40 * Redistribution and use in source and binary forms, with or without
41 * modification, are permitted provided that the following conditions
42 * are met:
43 * 1. Redistributions of source code must retain the above copyright
44 * notice, this list of conditions and the following disclaimer.
45 * 2. Redistributions in binary form must reproduce the above copyright
46 * notice, this list of conditions and the following disclaimer in the
47 * documentation and/or other materials provided with the distribution.
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
50 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
51 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
52 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
53 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
54 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
55 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
56 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
57 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
58 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
59 * POSSIBILITY OF SUCH DAMAGE.
60 */
61
62 /*
63 * Copyright (c) 1982, 1986, 1988, 1990, 1993
64 * The Regents of the University of California. All rights reserved.
65 *
66 * Redistribution and use in source and binary forms, with or without
67 * modification, are permitted provided that the following conditions
68 * are met:
69 * 1. Redistributions of source code must retain the above copyright
70 * notice, this list of conditions and the following disclaimer.
71 * 2. Redistributions in binary form must reproduce the above copyright
72 * notice, this list of conditions and the following disclaimer in the
73 * documentation and/or other materials provided with the distribution.
74 * 3. Neither the name of the University nor the names of its contributors
75 * may be used to endorse or promote products derived from this software
76 * without specific prior written permission.
77 *
78 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
79 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
80 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
81 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
82 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
83 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
84 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
85 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
86 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
87 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
88 * SUCH DAMAGE.
89 *
90 * @(#)ip_output.c 8.3 (Berkeley) 1/21/94
91 */
92
93 #include <sys/cdefs.h>
94 __KERNEL_RCSID(0, "$NetBSD: ip_output.c,v 1.324 2022/11/21 09:51:13 knakahara Exp $");
95
96 #ifdef _KERNEL_OPT
97 #include "opt_inet.h"
98 #include "opt_ipsec.h"
99 #include "opt_mrouting.h"
100 #include "opt_net_mpsafe.h"
101 #include "opt_mpls.h"
102 #endif
103
104 #include "arp.h"
105
106 #include <sys/param.h>
107 #include <sys/kmem.h>
108 #include <sys/mbuf.h>
109 #include <sys/socket.h>
110 #include <sys/socketvar.h>
111 #include <sys/kauth.h>
112 #include <sys/systm.h>
113 #include <sys/syslog.h>
114
115 #include <net/if.h>
116 #include <net/if_types.h>
117 #include <net/route.h>
118 #include <net/pfil.h>
119
120 #include <netinet/in.h>
121 #include <netinet/in_systm.h>
122 #include <netinet/ip.h>
123 #include <netinet/in_pcb.h>
124 #include <netinet/in_var.h>
125 #include <netinet/ip_var.h>
126 #include <netinet/ip_private.h>
127 #include <netinet/in_offload.h>
128 #include <netinet/portalgo.h>
129 #include <netinet/udp.h>
130 #include <netinet/udp_var.h>
131
132 #ifdef INET6
133 #include <netinet6/ip6_var.h>
134 #endif
135
136 #ifdef MROUTING
137 #include <netinet/ip_mroute.h>
138 #endif
139
140 #ifdef IPSEC
141 #include <netipsec/ipsec.h>
142 #include <netipsec/key.h>
143 #endif
144
145 #ifdef MPLS
146 #include <netmpls/mpls.h>
147 #include <netmpls/mpls_var.h>
148 #endif
149
150 static int ip_pcbopts(struct inpcb *, const struct sockopt *);
151 static struct mbuf *ip_insertoptions(struct mbuf *, struct mbuf *, int *);
152 static struct ifnet *ip_multicast_if(struct in_addr *, int *);
153 static void ip_mloopback(struct ifnet *, struct mbuf *,
154 const struct sockaddr_in *);
155 static int ip_ifaddrvalid(const struct in_ifaddr *);
156
157 extern pfil_head_t *inet_pfil_hook; /* XXX */
158
159 int ip_do_loopback_cksum = 0;
160
161 static int
162 ip_mark_mpls(struct ifnet * const ifp, struct mbuf * const m,
163 const struct rtentry *rt)
164 {
165 int error = 0;
166 #ifdef MPLS
167 union mpls_shim msh;
168
169 if (rt == NULL || rt_gettag(rt) == NULL ||
170 rt_gettag(rt)->sa_family != AF_MPLS ||
171 (m->m_flags & (M_MCAST | M_BCAST)) != 0 ||
172 ifp->if_type != IFT_ETHER)
173 return 0;
174
175 msh.s_addr = MPLS_GETSADDR(rt);
176 if (msh.shim.label != MPLS_LABEL_IMPLNULL) {
177 struct m_tag *mtag;
178 /*
179 * XXX tentative solution to tell ether_output
180 * it's MPLS. Need some more efficient solution.
181 */
182 mtag = m_tag_get(PACKET_TAG_MPLS,
183 sizeof(int) /* dummy */,
184 M_NOWAIT);
185 if (mtag == NULL)
186 return ENOMEM;
187 m_tag_prepend(m, mtag);
188 }
189 #endif
190 return error;
191 }
192
193 /*
194 * Send an IP packet to a host.
195 */
196 int
197 ip_if_output(struct ifnet * const ifp, struct mbuf * const m,
198 const struct sockaddr * const dst, const struct rtentry *rt)
199 {
200 int error = 0;
201
202 if (rt != NULL) {
203 error = rt_check_reject_route(rt, ifp);
204 if (error != 0) {
205 IP_STATINC(IP_STAT_RTREJECT);
206 m_freem(m);
207 return error;
208 }
209 }
210
211 error = ip_mark_mpls(ifp, m, rt);
212 if (error != 0) {
213 m_freem(m);
214 return error;
215 }
216
217 error = if_output_lock(ifp, ifp, m, dst, rt);
218
219 return error;
220 }
221
222 /*
223 * IP output. The packet in mbuf chain m contains a skeletal IP
224 * header (with len, off, ttl, proto, tos, src, dst).
225 * The mbuf chain containing the packet will be freed.
226 * The mbuf opt, if present, will not be freed.
227 */
228 int
229 ip_output(struct mbuf *m0, struct mbuf *opt, struct route *ro, int flags,
230 struct ip_moptions *imo, struct inpcb *inp)
231 {
232 struct rtentry *rt;
233 struct ip *ip;
234 struct ifnet *ifp, *mifp = NULL;
235 struct mbuf *m = m0;
236 int len, hlen, error = 0;
237 struct route iproute;
238 const struct sockaddr_in *dst;
239 struct in_ifaddr *ia = NULL;
240 struct ifaddr *ifa;
241 int isbroadcast;
242 int sw_csum;
243 u_long mtu;
244 bool natt_frag = false;
245 bool rtmtu_nolock;
246 union {
247 struct sockaddr sa;
248 struct sockaddr_in sin;
249 } udst, usrc;
250 struct sockaddr *rdst = &udst.sa; /* real IP destination, as
251 * opposed to the nexthop
252 */
253 struct psref psref, psref_ia;
254 int bound;
255 bool bind_need_restore = false;
256 const struct sockaddr *sa;
257
258 len = 0;
259
260 MCLAIM(m, &ip_tx_mowner);
261
262 KASSERT((m->m_flags & M_PKTHDR) != 0);
263 KASSERT((m->m_pkthdr.csum_flags & (M_CSUM_TCPv6|M_CSUM_UDPv6)) == 0);
264 KASSERT((m->m_pkthdr.csum_flags & (M_CSUM_TCPv4|M_CSUM_UDPv4)) !=
265 (M_CSUM_TCPv4|M_CSUM_UDPv4));
266 KASSERT(m->m_len >= sizeof(struct ip));
267
268 hlen = sizeof(struct ip);
269 if (opt) {
270 m = ip_insertoptions(m, opt, &len);
271 hlen = len;
272 }
273 ip = mtod(m, struct ip *);
274
275 /*
276 * Fill in IP header.
277 */
278 if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) {
279 ip->ip_v = IPVERSION;
280 ip->ip_off = htons(0);
281 /* ip->ip_id filled in after we find out source ia */
282 ip->ip_hl = hlen >> 2;
283 IP_STATINC(IP_STAT_LOCALOUT);
284 } else {
285 hlen = ip->ip_hl << 2;
286 }
287
288 /*
289 * Route packet.
290 */
291 if (ro == NULL) {
292 memset(&iproute, 0, sizeof(iproute));
293 ro = &iproute;
294 }
295 sockaddr_in_init(&udst.sin, &ip->ip_dst, 0);
296 dst = satocsin(rtcache_getdst(ro));
297
298 /*
299 * If there is a cached route, check that it is to the same
300 * destination and is still up. If not, free it and try again.
301 * The address family should also be checked in case of sharing
302 * the cache with IPv6.
303 */
304 if (dst && (dst->sin_family != AF_INET ||
305 !in_hosteq(dst->sin_addr, ip->ip_dst)))
306 rtcache_free(ro);
307
308 /* XXX must be before rtcache operations */
309 bound = curlwp_bind();
310 bind_need_restore = true;
311
312 if ((rt = rtcache_validate(ro)) == NULL &&
313 (rt = rtcache_update(ro, 1)) == NULL) {
314 dst = &udst.sin;
315 error = rtcache_setdst(ro, &udst.sa);
316 if (error != 0) {
317 IP_STATINC(IP_STAT_ODROPPED);
318 goto bad;
319 }
320 }
321
322 /*
323 * If routing to interface only, short circuit routing lookup.
324 */
325 if (flags & IP_ROUTETOIF) {
326 ifa = ifa_ifwithladdr_psref(sintocsa(dst), &psref_ia);
327 if (ifa == NULL) {
328 IP_STATINC(IP_STAT_NOROUTE);
329 error = ENETUNREACH;
330 goto bad;
331 }
332 /* ia is already referenced by psref_ia */
333 ia = ifatoia(ifa);
334
335 ifp = ia->ia_ifp;
336 mtu = ifp->if_mtu;
337 ip->ip_ttl = 1;
338 isbroadcast = in_broadcast(dst->sin_addr, ifp);
339 } else if (((IN_MULTICAST(ip->ip_dst.s_addr) ||
340 ip->ip_dst.s_addr == INADDR_BROADCAST) ||
341 (flags & IP_ROUTETOIFINDEX)) &&
342 imo != NULL && imo->imo_multicast_if_index != 0) {
343 ifp = mifp = if_get_byindex(imo->imo_multicast_if_index, &psref);
344 if (ifp == NULL) {
345 IP_STATINC(IP_STAT_NOROUTE);
346 error = ENETUNREACH;
347 goto bad;
348 }
349 mtu = ifp->if_mtu;
350 ia = in_get_ia_from_ifp_psref(ifp, &psref_ia);
351 if (ia == NULL) {
352 IP_STATINC(IP_STAT_IFNOADDR);
353 error = EADDRNOTAVAIL;
354 goto bad;
355 }
356 if (IN_MULTICAST(ip->ip_dst.s_addr) ||
357 ip->ip_dst.s_addr == INADDR_BROADCAST) {
358 isbroadcast = 0;
359 } else {
360 /* IP_ROUTETOIFINDEX */
361 isbroadcast = in_broadcast(dst->sin_addr, ifp);
362 if ((isbroadcast == 0) && ((ifp->if_flags &
363 (IFF_LOOPBACK | IFF_POINTOPOINT)) == 0) &&
364 (in_direct(dst->sin_addr, ifp) == 0)) {
365 /* gateway address required */
366 if (rt == NULL)
367 rt = rtcache_init(ro);
368 if (rt == NULL || rt->rt_ifp != ifp) {
369 IP_STATINC(IP_STAT_NOROUTE);
370 error = EHOSTUNREACH;
371 goto bad;
372 }
373 rt->rt_use++;
374 if (rt->rt_flags & RTF_GATEWAY)
375 dst = satosin(rt->rt_gateway);
376 if (rt->rt_flags & RTF_HOST)
377 isbroadcast =
378 rt->rt_flags & RTF_BROADCAST;
379 }
380 }
381 } else {
382 if (rt == NULL)
383 rt = rtcache_init(ro);
384 if (rt == NULL) {
385 IP_STATINC(IP_STAT_NOROUTE);
386 error = EHOSTUNREACH;
387 goto bad;
388 }
389 if (ifa_is_destroying(rt->rt_ifa)) {
390 rtcache_unref(rt, ro);
391 rt = NULL;
392 IP_STATINC(IP_STAT_NOROUTE);
393 error = EHOSTUNREACH;
394 goto bad;
395 }
396 ifa_acquire(rt->rt_ifa, &psref_ia);
397 ia = ifatoia(rt->rt_ifa);
398 ifp = rt->rt_ifp;
399 if ((mtu = rt->rt_rmx.rmx_mtu) == 0)
400 mtu = ifp->if_mtu;
401 rt->rt_use++;
402 if (rt->rt_flags & RTF_GATEWAY)
403 dst = satosin(rt->rt_gateway);
404 if (rt->rt_flags & RTF_HOST)
405 isbroadcast = rt->rt_flags & RTF_BROADCAST;
406 else
407 isbroadcast = in_broadcast(dst->sin_addr, ifp);
408 }
409 rtmtu_nolock = rt && (rt->rt_rmx.rmx_locks & RTV_MTU) == 0;
410
411 if (IN_MULTICAST(ip->ip_dst.s_addr) ||
412 (ip->ip_dst.s_addr == INADDR_BROADCAST)) {
413 bool inmgroup;
414
415 m->m_flags |= (ip->ip_dst.s_addr == INADDR_BROADCAST) ?
416 M_BCAST : M_MCAST;
417 /*
418 * See if the caller provided any multicast options
419 */
420 if (imo != NULL)
421 ip->ip_ttl = imo->imo_multicast_ttl;
422 else
423 ip->ip_ttl = IP_DEFAULT_MULTICAST_TTL;
424
425 /*
426 * if we don't know the outgoing ifp yet, we can't generate
427 * output
428 */
429 if (!ifp) {
430 IP_STATINC(IP_STAT_NOROUTE);
431 error = ENETUNREACH;
432 goto bad;
433 }
434
435 /*
436 * If the packet is multicast or broadcast, confirm that
437 * the outgoing interface can transmit it.
438 */
439 if (((m->m_flags & M_MCAST) &&
440 (ifp->if_flags & IFF_MULTICAST) == 0) ||
441 ((m->m_flags & M_BCAST) &&
442 (ifp->if_flags & (IFF_BROADCAST|IFF_POINTOPOINT)) == 0)) {
443 IP_STATINC(IP_STAT_NOROUTE);
444 error = ENETUNREACH;
445 goto bad;
446 }
447 /*
448 * If source address not specified yet, use an address
449 * of outgoing interface.
450 */
451 if (in_nullhost(ip->ip_src)) {
452 struct in_ifaddr *xia;
453 struct ifaddr *xifa;
454 struct psref _psref;
455
456 xia = in_get_ia_from_ifp_psref(ifp, &_psref);
457 if (!xia) {
458 IP_STATINC(IP_STAT_IFNOADDR);
459 error = EADDRNOTAVAIL;
460 goto bad;
461 }
462 xifa = &xia->ia_ifa;
463 if (xifa->ifa_getifa != NULL) {
464 ia4_release(xia, &_psref);
465 /* FIXME ifa_getifa is NOMPSAFE */
466 xia = ifatoia((*xifa->ifa_getifa)(xifa, rdst));
467 if (xia == NULL) {
468 IP_STATINC(IP_STAT_IFNOADDR);
469 error = EADDRNOTAVAIL;
470 goto bad;
471 }
472 ia4_acquire(xia, &_psref);
473 }
474 ip->ip_src = xia->ia_addr.sin_addr;
475 ia4_release(xia, &_psref);
476 }
477
478 inmgroup = in_multi_group(ip->ip_dst, ifp, flags);
479 if (inmgroup && (imo == NULL || imo->imo_multicast_loop)) {
480 /*
481 * If we belong to the destination multicast group
482 * on the outgoing interface, and the caller did not
483 * forbid loopback, loop back a copy.
484 */
485 ip_mloopback(ifp, m, &udst.sin);
486 }
487 #ifdef MROUTING
488 else {
489 /*
490 * If we are acting as a multicast router, perform
491 * multicast forwarding as if the packet had just
492 * arrived on the interface to which we are about
493 * to send. The multicast forwarding function
494 * recursively calls this function, using the
495 * IP_FORWARDING flag to prevent infinite recursion.
496 *
497 * Multicasts that are looped back by ip_mloopback(),
498 * above, will be forwarded by the ip_input() routine,
499 * if necessary.
500 */
501 extern struct socket *ip_mrouter;
502
503 if (ip_mrouter && (flags & IP_FORWARDING) == 0) {
504 if (ip_mforward(m, ifp) != 0) {
505 m_freem(m);
506 goto done;
507 }
508 }
509 }
510 #endif
511 /*
512 * Multicasts with a time-to-live of zero may be looped-
513 * back, above, but must not be transmitted on a network.
514 * Also, multicasts addressed to the loopback interface
515 * are not sent -- the above call to ip_mloopback() will
516 * loop back a copy if this host actually belongs to the
517 * destination group on the loopback interface.
518 */
519 if (ip->ip_ttl == 0 || (ifp->if_flags & IFF_LOOPBACK) != 0) {
520 IP_STATINC(IP_STAT_ODROPPED);
521 m_freem(m);
522 goto done;
523 }
524 goto sendit;
525 }
526
527 /*
528 * If source address not specified yet, use address
529 * of outgoing interface.
530 */
531 if (in_nullhost(ip->ip_src)) {
532 struct ifaddr *xifa;
533
534 /* If rt_ifa is AF_LINK, ia can be NULL. */
535 if (ia == NULL) {
536 KASSERTMSG(rt->rt_ifa->ifa_addr->sa_family == AF_LINK,
537 "sa_family=%d", rt->rt_ifa->ifa_addr->sa_family);
538 IP_STATINC(IP_STAT_NOROUTE);
539 error = EHOSTUNREACH;
540 goto bad;
541 }
542
543 xifa = &ia->ia_ifa;
544 if (xifa->ifa_getifa != NULL) {
545 ia4_release(ia, &psref_ia);
546 /* FIXME ifa_getifa is NOMPSAFE */
547 ia = ifatoia((*xifa->ifa_getifa)(xifa, rdst));
548 if (ia == NULL) {
549 error = EADDRNOTAVAIL;
550 goto bad;
551 }
552 ia4_acquire(ia, &psref_ia);
553 }
554 ip->ip_src = ia->ia_addr.sin_addr;
555 }
556
557 /*
558 * Packets with Class-D address as source are not valid per
559 * RFC1112.
560 */
561 if (IN_MULTICAST(ip->ip_src.s_addr)) {
562 IP_STATINC(IP_STAT_ODROPPED);
563 error = EADDRNOTAVAIL;
564 goto bad;
565 }
566
567 /*
568 * Look for broadcast address and verify user is allowed to
569 * send such a packet.
570 */
571 if (isbroadcast) {
572 if ((ifp->if_flags & IFF_BROADCAST) == 0) {
573 IP_STATINC(IP_STAT_BCASTDENIED);
574 error = EADDRNOTAVAIL;
575 goto bad;
576 }
577 if ((flags & IP_ALLOWBROADCAST) == 0) {
578 IP_STATINC(IP_STAT_BCASTDENIED);
579 error = EACCES;
580 goto bad;
581 }
582 /* don't allow broadcast messages to be fragmented */
583 if (ntohs(ip->ip_len) > ifp->if_mtu) {
584 IP_STATINC(IP_STAT_BCASTDENIED);
585 error = EMSGSIZE;
586 goto bad;
587 }
588 m->m_flags |= M_BCAST;
589 } else
590 m->m_flags &= ~M_BCAST;
591
592 sendit:
593 if ((flags & (IP_FORWARDING|IP_NOIPNEWID)) == 0) {
594 /* If rt_ifa is AF_LINK, ia can be NULL. */
595 if (ia == NULL) {
596 KASSERTMSG(rt->rt_ifa->ifa_addr->sa_family == AF_LINK,
597 "sa_family=%d", rt->rt_ifa->ifa_addr->sa_family);
598 IP_STATINC(IP_STAT_NOROUTE);
599 error = EHOSTUNREACH;
600 goto bad;
601 }
602
603 if (m->m_pkthdr.len < IP_MINFRAGSIZE) {
604 ip->ip_id = 0;
605 } else if ((m->m_pkthdr.csum_flags & M_CSUM_TSOv4) == 0) {
606 ip->ip_id = ip_newid(ia);
607 } else {
608 /*
609 * TSO capable interfaces (typically?) increment
610 * ip_id for each segment.
611 * "allocate" enough ids here to increase the chance
612 * for them to be unique.
613 *
614 * note that the following calculation is not
615 * needed to be precise. wasting some ip_id is fine.
616 */
617
618 unsigned int segsz = m->m_pkthdr.segsz;
619 unsigned int datasz = ntohs(ip->ip_len) - hlen;
620 unsigned int num = howmany(datasz, segsz);
621
622 ip->ip_id = ip_newid_range(ia, num);
623 }
624 }
625 if (ia != NULL) {
626 ia4_release(ia, &psref_ia);
627 ia = NULL;
628 }
629
630 /*
631 * If we're doing Path MTU Discovery, we need to set DF unless
632 * the route's MTU is locked.
633 */
634 if ((flags & IP_MTUDISC) != 0 && rtmtu_nolock) {
635 ip->ip_off |= htons(IP_DF);
636 }
637
638 #ifdef IPSEC
639 if (ipsec_used) {
640 bool ipsec_done = false;
641 bool count_drop = false;
642
643 /* Perform IPsec processing, if any. */
644 error = ipsec4_output(m, inp, flags, &mtu, &natt_frag,
645 &ipsec_done, &count_drop);
646 if (count_drop)
647 IP_STATINC(IP_STAT_IPSECDROP_OUT);
648 if (error || ipsec_done)
649 goto done;
650 }
651
652 if (!ipsec_used || !natt_frag)
653 #endif
654 {
655 /*
656 * Run through list of hooks for output packets.
657 */
658 error = pfil_run_hooks(inet_pfil_hook, &m, ifp, PFIL_OUT);
659 if (error || m == NULL) {
660 IP_STATINC(IP_STAT_PFILDROP_OUT);
661 goto done;
662 }
663 }
664
665 ip = mtod(m, struct ip *);
666 hlen = ip->ip_hl << 2;
667
668 m->m_pkthdr.csum_data |= hlen << 16;
669
670 /*
671 * search for the source address structure to
672 * maintain output statistics, and verify address
673 * validity
674 */
675 KASSERT(ia == NULL);
676 sockaddr_in_init(&usrc.sin, &ip->ip_src, 0);
677 ifa = ifaof_ifpforaddr_psref(&usrc.sa, ifp, &psref_ia);
678 if (ifa != NULL)
679 ia = ifatoia(ifa);
680
681 /*
682 * Ensure we only send from a valid address.
683 * A NULL address is valid because the packet could be
684 * generated from a packet filter.
685 */
686 if (ia != NULL && (flags & IP_FORWARDING) == 0 &&
687 (error = ip_ifaddrvalid(ia)) != 0)
688 {
689 ARPLOG(LOG_ERR,
690 "refusing to send from invalid address %s (pid %d)\n",
691 ARPLOGADDR(&ip->ip_src), curproc->p_pid);
692 IP_STATINC(IP_STAT_ODROPPED);
693 if (error == 1)
694 /*
695 * Address exists, but is tentative or detached.
696 * We can't send from it because it's invalid,
697 * so we drop the packet.
698 */
699 error = 0;
700 else
701 error = EADDRNOTAVAIL;
702 goto bad;
703 }
704
705 /* Maybe skip checksums on loopback interfaces. */
706 if (IN_NEED_CHECKSUM(ifp, M_CSUM_IPv4)) {
707 m->m_pkthdr.csum_flags |= M_CSUM_IPv4;
708 }
709 sw_csum = m->m_pkthdr.csum_flags & ~ifp->if_csum_flags_tx;
710
711 /* Need to fragment the packet */
712 if (ntohs(ip->ip_len) > mtu &&
713 (m->m_pkthdr.csum_flags & M_CSUM_TSOv4) == 0) {
714 goto fragment;
715 }
716
717 #if IFA_STATS
718 if (ia)
719 ia->ia_ifa.ifa_data.ifad_outbytes += ntohs(ip->ip_len);
720 #endif
721 /*
722 * Always initialize the sum to 0! Some HW assisted
723 * checksumming requires this.
724 */
725 ip->ip_sum = 0;
726
727 if ((m->m_pkthdr.csum_flags & M_CSUM_TSOv4) == 0) {
728 /*
729 * Perform any checksums that the hardware can't do
730 * for us.
731 *
732 * XXX Does any hardware require the {th,uh}_sum
733 * XXX fields to be 0?
734 */
735 if (sw_csum & M_CSUM_IPv4) {
736 KASSERT(IN_NEED_CHECKSUM(ifp, M_CSUM_IPv4));
737 ip->ip_sum = in_cksum(m, hlen);
738 m->m_pkthdr.csum_flags &= ~M_CSUM_IPv4;
739 }
740 if (sw_csum & (M_CSUM_TCPv4|M_CSUM_UDPv4)) {
741 if (IN_NEED_CHECKSUM(ifp,
742 sw_csum & (M_CSUM_TCPv4|M_CSUM_UDPv4))) {
743 in_undefer_cksum_tcpudp(m);
744 }
745 m->m_pkthdr.csum_flags &=
746 ~(M_CSUM_TCPv4|M_CSUM_UDPv4);
747 }
748 }
749
750 sa = (m->m_flags & M_MCAST) ? sintocsa(rdst) : sintocsa(dst);
751
752 /* Send it */
753 if (__predict_false(sw_csum & M_CSUM_TSOv4)) {
754 /*
755 * TSO4 is required by a packet, but disabled for
756 * the interface.
757 */
758 error = ip_tso_output(ifp, m, sa, rt);
759 } else
760 error = ip_if_output(ifp, m, sa, rt);
761 goto done;
762
763 fragment:
764 /*
765 * We can't use HW checksumming if we're about to fragment the packet.
766 *
767 * XXX Some hardware can do this.
768 */
769 if (m->m_pkthdr.csum_flags & (M_CSUM_TCPv4|M_CSUM_UDPv4)) {
770 if (IN_NEED_CHECKSUM(ifp,
771 m->m_pkthdr.csum_flags & (M_CSUM_TCPv4|M_CSUM_UDPv4))) {
772 in_undefer_cksum_tcpudp(m);
773 }
774 m->m_pkthdr.csum_flags &= ~(M_CSUM_TCPv4|M_CSUM_UDPv4);
775 }
776
777 /*
778 * Too large for interface; fragment if possible.
779 * Must be able to put at least 8 bytes per fragment.
780 */
781 if (ntohs(ip->ip_off) & IP_DF) {
782 if (flags & IP_RETURNMTU) {
783 KASSERT(inp != NULL);
784 in4p_errormtu(inp) = mtu;
785 }
786 error = EMSGSIZE;
787 IP_STATINC(IP_STAT_CANTFRAG);
788 goto bad;
789 }
790
791 error = ip_fragment(m, ifp, mtu);
792 if (error) {
793 m = NULL;
794 goto bad;
795 }
796
797 for (; m; m = m0) {
798 m0 = m->m_nextpkt;
799 m->m_nextpkt = NULL;
800 if (error) {
801 m_freem(m);
802 continue;
803 }
804 #if IFA_STATS
805 if (ia)
806 ia->ia_ifa.ifa_data.ifad_outbytes += ntohs(ip->ip_len);
807 #endif
808 /*
809 * If we get there, the packet has not been handled by
810 * IPsec whereas it should have. Now that it has been
811 * fragmented, re-inject it in ip_output so that IPsec
812 * processing can occur.
813 */
814 if (natt_frag) {
815 error = ip_output(m, opt, NULL,
816 flags | IP_RAWOUTPUT | IP_NOIPNEWID,
817 imo, inp);
818 } else {
819 KASSERT((m->m_pkthdr.csum_flags &
820 (M_CSUM_UDPv4 | M_CSUM_TCPv4)) == 0);
821 error = ip_if_output(ifp, m, (m->m_flags & M_MCAST) ?
822 sintocsa(rdst) : sintocsa(dst), rt);
823 }
824 }
825 if (error == 0) {
826 IP_STATINC(IP_STAT_FRAGMENTED);
827 }
828
829 done:
830 ia4_release(ia, &psref_ia);
831 rtcache_unref(rt, ro);
832 if (ro == &iproute) {
833 rtcache_free(&iproute);
834 }
835 if (mifp != NULL) {
836 if_put(mifp, &psref);
837 }
838 if (bind_need_restore)
839 curlwp_bindx(bound);
840 return error;
841
842 bad:
843 m_freem(m);
844 goto done;
845 }
846
847 int
848 ip_fragment(struct mbuf *m, struct ifnet *ifp, u_long mtu)
849 {
850 struct ip *ip, *mhip;
851 struct mbuf *m0;
852 int len, hlen, off;
853 int mhlen, firstlen;
854 struct mbuf **mnext;
855 int sw_csum = m->m_pkthdr.csum_flags;
856 int fragments = 0;
857 int error = 0;
858 int ipoff, ipflg;
859
860 ip = mtod(m, struct ip *);
861 hlen = ip->ip_hl << 2;
862
863 /* Preserve the offset and flags. */
864 ipoff = ntohs(ip->ip_off) & IP_OFFMASK;
865 ipflg = ntohs(ip->ip_off) & (IP_RF|IP_DF|IP_MF);
866
867 if (ifp != NULL)
868 sw_csum &= ~ifp->if_csum_flags_tx;
869
870 len = (mtu - hlen) &~ 7;
871 if (len < 8) {
872 IP_STATINC(IP_STAT_CANTFRAG);
873 m_freem(m);
874 return EMSGSIZE;
875 }
876
877 firstlen = len;
878 mnext = &m->m_nextpkt;
879
880 /*
881 * Loop through length of segment after first fragment,
882 * make new header and copy data of each part and link onto chain.
883 */
884 m0 = m;
885 mhlen = sizeof(struct ip);
886 for (off = hlen + len; off < ntohs(ip->ip_len); off += len) {
887 MGETHDR(m, M_DONTWAIT, MT_HEADER);
888 if (m == NULL) {
889 error = ENOBUFS;
890 IP_STATINC(IP_STAT_ODROPPED);
891 goto sendorfree;
892 }
893 MCLAIM(m, m0->m_owner);
894
895 *mnext = m;
896 mnext = &m->m_nextpkt;
897
898 m->m_data += max_linkhdr;
899 mhip = mtod(m, struct ip *);
900 *mhip = *ip;
901
902 /* we must inherit the flags */
903 m->m_flags |= m0->m_flags & M_COPYFLAGS;
904
905 if (hlen > sizeof(struct ip)) {
906 mhlen = ip_optcopy(ip, mhip) + sizeof(struct ip);
907 mhip->ip_hl = mhlen >> 2;
908 }
909 m->m_len = mhlen;
910
911 mhip->ip_off = ((off - hlen) >> 3) + ipoff;
912 mhip->ip_off |= ipflg;
913 if (off + len >= ntohs(ip->ip_len))
914 len = ntohs(ip->ip_len) - off;
915 else
916 mhip->ip_off |= IP_MF;
917 HTONS(mhip->ip_off);
918
919 mhip->ip_len = htons((u_int16_t)(len + mhlen));
920 m->m_next = m_copym(m0, off, len, M_DONTWAIT);
921 if (m->m_next == NULL) {
922 error = ENOBUFS;
923 IP_STATINC(IP_STAT_ODROPPED);
924 goto sendorfree;
925 }
926
927 m->m_pkthdr.len = mhlen + len;
928 m_reset_rcvif(m);
929
930 mhip->ip_sum = 0;
931 KASSERT((m->m_pkthdr.csum_flags & M_CSUM_IPv4) == 0);
932 if (sw_csum & M_CSUM_IPv4) {
933 mhip->ip_sum = in_cksum(m, mhlen);
934 } else {
935 /*
936 * checksum is hw-offloaded or not necessary.
937 */
938 m->m_pkthdr.csum_flags |=
939 m0->m_pkthdr.csum_flags & M_CSUM_IPv4;
940 m->m_pkthdr.csum_data |= mhlen << 16;
941 KASSERT(!(ifp != NULL &&
942 IN_NEED_CHECKSUM(ifp, M_CSUM_IPv4)) ||
943 (m->m_pkthdr.csum_flags & M_CSUM_IPv4) != 0);
944 }
945 IP_STATINC(IP_STAT_OFRAGMENTS);
946 fragments++;
947 }
948
949 /*
950 * Update first fragment by trimming what's been copied out
951 * and updating header, then send each fragment (in order).
952 */
953 m = m0;
954 m_adj(m, hlen + firstlen - ntohs(ip->ip_len));
955 m->m_pkthdr.len = hlen + firstlen;
956 ip->ip_len = htons((u_int16_t)m->m_pkthdr.len);
957 ip->ip_off |= htons(IP_MF);
958 ip->ip_sum = 0;
959 if (sw_csum & M_CSUM_IPv4) {
960 ip->ip_sum = in_cksum(m, hlen);
961 m->m_pkthdr.csum_flags &= ~M_CSUM_IPv4;
962 } else {
963 /*
964 * checksum is hw-offloaded or not necessary.
965 */
966 KASSERT(!(ifp != NULL && IN_NEED_CHECKSUM(ifp, M_CSUM_IPv4)) ||
967 (m->m_pkthdr.csum_flags & M_CSUM_IPv4) != 0);
968 KASSERT(M_CSUM_DATA_IPv4_IPHL(m->m_pkthdr.csum_data) >=
969 sizeof(struct ip));
970 }
971
972 sendorfree:
973 /*
974 * If there is no room for all the fragments, don't queue
975 * any of them.
976 */
977 if (ifp != NULL) {
978 IFQ_LOCK(&ifp->if_snd);
979 if (ifp->if_snd.ifq_maxlen - ifp->if_snd.ifq_len < fragments &&
980 error == 0) {
981 error = ENOBUFS;
982 IP_STATINC(IP_STAT_ODROPPED);
983 IFQ_INC_DROPS(&ifp->if_snd);
984 }
985 IFQ_UNLOCK(&ifp->if_snd);
986 }
987 if (error) {
988 for (m = m0; m; m = m0) {
989 m0 = m->m_nextpkt;
990 m->m_nextpkt = NULL;
991 m_freem(m);
992 }
993 }
994
995 return error;
996 }
997
998 /*
999 * Determine the maximum length of the options to be inserted;
1000 * we would far rather allocate too much space rather than too little.
1001 */
1002 u_int
1003 ip_optlen(struct inpcb *inp)
1004 {
1005 struct mbuf *m = inp->inp_options;
1006
1007 if (m && m->m_len > offsetof(struct ipoption, ipopt_dst)) {
1008 return (m->m_len - offsetof(struct ipoption, ipopt_dst));
1009 }
1010 return 0;
1011 }
1012
1013 /*
1014 * Insert IP options into preformed packet.
1015 * Adjust IP destination as required for IP source routing,
1016 * as indicated by a non-zero in_addr at the start of the options.
1017 */
1018 static struct mbuf *
1019 ip_insertoptions(struct mbuf *m, struct mbuf *opt, int *phlen)
1020 {
1021 struct ipoption *p = mtod(opt, struct ipoption *);
1022 struct mbuf *n;
1023 struct ip *ip = mtod(m, struct ip *);
1024 unsigned optlen;
1025
1026 optlen = opt->m_len - sizeof(p->ipopt_dst);
1027 KASSERT(optlen % 4 == 0);
1028 if (optlen + ntohs(ip->ip_len) > IP_MAXPACKET)
1029 return m; /* XXX should fail */
1030 if (!in_nullhost(p->ipopt_dst))
1031 ip->ip_dst = p->ipopt_dst;
1032 if (M_READONLY(m) || M_LEADINGSPACE(m) < optlen) {
1033 MGETHDR(n, M_DONTWAIT, MT_HEADER);
1034 if (n == NULL)
1035 return m;
1036 MCLAIM(n, m->m_owner);
1037 m_move_pkthdr(n, m);
1038 m->m_len -= sizeof(struct ip);
1039 m->m_data += sizeof(struct ip);
1040 n->m_next = m;
1041 n->m_len = optlen + sizeof(struct ip);
1042 n->m_data += max_linkhdr;
1043 memcpy(mtod(n, void *), ip, sizeof(struct ip));
1044 m = n;
1045 } else {
1046 m->m_data -= optlen;
1047 m->m_len += optlen;
1048 memmove(mtod(m, void *), ip, sizeof(struct ip));
1049 }
1050 m->m_pkthdr.len += optlen;
1051 ip = mtod(m, struct ip *);
1052 memcpy(ip + 1, p->ipopt_list, optlen);
1053 *phlen = sizeof(struct ip) + optlen;
1054 ip->ip_len = htons(ntohs(ip->ip_len) + optlen);
1055 return m;
1056 }
1057
1058 /*
1059 * Copy options from ipsrc to ipdst, omitting those not copied during
1060 * fragmentation.
1061 */
1062 int
1063 ip_optcopy(struct ip *ipsrc, struct ip *ipdst)
1064 {
1065 u_char *cp, *dp;
1066 int opt, optlen, cnt;
1067
1068 cp = (u_char *)(ipsrc + 1);
1069 dp = (u_char *)(ipdst + 1);
1070 cnt = (ipsrc->ip_hl << 2) - sizeof(struct ip);
1071 for (; cnt > 0; cnt -= optlen, cp += optlen) {
1072 opt = cp[0];
1073 if (opt == IPOPT_EOL)
1074 break;
1075 if (opt == IPOPT_NOP) {
1076 /* Preserve for IP mcast tunnel's LSRR alignment. */
1077 *dp++ = IPOPT_NOP;
1078 optlen = 1;
1079 continue;
1080 }
1081
1082 KASSERT(cnt >= IPOPT_OLEN + sizeof(*cp));
1083 optlen = cp[IPOPT_OLEN];
1084 KASSERT(optlen >= IPOPT_OLEN + sizeof(*cp) && optlen < cnt);
1085
1086 /* Invalid lengths should have been caught by ip_dooptions. */
1087 if (optlen > cnt)
1088 optlen = cnt;
1089 if (IPOPT_COPIED(opt)) {
1090 bcopy((void *)cp, (void *)dp, (unsigned)optlen);
1091 dp += optlen;
1092 }
1093 }
1094
1095 for (optlen = dp - (u_char *)(ipdst+1); optlen & 0x3; optlen++) {
1096 *dp++ = IPOPT_EOL;
1097 }
1098
1099 return optlen;
1100 }
1101
1102 /*
1103 * IP socket option processing.
1104 */
1105 int
1106 ip_ctloutput(int op, struct socket *so, struct sockopt *sopt)
1107 {
1108 struct inpcb *inp = sotoinpcb(so);
1109 struct ip *ip = &in4p_ip(inp);
1110 int inpflags = inp->inp_flags;
1111 int optval = 0, error = 0;
1112 struct in_pktinfo pktinfo;
1113
1114 KASSERT(solocked(so));
1115
1116 if (sopt->sopt_level != IPPROTO_IP) {
1117 if (sopt->sopt_level == SOL_SOCKET && sopt->sopt_name == SO_NOHEADER)
1118 return 0;
1119 return ENOPROTOOPT;
1120 }
1121
1122 switch (op) {
1123 case PRCO_SETOPT:
1124 switch (sopt->sopt_name) {
1125 case IP_OPTIONS:
1126 #ifdef notyet
1127 case IP_RETOPTS:
1128 #endif
1129 error = ip_pcbopts(inp, sopt);
1130 break;
1131
1132 case IP_TOS:
1133 case IP_TTL:
1134 case IP_MINTTL:
1135 case IP_RECVOPTS:
1136 case IP_RECVRETOPTS:
1137 case IP_RECVDSTADDR:
1138 case IP_RECVIF:
1139 case IP_RECVPKTINFO:
1140 case IP_RECVTTL:
1141 case IP_BINDANY:
1142 error = sockopt_getint(sopt, &optval);
1143 if (error)
1144 break;
1145
1146 switch (sopt->sopt_name) {
1147 case IP_TOS:
1148 ip->ip_tos = optval;
1149 break;
1150
1151 case IP_TTL:
1152 ip->ip_ttl = optval;
1153 break;
1154
1155 case IP_MINTTL:
1156 if (optval > 0 && optval <= MAXTTL)
1157 in4p_ip_minttl(inp) = optval;
1158 else
1159 error = EINVAL;
1160 break;
1161 #define OPTSET(bit) \
1162 if (optval) \
1163 inpflags |= bit; \
1164 else \
1165 inpflags &= ~bit;
1166
1167 case IP_RECVOPTS:
1168 OPTSET(INP_RECVOPTS);
1169 break;
1170
1171 case IP_RECVPKTINFO:
1172 OPTSET(INP_RECVPKTINFO);
1173 break;
1174
1175 case IP_RECVRETOPTS:
1176 OPTSET(INP_RECVRETOPTS);
1177 break;
1178
1179 case IP_RECVDSTADDR:
1180 OPTSET(INP_RECVDSTADDR);
1181 break;
1182
1183 case IP_RECVIF:
1184 OPTSET(INP_RECVIF);
1185 break;
1186
1187 case IP_RECVTTL:
1188 OPTSET(INP_RECVTTL);
1189 break;
1190
1191 case IP_BINDANY:
1192 error = kauth_authorize_network(
1193 kauth_cred_get(), KAUTH_NETWORK_BIND,
1194 KAUTH_REQ_NETWORK_BIND_ANYADDR, so,
1195 NULL, NULL);
1196 if (error == 0) {
1197 OPTSET(INP_BINDANY);
1198 }
1199 break;
1200 }
1201 break;
1202 case IP_PKTINFO:
1203 error = sockopt_getint(sopt, &optval);
1204 if (!error) {
1205 /* Linux compatibility */
1206 OPTSET(INP_RECVPKTINFO);
1207 break;
1208 }
1209 error = sockopt_get(sopt, &pktinfo, sizeof(pktinfo));
1210 if (error)
1211 break;
1212
1213 if (pktinfo.ipi_ifindex == 0) {
1214 in4p_prefsrcip(inp) = pktinfo.ipi_addr;
1215 break;
1216 }
1217
1218 /* Solaris compatibility */
1219 struct ifnet *ifp;
1220 struct in_ifaddr *ia;
1221 int s;
1222
1223 /* pick up primary address */
1224 s = pserialize_read_enter();
1225 ifp = if_byindex(pktinfo.ipi_ifindex);
1226 if (ifp == NULL) {
1227 pserialize_read_exit(s);
1228 error = EADDRNOTAVAIL;
1229 break;
1230 }
1231 ia = in_get_ia_from_ifp(ifp);
1232 if (ia == NULL) {
1233 pserialize_read_exit(s);
1234 error = EADDRNOTAVAIL;
1235 break;
1236 }
1237 in4p_prefsrcip(inp) = IA_SIN(ia)->sin_addr;
1238 pserialize_read_exit(s);
1239 break;
1240 break;
1241 #undef OPTSET
1242
1243 case IP_MULTICAST_IF:
1244 case IP_MULTICAST_TTL:
1245 case IP_MULTICAST_LOOP:
1246 case IP_ADD_MEMBERSHIP:
1247 case IP_DROP_MEMBERSHIP:
1248 error = ip_setmoptions(&inp->inp_moptions, sopt);
1249 break;
1250
1251 case IP_PORTRANGE:
1252 error = sockopt_getint(sopt, &optval);
1253 if (error)
1254 break;
1255
1256 switch (optval) {
1257 case IP_PORTRANGE_DEFAULT:
1258 case IP_PORTRANGE_HIGH:
1259 inpflags &= ~(INP_LOWPORT);
1260 break;
1261
1262 case IP_PORTRANGE_LOW:
1263 inpflags |= INP_LOWPORT;
1264 break;
1265
1266 default:
1267 error = EINVAL;
1268 break;
1269 }
1270 break;
1271
1272 case IP_PORTALGO:
1273 error = sockopt_getint(sopt, &optval);
1274 if (error)
1275 break;
1276
1277 error = portalgo_algo_index_select(inp, optval);
1278 break;
1279
1280 #if defined(IPSEC)
1281 case IP_IPSEC_POLICY:
1282 if (ipsec_enabled) {
1283 error = ipsec_set_policy(inp,
1284 sopt->sopt_data, sopt->sopt_size,
1285 curlwp->l_cred);
1286 } else
1287 error = ENOPROTOOPT;
1288 break;
1289 #endif /* IPSEC */
1290
1291 default:
1292 error = ENOPROTOOPT;
1293 break;
1294 }
1295 break;
1296
1297 case PRCO_GETOPT:
1298 switch (sopt->sopt_name) {
1299 case IP_OPTIONS:
1300 case IP_RETOPTS: {
1301 struct mbuf *mopts = inp->inp_options;
1302
1303 if (mopts) {
1304 struct mbuf *m;
1305
1306 m = m_copym(mopts, 0, M_COPYALL, M_DONTWAIT);
1307 if (m == NULL) {
1308 error = ENOBUFS;
1309 break;
1310 }
1311 error = sockopt_setmbuf(sopt, m);
1312 }
1313 break;
1314 }
1315 case IP_TOS:
1316 case IP_TTL:
1317 case IP_MINTTL:
1318 case IP_RECVOPTS:
1319 case IP_RECVRETOPTS:
1320 case IP_RECVDSTADDR:
1321 case IP_RECVIF:
1322 case IP_RECVPKTINFO:
1323 case IP_RECVTTL:
1324 case IP_ERRORMTU:
1325 case IP_BINDANY:
1326 switch (sopt->sopt_name) {
1327 case IP_TOS:
1328 optval = ip->ip_tos;
1329 break;
1330
1331 case IP_TTL:
1332 optval = ip->ip_ttl;
1333 break;
1334
1335 case IP_MINTTL:
1336 optval = in4p_ip_minttl(inp);
1337 break;
1338
1339 case IP_ERRORMTU:
1340 optval = in4p_errormtu(inp);
1341 break;
1342
1343 #define OPTBIT(bit) (inpflags & bit ? 1 : 0)
1344
1345 case IP_RECVOPTS:
1346 optval = OPTBIT(INP_RECVOPTS);
1347 break;
1348
1349 case IP_RECVPKTINFO:
1350 optval = OPTBIT(INP_RECVPKTINFO);
1351 break;
1352
1353 case IP_RECVRETOPTS:
1354 optval = OPTBIT(INP_RECVRETOPTS);
1355 break;
1356
1357 case IP_RECVDSTADDR:
1358 optval = OPTBIT(INP_RECVDSTADDR);
1359 break;
1360
1361 case IP_RECVIF:
1362 optval = OPTBIT(INP_RECVIF);
1363 break;
1364
1365 case IP_RECVTTL:
1366 optval = OPTBIT(INP_RECVTTL);
1367 break;
1368
1369 case IP_BINDANY:
1370 optval = OPTBIT(INP_BINDANY);
1371 break;
1372 }
1373 error = sockopt_setint(sopt, optval);
1374 break;
1375
1376 case IP_PKTINFO:
1377 switch (sopt->sopt_size) {
1378 case sizeof(int):
1379 /* Linux compatibility */
1380 optval = OPTBIT(INP_RECVPKTINFO);
1381 error = sockopt_setint(sopt, optval);
1382 break;
1383 case sizeof(struct in_pktinfo):
1384 /* Solaris compatibility */
1385 pktinfo.ipi_ifindex = 0;
1386 pktinfo.ipi_addr = in4p_prefsrcip(inp);
1387 error = sockopt_set(sopt, &pktinfo,
1388 sizeof(pktinfo));
1389 break;
1390 default:
1391 /*
1392 * While size is stuck at 0, and, later, if
1393 * the caller doesn't use an exactly sized
1394 * recipient for the data, default to Linux
1395 * compatibility
1396 */
1397 optval = OPTBIT(INP_RECVPKTINFO);
1398 error = sockopt_setint(sopt, optval);
1399 break;
1400 }
1401 break;
1402
1403 #if 0 /* defined(IPSEC) */
1404 case IP_IPSEC_POLICY:
1405 {
1406 struct mbuf *m = NULL;
1407
1408 /* XXX this will return EINVAL as sopt is empty */
1409 error = ipsec_get_policy(inp, sopt->sopt_data,
1410 sopt->sopt_size, &m);
1411 if (error == 0)
1412 error = sockopt_setmbuf(sopt, m);
1413 break;
1414 }
1415 #endif /*IPSEC*/
1416
1417 case IP_MULTICAST_IF:
1418 case IP_MULTICAST_TTL:
1419 case IP_MULTICAST_LOOP:
1420 case IP_ADD_MEMBERSHIP:
1421 case IP_DROP_MEMBERSHIP:
1422 error = ip_getmoptions(inp->inp_moptions, sopt);
1423 break;
1424
1425 case IP_PORTRANGE:
1426 if (inpflags & INP_LOWPORT)
1427 optval = IP_PORTRANGE_LOW;
1428 else
1429 optval = IP_PORTRANGE_DEFAULT;
1430 error = sockopt_setint(sopt, optval);
1431 break;
1432
1433 case IP_PORTALGO:
1434 optval = inp->inp_portalgo;
1435 error = sockopt_setint(sopt, optval);
1436 break;
1437
1438 default:
1439 error = ENOPROTOOPT;
1440 break;
1441 }
1442 break;
1443 }
1444
1445 if (!error) {
1446 inp->inp_flags = inpflags;
1447 }
1448 return error;
1449 }
1450
1451 static int
1452 ip_pktinfo_prepare(const struct inpcb *inp, const struct in_pktinfo *pktinfo,
1453 struct ip_pktopts *pktopts, int *flags, kauth_cred_t cred)
1454 {
1455 struct ip_moptions *imo;
1456 int error = 0;
1457 bool addrset = false;
1458
1459 if (!in_nullhost(pktinfo->ipi_addr)) {
1460 pktopts->ippo_laddr.sin_addr = pktinfo->ipi_addr;
1461 /* EADDRNOTAVAIL? */
1462 error = inpcb_bindableaddr(inp, &pktopts->ippo_laddr, cred);
1463 if (error != 0)
1464 return error;
1465 addrset = true;
1466 }
1467
1468 if (pktinfo->ipi_ifindex != 0) {
1469 if (!addrset) {
1470 struct ifnet *ifp;
1471 struct in_ifaddr *ia;
1472 int s;
1473
1474 /* pick up primary address */
1475 s = pserialize_read_enter();
1476 ifp = if_byindex(pktinfo->ipi_ifindex);
1477 if (ifp == NULL) {
1478 pserialize_read_exit(s);
1479 return EADDRNOTAVAIL;
1480 }
1481 ia = in_get_ia_from_ifp(ifp);
1482 if (ia == NULL) {
1483 pserialize_read_exit(s);
1484 return EADDRNOTAVAIL;
1485 }
1486 pktopts->ippo_laddr.sin_addr = IA_SIN(ia)->sin_addr;
1487 pserialize_read_exit(s);
1488 }
1489
1490 /*
1491 * If specified ipi_ifindex,
1492 * use copied or locally initialized ip_moptions.
1493 * Original ip_moptions must not be modified.
1494 */
1495 imo = &pktopts->ippo_imobuf; /* local buf in pktopts */
1496 if (pktopts->ippo_imo != NULL) {
1497 memcpy(imo, pktopts->ippo_imo, sizeof(*imo));
1498 } else {
1499 memset(imo, 0, sizeof(*imo));
1500 imo->imo_multicast_ttl = IP_DEFAULT_MULTICAST_TTL;
1501 imo->imo_multicast_loop = IP_DEFAULT_MULTICAST_LOOP;
1502 }
1503 imo->imo_multicast_if_index = pktinfo->ipi_ifindex;
1504 pktopts->ippo_imo = imo;
1505 *flags |= IP_ROUTETOIFINDEX;
1506 }
1507 return error;
1508 }
1509
1510 /*
1511 * Set up IP outgoing packet options. Even if control is NULL,
1512 * pktopts->ippo_laddr and pktopts->ippo_imo are set and used.
1513 */
1514 int
1515 ip_setpktopts(struct mbuf *control, struct ip_pktopts *pktopts, int *flags,
1516 struct inpcb *inp, kauth_cred_t cred)
1517 {
1518 struct cmsghdr *cm;
1519 struct in_pktinfo pktinfo;
1520 int error;
1521
1522 pktopts->ippo_imo = inp->inp_moptions;
1523
1524 struct in_addr *ia = in_nullhost(in4p_prefsrcip(inp)) ? &in4p_laddr(inp) :
1525 &in4p_prefsrcip(inp);
1526 sockaddr_in_init(&pktopts->ippo_laddr, ia, 0);
1527
1528 if (control == NULL)
1529 return 0;
1530
1531 /*
1532 * XXX: Currently, we assume all the optional information is
1533 * stored in a single mbuf.
1534 */
1535 if (control->m_next)
1536 return EINVAL;
1537
1538 for (; control->m_len > 0;
1539 control->m_data += CMSG_ALIGN(cm->cmsg_len),
1540 control->m_len -= CMSG_ALIGN(cm->cmsg_len)) {
1541 cm = mtod(control, struct cmsghdr *);
1542 if ((control->m_len < sizeof(*cm)) ||
1543 (cm->cmsg_len == 0) ||
1544 (cm->cmsg_len > control->m_len)) {
1545 return EINVAL;
1546 }
1547 if (cm->cmsg_level != IPPROTO_IP)
1548 continue;
1549
1550 switch (cm->cmsg_type) {
1551 case IP_PKTINFO:
1552 if (cm->cmsg_len != CMSG_LEN(sizeof(pktinfo)))
1553 return EINVAL;
1554 memcpy(&pktinfo, CMSG_DATA(cm), sizeof(pktinfo));
1555 error = ip_pktinfo_prepare(inp, &pktinfo, pktopts,
1556 flags, cred);
1557 if (error)
1558 return error;
1559 break;
1560 case IP_SENDSRCADDR: /* FreeBSD compatibility */
1561 if (cm->cmsg_len != CMSG_LEN(sizeof(struct in_addr)))
1562 return EINVAL;
1563 pktinfo.ipi_ifindex = 0;
1564 pktinfo.ipi_addr =
1565 ((struct in_pktinfo *)CMSG_DATA(cm))->ipi_addr;
1566 error = ip_pktinfo_prepare(inp, &pktinfo, pktopts,
1567 flags, cred);
1568 if (error)
1569 return error;
1570 break;
1571 default:
1572 return ENOPROTOOPT;
1573 }
1574 }
1575 return 0;
1576 }
1577
1578 /*
1579 * Set up IP options in pcb for insertion in output packets.
1580 * Store in mbuf with pointer in pcbopt, adding pseudo-option
1581 * with destination address if source routed.
1582 */
1583 static int
1584 ip_pcbopts(struct inpcb *inp, const struct sockopt *sopt)
1585 {
1586 struct mbuf *m;
1587 const u_char *cp;
1588 u_char *dp;
1589 int cnt;
1590
1591 KASSERT(inp_locked(inp));
1592
1593 /* Turn off any old options. */
1594 if (inp->inp_options) {
1595 m_free(inp->inp_options);
1596 }
1597 inp->inp_options = NULL;
1598 if ((cnt = sopt->sopt_size) == 0) {
1599 /* Only turning off any previous options. */
1600 return 0;
1601 }
1602 cp = sopt->sopt_data;
1603
1604 if (cnt % 4) {
1605 /* Must be 4-byte aligned, because there's no padding. */
1606 return EINVAL;
1607 }
1608
1609 m = m_get(M_DONTWAIT, MT_SOOPTS);
1610 if (m == NULL)
1611 return ENOBUFS;
1612
1613 dp = mtod(m, u_char *);
1614 memset(dp, 0, sizeof(struct in_addr));
1615 dp += sizeof(struct in_addr);
1616 m->m_len = sizeof(struct in_addr);
1617
1618 /*
1619 * IP option list according to RFC791. Each option is of the form
1620 *
1621 * [optval] [olen] [(olen - 2) data bytes]
1622 *
1623 * We validate the list and copy options to an mbuf for prepending
1624 * to data packets. The IP first-hop destination address will be
1625 * stored before actual options and is zero if unset.
1626 */
1627 while (cnt > 0) {
1628 uint8_t optval, olen, offset;
1629
1630 optval = cp[IPOPT_OPTVAL];
1631
1632 if (optval == IPOPT_EOL || optval == IPOPT_NOP) {
1633 olen = 1;
1634 } else {
1635 if (cnt < IPOPT_OLEN + 1)
1636 goto bad;
1637
1638 olen = cp[IPOPT_OLEN];
1639 if (olen < IPOPT_OLEN + 1 || olen > cnt)
1640 goto bad;
1641 }
1642
1643 if (optval == IPOPT_LSRR || optval == IPOPT_SSRR) {
1644 /*
1645 * user process specifies route as:
1646 * ->A->B->C->D
1647 * D must be our final destination (but we can't
1648 * check that since we may not have connected yet).
1649 * A is first hop destination, which doesn't appear in
1650 * actual IP option, but is stored before the options.
1651 */
1652 if (olen < IPOPT_OFFSET + 1 + sizeof(struct in_addr))
1653 goto bad;
1654
1655 offset = cp[IPOPT_OFFSET];
1656 memcpy(mtod(m, u_char *), cp + IPOPT_OFFSET + 1,
1657 sizeof(struct in_addr));
1658
1659 cp += sizeof(struct in_addr);
1660 cnt -= sizeof(struct in_addr);
1661 olen -= sizeof(struct in_addr);
1662
1663 if (m->m_len + olen > MAX_IPOPTLEN + sizeof(struct in_addr))
1664 goto bad;
1665
1666 memcpy(dp, cp, olen);
1667 dp[IPOPT_OPTVAL] = optval;
1668 dp[IPOPT_OLEN] = olen;
1669 dp[IPOPT_OFFSET] = offset;
1670 break;
1671 } else {
1672 if (m->m_len + olen > MAX_IPOPTLEN + sizeof(struct in_addr))
1673 goto bad;
1674
1675 memcpy(dp, cp, olen);
1676 break;
1677 }
1678
1679 dp += olen;
1680 m->m_len += olen;
1681
1682 if (optval == IPOPT_EOL)
1683 break;
1684
1685 cp += olen;
1686 cnt -= olen;
1687 }
1688
1689 inp->inp_options = m;
1690 return 0;
1691
1692 bad:
1693 (void)m_free(m);
1694 return EINVAL;
1695 }
1696
1697 /*
1698 * following RFC1724 section 3.3, 0.0.0.0/8 is interpreted as interface index.
1699 * Must be called in a pserialize critical section.
1700 */
1701 static struct ifnet *
1702 ip_multicast_if(struct in_addr *a, int *ifindexp)
1703 {
1704 int ifindex;
1705 struct ifnet *ifp = NULL;
1706 struct in_ifaddr *ia;
1707
1708 if (ifindexp)
1709 *ifindexp = 0;
1710 if (ntohl(a->s_addr) >> 24 == 0) {
1711 ifindex = ntohl(a->s_addr) & 0xffffff;
1712 ifp = if_byindex(ifindex);
1713 if (!ifp)
1714 return NULL;
1715 if (ifindexp)
1716 *ifindexp = ifindex;
1717 } else {
1718 IN_ADDRHASH_READER_FOREACH(ia, a->s_addr) {
1719 if (in_hosteq(ia->ia_addr.sin_addr, *a) &&
1720 (ia->ia_ifp->if_flags & IFF_MULTICAST) != 0) {
1721 ifp = ia->ia_ifp;
1722 if (if_is_deactivated(ifp))
1723 ifp = NULL;
1724 break;
1725 }
1726 }
1727 }
1728 return ifp;
1729 }
1730
1731 static int
1732 ip_getoptval(const struct sockopt *sopt, u_int8_t *val, u_int maxval)
1733 {
1734 u_int tval;
1735 u_char cval;
1736 int error;
1737
1738 if (sopt == NULL)
1739 return EINVAL;
1740
1741 switch (sopt->sopt_size) {
1742 case sizeof(u_char):
1743 error = sockopt_get(sopt, &cval, sizeof(u_char));
1744 tval = cval;
1745 break;
1746
1747 case sizeof(u_int):
1748 error = sockopt_get(sopt, &tval, sizeof(u_int));
1749 break;
1750
1751 default:
1752 error = EINVAL;
1753 }
1754
1755 if (error)
1756 return error;
1757
1758 if (tval > maxval)
1759 return EINVAL;
1760
1761 *val = tval;
1762 return 0;
1763 }
1764
1765 static int
1766 ip_get_membership(const struct sockopt *sopt, struct ifnet **ifp,
1767 struct psref *psref, struct in_addr *ia, bool add)
1768 {
1769 int error;
1770 struct ip_mreq mreq;
1771
1772 error = sockopt_get(sopt, &mreq, sizeof(mreq));
1773 if (error)
1774 return error;
1775
1776 if (!IN_MULTICAST(mreq.imr_multiaddr.s_addr))
1777 return EINVAL;
1778
1779 memcpy(ia, &mreq.imr_multiaddr, sizeof(*ia));
1780
1781 if (in_nullhost(mreq.imr_interface)) {
1782 union {
1783 struct sockaddr dst;
1784 struct sockaddr_in dst4;
1785 } u;
1786 struct route ro;
1787
1788 if (!add) {
1789 *ifp = NULL;
1790 return 0;
1791 }
1792 /*
1793 * If no interface address was provided, use the interface of
1794 * the route to the given multicast address.
1795 */
1796 struct rtentry *rt;
1797 memset(&ro, 0, sizeof(ro));
1798
1799 sockaddr_in_init(&u.dst4, ia, 0);
1800 error = rtcache_setdst(&ro, &u.dst);
1801 if (error != 0)
1802 return error;
1803 *ifp = (rt = rtcache_init(&ro)) != NULL ? rt->rt_ifp : NULL;
1804 if (*ifp != NULL) {
1805 if (if_is_deactivated(*ifp))
1806 *ifp = NULL;
1807 else
1808 if_acquire(*ifp, psref);
1809 }
1810 rtcache_unref(rt, &ro);
1811 rtcache_free(&ro);
1812 } else {
1813 int s = pserialize_read_enter();
1814 *ifp = ip_multicast_if(&mreq.imr_interface, NULL);
1815 if (!add && *ifp == NULL) {
1816 pserialize_read_exit(s);
1817 return EADDRNOTAVAIL;
1818 }
1819 if (*ifp != NULL) {
1820 if (if_is_deactivated(*ifp))
1821 *ifp = NULL;
1822 else
1823 if_acquire(*ifp, psref);
1824 }
1825 pserialize_read_exit(s);
1826 }
1827 return 0;
1828 }
1829
1830 /*
1831 * Add a multicast group membership.
1832 * Group must be a valid IP multicast address.
1833 */
1834 static int
1835 ip_add_membership(struct ip_moptions *imo, const struct sockopt *sopt)
1836 {
1837 struct ifnet *ifp = NULL; // XXX: gcc [ppc]
1838 struct in_addr ia;
1839 int i, error, bound;
1840 struct psref psref;
1841
1842 /* imo is protected by solock or referenced only by the caller */
1843
1844 bound = curlwp_bind();
1845 if (sopt->sopt_size == sizeof(struct ip_mreq))
1846 error = ip_get_membership(sopt, &ifp, &psref, &ia, true);
1847 else {
1848 #ifdef INET6
1849 error = ip6_get_membership(sopt, &ifp, &psref, &ia, sizeof(ia));
1850 #else
1851 error = EINVAL;
1852 #endif
1853 }
1854
1855 if (error)
1856 goto out;
1857
1858 /*
1859 * See if we found an interface, and confirm that it
1860 * supports multicast.
1861 */
1862 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
1863 error = EADDRNOTAVAIL;
1864 goto out;
1865 }
1866
1867 /*
1868 * See if the membership already exists or if all the
1869 * membership slots are full.
1870 */
1871 for (i = 0; i < imo->imo_num_memberships; ++i) {
1872 if (imo->imo_membership[i]->inm_ifp == ifp &&
1873 in_hosteq(imo->imo_membership[i]->inm_addr, ia))
1874 break;
1875 }
1876 if (i < imo->imo_num_memberships) {
1877 error = EADDRINUSE;
1878 goto out;
1879 }
1880
1881 if (i == IP_MAX_MEMBERSHIPS) {
1882 error = ETOOMANYREFS;
1883 goto out;
1884 }
1885
1886 /*
1887 * Everything looks good; add a new record to the multicast
1888 * address list for the given interface.
1889 */
1890 imo->imo_membership[i] = in_addmulti(&ia, ifp);
1891 if (imo->imo_membership[i] == NULL) {
1892 error = ENOBUFS;
1893 goto out;
1894 }
1895
1896 ++imo->imo_num_memberships;
1897 error = 0;
1898 out:
1899 if_put(ifp, &psref);
1900 curlwp_bindx(bound);
1901 return error;
1902 }
1903
1904 /*
1905 * Drop a multicast group membership.
1906 * Group must be a valid IP multicast address.
1907 */
1908 static int
1909 ip_drop_membership(struct ip_moptions *imo, const struct sockopt *sopt)
1910 {
1911 struct in_addr ia = { .s_addr = 0 }; // XXX: gcc [ppc]
1912 struct ifnet *ifp = NULL; // XXX: gcc [ppc]
1913 int i, error, bound;
1914 struct psref psref;
1915
1916 /* imo is protected by solock or referenced only by the caller */
1917
1918 bound = curlwp_bind();
1919 if (sopt->sopt_size == sizeof(struct ip_mreq))
1920 error = ip_get_membership(sopt, &ifp, &psref, &ia, false);
1921 else {
1922 #ifdef INET6
1923 error = ip6_get_membership(sopt, &ifp, &psref, &ia, sizeof(ia));
1924 #else
1925 error = EINVAL;
1926 #endif
1927 }
1928
1929 if (error)
1930 goto out;
1931
1932 /*
1933 * Find the membership in the membership array.
1934 */
1935 for (i = 0; i < imo->imo_num_memberships; ++i) {
1936 if ((ifp == NULL ||
1937 imo->imo_membership[i]->inm_ifp == ifp) &&
1938 in_hosteq(imo->imo_membership[i]->inm_addr, ia))
1939 break;
1940 }
1941 if (i == imo->imo_num_memberships) {
1942 error = EADDRNOTAVAIL;
1943 goto out;
1944 }
1945
1946 /*
1947 * Give up the multicast address record to which the
1948 * membership points.
1949 */
1950 in_delmulti(imo->imo_membership[i]);
1951
1952 /*
1953 * Remove the gap in the membership array.
1954 */
1955 for (++i; i < imo->imo_num_memberships; ++i)
1956 imo->imo_membership[i-1] = imo->imo_membership[i];
1957 --imo->imo_num_memberships;
1958 error = 0;
1959 out:
1960 if_put(ifp, &psref);
1961 curlwp_bindx(bound);
1962 return error;
1963 }
1964
1965 /*
1966 * Set the IP multicast options in response to user setsockopt().
1967 */
1968 int
1969 ip_setmoptions(struct ip_moptions **pimo, const struct sockopt *sopt)
1970 {
1971 struct ip_moptions *imo = *pimo;
1972 struct in_addr addr;
1973 struct ifnet *ifp;
1974 int ifindex, error = 0;
1975
1976 /* The passed imo isn't NULL, it should be protected by solock */
1977
1978 if (!imo) {
1979 /*
1980 * No multicast option buffer attached to the pcb;
1981 * allocate one and initialize to default values.
1982 */
1983 imo = kmem_intr_alloc(sizeof(*imo), KM_NOSLEEP);
1984 if (imo == NULL)
1985 return ENOBUFS;
1986
1987 imo->imo_multicast_if_index = 0;
1988 imo->imo_multicast_addr.s_addr = INADDR_ANY;
1989 imo->imo_multicast_ttl = IP_DEFAULT_MULTICAST_TTL;
1990 imo->imo_multicast_loop = IP_DEFAULT_MULTICAST_LOOP;
1991 imo->imo_num_memberships = 0;
1992 *pimo = imo;
1993 }
1994
1995 switch (sopt->sopt_name) {
1996 case IP_MULTICAST_IF: {
1997 int s;
1998 /*
1999 * Select the interface for outgoing multicast packets.
2000 */
2001 error = sockopt_get(sopt, &addr, sizeof(addr));
2002 if (error)
2003 break;
2004
2005 /*
2006 * INADDR_ANY is used to remove a previous selection.
2007 * When no interface is selected, a default one is
2008 * chosen every time a multicast packet is sent.
2009 */
2010 if (in_nullhost(addr)) {
2011 imo->imo_multicast_if_index = 0;
2012 break;
2013 }
2014 /*
2015 * The selected interface is identified by its local
2016 * IP address. Find the interface and confirm that
2017 * it supports multicasting.
2018 */
2019 s = pserialize_read_enter();
2020 ifp = ip_multicast_if(&addr, &ifindex);
2021 if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) {
2022 pserialize_read_exit(s);
2023 error = EADDRNOTAVAIL;
2024 break;
2025 }
2026 imo->imo_multicast_if_index = ifp->if_index;
2027 pserialize_read_exit(s);
2028 if (ifindex)
2029 imo->imo_multicast_addr = addr;
2030 else
2031 imo->imo_multicast_addr.s_addr = INADDR_ANY;
2032 break;
2033 }
2034
2035 case IP_MULTICAST_TTL:
2036 /*
2037 * Set the IP time-to-live for outgoing multicast packets.
2038 */
2039 error = ip_getoptval(sopt, &imo->imo_multicast_ttl, MAXTTL);
2040 break;
2041
2042 case IP_MULTICAST_LOOP:
2043 /*
2044 * Set the loopback flag for outgoing multicast packets.
2045 * Must be zero or one.
2046 */
2047 error = ip_getoptval(sopt, &imo->imo_multicast_loop, 1);
2048 break;
2049
2050 case IP_ADD_MEMBERSHIP: /* IPV6_JOIN_GROUP */
2051 error = ip_add_membership(imo, sopt);
2052 break;
2053
2054 case IP_DROP_MEMBERSHIP: /* IPV6_LEAVE_GROUP */
2055 error = ip_drop_membership(imo, sopt);
2056 break;
2057
2058 default:
2059 error = EOPNOTSUPP;
2060 break;
2061 }
2062
2063 /*
2064 * If all options have default values, no need to keep the mbuf.
2065 */
2066 if (imo->imo_multicast_if_index == 0 &&
2067 imo->imo_multicast_ttl == IP_DEFAULT_MULTICAST_TTL &&
2068 imo->imo_multicast_loop == IP_DEFAULT_MULTICAST_LOOP &&
2069 imo->imo_num_memberships == 0) {
2070 kmem_intr_free(imo, sizeof(*imo));
2071 *pimo = NULL;
2072 }
2073
2074 return error;
2075 }
2076
2077 /*
2078 * Return the IP multicast options in response to user getsockopt().
2079 */
2080 int
2081 ip_getmoptions(struct ip_moptions *imo, struct sockopt *sopt)
2082 {
2083 struct in_addr addr;
2084 uint8_t optval;
2085 int error = 0;
2086
2087 /* imo is protected by solock or referenced only by the caller */
2088
2089 switch (sopt->sopt_name) {
2090 case IP_MULTICAST_IF:
2091 if (imo == NULL || imo->imo_multicast_if_index == 0)
2092 addr = zeroin_addr;
2093 else if (imo->imo_multicast_addr.s_addr) {
2094 /* return the value user has set */
2095 addr = imo->imo_multicast_addr;
2096 } else {
2097 struct ifnet *ifp;
2098 struct in_ifaddr *ia = NULL;
2099 int s = pserialize_read_enter();
2100
2101 ifp = if_byindex(imo->imo_multicast_if_index);
2102 if (ifp != NULL) {
2103 ia = in_get_ia_from_ifp(ifp);
2104 }
2105 addr = ia ? ia->ia_addr.sin_addr : zeroin_addr;
2106 pserialize_read_exit(s);
2107 }
2108 error = sockopt_set(sopt, &addr, sizeof(addr));
2109 break;
2110
2111 case IP_MULTICAST_TTL:
2112 optval = imo ? imo->imo_multicast_ttl
2113 : IP_DEFAULT_MULTICAST_TTL;
2114
2115 error = sockopt_set(sopt, &optval, sizeof(optval));
2116 break;
2117
2118 case IP_MULTICAST_LOOP:
2119 optval = imo ? imo->imo_multicast_loop
2120 : IP_DEFAULT_MULTICAST_LOOP;
2121
2122 error = sockopt_set(sopt, &optval, sizeof(optval));
2123 break;
2124
2125 default:
2126 error = EOPNOTSUPP;
2127 }
2128
2129 return error;
2130 }
2131
2132 /*
2133 * Discard the IP multicast options.
2134 */
2135 void
2136 ip_freemoptions(struct ip_moptions *imo)
2137 {
2138 int i;
2139
2140 /* The owner of imo (inp) should be protected by solock */
2141
2142 if (imo != NULL) {
2143 for (i = 0; i < imo->imo_num_memberships; ++i) {
2144 struct in_multi *inm = imo->imo_membership[i];
2145 in_delmulti(inm);
2146 /* ifp should not leave thanks to solock */
2147 }
2148
2149 kmem_intr_free(imo, sizeof(*imo));
2150 }
2151 }
2152
2153 /*
2154 * Routine called from ip_output() to loop back a copy of an IP multicast
2155 * packet to the input queue of a specified interface. Note that this
2156 * calls the output routine of the loopback "driver", but with an interface
2157 * pointer that might NOT be lo0ifp -- easier than replicating that code here.
2158 */
2159 static void
2160 ip_mloopback(struct ifnet *ifp, struct mbuf *m, const struct sockaddr_in *dst)
2161 {
2162 struct ip *ip;
2163 struct mbuf *copym;
2164
2165 copym = m_copypacket(m, M_DONTWAIT);
2166 if (copym != NULL &&
2167 (copym->m_flags & M_EXT || copym->m_len < sizeof(struct ip)))
2168 copym = m_pullup(copym, sizeof(struct ip));
2169 if (copym == NULL)
2170 return;
2171 /*
2172 * We don't bother to fragment if the IP length is greater
2173 * than the interface's MTU. Can this possibly matter?
2174 */
2175 ip = mtod(copym, struct ip *);
2176
2177 if (copym->m_pkthdr.csum_flags & (M_CSUM_TCPv4|M_CSUM_UDPv4)) {
2178 in_undefer_cksum_tcpudp(copym);
2179 copym->m_pkthdr.csum_flags &=
2180 ~(M_CSUM_TCPv4|M_CSUM_UDPv4);
2181 }
2182
2183 ip->ip_sum = 0;
2184 ip->ip_sum = in_cksum(copym, ip->ip_hl << 2);
2185 KERNEL_LOCK_UNLESS_NET_MPSAFE();
2186 (void)looutput(ifp, copym, sintocsa(dst), NULL);
2187 KERNEL_UNLOCK_UNLESS_NET_MPSAFE();
2188 }
2189
2190 /*
2191 * Ensure sending address is valid.
2192 * Returns 0 on success, -1 if an error should be sent back or 1
2193 * if the packet could be dropped without error (protocol dependent).
2194 */
2195 static int
2196 ip_ifaddrvalid(const struct in_ifaddr *ia)
2197 {
2198
2199 if (ia->ia_addr.sin_addr.s_addr == INADDR_ANY)
2200 return 0;
2201
2202 if (ia->ia4_flags & IN_IFF_DUPLICATED)
2203 return -1;
2204 else if (ia->ia4_flags & (IN_IFF_TENTATIVE | IN_IFF_DETACHED))
2205 return 1;
2206
2207 return 0;
2208 }
Cache object: e790d0061b4666af10e0c0be301098d2
|