![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to ip_output.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Apple XNU] / XNU / bsd / netinet|
Return to ip_output.c CVS log | Up to [Apple XNU] / XNU / bsd / netinet |
1.1 ! root 1: /* ! 2: * Copyright (c) 2000 Apple Computer, Inc. All rights reserved. ! 3: * ! 4: * @APPLE_LICENSE_HEADER_START@ ! 5: * ! 6: * The contents of this file constitute Original Code as defined in and ! 7: * are subject to the Apple Public Source License Version 1.1 (the ! 8: * "License"). You may not use this file except in compliance with the ! 9: * License. Please obtain a copy of the License at ! 10: * http://www.apple.com/publicsource and read it before using this file. ! 11: * ! 12: * This Original Code and all software distributed under the License are ! 13: * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER ! 14: * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, ! 15: * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, ! 16: * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the ! 17: * License for the specific language governing rights and limitations ! 18: * under the License. ! 19: * ! 20: * @APPLE_LICENSE_HEADER_END@ ! 21: */ ! 22: /* ! 23: * Copyright (c) 1982, 1986, 1988, 1990, 1993 ! 24: * The Regents of the University of California. All rights reserved. ! 25: * ! 26: * Redistribution and use in source and binary forms, with or without ! 27: * modification, are permitted provided that the following conditions ! 28: * are met: ! 29: * 1. Redistributions of source code must retain the above copyright ! 30: * notice, this list of conditions and the following disclaimer. ! 31: * 2. Redistributions in binary form must reproduce the above copyright ! 32: * notice, this list of conditions and the following disclaimer in the ! 33: * documentation and/or other materials provided with the distribution. ! 34: * 3. All advertising materials mentioning features or use of this software ! 35: * must display the following acknowledgement: ! 36: * This product includes software developed by the University of ! 37: * California, Berkeley and its contributors. ! 38: * 4. Neither the name of the University nor the names of its contributors ! 39: * may be used to endorse or promote products derived from this software ! 40: * without specific prior written permission. ! 41: * ! 42: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ! 43: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ! 44: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ! 45: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ! 46: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ! 47: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ! 48: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ! 49: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ! 50: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ! 51: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ! 52: * SUCH DAMAGE. ! 53: * ! 54: * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 ! 55: */ ! 56: ! 57: #define _IP_VHL ! 58: ! 59: #if ISFB31 ! 60: #include "opt_ipfw.h" ! 61: #include "opt_ipdn.h" ! 62: #include "opt_ipdivert.h" ! 63: #include "opt_ipfilter.h" ! 64: #endif ! 65: ! 66: #include <sys/param.h> ! 67: #include <sys/systm.h> ! 68: #include <sys/kernel.h> ! 69: #include <sys/malloc.h> ! 70: #include <sys/mbuf.h> ! 71: #include <sys/protosw.h> ! 72: #include <sys/socket.h> ! 73: #include <sys/socketvar.h> ! 74: ! 75: #include <net/if.h> ! 76: #include <net/route.h> ! 77: ! 78: #include <netinet/in.h> ! 79: #include <netinet/in_systm.h> ! 80: #include <netinet/ip.h> ! 81: #include <netinet/in_pcb.h> ! 82: #include <netinet/in_var.h> ! 83: #include <netinet/ip_var.h> ! 84: #include <net/dlil.h> ! 85: ! 86: #ifdef vax ! 87: #include <machine/mtpr.h> ! 88: #endif ! 89: ! 90: #if ISFB31 ! 91: #include <machine/in_cksum.h> ! 92: ! 93: static MALLOC_DEFINE(M_IPMOPTS, "ip_moptions", "internet multicast options"); ! 94: #endif ! 95: ! 96: #if !defined(COMPAT_IPFW) || COMPAT_IPFW == 1 ! 97: #undef COMPAT_IPFW ! 98: #define COMPAT_IPFW 1 ! 99: #else ! 100: #undef COMPAT_IPFW ! 101: #endif ! 102: ! 103: #if COMPAT_IPFW ! 104: #include <netinet/ip_fw.h> ! 105: #endif ! 106: ! 107: #if DUMMYNET ! 108: #include <netinet/ip_dummynet.h> ! 109: #endif ! 110: ! 111: #if IPFIREWALL_FORWARD_DEBUG ! 112: #define print_ip(a) printf("%ld.%ld.%ld.%ld",(ntohl(a.s_addr)>>24)&0xFF,\ ! 113: (ntohl(a.s_addr)>>16)&0xFF,\ ! 114: (ntohl(a.s_addr)>>8)&0xFF,\ ! 115: (ntohl(a.s_addr))&0xFF); ! 116: #endif ! 117: ! 118: u_short ip_id; ! 119: ! 120: static struct mbuf *ip_insertoptions __P((struct mbuf *, struct mbuf *, int *)); ! 121: static void ip_mloopback ! 122: __P((struct ifnet *, struct mbuf *, struct sockaddr_in *, int)); ! 123: static int ip_getmoptions ! 124: __P((struct sockopt *, struct ip_moptions *)); ! 125: static int ip_pcbopts __P((int, struct mbuf **, struct mbuf *)); ! 126: static int ip_setmoptions ! 127: __P((struct sockopt *, struct ip_moptions **)); ! 128: static u_long lo_dl_tag = 0; ! 129: ! 130: #if IPFILTER_LKM || IPFILTER ! 131: int ip_optcopy __P((struct ip *, struct ip *)); ! 132: extern int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); ! 133: #else ! 134: static int ip_optcopy __P((struct ip *, struct ip *)); ! 135: #endif ! 136: ! 137: ! 138: extern struct protosw inetsw[]; ! 139: ! 140: /* ! 141: * IP output. The packet in mbuf chain m contains a skeletal IP ! 142: * header (with len, off, ttl, proto, tos, src, dst). ! 143: * The mbuf chain containing the packet will be freed. ! 144: * The mbuf opt, if present, will not be freed. ! 145: */ ! 146: int ! 147: ip_output(m0, opt, ro, flags, imo) ! 148: struct mbuf *m0; ! 149: struct mbuf *opt; ! 150: struct route *ro; ! 151: int flags; ! 152: struct ip_moptions *imo; ! 153: { ! 154: struct ip *ip, *mhip; ! 155: struct ifnet *ifp; ! 156: u_long dl_tag; ! 157: struct mbuf *m = m0; ! 158: int hlen = sizeof (struct ip); ! 159: int len, off, error = 0; ! 160: struct sockaddr_in *dst; ! 161: struct in_ifaddr *ia; ! 162: int isbroadcast; ! 163: #if IPFIREWALL_FORWARD ! 164: int fwd_rewrite_src = 0; ! 165: #endif ! 166: ! 167: #if !IPDIVERT /* dummy variable for the firewall code to play with */ ! 168: u_short ip_divert_cookie = 0 ; ! 169: #endif ! 170: #if COMPAT_IPFW ! 171: struct ip_fw_chain *rule = NULL ; ! 172: #endif ! 173: ! 174: #if IPFIREWALL && DUMMYNET ! 175: /* ! 176: * dummynet packet are prepended a vestigial mbuf with ! 177: * m_type = MT_DUMMYNET and m_data pointing to the matching ! 178: * rule. ! 179: */ ! 180: if (m->m_type == MT_DUMMYNET) { ! 181: struct mbuf *tmp_m = m ; ! 182: /* ! 183: * the packet was already tagged, so part of the ! 184: * processing was already done, and we need to go down. ! 185: * opt, flags and imo have already been used, and now ! 186: * they are used to hold ifp and hlen and NULL, respectively. ! 187: */ ! 188: rule = (struct ip_fw_chain *)(m->m_data) ; ! 189: m = m->m_next ; ! 190: FREE(tmp_m, M_IPFW); ! 191: ip = mtod(m, struct ip *); ! 192: dst = (struct sockaddr_in *)&ro->ro_dst; ! 193: ifp = (struct ifnet *)opt; ! 194: hlen = IP_VHL_HL(ip->ip_vhl) << 2 ; ! 195: opt = NULL ; ! 196: flags = 0 ; /* XXX is this correct ? */ ! 197: goto sendit; ! 198: } else ! 199: rule = NULL ; ! 200: #endif ! 201: ! 202: #if DIAGNOSTIC ! 203: if ((m->m_flags & M_PKTHDR) == 0) ! 204: panic("ip_output no HDR"); ! 205: if (!ro) ! 206: panic("ip_output no route, proto = %d", ! 207: mtod(m, struct ip *)->ip_p); ! 208: #endif ! 209: if (opt) { ! 210: m = ip_insertoptions(m, opt, &len); ! 211: hlen = len; ! 212: } ! 213: ip = mtod(m, struct ip *); ! 214: /* ! 215: * Fill in IP header. ! 216: */ ! 217: if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) { ! 218: ip->ip_vhl = IP_MAKE_VHL(IPVERSION, hlen >> 2); ! 219: ip->ip_off &= IP_DF; ! 220: ip->ip_id = htons(ip_id++); ! 221: ipstat.ips_localout++; ! 222: } else { ! 223: hlen = IP_VHL_HL(ip->ip_vhl) << 2; ! 224: } ! 225: ! 226: dst = (struct sockaddr_in *)&ro->ro_dst; ! 227: /* ! 228: * If there is a cached route, ! 229: * check that it is to the same destination ! 230: * and is still up. If not, free it and try again. ! 231: */ ! 232: if (ro->ro_rt && ((ro->ro_rt->rt_flags & RTF_UP) == 0 || ! 233: dst->sin_addr.s_addr != ip->ip_dst.s_addr)) { ! 234: RTFREE(ro->ro_rt); ! 235: ro->ro_rt = (struct rtentry *)0; ! 236: } ! 237: if (ro->ro_rt == 0) { ! 238: dst->sin_family = AF_INET; ! 239: dst->sin_len = sizeof(*dst); ! 240: dst->sin_addr = ip->ip_dst; ! 241: } ! 242: /* ! 243: * If routing to interface only, ! 244: * short circuit routing lookup. ! 245: */ ! 246: #define ifatoia(ifa) ((struct in_ifaddr *)(ifa)) ! 247: #define sintosa(sin) ((struct sockaddr *)(sin)) ! 248: if (flags & IP_ROUTETOIF) { ! 249: if ((ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == 0 && ! 250: (ia = ifatoia(ifa_ifwithnet(sintosa(dst)))) == 0) { ! 251: ipstat.ips_noroute++; ! 252: error = ENETUNREACH; ! 253: goto bad; ! 254: } ! 255: ifp = ia->ia_ifp; ! 256: dl_tag = ia->ia_ifa.ifa_dlt; ! 257: ip->ip_ttl = 1; ! 258: isbroadcast = in_broadcast(dst->sin_addr, ifp); ! 259: } else { ! 260: /* ! 261: * If this is the case, we probably don't want to allocate ! 262: * a protocol-cloned route since we didn't get one from the ! 263: * ULP. This lets TCP do its thing, while not burdening ! 264: * forwarding or ICMP with the overhead of cloning a route. ! 265: * Of course, we still want to do any cloning requested by ! 266: * the link layer, as this is probably required in all cases ! 267: * for correct operation (as it is for ARP). ! 268: */ ! 269: if (ro->ro_rt == 0) ! 270: rtalloc_ign(ro, RTF_PRCLONING); ! 271: if (ro->ro_rt == 0) { ! 272: ipstat.ips_noroute++; ! 273: error = EHOSTUNREACH; ! 274: goto bad; ! 275: } ! 276: ia = ifatoia(ro->ro_rt->rt_ifa); ! 277: ifp = ro->ro_rt->rt_ifp; ! 278: dl_tag = ro->ro_rt->rt_dlt; ! 279: ro->ro_rt->rt_use++; ! 280: if (ro->ro_rt->rt_flags & RTF_GATEWAY) ! 281: dst = (struct sockaddr_in *)ro->ro_rt->rt_gateway; ! 282: if (ro->ro_rt->rt_flags & RTF_HOST) ! 283: isbroadcast = (ro->ro_rt->rt_flags & RTF_BROADCAST); ! 284: else ! 285: isbroadcast = in_broadcast(dst->sin_addr, ifp); ! 286: } ! 287: if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { ! 288: struct in_multi *inm; ! 289: ! 290: m->m_flags |= M_MCAST; ! 291: /* ! 292: * IP destination address is multicast. Make sure "dst" ! 293: * still points to the address in "ro". (It may have been ! 294: * changed to point to a gateway address, above.) ! 295: */ ! 296: dst = (struct sockaddr_in *)&ro->ro_dst; ! 297: /* ! 298: * See if the caller provided any multicast options ! 299: */ ! 300: if (imo != NULL) { ! 301: ip->ip_ttl = imo->imo_multicast_ttl; ! 302: if (imo->imo_multicast_ifp != NULL) ! 303: ifp = imo->imo_multicast_ifp; ! 304: if (imo->imo_multicast_vif != -1) ! 305: ip->ip_src.s_addr = ! 306: ip_mcast_src(imo->imo_multicast_vif); ! 307: } else ! 308: ip->ip_ttl = IP_DEFAULT_MULTICAST_TTL; ! 309: /* ! 310: * Confirm that the outgoing interface supports multicast. ! 311: */ ! 312: if ((imo == NULL) || (imo->imo_multicast_vif == -1)) { ! 313: if ((ifp->if_flags & IFF_MULTICAST) == 0) { ! 314: ipstat.ips_noroute++; ! 315: error = ENETUNREACH; ! 316: goto bad; ! 317: } ! 318: } ! 319: /* ! 320: * If source address not specified yet, use address ! 321: * of outgoing interface. ! 322: */ ! 323: if (ip->ip_src.s_addr == INADDR_ANY) { ! 324: register struct in_ifaddr *ia1; ! 325: ! 326: for (ia1 = in_ifaddrhead.tqh_first; ia1; ! 327: ia1 = ia1->ia_link.tqe_next) ! 328: if (ia1->ia_ifp == ifp) { ! 329: ip->ip_src = IA_SIN(ia1)->sin_addr; ! 330: break; ! 331: } ! 332: } ! 333: ! 334: IN_LOOKUP_MULTI(ip->ip_dst, ifp, inm); ! 335: if (inm != NULL && ! 336: (imo == NULL || imo->imo_multicast_loop)) { ! 337: /* ! 338: * If we belong to the destination multicast group ! 339: * on the outgoing interface, and the caller did not ! 340: * forbid loopback, loop back a copy. ! 341: */ ! 342: ip_mloopback(ifp, m, dst, hlen); ! 343: } ! 344: else { ! 345: /* ! 346: * If we are acting as a multicast router, perform ! 347: * multicast forwarding as if the packet had just ! 348: * arrived on the interface to which we are about ! 349: * to send. The multicast forwarding function ! 350: * recursively calls this function, using the ! 351: * IP_FORWARDING flag to prevent infinite recursion. ! 352: * ! 353: * Multicasts that are looped back by ip_mloopback(), ! 354: * above, will be forwarded by the ip_input() routine, ! 355: * if necessary. ! 356: */ ! 357: if (ip_mrouter && (flags & IP_FORWARDING) == 0) { ! 358: /* ! 359: * Check if rsvp daemon is running. If not, don't ! 360: * set ip_moptions. This ensures that the packet ! 361: * is multicast and not just sent down one link ! 362: * as prescribed by rsvpd. ! 363: */ ! 364: if (!rsvp_on) ! 365: imo = NULL; ! 366: if (ip_mforward(ip, ifp, m, imo) != 0) { ! 367: m_freem(m); ! 368: goto done; ! 369: } ! 370: } ! 371: } ! 372: ! 373: /* ! 374: * Multicasts with a time-to-live of zero may be looped- ! 375: * back, above, but must not be transmitted on a network. ! 376: * Also, multicasts addressed to the loopback interface ! 377: * are not sent -- the above call to ip_mloopback() will ! 378: * loop back a copy if this host actually belongs to the ! 379: * destination group on the loopback interface. ! 380: */ ! 381: if (ip->ip_ttl == 0 || ifp->if_flags & IFF_LOOPBACK) { ! 382: m_freem(m); ! 383: goto done; ! 384: } ! 385: ! 386: goto sendit; ! 387: } ! 388: #ifndef notdef ! 389: /* ! 390: * If source address not specified yet, use address ! 391: * of outgoing interface. ! 392: */ ! 393: if (ip->ip_src.s_addr == INADDR_ANY) { ! 394: ip->ip_src = IA_SIN(ia)->sin_addr; ! 395: #if IPFIREWALL_FORWARD ! 396: /* Keep note that we did this - if the firewall changes ! 397: * the next-hop, our interface may change, changing the ! 398: * default source IP. It's a shame so much effort happens ! 399: * twice. Oh well. ! 400: */ ! 401: fwd_rewrite_src++; ! 402: #endif /* IPFIREWALL_FORWARD */ ! 403: } ! 404: #endif /* notdef */ ! 405: /* ! 406: * Verify that we have any chance at all of being able to queue ! 407: * the packet or packet fragments ! 408: */ ! 409: if ((ifp->if_snd.ifq_len + ip->ip_len / ifp->if_mtu + 1) >= ! 410: ifp->if_snd.ifq_maxlen) { ! 411: error = ENOBUFS; ! 412: goto bad; ! 413: } ! 414: ! 415: /* ! 416: * Look for broadcast address and ! 417: * and verify user is allowed to send ! 418: * such a packet. ! 419: */ ! 420: if (isbroadcast) { ! 421: if ((ifp->if_flags & IFF_BROADCAST) == 0) { ! 422: error = EADDRNOTAVAIL; ! 423: goto bad; ! 424: } ! 425: if ((flags & IP_ALLOWBROADCAST) == 0) { ! 426: error = EACCES; ! 427: goto bad; ! 428: } ! 429: /* don't allow broadcast messages to be fragmented */ ! 430: if ((u_short)ip->ip_len > ifp->if_mtu) { ! 431: error = EMSGSIZE; ! 432: goto bad; ! 433: } ! 434: m->m_flags |= M_BCAST; ! 435: } else { ! 436: m->m_flags &= ~M_BCAST; ! 437: } ! 438: ! 439: sendit: ! 440: /* ! 441: * IpHack's section. ! 442: * - Xlate: translate packet's addr/port (NAT). ! 443: * - Firewall: deny/allow/etc. ! 444: * - Wrap: fake packet's addr/port <unimpl.> ! 445: * - Encapsulate: put it in another IP and send out. <unimp.> ! 446: */ ! 447: #if IPFILTER || IPFILTER_LKM ! 448: if (fr_checkp) { ! 449: struct mbuf *m1 = m; ! 450: ! 451: if ((error = (*fr_checkp)(ip, hlen, ifp, 1, &m1)) || !m1) ! 452: goto done; ! 453: ip = mtod(m = m1, struct ip *); ! 454: } ! 455: #endif ! 456: ! 457: #if COMPAT_IPFW ! 458: if (ip_nat_ptr && !(*ip_nat_ptr)(&ip, &m, ifp, IP_NAT_OUT)) { ! 459: error = EACCES; ! 460: goto done; ! 461: } ! 462: ! 463: /* ! 464: * Check with the firewall... ! 465: */ ! 466: if (ip_fw_chk_ptr) { ! 467: struct sockaddr_in *old = dst; ! 468: ! 469: off = (*ip_fw_chk_ptr)(&ip, ! 470: hlen, ifp, &ip_divert_cookie, &m, &rule, &dst); ! 471: /* ! 472: * On return we must do the following: ! 473: * m == NULL -> drop the pkt ! 474: * 1<=off<= 0xffff -> DIVERT ! 475: * (off & 0x10000) -> send to a DUMMYNET pipe ! 476: * dst != old -> IPFIREWALL_FORWARD ! 477: * off==0, dst==old -> accept ! 478: * If some of the above modules is not compiled in, then ! 479: * we should't have to check the corresponding condition ! 480: * (because the ipfw control socket should not accept ! 481: * unsupported rules), but better play safe and drop ! 482: * packets in case of doubt. ! 483: */ ! 484: if (!m) { /* firewall said to reject */ ! 485: error = EACCES; ! 486: goto done; ! 487: } ! 488: if (off == 0 && dst == old) /* common case */ ! 489: goto pass ; ! 490: #if DUMMYNET ! 491: if (off & 0x10000) { ! 492: /* ! 493: * pass the pkt to dummynet. Need to include ! 494: * pipe number, m, ifp, ro, hlen because these are ! 495: * not recomputed in the next pass. ! 496: * All other parameters have been already used and ! 497: * so they are not needed anymore. ! 498: * XXX note: if the ifp or ro entry are deleted ! 499: * while a pkt is in dummynet, we are in trouble! ! 500: */ ! 501: dummynet_io(off & 0xffff, DN_TO_IP_OUT, m,ifp,ro,hlen,rule); ! 502: goto done; ! 503: } ! 504: #endif ! 505: #if IPDIVERT ! 506: if (off > 0 && off < 0x10000) { /* Divert packet */ ! 507: ip_divert_port = off & 0xffff ; ! 508: (*ip_protox[IPPROTO_DIVERT]->pr_input)(m, 0); ! 509: goto done; ! 510: } ! 511: #endif ! 512: ! 513: #if IPFIREWALL_FORWARD ! 514: /* Here we check dst to make sure it's directly reachable on the ! 515: * interface we previously thought it was. ! 516: * If it isn't (which may be likely in some situations) we have ! 517: * to re-route it (ie, find a route for the next-hop and the ! 518: * associated interface) and set them here. This is nested ! 519: * forwarding which in most cases is undesirable, except where ! 520: * such control is nigh impossible. So we do it here. ! 521: * And I'm babbling. ! 522: */ ! 523: if (off == 0 && old != dst) { ! 524: struct in_ifaddr *ia; ! 525: ! 526: /* It's changed... */ ! 527: /* There must be a better way to do this next line... */ ! 528: static struct route sro_fwd, *ro_fwd = &sro_fwd; ! 529: #if IPFIREWALL_FORWARD_DEBUG ! 530: printf("IPFIREWALL_FORWARD: New dst ip: "); ! 531: print_ip(dst->sin_addr); ! 532: printf("\n"); ! 533: #endif ! 534: /* ! 535: * We need to figure out if we have been forwarded ! 536: * to a local socket. If so then we should somehow ! 537: * "loop back" to ip_input, and get directed to the ! 538: * PCB as if we had received this packet. This is ! 539: * because it may be dificult to identify the packets ! 540: * you want to forward until they are being output ! 541: * and have selected an interface. (e.g. locally ! 542: * initiated packets) If we used the loopback inteface, ! 543: * we would not be able to control what happens ! 544: * as the packet runs through ip_input() as ! 545: * it is done through a ISR. ! 546: */ ! 547: for (ia = TAILQ_FIRST(&in_ifaddrhead); ia; ! 548: ia = TAILQ_NEXT(ia, ia_link)) { ! 549: /* ! 550: * If the addr to forward to is one ! 551: * of ours, we pretend to ! 552: * be the destination for this packet. ! 553: */ ! 554: if (IA_SIN(ia)->sin_addr.s_addr == ! 555: dst->sin_addr.s_addr) ! 556: break; ! 557: } ! 558: if (ia) { ! 559: /* tell ip_input "dont filter" */ ! 560: ip_fw_fwd_addr = dst; ! 561: if (m->m_pkthdr.rcvif == NULL) ! 562: m->m_pkthdr.rcvif = ifunit("lo0"); ! 563: ip->ip_len = htons((u_short)ip->ip_len); ! 564: ip->ip_off = htons((u_short)ip->ip_off); ! 565: ip->ip_sum = 0; ! 566: ! 567: ip->ip_sum = in_cksum(m, hlen); ! 568: ! 569: ip_input(m); ! 570: goto done; ! 571: } ! 572: /* Some of the logic for this was ! 573: * nicked from above. ! 574: * ! 575: * This rewrites the cached route in a local PCB. ! 576: * Is this what we want to do? ! 577: */ ! 578: bcopy(dst, &ro_fwd->ro_dst, sizeof(*dst)); ! 579: ! 580: ro_fwd->ro_rt = 0; ! 581: rtalloc_ign(ro_fwd, RTF_PRCLONING); ! 582: ! 583: if (ro_fwd->ro_rt == 0) { ! 584: ipstat.ips_noroute++; ! 585: error = EHOSTUNREACH; ! 586: goto bad; ! 587: } ! 588: ! 589: ia = ifatoia(ro_fwd->ro_rt->rt_ifa); ! 590: ifp = ro_fwd->ro_rt->rt_ifp; ! 591: dl_tag = ro->ro_rt->rt_dlt; ! 592: ro_fwd->ro_rt->rt_use++; ! 593: if (ro_fwd->ro_rt->rt_flags & RTF_GATEWAY) ! 594: dst = (struct sockaddr_in *)ro_fwd->ro_rt->rt_gateway; ! 595: if (ro_fwd->ro_rt->rt_flags & RTF_HOST) ! 596: isbroadcast = ! 597: (ro_fwd->ro_rt->rt_flags & RTF_BROADCAST); ! 598: else ! 599: isbroadcast = in_broadcast(dst->sin_addr, ifp); ! 600: RTFREE(ro->ro_rt); ! 601: ro->ro_rt = ro_fwd->ro_rt; ! 602: dst = (struct sockaddr_in *)&ro_fwd->ro_dst; ! 603: ! 604: /* ! 605: * If we added a default src ip earlier, ! 606: * which would have been gotten from the-then ! 607: * interface, do it again, from the new one. ! 608: */ ! 609: if (fwd_rewrite_src) ! 610: ip->ip_src = IA_SIN(ia)->sin_addr; ! 611: goto pass ; ! 612: } ! 613: #endif /* IPFIREWALL_FORWARD */ ! 614: /* ! 615: * if we get here, none of the above matches, and ! 616: * we have to drop the pkt ! 617: */ ! 618: m_freem(m); ! 619: error = EACCES; /* not sure this is the right error msg */ ! 620: goto done; ! 621: } ! 622: #endif /* COMPAT_IPFW */ ! 623: ! 624: pass: ! 625: /* ! 626: * If small enough for interface, can just send directly. ! 627: */ ! 628: if ((u_short)ip->ip_len <= ifp->if_mtu) { ! 629: ip->ip_len = htons((u_short)ip->ip_len); ! 630: ip->ip_off = htons((u_short)ip->ip_off); ! 631: ip->ip_sum = 0; ! 632: ip->ip_sum = in_cksum(m, hlen); ! 633: error = dlil_output(dl_tag, m, (void *) ro->ro_rt, ! 634: (struct sockaddr *)dst, 0); ! 635: goto done; ! 636: } ! 637: /* ! 638: * Too large for interface; fragment if possible. ! 639: * Must be able to put at least 8 bytes per fragment. ! 640: */ ! 641: if (ip->ip_off & IP_DF) { ! 642: error = EMSGSIZE; ! 643: /* ! 644: * This case can happen if the user changed the MTU ! 645: * of an interface after enabling IP on it. Because ! 646: * most netifs don't keep track of routes pointing to ! 647: * them, there is no way for one to update all its ! 648: * routes when the MTU is changed. ! 649: */ ! 650: if ((ro->ro_rt->rt_flags & (RTF_UP | RTF_HOST)) ! 651: && !(ro->ro_rt->rt_rmx.rmx_locks & RTV_MTU) ! 652: && (ro->ro_rt->rt_rmx.rmx_mtu > ifp->if_mtu)) { ! 653: ro->ro_rt->rt_rmx.rmx_mtu = ifp->if_mtu; ! 654: } ! 655: ipstat.ips_cantfrag++; ! 656: goto bad; ! 657: } ! 658: len = (ifp->if_mtu - hlen) &~ 7; ! 659: if (len < 8) { ! 660: error = EMSGSIZE; ! 661: goto bad; ! 662: } ! 663: ! 664: { ! 665: int mhlen, firstlen = len; ! 666: struct mbuf **mnext = &m->m_nextpkt; ! 667: ! 668: /* ! 669: * Loop through length of segment after first fragment, ! 670: * make new header and copy data of each part and link onto chain. ! 671: */ ! 672: m0 = m; ! 673: mhlen = sizeof (struct ip); ! 674: for (off = hlen + len; off < (u_short)ip->ip_len; off += len) { ! 675: MGETHDR(m, M_DONTWAIT, MT_HEADER); ! 676: if (m == 0) { ! 677: error = ENOBUFS; ! 678: ipstat.ips_odropped++; ! 679: goto sendorfree; ! 680: } ! 681: m->m_flags |= (m0->m_flags & M_MCAST); ! 682: m->m_data += max_linkhdr; ! 683: mhip = mtod(m, struct ip *); ! 684: *mhip = *ip; ! 685: if (hlen > sizeof (struct ip)) { ! 686: mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip); ! 687: mhip->ip_vhl = IP_MAKE_VHL(IPVERSION, mhlen >> 2); ! 688: } ! 689: m->m_len = mhlen; ! 690: mhip->ip_off = ((off - hlen) >> 3) + (ip->ip_off & ~IP_MF); ! 691: if (ip->ip_off & IP_MF) ! 692: mhip->ip_off |= IP_MF; ! 693: if (off + len >= (u_short)ip->ip_len) ! 694: len = (u_short)ip->ip_len - off; ! 695: else ! 696: mhip->ip_off |= IP_MF; ! 697: mhip->ip_len = htons((u_short)(len + mhlen)); ! 698: m->m_next = m_copy(m0, off, len); ! 699: if (m->m_next == 0) { ! 700: (void) m_free(m); ! 701: error = ENOBUFS; /* ??? */ ! 702: ipstat.ips_odropped++; ! 703: goto sendorfree; ! 704: } ! 705: m->m_pkthdr.len = mhlen + len; ! 706: m->m_pkthdr.rcvif = (struct ifnet *)0; ! 707: mhip->ip_off = htons((u_short)mhip->ip_off); ! 708: mhip->ip_sum = 0; ! 709: mhip->ip_sum = in_cksum(m, mhlen); ! 710: *mnext = m; ! 711: mnext = &m->m_nextpkt; ! 712: ipstat.ips_ofragments++; ! 713: } ! 714: /* ! 715: * Update first fragment by trimming what's been copied out ! 716: * and updating header, then send each fragment (in order). ! 717: */ ! 718: m = m0; ! 719: m_adj(m, hlen + firstlen - (u_short)ip->ip_len); ! 720: m->m_pkthdr.len = hlen + firstlen; ! 721: ip->ip_len = htons((u_short)m->m_pkthdr.len); ! 722: ip->ip_off = htons((u_short)(ip->ip_off | IP_MF)); ! 723: ip->ip_sum = 0; ! 724: ip->ip_sum = in_cksum(m, hlen); ! 725: ! 726: sendorfree: ! 727: for (m = m0; m; m = m0) { ! 728: m0 = m->m_nextpkt; ! 729: m->m_nextpkt = 0; ! 730: if (error == 0) ! 731: error = dlil_output(dl_tag, m, (void *) ro->ro_rt, ! 732: (struct sockaddr *)dst, 0); ! 733: else ! 734: m_freem(m); ! 735: } ! 736: ! 737: if (error == 0) ! 738: ipstat.ips_fragmented++; ! 739: } ! 740: done: ! 741: return (error); ! 742: bad: ! 743: m_freem(m0); ! 744: goto done; ! 745: } ! 746: ! 747: /* ! 748: * Insert IP options into preformed packet. ! 749: * Adjust IP destination as required for IP source routing, ! 750: * as indicated by a non-zero in_addr at the start of the options. ! 751: * ! 752: * XXX This routine assumes that the packet has no options in place. ! 753: */ ! 754: static struct mbuf * ! 755: ip_insertoptions(m, opt, phlen) ! 756: register struct mbuf *m; ! 757: struct mbuf *opt; ! 758: int *phlen; ! 759: { ! 760: register struct ipoption *p = mtod(opt, struct ipoption *); ! 761: struct mbuf *n; ! 762: register struct ip *ip = mtod(m, struct ip *); ! 763: unsigned optlen; ! 764: ! 765: optlen = opt->m_len - sizeof(p->ipopt_dst); ! 766: if (optlen + (u_short)ip->ip_len > IP_MAXPACKET) ! 767: return (m); /* XXX should fail */ ! 768: if (p->ipopt_dst.s_addr) ! 769: ip->ip_dst = p->ipopt_dst; ! 770: if (m->m_flags & M_EXT || m->m_data - optlen < m->m_pktdat) { ! 771: MGETHDR(n, M_DONTWAIT, MT_HEADER); ! 772: if (n == 0) ! 773: return (m); ! 774: n->m_pkthdr.len = m->m_pkthdr.len + optlen; ! 775: m->m_len -= sizeof(struct ip); ! 776: m->m_data += sizeof(struct ip); ! 777: n->m_next = m; ! 778: m = n; ! 779: m->m_len = optlen + sizeof(struct ip); ! 780: m->m_data += max_linkhdr; ! 781: (void)memcpy(mtod(m, void *), ip, sizeof(struct ip)); ! 782: } else { ! 783: m->m_data -= optlen; ! 784: m->m_len += optlen; ! 785: m->m_pkthdr.len += optlen; ! 786: ovbcopy((caddr_t)ip, mtod(m, caddr_t), sizeof(struct ip)); ! 787: } ! 788: ip = mtod(m, struct ip *); ! 789: bcopy(p->ipopt_list, ip + 1, optlen); ! 790: *phlen = sizeof(struct ip) + optlen; ! 791: ip->ip_vhl = IP_MAKE_VHL(IPVERSION, *phlen >> 2); ! 792: ip->ip_len += optlen; ! 793: return (m); ! 794: } ! 795: ! 796: /* ! 797: * Copy options from ip to jp, ! 798: * omitting those not copied during fragmentation. ! 799: */ ! 800: #if !IPFILTER && !IPFILTER_LKM ! 801: static ! 802: #endif ! 803: int ! 804: ip_optcopy(ip, jp) ! 805: struct ip *ip, *jp; ! 806: { ! 807: register u_char *cp, *dp; ! 808: int opt, optlen, cnt; ! 809: ! 810: cp = (u_char *)(ip + 1); ! 811: dp = (u_char *)(jp + 1); ! 812: cnt = (IP_VHL_HL(ip->ip_vhl) << 2) - sizeof (struct ip); ! 813: for (; cnt > 0; cnt -= optlen, cp += optlen) { ! 814: opt = cp[0]; ! 815: if (opt == IPOPT_EOL) ! 816: break; ! 817: if (opt == IPOPT_NOP) { ! 818: /* Preserve for IP mcast tunnel's LSRR alignment. */ ! 819: *dp++ = IPOPT_NOP; ! 820: optlen = 1; ! 821: continue; ! 822: } else ! 823: optlen = cp[IPOPT_OLEN]; ! 824: /* bogus lengths should have been caught by ip_dooptions */ ! 825: if (optlen > cnt) ! 826: optlen = cnt; ! 827: if (IPOPT_COPIED(opt)) { ! 828: bcopy(cp, dp, optlen); ! 829: dp += optlen; ! 830: } ! 831: } ! 832: for (optlen = dp - (u_char *)(jp+1); optlen & 0x3; optlen++) ! 833: *dp++ = IPOPT_EOL; ! 834: return (optlen); ! 835: } ! 836: ! 837: /* ! 838: * IP socket option processing. ! 839: */ ! 840: int ! 841: ip_ctloutput(so, sopt) ! 842: struct socket *so; ! 843: struct sockopt *sopt; ! 844: { ! 845: struct inpcb *inp = sotoinpcb(so); ! 846: int error, optval; ! 847: ! 848: error = optval = 0; ! 849: if (sopt->sopt_level != IPPROTO_IP) { ! 850: return (EINVAL); ! 851: } ! 852: ! 853: switch (sopt->sopt_dir) { ! 854: case SOPT_SET: ! 855: switch (sopt->sopt_name) { ! 856: case IP_OPTIONS: ! 857: #ifdef notyet ! 858: case IP_RETOPTS: ! 859: #endif ! 860: { ! 861: struct mbuf *m; ! 862: if (sopt->sopt_valsize > MLEN) { ! 863: error = EMSGSIZE; ! 864: break; ! 865: } ! 866: MGET(m, sopt->sopt_p ? M_WAIT : M_DONTWAIT, MT_HEADER); ! 867: if (m == 0) { ! 868: error = ENOBUFS; ! 869: break; ! 870: } ! 871: m->m_len = sopt->sopt_valsize; ! 872: error = sooptcopyin(sopt, mtod(m, char *), m->m_len, ! 873: m->m_len); ! 874: ! 875: return (ip_pcbopts(sopt->sopt_name, &inp->inp_options, ! 876: m)); ! 877: } ! 878: ! 879: case IP_TOS: ! 880: case IP_TTL: ! 881: case IP_RECVOPTS: ! 882: case IP_RECVRETOPTS: ! 883: case IP_RECVDSTADDR: ! 884: case IP_RECVIF: ! 885: error = sooptcopyin(sopt, &optval, sizeof optval, ! 886: sizeof optval); ! 887: if (error) ! 888: break; ! 889: ! 890: switch (sopt->sopt_name) { ! 891: case IP_TOS: ! 892: inp->inp_ip_tos = optval; ! 893: break; ! 894: ! 895: case IP_TTL: ! 896: inp->inp_ip_ttl = optval; ! 897: break; ! 898: #define OPTSET(bit) \ ! 899: if (optval) \ ! 900: inp->inp_flags |= bit; \ ! 901: else \ ! 902: inp->inp_flags &= ~bit; ! 903: ! 904: case IP_RECVOPTS: ! 905: OPTSET(INP_RECVOPTS); ! 906: break; ! 907: ! 908: case IP_RECVRETOPTS: ! 909: OPTSET(INP_RECVRETOPTS); ! 910: break; ! 911: ! 912: case IP_RECVDSTADDR: ! 913: OPTSET(INP_RECVDSTADDR); ! 914: break; ! 915: ! 916: case IP_RECVIF: ! 917: OPTSET(INP_RECVIF); ! 918: break; ! 919: } ! 920: break; ! 921: #undef OPTSET ! 922: ! 923: case IP_MULTICAST_IF: ! 924: case IP_MULTICAST_VIF: ! 925: case IP_MULTICAST_TTL: ! 926: case IP_MULTICAST_LOOP: ! 927: case IP_ADD_MEMBERSHIP: ! 928: case IP_DROP_MEMBERSHIP: ! 929: error = ip_setmoptions(sopt, &inp->inp_moptions); ! 930: break; ! 931: ! 932: case IP_PORTRANGE: ! 933: error = sooptcopyin(sopt, &optval, sizeof optval, ! 934: sizeof optval); ! 935: if (error) ! 936: break; ! 937: ! 938: switch (optval) { ! 939: case IP_PORTRANGE_DEFAULT: ! 940: inp->inp_flags &= ~(INP_LOWPORT); ! 941: inp->inp_flags &= ~(INP_HIGHPORT); ! 942: break; ! 943: ! 944: case IP_PORTRANGE_HIGH: ! 945: inp->inp_flags &= ~(INP_LOWPORT); ! 946: inp->inp_flags |= INP_HIGHPORT; ! 947: break; ! 948: ! 949: case IP_PORTRANGE_LOW: ! 950: inp->inp_flags &= ~(INP_HIGHPORT); ! 951: inp->inp_flags |= INP_LOWPORT; ! 952: break; ! 953: ! 954: default: ! 955: error = EINVAL; ! 956: break; ! 957: } ! 958: break; ! 959: ! 960: default: ! 961: error = ENOPROTOOPT; ! 962: break; ! 963: } ! 964: break; ! 965: ! 966: case SOPT_GET: ! 967: switch (sopt->sopt_name) { ! 968: case IP_OPTIONS: ! 969: case IP_RETOPTS: ! 970: if (inp->inp_options) ! 971: error = sooptcopyout(sopt, ! 972: mtod(inp->inp_options, ! 973: char *), ! 974: inp->inp_options->m_len); ! 975: else ! 976: sopt->sopt_valsize = 0; ! 977: break; ! 978: ! 979: case IP_TOS: ! 980: case IP_TTL: ! 981: case IP_RECVOPTS: ! 982: case IP_RECVRETOPTS: ! 983: case IP_RECVDSTADDR: ! 984: case IP_RECVIF: ! 985: case IP_PORTRANGE: ! 986: switch (sopt->sopt_name) { ! 987: ! 988: case IP_TOS: ! 989: optval = inp->inp_ip_tos; ! 990: break; ! 991: ! 992: case IP_TTL: ! 993: optval = inp->inp_ip_ttl; ! 994: break; ! 995: ! 996: #define OPTBIT(bit) (inp->inp_flags & bit ? 1 : 0) ! 997: ! 998: case IP_RECVOPTS: ! 999: optval = OPTBIT(INP_RECVOPTS); ! 1000: break; ! 1001: ! 1002: case IP_RECVRETOPTS: ! 1003: optval = OPTBIT(INP_RECVRETOPTS); ! 1004: break; ! 1005: ! 1006: case IP_RECVDSTADDR: ! 1007: optval = OPTBIT(INP_RECVDSTADDR); ! 1008: break; ! 1009: ! 1010: case IP_RECVIF: ! 1011: optval = OPTBIT(INP_RECVIF); ! 1012: break; ! 1013: ! 1014: case IP_PORTRANGE: ! 1015: if (inp->inp_flags & INP_HIGHPORT) ! 1016: optval = IP_PORTRANGE_HIGH; ! 1017: else if (inp->inp_flags & INP_LOWPORT) ! 1018: optval = IP_PORTRANGE_LOW; ! 1019: else ! 1020: optval = 0; ! 1021: break; ! 1022: } ! 1023: error = sooptcopyout(sopt, &optval, sizeof optval); ! 1024: break; ! 1025: ! 1026: case IP_MULTICAST_IF: ! 1027: case IP_MULTICAST_VIF: ! 1028: case IP_MULTICAST_TTL: ! 1029: case IP_MULTICAST_LOOP: ! 1030: case IP_ADD_MEMBERSHIP: ! 1031: case IP_DROP_MEMBERSHIP: ! 1032: error = ip_getmoptions(sopt, inp->inp_moptions); ! 1033: break; ! 1034: ! 1035: default: ! 1036: error = ENOPROTOOPT; ! 1037: break; ! 1038: } ! 1039: break; ! 1040: } ! 1041: return (error); ! 1042: } ! 1043: ! 1044: /* ! 1045: * Set up IP options in pcb for insertion in output packets. ! 1046: * Store in mbuf with pointer in pcbopt, adding pseudo-option ! 1047: * with destination address if source routed. ! 1048: */ ! 1049: static int ! 1050: ip_pcbopts(optname, pcbopt, m) ! 1051: int optname; ! 1052: struct mbuf **pcbopt; ! 1053: register struct mbuf *m; ! 1054: { ! 1055: register int cnt, optlen; ! 1056: register u_char *cp; ! 1057: u_char opt; ! 1058: ! 1059: /* turn off any old options */ ! 1060: if (*pcbopt) ! 1061: (void)m_free(*pcbopt); ! 1062: *pcbopt = 0; ! 1063: if (m == (struct mbuf *)0 || m->m_len == 0) { ! 1064: /* ! 1065: * Only turning off any previous options. ! 1066: */ ! 1067: if (m) ! 1068: (void)m_free(m); ! 1069: return (0); ! 1070: } ! 1071: ! 1072: #ifndef vax ! 1073: if (m->m_len % sizeof(int32_t)) ! 1074: goto bad; ! 1075: #endif ! 1076: /* ! 1077: * IP first-hop destination address will be stored before ! 1078: * actual options; move other options back ! 1079: * and clear it when none present. ! 1080: */ ! 1081: if (m->m_data + m->m_len + sizeof(struct in_addr) >= &m->m_dat[MLEN]) ! 1082: goto bad; ! 1083: cnt = m->m_len; ! 1084: m->m_len += sizeof(struct in_addr); ! 1085: cp = mtod(m, u_char *) + sizeof(struct in_addr); ! 1086: ovbcopy(mtod(m, caddr_t), (caddr_t)cp, (unsigned)cnt); ! 1087: bzero(mtod(m, caddr_t), sizeof(struct in_addr)); ! 1088: ! 1089: for (; cnt > 0; cnt -= optlen, cp += optlen) { ! 1090: opt = cp[IPOPT_OPTVAL]; ! 1091: if (opt == IPOPT_EOL) ! 1092: break; ! 1093: if (opt == IPOPT_NOP) ! 1094: optlen = 1; ! 1095: else { ! 1096: optlen = cp[IPOPT_OLEN]; ! 1097: if (optlen <= IPOPT_OLEN || optlen > cnt) ! 1098: goto bad; ! 1099: } ! 1100: switch (opt) { ! 1101: ! 1102: default: ! 1103: break; ! 1104: ! 1105: case IPOPT_LSRR: ! 1106: case IPOPT_SSRR: ! 1107: /* ! 1108: * user process specifies route as: ! 1109: * ->A->B->C->D ! 1110: * D must be our final destination (but we can't ! 1111: * check that since we may not have connected yet). ! 1112: * A is first hop destination, which doesn't appear in ! 1113: * actual IP option, but is stored before the options. ! 1114: */ ! 1115: if (optlen < IPOPT_MINOFF - 1 + sizeof(struct in_addr)) ! 1116: goto bad; ! 1117: m->m_len -= sizeof(struct in_addr); ! 1118: cnt -= sizeof(struct in_addr); ! 1119: optlen -= sizeof(struct in_addr); ! 1120: cp[IPOPT_OLEN] = optlen; ! 1121: /* ! 1122: * Move first hop before start of options. ! 1123: */ ! 1124: bcopy((caddr_t)&cp[IPOPT_OFFSET+1], mtod(m, caddr_t), ! 1125: sizeof(struct in_addr)); ! 1126: /* ! 1127: * Then copy rest of options back ! 1128: * to close up the deleted entry. ! 1129: */ ! 1130: ovbcopy((caddr_t)(&cp[IPOPT_OFFSET+1] + ! 1131: sizeof(struct in_addr)), ! 1132: (caddr_t)&cp[IPOPT_OFFSET+1], ! 1133: (unsigned)cnt + sizeof(struct in_addr)); ! 1134: break; ! 1135: } ! 1136: } ! 1137: if (m->m_len > MAX_IPOPTLEN + sizeof(struct in_addr)) ! 1138: goto bad; ! 1139: *pcbopt = m; ! 1140: return (0); ! 1141: ! 1142: bad: ! 1143: (void)m_free(m); ! 1144: return (EINVAL); ! 1145: } ! 1146: ! 1147: /* ! 1148: * XXX ! 1149: * The whole multicast option thing needs to be re-thought. ! 1150: * Several of these options are equally applicable to non-multicast ! 1151: * transmission, and one (IP_MULTICAST_TTL) totally duplicates a ! 1152: * standard option (IP_TTL). ! 1153: */ ! 1154: /* ! 1155: * Set the IP multicast options in response to user setsockopt(). ! 1156: */ ! 1157: static int ! 1158: ip_setmoptions(sopt, imop) ! 1159: struct sockopt *sopt; ! 1160: struct ip_moptions **imop; ! 1161: { ! 1162: int error = 0; ! 1163: int i; ! 1164: struct in_addr addr; ! 1165: struct ip_mreq mreq; ! 1166: struct ifnet *ifp; ! 1167: struct ip_moptions *imo = *imop; ! 1168: struct route ro; ! 1169: struct sockaddr_in *dst; ! 1170: int s; ! 1171: ! 1172: if (imo == NULL) { ! 1173: /* ! 1174: * No multicast option buffer attached to the pcb; ! 1175: * allocate one and initialize to default values. ! 1176: */ ! 1177: imo = (struct ip_moptions*) _MALLOC(sizeof(*imo), M_IPMOPTS, ! 1178: M_WAITOK); ! 1179: ! 1180: if (imo == NULL) ! 1181: return (ENOBUFS); ! 1182: *imop = imo; ! 1183: imo->imo_multicast_ifp = NULL; ! 1184: imo->imo_multicast_vif = -1; ! 1185: imo->imo_multicast_ttl = IP_DEFAULT_MULTICAST_TTL; ! 1186: imo->imo_multicast_loop = IP_DEFAULT_MULTICAST_LOOP; ! 1187: imo->imo_num_memberships = 0; ! 1188: } ! 1189: ! 1190: switch (sopt->sopt_name) { ! 1191: /* store an index number for the vif you wanna use in the send */ ! 1192: case IP_MULTICAST_VIF: ! 1193: if (legal_vif_num == 0) { ! 1194: error = EOPNOTSUPP; ! 1195: break; ! 1196: } ! 1197: error = sooptcopyin(sopt, &i, sizeof i, sizeof i); ! 1198: if (error) ! 1199: break; ! 1200: if (!legal_vif_num(i) && (i != -1)) { ! 1201: error = EINVAL; ! 1202: break; ! 1203: } ! 1204: imo->imo_multicast_vif = i; ! 1205: break; ! 1206: ! 1207: case IP_MULTICAST_IF: ! 1208: /* ! 1209: * Select the interface for outgoing multicast packets. ! 1210: */ ! 1211: error = sooptcopyin(sopt, &addr, sizeof addr, sizeof addr); ! 1212: if (error) ! 1213: break; ! 1214: /* ! 1215: * INADDR_ANY is used to remove a previous selection. ! 1216: * When no interface is selected, a default one is ! 1217: * chosen every time a multicast packet is sent. ! 1218: */ ! 1219: if (addr.s_addr == INADDR_ANY) { ! 1220: imo->imo_multicast_ifp = NULL; ! 1221: break; ! 1222: } ! 1223: /* ! 1224: * The selected interface is identified by its local ! 1225: * IP address. Find the interface and confirm that ! 1226: * it supports multicasting. ! 1227: */ ! 1228: s = splimp(); ! 1229: INADDR_TO_IFP(addr, ifp); ! 1230: if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) { ! 1231: splx(s); ! 1232: error = EADDRNOTAVAIL; ! 1233: break; ! 1234: } ! 1235: imo->imo_multicast_ifp = ifp; ! 1236: splx(s); ! 1237: break; ! 1238: ! 1239: case IP_MULTICAST_TTL: ! 1240: /* ! 1241: * Set the IP time-to-live for outgoing multicast packets. ! 1242: * The original multicast API required a char argument, ! 1243: * which is inconsistent with the rest of the socket API. ! 1244: * We allow either a char or an int. ! 1245: */ ! 1246: if (sopt->sopt_valsize == 1) { ! 1247: u_char ttl; ! 1248: error = sooptcopyin(sopt, &ttl, 1, 1); ! 1249: if (error) ! 1250: break; ! 1251: imo->imo_multicast_ttl = ttl; ! 1252: } else { ! 1253: u_int ttl; ! 1254: error = sooptcopyin(sopt, &ttl, sizeof ttl, ! 1255: sizeof ttl); ! 1256: if (error) ! 1257: break; ! 1258: if (ttl > 255) ! 1259: error = EINVAL; ! 1260: else ! 1261: imo->imo_multicast_ttl = ttl; ! 1262: } ! 1263: break; ! 1264: ! 1265: case IP_MULTICAST_LOOP: ! 1266: /* ! 1267: * Set the loopback flag for outgoing multicast packets. ! 1268: * Must be zero or one. The original multicast API required a ! 1269: * char argument, which is inconsistent with the rest ! 1270: * of the socket API. We allow either a char or an int. ! 1271: */ ! 1272: if (sopt->sopt_valsize == 1) { ! 1273: u_char loop; ! 1274: error = sooptcopyin(sopt, &loop, 1, 1); ! 1275: if (error) ! 1276: break; ! 1277: imo->imo_multicast_loop = !!loop; ! 1278: } else { ! 1279: u_int loop; ! 1280: error = sooptcopyin(sopt, &loop, sizeof loop, ! 1281: sizeof loop); ! 1282: if (error) ! 1283: break; ! 1284: imo->imo_multicast_loop = !!loop; ! 1285: } ! 1286: break; ! 1287: ! 1288: case IP_ADD_MEMBERSHIP: ! 1289: /* ! 1290: * Add a multicast group membership. ! 1291: * Group must be a valid IP multicast address. ! 1292: */ ! 1293: error = sooptcopyin(sopt, &mreq, sizeof mreq, sizeof mreq); ! 1294: if (error) ! 1295: break; ! 1296: ! 1297: if (!IN_MULTICAST(ntohl(mreq.imr_multiaddr.s_addr))) { ! 1298: error = EINVAL; ! 1299: break; ! 1300: } ! 1301: s = splimp(); ! 1302: /* ! 1303: * If no interface address was provided, use the interface of ! 1304: * the route to the given multicast address. ! 1305: */ ! 1306: if (mreq.imr_interface.s_addr == INADDR_ANY) { ! 1307: bzero((caddr_t)&ro, sizeof(ro)); ! 1308: dst = (struct sockaddr_in *)&ro.ro_dst; ! 1309: dst->sin_len = sizeof(*dst); ! 1310: dst->sin_family = AF_INET; ! 1311: dst->sin_addr = mreq.imr_multiaddr; ! 1312: rtalloc(&ro); ! 1313: if (ro.ro_rt == NULL) { ! 1314: error = EADDRNOTAVAIL; ! 1315: splx(s); ! 1316: break; ! 1317: } ! 1318: ifp = ro.ro_rt->rt_ifp; ! 1319: rtfree(ro.ro_rt); ! 1320: } ! 1321: else { ! 1322: INADDR_TO_IFP(mreq.imr_interface, ifp); ! 1323: } ! 1324: ! 1325: /* ! 1326: * See if we found an interface, and confirm that it ! 1327: * supports multicast. ! 1328: */ ! 1329: if (ifp == NULL || (ifp->if_flags & IFF_MULTICAST) == 0) { ! 1330: error = EADDRNOTAVAIL; ! 1331: splx(s); ! 1332: break; ! 1333: } ! 1334: /* ! 1335: * See if the membership already exists or if all the ! 1336: * membership slots are full. ! 1337: */ ! 1338: for (i = 0; i < imo->imo_num_memberships; ++i) { ! 1339: if (imo->imo_membership[i]->inm_ifp == ifp && ! 1340: imo->imo_membership[i]->inm_addr.s_addr ! 1341: == mreq.imr_multiaddr.s_addr) ! 1342: break; ! 1343: } ! 1344: if (i < imo->imo_num_memberships) { ! 1345: error = EADDRINUSE; ! 1346: splx(s); ! 1347: break; ! 1348: } ! 1349: if (i == IP_MAX_MEMBERSHIPS) { ! 1350: error = ETOOMANYREFS; ! 1351: splx(s); ! 1352: break; ! 1353: } ! 1354: /* ! 1355: * Everything looks good; add a new record to the multicast ! 1356: * address list for the given interface. ! 1357: */ ! 1358: if ((imo->imo_membership[i] = ! 1359: in_addmulti(&mreq.imr_multiaddr, ifp)) == NULL) { ! 1360: error = ENOBUFS; ! 1361: splx(s); ! 1362: break; ! 1363: } ! 1364: ++imo->imo_num_memberships; ! 1365: splx(s); ! 1366: break; ! 1367: ! 1368: case IP_DROP_MEMBERSHIP: ! 1369: /* ! 1370: * Drop a multicast group membership. ! 1371: * Group must be a valid IP multicast address. ! 1372: */ ! 1373: error = sooptcopyin(sopt, &mreq, sizeof mreq, sizeof mreq); ! 1374: if (error) ! 1375: break; ! 1376: ! 1377: if (!IN_MULTICAST(ntohl(mreq.imr_multiaddr.s_addr))) { ! 1378: error = EINVAL; ! 1379: break; ! 1380: } ! 1381: ! 1382: s = splimp(); ! 1383: /* ! 1384: * If an interface address was specified, get a pointer ! 1385: * to its ifnet structure. ! 1386: */ ! 1387: if (mreq.imr_interface.s_addr == INADDR_ANY) ! 1388: ifp = NULL; ! 1389: else { ! 1390: INADDR_TO_IFP(mreq.imr_interface, ifp); ! 1391: if (ifp == NULL) { ! 1392: error = EADDRNOTAVAIL; ! 1393: splx(s); ! 1394: break; ! 1395: } ! 1396: } ! 1397: /* ! 1398: * Find the membership in the membership array. ! 1399: */ ! 1400: for (i = 0; i < imo->imo_num_memberships; ++i) { ! 1401: if ((ifp == NULL || ! 1402: imo->imo_membership[i]->inm_ifp == ifp) && ! 1403: imo->imo_membership[i]->inm_addr.s_addr == ! 1404: mreq.imr_multiaddr.s_addr) ! 1405: break; ! 1406: } ! 1407: if (i == imo->imo_num_memberships) { ! 1408: error = EADDRNOTAVAIL; ! 1409: splx(s); ! 1410: break; ! 1411: } ! 1412: /* ! 1413: * Give up the multicast address record to which the ! 1414: * membership points. ! 1415: */ ! 1416: in_delmulti(imo->imo_membership[i]); ! 1417: /* ! 1418: * Remove the gap in the membership array. ! 1419: */ ! 1420: for (++i; i < imo->imo_num_memberships; ++i) ! 1421: imo->imo_membership[i-1] = imo->imo_membership[i]; ! 1422: --imo->imo_num_memberships; ! 1423: splx(s); ! 1424: break; ! 1425: ! 1426: default: ! 1427: error = EOPNOTSUPP; ! 1428: break; ! 1429: } ! 1430: ! 1431: /* ! 1432: * If all options have default values, no need to keep the mbuf. ! 1433: */ ! 1434: if (imo->imo_multicast_ifp == NULL && ! 1435: imo->imo_multicast_vif == -1 && ! 1436: imo->imo_multicast_ttl == IP_DEFAULT_MULTICAST_TTL && ! 1437: imo->imo_multicast_loop == IP_DEFAULT_MULTICAST_LOOP && ! 1438: imo->imo_num_memberships == 0) { ! 1439: FREE(*imop, M_IPMOPTS); ! 1440: *imop = NULL; ! 1441: } ! 1442: ! 1443: return (error); ! 1444: } ! 1445: ! 1446: /* ! 1447: * Return the IP multicast options in response to user getsockopt(). ! 1448: */ ! 1449: static int ! 1450: ip_getmoptions(sopt, imo) ! 1451: struct sockopt *sopt; ! 1452: register struct ip_moptions *imo; ! 1453: { ! 1454: struct in_addr addr; ! 1455: struct in_ifaddr *ia; ! 1456: int error, optval; ! 1457: u_char coptval; ! 1458: ! 1459: error = 0; ! 1460: switch (sopt->sopt_name) { ! 1461: case IP_MULTICAST_VIF: ! 1462: if (imo != NULL) ! 1463: optval = imo->imo_multicast_vif; ! 1464: else ! 1465: optval = -1; ! 1466: error = sooptcopyout(sopt, &optval, sizeof optval); ! 1467: break; ! 1468: ! 1469: case IP_MULTICAST_IF: ! 1470: if (imo == NULL || imo->imo_multicast_ifp == NULL) ! 1471: addr.s_addr = INADDR_ANY; ! 1472: else { ! 1473: IFP_TO_IA(imo->imo_multicast_ifp, ia); ! 1474: addr.s_addr = (ia == NULL) ? INADDR_ANY ! 1475: : IA_SIN(ia)->sin_addr.s_addr; ! 1476: } ! 1477: error = sooptcopyout(sopt, &addr, sizeof addr); ! 1478: break; ! 1479: ! 1480: case IP_MULTICAST_TTL: ! 1481: if (imo == 0) ! 1482: optval = coptval = IP_DEFAULT_MULTICAST_TTL; ! 1483: else ! 1484: optval = coptval = imo->imo_multicast_ttl; ! 1485: if (sopt->sopt_valsize == 1) ! 1486: error = sooptcopyout(sopt, &coptval, 1); ! 1487: else ! 1488: error = sooptcopyout(sopt, &optval, sizeof optval); ! 1489: break; ! 1490: ! 1491: case IP_MULTICAST_LOOP: ! 1492: if (imo == 0) ! 1493: optval = coptval = IP_DEFAULT_MULTICAST_LOOP; ! 1494: else ! 1495: optval = coptval = imo->imo_multicast_loop; ! 1496: if (sopt->sopt_valsize == 1) ! 1497: error = sooptcopyout(sopt, &coptval, 1); ! 1498: else ! 1499: error = sooptcopyout(sopt, &optval, sizeof optval); ! 1500: break; ! 1501: ! 1502: default: ! 1503: error = ENOPROTOOPT; ! 1504: break; ! 1505: } ! 1506: return (error); ! 1507: } ! 1508: ! 1509: /* ! 1510: * Discard the IP multicast options. ! 1511: */ ! 1512: void ! 1513: ip_freemoptions(imo) ! 1514: register struct ip_moptions *imo; ! 1515: { ! 1516: register int i; ! 1517: ! 1518: if (imo != NULL) { ! 1519: for (i = 0; i < imo->imo_num_memberships; ++i) ! 1520: in_delmulti(imo->imo_membership[i]); ! 1521: FREE(imo, M_IPMOPTS); ! 1522: } ! 1523: } ! 1524: ! 1525: /* ! 1526: * Routine called from ip_output() to loop back a copy of an IP multicast ! 1527: * packet to the input queue of a specified interface. Note that this ! 1528: * calls the output routine of the loopback "driver", but with an interface ! 1529: * pointer that might NOT be a loopback interface -- evil, but easier than ! 1530: * replicating that code here. ! 1531: */ ! 1532: static void ! 1533: ip_mloopback(ifp, m, dst, hlen) ! 1534: struct ifnet *ifp; ! 1535: register struct mbuf *m; ! 1536: register struct sockaddr_in *dst; ! 1537: int hlen; ! 1538: { ! 1539: register struct ip *ip; ! 1540: struct mbuf *copym; ! 1541: ! 1542: copym = m_copy(m, 0, M_COPYALL); ! 1543: if (copym != NULL && (copym->m_flags & M_EXT || copym->m_len < hlen)) ! 1544: copym = m_pullup(copym, hlen); ! 1545: if (copym != NULL) { ! 1546: /* ! 1547: * We don't bother to fragment if the IP length is greater ! 1548: * than the interface's MTU. Can this possibly matter? ! 1549: */ ! 1550: ip = mtod(copym, struct ip *); ! 1551: ip->ip_len = htons((u_short)ip->ip_len); ! 1552: ip->ip_off = htons((u_short)ip->ip_off); ! 1553: ip->ip_sum = 0; ! 1554: ip->ip_sum = in_cksum(copym, hlen); ! 1555: ! 1556: /* ! 1557: * NB: ! 1558: * It's not clear whether there are any lingering ! 1559: * reentrancy problems in other areas which might ! 1560: * be exposed by using ip_input directly (in ! 1561: * particular, everything which modifies the packet ! 1562: * in-place). Yet another option is using the ! 1563: * protosw directly to deliver the looped back ! 1564: * packet. For the moment, we'll err on the side ! 1565: * of safety by using if_simloop(). ! 1566: */ ! 1567: #if 1 /* XXX */ ! 1568: if (dst->sin_family != AF_INET) { ! 1569: printf("ip_mloopback: bad address family %d\n", ! 1570: dst->sin_family); ! 1571: dst->sin_family = AF_INET; ! 1572: } ! 1573: #endif ! 1574: ! 1575: /* ! 1576: * TedW: ! 1577: * We need to send all loopback traffic down to dlil in case ! 1578: * a filter has tapped-in. ! 1579: */ ! 1580: ! 1581: if (lo_dl_tag == 0) ! 1582: dlil_find_dltag(APPLE_IF_FAM_LOOPBACK, 0, PF_INET, &lo_dl_tag); ! 1583: ! 1584: if (lo_dl_tag) ! 1585: dlil_output(lo_dl_tag, copym, 0, (struct sockaddr *) dst, 0); ! 1586: else { ! 1587: printf("Warning: ip_output call to dlil_find_dltag failed!\n"); ! 1588: m_freem(copym); ! 1589: } ! 1590: ! 1591: /* if_simloop(ifp, copym, (struct sockaddr *)dst, 0);*/ ! 1592: } ! 1593: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.