ip_output.c revision 281955
1/*- 2 * Copyright (c) 1982, 1986, 1988, 1990, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 30 */ 31 32#include <sys/cdefs.h> 33__FBSDID("$FreeBSD: stable/10/sys/netinet/ip_output.c 281955 2015-04-24 23:26:44Z hiren $"); 34 35#include "opt_inet.h" 36#include "opt_ipfw.h" 37#include "opt_ipsec.h" 38#include "opt_kdtrace.h" 39#include "opt_mbuf_stress_test.h" 40#include "opt_mpath.h" 41#include "opt_route.h" 42#include "opt_sctp.h" 43 44#include <sys/param.h> 45#include <sys/systm.h> 46#include <sys/kernel.h> 47#include <sys/malloc.h> 48#include <sys/mbuf.h> 49#include <sys/priv.h> 50#include <sys/proc.h> 51#include <sys/protosw.h> 52#include <sys/sdt.h> 53#include <sys/socket.h> 54#include <sys/socketvar.h> 55#include <sys/sysctl.h> 56#include <sys/ucred.h> 57 58#include <net/if.h> 59#include <net/if_llatbl.h> 60#include <net/netisr.h> 61#include <net/pfil.h> 62#include <net/route.h> 63#include <net/flowtable.h> 64#ifdef RADIX_MPATH 65#include <net/radix_mpath.h> 66#endif 67#include <net/vnet.h> 68 69#include <netinet/in.h> 70#include <netinet/in_kdtrace.h> 71#include <netinet/in_systm.h> 72#include <netinet/ip.h> 73#include <netinet/in_pcb.h> 74#include <netinet/in_var.h> 75#include <netinet/ip_var.h> 76#include <netinet/ip_options.h> 77#ifdef SCTP 78#include <netinet/sctp.h> 79#include <netinet/sctp_crc32.h> 80#endif 81 82#ifdef IPSEC 83#include <netinet/ip_ipsec.h> 84#include <netipsec/ipsec.h> 85#endif /* IPSEC*/ 86 87#include <machine/in_cksum.h> 88 89#include <security/mac/mac_framework.h> 90 91VNET_DEFINE(u_short, ip_id); 92 93#ifdef MBUF_STRESS_TEST 94static int mbuf_frag_size = 0; 95SYSCTL_INT(_net_inet_ip, OID_AUTO, mbuf_frag_size, CTLFLAG_RW, 96 &mbuf_frag_size, 0, "Fragment outgoing mbufs to this size"); 97#endif 98 99static void ip_mloopback 100 (struct ifnet *, struct mbuf *, struct sockaddr_in *, int); 101 102 103extern int in_mcast_loop; 104extern struct protosw inetsw[]; 105 106/* 107 * IP output. The packet in mbuf chain m contains a skeletal IP 108 * header (with len, off, ttl, proto, tos, src, dst). 109 * The mbuf chain containing the packet will be freed. 110 * The mbuf opt, if present, will not be freed. 111 * If route ro is present and has ro_rt initialized, route lookup would be 112 * skipped and ro->ro_rt would be used. If ro is present but ro->ro_rt is NULL, 113 * then result of route lookup is stored in ro->ro_rt. 114 * 115 * In the IP forwarding case, the packet will arrive with options already 116 * inserted, so must have a NULL opt pointer. 117 */ 118int 119ip_output(struct mbuf *m, struct mbuf *opt, struct route *ro, int flags, 120 struct ip_moptions *imo, struct inpcb *inp) 121{ 122 struct ip *ip; 123 struct ifnet *ifp = NULL; /* keep compiler happy */ 124 struct mbuf *m0; 125 int hlen = sizeof (struct ip); 126 int mtu; 127 int n; /* scratchpad */ 128 int error = 0; 129 struct sockaddr_in *dst; 130 const struct sockaddr_in *gw; 131 struct in_ifaddr *ia; 132 int isbroadcast; 133 uint16_t ip_len, ip_off; 134 struct route iproute; 135 struct rtentry *rte; /* cache for ro->ro_rt */ 136 struct in_addr odst; 137 struct m_tag *fwd_tag = NULL; 138 int have_ia_ref; 139#ifdef IPSEC 140 int no_route_but_check_spd = 0; 141#endif 142 M_ASSERTPKTHDR(m); 143 144 if (inp != NULL) { 145 INP_LOCK_ASSERT(inp); 146 M_SETFIB(m, inp->inp_inc.inc_fibnum); 147 if (inp->inp_flowtype != M_HASHTYPE_NONE) { 148 m->m_pkthdr.flowid = inp->inp_flowid; 149 M_HASHTYPE_SET(m, M_HASHTYPE_OPAQUE); 150 } 151 } 152 153 if (ro == NULL) { 154 ro = &iproute; 155 bzero(ro, sizeof (*ro)); 156 } 157 158#ifdef FLOWTABLE 159 if (ro->ro_rt == NULL) 160 (void )flowtable_lookup(AF_INET, m, ro); 161#endif 162 163 if (opt) { 164 int len = 0; 165 m = ip_insertoptions(m, opt, &len); 166 if (len != 0) 167 hlen = len; /* ip->ip_hl is updated above */ 168 } 169 ip = mtod(m, struct ip *); 170 ip_len = ntohs(ip->ip_len); 171 ip_off = ntohs(ip->ip_off); 172 173 /* 174 * Fill in IP header. If we are not allowing fragmentation, 175 * then the ip_id field is meaningless, but we don't set it 176 * to zero. Doing so causes various problems when devices along 177 * the path (routers, load balancers, firewalls, etc.) illegally 178 * disable DF on our packet. Note that a 16-bit counter 179 * will wrap around in less than 10 seconds at 100 Mbit/s on a 180 * medium with MTU 1500. See Steven M. Bellovin, "A Technique 181 * for Counting NATted Hosts", Proc. IMW'02, available at 182 * <http://www.cs.columbia.edu/~smb/papers/fnat.pdf>. 183 */ 184 if ((flags & (IP_FORWARDING|IP_RAWOUTPUT)) == 0) { 185 ip->ip_v = IPVERSION; 186 ip->ip_hl = hlen >> 2; 187 ip->ip_id = ip_newid(); 188 IPSTAT_INC(ips_localout); 189 } else { 190 /* Header already set, fetch hlen from there */ 191 hlen = ip->ip_hl << 2; 192 } 193 194 /* 195 * dst/gw handling: 196 * 197 * dst can be rewritten but always point to &ro->ro_dst 198 * gw is readonly but can be pointed either to dst OR rt_gatewy 199 * therefore we need restore GW if we're re-doing lookup 200 */ 201 gw = dst = (struct sockaddr_in *)&ro->ro_dst; 202again: 203 ia = NULL; 204 have_ia_ref = 0; 205 /* 206 * If there is a cached route, 207 * check that it is to the same destination 208 * and is still up. If not, free it and try again. 209 * The address family should also be checked in case of sharing the 210 * cache with IPv6. 211 */ 212 rte = ro->ro_rt; 213 if (rte && ((rte->rt_flags & RTF_UP) == 0 || 214 rte->rt_ifp == NULL || 215 !RT_LINK_IS_UP(rte->rt_ifp) || 216 dst->sin_family != AF_INET || 217 dst->sin_addr.s_addr != ip->ip_dst.s_addr)) { 218 RO_RTFREE(ro); 219 ro->ro_lle = NULL; 220 rte = NULL; 221 gw = dst; 222 } 223 if (rte == NULL && fwd_tag == NULL) { 224 bzero(dst, sizeof(*dst)); 225 dst->sin_family = AF_INET; 226 dst->sin_len = sizeof(*dst); 227 dst->sin_addr = ip->ip_dst; 228 } 229 /* 230 * If routing to interface only, short circuit routing lookup. 231 * The use of an all-ones broadcast address implies this; an 232 * interface is specified by the broadcast address of an interface, 233 * or the destination address of a ptp interface. 234 */ 235 if (flags & IP_SENDONES) { 236 if ((ia = ifatoia(ifa_ifwithbroadaddr(sintosa(dst)))) == NULL && 237 (ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == NULL) { 238 IPSTAT_INC(ips_noroute); 239 error = ENETUNREACH; 240 goto bad; 241 } 242 have_ia_ref = 1; 243 ip->ip_dst.s_addr = INADDR_BROADCAST; 244 dst->sin_addr = ip->ip_dst; 245 ifp = ia->ia_ifp; 246 ip->ip_ttl = 1; 247 isbroadcast = 1; 248 } else if (flags & IP_ROUTETOIF) { 249 if ((ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == NULL && 250 (ia = ifatoia(ifa_ifwithnet(sintosa(dst), 0))) == NULL) { 251 IPSTAT_INC(ips_noroute); 252 error = ENETUNREACH; 253 goto bad; 254 } 255 have_ia_ref = 1; 256 ifp = ia->ia_ifp; 257 ip->ip_ttl = 1; 258 isbroadcast = in_broadcast(dst->sin_addr, ifp); 259 } else if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr)) && 260 imo != NULL && imo->imo_multicast_ifp != NULL) { 261 /* 262 * Bypass the normal routing lookup for multicast 263 * packets if the interface is specified. 264 */ 265 ifp = imo->imo_multicast_ifp; 266 IFP_TO_IA(ifp, ia); 267 if (ia) 268 have_ia_ref = 1; 269 isbroadcast = 0; /* fool gcc */ 270 } else { 271 /* 272 * We want to do any cloning requested by the link layer, 273 * as this is probably required in all cases for correct 274 * operation (as it is for ARP). 275 */ 276 if (rte == NULL) { 277#ifdef RADIX_MPATH 278 rtalloc_mpath_fib(ro, 279 ntohl(ip->ip_src.s_addr ^ ip->ip_dst.s_addr), 280 inp ? inp->inp_inc.inc_fibnum : M_GETFIB(m)); 281#else 282 in_rtalloc_ign(ro, 0, 283 inp ? inp->inp_inc.inc_fibnum : M_GETFIB(m)); 284#endif 285 rte = ro->ro_rt; 286 } 287 if (rte == NULL || 288 rte->rt_ifp == NULL || 289 !RT_LINK_IS_UP(rte->rt_ifp)) { 290#ifdef IPSEC 291 /* 292 * There is no route for this packet, but it is 293 * possible that a matching SPD entry exists. 294 */ 295 no_route_but_check_spd = 1; 296 mtu = 0; /* Silence GCC warning. */ 297 goto sendit; 298#endif 299 IPSTAT_INC(ips_noroute); 300 error = EHOSTUNREACH; 301 goto bad; 302 } 303 ia = ifatoia(rte->rt_ifa); 304 ifp = rte->rt_ifp; 305 counter_u64_add(rte->rt_pksent, 1); 306 if (rte->rt_flags & RTF_GATEWAY) 307 gw = (struct sockaddr_in *)rte->rt_gateway; 308 if (rte->rt_flags & RTF_HOST) 309 isbroadcast = (rte->rt_flags & RTF_BROADCAST); 310 else 311 isbroadcast = in_broadcast(gw->sin_addr, ifp); 312 } 313 /* 314 * Calculate MTU. If we have a route that is up, use that, 315 * otherwise use the interface's MTU. 316 */ 317 if (rte != NULL && (rte->rt_flags & (RTF_UP|RTF_HOST))) { 318 /* 319 * This case can happen if the user changed the MTU 320 * of an interface after enabling IP on it. Because 321 * most netifs don't keep track of routes pointing to 322 * them, there is no way for one to update all its 323 * routes when the MTU is changed. 324 */ 325 if (rte->rt_mtu > ifp->if_mtu) 326 rte->rt_mtu = ifp->if_mtu; 327 mtu = rte->rt_mtu; 328 } else { 329 mtu = ifp->if_mtu; 330 } 331 /* Catch a possible divide by zero later. */ 332 KASSERT(mtu > 0, ("%s: mtu %d <= 0, rte=%p (rt_flags=0x%08x) ifp=%p", 333 __func__, mtu, rte, (rte != NULL) ? rte->rt_flags : 0, ifp)); 334 if (IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { 335 m->m_flags |= M_MCAST; 336 /* 337 * IP destination address is multicast. Make sure "gw" 338 * still points to the address in "ro". (It may have been 339 * changed to point to a gateway address, above.) 340 */ 341 gw = dst; 342 /* 343 * See if the caller provided any multicast options 344 */ 345 if (imo != NULL) { 346 ip->ip_ttl = imo->imo_multicast_ttl; 347 if (imo->imo_multicast_vif != -1) 348 ip->ip_src.s_addr = 349 ip_mcast_src ? 350 ip_mcast_src(imo->imo_multicast_vif) : 351 INADDR_ANY; 352 } else 353 ip->ip_ttl = IP_DEFAULT_MULTICAST_TTL; 354 /* 355 * Confirm that the outgoing interface supports multicast. 356 */ 357 if ((imo == NULL) || (imo->imo_multicast_vif == -1)) { 358 if ((ifp->if_flags & IFF_MULTICAST) == 0) { 359 IPSTAT_INC(ips_noroute); 360 error = ENETUNREACH; 361 goto bad; 362 } 363 } 364 /* 365 * If source address not specified yet, use address 366 * of outgoing interface. 367 */ 368 if (ip->ip_src.s_addr == INADDR_ANY) { 369 /* Interface may have no addresses. */ 370 if (ia != NULL) 371 ip->ip_src = IA_SIN(ia)->sin_addr; 372 } 373 374 if ((imo == NULL && in_mcast_loop) || 375 (imo && imo->imo_multicast_loop)) { 376 /* 377 * Loop back multicast datagram if not expressly 378 * forbidden to do so, even if we are not a member 379 * of the group; ip_input() will filter it later, 380 * thus deferring a hash lookup and mutex acquisition 381 * at the expense of a cheap copy using m_copym(). 382 */ 383 ip_mloopback(ifp, m, dst, hlen); 384 } else { 385 /* 386 * If we are acting as a multicast router, perform 387 * multicast forwarding as if the packet had just 388 * arrived on the interface to which we are about 389 * to send. The multicast forwarding function 390 * recursively calls this function, using the 391 * IP_FORWARDING flag to prevent infinite recursion. 392 * 393 * Multicasts that are looped back by ip_mloopback(), 394 * above, will be forwarded by the ip_input() routine, 395 * if necessary. 396 */ 397 if (V_ip_mrouter && (flags & IP_FORWARDING) == 0) { 398 /* 399 * If rsvp daemon is not running, do not 400 * set ip_moptions. This ensures that the packet 401 * is multicast and not just sent down one link 402 * as prescribed by rsvpd. 403 */ 404 if (!V_rsvp_on) 405 imo = NULL; 406 if (ip_mforward && 407 ip_mforward(ip, ifp, m, imo) != 0) { 408 m_freem(m); 409 goto done; 410 } 411 } 412 } 413 414 /* 415 * Multicasts with a time-to-live of zero may be looped- 416 * back, above, but must not be transmitted on a network. 417 * Also, multicasts addressed to the loopback interface 418 * are not sent -- the above call to ip_mloopback() will 419 * loop back a copy. ip_input() will drop the copy if 420 * this host does not belong to the destination group on 421 * the loopback interface. 422 */ 423 if (ip->ip_ttl == 0 || ifp->if_flags & IFF_LOOPBACK) { 424 m_freem(m); 425 goto done; 426 } 427 428 goto sendit; 429 } 430 431 /* 432 * If the source address is not specified yet, use the address 433 * of the outoing interface. 434 */ 435 if (ip->ip_src.s_addr == INADDR_ANY) { 436 /* Interface may have no addresses. */ 437 if (ia != NULL) { 438 ip->ip_src = IA_SIN(ia)->sin_addr; 439 } 440 } 441 442 /* 443 * Verify that we have any chance at all of being able to queue the 444 * packet or packet fragments, unless ALTQ is enabled on the given 445 * interface in which case packetdrop should be done by queueing. 446 */ 447 n = ip_len / mtu + 1; /* how many fragments ? */ 448 if ( 449#ifdef ALTQ 450 (!ALTQ_IS_ENABLED(&ifp->if_snd)) && 451#endif /* ALTQ */ 452 (ifp->if_snd.ifq_len + n) >= ifp->if_snd.ifq_maxlen ) { 453 error = ENOBUFS; 454 IPSTAT_INC(ips_odropped); 455 ifp->if_snd.ifq_drops += n; 456 goto bad; 457 } 458 459 /* 460 * Look for broadcast address and 461 * verify user is allowed to send 462 * such a packet. 463 */ 464 if (isbroadcast) { 465 if ((ifp->if_flags & IFF_BROADCAST) == 0) { 466 error = EADDRNOTAVAIL; 467 goto bad; 468 } 469 if ((flags & IP_ALLOWBROADCAST) == 0) { 470 error = EACCES; 471 goto bad; 472 } 473 /* don't allow broadcast messages to be fragmented */ 474 if (ip_len > mtu) { 475 error = EMSGSIZE; 476 goto bad; 477 } 478 m->m_flags |= M_BCAST; 479 } else { 480 m->m_flags &= ~M_BCAST; 481 } 482 483sendit: 484#ifdef IPSEC 485 switch(ip_ipsec_output(&m, inp, &flags, &error)) { 486 case 1: 487 goto bad; 488 case -1: 489 goto done; 490 case 0: 491 default: 492 break; /* Continue with packet processing. */ 493 } 494 /* 495 * Check if there was a route for this packet; return error if not. 496 */ 497 if (no_route_but_check_spd) { 498 IPSTAT_INC(ips_noroute); 499 error = EHOSTUNREACH; 500 goto bad; 501 } 502 /* Update variables that are affected by ipsec4_output(). */ 503 ip = mtod(m, struct ip *); 504 hlen = ip->ip_hl << 2; 505#endif /* IPSEC */ 506 507 /* Jump over all PFIL processing if hooks are not active. */ 508 if (!PFIL_HOOKED(&V_inet_pfil_hook)) 509 goto passout; 510 511 /* Run through list of hooks for output packets. */ 512 odst.s_addr = ip->ip_dst.s_addr; 513 error = pfil_run_hooks(&V_inet_pfil_hook, &m, ifp, PFIL_OUT, inp); 514 if (error != 0 || m == NULL) 515 goto done; 516 517 ip = mtod(m, struct ip *); 518 519 /* See if destination IP address was changed by packet filter. */ 520 if (odst.s_addr != ip->ip_dst.s_addr) { 521 m->m_flags |= M_SKIP_FIREWALL; 522 /* If destination is now ourself drop to ip_input(). */ 523 if (in_localip(ip->ip_dst)) { 524 m->m_flags |= M_FASTFWD_OURS; 525 if (m->m_pkthdr.rcvif == NULL) 526 m->m_pkthdr.rcvif = V_loif; 527 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 528 m->m_pkthdr.csum_flags |= 529 CSUM_DATA_VALID | CSUM_PSEUDO_HDR; 530 m->m_pkthdr.csum_data = 0xffff; 531 } 532 m->m_pkthdr.csum_flags |= 533 CSUM_IP_CHECKED | CSUM_IP_VALID; 534#ifdef SCTP 535 if (m->m_pkthdr.csum_flags & CSUM_SCTP) 536 m->m_pkthdr.csum_flags |= CSUM_SCTP_VALID; 537#endif 538 error = netisr_queue(NETISR_IP, m); 539 goto done; 540 } else { 541 if (have_ia_ref) 542 ifa_free(&ia->ia_ifa); 543 goto again; /* Redo the routing table lookup. */ 544 } 545 } 546 547 /* See if local, if yes, send it to netisr with IP_FASTFWD_OURS. */ 548 if (m->m_flags & M_FASTFWD_OURS) { 549 if (m->m_pkthdr.rcvif == NULL) 550 m->m_pkthdr.rcvif = V_loif; 551 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 552 m->m_pkthdr.csum_flags |= 553 CSUM_DATA_VALID | CSUM_PSEUDO_HDR; 554 m->m_pkthdr.csum_data = 0xffff; 555 } 556#ifdef SCTP 557 if (m->m_pkthdr.csum_flags & CSUM_SCTP) 558 m->m_pkthdr.csum_flags |= CSUM_SCTP_VALID; 559#endif 560 m->m_pkthdr.csum_flags |= 561 CSUM_IP_CHECKED | CSUM_IP_VALID; 562 563 error = netisr_queue(NETISR_IP, m); 564 goto done; 565 } 566 /* Or forward to some other address? */ 567 if ((m->m_flags & M_IP_NEXTHOP) && 568 (fwd_tag = m_tag_find(m, PACKET_TAG_IPFORWARD, NULL)) != NULL) { 569 bcopy((fwd_tag+1), dst, sizeof(struct sockaddr_in)); 570 m->m_flags |= M_SKIP_FIREWALL; 571 m->m_flags &= ~M_IP_NEXTHOP; 572 m_tag_delete(m, fwd_tag); 573 if (have_ia_ref) 574 ifa_free(&ia->ia_ifa); 575 goto again; 576 } 577 578passout: 579 /* 127/8 must not appear on wire - RFC1122. */ 580 if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || 581 (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { 582 if ((ifp->if_flags & IFF_LOOPBACK) == 0) { 583 IPSTAT_INC(ips_badaddr); 584 error = EADDRNOTAVAIL; 585 goto bad; 586 } 587 } 588 589 m->m_pkthdr.csum_flags |= CSUM_IP; 590 if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA & ~ifp->if_hwassist) { 591 in_delayed_cksum(m); 592 m->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; 593 } 594#ifdef SCTP 595 if (m->m_pkthdr.csum_flags & CSUM_SCTP & ~ifp->if_hwassist) { 596 sctp_delayed_cksum(m, (uint32_t)(ip->ip_hl << 2)); 597 m->m_pkthdr.csum_flags &= ~CSUM_SCTP; 598 } 599#endif 600 601 /* 602 * If small enough for interface, or the interface will take 603 * care of the fragmentation for us, we can just send directly. 604 */ 605 if (ip_len <= mtu || 606 (m->m_pkthdr.csum_flags & ifp->if_hwassist & CSUM_TSO) != 0 || 607 ((ip_off & IP_DF) == 0 && (ifp->if_hwassist & CSUM_FRAGMENT))) { 608 ip->ip_sum = 0; 609 if (m->m_pkthdr.csum_flags & CSUM_IP & ~ifp->if_hwassist) { 610 ip->ip_sum = in_cksum(m, hlen); 611 m->m_pkthdr.csum_flags &= ~CSUM_IP; 612 } 613 614 /* 615 * Record statistics for this interface address. 616 * With CSUM_TSO the byte/packet count will be slightly 617 * incorrect because we count the IP+TCP headers only 618 * once instead of for every generated packet. 619 */ 620 if (!(flags & IP_FORWARDING) && ia) { 621 if (m->m_pkthdr.csum_flags & CSUM_TSO) 622 ia->ia_ifa.if_opackets += 623 m->m_pkthdr.len / m->m_pkthdr.tso_segsz; 624 else 625 ia->ia_ifa.if_opackets++; 626 ia->ia_ifa.if_obytes += m->m_pkthdr.len; 627 } 628#ifdef MBUF_STRESS_TEST 629 if (mbuf_frag_size && m->m_pkthdr.len > mbuf_frag_size) 630 m = m_fragment(m, M_NOWAIT, mbuf_frag_size); 631#endif 632 /* 633 * Reset layer specific mbuf flags 634 * to avoid confusing lower layers. 635 */ 636 m_clrprotoflags(m); 637 IP_PROBE(send, NULL, NULL, ip, ifp, ip, NULL); 638 error = (*ifp->if_output)(ifp, m, 639 (const struct sockaddr *)gw, ro); 640 goto done; 641 } 642 643 /* Balk when DF bit is set or the interface didn't support TSO. */ 644 if ((ip_off & IP_DF) || (m->m_pkthdr.csum_flags & CSUM_TSO)) { 645 error = EMSGSIZE; 646 IPSTAT_INC(ips_cantfrag); 647 goto bad; 648 } 649 650 /* 651 * Too large for interface; fragment if possible. If successful, 652 * on return, m will point to a list of packets to be sent. 653 */ 654 error = ip_fragment(ip, &m, mtu, ifp->if_hwassist); 655 if (error) 656 goto bad; 657 for (; m; m = m0) { 658 m0 = m->m_nextpkt; 659 m->m_nextpkt = 0; 660 if (error == 0) { 661 /* Record statistics for this interface address. */ 662 if (ia != NULL) { 663 ia->ia_ifa.if_opackets++; 664 ia->ia_ifa.if_obytes += m->m_pkthdr.len; 665 } 666 /* 667 * Reset layer specific mbuf flags 668 * to avoid confusing upper layers. 669 */ 670 m_clrprotoflags(m); 671 672 IP_PROBE(send, NULL, NULL, ip, ifp, ip, NULL); 673 error = (*ifp->if_output)(ifp, m, 674 (const struct sockaddr *)gw, ro); 675 } else 676 m_freem(m); 677 } 678 679 if (error == 0) 680 IPSTAT_INC(ips_fragmented); 681 682done: 683 if (ro == &iproute) 684 RO_RTFREE(ro); 685 if (have_ia_ref) 686 ifa_free(&ia->ia_ifa); 687 return (error); 688bad: 689 m_freem(m); 690 goto done; 691} 692 693/* 694 * Create a chain of fragments which fit the given mtu. m_frag points to the 695 * mbuf to be fragmented; on return it points to the chain with the fragments. 696 * Return 0 if no error. If error, m_frag may contain a partially built 697 * chain of fragments that should be freed by the caller. 698 * 699 * if_hwassist_flags is the hw offload capabilities (see if_data.ifi_hwassist) 700 */ 701int 702ip_fragment(struct ip *ip, struct mbuf **m_frag, int mtu, 703 u_long if_hwassist_flags) 704{ 705 int error = 0; 706 int hlen = ip->ip_hl << 2; 707 int len = (mtu - hlen) & ~7; /* size of payload in each fragment */ 708 int off; 709 struct mbuf *m0 = *m_frag; /* the original packet */ 710 int firstlen; 711 struct mbuf **mnext; 712 int nfrags; 713 uint16_t ip_len, ip_off; 714 715 ip_len = ntohs(ip->ip_len); 716 ip_off = ntohs(ip->ip_off); 717 718 if (ip_off & IP_DF) { /* Fragmentation not allowed */ 719 IPSTAT_INC(ips_cantfrag); 720 return EMSGSIZE; 721 } 722 723 /* 724 * Must be able to put at least 8 bytes per fragment. 725 */ 726 if (len < 8) 727 return EMSGSIZE; 728 729 /* 730 * If the interface will not calculate checksums on 731 * fragmented packets, then do it here. 732 */ 733 if (m0->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 734 in_delayed_cksum(m0); 735 m0->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; 736 } 737#ifdef SCTP 738 if (m0->m_pkthdr.csum_flags & CSUM_SCTP) { 739 sctp_delayed_cksum(m0, hlen); 740 m0->m_pkthdr.csum_flags &= ~CSUM_SCTP; 741 } 742#endif 743 if (len > PAGE_SIZE) { 744 /* 745 * Fragment large datagrams such that each segment 746 * contains a multiple of PAGE_SIZE amount of data, 747 * plus headers. This enables a receiver to perform 748 * page-flipping zero-copy optimizations. 749 * 750 * XXX When does this help given that sender and receiver 751 * could have different page sizes, and also mtu could 752 * be less than the receiver's page size ? 753 */ 754 int newlen; 755 756 off = MIN(mtu, m0->m_pkthdr.len); 757 758 /* 759 * firstlen (off - hlen) must be aligned on an 760 * 8-byte boundary 761 */ 762 if (off < hlen) 763 goto smart_frag_failure; 764 off = ((off - hlen) & ~7) + hlen; 765 newlen = (~PAGE_MASK) & mtu; 766 if ((newlen + sizeof (struct ip)) > mtu) { 767 /* we failed, go back the default */ 768smart_frag_failure: 769 newlen = len; 770 off = hlen + len; 771 } 772 len = newlen; 773 774 } else { 775 off = hlen + len; 776 } 777 778 firstlen = off - hlen; 779 mnext = &m0->m_nextpkt; /* pointer to next packet */ 780 781 /* 782 * Loop through length of segment after first fragment, 783 * make new header and copy data of each part and link onto chain. 784 * Here, m0 is the original packet, m is the fragment being created. 785 * The fragments are linked off the m_nextpkt of the original 786 * packet, which after processing serves as the first fragment. 787 */ 788 for (nfrags = 1; off < ip_len; off += len, nfrags++) { 789 struct ip *mhip; /* ip header on the fragment */ 790 struct mbuf *m; 791 int mhlen = sizeof (struct ip); 792 793 m = m_gethdr(M_NOWAIT, MT_DATA); 794 if (m == NULL) { 795 error = ENOBUFS; 796 IPSTAT_INC(ips_odropped); 797 goto done; 798 } 799 /* 800 * make sure the flowid and flowtype are the same for the 801 * fragmented mbufs 802 */ 803 M_HASHTYPE_SET(m, M_HASHTYPE_GET(m0)); 804 m->m_pkthdr.flowid = m0->m_pkthdr.flowid; 805 /* copy multicast flags, if any */ 806 m->m_flags |= (m0->m_flags & M_MCAST); 807 /* 808 * In the first mbuf, leave room for the link header, then 809 * copy the original IP header including options. The payload 810 * goes into an additional mbuf chain returned by m_copym(). 811 */ 812 m->m_data += max_linkhdr; 813 mhip = mtod(m, struct ip *); 814 *mhip = *ip; 815 if (hlen > sizeof (struct ip)) { 816 mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip); 817 mhip->ip_v = IPVERSION; 818 mhip->ip_hl = mhlen >> 2; 819 } 820 m->m_len = mhlen; 821 /* XXX do we need to add ip_off below ? */ 822 mhip->ip_off = ((off - hlen) >> 3) + ip_off; 823 if (off + len >= ip_len) 824 len = ip_len - off; 825 else 826 mhip->ip_off |= IP_MF; 827 mhip->ip_len = htons((u_short)(len + mhlen)); 828 m->m_next = m_copym(m0, off, len, M_NOWAIT); 829 if (m->m_next == NULL) { /* copy failed */ 830 m_free(m); 831 error = ENOBUFS; /* ??? */ 832 IPSTAT_INC(ips_odropped); 833 goto done; 834 } 835 m->m_pkthdr.len = mhlen + len; 836 m->m_pkthdr.rcvif = NULL; 837#ifdef MAC 838 mac_netinet_fragment(m0, m); 839#endif 840 m->m_pkthdr.csum_flags = m0->m_pkthdr.csum_flags; 841 mhip->ip_off = htons(mhip->ip_off); 842 mhip->ip_sum = 0; 843 if (m->m_pkthdr.csum_flags & CSUM_IP & ~if_hwassist_flags) { 844 mhip->ip_sum = in_cksum(m, mhlen); 845 m->m_pkthdr.csum_flags &= ~CSUM_IP; 846 } 847 *mnext = m; 848 mnext = &m->m_nextpkt; 849 } 850 IPSTAT_ADD(ips_ofragments, nfrags); 851 852 /* 853 * Update first fragment by trimming what's been copied out 854 * and updating header. 855 */ 856 m_adj(m0, hlen + firstlen - ip_len); 857 m0->m_pkthdr.len = hlen + firstlen; 858 ip->ip_len = htons((u_short)m0->m_pkthdr.len); 859 ip->ip_off = htons(ip_off | IP_MF); 860 ip->ip_sum = 0; 861 if (m0->m_pkthdr.csum_flags & CSUM_IP & ~if_hwassist_flags) { 862 ip->ip_sum = in_cksum(m0, hlen); 863 m0->m_pkthdr.csum_flags &= ~CSUM_IP; 864 } 865 866done: 867 *m_frag = m0; 868 return error; 869} 870 871void 872in_delayed_cksum(struct mbuf *m) 873{ 874 struct ip *ip; 875 uint16_t csum, offset, ip_len; 876 877 ip = mtod(m, struct ip *); 878 offset = ip->ip_hl << 2 ; 879 ip_len = ntohs(ip->ip_len); 880 csum = in_cksum_skip(m, ip_len, offset); 881 if (m->m_pkthdr.csum_flags & CSUM_UDP && csum == 0) 882 csum = 0xffff; 883 offset += m->m_pkthdr.csum_data; /* checksum offset */ 884 885 /* find the mbuf in the chain where the checksum starts*/ 886 while ((m != NULL) && (offset >= m->m_len)) { 887 offset -= m->m_len; 888 m = m->m_next; 889 } 890 KASSERT(m != NULL, ("in_delayed_cksum: checksum outside mbuf chain.")); 891 KASSERT(offset + sizeof(u_short) <= m->m_len, ("in_delayed_cksum: checksum split between mbufs.")); 892 *(u_short *)(m->m_data + offset) = csum; 893} 894 895/* 896 * IP socket option processing. 897 */ 898int 899ip_ctloutput(struct socket *so, struct sockopt *sopt) 900{ 901 struct inpcb *inp = sotoinpcb(so); 902 int error, optval; 903 904 error = optval = 0; 905 if (sopt->sopt_level != IPPROTO_IP) { 906 error = EINVAL; 907 908 if (sopt->sopt_level == SOL_SOCKET && 909 sopt->sopt_dir == SOPT_SET) { 910 switch (sopt->sopt_name) { 911 case SO_REUSEADDR: 912 INP_WLOCK(inp); 913 if ((so->so_options & SO_REUSEADDR) != 0) 914 inp->inp_flags2 |= INP_REUSEADDR; 915 else 916 inp->inp_flags2 &= ~INP_REUSEADDR; 917 INP_WUNLOCK(inp); 918 error = 0; 919 break; 920 case SO_REUSEPORT: 921 INP_WLOCK(inp); 922 if ((so->so_options & SO_REUSEPORT) != 0) 923 inp->inp_flags2 |= INP_REUSEPORT; 924 else 925 inp->inp_flags2 &= ~INP_REUSEPORT; 926 INP_WUNLOCK(inp); 927 error = 0; 928 break; 929 case SO_SETFIB: 930 INP_WLOCK(inp); 931 inp->inp_inc.inc_fibnum = so->so_fibnum; 932 INP_WUNLOCK(inp); 933 error = 0; 934 break; 935 default: 936 break; 937 } 938 } 939 return (error); 940 } 941 942 switch (sopt->sopt_dir) { 943 case SOPT_SET: 944 switch (sopt->sopt_name) { 945 case IP_OPTIONS: 946#ifdef notyet 947 case IP_RETOPTS: 948#endif 949 { 950 struct mbuf *m; 951 if (sopt->sopt_valsize > MLEN) { 952 error = EMSGSIZE; 953 break; 954 } 955 m = m_get(sopt->sopt_td ? M_WAITOK : M_NOWAIT, MT_DATA); 956 if (m == NULL) { 957 error = ENOBUFS; 958 break; 959 } 960 m->m_len = sopt->sopt_valsize; 961 error = sooptcopyin(sopt, mtod(m, char *), m->m_len, 962 m->m_len); 963 if (error) { 964 m_free(m); 965 break; 966 } 967 INP_WLOCK(inp); 968 error = ip_pcbopts(inp, sopt->sopt_name, m); 969 INP_WUNLOCK(inp); 970 return (error); 971 } 972 973 case IP_BINDANY: 974 if (sopt->sopt_td != NULL) { 975 error = priv_check(sopt->sopt_td, 976 PRIV_NETINET_BINDANY); 977 if (error) 978 break; 979 } 980 /* FALLTHROUGH */ 981 case IP_TOS: 982 case IP_TTL: 983 case IP_MINTTL: 984 case IP_RECVOPTS: 985 case IP_RECVRETOPTS: 986 case IP_RECVDSTADDR: 987 case IP_RECVTTL: 988 case IP_RECVIF: 989 case IP_FAITH: 990 case IP_ONESBCAST: 991 case IP_DONTFRAG: 992 case IP_RECVTOS: 993 error = sooptcopyin(sopt, &optval, sizeof optval, 994 sizeof optval); 995 if (error) 996 break; 997 998 switch (sopt->sopt_name) { 999 case IP_TOS: 1000 inp->inp_ip_tos = optval; 1001 break; 1002 1003 case IP_TTL: 1004 inp->inp_ip_ttl = optval; 1005 break; 1006 1007 case IP_MINTTL: 1008 if (optval >= 0 && optval <= MAXTTL) 1009 inp->inp_ip_minttl = optval; 1010 else 1011 error = EINVAL; 1012 break; 1013 1014#define OPTSET(bit) do { \ 1015 INP_WLOCK(inp); \ 1016 if (optval) \ 1017 inp->inp_flags |= bit; \ 1018 else \ 1019 inp->inp_flags &= ~bit; \ 1020 INP_WUNLOCK(inp); \ 1021} while (0) 1022 1023 case IP_RECVOPTS: 1024 OPTSET(INP_RECVOPTS); 1025 break; 1026 1027 case IP_RECVRETOPTS: 1028 OPTSET(INP_RECVRETOPTS); 1029 break; 1030 1031 case IP_RECVDSTADDR: 1032 OPTSET(INP_RECVDSTADDR); 1033 break; 1034 1035 case IP_RECVTTL: 1036 OPTSET(INP_RECVTTL); 1037 break; 1038 1039 case IP_RECVIF: 1040 OPTSET(INP_RECVIF); 1041 break; 1042 1043 case IP_FAITH: 1044 OPTSET(INP_FAITH); 1045 break; 1046 1047 case IP_ONESBCAST: 1048 OPTSET(INP_ONESBCAST); 1049 break; 1050 case IP_DONTFRAG: 1051 OPTSET(INP_DONTFRAG); 1052 break; 1053 case IP_BINDANY: 1054 OPTSET(INP_BINDANY); 1055 break; 1056 case IP_RECVTOS: 1057 OPTSET(INP_RECVTOS); 1058 break; 1059 } 1060 break; 1061#undef OPTSET 1062 1063 /* 1064 * Multicast socket options are processed by the in_mcast 1065 * module. 1066 */ 1067 case IP_MULTICAST_IF: 1068 case IP_MULTICAST_VIF: 1069 case IP_MULTICAST_TTL: 1070 case IP_MULTICAST_LOOP: 1071 case IP_ADD_MEMBERSHIP: 1072 case IP_DROP_MEMBERSHIP: 1073 case IP_ADD_SOURCE_MEMBERSHIP: 1074 case IP_DROP_SOURCE_MEMBERSHIP: 1075 case IP_BLOCK_SOURCE: 1076 case IP_UNBLOCK_SOURCE: 1077 case IP_MSFILTER: 1078 case MCAST_JOIN_GROUP: 1079 case MCAST_LEAVE_GROUP: 1080 case MCAST_JOIN_SOURCE_GROUP: 1081 case MCAST_LEAVE_SOURCE_GROUP: 1082 case MCAST_BLOCK_SOURCE: 1083 case MCAST_UNBLOCK_SOURCE: 1084 error = inp_setmoptions(inp, sopt); 1085 break; 1086 1087 case IP_PORTRANGE: 1088 error = sooptcopyin(sopt, &optval, sizeof optval, 1089 sizeof optval); 1090 if (error) 1091 break; 1092 1093 INP_WLOCK(inp); 1094 switch (optval) { 1095 case IP_PORTRANGE_DEFAULT: 1096 inp->inp_flags &= ~(INP_LOWPORT); 1097 inp->inp_flags &= ~(INP_HIGHPORT); 1098 break; 1099 1100 case IP_PORTRANGE_HIGH: 1101 inp->inp_flags &= ~(INP_LOWPORT); 1102 inp->inp_flags |= INP_HIGHPORT; 1103 break; 1104 1105 case IP_PORTRANGE_LOW: 1106 inp->inp_flags &= ~(INP_HIGHPORT); 1107 inp->inp_flags |= INP_LOWPORT; 1108 break; 1109 1110 default: 1111 error = EINVAL; 1112 break; 1113 } 1114 INP_WUNLOCK(inp); 1115 break; 1116 1117#ifdef IPSEC 1118 case IP_IPSEC_POLICY: 1119 { 1120 caddr_t req; 1121 struct mbuf *m; 1122 1123 if ((error = soopt_getm(sopt, &m)) != 0) /* XXX */ 1124 break; 1125 if ((error = soopt_mcopyin(sopt, m)) != 0) /* XXX */ 1126 break; 1127 req = mtod(m, caddr_t); 1128 error = ipsec_set_policy(inp, sopt->sopt_name, req, 1129 m->m_len, (sopt->sopt_td != NULL) ? 1130 sopt->sopt_td->td_ucred : NULL); 1131 m_freem(m); 1132 break; 1133 } 1134#endif /* IPSEC */ 1135 1136 default: 1137 error = ENOPROTOOPT; 1138 break; 1139 } 1140 break; 1141 1142 case SOPT_GET: 1143 switch (sopt->sopt_name) { 1144 case IP_OPTIONS: 1145 case IP_RETOPTS: 1146 if (inp->inp_options) 1147 error = sooptcopyout(sopt, 1148 mtod(inp->inp_options, 1149 char *), 1150 inp->inp_options->m_len); 1151 else 1152 sopt->sopt_valsize = 0; 1153 break; 1154 1155 case IP_TOS: 1156 case IP_TTL: 1157 case IP_MINTTL: 1158 case IP_RECVOPTS: 1159 case IP_RECVRETOPTS: 1160 case IP_RECVDSTADDR: 1161 case IP_RECVTTL: 1162 case IP_RECVIF: 1163 case IP_PORTRANGE: 1164 case IP_FAITH: 1165 case IP_ONESBCAST: 1166 case IP_DONTFRAG: 1167 case IP_BINDANY: 1168 case IP_RECVTOS: 1169 switch (sopt->sopt_name) { 1170 1171 case IP_TOS: 1172 optval = inp->inp_ip_tos; 1173 break; 1174 1175 case IP_TTL: 1176 optval = inp->inp_ip_ttl; 1177 break; 1178 1179 case IP_MINTTL: 1180 optval = inp->inp_ip_minttl; 1181 break; 1182 1183#define OPTBIT(bit) (inp->inp_flags & bit ? 1 : 0) 1184 1185 case IP_RECVOPTS: 1186 optval = OPTBIT(INP_RECVOPTS); 1187 break; 1188 1189 case IP_RECVRETOPTS: 1190 optval = OPTBIT(INP_RECVRETOPTS); 1191 break; 1192 1193 case IP_RECVDSTADDR: 1194 optval = OPTBIT(INP_RECVDSTADDR); 1195 break; 1196 1197 case IP_RECVTTL: 1198 optval = OPTBIT(INP_RECVTTL); 1199 break; 1200 1201 case IP_RECVIF: 1202 optval = OPTBIT(INP_RECVIF); 1203 break; 1204 1205 case IP_PORTRANGE: 1206 if (inp->inp_flags & INP_HIGHPORT) 1207 optval = IP_PORTRANGE_HIGH; 1208 else if (inp->inp_flags & INP_LOWPORT) 1209 optval = IP_PORTRANGE_LOW; 1210 else 1211 optval = 0; 1212 break; 1213 1214 case IP_FAITH: 1215 optval = OPTBIT(INP_FAITH); 1216 break; 1217 1218 case IP_ONESBCAST: 1219 optval = OPTBIT(INP_ONESBCAST); 1220 break; 1221 case IP_DONTFRAG: 1222 optval = OPTBIT(INP_DONTFRAG); 1223 break; 1224 case IP_BINDANY: 1225 optval = OPTBIT(INP_BINDANY); 1226 break; 1227 case IP_RECVTOS: 1228 optval = OPTBIT(INP_RECVTOS); 1229 break; 1230 } 1231 error = sooptcopyout(sopt, &optval, sizeof optval); 1232 break; 1233 1234 /* 1235 * Multicast socket options are processed by the in_mcast 1236 * module. 1237 */ 1238 case IP_MULTICAST_IF: 1239 case IP_MULTICAST_VIF: 1240 case IP_MULTICAST_TTL: 1241 case IP_MULTICAST_LOOP: 1242 case IP_MSFILTER: 1243 error = inp_getmoptions(inp, sopt); 1244 break; 1245 1246#ifdef IPSEC 1247 case IP_IPSEC_POLICY: 1248 { 1249 struct mbuf *m = NULL; 1250 caddr_t req = NULL; 1251 size_t len = 0; 1252 1253 if (m != 0) { 1254 req = mtod(m, caddr_t); 1255 len = m->m_len; 1256 } 1257 error = ipsec_get_policy(sotoinpcb(so), req, len, &m); 1258 if (error == 0) 1259 error = soopt_mcopyout(sopt, m); /* XXX */ 1260 if (error == 0) 1261 m_freem(m); 1262 break; 1263 } 1264#endif /* IPSEC */ 1265 1266 default: 1267 error = ENOPROTOOPT; 1268 break; 1269 } 1270 break; 1271 } 1272 return (error); 1273} 1274 1275/* 1276 * Routine called from ip_output() to loop back a copy of an IP multicast 1277 * packet to the input queue of a specified interface. Note that this 1278 * calls the output routine of the loopback "driver", but with an interface 1279 * pointer that might NOT be a loopback interface -- evil, but easier than 1280 * replicating that code here. 1281 */ 1282static void 1283ip_mloopback(struct ifnet *ifp, struct mbuf *m, struct sockaddr_in *dst, 1284 int hlen) 1285{ 1286 register struct ip *ip; 1287 struct mbuf *copym; 1288 1289 /* 1290 * Make a deep copy of the packet because we're going to 1291 * modify the pack in order to generate checksums. 1292 */ 1293 copym = m_dup(m, M_NOWAIT); 1294 if (copym != NULL && (copym->m_flags & M_EXT || copym->m_len < hlen)) 1295 copym = m_pullup(copym, hlen); 1296 if (copym != NULL) { 1297 /* If needed, compute the checksum and mark it as valid. */ 1298 if (copym->m_pkthdr.csum_flags & CSUM_DELAY_DATA) { 1299 in_delayed_cksum(copym); 1300 copym->m_pkthdr.csum_flags &= ~CSUM_DELAY_DATA; 1301 copym->m_pkthdr.csum_flags |= 1302 CSUM_DATA_VALID | CSUM_PSEUDO_HDR; 1303 copym->m_pkthdr.csum_data = 0xffff; 1304 } 1305 /* 1306 * We don't bother to fragment if the IP length is greater 1307 * than the interface's MTU. Can this possibly matter? 1308 */ 1309 ip = mtod(copym, struct ip *); 1310 ip->ip_sum = 0; 1311 ip->ip_sum = in_cksum(copym, hlen); 1312#if 1 /* XXX */ 1313 if (dst->sin_family != AF_INET) { 1314 printf("ip_mloopback: bad address family %d\n", 1315 dst->sin_family); 1316 dst->sin_family = AF_INET; 1317 } 1318#endif 1319 if_simloop(ifp, copym, dst->sin_family, 0); 1320 } 1321} 1322