ip_output.c source code [xnu/bsd/netinet/ip_output.c]

1	/*
2	* Copyright (c) 2000-2018 Apple Inc. All rights reserved.
3	*
4	* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5	*
6	* This file contains Original Code and/or Modifications of Original Code
7	* as defined in and that are subject to the Apple Public Source License
8	* Version 2.0 (the 'License'). You may not use this file except in
9	* compliance with the License. The rights granted to you under the License
10	* may not be used to create, or enable the creation or redistribution of,
11	* unlawful or unlicensed copies of an Apple operating system, or to
12	* circumvent, violate, or enable the circumvention or violation of, any
13	* terms of an Apple operating system software license agreement.
14	*
15	* Please obtain a copy of the License at
16	* http://www.opensource.apple.com/apsl/ and read it before using this file.
17	*
18	* The Original Code and all software distributed under the License are
19	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23	* Please see the License for the specific language governing rights and
24	* limitations under the License.
25	*
26	* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27	*/
28	/*
29	* Copyright (c) 1982, 1986, 1988, 1990, 1993
30	* The Regents of the University of California. All rights reserved.
31	*
32	* Redistribution and use in source and binary forms, with or without
33	* modification, are permitted provided that the following conditions
34	* are met:
35	* 1. Redistributions of source code must retain the above copyright
36	* notice, this list of conditions and the following disclaimer.
37	* 2. Redistributions in binary form must reproduce the above copyright
38	* notice, this list of conditions and the following disclaimer in the
39	* documentation and/or other materials provided with the distribution.
40	* 3. All advertising materials mentioning features or use of this software
41	* must display the following acknowledgement:
42	* This product includes software developed by the University of
43	* California, Berkeley and its contributors.
44	* 4. Neither the name of the University nor the names of its contributors
45	* may be used to endorse or promote products derived from this software
46	* without specific prior written permission.
47	*
48	* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
49	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
50	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
51	* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
52	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
55	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
56	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
57	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58	* SUCH DAMAGE.
59	*
60	* @(#)ip_output.c 8.3 (Berkeley) 1/21/94
61	*/
62	/*
63	* NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
64	* support for mandatory and extensible security protections. This notice
65	* is included in support of clause 2.2 (b) of the Apple Public License,
66	* Version 2.0.
67	*/
68
69	#define _IP_VHL
70
71	#include <sys/param.h>
72	#include <sys/systm.h>
73	#include <sys/kernel.h>
74	#include <sys/malloc.h>
75	#include <sys/mbuf.h>
76	#include <sys/protosw.h>
77	#include <sys/socket.h>
78	#include <sys/socketvar.h>
79	#include <kern/locks.h>
80	#include <sys/sysctl.h>
81	#include <sys/mcache.h>
82	#include <sys/kdebug.h>
83
84	#include <machine/endian.h>
85	#include <pexpert/pexpert.h>
86	#include <mach/sdt.h>
87
88	#include <libkern/OSAtomic.h>
89	#include <libkern/OSByteOrder.h>
90
91	#include <net/if.h>
92	#include <net/if_dl.h>
93	#include <net/if_types.h>
94	#include <net/route.h>
95	#include <net/ntstat.h>
96	#include <net/net_osdep.h>
97	#include <net/dlil.h>
98	#include <net/net_perf.h>
99
100	#include <netinet/in.h>
101	#include <netinet/in_systm.h>
102	#include <netinet/ip.h>
103	#include <netinet/in_pcb.h>
104	#include <netinet/in_var.h>
105	#include <netinet/ip_var.h>
106	#include <netinet/kpi_ipfilter_var.h>
107	#include <netinet/in_tclass.h>
108	#include <netinet/udp.h>
109
110	#include <netinet6/nd6.h>
111
112	#if CONFIG_MACF_NET
113	#include <security/mac_framework.h>
114	#endif /* CONFIG_MACF_NET */
115
116	#define DBG_LAYER_BEG NETDBG_CODE(DBG_NETIP, 1)
117	#define DBG_LAYER_END NETDBG_CODE(DBG_NETIP, 3)
118	#define DBG_FNC_IP_OUTPUT NETDBG_CODE(DBG_NETIP, (1 << 8) \| 1)
119	#define DBG_FNC_IPSEC4_OUTPUT NETDBG_CODE(DBG_NETIP, (2 << 8) \| 1)
120
121	#if IPSEC
122	#include <netinet6/ipsec.h>
123	#include <netkey/key.h>
124	#if IPSEC_DEBUG
125	#include <netkey/key_debug.h>
126	#else
127	#define KEYDEBUG(lev, arg)
128	#endif
129	#endif /* IPSEC */
130
131	#if NECP
132	#include <net/necp.h>
133	#endif /* NECP */
134
135	#if IPFIREWALL
136	#include <netinet/ip_fw.h>
137	#if IPDIVERT
138	#include <netinet/ip_divert.h>
139	#endif /* IPDIVERT */
140	#endif /* IPFIREWALL */
141
142	#if DUMMYNET
143	#include <netinet/ip_dummynet.h>
144	#endif
145
146	#if PF
147	#include <net/pfvar.h>
148	#endif /* PF */
149
150	#if IPFIREWALL_FORWARD && IPFIREWALL_FORWARD_DEBUG
151	#define print_ip(a) \
152	printf("%ld.%ld.%ld.%ld", (ntohl(a.s_addr) >> 24) & 0xFF, \
153	(ntohl(a.s_addr) >> 16) & 0xFF, \
154	(ntohl(a.s_addr) >> 8) & 0xFF, \
155	(ntohl(a.s_addr)) & 0xFF);
156	#endif /* IPFIREWALL_FORWARD && IPFIREWALL_FORWARD_DEBUG */
157
158	u_short ip_id;
159
160	static int sysctl_reset_ip_output_stats SYSCTL_HANDLER_ARGS;
161	static int sysctl_ip_output_measure_bins SYSCTL_HANDLER_ARGS;
162	static int sysctl_ip_output_getperf SYSCTL_HANDLER_ARGS;
163	static void ip_out_cksum_stats(int, u_int32_t);
164	static struct mbuf ip_insertoptions(struct* mbuf , struct* mbuf , int* *);
165	static int ip_optcopy(struct ip , struct* ip *);
166	static int ip_pcbopts(int, struct mbuf , struct** mbuf *);
167	static void imo_trace(struct ip_moptions , int*);
168	static void ip_mloopback(struct ifnet , struct* ifnet , struct* mbuf *,
169	struct sockaddr_in , int*);
170	static struct ifaddr in_selectsrcif(struct* ip , struct* route , unsigned* int);
171
172	extern struct ip_linklocal_stat ip_linklocal_stat;
173
174	/ temporary: for testing /
175	#if IPSEC
176	extern int ipsec_bypass;
177	#endif
178
179	static int ip_maxchainsent = `0`;
180	SYSCTL_INT(_net_inet_ip, OID_AUTO, maxchainsent,
181	CTLFLAG_RW \| CTLFLAG_LOCKED, &ip_maxchainsent, `0`,
182	"use dlil_output_list");
183	#if DEBUG
184	static int forge_ce = `0`;
185	SYSCTL_INT(_net_inet_ip, OID_AUTO, forge_ce,
186	CTLFLAG_RW \| CTLFLAG_LOCKED, &forge_ce, `0`,
187	"Forge ECN CE");
188	#endif /* DEBUG */
189
190	static int ip_select_srcif_debug = `0`;
191	SYSCTL_INT(_net_inet_ip, OID_AUTO, select_srcif_debug,
192	CTLFLAG_RW \| CTLFLAG_LOCKED, &ip_select_srcif_debug, `0`,
193	"log source interface selection debug info");
194
195	static int ip_output_measure = `0`;
196	SYSCTL_PROC(_net_inet_ip, OID_AUTO, output_perf,
197	CTLTYPE_INT \| CTLFLAG_RW \| CTLFLAG_LOCKED,
198	&ip_output_measure, `0`, sysctl_reset_ip_output_stats, "I",
199	"Do time measurement");
200
201	static uint64_t ip_output_measure_bins = `0`;
202	SYSCTL_PROC(_net_inet_ip, OID_AUTO, output_perf_bins,
203	CTLTYPE_QUAD \| CTLFLAG_RW \| CTLFLAG_LOCKED, &ip_output_measure_bins, `0`,
204	sysctl_ip_output_measure_bins, "I",
205	"bins for chaining performance data histogram");
206
207	static net_perf_t net_perf;
208	SYSCTL_PROC(_net_inet_ip, OID_AUTO, output_perf_data,
209	CTLTYPE_STRUCT \| CTLFLAG_RD \| CTLFLAG_LOCKED,
210	`0`, `0`, sysctl_ip_output_getperf, "S,net_perf",
211	"IP output performance data (struct net_perf, net/net_perf.h)");
212
213	__private_extern__ int rfc6864 = `1`;
214	SYSCTL_INT(_net_inet_ip, OID_AUTO, rfc6864, CTLFLAG_RW \| CTLFLAG_LOCKED,
215	&rfc6864, `0`, "updated ip id field behavior");
216
217	#define IMO_TRACE_HIST_SIZE 32 /* size of trace history */
218
219	/ For gdb /
220	__private_extern__ unsigned int imo_trace_hist_size = IMO_TRACE_HIST_SIZE;
221
222	struct ip_moptions_dbg {
223	struct ip_moptions imo; / ip_moptions /
224	u_int16_t imo_refhold_cnt; / # of IMO_ADDREF /
225	u_int16_t imo_refrele_cnt; / # of IMO_REMREF /
226	/*
227	* Alloc and free callers.
228	*/
229	ctrace_t imo_alloc;
230	ctrace_t imo_free;
231	/*
232	* Circular lists of IMO_ADDREF and IMO_REMREF callers.
233	*/
234	ctrace_t imo_refhold[IMO_TRACE_HIST_SIZE];
235	ctrace_t imo_refrele[IMO_TRACE_HIST_SIZE];
236	};
237
238	#if DEBUG
239	static unsigned int imo_debug = `1`; / debugging (enabled) /
240	#else
241	static unsigned int imo_debug; / debugging (disabled) /
242	#endif /* !DEBUG */
243	static unsigned int imo_size; / size of zone element /
244	static struct zone imo_zone; /* zone for ip_moptions /
245
246	#define IMO_ZONE_MAX 64 /* maximum elements in zone */
247	#define IMO_ZONE_NAME "ip_moptions" /* zone name */
248
249	/*
250	* IP output. The packet in mbuf chain m contains a skeletal IP
251	* header (with len, off, ttl, proto, tos, src, dst).
252	* The mbuf chain containing the packet will be freed.
253	* The mbuf opt, if present, will not be freed.
254	*/
255	int
256	ip_output(struct mbuf m0, struct* mbuf opt, struct* route ro, int* flags,
257	struct ip_moptions imo, struct* ip_out_args *ipoa)
258	{
259	return (ip_output_list(m0, `0`, opt, ro, flags, imo, ipoa));
260	}
261
262	/*
263	* IP output. The packet in mbuf chain m contains a skeletal IP
264	* header (with len, off, ttl, proto, tos, src, dst).
265	* The mbuf chain containing the packet will be freed.
266	* The mbuf opt, if present, will not be freed.
267	*
268	* Route ro MUST be non-NULL; if ro->ro_rt is valid, route lookup would be
269	* skipped and ro->ro_rt would be used. Otherwise the result of route
270	* lookup is stored in ro->ro_rt.
271	*
272	* In the IP forwarding case, the packet will arrive with options already
273	* inserted, so must have a NULL opt pointer.
274	*/
275	int
276	ip_output_list(struct mbuf m0, int* packetchain, struct mbuf *opt,
277	struct route ro, int* flags, struct ip_moptions *imo,
278	struct ip_out_args *ipoa)
279	{
280	struct ip *ip;
281	struct ifnet ifp = NULL; /* not refcnt'd /
282	struct mbuf m = m0, prevnxt = NULL, **mppn = &prevnxt;
283	int hlen = sizeof (struct ip);
284	int len = `0`, error = `0`;
285	struct sockaddr_in *dst = NULL;
286	struct in_ifaddr ia = NULL, src_ia = NULL;
287	struct in_addr pkt_dst;
288	struct ipf_pktopts *ippo = NULL;
289	ipfilter_t inject_filter_ref = NULL;
290	struct mbuf *packetlist;
291	uint32_t sw_csum, pktcnt = `0`, scnt = `0`, bytecnt = `0`;
292	uint32_t packets_processed = `0`;
293	unsigned int ifscope = IFSCOPE_NONE;
294	struct flowadv *adv = NULL;
295	struct timeval start_tv;
296	#if IPSEC
297	struct socket *so = NULL;
298	struct secpolicy *sp = NULL;
299	#endif /* IPSEC */
300	#if NECP
301	necp_kernel_policy_result necp_result = `0`;
302	necp_kernel_policy_result_parameter necp_result_parameter;
303	necp_kernel_policy_id necp_matched_policy_id = `0`;
304	#endif /* NECP */
305	#if IPFIREWALL
306	int ipfwoff;
307	struct sockaddr_in *next_hop_from_ipfwd_tag = NULL;
308	#endif /* IPFIREWALL */
309	#if IPFIREWALL \|\| DUMMYNET
310	struct m_tag *tag;
311	#endif /* IPFIREWALL \|\| DUMMYNET */
312	#if DUMMYNET
313	struct ip_out_args saved_ipoa;
314	struct sockaddr_in dst_buf;
315	#endif /* DUMMYNET */
316	struct {
317	#if IPSEC
318	struct ipsec_output_state ipsec_state;
319	#endif /* IPSEC */
320	#if NECP
321	struct route necp_route;
322	#endif /* NECP */
323	#if IPFIREWALL \|\| DUMMYNET
324	struct ip_fw_args args;
325	#endif /* IPFIREWALL \|\| DUMMYNET */
326	#if IPFIREWALL_FORWARD
327	struct route sro_fwd;
328	#endif /* IPFIREWALL_FORWARD */
329	#if DUMMYNET
330	struct route saved_route;
331	#endif /* DUMMYNET */
332	struct ipf_pktopts ipf_pktopts;
333	} ipobz;
334	#define ipsec_state ipobz.ipsec_state
335	#define necp_route ipobz.necp_route
336	#define args ipobz.args
337	#define sro_fwd ipobz.sro_fwd
338	#define saved_route ipobz.saved_route
339	#define ipf_pktopts ipobz.ipf_pktopts
340	union {
341	struct {
342	boolean_t select_srcif : `1`; / set once /
343	boolean_t srcbound : `1`; / set once /
344	boolean_t nocell : `1`; / set once /
345	boolean_t isbroadcast : `1`;
346	boolean_t didfilter : `1`;
347	boolean_t noexpensive : `1`; / set once /
348	boolean_t awdl_unrestricted : `1`; / set once /
349	#if IPFIREWALL_FORWARD
350	boolean_t fwd_rewrite_src : `1`;
351	#endif /* IPFIREWALL_FORWARD */
352	};
353	uint32_t raw;
354	} ipobf = { .raw = `0` };
355
356	int interface_mtu = `0`;
357
358	/*
359	* Here we check for restrictions when sending frames.
360	* N.B.: IPv4 over internal co-processor interfaces is not allowed.
361	*/
362	#define IP_CHECK_RESTRICTIONS(_ifp, _ipobf) \
363	(((_ipobf).nocell && IFNET_IS_CELLULAR(_ifp)) \|\| \
364	((_ipobf).noexpensive && IFNET_IS_EXPENSIVE(_ifp)) \|\| \
365	(IFNET_IS_INTCOPROC(_ifp)) \|\| \
366	(!(_ipobf).awdl_unrestricted && IFNET_IS_AWDL_RESTRICTED(_ifp)))
367
368	if (ip_output_measure)
369	net_perf_start_time(&net_perf, &start_tv);
370	KERNEL_DEBUG(DBG_FNC_IP_OUTPUT \| DBG_FUNC_START, `0`, `0`, `0`, `0`, `0`);
371
372	VERIFY(m0->m_flags & M_PKTHDR);
373	packetlist = m0;
374
375	/ zero out {ipsec_state, args, sro_fwd, saved_route, ipf_pktops} /
376	bzero(&ipobz, sizeof (ipobz));
377	ippo = &ipf_pktopts;
378
379	#if IPFIREWALL \|\| DUMMYNET
380	if (SLIST_EMPTY(&m0->m_pkthdr.tags))
381	goto ipfw_tags_done;
382
383	/ Grab info from mtags prepended to the chain /
384	#if DUMMYNET
385	if ((tag = m_tag_locate(m0, KERNEL_MODULE_TAG_ID,
386	KERNEL_TAG_TYPE_DUMMYNET, NULL)) != NULL) {
387	struct dn_pkt_tag *dn_tag;
388
389	dn_tag = (struct dn_pkt_tag *)(tag+`1`);
390	args.fwa_ipfw_rule = dn_tag->dn_ipfw_rule;
391	args.fwa_pf_rule = dn_tag->dn_pf_rule;
392	opt = NULL;
393	saved_route = dn_tag->dn_ro;
394	ro = &saved_route;
395
396	imo = NULL;
397	bcopy(&dn_tag->dn_dst, &dst_buf, sizeof (dst_buf));
398	dst = &dst_buf;
399	ifp = dn_tag->dn_ifp;
400	flags = dn_tag->dn_flags;
401	if ((dn_tag->dn_flags & IP_OUTARGS)) {
402	saved_ipoa = dn_tag->dn_ipoa;
403	ipoa = &saved_ipoa;
404	}
405
406	m_tag_delete(m0, tag);
407	}
408	#endif /* DUMMYNET */
409
410	#if IPDIVERT
411	if ((tag = m_tag_locate(m0, KERNEL_MODULE_TAG_ID,
412	KERNEL_TAG_TYPE_DIVERT, NULL)) != NULL) {
413	struct divert_tag *div_tag;
414
415	div_tag = (struct divert_tag *)(tag+`1`);
416	args.fwa_divert_rule = div_tag->cookie;
417
418	m_tag_delete(m0, tag);
419	}
420	#endif /* IPDIVERT */
421
422	#if IPFIREWALL
423	if ((tag = m_tag_locate(m0, KERNEL_MODULE_TAG_ID,
424	KERNEL_TAG_TYPE_IPFORWARD, NULL)) != NULL) {
425	struct ip_fwd_tag *ipfwd_tag;
426
427	ipfwd_tag = (struct ip_fwd_tag *)(tag+`1`);
428	next_hop_from_ipfwd_tag = ipfwd_tag->next_hop;
429
430	m_tag_delete(m0, tag);
431	}
432	#endif /* IPFIREWALL */
433
434	ipfw_tags_done:
435	#endif /* IPFIREWALL \|\| DUMMYNET */
436
437	m = m0;
438	m->m_pkthdr.pkt_flags &= ~(PKTF_LOOP\|PKTF_IFAINFO);
439
440	#if IPSEC
441	if (ipsec_bypass == `0` && !(flags & IP_NOIPSEC)) {
442	/ If packet is bound to an interface, check bound policies /
443	if ((flags & IP_OUTARGS) && (ipoa != NULL) &&
444	(ipoa->ipoa_flags & IPOAF_BOUND_IF) &&
445	ipoa->ipoa_boundif != IFSCOPE_NONE) {
446	if (ipsec4_getpolicybyinterface(m, IPSEC_DIR_OUTBOUND,
447	&flags, ipoa, &sp) != `0`)
448	goto bad;
449	}
450	}
451	#endif /* IPSEC */
452
453	VERIFY(ro != NULL);
454
455	if (flags & IP_OUTARGS) {
456	/*
457	* In the forwarding case, only the ifscope value is used,
458	* as source interface selection doesn't take place.
459	*/
460	if ((ipobf.select_srcif = (!(flags & IP_FORWARDING) &&
461	(ipoa->ipoa_flags & IPOAF_SELECT_SRCIF)))) {
462	ipf_pktopts.ippo_flags \|= IPPOF_SELECT_SRCIF;
463	}
464
465	if ((ipoa->ipoa_flags & IPOAF_BOUND_IF) &&
466	ipoa->ipoa_boundif != IFSCOPE_NONE) {
467	ifscope = ipoa->ipoa_boundif;
468	ipf_pktopts.ippo_flags \|=
469	(IPPOF_BOUND_IF \| (ifscope << IPPOF_SHIFT_IFSCOPE));
470	}
471
472	/ double negation needed for bool bit field /
473	ipobf.srcbound = !!(ipoa->ipoa_flags & IPOAF_BOUND_SRCADDR);
474	if (ipobf.srcbound)
475	ipf_pktopts.ippo_flags \|= IPPOF_BOUND_SRCADDR;
476	} else {
477	ipobf.select_srcif = FALSE;
478	ipobf.srcbound = FALSE;
479	ifscope = IFSCOPE_NONE;
480	if (flags & IP_OUTARGS) {
481	ipoa->ipoa_boundif = IFSCOPE_NONE;
482	ipoa->ipoa_flags &= ~(IPOAF_SELECT_SRCIF \|
483	IPOAF_BOUND_IF \| IPOAF_BOUND_SRCADDR);
484	}
485	}
486
487	if (flags & IP_OUTARGS) {
488	if (ipoa->ipoa_flags & IPOAF_NO_CELLULAR) {
489	ipobf.nocell = TRUE;
490	ipf_pktopts.ippo_flags \|= IPPOF_NO_IFT_CELLULAR;
491	}
492	if (ipoa->ipoa_flags & IPOAF_NO_EXPENSIVE) {
493	ipobf.noexpensive = TRUE;
494	ipf_pktopts.ippo_flags \|= IPPOF_NO_IFF_EXPENSIVE;
495	}
496	if (ipoa->ipoa_flags & IPOAF_AWDL_UNRESTRICTED)
497	ipobf.awdl_unrestricted = TRUE;
498	adv = &ipoa->ipoa_flowadv;
499	adv->code = FADV_SUCCESS;
500	ipoa->ipoa_retflags = `0`;
501	}
502
503	#if IPSEC
504	if (ipsec_bypass == `0` && !(flags & IP_NOIPSEC)) {
505	so = ipsec_getsocket(m);
506	if (so != NULL) {
507	(void) ipsec_setsocket(m, NULL);
508	}
509	}
510	#endif /* IPSEC */
511
512	#if DUMMYNET
513	if (args.fwa_ipfw_rule != NULL \|\| args.fwa_pf_rule != NULL) {
514	/ dummynet already saw us /
515	ip = mtod(m, struct ip *);
516	hlen = IP_VHL_HL(ip->ip_vhl) << `2`;
517	pkt_dst = ip->ip_dst;
518	if (ro->ro_rt != NULL) {
519	RT_LOCK_SPIN(ro->ro_rt);
520	ia = (struct in_ifaddr *)ro->ro_rt->rt_ifa;
521	if (ia) {
522	/ Become a regular mutex /
523	RT_CONVERT_LOCK(ro->ro_rt);
524	IFA_ADDREF(&ia->ia_ifa);
525	}
526	RT_UNLOCK(ro->ro_rt);
527	}
528
529	#if IPFIREWALL
530	if (args.fwa_ipfw_rule != NULL)
531	goto skip_ipsec;
532	#endif /* IPFIREWALL */
533	if (args.fwa_pf_rule != NULL)
534	goto sendit;
535	}
536	#endif /* DUMMYNET */
537
538	loopit:
539	packets_processed++;
540	ipobf.isbroadcast = FALSE;
541	ipobf.didfilter = FALSE;
542	#if IPFIREWALL_FORWARD
543	ipobf.fwd_rewrite_src = FALSE;
544	#endif /* IPFIREWALL_FORWARD */
545
546	VERIFY(m->m_flags & M_PKTHDR);
547	/*
548	* No need to proccess packet twice if we've already seen it.
549	*/
550	if (!SLIST_EMPTY(&m->m_pkthdr.tags))
551	inject_filter_ref = ipf_get_inject_filter(m);
552	else
553	inject_filter_ref = NULL;
554
555	if (opt) {
556	m = ip_insertoptions(m, opt, &len);
557	hlen = len;
558	/ Update the chain /
559	if (m != m0) {
560	if (m0 == packetlist)
561	packetlist = m;
562	m0 = m;
563	}
564	}
565	ip = mtod(m, struct ip *);
566
567	#if IPFIREWALL
568	/*
569	* rdar://8542331
570	*
571	* When dealing with a packet chain, we need to reset "next_hop"
572	* because "dst" may have been changed to the gateway address below
573	* for the previous packet of the chain. This could cause the route
574	* to be inavertandly changed to the route to the gateway address
575	* (instead of the route to the destination).
576	*/
577	args.fwa_next_hop = next_hop_from_ipfwd_tag;
578	pkt_dst = args.fwa_next_hop ? args.fwa_next_hop->sin_addr : ip->ip_dst;
579	#else /* !IPFIREWALL */
580	pkt_dst = ip->ip_dst;
581	#endif /* !IPFIREWALL */
582
583	/*
584	* We must not send if the packet is destined to network zero.
585	* RFC1122 3.2.1.3 (a) and (b).
586	*/
587	if (IN_ZERONET(ntohl(pkt_dst.s_addr))) {
588	error = EHOSTUNREACH;
589	goto bad;
590	}
591
592	/*
593	* Fill in IP header.
594	*/
595	if (!(flags & (IP_FORWARDING\|IP_RAWOUTPUT))) {
596	ip->ip_vhl = IP_MAKE_VHL(IPVERSION, hlen >> `2`);
597	ip->ip_off &= IP_DF;
598	if (rfc6864 && IP_OFF_IS_ATOMIC(ip->ip_off)) {
599	// Per RFC6864, value of ip_id is undefined for atomic ip packets
600	ip->ip_id = `0`;
601	} else {
602	ip->ip_id = ip_randomid();
603	}
604	OSAddAtomic(`1`, &ipstat.ips_localout);
605	} else {
606	hlen = IP_VHL_HL(ip->ip_vhl) << `2`;
607	}
608
609	#if DEBUG
610	/ For debugging, we let the stack forge congestion /
611	if (forge_ce != `0` &&
612	((ip->ip_tos & IPTOS_ECN_MASK) == IPTOS_ECN_ECT1 \|\|
613	(ip->ip_tos & IPTOS_ECN_MASK) == IPTOS_ECN_ECT0)) {
614	ip->ip_tos = (ip->ip_tos & ~IPTOS_ECN_MASK) \| IPTOS_ECN_CE;
615	forge_ce--;
616	}
617	#endif /* DEBUG */
618
619	KERNEL_DEBUG(DBG_LAYER_BEG, ip->ip_dst.s_addr, ip->ip_src.s_addr,
620	ip->ip_p, ip->ip_off, ip->ip_len);
621
622	dst = SIN(&ro->ro_dst);
623
624	/*
625	* If there is a cached route,
626	* check that it is to the same destination
627	* and is still up. If not, free it and try again.
628	* The address family should also be checked in case of sharing the
629	* cache with IPv6.
630	*/
631
632	if (ro->ro_rt != NULL) {
633	if (ROUTE_UNUSABLE(ro) && ip->ip_src.s_addr != INADDR_ANY &&
634	!(flags & (IP_ROUTETOIF \| IP_FORWARDING))) {
635	src_ia = ifa_foraddr(ip->ip_src.s_addr);
636	if (src_ia == NULL) {
637	error = EADDRNOTAVAIL;
638	goto bad;
639	}
640	IFA_REMREF(&src_ia->ia_ifa);
641	src_ia = NULL;
642	}
643	/*
644	* Test rt_flags without holding rt_lock for performance
645	* reasons; if the route is down it will hopefully be
646	* caught by the layer below (since it uses this route
647	* as a hint) or during the next transmit.
648	*/
649	if (ROUTE_UNUSABLE(ro) \|\| dst->sin_family != AF_INET \|\|
650	dst->sin_addr.s_addr != pkt_dst.s_addr)
651	ROUTE_RELEASE(ro);
652
653	/*
654	* If we're doing source interface selection, we may not
655	* want to use this route; only synch up the generation
656	* count otherwise.
657	*/
658	if (!ipobf.select_srcif && ro->ro_rt != NULL &&
659	RT_GENID_OUTOFSYNC(ro->ro_rt))
660	RT_GENID_SYNC(ro->ro_rt);
661	}
662	if (ro->ro_rt == NULL) {
663	bzero(dst, sizeof (*dst));
664	dst->sin_family = AF_INET;
665	dst->sin_len = sizeof (*dst);
666	dst->sin_addr = pkt_dst;
667	}
668	/*
669	* If routing to interface only,
670	* short circuit routing lookup.
671	*/
672	if (flags & IP_ROUTETOIF) {
673	if (ia != NULL)
674	IFA_REMREF(&ia->ia_ifa);
675	if ((ia = ifatoia(ifa_ifwithdstaddr(sintosa(dst)))) == NULL) {
676	ia = ifatoia(ifa_ifwithnet(sintosa(dst)));
677	if (ia == NULL) {
678	OSAddAtomic(`1`, &ipstat.ips_noroute);
679	error = ENETUNREACH;
680	/ XXX IPv6 APN fallback notification?? /
681	goto bad;
682	}
683	}
684	ifp = ia->ia_ifp;
685	ip->ip_ttl = `1`;
686	ipobf.isbroadcast = in_broadcast(dst->sin_addr, ifp);
687	/*
688	* For consistency with other cases below. Loopback
689	* multicast case is handled separately by ip_mloopback().
690	*/
691	if ((ifp->if_flags & IFF_LOOPBACK) &&
692	!IN_MULTICAST(ntohl(pkt_dst.s_addr))) {
693	m->m_pkthdr.rcvif = ifp;
694	ip_setsrcifaddr_info(m, ifp->if_index, NULL);
695	ip_setdstifaddr_info(m, ifp->if_index, NULL);
696	}
697	} else if (IN_MULTICAST(ntohl(pkt_dst.s_addr)) &&
698	imo != NULL && (ifp = imo->imo_multicast_ifp) != NULL) {
699	/*
700	* Bypass the normal routing lookup for multicast
701	* packets if the interface is specified.
702	*/
703	ipobf.isbroadcast = FALSE;
704	if (ia != NULL)
705	IFA_REMREF(&ia->ia_ifa);
706
707	/ Macro takes reference on ia /
708	IFP_TO_IA(ifp, ia);
709	} else {
710	struct ifaddr *ia0 = NULL;
711	boolean_t cloneok = FALSE;
712	/*
713	* Perform source interface selection; the source IP address
714	* must belong to one of the addresses of the interface used
715	* by the route. For performance reasons, do this only if
716	* there is no route, or if the routing table has changed,
717	* or if we haven't done source interface selection on this
718	* route (for this PCB instance) before.
719	*/
720	if (ipobf.select_srcif &&
721	ip->ip_src.s_addr != INADDR_ANY && (ROUTE_UNUSABLE(ro) \|\|
722	!(ro->ro_flags & ROF_SRCIF_SELECTED))) {
723	/ Find the source interface /
724	ia0 = in_selectsrcif(ip, ro, ifscope);
725
726	/*
727	* If the source address belongs to a restricted
728	* interface and the caller forbids our using
729	* interfaces of such type, pretend that there is no
730	* route.
731	*/
732	if (ia0 != NULL &&
733	IP_CHECK_RESTRICTIONS(ia0->ifa_ifp, ipobf)) {
734	IFA_REMREF(ia0);
735	ia0 = NULL;
736	error = EHOSTUNREACH;
737	if (flags & IP_OUTARGS)
738	ipoa->ipoa_retflags \|= IPOARF_IFDENIED;
739	goto bad;
740	}
741
742	/*
743	* If the source address is spoofed (in the case of
744	* IP_RAWOUTPUT on an unbounded socket), or if this
745	* is destined for local/loopback, just let it go out
746	* using the interface of the route. Otherwise,
747	* there's no interface having such an address,
748	* so bail out.
749	*/
750	if (ia0 == NULL && (!(flags & IP_RAWOUTPUT) \|\|
751	ipobf.srcbound) && ifscope != lo_ifp->if_index) {
752	error = EADDRNOTAVAIL;
753	goto bad;
754	}
755
756	/*
757	* If the caller didn't explicitly specify the scope,
758	* pick it up from the source interface. If the cached
759	* route was wrong and was blown away as part of source
760	* interface selection, don't mask out RTF_PRCLONING
761	* since that route may have been allocated by the ULP,
762	* unless the IP header was created by the caller or
763	* the destination is IPv4 LLA. The check for the
764	* latter is needed because IPv4 LLAs are never scoped
765	* in the current implementation, and we don't want to
766	* replace the resolved IPv4 LLA route with one whose
767	* gateway points to that of the default gateway on
768	* the primary interface of the system.
769	*/
770	if (ia0 != NULL) {
771	if (ifscope == IFSCOPE_NONE)
772	ifscope = ia0->ifa_ifp->if_index;
773	cloneok = (!(flags & IP_RAWOUTPUT) &&
774	!(IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr))));
775	}
776	}
777
778	/*
779	* If this is the case, we probably don't want to allocate
780	* a protocol-cloned route since we didn't get one from the
781	* ULP. This lets TCP do its thing, while not burdening
782	* forwarding or ICMP with the overhead of cloning a route.
783	* Of course, we still want to do any cloning requested by
784	* the link layer, as this is probably required in all cases
785	* for correct operation (as it is for ARP).
786	*/
787	if (ro->ro_rt == NULL) {
788	unsigned long ign = RTF_PRCLONING;
789	/*
790	* We make an exception here: if the destination
791	* address is INADDR_BROADCAST, allocate a protocol-
792	* cloned host route so that we end up with a route
793	* marked with the RTF_BROADCAST flag. Otherwise,
794	* we would end up referring to the default route,
795	* instead of creating a cloned host route entry.
796	* That would introduce inconsistencies between ULPs
797	* that allocate a route and those that don't. The
798	* RTF_BROADCAST route is important since we'd want
799	* to send out undirected IP broadcast packets using
800	* link-level broadcast address. Another exception
801	* is for ULP-created routes that got blown away by
802	* source interface selection (see above).
803	*
804	* These exceptions will no longer be necessary when
805	* the RTF_PRCLONING scheme is no longer present.
806	*/
807	if (cloneok \|\| dst->sin_addr.s_addr == INADDR_BROADCAST)
808	ign &= ~RTF_PRCLONING;
809
810	/*
811	* Loosen the route lookup criteria if the ifscope
812	* corresponds to the loopback interface; this is
813	* needed to support Application Layer Gateways
814	* listening on loopback, in conjunction with packet
815	* filter redirection rules. The final source IP
816	* address will be rewritten by the packet filter
817	* prior to the RFC1122 loopback check below.
818	*/
819	if (ifscope == lo_ifp->if_index)
820	rtalloc_ign(ro, ign);
821	else
822	rtalloc_scoped_ign(ro, ign, ifscope);
823
824	/*
825	* If the route points to a cellular/expensive interface
826	* and the caller forbids our using interfaces of such type,
827	* pretend that there is no route.
828	*/
829	if (ro->ro_rt != NULL) {
830	RT_LOCK_SPIN(ro->ro_rt);
831	if (IP_CHECK_RESTRICTIONS(ro->ro_rt->rt_ifp,
832	ipobf)) {
833	RT_UNLOCK(ro->ro_rt);
834	ROUTE_RELEASE(ro);
835	if (flags & IP_OUTARGS) {
836	ipoa->ipoa_retflags \|=
837	IPOARF_IFDENIED;
838	}
839	} else {
840	RT_UNLOCK(ro->ro_rt);
841	}
842	}
843	}
844
845	if (ro->ro_rt == NULL) {
846	OSAddAtomic(`1`, &ipstat.ips_noroute);
847	error = EHOSTUNREACH;
848	if (ia0 != NULL) {
849	IFA_REMREF(ia0);
850	ia0 = NULL;
851	}
852	goto bad;
853	}
854
855	if (ia != NULL)
856	IFA_REMREF(&ia->ia_ifa);
857	RT_LOCK_SPIN(ro->ro_rt);
858	ia = ifatoia(ro->ro_rt->rt_ifa);
859	if (ia != NULL) {
860	/ Become a regular mutex /
861	RT_CONVERT_LOCK(ro->ro_rt);
862	IFA_ADDREF(&ia->ia_ifa);
863	}
864	/*
865	* Note: ia_ifp may not be the same as rt_ifp; the latter
866	* is what we use for determining outbound i/f, mtu, etc.
867	*/
868	ifp = ro->ro_rt->rt_ifp;
869	ro->ro_rt->rt_use++;
870	if (ro->ro_rt->rt_flags & RTF_GATEWAY) {
871	dst = SIN(ro->ro_rt->rt_gateway);
872	}
873	if (ro->ro_rt->rt_flags & RTF_HOST) {
874	/ double negation needed for bool bit field /
875	ipobf.isbroadcast =
876	!!(ro->ro_rt->rt_flags & RTF_BROADCAST);
877	} else {
878	/ Become a regular mutex /
879	RT_CONVERT_LOCK(ro->ro_rt);
880	ipobf.isbroadcast = in_broadcast(dst->sin_addr, ifp);
881	}
882	/*
883	* For consistency with IPv6, as well as to ensure that
884	* IP_RECVIF is set correctly for packets that are sent
885	* to one of the local addresses. ia (rt_ifa) would have
886	* been fixed up by rt_setif for local routes. This
887	* would make it appear as if the packet arrives on the
888	* interface which owns the local address. Loopback
889	* multicast case is handled separately by ip_mloopback().
890	*/
891	if (ia != NULL && (ifp->if_flags & IFF_LOOPBACK) &&
892	!IN_MULTICAST(ntohl(pkt_dst.s_addr))) {
893	uint32_t srcidx;
894
895	m->m_pkthdr.rcvif = ia->ia_ifa.ifa_ifp;
896
897	if (ia0 != NULL)
898	srcidx = ia0->ifa_ifp->if_index;
899	else if ((ro->ro_flags & ROF_SRCIF_SELECTED) &&
900	ro->ro_srcia != NULL)
901	srcidx = ro->ro_srcia->ifa_ifp->if_index;
902	else
903	srcidx = `0`;
904
905	ip_setsrcifaddr_info(m, srcidx, NULL);
906	ip_setdstifaddr_info(m, `0`, ia);
907	}
908	RT_UNLOCK(ro->ro_rt);
909	if (ia0 != NULL) {
910	IFA_REMREF(ia0);
911	ia0 = NULL;
912	}
913	}
914
915	if (IN_MULTICAST(ntohl(pkt_dst.s_addr))) {
916	struct ifnet *srcifp = NULL;
917	struct in_multi *inm;
918	u_int32_t vif = `0`;
919	u_int8_t ttl = IP_DEFAULT_MULTICAST_TTL;
920	u_int8_t loop = IP_DEFAULT_MULTICAST_LOOP;
921
922	m->m_flags \|= M_MCAST;
923	/*
924	* IP destination address is multicast. Make sure "dst"
925	* still points to the address in "ro". (It may have been
926	* changed to point to a gateway address, above.)
927	*/
928	dst = SIN(&ro->ro_dst);
929	/*
930	* See if the caller provided any multicast options
931	*/
932	if (imo != NULL) {
933	IMO_LOCK(imo);
934	vif = imo->imo_multicast_vif;
935	ttl = imo->imo_multicast_ttl;
936	loop = imo->imo_multicast_loop;
937	if (!(flags & IP_RAWOUTPUT))
938	ip->ip_ttl = ttl;
939	if (imo->imo_multicast_ifp != NULL)
940	ifp = imo->imo_multicast_ifp;
941	IMO_UNLOCK(imo);
942	} else if (!(flags & IP_RAWOUTPUT)) {
943	vif = -`1`;
944	ip->ip_ttl = ttl;
945	}
946	/*
947	* Confirm that the outgoing interface supports multicast.
948	*/
949	if (imo == NULL \|\| vif == -`1`) {
950	if (!(ifp->if_flags & IFF_MULTICAST)) {
951	OSAddAtomic(`1`, &ipstat.ips_noroute);
952	error = ENETUNREACH;
953	goto bad;
954	}
955	}
956	/*
957	* If source address not specified yet, use address
958	* of outgoing interface.
959	*/
960	if (ip->ip_src.s_addr == INADDR_ANY) {
961	struct in_ifaddr *ia1;
962	lck_rw_lock_shared(in_ifaddr_rwlock);
963	TAILQ_FOREACH(ia1, &in_ifaddrhead, ia_link) {
964	IFA_LOCK_SPIN(&ia1->ia_ifa);
965	if (ia1->ia_ifp == ifp) {
966	ip->ip_src = IA_SIN(ia1)->sin_addr;
967	srcifp = ifp;
968	IFA_UNLOCK(&ia1->ia_ifa);
969	break;
970	}
971	IFA_UNLOCK(&ia1->ia_ifa);
972	}
973	lck_rw_done(in_ifaddr_rwlock);
974	if (ip->ip_src.s_addr == INADDR_ANY) {
975	error = ENETUNREACH;
976	goto bad;
977	}
978	}
979
980	in_multihead_lock_shared();
981	IN_LOOKUP_MULTI(&pkt_dst, ifp, inm);
982	in_multihead_lock_done();
983	if (inm != NULL && (imo == NULL \|\| loop)) {
984	/*
985	* If we belong to the destination multicast group
986	* on the outgoing interface, and the caller did not
987	* forbid loopback, loop back a copy.
988	*/
989	if (!TAILQ_EMPTY(&ipv4_filters)) {
990	struct ipfilter *filter;
991	int seen = (inject_filter_ref == NULL);
992
993	if (imo != NULL) {
994	ipf_pktopts.ippo_flags \|=
995	IPPOF_MCAST_OPTS;
996	ipf_pktopts.ippo_mcast_ifnet = ifp;
997	ipf_pktopts.ippo_mcast_ttl = ttl;
998	ipf_pktopts.ippo_mcast_loop = loop;
999	}
1000
1001	ipf_ref();
1002
1003	/*
1004	* 4135317 - always pass network byte
1005	* order to filter
1006	*/
1007	#if BYTE_ORDER != BIG_ENDIAN
1008	HTONS(ip->ip_len);
1009	HTONS(ip->ip_off);
1010	#endif
1011	TAILQ_FOREACH(filter, &ipv4_filters, ipf_link) {
1012	if (seen == `0`) {
1013	if ((struct ipfilter *)
1014	inject_filter_ref == filter)
1015	seen = `1`;
1016	} else if (filter->ipf_filter.
1017	ipf_output != NULL) {
1018	errno_t result;
1019	result = filter->ipf_filter.
1020	ipf_output(filter->
1021	ipf_filter.cookie,
1022	(mbuf_t *)&m, ippo);
1023	if (result == EJUSTRETURN) {
1024	ipf_unref();
1025	INM_REMREF(inm);
1026	goto done;
1027	}
1028	if (result != `0`) {
1029	ipf_unref();
1030	INM_REMREF(inm);
1031	goto bad;
1032	}
1033	}
1034	}
1035
1036	/ set back to host byte order /
1037	ip = mtod(m, struct ip *);
1038	#if BYTE_ORDER != BIG_ENDIAN
1039	NTOHS(ip->ip_len);
1040	NTOHS(ip->ip_off);
1041	#endif
1042	ipf_unref();
1043	ipobf.didfilter = TRUE;
1044	}
1045	ip_mloopback(srcifp, ifp, m, dst, hlen);
1046	}
1047	if (inm != NULL)
1048	INM_REMREF(inm);
1049	/*
1050	* Multicasts with a time-to-live of zero may be looped-
1051	* back, above, but must not be transmitted on a network.
1052	* Also, multicasts addressed to the loopback interface
1053	* are not sent -- the above call to ip_mloopback() will
1054	* loop back a copy if this host actually belongs to the
1055	* destination group on the loopback interface.
1056	*/
1057	if (ip->ip_ttl == `0` \|\| ifp->if_flags & IFF_LOOPBACK) {
1058	m_freem(m);
1059	goto done;
1060	}
1061
1062	goto sendit;
1063	}
1064	/*
1065	* If source address not specified yet, use address
1066	* of outgoing interface.
1067	*/
1068	if (ip->ip_src.s_addr == INADDR_ANY) {
1069	IFA_LOCK_SPIN(&ia->ia_ifa);
1070	ip->ip_src = IA_SIN(ia)->sin_addr;
1071	IFA_UNLOCK(&ia->ia_ifa);
1072	#if IPFIREWALL_FORWARD
1073	/*
1074	* Keep note that we did this - if the firewall changes
1075	* the next-hop, our interface may change, changing the
1076	* default source IP. It's a shame so much effort happens
1077	* twice. Oh well.
1078	*/
1079	ipobf.fwd_rewrite_src = TRUE;
1080	#endif /* IPFIREWALL_FORWARD */
1081	}
1082
1083	/*
1084	* Look for broadcast address and
1085	* and verify user is allowed to send
1086	* such a packet.
1087	*/
1088	if (ipobf.isbroadcast) {
1089	if (!(ifp->if_flags & IFF_BROADCAST)) {
1090	error = EADDRNOTAVAIL;
1091	goto bad;
1092	}
1093	if (!(flags & IP_ALLOWBROADCAST)) {
1094	error = EACCES;
1095	goto bad;
1096	}
1097	/ don't allow broadcast messages to be fragmented /
1098	if ((u_short)ip->ip_len > ifp->if_mtu) {
1099	error = EMSGSIZE;
1100	goto bad;
1101	}
1102	m->m_flags \|= M_BCAST;
1103	} else {
1104	m->m_flags &= ~M_BCAST;
1105	}
1106
1107	sendit:
1108	#if PF
1109	/ Invoke outbound packet filter /
1110	if (PF_IS_ENABLED) {
1111	int rc;
1112
1113	m0 = m; / Save for later /
1114	#if DUMMYNET
1115	args.fwa_m = m;
1116	args.fwa_next_hop = dst;
1117	args.fwa_oif = ifp;
1118	args.fwa_ro = ro;
1119	args.fwa_dst = dst;
1120	args.fwa_oflags = flags;
1121	if (flags & IP_OUTARGS)
1122	args.fwa_ipoa = ipoa;
1123	rc = pf_af_hook(ifp, mppn, &m, AF_INET, FALSE, &args);
1124	#else /* DUMMYNET */
1125	rc = pf_af_hook(ifp, mppn, &m, AF_INET, FALSE, NULL);
1126	#endif /* DUMMYNET */
1127	if (rc != `0` \|\| m == NULL) {
1128	/ Move to the next packet /
1129	m = *mppn;
1130
1131	/ Skip ahead if first packet in list got dropped /
1132	if (packetlist == m0)
1133	packetlist = m;
1134
1135	if (m != NULL) {
1136	m0 = m;
1137	/ Next packet in the chain /
1138	goto loopit;
1139	} else if (packetlist != NULL) {
1140	/ No more packet; send down the chain /
1141	goto sendchain;
1142	}
1143	/ Nothing left; we're done /
1144	goto done;
1145	}
1146	m0 = m;
1147	ip = mtod(m, struct ip *);
1148	pkt_dst = ip->ip_dst;
1149	hlen = IP_VHL_HL(ip->ip_vhl) << `2`;
1150	}
1151	#endif /* PF */
1152	/*
1153	* Force IP TTL to 255 following draft-ietf-zeroconf-ipv4-linklocal.txt
1154	*/
1155	if (IN_LINKLOCAL(ntohl(ip->ip_src.s_addr)) \|\|
1156	IN_LINKLOCAL(ntohl(ip->ip_dst.s_addr))) {
1157	ip_linklocal_stat.iplls_out_total++;
1158	if (ip->ip_ttl != MAXTTL) {
1159	ip_linklocal_stat.iplls_out_badttl++;
1160	ip->ip_ttl = MAXTTL;
1161	}
1162	}
1163
1164	if (!ipobf.didfilter && !TAILQ_EMPTY(&ipv4_filters)) {
1165	struct ipfilter *filter;
1166	int seen = (inject_filter_ref == NULL);
1167	ipf_pktopts.ippo_flags &= ~IPPOF_MCAST_OPTS;
1168
1169	/*
1170	* Check that a TSO frame isn't passed to a filter.
1171	* This could happen if a filter is inserted while
1172	* TCP is sending the TSO packet.
1173	*/
1174	if (m->m_pkthdr.csum_flags & CSUM_TSO_IPV4) {
1175	error = EMSGSIZE;
1176	goto bad;
1177	}
1178
1179	ipf_ref();
1180
1181	/ 4135317 - always pass network byte order to filter /
1182	#if BYTE_ORDER != BIG_ENDIAN
1183	HTONS(ip->ip_len);
1184	HTONS(ip->ip_off);
1185	#endif
1186	TAILQ_FOREACH(filter, &ipv4_filters, ipf_link) {
1187	if (seen == `0`) {
1188	if ((struct ipfilter *)inject_filter_ref ==
1189	filter)
1190	seen = `1`;
1191	} else if (filter->ipf_filter.ipf_output) {
1192	errno_t result;
1193	result = filter->ipf_filter.
1194	ipf_output(filter->ipf_filter.cookie,
1195	(mbuf_t *)&m, ippo);
1196	if (result == EJUSTRETURN) {
1197	ipf_unref();
1198	goto done;
1199	}
1200	if (result != `0`) {
1201	ipf_unref();
1202	goto bad;
1203	}
1204	}
1205	}
1206	/ set back to host byte order /
1207	ip = mtod(m, struct ip *);
1208	#if BYTE_ORDER != BIG_ENDIAN
1209	NTOHS(ip->ip_len);
1210	NTOHS(ip->ip_off);
1211	#endif
1212	ipf_unref();
1213	}
1214
1215	#if NECP
1216	/ Process Network Extension Policy. Will Pass, Drop, or Rebind packet. /
1217	necp_matched_policy_id = necp_ip_output_find_policy_match (m,
1218	flags, (flags & IP_OUTARGS) ? ipoa : NULL, &necp_result, &necp_result_parameter);
1219	if (necp_matched_policy_id) {
1220	necp_mark_packet_from_ip(m, necp_matched_policy_id);
1221	switch (necp_result) {
1222	case NECP_KERNEL_POLICY_RESULT_PASS:
1223	/ Check if the interface is allowed /
1224	if (!necp_packet_is_allowed_over_interface(m, ifp)) {
1225	error = EHOSTUNREACH;
1226	OSAddAtomic(`1`, &ipstat.ips_necp_policy_drop);
1227	goto bad;
1228	}
1229	goto skip_ipsec;
1230	case NECP_KERNEL_POLICY_RESULT_DROP:
1231	case NECP_KERNEL_POLICY_RESULT_SOCKET_DIVERT:
1232	/ Flow divert packets should be blocked at the IP layer /
1233	error = EHOSTUNREACH;
1234	OSAddAtomic(`1`, &ipstat.ips_necp_policy_drop);
1235	goto bad;
1236	case NECP_KERNEL_POLICY_RESULT_IP_TUNNEL: {
1237	/ Verify that the packet is being routed to the tunnel /
1238	struct ifnet *policy_ifp = necp_get_ifnet_from_result_parameter(&necp_result_parameter);
1239	if (policy_ifp == ifp) {
1240	/ Check if the interface is allowed /
1241	if (!necp_packet_is_allowed_over_interface(m, ifp)) {
1242	error = EHOSTUNREACH;
1243	OSAddAtomic(`1`, &ipstat.ips_necp_policy_drop);
1244	goto bad;
1245	}
1246	goto skip_ipsec;
1247	} else {
1248	if (necp_packet_can_rebind_to_ifnet(m, policy_ifp, &necp_route, AF_INET)) {
1249	/ Check if the interface is allowed /
1250	if (!necp_packet_is_allowed_over_interface(m, policy_ifp)) {
1251	error = EHOSTUNREACH;
1252	OSAddAtomic(`1`, &ipstat.ips_necp_policy_drop);
1253	goto bad;
1254	}
1255
1256	/ Set ifp to the tunnel interface, since it is compatible with the packet /
1257	ifp = policy_ifp;
1258	ro = &necp_route;
1259	goto skip_ipsec;
1260	} else {
1261	error = ENETUNREACH;
1262	OSAddAtomic(`1`, &ipstat.ips_necp_policy_drop);
1263	goto bad;
1264	}
1265	}
1266	}
1267	default:
1268	break;
1269	}
1270	}
1271	/ Catch-all to check if the interface is allowed /
1272	if (!necp_packet_is_allowed_over_interface(m, ifp)) {
1273	error = EHOSTUNREACH;
1274	OSAddAtomic(`1`, &ipstat.ips_necp_policy_drop);
1275	goto bad;
1276	}
1277	#endif /* NECP */
1278
1279	#if IPSEC
1280	if (ipsec_bypass != `0` \|\| (flags & IP_NOIPSEC))
1281	goto skip_ipsec;
1282
1283	KERNEL_DEBUG(DBG_FNC_IPSEC4_OUTPUT \| DBG_FUNC_START, `0`, `0`, `0`, `0`, `0`);
1284
1285	if (sp == NULL) {
1286	/ get SP for this packet /
1287	if (so != NULL) {
1288	sp = ipsec4_getpolicybysock(m, IPSEC_DIR_OUTBOUND,
1289	so, &error);
1290	} else {
1291	sp = ipsec4_getpolicybyaddr(m, IPSEC_DIR_OUTBOUND,
1292	flags, &error);
1293	}
1294	if (sp == NULL) {
1295	IPSEC_STAT_INCREMENT(ipsecstat.out_inval);
1296	KERNEL_DEBUG(DBG_FNC_IPSEC4_OUTPUT \| DBG_FUNC_END,
1297	`0`, `0`, `0`, `0`, `0`);
1298	goto bad;
1299	}
1300	}
1301
1302	error = `0`;
1303
1304	/ check policy /
1305	switch (sp->policy) {
1306	case IPSEC_POLICY_DISCARD:
1307	case IPSEC_POLICY_GENERATE:
1308	/*
1309	* This packet is just discarded.
1310	*/
1311	IPSEC_STAT_INCREMENT(ipsecstat.out_polvio);
1312	KERNEL_DEBUG(DBG_FNC_IPSEC4_OUTPUT \| DBG_FUNC_END,
1313	`1`, `0`, `0`, `0`, `0`);
1314	goto bad;
1315
1316	case IPSEC_POLICY_BYPASS:
1317	case IPSEC_POLICY_NONE:
1318	/ no need to do IPsec. /
1319	KERNEL_DEBUG(DBG_FNC_IPSEC4_OUTPUT \| DBG_FUNC_END,
1320	`2`, `0`, `0`, `0`, `0`);
1321	goto skip_ipsec;
1322
1323	case IPSEC_POLICY_IPSEC:
1324	if (sp->req == NULL) {
1325	/ acquire a policy /
1326	error = key_spdacquire(sp);
1327	KERNEL_DEBUG(DBG_FNC_IPSEC4_OUTPUT \| DBG_FUNC_END,
1328	`3`, `0`, `0`, `0`, `0`);
1329	goto bad;
1330	}
1331	if (sp->ipsec_if) {
1332	/ Verify the redirect to ipsec interface /
1333	if (sp->ipsec_if == ifp) {
1334	goto skip_ipsec;
1335	}
1336	goto bad;
1337	}
1338	break;
1339
1340	case IPSEC_POLICY_ENTRUST:
1341	default:
1342	printf("ip_output: Invalid policy found. %d\n", sp->policy);
1343	}
1344	{
1345	ipsec_state.m = m;
1346	if (flags & IP_ROUTETOIF) {
1347	bzero(&ipsec_state.ro, sizeof (ipsec_state.ro));
1348	} else {
1349	route_copyout((struct route )&ipsec_state.ro, ro, sizeof* (struct route));
1350	}
1351	ipsec_state.dst = SA(dst);
1352
1353	ip->ip_sum = `0`;
1354
1355	/*
1356	* XXX
1357	* delayed checksums are not currently compatible with IPsec
1358	*/
1359	if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA)
1360	in_delayed_cksum(m);
1361
1362	#if BYTE_ORDER != BIG_ENDIAN
1363	HTONS(ip->ip_len);
1364	HTONS(ip->ip_off);
1365	#endif
1366
1367	DTRACE_IP6(send, struct mbuf , m, struct* inpcb *, NULL,
1368	struct ip , ip, struct* ifnet *, ifp,
1369	struct ip , ip, struct* ip6_hdr *, NULL);
1370
1371	error = ipsec4_output(&ipsec_state, sp, flags);
1372	if (ipsec_state.tunneled == `6`) {
1373	m0 = m = NULL;
1374	error = `0`;
1375	goto bad;
1376	}
1377
1378	m0 = m = ipsec_state.m;
1379
1380	#if DUMMYNET
1381	/*
1382	* If we're about to use the route in ipsec_state
1383	* and this came from dummynet, cleaup now.
1384	*/
1385	if (ro == &saved_route &&
1386	(!(flags & IP_ROUTETOIF) \|\| ipsec_state.tunneled))
1387	ROUTE_RELEASE(ro);
1388	#endif /* DUMMYNET */
1389
1390	if (flags & IP_ROUTETOIF) {
1391	/*
1392	* if we have tunnel mode SA, we may need to ignore
1393	* IP_ROUTETOIF.
1394	*/
1395	if (ipsec_state.tunneled) {
1396	flags &= ~IP_ROUTETOIF;
1397	ro = (struct route *)&ipsec_state.ro;
1398	}
1399	} else {
1400	ro = (struct route *)&ipsec_state.ro;
1401	}
1402	dst = SIN(ipsec_state.dst);
1403	if (error) {
1404	/ mbuf is already reclaimed in ipsec4_output. /
1405	m0 = NULL;
1406	switch (error) {
1407	case EHOSTUNREACH:
1408	case ENETUNREACH:
1409	case EMSGSIZE:
1410	case ENOBUFS:
1411	case ENOMEM:
1412	break;
1413	default:
1414	printf("ip4_output (ipsec): error code %d\n", error);
1415	/ FALLTHRU /
1416	case ENOENT:
1417	/ don't show these error codes to the user /
1418	error = `0`;
1419	break;
1420	}
1421	KERNEL_DEBUG(DBG_FNC_IPSEC4_OUTPUT \| DBG_FUNC_END,
1422	`4`, `0`, `0`, `0`, `0`);
1423	goto bad;
1424	}
1425	}
1426
1427	/ be sure to update variables that are affected by ipsec4_output() /
1428	ip = mtod(m, struct ip *);
1429
1430	#ifdef _IP_VHL
1431	hlen = IP_VHL_HL(ip->ip_vhl) << `2`;
1432	#else /* !_IP_VHL */
1433	hlen = ip->ip_hl << `2`;
1434	#endif /* !_IP_VHL */
1435	/ Check that there wasn't a route change and src is still valid /
1436	if (ROUTE_UNUSABLE(ro)) {
1437	ROUTE_RELEASE(ro);
1438	VERIFY(src_ia == NULL);
1439	if (ip->ip_src.s_addr != INADDR_ANY &&
1440	!(flags & (IP_ROUTETOIF \| IP_FORWARDING)) &&
1441	(src_ia = ifa_foraddr(ip->ip_src.s_addr)) == NULL) {
1442	error = EADDRNOTAVAIL;
1443	KERNEL_DEBUG(DBG_FNC_IPSEC4_OUTPUT \| DBG_FUNC_END,
1444	`5`, `0`, `0`, `0`, `0`);
1445	goto bad;
1446	}
1447	if (src_ia != NULL) {
1448	IFA_REMREF(&src_ia->ia_ifa);
1449	src_ia = NULL;
1450	}
1451	}
1452
1453	if (ro->ro_rt == NULL) {
1454	if (!(flags & IP_ROUTETOIF)) {
1455	printf("%s: can't update route after "
1456	"IPsec processing\n", __func__);
1457	error = EHOSTUNREACH; / XXX /
1458	KERNEL_DEBUG(DBG_FNC_IPSEC4_OUTPUT \| DBG_FUNC_END,
1459	`6`, `0`, `0`, `0`, `0`);
1460	goto bad;
1461	}
1462	} else {
1463	if (ia != NULL)
1464	IFA_REMREF(&ia->ia_ifa);
1465	RT_LOCK_SPIN(ro->ro_rt);
1466	ia = ifatoia(ro->ro_rt->rt_ifa);
1467	if (ia != NULL) {
1468	/ Become a regular mutex /
1469	RT_CONVERT_LOCK(ro->ro_rt);
1470	IFA_ADDREF(&ia->ia_ifa);
1471	}
1472	ifp = ro->ro_rt->rt_ifp;
1473	RT_UNLOCK(ro->ro_rt);
1474	}
1475
1476	/ make it flipped, again. /
1477	#if BYTE_ORDER != BIG_ENDIAN
1478	NTOHS(ip->ip_len);
1479	NTOHS(ip->ip_off);
1480	#endif
1481	KERNEL_DEBUG(DBG_FNC_IPSEC4_OUTPUT \| DBG_FUNC_END,
1482	`7`, `0xff`, `0xff`, `0xff`, `0xff`);
1483
1484	/ Pass to filters again /
1485	if (!TAILQ_EMPTY(&ipv4_filters)) {
1486	struct ipfilter *filter;
1487
1488	ipf_pktopts.ippo_flags &= ~IPPOF_MCAST_OPTS;
1489
1490	/*
1491	* Check that a TSO frame isn't passed to a filter.
1492	* This could happen if a filter is inserted while
1493	* TCP is sending the TSO packet.
1494	*/
1495	if (m->m_pkthdr.csum_flags & CSUM_TSO_IPV4) {
1496	error = EMSGSIZE;
1497	goto bad;
1498	}
1499
1500	ipf_ref();
1501
1502	/ 4135317 - always pass network byte order to filter /
1503	#if BYTE_ORDER != BIG_ENDIAN
1504	HTONS(ip->ip_len);
1505	HTONS(ip->ip_off);
1506	#endif
1507	TAILQ_FOREACH(filter, &ipv4_filters, ipf_link) {
1508	if (filter->ipf_filter.ipf_output) {
1509	errno_t result;
1510	result = filter->ipf_filter.
1511	ipf_output(filter->ipf_filter.cookie,
1512	(mbuf_t *)&m, ippo);
1513	if (result == EJUSTRETURN) {
1514	ipf_unref();
1515	goto done;
1516	}
1517	if (result != `0`) {
1518	ipf_unref();
1519	goto bad;
1520	}
1521	}
1522	}
1523	/ set back to host byte order /
1524	ip = mtod(m, struct ip *);
1525	#if BYTE_ORDER != BIG_ENDIAN
1526	NTOHS(ip->ip_len);
1527	NTOHS(ip->ip_off);
1528	#endif
1529	ipf_unref();
1530	}
1531	skip_ipsec:
1532	#endif /* IPSEC */
1533
1534	#if IPFIREWALL
1535	/*
1536	* Check with the firewall...
1537	* but not if we are already being fwd'd from a firewall.
1538	*/
1539	if (fw_enable && IPFW_LOADED && !args.fwa_next_hop) {
1540	struct sockaddr_in *old = dst;
1541
1542	args.fwa_m = m;
1543	args.fwa_next_hop = dst;
1544	args.fwa_oif = ifp;
1545	ipfwoff = ip_fw_chk_ptr(&args);
1546	m = args.fwa_m;
1547	dst = args.fwa_next_hop;
1548
1549	/*
1550	* On return we must do the following:
1551	* IP_FW_PORT_DENY_FLAG -> drop the pkt (XXX new)
1552	* 1<=off<= 0xffff -> DIVERT
1553	* (off & IP_FW_PORT_DYNT_FLAG) -> send to a DUMMYNET pipe
1554	* (off & IP_FW_PORT_TEE_FLAG) -> TEE the packet
1555	* dst != old -> IPFIREWALL_FORWARD
1556	* off==0, dst==old -> accept
1557	* If some of the above modules is not compiled in, then
1558	* we should't have to check the corresponding condition
1559	* (because the ipfw control socket should not accept
1560	* unsupported rules), but better play safe and drop
1561	* packets in case of doubt.
1562	*/
1563	m0 = m;
1564	if ((ipfwoff & IP_FW_PORT_DENY_FLAG) \|\| m == NULL) {
1565	if (m)
1566	m_freem(m);
1567	error = EACCES;
1568	goto done;
1569	}
1570	ip = mtod(m, struct ip *);
1571
1572	if (ipfwoff == `0` && dst == old) { / common case /
1573	goto pass;
1574	}
1575	#if DUMMYNET
1576	if (DUMMYNET_LOADED && (ipfwoff & IP_FW_PORT_DYNT_FLAG) != `0`) {
1577	/*
1578	* pass the pkt to dummynet. Need to include
1579	* pipe number, m, ifp, ro, dst because these are
1580	* not recomputed in the next pass.
1581	* All other parameters have been already used and
1582	* so they are not needed anymore.
1583	* XXX note: if the ifp or ro entry are deleted
1584	* while a pkt is in dummynet, we are in trouble!
1585	*/
1586	args.fwa_ro = ro;
1587	args.fwa_dst = dst;
1588	args.fwa_oflags = flags;
1589	if (flags & IP_OUTARGS)
1590	args.fwa_ipoa = ipoa;
1591
1592	error = ip_dn_io_ptr(m, ipfwoff & `0xffff`, DN_TO_IP_OUT,
1593	&args, DN_CLIENT_IPFW);
1594	goto done;
1595	}
1596	#endif /* DUMMYNET */
1597	#if IPDIVERT
1598	if (ipfwoff != `0` && (ipfwoff & IP_FW_PORT_DYNT_FLAG) == `0`) {
1599	struct mbuf *clone = NULL;
1600
1601	/ Clone packet if we're doing a 'tee' /
1602	if ((ipfwoff & IP_FW_PORT_TEE_FLAG) != `0`)
1603	clone = m_dup(m, M_DONTWAIT);
1604	/*
1605	* XXX
1606	* delayed checksums are not currently compatible
1607	* with divert sockets.
1608	*/
1609	if (m->m_pkthdr.csum_flags & CSUM_DELAY_DATA)
1610	in_delayed_cksum(m);
1611
1612	/ Restore packet header fields to original values /
1613
1614	#if BYTE_ORDER != BIG_ENDIAN
1615	HTONS(ip->ip_len);
1616	HTONS(ip->ip_off);
1617	#endif
1618
1619	/ Deliver packet to divert input routine /
1620	divert_packet(m, `0`, ipfwoff & `0xffff`,
1621	args.fwa_divert_rule);
1622
1623	/ If 'tee', continue with original packet /
1624	if (clone != NULL) {
1625	m0 = m = clone;
1626	ip = mtod(m, struct ip *);
1627	goto pass;
1628	}
1629	goto done;
1630	}
1631	#endif /* IPDIVERT */
1632	#if IPFIREWALL_FORWARD
1633	/*
1634	* Here we check dst to make sure it's directly reachable on
1635	* the interface we previously thought it was.
1636	* If it isn't (which may be likely in some situations) we have
1637	* to re-route it (ie, find a route for the next-hop and the
1638	* associated interface) and set them here. This is nested
1639	* forwarding which in most cases is undesirable, except where
1640	* such control is nigh impossible. So we do it here.
1641	* And I'm babbling.
1642	*/
1643	if (ipfwoff == `0` && old != dst) {
1644	struct in_ifaddr *ia_fw;
1645	struct route *ro_fwd = &sro_fwd;
1646
1647	#if IPFIREWALL_FORWARD_DEBUG
1648	printf("IPFIREWALL_FORWARD: New dst ip: ");
1649	print_ip(dst->sin_addr);
1650	printf("\n");
1651	#endif /* IPFIREWALL_FORWARD_DEBUG */
1652	/*
1653	* We need to figure out if we have been forwarded
1654	* to a local socket. If so then we should somehow
1655	* "loop back" to ip_input, and get directed to the
1656	* PCB as if we had received this packet. This is
1657	* because it may be dificult to identify the packets
1658	* you want to forward until they are being output
1659	* and have selected an interface. (e.g. locally
1660	* initiated packets) If we used the loopback inteface,
1661	* we would not be able to control what happens
1662	* as the packet runs through ip_input() as
1663	* it is done through a ISR.
1664	*/
1665	lck_rw_lock_shared(in_ifaddr_rwlock);
1666	TAILQ_FOREACH(ia_fw, &in_ifaddrhead, ia_link) {
1667	/*
1668	* If the addr to forward to is one
1669	* of ours, we pretend to
1670	* be the destination for this packet.
1671	*/
1672	IFA_LOCK_SPIN(&ia_fw->ia_ifa);
1673	if (IA_SIN(ia_fw)->sin_addr.s_addr ==
1674	dst->sin_addr.s_addr) {
1675	IFA_UNLOCK(&ia_fw->ia_ifa);
1676	break;
1677	}
1678	IFA_UNLOCK(&ia_fw->ia_ifa);
1679	}
1680	lck_rw_done(in_ifaddr_rwlock);
1681	if (ia_fw) {
1682	/ tell ip_input "dont filter" /
1683	struct m_tag *fwd_tag;
1684	struct ip_fwd_tag *ipfwd_tag;
1685
1686	fwd_tag = m_tag_create(KERNEL_MODULE_TAG_ID,
1687	KERNEL_TAG_TYPE_IPFORWARD,
1688	sizeof (*ipfwd_tag), M_NOWAIT, m);
1689	if (fwd_tag == NULL) {
1690	error = ENOBUFS;
1691	goto bad;
1692	}
1693
1694	ipfwd_tag = (struct ip_fwd_tag *)(fwd_tag+`1`);
1695	ipfwd_tag->next_hop = args.fwa_next_hop;
1696
1697	m_tag_prepend(m, fwd_tag);
1698
1699	if (m->m_pkthdr.rcvif == NULL)
1700	m->m_pkthdr.rcvif = lo_ifp;
1701
1702	#if BYTE_ORDER != BIG_ENDIAN
1703	HTONS(ip->ip_len);
1704	HTONS(ip->ip_off);
1705	#endif
1706	mbuf_outbound_finalize(m, PF_INET, `0`);
1707
1708	/*
1709	* we need to call dlil_output to run filters
1710	* and resync to avoid recursion loops.
1711	*/
1712	if (lo_ifp) {
1713	dlil_output(lo_ifp, PF_INET, m, NULL,
1714	SA(dst), `0`, adv);
1715	} else {
1716	printf("%s: no loopback ifp for "
1717	"forwarding!!!\n", __func__);
1718	}
1719	goto done;
1720	}
1721	/*
1722	* Some of the logic for this was nicked from above.
1723	*
1724	* This rewrites the cached route in a local PCB.
1725	* Is this what we want to do?
1726	*/
1727	ROUTE_RELEASE(ro_fwd);
1728	bcopy(dst, &ro_fwd->ro_dst, sizeof (*dst));
1729
1730	rtalloc_ign(ro_fwd, RTF_PRCLONING, false);
1731
1732	if (ro_fwd->ro_rt == NULL) {
1733	OSAddAtomic(`1`, &ipstat.ips_noroute);
1734	error = EHOSTUNREACH;
1735	goto bad;
1736	}
1737
1738	RT_LOCK_SPIN(ro_fwd->ro_rt);
1739	ia_fw = ifatoia(ro_fwd->ro_rt->rt_ifa);
1740	if (ia_fw != NULL) {
1741	/ Become a regular mutex /
1742	RT_CONVERT_LOCK(ro_fwd->ro_rt);
1743	IFA_ADDREF(&ia_fw->ia_ifa);
1744	}
1745	ifp = ro_fwd->ro_rt->rt_ifp;
1746	ro_fwd->ro_rt->rt_use++;
1747	if (ro_fwd->ro_rt->rt_flags & RTF_GATEWAY)
1748	dst = SIN(ro_fwd->ro_rt->rt_gateway);
1749	if (ro_fwd->ro_rt->rt_flags & RTF_HOST) {
1750	/ double negation needed for bool bit field /
1751	ipobf.isbroadcast =
1752	!!(ro_fwd->ro_rt->rt_flags & RTF_BROADCAST);
1753	} else {
1754	/ Become a regular mutex /
1755	RT_CONVERT_LOCK(ro_fwd->ro_rt);
1756	ipobf.isbroadcast =
1757	in_broadcast(dst->sin_addr, ifp);
1758	}
1759	RT_UNLOCK(ro_fwd->ro_rt);
1760	ROUTE_RELEASE(ro);
1761	ro->ro_rt = ro_fwd->ro_rt;
1762	ro_fwd->ro_rt = NULL;
1763	dst = SIN(&ro_fwd->ro_dst);
1764
1765	/*
1766	* If we added a default src ip earlier,
1767	* which would have been gotten from the-then
1768	* interface, do it again, from the new one.
1769	*/
1770	if (ia_fw != NULL) {
1771	if (ipobf.fwd_rewrite_src) {
1772	IFA_LOCK_SPIN(&ia_fw->ia_ifa);
1773	ip->ip_src = IA_SIN(ia_fw)->sin_addr;
1774	IFA_UNLOCK(&ia_fw->ia_ifa);
1775	}
1776	IFA_REMREF(&ia_fw->ia_ifa);
1777	}
1778	goto pass;
1779	}
1780	#endif /* IPFIREWALL_FORWARD */
1781	/*
1782	* if we get here, none of the above matches, and
1783	* we have to drop the pkt
1784	*/
1785	m_freem(m);
1786	error = EACCES; / not sure this is the right error msg /
1787	goto done;
1788	}
1789
1790	pass:
1791	#endif /* IPFIREWALL */
1792
1793	/ 127/8 must not appear on wire - RFC1122 /
1794	if (!(ifp->if_flags & IFF_LOOPBACK) &&
1795	((ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET \|\|
1796	(ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET)) {
1797	OSAddAtomic(`1`, &ipstat.ips_badaddr);
1798	error = EADDRNOTAVAIL;
1799	goto bad;
1800	}
1801
1802	if (ipoa != NULL) {
1803	u_int8_t dscp = ip->ip_tos >> IPTOS_DSCP_SHIFT;
1804
1805	error = set_packet_qos(m, ifp,
1806	ipoa->ipoa_flags & IPOAF_QOSMARKING_ALLOWED ? TRUE : FALSE,
1807	ipoa->ipoa_sotc, ipoa->ipoa_netsvctype, &dscp);
1808	if (error == `0`) {
1809	ip->ip_tos &= IPTOS_ECN_MASK;
1810	ip->ip_tos \|= dscp << IPTOS_DSCP_SHIFT;
1811	} else {
1812	printf("%s if_dscp_for_mbuf() error %d\n", __func__, error);
1813	error = `0`;
1814	}
1815	}
1816
1817	/*
1818	* Some Wi-Fi AP implementations do not correctly handle multicast IP
1819	* packets with DSCP bits set -- see radr://9331522 -- so as a
1820	* workaround we clear the DSCP bits and set the service class to BE
1821	*/
1822	if (IN_MULTICAST(ntohl(pkt_dst.s_addr)) && IFNET_IS_WIFI_INFRA(ifp)) {
1823	ip->ip_tos &= IPTOS_ECN_MASK;
1824	mbuf_set_service_class(m, MBUF_SC_BE);
1825	}
1826
1827	ip_output_checksum(ifp, m, (IP_VHL_HL(ip->ip_vhl) << `2`),
1828	ip->ip_len, &sw_csum);
1829
1830	interface_mtu = ifp->if_mtu;
1831
1832	if (INTF_ADJUST_MTU_FOR_CLAT46(ifp)) {
1833	interface_mtu = IN6_LINKMTU(ifp);
1834	/ Further adjust the size for CLAT46 expansion /
1835	interface_mtu -= CLAT46_HDR_EXPANSION_OVERHD;
1836	}
1837
1838	/*
1839	* If small enough for interface, or the interface will take
1840	* care of the fragmentation for us, can just send directly.
1841	*/
1842	if ((u_short)ip->ip_len <= interface_mtu \|\| TSO_IPV4_OK(ifp, m) \|\|
1843	(!(ip->ip_off & IP_DF) && (ifp->if_hwassist & CSUM_FRAGMENT))) {
1844	#if BYTE_ORDER != BIG_ENDIAN
1845	HTONS(ip->ip_len);
1846	HTONS(ip->ip_off);
1847	#endif
1848
1849	ip->ip_sum = `0`;
1850	if (sw_csum & CSUM_DELAY_IP) {
1851	ip->ip_sum = ip_cksum_hdr_out(m, hlen);
1852	sw_csum &= ~CSUM_DELAY_IP;
1853	m->m_pkthdr.csum_flags &= ~CSUM_DELAY_IP;
1854	}
1855
1856	#if IPSEC
1857	/ clean ipsec history once it goes out of the node /
1858	if (ipsec_bypass == `0` && !(flags & IP_NOIPSEC))
1859	ipsec_delaux(m);
1860	#endif /* IPSEC */
1861	if ((m->m_pkthdr.csum_flags & CSUM_TSO_IPV4) &&
1862	(m->m_pkthdr.tso_segsz > `0`))
1863	scnt += m->m_pkthdr.len / m->m_pkthdr.tso_segsz;
1864	else
1865	scnt++;
1866
1867	if (packetchain == `0`) {
1868	if (ro->ro_rt != NULL && nstat_collect)
1869	nstat_route_tx(ro->ro_rt, scnt,
1870	m->m_pkthdr.len, `0`);
1871
1872	error = dlil_output(ifp, PF_INET, m, ro->ro_rt,
1873	SA(dst), `0`, adv);
1874	if (dlil_verbose && error) {
1875	printf("dlil_output error on interface %s: %d\n",
1876	ifp->if_xname, error);
1877	}
1878	scnt = `0`;
1879	goto done;
1880	} else {
1881	/*
1882	* packet chaining allows us to reuse the
1883	* route for all packets
1884	*/
1885	bytecnt += m->m_pkthdr.len;
1886	mppn = &m->m_nextpkt;
1887	m = m->m_nextpkt;
1888	if (m == NULL) {
1889	#if PF
1890	sendchain:
1891	#endif /* PF */
1892	if (pktcnt > ip_maxchainsent)
1893	ip_maxchainsent = pktcnt;
1894	if (ro->ro_rt != NULL && nstat_collect)
1895	nstat_route_tx(ro->ro_rt, scnt,
1896	bytecnt, `0`);
1897
1898	error = dlil_output(ifp, PF_INET, packetlist,
1899	ro->ro_rt, SA(dst), `0`, adv);
1900	if (dlil_verbose && error) {
1901	printf("dlil_output error on interface %s: %d\n",
1902	ifp->if_xname, error);
1903	}
1904	pktcnt = `0`;
1905	scnt = `0`;
1906	bytecnt = `0`;
1907	goto done;
1908
1909	}
1910	m0 = m;
1911	pktcnt++;
1912	goto loopit;
1913	}
1914	}
1915
1916	VERIFY(interface_mtu != `0`);
1917	/*
1918	* Too large for interface; fragment if possible.
1919	* Must be able to put at least 8 bytes per fragment.
1920	* Balk when DF bit is set or the interface didn't support TSO.
1921	*/
1922	if ((ip->ip_off & IP_DF) \|\| pktcnt > `0` \|\|
1923	(m->m_pkthdr.csum_flags & CSUM_TSO_IPV4)) {
1924	error = EMSGSIZE;
1925	/*
1926	* This case can happen if the user changed the MTU
1927	* of an interface after enabling IP on it. Because
1928	* most netifs don't keep track of routes pointing to
1929	* them, there is no way for one to update all its
1930	* routes when the MTU is changed.
1931	*/
1932	if (ro->ro_rt) {
1933	RT_LOCK_SPIN(ro->ro_rt);
1934	if ((ro->ro_rt->rt_flags & (RTF_UP \| RTF_HOST)) &&
1935	!(ro->ro_rt->rt_rmx.rmx_locks & RTV_MTU) &&
1936	(ro->ro_rt->rt_rmx.rmx_mtu > interface_mtu)) {
1937	ro->ro_rt->rt_rmx.rmx_mtu = interface_mtu;
1938	}
1939	RT_UNLOCK(ro->ro_rt);
1940	}
1941	if (pktcnt > `0`) {
1942	m0 = packetlist;
1943	}
1944	OSAddAtomic(`1`, &ipstat.ips_cantfrag);
1945	goto bad;
1946	}
1947
1948	/*
1949	* XXX Only TCP seems to be passing a list of packets here.
1950	* The following issue is limited to UDP datagrams with 0 checksum.
1951	* For now limit it to the case when single packet is passed down.
1952	*/
1953	if (packetchain == `0` && IS_INTF_CLAT46(ifp)) {
1954	/*
1955	* If it is a UDP packet that has checksum set to 0
1956	* and is also not being offloaded, compute a full checksum
1957	* and update the UDP checksum.
1958	*/
1959	if (ip->ip_p == IPPROTO_UDP &&
1960	!(m->m_pkthdr.csum_flags & (CSUM_UDP \| CSUM_PARTIAL))) {
1961	struct udphdr *uh = NULL;
1962
1963	if (m->m_len < hlen + sizeof (struct udphdr)) {
1964	m = m_pullup(m, hlen + sizeof (struct udphdr));
1965	if (m == NULL) {
1966	error = ENOBUFS;
1967	m0 = m;
1968	goto bad;
1969	}
1970	m0 = m;
1971	ip = mtod(m, struct ip *);
1972	}
1973	/*
1974	* Get UDP header and if checksum is 0, then compute the full
1975	* checksum.
1976	*/
1977	uh = (struct udphdr )(void* *)((caddr_t)ip + hlen);
1978	if (uh->uh_sum == `0`) {
1979	uh->uh_sum = inet_cksum(m, IPPROTO_UDP, hlen,
1980	ip->ip_len - hlen);
1981	if (uh->uh_sum == `0`)
1982	uh->uh_sum = `0xffff`;
1983	}
1984	}
1985	}
1986
1987	error = ip_fragment(m, ifp, interface_mtu, sw_csum);
1988	if (error != `0`) {
1989	m0 = m = NULL;
1990	goto bad;
1991	}
1992
1993	KERNEL_DEBUG(DBG_LAYER_END, ip->ip_dst.s_addr,
1994	ip->ip_src.s_addr, ip->ip_p, ip->ip_off, ip->ip_len);
1995
1996	for (m = m0; m; m = m0) {
1997	m0 = m->m_nextpkt;
1998	m->m_nextpkt = `0`;
1999	#if IPSEC
2000	/ clean ipsec history once it goes out of the node /
2001	if (ipsec_bypass == `0` && !(flags & IP_NOIPSEC))
2002	ipsec_delaux(m);
2003	#endif /* IPSEC */
2004	if (error == `0`) {
2005	if ((packetchain != `0`) && (pktcnt > `0`)) {
2006	panic("%s: mix of packet in packetlist is "
2007	"wrong=%p", __func__, packetlist);
2008	/ NOTREACHED /
2009	}
2010	if (ro->ro_rt != NULL && nstat_collect) {
2011	nstat_route_tx(ro->ro_rt, `1`,
2012	m->m_pkthdr.len, `0`);
2013	}
2014	error = dlil_output(ifp, PF_INET, m, ro->ro_rt,
2015	SA(dst), `0`, adv);
2016	if (dlil_verbose && error) {
2017	printf("dlil_output error on interface %s: %d\n",
2018	ifp->if_xname, error);
2019	}
2020	} else {
2021	m_freem(m);
2022	}
2023	}
2024
2025	if (error == `0`)
2026	OSAddAtomic(`1`, &ipstat.ips_fragmented);
2027
2028	done:
2029	if (ia != NULL) {
2030	IFA_REMREF(&ia->ia_ifa);
2031	ia = NULL;
2032	}
2033	#if IPSEC
2034	ROUTE_RELEASE(&ipsec_state.ro);
2035	if (sp != NULL) {
2036	KEYDEBUG(KEYDEBUG_IPSEC_STAMP,
2037	printf("DP ip_output call free SP:%x\n", sp));
2038	key_freesp(sp, KEY_SADB_UNLOCKED);
2039	}
2040	#endif /* IPSEC */
2041	#if NECP
2042	ROUTE_RELEASE(&necp_route);
2043	#endif /* NECP */
2044	#if DUMMYNET
2045	ROUTE_RELEASE(&saved_route);
2046	#endif /* DUMMYNET */
2047	#if IPFIREWALL_FORWARD
2048	ROUTE_RELEASE(&sro_fwd);
2049	#endif /* IPFIREWALL_FORWARD */
2050
2051	KERNEL_DEBUG(DBG_FNC_IP_OUTPUT \| DBG_FUNC_END, error, `0`, `0`, `0`, `0`);
2052	if (ip_output_measure) {
2053	net_perf_measure_time(&net_perf, &start_tv, packets_processed);
2054	net_perf_histogram(&net_perf, packets_processed);
2055	}
2056	return (error);
2057	bad:
2058	if (pktcnt > `0`)
2059	m0 = packetlist;
2060	m_freem_list(m0);
2061	goto done;
2062
2063	#undef ipsec_state
2064	#undef args
2065	#undef sro_fwd
2066	#undef saved_route
2067	#undef ipf_pktopts
2068	#undef IP_CHECK_RESTRICTIONS
2069	}
2070
2071	int
2072	ip_fragment(struct mbuf m, struct* ifnet ifp, unsigned* long mtu, int sw_csum)
2073	{
2074	struct ip ip, mhip;
2075	int len, hlen, mhlen, firstlen, off, error = `0`;
2076	struct mbuf *mnext = &m->m_nextpkt, m0;
2077	int nfrags = `1`;
2078
2079	ip = mtod(m, struct ip *);
2080	#ifdef _IP_VHL
2081	hlen = IP_VHL_HL(ip->ip_vhl) << `2`;
2082	#else /* !_IP_VHL */
2083	hlen = ip->ip_hl << `2`;
2084	#endif /* !_IP_VHL */
2085
2086	#ifdef INET6
2087	/*
2088	* We need to adjust the fragment sizes to account
2089	* for IPv6 fragment header if it needs to be translated
2090	* from IPv4 to IPv6.
2091	*/
2092	if (IS_INTF_CLAT46(ifp))
2093	mtu -= sizeof(struct ip6_frag);
2094
2095	#endif
2096	firstlen = len = (mtu - hlen) &~ `7`;
2097	if (len < `8`) {
2098	m_freem(m);
2099	return (EMSGSIZE);
2100	}
2101
2102	/*
2103	* if the interface will not calculate checksums on
2104	* fragmented packets, then do it here.
2105	*/
2106	if ((m->m_pkthdr.csum_flags & CSUM_DELAY_DATA) &&
2107	!(ifp->if_hwassist & CSUM_IP_FRAGS))
2108	in_delayed_cksum(m);
2109
2110	/*
2111	* Loop through length of segment after first fragment,
2112	* make new header and copy data of each part and link onto chain.
2113	*/
2114	m0 = m;
2115	mhlen = sizeof (struct ip);
2116	for (off = hlen + len; off < (u_short)ip->ip_len; off += len) {
2117	MGETHDR(m, M_DONTWAIT, MT_HEADER); / MAC-OK /
2118	if (m == NULL) {
2119	error = ENOBUFS;
2120	OSAddAtomic(`1`, &ipstat.ips_odropped);
2121	goto sendorfree;
2122	}
2123	m->m_flags \|= (m0->m_flags & M_MCAST) \| M_FRAG;
2124	m->m_data += max_linkhdr;
2125	mhip = mtod(m, struct ip *);
2126	mhip = ip;
2127	if (hlen > sizeof (struct ip)) {
2128	mhlen = ip_optcopy(ip, mhip) + sizeof (struct ip);
2129	mhip->ip_vhl = IP_MAKE_VHL(IPVERSION, mhlen >> `2`);
2130	}
2131	m->m_len = mhlen;
2132	mhip->ip_off = ((off - hlen) >> `3`) + (ip->ip_off & ~IP_MF);
2133	if (ip->ip_off & IP_MF)
2134	mhip->ip_off \|= IP_MF;
2135	if (off + len >= (u_short)ip->ip_len)
2136	len = (u_short)ip->ip_len - off;
2137	else
2138	mhip->ip_off \|= IP_MF;
2139	mhip->ip_len = htons((u_short)(len + mhlen));
2140	m->m_next = m_copy(m0, off, len);
2141	if (m->m_next == NULL) {
2142	(void) m_free(m);
2143	error = ENOBUFS; / ??? /
2144	OSAddAtomic(`1`, &ipstat.ips_odropped);
2145	goto sendorfree;
2146	}
2147	m->m_pkthdr.len = mhlen + len;
2148	m->m_pkthdr.rcvif = NULL;
2149	m->m_pkthdr.csum_flags = m0->m_pkthdr.csum_flags;
2150
2151	M_COPY_CLASSIFIER(m, m0);
2152	M_COPY_PFTAG(m, m0);
2153
2154	#if CONFIG_MACF_NET
2155	mac_netinet_fragment(m0, m);
2156	#endif /* CONFIG_MACF_NET */
2157
2158	#if BYTE_ORDER != BIG_ENDIAN
2159	HTONS(mhip->ip_off);
2160	#endif
2161
2162	mhip->ip_sum = `0`;
2163	if (sw_csum & CSUM_DELAY_IP) {
2164	mhip->ip_sum = ip_cksum_hdr_out(m, mhlen);
2165	m->m_pkthdr.csum_flags &= ~CSUM_DELAY_IP;
2166	}
2167	*mnext = m;
2168	mnext = &m->m_nextpkt;
2169	nfrags++;
2170	}
2171	OSAddAtomic(nfrags, &ipstat.ips_ofragments);
2172
2173	/ set first/last markers for fragment chain /
2174	m->m_flags \|= M_LASTFRAG;
2175	m0->m_flags \|= M_FIRSTFRAG \| M_FRAG;
2176	m0->m_pkthdr.csum_data = nfrags;
2177
2178	/*
2179	* Update first fragment by trimming what's been copied out
2180	* and updating header, then send each fragment (in order).
2181	*/
2182	m = m0;
2183	m_adj(m, hlen + firstlen - (u_short)ip->ip_len);
2184	m->m_pkthdr.len = hlen + firstlen;
2185	ip->ip_len = htons((u_short)m->m_pkthdr.len);
2186	ip->ip_off \|= IP_MF;
2187
2188	#if BYTE_ORDER != BIG_ENDIAN
2189	HTONS(ip->ip_off);
2190	#endif
2191
2192	ip->ip_sum = `0`;
2193	if (sw_csum & CSUM_DELAY_IP) {
2194	ip->ip_sum = ip_cksum_hdr_out(m, hlen);
2195	m->m_pkthdr.csum_flags &= ~CSUM_DELAY_IP;
2196	}
2197	sendorfree:
2198	if (error)
2199	m_freem_list(m0);
2200
2201	return (error);
2202	}
2203
2204	static void
2205	ip_out_cksum_stats(int proto, u_int32_t len)
2206	{
2207	switch (proto) {
2208	case IPPROTO_TCP:
2209	tcp_out_cksum_stats(len);
2210	break;
2211	case IPPROTO_UDP:
2212	udp_out_cksum_stats(len);
2213	break;
2214	default:
2215	/ keep only TCP or UDP stats for now /
2216	break;
2217	}
2218	}
2219
2220	/*
2221	* Process a delayed payload checksum calculation (outbound path.)
2222	*
2223	* hoff is the number of bytes beyond the mbuf data pointer which
2224	* points to the IP header.
2225	*
2226	* Returns a bitmask representing all the work done in software.
2227	*/
2228	uint32_t
2229	in_finalize_cksum(struct mbuf *m, uint32_t hoff, uint32_t csum_flags)
2230	{
2231	unsigned char buf[`15` << `2`] __attribute__((aligned(`8`)));
2232	struct ip *ip;
2233	uint32_t offset, _hlen, mlen, hlen, len, sw_csum;
2234	uint16_t csum, ip_len;
2235
2236	_CASSERT(sizeof (csum) == sizeof (uint16_t));
2237	VERIFY(m->m_flags & M_PKTHDR);
2238
2239	sw_csum = (csum_flags & m->m_pkthdr.csum_flags);
2240
2241	if ((sw_csum &= (CSUM_DELAY_IP \| CSUM_DELAY_DATA)) == `0`)
2242	goto done;
2243
2244	mlen = m->m_pkthdr.len; / total mbuf len /
2245
2246	/ sanity check (need at least simple IP header) /
2247	if (mlen < (hoff + sizeof (*ip))) {
2248	panic("%s: mbuf %p pkt len (%u) < hoff+ip_hdr "
2249	"(%u+%u)\n", __func__, m, mlen, hoff,
2250	(uint32_t)sizeof (*ip));
2251	/ NOTREACHED /
2252	}
2253
2254	/*
2255	* In case the IP header is not contiguous, or not 32-bit aligned,
2256	* or if we're computing the IP header checksum, copy it to a local
2257	* buffer. Copy only the simple IP header here (IP options case
2258	* is handled below.)
2259	*/
2260	if ((sw_csum & CSUM_DELAY_IP) \|\| (hoff + sizeof (*ip)) > m->m_len \|\|
2261	!IP_HDR_ALIGNED_P(mtod(m, caddr_t) + hoff)) {
2262	m_copydata(m, hoff, sizeof (*ip), (caddr_t)buf);
2263	ip = (struct ip )(void* *)buf;
2264	_hlen = sizeof (*ip);
2265	} else {
2266	ip = (struct ip )(void* *)(m->m_data + hoff);
2267	_hlen = `0`;
2268	}
2269
2270	hlen = IP_VHL_HL(ip->ip_vhl) << `2`; / IP header len /
2271
2272	/ sanity check /
2273	if (mlen < (hoff + hlen)) {
2274	panic("%s: mbuf %p pkt too short (%d) for IP header (%u), "
2275	"hoff %u", __func__, m, mlen, hlen, hoff);
2276	/ NOTREACHED /
2277	}
2278
2279	/*
2280	* We could be in the context of an IP or interface filter; in the
2281	* former case, ip_len would be in host (correct) order while for
2282	* the latter it would be in network order. Because of this, we
2283	* attempt to interpret the length field by comparing it against
2284	* the actual packet length. If the comparison fails, byte swap
2285	* the length and check again. If it still fails, use the actual
2286	* packet length. This also covers the trailing bytes case.
2287	*/
2288	ip_len = ip->ip_len;
2289	if (ip_len != (mlen - hoff)) {
2290	ip_len = OSSwapInt16(ip_len);
2291	if (ip_len != (mlen - hoff)) {
2292	printf("%s: mbuf 0x%llx proto %d IP len %d (%x) "
2293	"[swapped %d (%x)] doesn't match actual packet "
2294	"length; %d is used instead\n", __func__,
2295	(uint64_t)VM_KERNEL_ADDRPERM(m), ip->ip_p,
2296	ip->ip_len, ip->ip_len, ip_len, ip_len,
2297	(mlen - hoff));
2298	ip_len = mlen - hoff;
2299	}
2300	}
2301
2302	len = ip_len - hlen; / csum span /
2303
2304	if (sw_csum & CSUM_DELAY_DATA) {
2305	uint16_t ulpoff;
2306
2307	/*
2308	* offset is added to the lower 16-bit value of csum_data,
2309	* which is expected to contain the ULP offset; therefore
2310	* CSUM_PARTIAL offset adjustment must be undone.
2311	*/
2312	if ((m->m_pkthdr.csum_flags & (CSUM_PARTIAL\|CSUM_DATA_VALID)) ==
2313	(CSUM_PARTIAL\|CSUM_DATA_VALID)) {
2314	/*
2315	* Get back the original ULP offset (this will
2316	* undo the CSUM_PARTIAL logic in ip_output.)
2317	*/
2318	m->m_pkthdr.csum_data = (m->m_pkthdr.csum_tx_stuff -
2319	m->m_pkthdr.csum_tx_start);
2320	}
2321
2322	ulpoff = (m->m_pkthdr.csum_data & `0xffff`); / ULP csum offset /
2323	offset = hoff + hlen; / ULP header /
2324
2325	if (mlen < (ulpoff + sizeof (csum))) {
2326	panic("%s: mbuf %p pkt len (%u) proto %d invalid ULP "
2327	"cksum offset (%u) cksum flags 0x%x\n", __func__,
2328	m, mlen, ip->ip_p, ulpoff, m->m_pkthdr.csum_flags);
2329	/ NOTREACHED /
2330	}
2331
2332	csum = inet_cksum(m, `0`, offset, len);
2333
2334	/ Update stats /
2335	ip_out_cksum_stats(ip->ip_p, len);
2336
2337	/ RFC1122 4.1.3.4 /
2338	if (csum == `0` &&
2339	(m->m_pkthdr.csum_flags & (CSUM_UDP\|CSUM_ZERO_INVERT)))
2340	csum = `0xffff`;
2341
2342	/ Insert the checksum in the ULP csum field /
2343	offset += ulpoff;
2344	if (offset + sizeof (csum) > m->m_len) {
2345	m_copyback(m, offset, sizeof (csum), &csum);
2346	} else if (IP_HDR_ALIGNED_P(mtod(m, char *) + hoff)) {
2347	(uint16_t )(void )(mtod(m, char* *) + offset) = csum;
2348	} else {
2349	bcopy(&csum, (mtod(m, char ) + offset), sizeof* (csum));
2350	}
2351	m->m_pkthdr.csum_flags &= ~(CSUM_DELAY_DATA \| CSUM_DATA_VALID \|
2352	CSUM_PARTIAL \| CSUM_ZERO_INVERT);
2353	}
2354
2355	if (sw_csum & CSUM_DELAY_IP) {
2356	/ IP header must be in the local buffer /
2357	VERIFY(_hlen == sizeof (*ip));
2358	if (_hlen != hlen) {
2359	VERIFY(hlen <= sizeof (buf));
2360	m_copydata(m, hoff, hlen, (caddr_t)buf);
2361	ip = (struct ip )(void* *)buf;
2362	_hlen = hlen;
2363	}
2364
2365	/*
2366	* Compute the IP header checksum as if the IP length
2367	* is the length which we believe is "correct"; see
2368	* how ip_len gets calculated above. Note that this
2369	* is done on the local copy and not on the real one.
2370	*/
2371	ip->ip_len = htons(ip_len);
2372	ip->ip_sum = `0`;
2373	csum = in_cksum_hdr_opt(ip);
2374
2375	/ Update stats /
2376	ipstat.ips_snd_swcsum++;
2377	ipstat.ips_snd_swcsum_bytes += hlen;
2378
2379	/*
2380	* Insert only the checksum in the existing IP header
2381	* csum field; all other fields are left unchanged.
2382	*/
2383	offset = hoff + offsetof(struct ip, ip_sum);
2384	if (offset + sizeof (csum) > m->m_len) {
2385	m_copyback(m, offset, sizeof (csum), &csum);
2386	} else if (IP_HDR_ALIGNED_P(mtod(m, char *) + hoff)) {
2387	(uint16_t )(void )(mtod(m, char* *) + offset) = csum;
2388	} else {
2389	bcopy(&csum, (mtod(m, char ) + offset), sizeof* (csum));
2390	}
2391	m->m_pkthdr.csum_flags &= ~CSUM_DELAY_IP;
2392	}
2393
2394	done:
2395	return (sw_csum);
2396	}
2397
2398	/*
2399	* Insert IP options into preformed packet.
2400	* Adjust IP destination as required for IP source routing,
2401	* as indicated by a non-zero in_addr at the start of the options.
2402	*
2403	* XXX This routine assumes that the packet has no options in place.
2404	*/
2405	static struct mbuf *
2406	ip_insertoptions(struct mbuf m, struct* mbuf opt, int* *phlen)
2407	{
2408	struct ipoption p = mtod(opt, struct* ipoption *);
2409	struct mbuf *n;
2410	struct ip ip = mtod(m, struct* ip *);
2411	unsigned optlen;
2412
2413	optlen = opt->m_len - sizeof (p->ipopt_dst);
2414	if (optlen + (u_short)ip->ip_len > IP_MAXPACKET)
2415	return (m); / XXX should fail /
2416	if (p->ipopt_dst.s_addr)
2417	ip->ip_dst = p->ipopt_dst;
2418	if (m->m_flags & M_EXT \|\| m->m_data - optlen < m->m_pktdat) {
2419	MGETHDR(n, M_DONTWAIT, MT_HEADER); / MAC-OK /
2420	if (n == NULL)
2421	return (m);
2422	n->m_pkthdr.rcvif = `0`;
2423	#if CONFIG_MACF_NET
2424	mac_mbuf_label_copy(m, n);
2425	#endif /* CONFIG_MACF_NET */
2426	n->m_pkthdr.len = m->m_pkthdr.len + optlen;
2427	m->m_len -= sizeof (struct ip);
2428	m->m_data += sizeof (struct ip);
2429	n->m_next = m;
2430	m = n;
2431	m->m_len = optlen + sizeof (struct ip);
2432	m->m_data += max_linkhdr;
2433	(void) memcpy(mtod(m, void ), ip, sizeof* (struct ip));
2434	} else {
2435	m->m_data -= optlen;
2436	m->m_len += optlen;
2437	m->m_pkthdr.len += optlen;
2438	ovbcopy((caddr_t)ip, mtod(m, caddr_t), sizeof (struct ip));
2439	}
2440	ip = mtod(m, struct ip *);
2441	bcopy(p->ipopt_list, ip + `1`, optlen);
2442	phlen = sizeof* (struct ip) + optlen;
2443	ip->ip_vhl = IP_MAKE_VHL(IPVERSION, *phlen >> `2`);
2444	ip->ip_len += optlen;
2445	return (m);
2446	}
2447
2448	/*
2449	* Copy options from ip to jp,
2450	* omitting those not copied during fragmentation.
2451	*/
2452	static int
2453	ip_optcopy(struct ip ip, struct* ip *jp)
2454	{
2455	u_char cp, dp;
2456	int opt, optlen, cnt;
2457
2458	cp = (u_char *)(ip + `1`);
2459	dp = (u_char *)(jp + `1`);
2460	cnt = (IP_VHL_HL(ip->ip_vhl) << `2`) - sizeof (struct ip);
2461	for (; cnt > `0`; cnt -= optlen, cp += optlen) {
2462	opt = cp[`0`];
2463	if (opt == IPOPT_EOL)
2464	break;
2465	if (opt == IPOPT_NOP) {
2466	/ Preserve for IP mcast tunnel's LSRR alignment. /
2467	*dp++ = IPOPT_NOP;
2468	optlen = `1`;
2469	continue;
2470	}
2471	#if DIAGNOSTIC
2472	if (cnt < IPOPT_OLEN + sizeof (*cp)) {
2473	panic("malformed IPv4 option passed to ip_optcopy");
2474	/ NOTREACHED /
2475	}
2476	#endif
2477	optlen = cp[IPOPT_OLEN];
2478	#if DIAGNOSTIC
2479	if (optlen < IPOPT_OLEN + sizeof (*cp) \|\| optlen > cnt) {
2480	panic("malformed IPv4 option passed to ip_optcopy");
2481	/ NOTREACHED /
2482	}
2483	#endif
2484	/ bogus lengths should have been caught by ip_dooptions /
2485	if (optlen > cnt)
2486	optlen = cnt;
2487	if (IPOPT_COPIED(opt)) {
2488	bcopy(cp, dp, optlen);
2489	dp += optlen;
2490	}
2491	}
2492	for (optlen = dp - (u_char *)(jp+`1`); optlen & `0x3`; optlen++)
2493	*dp++ = IPOPT_EOL;
2494	return (optlen);
2495	}
2496
2497	/*
2498	* IP socket option processing.
2499	*/
2500	int
2501	ip_ctloutput(struct socket so, struct* sockopt *sopt)
2502	{
2503	struct inpcb *inp = sotoinpcb(so);
2504	int error, optval;
2505
2506	error = optval = `0`;
2507	if (sopt->sopt_level != IPPROTO_IP)
2508	return (EINVAL);
2509
2510	switch (sopt->sopt_dir) {
2511	case SOPT_SET:
2512	switch (sopt->sopt_name) {
2513	#ifdef notyet
2514	case IP_RETOPTS:
2515	#endif
2516	case IP_OPTIONS: {
2517	struct mbuf *m;
2518
2519	if (sopt->sopt_valsize > MLEN) {
2520	error = EMSGSIZE;
2521	break;
2522	}
2523	MGET(m, sopt->sopt_p != kernproc ? M_WAIT : M_DONTWAIT,
2524	MT_HEADER);
2525	if (m == NULL) {
2526	error = ENOBUFS;
2527	break;
2528	}
2529	m->m_len = sopt->sopt_valsize;
2530	error = sooptcopyin(sopt, mtod(m, char *),
2531	m->m_len, m->m_len);
2532	if (error) {
2533	m_freem(m);
2534	break;
2535	}
2536
2537	return (ip_pcbopts(sopt->sopt_name,
2538	&inp->inp_options, m));
2539	}
2540
2541	case IP_TOS:
2542	case IP_TTL:
2543	case IP_RECVOPTS:
2544	case IP_RECVRETOPTS:
2545	case IP_RECVDSTADDR:
2546	case IP_RECVIF:
2547	case IP_RECVTTL:
2548	case IP_RECVPKTINFO:
2549	case IP_RECVTOS:
2550	error = sooptcopyin(sopt, &optval, sizeof (optval),
2551	sizeof (optval));
2552	if (error)
2553	break;
2554
2555	switch (sopt->sopt_name) {
2556	case IP_TOS:
2557	inp->inp_ip_tos = optval;
2558	break;
2559
2560	case IP_TTL:
2561	inp->inp_ip_ttl = optval;
2562	break;
2563	#define OPTSET(bit) \
2564	if (optval) \
2565	inp->inp_flags \|= bit; \
2566	else \
2567	inp->inp_flags &= ~bit;
2568
2569	case IP_RECVOPTS:
2570	OPTSET(INP_RECVOPTS);
2571	break;
2572
2573	case IP_RECVRETOPTS:
2574	OPTSET(INP_RECVRETOPTS);
2575	break;
2576
2577	case IP_RECVDSTADDR:
2578	OPTSET(INP_RECVDSTADDR);
2579	break;
2580
2581	case IP_RECVIF:
2582	OPTSET(INP_RECVIF);
2583	break;
2584
2585	case IP_RECVTTL:
2586	OPTSET(INP_RECVTTL);
2587	break;
2588
2589	case IP_RECVPKTINFO:
2590	OPTSET(INP_PKTINFO);
2591	break;
2592
2593	case IP_RECVTOS:
2594	OPTSET(INP_RECVTOS);
2595	break;
2596	#undef OPTSET
2597	}
2598	break;
2599	/*
2600	* Multicast socket options are processed by the in_mcast
2601	* module.
2602	*/
2603	case IP_MULTICAST_IF:
2604	case IP_MULTICAST_IFINDEX:
2605	case IP_MULTICAST_VIF:
2606	case IP_MULTICAST_TTL:
2607	case IP_MULTICAST_LOOP:
2608	case IP_ADD_MEMBERSHIP:
2609	case IP_DROP_MEMBERSHIP:
2610	case IP_ADD_SOURCE_MEMBERSHIP:
2611	case IP_DROP_SOURCE_MEMBERSHIP:
2612	case IP_BLOCK_SOURCE:
2613	case IP_UNBLOCK_SOURCE:
2614	case IP_MSFILTER:
2615	case MCAST_JOIN_GROUP:
2616	case MCAST_LEAVE_GROUP:
2617	case MCAST_JOIN_SOURCE_GROUP:
2618	case MCAST_LEAVE_SOURCE_GROUP:
2619	case MCAST_BLOCK_SOURCE:
2620	case MCAST_UNBLOCK_SOURCE:
2621	error = inp_setmoptions(inp, sopt);
2622	break;
2623
2624	case IP_PORTRANGE:
2625	error = sooptcopyin(sopt, &optval, sizeof (optval),
2626	sizeof (optval));
2627	if (error)
2628	break;
2629
2630	switch (optval) {
2631	case IP_PORTRANGE_DEFAULT:
2632	inp->inp_flags &= ~(INP_LOWPORT);
2633	inp->inp_flags &= ~(INP_HIGHPORT);
2634	break;
2635
2636	case IP_PORTRANGE_HIGH:
2637	inp->inp_flags &= ~(INP_LOWPORT);
2638	inp->inp_flags \|= INP_HIGHPORT;
2639	break;
2640
2641	case IP_PORTRANGE_LOW:
2642	inp->inp_flags &= ~(INP_HIGHPORT);
2643	inp->inp_flags \|= INP_LOWPORT;
2644	break;
2645
2646	default:
2647	error = EINVAL;
2648	break;
2649	}
2650	break;
2651
2652	#if IPSEC
2653	case IP_IPSEC_POLICY: {
2654	caddr_t req = NULL;
2655	size_t len = `0`;
2656	int priv;
2657	struct mbuf *m;
2658	int optname;
2659
2660	if ((error = soopt_getm(sopt, &m)) != `0`) / XXX /
2661	break;
2662	if ((error = soopt_mcopyin(sopt, m)) != `0`) / XXX /
2663	break;
2664	priv = (proc_suser(sopt->sopt_p) == `0`);
2665	if (m) {
2666	req = mtod(m, caddr_t);
2667	len = m->m_len;
2668	}
2669	optname = sopt->sopt_name;
2670	error = ipsec4_set_policy(inp, optname, req, len, priv);
2671	m_freem(m);
2672	break;
2673	}
2674	#endif /* IPSEC */
2675
2676	#if TRAFFIC_MGT
2677	case IP_TRAFFIC_MGT_BACKGROUND: {
2678	unsigned background = `0`;
2679
2680	error = sooptcopyin(sopt, &background,
2681	sizeof (background), sizeof (background));
2682	if (error)
2683	break;
2684
2685	if (background) {
2686	socket_set_traffic_mgt_flags_locked(so,
2687	TRAFFIC_MGT_SO_BACKGROUND);
2688	} else {
2689	socket_clear_traffic_mgt_flags_locked(so,
2690	TRAFFIC_MGT_SO_BACKGROUND);
2691	}
2692
2693	break;
2694	}
2695	#endif /* TRAFFIC_MGT */
2696
2697	/*
2698	* On a multihomed system, scoped routing can be used to
2699	* restrict the source interface used for sending packets.
2700	* The socket option IP_BOUND_IF binds a particular AF_INET
2701	* socket to an interface such that data sent on the socket
2702	* is restricted to that interface. This is unlike the
2703	* SO_DONTROUTE option where the routing table is bypassed;
2704	* therefore it allows for a greater flexibility and control
2705	* over the system behavior, and does not place any restriction
2706	* on the destination address type (e.g. unicast, multicast,
2707	* or broadcast if applicable) or whether or not the host is
2708	* directly reachable. Note that in the multicast transmit
2709	* case, IP_MULTICAST_{IF,IFINDEX} takes precedence over
2710	* IP_BOUND_IF, since the former practically bypasses the
2711	* routing table; in this case, IP_BOUND_IF sets the default
2712	* interface used for sending multicast packets in the absence
2713	* of an explicit multicast transmit interface.
2714	*/
2715	case IP_BOUND_IF:
2716	/ This option is settable only for IPv4 /
2717	if (!(inp->inp_vflag & INP_IPV4)) {
2718	error = EINVAL;
2719	break;
2720	}
2721
2722	error = sooptcopyin(sopt, &optval, sizeof (optval),
2723	sizeof (optval));
2724
2725	if (error)
2726	break;
2727
2728	error = inp_bindif(inp, optval, NULL);
2729	break;
2730
2731	case IP_NO_IFT_CELLULAR:
2732	/ This option is settable only for IPv4 /
2733	if (!(inp->inp_vflag & INP_IPV4)) {
2734	error = EINVAL;
2735	break;
2736	}
2737
2738	error = sooptcopyin(sopt, &optval, sizeof (optval),
2739	sizeof (optval));
2740
2741	if (error)
2742	break;
2743
2744	/ once set, it cannot be unset /
2745	if (!optval && INP_NO_CELLULAR(inp)) {
2746	error = EINVAL;
2747	break;
2748	}
2749
2750	error = so_set_restrictions(so,
2751	SO_RESTRICT_DENY_CELLULAR);
2752	break;
2753
2754	case IP_OUT_IF:
2755	/ This option is not settable /
2756	error = EINVAL;
2757	break;
2758
2759	default:
2760	error = ENOPROTOOPT;
2761	break;
2762	}
2763	break;
2764
2765	case SOPT_GET:
2766	switch (sopt->sopt_name) {
2767	case IP_OPTIONS:
2768	case IP_RETOPTS:
2769	if (inp->inp_options) {
2770	error = sooptcopyout(sopt,
2771	mtod(inp->inp_options, char *),
2772	inp->inp_options->m_len);
2773	} else {
2774	sopt->sopt_valsize = `0`;
2775	}
2776	break;
2777
2778	case IP_TOS:
2779	case IP_TTL:
2780	case IP_RECVOPTS:
2781	case IP_RECVRETOPTS:
2782	case IP_RECVDSTADDR:
2783	case IP_RECVIF:
2784	case IP_RECVTTL:
2785	case IP_PORTRANGE:
2786	case IP_RECVPKTINFO:
2787	case IP_RECVTOS:
2788	switch (sopt->sopt_name) {
2789	case IP_TOS:
2790	optval = inp->inp_ip_tos;
2791	break;
2792
2793	case IP_TTL:
2794	optval = inp->inp_ip_ttl;
2795	break;
2796
2797	#define OPTBIT(bit) (inp->inp_flags & bit ? 1 : 0)
2798
2799	case IP_RECVOPTS:
2800	optval = OPTBIT(INP_RECVOPTS);
2801	break;
2802
2803	case IP_RECVRETOPTS:
2804	optval = OPTBIT(INP_RECVRETOPTS);
2805	break;
2806
2807	case IP_RECVDSTADDR:
2808	optval = OPTBIT(INP_RECVDSTADDR);
2809	break;
2810
2811	case IP_RECVIF:
2812	optval = OPTBIT(INP_RECVIF);
2813	break;
2814
2815	case IP_RECVTTL:
2816	optval = OPTBIT(INP_RECVTTL);
2817	break;
2818
2819	case IP_PORTRANGE:
2820	if (inp->inp_flags & INP_HIGHPORT)
2821	optval = IP_PORTRANGE_HIGH;
2822	else if (inp->inp_flags & INP_LOWPORT)
2823	optval = IP_PORTRANGE_LOW;
2824	else
2825	optval = `0`;
2826	break;
2827
2828	case IP_RECVPKTINFO:
2829	optval = OPTBIT(INP_PKTINFO);
2830	break;
2831
2832	case IP_RECVTOS:
2833	optval = OPTBIT(INP_RECVTOS);
2834	break;
2835	}
2836	error = sooptcopyout(sopt, &optval, sizeof (optval));
2837	break;
2838
2839	case IP_MULTICAST_IF:
2840	case IP_MULTICAST_IFINDEX:
2841	case IP_MULTICAST_VIF:
2842	case IP_MULTICAST_TTL:
2843	case IP_MULTICAST_LOOP:
2844	case IP_MSFILTER:
2845	error = inp_getmoptions(inp, sopt);
2846	break;
2847
2848	#if IPSEC
2849	case IP_IPSEC_POLICY: {
2850	error = `0`; / This option is no longer supported /
2851	break;
2852	}
2853	#endif /* IPSEC */
2854
2855	#if TRAFFIC_MGT
2856	case IP_TRAFFIC_MGT_BACKGROUND: {
2857	unsigned background = (so->so_flags1 &
2858	SOF1_TRAFFIC_MGT_SO_BACKGROUND) ? `1` : `0`;
2859	return (sooptcopyout(sopt, &background,
2860	sizeof (background)));
2861	}
2862	#endif /* TRAFFIC_MGT */
2863
2864	case IP_BOUND_IF:
2865	if (inp->inp_flags & INP_BOUND_IF)
2866	optval = inp->inp_boundifp->if_index;
2867	error = sooptcopyout(sopt, &optval, sizeof (optval));
2868	break;
2869
2870	case IP_NO_IFT_CELLULAR:
2871	optval = INP_NO_CELLULAR(inp) ? `1` : `0`;
2872	error = sooptcopyout(sopt, &optval, sizeof (optval));
2873	break;
2874
2875	case IP_OUT_IF:
2876	optval = (inp->inp_last_outifp != NULL) ?
2877	inp->inp_last_outifp->if_index : `0`;
2878	error = sooptcopyout(sopt, &optval, sizeof (optval));
2879	break;
2880
2881	default:
2882	error = ENOPROTOOPT;
2883	break;
2884	}
2885	break;
2886	}
2887	return (error);
2888	}
2889
2890	/*
2891	* Set up IP options in pcb for insertion in output packets.
2892	* Store in mbuf with pointer in pcbopt, adding pseudo-option
2893	* with destination address if source routed.
2894	*/
2895	static int
2896	ip_pcbopts(int optname, struct mbuf pcbopt, struct** mbuf *m)
2897	{
2898	#pragma unused(optname)
2899	int cnt, optlen;
2900	u_char *cp;
2901	u_char opt;
2902
2903	/ turn off any old options /
2904	if (*pcbopt)
2905	(void) m_free(*pcbopt);
2906	*pcbopt = `0`;
2907	if (m == (struct mbuf *)`0` \|\| m->m_len == `0`) {
2908	/*
2909	* Only turning off any previous options.
2910	*/
2911	if (m)
2912	(void) m_free(m);
2913	return (`0`);
2914	}
2915
2916	if (m->m_len % sizeof (int32_t))
2917	goto bad;
2918
2919	/*
2920	* IP first-hop destination address will be stored before
2921	* actual options; move other options back
2922	* and clear it when none present.
2923	*/
2924	if (m->m_data + m->m_len + sizeof (struct in_addr) >= &m->m_dat[MLEN])
2925	goto bad;
2926	cnt = m->m_len;
2927	m->m_len += sizeof (struct in_addr);
2928	cp = mtod(m, u_char ) + sizeof* (struct in_addr);
2929	ovbcopy(mtod(m, caddr_t), (caddr_t)cp, (unsigned)cnt);
2930	bzero(mtod(m, caddr_t), sizeof (struct in_addr));
2931
2932	for (; cnt > `0`; cnt -= optlen, cp += optlen) {
2933	opt = cp[IPOPT_OPTVAL];
2934	if (opt == IPOPT_EOL)
2935	break;
2936	if (opt == IPOPT_NOP)
2937	optlen = `1`;
2938	else {
2939	if (cnt < IPOPT_OLEN + sizeof (*cp))
2940	goto bad;
2941	optlen = cp[IPOPT_OLEN];
2942	if (optlen < IPOPT_OLEN + sizeof (*cp) \|\| optlen > cnt)
2943	goto bad;
2944	}
2945	switch (opt) {
2946
2947	default:
2948	break;
2949
2950	case IPOPT_LSRR:
2951	case IPOPT_SSRR:
2952	/*
2953	* user process specifies route as:
2954	* ->A->B->C->D
2955	* D must be our final destination (but we can't
2956	* check that since we may not have connected yet).
2957	* A is first hop destination, which doesn't appear in
2958	* actual IP option, but is stored before the options.
2959	*/
2960	if (optlen < IPOPT_MINOFF - `1` + sizeof (struct in_addr))
2961	goto bad;
2962	m->m_len -= sizeof (struct in_addr);
2963	cnt -= sizeof (struct in_addr);
2964	optlen -= sizeof (struct in_addr);
2965	cp[IPOPT_OLEN] = optlen;
2966	/*
2967	* Move first hop before start of options.
2968	*/
2969	bcopy((caddr_t)&cp[IPOPT_OFFSET+`1`], mtod(m, caddr_t),
2970	sizeof (struct in_addr));
2971	/*
2972	* Then copy rest of options back
2973	* to close up the deleted entry.
2974	*/
2975	ovbcopy((caddr_t)(&cp[IPOPT_OFFSET+`1`] +
2976	sizeof (struct in_addr)),
2977	(caddr_t)&cp[IPOPT_OFFSET+`1`],
2978	(unsigned)cnt + sizeof (struct in_addr));
2979	break;
2980	}
2981	}
2982	if (m->m_len > MAX_IPOPTLEN + sizeof (struct in_addr))
2983	goto bad;
2984	*pcbopt = m;
2985	return (`0`);
2986
2987	bad:
2988	(void) m_free(m);
2989	return (EINVAL);
2990	}
2991
2992	void
2993	ip_moptions_init(void)
2994	{
2995	PE_parse_boot_argn("ifa_debug", &imo_debug, sizeof (imo_debug));
2996
2997	imo_size = (imo_debug == `0`) ? sizeof (struct ip_moptions) :
2998	sizeof (struct ip_moptions_dbg);
2999
3000	imo_zone = zinit(imo_size, IMO_ZONE_MAX * imo_size, `0`,
3001	IMO_ZONE_NAME);
3002	if (imo_zone == NULL) {
3003	panic("%s: failed allocating %s", __func__, IMO_ZONE_NAME);
3004	/ NOTREACHED /
3005	}
3006	zone_change(imo_zone, Z_EXPAND, TRUE);
3007	}
3008
3009	void
3010	imo_addref(struct ip_moptions imo, int* locked)
3011	{
3012	if (!locked)
3013	IMO_LOCK(imo);
3014	else
3015	IMO_LOCK_ASSERT_HELD(imo);
3016
3017	if (++imo->imo_refcnt == `0`) {
3018	panic("%s: imo %p wraparound refcnt\n", __func__, imo);
3019	/ NOTREACHED /
3020	} else if (imo->imo_trace != NULL) {
3021	(*imo->imo_trace)(imo, TRUE);
3022	}
3023
3024	if (!locked)
3025	IMO_UNLOCK(imo);
3026	}
3027
3028	void
3029	imo_remref(struct ip_moptions *imo)
3030	{
3031	int i;
3032
3033	IMO_LOCK(imo);
3034	if (imo->imo_refcnt == `0`) {
3035	panic("%s: imo %p negative refcnt", __func__, imo);
3036	/ NOTREACHED /
3037	} else if (imo->imo_trace != NULL) {
3038	(*imo->imo_trace)(imo, FALSE);
3039	}
3040
3041	--imo->imo_refcnt;
3042	if (imo->imo_refcnt > `0`) {
3043	IMO_UNLOCK(imo);
3044	return;
3045	}
3046
3047	for (i = `0`; i < imo->imo_num_memberships; ++i) {
3048	struct in_mfilter *imf;
3049
3050	imf = imo->imo_mfilters ? &imo->imo_mfilters[i] : NULL;
3051	if (imf != NULL)
3052	imf_leave(imf);
3053
3054	(void) in_leavegroup(imo->imo_membership[i], imf);
3055
3056	if (imf != NULL)
3057	imf_purge(imf);
3058
3059	INM_REMREF(imo->imo_membership[i]);
3060	imo->imo_membership[i] = NULL;
3061	}
3062	imo->imo_num_memberships = `0`;
3063	if (imo->imo_mfilters != NULL) {
3064	FREE(imo->imo_mfilters, M_INMFILTER);
3065	imo->imo_mfilters = NULL;
3066	}
3067	if (imo->imo_membership != NULL) {
3068	FREE(imo->imo_membership, M_IPMOPTS);
3069	imo->imo_membership = NULL;
3070	}
3071	IMO_UNLOCK(imo);
3072
3073	lck_mtx_destroy(&imo->imo_lock, ifa_mtx_grp);
3074
3075	if (!(imo->imo_debug & IFD_ALLOC)) {
3076	panic("%s: imo %p cannot be freed", __func__, imo);
3077	/ NOTREACHED /
3078	}
3079	zfree(imo_zone, imo);
3080	}
3081
3082	static void
3083	imo_trace(struct ip_moptions imo, int* refhold)
3084	{
3085	struct ip_moptions_dbg imo_dbg = (struct* ip_moptions_dbg *)imo;
3086	ctrace_t *tr;
3087	u_int32_t idx;
3088	u_int16_t *cnt;
3089
3090	if (!(imo->imo_debug & IFD_DEBUG)) {
3091	panic("%s: imo %p has no debug structure", __func__, imo);
3092	/ NOTREACHED /
3093	}
3094	if (refhold) {
3095	cnt = &imo_dbg->imo_refhold_cnt;
3096	tr = imo_dbg->imo_refhold;
3097	} else {
3098	cnt = &imo_dbg->imo_refrele_cnt;
3099	tr = imo_dbg->imo_refrele;
3100	}
3101
3102	idx = atomic_add_16_ov(cnt, `1`) % IMO_TRACE_HIST_SIZE;
3103	ctrace_record(&tr[idx]);
3104	}
3105
3106	struct ip_moptions *
3107	ip_allocmoptions(int how)
3108	{
3109	struct ip_moptions *imo;
3110
3111	imo = (how == M_WAITOK) ? zalloc(imo_zone) : zalloc_noblock(imo_zone);
3112	if (imo != NULL) {
3113	bzero(imo, imo_size);
3114	lck_mtx_init(&imo->imo_lock, ifa_mtx_grp, ifa_mtx_attr);
3115	imo->imo_debug \|= IFD_ALLOC;
3116	if (imo_debug != `0`) {
3117	imo->imo_debug \|= IFD_DEBUG;
3118	imo->imo_trace = imo_trace;
3119	}
3120	IMO_ADDREF(imo);
3121	}
3122
3123	return (imo);
3124	}
3125
3126	/*
3127	* Routine called from ip_output() to loop back a copy of an IP multicast
3128	* packet to the input queue of a specified interface. Note that this
3129	* calls the output routine of the loopback "driver", but with an interface
3130	* pointer that might NOT be a loopback interface -- evil, but easier than
3131	* replicating that code here.
3132	*/
3133	static void
3134	ip_mloopback(struct ifnet srcifp, struct* ifnet origifp, struct* mbuf *m,
3135	struct sockaddr_in dst, int* hlen)
3136	{
3137	struct mbuf *copym;
3138	struct ip *ip;
3139
3140	if (lo_ifp == NULL)
3141	return;
3142
3143	/*
3144	* Copy the packet header as it's needed for the checksum
3145	* Make sure to deep-copy IP header portion in case the data
3146	* is in an mbuf cluster, so that we can safely override the IP
3147	* header portion later.
3148	*/
3149	copym = m_copym_mode(m, `0`, M_COPYALL, M_DONTWAIT, M_COPYM_COPY_HDR);
3150	if (copym != NULL && ((copym->m_flags & M_EXT) \|\| copym->m_len < hlen))
3151	copym = m_pullup(copym, hlen);
3152
3153	if (copym == NULL)
3154	return;
3155
3156	/*
3157	* We don't bother to fragment if the IP length is greater
3158	* than the interface's MTU. Can this possibly matter?
3159	*/
3160	ip = mtod(copym, struct ip *);
3161	#if BYTE_ORDER != BIG_ENDIAN
3162	HTONS(ip->ip_len);
3163	HTONS(ip->ip_off);
3164	#endif
3165	ip->ip_sum = `0`;
3166	ip->ip_sum = ip_cksum_hdr_out(copym, hlen);
3167
3168	/*
3169	* Mark checksum as valid unless receive checksum offload is
3170	* disabled; if so, compute checksum in software. If the
3171	* interface itself is lo0, this will be overridden by if_loop.
3172	*/
3173	if (hwcksum_rx) {
3174	copym->m_pkthdr.csum_flags &= ~(CSUM_PARTIAL\|CSUM_ZERO_INVERT);
3175	copym->m_pkthdr.csum_flags \|=
3176	CSUM_DATA_VALID \| CSUM_PSEUDO_HDR;
3177	copym->m_pkthdr.csum_data = `0xffff`;
3178	} else if (copym->m_pkthdr.csum_flags & CSUM_DELAY_DATA) {
3179	#if BYTE_ORDER != BIG_ENDIAN
3180	NTOHS(ip->ip_len);
3181	#endif
3182	in_delayed_cksum(copym);
3183	#if BYTE_ORDER != BIG_ENDIAN
3184	HTONS(ip->ip_len);
3185	#endif
3186	}
3187
3188	/*
3189	* Stuff the 'real' ifp into the pkthdr, to be used in matching
3190	* in ip_input(); we need the loopback ifp/dl_tag passed as args
3191	* to make the loopback driver compliant with the data link
3192	* requirements.
3193	*/
3194	copym->m_pkthdr.rcvif = origifp;
3195
3196	/*
3197	* Also record the source interface (which owns the source address).
3198	* This is basically a stripped down version of ifa_foraddr().
3199	*/
3200	if (srcifp == NULL) {
3201	struct in_ifaddr *ia;
3202
3203	lck_rw_lock_shared(in_ifaddr_rwlock);
3204	TAILQ_FOREACH(ia, INADDR_HASH(ip->ip_src.s_addr), ia_hash) {
3205	IFA_LOCK_SPIN(&ia->ia_ifa);
3206	if (IA_SIN(ia)->sin_addr.s_addr == ip->ip_src.s_addr) {
3207	srcifp = ia->ia_ifp;
3208	IFA_UNLOCK(&ia->ia_ifa);
3209	break;
3210	}
3211	IFA_UNLOCK(&ia->ia_ifa);
3212	}
3213	lck_rw_done(in_ifaddr_rwlock);
3214	}
3215	if (srcifp != NULL)
3216	ip_setsrcifaddr_info(copym, srcifp->if_index, NULL);
3217	ip_setdstifaddr_info(copym, origifp->if_index, NULL);
3218
3219	dlil_output(lo_ifp, PF_INET, copym, NULL, SA(dst), `0`, NULL);
3220	}
3221
3222	/*
3223	* Given a source IP address (and route, if available), determine the best
3224	* interface to send the packet from. Checking for (and updating) the
3225	* ROF_SRCIF_SELECTED flag in the pcb-supplied route placeholder is done
3226	* without any locks based on the assumption that ip_output() is single-
3227	* threaded per-pcb, i.e. for any given pcb there can only be one thread
3228	* performing output at the IP layer.
3229	*
3230	* This routine is analogous to in6_selectroute() for IPv6.
3231	*/
3232	static struct ifaddr *
3233	in_selectsrcif(struct ip ip, struct* route ro, unsigned* int ifscope)
3234	{
3235	struct ifaddr *ifa = NULL;
3236	struct in_addr src = ip->ip_src;
3237	struct in_addr dst = ip->ip_dst;
3238	struct ifnet *rt_ifp;
3239	char s_src[MAX_IPv4_STR_LEN], s_dst[MAX_IPv4_STR_LEN];
3240
3241	VERIFY(src.s_addr != INADDR_ANY);
3242
3243	if (ip_select_srcif_debug) {
3244	(void) inet_ntop(AF_INET, &src.s_addr, s_src, sizeof (s_src));
3245	(void) inet_ntop(AF_INET, &dst.s_addr, s_dst, sizeof (s_dst));
3246	}
3247
3248	if (ro->ro_rt != NULL)
3249	RT_LOCK(ro->ro_rt);
3250
3251	rt_ifp = (ro->ro_rt != NULL) ? ro->ro_rt->rt_ifp : NULL;
3252
3253	/*
3254	* Given the source IP address, find a suitable source interface
3255	* to use for transmission; if the caller has specified a scope,
3256	* optimize the search by looking at the addresses only for that
3257	* interface. This is still suboptimal, however, as we need to
3258	* traverse the per-interface list.
3259	*/
3260	if (ifscope != IFSCOPE_NONE \|\| ro->ro_rt != NULL) {
3261	unsigned int scope = ifscope;
3262
3263	/*
3264	* If no scope is specified and the route is stale (pointing
3265	* to a defunct interface) use the current primary interface;
3266	* this happens when switching between interfaces configured
3267	* with the same IP address. Otherwise pick up the scope
3268	* information from the route; the ULP may have looked up a
3269	* correct route and we just need to verify it here and mark
3270	* it with the ROF_SRCIF_SELECTED flag below.
3271	*/
3272	if (scope == IFSCOPE_NONE) {
3273	scope = rt_ifp->if_index;
3274	if (scope != get_primary_ifscope(AF_INET) &&
3275	ROUTE_UNUSABLE(ro))
3276	scope = get_primary_ifscope(AF_INET);
3277	}
3278
3279	ifa = (struct ifaddr *)ifa_foraddr_scoped(src.s_addr, scope);
3280
3281	if (ifa == NULL && ip->ip_p != IPPROTO_UDP &&
3282	ip->ip_p != IPPROTO_TCP && ipforwarding) {
3283	/*
3284	* If forwarding is enabled, and if the packet isn't
3285	* TCP or UDP, check if the source address belongs
3286	* to one of our own interfaces; if so, demote the
3287	* interface scope and do a route lookup right below.
3288	*/
3289	ifa = (struct ifaddr *)ifa_foraddr(src.s_addr);
3290	if (ifa != NULL) {
3291	IFA_REMREF(ifa);
3292	ifa = NULL;
3293	ifscope = IFSCOPE_NONE;
3294	}
3295	}
3296
3297	if (ip_select_srcif_debug && ifa != NULL) {
3298	if (ro->ro_rt != NULL) {
3299	printf("%s->%s ifscope %d->%d ifa_if %s "
3300	"ro_if %s\n", s_src, s_dst, ifscope,
3301	scope, if_name(ifa->ifa_ifp),
3302	if_name(rt_ifp));
3303	} else {
3304	printf("%s->%s ifscope %d->%d ifa_if %s\n",
3305	s_src, s_dst, ifscope, scope,
3306	if_name(ifa->ifa_ifp));
3307	}
3308	}
3309	}
3310
3311	/*
3312	* Slow path; search for an interface having the corresponding source
3313	* IP address if the scope was not specified by the caller, and:
3314	*
3315	* 1) There currently isn't any route, or,
3316	* 2) The interface used by the route does not own that source
3317	* IP address; in this case, the route will get blown away
3318	* and we'll do a more specific scoped search using the newly
3319	* found interface.
3320	*/
3321	if (ifa == NULL && ifscope == IFSCOPE_NONE) {
3322	ifa = (struct ifaddr *)ifa_foraddr(src.s_addr);
3323
3324	/*
3325	* If we have the IP address, but not the route, we don't
3326	* really know whether or not it belongs to the correct
3327	* interface (it could be shared across multiple interfaces.)
3328	* The only way to find out is to do a route lookup.
3329	*/
3330	if (ifa != NULL && ro->ro_rt == NULL) {
3331	struct rtentry *rt;
3332	struct sockaddr_in sin;
3333	struct ifaddr *oifa = NULL;
3334
3335	bzero(&sin, sizeof (sin));
3336	sin.sin_family = AF_INET;
3337	sin.sin_len = sizeof (sin);
3338	sin.sin_addr = dst;
3339
3340	lck_mtx_lock(rnh_lock);
3341	if ((rt = rt_lookup(TRUE, SA(&sin), NULL,
3342	rt_tables[AF_INET], IFSCOPE_NONE)) != NULL) {
3343	RT_LOCK(rt);
3344	/*
3345	* If the route uses a different interface,
3346	* use that one instead. The IP address of
3347	* the ifaddr that we pick up here is not
3348	* relevant.
3349	*/
3350	if (ifa->ifa_ifp != rt->rt_ifp) {
3351	oifa = ifa;
3352	ifa = rt->rt_ifa;
3353	IFA_ADDREF(ifa);
3354	RT_UNLOCK(rt);
3355	} else {
3356	RT_UNLOCK(rt);
3357	}
3358	rtfree_locked(rt);
3359	}
3360	lck_mtx_unlock(rnh_lock);
3361
3362	if (oifa != NULL) {
3363	struct ifaddr *iifa;
3364
3365	/*
3366	* See if the interface pointed to by the
3367	* route is configured with the source IP
3368	* address of the packet.
3369	*/
3370	iifa = (struct ifaddr *)ifa_foraddr_scoped(
3371	src.s_addr, ifa->ifa_ifp->if_index);
3372
3373	if (iifa != NULL) {
3374	/*
3375	* Found it; drop the original one
3376	* as well as the route interface
3377	* address, and use this instead.
3378	*/
3379	IFA_REMREF(oifa);
3380	IFA_REMREF(ifa);
3381	ifa = iifa;
3382	} else if (!ipforwarding \|\|
3383	(rt->rt_flags & RTF_GATEWAY)) {
3384	/*
3385	* This interface doesn't have that
3386	* source IP address; drop the route
3387	* interface address and just use the
3388	* original one, and let the caller
3389	* do a scoped route lookup.
3390	*/
3391	IFA_REMREF(ifa);
3392	ifa = oifa;
3393	} else {
3394	/*
3395	* Forwarding is enabled and the source
3396	* address belongs to one of our own
3397	* interfaces which isn't the outgoing
3398	* interface, and we have a route, and
3399	* the destination is on a network that
3400	* is directly attached (onlink); drop
3401	* the original one and use the route
3402	* interface address instead.
3403	*/
3404	IFA_REMREF(oifa);
3405	}
3406	}
3407	} else if (ifa != NULL && ro->ro_rt != NULL &&
3408	!(ro->ro_rt->rt_flags & RTF_GATEWAY) &&
3409	ifa->ifa_ifp != ro->ro_rt->rt_ifp && ipforwarding) {
3410	/*
3411	* Forwarding is enabled and the source address belongs
3412	* to one of our own interfaces which isn't the same
3413	* as the interface used by the known route; drop the
3414	* original one and use the route interface address.
3415	*/
3416	IFA_REMREF(ifa);
3417	ifa = ro->ro_rt->rt_ifa;
3418	IFA_ADDREF(ifa);
3419	}
3420
3421	if (ip_select_srcif_debug && ifa != NULL) {
3422	printf("%s->%s ifscope %d ifa_if %s\n",
3423	s_src, s_dst, ifscope, if_name(ifa->ifa_ifp));
3424	}
3425	}
3426
3427	if (ro->ro_rt != NULL)
3428	RT_LOCK_ASSERT_HELD(ro->ro_rt);
3429	/*
3430	* If there is a non-loopback route with the wrong interface, or if
3431	* there is no interface configured with such an address, blow it
3432	* away. Except for local/loopback, we look for one with a matching
3433	* interface scope/index.
3434	*/
3435	if (ro->ro_rt != NULL &&
3436	(ifa == NULL \|\| (ifa->ifa_ifp != rt_ifp && rt_ifp != lo_ifp) \|\|
3437	!(ro->ro_rt->rt_flags & RTF_UP))) {
3438	if (ip_select_srcif_debug) {
3439	if (ifa != NULL) {
3440	printf("%s->%s ifscope %d ro_if %s != "
3441	"ifa_if %s (cached route cleared)\n",
3442	s_src, s_dst, ifscope, if_name(rt_ifp),
3443	if_name(ifa->ifa_ifp));
3444	} else {
3445	printf("%s->%s ifscope %d ro_if %s "
3446	"(no ifa_if found)\n",
3447	s_src, s_dst, ifscope, if_name(rt_ifp));
3448	}
3449	}
3450
3451	RT_UNLOCK(ro->ro_rt);
3452	ROUTE_RELEASE(ro);
3453
3454	/*
3455	* If the destination is IPv4 LLA and the route's interface
3456	* doesn't match the source interface, then the source IP
3457	* address is wrong; it most likely belongs to the primary
3458	* interface associated with the IPv4 LL subnet. Drop the
3459	* packet rather than letting it go out and return an error
3460	* to the ULP. This actually applies not only to IPv4 LL
3461	* but other shared subnets; for now we explicitly test only
3462	* for the former case and save the latter for future.
3463	*/
3464	if (IN_LINKLOCAL(ntohl(dst.s_addr)) &&
3465	!IN_LINKLOCAL(ntohl(src.s_addr)) && ifa != NULL) {
3466	IFA_REMREF(ifa);
3467	ifa = NULL;
3468	}
3469	}
3470
3471	if (ip_select_srcif_debug && ifa == NULL) {
3472	printf("%s->%s ifscope %d (neither ro_if/ifa_if found)\n",
3473	s_src, s_dst, ifscope);
3474	}
3475
3476	/*
3477	* If there is a route, mark it accordingly. If there isn't one,
3478	* we'll get here again during the next transmit (possibly with a
3479	* route) and the flag will get set at that point. For IPv4 LLA
3480	* destination, mark it only if the route has been fully resolved;
3481	* otherwise we want to come back here again when the route points
3482	* to the interface over which the ARP reply arrives on.
3483	*/
3484	if (ro->ro_rt != NULL && (!IN_LINKLOCAL(ntohl(dst.s_addr)) \|\|
3485	(ro->ro_rt->rt_gateway->sa_family == AF_LINK &&
3486	SDL(ro->ro_rt->rt_gateway)->sdl_alen != `0`))) {
3487	if (ifa != NULL)
3488	IFA_ADDREF(ifa); / for route /
3489	if (ro->ro_srcia != NULL)
3490	IFA_REMREF(ro->ro_srcia);
3491	ro->ro_srcia = ifa;
3492	ro->ro_flags \|= ROF_SRCIF_SELECTED;
3493	RT_GENID_SYNC(ro->ro_rt);
3494	}
3495
3496	if (ro->ro_rt != NULL)
3497	RT_UNLOCK(ro->ro_rt);
3498
3499	return (ifa);
3500	}
3501
3502	/*
3503	* @brief Given outgoing interface it determines what checksum needs
3504	* to be computed in software and what needs to be offloaded to the
3505	* interface.
3506	*
3507	* @param ifp Pointer to the outgoing interface
3508	* @param m Pointer to the packet
3509	* @param hlen IP header length
3510	* @param ip_len Total packet size i.e. headers + data payload
3511	* @param sw_csum Pointer to a software checksum flag set
3512	*
3513	* @return void
3514	*/
3515	void
3516	ip_output_checksum(struct ifnet ifp, struct* mbuf m, int* hlen, int ip_len,
3517	uint32_t *sw_csum)
3518	{
3519	int tso = TSO_IPV4_OK(ifp, m);
3520	uint32_t hwcap = ifp->if_hwassist;
3521
3522	m->m_pkthdr.csum_flags \|= CSUM_IP;
3523
3524	if (!hwcksum_tx) {
3525	/ do all in software; hardware checksum offload is disabled /
3526	*sw_csum = (CSUM_DELAY_DATA \| CSUM_DELAY_IP) &
3527	m->m_pkthdr.csum_flags;
3528	} else {
3529	/ do in software what the hardware cannot /
3530	*sw_csum = m->m_pkthdr.csum_flags &
3531	~IF_HWASSIST_CSUM_FLAGS(hwcap);
3532	}
3533
3534	if (hlen != sizeof (struct ip)) {
3535	*sw_csum \|= ((CSUM_DELAY_DATA \| CSUM_DELAY_IP) &
3536	m->m_pkthdr.csum_flags);
3537	} else if (!(*sw_csum & CSUM_DELAY_DATA) && (hwcap & CSUM_PARTIAL)) {
3538	int interface_mtu = ifp->if_mtu;
3539
3540	if (INTF_ADJUST_MTU_FOR_CLAT46(ifp)) {
3541	interface_mtu = IN6_LINKMTU(ifp);
3542	/ Further adjust the size for CLAT46 expansion /
3543	interface_mtu -= CLAT46_HDR_EXPANSION_OVERHD;
3544	}
3545
3546	/*
3547	* Partial checksum offload, if non-IP fragment, and TCP only
3548	* (no UDP support, as the hardware may not be able to convert
3549	* +0 to -0 (0xffff) per RFC1122 4.1.3.4. unless the interface
3550	* supports "invert zero" capability.)
3551	*/
3552	if (hwcksum_tx && !tso &&
3553	((m->m_pkthdr.csum_flags & CSUM_TCP) \|\|
3554	((hwcap & CSUM_ZERO_INVERT) &&
3555	(m->m_pkthdr.csum_flags & CSUM_ZERO_INVERT))) &&
3556	ip_len <= interface_mtu) {
3557	uint16_t start = sizeof (struct ip);
3558	uint16_t ulpoff = m->m_pkthdr.csum_data & `0xffff`;
3559	m->m_pkthdr.csum_flags \|=
3560	(CSUM_DATA_VALID \| CSUM_PARTIAL);
3561	m->m_pkthdr.csum_tx_stuff = (ulpoff + start);
3562	m->m_pkthdr.csum_tx_start = start;
3563	/ do IP hdr chksum in software /
3564	*sw_csum = CSUM_DELAY_IP;
3565	} else {
3566	*sw_csum \|= (CSUM_DELAY_DATA & m->m_pkthdr.csum_flags);
3567	}
3568	}
3569
3570	if (*sw_csum & CSUM_DELAY_DATA) {
3571	in_delayed_cksum(m);
3572	*sw_csum &= ~CSUM_DELAY_DATA;
3573	}
3574
3575	if (hwcksum_tx) {
3576	/*
3577	* Drop off bits that aren't supported by hardware;
3578	* also make sure to preserve non-checksum related bits.
3579	*/
3580	m->m_pkthdr.csum_flags =
3581	((m->m_pkthdr.csum_flags &
3582	(IF_HWASSIST_CSUM_FLAGS(hwcap) \| CSUM_DATA_VALID)) \|
3583	(m->m_pkthdr.csum_flags & ~IF_HWASSIST_CSUM_MASK));
3584	} else {
3585	/ drop all bits; hardware checksum offload is disabled /
3586	m->m_pkthdr.csum_flags = `0`;
3587	}
3588	}
3589
3590	/*
3591	* GRE protocol output for PPP/PPTP
3592	*/
3593	int
3594	ip_gre_output(struct mbuf *m)
3595	{
3596	struct route ro;
3597	int error;
3598
3599	bzero(&ro, sizeof (ro));
3600
3601	error = ip_output(m, NULL, &ro, `0`, NULL, NULL);
3602
3603	ROUTE_RELEASE(&ro);
3604
3605	return (error);
3606	}
3607
3608	static int
3609	sysctl_reset_ip_output_stats SYSCTL_HANDLER_ARGS
3610	{
3611	#pragma unused(arg1, arg2)
3612	int error, i;
3613
3614	i = ip_output_measure;
3615	error = sysctl_handle_int(oidp, &i, `0`, req);
3616	if (error \|\| req->newptr == USER_ADDR_NULL)
3617	goto done;
3618	/ impose bounds /
3619	if (i < `0` \|\| i > `1`) {
3620	error = EINVAL;
3621	goto done;
3622	}
3623	if (ip_output_measure != i && i == `1`) {
3624	net_perf_initialize(&net_perf, ip_output_measure_bins);
3625	}
3626	ip_output_measure = i;
3627	done:
3628	return (error);
3629	}
3630
3631	static int
3632	sysctl_ip_output_measure_bins SYSCTL_HANDLER_ARGS
3633	{
3634	#pragma unused(arg1, arg2)
3635	int error;
3636	uint64_t i;
3637
3638	i = ip_output_measure_bins;
3639	error = sysctl_handle_quad(oidp, &i, `0`, req);
3640	if (error \|\| req->newptr == USER_ADDR_NULL)
3641	goto done;
3642	/ validate data /
3643	if (!net_perf_validate_bins(i)) {
3644	error = EINVAL;
3645	goto done;
3646	}
3647	ip_output_measure_bins = i;
3648	done:
3649	return (error);
3650	}
3651
3652	static int
3653	sysctl_ip_output_getperf SYSCTL_HANDLER_ARGS
3654	{
3655	#pragma unused(oidp, arg1, arg2)
3656	if (req->oldptr == USER_ADDR_NULL)
3657	req->oldlen = (size_t)sizeof (struct ipstat);
3658
3659	return (SYSCTL_OUT(req, &net_perf, MIN(sizeof (net_perf), req->oldlen)));
3660	}
3661

Browse the source code of xnu/bsd/netinet/ip_output.c