Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/netinet/raw_ip.c,v
rcsdiff: /ftp/cvs/cvsroot/src/sys/netinet/raw_ip.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.61
retrieving revision 1.85
diff -u -p -r1.61 -r1.85
--- src/sys/netinet/raw_ip.c	2002/06/09 16:33:43	1.61
+++ src/sys/netinet/raw_ip.c	2005/03/10 05:43:25	1.85
@@ -1,4 +1,4 @@
-/*	$NetBSD: raw_ip.c,v 1.61 2002/06/09 16:33:43 itojun Exp $	*/
+/*	$NetBSD: raw_ip.c,v 1.85 2005/03/10 05:43:25 atatat Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -41,11 +41,7 @@
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by the University of
- *	California, Berkeley and its contributors.
- * 4. Neither the name of the University nor the names of its contributors
+ * 3. Neither the name of the University nor the names of its contributors
  *    may be used to endorse or promote products derived from this software
  *    without specific prior written permission.
  *
@@ -65,12 +61,14 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.61 2002/06/09 16:33:43 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1.85 2005/03/10 05:43:25 atatat Exp $");
 
+#include "opt_inet.h"
 #include "opt_ipsec.h"
 #include "opt_mrouting.h"
 
 #include <sys/param.h>
+#include <sys/sysctl.h>
 #include <sys/malloc.h>
 #include <sys/mbuf.h>
 #include <sys/socket.h>
@@ -98,13 +96,18 @@ __KERNEL_RCSID(0, "$NetBSD: raw_ip.c,v 1
 #include <netinet6/ipsec.h>
 #endif /*IPSEC*/
 
+#ifdef FAST_IPSEC
+#include <netipsec/ipsec.h>
+#include <netipsec/ipsec_var.h>			/* XXX ipsecstat namespace */
+#endif	/* FAST_IPSEC*/
+
 struct inpcbtable rawcbtable;
 
-int	 rip_pcbnotify __P((struct inpcbtable *, struct in_addr,
-    struct in_addr, int, int, void (*) __P((struct inpcb *, int))));
-int	 rip_bind __P((struct inpcb *, struct mbuf *));
-int	 rip_connect __P((struct inpcb *, struct mbuf *));
-void	 rip_disconnect __P((struct inpcb *));
+int	 rip_pcbnotify(struct inpcbtable *, struct in_addr,
+    struct in_addr, int, int, void (*)(struct inpcb *, int));
+int	 rip_bind(struct inpcb *, struct mbuf *);
+int	 rip_connect(struct inpcb *, struct mbuf *);
+void	 rip_disconnect(struct inpcb *);
 
 /*
  * Nominal space allocated to a raw ip socket.
@@ -120,30 +123,23 @@ void	 rip_disconnect __P((struct inpcb *
  * Initialize raw connection block q.
  */
 void
-rip_init()
+rip_init(void)
 {
 
 	in_pcbinit(&rawcbtable, 1, 1);
 }
 
-static struct	sockaddr_in ripsrc = { sizeof(ripsrc), AF_INET };
-
 /*
  * Setup generic address and protocol structures
  * for raw_input routine, then pass them along with
  * mbuf chain.
  */
 void
-#if __STDC__
 rip_input(struct mbuf *m, ...)
-#else
-rip_input(m, va_alist)
-	struct mbuf *m;
-	va_dcl
-#endif
 {
-	int off, proto;
+	int proto;
 	struct ip *ip = mtod(m, struct ip *);
+	struct inpcb_hdr *inph;
 	struct inpcb *inp;
 	struct inpcb *last = 0;
 	struct mbuf *opts = 0;
@@ -151,7 +147,7 @@ rip_input(m, va_alist)
 	va_list ap;
 
 	va_start(ap, m);
-	off = va_arg(ap, int);
+	(void)va_arg(ap, int);		/* ignore value, advance ap */
 	proto = va_arg(ap, int);
 	va_end(ap);
 
@@ -163,11 +159,16 @@ rip_input(m, va_alist)
 
 	/*
 	 * XXX Compatibility: programs using raw IP expect ip_len
-	 * XXX to have the header length subtracted.
+	 * XXX to have the header length subtracted, and in host order.
+	 * XXX ip_off is also expected to be host order.
 	 */
-	ip->ip_len -= ip->ip_hl << 2;
+	ip->ip_len = ntohs(ip->ip_len) - (ip->ip_hl << 2);
+	NTOHS(ip->ip_off);
 
-	CIRCLEQ_FOREACH(inp, &rawcbtable.inpt_queue, inp_queue) {
+	CIRCLEQ_FOREACH(inph, &rawcbtable.inpt_queue, inph_queue) {
+		inp = (struct inpcb *)inph;
+		if (inp->inp_af != AF_INET)
+			continue;
 		if (inp->inp_ip.ip_p && inp->inp_ip.ip_p != proto)
 			continue;
 		if (!in_nullhost(inp->inp_laddr) &&
@@ -179,7 +180,7 @@ rip_input(m, va_alist)
 		if (last) {
 			struct mbuf *n;
 
-#ifdef IPSEC
+#if defined(IPSEC) || defined(FAST_IPSEC)
 			/* check AH/ESP integrity. */
 			if (ipsec4_in_reject_so(m, last->inp_socket)) {
 				ipsecstat.in_polvio++;
@@ -203,7 +204,7 @@ rip_input(m, va_alist)
 		}
 		last = inp;
 	}
-#ifdef IPSEC
+#if defined(IPSEC) || defined(FAST_IPSEC)
 	/* check AH/ESP integrity. */
 	if (last && ipsec4_in_reject_so(m, last->inp_socket)) {
 		m_freem(m);
@@ -236,21 +237,20 @@ rip_input(m, va_alist)
 }
 
 int
-rip_pcbnotify(table, faddr, laddr, proto, errno, notify)
-	struct inpcbtable *table;
-	struct in_addr faddr, laddr;
-	int proto;
-	int errno;
-	void (*notify) __P((struct inpcb *, int));
+rip_pcbnotify(struct inpcbtable *table,
+    struct in_addr faddr, struct in_addr laddr, int proto, int errno,
+    void (*notify)(struct inpcb *, int))
 {
 	struct inpcb *inp, *ninp;
 	int nmatch;
 
 	nmatch = 0;
-	for (inp = CIRCLEQ_FIRST(&table->inpt_queue);
+	for (inp = (struct inpcb *)CIRCLEQ_FIRST(&table->inpt_queue);
 	    inp != (struct inpcb *)&table->inpt_queue;
 	    inp = ninp) {
-		ninp = inp->inp_queue.cqe_next;
+		ninp = (struct inpcb *)inp->inp_queue.cqe_next;
+		if (inp->inp_af != AF_INET)
+			continue;
 		if (inp->inp_ip.ip_p && inp->inp_ip.ip_p != proto)
 			continue;
 		if (in_hosteq(inp->inp_faddr, faddr) &&
@@ -264,13 +264,10 @@ rip_pcbnotify(table, faddr, laddr, proto
 }
 
 void *
-rip_ctlinput(cmd, sa, v)
-	int cmd;
-	struct sockaddr *sa;
-	void *v;
+rip_ctlinput(int cmd, struct sockaddr *sa, void *v)
 {
 	struct ip *ip = v;
-	void (*notify) __P((struct inpcb *, int)) = in_rtchange;
+	void (*notify)(struct inpcb *, int) = in_rtchange;
 	int errno;
 
 	if (sa->sa_family != AF_INET ||
@@ -301,13 +298,7 @@ rip_ctlinput(cmd, sa, v)
  * Tack on options user may have setup with control call.
  */
 int
-#if __STDC__
 rip_output(struct mbuf *m, ...)
-#else
-rip_output(m, va_alist)
-	struct mbuf *m;
-	va_dcl
-#endif
 {
 	struct inpcb *inp;
 	struct ip *ip;
@@ -332,12 +323,14 @@ rip_output(m, va_alist)
 			m_freem(m);
 			return (EMSGSIZE);
 		}
-		M_PREPEND(m, sizeof(struct ip), M_WAIT);
+		M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
+		if (!m)
+			return (ENOBUFS);
 		ip = mtod(m, struct ip *);
 		ip->ip_tos = 0;
-		ip->ip_off = 0;
+		ip->ip_off = htons(0);
 		ip->ip_p = inp->inp_ip.ip_p;
-		ip->ip_len = m->m_pkthdr.len;
+		ip->ip_len = htons(m->m_pkthdr.len);
 		ip->ip_src = inp->inp_laddr;
 		ip->ip_dst = inp->inp_faddr;
 		ip->ip_ttl = MAXTTL;
@@ -348,35 +341,45 @@ rip_output(m, va_alist)
 			return (EMSGSIZE);
 		}
 		ip = mtod(m, struct ip *);
+
+		/*
+		 * If the mbuf is read-only, we need to allocate
+		 * a new mbuf for the header, since we need to
+		 * modify the header.
+		 */
+		if (M_READONLY(m)) {
+			int hlen = ip->ip_hl << 2;
+
+			m = m_copyup(m, hlen, (max_linkhdr + 3) & ~3);
+			if (m == NULL)
+				return (ENOMEM);	/* XXX */
+			ip = mtod(m, struct ip *);
+		}
+
+		/* XXX userland passes ip_len and ip_off in host order */
 		if (m->m_pkthdr.len != ip->ip_len) {
 			m_freem(m);
 			return (EINVAL);
 		}
+		HTONS(ip->ip_len);
+		HTONS(ip->ip_off);
 		if (ip->ip_id == 0)
-			ip->ip_id = htons(ip_id++);
+			ip->ip_id = ip_newid();
 		opts = NULL;
 		/* XXX prevent ip_output from overwriting header fields */
 		flags |= IP_RAWOUTPUT;
 		ipstat.ips_rawout++;
 	}
-#ifdef IPSEC
-	if (ipsec_setsocket(m, inp->inp_socket) != 0) {
-		m_freem(m);
-		return ENOBUFS;
-	}
-#endif /*IPSEC*/
-	return (ip_output(m, opts, &inp->inp_route, flags, inp->inp_moptions, &inp->inp_errormtu));
+	return (ip_output(m, opts, &inp->inp_route, flags, inp->inp_moptions,
+	     inp->inp_socket, &inp->inp_errormtu));
 }
 
 /*
  * Raw IP socket option processing.
  */
 int
-rip_ctloutput(op, so, level, optname, m)
-	int op;
-	struct socket *so;
-	int level, optname;
-	struct mbuf **m;
+rip_ctloutput(int op, struct socket *so, int level, int optname,
+    struct mbuf **m)
 {
 	struct inpcb *inp = sotoinpcb(so);
 	int error = 0;
@@ -410,6 +413,9 @@ rip_ctloutput(op, so, level, optname, m)
 		case MRT_ADD_MFC:
 		case MRT_DEL_MFC:
 		case MRT_ASSERT:
+		case MRT_API_CONFIG:
+		case MRT_ADD_BW_UPCALL:
+		case MRT_DEL_BW_UPCALL:
 			error = ip_mrouter_set(so, optname, m);
 			break;
 #endif
@@ -423,7 +429,8 @@ rip_ctloutput(op, so, level, optname, m)
 	case PRCO_GETOPT:
 		switch (optname) {
 		case IP_HDRINCL:
-			*m = m_get(M_WAIT, M_SOOPTS);
+			*m = m_get(M_WAIT, MT_SOOPTS);
+			MCLAIM((*m), so->so_mowner);
 			(*m)->m_len = sizeof (int);
 			*mtod(*m, int *) = inp->inp_flags & INP_HDRINCL ? 1 : 0;
 			break;
@@ -431,6 +438,8 @@ rip_ctloutput(op, so, level, optname, m)
 #ifdef MROUTING
 		case MRT_VERSION:
 		case MRT_ASSERT:
+		case MRT_API_SUPPORT:
+		case MRT_API_CONFIG:
 			error = ip_mrouter_get(so, optname, m);
 			break;
 #endif
@@ -445,9 +454,7 @@ rip_ctloutput(op, so, level, optname, m)
 }
 
 int
-rip_bind(inp, nam)
-	struct inpcb *inp;
-	struct mbuf *nam;
+rip_bind(struct inpcb *inp, struct mbuf *nam)
 {
 	struct sockaddr_in *addr = mtod(nam, struct sockaddr_in *);
 
@@ -466,9 +473,7 @@ rip_bind(inp, nam)
 }
 
 int
-rip_connect(inp, nam)
-	struct inpcb *inp;
-	struct mbuf *nam;
+rip_connect(struct inpcb *inp, struct mbuf *nam)
 {
 	struct sockaddr_in *addr = mtod(nam, struct sockaddr_in *);
 
@@ -484,8 +489,7 @@ rip_connect(inp, nam)
 }
 
 void
-rip_disconnect(inp)
-	struct inpcb *inp;
+rip_disconnect(struct inpcb *inp)
 {
 
 	inp->inp_faddr = zeroin_addr;
@@ -496,11 +500,8 @@ u_long	rip_recvspace = RIPRCVQ;
 
 /*ARGSUSED*/
 int
-rip_usrreq(so, req, m, nam, control, p)
-	struct socket *so;
-	int req;
-	struct mbuf *m, *nam, *control;
-	struct proc *p;
+rip_usrreq(struct socket *so, int req,
+    struct mbuf *m, struct mbuf *nam, struct mbuf *control, struct proc *p)
 {
 	struct inpcb *inp;
 	int s;
@@ -665,3 +666,32 @@ release:
 	splx(s);
 	return (error);
 }
+
+SYSCTL_SETUP(sysctl_net_inet_raw_setup, "sysctl net.inet.raw subtree setup")
+{
+
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT,
+		       CTLTYPE_NODE, "net", NULL,
+		       NULL, 0, NULL, 0,
+		       CTL_NET, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT,
+		       CTLTYPE_NODE, "inet", NULL,
+		       NULL, 0, NULL, 0,
+		       CTL_NET, PF_INET, CTL_EOL);
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT,
+		       CTLTYPE_NODE, "raw",
+		       SYSCTL_DESCR("Raw IPv4 settings"),
+		       NULL, 0, NULL, 0,
+		       CTL_NET, PF_INET, IPPROTO_RAW, CTL_EOL);
+
+	sysctl_createv(clog, 0, NULL, NULL,
+		       CTLFLAG_PERMANENT,
+		       CTLTYPE_NODE, "pcblist",
+		       SYSCTL_DESCR("Raw IPv4 control block list"),
+		       sysctl_inpcblist, 0, &rawcbtable, 0,
+		       CTL_NET, PF_INET, IPPROTO_RAW,
+		       CTL_CREATE, CTL_EOL);
+}