From owner-freebsd-net@FreeBSD.ORG  Thu Sep 23 07:55:37 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 90CDD16A4CE
	for <freebsd-net@freebsd.org>; Thu, 23 Sep 2004 07:55:37 +0000 (GMT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 25F0C43D68
	for <freebsd-net@freebsd.org>; Thu, 23 Sep 2004 07:55:37 +0000 (GMT)
	(envelope-from ilmar@watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.13.1/8.13.1) with ESMTP id i8N7stQx055273
	for <freebsd-net@freebsd.org>; Thu, 23 Sep 2004 03:54:55 -0400 (EDT)
	(envelope-from ilmar@watson.org)
Received: from localhost (ilmar@localhost)i8N7ssF0055270
	for <freebsd-net@freebsd.org>; Thu, 23 Sep 2004 03:54:55 -0400 (EDT)
	(envelope-from ilmar@watson.org)
X-Authentication-Warning: fledge.watson.org: ilmar owned process doing -bs
Date: Thu, 23 Sep 2004 03:54:53 -0400 (EDT)
From: "Ilmar S. Habibulin" <ilmar@watson.org>
To: freebsd-net@freebsd.org
In-Reply-To: <20040923061940.GA870@empiric.icir.org>
Message-ID: <20040923034027.I54861@fledge.watson.org>
References: <200409200250.49518.max@love2party.net>
	<200409230214.08477.max@love2party.net>
	<20040923061940.GA870@empiric.icir.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: How to insert ip option?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Sep 2004 07:55:37 -0000


I'm trying to use TrustedBSD MAC network subsytem hooks to implement MLS
packet labeling. These hooks are mac_update_mbuf_from_cipso() and
mac_create_inpcb_from_socket(). The first one is called in ip_dooptions()
in order to label mbuf with packets' label. The second fills
inp->inp_options. As i understand this must point to mbuf, holding ip
options (struct ipoptions), which later will be inserted in the outgoing
packet. Options are inserted, peer IP level recognizes and processes them
correctly. But TCP level drops the packet because of invalid check sum.
I've used this scheme in 2.2.5 and 5.0-current(april or may 2002), but it
didn't work in 5.2.1. How can i figure out my mistake, or what may i do
wrong?

thanks in advance