--- First commit of the FreeBSD Foundation sponsored "DIFFUSED"
--- (DIFFUSE for freebsD) project. The project will integrate the DIFFUSE
--- (DIstributed Firewall and Flow-shaper Using Statistical Evidence) prototype
--- developed at Swinburne University of Technology's Centre for Advanced
--- Internet Architectures into FreeBSD, with code cleanup/auditing and some
--- feature development along the way. More details about the project are
--- available at: http://caia.swin.edu.au/freebsd/diffused/
---
--- Add the necessary infrastructure for the DIFFUSE control raw socket, which
--- will be used to communicate between userspace and the forthcoming DIFFUSE
--- kernel module.
---
--- Sponsored by:	Cisco URP, FreeBSD Foundation
--- Reviewed by:	bz
--- MFC after:		1 month
---
diff -r b37f0d107cd9 sys/netinet/in.h
--- a/sys/netinet/in.h	Mon Sep 12 12:46:46 2011 +1000
+++ b/sys/netinet/in.h	Thu Sep 29 14:09:13 2011 +1000
@@ -436,6 +436,7 @@
 #define	IP_FW_TABLE_GETSIZE	43   /* get table size */
 #define	IP_FW_TABLE_LIST	44   /* list table contents */
 
+#define	IP_DIFFUSE		47   /* ipfw DIFFUSE options */
 #define	IP_FW3			48   /* generic ipfw v.3 sockopts */
 #define	IP_DUMMYNET3		49   /* generic dummynet v.3 sockopts */
 
diff -r b37f0d107cd9 sys/netinet/ip_var.h
--- a/sys/netinet/ip_var.h	Mon Sep 12 12:46:46 2011 +1000
+++ b/sys/netinet/ip_var.h	Thu Sep 29 14:09:13 2011 +1000
@@ -305,6 +305,9 @@
 extern int	(*ip_dn_ctl_ptr)(struct sockopt *);
 extern int	(*ip_dn_io_ptr)(struct mbuf **, int, struct ip_fw_args *);
 
+/* DIFFUSE. */
+extern int	(*diffuse_ctl_ptr)(struct sockopt *);
+
 VNET_DECLARE(int, ip_do_randomid);
 #define	V_ip_do_randomid	VNET(ip_do_randomid)
 #define	ip_newid()	((V_ip_do_randomid != 0) ? ip_randomid() : \
diff -r b37f0d107cd9 sys/netinet/raw_ip.c
--- a/sys/netinet/raw_ip.c	Mon Sep 12 12:46:46 2011 +1000
+++ b/sys/netinet/raw_ip.c	Thu Sep 29 14:09:13 2011 +1000
@@ -99,6 +99,7 @@
 void	(*ip_divert_ptr)(struct mbuf *, int);
 int	(*ng_ipfw_input_p)(struct mbuf **, int,
 			struct ip_fw_args *, int);
+int	(*diffuse_ctl_ptr)(struct sockopt *);
 
 /* Hook for telling pf that the destination address changed */
 void	(*m_addr_chg_pf_p)(struct mbuf *m);
@@ -583,6 +584,13 @@
 				error = ENOPROTOOPT;
 			break ;
 
+		case IP_DIFFUSE:	/* IPFW DIFFUSE functions. */
+			if (diffuse_ctl_ptr != NULL)
+				error = diffuse_ctl_ptr(sopt);
+			else
+				error = ENOPROTOOPT;
+			break;
+
 		case MRT_INIT:
 		case MRT_DONE:
 		case MRT_ADD_VIF:
@@ -648,6 +656,13 @@
 				error = ENOPROTOOPT ;
 			break ;
 
+		case IP_DIFFUSE:	/* IPFW DIFFUSE functions. */
+			if (diffuse_ctl_ptr != NULL)
+				error = diffuse_ctl_ptr(sopt);
+			else
+				error = ENOPROTOOPT;
+			break;
+
 		case IP_RSVP_ON:
 			error = priv_check(curthread, PRIV_NETINET_MROUTE);
 			if (error != 0)