--- Add the necessary infrastructure for the DIFFUSE control raw socket, which
--- will be used to communicate between userspace and the forthcoming DIFFUSE
--- kernel module.
---
--- Sponsored by:	FreeBSD Foundation
--- Reviewed by:	bz
--- MFC after:		1 month
---
diff -r b37f0d107cd9 sys/netinet/in.h
--- a/sys/netinet/in.h	Mon Sep 12 12:46:46 2011 +1000
+++ b/sys/netinet/in.h	Sun Sep 25 16:13:43 2011 +1000
@@ -429,20 +429,21 @@ __END_DECLS
  * Options for controlling the firewall and dummynet.
  * Historical options (from 40 to 64) will eventually be
  * replaced by only two options, IP_FW3 and IP_DUMMYNET3.
  */
 #define	IP_FW_TABLE_ADD		40   /* add entry */
 #define	IP_FW_TABLE_DEL		41   /* delete entry */
 #define	IP_FW_TABLE_FLUSH	42   /* flush table */
 #define	IP_FW_TABLE_GETSIZE	43   /* get table size */
 #define	IP_FW_TABLE_LIST	44   /* list table contents */
 
+#define	IP_DIFFUSE		47   /* ipfw DIFFUSE options */
 #define	IP_FW3			48   /* generic ipfw v.3 sockopts */
 #define	IP_DUMMYNET3		49   /* generic dummynet v.3 sockopts */
 
 #define	IP_FW_ADD		50   /* add a firewall rule to chain */
 #define	IP_FW_DEL		51   /* delete a firewall rule from chain */
 #define	IP_FW_FLUSH		52   /* flush firewall rule chain */
 #define	IP_FW_ZERO		53   /* clear single/all firewall counter(s) */
 #define	IP_FW_GET		54   /* get entire firewall rule chain */
 #define	IP_FW_RESETLOG		55   /* reset logging counters */
 
diff -r b37f0d107cd9 sys/netinet/ip_var.h
--- a/sys/netinet/ip_var.h	Mon Sep 12 12:46:46 2011 +1000
+++ b/sys/netinet/ip_var.h	Sun Sep 25 16:13:43 2011 +1000
@@ -298,18 +298,21 @@ VNET_DECLARE(ip_fw_ctl_ptr_t, ip_fw_ctl_
 
 /* Divert hooks. */
 extern void	(*ip_divert_ptr)(struct mbuf *m, int incoming);
 /* ng_ipfw hooks -- XXX make it the same as divert and dummynet */
 extern int	(*ng_ipfw_input_p)(struct mbuf **, int,
 			struct ip_fw_args *, int);
 
 extern int	(*ip_dn_ctl_ptr)(struct sockopt *);
 extern int	(*ip_dn_io_ptr)(struct mbuf **, int, struct ip_fw_args *);
 
+/* DIFFUSE. */
+extern int	(*diffuse_ctl_ptr)(struct sockopt *);
+
 VNET_DECLARE(int, ip_do_randomid);
 #define	V_ip_do_randomid	VNET(ip_do_randomid)
 #define	ip_newid()	((V_ip_do_randomid != 0) ? ip_randomid() : \
 			    htons(V_ip_id++))
 
 #endif /* _KERNEL */
 
 #endif /* !_NETINET_IP_VAR_H_ */
diff -r b37f0d107cd9 sys/netinet/raw_ip.c
--- a/sys/netinet/raw_ip.c	Mon Sep 12 12:46:46 2011 +1000
+++ b/sys/netinet/raw_ip.c	Sun Sep 25 16:13:43 2011 +1000
@@ -92,20 +92,21 @@ VNET_DEFINE(struct inpcbinfo, ripcbinfo)
  * to keep them all in one place.
  */
 VNET_DEFINE(ip_fw_chk_ptr_t, ip_fw_chk_ptr) = NULL;
 VNET_DEFINE(ip_fw_ctl_ptr_t, ip_fw_ctl_ptr) = NULL;
 
 int	(*ip_dn_ctl_ptr)(struct sockopt *);
 int	(*ip_dn_io_ptr)(struct mbuf **, int, struct ip_fw_args *);
 void	(*ip_divert_ptr)(struct mbuf *, int);
 int	(*ng_ipfw_input_p)(struct mbuf **, int,
 			struct ip_fw_args *, int);
+int	(*diffuse_ctl_ptr)(struct sockopt *);
 
 /* Hook for telling pf that the destination address changed */
 void	(*m_addr_chg_pf_p)(struct mbuf *m);
 
 #ifdef INET
 /*
  * Hooks for multicast routing. They all default to NULL, so leave them not
  * initialized and rely on BSS being set to 0.
  */
 
@@ -576,20 +577,27 @@ rip_ctloutput(struct socket *so, struct 
 			break;
 
 		case IP_DUMMYNET3:	/* generic dummynet v.3 functions */
 		case IP_DUMMYNET_GET:
 			if (ip_dn_ctl_ptr != NULL)
 				error = ip_dn_ctl_ptr(sopt);
 			else
 				error = ENOPROTOOPT;
 			break ;
 
+		case IP_DIFFUSE:	/* IPFW DIFFUSE functions. */
+			if (diffuse_ctl_ptr != NULL)
+				error = diffuse_ctl_ptr(sopt);
+			else
+				error = ENOPROTOOPT;
+			break ;
+
 		case MRT_INIT:
 		case MRT_DONE:
 		case MRT_ADD_VIF:
 		case MRT_DEL_VIF:
 		case MRT_ADD_MFC:
 		case MRT_DEL_MFC:
 		case MRT_VERSION:
 		case MRT_ASSERT:
 		case MRT_API_SUPPORT:
 		case MRT_API_CONFIG:
@@ -641,20 +649,27 @@ rip_ctloutput(struct socket *so, struct 
 		case IP_DUMMYNET3:	/* generic dummynet v.3 functions */
 		case IP_DUMMYNET_CONFIGURE:
 		case IP_DUMMYNET_DEL:
 		case IP_DUMMYNET_FLUSH:
 			if (ip_dn_ctl_ptr != NULL)
 				error = ip_dn_ctl_ptr(sopt);
 			else
 				error = ENOPROTOOPT ;
 			break ;
 
+		case IP_DIFFUSE:	/* IPFW DIFFUSE functions. */
+			if (diffuse_ctl_ptr != NULL)
+				error = diffuse_ctl_ptr(sopt);
+			else
+				error = ENOPROTOOPT;
+			break ;
+
 		case IP_RSVP_ON:
 			error = priv_check(curthread, PRIV_NETINET_MROUTE);
 			if (error != 0)
 				return (error);
 			error = ip_rsvp_init(so);
 			break;
 
 		case IP_RSVP_OFF:
 			error = priv_check(curthread, PRIV_NETINET_MROUTE);
 			if (error != 0)