2 /* $KAME: if_gif.c,v 1.87 2001/10/19 08:50:27 itojun Exp $ */
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "opt_inet6.h"
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/kernel.h>
40 #include <sys/malloc.h>
42 #include <sys/module.h>
43 #include <sys/socket.h>
44 #include <sys/sockio.h>
45 #include <sys/errno.h>
47 #include <sys/sysctl.h>
48 #include <sys/syslog.h>
50 #include <sys/protosw.h>
52 #include <sys/vimage.h>
53 #include <machine/cpu.h>
56 #include <net/if_clone.h>
57 #include <net/if_types.h>
58 #include <net/netisr.h>
59 #include <net/route.h>
62 #include <netinet/in.h>
63 #include <netinet/in_systm.h>
64 #include <netinet/ip.h>
66 #include <netinet/in_var.h>
67 #include <netinet/in_gif.h>
68 #include <netinet/ip_var.h>
73 #include <netinet/in.h>
75 #include <netinet6/in6_var.h>
76 #include <netinet/ip6.h>
77 #include <netinet6/ip6_var.h>
78 #include <netinet6/scope6_var.h>
79 #include <netinet6/in6_gif.h>
80 #include <netinet6/ip6protosw.h>
83 #include <netinet/ip_encap.h>
84 #include <net/ethernet.h>
85 #include <net/if_bridgevar.h>
86 #include <net/if_gif.h>
88 #include <security/mac/mac_framework.h>
93 * gif_mtx protects the global gif_softc_list.
95 static struct mtx gif_mtx;
96 static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface");
99 static LIST_HEAD(, gif_softc) gif_softc_list;
100 static int max_gif_nesting;
101 static int parallel_tunnels;
110 void (*ng_gif_input_p)(struct ifnet *ifp, struct mbuf **mp, int af);
111 void (*ng_gif_input_orphan_p)(struct ifnet *ifp, struct mbuf *m, int af);
112 void (*ng_gif_attach_p)(struct ifnet *ifp);
113 void (*ng_gif_detach_p)(struct ifnet *ifp);
115 static void gif_start(struct ifnet *);
116 static int gif_clone_create(struct if_clone *, int, caddr_t);
117 static void gif_clone_destroy(struct ifnet *);
119 IFC_SIMPLE_DECLARE(gif, 0);
121 static int gifmodevent(module_t, int, void *);
123 SYSCTL_DECL(_net_link);
124 SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0,
125 "Generic Tunnel Interface");
128 * This macro controls the default upper limitation on nesting of gif tunnels.
129 * Since, setting a large value to this macro with a careless configuration
130 * may introduce system crash, we don't allow any nestings by default.
131 * If you need to configure nested gif tunnels, you can define this macro
132 * in your kernel configuration file. However, if you do so, please be
133 * careful to configure the tunnels so that it won't make a loop.
135 #define MAX_GIF_NEST 1
137 SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, max_nesting,
138 CTLFLAG_RW, max_gif_nesting, 0, "Max nested tunnels");
141 SYSCTL_DECL(_net_inet6_ip6);
142 SYSCTL_V_INT(V_NET, vnet_gif, _net_inet6_ip6, IPV6CTL_GIF_HLIM,
143 gifhlim, CTLFLAG_RW, ip6_gif_hlim, 0, "");
147 * By default, we disallow creation of multiple tunnels between the same
148 * pair of addresses. Some applications require this functionality so
149 * we allow control over this check here.
151 SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, parallel_tunnels,
152 CTLFLAG_RW, parallel_tunnels, 0, "Allow parallel tunnels?");
154 /* copy from src/sys/net/if_ethersubr.c */
155 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] =
156 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
157 #ifndef ETHER_IS_BROADCAST
158 #define ETHER_IS_BROADCAST(addr) \
159 (bcmp(etherbroadcastaddr, (addr), ETHER_ADDR_LEN) == 0)
163 gif_clone_create(ifc, unit, params)
164 struct if_clone *ifc;
168 INIT_VNET_GIF(curvnet);
169 struct gif_softc *sc;
171 sc = malloc(sizeof(struct gif_softc), M_GIF, M_WAITOK | M_ZERO);
172 sc->gif_fibnum = curthread->td_proc->p_fibnum;
173 GIF2IFP(sc) = if_alloc(IFT_GIF);
174 if (GIF2IFP(sc) == NULL) {
181 GIF2IFP(sc)->if_softc = sc;
182 if_initname(GIF2IFP(sc), ifc->ifc_name, unit);
184 sc->encap_cookie4 = sc->encap_cookie6 = NULL;
186 GIF2IFP(sc)->if_addrlen = 0;
187 GIF2IFP(sc)->if_mtu = GIF_MTU;
188 GIF2IFP(sc)->if_flags = IFF_POINTOPOINT | IFF_MULTICAST;
190 /* turn off ingress filter */
191 GIF2IFP(sc)->if_flags |= IFF_LINK2;
193 GIF2IFP(sc)->if_ioctl = gif_ioctl;
194 GIF2IFP(sc)->if_start = gif_start;
195 GIF2IFP(sc)->if_output = gif_output;
196 GIF2IFP(sc)->if_snd.ifq_maxlen = IFQ_MAXLEN;
197 if_attach(GIF2IFP(sc));
198 bpfattach(GIF2IFP(sc), DLT_NULL, sizeof(u_int32_t));
199 if (ng_gif_attach_p != NULL)
200 (*ng_gif_attach_p)(GIF2IFP(sc));
203 LIST_INSERT_HEAD(&V_gif_softc_list, sc, gif_list);
204 mtx_unlock(&gif_mtx);
210 gif_clone_destroy(ifp)
213 #if defined(INET) || defined(INET6)
216 struct gif_softc *sc = ifp->if_softc;
219 LIST_REMOVE(sc, gif_list);
220 mtx_unlock(&gif_mtx);
222 gif_delete_tunnel(ifp);
224 if (sc->encap_cookie6 != NULL) {
225 err = encap_detach(sc->encap_cookie6);
226 KASSERT(err == 0, ("Unexpected error detaching encap_cookie6"));
230 if (sc->encap_cookie4 != NULL) {
231 err = encap_detach(sc->encap_cookie4);
232 KASSERT(err == 0, ("Unexpected error detaching encap_cookie4"));
236 if (ng_gif_detach_p != NULL)
237 (*ng_gif_detach_p)(ifp);
242 GIF_LOCK_DESTROY(sc);
248 gifmodevent(mod, type, data)
256 mtx_init(&gif_mtx, "gif_mtx", NULL, MTX_DEF);
258 LIST_INIT(&V_gif_softc_list);
259 V_max_gif_nesting = MAX_GIF_NEST;
261 V_parallel_tunnels = 1;
263 V_parallel_tunnels = 0;
266 V_ip_gif_ttl = GIF_TTL;
269 V_ip6_gif_hlim = GIF_HLIM;
271 if_clone_attach(&gif_cloner);
275 if_clone_detach(&gif_cloner);
276 mtx_destroy(&gif_mtx);
287 static moduledata_t gif_mod = {
293 DECLARE_MODULE(if_gif, gif_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
294 MODULE_VERSION(if_gif, 1);
297 gif_encapcheck(m, off, proto, arg)
298 const struct mbuf *m;
304 struct gif_softc *sc;
306 sc = (struct gif_softc *)arg;
310 if ((GIF2IFP(sc)->if_flags & IFF_UP) == 0)
313 /* no physical address */
314 if (!sc->gif_psrc || !sc->gif_pdst)
326 case IPPROTO_ETHERIP:
333 /* Bail on short packets */
334 if (m->m_pkthdr.len < sizeof(ip))
337 m_copydata(m, 0, sizeof(ip), (caddr_t)&ip);
342 if (sc->gif_psrc->sa_family != AF_INET ||
343 sc->gif_pdst->sa_family != AF_INET)
345 return gif_encapcheck4(m, off, proto, arg);
349 if (m->m_pkthdr.len < sizeof(struct ip6_hdr))
351 if (sc->gif_psrc->sa_family != AF_INET6 ||
352 sc->gif_pdst->sa_family != AF_INET6)
354 return gif_encapcheck6(m, off, proto, arg);
362 gif_start(struct ifnet *ifp)
364 struct gif_softc *sc;
369 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
371 IFQ_DEQUEUE(&ifp->if_snd, m);
375 gif_output(ifp, m, sc->gif_pdst, NULL);
378 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
384 gif_output(ifp, m, dst, rt)
387 struct sockaddr *dst;
388 struct rtentry *rt; /* added in net2 */
390 INIT_VNET_GIF(ifp->if_vnet);
391 struct gif_softc *sc = ifp->if_softc;
398 error = mac_ifnet_check_transmit(ifp, m);
406 * gif may cause infinite recursion calls when misconfigured.
407 * We'll prevent this by detecting loops.
409 * High nesting level may cause stack exhaustion.
410 * We'll prevent this by introducing upper limit.
413 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, NULL);
414 while (mtag != NULL) {
415 if (*(struct ifnet **)(mtag + 1) == ifp) {
417 "gif_output: loop detected on %s\n",
418 (*(struct ifnet **)(mtag + 1))->if_xname);
420 error = EIO; /* is there better errno? */
423 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, mtag);
426 if (gif_called > V_max_gif_nesting) {
428 "gif_output: recursively called too many times(%d)\n",
431 error = EIO; /* is there better errno? */
434 mtag = m_tag_alloc(MTAG_GIF, MTAG_GIF_CALLED, sizeof(struct ifnet *),
441 *(struct ifnet **)(mtag + 1) = ifp;
442 m_tag_prepend(m, mtag);
444 m->m_flags &= ~(M_BCAST|M_MCAST);
448 if (!(ifp->if_flags & IFF_UP) ||
449 sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
456 /* BPF writes need to be handled specially. */
457 if (dst->sa_family == AF_UNSPEC) {
458 bcopy(dst->sa_data, &af, sizeof(af));
463 BPF_MTAP2(ifp, &af, sizeof(af), m);
465 ifp->if_obytes += m->m_pkthdr.len;
467 /* override to IPPROTO_ETHERIP for bridged traffic */
471 M_SETFIB(m, sc->gif_fibnum);
472 /* inner AF-specific encapsulation */
474 /* XXX should we check if our outer source is legal? */
476 /* dispatch to output logic based on outer AF */
477 switch (sc->gif_psrc->sa_family) {
480 error = in_gif_output(ifp, af, m);
485 error = in6_gif_output(ifp, af, m);
501 gif_input(m, af, ifp)
507 struct etherip_header *eip;
508 struct ether_header *eh;
509 struct ifnet *oldifp;
517 m->m_pkthdr.rcvif = ifp;
520 mac_ifnet_create_mbuf(ifp, m);
523 if (bpf_peers_present(ifp->if_bpf)) {
525 bpf_mtap2(ifp->if_bpf, &af1, sizeof(af1), m);
528 if (ng_gif_input_p != NULL) {
529 (*ng_gif_input_p)(ifp, &m, af);
535 * Put the packet to the network layer input queue according to the
536 * specified address family.
537 * Note: older versions of gif_input directly called network layer
538 * input functions, e.g. ip6_input, here. We changed the policy to
539 * prevent too many recursive calls of such input functions, which
540 * might cause kernel panic. But the change may introduce another
541 * problem; if the input queue is full, packets are discarded.
542 * The kernel stack overflow really happened, and we believed
543 * queue-full rarely occurs, so we changed the policy.
557 n = sizeof(struct etherip_header) + sizeof(struct ether_header);
566 eip = mtod(m, struct etherip_header *);
568 (ETHERIP_VERSION & ETHERIP_VER_VERS_MASK)) {
569 /* discard unknown versions */
573 m_adj(m, sizeof(struct etherip_header));
575 m->m_flags &= ~(M_BCAST|M_MCAST);
576 m->m_pkthdr.rcvif = ifp;
578 if (ifp->if_bridge) {
580 eh = mtod(m, struct ether_header *);
581 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
582 if (ETHER_IS_BROADCAST(eh->ether_dhost))
583 m->m_flags |= M_BCAST;
585 m->m_flags |= M_MCAST;
588 BRIDGE_INPUT(ifp, m);
590 if (m != NULL && ifp != oldifp) {
592 * The bridge gave us back itself or one of the
593 * members for which the frame is addressed.
604 if (ng_gif_input_orphan_p != NULL)
605 (*ng_gif_input_orphan_p)(ifp, m, af);
612 ifp->if_ibytes += m->m_pkthdr.len;
613 netisr_dispatch(isr, m);
616 /* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */
618 gif_ioctl(ifp, cmd, data)
623 struct gif_softc *sc = ifp->if_softc;
624 struct ifreq *ifr = (struct ifreq*)data;
626 struct sockaddr *dst, *src;
627 #ifdef SIOCSIFMTU /* xxx */
633 ifp->if_flags |= IFF_UP;
643 #ifdef SIOCSIFMTU /* xxx */
649 if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX)
653 #endif /* SIOCSIFMTU */
659 case SIOCSIFPHYADDR_IN6:
661 case SIOCSLIFPHYADDR:
665 src = (struct sockaddr *)
666 &(((struct in_aliasreq *)data)->ifra_addr);
667 dst = (struct sockaddr *)
668 &(((struct in_aliasreq *)data)->ifra_dstaddr);
672 case SIOCSIFPHYADDR_IN6:
673 src = (struct sockaddr *)
674 &(((struct in6_aliasreq *)data)->ifra_addr);
675 dst = (struct sockaddr *)
676 &(((struct in6_aliasreq *)data)->ifra_dstaddr);
679 case SIOCSLIFPHYADDR:
680 src = (struct sockaddr *)
681 &(((struct if_laddrreq *)data)->addr);
682 dst = (struct sockaddr *)
683 &(((struct if_laddrreq *)data)->dstaddr);
689 /* sa_family must be equal */
690 if (src->sa_family != dst->sa_family)
693 /* validate sa_len */
694 switch (src->sa_family) {
697 if (src->sa_len != sizeof(struct sockaddr_in))
703 if (src->sa_len != sizeof(struct sockaddr_in6))
710 switch (dst->sa_family) {
713 if (dst->sa_len != sizeof(struct sockaddr_in))
719 if (dst->sa_len != sizeof(struct sockaddr_in6))
727 /* check sa_family looks sane for the cmd */
730 if (src->sa_family == AF_INET)
734 case SIOCSIFPHYADDR_IN6:
735 if (src->sa_family == AF_INET6)
739 case SIOCSLIFPHYADDR:
740 /* checks done in the above */
744 error = gif_set_tunnel(GIF2IFP(sc), src, dst);
747 #ifdef SIOCDIFPHYADDR
749 gif_delete_tunnel(GIF2IFP(sc));
753 case SIOCGIFPSRCADDR:
755 case SIOCGIFPSRCADDR_IN6:
757 if (sc->gif_psrc == NULL) {
758 error = EADDRNOTAVAIL;
764 case SIOCGIFPSRCADDR:
765 dst = &ifr->ifr_addr;
766 size = sizeof(ifr->ifr_addr);
770 case SIOCGIFPSRCADDR_IN6:
771 dst = (struct sockaddr *)
772 &(((struct in6_ifreq *)data)->ifr_addr);
773 size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
777 error = EADDRNOTAVAIL;
780 if (src->sa_len > size)
782 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
784 if (dst->sa_family == AF_INET6) {
785 error = sa6_recoverscope((struct sockaddr_in6 *)dst);
792 case SIOCGIFPDSTADDR:
794 case SIOCGIFPDSTADDR_IN6:
796 if (sc->gif_pdst == NULL) {
797 error = EADDRNOTAVAIL;
803 case SIOCGIFPDSTADDR:
804 dst = &ifr->ifr_addr;
805 size = sizeof(ifr->ifr_addr);
809 case SIOCGIFPDSTADDR_IN6:
810 dst = (struct sockaddr *)
811 &(((struct in6_ifreq *)data)->ifr_addr);
812 size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
816 error = EADDRNOTAVAIL;
819 if (src->sa_len > size)
821 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
823 if (dst->sa_family == AF_INET6) {
824 error = sa6_recoverscope((struct sockaddr_in6 *)dst);
831 case SIOCGLIFPHYADDR:
832 if (sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
833 error = EADDRNOTAVAIL;
839 dst = (struct sockaddr *)
840 &(((struct if_laddrreq *)data)->addr);
841 size = sizeof(((struct if_laddrreq *)data)->addr);
842 if (src->sa_len > size)
844 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
848 dst = (struct sockaddr *)
849 &(((struct if_laddrreq *)data)->dstaddr);
850 size = sizeof(((struct if_laddrreq *)data)->dstaddr);
851 if (src->sa_len > size)
853 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
857 /* if_ioctl() takes care of it */
869 * XXXRW: There's a general event-ordering issue here: the code to check
870 * if a given tunnel is already present happens before we perform a
871 * potentially blocking setup of the tunnel. This code needs to be
872 * re-ordered so that the check and replacement can be atomic using
876 gif_set_tunnel(ifp, src, dst)
878 struct sockaddr *src;
879 struct sockaddr *dst;
881 INIT_VNET_GIF(ifp->if_vnet);
882 struct gif_softc *sc = ifp->if_softc;
883 struct gif_softc *sc2;
884 struct sockaddr *osrc, *odst, *sa;
888 LIST_FOREACH(sc2, &V_gif_softc_list, gif_list) {
891 if (!sc2->gif_pdst || !sc2->gif_psrc)
893 if (sc2->gif_pdst->sa_family != dst->sa_family ||
894 sc2->gif_pdst->sa_len != dst->sa_len ||
895 sc2->gif_psrc->sa_family != src->sa_family ||
896 sc2->gif_psrc->sa_len != src->sa_len)
900 * Disallow parallel tunnels unless instructed
903 if (!V_parallel_tunnels &&
904 bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 &&
905 bcmp(sc2->gif_psrc, src, src->sa_len) == 0) {
906 error = EADDRNOTAVAIL;
907 mtx_unlock(&gif_mtx);
911 /* XXX both end must be valid? (I mean, not 0.0.0.0) */
913 mtx_unlock(&gif_mtx);
915 /* XXX we can detach from both, but be polite just in case */
917 switch (sc->gif_psrc->sa_family) {
920 (void)in_gif_detach(sc);
925 (void)in6_gif_detach(sc);
931 sa = (struct sockaddr *)malloc(src->sa_len, M_IFADDR, M_WAITOK);
932 bcopy((caddr_t)src, (caddr_t)sa, src->sa_len);
936 sa = (struct sockaddr *)malloc(dst->sa_len, M_IFADDR, M_WAITOK);
937 bcopy((caddr_t)dst, (caddr_t)sa, dst->sa_len);
940 switch (sc->gif_psrc->sa_family) {
943 error = in_gif_attach(sc);
949 * Check validity of the scope zone ID of the addresses, and
950 * convert it into the kernel internal form if necessary.
952 error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_psrc, 0);
955 error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_pdst, 0);
958 error = in6_gif_attach(sc);
964 free((caddr_t)sc->gif_psrc, M_IFADDR);
965 free((caddr_t)sc->gif_pdst, M_IFADDR);
972 free((caddr_t)osrc, M_IFADDR);
974 free((caddr_t)odst, M_IFADDR);
977 if (sc->gif_psrc && sc->gif_pdst)
978 ifp->if_drv_flags |= IFF_DRV_RUNNING;
980 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
986 gif_delete_tunnel(ifp)
989 struct gif_softc *sc = ifp->if_softc;
992 free((caddr_t)sc->gif_psrc, M_IFADDR);
996 free((caddr_t)sc->gif_pdst, M_IFADDR);
999 /* it is safe to detach from both */
1001 (void)in_gif_detach(sc);
1004 (void)in6_gif_detach(sc);
1006 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;