2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * $KAME: if_gif.c,v 1.87 2001/10/19 08:50:27 itojun Exp $
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
36 #include "opt_inet6.h"
38 #include <sys/param.h>
39 #include <sys/systm.h>
41 #include <sys/kernel.h>
43 #include <sys/malloc.h>
45 #include <sys/module.h>
46 #include <sys/rmlock.h>
47 #include <sys/socket.h>
48 #include <sys/sockio.h>
50 #include <sys/errno.h>
52 #include <sys/sysctl.h>
53 #include <sys/syslog.h>
56 #include <sys/protosw.h>
58 #include <machine/cpu.h>
61 #include <net/if_var.h>
62 #include <net/if_clone.h>
63 #include <net/if_types.h>
64 #include <net/netisr.h>
65 #include <net/route.h>
69 #include <netinet/in.h>
70 #include <netinet/in_systm.h>
71 #include <netinet/ip.h>
72 #include <netinet/ip_ecn.h>
74 #include <netinet/in_var.h>
75 #include <netinet/in_gif.h>
76 #include <netinet/ip_var.h>
81 #include <netinet/in.h>
83 #include <netinet6/in6_var.h>
84 #include <netinet/ip6.h>
85 #include <netinet6/ip6_ecn.h>
86 #include <netinet6/ip6_var.h>
87 #include <netinet6/scope6_var.h>
88 #include <netinet6/in6_gif.h>
89 #include <netinet6/ip6protosw.h>
92 #include <netinet/ip_encap.h>
93 #include <net/ethernet.h>
94 #include <net/if_bridgevar.h>
95 #include <net/if_gif.h>
97 #include <security/mac/mac_framework.h>
99 static const char gifname[] = "gif";
102 * gif_mtx protects a per-vnet gif_softc_list.
104 static VNET_DEFINE(struct mtx, gif_mtx);
105 #define V_gif_mtx VNET(gif_mtx)
106 static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface");
107 static VNET_DEFINE(LIST_HEAD(, gif_softc), gif_softc_list);
108 #define V_gif_softc_list VNET(gif_softc_list)
109 static struct sx gif_ioctl_sx;
110 SX_SYSINIT(gif_ioctl_sx, &gif_ioctl_sx, "gif_ioctl");
112 #define GIF_LIST_LOCK_INIT(x) mtx_init(&V_gif_mtx, "gif_mtx", \
114 #define GIF_LIST_LOCK_DESTROY(x) mtx_destroy(&V_gif_mtx)
115 #define GIF_LIST_LOCK(x) mtx_lock(&V_gif_mtx)
116 #define GIF_LIST_UNLOCK(x) mtx_unlock(&V_gif_mtx)
118 void (*ng_gif_input_p)(struct ifnet *ifp, struct mbuf **mp, int af);
119 void (*ng_gif_input_orphan_p)(struct ifnet *ifp, struct mbuf *m, int af);
120 void (*ng_gif_attach_p)(struct ifnet *ifp);
121 void (*ng_gif_detach_p)(struct ifnet *ifp);
123 static int gif_set_tunnel(struct ifnet *, struct sockaddr *,
125 static void gif_delete_tunnel(struct ifnet *);
126 static int gif_ioctl(struct ifnet *, u_long, caddr_t);
127 static int gif_transmit(struct ifnet *, struct mbuf *);
128 static void gif_qflush(struct ifnet *);
129 static int gif_clone_create(struct if_clone *, int, caddr_t);
130 static void gif_clone_destroy(struct ifnet *);
131 static VNET_DEFINE(struct if_clone *, gif_cloner);
132 #define V_gif_cloner VNET(gif_cloner)
134 static int gifmodevent(module_t, int, void *);
136 SYSCTL_DECL(_net_link);
137 static SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0,
138 "Generic Tunnel Interface");
141 * This macro controls the default upper limitation on nesting of gif tunnels.
142 * Since, setting a large value to this macro with a careless configuration
143 * may introduce system crash, we don't allow any nestings by default.
144 * If you need to configure nested gif tunnels, you can define this macro
145 * in your kernel configuration file. However, if you do so, please be
146 * careful to configure the tunnels so that it won't make a loop.
148 #define MAX_GIF_NEST 1
150 static VNET_DEFINE(int, max_gif_nesting) = MAX_GIF_NEST;
151 #define V_max_gif_nesting VNET(max_gif_nesting)
152 SYSCTL_INT(_net_link_gif, OID_AUTO, max_nesting, CTLFLAG_VNET | CTLFLAG_RW,
153 &VNET_NAME(max_gif_nesting), 0, "Max nested tunnels");
156 * By default, we disallow creation of multiple tunnels between the same
157 * pair of addresses. Some applications require this functionality so
158 * we allow control over this check here.
161 static VNET_DEFINE(int, parallel_tunnels) = 1;
163 static VNET_DEFINE(int, parallel_tunnels) = 0;
165 #define V_parallel_tunnels VNET(parallel_tunnels)
166 SYSCTL_INT(_net_link_gif, OID_AUTO, parallel_tunnels,
167 CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(parallel_tunnels), 0,
168 "Allow parallel tunnels?");
170 /* copy from src/sys/net/if_ethersubr.c */
171 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] =
172 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
173 #ifndef ETHER_IS_BROADCAST
174 #define ETHER_IS_BROADCAST(addr) \
175 (bcmp(etherbroadcastaddr, (addr), ETHER_ADDR_LEN) == 0)
179 gif_clone_create(struct if_clone *ifc, int unit, caddr_t params)
181 struct gif_softc *sc;
183 sc = malloc(sizeof(struct gif_softc), M_GIF, M_WAITOK | M_ZERO);
184 sc->gif_fibnum = curthread->td_proc->p_fibnum;
185 GIF2IFP(sc) = if_alloc(IFT_GIF);
187 GIF2IFP(sc)->if_softc = sc;
188 if_initname(GIF2IFP(sc), gifname, unit);
190 GIF2IFP(sc)->if_addrlen = 0;
191 GIF2IFP(sc)->if_mtu = GIF_MTU;
192 GIF2IFP(sc)->if_flags = IFF_POINTOPOINT | IFF_MULTICAST;
194 /* turn off ingress filter */
195 GIF2IFP(sc)->if_flags |= IFF_LINK2;
197 GIF2IFP(sc)->if_ioctl = gif_ioctl;
198 GIF2IFP(sc)->if_transmit = gif_transmit;
199 GIF2IFP(sc)->if_qflush = gif_qflush;
200 GIF2IFP(sc)->if_output = gif_output;
201 if_attach(GIF2IFP(sc));
202 bpfattach(GIF2IFP(sc), DLT_NULL, sizeof(u_int32_t));
203 if (ng_gif_attach_p != NULL)
204 (*ng_gif_attach_p)(GIF2IFP(sc));
207 LIST_INSERT_HEAD(&V_gif_softc_list, sc, gif_list);
213 gif_clone_destroy(struct ifnet *ifp)
215 struct gif_softc *sc;
217 sx_xlock(&gif_ioctl_sx);
219 gif_delete_tunnel(ifp);
221 LIST_REMOVE(sc, gif_list);
223 if (ng_gif_detach_p != NULL)
224 (*ng_gif_detach_p)(ifp);
227 ifp->if_softc = NULL;
228 sx_xunlock(&gif_ioctl_sx);
231 GIF_LOCK_DESTROY(sc);
236 vnet_gif_init(const void *unused __unused)
239 LIST_INIT(&V_gif_softc_list);
240 GIF_LIST_LOCK_INIT();
241 V_gif_cloner = if_clone_simple(gifname, gif_clone_create,
242 gif_clone_destroy, 0);
244 VNET_SYSINIT(vnet_gif_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY,
245 vnet_gif_init, NULL);
248 vnet_gif_uninit(const void *unused __unused)
251 if_clone_detach(V_gif_cloner);
252 GIF_LIST_LOCK_DESTROY();
254 VNET_SYSUNINIT(vnet_gif_uninit, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY,
255 vnet_gif_uninit, NULL);
258 gifmodevent(module_t mod, int type, void *data)
271 static moduledata_t gif_mod = {
277 DECLARE_MODULE(if_gif, gif_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
278 MODULE_VERSION(if_gif, 1);
281 gif_encapcheck(const struct mbuf *m, int off, int proto, void *arg)
284 struct gif_softc *sc;
288 sc = (struct gif_softc *)arg;
289 if (sc == NULL || (GIF2IFP(sc)->if_flags & IFF_UP) == 0)
295 /* no physical address */
296 if (sc->gif_family == 0)
306 case IPPROTO_ETHERIP:
312 /* Bail on short packets */
313 if (m->m_pkthdr.len < sizeof(struct ip))
316 m_copydata(m, 0, 1, &ver);
320 if (sc->gif_family != AF_INET)
322 ret = in_gif_encapcheck(m, off, proto, arg);
327 if (m->m_pkthdr.len < sizeof(struct ip6_hdr))
329 if (sc->gif_family != AF_INET6)
331 ret = in6_gif_encapcheck(m, off, proto, arg);
341 gif_transmit(struct ifnet *ifp, struct mbuf *m)
343 struct gif_softc *sc;
344 struct etherip_header *eth;
358 if (sc->gif_family == 0) {
362 /* Now pull back the af that we stashed in the csum_data. */
363 af = m->m_pkthdr.csum_data;
364 BPF_MTAP2(ifp, &af, sizeof(af), m);
365 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
366 if_inc_counter(ifp, IFCOUNTER_OBYTES, m->m_pkthdr.len);
367 M_SETFIB(m, sc->gif_fibnum);
368 /* inner AF-specific encapsulation */
373 proto = IPPROTO_IPV4;
374 if (m->m_len < sizeof(struct ip))
375 m = m_pullup(m, sizeof(struct ip));
380 ip = mtod(m, struct ip *);
381 ip_ecn_ingress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED:
382 ECN_NOCARE, &ecn, &ip->ip_tos);
387 proto = IPPROTO_IPV6;
388 if (m->m_len < sizeof(struct ip6_hdr))
389 m = m_pullup(m, sizeof(struct ip6_hdr));
395 ip6 = mtod(m, struct ip6_hdr *);
396 ip6_ecn_ingress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED:
397 ECN_NOCARE, &t, &ip6->ip6_flow);
398 ecn = (ntohl(t) >> 20) & 0xff;
402 proto = IPPROTO_ETHERIP;
403 M_PREPEND(m, sizeof(struct etherip_header), M_NOWAIT);
408 eth = mtod(m, struct etherip_header *);
410 if ((sc->gif_options & GIF_SEND_REVETHIP) != 0) {
412 eth->eip_resvl = ETHERIP_VERSION;
414 eth->eip_ver = ETHERIP_VERSION;
419 error = EAFNOSUPPORT;
423 /* XXX should we check if our outer source is legal? */
424 /* dispatch to output logic based on outer AF */
425 switch (sc->gif_family) {
428 error = in_gif_output(ifp, m, proto, ecn);
433 error = in6_gif_output(ifp, m, proto, ecn);
441 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
446 gif_qflush(struct ifnet *ifp __unused)
452 gif_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst,
460 error = mac_ifnet_check_transmit(ifp, m);
464 if ((ifp->if_flags & IFF_MONITOR) != 0 ||
465 (ifp->if_flags & IFF_UP) == 0) {
471 * gif may cause infinite recursion calls when misconfigured.
472 * We'll prevent this by detecting loops.
474 * High nesting level may cause stack exhaustion.
475 * We'll prevent this by introducing upper limit.
478 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, NULL);
479 while (mtag != NULL) {
480 if (*(struct ifnet **)(mtag + 1) == ifp) {
482 "gif_output: loop detected on %s\n",
483 (*(struct ifnet **)(mtag + 1))->if_xname);
484 error = EIO; /* is there better errno? */
487 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, mtag);
490 if (gif_called > V_max_gif_nesting) {
492 "gif_output: recursively called too many times(%d)\n",
494 error = EIO; /* is there better errno? */
497 mtag = m_tag_alloc(MTAG_GIF, MTAG_GIF_CALLED, sizeof(struct ifnet *),
503 *(struct ifnet **)(mtag + 1) = ifp;
504 m_tag_prepend(m, mtag);
506 m->m_flags &= ~(M_BCAST|M_MCAST);
507 if (dst->sa_family == AF_UNSPEC)
508 bcopy(dst->sa_data, &af, sizeof(af));
514 * Now save the af in the inbound pkt csum data, this is a cheat since
515 * we are using the inbound csum_data field to carry the af over to
516 * the gif_transmit() routine, avoiding using yet another mtag.
518 m->m_pkthdr.csum_data = af;
519 return (ifp->if_transmit(ifp, m));
521 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
527 gif_input(struct mbuf *m, struct ifnet *ifp, int proto, uint8_t ecn)
529 struct etherip_header *eip;
537 struct gif_softc *sc;
538 struct ether_header *eh;
539 struct ifnet *oldifp;
540 uint32_t gif_options;
549 gif_options = sc->gif_options;
550 m->m_pkthdr.rcvif = ifp;
556 if (m->m_len < sizeof(struct ip))
557 m = m_pullup(m, sizeof(struct ip));
560 ip = mtod(m, struct ip *);
561 if (ip_ecn_egress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED:
562 ECN_NOCARE, &ecn, &ip->ip_tos) == 0) {
571 if (m->m_len < sizeof(struct ip6_hdr))
572 m = m_pullup(m, sizeof(struct ip6_hdr));
575 t = htonl((uint32_t)ecn << 20);
576 ip6 = mtod(m, struct ip6_hdr *);
577 if (ip6_ecn_egress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED:
578 ECN_NOCARE, &t, &ip6->ip6_flow) == 0) {
584 case IPPROTO_ETHERIP:
593 mac_ifnet_create_mbuf(ifp, m);
596 if (bpf_peers_present(ifp->if_bpf)) {
598 bpf_mtap2(ifp->if_bpf, &af1, sizeof(af1), m);
601 if ((ifp->if_flags & IFF_MONITOR) != 0) {
602 if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1);
603 if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);
608 if (ng_gif_input_p != NULL) {
609 (*ng_gif_input_p)(ifp, &m, af);
615 * Put the packet to the network layer input queue according to the
616 * specified address family.
617 * Note: older versions of gif_input directly called network layer
618 * input functions, e.g. ip6_input, here. We changed the policy to
619 * prevent too many recursive calls of such input functions, which
620 * might cause kernel panic. But the change may introduce another
621 * problem; if the input queue is full, packets are discarded.
622 * The kernel stack overflow really happened, and we believed
623 * queue-full rarely occurs, so we changed the policy.
637 n = sizeof(struct etherip_header) + sizeof(struct ether_header);
642 eip = mtod(m, struct etherip_header *);
644 * GIF_ACCEPT_REVETHIP (enabled by default) intentionally
645 * accepts an EtherIP packet with revered version field in
646 * the header. This is a knob for backward compatibility
647 * with FreeBSD 7.2R or prior.
649 if (eip->eip_ver != ETHERIP_VERSION) {
650 if ((gif_options & GIF_ACCEPT_REVETHIP) == 0 ||
651 eip->eip_resvl != ETHERIP_VERSION) {
652 /* discard unknown versions */
657 m_adj(m, sizeof(struct etherip_header));
659 m->m_flags &= ~(M_BCAST|M_MCAST);
660 m->m_pkthdr.rcvif = ifp;
662 if (ifp->if_bridge) {
664 eh = mtod(m, struct ether_header *);
665 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
666 if (ETHER_IS_BROADCAST(eh->ether_dhost))
667 m->m_flags |= M_BCAST;
669 m->m_flags |= M_MCAST;
670 if_inc_counter(ifp, IFCOUNTER_IMCASTS, 1);
672 BRIDGE_INPUT(ifp, m);
674 if (m != NULL && ifp != oldifp) {
676 * The bridge gave us back itself or one of the
677 * members for which the frame is addressed.
688 if (ng_gif_input_orphan_p != NULL)
689 (*ng_gif_input_orphan_p)(ifp, m, af);
695 if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1);
696 if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);
697 M_SETFIB(m, ifp->if_fib);
698 netisr_dispatch(isr, m);
701 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
704 /* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */
706 gif_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
709 struct ifreq *ifr = (struct ifreq*)data;
710 struct sockaddr *dst, *src;
711 struct gif_softc *sc;
713 struct sockaddr_in *sin = NULL;
716 struct sockaddr_in6 *sin6 = NULL;
723 ifp->if_flags |= IFF_UP;
730 if (ifr->ifr_mtu < GIF_MTU_MIN ||
731 ifr->ifr_mtu > GIF_MTU_MAX)
734 ifp->if_mtu = ifr->ifr_mtu;
737 sx_xlock(&gif_ioctl_sx);
747 case SIOCSIFPHYADDR_IN6:
753 src = (struct sockaddr *)
754 &(((struct in_aliasreq *)data)->ifra_addr);
755 dst = (struct sockaddr *)
756 &(((struct in_aliasreq *)data)->ifra_dstaddr);
760 case SIOCSIFPHYADDR_IN6:
761 src = (struct sockaddr *)
762 &(((struct in6_aliasreq *)data)->ifra_addr);
763 dst = (struct sockaddr *)
764 &(((struct in6_aliasreq *)data)->ifra_dstaddr);
770 /* sa_family must be equal */
771 if (src->sa_family != dst->sa_family ||
772 src->sa_len != dst->sa_len)
775 /* validate sa_len */
776 switch (src->sa_family) {
779 if (src->sa_len != sizeof(struct sockaddr_in))
785 if (src->sa_len != sizeof(struct sockaddr_in6))
790 error = EAFNOSUPPORT;
793 /* check sa_family looks sane for the cmd */
794 error = EAFNOSUPPORT;
798 if (src->sa_family == AF_INET)
803 case SIOCSIFPHYADDR_IN6:
804 if (src->sa_family == AF_INET6)
809 error = EADDRNOTAVAIL;
810 switch (src->sa_family) {
813 if (satosin(src)->sin_addr.s_addr == INADDR_ANY ||
814 satosin(dst)->sin_addr.s_addr == INADDR_ANY)
820 if (IN6_IS_ADDR_UNSPECIFIED(&satosin6(src)->sin6_addr)
822 IN6_IS_ADDR_UNSPECIFIED(&satosin6(dst)->sin6_addr))
825 * Check validity of the scope zone ID of the
826 * addresses, and convert it into the kernel
827 * internal form if necessary.
829 error = sa6_embedscope(satosin6(src), 0);
832 error = sa6_embedscope(satosin6(dst), 0);
837 error = gif_set_tunnel(ifp, src, dst);
840 gif_delete_tunnel(ifp);
842 case SIOCGIFPSRCADDR:
843 case SIOCGIFPDSTADDR:
845 case SIOCGIFPSRCADDR_IN6:
846 case SIOCGIFPDSTADDR_IN6:
848 if (sc->gif_family == 0) {
849 error = EADDRNOTAVAIL;
855 case SIOCGIFPSRCADDR:
856 case SIOCGIFPDSTADDR:
857 if (sc->gif_family != AF_INET) {
858 error = EADDRNOTAVAIL;
861 sin = (struct sockaddr_in *)&ifr->ifr_addr;
862 memset(sin, 0, sizeof(*sin));
863 sin->sin_family = AF_INET;
864 sin->sin_len = sizeof(*sin);
868 case SIOCGIFPSRCADDR_IN6:
869 case SIOCGIFPDSTADDR_IN6:
870 if (sc->gif_family != AF_INET6) {
871 error = EADDRNOTAVAIL;
874 sin6 = (struct sockaddr_in6 *)
875 &(((struct in6_ifreq *)data)->ifr_addr);
876 memset(sin6, 0, sizeof(*sin6));
877 sin6->sin6_family = AF_INET6;
878 sin6->sin6_len = sizeof(*sin6);
882 error = EAFNOSUPPORT;
887 case SIOCGIFPSRCADDR:
888 sin->sin_addr = sc->gif_iphdr->ip_src;
890 case SIOCGIFPDSTADDR:
891 sin->sin_addr = sc->gif_iphdr->ip_dst;
895 case SIOCGIFPSRCADDR_IN6:
896 sin6->sin6_addr = sc->gif_ip6hdr->ip6_src;
898 case SIOCGIFPDSTADDR_IN6:
899 sin6->sin6_addr = sc->gif_ip6hdr->ip6_dst;
909 case SIOCGIFPSRCADDR:
910 case SIOCGIFPDSTADDR:
911 error = prison_if(curthread->td_ucred,
912 (struct sockaddr *)sin);
914 memset(sin, 0, sizeof(*sin));
918 case SIOCGIFPSRCADDR_IN6:
919 case SIOCGIFPDSTADDR_IN6:
920 error = prison_if(curthread->td_ucred,
921 (struct sockaddr *)sin6);
923 error = sa6_recoverscope(sin6);
925 memset(sin6, 0, sizeof(*sin6));
930 options = sc->gif_options;
931 error = copyout(&options, ifr->ifr_data, sizeof(options));
934 if ((error = priv_check(curthread, PRIV_NET_GIF)) != 0)
936 error = copyin(ifr->ifr_data, &options, sizeof(options));
939 if (options & ~GIF_OPTMASK)
942 sc->gif_options = options;
950 sx_xunlock(&gif_ioctl_sx);
955 gif_detach(struct gif_softc *sc)
958 sx_assert(&gif_ioctl_sx, SA_XLOCKED);
959 if (sc->gif_ecookie != NULL)
960 encap_detach(sc->gif_ecookie);
961 sc->gif_ecookie = NULL;
965 gif_attach(struct gif_softc *sc, int af)
968 sx_assert(&gif_ioctl_sx, SA_XLOCKED);
972 return (in_gif_attach(sc));
976 return (in6_gif_attach(sc));
979 return (EAFNOSUPPORT);
983 gif_set_tunnel(struct ifnet *ifp, struct sockaddr *src, struct sockaddr *dst)
985 struct gif_softc *sc = ifp->if_softc;
986 struct gif_softc *tsc;
998 /* Disallow parallel tunnels unless instructed otherwise. */
999 if (V_parallel_tunnels == 0) {
1001 LIST_FOREACH(tsc, &V_gif_softc_list, gif_list) {
1002 if (tsc == sc || tsc->gif_family != src->sa_family)
1005 if (tsc->gif_family == AF_INET &&
1006 tsc->gif_iphdr->ip_src.s_addr ==
1007 satosin(src)->sin_addr.s_addr &&
1008 tsc->gif_iphdr->ip_dst.s_addr ==
1009 satosin(dst)->sin_addr.s_addr) {
1010 error = EADDRNOTAVAIL;
1016 if (tsc->gif_family == AF_INET6 &&
1017 IN6_ARE_ADDR_EQUAL(&tsc->gif_ip6hdr->ip6_src,
1018 &satosin6(src)->sin6_addr) &&
1019 IN6_ARE_ADDR_EQUAL(&tsc->gif_ip6hdr->ip6_dst,
1020 &satosin6(dst)->sin6_addr)) {
1021 error = EADDRNOTAVAIL;
1029 switch (src->sa_family) {
1032 hdr = ip = malloc(sizeof(struct ip), M_GIF,
1034 ip->ip_src.s_addr = satosin(src)->sin_addr.s_addr;
1035 ip->ip_dst.s_addr = satosin(dst)->sin_addr.s_addr;
1040 hdr = ip6 = malloc(sizeof(struct ip6_hdr), M_GIF,
1042 ip6->ip6_src = satosin6(src)->sin6_addr;
1043 ip6->ip6_dst = satosin6(dst)->sin6_addr;
1044 ip6->ip6_vfc = IPV6_VERSION;
1048 return (EAFNOSUPPORT);
1051 if (sc->gif_family != src->sa_family)
1053 if (sc->gif_family == 0 ||
1054 sc->gif_family != src->sa_family)
1055 error = gif_attach(sc, src->sa_family);
1058 if (sc->gif_family != 0)
1059 free(sc->gif_hdr, M_GIF);
1060 sc->gif_family = src->sa_family;
1063 #if defined(INET) || defined(INET6)
1066 if (error == 0 && sc->gif_family != 0)
1067 ifp->if_drv_flags |= IFF_DRV_RUNNING;
1069 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
1074 gif_delete_tunnel(struct ifnet *ifp)
1076 struct gif_softc *sc = ifp->if_softc;
1083 family = sc->gif_family;
1088 free(sc->gif_hdr, M_GIF);
1090 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;