2 /* $KAME: if_gif.c,v 1.87 2001/10/19 08:50:27 itojun Exp $ */
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "opt_inet6.h"
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/kernel.h>
40 #include <sys/malloc.h>
42 #include <sys/module.h>
43 #include <sys/socket.h>
44 #include <sys/sockio.h>
45 #include <sys/errno.h>
47 #include <sys/sysctl.h>
48 #include <sys/syslog.h>
50 #include <sys/protosw.h>
52 #include <sys/vimage.h>
53 #include <machine/cpu.h>
56 #include <net/if_clone.h>
57 #include <net/if_types.h>
58 #include <net/netisr.h>
59 #include <net/route.h>
62 #include <netinet/in.h>
63 #include <netinet/in_systm.h>
64 #include <netinet/ip.h>
66 #include <netinet/in_var.h>
67 #include <netinet/in_gif.h>
68 #include <netinet/ip_var.h>
73 #include <netinet/in.h>
75 #include <netinet6/in6_var.h>
76 #include <netinet/ip6.h>
77 #include <netinet6/ip6_var.h>
78 #include <netinet6/scope6_var.h>
79 #include <netinet6/in6_gif.h>
80 #include <netinet6/ip6protosw.h>
83 #include <netinet/ip_encap.h>
84 #include <net/ethernet.h>
85 #include <net/if_bridgevar.h>
86 #include <net/if_gif.h>
88 #include <security/mac/mac_framework.h>
93 * gif_mtx protects the global gif_softc_list.
95 static struct mtx gif_mtx;
96 static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface");
97 static LIST_HEAD(, gif_softc) gif_softc_list;
99 void (*ng_gif_input_p)(struct ifnet *ifp, struct mbuf **mp, int af);
100 void (*ng_gif_input_orphan_p)(struct ifnet *ifp, struct mbuf *m, int af);
101 void (*ng_gif_attach_p)(struct ifnet *ifp);
102 void (*ng_gif_detach_p)(struct ifnet *ifp);
104 static void gif_start(struct ifnet *);
105 static int gif_clone_create(struct if_clone *, int, caddr_t);
106 static void gif_clone_destroy(struct ifnet *);
108 IFC_SIMPLE_DECLARE(gif, 0);
110 static int gifmodevent(module_t, int, void *);
112 SYSCTL_DECL(_net_link);
113 SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0,
114 "Generic Tunnel Interface");
117 * This macro controls the default upper limitation on nesting of gif tunnels.
118 * Since, setting a large value to this macro with a careless configuration
119 * may introduce system crash, we don't allow any nestings by default.
120 * If you need to configure nested gif tunnels, you can define this macro
121 * in your kernel configuration file. However, if you do so, please be
122 * careful to configure the tunnels so that it won't make a loop.
124 #define MAX_GIF_NEST 1
127 static int max_gif_nesting = MAX_GIF_NEST;
129 SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, max_nesting,
130 CTLFLAG_RW, max_gif_nesting, 0, "Max nested tunnels");
133 SYSCTL_DECL(_net_inet6_ip6);
134 SYSCTL_V_INT(V_NET, vnet_gif, _net_inet6_ip6, IPV6CTL_GIF_HLIM,
135 gifhlim, CTLFLAG_RW, ip6_gif_hlim, 0, "");
139 * By default, we disallow creation of multiple tunnels between the same
140 * pair of addresses. Some applications require this functionality so
141 * we allow control over this check here.
144 static int parallel_tunnels = 1;
146 static int parallel_tunnels = 0;
148 SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, parallel_tunnels,
149 CTLFLAG_RW, parallel_tunnels, 0, "Allow parallel tunnels?");
151 /* copy from src/sys/net/if_ethersubr.c */
152 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] =
153 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
154 #ifndef ETHER_IS_BROADCAST
155 #define ETHER_IS_BROADCAST(addr) \
156 (bcmp(etherbroadcastaddr, (addr), ETHER_ADDR_LEN) == 0)
160 gif_clone_create(ifc, unit, params)
161 struct if_clone *ifc;
165 INIT_VNET_GIF(curvnet);
166 struct gif_softc *sc;
168 sc = malloc(sizeof(struct gif_softc), M_GIF, M_WAITOK | M_ZERO);
169 sc->gif_fibnum = curthread->td_proc->p_fibnum;
170 GIF2IFP(sc) = if_alloc(IFT_GIF);
171 if (GIF2IFP(sc) == NULL) {
178 GIF2IFP(sc)->if_softc = sc;
179 if_initname(GIF2IFP(sc), ifc->ifc_name, unit);
181 sc->encap_cookie4 = sc->encap_cookie6 = NULL;
183 GIF2IFP(sc)->if_addrlen = 0;
184 GIF2IFP(sc)->if_mtu = GIF_MTU;
185 GIF2IFP(sc)->if_flags = IFF_POINTOPOINT | IFF_MULTICAST;
187 /* turn off ingress filter */
188 GIF2IFP(sc)->if_flags |= IFF_LINK2;
190 GIF2IFP(sc)->if_ioctl = gif_ioctl;
191 GIF2IFP(sc)->if_start = gif_start;
192 GIF2IFP(sc)->if_output = gif_output;
193 GIF2IFP(sc)->if_snd.ifq_maxlen = IFQ_MAXLEN;
194 if_attach(GIF2IFP(sc));
195 bpfattach(GIF2IFP(sc), DLT_NULL, sizeof(u_int32_t));
196 if (ng_gif_attach_p != NULL)
197 (*ng_gif_attach_p)(GIF2IFP(sc));
200 LIST_INSERT_HEAD(&V_gif_softc_list, sc, gif_list);
201 mtx_unlock(&gif_mtx);
207 gif_clone_destroy(ifp)
211 struct gif_softc *sc = ifp->if_softc;
214 LIST_REMOVE(sc, gif_list);
215 mtx_unlock(&gif_mtx);
217 gif_delete_tunnel(ifp);
219 if (sc->encap_cookie6 != NULL) {
220 err = encap_detach(sc->encap_cookie6);
221 KASSERT(err == 0, ("Unexpected error detaching encap_cookie6"));
225 if (sc->encap_cookie4 != NULL) {
226 err = encap_detach(sc->encap_cookie4);
227 KASSERT(err == 0, ("Unexpected error detaching encap_cookie4"));
231 if (ng_gif_detach_p != NULL)
232 (*ng_gif_detach_p)(ifp);
237 GIF_LOCK_DESTROY(sc);
243 gifmodevent(mod, type, data)
251 mtx_init(&gif_mtx, "gif_mtx", NULL, MTX_DEF);
252 LIST_INIT(&V_gif_softc_list);
253 if_clone_attach(&gif_cloner);
256 V_ip6_gif_hlim = GIF_HLIM;
261 if_clone_detach(&gif_cloner);
262 mtx_destroy(&gif_mtx);
273 static moduledata_t gif_mod = {
279 DECLARE_MODULE(if_gif, gif_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
280 MODULE_VERSION(if_gif, 1);
283 gif_encapcheck(m, off, proto, arg)
284 const struct mbuf *m;
290 struct gif_softc *sc;
292 sc = (struct gif_softc *)arg;
296 if ((GIF2IFP(sc)->if_flags & IFF_UP) == 0)
299 /* no physical address */
300 if (!sc->gif_psrc || !sc->gif_pdst)
312 case IPPROTO_ETHERIP:
319 /* Bail on short packets */
320 if (m->m_pkthdr.len < sizeof(ip))
323 m_copydata(m, 0, sizeof(ip), (caddr_t)&ip);
328 if (sc->gif_psrc->sa_family != AF_INET ||
329 sc->gif_pdst->sa_family != AF_INET)
331 return gif_encapcheck4(m, off, proto, arg);
335 if (m->m_pkthdr.len < sizeof(struct ip6_hdr))
337 if (sc->gif_psrc->sa_family != AF_INET6 ||
338 sc->gif_pdst->sa_family != AF_INET6)
340 return gif_encapcheck6(m, off, proto, arg);
348 gif_start(struct ifnet *ifp)
350 struct gif_softc *sc;
355 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
357 IFQ_DEQUEUE(&ifp->if_snd, m);
361 gif_output(ifp, m, sc->gif_pdst, NULL);
364 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
370 gif_output(ifp, m, dst, rt)
373 struct sockaddr *dst;
374 struct rtentry *rt; /* added in net2 */
376 INIT_VNET_GIF(ifp->if_vnet);
377 struct gif_softc *sc = ifp->if_softc;
384 error = mac_ifnet_check_transmit(ifp, m);
392 * gif may cause infinite recursion calls when misconfigured.
393 * We'll prevent this by detecting loops.
395 * High nesting level may cause stack exhaustion.
396 * We'll prevent this by introducing upper limit.
399 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, NULL);
400 while (mtag != NULL) {
401 if (*(struct ifnet **)(mtag + 1) == ifp) {
403 "gif_output: loop detected on %s\n",
404 (*(struct ifnet **)(mtag + 1))->if_xname);
406 error = EIO; /* is there better errno? */
409 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, mtag);
412 if (gif_called > V_max_gif_nesting) {
414 "gif_output: recursively called too many times(%d)\n",
417 error = EIO; /* is there better errno? */
420 mtag = m_tag_alloc(MTAG_GIF, MTAG_GIF_CALLED, sizeof(struct ifnet *),
427 *(struct ifnet **)(mtag + 1) = ifp;
428 m_tag_prepend(m, mtag);
430 m->m_flags &= ~(M_BCAST|M_MCAST);
434 if (!(ifp->if_flags & IFF_UP) ||
435 sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
442 /* BPF writes need to be handled specially. */
443 if (dst->sa_family == AF_UNSPEC) {
444 bcopy(dst->sa_data, &af, sizeof(af));
449 BPF_MTAP2(ifp, &af, sizeof(af), m);
451 ifp->if_obytes += m->m_pkthdr.len;
453 /* override to IPPROTO_ETHERIP for bridged traffic */
457 M_SETFIB(m, sc->gif_fibnum);
458 /* inner AF-specific encapsulation */
460 /* XXX should we check if our outer source is legal? */
462 /* dispatch to output logic based on outer AF */
463 switch (sc->gif_psrc->sa_family) {
466 error = in_gif_output(ifp, af, m);
471 error = in6_gif_output(ifp, af, m);
487 gif_input(m, af, ifp)
493 struct etherip_header *eip;
494 struct ether_header *eh;
495 struct ifnet *oldifp;
503 m->m_pkthdr.rcvif = ifp;
506 mac_ifnet_create_mbuf(ifp, m);
509 if (bpf_peers_present(ifp->if_bpf)) {
511 bpf_mtap2(ifp->if_bpf, &af1, sizeof(af1), m);
514 if (ng_gif_input_p != NULL) {
515 (*ng_gif_input_p)(ifp, &m, af);
521 * Put the packet to the network layer input queue according to the
522 * specified address family.
523 * Note: older versions of gif_input directly called network layer
524 * input functions, e.g. ip6_input, here. We changed the policy to
525 * prevent too many recursive calls of such input functions, which
526 * might cause kernel panic. But the change may introduce another
527 * problem; if the input queue is full, packets are discarded.
528 * The kernel stack overflow really happened, and we believed
529 * queue-full rarely occurs, so we changed the policy.
543 n = sizeof(struct etherip_header) + sizeof(struct ether_header);
552 eip = mtod(m, struct etherip_header *);
554 (ETHERIP_VERSION & ETHERIP_VER_VERS_MASK)) {
555 /* discard unknown versions */
559 m_adj(m, sizeof(struct etherip_header));
561 m->m_flags &= ~(M_BCAST|M_MCAST);
562 m->m_pkthdr.rcvif = ifp;
564 if (ifp->if_bridge) {
566 eh = mtod(m, struct ether_header *);
567 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
568 if (ETHER_IS_BROADCAST(eh->ether_dhost))
569 m->m_flags |= M_BCAST;
571 m->m_flags |= M_MCAST;
574 BRIDGE_INPUT(ifp, m);
576 if (m != NULL && ifp != oldifp) {
578 * The bridge gave us back itself or one of the
579 * members for which the frame is addressed.
590 if (ng_gif_input_orphan_p != NULL)
591 (*ng_gif_input_orphan_p)(ifp, m, af);
598 ifp->if_ibytes += m->m_pkthdr.len;
599 netisr_dispatch(isr, m);
602 /* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */
604 gif_ioctl(ifp, cmd, data)
609 struct gif_softc *sc = ifp->if_softc;
610 struct ifreq *ifr = (struct ifreq*)data;
612 struct sockaddr *dst, *src;
613 #ifdef SIOCSIFMTU /* xxx */
619 ifp->if_flags |= IFF_UP;
629 #ifdef SIOCSIFMTU /* xxx */
635 if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX)
639 #endif /* SIOCSIFMTU */
645 case SIOCSIFPHYADDR_IN6:
647 case SIOCSLIFPHYADDR:
651 src = (struct sockaddr *)
652 &(((struct in_aliasreq *)data)->ifra_addr);
653 dst = (struct sockaddr *)
654 &(((struct in_aliasreq *)data)->ifra_dstaddr);
658 case SIOCSIFPHYADDR_IN6:
659 src = (struct sockaddr *)
660 &(((struct in6_aliasreq *)data)->ifra_addr);
661 dst = (struct sockaddr *)
662 &(((struct in6_aliasreq *)data)->ifra_dstaddr);
665 case SIOCSLIFPHYADDR:
666 src = (struct sockaddr *)
667 &(((struct if_laddrreq *)data)->addr);
668 dst = (struct sockaddr *)
669 &(((struct if_laddrreq *)data)->dstaddr);
675 /* sa_family must be equal */
676 if (src->sa_family != dst->sa_family)
679 /* validate sa_len */
680 switch (src->sa_family) {
683 if (src->sa_len != sizeof(struct sockaddr_in))
689 if (src->sa_len != sizeof(struct sockaddr_in6))
696 switch (dst->sa_family) {
699 if (dst->sa_len != sizeof(struct sockaddr_in))
705 if (dst->sa_len != sizeof(struct sockaddr_in6))
713 /* check sa_family looks sane for the cmd */
716 if (src->sa_family == AF_INET)
720 case SIOCSIFPHYADDR_IN6:
721 if (src->sa_family == AF_INET6)
725 case SIOCSLIFPHYADDR:
726 /* checks done in the above */
730 error = gif_set_tunnel(GIF2IFP(sc), src, dst);
733 #ifdef SIOCDIFPHYADDR
735 gif_delete_tunnel(GIF2IFP(sc));
739 case SIOCGIFPSRCADDR:
741 case SIOCGIFPSRCADDR_IN6:
743 if (sc->gif_psrc == NULL) {
744 error = EADDRNOTAVAIL;
750 case SIOCGIFPSRCADDR:
751 dst = &ifr->ifr_addr;
752 size = sizeof(ifr->ifr_addr);
756 case SIOCGIFPSRCADDR_IN6:
757 dst = (struct sockaddr *)
758 &(((struct in6_ifreq *)data)->ifr_addr);
759 size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
763 error = EADDRNOTAVAIL;
766 if (src->sa_len > size)
768 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
770 if (dst->sa_family == AF_INET6) {
771 error = sa6_recoverscope((struct sockaddr_in6 *)dst);
778 case SIOCGIFPDSTADDR:
780 case SIOCGIFPDSTADDR_IN6:
782 if (sc->gif_pdst == NULL) {
783 error = EADDRNOTAVAIL;
789 case SIOCGIFPDSTADDR:
790 dst = &ifr->ifr_addr;
791 size = sizeof(ifr->ifr_addr);
795 case SIOCGIFPDSTADDR_IN6:
796 dst = (struct sockaddr *)
797 &(((struct in6_ifreq *)data)->ifr_addr);
798 size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
802 error = EADDRNOTAVAIL;
805 if (src->sa_len > size)
807 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
809 if (dst->sa_family == AF_INET6) {
810 error = sa6_recoverscope((struct sockaddr_in6 *)dst);
817 case SIOCGLIFPHYADDR:
818 if (sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
819 error = EADDRNOTAVAIL;
825 dst = (struct sockaddr *)
826 &(((struct if_laddrreq *)data)->addr);
827 size = sizeof(((struct if_laddrreq *)data)->addr);
828 if (src->sa_len > size)
830 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
834 dst = (struct sockaddr *)
835 &(((struct if_laddrreq *)data)->dstaddr);
836 size = sizeof(((struct if_laddrreq *)data)->dstaddr);
837 if (src->sa_len > size)
839 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
843 /* if_ioctl() takes care of it */
855 * XXXRW: There's a general event-ordering issue here: the code to check
856 * if a given tunnel is already present happens before we perform a
857 * potentially blocking setup of the tunnel. This code needs to be
858 * re-ordered so that the check and replacement can be atomic using
862 gif_set_tunnel(ifp, src, dst)
864 struct sockaddr *src;
865 struct sockaddr *dst;
867 INIT_VNET_GIF(ifp->if_vnet);
868 struct gif_softc *sc = ifp->if_softc;
869 struct gif_softc *sc2;
870 struct sockaddr *osrc, *odst, *sa;
874 LIST_FOREACH(sc2, &V_gif_softc_list, gif_list) {
877 if (!sc2->gif_pdst || !sc2->gif_psrc)
879 if (sc2->gif_pdst->sa_family != dst->sa_family ||
880 sc2->gif_pdst->sa_len != dst->sa_len ||
881 sc2->gif_psrc->sa_family != src->sa_family ||
882 sc2->gif_psrc->sa_len != src->sa_len)
886 * Disallow parallel tunnels unless instructed
889 if (!V_parallel_tunnels &&
890 bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 &&
891 bcmp(sc2->gif_psrc, src, src->sa_len) == 0) {
892 error = EADDRNOTAVAIL;
893 mtx_unlock(&gif_mtx);
897 /* XXX both end must be valid? (I mean, not 0.0.0.0) */
899 mtx_unlock(&gif_mtx);
901 /* XXX we can detach from both, but be polite just in case */
903 switch (sc->gif_psrc->sa_family) {
906 (void)in_gif_detach(sc);
911 (void)in6_gif_detach(sc);
917 sa = (struct sockaddr *)malloc(src->sa_len, M_IFADDR, M_WAITOK);
918 bcopy((caddr_t)src, (caddr_t)sa, src->sa_len);
922 sa = (struct sockaddr *)malloc(dst->sa_len, M_IFADDR, M_WAITOK);
923 bcopy((caddr_t)dst, (caddr_t)sa, dst->sa_len);
926 switch (sc->gif_psrc->sa_family) {
929 error = in_gif_attach(sc);
935 * Check validity of the scope zone ID of the addresses, and
936 * convert it into the kernel internal form if necessary.
938 error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_psrc, 0);
941 error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_pdst, 0);
944 error = in6_gif_attach(sc);
950 free((caddr_t)sc->gif_psrc, M_IFADDR);
951 free((caddr_t)sc->gif_pdst, M_IFADDR);
958 free((caddr_t)osrc, M_IFADDR);
960 free((caddr_t)odst, M_IFADDR);
963 if (sc->gif_psrc && sc->gif_pdst)
964 ifp->if_drv_flags |= IFF_DRV_RUNNING;
966 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
972 gif_delete_tunnel(ifp)
975 struct gif_softc *sc = ifp->if_softc;
978 free((caddr_t)sc->gif_psrc, M_IFADDR);
982 free((caddr_t)sc->gif_pdst, M_IFADDR);
985 /* it is safe to detach from both */
987 (void)in_gif_detach(sc);
990 (void)in6_gif_detach(sc);
992 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;