2 /* $KAME: if_gif.c,v 1.87 2001/10/19 08:50:27 itojun Exp $ */
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "opt_inet6.h"
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/kernel.h>
41 #include <sys/malloc.h>
43 #include <sys/module.h>
44 #include <sys/socket.h>
45 #include <sys/sockio.h>
46 #include <sys/errno.h>
48 #include <sys/sysctl.h>
49 #include <sys/syslog.h>
50 #include <sys/protosw.h>
52 #include <machine/cpu.h>
55 #include <net/if_clone.h>
56 #include <net/if_types.h>
57 #include <net/netisr.h>
58 #include <net/route.h>
61 #include <netinet/in.h>
62 #include <netinet/in_systm.h>
63 #include <netinet/ip.h>
65 #include <netinet/in_var.h>
66 #include <netinet/in_gif.h>
67 #include <netinet/ip_var.h>
72 #include <netinet/in.h>
74 #include <netinet6/in6_var.h>
75 #include <netinet/ip6.h>
76 #include <netinet6/ip6_var.h>
77 #include <netinet6/scope6_var.h>
78 #include <netinet6/in6_gif.h>
79 #include <netinet6/ip6protosw.h>
82 #include <netinet/ip_encap.h>
83 #include <net/ethernet.h>
84 #include <net/if_bridgevar.h>
85 #include <net/if_gif.h>
90 * gif_mtx protects the global gif_softc_list.
92 static struct mtx gif_mtx;
93 static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface");
94 static LIST_HEAD(, gif_softc) gif_softc_list;
96 void (*ng_gif_input_p)(struct ifnet *ifp, struct mbuf **mp, int af);
97 void (*ng_gif_input_orphan_p)(struct ifnet *ifp, struct mbuf *m, int af);
98 void (*ng_gif_attach_p)(struct ifnet *ifp);
99 void (*ng_gif_detach_p)(struct ifnet *ifp);
101 static void gif_start(struct ifnet *);
102 static int gif_clone_create(struct if_clone *, int, caddr_t);
103 static void gif_clone_destroy(struct ifnet *);
105 IFC_SIMPLE_DECLARE(gif, 0);
107 static int gifmodevent(module_t, int, void *);
109 SYSCTL_DECL(_net_link);
110 SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0,
111 "Generic Tunnel Interface");
114 * This macro controls the default upper limitation on nesting of gif tunnels.
115 * Since, setting a large value to this macro with a careless configuration
116 * may introduce system crash, we don't allow any nestings by default.
117 * If you need to configure nested gif tunnels, you can define this macro
118 * in your kernel configuration file. However, if you do so, please be
119 * careful to configure the tunnels so that it won't make a loop.
121 #define MAX_GIF_NEST 1
123 static int max_gif_nesting = MAX_GIF_NEST;
124 SYSCTL_INT(_net_link_gif, OID_AUTO, max_nesting, CTLFLAG_RW,
125 &max_gif_nesting, 0, "Max nested tunnels");
128 * By default, we disallow creation of multiple tunnels between the same
129 * pair of addresses. Some applications require this functionality so
130 * we allow control over this check here.
133 static int parallel_tunnels = 1;
135 static int parallel_tunnels = 0;
137 SYSCTL_INT(_net_link_gif, OID_AUTO, parallel_tunnels, CTLFLAG_RW,
138 ¶llel_tunnels, 0, "Allow parallel tunnels?");
141 gif_clone_create(ifc, unit, params)
142 struct if_clone *ifc;
146 struct gif_softc *sc;
148 sc = malloc(sizeof(struct gif_softc), M_GIF, M_WAITOK | M_ZERO);
149 GIF2IFP(sc) = if_alloc(IFT_GIF);
150 if (GIF2IFP(sc) == NULL) {
157 GIF2IFP(sc)->if_softc = sc;
158 if_initname(GIF2IFP(sc), ifc->ifc_name, unit);
160 sc->encap_cookie4 = sc->encap_cookie6 = NULL;
162 GIF2IFP(sc)->if_addrlen = 0;
163 GIF2IFP(sc)->if_mtu = GIF_MTU;
164 GIF2IFP(sc)->if_flags = IFF_POINTOPOINT | IFF_MULTICAST;
166 /* turn off ingress filter */
167 GIF2IFP(sc)->if_flags |= IFF_LINK2;
169 GIF2IFP(sc)->if_ioctl = gif_ioctl;
170 GIF2IFP(sc)->if_start = gif_start;
171 GIF2IFP(sc)->if_output = gif_output;
172 GIF2IFP(sc)->if_snd.ifq_maxlen = IFQ_MAXLEN;
173 if_attach(GIF2IFP(sc));
174 bpfattach(GIF2IFP(sc), DLT_NULL, sizeof(u_int32_t));
175 if (ng_gif_attach_p != NULL)
176 (*ng_gif_attach_p)(GIF2IFP(sc));
179 LIST_INSERT_HEAD(&gif_softc_list, sc, gif_list);
180 mtx_unlock(&gif_mtx);
186 gif_clone_destroy(ifp)
190 struct gif_softc *sc = ifp->if_softc;
193 LIST_REMOVE(sc, gif_list);
194 mtx_unlock(&gif_mtx);
196 gif_delete_tunnel(ifp);
198 if (sc->encap_cookie6 != NULL) {
199 err = encap_detach(sc->encap_cookie6);
200 KASSERT(err == 0, ("Unexpected error detaching encap_cookie6"));
204 if (sc->encap_cookie4 != NULL) {
205 err = encap_detach(sc->encap_cookie4);
206 KASSERT(err == 0, ("Unexpected error detaching encap_cookie4"));
210 if (ng_gif_detach_p != NULL)
211 (*ng_gif_detach_p)(ifp);
216 GIF_LOCK_DESTROY(sc);
222 gifmodevent(mod, type, data)
230 mtx_init(&gif_mtx, "gif_mtx", NULL, MTX_DEF);
231 LIST_INIT(&gif_softc_list);
232 if_clone_attach(&gif_cloner);
235 ip6_gif_hlim = GIF_HLIM;
240 if_clone_detach(&gif_cloner);
241 mtx_destroy(&gif_mtx);
252 static moduledata_t gif_mod = {
258 DECLARE_MODULE(if_gif, gif_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
259 MODULE_VERSION(if_gif, 1);
262 gif_encapcheck(m, off, proto, arg)
263 const struct mbuf *m;
269 struct gif_softc *sc;
271 sc = (struct gif_softc *)arg;
275 if ((GIF2IFP(sc)->if_flags & IFF_UP) == 0)
278 /* no physical address */
279 if (!sc->gif_psrc || !sc->gif_pdst)
291 case IPPROTO_ETHERIP:
298 /* Bail on short packets */
299 if (m->m_pkthdr.len < sizeof(ip))
302 m_copydata(m, 0, sizeof(ip), (caddr_t)&ip);
307 if (sc->gif_psrc->sa_family != AF_INET ||
308 sc->gif_pdst->sa_family != AF_INET)
310 return gif_encapcheck4(m, off, proto, arg);
314 if (m->m_pkthdr.len < sizeof(struct ip6_hdr))
316 if (sc->gif_psrc->sa_family != AF_INET6 ||
317 sc->gif_pdst->sa_family != AF_INET6)
319 return gif_encapcheck6(m, off, proto, arg);
327 gif_start(struct ifnet *ifp)
329 struct gif_softc *sc;
334 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
336 IFQ_DEQUEUE(&ifp->if_snd, m);
340 gif_output(ifp, m, sc->gif_pdst, NULL);
343 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
349 gif_output(ifp, m, dst, rt)
352 struct sockaddr *dst;
353 struct rtentry *rt; /* added in net2 */
355 struct gif_softc *sc = ifp->if_softc;
362 error = mac_check_ifnet_transmit(ifp, m);
370 * gif may cause infinite recursion calls when misconfigured.
371 * We'll prevent this by detecting loops.
373 * High nesting level may cause stack exhaustion.
374 * We'll prevent this by introducing upper limit.
377 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, NULL);
378 while (mtag != NULL) {
379 if (*(struct ifnet **)(mtag + 1) == ifp) {
381 "gif_output: loop detected on %s\n",
382 (*(struct ifnet **)(mtag + 1))->if_xname);
384 error = EIO; /* is there better errno? */
387 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, mtag);
390 if (gif_called > max_gif_nesting) {
392 "gif_output: recursively called too many times(%d)\n",
395 error = EIO; /* is there better errno? */
398 mtag = m_tag_alloc(MTAG_GIF, MTAG_GIF_CALLED, sizeof(struct ifnet *),
405 *(struct ifnet **)(mtag + 1) = ifp;
406 m_tag_prepend(m, mtag);
408 m->m_flags &= ~(M_BCAST|M_MCAST);
412 if (!(ifp->if_flags & IFF_UP) ||
413 sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
420 /* BPF writes need to be handled specially. */
421 if (dst->sa_family == AF_UNSPEC) {
422 bcopy(dst->sa_data, &af, sizeof(af));
427 BPF_MTAP2(ifp, &af, sizeof(af), m);
429 ifp->if_obytes += m->m_pkthdr.len;
431 /* override to IPPROTO_ETHERIP for bridged traffic */
435 /* inner AF-specific encapsulation */
437 /* XXX should we check if our outer source is legal? */
439 /* dispatch to output logic based on outer AF */
440 switch (sc->gif_psrc->sa_family) {
443 error = in_gif_output(ifp, af, m);
448 error = in6_gif_output(ifp, af, m);
464 gif_input(m, af, ifp)
470 struct etherip_header *eip;
478 m->m_pkthdr.rcvif = ifp;
481 mac_create_mbuf_from_ifnet(ifp, m);
484 if (bpf_peers_present(ifp->if_bpf)) {
486 bpf_mtap2(ifp->if_bpf, &af1, sizeof(af1), m);
489 if (ng_gif_input_p != NULL) {
490 (*ng_gif_input_p)(ifp, &m, af);
496 * Put the packet to the network layer input queue according to the
497 * specified address family.
498 * Note: older versions of gif_input directly called network layer
499 * input functions, e.g. ip6_input, here. We changed the policy to
500 * prevent too many recursive calls of such input functions, which
501 * might cause kernel panic. But the change may introduce another
502 * problem; if the input queue is full, packets are discarded.
503 * The kernel stack overflow really happened, and we believed
504 * queue-full rarely occurs, so we changed the policy.
518 n = sizeof(struct etherip_header) + sizeof(struct ether_header);
527 eip = mtod(m, struct etherip_header *);
529 (ETHERIP_VERSION & ETHERIP_VER_VERS_MASK)) {
530 /* discard unknown versions */
534 m_adj(m, sizeof(struct etherip_header));
536 m->m_flags &= ~(M_BCAST|M_MCAST);
537 m->m_pkthdr.rcvif = ifp;
540 BRIDGE_INPUT(ifp, m);
547 if (ng_gif_input_orphan_p != NULL)
548 (*ng_gif_input_orphan_p)(ifp, m, af);
555 ifp->if_ibytes += m->m_pkthdr.len;
556 netisr_dispatch(isr, m);
559 /* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */
561 gif_ioctl(ifp, cmd, data)
566 struct gif_softc *sc = ifp->if_softc;
567 struct ifreq *ifr = (struct ifreq*)data;
569 struct sockaddr *dst, *src;
570 #ifdef SIOCSIFMTU /* xxx */
576 ifp->if_flags |= IFF_UP;
586 #ifdef SIOCSIFMTU /* xxx */
592 if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX)
596 #endif /* SIOCSIFMTU */
602 case SIOCSIFPHYADDR_IN6:
604 case SIOCSLIFPHYADDR:
608 src = (struct sockaddr *)
609 &(((struct in_aliasreq *)data)->ifra_addr);
610 dst = (struct sockaddr *)
611 &(((struct in_aliasreq *)data)->ifra_dstaddr);
615 case SIOCSIFPHYADDR_IN6:
616 src = (struct sockaddr *)
617 &(((struct in6_aliasreq *)data)->ifra_addr);
618 dst = (struct sockaddr *)
619 &(((struct in6_aliasreq *)data)->ifra_dstaddr);
622 case SIOCSLIFPHYADDR:
623 src = (struct sockaddr *)
624 &(((struct if_laddrreq *)data)->addr);
625 dst = (struct sockaddr *)
626 &(((struct if_laddrreq *)data)->dstaddr);
632 /* sa_family must be equal */
633 if (src->sa_family != dst->sa_family)
636 /* validate sa_len */
637 switch (src->sa_family) {
640 if (src->sa_len != sizeof(struct sockaddr_in))
646 if (src->sa_len != sizeof(struct sockaddr_in6))
653 switch (dst->sa_family) {
656 if (dst->sa_len != sizeof(struct sockaddr_in))
662 if (dst->sa_len != sizeof(struct sockaddr_in6))
670 /* check sa_family looks sane for the cmd */
673 if (src->sa_family == AF_INET)
677 case SIOCSIFPHYADDR_IN6:
678 if (src->sa_family == AF_INET6)
682 case SIOCSLIFPHYADDR:
683 /* checks done in the above */
687 error = gif_set_tunnel(GIF2IFP(sc), src, dst);
690 #ifdef SIOCDIFPHYADDR
692 gif_delete_tunnel(GIF2IFP(sc));
696 case SIOCGIFPSRCADDR:
698 case SIOCGIFPSRCADDR_IN6:
700 if (sc->gif_psrc == NULL) {
701 error = EADDRNOTAVAIL;
707 case SIOCGIFPSRCADDR:
708 dst = &ifr->ifr_addr;
709 size = sizeof(ifr->ifr_addr);
713 case SIOCGIFPSRCADDR_IN6:
714 dst = (struct sockaddr *)
715 &(((struct in6_ifreq *)data)->ifr_addr);
716 size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
720 error = EADDRNOTAVAIL;
723 if (src->sa_len > size)
725 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
727 if (dst->sa_family == AF_INET6) {
728 error = sa6_recoverscope((struct sockaddr_in6 *)dst);
735 case SIOCGIFPDSTADDR:
737 case SIOCGIFPDSTADDR_IN6:
739 if (sc->gif_pdst == NULL) {
740 error = EADDRNOTAVAIL;
746 case SIOCGIFPDSTADDR:
747 dst = &ifr->ifr_addr;
748 size = sizeof(ifr->ifr_addr);
752 case SIOCGIFPDSTADDR_IN6:
753 dst = (struct sockaddr *)
754 &(((struct in6_ifreq *)data)->ifr_addr);
755 size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
759 error = EADDRNOTAVAIL;
762 if (src->sa_len > size)
764 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
766 if (dst->sa_family == AF_INET6) {
767 error = sa6_recoverscope((struct sockaddr_in6 *)dst);
774 case SIOCGLIFPHYADDR:
775 if (sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
776 error = EADDRNOTAVAIL;
782 dst = (struct sockaddr *)
783 &(((struct if_laddrreq *)data)->addr);
784 size = sizeof(((struct if_laddrreq *)data)->addr);
785 if (src->sa_len > size)
787 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
791 dst = (struct sockaddr *)
792 &(((struct if_laddrreq *)data)->dstaddr);
793 size = sizeof(((struct if_laddrreq *)data)->dstaddr);
794 if (src->sa_len > size)
796 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
800 /* if_ioctl() takes care of it */
812 * XXXRW: There's a general event-ordering issue here: the code to check
813 * if a given tunnel is already present happens before we perform a
814 * potentially blocking setup of the tunnel. This code needs to be
815 * re-ordered so that the check and replacement can be atomic using
819 gif_set_tunnel(ifp, src, dst)
821 struct sockaddr *src;
822 struct sockaddr *dst;
824 struct gif_softc *sc = ifp->if_softc;
825 struct gif_softc *sc2;
826 struct sockaddr *osrc, *odst, *sa;
830 LIST_FOREACH(sc2, &gif_softc_list, gif_list) {
833 if (!sc2->gif_pdst || !sc2->gif_psrc)
835 if (sc2->gif_pdst->sa_family != dst->sa_family ||
836 sc2->gif_pdst->sa_len != dst->sa_len ||
837 sc2->gif_psrc->sa_family != src->sa_family ||
838 sc2->gif_psrc->sa_len != src->sa_len)
842 * Disallow parallel tunnels unless instructed
845 if (!parallel_tunnels &&
846 bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 &&
847 bcmp(sc2->gif_psrc, src, src->sa_len) == 0) {
848 error = EADDRNOTAVAIL;
849 mtx_unlock(&gif_mtx);
853 /* XXX both end must be valid? (I mean, not 0.0.0.0) */
855 mtx_unlock(&gif_mtx);
857 /* XXX we can detach from both, but be polite just in case */
859 switch (sc->gif_psrc->sa_family) {
862 (void)in_gif_detach(sc);
867 (void)in6_gif_detach(sc);
873 sa = (struct sockaddr *)malloc(src->sa_len, M_IFADDR, M_WAITOK);
874 bcopy((caddr_t)src, (caddr_t)sa, src->sa_len);
878 sa = (struct sockaddr *)malloc(dst->sa_len, M_IFADDR, M_WAITOK);
879 bcopy((caddr_t)dst, (caddr_t)sa, dst->sa_len);
882 switch (sc->gif_psrc->sa_family) {
885 error = in_gif_attach(sc);
891 * Check validity of the scope zone ID of the addresses, and
892 * convert it into the kernel internal form if necessary.
894 error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_psrc, 0);
897 error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_pdst, 0);
900 error = in6_gif_attach(sc);
906 free((caddr_t)sc->gif_psrc, M_IFADDR);
907 free((caddr_t)sc->gif_pdst, M_IFADDR);
914 free((caddr_t)osrc, M_IFADDR);
916 free((caddr_t)odst, M_IFADDR);
919 if (sc->gif_psrc && sc->gif_pdst)
920 ifp->if_drv_flags |= IFF_DRV_RUNNING;
922 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
928 gif_delete_tunnel(ifp)
931 struct gif_softc *sc = ifp->if_softc;
934 free((caddr_t)sc->gif_psrc, M_IFADDR);
938 free((caddr_t)sc->gif_pdst, M_IFADDR);
941 /* it is safe to detach from both */
943 (void)in_gif_detach(sc);
946 (void)in6_gif_detach(sc);
948 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
projects / FreeBSD / FreeBSD.git / blob