98#ifdef VIMAGE_GLOBALS 99static LIST_HEAD(, gif_softc) gif_softc_list; 100static int max_gif_nesting; 101static int parallel_tunnels; 102#ifdef INET 103int ip_gif_ttl; 104#endif 105#ifdef INET6 106int ip6_gif_hlim; 107#endif 108#endif 109 110void (*ng_gif_input_p)(struct ifnet *ifp, struct mbuf **mp, int af); 111void (*ng_gif_input_orphan_p)(struct ifnet *ifp, struct mbuf *m, int af); 112void (*ng_gif_attach_p)(struct ifnet *ifp); 113void (*ng_gif_detach_p)(struct ifnet *ifp); 114 115static void gif_start(struct ifnet *); 116static int gif_clone_create(struct if_clone *, int, caddr_t); 117static void gif_clone_destroy(struct ifnet *); 118 119IFC_SIMPLE_DECLARE(gif, 0); 120 121static int gifmodevent(module_t, int, void *); 122 123SYSCTL_DECL(_net_link); 124SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0, 125 "Generic Tunnel Interface"); 126#ifndef MAX_GIF_NEST 127/* 128 * This macro controls the default upper limitation on nesting of gif tunnels. 129 * Since, setting a large value to this macro with a careless configuration 130 * may introduce system crash, we don't allow any nestings by default. 131 * If you need to configure nested gif tunnels, you can define this macro 132 * in your kernel configuration file. However, if you do so, please be 133 * careful to configure the tunnels so that it won't make a loop. 134 */ 135#define MAX_GIF_NEST 1 136#endif 137SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, max_nesting, 138 CTLFLAG_RW, max_gif_nesting, 0, "Max nested tunnels"); 139 140#ifdef INET6 141SYSCTL_DECL(_net_inet6_ip6); 142SYSCTL_V_INT(V_NET, vnet_gif, _net_inet6_ip6, IPV6CTL_GIF_HLIM, 143 gifhlim, CTLFLAG_RW, ip6_gif_hlim, 0, ""); 144#endif 145 146/* 147 * By default, we disallow creation of multiple tunnels between the same 148 * pair of addresses. Some applications require this functionality so 149 * we allow control over this check here. 150 */ 151SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, parallel_tunnels, 152 CTLFLAG_RW, parallel_tunnels, 0, "Allow parallel tunnels?"); 153 154/* copy from src/sys/net/if_ethersubr.c */ 155static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 156 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 157#ifndef ETHER_IS_BROADCAST 158#define ETHER_IS_BROADCAST(addr) \ 159 (bcmp(etherbroadcastaddr, (addr), ETHER_ADDR_LEN) == 0) 160#endif 161 162static int 163gif_clone_create(ifc, unit, params) 164 struct if_clone *ifc; 165 int unit; 166 caddr_t params; 167{ 168 INIT_VNET_GIF(curvnet); 169 struct gif_softc *sc; 170 171 sc = malloc(sizeof(struct gif_softc), M_GIF, M_WAITOK | M_ZERO); 172 sc->gif_fibnum = curthread->td_proc->p_fibnum; 173 GIF2IFP(sc) = if_alloc(IFT_GIF); 174 if (GIF2IFP(sc) == NULL) { 175 free(sc, M_GIF); 176 return (ENOSPC); 177 } 178 179 GIF_LOCK_INIT(sc); 180 181 GIF2IFP(sc)->if_softc = sc; 182 if_initname(GIF2IFP(sc), ifc->ifc_name, unit); 183 184 sc->encap_cookie4 = sc->encap_cookie6 = NULL; 185 186 GIF2IFP(sc)->if_addrlen = 0; 187 GIF2IFP(sc)->if_mtu = GIF_MTU; 188 GIF2IFP(sc)->if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 189#if 0 190 /* turn off ingress filter */ 191 GIF2IFP(sc)->if_flags |= IFF_LINK2; 192#endif 193 GIF2IFP(sc)->if_ioctl = gif_ioctl; 194 GIF2IFP(sc)->if_start = gif_start; 195 GIF2IFP(sc)->if_output = gif_output; 196 GIF2IFP(sc)->if_snd.ifq_maxlen = IFQ_MAXLEN; 197 if_attach(GIF2IFP(sc)); 198 bpfattach(GIF2IFP(sc), DLT_NULL, sizeof(u_int32_t)); 199 if (ng_gif_attach_p != NULL) 200 (*ng_gif_attach_p)(GIF2IFP(sc)); 201 202 mtx_lock(&gif_mtx); 203 LIST_INSERT_HEAD(&V_gif_softc_list, sc, gif_list); 204 mtx_unlock(&gif_mtx); 205 206 return (0); 207} 208 209static void 210gif_clone_destroy(ifp) 211 struct ifnet *ifp; 212{ 213#if defined(INET) || defined(INET6) 214 int err; 215#endif 216 struct gif_softc *sc = ifp->if_softc; 217 218 mtx_lock(&gif_mtx); 219 LIST_REMOVE(sc, gif_list); 220 mtx_unlock(&gif_mtx); 221 222 gif_delete_tunnel(ifp); 223#ifdef INET6 224 if (sc->encap_cookie6 != NULL) { 225 err = encap_detach(sc->encap_cookie6); 226 KASSERT(err == 0, ("Unexpected error detaching encap_cookie6")); 227 } 228#endif 229#ifdef INET 230 if (sc->encap_cookie4 != NULL) { 231 err = encap_detach(sc->encap_cookie4); 232 KASSERT(err == 0, ("Unexpected error detaching encap_cookie4")); 233 } 234#endif 235 236 if (ng_gif_detach_p != NULL) 237 (*ng_gif_detach_p)(ifp); 238 bpfdetach(ifp); 239 if_detach(ifp); 240 if_free(ifp); 241 242 GIF_LOCK_DESTROY(sc); 243 244 free(sc, M_GIF); 245} 246 247static int 248gifmodevent(mod, type, data) 249 module_t mod; 250 int type; 251 void *data; 252{ 253 254 switch (type) { 255 case MOD_LOAD: 256 mtx_init(&gif_mtx, "gif_mtx", NULL, MTX_DEF); 257 258 LIST_INIT(&V_gif_softc_list); 259 V_max_gif_nesting = MAX_GIF_NEST; 260#ifdef XBONEHACK 261 V_parallel_tunnels = 1; 262#else 263 V_parallel_tunnels = 0; 264#endif 265#ifdef INET 266 V_ip_gif_ttl = GIF_TTL; 267#endif 268#ifdef INET6 269 V_ip6_gif_hlim = GIF_HLIM; 270#endif 271 if_clone_attach(&gif_cloner); 272 273 break; 274 case MOD_UNLOAD: 275 if_clone_detach(&gif_cloner); 276 mtx_destroy(&gif_mtx); 277#ifdef INET6 278 V_ip6_gif_hlim = 0; 279#endif 280 break; 281 default: 282 return EOPNOTSUPP; 283 } 284 return 0; 285} 286 287static moduledata_t gif_mod = { 288 "if_gif", 289 gifmodevent, 290 0 291}; 292 293DECLARE_MODULE(if_gif, gif_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 294MODULE_VERSION(if_gif, 1); 295 296int 297gif_encapcheck(m, off, proto, arg) 298 const struct mbuf *m; 299 int off; 300 int proto; 301 void *arg; 302{ 303 struct ip ip; 304 struct gif_softc *sc; 305 306 sc = (struct gif_softc *)arg; 307 if (sc == NULL) 308 return 0; 309 310 if ((GIF2IFP(sc)->if_flags & IFF_UP) == 0) 311 return 0; 312 313 /* no physical address */ 314 if (!sc->gif_psrc || !sc->gif_pdst) 315 return 0; 316 317 switch (proto) { 318#ifdef INET 319 case IPPROTO_IPV4: 320 break; 321#endif 322#ifdef INET6 323 case IPPROTO_IPV6: 324 break; 325#endif 326 case IPPROTO_ETHERIP: 327 break; 328 329 default: 330 return 0; 331 } 332 333 /* Bail on short packets */ 334 if (m->m_pkthdr.len < sizeof(ip)) 335 return 0; 336 337 m_copydata(m, 0, sizeof(ip), (caddr_t)&ip); 338 339 switch (ip.ip_v) { 340#ifdef INET 341 case 4: 342 if (sc->gif_psrc->sa_family != AF_INET || 343 sc->gif_pdst->sa_family != AF_INET) 344 return 0; 345 return gif_encapcheck4(m, off, proto, arg); 346#endif 347#ifdef INET6 348 case 6: 349 if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) 350 return 0; 351 if (sc->gif_psrc->sa_family != AF_INET6 || 352 sc->gif_pdst->sa_family != AF_INET6) 353 return 0; 354 return gif_encapcheck6(m, off, proto, arg); 355#endif 356 default: 357 return 0; 358 } 359} 360 361static void 362gif_start(struct ifnet *ifp) 363{ 364 struct gif_softc *sc; 365 struct mbuf *m; 366 367 sc = ifp->if_softc; 368 369 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 370 for (;;) { 371 IFQ_DEQUEUE(&ifp->if_snd, m); 372 if (m == 0) 373 break; 374 375 gif_output(ifp, m, sc->gif_pdst, NULL); 376 377 } 378 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 379 380 return; 381} 382 383int 384gif_output(ifp, m, dst, rt) 385 struct ifnet *ifp; 386 struct mbuf *m; 387 struct sockaddr *dst; 388 struct rtentry *rt; /* added in net2 */ 389{ 390 INIT_VNET_GIF(ifp->if_vnet); 391 struct gif_softc *sc = ifp->if_softc; 392 struct m_tag *mtag; 393 int error = 0; 394 int gif_called; 395 u_int32_t af; 396 397#ifdef MAC 398 error = mac_ifnet_check_transmit(ifp, m); 399 if (error) { 400 m_freem(m); 401 goto end; 402 } 403#endif 404 405 /* 406 * gif may cause infinite recursion calls when misconfigured. 407 * We'll prevent this by detecting loops. 408 * 409 * High nesting level may cause stack exhaustion. 410 * We'll prevent this by introducing upper limit. 411 */ 412 gif_called = 1; 413 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, NULL); 414 while (mtag != NULL) { 415 if (*(struct ifnet **)(mtag + 1) == ifp) { 416 log(LOG_NOTICE, 417 "gif_output: loop detected on %s\n", 418 (*(struct ifnet **)(mtag + 1))->if_xname); 419 m_freem(m); 420 error = EIO; /* is there better errno? */ 421 goto end; 422 } 423 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, mtag); 424 gif_called++; 425 } 426 if (gif_called > V_max_gif_nesting) { 427 log(LOG_NOTICE, 428 "gif_output: recursively called too many times(%d)\n", 429 gif_called); 430 m_freem(m); 431 error = EIO; /* is there better errno? */ 432 goto end; 433 } 434 mtag = m_tag_alloc(MTAG_GIF, MTAG_GIF_CALLED, sizeof(struct ifnet *), 435 M_NOWAIT); 436 if (mtag == NULL) { 437 m_freem(m); 438 error = ENOMEM; 439 goto end; 440 } 441 *(struct ifnet **)(mtag + 1) = ifp; 442 m_tag_prepend(m, mtag); 443 444 m->m_flags &= ~(M_BCAST|M_MCAST); 445 446 GIF_LOCK(sc); 447 448 if (!(ifp->if_flags & IFF_UP) || 449 sc->gif_psrc == NULL || sc->gif_pdst == NULL) { 450 GIF_UNLOCK(sc); 451 m_freem(m); 452 error = ENETDOWN; 453 goto end; 454 } 455 456 /* BPF writes need to be handled specially. */ 457 if (dst->sa_family == AF_UNSPEC) { 458 bcopy(dst->sa_data, &af, sizeof(af)); 459 dst->sa_family = af; 460 } 461 462 af = dst->sa_family; 463 BPF_MTAP2(ifp, &af, sizeof(af), m); 464 ifp->if_opackets++; 465 ifp->if_obytes += m->m_pkthdr.len; 466 467 /* override to IPPROTO_ETHERIP for bridged traffic */ 468 if (ifp->if_bridge) 469 af = AF_LINK; 470 471 M_SETFIB(m, sc->gif_fibnum); 472 /* inner AF-specific encapsulation */ 473 474 /* XXX should we check if our outer source is legal? */ 475 476 /* dispatch to output logic based on outer AF */ 477 switch (sc->gif_psrc->sa_family) { 478#ifdef INET 479 case AF_INET: 480 error = in_gif_output(ifp, af, m); 481 break; 482#endif 483#ifdef INET6 484 case AF_INET6: 485 error = in6_gif_output(ifp, af, m); 486 break; 487#endif 488 default: 489 m_freem(m); 490 error = ENETDOWN; 491 } 492 493 GIF_UNLOCK(sc); 494 end: 495 if (error) 496 ifp->if_oerrors++; 497 return (error); 498} 499 500void 501gif_input(m, af, ifp) 502 struct mbuf *m; 503 int af; 504 struct ifnet *ifp; 505{ 506 int isr, n; 507 struct etherip_header *eip; 508 struct ether_header *eh; 509 struct ifnet *oldifp; 510 511 if (ifp == NULL) { 512 /* just in case */ 513 m_freem(m); 514 return; 515 } 516 517 m->m_pkthdr.rcvif = ifp; 518 519#ifdef MAC 520 mac_ifnet_create_mbuf(ifp, m); 521#endif 522 523 if (bpf_peers_present(ifp->if_bpf)) { 524 u_int32_t af1 = af; 525 bpf_mtap2(ifp->if_bpf, &af1, sizeof(af1), m); 526 } 527 528 if (ng_gif_input_p != NULL) { 529 (*ng_gif_input_p)(ifp, &m, af); 530 if (m == NULL) 531 return; 532 } 533 534 /* 535 * Put the packet to the network layer input queue according to the 536 * specified address family. 537 * Note: older versions of gif_input directly called network layer 538 * input functions, e.g. ip6_input, here. We changed the policy to 539 * prevent too many recursive calls of such input functions, which 540 * might cause kernel panic. But the change may introduce another 541 * problem; if the input queue is full, packets are discarded. 542 * The kernel stack overflow really happened, and we believed 543 * queue-full rarely occurs, so we changed the policy. 544 */ 545 switch (af) { 546#ifdef INET 547 case AF_INET: 548 isr = NETISR_IP; 549 break; 550#endif 551#ifdef INET6 552 case AF_INET6: 553 isr = NETISR_IPV6; 554 break; 555#endif 556 case AF_LINK: 557 n = sizeof(struct etherip_header) + sizeof(struct ether_header); 558 if (n > m->m_len) { 559 m = m_pullup(m, n); 560 if (m == NULL) { 561 ifp->if_ierrors++; 562 return; 563 } 564 } 565 566 eip = mtod(m, struct etherip_header *); 567 if (eip->eip_ver != 568 (ETHERIP_VERSION & ETHERIP_VER_VERS_MASK)) { 569 /* discard unknown versions */ 570 m_freem(m); 571 return; 572 } 573 m_adj(m, sizeof(struct etherip_header)); 574 575 m->m_flags &= ~(M_BCAST|M_MCAST); 576 m->m_pkthdr.rcvif = ifp; 577 578 if (ifp->if_bridge) { 579 oldifp = ifp; 580 eh = mtod(m, struct ether_header *); 581 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 582 if (ETHER_IS_BROADCAST(eh->ether_dhost)) 583 m->m_flags |= M_BCAST; 584 else 585 m->m_flags |= M_MCAST; 586 ifp->if_imcasts++; 587 } 588 BRIDGE_INPUT(ifp, m); 589 590 if (m != NULL && ifp != oldifp) { 591 /* 592 * The bridge gave us back itself or one of the 593 * members for which the frame is addressed. 594 */ 595 ether_demux(ifp, m); 596 return; 597 } 598 } 599 if (m != NULL) 600 m_freem(m); 601 return; 602 603 default: 604 if (ng_gif_input_orphan_p != NULL) 605 (*ng_gif_input_orphan_p)(ifp, m, af); 606 else 607 m_freem(m); 608 return; 609 } 610 611 ifp->if_ipackets++; 612 ifp->if_ibytes += m->m_pkthdr.len; 613 netisr_dispatch(isr, m); 614} 615 616/* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */ 617int 618gif_ioctl(ifp, cmd, data) 619 struct ifnet *ifp; 620 u_long cmd; 621 caddr_t data; 622{ 623 struct gif_softc *sc = ifp->if_softc; 624 struct ifreq *ifr = (struct ifreq*)data; 625 int error = 0, size; 626 struct sockaddr *dst, *src; 627#ifdef SIOCSIFMTU /* xxx */ 628 u_long mtu; 629#endif 630 631 switch (cmd) { 632 case SIOCSIFADDR: 633 ifp->if_flags |= IFF_UP; 634 break; 635 636 case SIOCSIFDSTADDR: 637 break; 638 639 case SIOCADDMULTI: 640 case SIOCDELMULTI: 641 break; 642 643#ifdef SIOCSIFMTU /* xxx */ 644 case SIOCGIFMTU: 645 break; 646 647 case SIOCSIFMTU: 648 mtu = ifr->ifr_mtu; 649 if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX) 650 return (EINVAL); 651 ifp->if_mtu = mtu; 652 break; 653#endif /* SIOCSIFMTU */ 654 655#ifdef INET 656 case SIOCSIFPHYADDR: 657#endif 658#ifdef INET6 659 case SIOCSIFPHYADDR_IN6: 660#endif /* INET6 */ 661 case SIOCSLIFPHYADDR: 662 switch (cmd) { 663#ifdef INET 664 case SIOCSIFPHYADDR: 665 src = (struct sockaddr *) 666 &(((struct in_aliasreq *)data)->ifra_addr); 667 dst = (struct sockaddr *) 668 &(((struct in_aliasreq *)data)->ifra_dstaddr); 669 break; 670#endif 671#ifdef INET6 672 case SIOCSIFPHYADDR_IN6: 673 src = (struct sockaddr *) 674 &(((struct in6_aliasreq *)data)->ifra_addr); 675 dst = (struct sockaddr *) 676 &(((struct in6_aliasreq *)data)->ifra_dstaddr); 677 break; 678#endif 679 case SIOCSLIFPHYADDR: 680 src = (struct sockaddr *) 681 &(((struct if_laddrreq *)data)->addr); 682 dst = (struct sockaddr *) 683 &(((struct if_laddrreq *)data)->dstaddr); 684 break; 685 default: 686 return EINVAL; 687 } 688 689 /* sa_family must be equal */ 690 if (src->sa_family != dst->sa_family) 691 return EINVAL; 692 693 /* validate sa_len */ 694 switch (src->sa_family) { 695#ifdef INET 696 case AF_INET: 697 if (src->sa_len != sizeof(struct sockaddr_in)) 698 return EINVAL; 699 break; 700#endif 701#ifdef INET6 702 case AF_INET6: 703 if (src->sa_len != sizeof(struct sockaddr_in6)) 704 return EINVAL; 705 break; 706#endif 707 default: 708 return EAFNOSUPPORT; 709 } 710 switch (dst->sa_family) { 711#ifdef INET 712 case AF_INET: 713 if (dst->sa_len != sizeof(struct sockaddr_in)) 714 return EINVAL; 715 break; 716#endif 717#ifdef INET6 718 case AF_INET6: 719 if (dst->sa_len != sizeof(struct sockaddr_in6)) 720 return EINVAL; 721 break; 722#endif 723 default: 724 return EAFNOSUPPORT; 725 } 726 727 /* check sa_family looks sane for the cmd */ 728 switch (cmd) { 729 case SIOCSIFPHYADDR: 730 if (src->sa_family == AF_INET) 731 break; 732 return EAFNOSUPPORT; 733#ifdef INET6 734 case SIOCSIFPHYADDR_IN6: 735 if (src->sa_family == AF_INET6) 736 break; 737 return EAFNOSUPPORT; 738#endif /* INET6 */ 739 case SIOCSLIFPHYADDR: 740 /* checks done in the above */ 741 break; 742 } 743 744 error = gif_set_tunnel(GIF2IFP(sc), src, dst); 745 break; 746 747#ifdef SIOCDIFPHYADDR 748 case SIOCDIFPHYADDR: 749 gif_delete_tunnel(GIF2IFP(sc)); 750 break; 751#endif 752 753 case SIOCGIFPSRCADDR: 754#ifdef INET6 755 case SIOCGIFPSRCADDR_IN6: 756#endif /* INET6 */ 757 if (sc->gif_psrc == NULL) { 758 error = EADDRNOTAVAIL; 759 goto bad; 760 } 761 src = sc->gif_psrc; 762 switch (cmd) { 763#ifdef INET 764 case SIOCGIFPSRCADDR: 765 dst = &ifr->ifr_addr; 766 size = sizeof(ifr->ifr_addr); 767 break; 768#endif /* INET */ 769#ifdef INET6 770 case SIOCGIFPSRCADDR_IN6: 771 dst = (struct sockaddr *) 772 &(((struct in6_ifreq *)data)->ifr_addr); 773 size = sizeof(((struct in6_ifreq *)data)->ifr_addr); 774 break; 775#endif /* INET6 */ 776 default: 777 error = EADDRNOTAVAIL; 778 goto bad; 779 } 780 if (src->sa_len > size) 781 return EINVAL; 782 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 783#ifdef INET6 784 if (dst->sa_family == AF_INET6) { 785 error = sa6_recoverscope((struct sockaddr_in6 *)dst); 786 if (error != 0) 787 return (error); 788 } 789#endif 790 break; 791 792 case SIOCGIFPDSTADDR: 793#ifdef INET6 794 case SIOCGIFPDSTADDR_IN6: 795#endif /* INET6 */ 796 if (sc->gif_pdst == NULL) { 797 error = EADDRNOTAVAIL; 798 goto bad; 799 } 800 src = sc->gif_pdst; 801 switch (cmd) { 802#ifdef INET 803 case SIOCGIFPDSTADDR: 804 dst = &ifr->ifr_addr; 805 size = sizeof(ifr->ifr_addr); 806 break; 807#endif /* INET */ 808#ifdef INET6 809 case SIOCGIFPDSTADDR_IN6: 810 dst = (struct sockaddr *) 811 &(((struct in6_ifreq *)data)->ifr_addr); 812 size = sizeof(((struct in6_ifreq *)data)->ifr_addr); 813 break; 814#endif /* INET6 */ 815 default: 816 error = EADDRNOTAVAIL; 817 goto bad; 818 } 819 if (src->sa_len > size) 820 return EINVAL; 821 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 822#ifdef INET6 823 if (dst->sa_family == AF_INET6) { 824 error = sa6_recoverscope((struct sockaddr_in6 *)dst); 825 if (error != 0) 826 return (error); 827 } 828#endif 829 break; 830 831 case SIOCGLIFPHYADDR: 832 if (sc->gif_psrc == NULL || sc->gif_pdst == NULL) { 833 error = EADDRNOTAVAIL; 834 goto bad; 835 } 836 837 /* copy src */ 838 src = sc->gif_psrc; 839 dst = (struct sockaddr *) 840 &(((struct if_laddrreq *)data)->addr); 841 size = sizeof(((struct if_laddrreq *)data)->addr); 842 if (src->sa_len > size) 843 return EINVAL; 844 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 845 846 /* copy dst */ 847 src = sc->gif_pdst; 848 dst = (struct sockaddr *) 849 &(((struct if_laddrreq *)data)->dstaddr); 850 size = sizeof(((struct if_laddrreq *)data)->dstaddr); 851 if (src->sa_len > size) 852 return EINVAL; 853 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 854 break; 855 856 case SIOCSIFFLAGS: 857 /* if_ioctl() takes care of it */ 858 break; 859 860 default: 861 error = EINVAL; 862 break; 863 } 864 bad: 865 return error; 866} 867 868/* 869 * XXXRW: There's a general event-ordering issue here: the code to check 870 * if a given tunnel is already present happens before we perform a 871 * potentially blocking setup of the tunnel. This code needs to be 872 * re-ordered so that the check and replacement can be atomic using 873 * a mutex. 874 */ 875int 876gif_set_tunnel(ifp, src, dst) 877 struct ifnet *ifp; 878 struct sockaddr *src; 879 struct sockaddr *dst; 880{ 881 INIT_VNET_GIF(ifp->if_vnet); 882 struct gif_softc *sc = ifp->if_softc; 883 struct gif_softc *sc2; 884 struct sockaddr *osrc, *odst, *sa; 885 int error = 0; 886 887 mtx_lock(&gif_mtx); 888 LIST_FOREACH(sc2, &V_gif_softc_list, gif_list) { 889 if (sc2 == sc) 890 continue; 891 if (!sc2->gif_pdst || !sc2->gif_psrc) 892 continue; 893 if (sc2->gif_pdst->sa_family != dst->sa_family || 894 sc2->gif_pdst->sa_len != dst->sa_len || 895 sc2->gif_psrc->sa_family != src->sa_family || 896 sc2->gif_psrc->sa_len != src->sa_len) 897 continue; 898 899 /* 900 * Disallow parallel tunnels unless instructed 901 * otherwise. 902 */ 903 if (!V_parallel_tunnels && 904 bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 && 905 bcmp(sc2->gif_psrc, src, src->sa_len) == 0) { 906 error = EADDRNOTAVAIL; 907 mtx_unlock(&gif_mtx); 908 goto bad; 909 } 910 911 /* XXX both end must be valid? (I mean, not 0.0.0.0) */ 912 } 913 mtx_unlock(&gif_mtx); 914 915 /* XXX we can detach from both, but be polite just in case */ 916 if (sc->gif_psrc) 917 switch (sc->gif_psrc->sa_family) { 918#ifdef INET 919 case AF_INET: 920 (void)in_gif_detach(sc); 921 break; 922#endif 923#ifdef INET6 924 case AF_INET6: 925 (void)in6_gif_detach(sc); 926 break; 927#endif 928 } 929 930 osrc = sc->gif_psrc; 931 sa = (struct sockaddr *)malloc(src->sa_len, M_IFADDR, M_WAITOK); 932 bcopy((caddr_t)src, (caddr_t)sa, src->sa_len); 933 sc->gif_psrc = sa; 934 935 odst = sc->gif_pdst; 936 sa = (struct sockaddr *)malloc(dst->sa_len, M_IFADDR, M_WAITOK); 937 bcopy((caddr_t)dst, (caddr_t)sa, dst->sa_len); 938 sc->gif_pdst = sa; 939 940 switch (sc->gif_psrc->sa_family) { 941#ifdef INET 942 case AF_INET: 943 error = in_gif_attach(sc); 944 break; 945#endif 946#ifdef INET6 947 case AF_INET6: 948 /* 949 * Check validity of the scope zone ID of the addresses, and 950 * convert it into the kernel internal form if necessary. 951 */ 952 error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_psrc, 0); 953 if (error != 0) 954 break; 955 error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_pdst, 0); 956 if (error != 0) 957 break; 958 error = in6_gif_attach(sc); 959 break; 960#endif 961 } 962 if (error) { 963 /* rollback */ 964 free((caddr_t)sc->gif_psrc, M_IFADDR); 965 free((caddr_t)sc->gif_pdst, M_IFADDR); 966 sc->gif_psrc = osrc; 967 sc->gif_pdst = odst; 968 goto bad; 969 } 970 971 if (osrc) 972 free((caddr_t)osrc, M_IFADDR); 973 if (odst) 974 free((caddr_t)odst, M_IFADDR); 975 976 bad: 977 if (sc->gif_psrc && sc->gif_pdst) 978 ifp->if_drv_flags |= IFF_DRV_RUNNING; 979 else 980 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 981 982 return error; 983} 984 985void 986gif_delete_tunnel(ifp) 987 struct ifnet *ifp; 988{ 989 struct gif_softc *sc = ifp->if_softc; 990 991 if (sc->gif_psrc) { 992 free((caddr_t)sc->gif_psrc, M_IFADDR); 993 sc->gif_psrc = NULL; 994 } 995 if (sc->gif_pdst) { 996 free((caddr_t)sc->gif_pdst, M_IFADDR); 997 sc->gif_pdst = NULL; 998 } 999 /* it is safe to detach from both */ 1000#ifdef INET 1001 (void)in_gif_detach(sc); 1002#endif 1003#ifdef INET6 1004 (void)in6_gif_detach(sc); 1005#endif 1006 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1007}
| 104#ifdef VIMAGE_GLOBALS 105static LIST_HEAD(, gif_softc) gif_softc_list; 106static int max_gif_nesting; 107static int parallel_tunnels; 108#ifdef INET 109int ip_gif_ttl; 110#endif 111#ifdef INET6 112int ip6_gif_hlim; 113#endif 114#endif 115 116void (*ng_gif_input_p)(struct ifnet *ifp, struct mbuf **mp, int af); 117void (*ng_gif_input_orphan_p)(struct ifnet *ifp, struct mbuf *m, int af); 118void (*ng_gif_attach_p)(struct ifnet *ifp); 119void (*ng_gif_detach_p)(struct ifnet *ifp); 120 121static void gif_start(struct ifnet *); 122static int gif_clone_create(struct if_clone *, int, caddr_t); 123static void gif_clone_destroy(struct ifnet *); 124 125IFC_SIMPLE_DECLARE(gif, 0); 126 127static int gifmodevent(module_t, int, void *); 128 129SYSCTL_DECL(_net_link); 130SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0, 131 "Generic Tunnel Interface"); 132#ifndef MAX_GIF_NEST 133/* 134 * This macro controls the default upper limitation on nesting of gif tunnels. 135 * Since, setting a large value to this macro with a careless configuration 136 * may introduce system crash, we don't allow any nestings by default. 137 * If you need to configure nested gif tunnels, you can define this macro 138 * in your kernel configuration file. However, if you do so, please be 139 * careful to configure the tunnels so that it won't make a loop. 140 */ 141#define MAX_GIF_NEST 1 142#endif 143SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, max_nesting, 144 CTLFLAG_RW, max_gif_nesting, 0, "Max nested tunnels"); 145 146#ifdef INET6 147SYSCTL_DECL(_net_inet6_ip6); 148SYSCTL_V_INT(V_NET, vnet_gif, _net_inet6_ip6, IPV6CTL_GIF_HLIM, 149 gifhlim, CTLFLAG_RW, ip6_gif_hlim, 0, ""); 150#endif 151 152/* 153 * By default, we disallow creation of multiple tunnels between the same 154 * pair of addresses. Some applications require this functionality so 155 * we allow control over this check here. 156 */ 157SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, parallel_tunnels, 158 CTLFLAG_RW, parallel_tunnels, 0, "Allow parallel tunnels?"); 159 160/* copy from src/sys/net/if_ethersubr.c */ 161static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 162 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 163#ifndef ETHER_IS_BROADCAST 164#define ETHER_IS_BROADCAST(addr) \ 165 (bcmp(etherbroadcastaddr, (addr), ETHER_ADDR_LEN) == 0) 166#endif 167 168static int 169gif_clone_create(ifc, unit, params) 170 struct if_clone *ifc; 171 int unit; 172 caddr_t params; 173{ 174 INIT_VNET_GIF(curvnet); 175 struct gif_softc *sc; 176 177 sc = malloc(sizeof(struct gif_softc), M_GIF, M_WAITOK | M_ZERO); 178 sc->gif_fibnum = curthread->td_proc->p_fibnum; 179 GIF2IFP(sc) = if_alloc(IFT_GIF); 180 if (GIF2IFP(sc) == NULL) { 181 free(sc, M_GIF); 182 return (ENOSPC); 183 } 184 185 GIF_LOCK_INIT(sc); 186 187 GIF2IFP(sc)->if_softc = sc; 188 if_initname(GIF2IFP(sc), ifc->ifc_name, unit); 189 190 sc->encap_cookie4 = sc->encap_cookie6 = NULL; 191 192 GIF2IFP(sc)->if_addrlen = 0; 193 GIF2IFP(sc)->if_mtu = GIF_MTU; 194 GIF2IFP(sc)->if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 195#if 0 196 /* turn off ingress filter */ 197 GIF2IFP(sc)->if_flags |= IFF_LINK2; 198#endif 199 GIF2IFP(sc)->if_ioctl = gif_ioctl; 200 GIF2IFP(sc)->if_start = gif_start; 201 GIF2IFP(sc)->if_output = gif_output; 202 GIF2IFP(sc)->if_snd.ifq_maxlen = IFQ_MAXLEN; 203 if_attach(GIF2IFP(sc)); 204 bpfattach(GIF2IFP(sc), DLT_NULL, sizeof(u_int32_t)); 205 if (ng_gif_attach_p != NULL) 206 (*ng_gif_attach_p)(GIF2IFP(sc)); 207 208 mtx_lock(&gif_mtx); 209 LIST_INSERT_HEAD(&V_gif_softc_list, sc, gif_list); 210 mtx_unlock(&gif_mtx); 211 212 return (0); 213} 214 215static void 216gif_clone_destroy(ifp) 217 struct ifnet *ifp; 218{ 219#if defined(INET) || defined(INET6) 220 int err; 221#endif 222 struct gif_softc *sc = ifp->if_softc; 223 224 mtx_lock(&gif_mtx); 225 LIST_REMOVE(sc, gif_list); 226 mtx_unlock(&gif_mtx); 227 228 gif_delete_tunnel(ifp); 229#ifdef INET6 230 if (sc->encap_cookie6 != NULL) { 231 err = encap_detach(sc->encap_cookie6); 232 KASSERT(err == 0, ("Unexpected error detaching encap_cookie6")); 233 } 234#endif 235#ifdef INET 236 if (sc->encap_cookie4 != NULL) { 237 err = encap_detach(sc->encap_cookie4); 238 KASSERT(err == 0, ("Unexpected error detaching encap_cookie4")); 239 } 240#endif 241 242 if (ng_gif_detach_p != NULL) 243 (*ng_gif_detach_p)(ifp); 244 bpfdetach(ifp); 245 if_detach(ifp); 246 if_free(ifp); 247 248 GIF_LOCK_DESTROY(sc); 249 250 free(sc, M_GIF); 251} 252 253static int 254gifmodevent(mod, type, data) 255 module_t mod; 256 int type; 257 void *data; 258{ 259 260 switch (type) { 261 case MOD_LOAD: 262 mtx_init(&gif_mtx, "gif_mtx", NULL, MTX_DEF); 263 264 LIST_INIT(&V_gif_softc_list); 265 V_max_gif_nesting = MAX_GIF_NEST; 266#ifdef XBONEHACK 267 V_parallel_tunnels = 1; 268#else 269 V_parallel_tunnels = 0; 270#endif 271#ifdef INET 272 V_ip_gif_ttl = GIF_TTL; 273#endif 274#ifdef INET6 275 V_ip6_gif_hlim = GIF_HLIM; 276#endif 277 if_clone_attach(&gif_cloner); 278 279 break; 280 case MOD_UNLOAD: 281 if_clone_detach(&gif_cloner); 282 mtx_destroy(&gif_mtx); 283#ifdef INET6 284 V_ip6_gif_hlim = 0; 285#endif 286 break; 287 default: 288 return EOPNOTSUPP; 289 } 290 return 0; 291} 292 293static moduledata_t gif_mod = { 294 "if_gif", 295 gifmodevent, 296 0 297}; 298 299DECLARE_MODULE(if_gif, gif_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 300MODULE_VERSION(if_gif, 1); 301 302int 303gif_encapcheck(m, off, proto, arg) 304 const struct mbuf *m; 305 int off; 306 int proto; 307 void *arg; 308{ 309 struct ip ip; 310 struct gif_softc *sc; 311 312 sc = (struct gif_softc *)arg; 313 if (sc == NULL) 314 return 0; 315 316 if ((GIF2IFP(sc)->if_flags & IFF_UP) == 0) 317 return 0; 318 319 /* no physical address */ 320 if (!sc->gif_psrc || !sc->gif_pdst) 321 return 0; 322 323 switch (proto) { 324#ifdef INET 325 case IPPROTO_IPV4: 326 break; 327#endif 328#ifdef INET6 329 case IPPROTO_IPV6: 330 break; 331#endif 332 case IPPROTO_ETHERIP: 333 break; 334 335 default: 336 return 0; 337 } 338 339 /* Bail on short packets */ 340 if (m->m_pkthdr.len < sizeof(ip)) 341 return 0; 342 343 m_copydata(m, 0, sizeof(ip), (caddr_t)&ip); 344 345 switch (ip.ip_v) { 346#ifdef INET 347 case 4: 348 if (sc->gif_psrc->sa_family != AF_INET || 349 sc->gif_pdst->sa_family != AF_INET) 350 return 0; 351 return gif_encapcheck4(m, off, proto, arg); 352#endif 353#ifdef INET6 354 case 6: 355 if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) 356 return 0; 357 if (sc->gif_psrc->sa_family != AF_INET6 || 358 sc->gif_pdst->sa_family != AF_INET6) 359 return 0; 360 return gif_encapcheck6(m, off, proto, arg); 361#endif 362 default: 363 return 0; 364 } 365} 366 367static void 368gif_start(struct ifnet *ifp) 369{ 370 struct gif_softc *sc; 371 struct mbuf *m; 372 373 sc = ifp->if_softc; 374 375 ifp->if_drv_flags |= IFF_DRV_OACTIVE; 376 for (;;) { 377 IFQ_DEQUEUE(&ifp->if_snd, m); 378 if (m == 0) 379 break; 380 381 gif_output(ifp, m, sc->gif_pdst, NULL); 382 383 } 384 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 385 386 return; 387} 388 389int 390gif_output(ifp, m, dst, rt) 391 struct ifnet *ifp; 392 struct mbuf *m; 393 struct sockaddr *dst; 394 struct rtentry *rt; /* added in net2 */ 395{ 396 INIT_VNET_GIF(ifp->if_vnet); 397 struct gif_softc *sc = ifp->if_softc; 398 struct m_tag *mtag; 399 int error = 0; 400 int gif_called; 401 u_int32_t af; 402 403#ifdef MAC 404 error = mac_ifnet_check_transmit(ifp, m); 405 if (error) { 406 m_freem(m); 407 goto end; 408 } 409#endif 410 411 /* 412 * gif may cause infinite recursion calls when misconfigured. 413 * We'll prevent this by detecting loops. 414 * 415 * High nesting level may cause stack exhaustion. 416 * We'll prevent this by introducing upper limit. 417 */ 418 gif_called = 1; 419 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, NULL); 420 while (mtag != NULL) { 421 if (*(struct ifnet **)(mtag + 1) == ifp) { 422 log(LOG_NOTICE, 423 "gif_output: loop detected on %s\n", 424 (*(struct ifnet **)(mtag + 1))->if_xname); 425 m_freem(m); 426 error = EIO; /* is there better errno? */ 427 goto end; 428 } 429 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, mtag); 430 gif_called++; 431 } 432 if (gif_called > V_max_gif_nesting) { 433 log(LOG_NOTICE, 434 "gif_output: recursively called too many times(%d)\n", 435 gif_called); 436 m_freem(m); 437 error = EIO; /* is there better errno? */ 438 goto end; 439 } 440 mtag = m_tag_alloc(MTAG_GIF, MTAG_GIF_CALLED, sizeof(struct ifnet *), 441 M_NOWAIT); 442 if (mtag == NULL) { 443 m_freem(m); 444 error = ENOMEM; 445 goto end; 446 } 447 *(struct ifnet **)(mtag + 1) = ifp; 448 m_tag_prepend(m, mtag); 449 450 m->m_flags &= ~(M_BCAST|M_MCAST); 451 452 GIF_LOCK(sc); 453 454 if (!(ifp->if_flags & IFF_UP) || 455 sc->gif_psrc == NULL || sc->gif_pdst == NULL) { 456 GIF_UNLOCK(sc); 457 m_freem(m); 458 error = ENETDOWN; 459 goto end; 460 } 461 462 /* BPF writes need to be handled specially. */ 463 if (dst->sa_family == AF_UNSPEC) { 464 bcopy(dst->sa_data, &af, sizeof(af)); 465 dst->sa_family = af; 466 } 467 468 af = dst->sa_family; 469 BPF_MTAP2(ifp, &af, sizeof(af), m); 470 ifp->if_opackets++; 471 ifp->if_obytes += m->m_pkthdr.len; 472 473 /* override to IPPROTO_ETHERIP for bridged traffic */ 474 if (ifp->if_bridge) 475 af = AF_LINK; 476 477 M_SETFIB(m, sc->gif_fibnum); 478 /* inner AF-specific encapsulation */ 479 480 /* XXX should we check if our outer source is legal? */ 481 482 /* dispatch to output logic based on outer AF */ 483 switch (sc->gif_psrc->sa_family) { 484#ifdef INET 485 case AF_INET: 486 error = in_gif_output(ifp, af, m); 487 break; 488#endif 489#ifdef INET6 490 case AF_INET6: 491 error = in6_gif_output(ifp, af, m); 492 break; 493#endif 494 default: 495 m_freem(m); 496 error = ENETDOWN; 497 } 498 499 GIF_UNLOCK(sc); 500 end: 501 if (error) 502 ifp->if_oerrors++; 503 return (error); 504} 505 506void 507gif_input(m, af, ifp) 508 struct mbuf *m; 509 int af; 510 struct ifnet *ifp; 511{ 512 int isr, n; 513 struct etherip_header *eip; 514 struct ether_header *eh; 515 struct ifnet *oldifp; 516 517 if (ifp == NULL) { 518 /* just in case */ 519 m_freem(m); 520 return; 521 } 522 523 m->m_pkthdr.rcvif = ifp; 524 525#ifdef MAC 526 mac_ifnet_create_mbuf(ifp, m); 527#endif 528 529 if (bpf_peers_present(ifp->if_bpf)) { 530 u_int32_t af1 = af; 531 bpf_mtap2(ifp->if_bpf, &af1, sizeof(af1), m); 532 } 533 534 if (ng_gif_input_p != NULL) { 535 (*ng_gif_input_p)(ifp, &m, af); 536 if (m == NULL) 537 return; 538 } 539 540 /* 541 * Put the packet to the network layer input queue according to the 542 * specified address family. 543 * Note: older versions of gif_input directly called network layer 544 * input functions, e.g. ip6_input, here. We changed the policy to 545 * prevent too many recursive calls of such input functions, which 546 * might cause kernel panic. But the change may introduce another 547 * problem; if the input queue is full, packets are discarded. 548 * The kernel stack overflow really happened, and we believed 549 * queue-full rarely occurs, so we changed the policy. 550 */ 551 switch (af) { 552#ifdef INET 553 case AF_INET: 554 isr = NETISR_IP; 555 break; 556#endif 557#ifdef INET6 558 case AF_INET6: 559 isr = NETISR_IPV6; 560 break; 561#endif 562 case AF_LINK: 563 n = sizeof(struct etherip_header) + sizeof(struct ether_header); 564 if (n > m->m_len) { 565 m = m_pullup(m, n); 566 if (m == NULL) { 567 ifp->if_ierrors++; 568 return; 569 } 570 } 571 572 eip = mtod(m, struct etherip_header *); 573 if (eip->eip_ver != 574 (ETHERIP_VERSION & ETHERIP_VER_VERS_MASK)) { 575 /* discard unknown versions */ 576 m_freem(m); 577 return; 578 } 579 m_adj(m, sizeof(struct etherip_header)); 580 581 m->m_flags &= ~(M_BCAST|M_MCAST); 582 m->m_pkthdr.rcvif = ifp; 583 584 if (ifp->if_bridge) { 585 oldifp = ifp; 586 eh = mtod(m, struct ether_header *); 587 if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 588 if (ETHER_IS_BROADCAST(eh->ether_dhost)) 589 m->m_flags |= M_BCAST; 590 else 591 m->m_flags |= M_MCAST; 592 ifp->if_imcasts++; 593 } 594 BRIDGE_INPUT(ifp, m); 595 596 if (m != NULL && ifp != oldifp) { 597 /* 598 * The bridge gave us back itself or one of the 599 * members for which the frame is addressed. 600 */ 601 ether_demux(ifp, m); 602 return; 603 } 604 } 605 if (m != NULL) 606 m_freem(m); 607 return; 608 609 default: 610 if (ng_gif_input_orphan_p != NULL) 611 (*ng_gif_input_orphan_p)(ifp, m, af); 612 else 613 m_freem(m); 614 return; 615 } 616 617 ifp->if_ipackets++; 618 ifp->if_ibytes += m->m_pkthdr.len; 619 netisr_dispatch(isr, m); 620} 621 622/* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */ 623int 624gif_ioctl(ifp, cmd, data) 625 struct ifnet *ifp; 626 u_long cmd; 627 caddr_t data; 628{ 629 struct gif_softc *sc = ifp->if_softc; 630 struct ifreq *ifr = (struct ifreq*)data; 631 int error = 0, size; 632 struct sockaddr *dst, *src; 633#ifdef SIOCSIFMTU /* xxx */ 634 u_long mtu; 635#endif 636 637 switch (cmd) { 638 case SIOCSIFADDR: 639 ifp->if_flags |= IFF_UP; 640 break; 641 642 case SIOCSIFDSTADDR: 643 break; 644 645 case SIOCADDMULTI: 646 case SIOCDELMULTI: 647 break; 648 649#ifdef SIOCSIFMTU /* xxx */ 650 case SIOCGIFMTU: 651 break; 652 653 case SIOCSIFMTU: 654 mtu = ifr->ifr_mtu; 655 if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX) 656 return (EINVAL); 657 ifp->if_mtu = mtu; 658 break; 659#endif /* SIOCSIFMTU */ 660 661#ifdef INET 662 case SIOCSIFPHYADDR: 663#endif 664#ifdef INET6 665 case SIOCSIFPHYADDR_IN6: 666#endif /* INET6 */ 667 case SIOCSLIFPHYADDR: 668 switch (cmd) { 669#ifdef INET 670 case SIOCSIFPHYADDR: 671 src = (struct sockaddr *) 672 &(((struct in_aliasreq *)data)->ifra_addr); 673 dst = (struct sockaddr *) 674 &(((struct in_aliasreq *)data)->ifra_dstaddr); 675 break; 676#endif 677#ifdef INET6 678 case SIOCSIFPHYADDR_IN6: 679 src = (struct sockaddr *) 680 &(((struct in6_aliasreq *)data)->ifra_addr); 681 dst = (struct sockaddr *) 682 &(((struct in6_aliasreq *)data)->ifra_dstaddr); 683 break; 684#endif 685 case SIOCSLIFPHYADDR: 686 src = (struct sockaddr *) 687 &(((struct if_laddrreq *)data)->addr); 688 dst = (struct sockaddr *) 689 &(((struct if_laddrreq *)data)->dstaddr); 690 break; 691 default: 692 return EINVAL; 693 } 694 695 /* sa_family must be equal */ 696 if (src->sa_family != dst->sa_family) 697 return EINVAL; 698 699 /* validate sa_len */ 700 switch (src->sa_family) { 701#ifdef INET 702 case AF_INET: 703 if (src->sa_len != sizeof(struct sockaddr_in)) 704 return EINVAL; 705 break; 706#endif 707#ifdef INET6 708 case AF_INET6: 709 if (src->sa_len != sizeof(struct sockaddr_in6)) 710 return EINVAL; 711 break; 712#endif 713 default: 714 return EAFNOSUPPORT; 715 } 716 switch (dst->sa_family) { 717#ifdef INET 718 case AF_INET: 719 if (dst->sa_len != sizeof(struct sockaddr_in)) 720 return EINVAL; 721 break; 722#endif 723#ifdef INET6 724 case AF_INET6: 725 if (dst->sa_len != sizeof(struct sockaddr_in6)) 726 return EINVAL; 727 break; 728#endif 729 default: 730 return EAFNOSUPPORT; 731 } 732 733 /* check sa_family looks sane for the cmd */ 734 switch (cmd) { 735 case SIOCSIFPHYADDR: 736 if (src->sa_family == AF_INET) 737 break; 738 return EAFNOSUPPORT; 739#ifdef INET6 740 case SIOCSIFPHYADDR_IN6: 741 if (src->sa_family == AF_INET6) 742 break; 743 return EAFNOSUPPORT; 744#endif /* INET6 */ 745 case SIOCSLIFPHYADDR: 746 /* checks done in the above */ 747 break; 748 } 749 750 error = gif_set_tunnel(GIF2IFP(sc), src, dst); 751 break; 752 753#ifdef SIOCDIFPHYADDR 754 case SIOCDIFPHYADDR: 755 gif_delete_tunnel(GIF2IFP(sc)); 756 break; 757#endif 758 759 case SIOCGIFPSRCADDR: 760#ifdef INET6 761 case SIOCGIFPSRCADDR_IN6: 762#endif /* INET6 */ 763 if (sc->gif_psrc == NULL) { 764 error = EADDRNOTAVAIL; 765 goto bad; 766 } 767 src = sc->gif_psrc; 768 switch (cmd) { 769#ifdef INET 770 case SIOCGIFPSRCADDR: 771 dst = &ifr->ifr_addr; 772 size = sizeof(ifr->ifr_addr); 773 break; 774#endif /* INET */ 775#ifdef INET6 776 case SIOCGIFPSRCADDR_IN6: 777 dst = (struct sockaddr *) 778 &(((struct in6_ifreq *)data)->ifr_addr); 779 size = sizeof(((struct in6_ifreq *)data)->ifr_addr); 780 break; 781#endif /* INET6 */ 782 default: 783 error = EADDRNOTAVAIL; 784 goto bad; 785 } 786 if (src->sa_len > size) 787 return EINVAL; 788 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 789#ifdef INET6 790 if (dst->sa_family == AF_INET6) { 791 error = sa6_recoverscope((struct sockaddr_in6 *)dst); 792 if (error != 0) 793 return (error); 794 } 795#endif 796 break; 797 798 case SIOCGIFPDSTADDR: 799#ifdef INET6 800 case SIOCGIFPDSTADDR_IN6: 801#endif /* INET6 */ 802 if (sc->gif_pdst == NULL) { 803 error = EADDRNOTAVAIL; 804 goto bad; 805 } 806 src = sc->gif_pdst; 807 switch (cmd) { 808#ifdef INET 809 case SIOCGIFPDSTADDR: 810 dst = &ifr->ifr_addr; 811 size = sizeof(ifr->ifr_addr); 812 break; 813#endif /* INET */ 814#ifdef INET6 815 case SIOCGIFPDSTADDR_IN6: 816 dst = (struct sockaddr *) 817 &(((struct in6_ifreq *)data)->ifr_addr); 818 size = sizeof(((struct in6_ifreq *)data)->ifr_addr); 819 break; 820#endif /* INET6 */ 821 default: 822 error = EADDRNOTAVAIL; 823 goto bad; 824 } 825 if (src->sa_len > size) 826 return EINVAL; 827 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 828#ifdef INET6 829 if (dst->sa_family == AF_INET6) { 830 error = sa6_recoverscope((struct sockaddr_in6 *)dst); 831 if (error != 0) 832 return (error); 833 } 834#endif 835 break; 836 837 case SIOCGLIFPHYADDR: 838 if (sc->gif_psrc == NULL || sc->gif_pdst == NULL) { 839 error = EADDRNOTAVAIL; 840 goto bad; 841 } 842 843 /* copy src */ 844 src = sc->gif_psrc; 845 dst = (struct sockaddr *) 846 &(((struct if_laddrreq *)data)->addr); 847 size = sizeof(((struct if_laddrreq *)data)->addr); 848 if (src->sa_len > size) 849 return EINVAL; 850 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 851 852 /* copy dst */ 853 src = sc->gif_pdst; 854 dst = (struct sockaddr *) 855 &(((struct if_laddrreq *)data)->dstaddr); 856 size = sizeof(((struct if_laddrreq *)data)->dstaddr); 857 if (src->sa_len > size) 858 return EINVAL; 859 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 860 break; 861 862 case SIOCSIFFLAGS: 863 /* if_ioctl() takes care of it */ 864 break; 865 866 default: 867 error = EINVAL; 868 break; 869 } 870 bad: 871 return error; 872} 873 874/* 875 * XXXRW: There's a general event-ordering issue here: the code to check 876 * if a given tunnel is already present happens before we perform a 877 * potentially blocking setup of the tunnel. This code needs to be 878 * re-ordered so that the check and replacement can be atomic using 879 * a mutex. 880 */ 881int 882gif_set_tunnel(ifp, src, dst) 883 struct ifnet *ifp; 884 struct sockaddr *src; 885 struct sockaddr *dst; 886{ 887 INIT_VNET_GIF(ifp->if_vnet); 888 struct gif_softc *sc = ifp->if_softc; 889 struct gif_softc *sc2; 890 struct sockaddr *osrc, *odst, *sa; 891 int error = 0; 892 893 mtx_lock(&gif_mtx); 894 LIST_FOREACH(sc2, &V_gif_softc_list, gif_list) { 895 if (sc2 == sc) 896 continue; 897 if (!sc2->gif_pdst || !sc2->gif_psrc) 898 continue; 899 if (sc2->gif_pdst->sa_family != dst->sa_family || 900 sc2->gif_pdst->sa_len != dst->sa_len || 901 sc2->gif_psrc->sa_family != src->sa_family || 902 sc2->gif_psrc->sa_len != src->sa_len) 903 continue; 904 905 /* 906 * Disallow parallel tunnels unless instructed 907 * otherwise. 908 */ 909 if (!V_parallel_tunnels && 910 bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 && 911 bcmp(sc2->gif_psrc, src, src->sa_len) == 0) { 912 error = EADDRNOTAVAIL; 913 mtx_unlock(&gif_mtx); 914 goto bad; 915 } 916 917 /* XXX both end must be valid? (I mean, not 0.0.0.0) */ 918 } 919 mtx_unlock(&gif_mtx); 920 921 /* XXX we can detach from both, but be polite just in case */ 922 if (sc->gif_psrc) 923 switch (sc->gif_psrc->sa_family) { 924#ifdef INET 925 case AF_INET: 926 (void)in_gif_detach(sc); 927 break; 928#endif 929#ifdef INET6 930 case AF_INET6: 931 (void)in6_gif_detach(sc); 932 break; 933#endif 934 } 935 936 osrc = sc->gif_psrc; 937 sa = (struct sockaddr *)malloc(src->sa_len, M_IFADDR, M_WAITOK); 938 bcopy((caddr_t)src, (caddr_t)sa, src->sa_len); 939 sc->gif_psrc = sa; 940 941 odst = sc->gif_pdst; 942 sa = (struct sockaddr *)malloc(dst->sa_len, M_IFADDR, M_WAITOK); 943 bcopy((caddr_t)dst, (caddr_t)sa, dst->sa_len); 944 sc->gif_pdst = sa; 945 946 switch (sc->gif_psrc->sa_family) { 947#ifdef INET 948 case AF_INET: 949 error = in_gif_attach(sc); 950 break; 951#endif 952#ifdef INET6 953 case AF_INET6: 954 /* 955 * Check validity of the scope zone ID of the addresses, and 956 * convert it into the kernel internal form if necessary. 957 */ 958 error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_psrc, 0); 959 if (error != 0) 960 break; 961 error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_pdst, 0); 962 if (error != 0) 963 break; 964 error = in6_gif_attach(sc); 965 break; 966#endif 967 } 968 if (error) { 969 /* rollback */ 970 free((caddr_t)sc->gif_psrc, M_IFADDR); 971 free((caddr_t)sc->gif_pdst, M_IFADDR); 972 sc->gif_psrc = osrc; 973 sc->gif_pdst = odst; 974 goto bad; 975 } 976 977 if (osrc) 978 free((caddr_t)osrc, M_IFADDR); 979 if (odst) 980 free((caddr_t)odst, M_IFADDR); 981 982 bad: 983 if (sc->gif_psrc && sc->gif_pdst) 984 ifp->if_drv_flags |= IFF_DRV_RUNNING; 985 else 986 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 987 988 return error; 989} 990 991void 992gif_delete_tunnel(ifp) 993 struct ifnet *ifp; 994{ 995 struct gif_softc *sc = ifp->if_softc; 996 997 if (sc->gif_psrc) { 998 free((caddr_t)sc->gif_psrc, M_IFADDR); 999 sc->gif_psrc = NULL; 1000 } 1001 if (sc->gif_pdst) { 1002 free((caddr_t)sc->gif_pdst, M_IFADDR); 1003 sc->gif_pdst = NULL; 1004 } 1005 /* it is safe to detach from both */ 1006#ifdef INET 1007 (void)in_gif_detach(sc); 1008#endif 1009#ifdef INET6 1010 (void)in6_gif_detach(sc); 1011#endif 1012 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1013}
|