Cross Reference: /freebsd-10.2-release/sys/net/if

Deleted Added

sdiff udiff text old ( 185088 ) new ( 185895 )

full compact

if_gif.c (185088)	if_gif.c (185895)
1/* $FreeBSD: head/sys/net/if_gif.c 185088 2008-11-19 09:39:34Z zec $ */	1/* $FreeBSD: head/sys/net/if_gif.c 185895 2008-12-10 23:12:39Z zec $ */
2/* $KAME: if_gif.c,v 1.87 2001/10/19 08:50:27 itojun Exp $ / 3 4/- 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 / 32 33#include "opt_inet.h" 34#include "opt_inet6.h" 35#include "opt_mac.h" 36 37#include <sys/param.h> 38#include <sys/systm.h> 39#include <sys/kernel.h> 40#include <sys/malloc.h> 41#include <sys/mbuf.h> 42#include <sys/module.h> 43#include <sys/socket.h> 44#include <sys/sockio.h> 45#include <sys/errno.h> 46#include <sys/time.h> 47#include <sys/sysctl.h> 48#include <sys/syslog.h> 49#include <sys/proc.h> 50#include <sys/protosw.h> 51#include <sys/conf.h> 52#include <sys/vimage.h> 53#include <machine/cpu.h> 54 55#include <net/if.h> 56#include <net/if_clone.h> 57#include <net/if_types.h> 58#include <net/netisr.h> 59#include <net/route.h> 60#include <net/bpf.h> 61 62#include <netinet/in.h> 63#include <netinet/in_systm.h> 64#include <netinet/ip.h> 65#ifdef INET 66#include <netinet/in_var.h> 67#include <netinet/in_gif.h> 68#include <netinet/ip_var.h> 69#endif / INET / 70 71#ifdef INET6 72#ifndef INET 73#include <netinet/in.h> 74#endif 75#include <netinet6/in6_var.h> 76#include <netinet/ip6.h> 77#include <netinet6/ip6_var.h> 78#include <netinet6/scope6_var.h> 79#include <netinet6/in6_gif.h> 80#include <netinet6/ip6protosw.h> 81#endif / INET6 / 82 83#include <netinet/ip_encap.h> 84#include <net/ethernet.h> 85#include <net/if_bridgevar.h> 86#include <net/if_gif.h> 87 88#include <security/mac/mac_framework.h> 89 90#define GIFNAME "gif" 91 92/ 93 * gif_mtx protects the global gif_softc_list. 94 */ 95static struct mtx gif_mtx; 96static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface"); 97	2/* $KAME: if_gif.c,v 1.87 2001/10/19 08:50:27 itojun Exp $ / 3 4/- 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 / 32 33#include "opt_inet.h" 34#include "opt_inet6.h" 35#include "opt_mac.h" 36 37#include <sys/param.h> 38#include <sys/systm.h> 39#include <sys/kernel.h> 40#include <sys/malloc.h> 41#include <sys/mbuf.h> 42#include <sys/module.h> 43#include <sys/socket.h> 44#include <sys/sockio.h> 45#include <sys/errno.h> 46#include <sys/time.h> 47#include <sys/sysctl.h> 48#include <sys/syslog.h> 49#include <sys/proc.h> 50#include <sys/protosw.h> 51#include <sys/conf.h> 52#include <sys/vimage.h> 53#include <machine/cpu.h> 54 55#include <net/if.h> 56#include <net/if_clone.h> 57#include <net/if_types.h> 58#include <net/netisr.h> 59#include <net/route.h> 60#include <net/bpf.h> 61 62#include <netinet/in.h> 63#include <netinet/in_systm.h> 64#include <netinet/ip.h> 65#ifdef INET 66#include <netinet/in_var.h> 67#include <netinet/in_gif.h> 68#include <netinet/ip_var.h> 69#endif / INET / 70 71#ifdef INET6 72#ifndef INET 73#include <netinet/in.h> 74#endif 75#include <netinet6/in6_var.h> 76#include <netinet/ip6.h> 77#include <netinet6/ip6_var.h> 78#include <netinet6/scope6_var.h> 79#include <netinet6/in6_gif.h> 80#include <netinet6/ip6protosw.h> 81#endif / INET6 / 82 83#include <netinet/ip_encap.h> 84#include <net/ethernet.h> 85#include <net/if_bridgevar.h> 86#include <net/if_gif.h> 87 88#include <security/mac/mac_framework.h> 89 90#define GIFNAME "gif" 91 92/ 93 * gif_mtx protects the global gif_softc_list. 94 */ 95static struct mtx gif_mtx; 96static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface"); 97
	98#ifndef VIMAGE 99#ifndef VIMAGE_GLOBALS 100struct vnet_gif vnet_gif_0; 101#endif 102#endif 103
98#ifdef VIMAGE_GLOBALS 99static LIST_HEAD(, gif_softc) gif_softc_list; 100static int max_gif_nesting; 101static int parallel_tunnels; 102#ifdef INET 103int ip_gif_ttl; 104#endif 105#ifdef INET6 106int ip6_gif_hlim; 107#endif 108#endif 109 110void (ng_gif_input_p)(struct ifnet ifp, struct mbuf *mp, int af); 111void (ng_gif_input_orphan_p)(struct ifnet ifp, struct mbuf m, int af); 112void (ng_gif_attach_p)(struct ifnet ifp); 113void (ng_gif_detach_p)(struct ifnet ifp); 114 115static void gif_start(struct ifnet ); 116static int gif_clone_create(struct if_clone , int, caddr_t); 117static void gif_clone_destroy(struct ifnet ); 118* 119IFC_SIMPLE_DECLARE(gif, 0); 120 121static int gifmodevent(module_t, int, void ); 122* 123SYSCTL_DECL(_net_link); 124SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0, 125 "Generic Tunnel Interface"); 126#ifndef MAX_GIF_NEST 127/* 128 * This macro controls the default upper limitation on nesting of gif tunnels. 129 * Since, setting a large value to this macro with a careless configuration 130 * may introduce system crash, we don't allow any nestings by default. 131 * If you need to configure nested gif tunnels, you can define this macro 132 * in your kernel configuration file. However, if you do so, please be 133 * careful to configure the tunnels so that it won't make a loop. 134 / 135#define MAX_GIF_NEST 1 136#endif 137SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, max_nesting, 138* CTLFLAG_RW, max_gif_nesting, 0, "Max nested tunnels"); 139 140#ifdef INET6 141SYSCTL_DECL(_net_inet6_ip6); 142SYSCTL_V_INT(V_NET, vnet_gif, _net_inet6_ip6, IPV6CTL_GIF_HLIM, 143 gifhlim, CTLFLAG_RW, ip6_gif_hlim, 0, ""); 144#endif 145 146/* 147 * By default, we disallow creation of multiple tunnels between the same 148 * pair of addresses. Some applications require this functionality so 149 * we allow control over this check here. 150 / 151SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, parallel_tunnels, 152* CTLFLAG_RW, parallel_tunnels, 0, "Allow parallel tunnels?"); 153 154/* copy from src/sys/net/if_ethersubr.c / 155static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 156* { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 157#ifndef ETHER_IS_BROADCAST 158#define ETHER_IS_BROADCAST(addr) \ 159 (bcmp(etherbroadcastaddr, (addr), ETHER_ADDR_LEN) == 0) 160#endif 161 162static int 163gif_clone_create(ifc, unit, params) 164 struct if_clone ifc; 165* int unit; 166 caddr_t params; 167{ 168 INIT_VNET_GIF(curvnet); 169 struct gif_softc sc; 170* 171 sc = malloc(sizeof(struct gif_softc), M_GIF, M_WAITOK \| M_ZERO); 172 sc->gif_fibnum = curthread->td_proc->p_fibnum; 173 GIF2IFP(sc) = if_alloc(IFT_GIF); 174 if (GIF2IFP(sc) == NULL) { 175 free(sc, M_GIF); 176 return (ENOSPC); 177 } 178 179 GIF_LOCK_INIT(sc); 180 181 GIF2IFP(sc)->if_softc = sc; 182 if_initname(GIF2IFP(sc), ifc->ifc_name, unit); 183 184 sc->encap_cookie4 = sc->encap_cookie6 = NULL; 185 186 GIF2IFP(sc)->if_addrlen = 0; 187 GIF2IFP(sc)->if_mtu = GIF_MTU; 188 GIF2IFP(sc)->if_flags = IFF_POINTOPOINT \| IFF_MULTICAST; 189#if 0 190 /* turn off ingress filter / 191* GIF2IFP(sc)->if_flags \|= IFF_LINK2; 192#endif 193 GIF2IFP(sc)->if_ioctl = gif_ioctl; 194 GIF2IFP(sc)->if_start = gif_start; 195 GIF2IFP(sc)->if_output = gif_output; 196 GIF2IFP(sc)->if_snd.ifq_maxlen = IFQ_MAXLEN; 197 if_attach(GIF2IFP(sc)); 198 bpfattach(GIF2IFP(sc), DLT_NULL, sizeof(u_int32_t)); 199 if (ng_gif_attach_p != NULL) 200 (ng_gif_attach_p)(GIF2IFP(sc)); 201* 202 mtx_lock(&gif_mtx); 203 LIST_INSERT_HEAD(&V_gif_softc_list, sc, gif_list); 204 mtx_unlock(&gif_mtx); 205 206 return (0); 207} 208 209static void 210gif_clone_destroy(ifp) 211 struct ifnet ifp; 212{ 213#if defined(INET) \|\| defined(INET6) 214* int err; 215#endif 216 struct gif_softc sc = ifp->if_softc; 217* 218 mtx_lock(&gif_mtx); 219 LIST_REMOVE(sc, gif_list); 220 mtx_unlock(&gif_mtx); 221 222 gif_delete_tunnel(ifp); 223#ifdef INET6 224 if (sc->encap_cookie6 != NULL) { 225 err = encap_detach(sc->encap_cookie6); 226 KASSERT(err == 0, ("Unexpected error detaching encap_cookie6")); 227 } 228#endif 229#ifdef INET 230 if (sc->encap_cookie4 != NULL) { 231 err = encap_detach(sc->encap_cookie4); 232 KASSERT(err == 0, ("Unexpected error detaching encap_cookie4")); 233 } 234#endif 235 236 if (ng_gif_detach_p != NULL) 237 (ng_gif_detach_p)(ifp); 238* bpfdetach(ifp); 239 if_detach(ifp); 240 if_free(ifp); 241 242 GIF_LOCK_DESTROY(sc); 243 244 free(sc, M_GIF); 245} 246 247static int 248gifmodevent(mod, type, data) 249 module_t mod; 250 int type; 251 void data; 252{ 253* 254 switch (type) { 255 case MOD_LOAD: 256 mtx_init(&gif_mtx, "gif_mtx", NULL, MTX_DEF); 257 258 LIST_INIT(&V_gif_softc_list); 259 V_max_gif_nesting = MAX_GIF_NEST; 260#ifdef XBONEHACK 261 V_parallel_tunnels = 1; 262#else 263 V_parallel_tunnels = 0; 264#endif 265#ifdef INET 266 V_ip_gif_ttl = GIF_TTL; 267#endif 268#ifdef INET6 269 V_ip6_gif_hlim = GIF_HLIM; 270#endif 271 if_clone_attach(&gif_cloner); 272 273 break; 274 case MOD_UNLOAD: 275 if_clone_detach(&gif_cloner); 276 mtx_destroy(&gif_mtx); 277#ifdef INET6 278 V_ip6_gif_hlim = 0; 279#endif 280 break; 281 default: 282 return EOPNOTSUPP; 283 } 284 return 0; 285} 286 287static moduledata_t gif_mod = { 288 "if_gif", 289 gifmodevent, 290 0 291}; 292 293DECLARE_MODULE(if_gif, gif_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 294MODULE_VERSION(if_gif, 1); 295 296int 297gif_encapcheck(m, off, proto, arg) 298 const struct mbuf m; 299* int off; 300 int proto; 301 void arg; 302{ 303* struct ip ip; 304 struct gif_softc sc; 305* 306 sc = (struct gif_softc )arg; 307* if (sc == NULL) 308 return 0; 309 310 if ((GIF2IFP(sc)->if_flags & IFF_UP) == 0) 311 return 0; 312 313 /* no physical address / 314* if (!sc->gif_psrc \|\| !sc->gif_pdst) 315 return 0; 316 317 switch (proto) { 318#ifdef INET 319 case IPPROTO_IPV4: 320 break; 321#endif 322#ifdef INET6 323 case IPPROTO_IPV6: 324 break; 325#endif 326 case IPPROTO_ETHERIP: 327 break; 328 329 default: 330 return 0; 331 } 332 333 /* Bail on short packets / 334* if (m->m_pkthdr.len < sizeof(ip)) 335 return 0; 336 337 m_copydata(m, 0, sizeof(ip), (caddr_t)&ip); 338 339 switch (ip.ip_v) { 340#ifdef INET 341 case 4: 342 if (sc->gif_psrc->sa_family != AF_INET \|\| 343 sc->gif_pdst->sa_family != AF_INET) 344 return 0; 345 return gif_encapcheck4(m, off, proto, arg); 346#endif 347#ifdef INET6 348 case 6: 349 if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) 350 return 0; 351 if (sc->gif_psrc->sa_family != AF_INET6 \|\| 352 sc->gif_pdst->sa_family != AF_INET6) 353 return 0; 354 return gif_encapcheck6(m, off, proto, arg); 355#endif 356 default: 357 return 0; 358 } 359} 360 361static void 362gif_start(struct ifnet ifp) 363{ 364* struct gif_softc sc; 365* struct mbuf m; 366* 367 sc = ifp->if_softc; 368 369 ifp->if_drv_flags \|= IFF_DRV_OACTIVE; 370 for (;;) { 371 IFQ_DEQUEUE(&ifp->if_snd, m); 372 if (m == 0) 373 break; 374 375 gif_output(ifp, m, sc->gif_pdst, NULL); 376 377 } 378 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 379 380 return; 381} 382 383int 384gif_output(ifp, m, dst, rt) 385 struct ifnet ifp; 386* struct mbuf m; 387* struct sockaddr dst; 388* struct rtentry rt; / added in net2 / 389{ 390* INIT_VNET_GIF(ifp->if_vnet); 391 struct gif_softc sc = ifp->if_softc; 392* struct m_tag mtag; 393* int error = 0; 394 int gif_called; 395 u_int32_t af; 396 397#ifdef MAC 398 error = mac_ifnet_check_transmit(ifp, m); 399 if (error) { 400 m_freem(m); 401 goto end; 402 } 403#endif 404 405 /* 406 * gif may cause infinite recursion calls when misconfigured. 407 * We'll prevent this by detecting loops. 408 * 409 * High nesting level may cause stack exhaustion. 410 * We'll prevent this by introducing upper limit. 411 / 412* gif_called = 1; 413 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, NULL); 414 while (mtag != NULL) { 415 if ((struct ifnet )(mtag + 1) == ifp) { 416* log(LOG_NOTICE, 417 "gif_output: loop detected on %s\n", 418 ((struct ifnet )(mtag + 1))->if_xname); 419* m_freem(m); 420 error = EIO; /* is there better errno? / 421* goto end; 422 } 423 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, mtag); 424 gif_called++; 425 } 426 if (gif_called > V_max_gif_nesting) { 427 log(LOG_NOTICE, 428 "gif_output: recursively called too many times(%d)\n", 429 gif_called); 430 m_freem(m); 431 error = EIO; /* is there better errno? / 432* goto end; 433 } 434 mtag = m_tag_alloc(MTAG_GIF, MTAG_GIF_CALLED, sizeof(struct ifnet ), 435* M_NOWAIT); 436 if (mtag == NULL) { 437 m_freem(m); 438 error = ENOMEM; 439 goto end; 440 } 441 (struct ifnet )(mtag + 1) = ifp; 442* m_tag_prepend(m, mtag); 443 444 m->m_flags &= ~(M_BCAST\|M_MCAST); 445 446 GIF_LOCK(sc); 447 448 if (!(ifp->if_flags & IFF_UP) \|\| 449 sc->gif_psrc == NULL \|\| sc->gif_pdst == NULL) { 450 GIF_UNLOCK(sc); 451 m_freem(m); 452 error = ENETDOWN; 453 goto end; 454 } 455 456 /* BPF writes need to be handled specially. / 457* if (dst->sa_family == AF_UNSPEC) { 458 bcopy(dst->sa_data, &af, sizeof(af)); 459 dst->sa_family = af; 460 } 461 462 af = dst->sa_family; 463 BPF_MTAP2(ifp, &af, sizeof(af), m); 464 ifp->if_opackets++; 465 ifp->if_obytes += m->m_pkthdr.len; 466 467 /* override to IPPROTO_ETHERIP for bridged traffic / 468* if (ifp->if_bridge) 469 af = AF_LINK; 470 471 M_SETFIB(m, sc->gif_fibnum); 472 /* inner AF-specific encapsulation / 473* 474 /* XXX should we check if our outer source is legal? / 475* 476 /* dispatch to output logic based on outer AF / 477* switch (sc->gif_psrc->sa_family) { 478#ifdef INET 479 case AF_INET: 480 error = in_gif_output(ifp, af, m); 481 break; 482#endif 483#ifdef INET6 484 case AF_INET6: 485 error = in6_gif_output(ifp, af, m); 486 break; 487#endif 488 default: 489 m_freem(m); 490 error = ENETDOWN; 491 } 492 493 GIF_UNLOCK(sc); 494 end: 495 if (error) 496 ifp->if_oerrors++; 497 return (error); 498} 499 500void 501gif_input(m, af, ifp) 502 struct mbuf m; 503* int af; 504 struct ifnet ifp; 505{ 506* int isr, n; 507 struct etherip_header eip; 508* struct ether_header eh; 509* struct ifnet oldifp; 510* 511 if (ifp == NULL) { 512 /* just in case / 513* m_freem(m); 514 return; 515 } 516 517 m->m_pkthdr.rcvif = ifp; 518 519#ifdef MAC 520 mac_ifnet_create_mbuf(ifp, m); 521#endif 522 523 if (bpf_peers_present(ifp->if_bpf)) { 524 u_int32_t af1 = af; 525 bpf_mtap2(ifp->if_bpf, &af1, sizeof(af1), m); 526 } 527 528 if (ng_gif_input_p != NULL) { 529 (ng_gif_input_p)(ifp, &m, af); 530* if (m == NULL) 531 return; 532 } 533 534 /* 535 * Put the packet to the network layer input queue according to the 536 * specified address family. 537 * Note: older versions of gif_input directly called network layer 538 * input functions, e.g. ip6_input, here. We changed the policy to 539 * prevent too many recursive calls of such input functions, which 540 * might cause kernel panic. But the change may introduce another 541 * problem; if the input queue is full, packets are discarded. 542 * The kernel stack overflow really happened, and we believed 543 * queue-full rarely occurs, so we changed the policy. 544 / 545* switch (af) { 546#ifdef INET 547 case AF_INET: 548 isr = NETISR_IP; 549 break; 550#endif 551#ifdef INET6 552 case AF_INET6: 553 isr = NETISR_IPV6; 554 break; 555#endif 556 case AF_LINK: 557 n = sizeof(struct etherip_header) + sizeof(struct ether_header); 558 if (n > m->m_len) { 559 m = m_pullup(m, n); 560 if (m == NULL) { 561 ifp->if_ierrors++; 562 return; 563 } 564 } 565 566 eip = mtod(m, struct etherip_header ); 567* if (eip->eip_ver != 568 (ETHERIP_VERSION & ETHERIP_VER_VERS_MASK)) { 569 /* discard unknown versions / 570* m_freem(m); 571 return; 572 } 573 m_adj(m, sizeof(struct etherip_header)); 574 575 m->m_flags &= ~(M_BCAST\|M_MCAST); 576 m->m_pkthdr.rcvif = ifp; 577 578 if (ifp->if_bridge) { 579 oldifp = ifp; 580 eh = mtod(m, struct ether_header ); 581* if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 582 if (ETHER_IS_BROADCAST(eh->ether_dhost)) 583 m->m_flags \|= M_BCAST; 584 else 585 m->m_flags \|= M_MCAST; 586 ifp->if_imcasts++; 587 } 588 BRIDGE_INPUT(ifp, m); 589 590 if (m != NULL && ifp != oldifp) { 591 /* 592 * The bridge gave us back itself or one of the 593 * members for which the frame is addressed. 594 / 595* ether_demux(ifp, m); 596 return; 597 } 598 } 599 if (m != NULL) 600 m_freem(m); 601 return; 602 603 default: 604 if (ng_gif_input_orphan_p != NULL) 605 (ng_gif_input_orphan_p)(ifp, m, af); 606* else 607 m_freem(m); 608 return; 609 } 610 611 ifp->if_ipackets++; 612 ifp->if_ibytes += m->m_pkthdr.len; 613 netisr_dispatch(isr, m); 614} 615 616/* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? / 617int 618gif_ioctl(ifp, cmd, data) 619* struct ifnet ifp; 620* u_long cmd; 621 caddr_t data; 622{ 623 struct gif_softc sc = ifp->if_softc; 624* struct ifreq ifr = (struct ifreq)data; 625 int error = 0, size; 626 struct sockaddr dst, src; 627#ifdef SIOCSIFMTU /* xxx / 628* u_long mtu; 629#endif 630 631 switch (cmd) { 632 case SIOCSIFADDR: 633 ifp->if_flags \|= IFF_UP; 634 break; 635 636 case SIOCSIFDSTADDR: 637 break; 638 639 case SIOCADDMULTI: 640 case SIOCDELMULTI: 641 break; 642 643#ifdef SIOCSIFMTU /* xxx / 644* case SIOCGIFMTU: 645 break; 646 647 case SIOCSIFMTU: 648 mtu = ifr->ifr_mtu; 649 if (mtu < GIF_MTU_MIN \|\| mtu > GIF_MTU_MAX) 650 return (EINVAL); 651 ifp->if_mtu = mtu; 652 break; 653#endif /* SIOCSIFMTU / 654* 655#ifdef INET 656 case SIOCSIFPHYADDR: 657#endif 658#ifdef INET6 659 case SIOCSIFPHYADDR_IN6: 660#endif /* INET6 / 661* case SIOCSLIFPHYADDR: 662 switch (cmd) { 663#ifdef INET 664 case SIOCSIFPHYADDR: 665 src = (struct sockaddr ) 666* &(((struct in_aliasreq )data)->ifra_addr); 667* dst = (struct sockaddr ) 668* &(((struct in_aliasreq )data)->ifra_dstaddr); 669* break; 670#endif 671#ifdef INET6 672 case SIOCSIFPHYADDR_IN6: 673 src = (struct sockaddr ) 674* &(((struct in6_aliasreq )data)->ifra_addr); 675* dst = (struct sockaddr ) 676* &(((struct in6_aliasreq )data)->ifra_dstaddr); 677* break; 678#endif 679 case SIOCSLIFPHYADDR: 680 src = (struct sockaddr ) 681* &(((struct if_laddrreq )data)->addr); 682* dst = (struct sockaddr ) 683* &(((struct if_laddrreq )data)->dstaddr); 684* break; 685 default: 686 return EINVAL; 687 } 688 689 /* sa_family must be equal / 690* if (src->sa_family != dst->sa_family) 691 return EINVAL; 692 693 /* validate sa_len / 694* switch (src->sa_family) { 695#ifdef INET 696 case AF_INET: 697 if (src->sa_len != sizeof(struct sockaddr_in)) 698 return EINVAL; 699 break; 700#endif 701#ifdef INET6 702 case AF_INET6: 703 if (src->sa_len != sizeof(struct sockaddr_in6)) 704 return EINVAL; 705 break; 706#endif 707 default: 708 return EAFNOSUPPORT; 709 } 710 switch (dst->sa_family) { 711#ifdef INET 712 case AF_INET: 713 if (dst->sa_len != sizeof(struct sockaddr_in)) 714 return EINVAL; 715 break; 716#endif 717#ifdef INET6 718 case AF_INET6: 719 if (dst->sa_len != sizeof(struct sockaddr_in6)) 720 return EINVAL; 721 break; 722#endif 723 default: 724 return EAFNOSUPPORT; 725 } 726 727 /* check sa_family looks sane for the cmd / 728* switch (cmd) { 729 case SIOCSIFPHYADDR: 730 if (src->sa_family == AF_INET) 731 break; 732 return EAFNOSUPPORT; 733#ifdef INET6 734 case SIOCSIFPHYADDR_IN6: 735 if (src->sa_family == AF_INET6) 736 break; 737 return EAFNOSUPPORT; 738#endif /* INET6 / 739* case SIOCSLIFPHYADDR: 740 /* checks done in the above / 741* break; 742 } 743 744 error = gif_set_tunnel(GIF2IFP(sc), src, dst); 745 break; 746 747#ifdef SIOCDIFPHYADDR 748 case SIOCDIFPHYADDR: 749 gif_delete_tunnel(GIF2IFP(sc)); 750 break; 751#endif 752 753 case SIOCGIFPSRCADDR: 754#ifdef INET6 755 case SIOCGIFPSRCADDR_IN6: 756#endif /* INET6 / 757* if (sc->gif_psrc == NULL) { 758 error = EADDRNOTAVAIL; 759 goto bad; 760 } 761 src = sc->gif_psrc; 762 switch (cmd) { 763#ifdef INET 764 case SIOCGIFPSRCADDR: 765 dst = &ifr->ifr_addr; 766 size = sizeof(ifr->ifr_addr); 767 break; 768#endif /* INET / 769#ifdef INET6 770* case SIOCGIFPSRCADDR_IN6: 771 dst = (struct sockaddr ) 772* &(((struct in6_ifreq )data)->ifr_addr); 773* size = sizeof(((struct in6_ifreq )data)->ifr_addr); 774* break; 775#endif /* INET6 / 776* default: 777 error = EADDRNOTAVAIL; 778 goto bad; 779 } 780 if (src->sa_len > size) 781 return EINVAL; 782 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 783#ifdef INET6 784 if (dst->sa_family == AF_INET6) { 785 error = sa6_recoverscope((struct sockaddr_in6 )dst); 786* if (error != 0) 787 return (error); 788 } 789#endif 790 break; 791 792 case SIOCGIFPDSTADDR: 793#ifdef INET6 794 case SIOCGIFPDSTADDR_IN6: 795#endif /* INET6 / 796* if (sc->gif_pdst == NULL) { 797 error = EADDRNOTAVAIL; 798 goto bad; 799 } 800 src = sc->gif_pdst; 801 switch (cmd) { 802#ifdef INET 803 case SIOCGIFPDSTADDR: 804 dst = &ifr->ifr_addr; 805 size = sizeof(ifr->ifr_addr); 806 break; 807#endif /* INET / 808#ifdef INET6 809* case SIOCGIFPDSTADDR_IN6: 810 dst = (struct sockaddr ) 811* &(((struct in6_ifreq )data)->ifr_addr); 812* size = sizeof(((struct in6_ifreq )data)->ifr_addr); 813* break; 814#endif /* INET6 / 815* default: 816 error = EADDRNOTAVAIL; 817 goto bad; 818 } 819 if (src->sa_len > size) 820 return EINVAL; 821 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 822#ifdef INET6 823 if (dst->sa_family == AF_INET6) { 824 error = sa6_recoverscope((struct sockaddr_in6 )dst); 825* if (error != 0) 826 return (error); 827 } 828#endif 829 break; 830 831 case SIOCGLIFPHYADDR: 832 if (sc->gif_psrc == NULL \|\| sc->gif_pdst == NULL) { 833 error = EADDRNOTAVAIL; 834 goto bad; 835 } 836 837 /* copy src / 838* src = sc->gif_psrc; 839 dst = (struct sockaddr ) 840* &(((struct if_laddrreq )data)->addr); 841* size = sizeof(((struct if_laddrreq )data)->addr); 842* if (src->sa_len > size) 843 return EINVAL; 844 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 845 846 /* copy dst / 847* src = sc->gif_pdst; 848 dst = (struct sockaddr ) 849* &(((struct if_laddrreq )data)->dstaddr); 850* size = sizeof(((struct if_laddrreq )data)->dstaddr); 851* if (src->sa_len > size) 852 return EINVAL; 853 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 854 break; 855 856 case SIOCSIFFLAGS: 857 /* if_ioctl() takes care of it / 858* break; 859 860 default: 861 error = EINVAL; 862 break; 863 } 864 bad: 865 return error; 866} 867 868/* 869 * XXXRW: There's a general event-ordering issue here: the code to check 870 * if a given tunnel is already present happens before we perform a 871 * potentially blocking setup of the tunnel. This code needs to be 872 * re-ordered so that the check and replacement can be atomic using 873 * a mutex. 874 / 875int 876gif_set_tunnel(ifp, src, dst) 877* struct ifnet ifp; 878* struct sockaddr src; 879* struct sockaddr dst; 880{ 881* INIT_VNET_GIF(ifp->if_vnet); 882 struct gif_softc sc = ifp->if_softc; 883* struct gif_softc sc2; 884* struct sockaddr osrc, odst, sa; 885* int error = 0; 886 887 mtx_lock(&gif_mtx); 888 LIST_FOREACH(sc2, &V_gif_softc_list, gif_list) { 889 if (sc2 == sc) 890 continue; 891 if (!sc2->gif_pdst \|\| !sc2->gif_psrc) 892 continue; 893 if (sc2->gif_pdst->sa_family != dst->sa_family \|\| 894 sc2->gif_pdst->sa_len != dst->sa_len \|\| 895 sc2->gif_psrc->sa_family != src->sa_family \|\| 896 sc2->gif_psrc->sa_len != src->sa_len) 897 continue; 898 899 /* 900 * Disallow parallel tunnels unless instructed 901 * otherwise. 902 / 903* if (!V_parallel_tunnels && 904 bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 && 905 bcmp(sc2->gif_psrc, src, src->sa_len) == 0) { 906 error = EADDRNOTAVAIL; 907 mtx_unlock(&gif_mtx); 908 goto bad; 909 } 910 911 /* XXX both end must be valid? (I mean, not 0.0.0.0) / 912* } 913 mtx_unlock(&gif_mtx); 914 915 /* XXX we can detach from both, but be polite just in case / 916* if (sc->gif_psrc) 917 switch (sc->gif_psrc->sa_family) { 918#ifdef INET 919 case AF_INET: 920 (void)in_gif_detach(sc); 921 break; 922#endif 923#ifdef INET6 924 case AF_INET6: 925 (void)in6_gif_detach(sc); 926 break; 927#endif 928 } 929 930 osrc = sc->gif_psrc; 931 sa = (struct sockaddr )malloc(src->sa_len, M_IFADDR, M_WAITOK); 932* bcopy((caddr_t)src, (caddr_t)sa, src->sa_len); 933 sc->gif_psrc = sa; 934 935 odst = sc->gif_pdst; 936 sa = (struct sockaddr )malloc(dst->sa_len, M_IFADDR, M_WAITOK); 937* bcopy((caddr_t)dst, (caddr_t)sa, dst->sa_len); 938 sc->gif_pdst = sa; 939 940 switch (sc->gif_psrc->sa_family) { 941#ifdef INET 942 case AF_INET: 943 error = in_gif_attach(sc); 944 break; 945#endif 946#ifdef INET6 947 case AF_INET6: 948 /* 949 * Check validity of the scope zone ID of the addresses, and 950 * convert it into the kernel internal form if necessary. 951 / 952* error = sa6_embedscope((struct sockaddr_in6 )sc->gif_psrc, 0); 953* if (error != 0) 954 break; 955 error = sa6_embedscope((struct sockaddr_in6 )sc->gif_pdst, 0); 956* if (error != 0) 957 break; 958 error = in6_gif_attach(sc); 959 break; 960#endif 961 } 962 if (error) { 963 /* rollback / 964* free((caddr_t)sc->gif_psrc, M_IFADDR); 965 free((caddr_t)sc->gif_pdst, M_IFADDR); 966 sc->gif_psrc = osrc; 967 sc->gif_pdst = odst; 968 goto bad; 969 } 970 971 if (osrc) 972 free((caddr_t)osrc, M_IFADDR); 973 if (odst) 974 free((caddr_t)odst, M_IFADDR); 975 976 bad: 977 if (sc->gif_psrc && sc->gif_pdst) 978 ifp->if_drv_flags \|= IFF_DRV_RUNNING; 979 else 980 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 981 982 return error; 983} 984 985void 986gif_delete_tunnel(ifp) 987 struct ifnet ifp; 988{ 989* struct gif_softc sc = ifp->if_softc; 990* 991 if (sc->gif_psrc) { 992 free((caddr_t)sc->gif_psrc, M_IFADDR); 993 sc->gif_psrc = NULL; 994 } 995 if (sc->gif_pdst) { 996 free((caddr_t)sc->gif_pdst, M_IFADDR); 997 sc->gif_pdst = NULL; 998 } 999 /* it is safe to detach from both / 1000#ifdef INET 1001* (void)in_gif_detach(sc); 1002#endif 1003#ifdef INET6 1004 (void)in6_gif_detach(sc); 1005#endif 1006 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1007}	104#ifdef VIMAGE_GLOBALS 105static LIST_HEAD(, gif_softc) gif_softc_list; 106static int max_gif_nesting; 107static int parallel_tunnels; 108#ifdef INET 109int ip_gif_ttl; 110#endif 111#ifdef INET6 112int ip6_gif_hlim; 113#endif 114#endif 115 116void (ng_gif_input_p)(struct ifnet ifp, struct mbuf *mp, int af); 117void (ng_gif_input_orphan_p)(struct ifnet ifp, struct mbuf m, int af); 118void (ng_gif_attach_p)(struct ifnet ifp); 119void (ng_gif_detach_p)(struct ifnet ifp); 120 121static void gif_start(struct ifnet ); 122static int gif_clone_create(struct if_clone , int, caddr_t); 123static void gif_clone_destroy(struct ifnet ); 124* 125IFC_SIMPLE_DECLARE(gif, 0); 126 127static int gifmodevent(module_t, int, void ); 128* 129SYSCTL_DECL(_net_link); 130SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0, 131 "Generic Tunnel Interface"); 132#ifndef MAX_GIF_NEST 133/* 134 * This macro controls the default upper limitation on nesting of gif tunnels. 135 * Since, setting a large value to this macro with a careless configuration 136 * may introduce system crash, we don't allow any nestings by default. 137 * If you need to configure nested gif tunnels, you can define this macro 138 * in your kernel configuration file. However, if you do so, please be 139 * careful to configure the tunnels so that it won't make a loop. 140 / 141#define MAX_GIF_NEST 1 142#endif 143SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, max_nesting, 144* CTLFLAG_RW, max_gif_nesting, 0, "Max nested tunnels"); 145 146#ifdef INET6 147SYSCTL_DECL(_net_inet6_ip6); 148SYSCTL_V_INT(V_NET, vnet_gif, _net_inet6_ip6, IPV6CTL_GIF_HLIM, 149 gifhlim, CTLFLAG_RW, ip6_gif_hlim, 0, ""); 150#endif 151 152/* 153 * By default, we disallow creation of multiple tunnels between the same 154 * pair of addresses. Some applications require this functionality so 155 * we allow control over this check here. 156 / 157SYSCTL_V_INT(V_NET, vnet_gif, _net_link_gif, OID_AUTO, parallel_tunnels, 158* CTLFLAG_RW, parallel_tunnels, 0, "Allow parallel tunnels?"); 159 160/* copy from src/sys/net/if_ethersubr.c / 161static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] = 162* { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 163#ifndef ETHER_IS_BROADCAST 164#define ETHER_IS_BROADCAST(addr) \ 165 (bcmp(etherbroadcastaddr, (addr), ETHER_ADDR_LEN) == 0) 166#endif 167 168static int 169gif_clone_create(ifc, unit, params) 170 struct if_clone ifc; 171* int unit; 172 caddr_t params; 173{ 174 INIT_VNET_GIF(curvnet); 175 struct gif_softc sc; 176* 177 sc = malloc(sizeof(struct gif_softc), M_GIF, M_WAITOK \| M_ZERO); 178 sc->gif_fibnum = curthread->td_proc->p_fibnum; 179 GIF2IFP(sc) = if_alloc(IFT_GIF); 180 if (GIF2IFP(sc) == NULL) { 181 free(sc, M_GIF); 182 return (ENOSPC); 183 } 184 185 GIF_LOCK_INIT(sc); 186 187 GIF2IFP(sc)->if_softc = sc; 188 if_initname(GIF2IFP(sc), ifc->ifc_name, unit); 189 190 sc->encap_cookie4 = sc->encap_cookie6 = NULL; 191 192 GIF2IFP(sc)->if_addrlen = 0; 193 GIF2IFP(sc)->if_mtu = GIF_MTU; 194 GIF2IFP(sc)->if_flags = IFF_POINTOPOINT \| IFF_MULTICAST; 195#if 0 196 /* turn off ingress filter / 197* GIF2IFP(sc)->if_flags \|= IFF_LINK2; 198#endif 199 GIF2IFP(sc)->if_ioctl = gif_ioctl; 200 GIF2IFP(sc)->if_start = gif_start; 201 GIF2IFP(sc)->if_output = gif_output; 202 GIF2IFP(sc)->if_snd.ifq_maxlen = IFQ_MAXLEN; 203 if_attach(GIF2IFP(sc)); 204 bpfattach(GIF2IFP(sc), DLT_NULL, sizeof(u_int32_t)); 205 if (ng_gif_attach_p != NULL) 206 (ng_gif_attach_p)(GIF2IFP(sc)); 207* 208 mtx_lock(&gif_mtx); 209 LIST_INSERT_HEAD(&V_gif_softc_list, sc, gif_list); 210 mtx_unlock(&gif_mtx); 211 212 return (0); 213} 214 215static void 216gif_clone_destroy(ifp) 217 struct ifnet ifp; 218{ 219#if defined(INET) \|\| defined(INET6) 220* int err; 221#endif 222 struct gif_softc sc = ifp->if_softc; 223* 224 mtx_lock(&gif_mtx); 225 LIST_REMOVE(sc, gif_list); 226 mtx_unlock(&gif_mtx); 227 228 gif_delete_tunnel(ifp); 229#ifdef INET6 230 if (sc->encap_cookie6 != NULL) { 231 err = encap_detach(sc->encap_cookie6); 232 KASSERT(err == 0, ("Unexpected error detaching encap_cookie6")); 233 } 234#endif 235#ifdef INET 236 if (sc->encap_cookie4 != NULL) { 237 err = encap_detach(sc->encap_cookie4); 238 KASSERT(err == 0, ("Unexpected error detaching encap_cookie4")); 239 } 240#endif 241 242 if (ng_gif_detach_p != NULL) 243 (ng_gif_detach_p)(ifp); 244* bpfdetach(ifp); 245 if_detach(ifp); 246 if_free(ifp); 247 248 GIF_LOCK_DESTROY(sc); 249 250 free(sc, M_GIF); 251} 252 253static int 254gifmodevent(mod, type, data) 255 module_t mod; 256 int type; 257 void data; 258{ 259* 260 switch (type) { 261 case MOD_LOAD: 262 mtx_init(&gif_mtx, "gif_mtx", NULL, MTX_DEF); 263 264 LIST_INIT(&V_gif_softc_list); 265 V_max_gif_nesting = MAX_GIF_NEST; 266#ifdef XBONEHACK 267 V_parallel_tunnels = 1; 268#else 269 V_parallel_tunnels = 0; 270#endif 271#ifdef INET 272 V_ip_gif_ttl = GIF_TTL; 273#endif 274#ifdef INET6 275 V_ip6_gif_hlim = GIF_HLIM; 276#endif 277 if_clone_attach(&gif_cloner); 278 279 break; 280 case MOD_UNLOAD: 281 if_clone_detach(&gif_cloner); 282 mtx_destroy(&gif_mtx); 283#ifdef INET6 284 V_ip6_gif_hlim = 0; 285#endif 286 break; 287 default: 288 return EOPNOTSUPP; 289 } 290 return 0; 291} 292 293static moduledata_t gif_mod = { 294 "if_gif", 295 gifmodevent, 296 0 297}; 298 299DECLARE_MODULE(if_gif, gif_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 300MODULE_VERSION(if_gif, 1); 301 302int 303gif_encapcheck(m, off, proto, arg) 304 const struct mbuf m; 305* int off; 306 int proto; 307 void arg; 308{ 309* struct ip ip; 310 struct gif_softc sc; 311* 312 sc = (struct gif_softc )arg; 313* if (sc == NULL) 314 return 0; 315 316 if ((GIF2IFP(sc)->if_flags & IFF_UP) == 0) 317 return 0; 318 319 /* no physical address / 320* if (!sc->gif_psrc \|\| !sc->gif_pdst) 321 return 0; 322 323 switch (proto) { 324#ifdef INET 325 case IPPROTO_IPV4: 326 break; 327#endif 328#ifdef INET6 329 case IPPROTO_IPV6: 330 break; 331#endif 332 case IPPROTO_ETHERIP: 333 break; 334 335 default: 336 return 0; 337 } 338 339 /* Bail on short packets / 340* if (m->m_pkthdr.len < sizeof(ip)) 341 return 0; 342 343 m_copydata(m, 0, sizeof(ip), (caddr_t)&ip); 344 345 switch (ip.ip_v) { 346#ifdef INET 347 case 4: 348 if (sc->gif_psrc->sa_family != AF_INET \|\| 349 sc->gif_pdst->sa_family != AF_INET) 350 return 0; 351 return gif_encapcheck4(m, off, proto, arg); 352#endif 353#ifdef INET6 354 case 6: 355 if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) 356 return 0; 357 if (sc->gif_psrc->sa_family != AF_INET6 \|\| 358 sc->gif_pdst->sa_family != AF_INET6) 359 return 0; 360 return gif_encapcheck6(m, off, proto, arg); 361#endif 362 default: 363 return 0; 364 } 365} 366 367static void 368gif_start(struct ifnet ifp) 369{ 370* struct gif_softc sc; 371* struct mbuf m; 372* 373 sc = ifp->if_softc; 374 375 ifp->if_drv_flags \|= IFF_DRV_OACTIVE; 376 for (;;) { 377 IFQ_DEQUEUE(&ifp->if_snd, m); 378 if (m == 0) 379 break; 380 381 gif_output(ifp, m, sc->gif_pdst, NULL); 382 383 } 384 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE; 385 386 return; 387} 388 389int 390gif_output(ifp, m, dst, rt) 391 struct ifnet ifp; 392* struct mbuf m; 393* struct sockaddr dst; 394* struct rtentry rt; / added in net2 / 395{ 396* INIT_VNET_GIF(ifp->if_vnet); 397 struct gif_softc sc = ifp->if_softc; 398* struct m_tag mtag; 399* int error = 0; 400 int gif_called; 401 u_int32_t af; 402 403#ifdef MAC 404 error = mac_ifnet_check_transmit(ifp, m); 405 if (error) { 406 m_freem(m); 407 goto end; 408 } 409#endif 410 411 /* 412 * gif may cause infinite recursion calls when misconfigured. 413 * We'll prevent this by detecting loops. 414 * 415 * High nesting level may cause stack exhaustion. 416 * We'll prevent this by introducing upper limit. 417 / 418* gif_called = 1; 419 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, NULL); 420 while (mtag != NULL) { 421 if ((struct ifnet )(mtag + 1) == ifp) { 422* log(LOG_NOTICE, 423 "gif_output: loop detected on %s\n", 424 ((struct ifnet )(mtag + 1))->if_xname); 425* m_freem(m); 426 error = EIO; /* is there better errno? / 427* goto end; 428 } 429 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, mtag); 430 gif_called++; 431 } 432 if (gif_called > V_max_gif_nesting) { 433 log(LOG_NOTICE, 434 "gif_output: recursively called too many times(%d)\n", 435 gif_called); 436 m_freem(m); 437 error = EIO; /* is there better errno? / 438* goto end; 439 } 440 mtag = m_tag_alloc(MTAG_GIF, MTAG_GIF_CALLED, sizeof(struct ifnet ), 441* M_NOWAIT); 442 if (mtag == NULL) { 443 m_freem(m); 444 error = ENOMEM; 445 goto end; 446 } 447 (struct ifnet )(mtag + 1) = ifp; 448* m_tag_prepend(m, mtag); 449 450 m->m_flags &= ~(M_BCAST\|M_MCAST); 451 452 GIF_LOCK(sc); 453 454 if (!(ifp->if_flags & IFF_UP) \|\| 455 sc->gif_psrc == NULL \|\| sc->gif_pdst == NULL) { 456 GIF_UNLOCK(sc); 457 m_freem(m); 458 error = ENETDOWN; 459 goto end; 460 } 461 462 /* BPF writes need to be handled specially. / 463* if (dst->sa_family == AF_UNSPEC) { 464 bcopy(dst->sa_data, &af, sizeof(af)); 465 dst->sa_family = af; 466 } 467 468 af = dst->sa_family; 469 BPF_MTAP2(ifp, &af, sizeof(af), m); 470 ifp->if_opackets++; 471 ifp->if_obytes += m->m_pkthdr.len; 472 473 /* override to IPPROTO_ETHERIP for bridged traffic / 474* if (ifp->if_bridge) 475 af = AF_LINK; 476 477 M_SETFIB(m, sc->gif_fibnum); 478 /* inner AF-specific encapsulation / 479* 480 /* XXX should we check if our outer source is legal? / 481* 482 /* dispatch to output logic based on outer AF / 483* switch (sc->gif_psrc->sa_family) { 484#ifdef INET 485 case AF_INET: 486 error = in_gif_output(ifp, af, m); 487 break; 488#endif 489#ifdef INET6 490 case AF_INET6: 491 error = in6_gif_output(ifp, af, m); 492 break; 493#endif 494 default: 495 m_freem(m); 496 error = ENETDOWN; 497 } 498 499 GIF_UNLOCK(sc); 500 end: 501 if (error) 502 ifp->if_oerrors++; 503 return (error); 504} 505 506void 507gif_input(m, af, ifp) 508 struct mbuf m; 509* int af; 510 struct ifnet ifp; 511{ 512* int isr, n; 513 struct etherip_header eip; 514* struct ether_header eh; 515* struct ifnet oldifp; 516* 517 if (ifp == NULL) { 518 /* just in case / 519* m_freem(m); 520 return; 521 } 522 523 m->m_pkthdr.rcvif = ifp; 524 525#ifdef MAC 526 mac_ifnet_create_mbuf(ifp, m); 527#endif 528 529 if (bpf_peers_present(ifp->if_bpf)) { 530 u_int32_t af1 = af; 531 bpf_mtap2(ifp->if_bpf, &af1, sizeof(af1), m); 532 } 533 534 if (ng_gif_input_p != NULL) { 535 (ng_gif_input_p)(ifp, &m, af); 536* if (m == NULL) 537 return; 538 } 539 540 /* 541 * Put the packet to the network layer input queue according to the 542 * specified address family. 543 * Note: older versions of gif_input directly called network layer 544 * input functions, e.g. ip6_input, here. We changed the policy to 545 * prevent too many recursive calls of such input functions, which 546 * might cause kernel panic. But the change may introduce another 547 * problem; if the input queue is full, packets are discarded. 548 * The kernel stack overflow really happened, and we believed 549 * queue-full rarely occurs, so we changed the policy. 550 / 551* switch (af) { 552#ifdef INET 553 case AF_INET: 554 isr = NETISR_IP; 555 break; 556#endif 557#ifdef INET6 558 case AF_INET6: 559 isr = NETISR_IPV6; 560 break; 561#endif 562 case AF_LINK: 563 n = sizeof(struct etherip_header) + sizeof(struct ether_header); 564 if (n > m->m_len) { 565 m = m_pullup(m, n); 566 if (m == NULL) { 567 ifp->if_ierrors++; 568 return; 569 } 570 } 571 572 eip = mtod(m, struct etherip_header ); 573* if (eip->eip_ver != 574 (ETHERIP_VERSION & ETHERIP_VER_VERS_MASK)) { 575 /* discard unknown versions / 576* m_freem(m); 577 return; 578 } 579 m_adj(m, sizeof(struct etherip_header)); 580 581 m->m_flags &= ~(M_BCAST\|M_MCAST); 582 m->m_pkthdr.rcvif = ifp; 583 584 if (ifp->if_bridge) { 585 oldifp = ifp; 586 eh = mtod(m, struct ether_header ); 587* if (ETHER_IS_MULTICAST(eh->ether_dhost)) { 588 if (ETHER_IS_BROADCAST(eh->ether_dhost)) 589 m->m_flags \|= M_BCAST; 590 else 591 m->m_flags \|= M_MCAST; 592 ifp->if_imcasts++; 593 } 594 BRIDGE_INPUT(ifp, m); 595 596 if (m != NULL && ifp != oldifp) { 597 /* 598 * The bridge gave us back itself or one of the 599 * members for which the frame is addressed. 600 / 601* ether_demux(ifp, m); 602 return; 603 } 604 } 605 if (m != NULL) 606 m_freem(m); 607 return; 608 609 default: 610 if (ng_gif_input_orphan_p != NULL) 611 (ng_gif_input_orphan_p)(ifp, m, af); 612* else 613 m_freem(m); 614 return; 615 } 616 617 ifp->if_ipackets++; 618 ifp->if_ibytes += m->m_pkthdr.len; 619 netisr_dispatch(isr, m); 620} 621 622/* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? / 623int 624gif_ioctl(ifp, cmd, data) 625* struct ifnet ifp; 626* u_long cmd; 627 caddr_t data; 628{ 629 struct gif_softc sc = ifp->if_softc; 630* struct ifreq ifr = (struct ifreq)data; 631 int error = 0, size; 632 struct sockaddr dst, src; 633#ifdef SIOCSIFMTU /* xxx / 634* u_long mtu; 635#endif 636 637 switch (cmd) { 638 case SIOCSIFADDR: 639 ifp->if_flags \|= IFF_UP; 640 break; 641 642 case SIOCSIFDSTADDR: 643 break; 644 645 case SIOCADDMULTI: 646 case SIOCDELMULTI: 647 break; 648 649#ifdef SIOCSIFMTU /* xxx / 650* case SIOCGIFMTU: 651 break; 652 653 case SIOCSIFMTU: 654 mtu = ifr->ifr_mtu; 655 if (mtu < GIF_MTU_MIN \|\| mtu > GIF_MTU_MAX) 656 return (EINVAL); 657 ifp->if_mtu = mtu; 658 break; 659#endif /* SIOCSIFMTU / 660* 661#ifdef INET 662 case SIOCSIFPHYADDR: 663#endif 664#ifdef INET6 665 case SIOCSIFPHYADDR_IN6: 666#endif /* INET6 / 667* case SIOCSLIFPHYADDR: 668 switch (cmd) { 669#ifdef INET 670 case SIOCSIFPHYADDR: 671 src = (struct sockaddr ) 672* &(((struct in_aliasreq )data)->ifra_addr); 673* dst = (struct sockaddr ) 674* &(((struct in_aliasreq )data)->ifra_dstaddr); 675* break; 676#endif 677#ifdef INET6 678 case SIOCSIFPHYADDR_IN6: 679 src = (struct sockaddr ) 680* &(((struct in6_aliasreq )data)->ifra_addr); 681* dst = (struct sockaddr ) 682* &(((struct in6_aliasreq )data)->ifra_dstaddr); 683* break; 684#endif 685 case SIOCSLIFPHYADDR: 686 src = (struct sockaddr ) 687* &(((struct if_laddrreq )data)->addr); 688* dst = (struct sockaddr ) 689* &(((struct if_laddrreq )data)->dstaddr); 690* break; 691 default: 692 return EINVAL; 693 } 694 695 /* sa_family must be equal / 696* if (src->sa_family != dst->sa_family) 697 return EINVAL; 698 699 /* validate sa_len / 700* switch (src->sa_family) { 701#ifdef INET 702 case AF_INET: 703 if (src->sa_len != sizeof(struct sockaddr_in)) 704 return EINVAL; 705 break; 706#endif 707#ifdef INET6 708 case AF_INET6: 709 if (src->sa_len != sizeof(struct sockaddr_in6)) 710 return EINVAL; 711 break; 712#endif 713 default: 714 return EAFNOSUPPORT; 715 } 716 switch (dst->sa_family) { 717#ifdef INET 718 case AF_INET: 719 if (dst->sa_len != sizeof(struct sockaddr_in)) 720 return EINVAL; 721 break; 722#endif 723#ifdef INET6 724 case AF_INET6: 725 if (dst->sa_len != sizeof(struct sockaddr_in6)) 726 return EINVAL; 727 break; 728#endif 729 default: 730 return EAFNOSUPPORT; 731 } 732 733 /* check sa_family looks sane for the cmd / 734* switch (cmd) { 735 case SIOCSIFPHYADDR: 736 if (src->sa_family == AF_INET) 737 break; 738 return EAFNOSUPPORT; 739#ifdef INET6 740 case SIOCSIFPHYADDR_IN6: 741 if (src->sa_family == AF_INET6) 742 break; 743 return EAFNOSUPPORT; 744#endif /* INET6 / 745* case SIOCSLIFPHYADDR: 746 /* checks done in the above / 747* break; 748 } 749 750 error = gif_set_tunnel(GIF2IFP(sc), src, dst); 751 break; 752 753#ifdef SIOCDIFPHYADDR 754 case SIOCDIFPHYADDR: 755 gif_delete_tunnel(GIF2IFP(sc)); 756 break; 757#endif 758 759 case SIOCGIFPSRCADDR: 760#ifdef INET6 761 case SIOCGIFPSRCADDR_IN6: 762#endif /* INET6 / 763* if (sc->gif_psrc == NULL) { 764 error = EADDRNOTAVAIL; 765 goto bad; 766 } 767 src = sc->gif_psrc; 768 switch (cmd) { 769#ifdef INET 770 case SIOCGIFPSRCADDR: 771 dst = &ifr->ifr_addr; 772 size = sizeof(ifr->ifr_addr); 773 break; 774#endif /* INET / 775#ifdef INET6 776* case SIOCGIFPSRCADDR_IN6: 777 dst = (struct sockaddr ) 778* &(((struct in6_ifreq )data)->ifr_addr); 779* size = sizeof(((struct in6_ifreq )data)->ifr_addr); 780* break; 781#endif /* INET6 / 782* default: 783 error = EADDRNOTAVAIL; 784 goto bad; 785 } 786 if (src->sa_len > size) 787 return EINVAL; 788 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 789#ifdef INET6 790 if (dst->sa_family == AF_INET6) { 791 error = sa6_recoverscope((struct sockaddr_in6 )dst); 792* if (error != 0) 793 return (error); 794 } 795#endif 796 break; 797 798 case SIOCGIFPDSTADDR: 799#ifdef INET6 800 case SIOCGIFPDSTADDR_IN6: 801#endif /* INET6 / 802* if (sc->gif_pdst == NULL) { 803 error = EADDRNOTAVAIL; 804 goto bad; 805 } 806 src = sc->gif_pdst; 807 switch (cmd) { 808#ifdef INET 809 case SIOCGIFPDSTADDR: 810 dst = &ifr->ifr_addr; 811 size = sizeof(ifr->ifr_addr); 812 break; 813#endif /* INET / 814#ifdef INET6 815* case SIOCGIFPDSTADDR_IN6: 816 dst = (struct sockaddr ) 817* &(((struct in6_ifreq )data)->ifr_addr); 818* size = sizeof(((struct in6_ifreq )data)->ifr_addr); 819* break; 820#endif /* INET6 / 821* default: 822 error = EADDRNOTAVAIL; 823 goto bad; 824 } 825 if (src->sa_len > size) 826 return EINVAL; 827 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 828#ifdef INET6 829 if (dst->sa_family == AF_INET6) { 830 error = sa6_recoverscope((struct sockaddr_in6 )dst); 831* if (error != 0) 832 return (error); 833 } 834#endif 835 break; 836 837 case SIOCGLIFPHYADDR: 838 if (sc->gif_psrc == NULL \|\| sc->gif_pdst == NULL) { 839 error = EADDRNOTAVAIL; 840 goto bad; 841 } 842 843 /* copy src / 844* src = sc->gif_psrc; 845 dst = (struct sockaddr ) 846* &(((struct if_laddrreq )data)->addr); 847* size = sizeof(((struct if_laddrreq )data)->addr); 848* if (src->sa_len > size) 849 return EINVAL; 850 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 851 852 /* copy dst / 853* src = sc->gif_pdst; 854 dst = (struct sockaddr ) 855* &(((struct if_laddrreq )data)->dstaddr); 856* size = sizeof(((struct if_laddrreq )data)->dstaddr); 857* if (src->sa_len > size) 858 return EINVAL; 859 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 860 break; 861 862 case SIOCSIFFLAGS: 863 /* if_ioctl() takes care of it / 864* break; 865 866 default: 867 error = EINVAL; 868 break; 869 } 870 bad: 871 return error; 872} 873 874/* 875 * XXXRW: There's a general event-ordering issue here: the code to check 876 * if a given tunnel is already present happens before we perform a 877 * potentially blocking setup of the tunnel. This code needs to be 878 * re-ordered so that the check and replacement can be atomic using 879 * a mutex. 880 / 881int 882gif_set_tunnel(ifp, src, dst) 883* struct ifnet ifp; 884* struct sockaddr src; 885* struct sockaddr dst; 886{ 887* INIT_VNET_GIF(ifp->if_vnet); 888 struct gif_softc sc = ifp->if_softc; 889* struct gif_softc sc2; 890* struct sockaddr osrc, odst, sa; 891* int error = 0; 892 893 mtx_lock(&gif_mtx); 894 LIST_FOREACH(sc2, &V_gif_softc_list, gif_list) { 895 if (sc2 == sc) 896 continue; 897 if (!sc2->gif_pdst \|\| !sc2->gif_psrc) 898 continue; 899 if (sc2->gif_pdst->sa_family != dst->sa_family \|\| 900 sc2->gif_pdst->sa_len != dst->sa_len \|\| 901 sc2->gif_psrc->sa_family != src->sa_family \|\| 902 sc2->gif_psrc->sa_len != src->sa_len) 903 continue; 904 905 /* 906 * Disallow parallel tunnels unless instructed 907 * otherwise. 908 / 909* if (!V_parallel_tunnels && 910 bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 && 911 bcmp(sc2->gif_psrc, src, src->sa_len) == 0) { 912 error = EADDRNOTAVAIL; 913 mtx_unlock(&gif_mtx); 914 goto bad; 915 } 916 917 /* XXX both end must be valid? (I mean, not 0.0.0.0) / 918* } 919 mtx_unlock(&gif_mtx); 920 921 /* XXX we can detach from both, but be polite just in case / 922* if (sc->gif_psrc) 923 switch (sc->gif_psrc->sa_family) { 924#ifdef INET 925 case AF_INET: 926 (void)in_gif_detach(sc); 927 break; 928#endif 929#ifdef INET6 930 case AF_INET6: 931 (void)in6_gif_detach(sc); 932 break; 933#endif 934 } 935 936 osrc = sc->gif_psrc; 937 sa = (struct sockaddr )malloc(src->sa_len, M_IFADDR, M_WAITOK); 938* bcopy((caddr_t)src, (caddr_t)sa, src->sa_len); 939 sc->gif_psrc = sa; 940 941 odst = sc->gif_pdst; 942 sa = (struct sockaddr )malloc(dst->sa_len, M_IFADDR, M_WAITOK); 943* bcopy((caddr_t)dst, (caddr_t)sa, dst->sa_len); 944 sc->gif_pdst = sa; 945 946 switch (sc->gif_psrc->sa_family) { 947#ifdef INET 948 case AF_INET: 949 error = in_gif_attach(sc); 950 break; 951#endif 952#ifdef INET6 953 case AF_INET6: 954 /* 955 * Check validity of the scope zone ID of the addresses, and 956 * convert it into the kernel internal form if necessary. 957 / 958* error = sa6_embedscope((struct sockaddr_in6 )sc->gif_psrc, 0); 959* if (error != 0) 960 break; 961 error = sa6_embedscope((struct sockaddr_in6 )sc->gif_pdst, 0); 962* if (error != 0) 963 break; 964 error = in6_gif_attach(sc); 965 break; 966#endif 967 } 968 if (error) { 969 /* rollback / 970* free((caddr_t)sc->gif_psrc, M_IFADDR); 971 free((caddr_t)sc->gif_pdst, M_IFADDR); 972 sc->gif_psrc = osrc; 973 sc->gif_pdst = odst; 974 goto bad; 975 } 976 977 if (osrc) 978 free((caddr_t)osrc, M_IFADDR); 979 if (odst) 980 free((caddr_t)odst, M_IFADDR); 981 982 bad: 983 if (sc->gif_psrc && sc->gif_pdst) 984 ifp->if_drv_flags \|= IFF_DRV_RUNNING; 985 else 986 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 987 988 return error; 989} 990 991void 992gif_delete_tunnel(ifp) 993 struct ifnet ifp; 994{ 995* struct gif_softc sc = ifp->if_softc; 996* 997 if (sc->gif_psrc) { 998 free((caddr_t)sc->gif_psrc, M_IFADDR); 999 sc->gif_psrc = NULL; 1000 } 1001 if (sc->gif_pdst) { 1002 free((caddr_t)sc->gif_pdst, M_IFADDR); 1003 sc->gif_pdst = NULL; 1004 } 1005 /* it is safe to detach from both / 1006#ifdef INET 1007* (void)in_gif_detach(sc); 1008#endif 1009#ifdef INET6 1010 (void)in6_gif_detach(sc); 1011#endif 1012 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 1013}