if_gif.c revision 78064
1/* $FreeBSD: head/sys/net/if_gif.c 78064 2001-06-11 12:39:29Z ume $ */ 2/* $KAME: if_gif.c,v 1.47 2001/05/01 05:28:42 itojun Exp $ */ 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33#include "opt_inet.h" 34#include "opt_inet6.h" 35 36#include <sys/param.h> 37#include <sys/systm.h> 38#include <sys/kernel.h> 39#include <sys/malloc.h> 40#include <sys/mbuf.h> 41#include <sys/socket.h> 42#include <sys/sockio.h> 43#include <sys/errno.h> 44#include <sys/time.h> 45#include <sys/syslog.h> 46#include <sys/protosw.h> 47#include <machine/cpu.h> 48 49#include <net/if.h> 50#include <net/if_types.h> 51#include <net/netisr.h> 52#include <net/route.h> 53#include <net/bpf.h> 54 55#include <netinet/in.h> 56#include <netinet/in_systm.h> 57#include <netinet/ip.h> 58#ifdef INET 59#include <netinet/in_var.h> 60#include <netinet/in_gif.h> 61#endif /* INET */ 62 63#ifdef INET6 64#ifndef INET 65#include <netinet/in.h> 66#endif 67#include <netinet6/in6_var.h> 68#include <netinet/ip6.h> 69#include <netinet6/ip6_var.h> 70#include <netinet6/in6_gif.h> 71#include <netinet6/ip6protosw.h> 72#endif /* INET6 */ 73 74#include <netinet/ip_encap.h> 75#include <net/if_gif.h> 76 77#include "gif.h" 78#include "bpf.h" 79#define NBPFILTER NBPF 80 81#include <net/net_osdep.h> 82 83#if NGIF > 0 84 85void gifattach __P((void *)); 86static int gif_encapcheck __P((const struct mbuf *, int, int, void *)); 87#ifdef INET 88extern struct protosw in_gif_protosw; 89#endif 90#ifdef INET6 91extern struct ip6protosw in6_gif_protosw; 92#endif 93 94/* 95 * gif global variable definitions 96 */ 97static int ngif; /* number of interfaces */ 98static struct gif_softc *gif = 0; 99 100#ifndef MAX_GIF_NEST 101/* 102 * This macro controls the upper limitation on nesting of gif tunnels. 103 * Since, setting a large value to this macro with a careless configuration 104 * may introduce system crash, we don't allow any nestings by default. 105 * If you need to configure nested gif tunnels, you can define this macro 106 * in your kernel configuration file. However, if you do so, please be 107 * careful to configure the tunnels so that it won't make a loop. 108 */ 109#define MAX_GIF_NEST 1 110#endif 111static int max_gif_nesting = MAX_GIF_NEST; 112 113void 114gifattach(dummy) 115 void *dummy; 116{ 117 struct gif_softc *sc; 118 int i; 119 120 ngif = NGIF; 121 gif = sc = malloc(ngif * sizeof(struct gif_softc), M_DEVBUF, M_WAITOK); 122 bzero(sc, ngif * sizeof(struct gif_softc)); 123 for (i = 0; i < ngif; sc++, i++) { 124 sc->gif_if.if_name = "gif"; 125 sc->gif_if.if_unit = i; 126 127 sc->encap_cookie4 = sc->encap_cookie6 = NULL; 128#ifdef INET 129 sc->encap_cookie4 = encap_attach_func(AF_INET, -1, 130 gif_encapcheck, &in_gif_protosw, sc); 131 if (sc->encap_cookie4 == NULL) { 132 printf("%s: attach failed\n", if_name(&sc->gif_if)); 133 continue; 134 } 135#endif 136#ifdef INET6 137 sc->encap_cookie6 = encap_attach_func(AF_INET6, -1, 138 gif_encapcheck, (struct protosw *)&in6_gif_protosw, sc); 139 if (sc->encap_cookie6 == NULL) { 140 if (sc->encap_cookie4) { 141 encap_detach(sc->encap_cookie4); 142 sc->encap_cookie4 = NULL; 143 } 144 printf("%s: attach failed\n", if_name(&sc->gif_if)); 145 continue; 146 } 147#endif 148 149 sc->gif_if.if_mtu = GIF_MTU; 150 sc->gif_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 151#if 0 152 /* turn off ingress filter */ 153 sc->gif_if.if_flags |= IFF_LINK2; 154#endif 155 sc->gif_if.if_ioctl = gif_ioctl; 156 sc->gif_if.if_output = gif_output; 157 sc->gif_if.if_type = IFT_GIF; 158 sc->gif_if.if_snd.ifq_maxlen = IFQ_MAXLEN; 159 if_attach(&sc->gif_if); 160#if NBPFILTER > 0 161#ifdef HAVE_OLD_BPF 162 bpfattach(&sc->gif_if, DLT_NULL, sizeof(u_int)); 163#else 164 bpfattach(&sc->gif_if.if_bpf, &sc->gif_if, DLT_NULL, sizeof(u_int)); 165#endif 166#endif 167 } 168} 169 170PSEUDO_SET(gifattach, if_gif); 171 172static int 173gif_encapcheck(m, off, proto, arg) 174 const struct mbuf *m; 175 int off; 176 int proto; 177 void *arg; 178{ 179 struct ip ip; 180 struct gif_softc *sc; 181 182 sc = (struct gif_softc *)arg; 183 if (sc == NULL) 184 return 0; 185 186 if ((sc->gif_if.if_flags & IFF_UP) == 0) 187 return 0; 188 189 /* no physical address */ 190 if (!sc->gif_psrc || !sc->gif_pdst) 191 return 0; 192 193 switch (proto) { 194#ifdef INET 195 case IPPROTO_IPV4: 196 break; 197#endif 198#ifdef INET6 199 case IPPROTO_IPV6: 200 break; 201#endif 202 default: 203 return 0; 204 } 205 206 /* LINTED const cast */ 207 m_copydata((struct mbuf *)m, 0, sizeof(ip), (caddr_t)&ip); 208 209 switch (ip.ip_v) { 210#ifdef INET 211 case 4: 212 if (sc->gif_psrc->sa_family != AF_INET || 213 sc->gif_pdst->sa_family != AF_INET) 214 return 0; 215 return gif_encapcheck4(m, off, proto, arg); 216#endif 217#ifdef INET6 218 case 6: 219 if (sc->gif_psrc->sa_family != AF_INET6 || 220 sc->gif_pdst->sa_family != AF_INET6) 221 return 0; 222 return gif_encapcheck6(m, off, proto, arg); 223#endif 224 default: 225 return 0; 226 } 227} 228 229int 230gif_output(ifp, m, dst, rt) 231 struct ifnet *ifp; 232 struct mbuf *m; 233 struct sockaddr *dst; 234 struct rtentry *rt; /* added in net2 */ 235{ 236 struct gif_softc *sc = (struct gif_softc*)ifp; 237 int error = 0; 238 static int called = 0; /* XXX: MUTEX */ 239 240 /* 241 * gif may cause infinite recursion calls when misconfigured. 242 * We'll prevent this by introducing upper limit. 243 * XXX: this mechanism may introduce another problem about 244 * mutual exclusion of the variable CALLED, especially if we 245 * use kernel thread. 246 */ 247 if (++called > max_gif_nesting) { 248 log(LOG_NOTICE, 249 "gif_output: recursively called too many times(%d)\n", 250 called); 251 m_freem(m); 252 error = EIO; /* is there better errno? */ 253 goto end; 254 } 255 256 getmicrotime(&ifp->if_lastchange); 257 m->m_flags &= ~(M_BCAST|M_MCAST); 258 if (!(ifp->if_flags & IFF_UP) || 259 sc->gif_psrc == NULL || sc->gif_pdst == NULL) { 260 m_freem(m); 261 error = ENETDOWN; 262 goto end; 263 } 264 265#if NBPFILTER > 0 266 if (ifp->if_bpf) { 267 /* 268 * We need to prepend the address family as 269 * a four byte field. Cons up a dummy header 270 * to pacify bpf. This is safe because bpf 271 * will only read from the mbuf (i.e., it won't 272 * try to free it or keep a pointer a to it). 273 */ 274 struct mbuf m0; 275 u_int32_t af = dst->sa_family; 276 277 m0.m_next = m; 278 m0.m_len = 4; 279 m0.m_data = (char *)⁡ 280 281#ifdef HAVE_OLD_BPF 282 bpf_mtap(ifp, &m0); 283#else 284 bpf_mtap(ifp->if_bpf, &m0); 285#endif 286 } 287#endif 288 ifp->if_opackets++; 289 ifp->if_obytes += m->m_pkthdr.len; 290 291 /* inner AF-specific encapsulation */ 292 293 /* XXX should we check if our outer source is legal? */ 294 295 /* dispatch to output logic based on outer AF */ 296 switch (sc->gif_psrc->sa_family) { 297#ifdef INET 298 case AF_INET: 299 error = in_gif_output(ifp, dst->sa_family, m, rt); 300 break; 301#endif 302#ifdef INET6 303 case AF_INET6: 304 error = in6_gif_output(ifp, dst->sa_family, m, rt); 305 break; 306#endif 307 default: 308 m_freem(m); 309 error = ENETDOWN; 310 goto end; 311 } 312 313 end: 314 called = 0; /* reset recursion counter */ 315 if (error) 316 ifp->if_oerrors++; 317 return error; 318} 319 320void 321gif_input(m, af, gifp) 322 struct mbuf *m; 323 int af; 324 struct ifnet *gifp; 325{ 326 int isr; 327 struct ifqueue *ifq = 0; 328 329 if (gifp == NULL) { 330 /* just in case */ 331 m_freem(m); 332 return; 333 } 334 335 m->m_pkthdr.rcvif = gifp; 336 337#if NBPFILTER > 0 338 if (gifp->if_bpf) { 339 /* 340 * We need to prepend the address family as 341 * a four byte field. Cons up a dummy header 342 * to pacify bpf. This is safe because bpf 343 * will only read from the mbuf (i.e., it won't 344 * try to free it or keep a pointer a to it). 345 */ 346 struct mbuf m0; 347 u_int32_t af1 = af; 348 349 m0.m_next = m; 350 m0.m_len = 4; 351 m0.m_data = (char *)&af1; 352 353#ifdef HAVE_OLD_BPF 354 bpf_mtap(gifp, &m0); 355#else 356 bpf_mtap(gifp->if_bpf, &m0); 357#endif 358 } 359#endif /*NBPFILTER > 0*/ 360 361 /* 362 * Put the packet to the network layer input queue according to the 363 * specified address family. 364 * Note: older versions of gif_input directly called network layer 365 * input functions, e.g. ip6_input, here. We changed the policy to 366 * prevent too many recursive calls of such input functions, which 367 * might cause kernel panic. But the change may introduce another 368 * problem; if the input queue is full, packets are discarded. 369 * We believed it rarely occurs and changed the policy. If we find 370 * it occurs more times than we thought, we may change the policy 371 * again. 372 */ 373 switch (af) { 374#ifdef INET 375 case AF_INET: 376 ifq = &ipintrq; 377 isr = NETISR_IP; 378 break; 379#endif 380#ifdef INET6 381 case AF_INET6: 382 ifq = &ip6intrq; 383 isr = NETISR_IPV6; 384 break; 385#endif 386 default: 387 m_freem(m); 388 return; 389 } 390 391 gifp->if_ipackets++; 392 gifp->if_ibytes += m->m_pkthdr.len; 393 (void) IF_HANDOFF(ifq, m, NULL); 394 /* we need schednetisr since the address family may change */ 395 schednetisr(isr); 396 397 return; 398} 399 400/* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */ 401int 402gif_ioctl(ifp, cmd, data) 403 struct ifnet *ifp; 404 u_long cmd; 405 caddr_t data; 406{ 407 struct gif_softc *sc = (struct gif_softc*)ifp; 408 struct ifreq *ifr = (struct ifreq*)data; 409 int error = 0, size; 410 struct sockaddr *dst, *src; 411 struct sockaddr *sa; 412 int i; 413 int s; 414 struct gif_softc *sc2; 415 416 switch (cmd) { 417 case SIOCSIFADDR: 418 break; 419 420 case SIOCSIFDSTADDR: 421 break; 422 423 case SIOCADDMULTI: 424 case SIOCDELMULTI: 425 break; 426 427#ifdef SIOCSIFMTU /* xxx */ 428 case SIOCGIFMTU: 429 break; 430 431 case SIOCSIFMTU: 432 { 433 u_long mtu; 434 mtu = ifr->ifr_mtu; 435 if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX) { 436 return (EINVAL); 437 } 438 ifp->if_mtu = mtu; 439 } 440 break; 441#endif /* SIOCSIFMTU */ 442 443 case SIOCSIFPHYADDR: 444#ifdef INET6 445 case SIOCSIFPHYADDR_IN6: 446#endif /* INET6 */ 447 case SIOCSLIFPHYADDR: 448 switch (cmd) { 449#ifdef INET 450 case SIOCSIFPHYADDR: 451 src = (struct sockaddr *) 452 &(((struct in_aliasreq *)data)->ifra_addr); 453 dst = (struct sockaddr *) 454 &(((struct in_aliasreq *)data)->ifra_dstaddr); 455 break; 456#endif 457#ifdef INET6 458 case SIOCSIFPHYADDR_IN6: 459 src = (struct sockaddr *) 460 &(((struct in6_aliasreq *)data)->ifra_addr); 461 dst = (struct sockaddr *) 462 &(((struct in6_aliasreq *)data)->ifra_dstaddr); 463 break; 464#endif 465 case SIOCSLIFPHYADDR: 466 src = (struct sockaddr *) 467 &(((struct if_laddrreq *)data)->addr); 468 dst = (struct sockaddr *) 469 &(((struct if_laddrreq *)data)->dstaddr); 470 } 471 472 /* sa_family must be equal */ 473 if (src->sa_family != dst->sa_family) 474 return EINVAL; 475 476 /* validate sa_len */ 477 switch (src->sa_family) { 478#ifdef INET 479 case AF_INET: 480 if (src->sa_len != sizeof(struct sockaddr_in)) 481 return EINVAL; 482 break; 483#endif 484#ifdef INET6 485 case AF_INET6: 486 if (src->sa_len != sizeof(struct sockaddr_in6)) 487 return EINVAL; 488 break; 489#endif 490 default: 491 return EAFNOSUPPORT; 492 } 493 switch (dst->sa_family) { 494#ifdef INET 495 case AF_INET: 496 if (dst->sa_len != sizeof(struct sockaddr_in)) 497 return EINVAL; 498 break; 499#endif 500#ifdef INET6 501 case AF_INET6: 502 if (dst->sa_len != sizeof(struct sockaddr_in6)) 503 return EINVAL; 504 break; 505#endif 506 default: 507 return EAFNOSUPPORT; 508 } 509 510 /* check sa_family looks sane for the cmd */ 511 switch (cmd) { 512 case SIOCSIFPHYADDR: 513 if (src->sa_family == AF_INET) 514 break; 515 return EAFNOSUPPORT; 516#ifdef INET6 517 case SIOCSIFPHYADDR_IN6: 518 if (src->sa_family == AF_INET6) 519 break; 520 return EAFNOSUPPORT; 521#endif /* INET6 */ 522 case SIOCSLIFPHYADDR: 523 /* checks done in the above */ 524 break; 525 } 526 527 for (i = 0; i < ngif; i++) { 528 sc2 = gif + i; 529 if (sc2 == sc) 530 continue; 531 if (!sc2->gif_pdst || !sc2->gif_psrc) 532 continue; 533 if (sc2->gif_pdst->sa_family != dst->sa_family || 534 sc2->gif_pdst->sa_len != dst->sa_len || 535 sc2->gif_psrc->sa_family != src->sa_family || 536 sc2->gif_psrc->sa_len != src->sa_len) 537 continue; 538#ifndef XBONEHACK 539 /* can't configure same pair of address onto two gifs */ 540 if (bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 && 541 bcmp(sc2->gif_psrc, src, src->sa_len) == 0) { 542 error = EADDRNOTAVAIL; 543 goto bad; 544 } 545#endif 546 547 /* can't configure multiple multi-dest interfaces */ 548#define multidest(x) \ 549 (((struct sockaddr_in *)(x))->sin_addr.s_addr == INADDR_ANY) 550#ifdef INET6 551#define multidest6(x) \ 552 (IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *)(x))->sin6_addr)) 553#endif 554 if (dst->sa_family == AF_INET && 555 multidest(dst) && multidest(sc2->gif_pdst)) { 556 error = EADDRNOTAVAIL; 557 goto bad; 558 } 559#ifdef INET6 560 if (dst->sa_family == AF_INET6 && 561 multidest6(dst) && multidest6(sc2->gif_pdst)) { 562 error = EADDRNOTAVAIL; 563 goto bad; 564 } 565#endif 566 } 567 568 if (sc->gif_psrc) 569 free((caddr_t)sc->gif_psrc, M_IFADDR); 570 sa = (struct sockaddr *)malloc(src->sa_len, M_IFADDR, M_WAITOK); 571 bcopy((caddr_t)src, (caddr_t)sa, src->sa_len); 572 sc->gif_psrc = sa; 573 574 if (sc->gif_pdst) 575 free((caddr_t)sc->gif_pdst, M_IFADDR); 576 sa = (struct sockaddr *)malloc(dst->sa_len, M_IFADDR, M_WAITOK); 577 bcopy((caddr_t)dst, (caddr_t)sa, dst->sa_len); 578 sc->gif_pdst = sa; 579 580 ifp->if_flags |= IFF_RUNNING; 581 s = splimp(); 582 if_up(ifp); /* mark interface UP and send up RTM_IFINFO */ 583 splx(s); 584 585 error = 0; 586 break; 587 588#ifdef SIOCDIFPHYADDR 589 case SIOCDIFPHYADDR: 590 if (sc->gif_psrc) { 591 free((caddr_t)sc->gif_psrc, M_IFADDR); 592 sc->gif_psrc = NULL; 593 } 594 if (sc->gif_pdst) { 595 free((caddr_t)sc->gif_pdst, M_IFADDR); 596 sc->gif_pdst = NULL; 597 } 598 /* change the IFF_{UP, RUNNING} flag as well? */ 599 break; 600#endif 601 602 case SIOCGIFPSRCADDR: 603#ifdef INET6 604 case SIOCGIFPSRCADDR_IN6: 605#endif /* INET6 */ 606 if (sc->gif_psrc == NULL) { 607 error = EADDRNOTAVAIL; 608 goto bad; 609 } 610 src = sc->gif_psrc; 611 switch (cmd) { 612#ifdef INET 613 case SIOCGIFPSRCADDR: 614 dst = &ifr->ifr_addr; 615 size = sizeof(ifr->ifr_addr); 616 break; 617#endif /* INET */ 618#ifdef INET6 619 case SIOCGIFPSRCADDR_IN6: 620 dst = (struct sockaddr *) 621 &(((struct in6_ifreq *)data)->ifr_addr); 622 size = sizeof(((struct in6_ifreq *)data)->ifr_addr); 623 break; 624#endif /* INET6 */ 625 default: 626 error = EADDRNOTAVAIL; 627 goto bad; 628 } 629 if (src->sa_len > size) 630 return EINVAL; 631 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 632 break; 633 634 case SIOCGIFPDSTADDR: 635#ifdef INET6 636 case SIOCGIFPDSTADDR_IN6: 637#endif /* INET6 */ 638 if (sc->gif_pdst == NULL) { 639 error = EADDRNOTAVAIL; 640 goto bad; 641 } 642 src = sc->gif_pdst; 643 switch (cmd) { 644#ifdef INET 645 case SIOCGIFPDSTADDR: 646 dst = &ifr->ifr_addr; 647 size = sizeof(ifr->ifr_addr); 648 break; 649#endif /* INET */ 650#ifdef INET6 651 case SIOCGIFPDSTADDR_IN6: 652 dst = (struct sockaddr *) 653 &(((struct in6_ifreq *)data)->ifr_addr); 654 size = sizeof(((struct in6_ifreq *)data)->ifr_addr); 655 break; 656#endif /* INET6 */ 657 default: 658 error = EADDRNOTAVAIL; 659 goto bad; 660 } 661 if (src->sa_len > size) 662 return EINVAL; 663 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 664 break; 665 666 case SIOCGLIFPHYADDR: 667 if (sc->gif_psrc == NULL || sc->gif_pdst == NULL) { 668 error = EADDRNOTAVAIL; 669 goto bad; 670 } 671 672 /* copy src */ 673 src = sc->gif_psrc; 674 dst = (struct sockaddr *) 675 &(((struct if_laddrreq *)data)->addr); 676 size = sizeof(((struct if_laddrreq *)data)->addr); 677 if (src->sa_len > size) 678 return EINVAL; 679 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 680 681 /* copy dst */ 682 src = sc->gif_pdst; 683 dst = (struct sockaddr *) 684 &(((struct if_laddrreq *)data)->dstaddr); 685 size = sizeof(((struct if_laddrreq *)data)->dstaddr); 686 if (src->sa_len > size) 687 return EINVAL; 688 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len); 689 break; 690 691 case SIOCSIFFLAGS: 692 /* if_ioctl() takes care of it */ 693 break; 694 695 default: 696 error = EINVAL; 697 break; 698 } 699 bad: 700 return error; 701} 702#endif /*NGIF > 0*/ 703