if_gif.c revision 78064 
1/*	$FreeBSD: head/sys/net/if_gif.c 78064 2001-06-11 12:39:29Z ume $	*/
2/*	$KAME: if_gif.c,v 1.47 2001/05/01 05:28:42 itojun Exp $	*/
3
4/*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 *    may be used to endorse or promote products derived from this software
18 *    without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33#include "opt_inet.h"
34#include "opt_inet6.h"
35
36#include <sys/param.h>
37#include <sys/systm.h>
38#include <sys/kernel.h>
39#include <sys/malloc.h>
40#include <sys/mbuf.h>
41#include <sys/socket.h>
42#include <sys/sockio.h>
43#include <sys/errno.h>
44#include <sys/time.h>
45#include <sys/syslog.h>
46#include <sys/protosw.h>
47#include <machine/cpu.h>
48
49#include <net/if.h>
50#include <net/if_types.h>
51#include <net/netisr.h>
52#include <net/route.h>
53#include <net/bpf.h>
54
55#include <netinet/in.h>
56#include <netinet/in_systm.h>
57#include <netinet/ip.h>
58#ifdef	INET
59#include <netinet/in_var.h>
60#include <netinet/in_gif.h>
61#endif	/* INET */
62
63#ifdef INET6
64#ifndef INET
65#include <netinet/in.h>
66#endif
67#include <netinet6/in6_var.h>
68#include <netinet/ip6.h>
69#include <netinet6/ip6_var.h>
70#include <netinet6/in6_gif.h>
71#include <netinet6/ip6protosw.h>
72#endif /* INET6 */
73
74#include <netinet/ip_encap.h>
75#include <net/if_gif.h>
76
77#include "gif.h"
78#include "bpf.h"
79#define NBPFILTER	NBPF
80
81#include <net/net_osdep.h>
82
83#if NGIF > 0
84
85void gifattach __P((void *));
86static int gif_encapcheck __P((const struct mbuf *, int, int, void *));
87#ifdef INET
88extern struct protosw in_gif_protosw;
89#endif
90#ifdef INET6
91extern struct ip6protosw in6_gif_protosw;
92#endif
93
94/*
95 * gif global variable definitions
96 */
97static int ngif;		/* number of interfaces */
98static struct gif_softc *gif = 0;
99
100#ifndef MAX_GIF_NEST
101/*
102 * This macro controls the upper limitation on nesting of gif tunnels.
103 * Since, setting a large value to this macro with a careless configuration
104 * may introduce system crash, we don't allow any nestings by default.
105 * If you need to configure nested gif tunnels, you can define this macro
106 * in your kernel configuration file. However, if you do so, please be
107 * careful to configure the tunnels so that it won't make a loop.
108 */
109#define MAX_GIF_NEST 1
110#endif
111static int max_gif_nesting = MAX_GIF_NEST;
112
113void
114gifattach(dummy)
115	void *dummy;
116{
117	struct gif_softc *sc;
118	int i;
119
120	ngif = NGIF;
121	gif = sc = malloc(ngif * sizeof(struct gif_softc), M_DEVBUF, M_WAITOK);
122	bzero(sc, ngif * sizeof(struct gif_softc));
123	for (i = 0; i < ngif; sc++, i++) {
124		sc->gif_if.if_name = "gif";
125		sc->gif_if.if_unit = i;
126
127		sc->encap_cookie4 = sc->encap_cookie6 = NULL;
128#ifdef INET
129		sc->encap_cookie4 = encap_attach_func(AF_INET, -1,
130		    gif_encapcheck, &in_gif_protosw, sc);
131		if (sc->encap_cookie4 == NULL) {
132			printf("%s: attach failed\n", if_name(&sc->gif_if));
133			continue;
134		}
135#endif
136#ifdef INET6
137		sc->encap_cookie6 = encap_attach_func(AF_INET6, -1,
138		    gif_encapcheck, (struct protosw *)&in6_gif_protosw, sc);
139		if (sc->encap_cookie6 == NULL) {
140			if (sc->encap_cookie4) {
141				encap_detach(sc->encap_cookie4);
142				sc->encap_cookie4 = NULL;
143			}
144			printf("%s: attach failed\n", if_name(&sc->gif_if));
145			continue;
146		}
147#endif
148
149		sc->gif_if.if_mtu    = GIF_MTU;
150		sc->gif_if.if_flags  = IFF_POINTOPOINT | IFF_MULTICAST;
151#if 0
152		/* turn off ingress filter */
153		sc->gif_if.if_flags  |= IFF_LINK2;
154#endif
155		sc->gif_if.if_ioctl  = gif_ioctl;
156		sc->gif_if.if_output = gif_output;
157		sc->gif_if.if_type   = IFT_GIF;
158		sc->gif_if.if_snd.ifq_maxlen = IFQ_MAXLEN;
159		if_attach(&sc->gif_if);
160#if NBPFILTER > 0
161#ifdef HAVE_OLD_BPF
162		bpfattach(&sc->gif_if, DLT_NULL, sizeof(u_int));
163#else
164		bpfattach(&sc->gif_if.if_bpf, &sc->gif_if, DLT_NULL, sizeof(u_int));
165#endif
166#endif
167	}
168}
169
170PSEUDO_SET(gifattach, if_gif);
171
172static int
173gif_encapcheck(m, off, proto, arg)
174	const struct mbuf *m;
175	int off;
176	int proto;
177	void *arg;
178{
179	struct ip ip;
180	struct gif_softc *sc;
181
182	sc = (struct gif_softc *)arg;
183	if (sc == NULL)
184		return 0;
185
186	if ((sc->gif_if.if_flags & IFF_UP) == 0)
187		return 0;
188
189	/* no physical address */
190	if (!sc->gif_psrc || !sc->gif_pdst)
191		return 0;
192
193	switch (proto) {
194#ifdef INET
195	case IPPROTO_IPV4:
196		break;
197#endif
198#ifdef INET6
199	case IPPROTO_IPV6:
200		break;
201#endif
202	default:
203		return 0;
204	}
205
206	/* LINTED const cast */
207	m_copydata((struct mbuf *)m, 0, sizeof(ip), (caddr_t)&ip);
208
209	switch (ip.ip_v) {
210#ifdef INET
211	case 4:
212		if (sc->gif_psrc->sa_family != AF_INET ||
213		    sc->gif_pdst->sa_family != AF_INET)
214			return 0;
215		return gif_encapcheck4(m, off, proto, arg);
216#endif
217#ifdef INET6
218	case 6:
219		if (sc->gif_psrc->sa_family != AF_INET6 ||
220		    sc->gif_pdst->sa_family != AF_INET6)
221			return 0;
222		return gif_encapcheck6(m, off, proto, arg);
223#endif
224	default:
225		return 0;
226	}
227}
228
229int
230gif_output(ifp, m, dst, rt)
231	struct ifnet *ifp;
232	struct mbuf *m;
233	struct sockaddr *dst;
234	struct rtentry *rt;	/* added in net2 */
235{
236	struct gif_softc *sc = (struct gif_softc*)ifp;
237	int error = 0;
238	static int called = 0;	/* XXX: MUTEX */
239
240	/*
241	 * gif may cause infinite recursion calls when misconfigured.
242	 * We'll prevent this by introducing upper limit.
243	 * XXX: this mechanism may introduce another problem about
244	 *      mutual exclusion of the variable CALLED, especially if we
245	 *      use kernel thread.
246	 */
247	if (++called > max_gif_nesting) {
248		log(LOG_NOTICE,
249		    "gif_output: recursively called too many times(%d)\n",
250		    called);
251		m_freem(m);
252		error = EIO;	/* is there better errno? */
253		goto end;
254	}
255
256	getmicrotime(&ifp->if_lastchange);
257	m->m_flags &= ~(M_BCAST|M_MCAST);
258	if (!(ifp->if_flags & IFF_UP) ||
259	    sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
260		m_freem(m);
261		error = ENETDOWN;
262		goto end;
263	}
264
265#if NBPFILTER > 0
266	if (ifp->if_bpf) {
267		/*
268		 * We need to prepend the address family as
269		 * a four byte field.  Cons up a dummy header
270		 * to pacify bpf.  This is safe because bpf
271		 * will only read from the mbuf (i.e., it won't
272		 * try to free it or keep a pointer a to it).
273		 */
274		struct mbuf m0;
275		u_int32_t af = dst->sa_family;
276
277		m0.m_next = m;
278		m0.m_len = 4;
279		m0.m_data = (char *)&af;
280
281#ifdef HAVE_OLD_BPF
282		bpf_mtap(ifp, &m0);
283#else
284		bpf_mtap(ifp->if_bpf, &m0);
285#endif
286	}
287#endif
288	ifp->if_opackets++;
289	ifp->if_obytes += m->m_pkthdr.len;
290
291	/* inner AF-specific encapsulation */
292
293	/* XXX should we check if our outer source is legal? */
294
295	/* dispatch to output logic based on outer AF */
296	switch (sc->gif_psrc->sa_family) {
297#ifdef INET
298	case AF_INET:
299		error = in_gif_output(ifp, dst->sa_family, m, rt);
300		break;
301#endif
302#ifdef INET6
303	case AF_INET6:
304		error = in6_gif_output(ifp, dst->sa_family, m, rt);
305		break;
306#endif
307	default:
308		m_freem(m);
309		error = ENETDOWN;
310		goto end;
311	}
312
313  end:
314	called = 0;		/* reset recursion counter */
315	if (error)
316		ifp->if_oerrors++;
317	return error;
318}
319
320void
321gif_input(m, af, gifp)
322	struct mbuf *m;
323	int af;
324	struct ifnet *gifp;
325{
326	int isr;
327	struct ifqueue *ifq = 0;
328
329	if (gifp == NULL) {
330		/* just in case */
331		m_freem(m);
332		return;
333	}
334
335	m->m_pkthdr.rcvif = gifp;
336
337#if NBPFILTER > 0
338	if (gifp->if_bpf) {
339		/*
340		 * We need to prepend the address family as
341		 * a four byte field.  Cons up a dummy header
342		 * to pacify bpf.  This is safe because bpf
343		 * will only read from the mbuf (i.e., it won't
344		 * try to free it or keep a pointer a to it).
345		 */
346		struct mbuf m0;
347		u_int32_t af1 = af;
348
349		m0.m_next = m;
350		m0.m_len = 4;
351		m0.m_data = (char *)&af1;
352
353#ifdef HAVE_OLD_BPF
354		bpf_mtap(gifp, &m0);
355#else
356		bpf_mtap(gifp->if_bpf, &m0);
357#endif
358	}
359#endif /*NBPFILTER > 0*/
360
361	/*
362	 * Put the packet to the network layer input queue according to the
363	 * specified address family.
364	 * Note: older versions of gif_input directly called network layer
365	 * input functions, e.g. ip6_input, here. We changed the policy to
366	 * prevent too many recursive calls of such input functions, which
367	 * might cause kernel panic. But the change may introduce another
368	 * problem; if the input queue is full, packets are discarded.
369	 * We believed it rarely occurs and changed the policy. If we find
370	 * it occurs more times than we thought, we may change the policy
371	 * again.
372	 */
373	switch (af) {
374#ifdef INET
375	case AF_INET:
376		ifq = &ipintrq;
377		isr = NETISR_IP;
378		break;
379#endif
380#ifdef INET6
381	case AF_INET6:
382		ifq = &ip6intrq;
383		isr = NETISR_IPV6;
384		break;
385#endif
386	default:
387		m_freem(m);
388		return;
389	}
390
391	gifp->if_ipackets++;
392	gifp->if_ibytes += m->m_pkthdr.len;
393	(void) IF_HANDOFF(ifq, m, NULL);
394	/* we need schednetisr since the address family may change */
395	schednetisr(isr);
396
397	return;
398}
399
400/* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */
401int
402gif_ioctl(ifp, cmd, data)
403	struct ifnet *ifp;
404	u_long cmd;
405	caddr_t data;
406{
407	struct gif_softc *sc  = (struct gif_softc*)ifp;
408	struct ifreq     *ifr = (struct ifreq*)data;
409	int error = 0, size;
410	struct sockaddr *dst, *src;
411	struct sockaddr *sa;
412	int i;
413	int s;
414	struct gif_softc *sc2;
415
416	switch (cmd) {
417	case SIOCSIFADDR:
418		break;
419
420	case SIOCSIFDSTADDR:
421		break;
422
423	case SIOCADDMULTI:
424	case SIOCDELMULTI:
425		break;
426
427#ifdef	SIOCSIFMTU /* xxx */
428	case SIOCGIFMTU:
429		break;
430
431	case SIOCSIFMTU:
432		{
433			u_long mtu;
434			mtu = ifr->ifr_mtu;
435			if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX) {
436				return (EINVAL);
437			}
438			ifp->if_mtu = mtu;
439		}
440		break;
441#endif /* SIOCSIFMTU */
442
443	case SIOCSIFPHYADDR:
444#ifdef INET6
445	case SIOCSIFPHYADDR_IN6:
446#endif /* INET6 */
447	case SIOCSLIFPHYADDR:
448		switch (cmd) {
449#ifdef INET
450		case SIOCSIFPHYADDR:
451			src = (struct sockaddr *)
452				&(((struct in_aliasreq *)data)->ifra_addr);
453			dst = (struct sockaddr *)
454				&(((struct in_aliasreq *)data)->ifra_dstaddr);
455			break;
456#endif
457#ifdef INET6
458		case SIOCSIFPHYADDR_IN6:
459			src = (struct sockaddr *)
460				&(((struct in6_aliasreq *)data)->ifra_addr);
461			dst = (struct sockaddr *)
462				&(((struct in6_aliasreq *)data)->ifra_dstaddr);
463			break;
464#endif
465		case SIOCSLIFPHYADDR:
466			src = (struct sockaddr *)
467				&(((struct if_laddrreq *)data)->addr);
468			dst = (struct sockaddr *)
469				&(((struct if_laddrreq *)data)->dstaddr);
470		}
471
472		/* sa_family must be equal */
473		if (src->sa_family != dst->sa_family)
474			return EINVAL;
475
476		/* validate sa_len */
477		switch (src->sa_family) {
478#ifdef INET
479		case AF_INET:
480			if (src->sa_len != sizeof(struct sockaddr_in))
481				return EINVAL;
482			break;
483#endif
484#ifdef INET6
485		case AF_INET6:
486			if (src->sa_len != sizeof(struct sockaddr_in6))
487				return EINVAL;
488			break;
489#endif
490		default:
491			return EAFNOSUPPORT;
492		}
493		switch (dst->sa_family) {
494#ifdef INET
495		case AF_INET:
496			if (dst->sa_len != sizeof(struct sockaddr_in))
497				return EINVAL;
498			break;
499#endif
500#ifdef INET6
501		case AF_INET6:
502			if (dst->sa_len != sizeof(struct sockaddr_in6))
503				return EINVAL;
504			break;
505#endif
506		default:
507			return EAFNOSUPPORT;
508		}
509
510		/* check sa_family looks sane for the cmd */
511		switch (cmd) {
512		case SIOCSIFPHYADDR:
513			if (src->sa_family == AF_INET)
514				break;
515			return EAFNOSUPPORT;
516#ifdef INET6
517		case SIOCSIFPHYADDR_IN6:
518			if (src->sa_family == AF_INET6)
519				break;
520			return EAFNOSUPPORT;
521#endif /* INET6 */
522		case SIOCSLIFPHYADDR:
523			/* checks done in the above */
524			break;
525		}
526
527		for (i = 0; i < ngif; i++) {
528			sc2 = gif + i;
529			if (sc2 == sc)
530				continue;
531			if (!sc2->gif_pdst || !sc2->gif_psrc)
532				continue;
533			if (sc2->gif_pdst->sa_family != dst->sa_family ||
534			    sc2->gif_pdst->sa_len != dst->sa_len ||
535			    sc2->gif_psrc->sa_family != src->sa_family ||
536			    sc2->gif_psrc->sa_len != src->sa_len)
537				continue;
538#ifndef XBONEHACK
539			/* can't configure same pair of address onto two gifs */
540			if (bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 &&
541			    bcmp(sc2->gif_psrc, src, src->sa_len) == 0) {
542				error = EADDRNOTAVAIL;
543				goto bad;
544			}
545#endif
546
547			/* can't configure multiple multi-dest interfaces */
548#define multidest(x) \
549	(((struct sockaddr_in *)(x))->sin_addr.s_addr == INADDR_ANY)
550#ifdef INET6
551#define multidest6(x) \
552	(IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *)(x))->sin6_addr))
553#endif
554			if (dst->sa_family == AF_INET &&
555			    multidest(dst) && multidest(sc2->gif_pdst)) {
556				error = EADDRNOTAVAIL;
557				goto bad;
558			}
559#ifdef INET6
560			if (dst->sa_family == AF_INET6 &&
561			    multidest6(dst) && multidest6(sc2->gif_pdst)) {
562				error = EADDRNOTAVAIL;
563				goto bad;
564			}
565#endif
566		}
567
568		if (sc->gif_psrc)
569			free((caddr_t)sc->gif_psrc, M_IFADDR);
570		sa = (struct sockaddr *)malloc(src->sa_len, M_IFADDR, M_WAITOK);
571		bcopy((caddr_t)src, (caddr_t)sa, src->sa_len);
572		sc->gif_psrc = sa;
573
574		if (sc->gif_pdst)
575			free((caddr_t)sc->gif_pdst, M_IFADDR);
576		sa = (struct sockaddr *)malloc(dst->sa_len, M_IFADDR, M_WAITOK);
577		bcopy((caddr_t)dst, (caddr_t)sa, dst->sa_len);
578		sc->gif_pdst = sa;
579
580		ifp->if_flags |= IFF_RUNNING;
581		s = splimp();
582		if_up(ifp);	/* mark interface UP and send up RTM_IFINFO */
583		splx(s);
584
585		error = 0;
586		break;
587
588#ifdef SIOCDIFPHYADDR
589	case SIOCDIFPHYADDR:
590		if (sc->gif_psrc) {
591			free((caddr_t)sc->gif_psrc, M_IFADDR);
592			sc->gif_psrc = NULL;
593		}
594		if (sc->gif_pdst) {
595			free((caddr_t)sc->gif_pdst, M_IFADDR);
596			sc->gif_pdst = NULL;
597		}
598		/* change the IFF_{UP, RUNNING} flag as well? */
599		break;
600#endif
601
602	case SIOCGIFPSRCADDR:
603#ifdef INET6
604	case SIOCGIFPSRCADDR_IN6:
605#endif /* INET6 */
606		if (sc->gif_psrc == NULL) {
607			error = EADDRNOTAVAIL;
608			goto bad;
609		}
610		src = sc->gif_psrc;
611		switch (cmd) {
612#ifdef INET
613		case SIOCGIFPSRCADDR:
614			dst = &ifr->ifr_addr;
615			size = sizeof(ifr->ifr_addr);
616			break;
617#endif /* INET */
618#ifdef INET6
619		case SIOCGIFPSRCADDR_IN6:
620			dst = (struct sockaddr *)
621				&(((struct in6_ifreq *)data)->ifr_addr);
622			size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
623			break;
624#endif /* INET6 */
625		default:
626			error = EADDRNOTAVAIL;
627			goto bad;
628		}
629		if (src->sa_len > size)
630			return EINVAL;
631		bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
632		break;
633
634	case SIOCGIFPDSTADDR:
635#ifdef INET6
636	case SIOCGIFPDSTADDR_IN6:
637#endif /* INET6 */
638		if (sc->gif_pdst == NULL) {
639			error = EADDRNOTAVAIL;
640			goto bad;
641		}
642		src = sc->gif_pdst;
643		switch (cmd) {
644#ifdef INET
645		case SIOCGIFPDSTADDR:
646			dst = &ifr->ifr_addr;
647			size = sizeof(ifr->ifr_addr);
648			break;
649#endif /* INET */
650#ifdef INET6
651		case SIOCGIFPDSTADDR_IN6:
652			dst = (struct sockaddr *)
653				&(((struct in6_ifreq *)data)->ifr_addr);
654			size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
655			break;
656#endif /* INET6 */
657		default:
658			error = EADDRNOTAVAIL;
659			goto bad;
660		}
661		if (src->sa_len > size)
662			return EINVAL;
663		bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
664		break;
665
666	case SIOCGLIFPHYADDR:
667		if (sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
668			error = EADDRNOTAVAIL;
669			goto bad;
670		}
671
672		/* copy src */
673		src = sc->gif_psrc;
674		dst = (struct sockaddr *)
675			&(((struct if_laddrreq *)data)->addr);
676		size = sizeof(((struct if_laddrreq *)data)->addr);
677		if (src->sa_len > size)
678			return EINVAL;
679		bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
680
681		/* copy dst */
682		src = sc->gif_pdst;
683		dst = (struct sockaddr *)
684			&(((struct if_laddrreq *)data)->dstaddr);
685		size = sizeof(((struct if_laddrreq *)data)->dstaddr);
686		if (src->sa_len > size)
687			return EINVAL;
688		bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
689		break;
690
691	case SIOCSIFFLAGS:
692		/* if_ioctl() takes care of it */
693		break;
694
695	default:
696		error = EINVAL;
697		break;
698	}
699 bad:
700	return error;
701}
702#endif /*NGIF > 0*/
703