sys/net/if_gif.c

62587Sitojun/*	$FreeBSD: head/sys/net/if_gif.c 111119 2003-02-19 05:47:46Z imp $	*/
95023Ssuz/*	$KAME: if_gif.c,v 1.87 2001/10/19 08:50:27 itojun Exp $	*/
62587Sitojun
54263Sshin/*
54263Sshin * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
54263Sshin * All rights reserved.
54263Sshin *
54263Sshin * Redistribution and use in source and binary forms, with or without
54263Sshin * modification, are permitted provided that the following conditions
54263Sshin * are met:
54263Sshin * 1. Redistributions of source code must retain the above copyright
54263Sshin *    notice, this list of conditions and the following disclaimer.
54263Sshin * 2. Redistributions in binary form must reproduce the above copyright
54263Sshin *    notice, this list of conditions and the following disclaimer in the
54263Sshin *    documentation and/or other materials provided with the distribution.
54263Sshin * 3. Neither the name of the project nor the names of its contributors
54263Sshin *    may be used to endorse or promote products derived from this software
54263Sshin *    without specific prior written permission.
54263Sshin *
54263Sshin * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
54263Sshin * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54263Sshin * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
54263Sshin * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
54263Sshin * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54263Sshin * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54263Sshin * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54263Sshin * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
54263Sshin * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54263Sshin * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
54263Sshin * SUCH DAMAGE.
54263Sshin */
54263Sshin
54263Sshin#include "opt_inet.h"
54263Sshin#include "opt_inet6.h"
101739Srwatson#include "opt_mac.h"
54263Sshin
54263Sshin#include <sys/param.h>
54263Sshin#include <sys/systm.h>
54263Sshin#include <sys/kernel.h>
101182Srwatson#include <sys/mac.h>
54263Sshin#include <sys/malloc.h>
54263Sshin#include <sys/mbuf.h>
54263Sshin#include <sys/socket.h>
54263Sshin#include <sys/sockio.h>
54263Sshin#include <sys/errno.h>
54263Sshin#include <sys/time.h>
91270Sbrooks#include <sys/sysctl.h>
54263Sshin#include <sys/syslog.h>
62587Sitojun#include <sys/protosw.h>
79106Sbrooks#include <sys/conf.h>
54263Sshin#include <machine/cpu.h>
54263Sshin
54263Sshin#include <net/if.h>
54263Sshin#include <net/if_types.h>
54263Sshin#include <net/netisr.h>
54263Sshin#include <net/route.h>
54263Sshin#include <net/bpf.h>
54263Sshin
54263Sshin#include <netinet/in.h>
54263Sshin#include <netinet/in_systm.h>
78064Sume#include <netinet/ip.h>
78064Sume#ifdef	INET
54263Sshin#include <netinet/in_var.h>
54263Sshin#include <netinet/in_gif.h>
79106Sbrooks#include <netinet/ip_var.h>
54263Sshin#endif	/* INET */
54263Sshin
54263Sshin#ifdef INET6
54263Sshin#ifndef INET
54263Sshin#include <netinet/in.h>
54263Sshin#endif
54263Sshin#include <netinet6/in6_var.h>
54263Sshin#include <netinet/ip6.h>
54263Sshin#include <netinet6/ip6_var.h>
54263Sshin#include <netinet6/in6_gif.h>
62587Sitojun#include <netinet6/ip6protosw.h>
54263Sshin#endif /* INET6 */
54263Sshin
62587Sitojun#include <netinet/ip_encap.h>
54263Sshin#include <net/if_gif.h>
54263Sshin
54263Sshin#include <net/net_osdep.h>
54263Sshin
79106Sbrooks#define GIFNAME		"gif"
62587Sitojun
79106Sbrooksstatic MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface");
89065Smsmithstatic LIST_HEAD(, gif_softc) gif_softc_list;
79106Sbrooks
83998Sbrooksvoid	(*ng_gif_input_p)(struct ifnet *ifp, struct mbuf **mp, int af);
83998Sbrooksvoid	(*ng_gif_input_orphan_p)(struct ifnet *ifp, struct mbuf *m, int af);
83998Sbrooksvoid	(*ng_gif_attach_p)(struct ifnet *ifp);
83998Sbrooksvoid	(*ng_gif_detach_p)(struct ifnet *ifp);
83998Sbrooks
92725Salfredint	gif_clone_create(struct if_clone *, int);
97289Sbrooksvoid	gif_clone_destroy(struct ifnet *);
79106Sbrooks
92081Smuxstruct if_clone gif_cloner = IF_CLONE_INITIALIZER("gif",
97289Sbrooks    gif_clone_create, gif_clone_destroy, 0, IF_MAXUNIT);
79106Sbrooks
92725Salfredstatic int gifmodevent(module_t, int, void *);
79106Sbrooks
91270SbrooksSYSCTL_DECL(_net_link);
91270SbrooksSYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0,
91270Sbrooks    "Generic Tunnel Interface");
62587Sitojun#ifndef MAX_GIF_NEST
62587Sitojun/*
91270Sbrooks * This macro controls the default upper limitation on nesting of gif tunnels.
62587Sitojun * Since, setting a large value to this macro with a careless configuration
62587Sitojun * may introduce system crash, we don't allow any nestings by default.
62587Sitojun * If you need to configure nested gif tunnels, you can define this macro
95023Ssuz * in your kernel configuration file.  However, if you do so, please be
62587Sitojun * careful to configure the tunnels so that it won't make a loop.
62587Sitojun */
62587Sitojun#define MAX_GIF_NEST 1
62587Sitojun#endif
62587Sitojunstatic int max_gif_nesting = MAX_GIF_NEST;
91270SbrooksSYSCTL_INT(_net_link_gif, OID_AUTO, max_nesting, CTLFLAG_RW,
91270Sbrooks    &max_gif_nesting, 0, "Max nested tunnels");
62587Sitojun
91270Sbrooks/*
91270Sbrooks * By default, we disallow creation of multiple tunnels between the same
91270Sbrooks * pair of addresses.  Some applications require this functionality so
91270Sbrooks * we allow control over this check here.
91270Sbrooks */
91270Sbrooks#ifdef XBONEHACK
91270Sbrooksstatic int parallel_tunnels = 1;
91270Sbrooks#else
91270Sbrooksstatic int parallel_tunnels = 0;
91270Sbrooks#endif
91270SbrooksSYSCTL_INT(_net_link_gif, OID_AUTO, parallel_tunnels, CTLFLAG_RW,
91270Sbrooks    &parallel_tunnels, 0, "Allow parallel tunnels?");
91270Sbrooks
79106Sbrooksint
79106Sbrooksgif_clone_create(ifc, unit)
79106Sbrooks	struct if_clone *ifc;
92081Smux	int unit;
54263Sshin{
78064Sume	struct gif_softc *sc;
54263Sshin
111119Simp	sc = malloc (sizeof(struct gif_softc), M_GIF, M_WAITOK);
79106Sbrooks	bzero(sc, sizeof(struct gif_softc));
79106Sbrooks
79106Sbrooks	sc->gif_if.if_softc = sc;
79106Sbrooks	sc->gif_if.if_name = GIFNAME;
92081Smux	sc->gif_if.if_unit = unit;
79106Sbrooks
105293Sume	gifattach0(sc);
105293Sume
105293Sume	LIST_INSERT_HEAD(&gif_softc_list, sc, gif_list);
105293Sume	return (0);
105293Sume}
105293Sume
105293Sumevoid
105293Sumegifattach0(sc)
105293Sume	struct gif_softc *sc;
105293Sume{
105293Sume
79106Sbrooks	sc->encap_cookie4 = sc->encap_cookie6 = NULL;
62587Sitojun
105293Sume	sc->gif_if.if_addrlen = 0;
79106Sbrooks	sc->gif_if.if_mtu    = GIF_MTU;
79106Sbrooks	sc->gif_if.if_flags  = IFF_POINTOPOINT | IFF_MULTICAST;
78064Sume#if 0
79106Sbrooks	/* turn off ingress filter */
79106Sbrooks	sc->gif_if.if_flags  |= IFF_LINK2;
78064Sume#endif
79106Sbrooks	sc->gif_if.if_ioctl  = gif_ioctl;
79106Sbrooks	sc->gif_if.if_output = gif_output;
79106Sbrooks	sc->gif_if.if_type   = IFT_GIF;
79106Sbrooks	sc->gif_if.if_snd.ifq_maxlen = IFQ_MAXLEN;
79106Sbrooks	if_attach(&sc->gif_if);
79106Sbrooks	bpfattach(&sc->gif_if, DLT_NULL, sizeof(u_int));
83998Sbrooks	if (ng_gif_attach_p != NULL)
83998Sbrooks		(*ng_gif_attach_p)(&sc->gif_if);
79106Sbrooks}
79106Sbrooks
97289Sbrooksvoid
79106Sbrooksgif_clone_destroy(ifp)
79106Sbrooks	struct ifnet *ifp;
79106Sbrooks{
79106Sbrooks	int err;
79106Sbrooks	struct gif_softc *sc = ifp->if_softc;
79106Sbrooks
105293Sume	gif_delete_tunnel(&sc->gif_if);
105293Sume	LIST_REMOVE(sc, gif_list);
105293Sume#ifdef INET6
105293Sume	if (sc->encap_cookie6 != NULL) {
105293Sume		err = encap_detach(sc->encap_cookie6);
105293Sume		KASSERT(err == 0, ("Unexpected error detaching encap_cookie6"));
105293Sume	}
105293Sume#endif
105293Sume#ifdef INET
79106Sbrooks	if (sc->encap_cookie4 != NULL) {
79106Sbrooks		err = encap_detach(sc->encap_cookie4);
79106Sbrooks		KASSERT(err == 0, ("Unexpected error detaching encap_cookie4"));
79106Sbrooks	}
105293Sume#endif
79106Sbrooks
83998Sbrooks	if (ng_gif_detach_p != NULL)
83998Sbrooks		(*ng_gif_detach_p)(ifp);
79106Sbrooks	bpfdetach(ifp);
79106Sbrooks	if_detach(ifp);
79106Sbrooks
79106Sbrooks	free(sc, M_GIF);
79106Sbrooks}
79106Sbrooks
79106Sbrooksstatic int
79106Sbrooksgifmodevent(mod, type, data)
79106Sbrooks	module_t mod;
79106Sbrooks	int type;
79106Sbrooks	void *data;
79106Sbrooks{
79106Sbrooks
79106Sbrooks	switch (type) {
79106Sbrooks	case MOD_LOAD:
83997Sbrooks		LIST_INIT(&gif_softc_list);
79106Sbrooks		if_clone_attach(&gif_cloner);
79106Sbrooks
79106Sbrooks#ifdef INET6
79106Sbrooks		ip6_gif_hlim = GIF_HLIM;
62587Sitojun#endif
79106Sbrooks
79106Sbrooks		break;
79106Sbrooks	case MOD_UNLOAD:
79106Sbrooks		if_clone_detach(&gif_cloner);
79106Sbrooks
83997Sbrooks		while (!LIST_EMPTY(&gif_softc_list))
83997Sbrooks			gif_clone_destroy(&LIST_FIRST(&gif_softc_list)->gif_if);
79106Sbrooks
79106Sbrooks#ifdef INET6
79106Sbrooks		ip6_gif_hlim = 0;
62587Sitojun#endif
79106Sbrooks		break;
54263Sshin	}
79106Sbrooks	return 0;
54263Sshin}
54263Sshin
79106Sbrooksstatic moduledata_t gif_mod = {
79106Sbrooks	"if_gif",
79106Sbrooks	gifmodevent,
79106Sbrooks	0
79106Sbrooks};
54263Sshin
79106SbrooksDECLARE_MODULE(if_gif, gif_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
83997SbrooksMODULE_VERSION(if_gif, 1);
79106Sbrooks
105293Sumeint
62587Sitojungif_encapcheck(m, off, proto, arg)
62587Sitojun	const struct mbuf *m;
62587Sitojun	int off;
62587Sitojun	int proto;
62587Sitojun	void *arg;
62587Sitojun{
62587Sitojun	struct ip ip;
62587Sitojun	struct gif_softc *sc;
62587Sitojun
62587Sitojun	sc = (struct gif_softc *)arg;
62587Sitojun	if (sc == NULL)
62587Sitojun		return 0;
62587Sitojun
62587Sitojun	if ((sc->gif_if.if_flags & IFF_UP) == 0)
62587Sitojun		return 0;
62587Sitojun
62587Sitojun	/* no physical address */
62587Sitojun	if (!sc->gif_psrc || !sc->gif_pdst)
62587Sitojun		return 0;
62587Sitojun
62587Sitojun	switch (proto) {
62587Sitojun#ifdef INET
62587Sitojun	case IPPROTO_IPV4:
62587Sitojun		break;
62587Sitojun#endif
62587Sitojun#ifdef INET6
62587Sitojun	case IPPROTO_IPV6:
62587Sitojun		break;
62587Sitojun#endif
62587Sitojun	default:
62587Sitojun		return 0;
62587Sitojun	}
62587Sitojun
105339Sume	/* Bail on short packets */
105339Sume	if (m->m_pkthdr.len < sizeof(ip))
105339Sume		return 0;
105339Sume
91327Sbrooks	m_copydata(m, 0, sizeof(ip), (caddr_t)&ip);
62587Sitojun
62587Sitojun	switch (ip.ip_v) {
62587Sitojun#ifdef INET
62587Sitojun	case 4:
62587Sitojun		if (sc->gif_psrc->sa_family != AF_INET ||
62587Sitojun		    sc->gif_pdst->sa_family != AF_INET)
62587Sitojun			return 0;
62587Sitojun		return gif_encapcheck4(m, off, proto, arg);
62587Sitojun#endif
62587Sitojun#ifdef INET6
62587Sitojun	case 6:
105293Sume		if (m->m_pkthdr.len < sizeof(struct ip6_hdr))
105293Sume			return 0;
62587Sitojun		if (sc->gif_psrc->sa_family != AF_INET6 ||
62587Sitojun		    sc->gif_pdst->sa_family != AF_INET6)
62587Sitojun			return 0;
62587Sitojun		return gif_encapcheck6(m, off, proto, arg);
62587Sitojun#endif
62587Sitojun	default:
62587Sitojun		return 0;
62587Sitojun	}
62587Sitojun}
62587Sitojun
54263Sshinint
54263Sshingif_output(ifp, m, dst, rt)
54263Sshin	struct ifnet *ifp;
54263Sshin	struct mbuf *m;
54263Sshin	struct sockaddr *dst;
54263Sshin	struct rtentry *rt;	/* added in net2 */
54263Sshin{
78064Sume	struct gif_softc *sc = (struct gif_softc*)ifp;
54263Sshin	int error = 0;
103273Ssobomax	static int called = 0;	/* XXX: MUTEX */
54263Sshin
101182Srwatson#ifdef MAC
101182Srwatson	error = mac_check_ifnet_transmit(ifp, m);
101739Srwatson	if (error) {
101739Srwatson		m_freem(m);
101739Srwatson		goto end;
101739Srwatson	}
101182Srwatson#endif
101182Srwatson
54263Sshin	/*
54263Sshin	 * gif may cause infinite recursion calls when misconfigured.
54263Sshin	 * We'll prevent this by introducing upper limit.
103273Ssobomax	 * XXX: this mechanism may introduce another problem about
103273Ssobomax	 *      mutual exclusion of the variable CALLED, especially if we
103273Ssobomax	 *      use kernel thread.
54263Sshin	 */
103273Ssobomax	if (++called > max_gif_nesting) {
54263Sshin		log(LOG_NOTICE,
54263Sshin		    "gif_output: recursively called too many times(%d)\n",
103273Ssobomax		    called);
54263Sshin		m_freem(m);
54263Sshin		error = EIO;	/* is there better errno? */
54263Sshin		goto end;
54263Sshin	}
62587Sitojun
54263Sshin	m->m_flags &= ~(M_BCAST|M_MCAST);
54263Sshin	if (!(ifp->if_flags & IFF_UP) ||
54263Sshin	    sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
54263Sshin		m_freem(m);
54263Sshin		error = ENETDOWN;
54263Sshin		goto end;
54263Sshin	}
54263Sshin
54263Sshin	if (ifp->if_bpf) {
54263Sshin		/*
54263Sshin		 * We need to prepend the address family as
54263Sshin		 * a four byte field.  Cons up a dummy header
54263Sshin		 * to pacify bpf.  This is safe because bpf
54263Sshin		 * will only read from the mbuf (i.e., it won't
54263Sshin		 * try to free it or keep a pointer a to it).
54263Sshin		 */
54263Sshin		struct mbuf m0;
78064Sume		u_int32_t af = dst->sa_family;
54263Sshin
54263Sshin		m0.m_next = m;
54263Sshin		m0.m_len = 4;
54263Sshin		m0.m_data = (char *)&af;
62587Sitojun
106939Ssam		BPF_MTAP(ifp, &m0);
54263Sshin	}
62587Sitojun	ifp->if_opackets++;
54263Sshin	ifp->if_obytes += m->m_pkthdr.len;
54263Sshin
78064Sume	/* inner AF-specific encapsulation */
78064Sume
62587Sitojun	/* XXX should we check if our outer source is legal? */
62587Sitojun
78064Sume	/* dispatch to output logic based on outer AF */
54263Sshin	switch (sc->gif_psrc->sa_family) {
54263Sshin#ifdef INET
54263Sshin	case AF_INET:
105340Sume		error = in_gif_output(ifp, dst->sa_family, m);
54263Sshin		break;
54263Sshin#endif
54263Sshin#ifdef INET6
54263Sshin	case AF_INET6:
105340Sume		error = in6_gif_output(ifp, dst->sa_family, m);
54263Sshin		break;
54263Sshin#endif
54263Sshin	default:
62587Sitojun		m_freem(m);
54263Sshin		error = ENETDOWN;
78064Sume		goto end;
54263Sshin	}
54263Sshin
54263Sshin  end:
103273Ssobomax	called = 0;		/* reset recursion counter */
78064Sume	if (error)
78064Sume		ifp->if_oerrors++;
54263Sshin	return error;
54263Sshin}
54263Sshin
54263Sshinvoid
105338Sumegif_input(m, af, ifp)
54263Sshin	struct mbuf *m;
54263Sshin	int af;
105338Sume	struct ifnet *ifp;
54263Sshin{
69152Sjlemon	int isr;
105339Sume	struct ifqueue *ifq = NULL;
54263Sshin
105338Sume	if (ifp == NULL) {
54263Sshin		/* just in case */
54263Sshin		m_freem(m);
54263Sshin		return;
54263Sshin	}
54263Sshin
105338Sume	m->m_pkthdr.rcvif = ifp;
101182Srwatson
101182Srwatson#ifdef MAC
105338Sume	mac_create_mbuf_from_ifnet(ifp, m);
101182Srwatson#endif
101182Srwatson
105338Sume	if (ifp->if_bpf) {
54263Sshin		/*
54263Sshin		 * We need to prepend the address family as
54263Sshin		 * a four byte field.  Cons up a dummy header
54263Sshin		 * to pacify bpf.  This is safe because bpf
54263Sshin		 * will only read from the mbuf (i.e., it won't
54263Sshin		 * try to free it or keep a pointer a to it).
54263Sshin		 */
54263Sshin		struct mbuf m0;
78064Sume		u_int32_t af1 = af;
62587Sitojun
54263Sshin		m0.m_next = m;
54263Sshin		m0.m_len = 4;
78064Sume		m0.m_data = (char *)&af1;
62587Sitojun
106939Ssam		BPF_MTAP(ifp, &m0);
54263Sshin	}
54263Sshin
83998Sbrooks	if (ng_gif_input_p != NULL) {
105338Sume		(*ng_gif_input_p)(ifp, &m, af);
83998Sbrooks		if (m == NULL)
83998Sbrooks			return;
83998Sbrooks	}
83998Sbrooks
54263Sshin	/*
54263Sshin	 * Put the packet to the network layer input queue according to the
54263Sshin	 * specified address family.
54263Sshin	 * Note: older versions of gif_input directly called network layer
95023Ssuz	 * input functions, e.g. ip6_input, here.  We changed the policy to
54263Sshin	 * prevent too many recursive calls of such input functions, which
95023Ssuz	 * might cause kernel panic.  But the change may introduce another
54263Sshin	 * problem; if the input queue is full, packets are discarded.
95023Ssuz	 * The kernel stack overflow really happened, and we believed
95023Ssuz	 * queue-full rarely occurs, so we changed the policy.
54263Sshin	 */
54263Sshin	switch (af) {
54263Sshin#ifdef INET
54263Sshin	case AF_INET:
54263Sshin		ifq = &ipintrq;
54263Sshin		isr = NETISR_IP;
54263Sshin		break;
54263Sshin#endif
54263Sshin#ifdef INET6
54263Sshin	case AF_INET6:
54263Sshin		ifq = &ip6intrq;
54263Sshin		isr = NETISR_IPV6;
54263Sshin		break;
54263Sshin#endif
54263Sshin	default:
83998Sbrooks		if (ng_gif_input_orphan_p != NULL)
105338Sume			(*ng_gif_input_orphan_p)(ifp, m, af);
83998Sbrooks		else
83998Sbrooks			m_freem(m);
54263Sshin		return;
54263Sshin	}
54263Sshin
105338Sume	ifp->if_ipackets++;
105338Sume	ifp->if_ibytes += m->m_pkthdr.len;
69152Sjlemon	(void) IF_HANDOFF(ifq, m, NULL);
54263Sshin	/* we need schednetisr since the address family may change */
54263Sshin	schednetisr(isr);
54263Sshin
54263Sshin	return;
54263Sshin}
54263Sshin
62587Sitojun/* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */
54263Sshinint
54263Sshingif_ioctl(ifp, cmd, data)
54263Sshin	struct ifnet *ifp;
54263Sshin	u_long cmd;
54263Sshin	caddr_t data;
54263Sshin{
54263Sshin	struct gif_softc *sc  = (struct gif_softc*)ifp;
54263Sshin	struct ifreq     *ifr = (struct ifreq*)data;
54263Sshin	int error = 0, size;
62587Sitojun	struct sockaddr *dst, *src;
105339Sume#ifdef	SIOCSIFMTU /* xxx */
105339Sume	u_long mtu;
105339Sume#endif
105339Sume
54263Sshin	switch (cmd) {
54263Sshin	case SIOCSIFADDR:
105293Sume		ifp->if_flags |= IFF_UP;
54263Sshin		break;
62587Sitojun
54263Sshin	case SIOCSIFDSTADDR:
54263Sshin		break;
54263Sshin
54263Sshin	case SIOCADDMULTI:
54263Sshin	case SIOCDELMULTI:
54263Sshin		break;
54263Sshin
62587Sitojun#ifdef	SIOCSIFMTU /* xxx */
54263Sshin	case SIOCGIFMTU:
54263Sshin		break;
62587Sitojun
54263Sshin	case SIOCSIFMTU:
105339Sume		mtu = ifr->ifr_mtu;
105339Sume		if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX)
105339Sume			return (EINVAL);
105339Sume		ifp->if_mtu = mtu;
54263Sshin		break;
62587Sitojun#endif /* SIOCSIFMTU */
54263Sshin
105339Sume#ifdef INET
54263Sshin	case SIOCSIFPHYADDR:
105339Sume#endif
54263Sshin#ifdef INET6
54263Sshin	case SIOCSIFPHYADDR_IN6:
54263Sshin#endif /* INET6 */
78064Sume	case SIOCSLIFPHYADDR:
62587Sitojun		switch (cmd) {
78064Sume#ifdef INET
62587Sitojun		case SIOCSIFPHYADDR:
54263Sshin			src = (struct sockaddr *)
54263Sshin				&(((struct in_aliasreq *)data)->ifra_addr);
54263Sshin			dst = (struct sockaddr *)
54263Sshin				&(((struct in_aliasreq *)data)->ifra_dstaddr);
62587Sitojun			break;
78064Sume#endif
62587Sitojun#ifdef INET6
62587Sitojun		case SIOCSIFPHYADDR_IN6:
62587Sitojun			src = (struct sockaddr *)
62587Sitojun				&(((struct in6_aliasreq *)data)->ifra_addr);
62587Sitojun			dst = (struct sockaddr *)
62587Sitojun				&(((struct in6_aliasreq *)data)->ifra_dstaddr);
62587Sitojun			break;
62587Sitojun#endif
78064Sume		case SIOCSLIFPHYADDR:
78064Sume			src = (struct sockaddr *)
78064Sume				&(((struct if_laddrreq *)data)->addr);
78064Sume			dst = (struct sockaddr *)
78064Sume				&(((struct if_laddrreq *)data)->dstaddr);
105293Sume			break;
91327Sbrooks		default:
105293Sume			return EINVAL;
62587Sitojun		}
54263Sshin
78064Sume		/* sa_family must be equal */
78064Sume		if (src->sa_family != dst->sa_family)
78064Sume			return EINVAL;
78064Sume
78064Sume		/* validate sa_len */
78064Sume		switch (src->sa_family) {
78064Sume#ifdef INET
78064Sume		case AF_INET:
78064Sume			if (src->sa_len != sizeof(struct sockaddr_in))
78064Sume				return EINVAL;
78064Sume			break;
78064Sume#endif
78064Sume#ifdef INET6
78064Sume		case AF_INET6:
78064Sume			if (src->sa_len != sizeof(struct sockaddr_in6))
78064Sume				return EINVAL;
78064Sume			break;
78064Sume#endif
78064Sume		default:
78064Sume			return EAFNOSUPPORT;
78064Sume		}
78064Sume		switch (dst->sa_family) {
78064Sume#ifdef INET
78064Sume		case AF_INET:
78064Sume			if (dst->sa_len != sizeof(struct sockaddr_in))
78064Sume				return EINVAL;
78064Sume			break;
78064Sume#endif
78064Sume#ifdef INET6
78064Sume		case AF_INET6:
78064Sume			if (dst->sa_len != sizeof(struct sockaddr_in6))
78064Sume				return EINVAL;
78064Sume			break;
78064Sume#endif
78064Sume		default:
78064Sume			return EAFNOSUPPORT;
78064Sume		}
78064Sume
78064Sume		/* check sa_family looks sane for the cmd */
78064Sume		switch (cmd) {
78064Sume		case SIOCSIFPHYADDR:
78064Sume			if (src->sa_family == AF_INET)
78064Sume				break;
78064Sume			return EAFNOSUPPORT;
78064Sume#ifdef INET6
78064Sume		case SIOCSIFPHYADDR_IN6:
78064Sume			if (src->sa_family == AF_INET6)
78064Sume				break;
78064Sume			return EAFNOSUPPORT;
78064Sume#endif /* INET6 */
78064Sume		case SIOCSLIFPHYADDR:
78064Sume			/* checks done in the above */
78064Sume			break;
78064Sume		}
78064Sume
105293Sume		error = gif_set_tunnel(&sc->gif_if, src, dst);
62587Sitojun		break;
62587Sitojun
62587Sitojun#ifdef SIOCDIFPHYADDR
62587Sitojun	case SIOCDIFPHYADDR:
105293Sume		gif_delete_tunnel(&sc->gif_if);
54263Sshin		break;
62587Sitojun#endif
62587Sitojun
54263Sshin	case SIOCGIFPSRCADDR:
54263Sshin#ifdef INET6
54263Sshin	case SIOCGIFPSRCADDR_IN6:
54263Sshin#endif /* INET6 */
54263Sshin		if (sc->gif_psrc == NULL) {
54263Sshin			error = EADDRNOTAVAIL;
54263Sshin			goto bad;
54263Sshin		}
54263Sshin		src = sc->gif_psrc;
78064Sume		switch (cmd) {
54263Sshin#ifdef INET
78064Sume		case SIOCGIFPSRCADDR:
54263Sshin			dst = &ifr->ifr_addr;
78064Sume			size = sizeof(ifr->ifr_addr);
54263Sshin			break;
54263Sshin#endif /* INET */
54263Sshin#ifdef INET6
78064Sume		case SIOCGIFPSRCADDR_IN6:
54263Sshin			dst = (struct sockaddr *)
54263Sshin				&(((struct in6_ifreq *)data)->ifr_addr);
78064Sume			size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
54263Sshin			break;
54263Sshin#endif /* INET6 */
54263Sshin		default:
54263Sshin			error = EADDRNOTAVAIL;
54263Sshin			goto bad;
54263Sshin		}
78064Sume		if (src->sa_len > size)
78064Sume			return EINVAL;
78064Sume		bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
54263Sshin		break;
62587Sitojun
54263Sshin	case SIOCGIFPDSTADDR:
54263Sshin#ifdef INET6
54263Sshin	case SIOCGIFPDSTADDR_IN6:
54263Sshin#endif /* INET6 */
54263Sshin		if (sc->gif_pdst == NULL) {
54263Sshin			error = EADDRNOTAVAIL;
54263Sshin			goto bad;
54263Sshin		}
54263Sshin		src = sc->gif_pdst;
78064Sume		switch (cmd) {
54263Sshin#ifdef INET
78064Sume		case SIOCGIFPDSTADDR:
54263Sshin			dst = &ifr->ifr_addr;
78064Sume			size = sizeof(ifr->ifr_addr);
54263Sshin			break;
54263Sshin#endif /* INET */
54263Sshin#ifdef INET6
78064Sume		case SIOCGIFPDSTADDR_IN6:
54263Sshin			dst = (struct sockaddr *)
54263Sshin				&(((struct in6_ifreq *)data)->ifr_addr);
78064Sume			size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
54263Sshin			break;
54263Sshin#endif /* INET6 */
54263Sshin		default:
54263Sshin			error = EADDRNOTAVAIL;
54263Sshin			goto bad;
54263Sshin		}
78064Sume		if (src->sa_len > size)
78064Sume			return EINVAL;
78064Sume		bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
54263Sshin		break;
54263Sshin
78064Sume	case SIOCGLIFPHYADDR:
78064Sume		if (sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
78064Sume			error = EADDRNOTAVAIL;
78064Sume			goto bad;
78064Sume		}
78064Sume
78064Sume		/* copy src */
78064Sume		src = sc->gif_psrc;
78064Sume		dst = (struct sockaddr *)
78064Sume			&(((struct if_laddrreq *)data)->addr);
78064Sume		size = sizeof(((struct if_laddrreq *)data)->addr);
78064Sume		if (src->sa_len > size)
78064Sume			return EINVAL;
78064Sume		bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
78064Sume
78064Sume		/* copy dst */
78064Sume		src = sc->gif_pdst;
78064Sume		dst = (struct sockaddr *)
78064Sume			&(((struct if_laddrreq *)data)->dstaddr);
78064Sume		size = sizeof(((struct if_laddrreq *)data)->dstaddr);
78064Sume		if (src->sa_len > size)
78064Sume			return EINVAL;
78064Sume		bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
78064Sume		break;
78064Sume
54263Sshin	case SIOCSIFFLAGS:
62587Sitojun		/* if_ioctl() takes care of it */
54263Sshin		break;
54263Sshin
54263Sshin	default:
54263Sshin		error = EINVAL;
54263Sshin		break;
54263Sshin	}
54263Sshin bad:
54263Sshin	return error;
54263Sshin}
79106Sbrooks
105293Sumeint
105293Sumegif_set_tunnel(ifp, src, dst)
105293Sume	struct ifnet *ifp;
105293Sume	struct sockaddr *src;
105293Sume	struct sockaddr *dst;
105293Sume{
105293Sume	struct gif_softc *sc = (struct gif_softc *)ifp;
105293Sume	struct gif_softc *sc2;
105293Sume	struct sockaddr *osrc, *odst, *sa;
105293Sume	int s;
105293Sume	int error = 0;
105293Sume
105293Sume	s = splnet();
105293Sume
105293Sume	LIST_FOREACH(sc2, &gif_softc_list, gif_list) {
105293Sume		if (sc2 == sc)
105293Sume			continue;
105293Sume		if (!sc2->gif_pdst || !sc2->gif_psrc)
105293Sume			continue;
105293Sume		if (sc2->gif_pdst->sa_family != dst->sa_family ||
105293Sume		    sc2->gif_pdst->sa_len != dst->sa_len ||
105293Sume		    sc2->gif_psrc->sa_family != src->sa_family ||
105293Sume		    sc2->gif_psrc->sa_len != src->sa_len)
105293Sume			continue;
105293Sume
105293Sume		/*
105293Sume		 * Disallow parallel tunnels unless instructed
105293Sume		 * otherwise.
105293Sume		 */
105293Sume		if (!parallel_tunnels &&
105293Sume		    bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 &&
105293Sume		    bcmp(sc2->gif_psrc, src, src->sa_len) == 0) {
105293Sume			error = EADDRNOTAVAIL;
105293Sume			goto bad;
105293Sume		}
105293Sume
105293Sume		/* XXX both end must be valid? (I mean, not 0.0.0.0) */
105293Sume	}
105293Sume
105293Sume	/* XXX we can detach from both, but be polite just in case */
105293Sume	if (sc->gif_psrc)
105293Sume		switch (sc->gif_psrc->sa_family) {
105293Sume#ifdef INET
105293Sume		case AF_INET:
105293Sume			(void)in_gif_detach(sc);
105293Sume			break;
105293Sume#endif
105293Sume#ifdef INET6
105293Sume		case AF_INET6:
105293Sume			(void)in6_gif_detach(sc);
105293Sume			break;
105293Sume#endif
105293Sume		}
105293Sume
105293Sume	osrc = sc->gif_psrc;
111119Simp	sa = (struct sockaddr *)malloc(src->sa_len, M_IFADDR, M_WAITOK);
105293Sume	bcopy((caddr_t)src, (caddr_t)sa, src->sa_len);
105293Sume	sc->gif_psrc = sa;
105293Sume
105293Sume	odst = sc->gif_pdst;
111119Simp	sa = (struct sockaddr *)malloc(dst->sa_len, M_IFADDR, M_WAITOK);
105293Sume	bcopy((caddr_t)dst, (caddr_t)sa, dst->sa_len);
105293Sume	sc->gif_pdst = sa;
105293Sume
105293Sume	switch (sc->gif_psrc->sa_family) {
105293Sume#ifdef INET
105293Sume	case AF_INET:
105293Sume		error = in_gif_attach(sc);
105293Sume		break;
105293Sume#endif
105293Sume#ifdef INET6
105293Sume	case AF_INET6:
105293Sume		error = in6_gif_attach(sc);
105293Sume		break;
105293Sume#endif
105293Sume	}
105293Sume	if (error) {
105293Sume		/* rollback */
105293Sume		free((caddr_t)sc->gif_psrc, M_IFADDR);
105293Sume		free((caddr_t)sc->gif_pdst, M_IFADDR);
105293Sume		sc->gif_psrc = osrc;
105293Sume		sc->gif_pdst = odst;
105293Sume		goto bad;
105293Sume	}
105293Sume
105293Sume	if (osrc)
105293Sume		free((caddr_t)osrc, M_IFADDR);
105293Sume	if (odst)
105293Sume		free((caddr_t)odst, M_IFADDR);
105293Sume
105293Sume	if (sc->gif_psrc && sc->gif_pdst)
105293Sume		ifp->if_flags |= IFF_RUNNING;
105293Sume	else
105293Sume		ifp->if_flags &= ~IFF_RUNNING;
105293Sume	splx(s);
105293Sume
105293Sume	return 0;
105293Sume
105293Sume bad:
105293Sume	if (sc->gif_psrc && sc->gif_pdst)
105293Sume		ifp->if_flags |= IFF_RUNNING;
105293Sume	else
105293Sume		ifp->if_flags &= ~IFF_RUNNING;
105293Sume	splx(s);
105293Sume
105293Sume	return error;
105293Sume}
105293Sume
79106Sbrooksvoid
105293Sumegif_delete_tunnel(ifp)
105293Sume	struct ifnet *ifp;
79106Sbrooks{
105293Sume	struct gif_softc *sc = (struct gif_softc *)ifp;
105293Sume	int s;
79106Sbrooks
105293Sume	s = splnet();
105293Sume
79106Sbrooks	if (sc->gif_psrc) {
79106Sbrooks		free((caddr_t)sc->gif_psrc, M_IFADDR);
79106Sbrooks		sc->gif_psrc = NULL;
79106Sbrooks	}
79106Sbrooks	if (sc->gif_pdst) {
79106Sbrooks		free((caddr_t)sc->gif_pdst, M_IFADDR);
79106Sbrooks		sc->gif_pdst = NULL;
79106Sbrooks	}
105293Sume	/* it is safe to detach from both */
105293Sume#ifdef INET
105293Sume	(void)in_gif_detach(sc);
105293Sume#endif
105293Sume#ifdef INET6
105293Sume	(void)in6_gif_detach(sc);
105293Sume#endif
105293Sume
105293Sume	if (sc->gif_psrc && sc->gif_pdst)
105293Sume		ifp->if_flags |= IFF_RUNNING;
105293Sume	else
105293Sume		ifp->if_flags &= ~IFF_RUNNING;
105293Sume	splx(s);
79106Sbrooks}