if_gif.c revision 77658 
1/*	$FreeBSD: head/sys/net/if_gif.c 77658 2001-06-03 17:31:11Z yar $	*/
2/*	$KAME: if_gif.c,v 1.28 2000/06/20 12:30:03 jinmei Exp $	*/
3
4/*
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 *    may be used to endorse or promote products derived from this software
18 *    without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33#include "opt_inet.h"
34#include "opt_inet6.h"
35
36#include <sys/param.h>
37#include <sys/systm.h>
38#include <sys/kernel.h>
39#include <sys/malloc.h>
40#include <sys/mbuf.h>
41#include <sys/socket.h>
42#include <sys/sockio.h>
43#include <sys/errno.h>
44#include <sys/time.h>
45#include <sys/syslog.h>
46#include <sys/protosw.h>
47#include <machine/cpu.h>
48
49#include <net/if.h>
50#include <net/if_types.h>
51#include <net/netisr.h>
52#include <net/route.h>
53#include <net/bpf.h>
54
55#ifdef	INET
56#include <netinet/in.h>
57#include <netinet/in_systm.h>
58#include <netinet/in_var.h>
59#include <netinet/ip.h>
60#include <netinet/in_gif.h>
61#endif	/* INET */
62
63#ifdef INET6
64#ifndef INET
65#include <netinet/in.h>
66#endif
67#include <netinet6/in6_var.h>
68#include <netinet/ip6.h>
69#include <netinet6/ip6_var.h>
70#include <netinet6/in6_gif.h>
71#include <netinet6/ip6protosw.h>
72#endif /* INET6 */
73
74#include <netinet/ip_encap.h>
75#include <net/if_gif.h>
76
77#include "gif.h"
78#include "bpf.h"
79#define NBPFILTER	NBPF
80
81#include <net/net_osdep.h>
82
83#if NGIF > 0
84
85void gifattach __P((void *));
86static int gif_encapcheck __P((const struct mbuf *, int, int, void *));
87#ifdef INET
88extern struct protosw in_gif_protosw;
89#endif
90#ifdef INET6
91extern struct ip6protosw in6_gif_protosw;
92#endif
93
94/*
95 * gif global variable definitions
96 */
97static int ngif;		/* number of interfaces */
98static struct gif_softc *gif = 0;
99
100#ifndef MAX_GIF_NEST
101/*
102 * This macro controls the upper limitation on nesting of gif tunnels.
103 * Since, setting a large value to this macro with a careless configuration
104 * may introduce system crash, we don't allow any nestings by default.
105 * If you need to configure nested gif tunnels, you can define this macro
106 * in your kernel configuration file. However, if you do so, please be
107 * careful to configure the tunnels so that it won't make a loop.
108 */
109#define MAX_GIF_NEST 1
110#endif
111static int max_gif_nesting = MAX_GIF_NEST;
112
113void
114gifattach(dummy)
115	void *dummy;
116{
117	register struct gif_softc *sc;
118	register int i;
119
120	ngif = NGIF;
121	gif = sc = malloc (ngif * sizeof(struct gif_softc), M_DEVBUF, M_WAITOK);
122	bzero(sc, ngif * sizeof(struct gif_softc));
123	for (i = 0; i < ngif; sc++, i++) {
124		sc->gif_if.if_name = "gif";
125		sc->gif_if.if_unit = i;
126
127		sc->encap_cookie4 = sc->encap_cookie6 = NULL;
128#ifdef INET
129		sc->encap_cookie4 = encap_attach_func(AF_INET, -1,
130		    gif_encapcheck, &in_gif_protosw, sc);
131		if (sc->encap_cookie4 == NULL) {
132			printf("%s: attach failed\n", if_name(&sc->gif_if));
133			continue;
134		}
135#endif
136#ifdef INET6
137		sc->encap_cookie6 = encap_attach_func(AF_INET6, -1,
138		    gif_encapcheck, (struct protosw *)&in6_gif_protosw, sc);
139		if (sc->encap_cookie6 == NULL) {
140			if (sc->encap_cookie4) {
141				encap_detach(sc->encap_cookie4);
142				sc->encap_cookie4 = NULL;
143			}
144			printf("%s: attach failed\n", if_name(&sc->gif_if));
145			continue;
146		}
147#endif
148
149		sc->gif_if.if_mtu    = GIF_MTU;
150		sc->gif_if.if_flags  = IFF_POINTOPOINT | IFF_MULTICAST;
151		sc->gif_if.if_ioctl  = gif_ioctl;
152		sc->gif_if.if_output = gif_output;
153		sc->gif_if.if_type   = IFT_GIF;
154		sc->gif_if.if_snd.ifq_maxlen = IFQ_MAXLEN;
155		if_attach(&sc->gif_if);
156#if NBPFILTER > 0
157#ifdef HAVE_OLD_BPF
158		bpfattach(&sc->gif_if, DLT_NULL, sizeof(u_int));
159#else
160		bpfattach(&sc->gif_if.if_bpf, &sc->gif_if, DLT_NULL, sizeof(u_int));
161#endif
162#endif
163	}
164}
165
166PSEUDO_SET(gifattach, if_gif);
167
168static int
169gif_encapcheck(m, off, proto, arg)
170	const struct mbuf *m;
171	int off;
172	int proto;
173	void *arg;
174{
175	struct ip ip;
176	struct gif_softc *sc;
177
178	sc = (struct gif_softc *)arg;
179	if (sc == NULL)
180		return 0;
181
182	if ((sc->gif_if.if_flags & IFF_UP) == 0)
183		return 0;
184
185	/* no physical address */
186	if (!sc->gif_psrc || !sc->gif_pdst)
187		return 0;
188
189	switch (proto) {
190#ifdef INET
191	case IPPROTO_IPV4:
192		break;
193#endif
194#ifdef INET6
195	case IPPROTO_IPV6:
196		break;
197#endif
198	default:
199		return 0;
200	}
201
202	/* LINTED const cast */
203	m_copydata((struct mbuf *)m, 0, sizeof(ip), (caddr_t)&ip);
204
205	switch (ip.ip_v) {
206#ifdef INET
207	case 4:
208		if (sc->gif_psrc->sa_family != AF_INET ||
209		    sc->gif_pdst->sa_family != AF_INET)
210			return 0;
211		return gif_encapcheck4(m, off, proto, arg);
212#endif
213#ifdef INET6
214	case 6:
215		if (sc->gif_psrc->sa_family != AF_INET6 ||
216		    sc->gif_pdst->sa_family != AF_INET6)
217			return 0;
218		return gif_encapcheck6(m, off, proto, arg);
219#endif
220	default:
221		return 0;
222	}
223}
224
225int
226gif_output(ifp, m, dst, rt)
227	struct ifnet *ifp;
228	struct mbuf *m;
229	struct sockaddr *dst;
230	struct rtentry *rt;	/* added in net2 */
231{
232	register struct gif_softc *sc = (struct gif_softc*)ifp;
233	int error = 0;
234	static int called = 0;	/* XXX: MUTEX */
235
236	/*
237	 * gif may cause infinite recursion calls when misconfigured.
238	 * We'll prevent this by introducing upper limit.
239	 * XXX: this mechanism may introduce another problem about
240	 *      mutual exclusion of the variable CALLED, especially if we
241	 *      use kernel thread.
242	 */
243	if (++called > max_gif_nesting) {
244		log(LOG_NOTICE,
245		    "gif_output: recursively called too many times(%d)\n",
246		    called);
247		m_freem(m);
248		error = EIO;	/* is there better errno? */
249		goto end;
250	}
251
252	getmicrotime(&ifp->if_lastchange);
253	m->m_flags &= ~(M_BCAST|M_MCAST);
254	if (!(ifp->if_flags & IFF_UP) ||
255	    sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
256		m_freem(m);
257		error = ENETDOWN;
258		goto end;
259	}
260
261#if NBPFILTER > 0
262	if (ifp->if_bpf) {
263		/*
264		 * We need to prepend the address family as
265		 * a four byte field.  Cons up a dummy header
266		 * to pacify bpf.  This is safe because bpf
267		 * will only read from the mbuf (i.e., it won't
268		 * try to free it or keep a pointer a to it).
269		 */
270		struct mbuf m0;
271		u_int af = dst->sa_family;
272
273		m0.m_next = m;
274		m0.m_len = 4;
275		m0.m_data = (char *)&af;
276
277#ifdef HAVE_OLD_BPF
278		bpf_mtap(ifp, &m0);
279#else
280		bpf_mtap(ifp->if_bpf, &m0);
281#endif
282	}
283#endif
284	ifp->if_opackets++;
285	ifp->if_obytes += m->m_pkthdr.len;
286
287	/* XXX should we check if our outer source is legal? */
288
289	switch (sc->gif_psrc->sa_family) {
290#ifdef INET
291	case AF_INET:
292		error = in_gif_output(ifp, dst->sa_family, m, rt);
293		break;
294#endif
295#ifdef INET6
296	case AF_INET6:
297		error = in6_gif_output(ifp, dst->sa_family, m, rt);
298		break;
299#endif
300	default:
301		m_freem(m);
302		error = ENETDOWN;
303	}
304
305  end:
306	called = 0;		/* reset recursion counter */
307	if (error) ifp->if_oerrors++;
308	return error;
309}
310
311void
312gif_input(m, af, gifp)
313	struct mbuf *m;
314	int af;
315	struct ifnet *gifp;
316{
317	int isr;
318	register struct ifqueue *ifq = 0;
319
320	if (gifp == NULL) {
321		/* just in case */
322		m_freem(m);
323		return;
324	}
325
326	m->m_pkthdr.rcvif = gifp;
327
328#if NBPFILTER > 0
329	if (gifp->if_bpf) {
330		/*
331		 * We need to prepend the address family as
332		 * a four byte field.  Cons up a dummy header
333		 * to pacify bpf.  This is safe because bpf
334		 * will only read from the mbuf (i.e., it won't
335		 * try to free it or keep a pointer a to it).
336		 */
337		struct mbuf m0;
338		u_int af = AF_INET6;
339
340		m0.m_next = m;
341		m0.m_len = 4;
342		m0.m_data = (char *)&af;
343
344#ifdef HAVE_OLD_BPF
345		bpf_mtap(gifp, &m0);
346#else
347		bpf_mtap(gifp->if_bpf, &m0);
348#endif
349	}
350#endif /*NBPFILTER > 0*/
351
352	/*
353	 * Put the packet to the network layer input queue according to the
354	 * specified address family.
355	 * Note: older versions of gif_input directly called network layer
356	 * input functions, e.g. ip6_input, here. We changed the policy to
357	 * prevent too many recursive calls of such input functions, which
358	 * might cause kernel panic. But the change may introduce another
359	 * problem; if the input queue is full, packets are discarded.
360	 * We believed it rarely occurs and changed the policy. If we find
361	 * it occurs more times than we thought, we may change the policy
362	 * again.
363	 */
364	switch (af) {
365#ifdef INET
366	case AF_INET:
367		ifq = &ipintrq;
368		isr = NETISR_IP;
369		break;
370#endif
371#ifdef INET6
372	case AF_INET6:
373		ifq = &ip6intrq;
374		isr = NETISR_IPV6;
375		break;
376#endif
377	default:
378		m_freem(m);
379		return;
380	}
381
382	gifp->if_ipackets++;
383	gifp->if_ibytes += m->m_pkthdr.len;
384	(void) IF_HANDOFF(ifq, m, NULL);
385	/* we need schednetisr since the address family may change */
386	schednetisr(isr);
387
388	return;
389}
390
391/* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */
392int
393gif_ioctl(ifp, cmd, data)
394	struct ifnet *ifp;
395	u_long cmd;
396	caddr_t data;
397{
398	struct gif_softc *sc  = (struct gif_softc*)ifp;
399	struct ifreq     *ifr = (struct ifreq*)data;
400	int error = 0, size;
401	struct sockaddr *dst, *src;
402	struct sockaddr *sa;
403	int i;
404	int s;
405	struct gif_softc *sc2;
406
407	switch (cmd) {
408	case SIOCSIFADDR:
409		break;
410
411	case SIOCSIFDSTADDR:
412		break;
413
414	case SIOCADDMULTI:
415	case SIOCDELMULTI:
416		break;
417
418#ifdef	SIOCSIFMTU /* xxx */
419	case SIOCGIFMTU:
420		break;
421
422	case SIOCSIFMTU:
423		{
424			u_long mtu;
425			mtu = ifr->ifr_mtu;
426			if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX) {
427				return (EINVAL);
428			}
429			ifp->if_mtu = mtu;
430		}
431		break;
432#endif /* SIOCSIFMTU */
433
434	case SIOCSIFPHYADDR:
435#ifdef INET6
436	case SIOCSIFPHYADDR_IN6:
437#endif /* INET6 */
438		switch (cmd) {
439		case SIOCSIFPHYADDR:
440			src = (struct sockaddr *)
441				&(((struct in_aliasreq *)data)->ifra_addr);
442			dst = (struct sockaddr *)
443				&(((struct in_aliasreq *)data)->ifra_dstaddr);
444			break;
445#ifdef INET6
446		case SIOCSIFPHYADDR_IN6:
447			src = (struct sockaddr *)
448				&(((struct in6_aliasreq *)data)->ifra_addr);
449			dst = (struct sockaddr *)
450				&(((struct in6_aliasreq *)data)->ifra_dstaddr);
451			break;
452#endif
453		}
454
455		for (i = 0; i < ngif; i++) {
456			sc2 = gif + i;
457			if (sc2 == sc)
458				continue;
459			if (!sc2->gif_pdst || !sc2->gif_psrc)
460				continue;
461			if (sc2->gif_pdst->sa_family != dst->sa_family ||
462			    sc2->gif_pdst->sa_len != dst->sa_len ||
463			    sc2->gif_psrc->sa_family != src->sa_family ||
464			    sc2->gif_psrc->sa_len != src->sa_len)
465				continue;
466#ifndef XBONEHACK
467			/* can't configure same pair of address onto two gifs */
468			if (bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 &&
469			    bcmp(sc2->gif_psrc, src, src->sa_len) == 0) {
470				error = EADDRNOTAVAIL;
471				goto bad;
472			}
473#endif
474
475			/* can't configure multiple multi-dest interfaces */
476#define multidest(x) \
477	(((struct sockaddr_in *)(x))->sin_addr.s_addr == INADDR_ANY)
478#ifdef INET6
479#define multidest6(x) \
480	(IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *)(x))->sin6_addr))
481#endif
482			if (dst->sa_family == AF_INET &&
483			    multidest(dst) && multidest(sc2->gif_pdst)) {
484				error = EADDRNOTAVAIL;
485				goto bad;
486			}
487#ifdef INET6
488			if (dst->sa_family == AF_INET6 &&
489			    multidest6(dst) && multidest6(sc2->gif_pdst)) {
490				error = EADDRNOTAVAIL;
491				goto bad;
492			}
493#endif
494		}
495
496		if (src->sa_family != dst->sa_family ||
497		    src->sa_len != dst->sa_len) {
498			error = EINVAL;
499			break;
500		}
501		switch (src->sa_family) {
502#ifdef INET
503		case AF_INET:
504			size = sizeof(struct sockaddr_in);
505			break;
506#endif
507#ifdef INET6
508		case AF_INET6:
509			size = sizeof(struct sockaddr_in6);
510			break;
511#endif
512		default:
513			error = EAFNOSUPPORT;
514			goto bad;
515		}
516		if (src->sa_len != size) {
517			error = EINVAL;
518			break;
519		}
520
521		if (sc->gif_psrc)
522			free((caddr_t)sc->gif_psrc, M_IFADDR);
523		sa = (struct sockaddr *)malloc(size, M_IFADDR, M_WAITOK);
524		bcopy((caddr_t)src, (caddr_t)sa, size);
525		sc->gif_psrc = sa;
526
527		if (sc->gif_pdst)
528			free((caddr_t)sc->gif_pdst, M_IFADDR);
529		sa = (struct sockaddr *)malloc(size, M_IFADDR, M_WAITOK);
530		bcopy((caddr_t)dst, (caddr_t)sa, size);
531		sc->gif_pdst = sa;
532
533		ifp->if_flags |= IFF_RUNNING;
534		s = splimp();
535		if_up(ifp);	/* mark interface UP and send up RTM_IFINFO */
536		splx(s);
537
538		error = 0;
539		break;
540
541#ifdef SIOCDIFPHYADDR
542	case SIOCDIFPHYADDR:
543		if (sc->gif_psrc) {
544			free((caddr_t)sc->gif_psrc, M_IFADDR);
545			sc->gif_psrc = NULL;
546		}
547		if (sc->gif_pdst) {
548			free((caddr_t)sc->gif_pdst, M_IFADDR);
549			sc->gif_pdst = NULL;
550		}
551		/* change the IFF_UP flag as well? */
552		break;
553#endif
554
555	case SIOCGIFPSRCADDR:
556#ifdef INET6
557	case SIOCGIFPSRCADDR_IN6:
558#endif /* INET6 */
559		if (sc->gif_psrc == NULL) {
560			error = EADDRNOTAVAIL;
561			goto bad;
562		}
563		src = sc->gif_psrc;
564		switch (sc->gif_psrc->sa_family) {
565#ifdef INET
566		case AF_INET:
567			dst = &ifr->ifr_addr;
568			size = sizeof(struct sockaddr_in);
569			break;
570#endif /* INET */
571#ifdef INET6
572		case AF_INET6:
573			dst = (struct sockaddr *)
574				&(((struct in6_ifreq *)data)->ifr_addr);
575			size = sizeof(struct sockaddr_in6);
576			break;
577#endif /* INET6 */
578		default:
579			error = EADDRNOTAVAIL;
580			goto bad;
581		}
582		bcopy((caddr_t)src, (caddr_t)dst, size);
583		break;
584
585	case SIOCGIFPDSTADDR:
586#ifdef INET6
587	case SIOCGIFPDSTADDR_IN6:
588#endif /* INET6 */
589		if (sc->gif_pdst == NULL) {
590			error = EADDRNOTAVAIL;
591			goto bad;
592		}
593		src = sc->gif_pdst;
594		switch (sc->gif_pdst->sa_family) {
595#ifdef INET
596		case AF_INET:
597			dst = &ifr->ifr_addr;
598			size = sizeof(struct sockaddr_in);
599			break;
600#endif /* INET */
601#ifdef INET6
602		case AF_INET6:
603			dst = (struct sockaddr *)
604				&(((struct in6_ifreq *)data)->ifr_addr);
605			size = sizeof(struct sockaddr_in6);
606			break;
607#endif /* INET6 */
608		default:
609			error = EADDRNOTAVAIL;
610			goto bad;
611		}
612		bcopy((caddr_t)src, (caddr_t)dst, size);
613		break;
614
615	case SIOCSIFFLAGS:
616		/* if_ioctl() takes care of it */
617		break;
618
619	default:
620		error = EINVAL;
621		break;
622	}
623 bad:
624	return error;
625}
626#endif /*NGIF > 0*/
627