if_gif.c revision 77658
1/* $FreeBSD: head/sys/net/if_gif.c 77658 2001-06-03 17:31:11Z yar $ */ 2/* $KAME: if_gif.c,v 1.28 2000/06/20 12:30:03 jinmei Exp $ */ 3 4/* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33#include "opt_inet.h" 34#include "opt_inet6.h" 35 36#include <sys/param.h> 37#include <sys/systm.h> 38#include <sys/kernel.h> 39#include <sys/malloc.h> 40#include <sys/mbuf.h> 41#include <sys/socket.h> 42#include <sys/sockio.h> 43#include <sys/errno.h> 44#include <sys/time.h> 45#include <sys/syslog.h> 46#include <sys/protosw.h> 47#include <machine/cpu.h> 48 49#include <net/if.h> 50#include <net/if_types.h> 51#include <net/netisr.h> 52#include <net/route.h> 53#include <net/bpf.h> 54 55#ifdef INET 56#include <netinet/in.h> 57#include <netinet/in_systm.h> 58#include <netinet/in_var.h> 59#include <netinet/ip.h> 60#include <netinet/in_gif.h> 61#endif /* INET */ 62 63#ifdef INET6 64#ifndef INET 65#include <netinet/in.h> 66#endif 67#include <netinet6/in6_var.h> 68#include <netinet/ip6.h> 69#include <netinet6/ip6_var.h> 70#include <netinet6/in6_gif.h> 71#include <netinet6/ip6protosw.h> 72#endif /* INET6 */ 73 74#include <netinet/ip_encap.h> 75#include <net/if_gif.h> 76 77#include "gif.h" 78#include "bpf.h" 79#define NBPFILTER NBPF 80 81#include <net/net_osdep.h> 82 83#if NGIF > 0 84 85void gifattach __P((void *)); 86static int gif_encapcheck __P((const struct mbuf *, int, int, void *)); 87#ifdef INET 88extern struct protosw in_gif_protosw; 89#endif 90#ifdef INET6 91extern struct ip6protosw in6_gif_protosw; 92#endif 93 94/* 95 * gif global variable definitions 96 */ 97static int ngif; /* number of interfaces */ 98static struct gif_softc *gif = 0; 99 100#ifndef MAX_GIF_NEST 101/* 102 * This macro controls the upper limitation on nesting of gif tunnels. 103 * Since, setting a large value to this macro with a careless configuration 104 * may introduce system crash, we don't allow any nestings by default. 105 * If you need to configure nested gif tunnels, you can define this macro 106 * in your kernel configuration file. However, if you do so, please be 107 * careful to configure the tunnels so that it won't make a loop. 108 */ 109#define MAX_GIF_NEST 1 110#endif 111static int max_gif_nesting = MAX_GIF_NEST; 112 113void 114gifattach(dummy) 115 void *dummy; 116{ 117 register struct gif_softc *sc; 118 register int i; 119 120 ngif = NGIF; 121 gif = sc = malloc (ngif * sizeof(struct gif_softc), M_DEVBUF, M_WAITOK); 122 bzero(sc, ngif * sizeof(struct gif_softc)); 123 for (i = 0; i < ngif; sc++, i++) { 124 sc->gif_if.if_name = "gif"; 125 sc->gif_if.if_unit = i; 126 127 sc->encap_cookie4 = sc->encap_cookie6 = NULL; 128#ifdef INET 129 sc->encap_cookie4 = encap_attach_func(AF_INET, -1, 130 gif_encapcheck, &in_gif_protosw, sc); 131 if (sc->encap_cookie4 == NULL) { 132 printf("%s: attach failed\n", if_name(&sc->gif_if)); 133 continue; 134 } 135#endif 136#ifdef INET6 137 sc->encap_cookie6 = encap_attach_func(AF_INET6, -1, 138 gif_encapcheck, (struct protosw *)&in6_gif_protosw, sc); 139 if (sc->encap_cookie6 == NULL) { 140 if (sc->encap_cookie4) { 141 encap_detach(sc->encap_cookie4); 142 sc->encap_cookie4 = NULL; 143 } 144 printf("%s: attach failed\n", if_name(&sc->gif_if)); 145 continue; 146 } 147#endif 148 149 sc->gif_if.if_mtu = GIF_MTU; 150 sc->gif_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 151 sc->gif_if.if_ioctl = gif_ioctl; 152 sc->gif_if.if_output = gif_output; 153 sc->gif_if.if_type = IFT_GIF; 154 sc->gif_if.if_snd.ifq_maxlen = IFQ_MAXLEN; 155 if_attach(&sc->gif_if); 156#if NBPFILTER > 0 157#ifdef HAVE_OLD_BPF 158 bpfattach(&sc->gif_if, DLT_NULL, sizeof(u_int)); 159#else 160 bpfattach(&sc->gif_if.if_bpf, &sc->gif_if, DLT_NULL, sizeof(u_int)); 161#endif 162#endif 163 } 164} 165 166PSEUDO_SET(gifattach, if_gif); 167 168static int 169gif_encapcheck(m, off, proto, arg) 170 const struct mbuf *m; 171 int off; 172 int proto; 173 void *arg; 174{ 175 struct ip ip; 176 struct gif_softc *sc; 177 178 sc = (struct gif_softc *)arg; 179 if (sc == NULL) 180 return 0; 181 182 if ((sc->gif_if.if_flags & IFF_UP) == 0) 183 return 0; 184 185 /* no physical address */ 186 if (!sc->gif_psrc || !sc->gif_pdst) 187 return 0; 188 189 switch (proto) { 190#ifdef INET 191 case IPPROTO_IPV4: 192 break; 193#endif 194#ifdef INET6 195 case IPPROTO_IPV6: 196 break; 197#endif 198 default: 199 return 0; 200 } 201 202 /* LINTED const cast */ 203 m_copydata((struct mbuf *)m, 0, sizeof(ip), (caddr_t)&ip); 204 205 switch (ip.ip_v) { 206#ifdef INET 207 case 4: 208 if (sc->gif_psrc->sa_family != AF_INET || 209 sc->gif_pdst->sa_family != AF_INET) 210 return 0; 211 return gif_encapcheck4(m, off, proto, arg); 212#endif 213#ifdef INET6 214 case 6: 215 if (sc->gif_psrc->sa_family != AF_INET6 || 216 sc->gif_pdst->sa_family != AF_INET6) 217 return 0; 218 return gif_encapcheck6(m, off, proto, arg); 219#endif 220 default: 221 return 0; 222 } 223} 224 225int 226gif_output(ifp, m, dst, rt) 227 struct ifnet *ifp; 228 struct mbuf *m; 229 struct sockaddr *dst; 230 struct rtentry *rt; /* added in net2 */ 231{ 232 register struct gif_softc *sc = (struct gif_softc*)ifp; 233 int error = 0; 234 static int called = 0; /* XXX: MUTEX */ 235 236 /* 237 * gif may cause infinite recursion calls when misconfigured. 238 * We'll prevent this by introducing upper limit. 239 * XXX: this mechanism may introduce another problem about 240 * mutual exclusion of the variable CALLED, especially if we 241 * use kernel thread. 242 */ 243 if (++called > max_gif_nesting) { 244 log(LOG_NOTICE, 245 "gif_output: recursively called too many times(%d)\n", 246 called); 247 m_freem(m); 248 error = EIO; /* is there better errno? */ 249 goto end; 250 } 251 252 getmicrotime(&ifp->if_lastchange); 253 m->m_flags &= ~(M_BCAST|M_MCAST); 254 if (!(ifp->if_flags & IFF_UP) || 255 sc->gif_psrc == NULL || sc->gif_pdst == NULL) { 256 m_freem(m); 257 error = ENETDOWN; 258 goto end; 259 } 260 261#if NBPFILTER > 0 262 if (ifp->if_bpf) { 263 /* 264 * We need to prepend the address family as 265 * a four byte field. Cons up a dummy header 266 * to pacify bpf. This is safe because bpf 267 * will only read from the mbuf (i.e., it won't 268 * try to free it or keep a pointer a to it). 269 */ 270 struct mbuf m0; 271 u_int af = dst->sa_family; 272 273 m0.m_next = m; 274 m0.m_len = 4; 275 m0.m_data = (char *)⁡ 276 277#ifdef HAVE_OLD_BPF 278 bpf_mtap(ifp, &m0); 279#else 280 bpf_mtap(ifp->if_bpf, &m0); 281#endif 282 } 283#endif 284 ifp->if_opackets++; 285 ifp->if_obytes += m->m_pkthdr.len; 286 287 /* XXX should we check if our outer source is legal? */ 288 289 switch (sc->gif_psrc->sa_family) { 290#ifdef INET 291 case AF_INET: 292 error = in_gif_output(ifp, dst->sa_family, m, rt); 293 break; 294#endif 295#ifdef INET6 296 case AF_INET6: 297 error = in6_gif_output(ifp, dst->sa_family, m, rt); 298 break; 299#endif 300 default: 301 m_freem(m); 302 error = ENETDOWN; 303 } 304 305 end: 306 called = 0; /* reset recursion counter */ 307 if (error) ifp->if_oerrors++; 308 return error; 309} 310 311void 312gif_input(m, af, gifp) 313 struct mbuf *m; 314 int af; 315 struct ifnet *gifp; 316{ 317 int isr; 318 register struct ifqueue *ifq = 0; 319 320 if (gifp == NULL) { 321 /* just in case */ 322 m_freem(m); 323 return; 324 } 325 326 m->m_pkthdr.rcvif = gifp; 327 328#if NBPFILTER > 0 329 if (gifp->if_bpf) { 330 /* 331 * We need to prepend the address family as 332 * a four byte field. Cons up a dummy header 333 * to pacify bpf. This is safe because bpf 334 * will only read from the mbuf (i.e., it won't 335 * try to free it or keep a pointer a to it). 336 */ 337 struct mbuf m0; 338 u_int af = AF_INET6; 339 340 m0.m_next = m; 341 m0.m_len = 4; 342 m0.m_data = (char *)⁡ 343 344#ifdef HAVE_OLD_BPF 345 bpf_mtap(gifp, &m0); 346#else 347 bpf_mtap(gifp->if_bpf, &m0); 348#endif 349 } 350#endif /*NBPFILTER > 0*/ 351 352 /* 353 * Put the packet to the network layer input queue according to the 354 * specified address family. 355 * Note: older versions of gif_input directly called network layer 356 * input functions, e.g. ip6_input, here. We changed the policy to 357 * prevent too many recursive calls of such input functions, which 358 * might cause kernel panic. But the change may introduce another 359 * problem; if the input queue is full, packets are discarded. 360 * We believed it rarely occurs and changed the policy. If we find 361 * it occurs more times than we thought, we may change the policy 362 * again. 363 */ 364 switch (af) { 365#ifdef INET 366 case AF_INET: 367 ifq = &ipintrq; 368 isr = NETISR_IP; 369 break; 370#endif 371#ifdef INET6 372 case AF_INET6: 373 ifq = &ip6intrq; 374 isr = NETISR_IPV6; 375 break; 376#endif 377 default: 378 m_freem(m); 379 return; 380 } 381 382 gifp->if_ipackets++; 383 gifp->if_ibytes += m->m_pkthdr.len; 384 (void) IF_HANDOFF(ifq, m, NULL); 385 /* we need schednetisr since the address family may change */ 386 schednetisr(isr); 387 388 return; 389} 390 391/* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */ 392int 393gif_ioctl(ifp, cmd, data) 394 struct ifnet *ifp; 395 u_long cmd; 396 caddr_t data; 397{ 398 struct gif_softc *sc = (struct gif_softc*)ifp; 399 struct ifreq *ifr = (struct ifreq*)data; 400 int error = 0, size; 401 struct sockaddr *dst, *src; 402 struct sockaddr *sa; 403 int i; 404 int s; 405 struct gif_softc *sc2; 406 407 switch (cmd) { 408 case SIOCSIFADDR: 409 break; 410 411 case SIOCSIFDSTADDR: 412 break; 413 414 case SIOCADDMULTI: 415 case SIOCDELMULTI: 416 break; 417 418#ifdef SIOCSIFMTU /* xxx */ 419 case SIOCGIFMTU: 420 break; 421 422 case SIOCSIFMTU: 423 { 424 u_long mtu; 425 mtu = ifr->ifr_mtu; 426 if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX) { 427 return (EINVAL); 428 } 429 ifp->if_mtu = mtu; 430 } 431 break; 432#endif /* SIOCSIFMTU */ 433 434 case SIOCSIFPHYADDR: 435#ifdef INET6 436 case SIOCSIFPHYADDR_IN6: 437#endif /* INET6 */ 438 switch (cmd) { 439 case SIOCSIFPHYADDR: 440 src = (struct sockaddr *) 441 &(((struct in_aliasreq *)data)->ifra_addr); 442 dst = (struct sockaddr *) 443 &(((struct in_aliasreq *)data)->ifra_dstaddr); 444 break; 445#ifdef INET6 446 case SIOCSIFPHYADDR_IN6: 447 src = (struct sockaddr *) 448 &(((struct in6_aliasreq *)data)->ifra_addr); 449 dst = (struct sockaddr *) 450 &(((struct in6_aliasreq *)data)->ifra_dstaddr); 451 break; 452#endif 453 } 454 455 for (i = 0; i < ngif; i++) { 456 sc2 = gif + i; 457 if (sc2 == sc) 458 continue; 459 if (!sc2->gif_pdst || !sc2->gif_psrc) 460 continue; 461 if (sc2->gif_pdst->sa_family != dst->sa_family || 462 sc2->gif_pdst->sa_len != dst->sa_len || 463 sc2->gif_psrc->sa_family != src->sa_family || 464 sc2->gif_psrc->sa_len != src->sa_len) 465 continue; 466#ifndef XBONEHACK 467 /* can't configure same pair of address onto two gifs */ 468 if (bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 && 469 bcmp(sc2->gif_psrc, src, src->sa_len) == 0) { 470 error = EADDRNOTAVAIL; 471 goto bad; 472 } 473#endif 474 475 /* can't configure multiple multi-dest interfaces */ 476#define multidest(x) \ 477 (((struct sockaddr_in *)(x))->sin_addr.s_addr == INADDR_ANY) 478#ifdef INET6 479#define multidest6(x) \ 480 (IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *)(x))->sin6_addr)) 481#endif 482 if (dst->sa_family == AF_INET && 483 multidest(dst) && multidest(sc2->gif_pdst)) { 484 error = EADDRNOTAVAIL; 485 goto bad; 486 } 487#ifdef INET6 488 if (dst->sa_family == AF_INET6 && 489 multidest6(dst) && multidest6(sc2->gif_pdst)) { 490 error = EADDRNOTAVAIL; 491 goto bad; 492 } 493#endif 494 } 495 496 if (src->sa_family != dst->sa_family || 497 src->sa_len != dst->sa_len) { 498 error = EINVAL; 499 break; 500 } 501 switch (src->sa_family) { 502#ifdef INET 503 case AF_INET: 504 size = sizeof(struct sockaddr_in); 505 break; 506#endif 507#ifdef INET6 508 case AF_INET6: 509 size = sizeof(struct sockaddr_in6); 510 break; 511#endif 512 default: 513 error = EAFNOSUPPORT; 514 goto bad; 515 } 516 if (src->sa_len != size) { 517 error = EINVAL; 518 break; 519 } 520 521 if (sc->gif_psrc) 522 free((caddr_t)sc->gif_psrc, M_IFADDR); 523 sa = (struct sockaddr *)malloc(size, M_IFADDR, M_WAITOK); 524 bcopy((caddr_t)src, (caddr_t)sa, size); 525 sc->gif_psrc = sa; 526 527 if (sc->gif_pdst) 528 free((caddr_t)sc->gif_pdst, M_IFADDR); 529 sa = (struct sockaddr *)malloc(size, M_IFADDR, M_WAITOK); 530 bcopy((caddr_t)dst, (caddr_t)sa, size); 531 sc->gif_pdst = sa; 532 533 ifp->if_flags |= IFF_RUNNING; 534 s = splimp(); 535 if_up(ifp); /* mark interface UP and send up RTM_IFINFO */ 536 splx(s); 537 538 error = 0; 539 break; 540 541#ifdef SIOCDIFPHYADDR 542 case SIOCDIFPHYADDR: 543 if (sc->gif_psrc) { 544 free((caddr_t)sc->gif_psrc, M_IFADDR); 545 sc->gif_psrc = NULL; 546 } 547 if (sc->gif_pdst) { 548 free((caddr_t)sc->gif_pdst, M_IFADDR); 549 sc->gif_pdst = NULL; 550 } 551 /* change the IFF_UP flag as well? */ 552 break; 553#endif 554 555 case SIOCGIFPSRCADDR: 556#ifdef INET6 557 case SIOCGIFPSRCADDR_IN6: 558#endif /* INET6 */ 559 if (sc->gif_psrc == NULL) { 560 error = EADDRNOTAVAIL; 561 goto bad; 562 } 563 src = sc->gif_psrc; 564 switch (sc->gif_psrc->sa_family) { 565#ifdef INET 566 case AF_INET: 567 dst = &ifr->ifr_addr; 568 size = sizeof(struct sockaddr_in); 569 break; 570#endif /* INET */ 571#ifdef INET6 572 case AF_INET6: 573 dst = (struct sockaddr *) 574 &(((struct in6_ifreq *)data)->ifr_addr); 575 size = sizeof(struct sockaddr_in6); 576 break; 577#endif /* INET6 */ 578 default: 579 error = EADDRNOTAVAIL; 580 goto bad; 581 } 582 bcopy((caddr_t)src, (caddr_t)dst, size); 583 break; 584 585 case SIOCGIFPDSTADDR: 586#ifdef INET6 587 case SIOCGIFPDSTADDR_IN6: 588#endif /* INET6 */ 589 if (sc->gif_pdst == NULL) { 590 error = EADDRNOTAVAIL; 591 goto bad; 592 } 593 src = sc->gif_pdst; 594 switch (sc->gif_pdst->sa_family) { 595#ifdef INET 596 case AF_INET: 597 dst = &ifr->ifr_addr; 598 size = sizeof(struct sockaddr_in); 599 break; 600#endif /* INET */ 601#ifdef INET6 602 case AF_INET6: 603 dst = (struct sockaddr *) 604 &(((struct in6_ifreq *)data)->ifr_addr); 605 size = sizeof(struct sockaddr_in6); 606 break; 607#endif /* INET6 */ 608 default: 609 error = EADDRNOTAVAIL; 610 goto bad; 611 } 612 bcopy((caddr_t)src, (caddr_t)dst, size); 613 break; 614 615 case SIOCSIFFLAGS: 616 /* if_ioctl() takes care of it */ 617 break; 618 619 default: 620 error = EINVAL; 621 break; 622 } 623 bad: 624 return error; 625} 626#endif /*NGIF > 0*/ 627