sys/netinet/in_gif.c

251607Sdim/*	$FreeBSD: head/sys/netinet/in_gif.c 105293 2002-10-16 19:49:37Z ume $	*/
251607Sdim/*	$KAME: in_gif.c,v 1.54 2001/05/14 14:02:16 itojun Exp $	*/
251607Sdim
251607Sdim/*
251607Sdim * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
251607Sdim * All rights reserved.
251607Sdim *
251607Sdim * Redistribution and use in source and binary forms, with or without
251607Sdim * modification, are permitted provided that the following conditions
251607Sdim * are met:
251607Sdim * 1. Redistributions of source code must retain the above copyright
251607Sdim *    notice, this list of conditions and the following disclaimer.
251607Sdim * 2. Redistributions in binary form must reproduce the above copyright
251607Sdim *    notice, this list of conditions and the following disclaimer in the
251607Sdim *    documentation and/or other materials provided with the distribution.
251607Sdim * 3. Neither the name of the project nor the names of its contributors
251607Sdim *    may be used to endorse or promote products derived from this software
251607Sdim *    without specific prior written permission.
288943Sdim *
288943Sdim * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
288943Sdim * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
288943Sdim * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
288943Sdim * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
251607Sdim * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
251607Sdim * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
251607Sdim * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
251607Sdim * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
251607Sdim * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
251607Sdim * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
251607Sdim * SUCH DAMAGE.
251607Sdim */
261991Sdim
251607Sdim#include "opt_mrouting.h"
251607Sdim#include "opt_inet.h"
251607Sdim#include "opt_inet6.h"
261991Sdim
261991Sdim#include <sys/param.h>
261991Sdim#include <sys/systm.h>
261991Sdim#include <sys/socket.h>
261991Sdim#include <sys/sockio.h>
261991Sdim#include <sys/mbuf.h>
288943Sdim#include <sys/errno.h>
288943Sdim#include <sys/kernel.h>
288943Sdim#include <sys/sysctl.h>
288943Sdim#include <sys/protosw.h>
288943Sdim
261991Sdim#include <sys/malloc.h>
261991Sdim
261991Sdim#include <net/if.h>
261991Sdim#include <net/route.h>
261991Sdim
261991Sdim#include <netinet/in.h>
261991Sdim#include <netinet/in_systm.h>
288943Sdim#include <netinet/ip.h>
288943Sdim#include <netinet/ip_var.h>
288943Sdim#include <netinet/in_gif.h>
288943Sdim#include <netinet/in_var.h>
261991Sdim#include <netinet/ip_encap.h>
251607Sdim#include <netinet/ip_ecn.h>
261991Sdim
261991Sdim#ifdef INET6
261991Sdim#include <netinet/ip6.h>
261991Sdim#endif
261991Sdim
261991Sdim#ifdef MROUTING
251607Sdim#include <netinet/ip_mroute.h>
251607Sdim#endif /* MROUTING */
251607Sdim
251607Sdim#include <net/if_gif.h>
251607Sdim
261991Sdim#include <net/net_osdep.h>
261991Sdim
261991Sdimstatic int gif_validate4(const struct ip *, struct gif_softc *,
261991Sdim	struct ifnet *);
251607Sdim
261991Sdimextern  struct domain inetdomain;
251607Sdimstruct protosw in_gif_protosw =
251607Sdim{ SOCK_RAW,	&inetdomain,	0/*IPPROTO_IPV[46]*/,	PR_ATOMIC|PR_ADDR,
251607Sdim  in_gif_input,	(pr_output_t*)rip_output, 0,		rip_ctloutput,
251607Sdim  0,
288943Sdim  0,		0,		0,		0,
288943Sdim  &rip_usrreqs
288943Sdim};
288943Sdim
288943Sdimstatic int ip_gif_ttl = GIF_TTL;
288943SdimSYSCTL_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_RW,
288943Sdim	&ip_gif_ttl,	0, "");
288943Sdim
288943Sdimint
288943Sdimin_gif_output(ifp, family, m, rt)
288943Sdim	struct ifnet	*ifp;
288943Sdim	int		family;
288943Sdim	struct mbuf	*m;
288943Sdim	struct rtentry *rt;
288943Sdim{
288943Sdim	struct gif_softc *sc = (struct gif_softc*)ifp;
251607Sdim	struct sockaddr_in *dst = (struct sockaddr_in *)&sc->gif_ro.ro_dst;
261991Sdim	struct sockaddr_in *sin_src = (struct sockaddr_in *)sc->gif_psrc;
261991Sdim	struct sockaddr_in *sin_dst = (struct sockaddr_in *)sc->gif_pdst;
261991Sdim	struct ip iphdr;	/* capsule IP header, host byte ordered */
261991Sdim	int proto, error;
261991Sdim	u_int8_t tos;
261991Sdim
261991Sdim	if (sin_src == NULL || sin_dst == NULL ||
261991Sdim	    sin_src->sin_family != AF_INET ||
261991Sdim	    sin_dst->sin_family != AF_INET) {
261991Sdim		m_freem(m);
261991Sdim		return EAFNOSUPPORT;
251607Sdim	}
261991Sdim
251607Sdim	switch (family) {
288943Sdim#ifdef INET
251607Sdim	case AF_INET:
251607Sdim	    {
251607Sdim		struct ip *ip;
261991Sdim
251607Sdim		proto = IPPROTO_IPV4;
251607Sdim		if (m->m_len < sizeof(*ip)) {
251607Sdim			m = m_pullup(m, sizeof(*ip));
251607Sdim			if (!m)
251607Sdim				return ENOBUFS;
261991Sdim		}
251607Sdim		ip = mtod(m, struct ip *);
251607Sdim		tos = ip->ip_tos;
251607Sdim		break;
251607Sdim	    }
261991Sdim#endif /* INET */
261991Sdim#ifdef INET6
261991Sdim	case AF_INET6:
261991Sdim	    {
261991Sdim		struct ip6_hdr *ip6;
261991Sdim		proto = IPPROTO_IPV6;
261991Sdim		if (m->m_len < sizeof(*ip6)) {
261991Sdim			m = m_pullup(m, sizeof(*ip6));
261991Sdim			if (!m)
288943Sdim				return ENOBUFS;
288943Sdim		}
288943Sdim		ip6 = mtod(m, struct ip6_hdr *);
288943Sdim		tos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
288943Sdim		break;
288943Sdim	    }
288943Sdim#endif /* INET6 */
251607Sdim	default:
251607Sdim#ifdef DEBUG
251607Sdim		printf("in_gif_output: warning: unknown family %d passed\n",
251607Sdim			family);
251607Sdim#endif
251607Sdim		m_freem(m);
251607Sdim		return EAFNOSUPPORT;
251607Sdim	}
251607Sdim
288943Sdim	bzero(&iphdr, sizeof(iphdr));
251607Sdim	iphdr.ip_src = sin_src->sin_addr;
251607Sdim	/* bidirectional configured tunnel mode */
251607Sdim	if (sin_dst->sin_addr.s_addr != INADDR_ANY)
251607Sdim		iphdr.ip_dst = sin_dst->sin_addr;
251607Sdim	else {
288943Sdim		m_freem(m);
251607Sdim		return ENETUNREACH;
251607Sdim	}
251607Sdim	iphdr.ip_p = proto;
251607Sdim	/* version will be set in ip_output() */
251607Sdim	iphdr.ip_ttl = ip_gif_ttl;
288943Sdim	iphdr.ip_len = m->m_pkthdr.len + sizeof(struct ip);
251607Sdim	if (ifp->if_flags & IFF_LINK1)
251607Sdim		ip_ecn_ingress(ECN_ALLOWED, &iphdr.ip_tos, &tos);
251607Sdim	else
251607Sdim		ip_ecn_ingress(ECN_NOCARE, &iphdr.ip_tos, &tos);
251607Sdim
288943Sdim	/* prepend new IP header */
251607Sdim	M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
251607Sdim	if (m && m->m_len < sizeof(struct ip))
251607Sdim		m = m_pullup(m, sizeof(struct ip));
251607Sdim	if (m == NULL) {
251607Sdim		printf("ENOBUFS in in_gif_output %d\n", __LINE__);
288943Sdim		return ENOBUFS;
251607Sdim	}
251607Sdim	bcopy(&iphdr, mtod(m, struct ip *), sizeof(struct ip));
251607Sdim
251607Sdim	if (dst->sin_family != sin_dst->sin_family ||
251607Sdim	    dst->sin_addr.s_addr != sin_dst->sin_addr.s_addr) {
288943Sdim		/* cache route doesn't match */
251607Sdim		dst->sin_family = sin_dst->sin_family;
251607Sdim		dst->sin_len = sizeof(struct sockaddr_in);
251607Sdim		dst->sin_addr = sin_dst->sin_addr;
251607Sdim		if (sc->gif_ro.ro_rt) {
288943Sdim			RTFREE(sc->gif_ro.ro_rt);
288943Sdim			sc->gif_ro.ro_rt = NULL;
251607Sdim		}
251607Sdim#if 0
251607Sdim		sc->gif_if.if_mtu = GIF_MTU;
251607Sdim#endif
288943Sdim	}
288943Sdim
251607Sdim	if (sc->gif_ro.ro_rt == NULL) {
251607Sdim		rtalloc(&sc->gif_ro);
288943Sdim		if (sc->gif_ro.ro_rt == NULL) {
288943Sdim			m_freem(m);
288943Sdim			return ENETUNREACH;
288943Sdim		}
288943Sdim
288943Sdim		/* if it constitutes infinite encapsulation, punt. */
288943Sdim		if (sc->gif_ro.ro_rt->rt_ifp == ifp) {
288943Sdim			m_freem(m);
288943Sdim			return ENETUNREACH;	/* XXX */
288943Sdim		}
288943Sdim#if 0
288943Sdim		ifp->if_mtu = sc->gif_ro.ro_rt->rt_ifp->if_mtu
251607Sdim			- sizeof(struct ip);
251607Sdim#endif
288943Sdim	}
288943Sdim
251607Sdim	error = ip_output(m, NULL, &sc->gif_ro, 0, NULL, NULL);
251607Sdim	return(error);
251607Sdim}
251607Sdim
288943Sdimvoid
288943Sdimin_gif_input(m, off)
251607Sdim	struct mbuf *m;
251607Sdim	int off;
251607Sdim{
251607Sdim	struct ifnet *gifp = NULL;
288943Sdim	struct ip *ip;
288943Sdim	int af;
251607Sdim	u_int8_t otos;
251607Sdim	int proto;
251607Sdim
251607Sdim	ip = mtod(m, struct ip *);
288943Sdim	proto = ip->ip_p;
288943Sdim
251607Sdim	gifp = (struct ifnet *)encap_getarg(m);
251607Sdim
251607Sdim	if (gifp == NULL || (gifp->if_flags & IFF_UP) == 0) {
251607Sdim		m_freem(m);
288943Sdim		ipstat.ips_nogif++;
288943Sdim		return;
251607Sdim	}
251607Sdim
251607Sdim	otos = ip->ip_tos;
251607Sdim	m_adj(m, off);
251607Sdim
251607Sdim	switch (proto) {
288943Sdim#ifdef INET
288943Sdim	case IPPROTO_IPV4:
288943Sdim	    {
251607Sdim		struct ip *ip;
251607Sdim		af = AF_INET;
251607Sdim		if (m->m_len < sizeof(*ip)) {
251607Sdim			m = m_pullup(m, sizeof(*ip));
288943Sdim			if (!m)
251607Sdim				return;
251607Sdim		}
251607Sdim		ip = mtod(m, struct ip *);
251607Sdim		if (gifp->if_flags & IFF_LINK1)
251607Sdim			ip_ecn_egress(ECN_ALLOWED, &otos, &ip->ip_tos);
251607Sdim		else
251607Sdim			ip_ecn_egress(ECN_NOCARE, &otos, &ip->ip_tos);
251607Sdim		break;
251607Sdim	    }
251607Sdim#endif
251607Sdim#ifdef INET6
251607Sdim	case IPPROTO_IPV6:
251607Sdim	    {
251607Sdim		struct ip6_hdr *ip6;
251607Sdim		u_int8_t itos;
251607Sdim		af = AF_INET6;
251607Sdim		if (m->m_len < sizeof(*ip6)) {
251607Sdim			m = m_pullup(m, sizeof(*ip6));
251607Sdim			if (!m)
251607Sdim				return;
251607Sdim		}
251607Sdim		ip6 = mtod(m, struct ip6_hdr *);
251607Sdim		itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
251607Sdim		if (gifp->if_flags & IFF_LINK1)
251607Sdim			ip_ecn_egress(ECN_ALLOWED, &otos, &itos);
251607Sdim		else
251607Sdim			ip_ecn_egress(ECN_NOCARE, &otos, &itos);
251607Sdim		ip6->ip6_flow &= ~htonl(0xff << 20);
251607Sdim		ip6->ip6_flow |= htonl((u_int32_t)itos << 20);
251607Sdim		break;
288943Sdim	    }
288943Sdim#endif /* INET6 */
288943Sdim	default:
288943Sdim		ipstat.ips_nogif++;
288943Sdim		m_freem(m);
288943Sdim		return;
288943Sdim	}
288943Sdim	gif_input(m, af, gifp);
288943Sdim	return;
288943Sdim}
288943Sdim
288943Sdim/*
276479Sdim * validate outer address.
276479Sdim */
276479Sdimstatic int
276479Sdimgif_validate4(ip, sc, ifp)
288943Sdim	const struct ip *ip;
288943Sdim	struct gif_softc *sc;
288943Sdim	struct ifnet *ifp;
288943Sdim{
288943Sdim	struct sockaddr_in *src, *dst;
288943Sdim	struct in_ifaddr *ia4;
276479Sdim
276479Sdim	src = (struct sockaddr_in *)sc->gif_psrc;
276479Sdim	dst = (struct sockaddr_in *)sc->gif_pdst;
276479Sdim
251607Sdim	/* check for address match */
251607Sdim	if (src->sin_addr.s_addr != ip->ip_dst.s_addr ||
251607Sdim	    dst->sin_addr.s_addr != ip->ip_src.s_addr)
251607Sdim		return 0;
251607Sdim
251607Sdim	/* martian filters on outer source - NOT done in ip_input! */
251607Sdim	if (IN_MULTICAST(ntohl(ip->ip_src.s_addr)))
251607Sdim		return 0;
251607Sdim	switch ((ntohl(ip->ip_src.s_addr) & 0xff000000) >> 24) {
251607Sdim	case 0: case 127: case 255:
288943Sdim		return 0;
288943Sdim	}
288943Sdim	/* reject packets with broadcast on source */
288943Sdim	TAILQ_FOREACH(ia4, &in_ifaddrhead, ia_link)
251607Sdim	{
251607Sdim		if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0)
251607Sdim			continue;
251607Sdim		if (ip->ip_src.s_addr == ia4->ia_broadaddr.sin_addr.s_addr)
251607Sdim			return 0;
251607Sdim	}
251607Sdim
251607Sdim	/* ingress filters on outer source */
251607Sdim	if ((sc->gif_if.if_flags & IFF_LINK2) == 0 && ifp) {
251607Sdim		struct sockaddr_in sin;
251607Sdim		struct rtentry *rt;
251607Sdim
251607Sdim		bzero(&sin, sizeof(sin));
251607Sdim		sin.sin_family = AF_INET;
251607Sdim		sin.sin_len = sizeof(struct sockaddr_in);
251607Sdim		sin.sin_addr = ip->ip_src;
251607Sdim		rt = rtalloc1((struct sockaddr *)&sin, 0, 0UL);
251607Sdim		if (!rt || rt->rt_ifp != ifp) {
251607Sdim#if 0
251607Sdim			log(LOG_WARNING, "%s: packet from 0x%x dropped "
251607Sdim			    "due to ingress filter\n", if_name(&sc->gif_if),
251607Sdim			    (u_int32_t)ntohl(sin.sin_addr.s_addr));
251607Sdim#endif
251607Sdim			if (rt)
251607Sdim				rtfree(rt);
251607Sdim			return 0;
251607Sdim		}
251607Sdim		rtfree(rt);
251607Sdim	}
251607Sdim
251607Sdim	return 32 * 2;
251607Sdim}
251607Sdim
251607Sdim/*
251607Sdim * we know that we are in IFF_UP, outer address available, and outer family
251607Sdim * matched the physical addr family.  see gif_encapcheck().
251607Sdim */
251607Sdimint
251607Sdimgif_encapcheck4(m, off, proto, arg)
251607Sdim	const struct mbuf *m;
251607Sdim	int off;
251607Sdim	int proto;
251607Sdim	void *arg;
251607Sdim{
251607Sdim	struct ip ip;
251607Sdim	struct gif_softc *sc;
251607Sdim	struct ifnet *ifp;
251607Sdim
251607Sdim	/* sanity check done in caller */
251607Sdim	sc = (struct gif_softc *)arg;
251607Sdim
251607Sdim	/* LINTED const cast */
251607Sdim	m_copydata(m, 0, sizeof(ip), (caddr_t)&ip);
251607Sdim	ifp = ((m->m_flags & M_PKTHDR) != 0) ? m->m_pkthdr.rcvif : NULL;
251607Sdim
251607Sdim	return gif_validate4(&ip, sc, ifp);
251607Sdim}
251607Sdim
251607Sdimint
251607Sdimin_gif_attach(sc)
251607Sdim	struct gif_softc *sc;
251607Sdim{
251607Sdim#ifndef USE_ENCAPCHECK
251607Sdim	struct sockaddr_in mask4;
251607Sdim
251607Sdim	bzero(&mask4, sizeof(mask4));
251607Sdim	mask4.sin_len = sizeof(struct sockaddr_in);
251607Sdim	mask4.sin_addr.s_addr = ~0;
251607Sdim
251607Sdim	if (!sc->gif_psrc || !sc->gif_pdst)
251607Sdim		return EINVAL;
251607Sdim	sc->encap_cookie4 = encap_attach(AF_INET, -1, sc->gif_psrc,
251607Sdim	    (struct sockaddr *)&mask4, sc->gif_pdst, (struct sockaddr *)&mask4,
251607Sdim	    (struct protosw *)&in_gif_protosw, sc);
251607Sdim#else
251607Sdim	sc->encap_cookie4 = encap_attach_func(AF_INET, -1, gif_encapcheck,
251607Sdim	    &in_gif_protosw, sc);
251607Sdim#endif
251607Sdim	if (sc->encap_cookie4 == NULL)
251607Sdim		return EEXIST;
251607Sdim	return 0;
251607Sdim}
251607Sdim
261991Sdimint
261991Sdimin_gif_detach(sc)
261991Sdim	struct gif_softc *sc;
261991Sdim{
251607Sdim	int error;
251607Sdim
251607Sdim	error = encap_detach(sc->encap_cookie4);
251607Sdim	if (error == 0)
251607Sdim		sc->encap_cookie4 = NULL;
251607Sdim	return error;
251607Sdim}
251607Sdim