sys/net/if_faith.c

78064Sume/*	$KAME: if_faith.c,v 1.21 2001/02/20 07:59:26 itojun Exp $	*/
78064Sume
54263Sshin/*
54263Sshin * Copyright (c) 1982, 1986, 1993
54263Sshin *	The Regents of the University of California.  All rights reserved.
54263Sshin *
54263Sshin * Redistribution and use in source and binary forms, with or without
54263Sshin * modification, are permitted provided that the following conditions
54263Sshin * are met:
54263Sshin * 1. Redistributions of source code must retain the above copyright
54263Sshin *    notice, this list of conditions and the following disclaimer.
54263Sshin * 2. Redistributions in binary form must reproduce the above copyright
54263Sshin *    notice, this list of conditions and the following disclaimer in the
54263Sshin *    documentation and/or other materials provided with the distribution.
54263Sshin * 3. All advertising materials mentioning features or use of this software
54263Sshin *    must display the following acknowledgement:
54263Sshin *	This product includes software developed by the University of
54263Sshin *	California, Berkeley and its contributors.
54263Sshin * 4. Neither the name of the University nor the names of its contributors
54263Sshin *    may be used to endorse or promote products derived from this software
54263Sshin *    without specific prior written permission.
54263Sshin *
54263Sshin * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54263Sshin * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54263Sshin * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
54263Sshin * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
54263Sshin * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54263Sshin * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
54263Sshin * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54263Sshin * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
54263Sshin * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54263Sshin * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
54263Sshin * SUCH DAMAGE.
54263Sshin *
54263Sshin * $FreeBSD: head/sys/net/if_faith.c 91317 2002-02-26 17:11:37Z dillon $
54263Sshin */
54263Sshin/*
54263Sshin * derived from
54263Sshin *	@(#)if_loop.c	8.1 (Berkeley) 6/10/93
54263Sshin * Id: if_loop.c,v 1.22 1996/06/19 16:24:10 wollman Exp
54263Sshin */
54263Sshin
54263Sshin/*
54263Sshin * Loopback interface driver for protocol testing and timing.
54263Sshin */
78064Sume#include "opt_inet.h"
78064Sume#include "opt_inet6.h"
54263Sshin
54263Sshin#include <sys/param.h>
54263Sshin#include <sys/systm.h>
54263Sshin#include <sys/kernel.h>
54263Sshin#include <sys/mbuf.h>
54263Sshin#include <sys/socket.h>
78064Sume#include <sys/errno.h>
54263Sshin#include <sys/sockio.h>
78064Sume#include <sys/time.h>
78064Sume#include <sys/queue.h>
83934Sbrooks#include <sys/types.h>
83934Sbrooks#include <sys/malloc.h>
83934Sbrooks#include <machine/bus.h>	/* XXX: Shouldn't really be required! */
83934Sbrooks#include <sys/rman.h>
54263Sshin
54263Sshin#include <net/if.h>
54263Sshin#include <net/if_types.h>
54263Sshin#include <net/netisr.h>
54263Sshin#include <net/route.h>
54263Sshin#include <net/bpf.h>
54263Sshin
78064Sume#ifdef	INET
78064Sume#include <netinet/in.h>
78064Sume#include <netinet/in_systm.h>
78064Sume#include <netinet/in_var.h>
78064Sume#include <netinet/ip.h>
78064Sume#endif
78064Sume
78064Sume#ifdef INET6
78064Sume#ifndef INET
78064Sume#include <netinet/in.h>
78064Sume#endif
78064Sume#include <netinet6/in6_var.h>
78064Sume#include <netinet/ip6.h>
78064Sume#include <netinet6/ip6_var.h>
78064Sume#endif
78064Sume
71991Speter#include <net/net_osdep.h>
71991Speter
83934Sbrooks#define FAITHNAME	"faith"
83934Sbrooks#define FAITH_MAXUNIT	0x7fff	/* ifp->if_unit is only 15 bits */
83934Sbrooks
83934Sbrooksstruct faith_softc {
83934Sbrooks	struct ifnet sc_if;	/* must be first */
83934Sbrooks	struct resource *r_unit;
83934Sbrooks	LIST_ENTRY(faith_softc) sc_list;
83934Sbrooks};
83934Sbrooks
78064Sumestatic int faithioctl __P((struct ifnet *, u_long, caddr_t));
78064Sumeint faithoutput __P((struct ifnet *, struct mbuf *, struct sockaddr *,
78064Sume	struct rtentry *));
85074Srustatic void faithrtrequest __P((int, struct rtentry *, struct rt_addrinfo *));
91317Sdillon#ifdef INET6
83934Sbrooksstatic int faithprefix __P((struct in6_addr *));
91317Sdillon#endif
54263Sshin
83934Sbrooksstatic int faithmodevent __P((module_t, int, void *));
78064Sume
83934Sbrooksstatic MALLOC_DEFINE(M_FAITH, FAITHNAME, "Firewall Assisted Tunnel Interface");
83934Sbrooksstatic struct rman faithunits[1];
89065Smsmithstatic LIST_HEAD(, faith_softc) faith_softc_list;
54263Sshin
83934Sbrooksint	faith_clone_create __P((struct if_clone *, int *));
83934Sbrooksvoid	faith_clone_destroy __P((struct ifnet *));
83934Sbrooks
83934Sbrooksstruct if_clone faith_cloner =
83934Sbrooks    IF_CLONE_INITIALIZER(FAITHNAME, faith_clone_create, faith_clone_destroy);
83934Sbrooks
54263Sshin#define	FAITHMTU	1500
54263Sshin
83934Sbrooksstatic int
83934Sbrooksfaithmodevent(mod, type, data)
83934Sbrooks	module_t mod;
83934Sbrooks	int type;
83934Sbrooks	void *data;
54263Sshin{
83934Sbrooks	int err;
54263Sshin
83934Sbrooks	switch (type) {
83934Sbrooks	case MOD_LOAD:
83934Sbrooks		faithunits->rm_type = RMAN_ARRAY;
83934Sbrooks		faithunits->rm_descr = "configurable if_faith units";
83934Sbrooks		err = rman_init(faithunits);
83934Sbrooks		if (err != 0)
83934Sbrooks			return (err);
83934Sbrooks		err = rman_manage_region(faithunits, 0, FAITH_MAXUNIT);
83934Sbrooks		if (err != 0) {
83934Sbrooks			printf("%s: faithunits: rman_manage_region: "
83934Sbrooks			    "Failed %d\n", FAITHNAME, err);
83934Sbrooks			rman_fini(faithunits);
83934Sbrooks			return (err);
83934Sbrooks		}
83934Sbrooks		LIST_INIT(&faith_softc_list);
83934Sbrooks		if_clone_attach(&faith_cloner);
83934Sbrooks
83934Sbrooks#ifdef INET6
83934Sbrooks		faithprefix_p = faithprefix;
78064Sume#endif
83934Sbrooks
83934Sbrooks		break;
83934Sbrooks	case MOD_UNLOAD:
83934Sbrooks#ifdef INET6
83934Sbrooks		faithprefix_p = NULL;
78064Sume#endif
83934Sbrooks
83934Sbrooks		if_clone_detach(&faith_cloner);
83934Sbrooks
83934Sbrooks		while (!LIST_EMPTY(&faith_softc_list))
83934Sbrooks			faith_clone_destroy(
83934Sbrooks			    &LIST_FIRST(&faith_softc_list)->sc_if);
83934Sbrooks
83934Sbrooks		err = rman_fini(faithunits);
83934Sbrooks		if (err != 0)
83934Sbrooks			return (err);
83934Sbrooks
83934Sbrooks		break;
54263Sshin	}
83934Sbrooks	return 0;
54263Sshin}
78064Sume
83934Sbrooksstatic moduledata_t faith_mod = {
83934Sbrooks	"if_faith",
83934Sbrooks	faithmodevent,
83934Sbrooks	0
83934Sbrooks};
83934Sbrooks
83934SbrooksDECLARE_MODULE(if_faith, faith_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
83934SbrooksMODULE_VERSION(if_faith, 1);
83934Sbrooks
78064Sumeint
83934Sbrooksfaith_clone_create(ifc, unit)
83934Sbrooks	struct if_clone *ifc;
83934Sbrooks	int *unit;
83934Sbrooks{
83934Sbrooks	struct resource *r;
83934Sbrooks	struct faith_softc *sc;
83934Sbrooks
83934Sbrooks	if (*unit > FAITH_MAXUNIT)
83934Sbrooks		return (ENXIO);
83934Sbrooks
83934Sbrooks	if (*unit < 0) {
83934Sbrooks		r = rman_reserve_resource(faithunits, 0, FAITH_MAXUNIT, 1,
83934Sbrooks		    RF_ALLOCATED | RF_ACTIVE, NULL);
83934Sbrooks		if (r == NULL)
83934Sbrooks			return (ENOSPC);
83934Sbrooks		*unit = rman_get_start(r);
83934Sbrooks	} else {
83934Sbrooks		r = rman_reserve_resource(faithunits, *unit, *unit, 1,
83934Sbrooks		    RF_ALLOCATED | RF_ACTIVE, NULL);
83934Sbrooks		if (r == NULL)
83934Sbrooks			return (ENOSPC);
83934Sbrooks	}
83934Sbrooks
83934Sbrooks	sc = malloc(sizeof(struct faith_softc), M_FAITH, M_WAITOK);
83934Sbrooks	bzero(sc, sizeof(struct faith_softc));
83934Sbrooks
83934Sbrooks	sc->sc_if.if_softc = sc;
83934Sbrooks	sc->sc_if.if_name = FAITHNAME;
83934Sbrooks	sc->sc_if.if_unit = *unit;
83934Sbrooks	sc->r_unit = r;
83934Sbrooks
83934Sbrooks	sc->sc_if.if_mtu = FAITHMTU;
83934Sbrooks	/* Change to BROADCAST experimentaly to announce its prefix. */
83934Sbrooks	sc->sc_if.if_flags = /* IFF_LOOPBACK */ IFF_BROADCAST | IFF_MULTICAST;
83934Sbrooks	sc->sc_if.if_ioctl = faithioctl;
83934Sbrooks	sc->sc_if.if_output = faithoutput;
83934Sbrooks	sc->sc_if.if_type = IFT_FAITH;
83934Sbrooks	sc->sc_if.if_hdrlen = 0;
83934Sbrooks	sc->sc_if.if_addrlen = 0;
88034Sbrooks	sc->sc_if.if_snd.ifq_maxlen = ifqmaxlen;
83934Sbrooks	if_attach(&sc->sc_if);
83934Sbrooks	bpfattach(&sc->sc_if, DLT_NULL, sizeof(u_int));
83934Sbrooks	LIST_INSERT_HEAD(&faith_softc_list, sc, sc_list);
83934Sbrooks	return (0);
83934Sbrooks}
83934Sbrooks
83934Sbrooksvoid
83934Sbrooksfaith_clone_destroy(ifp)
83934Sbrooks	struct ifnet *ifp;
83934Sbrooks{
83934Sbrooks	int err;
83934Sbrooks	struct faith_softc *sc = (void *) ifp;
83934Sbrooks
83934Sbrooks	LIST_REMOVE(sc, sc_list);
83934Sbrooks	bpfdetach(ifp);
83934Sbrooks	if_detach(ifp);
83934Sbrooks
83934Sbrooks	err = rman_release_resource(sc->r_unit);
83934Sbrooks	KASSERT(err == 0, ("Unexpected error freeing resource"));
83934Sbrooks
83934Sbrooks	free(sc, M_FAITH);
83934Sbrooks}
83934Sbrooks
83934Sbrooksint
78064Sumefaithoutput(ifp, m, dst, rt)
78064Sume	struct ifnet *ifp;
78064Sume	struct mbuf *m;
78064Sume	struct sockaddr *dst;
78064Sume	struct rtentry *rt;
78064Sume{
78064Sume	int isr;
78064Sume	struct ifqueue *ifq = 0;
78064Sume
78064Sume	if ((m->m_flags & M_PKTHDR) == 0)
78064Sume		panic("faithoutput no HDR");
83934Sbrooks
78064Sume	/* BPF write needs to be handled specially */
78064Sume	if (dst->sa_family == AF_UNSPEC) {
78064Sume		dst->sa_family = *(mtod(m, int *));
78064Sume		m->m_len -= sizeof(int);
78064Sume		m->m_pkthdr.len -= sizeof(int);
78064Sume		m->m_data += sizeof(int);
78064Sume	}
78064Sume
78064Sume	if (ifp->if_bpf) {
78064Sume		/*
78064Sume		 * We need to prepend the address family as
78064Sume		 * a four byte field.  Cons up a faith header
78064Sume		 * to pacify bpf.  This is safe because bpf
78064Sume		 * will only read from the mbuf (i.e., it won't
78064Sume		 * try to free it or keep a pointer a to it).
78064Sume		 */
78064Sume		struct mbuf m0;
78064Sume		u_int32_t af = dst->sa_family;
78064Sume
78064Sume		m0.m_next = m;
78064Sume		m0.m_len = 4;
78064Sume		m0.m_data = (char *)&af;
78064Sume
78064Sume		bpf_mtap(ifp, &m0);
78064Sume	}
78064Sume
78064Sume	if (rt && rt->rt_flags & (RTF_REJECT|RTF_BLACKHOLE)) {
78064Sume		m_freem(m);
78064Sume		return (rt->rt_flags & RTF_BLACKHOLE ? 0 :
78064Sume		        rt->rt_flags & RTF_HOST ? EHOSTUNREACH : ENETUNREACH);
78064Sume	}
78064Sume	ifp->if_opackets++;
78064Sume	ifp->if_obytes += m->m_pkthdr.len;
78064Sume	switch (dst->sa_family) {
78064Sume#ifdef INET
78064Sume	case AF_INET:
78064Sume		ifq = &ipintrq;
78064Sume		isr = NETISR_IP;
78064Sume		break;
78064Sume#endif
78064Sume#ifdef INET6
78064Sume	case AF_INET6:
78064Sume		ifq = &ip6intrq;
78064Sume		isr = NETISR_IPV6;
78064Sume		break;
78064Sume#endif
78064Sume	default:
78064Sume		m_freem(m);
78064Sume		return EAFNOSUPPORT;
78064Sume	}
78064Sume
78064Sume	/* XXX do we need more sanity checks? */
78064Sume
78064Sume	m->m_pkthdr.rcvif = ifp;
78064Sume	ifp->if_ipackets++;
78064Sume	ifp->if_ibytes += m->m_pkthdr.len;
78064Sume	(void) IF_HANDOFF(ifq, m, NULL);
78064Sume	schednetisr(isr);
78064Sume	return (0);
78064Sume}
78064Sume
78064Sume/* ARGSUSED */
78064Sumestatic void
85074Srufaithrtrequest(cmd, rt, info)
78064Sume	int cmd;
78064Sume	struct rtentry *rt;
85074Sru	struct rt_addrinfo *info;
78064Sume{
78064Sume	if (rt) {
78064Sume		rt->rt_rmx.rmx_mtu = rt->rt_ifp->if_mtu; /* for ISO */
78064Sume		/*
78064Sume		 * For optimal performance, the send and receive buffers
78064Sume		 * should be at least twice the MTU plus a little more for
78064Sume		 * overhead.
78064Sume		 */
78064Sume		rt->rt_rmx.rmx_recvpipe =
78064Sume			rt->rt_rmx.rmx_sendpipe = 3 * FAITHMTU;
78064Sume	}
78064Sume}
78064Sume
78064Sume/*
78064Sume * Process an ioctl request.
78064Sume */
78064Sume/* ARGSUSED */
78064Sumestatic int
78064Sumefaithioctl(ifp, cmd, data)
78064Sume	struct ifnet *ifp;
78064Sume	u_long cmd;
78064Sume	caddr_t data;
78064Sume{
78064Sume	struct ifaddr *ifa;
78064Sume	struct ifreq *ifr = (struct ifreq *)data;
78064Sume	int error = 0;
78064Sume
78064Sume	switch (cmd) {
78064Sume
78064Sume	case SIOCSIFADDR:
78064Sume		ifp->if_flags |= IFF_UP | IFF_RUNNING;
78064Sume		ifa = (struct ifaddr *)data;
78064Sume		ifa->ifa_rtrequest = faithrtrequest;
78064Sume		/*
78064Sume		 * Everything else is done at a higher level.
78064Sume		 */
78064Sume		break;
78064Sume
78064Sume	case SIOCADDMULTI:
78064Sume	case SIOCDELMULTI:
78064Sume		if (ifr == 0) {
78064Sume			error = EAFNOSUPPORT;		/* XXX */
78064Sume			break;
78064Sume		}
78064Sume		switch (ifr->ifr_addr.sa_family) {
78064Sume#ifdef INET
78064Sume		case AF_INET:
78064Sume			break;
78064Sume#endif
78064Sume#ifdef INET6
78064Sume		case AF_INET6:
78064Sume			break;
78064Sume#endif
78064Sume
78064Sume		default:
78064Sume			error = EAFNOSUPPORT;
78064Sume			break;
78064Sume		}
78064Sume		break;
78064Sume
78064Sume#ifdef SIOCSIFMTU
78064Sume	case SIOCSIFMTU:
78064Sume		ifp->if_mtu = ifr->ifr_mtu;
78064Sume		break;
78064Sume#endif
78064Sume
78064Sume	case SIOCSIFFLAGS:
78064Sume		break;
78064Sume
78064Sume	default:
78064Sume		error = EINVAL;
78064Sume	}
78064Sume	return (error);
78064Sume}
78064Sume
79326Sume#ifdef INET6
78064Sume/*
78064Sume * XXX could be slow
78064Sume * XXX could be layer violation to call sys/net from sys/netinet6
78064Sume */
83934Sbrooksstatic int
78064Sumefaithprefix(in6)
78064Sume	struct in6_addr *in6;
78064Sume{
78064Sume	struct rtentry *rt;
78064Sume	struct sockaddr_in6 sin6;
78064Sume	int ret;
78064Sume
78064Sume	if (ip6_keepfaith == 0)
78064Sume		return 0;
78064Sume
78064Sume	bzero(&sin6, sizeof(sin6));
78064Sume	sin6.sin6_family = AF_INET6;
78064Sume	sin6.sin6_len = sizeof(struct sockaddr_in6);
78064Sume	sin6.sin6_addr = *in6;
78064Sume	rt = rtalloc1((struct sockaddr *)&sin6, 0, 0UL);
78064Sume	if (rt && rt->rt_ifp && rt->rt_ifp->if_type == IFT_FAITH &&
78064Sume	    (rt->rt_ifp->if_flags & IFF_UP) != 0)
78064Sume		ret = 1;
78064Sume	else
78064Sume		ret = 0;
78064Sume	if (rt)
78064Sume		RTFREE(rt);
78064Sume	return ret;
78064Sume}
79326Sume#endif