if_stf.c revision 129880
162587Sitojun/* $FreeBSD: head/sys/net/if_stf.c 129880 2004-05-30 20:27:19Z phk $ */ 295023Ssuz/* $KAME: if_stf.c,v 1.73 2001/12/03 11:08:30 keiichi Exp $ */ 362587Sitojun 462587Sitojun/* 562587Sitojun * Copyright (C) 2000 WIDE Project. 662587Sitojun * All rights reserved. 762587Sitojun * 862587Sitojun * Redistribution and use in source and binary forms, with or without 962587Sitojun * modification, are permitted provided that the following conditions 1062587Sitojun * are met: 1162587Sitojun * 1. Redistributions of source code must retain the above copyright 1262587Sitojun * notice, this list of conditions and the following disclaimer. 1362587Sitojun * 2. Redistributions in binary form must reproduce the above copyright 1462587Sitojun * notice, this list of conditions and the following disclaimer in the 1562587Sitojun * documentation and/or other materials provided with the distribution. 1662587Sitojun * 3. Neither the name of the project nor the names of its contributors 1762587Sitojun * may be used to endorse or promote products derived from this software 1862587Sitojun * without specific prior written permission. 1962587Sitojun * 2062587Sitojun * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 2162587Sitojun * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2262587Sitojun * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2362587Sitojun * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 2462587Sitojun * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2562587Sitojun * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2662587Sitojun * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2762587Sitojun * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2862587Sitojun * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2962587Sitojun * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3062587Sitojun * SUCH DAMAGE. 3162587Sitojun */ 3262587Sitojun 3362587Sitojun/* 3478064Sume * 6to4 interface, based on RFC3056. 3562587Sitojun * 3662587Sitojun * 6to4 interface is NOT capable of link-layer (I mean, IPv4) multicasting. 3762587Sitojun * There is no address mapping defined from IPv6 multicast address to IPv4 3862587Sitojun * address. Therefore, we do not have IFF_MULTICAST on the interface. 3962587Sitojun * 4062587Sitojun * Due to the lack of address mapping for link-local addresses, we cannot 4162587Sitojun * throw packets toward link-local addresses (fe80::x). Also, we cannot throw 4262587Sitojun * packets to link-local multicast addresses (ff02::x). 4362587Sitojun * 4462587Sitojun * Here are interesting symptoms due to the lack of link-local address: 4562587Sitojun * 4662587Sitojun * Unicast routing exchange: 4762587Sitojun * - RIPng: Impossible. Uses link-local multicast packet toward ff02::9, 4862587Sitojun * and link-local addresses as nexthop. 4962587Sitojun * - OSPFv6: Impossible. OSPFv6 assumes that there's link-local address 5062587Sitojun * assigned to the link, and makes use of them. Also, HELLO packets use 5162587Sitojun * link-local multicast addresses (ff02::5 and ff02::6). 5262587Sitojun * - BGP4+: Maybe. You can only use global address as nexthop, and global 5362587Sitojun * address as TCP endpoint address. 5462587Sitojun * 5562587Sitojun * Multicast routing protocols: 5662587Sitojun * - PIM: Hello packet cannot be used to discover adjacent PIM routers. 5762587Sitojun * Adjacent PIM routers must be configured manually (is it really spec-wise 5862587Sitojun * correct thing to do?). 5962587Sitojun * 6062587Sitojun * ICMPv6: 6162587Sitojun * - Redirects cannot be used due to the lack of link-local address. 6262587Sitojun * 6378064Sume * stf interface does not have, and will not need, a link-local address. 6478064Sume * It seems to have no real benefit and does not help the above symptoms much. 6578064Sume * Even if we assign link-locals to interface, we cannot really 6678064Sume * use link-local unicast/multicast on top of 6to4 cloud (since there's no 6778064Sume * encapsulation defined for link-local address), and the above analysis does 6878064Sume * not change. RFC3056 does not mandate the assignment of link-local address 6978064Sume * either. 7062587Sitojun * 7162587Sitojun * 6to4 interface has security issues. Refer to 7262587Sitojun * http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt 7362587Sitojun * for details. The code tries to filter out some of malicious packets. 7462587Sitojun * Note that there is no way to be 100% secure. 7562587Sitojun */ 7662587Sitojun 7762587Sitojun#include "opt_inet.h" 7862587Sitojun#include "opt_inet6.h" 79105580Srwatson#include "opt_mac.h" 8062587Sitojun 8162587Sitojun#include <sys/param.h> 8262587Sitojun#include <sys/systm.h> 8362587Sitojun#include <sys/socket.h> 8462587Sitojun#include <sys/sockio.h> 85105580Srwatson#include <sys/mac.h> 8662587Sitojun#include <sys/mbuf.h> 8762587Sitojun#include <sys/errno.h> 8883655Sbrooks#include <sys/kernel.h> 89129880Sphk#include <sys/module.h> 9062587Sitojun#include <sys/protosw.h> 9183655Sbrooks#include <sys/queue.h> 9262587Sitojun#include <machine/cpu.h> 9362587Sitojun 9462587Sitojun#include <sys/malloc.h> 9562587Sitojun 9662587Sitojun#include <net/if.h> 9762587Sitojun#include <net/route.h> 9862587Sitojun#include <net/netisr.h> 9962587Sitojun#include <net/if_types.h> 10062587Sitojun#include <net/if_stf.h> 10162587Sitojun 10262587Sitojun#include <netinet/in.h> 10362587Sitojun#include <netinet/in_systm.h> 10462587Sitojun#include <netinet/ip.h> 10562587Sitojun#include <netinet/ip_var.h> 10662587Sitojun#include <netinet/in_var.h> 10762587Sitojun 10862587Sitojun#include <netinet/ip6.h> 10962587Sitojun#include <netinet6/ip6_var.h> 11062587Sitojun#include <netinet6/in6_var.h> 11162587Sitojun#include <netinet/ip_ecn.h> 11262587Sitojun 11362587Sitojun#include <netinet/ip_encap.h> 11462587Sitojun 11562587Sitojun#include <machine/stdarg.h> 11662587Sitojun 11762587Sitojun#include <net/net_osdep.h> 11862587Sitojun 11962587Sitojun#include <net/bpf.h> 12062587Sitojun 12183655Sbrooks#define STFNAME "stf" 12283655Sbrooks 12362587Sitojun#define IN6_IS_ADDR_6TO4(x) (ntohs((x)->s6_addr16[0]) == 0x2002) 12462587Sitojun 125109322Ssuz/* 126109322Ssuz * XXX: Return a pointer with 16-bit aligned. Don't cast it to 127109322Ssuz * struct in_addr *; use bcopy() instead. 128109322Ssuz */ 129109322Ssuz#define GET_V4(x) ((caddr_t)(&(x)->s6_addr16[1])) 130109322Ssuz 13162587Sitojunstruct stf_softc { 13262587Sitojun struct ifnet sc_if; /* common area */ 13362587Sitojun union { 13462587Sitojun struct route __sc_ro4; 13562587Sitojun struct route_in6 __sc_ro6; /* just for safety */ 13662587Sitojun } __sc_ro46; 13762587Sitojun#define sc_ro __sc_ro46.__sc_ro4 13862587Sitojun const struct encaptab *encap_cookie; 13983655Sbrooks LIST_ENTRY(stf_softc) sc_list; /* all stf's are linked */ 14062587Sitojun}; 14162587Sitojun 142126783Srwatson/* 143126783Srwatson * All mutable global variables in if_stf.c are protected by stf_mtx. 144126783Srwatson * XXXRW: Note that mutable fields in the softc are not currently locked: 145126783Srwatson * in particular, sc_ro needs to be protected from concurrent entrance 146126783Srwatson * of stf_output(). 147126783Srwatson */ 148126783Srwatsonstatic struct mtx stf_mtx; 14989065Smsmithstatic LIST_HEAD(, stf_softc) stf_softc_list; 15062587Sitojun 15183655Sbrooksstatic MALLOC_DEFINE(M_STF, STFNAME, "6to4 Tunnel Interface"); 152126709Srwatsonstatic const int ip_stf_ttl = 40; 15362587Sitojun 15479106Sbrooksextern struct domain inetdomain; 15582884Sjulianstruct protosw in_stf_protosw = 15679106Sbrooks{ SOCK_RAW, &inetdomain, IPPROTO_IPV6, PR_ATOMIC|PR_ADDR, 15791452Speter in_stf_input, (pr_output_t*)rip_output, 0, rip_ctloutput, 15879106Sbrooks 0, 15979106Sbrooks 0, 0, 0, 0, 16079106Sbrooks &rip_usrreqs 16179106Sbrooks}; 16262587Sitojun 16392725Salfredstatic int stfmodevent(module_t, int, void *); 16492725Salfredstatic int stf_encapcheck(const struct mbuf *, int, int, void *); 16592725Salfredstatic struct in6_ifaddr *stf_getsrcifa6(struct ifnet *); 16692725Salfredstatic int stf_output(struct ifnet *, struct mbuf *, struct sockaddr *, 16792725Salfred struct rtentry *); 168103475Sumestatic int isrfc1918addr(struct in_addr *); 16992725Salfredstatic int stf_checkaddr4(struct stf_softc *, struct in_addr *, 17092725Salfred struct ifnet *); 17192725Salfredstatic int stf_checkaddr6(struct stf_softc *, struct in6_addr *, 17292725Salfred struct ifnet *); 17392725Salfredstatic void stf_rtrequest(int, struct rtentry *, struct rt_addrinfo *); 17492725Salfredstatic int stf_ioctl(struct ifnet *, u_long, caddr_t); 17562587Sitojun 176128209Sbrooksstatic int stf_clone_create(struct if_clone *, int); 177128209Sbrooksstatic void stf_clone_destroy(struct ifnet *); 17883655Sbrooks 17992081Smux/* only one clone is currently allowed */ 18083655Sbrooksstruct if_clone stf_cloner = 18197289Sbrooks IF_CLONE_INITIALIZER(STFNAME, stf_clone_create, stf_clone_destroy, 0, 0); 18283655Sbrooks 183128209Sbrooksstatic int 18483655Sbrooksstf_clone_create(ifc, unit) 18583655Sbrooks struct if_clone *ifc; 18692081Smux int unit; 18783655Sbrooks{ 18883655Sbrooks struct stf_softc *sc; 189128417Sbrooks struct ifnet *ifp; 19083655Sbrooks 191111119Simp sc = malloc(sizeof(struct stf_softc), M_STF, M_WAITOK | M_ZERO); 192128417Sbrooks ifp = &sc->sc_if; 193128417Sbrooks if_initname(ifp, ifc->ifc_name, unit); 19483655Sbrooks 19583655Sbrooks sc->encap_cookie = encap_attach_func(AF_INET, IPPROTO_IPV6, 19683655Sbrooks stf_encapcheck, &in_stf_protosw, sc); 19783655Sbrooks if (sc->encap_cookie == NULL) { 198128417Sbrooks if_printf(ifp, "attach failed\n"); 19983655Sbrooks free(sc, M_STF); 20083655Sbrooks return (ENOMEM); 20183655Sbrooks } 20283655Sbrooks 203128417Sbrooks ifp->if_mtu = IPV6_MMTU; 204128417Sbrooks ifp->if_ioctl = stf_ioctl; 205128417Sbrooks ifp->if_output = stf_output; 206128417Sbrooks ifp->if_type = IFT_STF; 207128417Sbrooks ifp->if_snd.ifq_maxlen = IFQ_MAXLEN; 208128417Sbrooks if_attach(ifp); 209128417Sbrooks bpfattach(ifp, DLT_NULL, sizeof(u_int)); 210126783Srwatson mtx_lock(&stf_mtx); 21183655Sbrooks LIST_INSERT_HEAD(&stf_softc_list, sc, sc_list); 212126783Srwatson mtx_unlock(&stf_mtx); 21383655Sbrooks return (0); 21483655Sbrooks} 21583655Sbrooks 216126783Srwatsonstatic void 217126783Srwatsonstf_destroy(struct stf_softc *sc) 218126783Srwatson{ 219126783Srwatson int err; 220126783Srwatson 221126783Srwatson err = encap_detach(sc->encap_cookie); 222126783Srwatson KASSERT(err == 0, ("Unexpected error detaching encap_cookie")); 223126783Srwatson bpfdetach(&sc->sc_if); 224126783Srwatson if_detach(&sc->sc_if); 225126783Srwatson 226126783Srwatson free(sc, M_STF); 227126783Srwatson} 228126783Srwatson 229128209Sbrooksstatic void 23083655Sbrooksstf_clone_destroy(ifp) 23183655Sbrooks struct ifnet *ifp; 23283655Sbrooks{ 23383655Sbrooks struct stf_softc *sc = (void *) ifp; 23483655Sbrooks 235126783Srwatson mtx_lock(&stf_mtx); 23683655Sbrooks LIST_REMOVE(sc, sc_list); 237126783Srwatson mtx_unlock(&stf_mtx); 23883655Sbrooks 239126783Srwatson stf_destroy(sc); 24083655Sbrooks} 24183655Sbrooks 24279106Sbrooksstatic int 24379106Sbrooksstfmodevent(mod, type, data) 24479106Sbrooks module_t mod; 24579106Sbrooks int type; 24679106Sbrooks void *data; 24762587Sitojun{ 248126783Srwatson struct stf_softc *sc; 24962587Sitojun 25079106Sbrooks switch (type) { 25179106Sbrooks case MOD_LOAD: 252126783Srwatson mtx_init(&stf_mtx, "stf_mtx", NULL, MTX_DEF); 25383655Sbrooks LIST_INIT(&stf_softc_list); 25483655Sbrooks if_clone_attach(&stf_cloner); 25562587Sitojun 25679106Sbrooks break; 25779106Sbrooks case MOD_UNLOAD: 25883655Sbrooks if_clone_detach(&stf_cloner); 25983655Sbrooks 260126783Srwatson mtx_lock(&stf_mtx); 261126783Srwatson while ((sc = LIST_FIRST(&stf_softc_list)) != NULL) { 262126783Srwatson LIST_REMOVE(sc, sc_list); 263126783Srwatson mtx_unlock(&stf_mtx); 264126783Srwatson stf_destroy(sc); 265126783Srwatson mtx_lock(&stf_mtx); 266126783Srwatson } 267126783Srwatson mtx_unlock(&stf_mtx); 268126783Srwatson mtx_destroy(&stf_mtx); 26979106Sbrooks break; 27062587Sitojun } 27179106Sbrooks 27279106Sbrooks return (0); 27362587Sitojun} 27462587Sitojun 27579106Sbrooksstatic moduledata_t stf_mod = { 27679106Sbrooks "if_stf", 27779106Sbrooks stfmodevent, 27879106Sbrooks 0 27979106Sbrooks}; 28062587Sitojun 28179106SbrooksDECLARE_MODULE(if_stf, stf_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 28279106Sbrooks 28362587Sitojunstatic int 28462587Sitojunstf_encapcheck(m, off, proto, arg) 28562587Sitojun const struct mbuf *m; 28662587Sitojun int off; 28762587Sitojun int proto; 28862587Sitojun void *arg; 28962587Sitojun{ 29062587Sitojun struct ip ip; 29162587Sitojun struct in6_ifaddr *ia6; 29262587Sitojun struct stf_softc *sc; 293108710Sfenner struct in_addr a, b, mask; 29462587Sitojun 29562587Sitojun sc = (struct stf_softc *)arg; 29662587Sitojun if (sc == NULL) 29762587Sitojun return 0; 29862587Sitojun 29962587Sitojun if ((sc->sc_if.if_flags & IFF_UP) == 0) 30062587Sitojun return 0; 30162587Sitojun 30278064Sume /* IFF_LINK0 means "no decapsulation" */ 30378064Sume if ((sc->sc_if.if_flags & IFF_LINK0) != 0) 30478064Sume return 0; 30578064Sume 30662587Sitojun if (proto != IPPROTO_IPV6) 30762587Sitojun return 0; 30862587Sitojun 30962587Sitojun /* LINTED const cast */ 31091452Speter m_copydata((struct mbuf *)(uintptr_t)m, 0, sizeof(ip), (caddr_t)&ip); 31162587Sitojun 31262587Sitojun if (ip.ip_v != 4) 31362587Sitojun return 0; 31462587Sitojun 31562587Sitojun ia6 = stf_getsrcifa6(&sc->sc_if); 31662587Sitojun if (ia6 == NULL) 31762587Sitojun return 0; 31862587Sitojun 31962587Sitojun /* 32062587Sitojun * check if IPv4 dst matches the IPv4 address derived from the 32162587Sitojun * local 6to4 address. 32262587Sitojun * success on: dst = 10.1.1.1, ia6->ia_addr = 2002:0a01:0101:... 32362587Sitojun */ 32462587Sitojun if (bcmp(GET_V4(&ia6->ia_addr.sin6_addr), &ip.ip_dst, 32562587Sitojun sizeof(ip.ip_dst)) != 0) 32662587Sitojun return 0; 32762587Sitojun 32862587Sitojun /* 32962587Sitojun * check if IPv4 src matches the IPv4 address derived from the 33062587Sitojun * local 6to4 address masked by prefixmask. 33162587Sitojun * success on: src = 10.1.1.1, ia6->ia_addr = 2002:0a00:.../24 33262587Sitojun * fail on: src = 10.1.1.1, ia6->ia_addr = 2002:0b00:.../24 33362587Sitojun */ 33462587Sitojun bzero(&a, sizeof(a)); 335108710Sfenner bcopy(GET_V4(&ia6->ia_addr.sin6_addr), &a, sizeof(a)); 336108710Sfenner bcopy(GET_V4(&ia6->ia_prefixmask.sin6_addr), &mask, sizeof(mask)); 337108710Sfenner a.s_addr &= mask.s_addr; 33862587Sitojun b = ip.ip_src; 339108710Sfenner b.s_addr &= mask.s_addr; 34062587Sitojun if (a.s_addr != b.s_addr) 34162587Sitojun return 0; 34262587Sitojun 34362587Sitojun /* stf interface makes single side match only */ 34462587Sitojun return 32; 34562587Sitojun} 34662587Sitojun 34762587Sitojunstatic struct in6_ifaddr * 34862587Sitojunstf_getsrcifa6(ifp) 34962587Sitojun struct ifnet *ifp; 35062587Sitojun{ 35162587Sitojun struct ifaddr *ia; 35262587Sitojun struct in_ifaddr *ia4; 35362587Sitojun struct sockaddr_in6 *sin6; 35462587Sitojun struct in_addr in; 35562587Sitojun 35671959Sphk for (ia = TAILQ_FIRST(&ifp->if_addrlist); 35762587Sitojun ia; 35871959Sphk ia = TAILQ_NEXT(ia, ifa_list)) 35962587Sitojun { 36062587Sitojun if (ia->ifa_addr == NULL) 36162587Sitojun continue; 36262587Sitojun if (ia->ifa_addr->sa_family != AF_INET6) 36362587Sitojun continue; 36462587Sitojun sin6 = (struct sockaddr_in6 *)ia->ifa_addr; 36562587Sitojun if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) 36662587Sitojun continue; 36762587Sitojun 36862587Sitojun bcopy(GET_V4(&sin6->sin6_addr), &in, sizeof(in)); 36984104Sjlemon LIST_FOREACH(ia4, INADDR_HASH(in.s_addr), ia_hash) 37062587Sitojun if (ia4->ia_addr.sin_addr.s_addr == in.s_addr) 37162587Sitojun break; 37262587Sitojun if (ia4 == NULL) 37362587Sitojun continue; 37462587Sitojun 37562587Sitojun return (struct in6_ifaddr *)ia; 37662587Sitojun } 37762587Sitojun 37862587Sitojun return NULL; 37962587Sitojun} 38062587Sitojun 38162587Sitojunstatic int 38262587Sitojunstf_output(ifp, m, dst, rt) 38362587Sitojun struct ifnet *ifp; 38462587Sitojun struct mbuf *m; 38562587Sitojun struct sockaddr *dst; 38662587Sitojun struct rtentry *rt; 38762587Sitojun{ 38862587Sitojun struct stf_softc *sc; 38962587Sitojun struct sockaddr_in6 *dst6; 390109322Ssuz struct in_addr in4; 391109322Ssuz caddr_t ptr; 39262587Sitojun struct sockaddr_in *dst4; 39362587Sitojun u_int8_t tos; 39462587Sitojun struct ip *ip; 39562587Sitojun struct ip6_hdr *ip6; 39662587Sitojun struct in6_ifaddr *ia6; 397105580Srwatson#ifdef MAC 398105580Srwatson int error; 39962587Sitojun 400105580Srwatson error = mac_check_ifnet_transmit(ifp, m); 401105580Srwatson if (error) { 402105580Srwatson m_freem(m); 403105580Srwatson return (error); 404105580Srwatson } 405105580Srwatson#endif 406105580Srwatson 40762587Sitojun sc = (struct stf_softc*)ifp; 40862587Sitojun dst6 = (struct sockaddr_in6 *)dst; 40962587Sitojun 41062587Sitojun /* just in case */ 41162587Sitojun if ((ifp->if_flags & IFF_UP) == 0) { 41262587Sitojun m_freem(m); 413103487Sume ifp->if_oerrors++; 41462587Sitojun return ENETDOWN; 41562587Sitojun } 41662587Sitojun 41762587Sitojun /* 41862587Sitojun * If we don't have an ip4 address that match my inner ip6 address, 41962587Sitojun * we shouldn't generate output. Without this check, we'll end up 42062587Sitojun * using wrong IPv4 source. 42162587Sitojun */ 42262587Sitojun ia6 = stf_getsrcifa6(ifp); 42362587Sitojun if (ia6 == NULL) { 42462587Sitojun m_freem(m); 425103487Sume ifp->if_oerrors++; 42662587Sitojun return ENETDOWN; 42762587Sitojun } 42862587Sitojun 42962587Sitojun if (m->m_len < sizeof(*ip6)) { 43062587Sitojun m = m_pullup(m, sizeof(*ip6)); 431103487Sume if (!m) { 432103487Sume ifp->if_oerrors++; 43362587Sitojun return ENOBUFS; 434103487Sume } 43562587Sitojun } 43662587Sitojun ip6 = mtod(m, struct ip6_hdr *); 43762587Sitojun tos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; 43862587Sitojun 43978064Sume /* 44078064Sume * Pickup the right outer dst addr from the list of candidates. 44178064Sume * ip6_dst has priority as it may be able to give us shorter IPv4 hops. 44278064Sume */ 443109322Ssuz ptr = NULL; 44478064Sume if (IN6_IS_ADDR_6TO4(&ip6->ip6_dst)) 445109322Ssuz ptr = GET_V4(&ip6->ip6_dst); 44678064Sume else if (IN6_IS_ADDR_6TO4(&dst6->sin6_addr)) 447109322Ssuz ptr = GET_V4(&dst6->sin6_addr); 44878064Sume else { 44978064Sume m_freem(m); 450103487Sume ifp->if_oerrors++; 45178064Sume return ENETUNREACH; 45278064Sume } 453109322Ssuz bcopy(ptr, &in4, sizeof(in4)); 45478064Sume 45578701Sume#if NBPFILTER > 0 45678701Sume if (ifp->if_bpf) { 45778701Sume /* 45878701Sume * We need to prepend the address family as 45978701Sume * a four byte field. Cons up a dummy header 46078701Sume * to pacify bpf. This is safe because bpf 46178701Sume * will only read from the mbuf (i.e., it won't 46278701Sume * try to free it or keep a pointer a to it). 46378701Sume */ 464123922Ssam u_int32_t af = AF_INET6; 465123922Ssam#ifdef HAVE_OLD_BPF 46678701Sume struct mbuf m0; 46778701Sume 46878701Sume m0.m_next = m; 46978701Sume m0.m_len = 4; 47078701Sume m0.m_data = (char *)⁡ 47178701Sume 472106939Ssam BPF_MTAP(ifp, &m0); 47378701Sume#else 474123922Ssam bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m); 47578701Sume#endif 47678701Sume } 47778701Sume#endif /*NBPFILTER > 0*/ 47878701Sume 479111119Simp M_PREPEND(m, sizeof(struct ip), M_DONTWAIT); 48062587Sitojun if (m && m->m_len < sizeof(struct ip)) 48162587Sitojun m = m_pullup(m, sizeof(struct ip)); 482103487Sume if (m == NULL) { 483103487Sume ifp->if_oerrors++; 48462587Sitojun return ENOBUFS; 485103487Sume } 48662587Sitojun ip = mtod(m, struct ip *); 48762587Sitojun 48862587Sitojun bzero(ip, sizeof(*ip)); 48962587Sitojun 49062587Sitojun bcopy(GET_V4(&((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr), 49162587Sitojun &ip->ip_src, sizeof(ip->ip_src)); 492109322Ssuz bcopy(&in4, &ip->ip_dst, sizeof(ip->ip_dst)); 49362587Sitojun ip->ip_p = IPPROTO_IPV6; 49479106Sbrooks ip->ip_ttl = ip_stf_ttl; 49562587Sitojun ip->ip_len = m->m_pkthdr.len; /*host order*/ 49662587Sitojun if (ifp->if_flags & IFF_LINK1) 49762587Sitojun ip_ecn_ingress(ECN_ALLOWED, &ip->ip_tos, &tos); 49878064Sume else 49978064Sume ip_ecn_ingress(ECN_NOCARE, &ip->ip_tos, &tos); 50062587Sitojun 501126783Srwatson /* 502126783Srwatson * XXXRW: Locking of sc_ro required. 503126783Srwatson */ 50462587Sitojun dst4 = (struct sockaddr_in *)&sc->sc_ro.ro_dst; 50562587Sitojun if (dst4->sin_family != AF_INET || 50662587Sitojun bcmp(&dst4->sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)) != 0) { 50762587Sitojun /* cache route doesn't match */ 50862587Sitojun dst4->sin_family = AF_INET; 50962587Sitojun dst4->sin_len = sizeof(struct sockaddr_in); 51062587Sitojun bcopy(&ip->ip_dst, &dst4->sin_addr, sizeof(dst4->sin_addr)); 51162587Sitojun if (sc->sc_ro.ro_rt) { 51262587Sitojun RTFREE(sc->sc_ro.ro_rt); 51362587Sitojun sc->sc_ro.ro_rt = NULL; 51462587Sitojun } 51562587Sitojun } 51662587Sitojun 51762587Sitojun if (sc->sc_ro.ro_rt == NULL) { 51862587Sitojun rtalloc(&sc->sc_ro); 51962587Sitojun if (sc->sc_ro.ro_rt == NULL) { 52062587Sitojun m_freem(m); 521103487Sume ifp->if_oerrors++; 52262587Sitojun return ENETUNREACH; 52362587Sitojun } 52462587Sitojun } 52562587Sitojun 526103487Sume ifp->if_opackets++; 527105194Ssam return ip_output(m, NULL, &sc->sc_ro, 0, NULL, NULL); 52862587Sitojun} 52962587Sitojun 53062587Sitojunstatic int 531103475Sumeisrfc1918addr(in) 532109322Ssuz struct in_addr *in; 533103475Sume{ 534103475Sume /* 535103475Sume * returns 1 if private address range: 536103475Sume * 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 537103475Sume */ 538109322Ssuz if ((ntohl(in->s_addr) & 0xff000000) >> 24 == 10 || 539109322Ssuz (ntohl(in->s_addr) & 0xfff00000) >> 16 == 172 * 256 + 16 || 540109322Ssuz (ntohl(in->s_addr) & 0xffff0000) >> 16 == 192 * 256 + 168) 541103475Sume return 1; 542103475Sume 543103475Sume return 0; 544103475Sume} 545103475Sume 546103475Sumestatic int 54778064Sumestf_checkaddr4(sc, in, inifp) 54878064Sume struct stf_softc *sc; 549109322Ssuz struct in_addr *in; 55078064Sume struct ifnet *inifp; /* incoming interface */ 55162587Sitojun{ 55262587Sitojun struct in_ifaddr *ia4; 55362587Sitojun 55462587Sitojun /* 55562587Sitojun * reject packets with the following address: 55662587Sitojun * 224.0.0.0/4 0.0.0.0/8 127.0.0.0/8 255.0.0.0/8 55762587Sitojun */ 558109322Ssuz if (IN_MULTICAST(ntohl(in->s_addr))) 55962587Sitojun return -1; 560109322Ssuz switch ((ntohl(in->s_addr) & 0xff000000) >> 24) { 561109322Ssuz case 0: case 127: case 255: 56262587Sitojun return -1; 563109322Ssuz } 56462587Sitojun 56562587Sitojun /* 566103475Sume * reject packets with private address range. 567103475Sume * (requirement from RFC3056 section 2 1st paragraph) 568103475Sume */ 569103475Sume if (isrfc1918addr(in)) 570103475Sume return -1; 571103475Sume 572103475Sume /* 57362587Sitojun * reject packets with broadcast 57462587Sitojun */ 57562587Sitojun for (ia4 = TAILQ_FIRST(&in_ifaddrhead); 57662587Sitojun ia4; 57762587Sitojun ia4 = TAILQ_NEXT(ia4, ia_link)) 57862587Sitojun { 57962587Sitojun if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0) 58062587Sitojun continue; 581109322Ssuz if (in->s_addr == ia4->ia_broadaddr.sin_addr.s_addr) 58262587Sitojun return -1; 58362587Sitojun } 58462587Sitojun 58562587Sitojun /* 58662587Sitojun * perform ingress filter 58762587Sitojun */ 58878064Sume if (sc && (sc->sc_if.if_flags & IFF_LINK2) == 0 && inifp) { 58962587Sitojun struct sockaddr_in sin; 59062587Sitojun struct rtentry *rt; 59162587Sitojun 59262587Sitojun bzero(&sin, sizeof(sin)); 59362587Sitojun sin.sin_family = AF_INET; 59462587Sitojun sin.sin_len = sizeof(struct sockaddr_in); 595109322Ssuz sin.sin_addr = *in; 59662587Sitojun rt = rtalloc1((struct sockaddr *)&sin, 0, 0UL); 59778064Sume if (!rt || rt->rt_ifp != inifp) { 59878064Sume#if 0 59978064Sume log(LOG_WARNING, "%s: packet from 0x%x dropped " 60078064Sume "due to ingress filter\n", if_name(&sc->sc_if), 60178064Sume (u_int32_t)ntohl(sin.sin_addr.s_addr)); 60278064Sume#endif 60378064Sume if (rt) 60478064Sume rtfree(rt); 60562587Sitojun return -1; 60662587Sitojun } 60762587Sitojun rtfree(rt); 60862587Sitojun } 60962587Sitojun 61062587Sitojun return 0; 61162587Sitojun} 61262587Sitojun 61362587Sitojunstatic int 61478064Sumestf_checkaddr6(sc, in6, inifp) 61578064Sume struct stf_softc *sc; 61662587Sitojun struct in6_addr *in6; 61778064Sume struct ifnet *inifp; /* incoming interface */ 61862587Sitojun{ 61962587Sitojun /* 62062587Sitojun * check 6to4 addresses 62162587Sitojun */ 622109322Ssuz if (IN6_IS_ADDR_6TO4(in6)) { 623109322Ssuz struct in_addr in4; 624109322Ssuz bcopy(GET_V4(in6), &in4, sizeof(in4)); 625109322Ssuz return stf_checkaddr4(sc, &in4, inifp); 626109322Ssuz } 62762587Sitojun 62862587Sitojun /* 62962587Sitojun * reject anything that look suspicious. the test is implemented 63062587Sitojun * in ip6_input too, but we check here as well to 63162587Sitojun * (1) reject bad packets earlier, and 63262587Sitojun * (2) to be safe against future ip6_input change. 63362587Sitojun */ 63462587Sitojun if (IN6_IS_ADDR_V4COMPAT(in6) || IN6_IS_ADDR_V4MAPPED(in6)) 63562587Sitojun return -1; 63662587Sitojun 63762587Sitojun return 0; 63862587Sitojun} 63962587Sitojun 64062587Sitojunvoid 64183187Sjulianin_stf_input(m, off) 64278064Sume struct mbuf *m; 64383187Sjulian int off; 64462587Sitojun{ 64583187Sjulian int proto; 64662587Sitojun struct stf_softc *sc; 64762587Sitojun struct ip *ip; 64862587Sitojun struct ip6_hdr *ip6; 64962587Sitojun u_int8_t otos, itos; 65062587Sitojun struct ifnet *ifp; 65162587Sitojun 65282884Sjulian proto = mtod(m, struct ip *)->ip_p; 65362587Sitojun 65462587Sitojun if (proto != IPPROTO_IPV6) { 65562587Sitojun m_freem(m); 65662587Sitojun return; 65762587Sitojun } 65862587Sitojun 65962587Sitojun ip = mtod(m, struct ip *); 66062587Sitojun 66162587Sitojun sc = (struct stf_softc *)encap_getarg(m); 66262587Sitojun 66362587Sitojun if (sc == NULL || (sc->sc_if.if_flags & IFF_UP) == 0) { 66462587Sitojun m_freem(m); 66562587Sitojun return; 66662587Sitojun } 66762587Sitojun 66862587Sitojun ifp = &sc->sc_if; 66962587Sitojun 670105580Srwatson#ifdef MAC 671105580Srwatson mac_create_mbuf_from_ifnet(ifp, m); 672105580Srwatson#endif 673105580Srwatson 67462587Sitojun /* 67562587Sitojun * perform sanity check against outer src/dst. 67662587Sitojun * for source, perform ingress filter as well. 67762587Sitojun */ 67878064Sume if (stf_checkaddr4(sc, &ip->ip_dst, NULL) < 0 || 67978064Sume stf_checkaddr4(sc, &ip->ip_src, m->m_pkthdr.rcvif) < 0) { 68062587Sitojun m_freem(m); 68162587Sitojun return; 68262587Sitojun } 68362587Sitojun 68462587Sitojun otos = ip->ip_tos; 68562587Sitojun m_adj(m, off); 68662587Sitojun 68762587Sitojun if (m->m_len < sizeof(*ip6)) { 68862587Sitojun m = m_pullup(m, sizeof(*ip6)); 68962587Sitojun if (!m) 69062587Sitojun return; 69162587Sitojun } 69262587Sitojun ip6 = mtod(m, struct ip6_hdr *); 69362587Sitojun 69462587Sitojun /* 69562587Sitojun * perform sanity check against inner src/dst. 69662587Sitojun * for source, perform ingress filter as well. 69762587Sitojun */ 69878064Sume if (stf_checkaddr6(sc, &ip6->ip6_dst, NULL) < 0 || 69978064Sume stf_checkaddr6(sc, &ip6->ip6_src, m->m_pkthdr.rcvif) < 0) { 70062587Sitojun m_freem(m); 70162587Sitojun return; 70262587Sitojun } 70362587Sitojun 70462587Sitojun itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; 70562587Sitojun if ((ifp->if_flags & IFF_LINK1) != 0) 70662587Sitojun ip_ecn_egress(ECN_ALLOWED, &otos, &itos); 70778064Sume else 70878064Sume ip_ecn_egress(ECN_NOCARE, &otos, &itos); 70962587Sitojun ip6->ip6_flow &= ~htonl(0xff << 20); 71062587Sitojun ip6->ip6_flow |= htonl((u_int32_t)itos << 20); 71162587Sitojun 71262587Sitojun m->m_pkthdr.rcvif = ifp; 71362587Sitojun 71462587Sitojun if (ifp->if_bpf) { 71562587Sitojun /* 71662587Sitojun * We need to prepend the address family as 71762587Sitojun * a four byte field. Cons up a dummy header 71862587Sitojun * to pacify bpf. This is safe because bpf 71962587Sitojun * will only read from the mbuf (i.e., it won't 72062587Sitojun * try to free it or keep a pointer a to it). 72162587Sitojun */ 722123922Ssam u_int32_t af = AF_INET6; 723123922Ssam#ifdef HAVE_OLD_BPF 72462587Sitojun struct mbuf m0; 72562587Sitojun 72662587Sitojun m0.m_next = m; 72762587Sitojun m0.m_len = 4; 72862587Sitojun m0.m_data = (char *)⁡ 72962587Sitojun 730106939Ssam BPF_MTAP(ifp, &m0); 73162587Sitojun#else 732123922Ssam bpf_mtap2(ifp->if_bpf, &af, sizeof(ah), m); 73362587Sitojun#endif 73462587Sitojun } 73562587Sitojun 73662587Sitojun /* 73762587Sitojun * Put the packet to the network layer input queue according to the 73862587Sitojun * specified address family. 73962587Sitojun * See net/if_gif.c for possible issues with packet processing 74062587Sitojun * reorder due to extra queueing. 74162587Sitojun */ 74262587Sitojun ifp->if_ipackets++; 743111888Sjlemon ifp->if_ibytes += m->m_pkthdr.len; 744111888Sjlemon netisr_dispatch(NETISR_IPV6, m); 74562587Sitojun} 74662587Sitojun 74762587Sitojun/* ARGSUSED */ 74862587Sitojunstatic void 74985074Srustf_rtrequest(cmd, rt, info) 75062587Sitojun int cmd; 75162587Sitojun struct rtentry *rt; 75285074Sru struct rt_addrinfo *info; 75362587Sitojun{ 754120727Ssam RT_LOCK_ASSERT(rt); 75562587Sitojun 75662587Sitojun if (rt) 75762587Sitojun rt->rt_rmx.rmx_mtu = IPV6_MMTU; 75862587Sitojun} 75962587Sitojun 76062587Sitojunstatic int 76162587Sitojunstf_ioctl(ifp, cmd, data) 76262587Sitojun struct ifnet *ifp; 76362587Sitojun u_long cmd; 76462587Sitojun caddr_t data; 76562587Sitojun{ 76662587Sitojun struct ifaddr *ifa; 76762587Sitojun struct ifreq *ifr; 76862587Sitojun struct sockaddr_in6 *sin6; 769109322Ssuz struct in_addr addr; 77062587Sitojun int error; 77162587Sitojun 77262587Sitojun error = 0; 77362587Sitojun switch (cmd) { 77462587Sitojun case SIOCSIFADDR: 77562587Sitojun ifa = (struct ifaddr *)data; 77662587Sitojun if (ifa == NULL || ifa->ifa_addr->sa_family != AF_INET6) { 77762587Sitojun error = EAFNOSUPPORT; 77862587Sitojun break; 77962587Sitojun } 78062587Sitojun sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 781109322Ssuz if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) { 78262587Sitojun error = EINVAL; 783109322Ssuz break; 784109322Ssuz } 785109322Ssuz bcopy(GET_V4(&sin6->sin6_addr), &addr, sizeof(addr)); 786109322Ssuz if (isrfc1918addr(&addr)) { 787109322Ssuz error = EINVAL; 788109322Ssuz break; 789109322Ssuz } 790109322Ssuz 791109322Ssuz ifa->ifa_rtrequest = stf_rtrequest; 792109322Ssuz ifp->if_flags |= IFF_UP; 79362587Sitojun break; 79462587Sitojun 79562587Sitojun case SIOCADDMULTI: 79662587Sitojun case SIOCDELMULTI: 79762587Sitojun ifr = (struct ifreq *)data; 79862587Sitojun if (ifr && ifr->ifr_addr.sa_family == AF_INET6) 79962587Sitojun ; 80062587Sitojun else 80162587Sitojun error = EAFNOSUPPORT; 80262587Sitojun break; 80362587Sitojun 80462587Sitojun default: 80562587Sitojun error = EINVAL; 80662587Sitojun break; 80762587Sitojun } 80862587Sitojun 80962587Sitojun return error; 81062587Sitojun} 811