| if_stf.c (19dc644511796d80bd82f62ef49cb1cb4b86add3) | if_stf.c (b46512f704e7bb93324749d4f9747e6ffde75fb7) |
|---|---|
| 1/* $FreeBSD$ */ 2/* $KAME: if_stf.c,v 1.73 2001/12/03 11:08:30 keiichi Exp $ */ 3 4/*- 5 * SPDX-License-Identifier: BSD-3-Clause 6 * 7 * Copyright (C) 2000 WIDE Project. 8 * Copyright (c) 2010 Hiroki Sato <hrs@FreeBSD.org> --- 78 unchanged lines hidden (view full) --- 87#include <sys/endian.h> 88#include <sys/errno.h> 89#include <sys/kernel.h> 90#include <sys/lock.h> 91#include <sys/module.h> 92#include <sys/priv.h> 93#include <sys/proc.h> 94#include <sys/queue.h> | 1/* $FreeBSD$ */ 2/* $KAME: if_stf.c,v 1.73 2001/12/03 11:08:30 keiichi Exp $ */ 3 4/*- 5 * SPDX-License-Identifier: BSD-3-Clause 6 * 7 * Copyright (C) 2000 WIDE Project. 8 * Copyright (c) 2010 Hiroki Sato <hrs@FreeBSD.org> --- 78 unchanged lines hidden (view full) --- 87#include <sys/endian.h> 88#include <sys/errno.h> 89#include <sys/kernel.h> 90#include <sys/lock.h> 91#include <sys/module.h> 92#include <sys/priv.h> 93#include <sys/proc.h> 94#include <sys/queue.h> |
| 95#include <sys/sdt.h> |
|
| 95#include <sys/sysctl.h> 96#include <machine/cpu.h> 97 98#include <sys/malloc.h> 99 100#include <net/if.h> 101#include <net/if_var.h> 102#include <net/if_clone.h> --- 20 unchanged lines hidden (view full) --- 123#include <netinet/ip_encap.h> 124 125#include <machine/stdarg.h> 126 127#include <net/bpf.h> 128 129#include <security/mac/mac_framework.h> 130 | 96#include <sys/sysctl.h> 97#include <machine/cpu.h> 98 99#include <sys/malloc.h> 100 101#include <net/if.h> 102#include <net/if_var.h> 103#include <net/if_clone.h> --- 20 unchanged lines hidden (view full) --- 124#include <netinet/ip_encap.h> 125 126#include <machine/stdarg.h> 127 128#include <net/bpf.h> 129 130#include <security/mac/mac_framework.h> 131 |
| 132SDT_PROVIDER_DEFINE(if_stf); 133SDT_PROBE_DEFINE3(if_stf, , encapcheck, in, "struct mbuf *", "int", "int"); 134SDT_PROBE_DEFINE0(if_stf, , encapcheck, accept); 135SDT_PROBE_DEFINE3(if_stf, , getsrcifa6, in, "struct ifnet *", 136 "struct in6_addr *", "struct in6_addr *"); 137SDT_PROBE_DEFINE2(if_stf, , getsrcifa6, found, "struct in6_addr *", 138 "struct in6_addr *"); 139SDT_PROBE_DEFINE0(if_stf, , getsrcifa6, notfound); 140 141SDT_PROBE_DEFINE4(if_stf, , stf_output, in, "struct ifnet *", "struct mbuf *", 142 "struct sockaddr *", "struct route *"); 143SDT_PROBE_DEFINE2(if_stf, , stf_output, error, "int", "int"); 144SDT_PROBE_DEFINE1(if_stf, , stf_output, out, "int"); 145 146SDT_PROBE_DEFINE3(if_stf, , checkaddr6, in, "struct stf_softc *", 147 "struct in6_addr *", "struct ifnet *"); 148SDT_PROBE_DEFINE2(if_stf, , checkaddr6, out, "int", "int"); 149 150SDT_PROBE_DEFINE3(if_stf, , stf_input, in, "struct mbuf *", "int", "int"); 151SDT_PROBE_DEFINE2(if_stf, , stf_input, out, "int", "int"); 152 153SDT_PROBE_DEFINE3(if_stf, , ioctl, sv4net, "struct in_addr *", 154 "struct in_addr *", "int"); 155SDT_PROBE_DEFINE1(if_stf, , ioctl, sdstv4, "struct in_addr *"); 156SDT_PROBE_DEFINE1(if_stf, , ioctl, ifaddr, "struct ifaddr *"); 157 158SDT_PROBE_DEFINE4(if_stf, , getin4addr_in6, out, "struct in6_addr *", 159 "struct in6_addr *", "struct in6_addr *", "struct sockaddr_in *"); 160 161SDT_PROBE_DEFINE2(if_stf, , getin4addr, in, "struct in6_addr *", "struct in6_addr *"); 162SDT_PROBE_DEFINE1(if_stf, , getin4addr, out, "struct sockaddr_in *"); 163 |
|
| 131SYSCTL_DECL(_net_link); 132static SYSCTL_NODE(_net_link, IFT_STF, stf, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 133 "6to4 Interface"); 134 135static int stf_permit_rfc1918 = 0; 136SYSCTL_INT(_net_link_stf, OID_AUTO, permit_rfc1918, CTLFLAG_RWTUN, 137 &stf_permit_rfc1918, 0, "Permit the use of private IPv4 addresses"); 138 --- 205 unchanged lines hidden (view full) --- 344static int 345stf_encapcheck(const struct mbuf *m, int off, int proto, void *arg) 346{ 347 struct ip ip; 348 struct stf_softc *sc; 349 struct in6_addr addr6, mask6; 350 struct sockaddr_in sin4addr, sin4mask; 351 | 164SYSCTL_DECL(_net_link); 165static SYSCTL_NODE(_net_link, IFT_STF, stf, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, 166 "6to4 Interface"); 167 168static int stf_permit_rfc1918 = 0; 169SYSCTL_INT(_net_link_stf, OID_AUTO, permit_rfc1918, CTLFLAG_RWTUN, 170 &stf_permit_rfc1918, 0, "Permit the use of private IPv4 addresses"); 171 --- 205 unchanged lines hidden (view full) --- 377static int 378stf_encapcheck(const struct mbuf *m, int off, int proto, void *arg) 379{ 380 struct ip ip; 381 struct stf_softc *sc; 382 struct in6_addr addr6, mask6; 383 struct sockaddr_in sin4addr, sin4mask; 384 |
| 385 SDT_PROBE3(if_stf, , encapcheck, in, m, off, proto); 386 |
|
| 352 sc = (struct stf_softc *)arg; 353 if (sc == NULL) 354 return (0); 355 356 if ((STF2IFP(sc)->if_flags & IFF_UP) == 0) 357 return (0); 358 359 /* IFF_LINK0 means "no decapsulation" */ --- 43 unchanged lines hidden (view full) --- 403 * range. So, stf_output() will catch all of 404 * 6rd-capsuled IPv4 traffic with suspicious inner dst 405 * IPv4 address (i.e. the IPv6 destination address is 406 * one the admin does not like to route to outside), 407 * and then it discard them silently. 408 */ 409 } 410 | 387 sc = (struct stf_softc *)arg; 388 if (sc == NULL) 389 return (0); 390 391 if ((STF2IFP(sc)->if_flags & IFF_UP) == 0) 392 return (0); 393 394 /* IFF_LINK0 means "no decapsulation" */ --- 43 unchanged lines hidden (view full) --- 438 * range. So, stf_output() will catch all of 439 * 6rd-capsuled IPv4 traffic with suspicious inner dst 440 * IPv4 address (i.e. the IPv6 destination address is 441 * one the admin does not like to route to outside), 442 * and then it discard them silently. 443 */ 444 } 445 |
| 446 SDT_PROBE0(if_stf, , encapcheck, accept); 447 |
|
| 411 /* stf interface makes single side match only */ 412 return (32); 413} 414 415static int 416stf_getsrcifa6(struct ifnet *ifp, struct in6_addr *addr, struct in6_addr *mask) 417{ 418 struct ifaddr *ia; 419 struct in_ifaddr *ia4; 420 struct in6_addr addr6, mask6; 421 struct sockaddr_in sin4; 422 struct stf_softc *sc; 423 struct in_addr in; 424 425 NET_EPOCH_ASSERT(); 426 427 sc = ifp->if_softc; 428 | 448 /* stf interface makes single side match only */ 449 return (32); 450} 451 452static int 453stf_getsrcifa6(struct ifnet *ifp, struct in6_addr *addr, struct in6_addr *mask) 454{ 455 struct ifaddr *ia; 456 struct in_ifaddr *ia4; 457 struct in6_addr addr6, mask6; 458 struct sockaddr_in sin4; 459 struct stf_softc *sc; 460 struct in_addr in; 461 462 NET_EPOCH_ASSERT(); 463 464 sc = ifp->if_softc; 465 |
| 466 SDT_PROBE3(if_stf, , getsrcifa6, in, ifp, addr, mask); 467 |
|
| 429 CK_STAILQ_FOREACH(ia, &ifp->if_addrhead, ifa_link) { 430 if (ia->ifa_addr->sa_family != AF_INET6) 431 continue; 432 433 addr6 = *IFA_IN6(ia); 434 mask6 = *IFA_MASKIN6(ia); 435 if (sc->srcv4_addr != INADDR_ANY) 436 bcopy(&sc->srcv4_addr, &in, sizeof(in)); --- 7 unchanged lines hidden (view full) --- 444 if (ia4->ia_addr.sin_addr.s_addr == in.s_addr) 445 break; 446 if (ia4 == NULL) 447 continue; 448 449 *addr = addr6; 450 *mask = mask6; 451 | 468 CK_STAILQ_FOREACH(ia, &ifp->if_addrhead, ifa_link) { 469 if (ia->ifa_addr->sa_family != AF_INET6) 470 continue; 471 472 addr6 = *IFA_IN6(ia); 473 mask6 = *IFA_MASKIN6(ia); 474 if (sc->srcv4_addr != INADDR_ANY) 475 bcopy(&sc->srcv4_addr, &in, sizeof(in)); --- 7 unchanged lines hidden (view full) --- 483 if (ia4->ia_addr.sin_addr.s_addr == in.s_addr) 484 break; 485 if (ia4 == NULL) 486 continue; 487 488 *addr = addr6; 489 *mask = mask6; 490 |
| 491 SDT_PROBE2(if_stf, , getsrcifa6, found, addr, mask); 492 |
|
| 452 return (0); 453 } 454 | 493 return (0); 494 } 495 |
| 496 SDT_PROBE0(if_stf, , getsrcifa6, notfound); 497 |
|
| 455 return (ENOENT); 456} 457 458static int 459stf_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, 460 struct route *ro) 461{ 462 struct stf_softc *sc; 463 const struct sockaddr_in6 *dst6; 464 struct sockaddr_in dst4, src4; 465 u_int8_t tos; 466 struct ip *ip; 467 struct ip6_hdr *ip6; 468 struct in6_addr addr6, mask6; 469 int error; 470 | 498 return (ENOENT); 499} 500 501static int 502stf_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, 503 struct route *ro) 504{ 505 struct stf_softc *sc; 506 const struct sockaddr_in6 *dst6; 507 struct sockaddr_in dst4, src4; 508 u_int8_t tos; 509 struct ip *ip; 510 struct ip6_hdr *ip6; 511 struct in6_addr addr6, mask6; 512 int error; 513 |
| 514 SDT_PROBE4(if_stf, , stf_output, in, ifp, m, dst, ro); 515 |
|
| 471#ifdef MAC 472 error = mac_ifnet_check_transmit(ifp, m); 473 if (error) { 474 m_freem(m); | 516#ifdef MAC 517 error = mac_ifnet_check_transmit(ifp, m); 518 if (error) { 519 m_freem(m); |
| 520 SDT_PROBE2(if_stf, , stf_output, error, error, __LINE__); |
|
| 475 return (error); 476 } 477#endif 478 479 sc = ifp->if_softc; 480 dst6 = (const struct sockaddr_in6 *)dst; 481 482 /* just in case */ 483 if ((ifp->if_flags & IFF_UP) == 0) { 484 m_freem(m); 485 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); | 521 return (error); 522 } 523#endif 524 525 sc = ifp->if_softc; 526 dst6 = (const struct sockaddr_in6 *)dst; 527 528 /* just in case */ 529 if ((ifp->if_flags & IFF_UP) == 0) { 530 m_freem(m); 531 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); |
| 532 SDT_PROBE2(if_stf, , stf_output, error, ENETDOWN, __LINE__); |
|
| 486 return (ENETDOWN); 487 } 488 489 /* 490 * If we don't have an ip4 address that match my inner ip6 address, 491 * we shouldn't generate output. Without this check, we'll end up 492 * using wrong IPv4 source. 493 */ 494 if (stf_getsrcifa6(ifp, &addr6, &mask6) != 0) { 495 m_freem(m); 496 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); | 533 return (ENETDOWN); 534 } 535 536 /* 537 * If we don't have an ip4 address that match my inner ip6 address, 538 * we shouldn't generate output. Without this check, we'll end up 539 * using wrong IPv4 source. 540 */ 541 if (stf_getsrcifa6(ifp, &addr6, &mask6) != 0) { 542 m_freem(m); 543 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); |
| 544 SDT_PROBE2(if_stf, , stf_output, error, ENETDOWN, __LINE__); |
|
| 497 return (ENETDOWN); 498 } 499 500 if (m->m_len < sizeof(*ip6)) { 501 m = m_pullup(m, sizeof(*ip6)); 502 if (!m) { 503 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); | 545 return (ENETDOWN); 546 } 547 548 if (m->m_len < sizeof(*ip6)) { 549 m = m_pullup(m, sizeof(*ip6)); 550 if (!m) { 551 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); |
| 552 SDT_PROBE2(if_stf, , stf_output, error, ENOBUFS, 553 __LINE__); |
|
| 504 return (ENOBUFS); 505 } 506 } 507 ip6 = mtod(m, struct ip6_hdr *); 508 tos = IPV6_TRAFFIC_CLASS(ip6); 509 510 /* 511 * Pickup the right outer dst addr from the list of candidates. 512 * ip6_dst has priority as it may be able to give us shorter IPv4 hops. 513 */ 514 if (stf_getin4addr_in6(sc, &dst4, addr6, mask6, 515 ip6->ip6_dst) == NULL) { 516 if (sc->braddr != INADDR_ANY) 517 dst4.sin_addr.s_addr = sc->braddr; 518 else if (stf_getin4addr_in6(sc, &dst4, addr6, mask6, 519 dst6->sin6_addr) == NULL) { 520 m_freem(m); 521 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); | 554 return (ENOBUFS); 555 } 556 } 557 ip6 = mtod(m, struct ip6_hdr *); 558 tos = IPV6_TRAFFIC_CLASS(ip6); 559 560 /* 561 * Pickup the right outer dst addr from the list of candidates. 562 * ip6_dst has priority as it may be able to give us shorter IPv4 hops. 563 */ 564 if (stf_getin4addr_in6(sc, &dst4, addr6, mask6, 565 ip6->ip6_dst) == NULL) { 566 if (sc->braddr != INADDR_ANY) 567 dst4.sin_addr.s_addr = sc->braddr; 568 else if (stf_getin4addr_in6(sc, &dst4, addr6, mask6, 569 dst6->sin6_addr) == NULL) { 570 m_freem(m); 571 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); |
| 572 SDT_PROBE2(if_stf, , stf_output, error, ENETUNREACH, 573 __LINE__); |
|
| 522 return (ENETUNREACH); 523 } 524 } 525 526 if (bpf_peers_present(ifp->if_bpf)) { 527 /* 528 * We need to prepend the address family as 529 * a four byte field. Cons up a dummy header 530 * to pacify bpf. This is safe because bpf 531 * will only read from the mbuf (i.e., it won't 532 * try to free it or keep a pointer a to it). 533 */ 534 u_int af = AF_INET6; 535 bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m); 536 } 537 538 M_PREPEND(m, sizeof(struct ip), M_NOWAIT); 539 if (m == NULL) { 540 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); | 574 return (ENETUNREACH); 575 } 576 } 577 578 if (bpf_peers_present(ifp->if_bpf)) { 579 /* 580 * We need to prepend the address family as 581 * a four byte field. Cons up a dummy header 582 * to pacify bpf. This is safe because bpf 583 * will only read from the mbuf (i.e., it won't 584 * try to free it or keep a pointer a to it). 585 */ 586 u_int af = AF_INET6; 587 bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m); 588 } 589 590 M_PREPEND(m, sizeof(struct ip), M_NOWAIT); 591 if (m == NULL) { 592 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); |
| 593 SDT_PROBE2(if_stf, , stf_output, error, ENOBUFS, __LINE__); |
|
| 541 return (ENOBUFS); 542 } 543 ip = mtod(m, struct ip *); 544 545 bzero(ip, sizeof(*ip)); 546 547 if (sc->srcv4_addr != INADDR_ANY) 548 src4.sin_addr.s_addr = sc->srcv4_addr; 549 else if (stf_getin4addr(sc, &src4, addr6, mask6) == NULL) { 550 m_freem(m); 551 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); | 594 return (ENOBUFS); 595 } 596 ip = mtod(m, struct ip *); 597 598 bzero(ip, sizeof(*ip)); 599 600 if (sc->srcv4_addr != INADDR_ANY) 601 src4.sin_addr.s_addr = sc->srcv4_addr; 602 else if (stf_getin4addr(sc, &src4, addr6, mask6) == NULL) { 603 m_freem(m); 604 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); |
| 605 SDT_PROBE2(if_stf, , stf_output, error, ENETUNREACH, __LINE__); |
|
| 552 return (ENETUNREACH); 553 } 554 bcopy(&src4.sin_addr, &ip->ip_src, sizeof(ip->ip_src)); 555 bcopy(&dst4.sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)); 556 557 ip->ip_p = IPPROTO_IPV6; 558 ip->ip_ttl = ip_stf_ttl; 559 ip->ip_len = htons(m->m_pkthdr.len); 560 if (ifp->if_flags & IFF_LINK1) 561 ip_ecn_ingress(ECN_ALLOWED, &ip->ip_tos, &tos); 562 else 563 ip_ecn_ingress(ECN_NOCARE, &ip->ip_tos, &tos); 564 565 M_SETFIB(m, sc->sc_fibnum); 566 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 567 error = ip_output(m, NULL, NULL, 0, NULL, NULL); 568 | 606 return (ENETUNREACH); 607 } 608 bcopy(&src4.sin_addr, &ip->ip_src, sizeof(ip->ip_src)); 609 bcopy(&dst4.sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)); 610 611 ip->ip_p = IPPROTO_IPV6; 612 ip->ip_ttl = ip_stf_ttl; 613 ip->ip_len = htons(m->m_pkthdr.len); 614 if (ifp->if_flags & IFF_LINK1) 615 ip_ecn_ingress(ECN_ALLOWED, &ip->ip_tos, &tos); 616 else 617 ip_ecn_ingress(ECN_NOCARE, &ip->ip_tos, &tos); 618 619 M_SETFIB(m, sc->sc_fibnum); 620 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 621 error = ip_output(m, NULL, NULL, 0, NULL, NULL); 622 |
| 623 SDT_PROBE1(if_stf, , stf_output, out, error); |
|
| 569 return (error); 570} 571 572static int 573isrfc1918addr(struct in_addr *in) 574{ 575 /* 576 * returns 1 if private address range: --- 51 unchanged lines hidden (view full) --- 628 } 629 630 return (0); 631} 632 633static int 634stf_checkaddr6(struct stf_softc *sc, struct in6_addr *in6, struct ifnet *inifp) 635{ | 624 return (error); 625} 626 627static int 628isrfc1918addr(struct in_addr *in) 629{ 630 /* 631 * returns 1 if private address range: --- 51 unchanged lines hidden (view full) --- 683 } 684 685 return (0); 686} 687 688static int 689stf_checkaddr6(struct stf_softc *sc, struct in6_addr *in6, struct ifnet *inifp) 690{ |
| 691 SDT_PROBE3(if_stf, , checkaddr6, in, sc, in6, inifp); 692 |
|
| 636 /* 637 * check 6to4 addresses 638 */ 639 if (IN6_IS_ADDR_6TO4(in6)) { 640 struct in_addr in4; | 693 /* 694 * check 6to4 addresses 695 */ 696 if (IN6_IS_ADDR_6TO4(in6)) { 697 struct in_addr in4; |
| 698 int ret; 699 |
|
| 641 bcopy(GET_V4(in6), &in4, sizeof(in4)); | 700 bcopy(GET_V4(in6), &in4, sizeof(in4)); |
| 642 return (stf_checkaddr4(sc, &in4, inifp)); | 701 ret = stf_checkaddr4(sc, &in4, inifp); 702 SDT_PROBE2(if_stf, , checkaddr6, out, ret, __LINE__); 703 return (ret); |
| 643 } 644 645 /* 646 * reject anything that look suspicious. the test is implemented 647 * in ip6_input too, but we check here as well to 648 * (1) reject bad packets earlier, and 649 * (2) to be safe against future ip6_input change. 650 */ | 704 } 705 706 /* 707 * reject anything that look suspicious. the test is implemented 708 * in ip6_input too, but we check here as well to 709 * (1) reject bad packets earlier, and 710 * (2) to be safe against future ip6_input change. 711 */ |
| 651 if (IN6_IS_ADDR_V4COMPAT(in6) || IN6_IS_ADDR_V4MAPPED(in6)) | 712 if (IN6_IS_ADDR_V4COMPAT(in6)) { 713 SDT_PROBE2(if_stf, , checkaddr6, out, -1, __LINE__); |
| 652 return (-1); | 714 return (-1); |
| 715 } |
|
| 653 | 716 |
| 717 if (IN6_IS_ADDR_V4MAPPED(in6)) { 718 SDT_PROBE2(if_stf, , checkaddr6, out, -1, __LINE__); 719 return (-1); 720 } 721 722 SDT_PROBE2(if_stf, , checkaddr6, out, 0, __LINE__); |
|
| 654 return (0); 655} 656 657static int 658in_stf_input(struct mbuf *m, int off, int proto, void *arg) 659{ 660 struct stf_softc *sc = arg; 661 struct ip *ip; 662 struct ip6_hdr *ip6; 663 u_int8_t otos, itos; 664 struct ifnet *ifp; 665 struct nhop_object *nh; 666 667 NET_EPOCH_ASSERT(); 668 | 723 return (0); 724} 725 726static int 727in_stf_input(struct mbuf *m, int off, int proto, void *arg) 728{ 729 struct stf_softc *sc = arg; 730 struct ip *ip; 731 struct ip6_hdr *ip6; 732 u_int8_t otos, itos; 733 struct ifnet *ifp; 734 struct nhop_object *nh; 735 736 NET_EPOCH_ASSERT(); 737 |
| 738 SDT_PROBE3(if_stf, , stf_input, in, m, off, proto); 739 |
|
| 669 if (proto != IPPROTO_IPV6) { 670 m_freem(m); | 740 if (proto != IPPROTO_IPV6) { 741 m_freem(m); |
| 742 SDT_PROBE2(if_stf, , stf_input, out, IPPROTO_DONE, __LINE__); |
|
| 671 return (IPPROTO_DONE); 672 } 673 674 ip = mtod(m, struct ip *); 675 if (sc == NULL || (STF2IFP(sc)->if_flags & IFF_UP) == 0) { 676 m_freem(m); | 743 return (IPPROTO_DONE); 744 } 745 746 ip = mtod(m, struct ip *); 747 if (sc == NULL || (STF2IFP(sc)->if_flags & IFF_UP) == 0) { 748 m_freem(m); |
| 749 SDT_PROBE2(if_stf, , stf_input, out, IPPROTO_DONE, __LINE__); |
|
| 677 return (IPPROTO_DONE); 678 } 679 680 ifp = STF2IFP(sc); 681 682#ifdef MAC 683 mac_ifnet_create_mbuf(ifp, m); 684#endif 685 686 /* 687 * perform sanity check against outer src/dst. 688 * for source, perform ingress filter as well. 689 */ 690 if (stf_checkaddr4(sc, &ip->ip_dst, NULL) < 0 || 691 stf_checkaddr4(sc, &ip->ip_src, m->m_pkthdr.rcvif) < 0) { 692 m_freem(m); | 750 return (IPPROTO_DONE); 751 } 752 753 ifp = STF2IFP(sc); 754 755#ifdef MAC 756 mac_ifnet_create_mbuf(ifp, m); 757#endif 758 759 /* 760 * perform sanity check against outer src/dst. 761 * for source, perform ingress filter as well. 762 */ 763 if (stf_checkaddr4(sc, &ip->ip_dst, NULL) < 0 || 764 stf_checkaddr4(sc, &ip->ip_src, m->m_pkthdr.rcvif) < 0) { 765 m_freem(m); |
| 766 SDT_PROBE2(if_stf, , stf_input, out, IPPROTO_DONE, __LINE__); |
|
| 693 return (IPPROTO_DONE); 694 } 695 696 otos = ip->ip_tos; 697 m_adj(m, off); 698 699 if (m->m_len < sizeof(*ip6)) { 700 m = m_pullup(m, sizeof(*ip6)); | 767 return (IPPROTO_DONE); 768 } 769 770 otos = ip->ip_tos; 771 m_adj(m, off); 772 773 if (m->m_len < sizeof(*ip6)) { 774 m = m_pullup(m, sizeof(*ip6)); |
| 701 if (!m) | 775 if (!m) { 776 SDT_PROBE2(if_stf, , stf_input, out, IPPROTO_DONE, 777 __LINE__); |
| 702 return (IPPROTO_DONE); | 778 return (IPPROTO_DONE); |
| 779 } |
|
| 703 } 704 ip6 = mtod(m, struct ip6_hdr *); 705 706 /* 707 * perform sanity check against inner src/dst. 708 * for source, perform ingress filter as well. 709 */ 710 if (stf_checkaddr6(sc, &ip6->ip6_dst, NULL) < 0 || 711 stf_checkaddr6(sc, &ip6->ip6_src, m->m_pkthdr.rcvif) < 0) { 712 m_freem(m); | 780 } 781 ip6 = mtod(m, struct ip6_hdr *); 782 783 /* 784 * perform sanity check against inner src/dst. 785 * for source, perform ingress filter as well. 786 */ 787 if (stf_checkaddr6(sc, &ip6->ip6_dst, NULL) < 0 || 788 stf_checkaddr6(sc, &ip6->ip6_src, m->m_pkthdr.rcvif) < 0) { 789 m_freem(m); |
| 790 SDT_PROBE2(if_stf, , stf_input, out, IPPROTO_DONE, __LINE__); |
|
| 713 return (IPPROTO_DONE); 714 } 715 716 /* 717 * reject packets with private address range. 718 * (requirement from RFC3056 section 2 1st paragraph) 719 */ 720 if ((IN6_IS_ADDR_6TO4(&ip6->ip6_src) && isrfc1918addr(&ip->ip_src)) || 721 (IN6_IS_ADDR_6TO4(&ip6->ip6_dst) && isrfc1918addr(&ip->ip_dst))) { 722 m_freem(m); | 791 return (IPPROTO_DONE); 792 } 793 794 /* 795 * reject packets with private address range. 796 * (requirement from RFC3056 section 2 1st paragraph) 797 */ 798 if ((IN6_IS_ADDR_6TO4(&ip6->ip6_src) && isrfc1918addr(&ip->ip_src)) || 799 (IN6_IS_ADDR_6TO4(&ip6->ip6_dst) && isrfc1918addr(&ip->ip_dst))) { 800 m_freem(m); |
| 801 SDT_PROBE2(if_stf, , stf_input, out, IPPROTO_DONE, __LINE__); |
|
| 723 return (IPPROTO_DONE); 724 } 725 726 /* 727 * Ignore if the destination is the same stf interface because 728 * all of valid IPv6 outgoing traffic should go interfaces 729 * except for it. 730 */ 731 nh = fib6_lookup(sc->sc_fibnum, &ip6->ip6_dst, 0, 0, 0); 732 if (nh == NULL) { 733 m_free(m); | 802 return (IPPROTO_DONE); 803 } 804 805 /* 806 * Ignore if the destination is the same stf interface because 807 * all of valid IPv6 outgoing traffic should go interfaces 808 * except for it. 809 */ 810 nh = fib6_lookup(sc->sc_fibnum, &ip6->ip6_dst, 0, 0, 0); 811 if (nh == NULL) { 812 m_free(m); |
| 813 SDT_PROBE2(if_stf, , stf_input, out, IPPROTO_DONE, __LINE__); |
|
| 734 return (IPPROTO_DONE); 735 } 736 if ((nh->nh_ifp == ifp) && 737 (!IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, &nh->gw6_sa.sin6_addr))) { 738 m_free(m); | 814 return (IPPROTO_DONE); 815 } 816 if ((nh->nh_ifp == ifp) && 817 (!IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, &nh->gw6_sa.sin6_addr))) { 818 m_free(m); |
| 819 SDT_PROBE2(if_stf, , stf_input, out, IPPROTO_DONE, __LINE__); |
|
| 739 return (IPPROTO_DONE); 740 } 741 742 itos = IPV6_TRAFFIC_CLASS(ip6); 743 if ((ifp->if_flags & IFF_LINK1) != 0) 744 ip_ecn_egress(ECN_ALLOWED, &otos, &itos); 745 else 746 ip_ecn_egress(ECN_NOCARE, &otos, &itos); --- 19 unchanged lines hidden (view full) --- 766 * specified address family. 767 * See net/if_gif.c for possible issues with packet processing 768 * reorder due to extra queueing. 769 */ 770 if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1); 771 if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len); 772 M_SETFIB(m, ifp->if_fib); 773 netisr_dispatch(NETISR_IPV6, m); | 820 return (IPPROTO_DONE); 821 } 822 823 itos = IPV6_TRAFFIC_CLASS(ip6); 824 if ((ifp->if_flags & IFF_LINK1) != 0) 825 ip_ecn_egress(ECN_ALLOWED, &otos, &itos); 826 else 827 ip_ecn_egress(ECN_NOCARE, &otos, &itos); --- 19 unchanged lines hidden (view full) --- 847 * specified address family. 848 * See net/if_gif.c for possible issues with packet processing 849 * reorder due to extra queueing. 850 */ 851 if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1); 852 if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len); 853 M_SETFIB(m, ifp->if_fib); 854 netisr_dispatch(NETISR_IPV6, m); |
| 855 SDT_PROBE2(if_stf, , stf_input, out, IPPROTO_DONE, __LINE__); |
|
| 774 return (IPPROTO_DONE); 775} 776 777static struct sockaddr_in * 778stf_getin4addr_in6(struct stf_softc *sc, struct sockaddr_in *sin, 779 struct in6_addr addr6, struct in6_addr mask6, struct in6_addr in6) 780{ 781 int i; | 856 return (IPPROTO_DONE); 857} 858 859static struct sockaddr_in * 860stf_getin4addr_in6(struct stf_softc *sc, struct sockaddr_in *sin, 861 struct in6_addr addr6, struct in6_addr mask6, struct in6_addr in6) 862{ 863 int i; |
| 864 struct sockaddr_in *out; |
|
| 782 783 /* 784 * When (src addr & src mask) != (in6 & src mask), 785 * the dst is not in the 6rd domain. The IPv4 address must 786 * not be used. 787 */ 788 for (i = 0; i < sizeof(addr6); i++) { 789 if ((((u_char *)&addr6)[i] & ((u_char *)&mask6)[i]) != | 865 866 /* 867 * When (src addr & src mask) != (in6 & src mask), 868 * the dst is not in the 6rd domain. The IPv4 address must 869 * not be used. 870 */ 871 for (i = 0; i < sizeof(addr6); i++) { 872 if ((((u_char *)&addr6)[i] & ((u_char *)&mask6)[i]) != |
| 790 (((u_char *)&in6)[i] & ((u_char *)&mask6)[i])) 791 return (NULL); | 873 (((u_char *)&in6)[i] & ((u_char *)&mask6)[i])) { 874 SDT_PROBE4(if_stf, , getin4addr_in6, out, &addr6, 875 &mask6, &in6, NULL); 876 return (NULL); 877 } |
| 792 } 793 794 /* After the mask check, use in6 instead of addr6. */ | 878 } 879 880 /* After the mask check, use in6 instead of addr6. */ |
| 795 return (stf_getin4addr(sc, sin, in6, mask6)); | 881 out = stf_getin4addr(sc, sin, in6, mask6); 882 SDT_PROBE4(if_stf, , getin4addr_in6, out, &addr6, &mask6, &in6, out); 883 return (out); |
| 796} 797 798static struct sockaddr_in * 799stf_getin4addr(struct stf_softc *sc, struct sockaddr_in *sin, 800 struct in6_addr addr6, struct in6_addr mask6) 801{ 802 struct in_addr *in; 803 | 884} 885 886static struct sockaddr_in * 887stf_getin4addr(struct stf_softc *sc, struct sockaddr_in *sin, 888 struct in6_addr addr6, struct in6_addr mask6) 889{ 890 struct in_addr *in; 891 |
| 892 SDT_PROBE2(if_stf, , getin4addr, in, &addr6, &mask6); 893 |
|
| 804 memset(sin, 0, sizeof(*sin)); 805 in = &sin->sin_addr; 806 if (IN6_IS_ADDR_6TO4(&addr6)) { 807 /* 6to4 (RFC 3056) */ 808 bcopy(GET_V4(&addr6), in, sizeof(*in)); 809 if (isrfc1918addr(in)) 810 return (NULL); 811 } else { --- 28 unchanged lines hidden (view full) --- 840 v6prefix >>= plen; 841 842 /* Now shift away everything after the v4 address. */ 843 v6prefix >>= 64 - plen - v4suffixlen; 844 845 sin->sin_addr.s_addr = htonl(v4prefix | (uint32_t)v6prefix); 846 } 847 | 894 memset(sin, 0, sizeof(*sin)); 895 in = &sin->sin_addr; 896 if (IN6_IS_ADDR_6TO4(&addr6)) { 897 /* 6to4 (RFC 3056) */ 898 bcopy(GET_V4(&addr6), in, sizeof(*in)); 899 if (isrfc1918addr(in)) 900 return (NULL); 901 } else { --- 28 unchanged lines hidden (view full) --- 930 v6prefix >>= plen; 931 932 /* Now shift away everything after the v4 address. */ 933 v6prefix >>= 64 - plen - v4suffixlen; 934 935 sin->sin_addr.s_addr = htonl(v4prefix | (uint32_t)v6prefix); 936 } 937 |
| 938 SDT_PROBE1(if_stf, , getin4addr, out, sin); 939 |
|
| 848 return (sin); 849} 850 851static int 852stf_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 853{ 854 struct ifaddr *ifa; 855 struct ifdrv *ifd; --- 25 unchanged lines hidden (view full) --- 881 if (args.v4_prefixlen < 1 || args.v4_prefixlen > 32) { 882 error = EINVAL; 883 break; 884 } 885 886 bcopy(&args.srcv4_addr, &sc_cur->srcv4_addr, 887 sizeof(sc_cur->srcv4_addr)); 888 sc_cur->v4prefixlen = args.v4_prefixlen; | 940 return (sin); 941} 942 943static int 944stf_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 945{ 946 struct ifaddr *ifa; 947 struct ifdrv *ifd; --- 25 unchanged lines hidden (view full) --- 973 if (args.v4_prefixlen < 1 || args.v4_prefixlen > 32) { 974 error = EINVAL; 975 break; 976 } 977 978 bcopy(&args.srcv4_addr, &sc_cur->srcv4_addr, 979 sizeof(sc_cur->srcv4_addr)); 980 sc_cur->v4prefixlen = args.v4_prefixlen; |
| 981 SDT_PROBE3(if_stf, , ioctl, sv4net, sc_cur->srcv4_addr, 982 sc_cur->srcv4_addr, sc_cur->v4prefixlen); |
|
| 889 } else if (ifd->ifd_cmd == STF6RD_SBR) { 890 if (ifd->ifd_len != sizeof(args)) { 891 error = EINVAL; 892 break; 893 } 894 bzero(&args, sizeof(args)); 895 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 896 if (error) 897 break; 898 sc_cur->braddr = args.braddr.s_addr; | 983 } else if (ifd->ifd_cmd == STF6RD_SBR) { 984 if (ifd->ifd_len != sizeof(args)) { 985 error = EINVAL; 986 break; 987 } 988 bzero(&args, sizeof(args)); 989 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); 990 if (error) 991 break; 992 sc_cur->braddr = args.braddr.s_addr; |
| 993 SDT_PROBE1(if_stf, , ioctl, sdstv4, 994 sc_cur->braddr); |
|
| 899 } else 900 error = EINVAL; 901 break; 902 case SIOCGDRVSPEC: 903 ifd = (struct ifdrv *)data; 904 if (ifd->ifd_cmd != STF6RD_GV4NET) { 905 error = EINVAL; 906 break; --- 5 unchanged lines hidden (view full) --- 912 bzero(&args, sizeof(args)); 913 args.srcv4_addr.s_addr = sc_cur->srcv4_addr; 914 args.braddr.s_addr = sc_cur->braddr; 915 args.v4_prefixlen = sc_cur->v4prefixlen; 916 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 917 break; 918 case SIOCSIFADDR: 919 ifa = (struct ifaddr *)data; | 995 } else 996 error = EINVAL; 997 break; 998 case SIOCGDRVSPEC: 999 ifd = (struct ifdrv *)data; 1000 if (ifd->ifd_cmd != STF6RD_GV4NET) { 1001 error = EINVAL; 1002 break; --- 5 unchanged lines hidden (view full) --- 1008 bzero(&args, sizeof(args)); 1009 args.srcv4_addr.s_addr = sc_cur->srcv4_addr; 1010 args.braddr.s_addr = sc_cur->braddr; 1011 args.v4_prefixlen = sc_cur->v4prefixlen; 1012 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); 1013 break; 1014 case SIOCSIFADDR: 1015 ifa = (struct ifaddr *)data; |
| 1016 SDT_PROBE1(if_stf, , ioctl, ifaddr, ifa); |
|
| 920 if (ifa == NULL || ifa->ifa_addr->sa_family != AF_INET6) { 921 error = EAFNOSUPPORT; 922 break; 923 } 924 if (stf_getin4addr(sc_cur, &sin4, 925 satosin6(ifa->ifa_addr)->sin6_addr, 926 satosin6(ifa->ifa_netmask)->sin6_addr) == NULL) { 927 error = EINVAL; --- 34 unchanged lines hidden --- | 1017 if (ifa == NULL || ifa->ifa_addr->sa_family != AF_INET6) { 1018 error = EAFNOSUPPORT; 1019 break; 1020 } 1021 if (stf_getin4addr(sc_cur, &sin4, 1022 satosin6(ifa->ifa_addr)->sin6_addr, 1023 satosin6(ifa->ifa_netmask)->sin6_addr) == NULL) { 1024 error = EINVAL; --- 34 unchanged lines hidden --- |