Lines Matching +full:unit +full:- +full:addresses
3 /*-
4 * SPDX-License-Identifier: BSD-3-Clause
9 * Copyright (c) 2017-2021 Rubicon Communications, LLC (Netgate)
40 * 6to4 interface is NOT capable of link-layer (I mean, IPv4) multicasting.
44 * Due to the lack of address mapping for link-local addresses, we cannot
45 * throw packets toward link-local addresses (fe80::x). Also, we cannot throw
46 * packets to link-local multicast addresses (ff02::x).
48 * Here are interesting symptoms due to the lack of link-local address:
51 * - RIPng: Impossible. Uses link-local multicast packet toward ff02::9,
52 * and link-local addresses as nexthop.
53 * - OSPFv6: Impossible. OSPFv6 assumes that there's link-local address
55 * link-local multicast addresses (ff02::5 and ff02::6).
56 * - BGP4+: Maybe. You can only use global address as nexthop, and global
60 * - PIM: Hello packet cannot be used to discover adjacent PIM routers.
61 * Adjacent PIM routers must be configured manually (is it really spec-wise
65 * - Redirects cannot be used due to the lack of link-local address.
67 * stf interface does not have, and will not need, a link-local address.
69 * Even if we assign link-locals to interface, we cannot really
70 * use link-local unicast/multicast on top of 6to4 cloud (since there's no
71 * encapsulation defined for link-local address), and the above analysis does
72 * not change. RFC3056 does not mandate the assignment of link-local address
76 * http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt
170 &stf_permit_rfc1918, 0, "Permit the use of private IPv4 addresses");
174 #define IN6_IS_ADDR_6TO4(x) (ntohs((x)->s6_addr16[0]) == 0x2002)
177 * XXX: Return a pointer with 16-bit aligned. Don't cast it to
180 #define GET_V4(x) (&(x)->s6_addr16[1])
190 #define STF2IFP(sc) ((sc)->sc_ifp)
246 int err, unit, wildcard; in stf_clone_create() local
250 err = ifc_name2unit(name, &unit); in stf_clone_create()
253 wildcard = (unit < 0); in stf_clone_create()
256 * We can only have one unit, but since unit allocation is in stf_clone_create()
260 unit = STFUNIT; in stf_clone_create()
261 err = ifc_alloc_unit(ifc, &unit); in stf_clone_create()
267 ifp->if_softc = sc; in stf_clone_create()
268 sc->sc_fibnum = curthread->td_proc->p_fibnum; in stf_clone_create()
277 if (snprintf(dp, len - (dp-name), "%d", unit) > in stf_clone_create()
278 len - (dp-name) - 1) { in stf_clone_create()
287 strlcpy(ifp->if_xname, name, IFNAMSIZ); in stf_clone_create()
288 ifp->if_dname = stfname; in stf_clone_create()
289 ifp->if_dunit = IF_DUNIT_NONE; in stf_clone_create()
291 sc->encap_cookie = ip_encap_attach(&ipv4_encap_cfg, sc, M_WAITOK); in stf_clone_create()
293 ifp->if_mtu = IPV6_MMTU; in stf_clone_create()
294 ifp->if_ioctl = stf_ioctl; in stf_clone_create()
295 ifp->if_output = stf_output; in stf_clone_create()
296 ifp->if_snd.ifq_maxlen = ifqmaxlen; in stf_clone_create()
307 struct stf_softc *sc = ifp->if_softc; in stf_clone_destroy()
310 err = ip_encap_detach(sc->encap_cookie); in stf_clone_destroy()
384 if ((STF2IFP(sc)->if_flags & IFF_UP) == 0) in stf_encapcheck()
388 if ((STF2IFP(sc)->if_flags & IFF_LINK0) != 0) in stf_encapcheck()
402 if (sc->srcv4_addr != INADDR_ANY) { in stf_encapcheck()
403 sin4addr.sin_addr.s_addr = sc->srcv4_addr; in stf_encapcheck()
417 * success on: src = 10.1.1.1, ia6->ia_addr = 2002:0a00:.../24 in stf_encapcheck()
418 * fail on: src = 10.1.1.1, ia6->ia_addr = 2002:0b00:.../24 in stf_encapcheck()
432 * 6rd-capsuled IPv4 traffic with suspicious inner dst in stf_encapcheck()
457 sc = ifp->if_softc; in stf_getsrcifa6()
461 CK_STAILQ_FOREACH(ia, &ifp->if_addrhead, ifa_link) { in stf_getsrcifa6()
462 if (ia->ifa_addr->sa_family != AF_INET6) in stf_getsrcifa6()
467 if (sc->srcv4_addr != INADDR_ANY) in stf_getsrcifa6()
468 bcopy(&sc->srcv4_addr, &in, sizeof(in)); in stf_getsrcifa6()
476 if (ia4->ia_addr.sin_addr.s_addr == in.s_addr) in stf_getsrcifa6()
518 sc = ifp->if_softc; in stf_output()
522 if ((ifp->if_flags & IFF_UP) == 0) { in stf_output()
541 if (m->m_len < sizeof(*ip6)) { in stf_output()
558 ip6->ip6_dst) == NULL) { in stf_output()
559 if (sc->braddr != INADDR_ANY) in stf_output()
560 dst4.sin_addr.s_addr = sc->braddr; in stf_output()
562 dst6->sin6_addr) == NULL) { in stf_output()
571 if (bpf_peers_present(ifp->if_bpf)) { in stf_output()
580 bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m); in stf_output()
593 if (sc->srcv4_addr != INADDR_ANY) in stf_output()
594 src4.sin_addr.s_addr = sc->srcv4_addr; in stf_output()
601 bcopy(&src4.sin_addr, &ip->ip_src, sizeof(ip->ip_src)); in stf_output()
602 bcopy(&dst4.sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)); in stf_output()
604 ip->ip_p = IPPROTO_IPV6; in stf_output()
605 ip->ip_ttl = ip_stf_ttl; in stf_output()
606 ip->ip_len = htons(m->m_pkthdr.len); in stf_output()
607 if (ifp->if_flags & IFF_LINK1) in stf_output()
608 ip_ecn_ingress(ECN_ALLOWED, &ip->ip_tos, &tos); in stf_output()
610 ip_ecn_ingress(ECN_NOCARE, &ip->ip_tos, &tos); in stf_output()
612 M_SETFIB(m, sc->sc_fibnum); in stf_output()
628 (ntohl(in->s_addr) & 0xff000000) >> 24 == 10 || in isrfc1918addr()
629 (ntohl(in->s_addr) & 0xfff00000) >> 16 == 172 * 256 + 16 || in isrfc1918addr()
630 (ntohl(in->s_addr) & 0xffff0000) >> 16 == 192 * 256 + 168)) in isrfc1918addr()
645 if (IN_MULTICAST(ntohl(in->s_addr))) in stf_checkaddr4()
646 return (-1); in stf_checkaddr4()
647 switch ((ntohl(in->s_addr) & 0xff000000) >> 24) { in stf_checkaddr4()
649 return (-1); in stf_checkaddr4()
656 if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0) in stf_checkaddr4()
658 if (in->s_addr == ia4->ia_broadaddr.sin_addr.s_addr) { in stf_checkaddr4()
659 return (-1); in stf_checkaddr4()
666 if (sc && (STF2IFP(sc)->if_flags & IFF_LINK2) == 0 && inifp) { in stf_checkaddr4()
670 nh = fib4_lookup(sc->sc_fibnum, *in, 0, 0, 0); in stf_checkaddr4()
672 return (-1); in stf_checkaddr4()
674 if (nh->nh_ifp != inifp) in stf_checkaddr4()
675 return (-1); in stf_checkaddr4()
687 * check 6to4 addresses in stf_checkaddr6()
706 SDT_PROBE2(if_stf, , checkaddr6, out, -1, __LINE__); in stf_checkaddr6()
707 return (-1); in stf_checkaddr6()
711 SDT_PROBE2(if_stf, , checkaddr6, out, -1, __LINE__); in stf_checkaddr6()
712 return (-1); in stf_checkaddr6()
740 if (sc == NULL || (STF2IFP(sc)->if_flags & IFF_UP) == 0) { in in_stf_input()
757 stf_checkaddr4(sc, &ip.ip_src, m->m_pkthdr.rcvif) < 0) { in in_stf_input()
766 if (m->m_len < sizeof(*ip6)) { in in_stf_input()
780 if (stf_checkaddr6(sc, &ip6->ip6_dst, NULL) < 0 || in in_stf_input()
781 stf_checkaddr6(sc, &ip6->ip6_src, m->m_pkthdr.rcvif) < 0) { in in_stf_input()
791 if ((IN6_IS_ADDR_6TO4(&ip6->ip6_src) && isrfc1918addr(&ip.ip_src)) || in in_stf_input()
792 (IN6_IS_ADDR_6TO4(&ip6->ip6_dst) && isrfc1918addr(&ip.ip_dst))) { in in_stf_input()
803 nh = fib6_lookup(sc->sc_fibnum, &ip6->ip6_dst, 0, 0, 0); in in_stf_input()
809 if ((nh->nh_ifp == ifp) && in in_stf_input()
810 (!IN6_ARE_ADDR_EQUAL(&ip6->ip6_src, &nh->gw6_sa.sin6_addr))) { in in_stf_input()
817 if ((ifp->if_flags & IFF_LINK1) != 0) in in_stf_input()
821 ip6->ip6_flow &= ~htonl(0xff << 20); in in_stf_input()
822 ip6->ip6_flow |= htonl((u_int32_t)itos << 20); in in_stf_input()
824 m->m_pkthdr.rcvif = ifp; in in_stf_input()
826 if (bpf_peers_present(ifp->if_bpf)) { in in_stf_input()
835 bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m); in in_stf_input()
845 if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len); in in_stf_input()
846 M_SETFIB(m, ifp->if_fib); in in_stf_input()
888 in = &sin->sin_addr; in stf_getin4addr()
903 if (sc->v4prefixlen < 32) { in stf_getin4addr()
904 v4suffixlen = 32 - sc->v4prefixlen; in stf_getin4addr()
905 v4prefix = ntohl(sc->srcv4_addr) & in stf_getin4addr()
908 MPASS(sc->v4prefixlen == 32); in stf_getin4addr()
926 v6prefix >>= 64 - plen - v4suffixlen; in stf_getin4addr()
928 sin->sin_addr.s_addr = htonl(v4prefix | (uint32_t)v6prefix); in stf_getin4addr()
948 sc_cur = ifp->if_softc; in stf_ioctl()
956 if (ifd->ifd_cmd == STF6RD_SV4NET) { in stf_ioctl()
957 if (ifd->ifd_len != sizeof(args)) { in stf_ioctl()
962 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); in stf_ioctl()
971 bcopy(&args.srcv4_addr, &sc_cur->srcv4_addr, in stf_ioctl()
972 sizeof(sc_cur->srcv4_addr)); in stf_ioctl()
973 sc_cur->v4prefixlen = args.v4_prefixlen; in stf_ioctl()
974 SDT_PROBE3(if_stf, , ioctl, sv4net, sc_cur->srcv4_addr, in stf_ioctl()
975 sc_cur->srcv4_addr, sc_cur->v4prefixlen); in stf_ioctl()
976 } else if (ifd->ifd_cmd == STF6RD_SBR) { in stf_ioctl()
977 if (ifd->ifd_len != sizeof(args)) { in stf_ioctl()
982 error = copyin(ifd->ifd_data, &args, ifd->ifd_len); in stf_ioctl()
985 sc_cur->braddr = args.braddr.s_addr; in stf_ioctl()
987 sc_cur->braddr); in stf_ioctl()
993 if (ifd->ifd_cmd != STF6RD_GV4NET) { in stf_ioctl()
997 if (ifd->ifd_len != sizeof(args)) { in stf_ioctl()
1002 args.srcv4_addr.s_addr = sc_cur->srcv4_addr; in stf_ioctl()
1003 args.braddr.s_addr = sc_cur->braddr; in stf_ioctl()
1004 args.v4_prefixlen = sc_cur->v4prefixlen; in stf_ioctl()
1005 error = copyout(&args, ifd->ifd_data, ifd->ifd_len); in stf_ioctl()
1010 if (ifa == NULL || ifa->ifa_addr->sa_family != AF_INET6) { in stf_ioctl()
1015 satosin6(ifa->ifa_addr)->sin6_addr, in stf_ioctl()
1016 satosin6(ifa->ifa_netmask)->sin6_addr) == NULL) { in stf_ioctl()
1020 ifp->if_flags |= IFF_UP; in stf_ioctl()
1021 ifp->if_drv_flags |= IFF_DRV_RUNNING; in stf_ioctl()
1027 if (ifr && ifr->ifr_addr.sa_family == AF_INET6) in stf_ioctl()
1038 mtu = ifr->ifr_mtu; in stf_ioctl()
1040 if (mtu < IPV6_MINMTU || mtu > IF_MAXMTU - 20) in stf_ioctl()
1042 ifp->if_mtu = mtu; in stf_ioctl()