1 /* $FreeBSD$ */ 2 /* $KAME: if_gif.c,v 1.28 2000/06/20 12:30:03 jinmei Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include "opt_inet.h" 34 #include "opt_inet6.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/kernel.h> 39 #include <sys/malloc.h> 40 #include <sys/mbuf.h> 41 #include <sys/socket.h> 42 #include <sys/sockio.h> 43 #include <sys/errno.h> 44 #include <sys/time.h> 45 #include <sys/syslog.h> 46 #include <sys/protosw.h> 47 #include <machine/cpu.h> 48 49 #include <net/if.h> 50 #include <net/if_types.h> 51 #include <net/netisr.h> 52 #include <net/route.h> 53 #include <net/bpf.h> 54 55 #ifdef INET 56 #include <netinet/in.h> 57 #include <netinet/in_systm.h> 58 #include <netinet/in_var.h> 59 #include <netinet/ip.h> 60 #include <netinet/in_gif.h> 61 #endif /* INET */ 62 63 #ifdef INET6 64 #ifndef INET 65 #include <netinet/in.h> 66 #endif 67 #include <netinet6/in6_var.h> 68 #include <netinet/ip6.h> 69 #include <netinet6/ip6_var.h> 70 #include <netinet6/in6_gif.h> 71 #include <netinet6/ip6protosw.h> 72 #endif /* INET6 */ 73 74 #include <netinet/ip_encap.h> 75 #include <net/if_gif.h> 76 77 #include "gif.h" 78 #include "bpf.h" 79 #define NBPFILTER NBPF 80 81 #include <net/net_osdep.h> 82 83 #if NGIF > 0 84 85 void gifattach __P((void *)); 86 static int gif_encapcheck __P((const struct mbuf *, int, int, void *)); 87 #ifdef INET 88 extern struct protosw in_gif_protosw; 89 #endif 90 #ifdef INET6 91 extern struct ip6protosw in6_gif_protosw; 92 #endif 93 94 /* 95 * gif global variable definitions 96 */ 97 static int ngif; /* number of interfaces */ 98 static struct gif_softc *gif = 0; 99 100 #ifndef MAX_GIF_NEST 101 /* 102 * This macro controls the upper limitation on nesting of gif tunnels. 103 * Since, setting a large value to this macro with a careless configuration 104 * may introduce system crash, we don't allow any nestings by default. 105 * If you need to configure nested gif tunnels, you can define this macro 106 * in your kernel configuration file. However, if you do so, please be 107 * careful to configure the tunnels so that it won't make a loop. 108 */ 109 #define MAX_GIF_NEST 1 110 #endif 111 static int max_gif_nesting = MAX_GIF_NEST; 112 113 void 114 gifattach(dummy) 115 void *dummy; 116 { 117 register struct gif_softc *sc; 118 register int i; 119 120 ngif = NGIF; 121 gif = sc = malloc (ngif * sizeof(struct gif_softc), M_DEVBUF, M_WAIT); 122 bzero(sc, ngif * sizeof(struct gif_softc)); 123 for (i = 0; i < ngif; sc++, i++) { 124 sc->gif_if.if_name = "gif"; 125 sc->gif_if.if_unit = i; 126 127 sc->encap_cookie4 = sc->encap_cookie6 = NULL; 128 #ifdef INET 129 sc->encap_cookie4 = encap_attach_func(AF_INET, -1, 130 gif_encapcheck, &in_gif_protosw, sc); 131 if (sc->encap_cookie4 == NULL) { 132 printf("%s: attach failed\n", if_name(&sc->gif_if)); 133 continue; 134 } 135 #endif 136 #ifdef INET6 137 sc->encap_cookie6 = encap_attach_func(AF_INET6, -1, 138 gif_encapcheck, (struct protosw *)&in6_gif_protosw, sc); 139 if (sc->encap_cookie6 == NULL) { 140 if (sc->encap_cookie4) { 141 encap_detach(sc->encap_cookie4); 142 sc->encap_cookie4 = NULL; 143 } 144 printf("%s: attach failed\n", if_name(&sc->gif_if)); 145 continue; 146 } 147 #endif 148 149 sc->gif_if.if_mtu = GIF_MTU; 150 sc->gif_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 151 sc->gif_if.if_ioctl = gif_ioctl; 152 sc->gif_if.if_output = gif_output; 153 sc->gif_if.if_type = IFT_GIF; 154 sc->gif_if.if_snd.ifq_maxlen = IFQ_MAXLEN; 155 if_attach(&sc->gif_if); 156 #if NBPFILTER > 0 157 #ifdef HAVE_OLD_BPF 158 bpfattach(&sc->gif_if, DLT_NULL, sizeof(u_int)); 159 #else 160 bpfattach(&sc->gif_if.if_bpf, &sc->gif_if, DLT_NULL, sizeof(u_int)); 161 #endif 162 #endif 163 } 164 } 165 166 PSEUDO_SET(gifattach, if_gif); 167 168 static int 169 gif_encapcheck(m, off, proto, arg) 170 const struct mbuf *m; 171 int off; 172 int proto; 173 void *arg; 174 { 175 struct ip ip; 176 struct gif_softc *sc; 177 178 sc = (struct gif_softc *)arg; 179 if (sc == NULL) 180 return 0; 181 182 if ((sc->gif_if.if_flags & IFF_UP) == 0) 183 return 0; 184 185 /* no physical address */ 186 if (!sc->gif_psrc || !sc->gif_pdst) 187 return 0; 188 189 switch (proto) { 190 #ifdef INET 191 case IPPROTO_IPV4: 192 break; 193 #endif 194 #ifdef INET6 195 case IPPROTO_IPV6: 196 break; 197 #endif 198 default: 199 return 0; 200 } 201 202 /* LINTED const cast */ 203 m_copydata((struct mbuf *)m, 0, sizeof(ip), (caddr_t)&ip); 204 205 switch (ip.ip_v) { 206 #ifdef INET 207 case 4: 208 if (sc->gif_psrc->sa_family != AF_INET || 209 sc->gif_pdst->sa_family != AF_INET) 210 return 0; 211 return gif_encapcheck4(m, off, proto, arg); 212 #endif 213 #ifdef INET6 214 case 6: 215 if (sc->gif_psrc->sa_family != AF_INET6 || 216 sc->gif_pdst->sa_family != AF_INET6) 217 return 0; 218 return gif_encapcheck6(m, off, proto, arg); 219 #endif 220 default: 221 return 0; 222 } 223 } 224 225 int 226 gif_output(ifp, m, dst, rt) 227 struct ifnet *ifp; 228 struct mbuf *m; 229 struct sockaddr *dst; 230 struct rtentry *rt; /* added in net2 */ 231 { 232 register struct gif_softc *sc = (struct gif_softc*)ifp; 233 int error = 0; 234 static int called = 0; /* XXX: MUTEX */ 235 236 /* 237 * gif may cause infinite recursion calls when misconfigured. 238 * We'll prevent this by introducing upper limit. 239 * XXX: this mechanism may introduce another problem about 240 * mutual exclusion of the variable CALLED, especially if we 241 * use kernel thread. 242 */ 243 if (++called > max_gif_nesting) { 244 log(LOG_NOTICE, 245 "gif_output: recursively called too many times(%d)\n", 246 called); 247 m_freem(m); 248 error = EIO; /* is there better errno? */ 249 goto end; 250 } 251 252 getmicrotime(&ifp->if_lastchange); 253 m->m_flags &= ~(M_BCAST|M_MCAST); 254 if (!(ifp->if_flags & IFF_UP) || 255 sc->gif_psrc == NULL || sc->gif_pdst == NULL) { 256 m_freem(m); 257 error = ENETDOWN; 258 goto end; 259 } 260 261 #if NBPFILTER > 0 262 if (ifp->if_bpf) { 263 /* 264 * We need to prepend the address family as 265 * a four byte field. Cons up a dummy header 266 * to pacify bpf. This is safe because bpf 267 * will only read from the mbuf (i.e., it won't 268 * try to free it or keep a pointer a to it). 269 */ 270 struct mbuf m0; 271 u_int af = dst->sa_family; 272 273 m0.m_next = m; 274 m0.m_len = 4; 275 m0.m_data = (char *)⁡ 276 277 #ifdef HAVE_OLD_BPF 278 bpf_mtap(ifp, &m0); 279 #else 280 bpf_mtap(ifp->if_bpf, &m0); 281 #endif 282 } 283 #endif 284 ifp->if_opackets++; 285 ifp->if_obytes += m->m_pkthdr.len; 286 287 /* XXX should we check if our outer source is legal? */ 288 289 switch (sc->gif_psrc->sa_family) { 290 #ifdef INET 291 case AF_INET: 292 error = in_gif_output(ifp, dst->sa_family, m, rt); 293 break; 294 #endif 295 #ifdef INET6 296 case AF_INET6: 297 error = in6_gif_output(ifp, dst->sa_family, m, rt); 298 break; 299 #endif 300 default: 301 m_freem(m); 302 error = ENETDOWN; 303 } 304 305 end: 306 called = 0; /* reset recursion counter */ 307 if (error) ifp->if_oerrors++; 308 return error; 309 } 310 311 void 312 gif_input(m, af, gifp) 313 struct mbuf *m; 314 int af; 315 struct ifnet *gifp; 316 { 317 int isr; 318 register struct ifqueue *ifq = 0; 319 320 if (gifp == NULL) { 321 /* just in case */ 322 m_freem(m); 323 return; 324 } 325 326 m->m_pkthdr.rcvif = gifp; 327 328 #if NBPFILTER > 0 329 if (gifp->if_bpf) { 330 /* 331 * We need to prepend the address family as 332 * a four byte field. Cons up a dummy header 333 * to pacify bpf. This is safe because bpf 334 * will only read from the mbuf (i.e., it won't 335 * try to free it or keep a pointer a to it). 336 */ 337 struct mbuf m0; 338 u_int af = AF_INET6; 339 340 m0.m_next = m; 341 m0.m_len = 4; 342 m0.m_data = (char *)⁡ 343 344 #ifdef HAVE_OLD_BPF 345 bpf_mtap(gifp, &m0); 346 #else 347 bpf_mtap(gifp->if_bpf, &m0); 348 #endif 349 } 350 #endif /*NBPFILTER > 0*/ 351 352 /* 353 * Put the packet to the network layer input queue according to the 354 * specified address family. 355 * Note: older versions of gif_input directly called network layer 356 * input functions, e.g. ip6_input, here. We changed the policy to 357 * prevent too many recursive calls of such input functions, which 358 * might cause kernel panic. But the change may introduce another 359 * problem; if the input queue is full, packets are discarded. 360 * We believed it rarely occurs and changed the policy. If we find 361 * it occurs more times than we thought, we may change the policy 362 * again. 363 */ 364 switch (af) { 365 #ifdef INET 366 case AF_INET: 367 ifq = &ipintrq; 368 isr = NETISR_IP; 369 break; 370 #endif 371 #ifdef INET6 372 case AF_INET6: 373 ifq = &ip6intrq; 374 isr = NETISR_IPV6; 375 break; 376 #endif 377 default: 378 m_freem(m); 379 return; 380 } 381 382 gifp->if_ipackets++; 383 gifp->if_ibytes += m->m_pkthdr.len; 384 (void) IF_HANDOFF(ifq, m, NULL); 385 /* we need schednetisr since the address family may change */ 386 schednetisr(isr); 387 388 return; 389 } 390 391 /* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */ 392 int 393 gif_ioctl(ifp, cmd, data) 394 struct ifnet *ifp; 395 u_long cmd; 396 caddr_t data; 397 { 398 struct gif_softc *sc = (struct gif_softc*)ifp; 399 struct ifreq *ifr = (struct ifreq*)data; 400 int error = 0, size; 401 struct sockaddr *dst, *src; 402 struct sockaddr *sa; 403 int i; 404 struct gif_softc *sc2; 405 406 switch (cmd) { 407 case SIOCSIFADDR: 408 break; 409 410 case SIOCSIFDSTADDR: 411 break; 412 413 case SIOCADDMULTI: 414 case SIOCDELMULTI: 415 break; 416 417 #ifdef SIOCSIFMTU /* xxx */ 418 case SIOCGIFMTU: 419 break; 420 421 case SIOCSIFMTU: 422 { 423 u_long mtu; 424 mtu = ifr->ifr_mtu; 425 if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX) { 426 return (EINVAL); 427 } 428 ifp->if_mtu = mtu; 429 } 430 break; 431 #endif /* SIOCSIFMTU */ 432 433 case SIOCSIFPHYADDR: 434 #ifdef INET6 435 case SIOCSIFPHYADDR_IN6: 436 #endif /* INET6 */ 437 switch (cmd) { 438 case SIOCSIFPHYADDR: 439 src = (struct sockaddr *) 440 &(((struct in_aliasreq *)data)->ifra_addr); 441 dst = (struct sockaddr *) 442 &(((struct in_aliasreq *)data)->ifra_dstaddr); 443 break; 444 #ifdef INET6 445 case SIOCSIFPHYADDR_IN6: 446 src = (struct sockaddr *) 447 &(((struct in6_aliasreq *)data)->ifra_addr); 448 dst = (struct sockaddr *) 449 &(((struct in6_aliasreq *)data)->ifra_dstaddr); 450 break; 451 #endif 452 } 453 454 for (i = 0; i < ngif; i++) { 455 sc2 = gif + i; 456 if (sc2 == sc) 457 continue; 458 if (!sc2->gif_pdst || !sc2->gif_psrc) 459 continue; 460 if (sc2->gif_pdst->sa_family != dst->sa_family || 461 sc2->gif_pdst->sa_len != dst->sa_len || 462 sc2->gif_psrc->sa_family != src->sa_family || 463 sc2->gif_psrc->sa_len != src->sa_len) 464 continue; 465 #ifndef XBONEHACK 466 /* can't configure same pair of address onto two gifs */ 467 if (bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 && 468 bcmp(sc2->gif_psrc, src, src->sa_len) == 0) { 469 error = EADDRNOTAVAIL; 470 goto bad; 471 } 472 #endif 473 474 /* can't configure multiple multi-dest interfaces */ 475 #define multidest(x) \ 476 (((struct sockaddr_in *)(x))->sin_addr.s_addr == INADDR_ANY) 477 #ifdef INET6 478 #define multidest6(x) \ 479 (IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *)(x))->sin6_addr)) 480 #endif 481 if (dst->sa_family == AF_INET && 482 multidest(dst) && multidest(sc2->gif_pdst)) { 483 error = EADDRNOTAVAIL; 484 goto bad; 485 } 486 #ifdef INET6 487 if (dst->sa_family == AF_INET6 && 488 multidest6(dst) && multidest6(sc2->gif_pdst)) { 489 error = EADDRNOTAVAIL; 490 goto bad; 491 } 492 #endif 493 } 494 495 if (src->sa_family != dst->sa_family || 496 src->sa_len != dst->sa_len) { 497 error = EINVAL; 498 break; 499 } 500 switch (src->sa_family) { 501 #ifdef INET 502 case AF_INET: 503 size = sizeof(struct sockaddr_in); 504 break; 505 #endif 506 #ifdef INET6 507 case AF_INET6: 508 size = sizeof(struct sockaddr_in6); 509 break; 510 #endif 511 default: 512 error = EAFNOSUPPORT; 513 goto bad; 514 } 515 if (src->sa_len != size) { 516 error = EINVAL; 517 break; 518 } 519 520 if (sc->gif_psrc) 521 free((caddr_t)sc->gif_psrc, M_IFADDR); 522 sa = (struct sockaddr *)malloc(size, M_IFADDR, M_WAITOK); 523 bcopy((caddr_t)src, (caddr_t)sa, size); 524 sc->gif_psrc = sa; 525 526 if (sc->gif_pdst) 527 free((caddr_t)sc->gif_pdst, M_IFADDR); 528 sa = (struct sockaddr *)malloc(size, M_IFADDR, M_WAITOK); 529 bcopy((caddr_t)dst, (caddr_t)sa, size); 530 sc->gif_pdst = sa; 531 532 ifp->if_flags |= IFF_UP; 533 if_up(ifp); /* send up RTM_IFINFO */ 534 535 error = 0; 536 break; 537 538 #ifdef SIOCDIFPHYADDR 539 case SIOCDIFPHYADDR: 540 if (sc->gif_psrc) { 541 free((caddr_t)sc->gif_psrc, M_IFADDR); 542 sc->gif_psrc = NULL; 543 } 544 if (sc->gif_pdst) { 545 free((caddr_t)sc->gif_pdst, M_IFADDR); 546 sc->gif_pdst = NULL; 547 } 548 /* change the IFF_UP flag as well? */ 549 break; 550 #endif 551 552 case SIOCGIFPSRCADDR: 553 #ifdef INET6 554 case SIOCGIFPSRCADDR_IN6: 555 #endif /* INET6 */ 556 if (sc->gif_psrc == NULL) { 557 error = EADDRNOTAVAIL; 558 goto bad; 559 } 560 src = sc->gif_psrc; 561 switch (sc->gif_psrc->sa_family) { 562 #ifdef INET 563 case AF_INET: 564 dst = &ifr->ifr_addr; 565 size = sizeof(struct sockaddr_in); 566 break; 567 #endif /* INET */ 568 #ifdef INET6 569 case AF_INET6: 570 dst = (struct sockaddr *) 571 &(((struct in6_ifreq *)data)->ifr_addr); 572 size = sizeof(struct sockaddr_in6); 573 break; 574 #endif /* INET6 */ 575 default: 576 error = EADDRNOTAVAIL; 577 goto bad; 578 } 579 bcopy((caddr_t)src, (caddr_t)dst, size); 580 break; 581 582 case SIOCGIFPDSTADDR: 583 #ifdef INET6 584 case SIOCGIFPDSTADDR_IN6: 585 #endif /* INET6 */ 586 if (sc->gif_pdst == NULL) { 587 error = EADDRNOTAVAIL; 588 goto bad; 589 } 590 src = sc->gif_pdst; 591 switch (sc->gif_pdst->sa_family) { 592 #ifdef INET 593 case AF_INET: 594 dst = &ifr->ifr_addr; 595 size = sizeof(struct sockaddr_in); 596 break; 597 #endif /* INET */ 598 #ifdef INET6 599 case AF_INET6: 600 dst = (struct sockaddr *) 601 &(((struct in6_ifreq *)data)->ifr_addr); 602 size = sizeof(struct sockaddr_in6); 603 break; 604 #endif /* INET6 */ 605 default: 606 error = EADDRNOTAVAIL; 607 goto bad; 608 } 609 bcopy((caddr_t)src, (caddr_t)dst, size); 610 break; 611 612 case SIOCSIFFLAGS: 613 /* if_ioctl() takes care of it */ 614 break; 615 616 default: 617 error = EINVAL; 618 break; 619 } 620 bad: 621 return error; 622 } 623 #endif /*NGIF > 0*/ 624