1 /* $FreeBSD$ */ 2 /* $KAME: if_gif.c,v 1.28 2000/06/20 12:30:03 jinmei Exp $ */ 3 4 /* 5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33 #include "opt_inet.h" 34 #include "opt_inet6.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/kernel.h> 39 #include <sys/malloc.h> 40 #include <sys/mbuf.h> 41 #include <sys/socket.h> 42 #include <sys/sockio.h> 43 #include <sys/errno.h> 44 #include <sys/time.h> 45 #include <sys/syslog.h> 46 #include <sys/protosw.h> 47 #include <machine/cpu.h> 48 49 #include <net/if.h> 50 #include <net/if_types.h> 51 #include <net/netisr.h> 52 #include <net/route.h> 53 #include <net/bpf.h> 54 55 #ifdef INET 56 #include <netinet/in.h> 57 #include <netinet/in_systm.h> 58 #include <netinet/in_var.h> 59 #include <netinet/ip.h> 60 #include <netinet/in_gif.h> 61 #endif /* INET */ 62 63 #ifdef INET6 64 #ifndef INET 65 #include <netinet/in.h> 66 #endif 67 #include <netinet6/in6_var.h> 68 #include <netinet/ip6.h> 69 #include <netinet6/ip6_var.h> 70 #include <netinet6/in6_gif.h> 71 #include <netinet6/ip6protosw.h> 72 #endif /* INET6 */ 73 74 #include <netinet/ip_encap.h> 75 #include <net/if_gif.h> 76 77 #include "gif.h" 78 #include "bpf.h" 79 #define NBPFILTER NBPF 80 81 #include <net/net_osdep.h> 82 83 #if NGIF > 0 84 85 void gifattach __P((void *)); 86 static int gif_encapcheck __P((const struct mbuf *, int, int, void *)); 87 #ifdef INET 88 extern struct protosw in_gif_protosw; 89 #endif 90 #ifdef INET6 91 extern struct ip6protosw in6_gif_protosw; 92 #endif 93 94 /* 95 * gif global variable definitions 96 */ 97 static int ngif; /* number of interfaces */ 98 static struct gif_softc *gif = 0; 99 100 #ifndef MAX_GIF_NEST 101 /* 102 * This macro controls the upper limitation on nesting of gif tunnels. 103 * Since, setting a large value to this macro with a careless configuration 104 * may introduce system crash, we don't allow any nestings by default. 105 * If you need to configure nested gif tunnels, you can define this macro 106 * in your kernel configuration file. However, if you do so, please be 107 * careful to configure the tunnels so that it won't make a loop. 108 */ 109 #define MAX_GIF_NEST 1 110 #endif 111 static int max_gif_nesting = MAX_GIF_NEST; 112 113 void 114 gifattach(dummy) 115 void *dummy; 116 { 117 register struct gif_softc *sc; 118 register int i; 119 120 ngif = NGIF; 121 gif = sc = malloc (ngif * sizeof(struct gif_softc), M_DEVBUF, M_WAIT); 122 bzero(sc, ngif * sizeof(struct gif_softc)); 123 for (i = 0; i < ngif; sc++, i++) { 124 sc->gif_if.if_name = "gif"; 125 sc->gif_if.if_unit = i; 126 127 sc->encap_cookie4 = sc->encap_cookie6 = NULL; 128 #ifdef INET 129 sc->encap_cookie4 = encap_attach_func(AF_INET, -1, 130 gif_encapcheck, &in_gif_protosw, sc); 131 if (sc->encap_cookie4 == NULL) { 132 printf("%s: attach failed\n", if_name(&sc->gif_if)); 133 continue; 134 } 135 #endif 136 #ifdef INET6 137 sc->encap_cookie6 = encap_attach_func(AF_INET6, -1, 138 gif_encapcheck, (struct protosw *)&in6_gif_protosw, sc); 139 if (sc->encap_cookie6 == NULL) { 140 if (sc->encap_cookie4) { 141 encap_detach(sc->encap_cookie4); 142 sc->encap_cookie4 = NULL; 143 } 144 printf("%s: attach failed\n", if_name(&sc->gif_if)); 145 continue; 146 } 147 #endif 148 149 sc->gif_if.if_mtu = GIF_MTU; 150 sc->gif_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST; 151 sc->gif_if.if_ioctl = gif_ioctl; 152 sc->gif_if.if_output = gif_output; 153 sc->gif_if.if_type = IFT_GIF; 154 sc->gif_if.if_snd.ifq_maxlen = IFQ_MAXLEN; 155 if_attach(&sc->gif_if); 156 #if NBPFILTER > 0 157 #ifdef HAVE_OLD_BPF 158 bpfattach(&sc->gif_if, DLT_NULL, sizeof(u_int)); 159 #else 160 bpfattach(&sc->gif_if.if_bpf, &sc->gif_if, DLT_NULL, sizeof(u_int)); 161 #endif 162 #endif 163 } 164 } 165 166 PSEUDO_SET(gifattach, if_gif); 167 168 static int 169 gif_encapcheck(m, off, proto, arg) 170 const struct mbuf *m; 171 int off; 172 int proto; 173 void *arg; 174 { 175 struct ip ip; 176 struct gif_softc *sc; 177 178 sc = (struct gif_softc *)arg; 179 if (sc == NULL) 180 return 0; 181 182 if ((sc->gif_if.if_flags & IFF_UP) == 0) 183 return 0; 184 185 /* no physical address */ 186 if (!sc->gif_psrc || !sc->gif_pdst) 187 return 0; 188 189 switch (proto) { 190 #ifdef INET 191 case IPPROTO_IPV4: 192 break; 193 #endif 194 #ifdef INET6 195 case IPPROTO_IPV6: 196 break; 197 #endif 198 default: 199 return 0; 200 } 201 202 /* LINTED const cast */ 203 m_copydata((struct mbuf *)m, 0, sizeof(ip), (caddr_t)&ip); 204 205 switch (ip.ip_v) { 206 #ifdef INET 207 case 4: 208 if (sc->gif_psrc->sa_family != AF_INET || 209 sc->gif_pdst->sa_family != AF_INET) 210 return 0; 211 return gif_encapcheck4(m, off, proto, arg); 212 #endif 213 #ifdef INET6 214 case 6: 215 if (sc->gif_psrc->sa_family != AF_INET6 || 216 sc->gif_pdst->sa_family != AF_INET6) 217 return 0; 218 return gif_encapcheck6(m, off, proto, arg); 219 #endif 220 default: 221 return 0; 222 } 223 } 224 225 int 226 gif_output(ifp, m, dst, rt) 227 struct ifnet *ifp; 228 struct mbuf *m; 229 struct sockaddr *dst; 230 struct rtentry *rt; /* added in net2 */ 231 { 232 register struct gif_softc *sc = (struct gif_softc*)ifp; 233 int error = 0; 234 static int called = 0; /* XXX: MUTEX */ 235 236 /* 237 * gif may cause infinite recursion calls when misconfigured. 238 * We'll prevent this by introducing upper limit. 239 * XXX: this mechanism may introduce another problem about 240 * mutual exclusion of the variable CALLED, especially if we 241 * use kernel thread. 242 */ 243 if (++called > max_gif_nesting) { 244 log(LOG_NOTICE, 245 "gif_output: recursively called too many times(%d)\n", 246 called); 247 m_freem(m); 248 error = EIO; /* is there better errno? */ 249 goto end; 250 } 251 252 getmicrotime(&ifp->if_lastchange); 253 m->m_flags &= ~(M_BCAST|M_MCAST); 254 if (!(ifp->if_flags & IFF_UP) || 255 sc->gif_psrc == NULL || sc->gif_pdst == NULL) { 256 m_freem(m); 257 error = ENETDOWN; 258 goto end; 259 } 260 261 #if NBPFILTER > 0 262 if (ifp->if_bpf) { 263 /* 264 * We need to prepend the address family as 265 * a four byte field. Cons up a dummy header 266 * to pacify bpf. This is safe because bpf 267 * will only read from the mbuf (i.e., it won't 268 * try to free it or keep a pointer a to it). 269 */ 270 struct mbuf m0; 271 u_int af = dst->sa_family; 272 273 m0.m_next = m; 274 m0.m_len = 4; 275 m0.m_data = (char *)⁡ 276 277 #ifdef HAVE_OLD_BPF 278 bpf_mtap(ifp, &m0); 279 #else 280 bpf_mtap(ifp->if_bpf, &m0); 281 #endif 282 } 283 #endif 284 ifp->if_opackets++; 285 ifp->if_obytes += m->m_pkthdr.len; 286 287 /* XXX should we check if our outer source is legal? */ 288 289 switch (sc->gif_psrc->sa_family) { 290 #ifdef INET 291 case AF_INET: 292 error = in_gif_output(ifp, dst->sa_family, m, rt); 293 break; 294 #endif 295 #ifdef INET6 296 case AF_INET6: 297 error = in6_gif_output(ifp, dst->sa_family, m, rt); 298 break; 299 #endif 300 default: 301 m_freem(m); 302 error = ENETDOWN; 303 } 304 305 end: 306 called = 0; /* reset recursion counter */ 307 if (error) ifp->if_oerrors++; 308 return error; 309 } 310 311 void 312 gif_input(m, af, gifp) 313 struct mbuf *m; 314 int af; 315 struct ifnet *gifp; 316 { 317 int s, isr; 318 register struct ifqueue *ifq = 0; 319 320 if (gifp == NULL) { 321 /* just in case */ 322 m_freem(m); 323 return; 324 } 325 326 m->m_pkthdr.rcvif = gifp; 327 328 #if NBPFILTER > 0 329 if (gifp->if_bpf) { 330 /* 331 * We need to prepend the address family as 332 * a four byte field. Cons up a dummy header 333 * to pacify bpf. This is safe because bpf 334 * will only read from the mbuf (i.e., it won't 335 * try to free it or keep a pointer a to it). 336 */ 337 struct mbuf m0; 338 u_int af = AF_INET6; 339 340 m0.m_next = m; 341 m0.m_len = 4; 342 m0.m_data = (char *)⁡ 343 344 #ifdef HAVE_OLD_BPF 345 bpf_mtap(gifp, &m0); 346 #else 347 bpf_mtap(gifp->if_bpf, &m0); 348 #endif 349 } 350 #endif /*NBPFILTER > 0*/ 351 352 /* 353 * Put the packet to the network layer input queue according to the 354 * specified address family. 355 * Note: older versions of gif_input directly called network layer 356 * input functions, e.g. ip6_input, here. We changed the policy to 357 * prevent too many recursive calls of such input functions, which 358 * might cause kernel panic. But the change may introduce another 359 * problem; if the input queue is full, packets are discarded. 360 * We believed it rarely occurs and changed the policy. If we find 361 * it occurs more times than we thought, we may change the policy 362 * again. 363 */ 364 switch (af) { 365 #ifdef INET 366 case AF_INET: 367 ifq = &ipintrq; 368 isr = NETISR_IP; 369 break; 370 #endif 371 #ifdef INET6 372 case AF_INET6: 373 ifq = &ip6intrq; 374 isr = NETISR_IPV6; 375 break; 376 #endif 377 default: 378 m_freem(m); 379 return; 380 } 381 382 s = splimp(); 383 if (IF_QFULL(ifq)) { 384 IF_DROP(ifq); /* update statistics */ 385 m_freem(m); 386 splx(s); 387 return; 388 } 389 IF_ENQUEUE(ifq, m); 390 /* we need schednetisr since the address family may change */ 391 schednetisr(isr); 392 gifp->if_ipackets++; 393 gifp->if_ibytes += m->m_pkthdr.len; 394 splx(s); 395 396 return; 397 } 398 399 /* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */ 400 int 401 gif_ioctl(ifp, cmd, data) 402 struct ifnet *ifp; 403 u_long cmd; 404 caddr_t data; 405 { 406 struct gif_softc *sc = (struct gif_softc*)ifp; 407 struct ifreq *ifr = (struct ifreq*)data; 408 int error = 0, size; 409 struct sockaddr *dst, *src; 410 struct sockaddr *sa; 411 int i; 412 struct gif_softc *sc2; 413 414 switch (cmd) { 415 case SIOCSIFADDR: 416 break; 417 418 case SIOCSIFDSTADDR: 419 break; 420 421 case SIOCADDMULTI: 422 case SIOCDELMULTI: 423 break; 424 425 #ifdef SIOCSIFMTU /* xxx */ 426 case SIOCGIFMTU: 427 break; 428 429 case SIOCSIFMTU: 430 { 431 u_long mtu; 432 mtu = ifr->ifr_mtu; 433 if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX) { 434 return (EINVAL); 435 } 436 ifp->if_mtu = mtu; 437 } 438 break; 439 #endif /* SIOCSIFMTU */ 440 441 case SIOCSIFPHYADDR: 442 #ifdef INET6 443 case SIOCSIFPHYADDR_IN6: 444 #endif /* INET6 */ 445 switch (cmd) { 446 case SIOCSIFPHYADDR: 447 src = (struct sockaddr *) 448 &(((struct in_aliasreq *)data)->ifra_addr); 449 dst = (struct sockaddr *) 450 &(((struct in_aliasreq *)data)->ifra_dstaddr); 451 break; 452 #ifdef INET6 453 case SIOCSIFPHYADDR_IN6: 454 src = (struct sockaddr *) 455 &(((struct in6_aliasreq *)data)->ifra_addr); 456 dst = (struct sockaddr *) 457 &(((struct in6_aliasreq *)data)->ifra_dstaddr); 458 break; 459 #endif 460 } 461 462 for (i = 0; i < ngif; i++) { 463 sc2 = gif + i; 464 if (sc2 == sc) 465 continue; 466 if (!sc2->gif_pdst || !sc2->gif_psrc) 467 continue; 468 if (sc2->gif_pdst->sa_family != dst->sa_family || 469 sc2->gif_pdst->sa_len != dst->sa_len || 470 sc2->gif_psrc->sa_family != src->sa_family || 471 sc2->gif_psrc->sa_len != src->sa_len) 472 continue; 473 #ifndef XBONEHACK 474 /* can't configure same pair of address onto two gifs */ 475 if (bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 && 476 bcmp(sc2->gif_psrc, src, src->sa_len) == 0) { 477 error = EADDRNOTAVAIL; 478 goto bad; 479 } 480 #endif 481 482 /* can't configure multiple multi-dest interfaces */ 483 #define multidest(x) \ 484 (((struct sockaddr_in *)(x))->sin_addr.s_addr == INADDR_ANY) 485 #ifdef INET6 486 #define multidest6(x) \ 487 (IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *)(x))->sin6_addr)) 488 #endif 489 if (dst->sa_family == AF_INET && 490 multidest(dst) && multidest(sc2->gif_pdst)) { 491 error = EADDRNOTAVAIL; 492 goto bad; 493 } 494 #ifdef INET6 495 if (dst->sa_family == AF_INET6 && 496 multidest6(dst) && multidest6(sc2->gif_pdst)) { 497 error = EADDRNOTAVAIL; 498 goto bad; 499 } 500 #endif 501 } 502 503 if (src->sa_family != dst->sa_family || 504 src->sa_len != dst->sa_len) { 505 error = EINVAL; 506 break; 507 } 508 switch (src->sa_family) { 509 #ifdef INET 510 case AF_INET: 511 size = sizeof(struct sockaddr_in); 512 break; 513 #endif 514 #ifdef INET6 515 case AF_INET6: 516 size = sizeof(struct sockaddr_in6); 517 break; 518 #endif 519 default: 520 error = EAFNOSUPPORT; 521 goto bad; 522 } 523 if (src->sa_len != size) { 524 error = EINVAL; 525 break; 526 } 527 528 if (sc->gif_psrc) 529 free((caddr_t)sc->gif_psrc, M_IFADDR); 530 sa = (struct sockaddr *)malloc(size, M_IFADDR, M_WAITOK); 531 bcopy((caddr_t)src, (caddr_t)sa, size); 532 sc->gif_psrc = sa; 533 534 if (sc->gif_pdst) 535 free((caddr_t)sc->gif_pdst, M_IFADDR); 536 sa = (struct sockaddr *)malloc(size, M_IFADDR, M_WAITOK); 537 bcopy((caddr_t)dst, (caddr_t)sa, size); 538 sc->gif_pdst = sa; 539 540 ifp->if_flags |= IFF_UP; 541 if_up(ifp); /* send up RTM_IFINFO */ 542 543 error = 0; 544 break; 545 546 #ifdef SIOCDIFPHYADDR 547 case SIOCDIFPHYADDR: 548 if (sc->gif_psrc) { 549 free((caddr_t)sc->gif_psrc, M_IFADDR); 550 sc->gif_psrc = NULL; 551 } 552 if (sc->gif_pdst) { 553 free((caddr_t)sc->gif_pdst, M_IFADDR); 554 sc->gif_pdst = NULL; 555 } 556 /* change the IFF_UP flag as well? */ 557 break; 558 #endif 559 560 case SIOCGIFPSRCADDR: 561 #ifdef INET6 562 case SIOCGIFPSRCADDR_IN6: 563 #endif /* INET6 */ 564 if (sc->gif_psrc == NULL) { 565 error = EADDRNOTAVAIL; 566 goto bad; 567 } 568 src = sc->gif_psrc; 569 switch (sc->gif_psrc->sa_family) { 570 #ifdef INET 571 case AF_INET: 572 dst = &ifr->ifr_addr; 573 size = sizeof(struct sockaddr_in); 574 break; 575 #endif /* INET */ 576 #ifdef INET6 577 case AF_INET6: 578 dst = (struct sockaddr *) 579 &(((struct in6_ifreq *)data)->ifr_addr); 580 size = sizeof(struct sockaddr_in6); 581 break; 582 #endif /* INET6 */ 583 default: 584 error = EADDRNOTAVAIL; 585 goto bad; 586 } 587 bcopy((caddr_t)src, (caddr_t)dst, size); 588 break; 589 590 case SIOCGIFPDSTADDR: 591 #ifdef INET6 592 case SIOCGIFPDSTADDR_IN6: 593 #endif /* INET6 */ 594 if (sc->gif_pdst == NULL) { 595 error = EADDRNOTAVAIL; 596 goto bad; 597 } 598 src = sc->gif_pdst; 599 switch (sc->gif_pdst->sa_family) { 600 #ifdef INET 601 case AF_INET: 602 dst = &ifr->ifr_addr; 603 size = sizeof(struct sockaddr_in); 604 break; 605 #endif /* INET */ 606 #ifdef INET6 607 case AF_INET6: 608 dst = (struct sockaddr *) 609 &(((struct in6_ifreq *)data)->ifr_addr); 610 size = sizeof(struct sockaddr_in6); 611 break; 612 #endif /* INET6 */ 613 default: 614 error = EADDRNOTAVAIL; 615 goto bad; 616 } 617 bcopy((caddr_t)src, (caddr_t)dst, size); 618 break; 619 620 case SIOCSIFFLAGS: 621 /* if_ioctl() takes care of it */ 622 break; 623 624 default: 625 error = EINVAL; 626 break; 627 } 628 bad: 629 return error; 630 } 631 #endif /*NGIF > 0*/ 632