xref: /freebsd/sys/net/if_gif.c (revision f0cfa1b168014f56c02b83e5f28412cc5f78d117)
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the project nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  *
31  *	$KAME: if_gif.c,v 1.87 2001/10/19 08:50:27 itojun Exp $
32  */
33 
34 #include <sys/cdefs.h>
35 __FBSDID("$FreeBSD$");
36 
37 #include "opt_inet.h"
38 #include "opt_inet6.h"
39 
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/jail.h>
43 #include <sys/kernel.h>
44 #include <sys/lock.h>
45 #include <sys/malloc.h>
46 #include <sys/mbuf.h>
47 #include <sys/module.h>
48 #include <sys/rmlock.h>
49 #include <sys/socket.h>
50 #include <sys/sockio.h>
51 #include <sys/sx.h>
52 #include <sys/errno.h>
53 #include <sys/time.h>
54 #include <sys/sysctl.h>
55 #include <sys/syslog.h>
56 #include <sys/priv.h>
57 #include <sys/proc.h>
58 #include <sys/protosw.h>
59 #include <sys/conf.h>
60 #include <machine/cpu.h>
61 
62 #include <net/if.h>
63 #include <net/if_var.h>
64 #include <net/if_clone.h>
65 #include <net/if_types.h>
66 #include <net/netisr.h>
67 #include <net/route.h>
68 #include <net/bpf.h>
69 #include <net/vnet.h>
70 
71 #include <netinet/in.h>
72 #include <netinet/in_systm.h>
73 #include <netinet/ip.h>
74 #include <netinet/ip_ecn.h>
75 #ifdef	INET
76 #include <netinet/in_var.h>
77 #include <netinet/ip_var.h>
78 #endif	/* INET */
79 
80 #ifdef INET6
81 #ifndef INET
82 #include <netinet/in.h>
83 #endif
84 #include <netinet6/in6_var.h>
85 #include <netinet/ip6.h>
86 #include <netinet6/ip6_ecn.h>
87 #include <netinet6/ip6_var.h>
88 #include <netinet6/scope6_var.h>
89 #include <netinet6/ip6protosw.h>
90 #endif /* INET6 */
91 
92 #include <netinet/ip_encap.h>
93 #include <net/ethernet.h>
94 #include <net/if_bridgevar.h>
95 #include <net/if_gif.h>
96 
97 #include <security/mac/mac_framework.h>
98 
99 static const char gifname[] = "gif";
100 
101 /*
102  * gif_mtx protects a per-vnet gif_softc_list.
103  */
104 static VNET_DEFINE(struct mtx, gif_mtx);
105 #define	V_gif_mtx		VNET(gif_mtx)
106 static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface");
107 static VNET_DEFINE(LIST_HEAD(, gif_softc), gif_softc_list);
108 #define	V_gif_softc_list	VNET(gif_softc_list)
109 static struct sx gif_ioctl_sx;
110 SX_SYSINIT(gif_ioctl_sx, &gif_ioctl_sx, "gif_ioctl");
111 
112 #define	GIF_LIST_LOCK_INIT(x)		mtx_init(&V_gif_mtx, "gif_mtx", \
113 					    NULL, MTX_DEF)
114 #define	GIF_LIST_LOCK_DESTROY(x)	mtx_destroy(&V_gif_mtx)
115 #define	GIF_LIST_LOCK(x)		mtx_lock(&V_gif_mtx)
116 #define	GIF_LIST_UNLOCK(x)		mtx_unlock(&V_gif_mtx)
117 
118 void	(*ng_gif_input_p)(struct ifnet *ifp, struct mbuf **mp, int af);
119 void	(*ng_gif_input_orphan_p)(struct ifnet *ifp, struct mbuf *m, int af);
120 void	(*ng_gif_attach_p)(struct ifnet *ifp);
121 void	(*ng_gif_detach_p)(struct ifnet *ifp);
122 
123 static int	gif_check_nesting(struct ifnet *, struct mbuf *);
124 static int	gif_set_tunnel(struct ifnet *, struct sockaddr *,
125     struct sockaddr *);
126 static void	gif_delete_tunnel(struct ifnet *);
127 static int	gif_ioctl(struct ifnet *, u_long, caddr_t);
128 static int	gif_transmit(struct ifnet *, struct mbuf *);
129 static void	gif_qflush(struct ifnet *);
130 static int	gif_clone_create(struct if_clone *, int, caddr_t);
131 static void	gif_clone_destroy(struct ifnet *);
132 static VNET_DEFINE(struct if_clone *, gif_cloner);
133 #define	V_gif_cloner	VNET(gif_cloner)
134 
135 static int gifmodevent(module_t, int, void *);
136 
137 SYSCTL_DECL(_net_link);
138 static SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0,
139     "Generic Tunnel Interface");
140 #ifndef MAX_GIF_NEST
141 /*
142  * This macro controls the default upper limitation on nesting of gif tunnels.
143  * Since, setting a large value to this macro with a careless configuration
144  * may introduce system crash, we don't allow any nestings by default.
145  * If you need to configure nested gif tunnels, you can define this macro
146  * in your kernel configuration file.  However, if you do so, please be
147  * careful to configure the tunnels so that it won't make a loop.
148  */
149 #define MAX_GIF_NEST 1
150 #endif
151 static VNET_DEFINE(int, max_gif_nesting) = MAX_GIF_NEST;
152 #define	V_max_gif_nesting	VNET(max_gif_nesting)
153 SYSCTL_INT(_net_link_gif, OID_AUTO, max_nesting, CTLFLAG_VNET | CTLFLAG_RW,
154     &VNET_NAME(max_gif_nesting), 0, "Max nested tunnels");
155 
156 /*
157  * By default, we disallow creation of multiple tunnels between the same
158  * pair of addresses.  Some applications require this functionality so
159  * we allow control over this check here.
160  */
161 #ifdef XBONEHACK
162 static VNET_DEFINE(int, parallel_tunnels) = 1;
163 #else
164 static VNET_DEFINE(int, parallel_tunnels) = 0;
165 #endif
166 #define	V_parallel_tunnels	VNET(parallel_tunnels)
167 SYSCTL_INT(_net_link_gif, OID_AUTO, parallel_tunnels,
168     CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(parallel_tunnels), 0,
169     "Allow parallel tunnels?");
170 
171 static int
172 gif_clone_create(struct if_clone *ifc, int unit, caddr_t params)
173 {
174 	struct gif_softc *sc;
175 
176 	sc = malloc(sizeof(struct gif_softc), M_GIF, M_WAITOK | M_ZERO);
177 	sc->gif_fibnum = curthread->td_proc->p_fibnum;
178 	GIF2IFP(sc) = if_alloc(IFT_GIF);
179 	GIF_LOCK_INIT(sc);
180 	GIF2IFP(sc)->if_softc = sc;
181 	if_initname(GIF2IFP(sc), gifname, unit);
182 
183 	GIF2IFP(sc)->if_addrlen = 0;
184 	GIF2IFP(sc)->if_mtu    = GIF_MTU;
185 	GIF2IFP(sc)->if_flags  = IFF_POINTOPOINT | IFF_MULTICAST;
186 #if 0
187 	/* turn off ingress filter */
188 	GIF2IFP(sc)->if_flags  |= IFF_LINK2;
189 #endif
190 	GIF2IFP(sc)->if_ioctl  = gif_ioctl;
191 	GIF2IFP(sc)->if_transmit  = gif_transmit;
192 	GIF2IFP(sc)->if_qflush  = gif_qflush;
193 	GIF2IFP(sc)->if_output = gif_output;
194 	GIF2IFP(sc)->if_capabilities |= IFCAP_LINKSTATE;
195 	GIF2IFP(sc)->if_capenable |= IFCAP_LINKSTATE;
196 	if_attach(GIF2IFP(sc));
197 	bpfattach(GIF2IFP(sc), DLT_NULL, sizeof(u_int32_t));
198 	if (ng_gif_attach_p != NULL)
199 		(*ng_gif_attach_p)(GIF2IFP(sc));
200 
201 	GIF_LIST_LOCK();
202 	LIST_INSERT_HEAD(&V_gif_softc_list, sc, gif_list);
203 	GIF_LIST_UNLOCK();
204 	return (0);
205 }
206 
207 static void
208 gif_clone_destroy(struct ifnet *ifp)
209 {
210 	struct gif_softc *sc;
211 
212 	sx_xlock(&gif_ioctl_sx);
213 	sc = ifp->if_softc;
214 	gif_delete_tunnel(ifp);
215 	GIF_LIST_LOCK();
216 	LIST_REMOVE(sc, gif_list);
217 	GIF_LIST_UNLOCK();
218 	if (ng_gif_detach_p != NULL)
219 		(*ng_gif_detach_p)(ifp);
220 	bpfdetach(ifp);
221 	if_detach(ifp);
222 	ifp->if_softc = NULL;
223 	sx_xunlock(&gif_ioctl_sx);
224 
225 	if_free(ifp);
226 	GIF_LOCK_DESTROY(sc);
227 	free(sc, M_GIF);
228 }
229 
230 static void
231 vnet_gif_init(const void *unused __unused)
232 {
233 
234 	LIST_INIT(&V_gif_softc_list);
235 	GIF_LIST_LOCK_INIT();
236 	V_gif_cloner = if_clone_simple(gifname, gif_clone_create,
237 	    gif_clone_destroy, 0);
238 }
239 VNET_SYSINIT(vnet_gif_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY,
240     vnet_gif_init, NULL);
241 
242 static void
243 vnet_gif_uninit(const void *unused __unused)
244 {
245 
246 	if_clone_detach(V_gif_cloner);
247 	GIF_LIST_LOCK_DESTROY();
248 }
249 VNET_SYSUNINIT(vnet_gif_uninit, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY,
250     vnet_gif_uninit, NULL);
251 
252 static int
253 gifmodevent(module_t mod, int type, void *data)
254 {
255 
256 	switch (type) {
257 	case MOD_LOAD:
258 	case MOD_UNLOAD:
259 		break;
260 	default:
261 		return (EOPNOTSUPP);
262 	}
263 	return (0);
264 }
265 
266 static moduledata_t gif_mod = {
267 	"if_gif",
268 	gifmodevent,
269 	0
270 };
271 
272 DECLARE_MODULE(if_gif, gif_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
273 MODULE_VERSION(if_gif, 1);
274 
275 int
276 gif_encapcheck(const struct mbuf *m, int off, int proto, void *arg)
277 {
278 	GIF_RLOCK_TRACKER;
279 	const struct ip *ip;
280 	struct gif_softc *sc;
281 	int ret;
282 
283 	sc = (struct gif_softc *)arg;
284 	if (sc == NULL || (GIF2IFP(sc)->if_flags & IFF_UP) == 0)
285 		return (0);
286 
287 	ret = 0;
288 	GIF_RLOCK(sc);
289 
290 	/* no physical address */
291 	if (sc->gif_family == 0)
292 		goto done;
293 
294 	switch (proto) {
295 #ifdef INET
296 	case IPPROTO_IPV4:
297 #endif
298 #ifdef INET6
299 	case IPPROTO_IPV6:
300 #endif
301 	case IPPROTO_ETHERIP:
302 		break;
303 	default:
304 		goto done;
305 	}
306 
307 	/* Bail on short packets */
308 	M_ASSERTPKTHDR(m);
309 	if (m->m_pkthdr.len < sizeof(struct ip))
310 		goto done;
311 
312 	ip = mtod(m, const struct ip *);
313 	switch (ip->ip_v) {
314 #ifdef INET
315 	case 4:
316 		if (sc->gif_family != AF_INET)
317 			goto done;
318 		ret = in_gif_encapcheck(m, off, proto, arg);
319 		break;
320 #endif
321 #ifdef INET6
322 	case 6:
323 		if (m->m_pkthdr.len < sizeof(struct ip6_hdr))
324 			goto done;
325 		if (sc->gif_family != AF_INET6)
326 			goto done;
327 		ret = in6_gif_encapcheck(m, off, proto, arg);
328 		break;
329 #endif
330 	}
331 done:
332 	GIF_RUNLOCK(sc);
333 	return (ret);
334 }
335 
336 static int
337 gif_transmit(struct ifnet *ifp, struct mbuf *m)
338 {
339 	struct gif_softc *sc;
340 	struct etherip_header *eth;
341 #ifdef INET
342 	struct ip *ip;
343 #endif
344 #ifdef INET6
345 	struct ip6_hdr *ip6;
346 	uint32_t t;
347 #endif
348 	uint32_t af;
349 	uint8_t proto, ecn;
350 	int error;
351 
352 #ifdef MAC
353 	error = mac_ifnet_check_transmit(ifp, m);
354 	if (error) {
355 		m_freem(m);
356 		goto err;
357 	}
358 #endif
359 	error = ENETDOWN;
360 	sc = ifp->if_softc;
361 	if ((ifp->if_flags & IFF_MONITOR) != 0 ||
362 	    (ifp->if_flags & IFF_UP) == 0 ||
363 	    sc->gif_family == 0 ||
364 	    (error = gif_check_nesting(ifp, m)) != 0) {
365 		m_freem(m);
366 		goto err;
367 	}
368 	/* Now pull back the af that we stashed in the csum_data. */
369 	if (ifp->if_bridge)
370 		af = AF_LINK;
371 	else
372 		af = m->m_pkthdr.csum_data;
373 	m->m_flags &= ~(M_BCAST|M_MCAST);
374 	M_SETFIB(m, sc->gif_fibnum);
375 	BPF_MTAP2(ifp, &af, sizeof(af), m);
376 	if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1);
377 	if_inc_counter(ifp, IFCOUNTER_OBYTES, m->m_pkthdr.len);
378 	/* inner AF-specific encapsulation */
379 	ecn = 0;
380 	switch (af) {
381 #ifdef INET
382 	case AF_INET:
383 		proto = IPPROTO_IPV4;
384 		if (m->m_len < sizeof(struct ip))
385 			m = m_pullup(m, sizeof(struct ip));
386 		if (m == NULL) {
387 			error = ENOBUFS;
388 			goto err;
389 		}
390 		ip = mtod(m, struct ip *);
391 		ip_ecn_ingress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED:
392 		    ECN_NOCARE, &ecn, &ip->ip_tos);
393 		break;
394 #endif
395 #ifdef INET6
396 	case AF_INET6:
397 		proto = IPPROTO_IPV6;
398 		if (m->m_len < sizeof(struct ip6_hdr))
399 			m = m_pullup(m, sizeof(struct ip6_hdr));
400 		if (m == NULL) {
401 			error = ENOBUFS;
402 			goto err;
403 		}
404 		t = 0;
405 		ip6 = mtod(m, struct ip6_hdr *);
406 		ip6_ecn_ingress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED:
407 		    ECN_NOCARE, &t, &ip6->ip6_flow);
408 		ecn = (ntohl(t) >> 20) & 0xff;
409 		break;
410 #endif
411 	case AF_LINK:
412 		proto = IPPROTO_ETHERIP;
413 		M_PREPEND(m, sizeof(struct etherip_header), M_NOWAIT);
414 		if (m == NULL) {
415 			error = ENOBUFS;
416 			goto err;
417 		}
418 		eth = mtod(m, struct etherip_header *);
419 		eth->eip_resvh = 0;
420 		eth->eip_ver = ETHERIP_VERSION;
421 		eth->eip_resvl = 0;
422 		break;
423 	default:
424 		error = EAFNOSUPPORT;
425 		m_freem(m);
426 		goto err;
427 	}
428 	/* XXX should we check if our outer source is legal? */
429 	/* dispatch to output logic based on outer AF */
430 	switch (sc->gif_family) {
431 #ifdef INET
432 	case AF_INET:
433 		error = in_gif_output(ifp, m, proto, ecn);
434 		break;
435 #endif
436 #ifdef INET6
437 	case AF_INET6:
438 		error = in6_gif_output(ifp, m, proto, ecn);
439 		break;
440 #endif
441 	default:
442 		m_freem(m);
443 	}
444 err:
445 	if (error)
446 		if_inc_counter(ifp, IFCOUNTER_OERRORS, 1);
447 	return (error);
448 }
449 
450 static void
451 gif_qflush(struct ifnet *ifp __unused)
452 {
453 
454 }
455 
456 #define	MTAG_GIF	1080679712
457 static int
458 gif_check_nesting(struct ifnet *ifp, struct mbuf *m)
459 {
460 	struct m_tag *mtag;
461 	int count;
462 
463 	/*
464 	 * gif may cause infinite recursion calls when misconfigured.
465 	 * We'll prevent this by detecting loops.
466 	 *
467 	 * High nesting level may cause stack exhaustion.
468 	 * We'll prevent this by introducing upper limit.
469 	 */
470 	count = 1;
471 	mtag = NULL;
472 	while ((mtag = m_tag_locate(m, MTAG_GIF, 0, mtag)) != NULL) {
473 		if (*(struct ifnet **)(mtag + 1) == ifp) {
474 			log(LOG_NOTICE, "%s: loop detected\n", if_name(ifp));
475 			return (EIO);
476 		}
477 		count++;
478 	}
479 	if (count > V_max_gif_nesting) {
480 		log(LOG_NOTICE,
481 		    "%s: if_output recursively called too many times(%d)\n",
482 		    if_name(ifp), count);
483 		return (EIO);
484 	}
485 	mtag = m_tag_alloc(MTAG_GIF, 0, sizeof(struct ifnet *), M_NOWAIT);
486 	if (mtag == NULL)
487 		return (ENOMEM);
488 	*(struct ifnet **)(mtag + 1) = ifp;
489 	m_tag_prepend(m, mtag);
490 	return (0);
491 }
492 
493 int
494 gif_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst,
495 	struct route *ro)
496 {
497 	uint32_t af;
498 
499 	if (dst->sa_family == AF_UNSPEC)
500 		bcopy(dst->sa_data, &af, sizeof(af));
501 	else
502 		af = dst->sa_family;
503 	/*
504 	 * Now save the af in the inbound pkt csum data, this is a cheat since
505 	 * we are using the inbound csum_data field to carry the af over to
506 	 * the gif_transmit() routine, avoiding using yet another mtag.
507 	 */
508 	m->m_pkthdr.csum_data = af;
509 	return (ifp->if_transmit(ifp, m));
510 }
511 
512 void
513 gif_input(struct mbuf *m, struct ifnet *ifp, int proto, uint8_t ecn)
514 {
515 	struct etherip_header *eip;
516 #ifdef INET
517 	struct ip *ip;
518 #endif
519 #ifdef INET6
520 	struct ip6_hdr *ip6;
521 	uint32_t t;
522 #endif
523 	struct gif_softc *sc;
524 	struct ether_header *eh;
525 	struct ifnet *oldifp;
526 	int isr, n, af;
527 
528 	if (ifp == NULL) {
529 		/* just in case */
530 		m_freem(m);
531 		return;
532 	}
533 	sc = ifp->if_softc;
534 	m->m_pkthdr.rcvif = ifp;
535 	m_clrprotoflags(m);
536 	switch (proto) {
537 #ifdef INET
538 	case IPPROTO_IPV4:
539 		af = AF_INET;
540 		if (m->m_len < sizeof(struct ip))
541 			m = m_pullup(m, sizeof(struct ip));
542 		if (m == NULL)
543 			goto drop;
544 		ip = mtod(m, struct ip *);
545 		if (ip_ecn_egress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED:
546 		    ECN_NOCARE, &ecn, &ip->ip_tos) == 0) {
547 			m_freem(m);
548 			goto drop;
549 		}
550 		break;
551 #endif
552 #ifdef INET6
553 	case IPPROTO_IPV6:
554 		af = AF_INET6;
555 		if (m->m_len < sizeof(struct ip6_hdr))
556 			m = m_pullup(m, sizeof(struct ip6_hdr));
557 		if (m == NULL)
558 			goto drop;
559 		t = htonl((uint32_t)ecn << 20);
560 		ip6 = mtod(m, struct ip6_hdr *);
561 		if (ip6_ecn_egress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED:
562 		    ECN_NOCARE, &t, &ip6->ip6_flow) == 0) {
563 			m_freem(m);
564 			goto drop;
565 		}
566 		break;
567 #endif
568 	case IPPROTO_ETHERIP:
569 		af = AF_LINK;
570 		break;
571 	default:
572 		m_freem(m);
573 		goto drop;
574 	}
575 
576 #ifdef MAC
577 	mac_ifnet_create_mbuf(ifp, m);
578 #endif
579 
580 	if (bpf_peers_present(ifp->if_bpf)) {
581 		uint32_t af1 = af;
582 		bpf_mtap2(ifp->if_bpf, &af1, sizeof(af1), m);
583 	}
584 
585 	if ((ifp->if_flags & IFF_MONITOR) != 0) {
586 		if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1);
587 		if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);
588 		m_freem(m);
589 		return;
590 	}
591 
592 	if (ng_gif_input_p != NULL) {
593 		(*ng_gif_input_p)(ifp, &m, af);
594 		if (m == NULL)
595 			goto drop;
596 	}
597 
598 	/*
599 	 * Put the packet to the network layer input queue according to the
600 	 * specified address family.
601 	 * Note: older versions of gif_input directly called network layer
602 	 * input functions, e.g. ip6_input, here.  We changed the policy to
603 	 * prevent too many recursive calls of such input functions, which
604 	 * might cause kernel panic.  But the change may introduce another
605 	 * problem; if the input queue is full, packets are discarded.
606 	 * The kernel stack overflow really happened, and we believed
607 	 * queue-full rarely occurs, so we changed the policy.
608 	 */
609 	switch (af) {
610 #ifdef INET
611 	case AF_INET:
612 		isr = NETISR_IP;
613 		break;
614 #endif
615 #ifdef INET6
616 	case AF_INET6:
617 		isr = NETISR_IPV6;
618 		break;
619 #endif
620 	case AF_LINK:
621 		n = sizeof(struct etherip_header) + sizeof(struct ether_header);
622 		if (n > m->m_len)
623 			m = m_pullup(m, n);
624 		if (m == NULL)
625 			goto drop;
626 		eip = mtod(m, struct etherip_header *);
627 		if (eip->eip_ver != ETHERIP_VERSION) {
628 			/* discard unknown versions */
629 			m_freem(m);
630 			goto drop;
631 		}
632 		m_adj(m, sizeof(struct etherip_header));
633 
634 		m->m_flags &= ~(M_BCAST|M_MCAST);
635 		m->m_pkthdr.rcvif = ifp;
636 
637 		if (ifp->if_bridge) {
638 			oldifp = ifp;
639 			eh = mtod(m, struct ether_header *);
640 			if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
641 				if (ETHER_IS_BROADCAST(eh->ether_dhost))
642 					m->m_flags |= M_BCAST;
643 				else
644 					m->m_flags |= M_MCAST;
645 				if_inc_counter(ifp, IFCOUNTER_IMCASTS, 1);
646 			}
647 			BRIDGE_INPUT(ifp, m);
648 
649 			if (m != NULL && ifp != oldifp) {
650 				/*
651 				 * The bridge gave us back itself or one of the
652 				 * members for which the frame is addressed.
653 				 */
654 				ether_demux(ifp, m);
655 				return;
656 			}
657 		}
658 		if (m != NULL)
659 			m_freem(m);
660 		return;
661 
662 	default:
663 		if (ng_gif_input_orphan_p != NULL)
664 			(*ng_gif_input_orphan_p)(ifp, m, af);
665 		else
666 			m_freem(m);
667 		return;
668 	}
669 
670 	if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1);
671 	if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len);
672 	M_SETFIB(m, ifp->if_fib);
673 	netisr_dispatch(isr, m);
674 	return;
675 drop:
676 	if_inc_counter(ifp, IFCOUNTER_IERRORS, 1);
677 }
678 
679 /* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */
680 int
681 gif_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
682 {
683 	GIF_RLOCK_TRACKER;
684 	struct ifreq *ifr = (struct ifreq*)data;
685 	struct sockaddr *dst, *src;
686 	struct gif_softc *sc;
687 #ifdef INET
688 	struct sockaddr_in *sin = NULL;
689 #endif
690 #ifdef INET6
691 	struct sockaddr_in6 *sin6 = NULL;
692 #endif
693 	u_int options;
694 	int error;
695 
696 	switch (cmd) {
697 	case SIOCSIFADDR:
698 		ifp->if_flags |= IFF_UP;
699 	case SIOCADDMULTI:
700 	case SIOCDELMULTI:
701 	case SIOCGIFMTU:
702 	case SIOCSIFFLAGS:
703 		return (0);
704 	case SIOCSIFMTU:
705 		if (ifr->ifr_mtu < GIF_MTU_MIN ||
706 		    ifr->ifr_mtu > GIF_MTU_MAX)
707 			return (EINVAL);
708 		else
709 			ifp->if_mtu = ifr->ifr_mtu;
710 		return (0);
711 	}
712 	sx_xlock(&gif_ioctl_sx);
713 	sc = ifp->if_softc;
714 	if (sc == NULL) {
715 		error = ENXIO;
716 		goto bad;
717 	}
718 	error = 0;
719 	switch (cmd) {
720 	case SIOCSIFPHYADDR:
721 #ifdef INET6
722 	case SIOCSIFPHYADDR_IN6:
723 #endif
724 		error = EINVAL;
725 		switch (cmd) {
726 #ifdef INET
727 		case SIOCSIFPHYADDR:
728 			src = (struct sockaddr *)
729 				&(((struct in_aliasreq *)data)->ifra_addr);
730 			dst = (struct sockaddr *)
731 				&(((struct in_aliasreq *)data)->ifra_dstaddr);
732 			break;
733 #endif
734 #ifdef INET6
735 		case SIOCSIFPHYADDR_IN6:
736 			src = (struct sockaddr *)
737 				&(((struct in6_aliasreq *)data)->ifra_addr);
738 			dst = (struct sockaddr *)
739 				&(((struct in6_aliasreq *)data)->ifra_dstaddr);
740 			break;
741 #endif
742 		default:
743 			goto bad;
744 		}
745 		/* sa_family must be equal */
746 		if (src->sa_family != dst->sa_family ||
747 		    src->sa_len != dst->sa_len)
748 			goto bad;
749 
750 		/* validate sa_len */
751 		/* check sa_family looks sane for the cmd */
752 		switch (src->sa_family) {
753 #ifdef INET
754 		case AF_INET:
755 			if (src->sa_len != sizeof(struct sockaddr_in))
756 				goto bad;
757 			if (cmd != SIOCSIFPHYADDR) {
758 				error = EAFNOSUPPORT;
759 				goto bad;
760 			}
761 			if (satosin(src)->sin_addr.s_addr == INADDR_ANY ||
762 			    satosin(dst)->sin_addr.s_addr == INADDR_ANY) {
763 				error = EADDRNOTAVAIL;
764 				goto bad;
765 			}
766 			break;
767 #endif
768 #ifdef INET6
769 		case AF_INET6:
770 			if (src->sa_len != sizeof(struct sockaddr_in6))
771 				goto bad;
772 			if (cmd != SIOCSIFPHYADDR_IN6) {
773 				error = EAFNOSUPPORT;
774 				goto bad;
775 			}
776 			error = EADDRNOTAVAIL;
777 			if (IN6_IS_ADDR_UNSPECIFIED(&satosin6(src)->sin6_addr)
778 			    ||
779 			    IN6_IS_ADDR_UNSPECIFIED(&satosin6(dst)->sin6_addr))
780 				goto bad;
781 			/*
782 			 * Check validity of the scope zone ID of the
783 			 * addresses, and convert it into the kernel
784 			 * internal form if necessary.
785 			 */
786 			error = sa6_embedscope(satosin6(src), 0);
787 			if (error != 0)
788 				goto bad;
789 			error = sa6_embedscope(satosin6(dst), 0);
790 			if (error != 0)
791 				goto bad;
792 			break;
793 #endif
794 		default:
795 			error = EAFNOSUPPORT;
796 			goto bad;
797 		}
798 		error = gif_set_tunnel(ifp, src, dst);
799 		break;
800 	case SIOCDIFPHYADDR:
801 		gif_delete_tunnel(ifp);
802 		break;
803 	case SIOCGIFPSRCADDR:
804 	case SIOCGIFPDSTADDR:
805 #ifdef INET6
806 	case SIOCGIFPSRCADDR_IN6:
807 	case SIOCGIFPDSTADDR_IN6:
808 #endif
809 		if (sc->gif_family == 0) {
810 			error = EADDRNOTAVAIL;
811 			break;
812 		}
813 		GIF_RLOCK(sc);
814 		switch (cmd) {
815 #ifdef INET
816 		case SIOCGIFPSRCADDR:
817 		case SIOCGIFPDSTADDR:
818 			if (sc->gif_family != AF_INET) {
819 				error = EADDRNOTAVAIL;
820 				break;
821 			}
822 			sin = (struct sockaddr_in *)&ifr->ifr_addr;
823 			memset(sin, 0, sizeof(*sin));
824 			sin->sin_family = AF_INET;
825 			sin->sin_len = sizeof(*sin);
826 			break;
827 #endif
828 #ifdef INET6
829 		case SIOCGIFPSRCADDR_IN6:
830 		case SIOCGIFPDSTADDR_IN6:
831 			if (sc->gif_family != AF_INET6) {
832 				error = EADDRNOTAVAIL;
833 				break;
834 			}
835 			sin6 = (struct sockaddr_in6 *)
836 				&(((struct in6_ifreq *)data)->ifr_addr);
837 			memset(sin6, 0, sizeof(*sin6));
838 			sin6->sin6_family = AF_INET6;
839 			sin6->sin6_len = sizeof(*sin6);
840 			break;
841 #endif
842 		default:
843 			error = EAFNOSUPPORT;
844 		}
845 		if (error == 0) {
846 			switch (cmd) {
847 #ifdef INET
848 			case SIOCGIFPSRCADDR:
849 				sin->sin_addr = sc->gif_iphdr->ip_src;
850 				break;
851 			case SIOCGIFPDSTADDR:
852 				sin->sin_addr = sc->gif_iphdr->ip_dst;
853 				break;
854 #endif
855 #ifdef INET6
856 			case SIOCGIFPSRCADDR_IN6:
857 				sin6->sin6_addr = sc->gif_ip6hdr->ip6_src;
858 				break;
859 			case SIOCGIFPDSTADDR_IN6:
860 				sin6->sin6_addr = sc->gif_ip6hdr->ip6_dst;
861 				break;
862 #endif
863 			}
864 		}
865 		GIF_RUNLOCK(sc);
866 		if (error != 0)
867 			break;
868 		switch (cmd) {
869 #ifdef INET
870 		case SIOCGIFPSRCADDR:
871 		case SIOCGIFPDSTADDR:
872 			error = prison_if(curthread->td_ucred,
873 			    (struct sockaddr *)sin);
874 			if (error != 0)
875 				memset(sin, 0, sizeof(*sin));
876 			break;
877 #endif
878 #ifdef INET6
879 		case SIOCGIFPSRCADDR_IN6:
880 		case SIOCGIFPDSTADDR_IN6:
881 			error = prison_if(curthread->td_ucred,
882 			    (struct sockaddr *)sin6);
883 			if (error == 0)
884 				error = sa6_recoverscope(sin6);
885 			if (error != 0)
886 				memset(sin6, 0, sizeof(*sin6));
887 #endif
888 		}
889 		break;
890 	case SIOCGTUNFIB:
891 		ifr->ifr_fib = sc->gif_fibnum;
892 		break;
893 	case SIOCSTUNFIB:
894 		if ((error = priv_check(curthread, PRIV_NET_GIF)) != 0)
895 			break;
896 		if (ifr->ifr_fib >= rt_numfibs)
897 			error = EINVAL;
898 		else
899 			sc->gif_fibnum = ifr->ifr_fib;
900 		break;
901 	case GIFGOPTS:
902 		options = sc->gif_options;
903 		error = copyout(&options, ifr->ifr_data, sizeof(options));
904 		break;
905 	case GIFSOPTS:
906 		if ((error = priv_check(curthread, PRIV_NET_GIF)) != 0)
907 			break;
908 		error = copyin(ifr->ifr_data, &options, sizeof(options));
909 		if (error)
910 			break;
911 		if (options & ~GIF_OPTMASK)
912 			error = EINVAL;
913 		else
914 			sc->gif_options = options;
915 		break;
916 	default:
917 		error = EINVAL;
918 		break;
919 	}
920 bad:
921 	sx_xunlock(&gif_ioctl_sx);
922 	return (error);
923 }
924 
925 static void
926 gif_detach(struct gif_softc *sc)
927 {
928 
929 	sx_assert(&gif_ioctl_sx, SA_XLOCKED);
930 	if (sc->gif_ecookie != NULL)
931 		encap_detach(sc->gif_ecookie);
932 	sc->gif_ecookie = NULL;
933 }
934 
935 static int
936 gif_attach(struct gif_softc *sc, int af)
937 {
938 
939 	sx_assert(&gif_ioctl_sx, SA_XLOCKED);
940 	switch (af) {
941 #ifdef INET
942 	case AF_INET:
943 		return (in_gif_attach(sc));
944 #endif
945 #ifdef INET6
946 	case AF_INET6:
947 		return (in6_gif_attach(sc));
948 #endif
949 	}
950 	return (EAFNOSUPPORT);
951 }
952 
953 static int
954 gif_set_tunnel(struct ifnet *ifp, struct sockaddr *src, struct sockaddr *dst)
955 {
956 	struct gif_softc *sc = ifp->if_softc;
957 	struct gif_softc *tsc;
958 #ifdef INET
959 	struct ip *ip;
960 #endif
961 #ifdef INET6
962 	struct ip6_hdr *ip6;
963 #endif
964 	void *hdr;
965 	int error = 0;
966 
967 	if (sc == NULL)
968 		return (ENXIO);
969 	/* Disallow parallel tunnels unless instructed otherwise. */
970 	if (V_parallel_tunnels == 0) {
971 		GIF_LIST_LOCK();
972 		LIST_FOREACH(tsc, &V_gif_softc_list, gif_list) {
973 			if (tsc == sc || tsc->gif_family != src->sa_family)
974 				continue;
975 #ifdef INET
976 			if (tsc->gif_family == AF_INET &&
977 			    tsc->gif_iphdr->ip_src.s_addr ==
978 			    satosin(src)->sin_addr.s_addr &&
979 			    tsc->gif_iphdr->ip_dst.s_addr ==
980 			    satosin(dst)->sin_addr.s_addr) {
981 				error = EADDRNOTAVAIL;
982 				GIF_LIST_UNLOCK();
983 				goto bad;
984 			}
985 #endif
986 #ifdef INET6
987 			if (tsc->gif_family == AF_INET6 &&
988 			    IN6_ARE_ADDR_EQUAL(&tsc->gif_ip6hdr->ip6_src,
989 			    &satosin6(src)->sin6_addr) &&
990 			    IN6_ARE_ADDR_EQUAL(&tsc->gif_ip6hdr->ip6_dst,
991 			    &satosin6(dst)->sin6_addr)) {
992 				error = EADDRNOTAVAIL;
993 				GIF_LIST_UNLOCK();
994 				goto bad;
995 			}
996 #endif
997 		}
998 		GIF_LIST_UNLOCK();
999 	}
1000 	switch (src->sa_family) {
1001 #ifdef INET
1002 	case AF_INET:
1003 		hdr = ip = malloc(sizeof(struct ip), M_GIF,
1004 		    M_WAITOK | M_ZERO);
1005 		ip->ip_src.s_addr = satosin(src)->sin_addr.s_addr;
1006 		ip->ip_dst.s_addr = satosin(dst)->sin_addr.s_addr;
1007 		break;
1008 #endif
1009 #ifdef INET6
1010 	case AF_INET6:
1011 		hdr = ip6 = malloc(sizeof(struct ip6_hdr), M_GIF,
1012 		    M_WAITOK | M_ZERO);
1013 		ip6->ip6_src = satosin6(src)->sin6_addr;
1014 		ip6->ip6_dst = satosin6(dst)->sin6_addr;
1015 		ip6->ip6_vfc = IPV6_VERSION;
1016 		break;
1017 #endif
1018 	default:
1019 		return (EAFNOSUPPORT);
1020 	}
1021 
1022 	if (sc->gif_family != src->sa_family)
1023 		gif_detach(sc);
1024 	if (sc->gif_family == 0 ||
1025 	    sc->gif_family != src->sa_family)
1026 		error = gif_attach(sc, src->sa_family);
1027 
1028 	GIF_WLOCK(sc);
1029 	if (sc->gif_family != 0)
1030 		free(sc->gif_hdr, M_GIF);
1031 	sc->gif_family = src->sa_family;
1032 	sc->gif_hdr = hdr;
1033 	GIF_WUNLOCK(sc);
1034 #if defined(INET) || defined(INET6)
1035 bad:
1036 #endif
1037 	if (error == 0 && sc->gif_family != 0) {
1038 		ifp->if_drv_flags |= IFF_DRV_RUNNING;
1039 		if_link_state_change(ifp, LINK_STATE_UP);
1040 	} else {
1041 		ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
1042 		if_link_state_change(ifp, LINK_STATE_DOWN);
1043 	}
1044 	return (error);
1045 }
1046 
1047 static void
1048 gif_delete_tunnel(struct ifnet *ifp)
1049 {
1050 	struct gif_softc *sc = ifp->if_softc;
1051 	int family;
1052 
1053 	if (sc == NULL)
1054 		return;
1055 
1056 	GIF_WLOCK(sc);
1057 	family = sc->gif_family;
1058 	sc->gif_family = 0;
1059 	GIF_WUNLOCK(sc);
1060 	if (family != 0) {
1061 		gif_detach(sc);
1062 		free(sc->gif_hdr, M_GIF);
1063 	}
1064 	ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
1065 	if_link_state_change(ifp, LINK_STATE_DOWN);
1066 }
1067