1 /*- 2 * Copyright (c) 1998 The NetBSD Foundation, Inc. 3 * Copyright (c) 2014 Andrey V. Elsukov <ae@FreeBSD.org> 4 * All rights reserved. 5 * 6 * This code is derived from software contributed to The NetBSD Foundation 7 * by Heiko W.Rupp <hwr@pilhuhn.de> 8 * 9 * IPv6-over-GRE contributed by Gert Doering <gert@greenie.muc.de> 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 * 32 * $NetBSD: if_gre.c,v 1.49 2003/12/11 00:22:29 itojun Exp $ 33 */ 34 35 #include <sys/cdefs.h> 36 __FBSDID("$FreeBSD$"); 37 38 #include "opt_inet.h" 39 #include "opt_inet6.h" 40 41 #include <sys/param.h> 42 #include <sys/jail.h> 43 #include <sys/kernel.h> 44 #include <sys/lock.h> 45 #include <sys/libkern.h> 46 #include <sys/malloc.h> 47 #include <sys/module.h> 48 #include <sys/mbuf.h> 49 #include <sys/priv.h> 50 #include <sys/proc.h> 51 #include <sys/protosw.h> 52 #include <sys/rmlock.h> 53 #include <sys/socket.h> 54 #include <sys/sockio.h> 55 #include <sys/sx.h> 56 #include <sys/sysctl.h> 57 #include <sys/syslog.h> 58 #include <sys/systm.h> 59 60 #include <net/ethernet.h> 61 #include <net/if.h> 62 #include <net/if_var.h> 63 #include <net/if_clone.h> 64 #include <net/if_types.h> 65 #include <net/netisr.h> 66 #include <net/vnet.h> 67 #include <net/route.h> 68 69 #include <netinet/in.h> 70 #ifdef INET 71 #include <netinet/in_systm.h> 72 #include <netinet/in_var.h> 73 #include <netinet/ip.h> 74 #include <netinet/ip_var.h> 75 #endif 76 77 #ifdef INET6 78 #include <netinet/ip6.h> 79 #include <netinet6/in6_var.h> 80 #include <netinet6/ip6_var.h> 81 #include <netinet6/scope6_var.h> 82 #endif 83 84 #include <netinet/ip_encap.h> 85 #include <net/bpf.h> 86 #include <net/if_gre.h> 87 88 #include <machine/in_cksum.h> 89 #include <security/mac/mac_framework.h> 90 91 #define GREMTU 1476 92 static const char grename[] = "gre"; 93 static MALLOC_DEFINE(M_GRE, grename, "Generic Routing Encapsulation"); 94 static VNET_DEFINE(struct mtx, gre_mtx); 95 #define V_gre_mtx VNET(gre_mtx) 96 #define GRE_LIST_LOCK_INIT(x) mtx_init(&V_gre_mtx, "gre_mtx", NULL, \ 97 MTX_DEF) 98 #define GRE_LIST_LOCK_DESTROY(x) mtx_destroy(&V_gre_mtx) 99 #define GRE_LIST_LOCK(x) mtx_lock(&V_gre_mtx) 100 #define GRE_LIST_UNLOCK(x) mtx_unlock(&V_gre_mtx) 101 102 static VNET_DEFINE(LIST_HEAD(, gre_softc), gre_softc_list); 103 #define V_gre_softc_list VNET(gre_softc_list) 104 static struct sx gre_ioctl_sx; 105 SX_SYSINIT(gre_ioctl_sx, &gre_ioctl_sx, "gre_ioctl"); 106 107 static int gre_clone_create(struct if_clone *, int, caddr_t); 108 static void gre_clone_destroy(struct ifnet *); 109 static VNET_DEFINE(struct if_clone *, gre_cloner); 110 #define V_gre_cloner VNET(gre_cloner) 111 112 static void gre_qflush(struct ifnet *); 113 static int gre_transmit(struct ifnet *, struct mbuf *); 114 static int gre_ioctl(struct ifnet *, u_long, caddr_t); 115 static int gre_output(struct ifnet *, struct mbuf *, 116 const struct sockaddr *, struct route *); 117 118 static void gre_updatehdr(struct gre_softc *); 119 static int gre_set_tunnel(struct ifnet *, struct sockaddr *, 120 struct sockaddr *); 121 static void gre_delete_tunnel(struct ifnet *); 122 123 SYSCTL_DECL(_net_link); 124 static SYSCTL_NODE(_net_link, IFT_TUNNEL, gre, CTLFLAG_RW, 0, 125 "Generic Routing Encapsulation"); 126 #ifndef MAX_GRE_NEST 127 /* 128 * This macro controls the default upper limitation on nesting of gre tunnels. 129 * Since, setting a large value to this macro with a careless configuration 130 * may introduce system crash, we don't allow any nestings by default. 131 * If you need to configure nested gre tunnels, you can define this macro 132 * in your kernel configuration file. However, if you do so, please be 133 * careful to configure the tunnels so that it won't make a loop. 134 */ 135 #define MAX_GRE_NEST 1 136 #endif 137 138 static VNET_DEFINE(int, max_gre_nesting) = MAX_GRE_NEST; 139 #define V_max_gre_nesting VNET(max_gre_nesting) 140 SYSCTL_INT(_net_link_gre, OID_AUTO, max_nesting, CTLFLAG_RW | CTLFLAG_VNET, 141 &VNET_NAME(max_gre_nesting), 0, "Max nested tunnels"); 142 143 static void 144 vnet_gre_init(const void *unused __unused) 145 { 146 LIST_INIT(&V_gre_softc_list); 147 GRE_LIST_LOCK_INIT(); 148 V_gre_cloner = if_clone_simple(grename, gre_clone_create, 149 gre_clone_destroy, 0); 150 } 151 VNET_SYSINIT(vnet_gre_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY, 152 vnet_gre_init, NULL); 153 154 static void 155 vnet_gre_uninit(const void *unused __unused) 156 { 157 158 if_clone_detach(V_gre_cloner); 159 GRE_LIST_LOCK_DESTROY(); 160 } 161 VNET_SYSUNINIT(vnet_gre_uninit, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY, 162 vnet_gre_uninit, NULL); 163 164 static int 165 gre_clone_create(struct if_clone *ifc, int unit, caddr_t params) 166 { 167 struct gre_softc *sc; 168 169 sc = malloc(sizeof(struct gre_softc), M_GRE, M_WAITOK | M_ZERO); 170 sc->gre_fibnum = curthread->td_proc->p_fibnum; 171 GRE2IFP(sc) = if_alloc(IFT_TUNNEL); 172 GRE_LOCK_INIT(sc); 173 GRE2IFP(sc)->if_softc = sc; 174 if_initname(GRE2IFP(sc), grename, unit); 175 176 GRE2IFP(sc)->if_mtu = GREMTU; 177 GRE2IFP(sc)->if_flags = IFF_POINTOPOINT|IFF_MULTICAST; 178 GRE2IFP(sc)->if_output = gre_output; 179 GRE2IFP(sc)->if_ioctl = gre_ioctl; 180 GRE2IFP(sc)->if_transmit = gre_transmit; 181 GRE2IFP(sc)->if_qflush = gre_qflush; 182 GRE2IFP(sc)->if_capabilities |= IFCAP_LINKSTATE; 183 GRE2IFP(sc)->if_capenable |= IFCAP_LINKSTATE; 184 if_attach(GRE2IFP(sc)); 185 bpfattach(GRE2IFP(sc), DLT_NULL, sizeof(u_int32_t)); 186 GRE_LIST_LOCK(); 187 LIST_INSERT_HEAD(&V_gre_softc_list, sc, gre_list); 188 GRE_LIST_UNLOCK(); 189 return (0); 190 } 191 192 static void 193 gre_clone_destroy(struct ifnet *ifp) 194 { 195 struct gre_softc *sc; 196 197 sx_xlock(&gre_ioctl_sx); 198 sc = ifp->if_softc; 199 gre_delete_tunnel(ifp); 200 GRE_LIST_LOCK(); 201 LIST_REMOVE(sc, gre_list); 202 GRE_LIST_UNLOCK(); 203 bpfdetach(ifp); 204 if_detach(ifp); 205 ifp->if_softc = NULL; 206 sx_xunlock(&gre_ioctl_sx); 207 208 if_free(ifp); 209 GRE_LOCK_DESTROY(sc); 210 free(sc, M_GRE); 211 } 212 213 static int 214 gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 215 { 216 GRE_RLOCK_TRACKER; 217 struct ifreq *ifr = (struct ifreq *)data; 218 struct sockaddr *src, *dst; 219 struct gre_softc *sc; 220 #ifdef INET 221 struct sockaddr_in *sin = NULL; 222 #endif 223 #ifdef INET6 224 struct sockaddr_in6 *sin6 = NULL; 225 #endif 226 uint32_t opt; 227 int error; 228 229 switch (cmd) { 230 case SIOCSIFMTU: 231 /* XXX: */ 232 if (ifr->ifr_mtu < 576) 233 return (EINVAL); 234 ifp->if_mtu = ifr->ifr_mtu; 235 return (0); 236 case SIOCSIFADDR: 237 ifp->if_flags |= IFF_UP; 238 case SIOCSIFFLAGS: 239 case SIOCADDMULTI: 240 case SIOCDELMULTI: 241 return (0); 242 case GRESADDRS: 243 case GRESADDRD: 244 case GREGADDRS: 245 case GREGADDRD: 246 case GRESPROTO: 247 case GREGPROTO: 248 return (EOPNOTSUPP); 249 } 250 src = dst = NULL; 251 sx_xlock(&gre_ioctl_sx); 252 sc = ifp->if_softc; 253 if (sc == NULL) { 254 error = ENXIO; 255 goto end; 256 } 257 error = 0; 258 switch (cmd) { 259 case SIOCSIFPHYADDR: 260 #ifdef INET6 261 case SIOCSIFPHYADDR_IN6: 262 #endif 263 error = EINVAL; 264 switch (cmd) { 265 #ifdef INET 266 case SIOCSIFPHYADDR: 267 src = (struct sockaddr *) 268 &(((struct in_aliasreq *)data)->ifra_addr); 269 dst = (struct sockaddr *) 270 &(((struct in_aliasreq *)data)->ifra_dstaddr); 271 break; 272 #endif 273 #ifdef INET6 274 case SIOCSIFPHYADDR_IN6: 275 src = (struct sockaddr *) 276 &(((struct in6_aliasreq *)data)->ifra_addr); 277 dst = (struct sockaddr *) 278 &(((struct in6_aliasreq *)data)->ifra_dstaddr); 279 break; 280 #endif 281 default: 282 error = EAFNOSUPPORT; 283 goto end; 284 } 285 /* sa_family must be equal */ 286 if (src->sa_family != dst->sa_family || 287 src->sa_len != dst->sa_len) 288 goto end; 289 290 /* validate sa_len */ 291 switch (src->sa_family) { 292 #ifdef INET 293 case AF_INET: 294 if (src->sa_len != sizeof(struct sockaddr_in)) 295 goto end; 296 break; 297 #endif 298 #ifdef INET6 299 case AF_INET6: 300 if (src->sa_len != sizeof(struct sockaddr_in6)) 301 goto end; 302 break; 303 #endif 304 default: 305 error = EAFNOSUPPORT; 306 goto end; 307 } 308 /* check sa_family looks sane for the cmd */ 309 error = EAFNOSUPPORT; 310 switch (cmd) { 311 #ifdef INET 312 case SIOCSIFPHYADDR: 313 if (src->sa_family == AF_INET) 314 break; 315 goto end; 316 #endif 317 #ifdef INET6 318 case SIOCSIFPHYADDR_IN6: 319 if (src->sa_family == AF_INET6) 320 break; 321 goto end; 322 #endif 323 } 324 error = EADDRNOTAVAIL; 325 switch (src->sa_family) { 326 #ifdef INET 327 case AF_INET: 328 if (satosin(src)->sin_addr.s_addr == INADDR_ANY || 329 satosin(dst)->sin_addr.s_addr == INADDR_ANY) 330 goto end; 331 break; 332 #endif 333 #ifdef INET6 334 case AF_INET6: 335 if (IN6_IS_ADDR_UNSPECIFIED(&satosin6(src)->sin6_addr) 336 || 337 IN6_IS_ADDR_UNSPECIFIED(&satosin6(dst)->sin6_addr)) 338 goto end; 339 /* 340 * Check validity of the scope zone ID of the 341 * addresses, and convert it into the kernel 342 * internal form if necessary. 343 */ 344 error = sa6_embedscope(satosin6(src), 0); 345 if (error != 0) 346 goto end; 347 error = sa6_embedscope(satosin6(dst), 0); 348 if (error != 0) 349 goto end; 350 #endif 351 } 352 error = gre_set_tunnel(ifp, src, dst); 353 break; 354 case SIOCDIFPHYADDR: 355 gre_delete_tunnel(ifp); 356 break; 357 case SIOCGIFPSRCADDR: 358 case SIOCGIFPDSTADDR: 359 #ifdef INET6 360 case SIOCGIFPSRCADDR_IN6: 361 case SIOCGIFPDSTADDR_IN6: 362 #endif 363 if (sc->gre_family == 0) { 364 error = EADDRNOTAVAIL; 365 break; 366 } 367 GRE_RLOCK(sc); 368 switch (cmd) { 369 #ifdef INET 370 case SIOCGIFPSRCADDR: 371 case SIOCGIFPDSTADDR: 372 if (sc->gre_family != AF_INET) { 373 error = EADDRNOTAVAIL; 374 break; 375 } 376 sin = (struct sockaddr_in *)&ifr->ifr_addr; 377 memset(sin, 0, sizeof(*sin)); 378 sin->sin_family = AF_INET; 379 sin->sin_len = sizeof(*sin); 380 break; 381 #endif 382 #ifdef INET6 383 case SIOCGIFPSRCADDR_IN6: 384 case SIOCGIFPDSTADDR_IN6: 385 if (sc->gre_family != AF_INET6) { 386 error = EADDRNOTAVAIL; 387 break; 388 } 389 sin6 = (struct sockaddr_in6 *) 390 &(((struct in6_ifreq *)data)->ifr_addr); 391 memset(sin6, 0, sizeof(*sin6)); 392 sin6->sin6_family = AF_INET6; 393 sin6->sin6_len = sizeof(*sin6); 394 break; 395 #endif 396 } 397 if (error == 0) { 398 switch (cmd) { 399 #ifdef INET 400 case SIOCGIFPSRCADDR: 401 sin->sin_addr = sc->gre_oip.ip_src; 402 break; 403 case SIOCGIFPDSTADDR: 404 sin->sin_addr = sc->gre_oip.ip_dst; 405 break; 406 #endif 407 #ifdef INET6 408 case SIOCGIFPSRCADDR_IN6: 409 sin6->sin6_addr = sc->gre_oip6.ip6_src; 410 break; 411 case SIOCGIFPDSTADDR_IN6: 412 sin6->sin6_addr = sc->gre_oip6.ip6_dst; 413 break; 414 #endif 415 } 416 } 417 GRE_RUNLOCK(sc); 418 if (error != 0) 419 break; 420 switch (cmd) { 421 #ifdef INET 422 case SIOCGIFPSRCADDR: 423 case SIOCGIFPDSTADDR: 424 error = prison_if(curthread->td_ucred, 425 (struct sockaddr *)sin); 426 if (error != 0) 427 memset(sin, 0, sizeof(*sin)); 428 break; 429 #endif 430 #ifdef INET6 431 case SIOCGIFPSRCADDR_IN6: 432 case SIOCGIFPDSTADDR_IN6: 433 error = prison_if(curthread->td_ucred, 434 (struct sockaddr *)sin6); 435 if (error == 0) 436 error = sa6_recoverscope(sin6); 437 if (error != 0) 438 memset(sin6, 0, sizeof(*sin6)); 439 #endif 440 } 441 break; 442 case SIOCGTUNFIB: 443 ifr->ifr_fib = sc->gre_fibnum; 444 break; 445 case SIOCSTUNFIB: 446 if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0) 447 break; 448 if (ifr->ifr_fib >= rt_numfibs) 449 error = EINVAL; 450 else 451 sc->gre_fibnum = ifr->ifr_fib; 452 break; 453 case GRESKEY: 454 if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0) 455 break; 456 if ((error = copyin(ifr->ifr_data, &opt, sizeof(opt))) != 0) 457 break; 458 if (sc->gre_key != opt) { 459 GRE_WLOCK(sc); 460 sc->gre_key = opt; 461 gre_updatehdr(sc); 462 GRE_WUNLOCK(sc); 463 } 464 break; 465 case GREGKEY: 466 error = copyout(&sc->gre_key, ifr->ifr_data, 467 sizeof(sc->gre_key)); 468 break; 469 case GRESOPTS: 470 if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0) 471 break; 472 if ((error = copyin(ifr->ifr_data, &opt, sizeof(opt))) != 0) 473 break; 474 if (opt & ~GRE_OPTMASK) 475 error = EINVAL; 476 else { 477 if (sc->gre_options != opt) { 478 GRE_WLOCK(sc); 479 sc->gre_options = opt; 480 gre_updatehdr(sc); 481 GRE_WUNLOCK(sc); 482 } 483 } 484 break; 485 486 case GREGOPTS: 487 error = copyout(&sc->gre_options, ifr->ifr_data, 488 sizeof(sc->gre_options)); 489 break; 490 default: 491 error = EINVAL; 492 break; 493 } 494 end: 495 sx_xunlock(&gre_ioctl_sx); 496 return (error); 497 } 498 499 static void 500 gre_updatehdr(struct gre_softc *sc) 501 { 502 struct grehdr *gh = NULL; 503 uint32_t *opts; 504 uint16_t flags; 505 506 GRE_WLOCK_ASSERT(sc); 507 switch (sc->gre_family) { 508 #ifdef INET 509 case AF_INET: 510 sc->gre_hlen = sizeof(struct greip); 511 sc->gre_oip.ip_v = IPPROTO_IPV4; 512 sc->gre_oip.ip_hl = sizeof(struct ip) >> 2; 513 sc->gre_oip.ip_p = IPPROTO_GRE; 514 gh = &sc->gre_gihdr->gi_gre; 515 break; 516 #endif 517 #ifdef INET6 518 case AF_INET6: 519 sc->gre_hlen = sizeof(struct greip6); 520 sc->gre_oip6.ip6_vfc = IPV6_VERSION; 521 sc->gre_oip6.ip6_nxt = IPPROTO_GRE; 522 gh = &sc->gre_gi6hdr->gi6_gre; 523 break; 524 #endif 525 default: 526 return; 527 } 528 flags = 0; 529 opts = gh->gre_opts; 530 if (sc->gre_options & GRE_ENABLE_CSUM) { 531 flags |= GRE_FLAGS_CP; 532 sc->gre_hlen += 2 * sizeof(uint16_t); 533 *opts++ = 0; 534 } 535 if (sc->gre_key != 0) { 536 flags |= GRE_FLAGS_KP; 537 sc->gre_hlen += sizeof(uint32_t); 538 *opts++ = htonl(sc->gre_key); 539 } 540 if (sc->gre_options & GRE_ENABLE_SEQ) { 541 flags |= GRE_FLAGS_SP; 542 sc->gre_hlen += sizeof(uint32_t); 543 *opts++ = 0; 544 } else 545 sc->gre_oseq = 0; 546 gh->gre_flags = htons(flags); 547 } 548 549 static void 550 gre_detach(struct gre_softc *sc) 551 { 552 553 sx_assert(&gre_ioctl_sx, SA_XLOCKED); 554 if (sc->gre_ecookie != NULL) 555 encap_detach(sc->gre_ecookie); 556 sc->gre_ecookie = NULL; 557 } 558 559 static int 560 gre_set_tunnel(struct ifnet *ifp, struct sockaddr *src, 561 struct sockaddr *dst) 562 { 563 struct gre_softc *sc, *tsc; 564 #ifdef INET6 565 struct ip6_hdr *ip6; 566 #endif 567 #ifdef INET 568 struct ip *ip; 569 #endif 570 void *hdr; 571 int error; 572 573 sx_assert(&gre_ioctl_sx, SA_XLOCKED); 574 GRE_LIST_LOCK(); 575 sc = ifp->if_softc; 576 LIST_FOREACH(tsc, &V_gre_softc_list, gre_list) { 577 if (tsc == sc || tsc->gre_family != src->sa_family) 578 continue; 579 #ifdef INET 580 if (tsc->gre_family == AF_INET && 581 tsc->gre_oip.ip_src.s_addr == 582 satosin(src)->sin_addr.s_addr && 583 tsc->gre_oip.ip_dst.s_addr == 584 satosin(dst)->sin_addr.s_addr) { 585 GRE_LIST_UNLOCK(); 586 return (EADDRNOTAVAIL); 587 } 588 #endif 589 #ifdef INET6 590 if (tsc->gre_family == AF_INET6 && 591 IN6_ARE_ADDR_EQUAL(&tsc->gre_oip6.ip6_src, 592 &satosin6(src)->sin6_addr) && 593 IN6_ARE_ADDR_EQUAL(&tsc->gre_oip6.ip6_dst, 594 &satosin6(dst)->sin6_addr)) { 595 GRE_LIST_UNLOCK(); 596 return (EADDRNOTAVAIL); 597 } 598 #endif 599 } 600 GRE_LIST_UNLOCK(); 601 602 switch (src->sa_family) { 603 #ifdef INET 604 case AF_INET: 605 hdr = ip = malloc(sizeof(struct greip) + 606 3 * sizeof(uint32_t), M_GRE, M_WAITOK | M_ZERO); 607 ip->ip_src = satosin(src)->sin_addr; 608 ip->ip_dst = satosin(dst)->sin_addr; 609 break; 610 #endif 611 #ifdef INET6 612 case AF_INET6: 613 hdr = ip6 = malloc(sizeof(struct greip6) + 614 3 * sizeof(uint32_t), M_GRE, M_WAITOK | M_ZERO); 615 ip6->ip6_src = satosin6(src)->sin6_addr; 616 ip6->ip6_dst = satosin6(dst)->sin6_addr; 617 break; 618 #endif 619 default: 620 return (EAFNOSUPPORT); 621 } 622 if (sc->gre_family != 0) 623 gre_detach(sc); 624 GRE_WLOCK(sc); 625 if (sc->gre_family != 0) 626 free(sc->gre_hdr, M_GRE); 627 sc->gre_family = src->sa_family; 628 sc->gre_hdr = hdr; 629 sc->gre_oseq = 0; 630 sc->gre_iseq = UINT32_MAX; 631 gre_updatehdr(sc); 632 GRE_WUNLOCK(sc); 633 634 error = 0; 635 switch (src->sa_family) { 636 #ifdef INET 637 case AF_INET: 638 error = in_gre_attach(sc); 639 break; 640 #endif 641 #ifdef INET6 642 case AF_INET6: 643 error = in6_gre_attach(sc); 644 break; 645 #endif 646 } 647 if (error == 0) { 648 ifp->if_drv_flags |= IFF_DRV_RUNNING; 649 if_link_state_change(ifp, LINK_STATE_UP); 650 } 651 return (error); 652 } 653 654 static void 655 gre_delete_tunnel(struct ifnet *ifp) 656 { 657 struct gre_softc *sc = ifp->if_softc; 658 int family; 659 660 GRE_WLOCK(sc); 661 family = sc->gre_family; 662 sc->gre_family = 0; 663 GRE_WUNLOCK(sc); 664 if (family != 0) { 665 gre_detach(sc); 666 free(sc->gre_hdr, M_GRE); 667 } 668 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 669 if_link_state_change(ifp, LINK_STATE_DOWN); 670 } 671 672 int 673 gre_input(struct mbuf **mp, int *offp, int proto) 674 { 675 struct gre_softc *sc; 676 struct grehdr *gh; 677 struct ifnet *ifp; 678 struct mbuf *m; 679 uint32_t *opts; 680 #ifdef notyet 681 uint32_t key; 682 #endif 683 uint16_t flags; 684 int hlen, isr, af; 685 686 m = *mp; 687 sc = encap_getarg(m); 688 KASSERT(sc != NULL, ("encap_getarg returned NULL")); 689 690 ifp = GRE2IFP(sc); 691 hlen = *offp + sizeof(struct grehdr) + 4 * sizeof(uint32_t); 692 if (m->m_pkthdr.len < hlen) 693 goto drop; 694 if (m->m_len < hlen) { 695 m = m_pullup(m, hlen); 696 if (m == NULL) 697 goto drop; 698 } 699 gh = (struct grehdr *)mtodo(m, *offp); 700 flags = ntohs(gh->gre_flags); 701 if (flags & ~GRE_FLAGS_MASK) 702 goto drop; 703 opts = gh->gre_opts; 704 hlen = 2 * sizeof(uint16_t); 705 if (flags & GRE_FLAGS_CP) { 706 /* reserved1 field must be zero */ 707 if (((uint16_t *)opts)[1] != 0) 708 goto drop; 709 if (in_cksum_skip(m, m->m_pkthdr.len, *offp) != 0) 710 goto drop; 711 hlen += 2 * sizeof(uint16_t); 712 opts++; 713 } 714 if (flags & GRE_FLAGS_KP) { 715 #ifdef notyet 716 /* 717 * XXX: The current implementation uses the key only for outgoing 718 * packets. But we can check the key value here, or even in the 719 * encapcheck function. 720 */ 721 key = ntohl(*opts); 722 #endif 723 hlen += sizeof(uint32_t); 724 opts++; 725 } 726 #ifdef notyet 727 } else 728 key = 0; 729 730 if (sc->gre_key != 0 && (key != sc->gre_key || key != 0)) 731 goto drop; 732 #endif 733 if (flags & GRE_FLAGS_SP) { 734 #ifdef notyet 735 seq = ntohl(*opts); 736 #endif 737 hlen += sizeof(uint32_t); 738 } 739 switch (ntohs(gh->gre_proto)) { 740 case ETHERTYPE_WCCP: 741 /* 742 * For WCCP skip an additional 4 bytes if after GRE header 743 * doesn't follow an IP header. 744 */ 745 if (flags == 0 && (*(uint8_t *)gh->gre_opts & 0xF0) != 0x40) 746 hlen += sizeof(uint32_t); 747 /* FALLTHROUGH */ 748 case ETHERTYPE_IP: 749 isr = NETISR_IP; 750 af = AF_INET; 751 break; 752 case ETHERTYPE_IPV6: 753 isr = NETISR_IPV6; 754 af = AF_INET6; 755 break; 756 default: 757 goto drop; 758 } 759 m_adj(m, *offp + hlen); 760 m_clrprotoflags(m); 761 m->m_pkthdr.rcvif = ifp; 762 M_SETFIB(m, ifp->if_fib); 763 #ifdef MAC 764 mac_ifnet_create_mbuf(ifp, m); 765 #endif 766 BPF_MTAP2(ifp, &af, sizeof(af), m); 767 if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1); 768 if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len); 769 if ((ifp->if_flags & IFF_MONITOR) != 0) 770 m_freem(m); 771 else 772 netisr_dispatch(isr, m); 773 return (IPPROTO_DONE); 774 drop: 775 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 776 m_freem(m); 777 return (IPPROTO_DONE); 778 } 779 780 #define MTAG_GRE 1307983903 781 static int 782 gre_check_nesting(struct ifnet *ifp, struct mbuf *m) 783 { 784 struct m_tag *mtag; 785 int count; 786 787 count = 1; 788 mtag = NULL; 789 while ((mtag = m_tag_locate(m, MTAG_GRE, 0, mtag)) != NULL) { 790 if (*(struct ifnet **)(mtag + 1) == ifp) { 791 log(LOG_NOTICE, "%s: loop detected\n", ifp->if_xname); 792 return (EIO); 793 } 794 count++; 795 } 796 if (count > V_max_gre_nesting) { 797 log(LOG_NOTICE, 798 "%s: if_output recursively called too many times(%d)\n", 799 ifp->if_xname, count); 800 return (EIO); 801 } 802 mtag = m_tag_alloc(MTAG_GRE, 0, sizeof(struct ifnet *), M_NOWAIT); 803 if (mtag == NULL) 804 return (ENOMEM); 805 *(struct ifnet **)(mtag + 1) = ifp; 806 m_tag_prepend(m, mtag); 807 return (0); 808 } 809 810 static int 811 gre_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, 812 struct route *ro) 813 { 814 uint32_t af; 815 int error; 816 817 #ifdef MAC 818 error = mac_ifnet_check_transmit(ifp, m); 819 if (error != 0) 820 goto drop; 821 #endif 822 if ((ifp->if_flags & IFF_MONITOR) != 0 || 823 (ifp->if_flags & IFF_UP) == 0) { 824 error = ENETDOWN; 825 goto drop; 826 } 827 828 error = gre_check_nesting(ifp, m); 829 if (error != 0) 830 goto drop; 831 832 m->m_flags &= ~(M_BCAST|M_MCAST); 833 if (dst->sa_family == AF_UNSPEC) 834 bcopy(dst->sa_data, &af, sizeof(af)); 835 else 836 af = dst->sa_family; 837 BPF_MTAP2(ifp, &af, sizeof(af), m); 838 m->m_pkthdr.csum_data = af; /* save af for if_transmit */ 839 return (ifp->if_transmit(ifp, m)); 840 drop: 841 m_freem(m); 842 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 843 return (error); 844 } 845 846 static void 847 gre_setseqn(struct grehdr *gh, uint32_t seq) 848 { 849 uint32_t *opts; 850 uint16_t flags; 851 852 opts = gh->gre_opts; 853 flags = ntohs(gh->gre_flags); 854 KASSERT((flags & GRE_FLAGS_SP) != 0, 855 ("gre_setseqn called, but GRE_FLAGS_SP isn't set ")); 856 if (flags & GRE_FLAGS_CP) 857 opts++; 858 if (flags & GRE_FLAGS_KP) 859 opts++; 860 *opts = htonl(seq); 861 } 862 863 static int 864 gre_transmit(struct ifnet *ifp, struct mbuf *m) 865 { 866 GRE_RLOCK_TRACKER; 867 struct gre_softc *sc; 868 struct grehdr *gh; 869 uint32_t iaf, oaf, oseq; 870 int error, hlen, olen, plen; 871 int want_seq, want_csum; 872 873 plen = 0; 874 sc = ifp->if_softc; 875 if (sc == NULL) { 876 error = ENETDOWN; 877 m_freem(m); 878 goto drop; 879 } 880 GRE_RLOCK(sc); 881 if (sc->gre_family == 0) { 882 GRE_RUNLOCK(sc); 883 error = ENETDOWN; 884 m_freem(m); 885 goto drop; 886 } 887 iaf = m->m_pkthdr.csum_data; 888 oaf = sc->gre_family; 889 hlen = sc->gre_hlen; 890 want_seq = (sc->gre_options & GRE_ENABLE_SEQ) != 0; 891 if (want_seq) 892 oseq = sc->gre_oseq++; /* XXX */ 893 else 894 oseq = 0; /* Make compiler happy. */ 895 want_csum = (sc->gre_options & GRE_ENABLE_CSUM) != 0; 896 M_SETFIB(m, sc->gre_fibnum); 897 M_PREPEND(m, hlen, M_NOWAIT); 898 if (m == NULL) { 899 GRE_RUNLOCK(sc); 900 error = ENOBUFS; 901 goto drop; 902 } 903 bcopy(sc->gre_hdr, mtod(m, void *), hlen); 904 GRE_RUNLOCK(sc); 905 switch (oaf) { 906 #ifdef INET 907 case AF_INET: 908 olen = sizeof(struct ip); 909 break; 910 #endif 911 #ifdef INET6 912 case AF_INET6: 913 olen = sizeof(struct ip6_hdr); 914 break; 915 #endif 916 default: 917 error = ENETDOWN; 918 goto drop; 919 } 920 gh = (struct grehdr *)mtodo(m, olen); 921 switch (iaf) { 922 #ifdef INET 923 case AF_INET: 924 gh->gre_proto = htons(ETHERTYPE_IP); 925 break; 926 #endif 927 #ifdef INET6 928 case AF_INET6: 929 gh->gre_proto = htons(ETHERTYPE_IPV6); 930 break; 931 #endif 932 default: 933 error = ENETDOWN; 934 goto drop; 935 } 936 if (want_seq) 937 gre_setseqn(gh, oseq); 938 if (want_csum) { 939 *(uint16_t *)gh->gre_opts = in_cksum_skip(m, 940 m->m_pkthdr.len, olen); 941 } 942 plen = m->m_pkthdr.len - hlen; 943 switch (oaf) { 944 #ifdef INET 945 case AF_INET: 946 error = in_gre_output(m, iaf, hlen); 947 break; 948 #endif 949 #ifdef INET6 950 case AF_INET6: 951 error = in6_gre_output(m, iaf, hlen); 952 break; 953 #endif 954 default: 955 m_freem(m); 956 error = ENETDOWN; 957 } 958 drop: 959 if (error) 960 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 961 else { 962 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 963 if_inc_counter(ifp, IFCOUNTER_OBYTES, plen); 964 } 965 return (error); 966 } 967 968 static void 969 gre_qflush(struct ifnet *ifp __unused) 970 { 971 972 } 973 974 static int 975 gremodevent(module_t mod, int type, void *data) 976 { 977 978 switch (type) { 979 case MOD_LOAD: 980 case MOD_UNLOAD: 981 break; 982 default: 983 return (EOPNOTSUPP); 984 } 985 return (0); 986 } 987 988 static moduledata_t gre_mod = { 989 "if_gre", 990 gremodevent, 991 0 992 }; 993 994 DECLARE_MODULE(if_gre, gre_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 995 MODULE_VERSION(if_gre, 1); 996