1 /*- 2 * Copyright (c) 1998 The NetBSD Foundation, Inc. 3 * Copyright (c) 2014 Andrey V. Elsukov <ae@FreeBSD.org> 4 * All rights reserved. 5 * 6 * This code is derived from software contributed to The NetBSD Foundation 7 * by Heiko W.Rupp <hwr@pilhuhn.de> 8 * 9 * IPv6-over-GRE contributed by Gert Doering <gert@greenie.muc.de> 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 * 32 * $NetBSD: if_gre.c,v 1.49 2003/12/11 00:22:29 itojun Exp $ 33 */ 34 35 #include <sys/cdefs.h> 36 __FBSDID("$FreeBSD$"); 37 38 #include "opt_inet.h" 39 #include "opt_inet6.h" 40 41 #include <sys/param.h> 42 #include <sys/jail.h> 43 #include <sys/kernel.h> 44 #include <sys/lock.h> 45 #include <sys/libkern.h> 46 #include <sys/malloc.h> 47 #include <sys/module.h> 48 #include <sys/mbuf.h> 49 #include <sys/priv.h> 50 #include <sys/proc.h> 51 #include <sys/protosw.h> 52 #include <sys/rmlock.h> 53 #include <sys/socket.h> 54 #include <sys/sockio.h> 55 #include <sys/sx.h> 56 #include <sys/sysctl.h> 57 #include <sys/syslog.h> 58 #include <sys/systm.h> 59 60 #include <net/ethernet.h> 61 #include <net/if.h> 62 #include <net/if_var.h> 63 #include <net/if_clone.h> 64 #include <net/if_types.h> 65 #include <net/netisr.h> 66 #include <net/vnet.h> 67 68 #include <netinet/in.h> 69 #ifdef INET 70 #include <netinet/in_systm.h> 71 #include <netinet/in_var.h> 72 #include <netinet/ip.h> 73 #include <netinet/ip_var.h> 74 #endif 75 76 #ifdef INET6 77 #include <netinet/ip6.h> 78 #include <netinet6/in6_var.h> 79 #include <netinet6/ip6_var.h> 80 #include <netinet6/scope6_var.h> 81 #endif 82 83 #include <netinet/ip_encap.h> 84 #include <net/bpf.h> 85 #include <net/if_gre.h> 86 87 #include <machine/in_cksum.h> 88 #include <security/mac/mac_framework.h> 89 90 #define GREMTU 1500 91 static const char grename[] = "gre"; 92 static MALLOC_DEFINE(M_GRE, grename, "Generic Routing Encapsulation"); 93 static VNET_DEFINE(struct mtx, gre_mtx); 94 #define V_gre_mtx VNET(gre_mtx) 95 #define GRE_LIST_LOCK_INIT(x) mtx_init(&V_gre_mtx, "gre_mtx", NULL, \ 96 MTX_DEF) 97 #define GRE_LIST_LOCK_DESTROY(x) mtx_destroy(&V_gre_mtx) 98 #define GRE_LIST_LOCK(x) mtx_lock(&V_gre_mtx) 99 #define GRE_LIST_UNLOCK(x) mtx_unlock(&V_gre_mtx) 100 101 static VNET_DEFINE(LIST_HEAD(, gre_softc), gre_softc_list); 102 #define V_gre_softc_list VNET(gre_softc_list) 103 static struct sx gre_ioctl_sx; 104 SX_SYSINIT(gre_ioctl_sx, &gre_ioctl_sx, "gre_ioctl"); 105 106 static int gre_clone_create(struct if_clone *, int, caddr_t); 107 static void gre_clone_destroy(struct ifnet *); 108 static VNET_DEFINE(struct if_clone *, gre_cloner); 109 #define V_gre_cloner VNET(gre_cloner) 110 111 static void gre_qflush(struct ifnet *); 112 static int gre_transmit(struct ifnet *, struct mbuf *); 113 static int gre_ioctl(struct ifnet *, u_long, caddr_t); 114 static int gre_output(struct ifnet *, struct mbuf *, 115 const struct sockaddr *, struct route *); 116 117 static void gre_updatehdr(struct gre_softc *); 118 static int gre_set_tunnel(struct ifnet *, struct sockaddr *, 119 struct sockaddr *); 120 static void gre_delete_tunnel(struct ifnet *); 121 122 int gre_input(struct mbuf **, int *, int); 123 #ifdef INET 124 extern int in_gre_attach(struct gre_softc *); 125 extern int in_gre_output(struct mbuf *, int, int); 126 #endif 127 #ifdef INET6 128 extern int in6_gre_attach(struct gre_softc *); 129 extern int in6_gre_output(struct mbuf *, int, int); 130 #endif 131 132 SYSCTL_DECL(_net_link); 133 static SYSCTL_NODE(_net_link, IFT_TUNNEL, gre, CTLFLAG_RW, 0, 134 "Generic Routing Encapsulation"); 135 #ifndef MAX_GRE_NEST 136 /* 137 * This macro controls the default upper limitation on nesting of gre tunnels. 138 * Since, setting a large value to this macro with a careless configuration 139 * may introduce system crash, we don't allow any nestings by default. 140 * If you need to configure nested gre tunnels, you can define this macro 141 * in your kernel configuration file. However, if you do so, please be 142 * careful to configure the tunnels so that it won't make a loop. 143 */ 144 #define MAX_GRE_NEST 1 145 #endif 146 147 static VNET_DEFINE(int, max_gre_nesting) = MAX_GRE_NEST; 148 #define V_max_gre_nesting VNET(max_gre_nesting) 149 SYSCTL_INT(_net_link_gre, OID_AUTO, max_nesting, CTLFLAG_RW | CTLFLAG_VNET, 150 &VNET_NAME(max_gre_nesting), 0, "Max nested tunnels"); 151 152 static void 153 vnet_gre_init(const void *unused __unused) 154 { 155 LIST_INIT(&V_gre_softc_list); 156 GRE_LIST_LOCK_INIT(); 157 V_gre_cloner = if_clone_simple(grename, gre_clone_create, 158 gre_clone_destroy, 0); 159 } 160 VNET_SYSINIT(vnet_gre_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY, 161 vnet_gre_init, NULL); 162 163 static void 164 vnet_gre_uninit(const void *unused __unused) 165 { 166 167 if_clone_detach(V_gre_cloner); 168 GRE_LIST_LOCK_DESTROY(); 169 } 170 VNET_SYSUNINIT(vnet_gre_uninit, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY, 171 vnet_gre_uninit, NULL); 172 173 static int 174 gre_clone_create(struct if_clone *ifc, int unit, caddr_t params) 175 { 176 struct gre_softc *sc; 177 178 sc = malloc(sizeof(struct gre_softc), M_GRE, M_WAITOK | M_ZERO); 179 sc->gre_fibnum = curthread->td_proc->p_fibnum; 180 GRE2IFP(sc) = if_alloc(IFT_TUNNEL); 181 GRE_LOCK_INIT(sc); 182 GRE2IFP(sc)->if_softc = sc; 183 if_initname(GRE2IFP(sc), grename, unit); 184 185 GRE2IFP(sc)->if_mtu = sc->gre_mtu = GREMTU; 186 GRE2IFP(sc)->if_flags = IFF_POINTOPOINT|IFF_MULTICAST; 187 GRE2IFP(sc)->if_output = gre_output; 188 GRE2IFP(sc)->if_ioctl = gre_ioctl; 189 GRE2IFP(sc)->if_transmit = gre_transmit; 190 GRE2IFP(sc)->if_qflush = gre_qflush; 191 if_attach(GRE2IFP(sc)); 192 bpfattach(GRE2IFP(sc), DLT_NULL, sizeof(u_int32_t)); 193 GRE_LIST_LOCK(); 194 LIST_INSERT_HEAD(&V_gre_softc_list, sc, gre_list); 195 GRE_LIST_UNLOCK(); 196 return (0); 197 } 198 199 static void 200 gre_clone_destroy(struct ifnet *ifp) 201 { 202 struct gre_softc *sc; 203 204 sx_xlock(&gre_ioctl_sx); 205 sc = ifp->if_softc; 206 gre_delete_tunnel(ifp); 207 GRE_LIST_LOCK(); 208 LIST_REMOVE(sc, gre_list); 209 GRE_LIST_UNLOCK(); 210 bpfdetach(ifp); 211 if_detach(ifp); 212 ifp->if_softc = NULL; 213 sx_xunlock(&gre_ioctl_sx); 214 215 if_free(ifp); 216 GRE_LOCK_DESTROY(sc); 217 free(sc, M_GRE); 218 } 219 220 static int 221 gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 222 { 223 GRE_RLOCK_TRACKER; 224 struct ifreq *ifr = (struct ifreq *)data; 225 struct sockaddr *src, *dst; 226 struct gre_softc *sc; 227 #ifdef INET 228 struct sockaddr_in *sin = NULL; 229 #endif 230 #ifdef INET6 231 struct sockaddr_in6 *sin6 = NULL; 232 #endif 233 uint32_t opt; 234 int error; 235 236 switch (cmd) { 237 case SIOCSIFMTU: 238 /* XXX: */ 239 if (ifr->ifr_mtu < 576) 240 return (EINVAL); 241 break; 242 case SIOCSIFADDR: 243 ifp->if_flags |= IFF_UP; 244 case SIOCSIFFLAGS: 245 case SIOCADDMULTI: 246 case SIOCDELMULTI: 247 return (0); 248 case GRESADDRS: 249 case GRESADDRD: 250 case GREGADDRS: 251 case GREGADDRD: 252 case GRESPROTO: 253 case GREGPROTO: 254 return (EOPNOTSUPP); 255 } 256 src = dst = NULL; 257 sx_xlock(&gre_ioctl_sx); 258 sc = ifp->if_softc; 259 if (sc == NULL) { 260 error = ENXIO; 261 goto end; 262 } 263 error = 0; 264 switch (cmd) { 265 case SIOCSIFMTU: 266 GRE_WLOCK(sc); 267 sc->gre_mtu = ifr->ifr_mtu; 268 gre_updatehdr(sc); 269 GRE_WUNLOCK(sc); 270 goto end; 271 case SIOCSIFPHYADDR: 272 #ifdef INET6 273 case SIOCSIFPHYADDR_IN6: 274 #endif 275 error = EINVAL; 276 switch (cmd) { 277 #ifdef INET 278 case SIOCSIFPHYADDR: 279 src = (struct sockaddr *) 280 &(((struct in_aliasreq *)data)->ifra_addr); 281 dst = (struct sockaddr *) 282 &(((struct in_aliasreq *)data)->ifra_dstaddr); 283 break; 284 #endif 285 #ifdef INET6 286 case SIOCSIFPHYADDR_IN6: 287 src = (struct sockaddr *) 288 &(((struct in6_aliasreq *)data)->ifra_addr); 289 dst = (struct sockaddr *) 290 &(((struct in6_aliasreq *)data)->ifra_dstaddr); 291 break; 292 #endif 293 default: 294 error = EAFNOSUPPORT; 295 goto end; 296 } 297 /* sa_family must be equal */ 298 if (src->sa_family != dst->sa_family || 299 src->sa_len != dst->sa_len) 300 goto end; 301 302 /* validate sa_len */ 303 switch (src->sa_family) { 304 #ifdef INET 305 case AF_INET: 306 if (src->sa_len != sizeof(struct sockaddr_in)) 307 goto end; 308 break; 309 #endif 310 #ifdef INET6 311 case AF_INET6: 312 if (src->sa_len != sizeof(struct sockaddr_in6)) 313 goto end; 314 break; 315 #endif 316 default: 317 error = EAFNOSUPPORT; 318 goto end; 319 } 320 /* check sa_family looks sane for the cmd */ 321 error = EAFNOSUPPORT; 322 switch (cmd) { 323 #ifdef INET 324 case SIOCSIFPHYADDR: 325 if (src->sa_family == AF_INET) 326 break; 327 goto end; 328 #endif 329 #ifdef INET6 330 case SIOCSIFPHYADDR_IN6: 331 if (src->sa_family == AF_INET6) 332 break; 333 goto end; 334 #endif 335 } 336 error = EADDRNOTAVAIL; 337 switch (src->sa_family) { 338 #ifdef INET 339 case AF_INET: 340 if (satosin(src)->sin_addr.s_addr == INADDR_ANY || 341 satosin(dst)->sin_addr.s_addr == INADDR_ANY) 342 goto end; 343 break; 344 #endif 345 #ifdef INET6 346 case AF_INET6: 347 if (IN6_IS_ADDR_UNSPECIFIED(&satosin6(src)->sin6_addr) 348 || 349 IN6_IS_ADDR_UNSPECIFIED(&satosin6(dst)->sin6_addr)) 350 goto end; 351 /* 352 * Check validity of the scope zone ID of the 353 * addresses, and convert it into the kernel 354 * internal form if necessary. 355 */ 356 error = sa6_embedscope(satosin6(src), 0); 357 if (error != 0) 358 goto end; 359 error = sa6_embedscope(satosin6(dst), 0); 360 if (error != 0) 361 goto end; 362 #endif 363 }; 364 error = gre_set_tunnel(ifp, src, dst); 365 break; 366 case SIOCDIFPHYADDR: 367 gre_delete_tunnel(ifp); 368 break; 369 case SIOCGIFPSRCADDR: 370 case SIOCGIFPDSTADDR: 371 #ifdef INET6 372 case SIOCGIFPSRCADDR_IN6: 373 case SIOCGIFPDSTADDR_IN6: 374 #endif 375 if (sc->gre_family == 0) { 376 error = EADDRNOTAVAIL; 377 break; 378 } 379 GRE_RLOCK(sc); 380 switch (cmd) { 381 #ifdef INET 382 case SIOCGIFPSRCADDR: 383 case SIOCGIFPDSTADDR: 384 if (sc->gre_family != AF_INET) { 385 error = EADDRNOTAVAIL; 386 break; 387 } 388 sin = (struct sockaddr_in *)&ifr->ifr_addr; 389 memset(sin, 0, sizeof(*sin)); 390 sin->sin_family = AF_INET; 391 sin->sin_len = sizeof(*sin); 392 break; 393 #endif 394 #ifdef INET6 395 case SIOCGIFPSRCADDR_IN6: 396 case SIOCGIFPDSTADDR_IN6: 397 if (sc->gre_family != AF_INET6) { 398 error = EADDRNOTAVAIL; 399 break; 400 } 401 sin6 = (struct sockaddr_in6 *) 402 &(((struct in6_ifreq *)data)->ifr_addr); 403 memset(sin6, 0, sizeof(*sin6)); 404 sin6->sin6_family = AF_INET6; 405 sin6->sin6_len = sizeof(*sin6); 406 break; 407 #endif 408 } 409 if (error == 0) { 410 switch (cmd) { 411 #ifdef INET 412 case SIOCGIFPSRCADDR: 413 sin->sin_addr = sc->gre_oip.ip_src; 414 break; 415 case SIOCGIFPDSTADDR: 416 sin->sin_addr = sc->gre_oip.ip_dst; 417 break; 418 #endif 419 #ifdef INET6 420 case SIOCGIFPSRCADDR_IN6: 421 sin6->sin6_addr = sc->gre_oip6.ip6_src; 422 break; 423 case SIOCGIFPDSTADDR_IN6: 424 sin6->sin6_addr = sc->gre_oip6.ip6_dst; 425 break; 426 #endif 427 } 428 } 429 GRE_RUNLOCK(sc); 430 if (error != 0) 431 break; 432 switch (cmd) { 433 #ifdef INET 434 case SIOCGIFPSRCADDR: 435 case SIOCGIFPDSTADDR: 436 error = prison_if(curthread->td_ucred, 437 (struct sockaddr *)sin); 438 if (error != 0) 439 memset(sin, 0, sizeof(*sin)); 440 break; 441 #endif 442 #ifdef INET6 443 case SIOCGIFPSRCADDR_IN6: 444 case SIOCGIFPDSTADDR_IN6: 445 error = prison_if(curthread->td_ucred, 446 (struct sockaddr *)sin6); 447 if (error == 0) 448 error = sa6_recoverscope(sin6); 449 if (error != 0) 450 memset(sin6, 0, sizeof(*sin6)); 451 #endif 452 } 453 break; 454 case GRESKEY: 455 if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0) 456 break; 457 if ((error = copyin(ifr->ifr_data, &opt, sizeof(opt))) != 0) 458 break; 459 if (sc->gre_key != opt) { 460 GRE_WLOCK(sc); 461 sc->gre_key = opt; 462 gre_updatehdr(sc); 463 GRE_WUNLOCK(sc); 464 } 465 break; 466 case GREGKEY: 467 error = copyout(&sc->gre_key, ifr->ifr_data, sizeof(sc->gre_key)); 468 break; 469 case GRESOPTS: 470 if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0) 471 break; 472 if ((error = copyin(ifr->ifr_data, &opt, sizeof(opt))) != 0) 473 break; 474 if (opt & ~GRE_OPTMASK) 475 error = EINVAL; 476 else { 477 if (sc->gre_options != opt) { 478 GRE_WLOCK(sc); 479 sc->gre_options = opt; 480 gre_updatehdr(sc); 481 GRE_WUNLOCK(sc); 482 } 483 } 484 break; 485 486 case GREGOPTS: 487 error = copyout(&sc->gre_options, ifr->ifr_data, 488 sizeof(sc->gre_options)); 489 break; 490 default: 491 error = EINVAL; 492 break; 493 } 494 end: 495 sx_xunlock(&gre_ioctl_sx); 496 return (error); 497 } 498 499 static void 500 gre_updatehdr(struct gre_softc *sc) 501 { 502 struct grehdr *gh = NULL; 503 uint32_t *opts; 504 uint16_t flags; 505 506 GRE_WLOCK_ASSERT(sc); 507 switch (sc->gre_family) { 508 #ifdef INET 509 case AF_INET: 510 sc->gre_hlen = sizeof(struct greip); 511 sc->gre_oip.ip_v = IPPROTO_IPV4; 512 sc->gre_oip.ip_hl = sizeof(struct ip) >> 2; 513 sc->gre_oip.ip_p = IPPROTO_GRE; 514 gh = &sc->gre_gihdr->gi_gre; 515 break; 516 #endif 517 #ifdef INET6 518 case AF_INET6: 519 sc->gre_hlen = sizeof(struct greip6); 520 sc->gre_oip6.ip6_vfc = IPV6_VERSION; 521 sc->gre_oip6.ip6_nxt = IPPROTO_GRE; 522 gh = &sc->gre_gi6hdr->gi6_gre; 523 break; 524 #endif 525 default: 526 return; 527 } 528 flags = 0; 529 opts = gh->gre_opts; 530 if (sc->gre_options & GRE_ENABLE_CSUM) { 531 flags |= GRE_FLAGS_CP; 532 sc->gre_hlen += 2 * sizeof(uint16_t); 533 *opts++ = 0; 534 } 535 if (sc->gre_key != 0) { 536 flags |= GRE_FLAGS_KP; 537 sc->gre_hlen += sizeof(uint32_t); 538 *opts++ = htonl(sc->gre_key); 539 } 540 if (sc->gre_options & GRE_ENABLE_SEQ) { 541 flags |= GRE_FLAGS_SP; 542 sc->gre_hlen += sizeof(uint32_t); 543 *opts++ = 0; 544 } else 545 sc->gre_oseq = 0; 546 gh->gre_flags = htons(flags); 547 GRE2IFP(sc)->if_mtu = sc->gre_mtu - sc->gre_hlen; 548 } 549 550 static void 551 gre_detach(struct gre_softc *sc) 552 { 553 554 sx_assert(&gre_ioctl_sx, SA_XLOCKED); 555 if (sc->gre_ecookie != NULL) 556 encap_detach(sc->gre_ecookie); 557 sc->gre_ecookie = NULL; 558 } 559 560 static int 561 gre_set_tunnel(struct ifnet *ifp, struct sockaddr *src, 562 struct sockaddr *dst) 563 { 564 struct gre_softc *sc, *tsc; 565 #ifdef INET6 566 struct ip6_hdr *ip6; 567 #endif 568 #ifdef INET 569 struct ip *ip; 570 #endif 571 void *hdr; 572 int error; 573 574 sx_assert(&gre_ioctl_sx, SA_XLOCKED); 575 GRE_LIST_LOCK(); 576 sc = ifp->if_softc; 577 LIST_FOREACH(tsc, &V_gre_softc_list, gre_list) { 578 if (tsc == sc || tsc->gre_family != src->sa_family) 579 continue; 580 #ifdef INET 581 if (tsc->gre_family == AF_INET && 582 tsc->gre_oip.ip_src.s_addr == 583 satosin(src)->sin_addr.s_addr && 584 tsc->gre_oip.ip_dst.s_addr == 585 satosin(dst)->sin_addr.s_addr) { 586 GRE_LIST_UNLOCK(); 587 return (EADDRNOTAVAIL); 588 } 589 #endif 590 #ifdef INET6 591 if (tsc->gre_family == AF_INET6 && 592 IN6_ARE_ADDR_EQUAL(&tsc->gre_oip6.ip6_src, 593 &satosin6(src)->sin6_addr) && 594 IN6_ARE_ADDR_EQUAL(&tsc->gre_oip6.ip6_dst, 595 &satosin6(dst)->sin6_addr)) { 596 GRE_LIST_UNLOCK(); 597 return (EADDRNOTAVAIL); 598 } 599 #endif 600 } 601 GRE_LIST_UNLOCK(); 602 603 switch (src->sa_family) { 604 #ifdef INET 605 case AF_INET: 606 hdr = ip = malloc(sizeof(struct greip) + 607 3 * sizeof(uint32_t), M_GRE, M_WAITOK | M_ZERO); 608 ip->ip_src = satosin(src)->sin_addr; 609 ip->ip_dst = satosin(dst)->sin_addr; 610 break; 611 #endif 612 #ifdef INET6 613 case AF_INET6: 614 hdr = ip6 = malloc(sizeof(struct greip6) + 615 3 * sizeof(uint32_t), M_GRE, M_WAITOK | M_ZERO); 616 ip6->ip6_src = satosin6(src)->sin6_addr; 617 ip6->ip6_dst = satosin6(dst)->sin6_addr; 618 break; 619 #endif 620 default: 621 return (EAFNOSUPPORT); 622 } 623 if (sc->gre_family != src->sa_family) 624 gre_detach(sc); 625 GRE_WLOCK(sc); 626 if (sc->gre_family != 0) 627 free(sc->gre_hdr, M_GRE); 628 sc->gre_family = src->sa_family; 629 sc->gre_hdr = hdr; 630 sc->gre_oseq = 0; 631 sc->gre_iseq = UINT32_MAX; 632 gre_updatehdr(sc); 633 GRE_WUNLOCK(sc); 634 635 error = 0; 636 switch (src->sa_family) { 637 #ifdef INET 638 case AF_INET: 639 error = in_gre_attach(sc); 640 break; 641 #endif 642 #ifdef INET6 643 case AF_INET6: 644 error = in6_gre_attach(sc); 645 break; 646 #endif 647 } 648 if (error == 0) 649 ifp->if_drv_flags |= IFF_DRV_RUNNING; 650 return (error); 651 } 652 653 static void 654 gre_delete_tunnel(struct ifnet *ifp) 655 { 656 struct gre_softc *sc = ifp->if_softc; 657 int family; 658 659 GRE_WLOCK(sc); 660 family = sc->gre_family; 661 sc->gre_family = 0; 662 GRE_WUNLOCK(sc); 663 if (family != 0) { 664 gre_detach(sc); 665 free(sc->gre_hdr, M_GRE); 666 } 667 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 668 } 669 670 int 671 gre_input(struct mbuf **mp, int *offp, int proto) 672 { 673 struct gre_softc *sc; 674 struct grehdr *gh; 675 struct ifnet *ifp; 676 struct mbuf *m; 677 uint32_t *opts, key; 678 uint16_t flags; 679 int hlen, isr, af; 680 681 m = *mp; 682 sc = encap_getarg(m); 683 KASSERT(sc != NULL, ("encap_getarg returned NULL")); 684 685 ifp = GRE2IFP(sc); 686 gh = (struct grehdr *)mtodo(m, *offp); 687 flags = ntohs(gh->gre_flags); 688 if (flags & ~GRE_FLAGS_MASK) 689 goto drop; 690 opts = gh->gre_opts; 691 hlen = 2 * sizeof(uint16_t); 692 if (flags & GRE_FLAGS_CP) { 693 /* reserved1 field must be zero */ 694 if (((uint16_t *)opts)[1] != 0) 695 goto drop; 696 if (in_cksum_skip(m, m->m_pkthdr.len, *offp) != 0) 697 goto drop; 698 hlen += 2 * sizeof(uint16_t); 699 opts++; 700 } 701 if (flags & GRE_FLAGS_KP) { 702 key = ntohl(*opts); 703 hlen += sizeof(uint32_t); 704 opts++; 705 } else 706 key = 0; 707 /* 708 if (sc->gre_key != 0 && (key != sc->gre_key || key != 0)) 709 goto drop; 710 */ 711 if (flags & GRE_FLAGS_SP) { 712 /* seq = ntohl(*opts); */ 713 hlen += sizeof(uint32_t); 714 } 715 switch (ntohs(gh->gre_proto)) { 716 case ETHERTYPE_WCCP: 717 /* 718 * For WCCP skip an additional 4 bytes if after GRE header 719 * doesn't follow an IP header. 720 */ 721 if (flags == 0 && (*(uint8_t *)gh->gre_opts & 0xF0) != 0x40) 722 hlen += sizeof(uint32_t); 723 /* FALLTHROUGH */ 724 case ETHERTYPE_IP: 725 isr = NETISR_IP; 726 af = AF_INET; 727 break; 728 case ETHERTYPE_IPV6: 729 isr = NETISR_IPV6; 730 af = AF_INET6; 731 break; 732 default: 733 goto drop; 734 } 735 m_adj(m, *offp + hlen); 736 m_clrprotoflags(m); 737 m->m_pkthdr.rcvif = ifp; 738 M_SETFIB(m, sc->gre_fibnum); 739 #ifdef MAC 740 mac_ifnet_create_mbuf(ifp, m); 741 #endif 742 BPF_MTAP2(ifp, &af, sizeof(af), m); 743 if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1); 744 if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len); 745 if ((ifp->if_flags & IFF_MONITOR) != 0) 746 m_freem(m); 747 else 748 netisr_dispatch(isr, m); 749 return (IPPROTO_DONE); 750 drop: 751 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 752 m_freem(m); 753 return (IPPROTO_DONE); 754 } 755 756 #define MTAG_GRE 1307983903 757 static int 758 gre_check_nesting(struct ifnet *ifp, struct mbuf *m) 759 { 760 struct m_tag *mtag; 761 int count; 762 763 count = 1; 764 mtag = NULL; 765 while ((mtag = m_tag_locate(m, MTAG_GRE, 0, NULL)) != NULL) { 766 if (*(struct ifnet **)(mtag + 1) == ifp) { 767 log(LOG_NOTICE, "%s: loop detected\n", ifp->if_xname); 768 return (EIO); 769 } 770 count++; 771 } 772 if (count > V_max_gre_nesting) { 773 log(LOG_NOTICE, 774 "%s: if_output recursively called too many times(%d)\n", 775 ifp->if_xname, count); 776 return (EIO); 777 } 778 mtag = m_tag_alloc(MTAG_GRE, 0, sizeof(struct ifnet *), M_NOWAIT); 779 if (mtag == NULL) 780 return (ENOMEM); 781 *(struct ifnet **)(mtag + 1) = ifp; 782 m_tag_prepend(m, mtag); 783 return (0); 784 } 785 786 static int 787 gre_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, 788 struct route *ro) 789 { 790 uint32_t af; 791 int error; 792 793 #ifdef MAC 794 error = mac_ifnet_check_transmit(ifp, m); 795 if (error != 0) 796 goto drop; 797 #endif 798 if ((ifp->if_flags & IFF_MONITOR) != 0 || 799 (ifp->if_flags & IFF_UP) == 0) { 800 error = ENETDOWN; 801 goto drop; 802 } 803 804 error = gre_check_nesting(ifp, m); 805 if (error != 0) 806 goto drop; 807 808 m->m_flags &= ~(M_BCAST|M_MCAST); 809 if (dst->sa_family == AF_UNSPEC) 810 bcopy(dst->sa_data, &af, sizeof(af)); 811 else 812 af = dst->sa_family; 813 BPF_MTAP2(ifp, &af, sizeof(af), m); 814 m->m_pkthdr.csum_data = af; /* save af for if_transmit */ 815 return (ifp->if_transmit(ifp, m)); 816 drop: 817 m_freem(m); 818 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 819 return (error); 820 } 821 822 static void 823 gre_setseqn(struct grehdr *gh, uint32_t seq) 824 { 825 uint32_t *opts; 826 uint16_t flags; 827 828 opts = gh->gre_opts; 829 flags = ntohs(gh->gre_flags); 830 KASSERT((flags & GRE_FLAGS_SP) != 0, 831 ("gre_setseqn called, but GRE_FLAGS_SP isn't set ")); 832 if (flags & GRE_FLAGS_CP) 833 opts++; 834 if (flags & GRE_FLAGS_KP) 835 opts++; 836 *opts = htonl(seq); 837 } 838 839 static int 840 gre_transmit(struct ifnet *ifp, struct mbuf *m) 841 { 842 GRE_RLOCK_TRACKER; 843 struct gre_softc *sc; 844 struct grehdr *gh; 845 uint32_t iaf, oaf, oseq; 846 int error, hlen, olen, plen; 847 int want_seq, want_csum; 848 849 plen = 0; 850 sc = ifp->if_softc; 851 if (sc == NULL) { 852 error = ENETDOWN; 853 m_freem(m); 854 goto drop; 855 } 856 GRE_RLOCK(sc); 857 if (sc->gre_family == 0) { 858 GRE_RUNLOCK(sc); 859 error = ENETDOWN; 860 m_freem(m); 861 goto drop; 862 } 863 iaf = m->m_pkthdr.csum_data; 864 oaf = sc->gre_family; 865 hlen = sc->gre_hlen; 866 want_seq = (sc->gre_options & GRE_ENABLE_SEQ) != 0; 867 if (want_seq) 868 oseq = sc->gre_oseq++; /* XXX */ 869 else 870 oseq = 0; /* Make compiler happy. */ 871 want_csum = (sc->gre_options & GRE_ENABLE_CSUM) != 0; 872 M_SETFIB(m, sc->gre_fibnum); 873 M_PREPEND(m, hlen, M_NOWAIT); 874 if (m == NULL) { 875 GRE_RUNLOCK(sc); 876 error = ENOBUFS; 877 goto drop; 878 } 879 bcopy(sc->gre_hdr, mtod(m, void *), hlen); 880 GRE_RUNLOCK(sc); 881 switch (oaf) { 882 #ifdef INET 883 case AF_INET: 884 olen = sizeof(struct ip); 885 break; 886 #endif 887 #ifdef INET6 888 case AF_INET6: 889 olen = sizeof(struct ip6_hdr); 890 break; 891 #endif 892 default: 893 error = ENETDOWN; 894 goto drop; 895 } 896 gh = (struct grehdr *)mtodo(m, olen); 897 switch (iaf) { 898 #ifdef INET 899 case AF_INET: 900 gh->gre_proto = htons(ETHERTYPE_IP); 901 break; 902 #endif 903 #ifdef INET6 904 case AF_INET6: 905 gh->gre_proto = htons(ETHERTYPE_IPV6); 906 break; 907 #endif 908 default: 909 error = ENETDOWN; 910 goto drop; 911 } 912 if (want_seq) 913 gre_setseqn(gh, oseq); 914 if (want_csum) { 915 *(uint16_t *)gh->gre_opts = in_cksum_skip(m, 916 m->m_pkthdr.len, olen); 917 } 918 plen = m->m_pkthdr.len - hlen; 919 switch (oaf) { 920 #ifdef INET 921 case AF_INET: 922 error = in_gre_output(m, iaf, hlen); 923 break; 924 #endif 925 #ifdef INET6 926 case AF_INET6: 927 error = in6_gre_output(m, iaf, hlen); 928 break; 929 #endif 930 default: 931 m_freem(m); 932 error = ENETDOWN; 933 }; 934 drop: 935 if (error) 936 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 937 else { 938 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 939 if_inc_counter(ifp, IFCOUNTER_OBYTES, plen); 940 } 941 return (error); 942 } 943 944 static void 945 gre_qflush(struct ifnet *ifp __unused) 946 { 947 948 } 949 950 static int 951 gremodevent(module_t mod, int type, void *data) 952 { 953 954 switch (type) { 955 case MOD_LOAD: 956 case MOD_UNLOAD: 957 break; 958 default: 959 return (EOPNOTSUPP); 960 } 961 return (0); 962 } 963 964 static moduledata_t gre_mod = { 965 "if_gre", 966 gremodevent, 967 0 968 }; 969 970 DECLARE_MODULE(if_gre, gre_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 971 MODULE_VERSION(if_gre, 1); 972