1 /*- 2 * Copyright (c) 1998 The NetBSD Foundation, Inc. 3 * Copyright (c) 2014 Andrey V. Elsukov <ae@FreeBSD.org> 4 * All rights reserved. 5 * 6 * This code is derived from software contributed to The NetBSD Foundation 7 * by Heiko W.Rupp <hwr@pilhuhn.de> 8 * 9 * IPv6-over-GRE contributed by Gert Doering <gert@greenie.muc.de> 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 * 32 * $NetBSD: if_gre.c,v 1.49 2003/12/11 00:22:29 itojun Exp $ 33 */ 34 35 #include <sys/cdefs.h> 36 __FBSDID("$FreeBSD$"); 37 38 #include "opt_inet.h" 39 #include "opt_inet6.h" 40 41 #include <sys/param.h> 42 #include <sys/jail.h> 43 #include <sys/kernel.h> 44 #include <sys/lock.h> 45 #include <sys/libkern.h> 46 #include <sys/malloc.h> 47 #include <sys/module.h> 48 #include <sys/mbuf.h> 49 #include <sys/priv.h> 50 #include <sys/proc.h> 51 #include <sys/protosw.h> 52 #include <sys/rmlock.h> 53 #include <sys/socket.h> 54 #include <sys/sockio.h> 55 #include <sys/sx.h> 56 #include <sys/sysctl.h> 57 #include <sys/syslog.h> 58 #include <sys/systm.h> 59 60 #include <net/ethernet.h> 61 #include <net/if.h> 62 #include <net/if_var.h> 63 #include <net/if_clone.h> 64 #include <net/if_types.h> 65 #include <net/netisr.h> 66 #include <net/vnet.h> 67 68 #include <netinet/in.h> 69 #ifdef INET 70 #include <netinet/in_systm.h> 71 #include <netinet/in_var.h> 72 #include <netinet/ip.h> 73 #include <netinet/ip_var.h> 74 #endif 75 76 #ifdef INET6 77 #include <netinet/ip6.h> 78 #include <netinet6/in6_var.h> 79 #include <netinet6/ip6_var.h> 80 #include <netinet6/scope6_var.h> 81 #endif 82 83 #include <netinet/ip_encap.h> 84 #include <net/bpf.h> 85 #include <net/if_gre.h> 86 87 #include <machine/in_cksum.h> 88 #include <security/mac/mac_framework.h> 89 90 #define GREMTU 1500 91 static const char grename[] = "gre"; 92 static MALLOC_DEFINE(M_GRE, grename, "Generic Routing Encapsulation"); 93 static VNET_DEFINE(struct mtx, gre_mtx); 94 #define V_gre_mtx VNET(gre_mtx) 95 #define GRE_LIST_LOCK_INIT(x) mtx_init(&V_gre_mtx, "gre_mtx", NULL, \ 96 MTX_DEF) 97 #define GRE_LIST_LOCK_DESTROY(x) mtx_destroy(&V_gre_mtx) 98 #define GRE_LIST_LOCK(x) mtx_lock(&V_gre_mtx) 99 #define GRE_LIST_UNLOCK(x) mtx_unlock(&V_gre_mtx) 100 101 static VNET_DEFINE(LIST_HEAD(, gre_softc), gre_softc_list); 102 #define V_gre_softc_list VNET(gre_softc_list) 103 static struct sx gre_ioctl_sx; 104 SX_SYSINIT(gre_ioctl_sx, &gre_ioctl_sx, "gre_ioctl"); 105 106 static int gre_clone_create(struct if_clone *, int, caddr_t); 107 static void gre_clone_destroy(struct ifnet *); 108 static VNET_DEFINE(struct if_clone *, gre_cloner); 109 #define V_gre_cloner VNET(gre_cloner) 110 111 static void gre_qflush(struct ifnet *); 112 static int gre_transmit(struct ifnet *, struct mbuf *); 113 static int gre_ioctl(struct ifnet *, u_long, caddr_t); 114 static int gre_output(struct ifnet *, struct mbuf *, 115 const struct sockaddr *, struct route *); 116 117 static void gre_updatehdr(struct gre_softc *); 118 static int gre_set_tunnel(struct ifnet *, struct sockaddr *, 119 struct sockaddr *); 120 static void gre_delete_tunnel(struct ifnet *); 121 122 SYSCTL_DECL(_net_link); 123 static SYSCTL_NODE(_net_link, IFT_TUNNEL, gre, CTLFLAG_RW, 0, 124 "Generic Routing Encapsulation"); 125 #ifndef MAX_GRE_NEST 126 /* 127 * This macro controls the default upper limitation on nesting of gre tunnels. 128 * Since, setting a large value to this macro with a careless configuration 129 * may introduce system crash, we don't allow any nestings by default. 130 * If you need to configure nested gre tunnels, you can define this macro 131 * in your kernel configuration file. However, if you do so, please be 132 * careful to configure the tunnels so that it won't make a loop. 133 */ 134 #define MAX_GRE_NEST 1 135 #endif 136 137 static VNET_DEFINE(int, max_gre_nesting) = MAX_GRE_NEST; 138 #define V_max_gre_nesting VNET(max_gre_nesting) 139 SYSCTL_INT(_net_link_gre, OID_AUTO, max_nesting, CTLFLAG_RW | CTLFLAG_VNET, 140 &VNET_NAME(max_gre_nesting), 0, "Max nested tunnels"); 141 142 static void 143 vnet_gre_init(const void *unused __unused) 144 { 145 LIST_INIT(&V_gre_softc_list); 146 GRE_LIST_LOCK_INIT(); 147 V_gre_cloner = if_clone_simple(grename, gre_clone_create, 148 gre_clone_destroy, 0); 149 } 150 VNET_SYSINIT(vnet_gre_init, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY, 151 vnet_gre_init, NULL); 152 153 static void 154 vnet_gre_uninit(const void *unused __unused) 155 { 156 157 if_clone_detach(V_gre_cloner); 158 GRE_LIST_LOCK_DESTROY(); 159 } 160 VNET_SYSUNINIT(vnet_gre_uninit, SI_SUB_PROTO_IFATTACHDOMAIN, SI_ORDER_ANY, 161 vnet_gre_uninit, NULL); 162 163 static int 164 gre_clone_create(struct if_clone *ifc, int unit, caddr_t params) 165 { 166 struct gre_softc *sc; 167 168 sc = malloc(sizeof(struct gre_softc), M_GRE, M_WAITOK | M_ZERO); 169 sc->gre_fibnum = curthread->td_proc->p_fibnum; 170 GRE2IFP(sc) = if_alloc(IFT_TUNNEL); 171 GRE_LOCK_INIT(sc); 172 GRE2IFP(sc)->if_softc = sc; 173 if_initname(GRE2IFP(sc), grename, unit); 174 175 GRE2IFP(sc)->if_mtu = sc->gre_mtu = GREMTU; 176 GRE2IFP(sc)->if_flags = IFF_POINTOPOINT|IFF_MULTICAST; 177 GRE2IFP(sc)->if_output = gre_output; 178 GRE2IFP(sc)->if_ioctl = gre_ioctl; 179 GRE2IFP(sc)->if_transmit = gre_transmit; 180 GRE2IFP(sc)->if_qflush = gre_qflush; 181 if_attach(GRE2IFP(sc)); 182 bpfattach(GRE2IFP(sc), DLT_NULL, sizeof(u_int32_t)); 183 GRE_LIST_LOCK(); 184 LIST_INSERT_HEAD(&V_gre_softc_list, sc, gre_list); 185 GRE_LIST_UNLOCK(); 186 return (0); 187 } 188 189 static void 190 gre_clone_destroy(struct ifnet *ifp) 191 { 192 struct gre_softc *sc; 193 194 sx_xlock(&gre_ioctl_sx); 195 sc = ifp->if_softc; 196 gre_delete_tunnel(ifp); 197 GRE_LIST_LOCK(); 198 LIST_REMOVE(sc, gre_list); 199 GRE_LIST_UNLOCK(); 200 bpfdetach(ifp); 201 if_detach(ifp); 202 ifp->if_softc = NULL; 203 sx_xunlock(&gre_ioctl_sx); 204 205 if_free(ifp); 206 GRE_LOCK_DESTROY(sc); 207 free(sc, M_GRE); 208 } 209 210 static int 211 gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 212 { 213 GRE_RLOCK_TRACKER; 214 struct ifreq *ifr = (struct ifreq *)data; 215 struct sockaddr *src, *dst; 216 struct gre_softc *sc; 217 #ifdef INET 218 struct sockaddr_in *sin = NULL; 219 #endif 220 #ifdef INET6 221 struct sockaddr_in6 *sin6 = NULL; 222 #endif 223 uint32_t opt; 224 int error; 225 226 switch (cmd) { 227 case SIOCSIFMTU: 228 /* XXX: */ 229 if (ifr->ifr_mtu < 576) 230 return (EINVAL); 231 break; 232 case SIOCSIFADDR: 233 ifp->if_flags |= IFF_UP; 234 case SIOCSIFFLAGS: 235 case SIOCADDMULTI: 236 case SIOCDELMULTI: 237 return (0); 238 case GRESADDRS: 239 case GRESADDRD: 240 case GREGADDRS: 241 case GREGADDRD: 242 case GRESPROTO: 243 case GREGPROTO: 244 return (EOPNOTSUPP); 245 } 246 src = dst = NULL; 247 sx_xlock(&gre_ioctl_sx); 248 sc = ifp->if_softc; 249 if (sc == NULL) { 250 error = ENXIO; 251 goto end; 252 } 253 error = 0; 254 switch (cmd) { 255 case SIOCSIFMTU: 256 GRE_WLOCK(sc); 257 sc->gre_mtu = ifr->ifr_mtu; 258 gre_updatehdr(sc); 259 GRE_WUNLOCK(sc); 260 goto end; 261 case SIOCSIFPHYADDR: 262 #ifdef INET6 263 case SIOCSIFPHYADDR_IN6: 264 #endif 265 error = EINVAL; 266 switch (cmd) { 267 #ifdef INET 268 case SIOCSIFPHYADDR: 269 src = (struct sockaddr *) 270 &(((struct in_aliasreq *)data)->ifra_addr); 271 dst = (struct sockaddr *) 272 &(((struct in_aliasreq *)data)->ifra_dstaddr); 273 break; 274 #endif 275 #ifdef INET6 276 case SIOCSIFPHYADDR_IN6: 277 src = (struct sockaddr *) 278 &(((struct in6_aliasreq *)data)->ifra_addr); 279 dst = (struct sockaddr *) 280 &(((struct in6_aliasreq *)data)->ifra_dstaddr); 281 break; 282 #endif 283 default: 284 error = EAFNOSUPPORT; 285 goto end; 286 } 287 /* sa_family must be equal */ 288 if (src->sa_family != dst->sa_family || 289 src->sa_len != dst->sa_len) 290 goto end; 291 292 /* validate sa_len */ 293 switch (src->sa_family) { 294 #ifdef INET 295 case AF_INET: 296 if (src->sa_len != sizeof(struct sockaddr_in)) 297 goto end; 298 break; 299 #endif 300 #ifdef INET6 301 case AF_INET6: 302 if (src->sa_len != sizeof(struct sockaddr_in6)) 303 goto end; 304 break; 305 #endif 306 default: 307 error = EAFNOSUPPORT; 308 goto end; 309 } 310 /* check sa_family looks sane for the cmd */ 311 error = EAFNOSUPPORT; 312 switch (cmd) { 313 #ifdef INET 314 case SIOCSIFPHYADDR: 315 if (src->sa_family == AF_INET) 316 break; 317 goto end; 318 #endif 319 #ifdef INET6 320 case SIOCSIFPHYADDR_IN6: 321 if (src->sa_family == AF_INET6) 322 break; 323 goto end; 324 #endif 325 } 326 error = EADDRNOTAVAIL; 327 switch (src->sa_family) { 328 #ifdef INET 329 case AF_INET: 330 if (satosin(src)->sin_addr.s_addr == INADDR_ANY || 331 satosin(dst)->sin_addr.s_addr == INADDR_ANY) 332 goto end; 333 break; 334 #endif 335 #ifdef INET6 336 case AF_INET6: 337 if (IN6_IS_ADDR_UNSPECIFIED(&satosin6(src)->sin6_addr) 338 || 339 IN6_IS_ADDR_UNSPECIFIED(&satosin6(dst)->sin6_addr)) 340 goto end; 341 /* 342 * Check validity of the scope zone ID of the 343 * addresses, and convert it into the kernel 344 * internal form if necessary. 345 */ 346 error = sa6_embedscope(satosin6(src), 0); 347 if (error != 0) 348 goto end; 349 error = sa6_embedscope(satosin6(dst), 0); 350 if (error != 0) 351 goto end; 352 #endif 353 }; 354 error = gre_set_tunnel(ifp, src, dst); 355 break; 356 case SIOCDIFPHYADDR: 357 gre_delete_tunnel(ifp); 358 break; 359 case SIOCGIFPSRCADDR: 360 case SIOCGIFPDSTADDR: 361 #ifdef INET6 362 case SIOCGIFPSRCADDR_IN6: 363 case SIOCGIFPDSTADDR_IN6: 364 #endif 365 if (sc->gre_family == 0) { 366 error = EADDRNOTAVAIL; 367 break; 368 } 369 GRE_RLOCK(sc); 370 switch (cmd) { 371 #ifdef INET 372 case SIOCGIFPSRCADDR: 373 case SIOCGIFPDSTADDR: 374 if (sc->gre_family != AF_INET) { 375 error = EADDRNOTAVAIL; 376 break; 377 } 378 sin = (struct sockaddr_in *)&ifr->ifr_addr; 379 memset(sin, 0, sizeof(*sin)); 380 sin->sin_family = AF_INET; 381 sin->sin_len = sizeof(*sin); 382 break; 383 #endif 384 #ifdef INET6 385 case SIOCGIFPSRCADDR_IN6: 386 case SIOCGIFPDSTADDR_IN6: 387 if (sc->gre_family != AF_INET6) { 388 error = EADDRNOTAVAIL; 389 break; 390 } 391 sin6 = (struct sockaddr_in6 *) 392 &(((struct in6_ifreq *)data)->ifr_addr); 393 memset(sin6, 0, sizeof(*sin6)); 394 sin6->sin6_family = AF_INET6; 395 sin6->sin6_len = sizeof(*sin6); 396 break; 397 #endif 398 } 399 if (error == 0) { 400 switch (cmd) { 401 #ifdef INET 402 case SIOCGIFPSRCADDR: 403 sin->sin_addr = sc->gre_oip.ip_src; 404 break; 405 case SIOCGIFPDSTADDR: 406 sin->sin_addr = sc->gre_oip.ip_dst; 407 break; 408 #endif 409 #ifdef INET6 410 case SIOCGIFPSRCADDR_IN6: 411 sin6->sin6_addr = sc->gre_oip6.ip6_src; 412 break; 413 case SIOCGIFPDSTADDR_IN6: 414 sin6->sin6_addr = sc->gre_oip6.ip6_dst; 415 break; 416 #endif 417 } 418 } 419 GRE_RUNLOCK(sc); 420 if (error != 0) 421 break; 422 switch (cmd) { 423 #ifdef INET 424 case SIOCGIFPSRCADDR: 425 case SIOCGIFPDSTADDR: 426 error = prison_if(curthread->td_ucred, 427 (struct sockaddr *)sin); 428 if (error != 0) 429 memset(sin, 0, sizeof(*sin)); 430 break; 431 #endif 432 #ifdef INET6 433 case SIOCGIFPSRCADDR_IN6: 434 case SIOCGIFPDSTADDR_IN6: 435 error = prison_if(curthread->td_ucred, 436 (struct sockaddr *)sin6); 437 if (error == 0) 438 error = sa6_recoverscope(sin6); 439 if (error != 0) 440 memset(sin6, 0, sizeof(*sin6)); 441 #endif 442 } 443 break; 444 case GRESKEY: 445 if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0) 446 break; 447 if ((error = copyin(ifr->ifr_data, &opt, sizeof(opt))) != 0) 448 break; 449 if (sc->gre_key != opt) { 450 GRE_WLOCK(sc); 451 sc->gre_key = opt; 452 gre_updatehdr(sc); 453 GRE_WUNLOCK(sc); 454 } 455 break; 456 case GREGKEY: 457 error = copyout(&sc->gre_key, ifr->ifr_data, sizeof(sc->gre_key)); 458 break; 459 case GRESOPTS: 460 if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0) 461 break; 462 if ((error = copyin(ifr->ifr_data, &opt, sizeof(opt))) != 0) 463 break; 464 if (opt & ~GRE_OPTMASK) 465 error = EINVAL; 466 else { 467 if (sc->gre_options != opt) { 468 GRE_WLOCK(sc); 469 sc->gre_options = opt; 470 gre_updatehdr(sc); 471 GRE_WUNLOCK(sc); 472 } 473 } 474 break; 475 476 case GREGOPTS: 477 error = copyout(&sc->gre_options, ifr->ifr_data, 478 sizeof(sc->gre_options)); 479 break; 480 default: 481 error = EINVAL; 482 break; 483 } 484 end: 485 sx_xunlock(&gre_ioctl_sx); 486 return (error); 487 } 488 489 static void 490 gre_updatehdr(struct gre_softc *sc) 491 { 492 struct grehdr *gh = NULL; 493 uint32_t *opts; 494 uint16_t flags; 495 496 GRE_WLOCK_ASSERT(sc); 497 switch (sc->gre_family) { 498 #ifdef INET 499 case AF_INET: 500 sc->gre_hlen = sizeof(struct greip); 501 sc->gre_oip.ip_v = IPPROTO_IPV4; 502 sc->gre_oip.ip_hl = sizeof(struct ip) >> 2; 503 sc->gre_oip.ip_p = IPPROTO_GRE; 504 gh = &sc->gre_gihdr->gi_gre; 505 break; 506 #endif 507 #ifdef INET6 508 case AF_INET6: 509 sc->gre_hlen = sizeof(struct greip6); 510 sc->gre_oip6.ip6_vfc = IPV6_VERSION; 511 sc->gre_oip6.ip6_nxt = IPPROTO_GRE; 512 gh = &sc->gre_gi6hdr->gi6_gre; 513 break; 514 #endif 515 default: 516 return; 517 } 518 flags = 0; 519 opts = gh->gre_opts; 520 if (sc->gre_options & GRE_ENABLE_CSUM) { 521 flags |= GRE_FLAGS_CP; 522 sc->gre_hlen += 2 * sizeof(uint16_t); 523 *opts++ = 0; 524 } 525 if (sc->gre_key != 0) { 526 flags |= GRE_FLAGS_KP; 527 sc->gre_hlen += sizeof(uint32_t); 528 *opts++ = htonl(sc->gre_key); 529 } 530 if (sc->gre_options & GRE_ENABLE_SEQ) { 531 flags |= GRE_FLAGS_SP; 532 sc->gre_hlen += sizeof(uint32_t); 533 *opts++ = 0; 534 } else 535 sc->gre_oseq = 0; 536 gh->gre_flags = htons(flags); 537 GRE2IFP(sc)->if_mtu = sc->gre_mtu - sc->gre_hlen; 538 } 539 540 static void 541 gre_detach(struct gre_softc *sc) 542 { 543 544 sx_assert(&gre_ioctl_sx, SA_XLOCKED); 545 if (sc->gre_ecookie != NULL) 546 encap_detach(sc->gre_ecookie); 547 sc->gre_ecookie = NULL; 548 } 549 550 static int 551 gre_set_tunnel(struct ifnet *ifp, struct sockaddr *src, 552 struct sockaddr *dst) 553 { 554 struct gre_softc *sc, *tsc; 555 #ifdef INET6 556 struct ip6_hdr *ip6; 557 #endif 558 #ifdef INET 559 struct ip *ip; 560 #endif 561 void *hdr; 562 int error; 563 564 sx_assert(&gre_ioctl_sx, SA_XLOCKED); 565 GRE_LIST_LOCK(); 566 sc = ifp->if_softc; 567 LIST_FOREACH(tsc, &V_gre_softc_list, gre_list) { 568 if (tsc == sc || tsc->gre_family != src->sa_family) 569 continue; 570 #ifdef INET 571 if (tsc->gre_family == AF_INET && 572 tsc->gre_oip.ip_src.s_addr == 573 satosin(src)->sin_addr.s_addr && 574 tsc->gre_oip.ip_dst.s_addr == 575 satosin(dst)->sin_addr.s_addr) { 576 GRE_LIST_UNLOCK(); 577 return (EADDRNOTAVAIL); 578 } 579 #endif 580 #ifdef INET6 581 if (tsc->gre_family == AF_INET6 && 582 IN6_ARE_ADDR_EQUAL(&tsc->gre_oip6.ip6_src, 583 &satosin6(src)->sin6_addr) && 584 IN6_ARE_ADDR_EQUAL(&tsc->gre_oip6.ip6_dst, 585 &satosin6(dst)->sin6_addr)) { 586 GRE_LIST_UNLOCK(); 587 return (EADDRNOTAVAIL); 588 } 589 #endif 590 } 591 GRE_LIST_UNLOCK(); 592 593 switch (src->sa_family) { 594 #ifdef INET 595 case AF_INET: 596 hdr = ip = malloc(sizeof(struct greip) + 597 3 * sizeof(uint32_t), M_GRE, M_WAITOK | M_ZERO); 598 ip->ip_src = satosin(src)->sin_addr; 599 ip->ip_dst = satosin(dst)->sin_addr; 600 break; 601 #endif 602 #ifdef INET6 603 case AF_INET6: 604 hdr = ip6 = malloc(sizeof(struct greip6) + 605 3 * sizeof(uint32_t), M_GRE, M_WAITOK | M_ZERO); 606 ip6->ip6_src = satosin6(src)->sin6_addr; 607 ip6->ip6_dst = satosin6(dst)->sin6_addr; 608 break; 609 #endif 610 default: 611 return (EAFNOSUPPORT); 612 } 613 if (sc->gre_family != src->sa_family) 614 gre_detach(sc); 615 GRE_WLOCK(sc); 616 if (sc->gre_family != 0) 617 free(sc->gre_hdr, M_GRE); 618 sc->gre_family = src->sa_family; 619 sc->gre_hdr = hdr; 620 sc->gre_oseq = 0; 621 sc->gre_iseq = UINT32_MAX; 622 gre_updatehdr(sc); 623 GRE_WUNLOCK(sc); 624 625 error = 0; 626 switch (src->sa_family) { 627 #ifdef INET 628 case AF_INET: 629 error = in_gre_attach(sc); 630 break; 631 #endif 632 #ifdef INET6 633 case AF_INET6: 634 error = in6_gre_attach(sc); 635 break; 636 #endif 637 } 638 if (error == 0) 639 ifp->if_drv_flags |= IFF_DRV_RUNNING; 640 return (error); 641 } 642 643 static void 644 gre_delete_tunnel(struct ifnet *ifp) 645 { 646 struct gre_softc *sc = ifp->if_softc; 647 int family; 648 649 GRE_WLOCK(sc); 650 family = sc->gre_family; 651 sc->gre_family = 0; 652 GRE_WUNLOCK(sc); 653 if (family != 0) { 654 gre_detach(sc); 655 free(sc->gre_hdr, M_GRE); 656 } 657 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 658 } 659 660 int 661 gre_input(struct mbuf **mp, int *offp, int proto) 662 { 663 struct gre_softc *sc; 664 struct grehdr *gh; 665 struct ifnet *ifp; 666 struct mbuf *m; 667 uint32_t *opts, key; 668 uint16_t flags; 669 int hlen, isr, af; 670 671 m = *mp; 672 sc = encap_getarg(m); 673 KASSERT(sc != NULL, ("encap_getarg returned NULL")); 674 675 ifp = GRE2IFP(sc); 676 gh = (struct grehdr *)mtodo(m, *offp); 677 flags = ntohs(gh->gre_flags); 678 if (flags & ~GRE_FLAGS_MASK) 679 goto drop; 680 opts = gh->gre_opts; 681 hlen = 2 * sizeof(uint16_t); 682 if (flags & GRE_FLAGS_CP) { 683 /* reserved1 field must be zero */ 684 if (((uint16_t *)opts)[1] != 0) 685 goto drop; 686 if (in_cksum_skip(m, m->m_pkthdr.len, *offp) != 0) 687 goto drop; 688 hlen += 2 * sizeof(uint16_t); 689 opts++; 690 } 691 if (flags & GRE_FLAGS_KP) { 692 key = ntohl(*opts); 693 hlen += sizeof(uint32_t); 694 opts++; 695 } else 696 key = 0; 697 /* 698 if (sc->gre_key != 0 && (key != sc->gre_key || key != 0)) 699 goto drop; 700 */ 701 if (flags & GRE_FLAGS_SP) { 702 /* seq = ntohl(*opts); */ 703 hlen += sizeof(uint32_t); 704 } 705 switch (ntohs(gh->gre_proto)) { 706 case ETHERTYPE_WCCP: 707 /* 708 * For WCCP skip an additional 4 bytes if after GRE header 709 * doesn't follow an IP header. 710 */ 711 if (flags == 0 && (*(uint8_t *)gh->gre_opts & 0xF0) != 0x40) 712 hlen += sizeof(uint32_t); 713 /* FALLTHROUGH */ 714 case ETHERTYPE_IP: 715 isr = NETISR_IP; 716 af = AF_INET; 717 break; 718 case ETHERTYPE_IPV6: 719 isr = NETISR_IPV6; 720 af = AF_INET6; 721 break; 722 default: 723 goto drop; 724 } 725 m_adj(m, *offp + hlen); 726 m_clrprotoflags(m); 727 m->m_pkthdr.rcvif = ifp; 728 M_SETFIB(m, sc->gre_fibnum); 729 #ifdef MAC 730 mac_ifnet_create_mbuf(ifp, m); 731 #endif 732 BPF_MTAP2(ifp, &af, sizeof(af), m); 733 if_inc_counter(ifp, IFCOUNTER_IPACKETS, 1); 734 if_inc_counter(ifp, IFCOUNTER_IBYTES, m->m_pkthdr.len); 735 if ((ifp->if_flags & IFF_MONITOR) != 0) 736 m_freem(m); 737 else 738 netisr_dispatch(isr, m); 739 return (IPPROTO_DONE); 740 drop: 741 if_inc_counter(ifp, IFCOUNTER_IERRORS, 1); 742 m_freem(m); 743 return (IPPROTO_DONE); 744 } 745 746 #define MTAG_GRE 1307983903 747 static int 748 gre_check_nesting(struct ifnet *ifp, struct mbuf *m) 749 { 750 struct m_tag *mtag; 751 int count; 752 753 count = 1; 754 mtag = NULL; 755 while ((mtag = m_tag_locate(m, MTAG_GRE, 0, mtag)) != NULL) { 756 if (*(struct ifnet **)(mtag + 1) == ifp) { 757 log(LOG_NOTICE, "%s: loop detected\n", ifp->if_xname); 758 return (EIO); 759 } 760 count++; 761 } 762 if (count > V_max_gre_nesting) { 763 log(LOG_NOTICE, 764 "%s: if_output recursively called too many times(%d)\n", 765 ifp->if_xname, count); 766 return (EIO); 767 } 768 mtag = m_tag_alloc(MTAG_GRE, 0, sizeof(struct ifnet *), M_NOWAIT); 769 if (mtag == NULL) 770 return (ENOMEM); 771 *(struct ifnet **)(mtag + 1) = ifp; 772 m_tag_prepend(m, mtag); 773 return (0); 774 } 775 776 static int 777 gre_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, 778 struct route *ro) 779 { 780 uint32_t af; 781 int error; 782 783 #ifdef MAC 784 error = mac_ifnet_check_transmit(ifp, m); 785 if (error != 0) 786 goto drop; 787 #endif 788 if ((ifp->if_flags & IFF_MONITOR) != 0 || 789 (ifp->if_flags & IFF_UP) == 0) { 790 error = ENETDOWN; 791 goto drop; 792 } 793 794 error = gre_check_nesting(ifp, m); 795 if (error != 0) 796 goto drop; 797 798 m->m_flags &= ~(M_BCAST|M_MCAST); 799 if (dst->sa_family == AF_UNSPEC) 800 bcopy(dst->sa_data, &af, sizeof(af)); 801 else 802 af = dst->sa_family; 803 BPF_MTAP2(ifp, &af, sizeof(af), m); 804 m->m_pkthdr.csum_data = af; /* save af for if_transmit */ 805 return (ifp->if_transmit(ifp, m)); 806 drop: 807 m_freem(m); 808 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 809 return (error); 810 } 811 812 static void 813 gre_setseqn(struct grehdr *gh, uint32_t seq) 814 { 815 uint32_t *opts; 816 uint16_t flags; 817 818 opts = gh->gre_opts; 819 flags = ntohs(gh->gre_flags); 820 KASSERT((flags & GRE_FLAGS_SP) != 0, 821 ("gre_setseqn called, but GRE_FLAGS_SP isn't set ")); 822 if (flags & GRE_FLAGS_CP) 823 opts++; 824 if (flags & GRE_FLAGS_KP) 825 opts++; 826 *opts = htonl(seq); 827 } 828 829 static int 830 gre_transmit(struct ifnet *ifp, struct mbuf *m) 831 { 832 GRE_RLOCK_TRACKER; 833 struct gre_softc *sc; 834 struct grehdr *gh; 835 uint32_t iaf, oaf, oseq; 836 int error, hlen, olen, plen; 837 int want_seq, want_csum; 838 839 plen = 0; 840 sc = ifp->if_softc; 841 if (sc == NULL) { 842 error = ENETDOWN; 843 m_freem(m); 844 goto drop; 845 } 846 GRE_RLOCK(sc); 847 if (sc->gre_family == 0) { 848 GRE_RUNLOCK(sc); 849 error = ENETDOWN; 850 m_freem(m); 851 goto drop; 852 } 853 iaf = m->m_pkthdr.csum_data; 854 oaf = sc->gre_family; 855 hlen = sc->gre_hlen; 856 want_seq = (sc->gre_options & GRE_ENABLE_SEQ) != 0; 857 if (want_seq) 858 oseq = sc->gre_oseq++; /* XXX */ 859 else 860 oseq = 0; /* Make compiler happy. */ 861 want_csum = (sc->gre_options & GRE_ENABLE_CSUM) != 0; 862 M_SETFIB(m, sc->gre_fibnum); 863 M_PREPEND(m, hlen, M_NOWAIT); 864 if (m == NULL) { 865 GRE_RUNLOCK(sc); 866 error = ENOBUFS; 867 goto drop; 868 } 869 bcopy(sc->gre_hdr, mtod(m, void *), hlen); 870 GRE_RUNLOCK(sc); 871 switch (oaf) { 872 #ifdef INET 873 case AF_INET: 874 olen = sizeof(struct ip); 875 break; 876 #endif 877 #ifdef INET6 878 case AF_INET6: 879 olen = sizeof(struct ip6_hdr); 880 break; 881 #endif 882 default: 883 error = ENETDOWN; 884 goto drop; 885 } 886 gh = (struct grehdr *)mtodo(m, olen); 887 switch (iaf) { 888 #ifdef INET 889 case AF_INET: 890 gh->gre_proto = htons(ETHERTYPE_IP); 891 break; 892 #endif 893 #ifdef INET6 894 case AF_INET6: 895 gh->gre_proto = htons(ETHERTYPE_IPV6); 896 break; 897 #endif 898 default: 899 error = ENETDOWN; 900 goto drop; 901 } 902 if (want_seq) 903 gre_setseqn(gh, oseq); 904 if (want_csum) { 905 *(uint16_t *)gh->gre_opts = in_cksum_skip(m, 906 m->m_pkthdr.len, olen); 907 } 908 plen = m->m_pkthdr.len - hlen; 909 switch (oaf) { 910 #ifdef INET 911 case AF_INET: 912 error = in_gre_output(m, iaf, hlen); 913 break; 914 #endif 915 #ifdef INET6 916 case AF_INET6: 917 error = in6_gre_output(m, iaf, hlen); 918 break; 919 #endif 920 default: 921 m_freem(m); 922 error = ENETDOWN; 923 }; 924 drop: 925 if (error) 926 if_inc_counter(ifp, IFCOUNTER_OERRORS, 1); 927 else { 928 if_inc_counter(ifp, IFCOUNTER_OPACKETS, 1); 929 if_inc_counter(ifp, IFCOUNTER_OBYTES, plen); 930 } 931 return (error); 932 } 933 934 static void 935 gre_qflush(struct ifnet *ifp __unused) 936 { 937 938 } 939 940 static int 941 gremodevent(module_t mod, int type, void *data) 942 { 943 944 switch (type) { 945 case MOD_LOAD: 946 case MOD_UNLOAD: 947 break; 948 default: 949 return (EOPNOTSUPP); 950 } 951 return (0); 952 } 953 954 static moduledata_t gre_mod = { 955 "if_gre", 956 gremodevent, 957 0 958 }; 959 960 DECLARE_MODULE(if_gre, gre_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 961 MODULE_VERSION(if_gre, 1); 962