FreeBSD/Linux Kernel Cross Reference
sys/net/if_gif.c
1 /* $FreeBSD: releng/8.0/sys/net/if_gif.c 196019 2009-08-01 19:26:27Z rwatson $ */
2 /* $KAME: if_gif.c,v 1.87 2001/10/19 08:50:27 itojun Exp $ */
3
4 /*-
5 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 #include "opt_inet.h"
34 #include "opt_inet6.h"
35
36 #include <sys/param.h>
37 #include <sys/systm.h>
38 #include <sys/kernel.h>
39 #include <sys/malloc.h>
40 #include <sys/mbuf.h>
41 #include <sys/module.h>
42 #include <sys/socket.h>
43 #include <sys/sockio.h>
44 #include <sys/errno.h>
45 #include <sys/time.h>
46 #include <sys/sysctl.h>
47 #include <sys/syslog.h>
48 #include <sys/priv.h>
49 #include <sys/proc.h>
50 #include <sys/protosw.h>
51 #include <sys/conf.h>
52 #include <machine/cpu.h>
53
54 #include <net/if.h>
55 #include <net/if_clone.h>
56 #include <net/if_types.h>
57 #include <net/netisr.h>
58 #include <net/route.h>
59 #include <net/bpf.h>
60 #include <net/vnet.h>
61
62 #include <netinet/in.h>
63 #include <netinet/in_systm.h>
64 #include <netinet/ip.h>
65 #ifdef INET
66 #include <netinet/in_var.h>
67 #include <netinet/in_gif.h>
68 #include <netinet/ip_var.h>
69 #endif /* INET */
70
71 #ifdef INET6
72 #ifndef INET
73 #include <netinet/in.h>
74 #endif
75 #include <netinet6/in6_var.h>
76 #include <netinet/ip6.h>
77 #include <netinet6/ip6_var.h>
78 #include <netinet6/scope6_var.h>
79 #include <netinet6/in6_gif.h>
80 #include <netinet6/ip6protosw.h>
81 #endif /* INET6 */
82
83 #include <netinet/ip_encap.h>
84 #include <net/ethernet.h>
85 #include <net/if_bridgevar.h>
86 #include <net/if_gif.h>
87
88 #include <security/mac/mac_framework.h>
89
90 #define GIFNAME "gif"
91
92 /*
93 * gif_mtx protects the global gif_softc_list.
94 */
95 static struct mtx gif_mtx;
96 static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface");
97
98 static VNET_DEFINE(LIST_HEAD(, gif_softc), gif_softc_list);
99
100 #define V_gif_softc_list VNET(gif_softc_list)
101
102 #ifdef INET
103 VNET_DEFINE(int, ip_gif_ttl) = GIF_TTL;
104 #define V_ip_gif_ttl VNET(ip_gif_ttl)
105 #endif
106 #ifdef INET6
107 VNET_DEFINE(int, ip6_gif_hlim) = GIF_HLIM;
108 #define V_ip6_gif_hlim VNET(ip6_gif_hlim)
109 #endif
110
111 void (*ng_gif_input_p)(struct ifnet *ifp, struct mbuf **mp, int af);
112 void (*ng_gif_input_orphan_p)(struct ifnet *ifp, struct mbuf *m, int af);
113 void (*ng_gif_attach_p)(struct ifnet *ifp);
114 void (*ng_gif_detach_p)(struct ifnet *ifp);
115
116 static void gif_start(struct ifnet *);
117 static int gif_clone_create(struct if_clone *, int, caddr_t);
118 static void gif_clone_destroy(struct ifnet *);
119
120 IFC_SIMPLE_DECLARE(gif, 0);
121
122 static int gifmodevent(module_t, int, void *);
123
124 SYSCTL_DECL(_net_link);
125 SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0,
126 "Generic Tunnel Interface");
127 #ifndef MAX_GIF_NEST
128 /*
129 * This macro controls the default upper limitation on nesting of gif tunnels.
130 * Since, setting a large value to this macro with a careless configuration
131 * may introduce system crash, we don't allow any nestings by default.
132 * If you need to configure nested gif tunnels, you can define this macro
133 * in your kernel configuration file. However, if you do so, please be
134 * careful to configure the tunnels so that it won't make a loop.
135 */
136 #define MAX_GIF_NEST 1
137 #endif
138
139 static VNET_DEFINE(int, max_gif_nesting) = MAX_GIF_NEST;
140 #define V_max_gif_nesting VNET(max_gif_nesting)
141
142 SYSCTL_VNET_INT(_net_link_gif, OID_AUTO, max_nesting, CTLFLAG_RW,
143 &VNET_NAME(max_gif_nesting), 0, "Max nested tunnels");
144
145 #ifdef INET6
146 SYSCTL_DECL(_net_inet6_ip6);
147 SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM, gifhlim, CTLFLAG_RW,
148 &VNET_NAME(ip6_gif_hlim), 0, "");
149 #endif
150
151 /*
152 * By default, we disallow creation of multiple tunnels between the same
153 * pair of addresses. Some applications require this functionality so
154 * we allow control over this check here.
155 */
156 #ifdef XBONEHACK
157 static VNET_DEFINE(int, parallel_tunnels) = 1;
158 #else
159 static VNET_DEFINE(int, parallel_tunnels) = 0;
160 #endif
161 #define V_parallel_tunnels VNET(parallel_tunnels)
162
163 SYSCTL_VNET_INT(_net_link_gif, OID_AUTO, parallel_tunnels, CTLFLAG_RW,
164 &VNET_NAME(parallel_tunnels), 0, "Allow parallel tunnels?");
165
166 /* copy from src/sys/net/if_ethersubr.c */
167 static const u_char etherbroadcastaddr[ETHER_ADDR_LEN] =
168 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
169 #ifndef ETHER_IS_BROADCAST
170 #define ETHER_IS_BROADCAST(addr) \
171 (bcmp(etherbroadcastaddr, (addr), ETHER_ADDR_LEN) == 0)
172 #endif
173
174 static int
175 gif_clone_create(ifc, unit, params)
176 struct if_clone *ifc;
177 int unit;
178 caddr_t params;
179 {
180 struct gif_softc *sc;
181
182 sc = malloc(sizeof(struct gif_softc), M_GIF, M_WAITOK | M_ZERO);
183 sc->gif_fibnum = curthread->td_proc->p_fibnum;
184 GIF2IFP(sc) = if_alloc(IFT_GIF);
185 if (GIF2IFP(sc) == NULL) {
186 free(sc, M_GIF);
187 return (ENOSPC);
188 }
189
190 GIF_LOCK_INIT(sc);
191
192 GIF2IFP(sc)->if_softc = sc;
193 if_initname(GIF2IFP(sc), ifc->ifc_name, unit);
194
195 sc->encap_cookie4 = sc->encap_cookie6 = NULL;
196 sc->gif_options = GIF_ACCEPT_REVETHIP;
197
198 GIF2IFP(sc)->if_addrlen = 0;
199 GIF2IFP(sc)->if_mtu = GIF_MTU;
200 GIF2IFP(sc)->if_flags = IFF_POINTOPOINT | IFF_MULTICAST;
201 #if 0
202 /* turn off ingress filter */
203 GIF2IFP(sc)->if_flags |= IFF_LINK2;
204 #endif
205 GIF2IFP(sc)->if_ioctl = gif_ioctl;
206 GIF2IFP(sc)->if_start = gif_start;
207 GIF2IFP(sc)->if_output = gif_output;
208 GIF2IFP(sc)->if_snd.ifq_maxlen = IFQ_MAXLEN;
209 if_attach(GIF2IFP(sc));
210 bpfattach(GIF2IFP(sc), DLT_NULL, sizeof(u_int32_t));
211 if (ng_gif_attach_p != NULL)
212 (*ng_gif_attach_p)(GIF2IFP(sc));
213
214 mtx_lock(&gif_mtx);
215 LIST_INSERT_HEAD(&V_gif_softc_list, sc, gif_list);
216 mtx_unlock(&gif_mtx);
217
218 return (0);
219 }
220
221 static void
222 gif_clone_destroy(ifp)
223 struct ifnet *ifp;
224 {
225 #if defined(INET) || defined(INET6)
226 int err;
227 #endif
228 struct gif_softc *sc = ifp->if_softc;
229
230 mtx_lock(&gif_mtx);
231 LIST_REMOVE(sc, gif_list);
232 mtx_unlock(&gif_mtx);
233
234 gif_delete_tunnel(ifp);
235 #ifdef INET6
236 if (sc->encap_cookie6 != NULL) {
237 err = encap_detach(sc->encap_cookie6);
238 KASSERT(err == 0, ("Unexpected error detaching encap_cookie6"));
239 }
240 #endif
241 #ifdef INET
242 if (sc->encap_cookie4 != NULL) {
243 err = encap_detach(sc->encap_cookie4);
244 KASSERT(err == 0, ("Unexpected error detaching encap_cookie4"));
245 }
246 #endif
247
248 if (ng_gif_detach_p != NULL)
249 (*ng_gif_detach_p)(ifp);
250 bpfdetach(ifp);
251 if_detach(ifp);
252 if_free(ifp);
253
254 GIF_LOCK_DESTROY(sc);
255
256 free(sc, M_GIF);
257 }
258
259 static void
260 vnet_gif_init(const void *unused __unused)
261 {
262
263 LIST_INIT(&V_gif_softc_list);
264 }
265 VNET_SYSINIT(vnet_gif_init, SI_SUB_PSEUDO, SI_ORDER_MIDDLE, vnet_gif_init,
266 NULL);
267
268 static int
269 gifmodevent(mod, type, data)
270 module_t mod;
271 int type;
272 void *data;
273 {
274
275 switch (type) {
276 case MOD_LOAD:
277 mtx_init(&gif_mtx, "gif_mtx", NULL, MTX_DEF);
278 if_clone_attach(&gif_cloner);
279 break;
280
281 case MOD_UNLOAD:
282 if_clone_detach(&gif_cloner);
283 mtx_destroy(&gif_mtx);
284 break;
285 default:
286 return EOPNOTSUPP;
287 }
288 return 0;
289 }
290
291 static moduledata_t gif_mod = {
292 "if_gif",
293 gifmodevent,
294 0
295 };
296
297 DECLARE_MODULE(if_gif, gif_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
298 MODULE_VERSION(if_gif, 1);
299
300 int
301 gif_encapcheck(m, off, proto, arg)
302 const struct mbuf *m;
303 int off;
304 int proto;
305 void *arg;
306 {
307 struct ip ip;
308 struct gif_softc *sc;
309
310 sc = (struct gif_softc *)arg;
311 if (sc == NULL)
312 return 0;
313
314 if ((GIF2IFP(sc)->if_flags & IFF_UP) == 0)
315 return 0;
316
317 /* no physical address */
318 if (!sc->gif_psrc || !sc->gif_pdst)
319 return 0;
320
321 switch (proto) {
322 #ifdef INET
323 case IPPROTO_IPV4:
324 break;
325 #endif
326 #ifdef INET6
327 case IPPROTO_IPV6:
328 break;
329 #endif
330 case IPPROTO_ETHERIP:
331 break;
332
333 default:
334 return 0;
335 }
336
337 /* Bail on short packets */
338 if (m->m_pkthdr.len < sizeof(ip))
339 return 0;
340
341 m_copydata(m, 0, sizeof(ip), (caddr_t)&ip);
342
343 switch (ip.ip_v) {
344 #ifdef INET
345 case 4:
346 if (sc->gif_psrc->sa_family != AF_INET ||
347 sc->gif_pdst->sa_family != AF_INET)
348 return 0;
349 return gif_encapcheck4(m, off, proto, arg);
350 #endif
351 #ifdef INET6
352 case 6:
353 if (m->m_pkthdr.len < sizeof(struct ip6_hdr))
354 return 0;
355 if (sc->gif_psrc->sa_family != AF_INET6 ||
356 sc->gif_pdst->sa_family != AF_INET6)
357 return 0;
358 return gif_encapcheck6(m, off, proto, arg);
359 #endif
360 default:
361 return 0;
362 }
363 }
364
365 static void
366 gif_start(struct ifnet *ifp)
367 {
368 struct gif_softc *sc;
369 struct mbuf *m;
370
371 sc = ifp->if_softc;
372
373 ifp->if_drv_flags |= IFF_DRV_OACTIVE;
374 for (;;) {
375 IFQ_DEQUEUE(&ifp->if_snd, m);
376 if (m == 0)
377 break;
378
379 gif_output(ifp, m, sc->gif_pdst, NULL);
380
381 }
382 ifp->if_drv_flags &= ~IFF_DRV_OACTIVE;
383
384 return;
385 }
386
387 int
388 gif_output(ifp, m, dst, ro)
389 struct ifnet *ifp;
390 struct mbuf *m;
391 struct sockaddr *dst;
392 struct route *ro;
393 {
394 struct gif_softc *sc = ifp->if_softc;
395 struct m_tag *mtag;
396 int error = 0;
397 int gif_called;
398 u_int32_t af;
399
400 #ifdef MAC
401 error = mac_ifnet_check_transmit(ifp, m);
402 if (error) {
403 m_freem(m);
404 goto end;
405 }
406 #endif
407
408 /*
409 * gif may cause infinite recursion calls when misconfigured.
410 * We'll prevent this by detecting loops.
411 *
412 * High nesting level may cause stack exhaustion.
413 * We'll prevent this by introducing upper limit.
414 */
415 gif_called = 1;
416 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, NULL);
417 while (mtag != NULL) {
418 if (*(struct ifnet **)(mtag + 1) == ifp) {
419 log(LOG_NOTICE,
420 "gif_output: loop detected on %s\n",
421 (*(struct ifnet **)(mtag + 1))->if_xname);
422 m_freem(m);
423 error = EIO; /* is there better errno? */
424 goto end;
425 }
426 mtag = m_tag_locate(m, MTAG_GIF, MTAG_GIF_CALLED, mtag);
427 gif_called++;
428 }
429 if (gif_called > V_max_gif_nesting) {
430 log(LOG_NOTICE,
431 "gif_output: recursively called too many times(%d)\n",
432 gif_called);
433 m_freem(m);
434 error = EIO; /* is there better errno? */
435 goto end;
436 }
437 mtag = m_tag_alloc(MTAG_GIF, MTAG_GIF_CALLED, sizeof(struct ifnet *),
438 M_NOWAIT);
439 if (mtag == NULL) {
440 m_freem(m);
441 error = ENOMEM;
442 goto end;
443 }
444 *(struct ifnet **)(mtag + 1) = ifp;
445 m_tag_prepend(m, mtag);
446
447 m->m_flags &= ~(M_BCAST|M_MCAST);
448
449 GIF_LOCK(sc);
450
451 if (!(ifp->if_flags & IFF_UP) ||
452 sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
453 GIF_UNLOCK(sc);
454 m_freem(m);
455 error = ENETDOWN;
456 goto end;
457 }
458
459 /* BPF writes need to be handled specially. */
460 if (dst->sa_family == AF_UNSPEC) {
461 bcopy(dst->sa_data, &af, sizeof(af));
462 dst->sa_family = af;
463 }
464
465 af = dst->sa_family;
466 BPF_MTAP2(ifp, &af, sizeof(af), m);
467 ifp->if_opackets++;
468 ifp->if_obytes += m->m_pkthdr.len;
469
470 /* override to IPPROTO_ETHERIP for bridged traffic */
471 if (ifp->if_bridge)
472 af = AF_LINK;
473
474 M_SETFIB(m, sc->gif_fibnum);
475 /* inner AF-specific encapsulation */
476
477 /* XXX should we check if our outer source is legal? */
478
479 /* dispatch to output logic based on outer AF */
480 switch (sc->gif_psrc->sa_family) {
481 #ifdef INET
482 case AF_INET:
483 error = in_gif_output(ifp, af, m);
484 break;
485 #endif
486 #ifdef INET6
487 case AF_INET6:
488 error = in6_gif_output(ifp, af, m);
489 break;
490 #endif
491 default:
492 m_freem(m);
493 error = ENETDOWN;
494 }
495
496 GIF_UNLOCK(sc);
497 end:
498 if (error)
499 ifp->if_oerrors++;
500 return (error);
501 }
502
503 void
504 gif_input(m, af, ifp)
505 struct mbuf *m;
506 int af;
507 struct ifnet *ifp;
508 {
509 int isr, n;
510 struct gif_softc *sc = ifp->if_softc;
511 struct etherip_header *eip;
512 struct ether_header *eh;
513 struct ifnet *oldifp;
514
515 if (ifp == NULL) {
516 /* just in case */
517 m_freem(m);
518 return;
519 }
520
521 m->m_pkthdr.rcvif = ifp;
522
523 #ifdef MAC
524 mac_ifnet_create_mbuf(ifp, m);
525 #endif
526
527 if (bpf_peers_present(ifp->if_bpf)) {
528 u_int32_t af1 = af;
529 bpf_mtap2(ifp->if_bpf, &af1, sizeof(af1), m);
530 }
531
532 if (ng_gif_input_p != NULL) {
533 (*ng_gif_input_p)(ifp, &m, af);
534 if (m == NULL)
535 return;
536 }
537
538 /*
539 * Put the packet to the network layer input queue according to the
540 * specified address family.
541 * Note: older versions of gif_input directly called network layer
542 * input functions, e.g. ip6_input, here. We changed the policy to
543 * prevent too many recursive calls of such input functions, which
544 * might cause kernel panic. But the change may introduce another
545 * problem; if the input queue is full, packets are discarded.
546 * The kernel stack overflow really happened, and we believed
547 * queue-full rarely occurs, so we changed the policy.
548 */
549 switch (af) {
550 #ifdef INET
551 case AF_INET:
552 isr = NETISR_IP;
553 break;
554 #endif
555 #ifdef INET6
556 case AF_INET6:
557 isr = NETISR_IPV6;
558 break;
559 #endif
560 case AF_LINK:
561 n = sizeof(struct etherip_header) + sizeof(struct ether_header);
562 if (n > m->m_len) {
563 m = m_pullup(m, n);
564 if (m == NULL) {
565 ifp->if_ierrors++;
566 return;
567 }
568 }
569
570 eip = mtod(m, struct etherip_header *);
571 /*
572 * GIF_ACCEPT_REVETHIP (enabled by default) intentionally
573 * accepts an EtherIP packet with revered version field in
574 * the header. This is a knob for backward compatibility
575 * with FreeBSD 7.2R or prior.
576 */
577 if (sc->gif_options & GIF_ACCEPT_REVETHIP) {
578 if (eip->eip_resvl != ETHERIP_VERSION
579 && eip->eip_ver != ETHERIP_VERSION) {
580 /* discard unknown versions */
581 m_freem(m);
582 return;
583 }
584 } else {
585 if (eip->eip_ver != ETHERIP_VERSION) {
586 /* discard unknown versions */
587 m_freem(m);
588 return;
589 }
590 }
591 m_adj(m, sizeof(struct etherip_header));
592
593 m->m_flags &= ~(M_BCAST|M_MCAST);
594 m->m_pkthdr.rcvif = ifp;
595
596 if (ifp->if_bridge) {
597 oldifp = ifp;
598 eh = mtod(m, struct ether_header *);
599 if (ETHER_IS_MULTICAST(eh->ether_dhost)) {
600 if (ETHER_IS_BROADCAST(eh->ether_dhost))
601 m->m_flags |= M_BCAST;
602 else
603 m->m_flags |= M_MCAST;
604 ifp->if_imcasts++;
605 }
606 BRIDGE_INPUT(ifp, m);
607
608 if (m != NULL && ifp != oldifp) {
609 /*
610 * The bridge gave us back itself or one of the
611 * members for which the frame is addressed.
612 */
613 ether_demux(ifp, m);
614 return;
615 }
616 }
617 if (m != NULL)
618 m_freem(m);
619 return;
620
621 default:
622 if (ng_gif_input_orphan_p != NULL)
623 (*ng_gif_input_orphan_p)(ifp, m, af);
624 else
625 m_freem(m);
626 return;
627 }
628
629 ifp->if_ipackets++;
630 ifp->if_ibytes += m->m_pkthdr.len;
631 netisr_dispatch(isr, m);
632 }
633
634 /* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */
635 int
636 gif_ioctl(ifp, cmd, data)
637 struct ifnet *ifp;
638 u_long cmd;
639 caddr_t data;
640 {
641 struct gif_softc *sc = ifp->if_softc;
642 struct ifreq *ifr = (struct ifreq*)data;
643 int error = 0, size;
644 u_int options;
645 struct sockaddr *dst, *src;
646 #ifdef SIOCSIFMTU /* xxx */
647 u_long mtu;
648 #endif
649
650 switch (cmd) {
651 case SIOCSIFADDR:
652 ifp->if_flags |= IFF_UP;
653 break;
654
655 case SIOCSIFDSTADDR:
656 break;
657
658 case SIOCADDMULTI:
659 case SIOCDELMULTI:
660 break;
661
662 #ifdef SIOCSIFMTU /* xxx */
663 case SIOCGIFMTU:
664 break;
665
666 case SIOCSIFMTU:
667 mtu = ifr->ifr_mtu;
668 if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX)
669 return (EINVAL);
670 ifp->if_mtu = mtu;
671 break;
672 #endif /* SIOCSIFMTU */
673
674 #ifdef INET
675 case SIOCSIFPHYADDR:
676 #endif
677 #ifdef INET6
678 case SIOCSIFPHYADDR_IN6:
679 #endif /* INET6 */
680 case SIOCSLIFPHYADDR:
681 switch (cmd) {
682 #ifdef INET
683 case SIOCSIFPHYADDR:
684 src = (struct sockaddr *)
685 &(((struct in_aliasreq *)data)->ifra_addr);
686 dst = (struct sockaddr *)
687 &(((struct in_aliasreq *)data)->ifra_dstaddr);
688 break;
689 #endif
690 #ifdef INET6
691 case SIOCSIFPHYADDR_IN6:
692 src = (struct sockaddr *)
693 &(((struct in6_aliasreq *)data)->ifra_addr);
694 dst = (struct sockaddr *)
695 &(((struct in6_aliasreq *)data)->ifra_dstaddr);
696 break;
697 #endif
698 case SIOCSLIFPHYADDR:
699 src = (struct sockaddr *)
700 &(((struct if_laddrreq *)data)->addr);
701 dst = (struct sockaddr *)
702 &(((struct if_laddrreq *)data)->dstaddr);
703 break;
704 default:
705 return EINVAL;
706 }
707
708 /* sa_family must be equal */
709 if (src->sa_family != dst->sa_family)
710 return EINVAL;
711
712 /* validate sa_len */
713 switch (src->sa_family) {
714 #ifdef INET
715 case AF_INET:
716 if (src->sa_len != sizeof(struct sockaddr_in))
717 return EINVAL;
718 break;
719 #endif
720 #ifdef INET6
721 case AF_INET6:
722 if (src->sa_len != sizeof(struct sockaddr_in6))
723 return EINVAL;
724 break;
725 #endif
726 default:
727 return EAFNOSUPPORT;
728 }
729 switch (dst->sa_family) {
730 #ifdef INET
731 case AF_INET:
732 if (dst->sa_len != sizeof(struct sockaddr_in))
733 return EINVAL;
734 break;
735 #endif
736 #ifdef INET6
737 case AF_INET6:
738 if (dst->sa_len != sizeof(struct sockaddr_in6))
739 return EINVAL;
740 break;
741 #endif
742 default:
743 return EAFNOSUPPORT;
744 }
745
746 /* check sa_family looks sane for the cmd */
747 switch (cmd) {
748 case SIOCSIFPHYADDR:
749 if (src->sa_family == AF_INET)
750 break;
751 return EAFNOSUPPORT;
752 #ifdef INET6
753 case SIOCSIFPHYADDR_IN6:
754 if (src->sa_family == AF_INET6)
755 break;
756 return EAFNOSUPPORT;
757 #endif /* INET6 */
758 case SIOCSLIFPHYADDR:
759 /* checks done in the above */
760 break;
761 }
762
763 error = gif_set_tunnel(GIF2IFP(sc), src, dst);
764 break;
765
766 #ifdef SIOCDIFPHYADDR
767 case SIOCDIFPHYADDR:
768 gif_delete_tunnel(GIF2IFP(sc));
769 break;
770 #endif
771
772 case SIOCGIFPSRCADDR:
773 #ifdef INET6
774 case SIOCGIFPSRCADDR_IN6:
775 #endif /* INET6 */
776 if (sc->gif_psrc == NULL) {
777 error = EADDRNOTAVAIL;
778 goto bad;
779 }
780 src = sc->gif_psrc;
781 switch (cmd) {
782 #ifdef INET
783 case SIOCGIFPSRCADDR:
784 dst = &ifr->ifr_addr;
785 size = sizeof(ifr->ifr_addr);
786 break;
787 #endif /* INET */
788 #ifdef INET6
789 case SIOCGIFPSRCADDR_IN6:
790 dst = (struct sockaddr *)
791 &(((struct in6_ifreq *)data)->ifr_addr);
792 size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
793 break;
794 #endif /* INET6 */
795 default:
796 error = EADDRNOTAVAIL;
797 goto bad;
798 }
799 if (src->sa_len > size)
800 return EINVAL;
801 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
802 #ifdef INET6
803 if (dst->sa_family == AF_INET6) {
804 error = sa6_recoverscope((struct sockaddr_in6 *)dst);
805 if (error != 0)
806 return (error);
807 }
808 #endif
809 break;
810
811 case SIOCGIFPDSTADDR:
812 #ifdef INET6
813 case SIOCGIFPDSTADDR_IN6:
814 #endif /* INET6 */
815 if (sc->gif_pdst == NULL) {
816 error = EADDRNOTAVAIL;
817 goto bad;
818 }
819 src = sc->gif_pdst;
820 switch (cmd) {
821 #ifdef INET
822 case SIOCGIFPDSTADDR:
823 dst = &ifr->ifr_addr;
824 size = sizeof(ifr->ifr_addr);
825 break;
826 #endif /* INET */
827 #ifdef INET6
828 case SIOCGIFPDSTADDR_IN6:
829 dst = (struct sockaddr *)
830 &(((struct in6_ifreq *)data)->ifr_addr);
831 size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
832 break;
833 #endif /* INET6 */
834 default:
835 error = EADDRNOTAVAIL;
836 goto bad;
837 }
838 if (src->sa_len > size)
839 return EINVAL;
840 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
841 #ifdef INET6
842 if (dst->sa_family == AF_INET6) {
843 error = sa6_recoverscope((struct sockaddr_in6 *)dst);
844 if (error != 0)
845 return (error);
846 }
847 #endif
848 break;
849
850 case SIOCGLIFPHYADDR:
851 if (sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
852 error = EADDRNOTAVAIL;
853 goto bad;
854 }
855
856 /* copy src */
857 src = sc->gif_psrc;
858 dst = (struct sockaddr *)
859 &(((struct if_laddrreq *)data)->addr);
860 size = sizeof(((struct if_laddrreq *)data)->addr);
861 if (src->sa_len > size)
862 return EINVAL;
863 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
864
865 /* copy dst */
866 src = sc->gif_pdst;
867 dst = (struct sockaddr *)
868 &(((struct if_laddrreq *)data)->dstaddr);
869 size = sizeof(((struct if_laddrreq *)data)->dstaddr);
870 if (src->sa_len > size)
871 return EINVAL;
872 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
873 break;
874
875 case SIOCSIFFLAGS:
876 /* if_ioctl() takes care of it */
877 break;
878
879 case GIFGOPTS:
880 options = sc->gif_options;
881 error = copyout(&options, ifr->ifr_data,
882 sizeof(options));
883 break;
884
885 case GIFSOPTS:
886 if ((error = priv_check(curthread, PRIV_NET_GIF)) != 0)
887 break;
888 error = copyin(ifr->ifr_data, &options, sizeof(options));
889 if (error)
890 break;
891 if (options & ~GIF_OPTMASK)
892 error = EINVAL;
893 else
894 sc->gif_options = options;
895 break;
896
897 default:
898 error = EINVAL;
899 break;
900 }
901 bad:
902 return error;
903 }
904
905 /*
906 * XXXRW: There's a general event-ordering issue here: the code to check
907 * if a given tunnel is already present happens before we perform a
908 * potentially blocking setup of the tunnel. This code needs to be
909 * re-ordered so that the check and replacement can be atomic using
910 * a mutex.
911 */
912 int
913 gif_set_tunnel(ifp, src, dst)
914 struct ifnet *ifp;
915 struct sockaddr *src;
916 struct sockaddr *dst;
917 {
918 struct gif_softc *sc = ifp->if_softc;
919 struct gif_softc *sc2;
920 struct sockaddr *osrc, *odst, *sa;
921 int error = 0;
922
923 mtx_lock(&gif_mtx);
924 LIST_FOREACH(sc2, &V_gif_softc_list, gif_list) {
925 if (sc2 == sc)
926 continue;
927 if (!sc2->gif_pdst || !sc2->gif_psrc)
928 continue;
929 if (sc2->gif_pdst->sa_family != dst->sa_family ||
930 sc2->gif_pdst->sa_len != dst->sa_len ||
931 sc2->gif_psrc->sa_family != src->sa_family ||
932 sc2->gif_psrc->sa_len != src->sa_len)
933 continue;
934
935 /*
936 * Disallow parallel tunnels unless instructed
937 * otherwise.
938 */
939 if (!V_parallel_tunnels &&
940 bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 &&
941 bcmp(sc2->gif_psrc, src, src->sa_len) == 0) {
942 error = EADDRNOTAVAIL;
943 mtx_unlock(&gif_mtx);
944 goto bad;
945 }
946
947 /* XXX both end must be valid? (I mean, not 0.0.0.0) */
948 }
949 mtx_unlock(&gif_mtx);
950
951 /* XXX we can detach from both, but be polite just in case */
952 if (sc->gif_psrc)
953 switch (sc->gif_psrc->sa_family) {
954 #ifdef INET
955 case AF_INET:
956 (void)in_gif_detach(sc);
957 break;
958 #endif
959 #ifdef INET6
960 case AF_INET6:
961 (void)in6_gif_detach(sc);
962 break;
963 #endif
964 }
965
966 osrc = sc->gif_psrc;
967 sa = (struct sockaddr *)malloc(src->sa_len, M_IFADDR, M_WAITOK);
968 bcopy((caddr_t)src, (caddr_t)sa, src->sa_len);
969 sc->gif_psrc = sa;
970
971 odst = sc->gif_pdst;
972 sa = (struct sockaddr *)malloc(dst->sa_len, M_IFADDR, M_WAITOK);
973 bcopy((caddr_t)dst, (caddr_t)sa, dst->sa_len);
974 sc->gif_pdst = sa;
975
976 switch (sc->gif_psrc->sa_family) {
977 #ifdef INET
978 case AF_INET:
979 error = in_gif_attach(sc);
980 break;
981 #endif
982 #ifdef INET6
983 case AF_INET6:
984 /*
985 * Check validity of the scope zone ID of the addresses, and
986 * convert it into the kernel internal form if necessary.
987 */
988 error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_psrc, 0);
989 if (error != 0)
990 break;
991 error = sa6_embedscope((struct sockaddr_in6 *)sc->gif_pdst, 0);
992 if (error != 0)
993 break;
994 error = in6_gif_attach(sc);
995 break;
996 #endif
997 }
998 if (error) {
999 /* rollback */
1000 free((caddr_t)sc->gif_psrc, M_IFADDR);
1001 free((caddr_t)sc->gif_pdst, M_IFADDR);
1002 sc->gif_psrc = osrc;
1003 sc->gif_pdst = odst;
1004 goto bad;
1005 }
1006
1007 if (osrc)
1008 free((caddr_t)osrc, M_IFADDR);
1009 if (odst)
1010 free((caddr_t)odst, M_IFADDR);
1011
1012 bad:
1013 if (sc->gif_psrc && sc->gif_pdst)
1014 ifp->if_drv_flags |= IFF_DRV_RUNNING;
1015 else
1016 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
1017
1018 return error;
1019 }
1020
1021 void
1022 gif_delete_tunnel(ifp)
1023 struct ifnet *ifp;
1024 {
1025 struct gif_softc *sc = ifp->if_softc;
1026
1027 if (sc->gif_psrc) {
1028 free((caddr_t)sc->gif_psrc, M_IFADDR);
1029 sc->gif_psrc = NULL;
1030 }
1031 if (sc->gif_pdst) {
1032 free((caddr_t)sc->gif_pdst, M_IFADDR);
1033 sc->gif_pdst = NULL;
1034 }
1035 /* it is safe to detach from both */
1036 #ifdef INET
1037 (void)in_gif_detach(sc);
1038 #endif
1039 #ifdef INET6
1040 (void)in6_gif_detach(sc);
1041 #endif
1042 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
1043 }
Cache object: 5f095af6ff28f8681a84f2dd9e9f6616
|