FreeBSD/Linux Kernel Cross Reference
sys/net/if_gre.c
1 /* $NetBSD: if_gre.c,v 1.49 2003/12/11 00:22:29 itojun Exp $ */
2 /* $FreeBSD$ */
3
4 /*-
5 * Copyright (c) 1998 The NetBSD Foundation, Inc.
6 * All rights reserved.
7 *
8 * This code is derived from software contributed to The NetBSD Foundation
9 * by Heiko W.Rupp <hwr@pilhuhn.de>
10 *
11 * IPv6-over-GRE contributed by Gert Doering <gert@greenie.muc.de>
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
21 * 3. All advertising materials mentioning features or use of this software
22 * must display the following acknowledgement:
23 * This product includes software developed by the NetBSD
24 * Foundation, Inc. and its contributors.
25 * 4. Neither the name of The NetBSD Foundation nor the names of its
26 * contributors may be used to endorse or promote products derived
27 * from this software without specific prior written permission.
28 *
29 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
30 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
31 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
32 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
33 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
34 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
35 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
36 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
37 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
38 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
39 * POSSIBILITY OF SUCH DAMAGE.
40 */
41
42 /*
43 * Encapsulate L3 protocols into IP
44 * See RFC 2784 (successor of RFC 1701 and 1702) for more details.
45 * If_gre is compatible with Cisco GRE tunnels, so you can
46 * have a NetBSD box as the other end of a tunnel interface of a Cisco
47 * router. See gre(4) for more details.
48 * Also supported: IP in IP encaps (proto 55) as of RFC 2004
49 */
50
51 #include "opt_atalk.h"
52 #include "opt_inet.h"
53 #include "opt_inet6.h"
54
55 #include <sys/param.h>
56 #include <sys/jail.h>
57 #include <sys/kernel.h>
58 #include <sys/libkern.h>
59 #include <sys/malloc.h>
60 #include <sys/module.h>
61 #include <sys/mbuf.h>
62 #include <sys/priv.h>
63 #include <sys/proc.h>
64 #include <sys/protosw.h>
65 #include <sys/socket.h>
66 #include <sys/sockio.h>
67 #include <sys/sysctl.h>
68 #include <sys/systm.h>
69
70 #include <net/ethernet.h>
71 #include <net/if.h>
72 #include <net/if_clone.h>
73 #include <net/if_types.h>
74 #include <net/route.h>
75
76 #ifdef INET
77 #include <netinet/in.h>
78 #include <netinet/in_systm.h>
79 #include <netinet/in_var.h>
80 #include <netinet/ip.h>
81 #include <netinet/ip_gre.h>
82 #include <netinet/ip_var.h>
83 #include <netinet/ip_encap.h>
84 #else
85 #error "Huh? if_gre without inet?"
86 #endif
87
88 #include <net/bpf.h>
89
90 #include <net/if_gre.h>
91
92 /*
93 * It is not easy to calculate the right value for a GRE MTU.
94 * We leave this task to the admin and use the same default that
95 * other vendors use.
96 */
97 #define GREMTU 1476
98
99 #define GRENAME "gre"
100
101 #define MTAG_COOKIE_GRE 1307983903
102 #define MTAG_GRE_NESTING 1
103 struct mtag_gre_nesting {
104 uint16_t count;
105 uint16_t max;
106 struct ifnet *ifp[];
107 };
108
109 /*
110 * gre_mtx protects all global variables in if_gre.c.
111 * XXX: gre_softc data not protected yet.
112 */
113 struct mtx gre_mtx;
114 static MALLOC_DEFINE(M_GRE, GRENAME, "Generic Routing Encapsulation");
115
116 struct gre_softc_head gre_softc_list;
117
118 static int gre_clone_create(struct if_clone *, int, caddr_t);
119 static void gre_clone_destroy(struct ifnet *);
120 static int gre_ioctl(struct ifnet *, u_long, caddr_t);
121 static int gre_output(struct ifnet *, struct mbuf *, struct sockaddr *,
122 struct rtentry *rt);
123
124 IFC_SIMPLE_DECLARE(gre, 0);
125
126 static int gre_compute_route(struct gre_softc *sc);
127
128 static void greattach(void);
129
130 #ifdef INET
131 extern struct domain inetdomain;
132 static const struct protosw in_gre_protosw = {
133 .pr_type = SOCK_RAW,
134 .pr_domain = &inetdomain,
135 .pr_protocol = IPPROTO_GRE,
136 .pr_flags = PR_ATOMIC|PR_ADDR,
137 .pr_input = gre_input,
138 .pr_output = (pr_output_t *)rip_output,
139 .pr_ctlinput = rip_ctlinput,
140 .pr_ctloutput = rip_ctloutput,
141 .pr_usrreqs = &rip_usrreqs
142 };
143 static const struct protosw in_mobile_protosw = {
144 .pr_type = SOCK_RAW,
145 .pr_domain = &inetdomain,
146 .pr_protocol = IPPROTO_MOBILE,
147 .pr_flags = PR_ATOMIC|PR_ADDR,
148 .pr_input = gre_mobile_input,
149 .pr_output = (pr_output_t *)rip_output,
150 .pr_ctlinput = rip_ctlinput,
151 .pr_ctloutput = rip_ctloutput,
152 .pr_usrreqs = &rip_usrreqs
153 };
154 #endif
155
156 SYSCTL_DECL(_net_link);
157 SYSCTL_NODE(_net_link, IFT_TUNNEL, gre, CTLFLAG_RW, 0,
158 "Generic Routing Encapsulation");
159 #ifndef MAX_GRE_NEST
160 /*
161 * This macro controls the default upper limitation on nesting of gre tunnels.
162 * Since, setting a large value to this macro with a careless configuration
163 * may introduce system crash, we don't allow any nestings by default.
164 * If you need to configure nested gre tunnels, you can define this macro
165 * in your kernel configuration file. However, if you do so, please be
166 * careful to configure the tunnels so that it won't make a loop.
167 */
168 #define MAX_GRE_NEST 1
169 #endif
170 static int max_gre_nesting = MAX_GRE_NEST;
171 SYSCTL_INT(_net_link_gre, OID_AUTO, max_nesting, CTLFLAG_RW,
172 &max_gre_nesting, 0, "Max nested tunnels");
173
174 /* ARGSUSED */
175 static void
176 greattach(void)
177 {
178
179 mtx_init(&gre_mtx, "gre_mtx", NULL, MTX_DEF);
180 LIST_INIT(&gre_softc_list);
181 if_clone_attach(&gre_cloner);
182 }
183
184 static int
185 gre_clone_create(ifc, unit, params)
186 struct if_clone *ifc;
187 int unit;
188 caddr_t params;
189 {
190 struct gre_softc *sc;
191
192 sc = malloc(sizeof(struct gre_softc), M_GRE, M_WAITOK | M_ZERO);
193
194 GRE2IFP(sc) = if_alloc(IFT_TUNNEL);
195 if (GRE2IFP(sc) == NULL) {
196 free(sc, M_GRE);
197 return (ENOSPC);
198 }
199
200 GRE2IFP(sc)->if_softc = sc;
201 if_initname(GRE2IFP(sc), ifc->ifc_name, unit);
202
203 GRE2IFP(sc)->if_snd.ifq_maxlen = ifqmaxlen;
204 GRE2IFP(sc)->if_addrlen = 0;
205 GRE2IFP(sc)->if_hdrlen = 24; /* IP + GRE */
206 GRE2IFP(sc)->if_mtu = GREMTU;
207 GRE2IFP(sc)->if_flags = IFF_POINTOPOINT|IFF_MULTICAST;
208 GRE2IFP(sc)->if_output = gre_output;
209 GRE2IFP(sc)->if_ioctl = gre_ioctl;
210 sc->g_dst.s_addr = sc->g_src.s_addr = INADDR_ANY;
211 sc->g_proto = IPPROTO_GRE;
212 GRE2IFP(sc)->if_flags |= IFF_LINK0;
213 sc->encap = NULL;
214 sc->gre_fibnum = curthread->td_proc->p_fibnum;
215 sc->wccp_ver = WCCP_V1;
216 sc->key = 0;
217 if_attach(GRE2IFP(sc));
218 bpfattach(GRE2IFP(sc), DLT_NULL, sizeof(u_int32_t));
219 mtx_lock(&gre_mtx);
220 LIST_INSERT_HEAD(&gre_softc_list, sc, sc_list);
221 mtx_unlock(&gre_mtx);
222 return (0);
223 }
224
225 static void
226 gre_clone_destroy(ifp)
227 struct ifnet *ifp;
228 {
229 struct gre_softc *sc = ifp->if_softc;
230
231 mtx_lock(&gre_mtx);
232 LIST_REMOVE(sc, sc_list);
233 mtx_unlock(&gre_mtx);
234
235 #ifdef INET
236 if (sc->encap != NULL)
237 encap_detach(sc->encap);
238 #endif
239 bpfdetach(ifp);
240 if_detach(ifp);
241 if_free(ifp);
242 free(sc, M_GRE);
243 }
244
245 /*
246 * The output routine. Takes a packet and encapsulates it in the protocol
247 * given by sc->g_proto. See also RFC 1701 and RFC 2004
248 */
249 static int
250 gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
251 struct rtentry *rt)
252 {
253 int error = 0;
254 struct gre_softc *sc = ifp->if_softc;
255 struct greip *gh;
256 struct ip *ip;
257 struct m_tag *mtag;
258 struct mtag_gre_nesting *gt;
259 size_t len;
260 u_short gre_ip_id = 0;
261 uint8_t gre_ip_tos = 0;
262 u_int16_t etype = 0;
263 struct mobile_h mob_h;
264 u_int32_t af;
265 int extra = 0, max;
266
267 /*
268 * gre may cause infinite recursion calls when misconfigured. High
269 * nesting level may cause stack exhaustion. We'll prevent this by
270 * detecting loops and by introducing upper limit.
271 */
272 mtag = m_tag_locate(m, MTAG_COOKIE_GRE, MTAG_GRE_NESTING, NULL);
273 if (mtag != NULL) {
274 struct ifnet **ifp2;
275
276 gt = (struct mtag_gre_nesting *)(mtag + 1);
277 gt->count++;
278 if (gt->count > min(gt->max,max_gre_nesting)) {
279 printf("%s: hit maximum recursion limit %u on %s\n",
280 __func__, gt->count - 1, ifp->if_xname);
281 m_freem(m);
282 error = EIO; /* is there better errno? */
283 goto end;
284 }
285
286 ifp2 = gt->ifp;
287 for (max = gt->count - 1; max > 0; max--) {
288 if (*ifp2 == ifp)
289 break;
290 ifp2++;
291 }
292 if (*ifp2 == ifp) {
293 printf("%s: detected loop with nexting %u on %s\n",
294 __func__, gt->count-1, ifp->if_xname);
295 m_freem(m);
296 error = EIO; /* is there better errno? */
297 goto end;
298 }
299 *ifp2 = ifp;
300
301 } else {
302 /*
303 * Given that people should NOT increase max_gre_nesting beyond
304 * their real needs, we allocate once per packet rather than
305 * allocating an mtag once per passing through gre.
306 *
307 * Note: the sysctl does not actually check for saneness, so we
308 * limit the maximum numbers of possible recursions here.
309 */
310 max = imin(max_gre_nesting, 256);
311 /* If someone sets the sysctl <= 0, we want at least 1. */
312 max = imax(max, 1);
313 len = sizeof(struct mtag_gre_nesting) +
314 max * sizeof(struct ifnet *);
315 mtag = m_tag_alloc(MTAG_COOKIE_GRE, MTAG_GRE_NESTING, len,
316 M_NOWAIT);
317 if (mtag == NULL) {
318 m_freem(m);
319 error = ENOMEM;
320 goto end;
321 }
322 gt = (struct mtag_gre_nesting *)(mtag + 1);
323 bzero(gt, len);
324 gt->count = 1;
325 gt->max = max;
326 *gt->ifp = ifp;
327 m_tag_prepend(m, mtag);
328 }
329
330 if (!((ifp->if_flags & IFF_UP) &&
331 (ifp->if_drv_flags & IFF_DRV_RUNNING)) ||
332 sc->g_src.s_addr == INADDR_ANY || sc->g_dst.s_addr == INADDR_ANY) {
333 m_freem(m);
334 error = ENETDOWN;
335 goto end;
336 }
337
338 gh = NULL;
339 ip = NULL;
340
341 /* BPF writes need to be handled specially. */
342 if (dst->sa_family == AF_UNSPEC) {
343 bcopy(dst->sa_data, &af, sizeof(af));
344 dst->sa_family = af;
345 }
346
347 if (bpf_peers_present(ifp->if_bpf)) {
348 af = dst->sa_family;
349 bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m);
350 }
351
352 m->m_flags &= ~(M_BCAST|M_MCAST);
353
354 if (sc->g_proto == IPPROTO_MOBILE) {
355 if (dst->sa_family == AF_INET) {
356 struct mbuf *m0;
357 int msiz;
358
359 ip = mtod(m, struct ip *);
360
361 /*
362 * RFC2004 specifies that fragmented diagrams shouldn't
363 * be encapsulated.
364 */
365 if (ip->ip_off & (IP_MF | IP_OFFMASK)) {
366 _IF_DROP(&ifp->if_snd);
367 m_freem(m);
368 error = EINVAL; /* is there better errno? */
369 goto end;
370 }
371 memset(&mob_h, 0, MOB_H_SIZ_L);
372 mob_h.proto = (ip->ip_p) << 8;
373 mob_h.odst = ip->ip_dst.s_addr;
374 ip->ip_dst.s_addr = sc->g_dst.s_addr;
375
376 /*
377 * If the packet comes from our host, we only change
378 * the destination address in the IP header.
379 * Else we also need to save and change the source
380 */
381 if (in_hosteq(ip->ip_src, sc->g_src)) {
382 msiz = MOB_H_SIZ_S;
383 } else {
384 mob_h.proto |= MOB_H_SBIT;
385 mob_h.osrc = ip->ip_src.s_addr;
386 ip->ip_src.s_addr = sc->g_src.s_addr;
387 msiz = MOB_H_SIZ_L;
388 }
389 mob_h.proto = htons(mob_h.proto);
390 mob_h.hcrc = gre_in_cksum((u_int16_t *)&mob_h, msiz);
391
392 if ((m->m_data - msiz) < m->m_pktdat) {
393 /* need new mbuf */
394 MGETHDR(m0, M_DONTWAIT, MT_DATA);
395 if (m0 == NULL) {
396 _IF_DROP(&ifp->if_snd);
397 m_freem(m);
398 error = ENOBUFS;
399 goto end;
400 }
401 m0->m_next = m;
402 m->m_data += sizeof(struct ip);
403 m->m_len -= sizeof(struct ip);
404 m0->m_pkthdr.len = m->m_pkthdr.len + msiz;
405 m0->m_len = msiz + sizeof(struct ip);
406 m0->m_data += max_linkhdr;
407 memcpy(mtod(m0, caddr_t), (caddr_t)ip,
408 sizeof(struct ip));
409 m = m0;
410 } else { /* we have some space left in the old one */
411 m->m_data -= msiz;
412 m->m_len += msiz;
413 m->m_pkthdr.len += msiz;
414 bcopy(ip, mtod(m, caddr_t),
415 sizeof(struct ip));
416 }
417 ip = mtod(m, struct ip *);
418 memcpy((caddr_t)(ip + 1), &mob_h, (unsigned)msiz);
419 ip->ip_len = ntohs(ip->ip_len) + msiz;
420 } else { /* AF_INET */
421 _IF_DROP(&ifp->if_snd);
422 m_freem(m);
423 error = EINVAL;
424 goto end;
425 }
426 } else if (sc->g_proto == IPPROTO_GRE) {
427 switch (dst->sa_family) {
428 case AF_INET:
429 ip = mtod(m, struct ip *);
430 gre_ip_tos = ip->ip_tos;
431 gre_ip_id = ip->ip_id;
432 if (sc->wccp_ver == WCCP_V2) {
433 extra = sizeof(uint32_t);
434 etype = WCCP_PROTOCOL_TYPE;
435 } else {
436 etype = ETHERTYPE_IP;
437 }
438 break;
439 #ifdef INET6
440 case AF_INET6:
441 gre_ip_id = ip_newid();
442 etype = ETHERTYPE_IPV6;
443 break;
444 #endif
445 #ifdef NETATALK
446 case AF_APPLETALK:
447 etype = ETHERTYPE_ATALK;
448 break;
449 #endif
450 default:
451 _IF_DROP(&ifp->if_snd);
452 m_freem(m);
453 error = EAFNOSUPPORT;
454 goto end;
455 }
456
457 /* Reserve space for GRE header + optional GRE key */
458 int hdrlen = sizeof(struct greip) + extra;
459 if (sc->key)
460 hdrlen += sizeof(uint32_t);
461 M_PREPEND(m, hdrlen, M_DONTWAIT);
462 } else {
463 _IF_DROP(&ifp->if_snd);
464 m_freem(m);
465 error = EINVAL;
466 goto end;
467 }
468
469 if (m == NULL) { /* mbuf allocation failed */
470 _IF_DROP(&ifp->if_snd);
471 error = ENOBUFS;
472 goto end;
473 }
474
475 M_SETFIB(m, sc->gre_fibnum); /* The envelope may use a different FIB */
476
477 gh = mtod(m, struct greip *);
478 if (sc->g_proto == IPPROTO_GRE) {
479 uint32_t *options = gh->gi_options;
480
481 memset((void *)gh, 0, sizeof(struct greip) + extra);
482 gh->gi_ptype = htons(etype);
483 gh->gi_flags = 0;
484
485 /* Add key option */
486 if (sc->key)
487 {
488 gh->gi_flags |= htons(GRE_KP);
489 *(options++) = htonl(sc->key);
490 }
491 }
492
493 gh->gi_pr = sc->g_proto;
494 if (sc->g_proto != IPPROTO_MOBILE) {
495 gh->gi_src = sc->g_src;
496 gh->gi_dst = sc->g_dst;
497 ((struct ip*)gh)->ip_v = IPPROTO_IPV4;
498 ((struct ip*)gh)->ip_hl = (sizeof(struct ip)) >> 2;
499 ((struct ip*)gh)->ip_ttl = GRE_TTL;
500 ((struct ip*)gh)->ip_tos = gre_ip_tos;
501 ((struct ip*)gh)->ip_id = gre_ip_id;
502 gh->gi_len = m->m_pkthdr.len;
503 }
504
505 ifp->if_opackets++;
506 ifp->if_obytes += m->m_pkthdr.len;
507 /*
508 * Send it off and with IP_FORWARD flag to prevent it from
509 * overwriting the ip_id again. ip_id is already set to the
510 * ip_id of the encapsulated packet.
511 */
512 error = ip_output(m, NULL, &sc->route, IP_FORWARDING,
513 (struct ip_moptions *)NULL, (struct inpcb *)NULL);
514 end:
515 if (error)
516 ifp->if_oerrors++;
517 return (error);
518 }
519
520 static int
521 gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
522 {
523 struct ifreq *ifr = (struct ifreq *)data;
524 struct if_laddrreq *lifr = (struct if_laddrreq *)data;
525 struct in_aliasreq *aifr = (struct in_aliasreq *)data;
526 struct gre_softc *sc = ifp->if_softc;
527 int s;
528 struct sockaddr_in si;
529 struct sockaddr *sa = NULL;
530 int error, adj;
531 struct sockaddr_in sp, sm, dp, dm;
532 uint32_t key;
533
534 error = 0;
535 adj = 0;
536
537 s = splnet();
538 switch (cmd) {
539 case SIOCSIFADDR:
540 ifp->if_flags |= IFF_UP;
541 break;
542 case SIOCSIFDSTADDR:
543 break;
544 case SIOCSIFFLAGS:
545 /*
546 * XXXRW: Isn't this priv_check() redundant to the ifnet
547 * layer check?
548 */
549 if ((error = priv_check(curthread, PRIV_NET_SETIFFLAGS)) != 0)
550 break;
551 if ((ifr->ifr_flags & IFF_LINK0) != 0)
552 sc->g_proto = IPPROTO_GRE;
553 else
554 sc->g_proto = IPPROTO_MOBILE;
555 if ((ifr->ifr_flags & IFF_LINK2) != 0)
556 sc->wccp_ver = WCCP_V2;
557 else
558 sc->wccp_ver = WCCP_V1;
559 goto recompute;
560 case SIOCSIFMTU:
561 /*
562 * XXXRW: Isn't this priv_check() redundant to the ifnet
563 * layer check?
564 */
565 if ((error = priv_check(curthread, PRIV_NET_SETIFMTU)) != 0)
566 break;
567 if (ifr->ifr_mtu < 576) {
568 error = EINVAL;
569 break;
570 }
571 ifp->if_mtu = ifr->ifr_mtu;
572 break;
573 case SIOCGIFMTU:
574 ifr->ifr_mtu = GRE2IFP(sc)->if_mtu;
575 break;
576 case SIOCADDMULTI:
577 /*
578 * XXXRW: Isn't this priv_checkr() redundant to the ifnet
579 * layer check?
580 */
581 if ((error = priv_check(curthread, PRIV_NET_ADDMULTI)) != 0)
582 break;
583 if (ifr == 0) {
584 error = EAFNOSUPPORT;
585 break;
586 }
587 switch (ifr->ifr_addr.sa_family) {
588 #ifdef INET
589 case AF_INET:
590 break;
591 #endif
592 #ifdef INET6
593 case AF_INET6:
594 break;
595 #endif
596 default:
597 error = EAFNOSUPPORT;
598 break;
599 }
600 break;
601 case SIOCDELMULTI:
602 /*
603 * XXXRW: Isn't this priv_check() redundant to the ifnet
604 * layer check?
605 */
606 if ((error = priv_check(curthread, PRIV_NET_DELIFGROUP)) != 0)
607 break;
608 if (ifr == 0) {
609 error = EAFNOSUPPORT;
610 break;
611 }
612 switch (ifr->ifr_addr.sa_family) {
613 #ifdef INET
614 case AF_INET:
615 break;
616 #endif
617 #ifdef INET6
618 case AF_INET6:
619 break;
620 #endif
621 default:
622 error = EAFNOSUPPORT;
623 break;
624 }
625 break;
626 case GRESPROTO:
627 /*
628 * XXXRW: Isn't this priv_check() redundant to the ifnet
629 * layer check?
630 */
631 if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0)
632 break;
633 sc->g_proto = ifr->ifr_flags;
634 switch (sc->g_proto) {
635 case IPPROTO_GRE:
636 ifp->if_flags |= IFF_LINK0;
637 break;
638 case IPPROTO_MOBILE:
639 ifp->if_flags &= ~IFF_LINK0;
640 break;
641 default:
642 error = EPROTONOSUPPORT;
643 break;
644 }
645 goto recompute;
646 case GREGPROTO:
647 ifr->ifr_flags = sc->g_proto;
648 break;
649 case GRESADDRS:
650 case GRESADDRD:
651 error = priv_check(curthread, PRIV_NET_GRE);
652 if (error)
653 return (error);
654 /*
655 * set tunnel endpoints, compute a less specific route
656 * to the remote end and mark if as up
657 */
658 sa = &ifr->ifr_addr;
659 if (cmd == GRESADDRS)
660 sc->g_src = (satosin(sa))->sin_addr;
661 if (cmd == GRESADDRD)
662 sc->g_dst = (satosin(sa))->sin_addr;
663 recompute:
664 #ifdef INET
665 if (sc->encap != NULL) {
666 encap_detach(sc->encap);
667 sc->encap = NULL;
668 }
669 #endif
670 if ((sc->g_src.s_addr != INADDR_ANY) &&
671 (sc->g_dst.s_addr != INADDR_ANY)) {
672 bzero(&sp, sizeof(sp));
673 bzero(&sm, sizeof(sm));
674 bzero(&dp, sizeof(dp));
675 bzero(&dm, sizeof(dm));
676 sp.sin_len = sm.sin_len = dp.sin_len = dm.sin_len =
677 sizeof(struct sockaddr_in);
678 sp.sin_family = sm.sin_family = dp.sin_family =
679 dm.sin_family = AF_INET;
680 sp.sin_addr = sc->g_src;
681 dp.sin_addr = sc->g_dst;
682 sm.sin_addr.s_addr = dm.sin_addr.s_addr =
683 INADDR_BROADCAST;
684 #ifdef INET
685 sc->encap = encap_attach(AF_INET, sc->g_proto,
686 sintosa(&sp), sintosa(&sm), sintosa(&dp),
687 sintosa(&dm), (sc->g_proto == IPPROTO_GRE) ?
688 &in_gre_protosw : &in_mobile_protosw, sc);
689 if (sc->encap == NULL)
690 printf("%s: unable to attach encap\n",
691 if_name(GRE2IFP(sc)));
692 #endif
693 if (sc->route.ro_rt != 0) /* free old route */
694 RTFREE(sc->route.ro_rt);
695 if (gre_compute_route(sc) == 0)
696 ifp->if_drv_flags |= IFF_DRV_RUNNING;
697 else
698 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
699 }
700 break;
701 case GREGADDRS:
702 memset(&si, 0, sizeof(si));
703 si.sin_family = AF_INET;
704 si.sin_len = sizeof(struct sockaddr_in);
705 si.sin_addr.s_addr = sc->g_src.s_addr;
706 sa = sintosa(&si);
707 error = prison_if(curthread->td_ucred, sa);
708 if (error != 0)
709 break;
710 ifr->ifr_addr = *sa;
711 break;
712 case GREGADDRD:
713 memset(&si, 0, sizeof(si));
714 si.sin_family = AF_INET;
715 si.sin_len = sizeof(struct sockaddr_in);
716 si.sin_addr.s_addr = sc->g_dst.s_addr;
717 sa = sintosa(&si);
718 error = prison_if(curthread->td_ucred, sa);
719 if (error != 0)
720 break;
721 ifr->ifr_addr = *sa;
722 break;
723 case SIOCSIFPHYADDR:
724 /*
725 * XXXRW: Isn't this priv_check() redundant to the ifnet
726 * layer check?
727 */
728 if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0)
729 break;
730 if (aifr->ifra_addr.sin_family != AF_INET ||
731 aifr->ifra_dstaddr.sin_family != AF_INET) {
732 error = EAFNOSUPPORT;
733 break;
734 }
735 if (aifr->ifra_addr.sin_len != sizeof(si) ||
736 aifr->ifra_dstaddr.sin_len != sizeof(si)) {
737 error = EINVAL;
738 break;
739 }
740 sc->g_src = aifr->ifra_addr.sin_addr;
741 sc->g_dst = aifr->ifra_dstaddr.sin_addr;
742 goto recompute;
743 case SIOCSLIFPHYADDR:
744 /*
745 * XXXRW: Isn't this priv_check() redundant to the ifnet
746 * layer check?
747 */
748 if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0)
749 break;
750 if (lifr->addr.ss_family != AF_INET ||
751 lifr->dstaddr.ss_family != AF_INET) {
752 error = EAFNOSUPPORT;
753 break;
754 }
755 if (lifr->addr.ss_len != sizeof(si) ||
756 lifr->dstaddr.ss_len != sizeof(si)) {
757 error = EINVAL;
758 break;
759 }
760 sc->g_src = (satosin(&lifr->addr))->sin_addr;
761 sc->g_dst =
762 (satosin(&lifr->dstaddr))->sin_addr;
763 goto recompute;
764 case SIOCDIFPHYADDR:
765 /*
766 * XXXRW: Isn't this priv_check() redundant to the ifnet
767 * layer check?
768 */
769 if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0)
770 break;
771 sc->g_src.s_addr = INADDR_ANY;
772 sc->g_dst.s_addr = INADDR_ANY;
773 goto recompute;
774 case SIOCGLIFPHYADDR:
775 if (sc->g_src.s_addr == INADDR_ANY ||
776 sc->g_dst.s_addr == INADDR_ANY) {
777 error = EADDRNOTAVAIL;
778 break;
779 }
780 memset(&si, 0, sizeof(si));
781 si.sin_family = AF_INET;
782 si.sin_len = sizeof(struct sockaddr_in);
783 si.sin_addr.s_addr = sc->g_src.s_addr;
784 error = prison_if(curthread->td_ucred, (struct sockaddr *)&si);
785 if (error != 0)
786 break;
787 memcpy(&lifr->addr, &si, sizeof(si));
788 si.sin_addr.s_addr = sc->g_dst.s_addr;
789 error = prison_if(curthread->td_ucred, (struct sockaddr *)&si);
790 if (error != 0)
791 break;
792 memcpy(&lifr->dstaddr, &si, sizeof(si));
793 break;
794 case SIOCGIFPSRCADDR:
795 #ifdef INET6
796 case SIOCGIFPSRCADDR_IN6:
797 #endif
798 if (sc->g_src.s_addr == INADDR_ANY) {
799 error = EADDRNOTAVAIL;
800 break;
801 }
802 memset(&si, 0, sizeof(si));
803 si.sin_family = AF_INET;
804 si.sin_len = sizeof(struct sockaddr_in);
805 si.sin_addr.s_addr = sc->g_src.s_addr;
806 error = prison_if(curthread->td_ucred, (struct sockaddr *)&si);
807 if (error != 0)
808 break;
809 bcopy(&si, &ifr->ifr_addr, sizeof(ifr->ifr_addr));
810 break;
811 case SIOCGIFPDSTADDR:
812 #ifdef INET6
813 case SIOCGIFPDSTADDR_IN6:
814 #endif
815 if (sc->g_dst.s_addr == INADDR_ANY) {
816 error = EADDRNOTAVAIL;
817 break;
818 }
819 memset(&si, 0, sizeof(si));
820 si.sin_family = AF_INET;
821 si.sin_len = sizeof(struct sockaddr_in);
822 si.sin_addr.s_addr = sc->g_dst.s_addr;
823 error = prison_if(curthread->td_ucred, (struct sockaddr *)&si);
824 if (error != 0)
825 break;
826 bcopy(&si, &ifr->ifr_addr, sizeof(ifr->ifr_addr));
827 break;
828 case GRESKEY:
829 error = priv_check(curthread, PRIV_NET_GRE);
830 if (error)
831 break;
832 error = copyin(ifr->ifr_data, &key, sizeof(key));
833 if (error)
834 break;
835 /* adjust MTU for option header */
836 if (key == 0 && sc->key != 0) /* clear */
837 adj += sizeof(key);
838 else if (key != 0 && sc->key == 0) /* set */
839 adj -= sizeof(key);
840
841 if (ifp->if_mtu + adj < 576) {
842 error = EINVAL;
843 break;
844 }
845 ifp->if_mtu += adj;
846 sc->key = key;
847 break;
848 case GREGKEY:
849 error = copyout(&sc->key, ifr->ifr_data, sizeof(sc->key));
850 break;
851
852 default:
853 error = EINVAL;
854 break;
855 }
856
857 splx(s);
858 return (error);
859 }
860
861 /*
862 * computes a route to our destination that is not the one
863 * which would be taken by ip_output(), as this one will loop back to
864 * us. If the interface is p2p as a--->b, then a routing entry exists
865 * If we now send a packet to b (e.g. ping b), this will come down here
866 * gets src=a, dst=b tacked on and would from ip_output() sent back to
867 * if_gre.
868 * Goal here is to compute a route to b that is less specific than
869 * a-->b. We know that this one exists as in normal operation we have
870 * at least a default route which matches.
871 */
872 static int
873 gre_compute_route(struct gre_softc *sc)
874 {
875 struct route *ro;
876
877 ro = &sc->route;
878
879 memset(ro, 0, sizeof(struct route));
880 ((struct sockaddr_in *)&ro->ro_dst)->sin_addr = sc->g_dst;
881 ro->ro_dst.sa_family = AF_INET;
882 ro->ro_dst.sa_len = sizeof(ro->ro_dst);
883
884 /*
885 * toggle last bit, so our interface is not found, but a less
886 * specific route. I'd rather like to specify a shorter mask,
887 * but this is not possible. Should work though. XXX
888 */
889 if ((GRE2IFP(sc)->if_flags & IFF_LINK1) == 0) {
890 ((struct sockaddr_in *)&ro->ro_dst)->sin_addr.s_addr ^=
891 htonl(0x01);
892 }
893
894 #ifdef DIAGNOSTIC
895 printf("%s: searching for a route to %s", if_name(GRE2IFP(sc)),
896 inet_ntoa(((struct sockaddr_in *)&ro->ro_dst)->sin_addr));
897 #endif
898
899 rtalloc_fib(ro, sc->gre_fibnum);
900
901 /*
902 * check if this returned a route at all and this route is no
903 * recursion to ourself
904 */
905 if (ro->ro_rt == NULL || ro->ro_rt->rt_ifp->if_softc == sc) {
906 #ifdef DIAGNOSTIC
907 if (ro->ro_rt == NULL)
908 printf(" - no route found!\n");
909 else
910 printf(" - route loops back to ourself!\n");
911 #endif
912 return EADDRNOTAVAIL;
913 }
914
915 /*
916 * now change it back - else ip_output will just drop
917 * the route and search one to this interface ...
918 */
919 if ((GRE2IFP(sc)->if_flags & IFF_LINK1) == 0)
920 ((struct sockaddr_in *)&ro->ro_dst)->sin_addr = sc->g_dst;
921
922 #ifdef DIAGNOSTIC
923 printf(", choosing %s with gateway %s", if_name(ro->ro_rt->rt_ifp),
924 inet_ntoa(((struct sockaddr_in *)(ro->ro_rt->rt_gateway))->sin_addr));
925 printf("\n");
926 #endif
927
928 return 0;
929 }
930
931 /*
932 * do a checksum of a buffer - much like in_cksum, which operates on
933 * mbufs.
934 */
935 u_int16_t
936 gre_in_cksum(u_int16_t *p, u_int len)
937 {
938 u_int32_t sum = 0;
939 int nwords = len >> 1;
940
941 while (nwords-- != 0)
942 sum += *p++;
943
944 if (len & 1) {
945 union {
946 u_short w;
947 u_char c[2];
948 } u;
949 u.c[0] = *(u_char *)p;
950 u.c[1] = 0;
951 sum += u.w;
952 }
953
954 /* end-around-carry */
955 sum = (sum >> 16) + (sum & 0xffff);
956 sum += (sum >> 16);
957 return (~sum);
958 }
959
960 static int
961 gremodevent(module_t mod, int type, void *data)
962 {
963
964 switch (type) {
965 case MOD_LOAD:
966 greattach();
967 break;
968 case MOD_UNLOAD:
969 if_clone_detach(&gre_cloner);
970 mtx_destroy(&gre_mtx);
971 break;
972 default:
973 return EOPNOTSUPP;
974 }
975 return 0;
976 }
977
978 static moduledata_t gre_mod = {
979 "if_gre",
980 gremodevent,
981 0
982 };
983
984 DECLARE_MODULE(if_gre, gre_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
985 MODULE_VERSION(if_gre, 1);
Cache object: 93a7eaec91347f53450aafc7d5fb0c20
|