FreeBSD/Linux Kernel Cross Reference
sys/net/if_gre.c
1 /* $NetBSD: if_gre.c,v 1.49 2003/12/11 00:22:29 itojun Exp $ */
2 /* $FreeBSD$ */
3
4 /*-
5 * Copyright (c) 1998 The NetBSD Foundation, Inc.
6 * All rights reserved.
7 *
8 * This code is derived from software contributed to The NetBSD Foundation
9 * by Heiko W.Rupp <hwr@pilhuhn.de>
10 *
11 * IPv6-over-GRE contributed by Gert Doering <gert@greenie.muc.de>
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. Redistributions in binary form must reproduce the above copyright
19 * notice, this list of conditions and the following disclaimer in the
20 * documentation and/or other materials provided with the distribution.
21 * 3. All advertising materials mentioning features or use of this software
22 * must display the following acknowledgement:
23 * This product includes software developed by the NetBSD
24 * Foundation, Inc. and its contributors.
25 * 4. Neither the name of The NetBSD Foundation nor the names of its
26 * contributors may be used to endorse or promote products derived
27 * from this software without specific prior written permission.
28 *
29 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
30 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
31 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
32 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
33 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
34 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
35 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
36 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
37 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
38 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
39 * POSSIBILITY OF SUCH DAMAGE.
40 */
41
42 /*
43 * Encapsulate L3 protocols into IP
44 * See RFC 2784 (successor of RFC 1701 and 1702) for more details.
45 * If_gre is compatible with Cisco GRE tunnels, so you can
46 * have a NetBSD box as the other end of a tunnel interface of a Cisco
47 * router. See gre(4) for more details.
48 * Also supported: IP in IP encaps (proto 55) as of RFC 2004
49 */
50
51 #include "opt_atalk.h"
52 #include "opt_inet.h"
53 #include "opt_inet6.h"
54
55 #include <sys/param.h>
56 #include <sys/jail.h>
57 #include <sys/kernel.h>
58 #include <sys/libkern.h>
59 #include <sys/malloc.h>
60 #include <sys/module.h>
61 #include <sys/mbuf.h>
62 #include <sys/priv.h>
63 #include <sys/proc.h>
64 #include <sys/protosw.h>
65 #include <sys/socket.h>
66 #include <sys/sockio.h>
67 #include <sys/sysctl.h>
68 #include <sys/systm.h>
69
70 #include <net/ethernet.h>
71 #include <net/if.h>
72 #include <net/if_clone.h>
73 #include <net/if_types.h>
74 #include <net/route.h>
75 #include <net/vnet.h>
76
77 #ifdef INET
78 #include <netinet/in.h>
79 #include <netinet/in_systm.h>
80 #include <netinet/in_var.h>
81 #include <netinet/ip.h>
82 #include <netinet/ip_gre.h>
83 #include <netinet/ip_var.h>
84 #include <netinet/ip_encap.h>
85 #else
86 #error "Huh? if_gre without inet?"
87 #endif
88
89 #include <net/bpf.h>
90
91 #include <net/if_gre.h>
92
93 /*
94 * It is not easy to calculate the right value for a GRE MTU.
95 * We leave this task to the admin and use the same default that
96 * other vendors use.
97 */
98 #define GREMTU 1476
99
100 #define GRENAME "gre"
101
102 #define MTAG_COOKIE_GRE 1307983903
103 #define MTAG_GRE_NESTING 1
104 struct mtag_gre_nesting {
105 uint16_t count;
106 uint16_t max;
107 struct ifnet *ifp[];
108 };
109
110 /*
111 * gre_mtx protects all global variables in if_gre.c.
112 * XXX: gre_softc data not protected yet.
113 */
114 struct mtx gre_mtx;
115 static MALLOC_DEFINE(M_GRE, GRENAME, "Generic Routing Encapsulation");
116
117 struct gre_softc_head gre_softc_list;
118
119 static int gre_clone_create(struct if_clone *, int, caddr_t);
120 static void gre_clone_destroy(struct ifnet *);
121 static int gre_ioctl(struct ifnet *, u_long, caddr_t);
122 static int gre_output(struct ifnet *, struct mbuf *, struct sockaddr *,
123 struct route *ro);
124
125 IFC_SIMPLE_DECLARE(gre, 0);
126
127 static int gre_compute_route(struct gre_softc *sc);
128
129 static void greattach(void);
130
131 #ifdef INET
132 extern struct domain inetdomain;
133 static const struct protosw in_gre_protosw = {
134 .pr_type = SOCK_RAW,
135 .pr_domain = &inetdomain,
136 .pr_protocol = IPPROTO_GRE,
137 .pr_flags = PR_ATOMIC|PR_ADDR,
138 .pr_input = gre_input,
139 .pr_output = (pr_output_t *)rip_output,
140 .pr_ctlinput = rip_ctlinput,
141 .pr_ctloutput = rip_ctloutput,
142 .pr_usrreqs = &rip_usrreqs
143 };
144 static const struct protosw in_mobile_protosw = {
145 .pr_type = SOCK_RAW,
146 .pr_domain = &inetdomain,
147 .pr_protocol = IPPROTO_MOBILE,
148 .pr_flags = PR_ATOMIC|PR_ADDR,
149 .pr_input = gre_mobile_input,
150 .pr_output = (pr_output_t *)rip_output,
151 .pr_ctlinput = rip_ctlinput,
152 .pr_ctloutput = rip_ctloutput,
153 .pr_usrreqs = &rip_usrreqs
154 };
155 #endif
156
157 SYSCTL_DECL(_net_link);
158 SYSCTL_NODE(_net_link, IFT_TUNNEL, gre, CTLFLAG_RW, 0,
159 "Generic Routing Encapsulation");
160 #ifndef MAX_GRE_NEST
161 /*
162 * This macro controls the default upper limitation on nesting of gre tunnels.
163 * Since, setting a large value to this macro with a careless configuration
164 * may introduce system crash, we don't allow any nestings by default.
165 * If you need to configure nested gre tunnels, you can define this macro
166 * in your kernel configuration file. However, if you do so, please be
167 * careful to configure the tunnels so that it won't make a loop.
168 */
169 #define MAX_GRE_NEST 1
170 #endif
171 static int max_gre_nesting = MAX_GRE_NEST;
172 SYSCTL_INT(_net_link_gre, OID_AUTO, max_nesting, CTLFLAG_RW,
173 &max_gre_nesting, 0, "Max nested tunnels");
174
175 /* ARGSUSED */
176 static void
177 greattach(void)
178 {
179
180 mtx_init(&gre_mtx, "gre_mtx", NULL, MTX_DEF);
181 LIST_INIT(&gre_softc_list);
182 if_clone_attach(&gre_cloner);
183 }
184
185 static int
186 gre_clone_create(ifc, unit, params)
187 struct if_clone *ifc;
188 int unit;
189 caddr_t params;
190 {
191 struct gre_softc *sc;
192
193 sc = malloc(sizeof(struct gre_softc), M_GRE, M_WAITOK | M_ZERO);
194
195 GRE2IFP(sc) = if_alloc(IFT_TUNNEL);
196 if (GRE2IFP(sc) == NULL) {
197 free(sc, M_GRE);
198 return (ENOSPC);
199 }
200
201 GRE2IFP(sc)->if_softc = sc;
202 if_initname(GRE2IFP(sc), ifc->ifc_name, unit);
203
204 GRE2IFP(sc)->if_snd.ifq_maxlen = ifqmaxlen;
205 GRE2IFP(sc)->if_addrlen = 0;
206 GRE2IFP(sc)->if_hdrlen = 24; /* IP + GRE */
207 GRE2IFP(sc)->if_mtu = GREMTU;
208 GRE2IFP(sc)->if_flags = IFF_POINTOPOINT|IFF_MULTICAST;
209 GRE2IFP(sc)->if_output = gre_output;
210 GRE2IFP(sc)->if_ioctl = gre_ioctl;
211 sc->g_dst.s_addr = sc->g_src.s_addr = INADDR_ANY;
212 sc->g_proto = IPPROTO_GRE;
213 GRE2IFP(sc)->if_flags |= IFF_LINK0;
214 sc->encap = NULL;
215 sc->gre_fibnum = curthread->td_proc->p_fibnum;
216 sc->wccp_ver = WCCP_V1;
217 sc->key = 0;
218 if_attach(GRE2IFP(sc));
219 bpfattach(GRE2IFP(sc), DLT_NULL, sizeof(u_int32_t));
220 mtx_lock(&gre_mtx);
221 LIST_INSERT_HEAD(&gre_softc_list, sc, sc_list);
222 mtx_unlock(&gre_mtx);
223 return (0);
224 }
225
226 static void
227 gre_clone_destroy(ifp)
228 struct ifnet *ifp;
229 {
230 struct gre_softc *sc = ifp->if_softc;
231
232 mtx_lock(&gre_mtx);
233 LIST_REMOVE(sc, sc_list);
234 mtx_unlock(&gre_mtx);
235
236 #ifdef INET
237 if (sc->encap != NULL)
238 encap_detach(sc->encap);
239 #endif
240 bpfdetach(ifp);
241 if_detach(ifp);
242 if_free(ifp);
243 free(sc, M_GRE);
244 }
245
246 /*
247 * The output routine. Takes a packet and encapsulates it in the protocol
248 * given by sc->g_proto. See also RFC 1701 and RFC 2004
249 */
250 static int
251 gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
252 struct route *ro)
253 {
254 int error = 0;
255 struct gre_softc *sc = ifp->if_softc;
256 struct greip *gh;
257 struct ip *ip;
258 struct m_tag *mtag;
259 struct mtag_gre_nesting *gt;
260 size_t len;
261 u_short gre_ip_id = 0;
262 uint8_t gre_ip_tos = 0;
263 u_int16_t etype = 0;
264 struct mobile_h mob_h;
265 u_int32_t af;
266 int extra = 0, max;
267
268 /*
269 * gre may cause infinite recursion calls when misconfigured. High
270 * nesting level may cause stack exhaustion. We'll prevent this by
271 * detecting loops and by introducing upper limit.
272 */
273 mtag = m_tag_locate(m, MTAG_COOKIE_GRE, MTAG_GRE_NESTING, NULL);
274 if (mtag != NULL) {
275 struct ifnet **ifp2;
276
277 gt = (struct mtag_gre_nesting *)(mtag + 1);
278 gt->count++;
279 if (gt->count > min(gt->max,max_gre_nesting)) {
280 printf("%s: hit maximum recursion limit %u on %s\n",
281 __func__, gt->count - 1, ifp->if_xname);
282 m_freem(m);
283 error = EIO; /* is there better errno? */
284 goto end;
285 }
286
287 ifp2 = gt->ifp;
288 for (max = gt->count - 1; max > 0; max--) {
289 if (*ifp2 == ifp)
290 break;
291 ifp2++;
292 }
293 if (*ifp2 == ifp) {
294 printf("%s: detected loop with nexting %u on %s\n",
295 __func__, gt->count-1, ifp->if_xname);
296 m_freem(m);
297 error = EIO; /* is there better errno? */
298 goto end;
299 }
300 *ifp2 = ifp;
301
302 } else {
303 /*
304 * Given that people should NOT increase max_gre_nesting beyond
305 * their real needs, we allocate once per packet rather than
306 * allocating an mtag once per passing through gre.
307 *
308 * Note: the sysctl does not actually check for saneness, so we
309 * limit the maximum numbers of possible recursions here.
310 */
311 max = imin(max_gre_nesting, 256);
312 /* If someone sets the sysctl <= 0, we want at least 1. */
313 max = imax(max, 1);
314 len = sizeof(struct mtag_gre_nesting) +
315 max * sizeof(struct ifnet *);
316 mtag = m_tag_alloc(MTAG_COOKIE_GRE, MTAG_GRE_NESTING, len,
317 M_NOWAIT);
318 if (mtag == NULL) {
319 m_freem(m);
320 error = ENOMEM;
321 goto end;
322 }
323 gt = (struct mtag_gre_nesting *)(mtag + 1);
324 bzero(gt, len);
325 gt->count = 1;
326 gt->max = max;
327 *gt->ifp = ifp;
328 m_tag_prepend(m, mtag);
329 }
330
331 if (!((ifp->if_flags & IFF_UP) &&
332 (ifp->if_drv_flags & IFF_DRV_RUNNING)) ||
333 sc->g_src.s_addr == INADDR_ANY || sc->g_dst.s_addr == INADDR_ANY) {
334 m_freem(m);
335 error = ENETDOWN;
336 goto end;
337 }
338
339 gh = NULL;
340 ip = NULL;
341
342 /* BPF writes need to be handled specially. */
343 if (dst->sa_family == AF_UNSPEC) {
344 bcopy(dst->sa_data, &af, sizeof(af));
345 dst->sa_family = af;
346 }
347
348 if (bpf_peers_present(ifp->if_bpf)) {
349 af = dst->sa_family;
350 bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m);
351 }
352
353 m->m_flags &= ~(M_BCAST|M_MCAST);
354
355 if (sc->g_proto == IPPROTO_MOBILE) {
356 if (dst->sa_family == AF_INET) {
357 struct mbuf *m0;
358 int msiz;
359
360 ip = mtod(m, struct ip *);
361
362 /*
363 * RFC2004 specifies that fragmented diagrams shouldn't
364 * be encapsulated.
365 */
366 if (ip->ip_off & (IP_MF | IP_OFFMASK)) {
367 _IF_DROP(&ifp->if_snd);
368 m_freem(m);
369 error = EINVAL; /* is there better errno? */
370 goto end;
371 }
372 memset(&mob_h, 0, MOB_H_SIZ_L);
373 mob_h.proto = (ip->ip_p) << 8;
374 mob_h.odst = ip->ip_dst.s_addr;
375 ip->ip_dst.s_addr = sc->g_dst.s_addr;
376
377 /*
378 * If the packet comes from our host, we only change
379 * the destination address in the IP header.
380 * Else we also need to save and change the source
381 */
382 if (in_hosteq(ip->ip_src, sc->g_src)) {
383 msiz = MOB_H_SIZ_S;
384 } else {
385 mob_h.proto |= MOB_H_SBIT;
386 mob_h.osrc = ip->ip_src.s_addr;
387 ip->ip_src.s_addr = sc->g_src.s_addr;
388 msiz = MOB_H_SIZ_L;
389 }
390 mob_h.proto = htons(mob_h.proto);
391 mob_h.hcrc = gre_in_cksum((u_int16_t *)&mob_h, msiz);
392
393 if ((m->m_data - msiz) < m->m_pktdat) {
394 /* need new mbuf */
395 MGETHDR(m0, M_DONTWAIT, MT_DATA);
396 if (m0 == NULL) {
397 _IF_DROP(&ifp->if_snd);
398 m_freem(m);
399 error = ENOBUFS;
400 goto end;
401 }
402 m0->m_next = m;
403 m->m_data += sizeof(struct ip);
404 m->m_len -= sizeof(struct ip);
405 m0->m_pkthdr.len = m->m_pkthdr.len + msiz;
406 m0->m_len = msiz + sizeof(struct ip);
407 m0->m_data += max_linkhdr;
408 memcpy(mtod(m0, caddr_t), (caddr_t)ip,
409 sizeof(struct ip));
410 m = m0;
411 } else { /* we have some space left in the old one */
412 m->m_data -= msiz;
413 m->m_len += msiz;
414 m->m_pkthdr.len += msiz;
415 bcopy(ip, mtod(m, caddr_t),
416 sizeof(struct ip));
417 }
418 ip = mtod(m, struct ip *);
419 memcpy((caddr_t)(ip + 1), &mob_h, (unsigned)msiz);
420 ip->ip_len = ntohs(ip->ip_len) + msiz;
421 } else { /* AF_INET */
422 _IF_DROP(&ifp->if_snd);
423 m_freem(m);
424 error = EINVAL;
425 goto end;
426 }
427 } else if (sc->g_proto == IPPROTO_GRE) {
428 switch (dst->sa_family) {
429 case AF_INET:
430 ip = mtod(m, struct ip *);
431 gre_ip_tos = ip->ip_tos;
432 gre_ip_id = ip->ip_id;
433 if (sc->wccp_ver == WCCP_V2) {
434 extra = sizeof(uint32_t);
435 etype = WCCP_PROTOCOL_TYPE;
436 } else {
437 etype = ETHERTYPE_IP;
438 }
439 break;
440 #ifdef INET6
441 case AF_INET6:
442 gre_ip_id = ip_newid();
443 etype = ETHERTYPE_IPV6;
444 break;
445 #endif
446 #ifdef NETATALK
447 case AF_APPLETALK:
448 etype = ETHERTYPE_ATALK;
449 break;
450 #endif
451 default:
452 _IF_DROP(&ifp->if_snd);
453 m_freem(m);
454 error = EAFNOSUPPORT;
455 goto end;
456 }
457
458 /* Reserve space for GRE header + optional GRE key */
459 int hdrlen = sizeof(struct greip) + extra;
460 if (sc->key)
461 hdrlen += sizeof(uint32_t);
462 M_PREPEND(m, hdrlen, M_DONTWAIT);
463 } else {
464 _IF_DROP(&ifp->if_snd);
465 m_freem(m);
466 error = EINVAL;
467 goto end;
468 }
469
470 if (m == NULL) { /* mbuf allocation failed */
471 _IF_DROP(&ifp->if_snd);
472 error = ENOBUFS;
473 goto end;
474 }
475
476 M_SETFIB(m, sc->gre_fibnum); /* The envelope may use a different FIB */
477
478 gh = mtod(m, struct greip *);
479 if (sc->g_proto == IPPROTO_GRE) {
480 uint32_t *options = gh->gi_options;
481
482 memset((void *)gh, 0, sizeof(struct greip) + extra);
483 gh->gi_ptype = htons(etype);
484 gh->gi_flags = 0;
485
486 /* Add key option */
487 if (sc->key)
488 {
489 gh->gi_flags |= htons(GRE_KP);
490 *(options++) = htonl(sc->key);
491 }
492 }
493
494 gh->gi_pr = sc->g_proto;
495 if (sc->g_proto != IPPROTO_MOBILE) {
496 gh->gi_src = sc->g_src;
497 gh->gi_dst = sc->g_dst;
498 ((struct ip*)gh)->ip_v = IPPROTO_IPV4;
499 ((struct ip*)gh)->ip_hl = (sizeof(struct ip)) >> 2;
500 ((struct ip*)gh)->ip_ttl = GRE_TTL;
501 ((struct ip*)gh)->ip_tos = gre_ip_tos;
502 ((struct ip*)gh)->ip_id = gre_ip_id;
503 gh->gi_len = m->m_pkthdr.len;
504 }
505
506 ifp->if_opackets++;
507 ifp->if_obytes += m->m_pkthdr.len;
508 /*
509 * Send it off and with IP_FORWARD flag to prevent it from
510 * overwriting the ip_id again. ip_id is already set to the
511 * ip_id of the encapsulated packet.
512 */
513 error = ip_output(m, NULL, &sc->route, IP_FORWARDING,
514 (struct ip_moptions *)NULL, (struct inpcb *)NULL);
515 end:
516 if (error)
517 ifp->if_oerrors++;
518 return (error);
519 }
520
521 static int
522 gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
523 {
524 struct ifreq *ifr = (struct ifreq *)data;
525 struct if_laddrreq *lifr = (struct if_laddrreq *)data;
526 struct in_aliasreq *aifr = (struct in_aliasreq *)data;
527 struct gre_softc *sc = ifp->if_softc;
528 int s;
529 struct sockaddr_in si;
530 struct sockaddr *sa = NULL;
531 int error, adj;
532 struct sockaddr_in sp, sm, dp, dm;
533 uint32_t key;
534
535 error = 0;
536 adj = 0;
537
538 s = splnet();
539 switch (cmd) {
540 case SIOCSIFADDR:
541 ifp->if_flags |= IFF_UP;
542 break;
543 case SIOCSIFDSTADDR:
544 break;
545 case SIOCSIFFLAGS:
546 /*
547 * XXXRW: Isn't this priv_check() redundant to the ifnet
548 * layer check?
549 */
550 if ((error = priv_check(curthread, PRIV_NET_SETIFFLAGS)) != 0)
551 break;
552 if ((ifr->ifr_flags & IFF_LINK0) != 0)
553 sc->g_proto = IPPROTO_GRE;
554 else
555 sc->g_proto = IPPROTO_MOBILE;
556 if ((ifr->ifr_flags & IFF_LINK2) != 0)
557 sc->wccp_ver = WCCP_V2;
558 else
559 sc->wccp_ver = WCCP_V1;
560 goto recompute;
561 case SIOCSIFMTU:
562 /*
563 * XXXRW: Isn't this priv_check() redundant to the ifnet
564 * layer check?
565 */
566 if ((error = priv_check(curthread, PRIV_NET_SETIFMTU)) != 0)
567 break;
568 if (ifr->ifr_mtu < 576) {
569 error = EINVAL;
570 break;
571 }
572 ifp->if_mtu = ifr->ifr_mtu;
573 break;
574 case SIOCGIFMTU:
575 ifr->ifr_mtu = GRE2IFP(sc)->if_mtu;
576 break;
577 case SIOCADDMULTI:
578 /*
579 * XXXRW: Isn't this priv_checkr() redundant to the ifnet
580 * layer check?
581 */
582 if ((error = priv_check(curthread, PRIV_NET_ADDMULTI)) != 0)
583 break;
584 if (ifr == 0) {
585 error = EAFNOSUPPORT;
586 break;
587 }
588 switch (ifr->ifr_addr.sa_family) {
589 #ifdef INET
590 case AF_INET:
591 break;
592 #endif
593 #ifdef INET6
594 case AF_INET6:
595 break;
596 #endif
597 default:
598 error = EAFNOSUPPORT;
599 break;
600 }
601 break;
602 case SIOCDELMULTI:
603 /*
604 * XXXRW: Isn't this priv_check() redundant to the ifnet
605 * layer check?
606 */
607 if ((error = priv_check(curthread, PRIV_NET_DELIFGROUP)) != 0)
608 break;
609 if (ifr == 0) {
610 error = EAFNOSUPPORT;
611 break;
612 }
613 switch (ifr->ifr_addr.sa_family) {
614 #ifdef INET
615 case AF_INET:
616 break;
617 #endif
618 #ifdef INET6
619 case AF_INET6:
620 break;
621 #endif
622 default:
623 error = EAFNOSUPPORT;
624 break;
625 }
626 break;
627 case GRESPROTO:
628 /*
629 * XXXRW: Isn't this priv_check() redundant to the ifnet
630 * layer check?
631 */
632 if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0)
633 break;
634 sc->g_proto = ifr->ifr_flags;
635 switch (sc->g_proto) {
636 case IPPROTO_GRE:
637 ifp->if_flags |= IFF_LINK0;
638 break;
639 case IPPROTO_MOBILE:
640 ifp->if_flags &= ~IFF_LINK0;
641 break;
642 default:
643 error = EPROTONOSUPPORT;
644 break;
645 }
646 goto recompute;
647 case GREGPROTO:
648 ifr->ifr_flags = sc->g_proto;
649 break;
650 case GRESADDRS:
651 case GRESADDRD:
652 error = priv_check(curthread, PRIV_NET_GRE);
653 if (error)
654 return (error);
655 /*
656 * set tunnel endpoints, compute a less specific route
657 * to the remote end and mark if as up
658 */
659 sa = &ifr->ifr_addr;
660 if (cmd == GRESADDRS)
661 sc->g_src = (satosin(sa))->sin_addr;
662 if (cmd == GRESADDRD)
663 sc->g_dst = (satosin(sa))->sin_addr;
664 recompute:
665 #ifdef INET
666 if (sc->encap != NULL) {
667 encap_detach(sc->encap);
668 sc->encap = NULL;
669 }
670 #endif
671 if ((sc->g_src.s_addr != INADDR_ANY) &&
672 (sc->g_dst.s_addr != INADDR_ANY)) {
673 bzero(&sp, sizeof(sp));
674 bzero(&sm, sizeof(sm));
675 bzero(&dp, sizeof(dp));
676 bzero(&dm, sizeof(dm));
677 sp.sin_len = sm.sin_len = dp.sin_len = dm.sin_len =
678 sizeof(struct sockaddr_in);
679 sp.sin_family = sm.sin_family = dp.sin_family =
680 dm.sin_family = AF_INET;
681 sp.sin_addr = sc->g_src;
682 dp.sin_addr = sc->g_dst;
683 sm.sin_addr.s_addr = dm.sin_addr.s_addr =
684 INADDR_BROADCAST;
685 #ifdef INET
686 sc->encap = encap_attach(AF_INET, sc->g_proto,
687 sintosa(&sp), sintosa(&sm), sintosa(&dp),
688 sintosa(&dm), (sc->g_proto == IPPROTO_GRE) ?
689 &in_gre_protosw : &in_mobile_protosw, sc);
690 if (sc->encap == NULL)
691 printf("%s: unable to attach encap\n",
692 if_name(GRE2IFP(sc)));
693 #endif
694 if (sc->route.ro_rt != 0) /* free old route */
695 RTFREE(sc->route.ro_rt);
696 if (gre_compute_route(sc) == 0)
697 ifp->if_drv_flags |= IFF_DRV_RUNNING;
698 else
699 ifp->if_drv_flags &= ~IFF_DRV_RUNNING;
700 }
701 break;
702 case GREGADDRS:
703 memset(&si, 0, sizeof(si));
704 si.sin_family = AF_INET;
705 si.sin_len = sizeof(struct sockaddr_in);
706 si.sin_addr.s_addr = sc->g_src.s_addr;
707 sa = sintosa(&si);
708 error = prison_if(curthread->td_ucred, sa);
709 if (error != 0)
710 break;
711 ifr->ifr_addr = *sa;
712 break;
713 case GREGADDRD:
714 memset(&si, 0, sizeof(si));
715 si.sin_family = AF_INET;
716 si.sin_len = sizeof(struct sockaddr_in);
717 si.sin_addr.s_addr = sc->g_dst.s_addr;
718 sa = sintosa(&si);
719 error = prison_if(curthread->td_ucred, sa);
720 if (error != 0)
721 break;
722 ifr->ifr_addr = *sa;
723 break;
724 case SIOCSIFPHYADDR:
725 /*
726 * XXXRW: Isn't this priv_check() redundant to the ifnet
727 * layer check?
728 */
729 if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0)
730 break;
731 if (aifr->ifra_addr.sin_family != AF_INET ||
732 aifr->ifra_dstaddr.sin_family != AF_INET) {
733 error = EAFNOSUPPORT;
734 break;
735 }
736 if (aifr->ifra_addr.sin_len != sizeof(si) ||
737 aifr->ifra_dstaddr.sin_len != sizeof(si)) {
738 error = EINVAL;
739 break;
740 }
741 sc->g_src = aifr->ifra_addr.sin_addr;
742 sc->g_dst = aifr->ifra_dstaddr.sin_addr;
743 goto recompute;
744 case SIOCSLIFPHYADDR:
745 /*
746 * XXXRW: Isn't this priv_check() redundant to the ifnet
747 * layer check?
748 */
749 if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0)
750 break;
751 if (lifr->addr.ss_family != AF_INET ||
752 lifr->dstaddr.ss_family != AF_INET) {
753 error = EAFNOSUPPORT;
754 break;
755 }
756 if (lifr->addr.ss_len != sizeof(si) ||
757 lifr->dstaddr.ss_len != sizeof(si)) {
758 error = EINVAL;
759 break;
760 }
761 sc->g_src = (satosin(&lifr->addr))->sin_addr;
762 sc->g_dst =
763 (satosin(&lifr->dstaddr))->sin_addr;
764 goto recompute;
765 case SIOCDIFPHYADDR:
766 /*
767 * XXXRW: Isn't this priv_check() redundant to the ifnet
768 * layer check?
769 */
770 if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0)
771 break;
772 sc->g_src.s_addr = INADDR_ANY;
773 sc->g_dst.s_addr = INADDR_ANY;
774 goto recompute;
775 case SIOCGLIFPHYADDR:
776 if (sc->g_src.s_addr == INADDR_ANY ||
777 sc->g_dst.s_addr == INADDR_ANY) {
778 error = EADDRNOTAVAIL;
779 break;
780 }
781 memset(&si, 0, sizeof(si));
782 si.sin_family = AF_INET;
783 si.sin_len = sizeof(struct sockaddr_in);
784 si.sin_addr.s_addr = sc->g_src.s_addr;
785 error = prison_if(curthread->td_ucred, (struct sockaddr *)&si);
786 if (error != 0)
787 break;
788 memcpy(&lifr->addr, &si, sizeof(si));
789 si.sin_addr.s_addr = sc->g_dst.s_addr;
790 error = prison_if(curthread->td_ucred, (struct sockaddr *)&si);
791 if (error != 0)
792 break;
793 memcpy(&lifr->dstaddr, &si, sizeof(si));
794 break;
795 case SIOCGIFPSRCADDR:
796 #ifdef INET6
797 case SIOCGIFPSRCADDR_IN6:
798 #endif
799 if (sc->g_src.s_addr == INADDR_ANY) {
800 error = EADDRNOTAVAIL;
801 break;
802 }
803 memset(&si, 0, sizeof(si));
804 si.sin_family = AF_INET;
805 si.sin_len = sizeof(struct sockaddr_in);
806 si.sin_addr.s_addr = sc->g_src.s_addr;
807 error = prison_if(curthread->td_ucred, (struct sockaddr *)&si);
808 if (error != 0)
809 break;
810 bcopy(&si, &ifr->ifr_addr, sizeof(ifr->ifr_addr));
811 break;
812 case SIOCGIFPDSTADDR:
813 #ifdef INET6
814 case SIOCGIFPDSTADDR_IN6:
815 #endif
816 if (sc->g_dst.s_addr == INADDR_ANY) {
817 error = EADDRNOTAVAIL;
818 break;
819 }
820 memset(&si, 0, sizeof(si));
821 si.sin_family = AF_INET;
822 si.sin_len = sizeof(struct sockaddr_in);
823 si.sin_addr.s_addr = sc->g_dst.s_addr;
824 error = prison_if(curthread->td_ucred, (struct sockaddr *)&si);
825 if (error != 0)
826 break;
827 bcopy(&si, &ifr->ifr_addr, sizeof(ifr->ifr_addr));
828 break;
829 case GRESKEY:
830 error = priv_check(curthread, PRIV_NET_GRE);
831 if (error)
832 break;
833 error = copyin(ifr->ifr_data, &key, sizeof(key));
834 if (error)
835 break;
836 /* adjust MTU for option header */
837 if (key == 0 && sc->key != 0) /* clear */
838 adj += sizeof(key);
839 else if (key != 0 && sc->key == 0) /* set */
840 adj -= sizeof(key);
841
842 if (ifp->if_mtu + adj < 576) {
843 error = EINVAL;
844 break;
845 }
846 ifp->if_mtu += adj;
847 sc->key = key;
848 break;
849 case GREGKEY:
850 error = copyout(&sc->key, ifr->ifr_data, sizeof(sc->key));
851 break;
852
853 default:
854 error = EINVAL;
855 break;
856 }
857
858 splx(s);
859 return (error);
860 }
861
862 /*
863 * computes a route to our destination that is not the one
864 * which would be taken by ip_output(), as this one will loop back to
865 * us. If the interface is p2p as a--->b, then a routing entry exists
866 * If we now send a packet to b (e.g. ping b), this will come down here
867 * gets src=a, dst=b tacked on and would from ip_output() sent back to
868 * if_gre.
869 * Goal here is to compute a route to b that is less specific than
870 * a-->b. We know that this one exists as in normal operation we have
871 * at least a default route which matches.
872 */
873 static int
874 gre_compute_route(struct gre_softc *sc)
875 {
876 struct route *ro;
877
878 ro = &sc->route;
879
880 memset(ro, 0, sizeof(struct route));
881 ((struct sockaddr_in *)&ro->ro_dst)->sin_addr = sc->g_dst;
882 ro->ro_dst.sa_family = AF_INET;
883 ro->ro_dst.sa_len = sizeof(ro->ro_dst);
884
885 /*
886 * toggle last bit, so our interface is not found, but a less
887 * specific route. I'd rather like to specify a shorter mask,
888 * but this is not possible. Should work though. XXX
889 * XXX MRT Use a different FIB for the tunnel to solve this problem.
890 */
891 if ((GRE2IFP(sc)->if_flags & IFF_LINK1) == 0) {
892 ((struct sockaddr_in *)&ro->ro_dst)->sin_addr.s_addr ^=
893 htonl(0x01);
894 }
895
896 #ifdef DIAGNOSTIC
897 printf("%s: searching for a route to %s", if_name(GRE2IFP(sc)),
898 inet_ntoa(((struct sockaddr_in *)&ro->ro_dst)->sin_addr));
899 #endif
900
901 rtalloc_fib(ro, sc->gre_fibnum);
902
903 /*
904 * check if this returned a route at all and this route is no
905 * recursion to ourself
906 */
907 if (ro->ro_rt == NULL || ro->ro_rt->rt_ifp->if_softc == sc) {
908 #ifdef DIAGNOSTIC
909 if (ro->ro_rt == NULL)
910 printf(" - no route found!\n");
911 else
912 printf(" - route loops back to ourself!\n");
913 #endif
914 return EADDRNOTAVAIL;
915 }
916
917 /*
918 * now change it back - else ip_output will just drop
919 * the route and search one to this interface ...
920 */
921 if ((GRE2IFP(sc)->if_flags & IFF_LINK1) == 0)
922 ((struct sockaddr_in *)&ro->ro_dst)->sin_addr = sc->g_dst;
923
924 #ifdef DIAGNOSTIC
925 printf(", choosing %s with gateway %s", if_name(ro->ro_rt->rt_ifp),
926 inet_ntoa(((struct sockaddr_in *)(ro->ro_rt->rt_gateway))->sin_addr));
927 printf("\n");
928 #endif
929
930 return 0;
931 }
932
933 /*
934 * do a checksum of a buffer - much like in_cksum, which operates on
935 * mbufs.
936 */
937 u_int16_t
938 gre_in_cksum(u_int16_t *p, u_int len)
939 {
940 u_int32_t sum = 0;
941 int nwords = len >> 1;
942
943 while (nwords-- != 0)
944 sum += *p++;
945
946 if (len & 1) {
947 union {
948 u_short w;
949 u_char c[2];
950 } u;
951 u.c[0] = *(u_char *)p;
952 u.c[1] = 0;
953 sum += u.w;
954 }
955
956 /* end-around-carry */
957 sum = (sum >> 16) + (sum & 0xffff);
958 sum += (sum >> 16);
959 return (~sum);
960 }
961
962 static int
963 gremodevent(module_t mod, int type, void *data)
964 {
965
966 switch (type) {
967 case MOD_LOAD:
968 greattach();
969 break;
970 case MOD_UNLOAD:
971 if_clone_detach(&gre_cloner);
972 mtx_destroy(&gre_mtx);
973 break;
974 default:
975 return EOPNOTSUPP;
976 }
977 return 0;
978 }
979
980 static moduledata_t gre_mod = {
981 "if_gre",
982 gremodevent,
983 0
984 };
985
986 DECLARE_MODULE(if_gre, gre_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
987 MODULE_VERSION(if_gre, 1);
Cache object: 2c3f5b1dfb00ac8d8a8216e990564939
|