Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/net/if_gre.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $NetBSD: if_gre.c,v 1.49 2003/12/11 00:22:29 itojun Exp $ */ 2 /* $FreeBSD$ */ 3 4 /*- 5 * Copyright (c) 1998 The NetBSD Foundation, Inc. 6 * All rights reserved. 7 * 8 * This code is derived from software contributed to The NetBSD Foundation 9 * by Heiko W.Rupp <hwr@pilhuhn.de> 10 * 11 * IPv6-over-GRE contributed by Gert Doering <gert@greenie.muc.de> 12 * 13 * Redistribution and use in source and binary forms, with or without 14 * modification, are permitted provided that the following conditions 15 * are met: 16 * 1. Redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer. 18 * 2. Redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution. 21 * 3. All advertising materials mentioning features or use of this software 22 * must display the following acknowledgement: 23 * This product includes software developed by the NetBSD 24 * Foundation, Inc. and its contributors. 25 * 4. Neither the name of The NetBSD Foundation nor the names of its 26 * contributors may be used to endorse or promote products derived 27 * from this software without specific prior written permission. 28 * 29 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 30 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 31 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 32 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 33 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 34 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 35 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 36 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 37 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 38 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 39 * POSSIBILITY OF SUCH DAMAGE. 40 */ 41 42 /* 43 * Encapsulate L3 protocols into IP 44 * See RFC 2784 (successor of RFC 1701 and 1702) for more details. 45 * If_gre is compatible with Cisco GRE tunnels, so you can 46 * have a NetBSD box as the other end of a tunnel interface of a Cisco 47 * router. See gre(4) for more details. 48 * Also supported: IP in IP encaps (proto 55) as of RFC 2004 49 */ 50 51 #include "opt_atalk.h" 52 #include "opt_inet.h" 53 #include "opt_inet6.h" 54 55 #include <sys/param.h> 56 #include <sys/jail.h> 57 #include <sys/kernel.h> 58 #include <sys/libkern.h> 59 #include <sys/malloc.h> 60 #include <sys/module.h> 61 #include <sys/mbuf.h> 62 #include <sys/priv.h> 63 #include <sys/proc.h> 64 #include <sys/protosw.h> 65 #include <sys/socket.h> 66 #include <sys/sockio.h> 67 #include <sys/sysctl.h> 68 #include <sys/systm.h> 69 70 #include <net/ethernet.h> 71 #include <net/if.h> 72 #include <net/if_clone.h> 73 #include <net/if_types.h> 74 #include <net/route.h> 75 #include <net/vnet.h> 76 77 #ifdef INET 78 #include <netinet/in.h> 79 #include <netinet/in_systm.h> 80 #include <netinet/in_var.h> 81 #include <netinet/ip.h> 82 #include <netinet/ip_gre.h> 83 #include <netinet/ip_var.h> 84 #include <netinet/ip_encap.h> 85 #else 86 #error "Huh? if_gre without inet?" 87 #endif 88 89 #include <net/bpf.h> 90 91 #include <net/if_gre.h> 92 93 /* 94 * It is not easy to calculate the right value for a GRE MTU. 95 * We leave this task to the admin and use the same default that 96 * other vendors use. 97 */ 98 #define GREMTU 1476 99 100 #define GRENAME "gre" 101 102 #define MTAG_COOKIE_GRE 1307983903 103 #define MTAG_GRE_NESTING 1 104 struct mtag_gre_nesting { 105 uint16_t count; 106 uint16_t max; 107 struct ifnet *ifp[]; 108 }; 109 110 /* 111 * gre_mtx protects all global variables in if_gre.c. 112 * XXX: gre_softc data not protected yet. 113 */ 114 struct mtx gre_mtx; 115 static MALLOC_DEFINE(M_GRE, GRENAME, "Generic Routing Encapsulation"); 116 117 struct gre_softc_head gre_softc_list; 118 119 static int gre_clone_create(struct if_clone *, int, caddr_t); 120 static void gre_clone_destroy(struct ifnet *); 121 static int gre_ioctl(struct ifnet *, u_long, caddr_t); 122 static int gre_output(struct ifnet *, struct mbuf *, struct sockaddr *, 123 struct route *ro); 124 125 IFC_SIMPLE_DECLARE(gre, 0); 126 127 static int gre_compute_route(struct gre_softc *sc); 128 129 static void greattach(void); 130 131 #ifdef INET 132 extern struct domain inetdomain; 133 static const struct protosw in_gre_protosw = { 134 .pr_type = SOCK_RAW, 135 .pr_domain = &inetdomain, 136 .pr_protocol = IPPROTO_GRE, 137 .pr_flags = PR_ATOMIC|PR_ADDR, 138 .pr_input = gre_input, 139 .pr_output = (pr_output_t *)rip_output, 140 .pr_ctlinput = rip_ctlinput, 141 .pr_ctloutput = rip_ctloutput, 142 .pr_usrreqs = &rip_usrreqs 143 }; 144 static const struct protosw in_mobile_protosw = { 145 .pr_type = SOCK_RAW, 146 .pr_domain = &inetdomain, 147 .pr_protocol = IPPROTO_MOBILE, 148 .pr_flags = PR_ATOMIC|PR_ADDR, 149 .pr_input = gre_mobile_input, 150 .pr_output = (pr_output_t *)rip_output, 151 .pr_ctlinput = rip_ctlinput, 152 .pr_ctloutput = rip_ctloutput, 153 .pr_usrreqs = &rip_usrreqs 154 }; 155 #endif 156 157 SYSCTL_DECL(_net_link); 158 SYSCTL_NODE(_net_link, IFT_TUNNEL, gre, CTLFLAG_RW, 0, 159 "Generic Routing Encapsulation"); 160 #ifndef MAX_GRE_NEST 161 /* 162 * This macro controls the default upper limitation on nesting of gre tunnels. 163 * Since, setting a large value to this macro with a careless configuration 164 * may introduce system crash, we don't allow any nestings by default. 165 * If you need to configure nested gre tunnels, you can define this macro 166 * in your kernel configuration file. However, if you do so, please be 167 * careful to configure the tunnels so that it won't make a loop. 168 */ 169 #define MAX_GRE_NEST 1 170 #endif 171 static int max_gre_nesting = MAX_GRE_NEST; 172 SYSCTL_INT(_net_link_gre, OID_AUTO, max_nesting, CTLFLAG_RW, 173 &max_gre_nesting, 0, "Max nested tunnels"); 174 175 /* ARGSUSED */ 176 static void 177 greattach(void) 178 { 179 180 mtx_init(&gre_mtx, "gre_mtx", NULL, MTX_DEF); 181 LIST_INIT(&gre_softc_list); 182 if_clone_attach(&gre_cloner); 183 } 184 185 static int 186 gre_clone_create(ifc, unit, params) 187 struct if_clone *ifc; 188 int unit; 189 caddr_t params; 190 { 191 struct gre_softc *sc; 192 193 sc = malloc(sizeof(struct gre_softc), M_GRE, M_WAITOK | M_ZERO); 194 195 GRE2IFP(sc) = if_alloc(IFT_TUNNEL); 196 if (GRE2IFP(sc) == NULL) { 197 free(sc, M_GRE); 198 return (ENOSPC); 199 } 200 201 GRE2IFP(sc)->if_softc = sc; 202 if_initname(GRE2IFP(sc), ifc->ifc_name, unit); 203 204 GRE2IFP(sc)->if_snd.ifq_maxlen = ifqmaxlen; 205 GRE2IFP(sc)->if_addrlen = 0; 206 GRE2IFP(sc)->if_hdrlen = 24; /* IP + GRE */ 207 GRE2IFP(sc)->if_mtu = GREMTU; 208 GRE2IFP(sc)->if_flags = IFF_POINTOPOINT|IFF_MULTICAST; 209 GRE2IFP(sc)->if_output = gre_output; 210 GRE2IFP(sc)->if_ioctl = gre_ioctl; 211 sc->g_dst.s_addr = sc->g_src.s_addr = INADDR_ANY; 212 sc->g_proto = IPPROTO_GRE; 213 GRE2IFP(sc)->if_flags |= IFF_LINK0; 214 sc->encap = NULL; 215 sc->gre_fibnum = curthread->td_proc->p_fibnum; 216 sc->wccp_ver = WCCP_V1; 217 sc->key = 0; 218 if_attach(GRE2IFP(sc)); 219 bpfattach(GRE2IFP(sc), DLT_NULL, sizeof(u_int32_t)); 220 mtx_lock(&gre_mtx); 221 LIST_INSERT_HEAD(&gre_softc_list, sc, sc_list); 222 mtx_unlock(&gre_mtx); 223 return (0); 224 } 225 226 static void 227 gre_clone_destroy(ifp) 228 struct ifnet *ifp; 229 { 230 struct gre_softc *sc = ifp->if_softc; 231 232 mtx_lock(&gre_mtx); 233 LIST_REMOVE(sc, sc_list); 234 mtx_unlock(&gre_mtx); 235 236 #ifdef INET 237 if (sc->encap != NULL) 238 encap_detach(sc->encap); 239 #endif 240 bpfdetach(ifp); 241 if_detach(ifp); 242 if_free(ifp); 243 free(sc, M_GRE); 244 } 245 246 /* 247 * The output routine. Takes a packet and encapsulates it in the protocol 248 * given by sc->g_proto. See also RFC 1701 and RFC 2004 249 */ 250 static int 251 gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, 252 struct route *ro) 253 { 254 int error = 0; 255 struct gre_softc *sc = ifp->if_softc; 256 struct greip *gh; 257 struct ip *ip; 258 struct m_tag *mtag; 259 struct mtag_gre_nesting *gt; 260 size_t len; 261 u_short gre_ip_id = 0; 262 uint8_t gre_ip_tos = 0; 263 u_int16_t etype = 0; 264 struct mobile_h mob_h; 265 u_int32_t af; 266 int extra = 0, max; 267 268 /* 269 * gre may cause infinite recursion calls when misconfigured. High 270 * nesting level may cause stack exhaustion. We'll prevent this by 271 * detecting loops and by introducing upper limit. 272 */ 273 mtag = m_tag_locate(m, MTAG_COOKIE_GRE, MTAG_GRE_NESTING, NULL); 274 if (mtag != NULL) { 275 struct ifnet **ifp2; 276 277 gt = (struct mtag_gre_nesting *)(mtag + 1); 278 gt->count++; 279 if (gt->count > min(gt->max,max_gre_nesting)) { 280 printf("%s: hit maximum recursion limit %u on %s\n", 281 __func__, gt->count - 1, ifp->if_xname); 282 m_freem(m); 283 error = EIO; /* is there better errno? */ 284 goto end; 285 } 286 287 ifp2 = gt->ifp; 288 for (max = gt->count - 1; max > 0; max--) { 289 if (*ifp2 == ifp) 290 break; 291 ifp2++; 292 } 293 if (*ifp2 == ifp) { 294 printf("%s: detected loop with nexting %u on %s\n", 295 __func__, gt->count-1, ifp->if_xname); 296 m_freem(m); 297 error = EIO; /* is there better errno? */ 298 goto end; 299 } 300 *ifp2 = ifp; 301 302 } else { 303 /* 304 * Given that people should NOT increase max_gre_nesting beyond 305 * their real needs, we allocate once per packet rather than 306 * allocating an mtag once per passing through gre. 307 * 308 * Note: the sysctl does not actually check for saneness, so we 309 * limit the maximum numbers of possible recursions here. 310 */ 311 max = imin(max_gre_nesting, 256); 312 /* If someone sets the sysctl <= 0, we want at least 1. */ 313 max = imax(max, 1); 314 len = sizeof(struct mtag_gre_nesting) + 315 max * sizeof(struct ifnet *); 316 mtag = m_tag_alloc(MTAG_COOKIE_GRE, MTAG_GRE_NESTING, len, 317 M_NOWAIT); 318 if (mtag == NULL) { 319 m_freem(m); 320 error = ENOMEM; 321 goto end; 322 } 323 gt = (struct mtag_gre_nesting *)(mtag + 1); 324 bzero(gt, len); 325 gt->count = 1; 326 gt->max = max; 327 *gt->ifp = ifp; 328 m_tag_prepend(m, mtag); 329 } 330 331 if (!((ifp->if_flags & IFF_UP) && 332 (ifp->if_drv_flags & IFF_DRV_RUNNING)) || 333 sc->g_src.s_addr == INADDR_ANY || sc->g_dst.s_addr == INADDR_ANY) { 334 m_freem(m); 335 error = ENETDOWN; 336 goto end; 337 } 338 339 gh = NULL; 340 ip = NULL; 341 342 /* BPF writes need to be handled specially. */ 343 if (dst->sa_family == AF_UNSPEC) { 344 bcopy(dst->sa_data, &af, sizeof(af)); 345 dst->sa_family = af; 346 } 347 348 if (bpf_peers_present(ifp->if_bpf)) { 349 af = dst->sa_family; 350 bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m); 351 } 352 353 m->m_flags &= ~(M_BCAST|M_MCAST); 354 355 if (sc->g_proto == IPPROTO_MOBILE) { 356 if (dst->sa_family == AF_INET) { 357 struct mbuf *m0; 358 int msiz; 359 360 ip = mtod(m, struct ip *); 361 362 /* 363 * RFC2004 specifies that fragmented diagrams shouldn't 364 * be encapsulated. 365 */ 366 if (ip->ip_off & (IP_MF | IP_OFFMASK)) { 367 _IF_DROP(&ifp->if_snd); 368 m_freem(m); 369 error = EINVAL; /* is there better errno? */ 370 goto end; 371 } 372 memset(&mob_h, 0, MOB_H_SIZ_L); 373 mob_h.proto = (ip->ip_p) << 8; 374 mob_h.odst = ip->ip_dst.s_addr; 375 ip->ip_dst.s_addr = sc->g_dst.s_addr; 376 377 /* 378 * If the packet comes from our host, we only change 379 * the destination address in the IP header. 380 * Else we also need to save and change the source 381 */ 382 if (in_hosteq(ip->ip_src, sc->g_src)) { 383 msiz = MOB_H_SIZ_S; 384 } else { 385 mob_h.proto |= MOB_H_SBIT; 386 mob_h.osrc = ip->ip_src.s_addr; 387 ip->ip_src.s_addr = sc->g_src.s_addr; 388 msiz = MOB_H_SIZ_L; 389 } 390 mob_h.proto = htons(mob_h.proto); 391 mob_h.hcrc = gre_in_cksum((u_int16_t *)&mob_h, msiz); 392 393 if ((m->m_data - msiz) < m->m_pktdat) { 394 /* need new mbuf */ 395 MGETHDR(m0, M_DONTWAIT, MT_DATA); 396 if (m0 == NULL) { 397 _IF_DROP(&ifp->if_snd); 398 m_freem(m); 399 error = ENOBUFS; 400 goto end; 401 } 402 m0->m_next = m; 403 m->m_data += sizeof(struct ip); 404 m->m_len -= sizeof(struct ip); 405 m0->m_pkthdr.len = m->m_pkthdr.len + msiz; 406 m0->m_len = msiz + sizeof(struct ip); 407 m0->m_data += max_linkhdr; 408 memcpy(mtod(m0, caddr_t), (caddr_t)ip, 409 sizeof(struct ip)); 410 m = m0; 411 } else { /* we have some space left in the old one */ 412 m->m_data -= msiz; 413 m->m_len += msiz; 414 m->m_pkthdr.len += msiz; 415 bcopy(ip, mtod(m, caddr_t), 416 sizeof(struct ip)); 417 } 418 ip = mtod(m, struct ip *); 419 memcpy((caddr_t)(ip + 1), &mob_h, (unsigned)msiz); 420 ip->ip_len = ntohs(ip->ip_len) + msiz; 421 } else { /* AF_INET */ 422 _IF_DROP(&ifp->if_snd); 423 m_freem(m); 424 error = EINVAL; 425 goto end; 426 } 427 } else if (sc->g_proto == IPPROTO_GRE) { 428 switch (dst->sa_family) { 429 case AF_INET: 430 ip = mtod(m, struct ip *); 431 gre_ip_tos = ip->ip_tos; 432 gre_ip_id = ip->ip_id; 433 if (sc->wccp_ver == WCCP_V2) { 434 extra = sizeof(uint32_t); 435 etype = WCCP_PROTOCOL_TYPE; 436 } else { 437 etype = ETHERTYPE_IP; 438 } 439 break; 440 #ifdef INET6 441 case AF_INET6: 442 gre_ip_id = ip_newid(); 443 etype = ETHERTYPE_IPV6; 444 break; 445 #endif 446 #ifdef NETATALK 447 case AF_APPLETALK: 448 etype = ETHERTYPE_ATALK; 449 break; 450 #endif 451 default: 452 _IF_DROP(&ifp->if_snd); 453 m_freem(m); 454 error = EAFNOSUPPORT; 455 goto end; 456 } 457 458 /* Reserve space for GRE header + optional GRE key */ 459 int hdrlen = sizeof(struct greip) + extra; 460 if (sc->key) 461 hdrlen += sizeof(uint32_t); 462 M_PREPEND(m, hdrlen, M_DONTWAIT); 463 } else { 464 _IF_DROP(&ifp->if_snd); 465 m_freem(m); 466 error = EINVAL; 467 goto end; 468 } 469 470 if (m == NULL) { /* mbuf allocation failed */ 471 _IF_DROP(&ifp->if_snd); 472 error = ENOBUFS; 473 goto end; 474 } 475 476 M_SETFIB(m, sc->gre_fibnum); /* The envelope may use a different FIB */ 477 478 gh = mtod(m, struct greip *); 479 if (sc->g_proto == IPPROTO_GRE) { 480 uint32_t *options = gh->gi_options; 481 482 memset((void *)gh, 0, sizeof(struct greip) + extra); 483 gh->gi_ptype = htons(etype); 484 gh->gi_flags = 0; 485 486 /* Add key option */ 487 if (sc->key) 488 { 489 gh->gi_flags |= htons(GRE_KP); 490 *(options++) = htonl(sc->key); 491 } 492 } 493 494 gh->gi_pr = sc->g_proto; 495 if (sc->g_proto != IPPROTO_MOBILE) { 496 gh->gi_src = sc->g_src; 497 gh->gi_dst = sc->g_dst; 498 ((struct ip*)gh)->ip_v = IPPROTO_IPV4; 499 ((struct ip*)gh)->ip_hl = (sizeof(struct ip)) >> 2; 500 ((struct ip*)gh)->ip_ttl = GRE_TTL; 501 ((struct ip*)gh)->ip_tos = gre_ip_tos; 502 ((struct ip*)gh)->ip_id = gre_ip_id; 503 gh->gi_len = m->m_pkthdr.len; 504 } 505 506 ifp->if_opackets++; 507 ifp->if_obytes += m->m_pkthdr.len; 508 /* 509 * Send it off and with IP_FORWARD flag to prevent it from 510 * overwriting the ip_id again. ip_id is already set to the 511 * ip_id of the encapsulated packet. 512 */ 513 error = ip_output(m, NULL, &sc->route, IP_FORWARDING, 514 (struct ip_moptions *)NULL, (struct inpcb *)NULL); 515 end: 516 if (error) 517 ifp->if_oerrors++; 518 return (error); 519 } 520 521 static int 522 gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) 523 { 524 struct ifreq *ifr = (struct ifreq *)data; 525 struct if_laddrreq *lifr = (struct if_laddrreq *)data; 526 struct in_aliasreq *aifr = (struct in_aliasreq *)data; 527 struct gre_softc *sc = ifp->if_softc; 528 int s; 529 struct sockaddr_in si; 530 struct sockaddr *sa = NULL; 531 int error, adj; 532 struct sockaddr_in sp, sm, dp, dm; 533 uint32_t key; 534 535 error = 0; 536 adj = 0; 537 538 s = splnet(); 539 switch (cmd) { 540 case SIOCSIFADDR: 541 ifp->if_flags |= IFF_UP; 542 break; 543 case SIOCSIFDSTADDR: 544 break; 545 case SIOCSIFFLAGS: 546 /* 547 * XXXRW: Isn't this priv_check() redundant to the ifnet 548 * layer check? 549 */ 550 if ((error = priv_check(curthread, PRIV_NET_SETIFFLAGS)) != 0) 551 break; 552 if ((ifr->ifr_flags & IFF_LINK0) != 0) 553 sc->g_proto = IPPROTO_GRE; 554 else 555 sc->g_proto = IPPROTO_MOBILE; 556 if ((ifr->ifr_flags & IFF_LINK2) != 0) 557 sc->wccp_ver = WCCP_V2; 558 else 559 sc->wccp_ver = WCCP_V1; 560 goto recompute; 561 case SIOCSIFMTU: 562 /* 563 * XXXRW: Isn't this priv_check() redundant to the ifnet 564 * layer check? 565 */ 566 if ((error = priv_check(curthread, PRIV_NET_SETIFMTU)) != 0) 567 break; 568 if (ifr->ifr_mtu < 576) { 569 error = EINVAL; 570 break; 571 } 572 ifp->if_mtu = ifr->ifr_mtu; 573 break; 574 case SIOCGIFMTU: 575 ifr->ifr_mtu = GRE2IFP(sc)->if_mtu; 576 break; 577 case SIOCADDMULTI: 578 /* 579 * XXXRW: Isn't this priv_checkr() redundant to the ifnet 580 * layer check? 581 */ 582 if ((error = priv_check(curthread, PRIV_NET_ADDMULTI)) != 0) 583 break; 584 if (ifr == 0) { 585 error = EAFNOSUPPORT; 586 break; 587 } 588 switch (ifr->ifr_addr.sa_family) { 589 #ifdef INET 590 case AF_INET: 591 break; 592 #endif 593 #ifdef INET6 594 case AF_INET6: 595 break; 596 #endif 597 default: 598 error = EAFNOSUPPORT; 599 break; 600 } 601 break; 602 case SIOCDELMULTI: 603 /* 604 * XXXRW: Isn't this priv_check() redundant to the ifnet 605 * layer check? 606 */ 607 if ((error = priv_check(curthread, PRIV_NET_DELIFGROUP)) != 0) 608 break; 609 if (ifr == 0) { 610 error = EAFNOSUPPORT; 611 break; 612 } 613 switch (ifr->ifr_addr.sa_family) { 614 #ifdef INET 615 case AF_INET: 616 break; 617 #endif 618 #ifdef INET6 619 case AF_INET6: 620 break; 621 #endif 622 default: 623 error = EAFNOSUPPORT; 624 break; 625 } 626 break; 627 case GRESPROTO: 628 /* 629 * XXXRW: Isn't this priv_check() redundant to the ifnet 630 * layer check? 631 */ 632 if ((error = priv_check(curthread, PRIV_NET_GRE)) != 0) 633 break; 634 sc->g_proto = ifr->ifr_flags; 635 switch (sc->g_proto) { 636 case IPPROTO_GRE: 637 ifp->if_flags |= IFF_LINK0; 638 break; 639 case IPPROTO_MOBILE: 640 ifp->if_flags &= ~IFF_LINK0; 641 break; 642 default: 643 error = EPROTONOSUPPORT; 644 break; 645 } 646 goto recompute; 647 case GREGPROTO: 648 ifr->ifr_flags = sc->g_proto; 649 break; 650 case GRESADDRS: 651 case GRESADDRD: 652 error = priv_check(curthread, PRIV_NET_GRE); 653 if (error) 654 return (error); 655 /* 656 * set tunnel endpoints, compute a less specific route 657 * to the remote end and mark if as up 658 */ 659 sa = &ifr->ifr_addr; 660 if (cmd == GRESADDRS) 661 sc->g_src = (satosin(sa))->sin_addr; 662 if (cmd == GRESADDRD) 663 sc->g_dst = (satosin(sa))->sin_addr; 664 recompute: 665 #ifdef INET 666 if (sc->encap != NULL) { 667 encap_detach(sc->encap); 668 sc->encap = NULL; 669 } 670 #endif 671 if ((sc->g_src.s_addr != INADDR_ANY) && 672 (sc->g_dst.s_addr != INADDR_ANY)) { 673 bzero(&sp, sizeof(sp)); 674 bzero(&sm, sizeof(sm)); 675 bzero(&dp, sizeof(dp)); 676 bzero(&dm, sizeof(dm)); 677 sp.sin_len = sm.sin_len = dp.sin_len = dm.sin_len = 678 sizeof(struct sockaddr_in); 679 sp.sin_family = sm.sin_family = dp.sin_family = 680 dm.sin_family = AF_INET; 681 sp.sin_addr = sc->g_src; 682 dp.sin_addr = sc->g_dst; 683 sm.sin_addr.s_addr = dm.sin_addr.s_addr = 684 INADDR_BROADCAST; 685 #ifdef INET 686 sc->encap = encap_attach(AF_INET, sc->g_proto, 687 sintosa(&sp), sintosa(&sm), sintosa(&dp), 688 sintosa(&dm), (sc->g_proto == IPPROTO_GRE) ? 689 &in_gre_protosw : &in_mobile_protosw, sc); 690 if (sc->encap == NULL) 691 printf("%s: unable to attach encap\n", 692 if_name(GRE2IFP(sc))); 693 #endif 694 if (sc->route.ro_rt != 0) /* free old route */ 695 RTFREE(sc->route.ro_rt); 696 if (gre_compute_route(sc) == 0) 697 ifp->if_drv_flags |= IFF_DRV_RUNNING; 698 else 699 ifp->if_drv_flags &= ~IFF_DRV_RUNNING; 700 } 701 break; 702 case GREGADDRS: 703 memset(&si, 0, sizeof(si)); 704 si.sin_family = AF_INET; 705 si.sin_len = sizeof(struct sockaddr_in); 706 si.sin_addr.s_addr = sc->g_src.s_addr; 707 sa = sintosa(&si); 708 error = prison_if(curthread->td_ucred, sa); 709 if (error != 0) 710 break; 711 ifr->ifr_addr = *sa; 712 break; 713 case GREGADDRD: 714 memset(&si, 0, sizeof(si)); 715 si.sin_family = AF_INET; 716 si.sin_len = sizeof(struct sockaddr_in); 717 si.sin_addr.s_addr = sc->g_dst.s_addr; 718 sa = sintosa(&si); 719 error = prison_if(curthread->td_ucred, sa); 720 if (error != 0) 721 break; 722 ifr->ifr_addr = *sa; 723 break; 724 case SIOCSIFPHYADDR: 725 /* 726 * XXXRW: Isn't this priv_check() redundant to the ifnet 727 * layer check? 728 */ 729 if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0) 730 break; 731 if (aifr->ifra_addr.sin_family != AF_INET || 732 aifr->ifra_dstaddr.sin_family != AF_INET) { 733 error = EAFNOSUPPORT; 734 break; 735 } 736 if (aifr->ifra_addr.sin_len != sizeof(si) || 737 aifr->ifra_dstaddr.sin_len != sizeof(si)) { 738 error = EINVAL; 739 break; 740 } 741 sc->g_src = aifr->ifra_addr.sin_addr; 742 sc->g_dst = aifr->ifra_dstaddr.sin_addr; 743 goto recompute; 744 case SIOCSLIFPHYADDR: 745 /* 746 * XXXRW: Isn't this priv_check() redundant to the ifnet 747 * layer check? 748 */ 749 if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0) 750 break; 751 if (lifr->addr.ss_family != AF_INET || 752 lifr->dstaddr.ss_family != AF_INET) { 753 error = EAFNOSUPPORT; 754 break; 755 } 756 if (lifr->addr.ss_len != sizeof(si) || 757 lifr->dstaddr.ss_len != sizeof(si)) { 758 error = EINVAL; 759 break; 760 } 761 sc->g_src = (satosin(&lifr->addr))->sin_addr; 762 sc->g_dst = 763 (satosin(&lifr->dstaddr))->sin_addr; 764 goto recompute; 765 case SIOCDIFPHYADDR: 766 /* 767 * XXXRW: Isn't this priv_check() redundant to the ifnet 768 * layer check? 769 */ 770 if ((error = priv_check(curthread, PRIV_NET_SETIFPHYS)) != 0) 771 break; 772 sc->g_src.s_addr = INADDR_ANY; 773 sc->g_dst.s_addr = INADDR_ANY; 774 goto recompute; 775 case SIOCGLIFPHYADDR: 776 if (sc->g_src.s_addr == INADDR_ANY || 777 sc->g_dst.s_addr == INADDR_ANY) { 778 error = EADDRNOTAVAIL; 779 break; 780 } 781 memset(&si, 0, sizeof(si)); 782 si.sin_family = AF_INET; 783 si.sin_len = sizeof(struct sockaddr_in); 784 si.sin_addr.s_addr = sc->g_src.s_addr; 785 error = prison_if(curthread->td_ucred, (struct sockaddr *)&si); 786 if (error != 0) 787 break; 788 memcpy(&lifr->addr, &si, sizeof(si)); 789 si.sin_addr.s_addr = sc->g_dst.s_addr; 790 error = prison_if(curthread->td_ucred, (struct sockaddr *)&si); 791 if (error != 0) 792 break; 793 memcpy(&lifr->dstaddr, &si, sizeof(si)); 794 break; 795 case SIOCGIFPSRCADDR: 796 #ifdef INET6 797 case SIOCGIFPSRCADDR_IN6: 798 #endif 799 if (sc->g_src.s_addr == INADDR_ANY) { 800 error = EADDRNOTAVAIL; 801 break; 802 } 803 memset(&si, 0, sizeof(si)); 804 si.sin_family = AF_INET; 805 si.sin_len = sizeof(struct sockaddr_in); 806 si.sin_addr.s_addr = sc->g_src.s_addr; 807 error = prison_if(curthread->td_ucred, (struct sockaddr *)&si); 808 if (error != 0) 809 break; 810 bcopy(&si, &ifr->ifr_addr, sizeof(ifr->ifr_addr)); 811 break; 812 case SIOCGIFPDSTADDR: 813 #ifdef INET6 814 case SIOCGIFPDSTADDR_IN6: 815 #endif 816 if (sc->g_dst.s_addr == INADDR_ANY) { 817 error = EADDRNOTAVAIL; 818 break; 819 } 820 memset(&si, 0, sizeof(si)); 821 si.sin_family = AF_INET; 822 si.sin_len = sizeof(struct sockaddr_in); 823 si.sin_addr.s_addr = sc->g_dst.s_addr; 824 error = prison_if(curthread->td_ucred, (struct sockaddr *)&si); 825 if (error != 0) 826 break; 827 bcopy(&si, &ifr->ifr_addr, sizeof(ifr->ifr_addr)); 828 break; 829 case GRESKEY: 830 error = priv_check(curthread, PRIV_NET_GRE); 831 if (error) 832 break; 833 error = copyin(ifr->ifr_data, &key, sizeof(key)); 834 if (error) 835 break; 836 /* adjust MTU for option header */ 837 if (key == 0 && sc->key != 0) /* clear */ 838 adj += sizeof(key); 839 else if (key != 0 && sc->key == 0) /* set */ 840 adj -= sizeof(key); 841 842 if (ifp->if_mtu + adj < 576) { 843 error = EINVAL; 844 break; 845 } 846 ifp->if_mtu += adj; 847 sc->key = key; 848 break; 849 case GREGKEY: 850 error = copyout(&sc->key, ifr->ifr_data, sizeof(sc->key)); 851 break; 852 853 default: 854 error = EINVAL; 855 break; 856 } 857 858 splx(s); 859 return (error); 860 } 861 862 /* 863 * computes a route to our destination that is not the one 864 * which would be taken by ip_output(), as this one will loop back to 865 * us. If the interface is p2p as a--->b, then a routing entry exists 866 * If we now send a packet to b (e.g. ping b), this will come down here 867 * gets src=a, dst=b tacked on and would from ip_output() sent back to 868 * if_gre. 869 * Goal here is to compute a route to b that is less specific than 870 * a-->b. We know that this one exists as in normal operation we have 871 * at least a default route which matches. 872 */ 873 static int 874 gre_compute_route(struct gre_softc *sc) 875 { 876 struct route *ro; 877 878 ro = &sc->route; 879 880 memset(ro, 0, sizeof(struct route)); 881 ((struct sockaddr_in *)&ro->ro_dst)->sin_addr = sc->g_dst; 882 ro->ro_dst.sa_family = AF_INET; 883 ro->ro_dst.sa_len = sizeof(ro->ro_dst); 884 885 /* 886 * toggle last bit, so our interface is not found, but a less 887 * specific route. I'd rather like to specify a shorter mask, 888 * but this is not possible. Should work though. XXX 889 * XXX MRT Use a different FIB for the tunnel to solve this problem. 890 */ 891 if ((GRE2IFP(sc)->if_flags & IFF_LINK1) == 0) { 892 ((struct sockaddr_in *)&ro->ro_dst)->sin_addr.s_addr ^= 893 htonl(0x01); 894 } 895 896 #ifdef DIAGNOSTIC 897 printf("%s: searching for a route to %s", if_name(GRE2IFP(sc)), 898 inet_ntoa(((struct sockaddr_in *)&ro->ro_dst)->sin_addr)); 899 #endif 900 901 rtalloc_fib(ro, sc->gre_fibnum); 902 903 /* 904 * check if this returned a route at all and this route is no 905 * recursion to ourself 906 */ 907 if (ro->ro_rt == NULL || ro->ro_rt->rt_ifp->if_softc == sc) { 908 #ifdef DIAGNOSTIC 909 if (ro->ro_rt == NULL) 910 printf(" - no route found!\n"); 911 else 912 printf(" - route loops back to ourself!\n"); 913 #endif 914 return EADDRNOTAVAIL; 915 } 916 917 /* 918 * now change it back - else ip_output will just drop 919 * the route and search one to this interface ... 920 */ 921 if ((GRE2IFP(sc)->if_flags & IFF_LINK1) == 0) 922 ((struct sockaddr_in *)&ro->ro_dst)->sin_addr = sc->g_dst; 923 924 #ifdef DIAGNOSTIC 925 printf(", choosing %s with gateway %s", if_name(ro->ro_rt->rt_ifp), 926 inet_ntoa(((struct sockaddr_in *)(ro->ro_rt->rt_gateway))->sin_addr)); 927 printf("\n"); 928 #endif 929 930 return 0; 931 } 932 933 /* 934 * do a checksum of a buffer - much like in_cksum, which operates on 935 * mbufs. 936 */ 937 u_int16_t 938 gre_in_cksum(u_int16_t *p, u_int len) 939 { 940 u_int32_t sum = 0; 941 int nwords = len >> 1; 942 943 while (nwords-- != 0) 944 sum += *p++; 945 946 if (len & 1) { 947 union { 948 u_short w; 949 u_char c[2]; 950 } u; 951 u.c[0] = *(u_char *)p; 952 u.c[1] = 0; 953 sum += u.w; 954 } 955 956 /* end-around-carry */ 957 sum = (sum >> 16) + (sum & 0xffff); 958 sum += (sum >> 16); 959 return (~sum); 960 } 961 962 static int 963 gremodevent(module_t mod, int type, void *data) 964 { 965 966 switch (type) { 967 case MOD_LOAD: 968 greattach(); 969 break; 970 case MOD_UNLOAD: 971 if_clone_detach(&gre_cloner); 972 mtx_destroy(&gre_mtx); 973 break; 974 default: 975 return EOPNOTSUPP; 976 } 977 return 0; 978 } 979 980 static moduledata_t gre_mod = { 981 "if_gre", 982 gremodevent, 983 0 984 }; 985 986 DECLARE_MODULE(if_gre, gre_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 987 MODULE_VERSION(if_gre, 1);
Cache object: 2c3f5b1dfb00ac8d8a8216e990564939
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]