FreeBSD/Linux Kernel Cross Reference
sys/netinet/in_gif.c
1 /*
2 * $FreeBSD: src/sys/netinet/in_gif.c,v 1.5.2.11 2003/01/23 21:06:45 sam Exp $
3 * $DragonFly: src/sys/netinet/in_gif.c,v 1.18 2008/10/27 02:56:30 sephe Exp $
4 * $KAME: in_gif.c,v 1.54 2001/05/14 14:02:16 itojun Exp $
5 */
6 /*
7 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the project nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 */
34
35 #include "opt_inet.h"
36 #include "opt_inet6.h"
37
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/socket.h>
41 #include <sys/sockio.h>
42 #include <sys/mbuf.h>
43 #include <sys/errno.h>
44 #include <sys/kernel.h>
45 #include <sys/sysctl.h>
46 #include <sys/protosw.h>
47
48 #include <sys/malloc.h>
49
50 #include <machine/stdarg.h>
51
52 #include <net/if.h>
53 #include <net/route.h>
54
55 #include <netinet/in.h>
56 #include <netinet/in_systm.h>
57 #include <netinet/ip.h>
58 #include <netinet/ip_var.h>
59 #include <netinet/in_gif.h>
60 #include <netinet/in_var.h>
61 #include <netinet/ip_encap.h>
62 #include <netinet/ip_ecn.h>
63
64 #ifdef INET6
65 #include <netinet/ip6.h>
66 #endif
67
68 #include <net/gif/if_gif.h>
69 #include <net/net_osdep.h>
70
71 #include <sys/thread2.h> /* ipstat */
72
73 #ifdef INET
74 static int gif_validate4 (const struct ip *, struct gif_softc *,
75 struct ifnet *);
76
77 extern struct domain inetdomain;
78 const struct protosw in_gif_protosw =
79 {
80 .pr_type = SOCK_RAW,
81 .pr_domain = &inetdomain,
82 .pr_protocol = 0 /*IPPROTO_IPV[46]*/,
83 .pr_flags = PR_ATOMIC|PR_ADDR,
84
85 .pr_input = in_gif_input,
86 .pr_output = rip_output,
87 .pr_ctlinput = NULL,
88 .pr_ctloutput = rip_ctloutput,
89
90 .pr_ctlport = NULL,
91 .pr_usrreqs = &rip_usrreqs
92 };
93
94 int ip_gif_ttl = GIF_TTL;
95 SYSCTL_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_RW,
96 &ip_gif_ttl, 0, "TTL of GIF packet");
97
98 int
99 in_gif_output(struct ifnet *ifp, int family, struct mbuf *m)
100 {
101 struct gif_softc *sc = (struct gif_softc*)ifp;
102 struct route *ro = &sc->gif_ro[mycpu->gd_cpuid];
103 struct sockaddr_in *dst = (struct sockaddr_in *)&ro->ro_dst;
104 struct sockaddr_in *sin_src = (struct sockaddr_in *)sc->gif_psrc;
105 struct sockaddr_in *sin_dst = (struct sockaddr_in *)sc->gif_pdst;
106 struct ip iphdr; /* capsule IP header, host byte ordered */
107 int proto, error;
108 u_int8_t tos;
109
110 if (sin_src == NULL || sin_dst == NULL ||
111 sin_src->sin_family != AF_INET ||
112 sin_dst->sin_family != AF_INET) {
113 m_freem(m);
114 return EAFNOSUPPORT;
115 }
116
117 switch (family) {
118 #ifdef INET
119 case AF_INET:
120 {
121 struct ip *ip;
122
123 proto = IPPROTO_IPV4;
124 if (m->m_len < sizeof *ip) {
125 m = m_pullup(m, sizeof *ip);
126 if (!m)
127 return ENOBUFS;
128 }
129 ip = mtod(m, struct ip *);
130 tos = ip->ip_tos;
131 break;
132 }
133 #endif
134 #ifdef INET6
135 case AF_INET6:
136 {
137 struct ip6_hdr *ip6;
138 proto = IPPROTO_IPV6;
139 if (m->m_len < sizeof *ip6) {
140 m = m_pullup(m, sizeof *ip6);
141 if (!m)
142 return ENOBUFS;
143 }
144 ip6 = mtod(m, struct ip6_hdr *);
145 tos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
146 break;
147 }
148 #endif
149 default:
150 #ifdef DEBUG
151 kprintf("in_gif_output: warning: unknown family %d passed\n",
152 family);
153 #endif
154 m_freem(m);
155 return EAFNOSUPPORT;
156 }
157
158 bzero(&iphdr, sizeof iphdr);
159 iphdr.ip_src = sin_src->sin_addr;
160 /* bidirectional configured tunnel mode */
161 if (sin_dst->sin_addr.s_addr != INADDR_ANY)
162 iphdr.ip_dst = sin_dst->sin_addr;
163 else {
164 m_freem(m);
165 return ENETUNREACH;
166 }
167 iphdr.ip_p = proto;
168 /* version will be set in ip_output() */
169 iphdr.ip_ttl = ip_gif_ttl;
170 iphdr.ip_len = m->m_pkthdr.len + sizeof(struct ip);
171 if (ifp->if_flags & IFF_LINK1)
172 ip_ecn_ingress(ECN_ALLOWED, &iphdr.ip_tos, &tos);
173 else
174 ip_ecn_ingress(ECN_NOCARE, &iphdr.ip_tos, &tos);
175
176 /* prepend new IP header */
177 M_PREPEND(m, sizeof(struct ip), MB_DONTWAIT);
178 if (m && m->m_len < sizeof(struct ip))
179 m = m_pullup(m, sizeof(struct ip));
180 if (m == NULL) {
181 kprintf("ENOBUFS in in_gif_output %d\n", __LINE__);
182 return ENOBUFS;
183 }
184 bcopy(&iphdr, mtod(m, struct ip *), sizeof(struct ip));
185
186 if (dst->sin_family != sin_dst->sin_family ||
187 dst->sin_addr.s_addr != sin_dst->sin_addr.s_addr) {
188 /* cache route doesn't match */
189 dst->sin_family = sin_dst->sin_family;
190 dst->sin_len = sizeof(struct sockaddr_in);
191 dst->sin_addr = sin_dst->sin_addr;
192 if (ro->ro_rt != NULL) {
193 RTFREE(ro->ro_rt);
194 ro->ro_rt = NULL;
195 }
196 #if 0
197 sc->gif_if.if_mtu = GIF_MTU;
198 #endif
199 }
200
201 if (ro->ro_rt == NULL) {
202 rtalloc(ro);
203 if (ro->ro_rt == NULL) {
204 m_freem(m);
205 return ENETUNREACH;
206 }
207
208 /* if it constitutes infinite encapsulation, punt. */
209 if (ro->ro_rt->rt_ifp == ifp) {
210 m_freem(m);
211 return ENETUNREACH; /* XXX */
212 }
213 #if 0
214 ifp->if_mtu = ro->ro_rt->rt_ifp->if_mtu - sizeof(struct ip);
215 #endif
216 }
217
218 error = ip_output(m, NULL, ro, 0, NULL, NULL);
219 return(error);
220 }
221
222 int
223 in_gif_input(struct mbuf **mp, int *offp, int proto)
224 {
225 struct mbuf *m = *mp;
226 struct ifnet *gifp = NULL;
227 struct ip *ip;
228 int af;
229 u_int8_t otos;
230 int off;
231
232 off = *offp;
233 *mp = NULL;
234
235 ip = mtod(m, struct ip *);
236
237 gifp = (struct ifnet *)encap_getarg(m);
238
239 if (gifp == NULL || (gifp->if_flags & IFF_UP) == 0) {
240 m_freem(m);
241 ipstat.ips_nogif++;
242 return(IPPROTO_DONE);
243 }
244
245 otos = ip->ip_tos;
246 m_adj(m, off);
247
248 switch (proto) {
249 #ifdef INET
250 case IPPROTO_IPV4:
251 {
252 struct ip *ip;
253 af = AF_INET;
254 if (m->m_len < sizeof *ip) {
255 m = m_pullup(m, sizeof *ip);
256 if (!m)
257 return(IPPROTO_DONE);
258 }
259 ip = mtod(m, struct ip *);
260 if (gifp->if_flags & IFF_LINK1)
261 ip_ecn_egress(ECN_ALLOWED, &otos, &ip->ip_tos);
262 else
263 ip_ecn_egress(ECN_NOCARE, &otos, &ip->ip_tos);
264 break;
265 }
266 #endif
267 #ifdef INET6
268 case IPPROTO_IPV6:
269 {
270 struct ip6_hdr *ip6;
271 u_int8_t itos;
272 af = AF_INET6;
273 if (m->m_len < sizeof *ip6) {
274 m = m_pullup(m, sizeof *ip6);
275 if (!m)
276 return(IPPROTO_DONE);
277 }
278 ip6 = mtod(m, struct ip6_hdr *);
279 itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
280 if (gifp->if_flags & IFF_LINK1)
281 ip_ecn_egress(ECN_ALLOWED, &otos, &itos);
282 else
283 ip_ecn_egress(ECN_NOCARE, &otos, &itos);
284 ip6->ip6_flow &= ~htonl(0xff << 20);
285 ip6->ip6_flow |= htonl((u_int32_t)itos << 20);
286 break;
287 }
288 #endif /* INET6 */
289 default:
290 ipstat.ips_nogif++;
291 m_freem(m);
292 return(IPPROTO_DONE);
293 }
294 gif_input(m, af, gifp);
295 return(IPPROTO_DONE);
296 }
297
298 /*
299 * validate outer address.
300 */
301 static int
302 gif_validate4(const struct ip *ip, struct gif_softc *sc, struct ifnet *ifp)
303 {
304 struct sockaddr_in *src, *dst;
305 struct in_ifaddr_container *iac;
306
307 src = (struct sockaddr_in *)sc->gif_psrc;
308 dst = (struct sockaddr_in *)sc->gif_pdst;
309
310 /* check for address match */
311 if (src->sin_addr.s_addr != ip->ip_dst.s_addr ||
312 dst->sin_addr.s_addr != ip->ip_src.s_addr)
313 return 0;
314
315 /* martian filters on outer source - NOT done in ip_input! */
316 if (IN_MULTICAST(ntohl(ip->ip_src.s_addr)))
317 return 0;
318 switch ((ntohl(ip->ip_src.s_addr) & 0xff000000) >> 24) {
319 case 0: case 127: case 255:
320 return 0;
321 }
322 /* reject packets with broadcast on source */
323 TAILQ_FOREACH(iac, &in_ifaddrheads[mycpuid], ia_link) {
324 struct in_ifaddr *ia4 = iac->ia;
325
326 if (!(ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST))
327 continue;
328 if (ip->ip_src.s_addr == ia4->ia_broadaddr.sin_addr.s_addr)
329 return 0;
330 }
331
332 /* ingress filters on outer source */
333 if (!(sc->gif_if.if_flags & IFF_LINK2) && ifp != NULL) {
334 struct sockaddr_in sin;
335 struct rtentry *rt;
336
337 bzero(&sin, sizeof sin);
338 sin.sin_family = AF_INET;
339 sin.sin_len = sizeof(struct sockaddr_in);
340 sin.sin_addr = ip->ip_src;
341 rt = rtpurelookup((struct sockaddr *)&sin);
342 if (rt != NULL)
343 --rt->rt_refcnt;
344 if (rt == NULL || rt->rt_ifp != ifp) {
345 #if 0
346 log(LOG_WARNING, "%s: packet from 0x%x dropped "
347 "due to ingress filter\n", if_name(&sc->gif_if),
348 (u_int32_t)ntohl(sin.sin_addr.s_addr));
349 #endif
350 return 0;
351 }
352 }
353
354 return 32 * 2;
355 }
356
357 /*
358 * we know that we are in IFF_UP, outer address available, and outer family
359 * matched the physical addr family. see gif_encapcheck().
360 */
361 int
362 gif_encapcheck4(const struct mbuf *m, int off, int proto, void *arg)
363 {
364 struct ip ip;
365 struct gif_softc *sc;
366 struct ifnet *ifp;
367
368 /* sanity check done in caller */
369 sc = (struct gif_softc *)arg;
370
371 /* LINTED const cast */
372 m_copydata(__DECONST(struct mbuf *, m), 0, sizeof ip, (caddr_t)&ip);
373 ifp = ((m->m_flags & M_PKTHDR) != 0) ? m->m_pkthdr.rcvif : NULL;
374
375 return gif_validate4(&ip, sc, ifp);
376 }
377
378 int
379 in_gif_attach(struct gif_softc *sc)
380 {
381 sc->encap_cookie4 = encap_attach_func(AF_INET, -1, gif_encapcheck,
382 &in_gif_protosw, sc);
383 if (sc->encap_cookie4 == NULL)
384 return EEXIST;
385 return 0;
386 }
387
388 int
389 in_gif_detach(struct gif_softc *sc)
390 {
391 int error;
392
393 error = encap_detach(sc->encap_cookie4);
394 if (error == 0)
395 sc->encap_cookie4 = NULL;
396 return error;
397 }
398
399 #endif /* INET */
Cache object: 01244a52a5cb5ece32f3c42f6dd1877b
|