The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netinet/in_gif.c

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * SPDX-License-Identifier: BSD-3-Clause
    3  *
    4  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    5  * Copyright (c) 2018 Andrey V. Elsukov <ae@FreeBSD.org>
    6  * All rights reserved.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  * 3. Neither the name of the project nor the names of its contributors
   17  *    may be used to endorse or promote products derived from this software
   18  *    without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30  * SUCH DAMAGE.
   31  *
   32  *      $KAME: in_gif.c,v 1.54 2001/05/14 14:02:16 itojun Exp $
   33  */
   34 
   35 #include <sys/cdefs.h>
   36 __FBSDID("$FreeBSD: releng/12.0/sys/netinet/in_gif.c 336676 2018-07-24 16:35:52Z andrew $");
   37 
   38 #include "opt_inet.h"
   39 #include "opt_inet6.h"
   40 
   41 #include <sys/param.h>
   42 #include <sys/systm.h>
   43 #include <sys/jail.h>
   44 #include <sys/socket.h>
   45 #include <sys/sockio.h>
   46 #include <sys/mbuf.h>
   47 #include <sys/errno.h>
   48 #include <sys/kernel.h>
   49 #include <sys/sysctl.h>
   50 #include <sys/malloc.h>
   51 #include <sys/proc.h>
   52 
   53 #include <net/ethernet.h>
   54 #include <net/if.h>
   55 #include <net/if_var.h>
   56 #include <net/route.h>
   57 #include <net/vnet.h>
   58 
   59 #include <netinet/in.h>
   60 #include <netinet/in_systm.h>
   61 #include <netinet/ip.h>
   62 #include <netinet/ip_var.h>
   63 #include <netinet/in_var.h>
   64 #include <netinet/ip_encap.h>
   65 #include <netinet/ip_ecn.h>
   66 #include <netinet/in_fib.h>
   67 
   68 #ifdef INET6
   69 #include <netinet/ip6.h>
   70 #endif
   71 
   72 #include <net/if_gif.h>
   73 
   74 #define GIF_TTL         30
   75 VNET_DEFINE_STATIC(int, ip_gif_ttl) = GIF_TTL;
   76 #define V_ip_gif_ttl            VNET(ip_gif_ttl)
   77 SYSCTL_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_VNET | CTLFLAG_RW,
   78     &VNET_NAME(ip_gif_ttl), 0, "Default TTL value for encapsulated packets");
   79 
   80 /*
   81  * We keep interfaces in a hash table using src+dst as key.
   82  * Interfaces with GIF_IGNORE_SOURCE flag are linked into plain list.
   83  */
   84 VNET_DEFINE_STATIC(struct gif_list *, ipv4_hashtbl) = NULL;
   85 VNET_DEFINE_STATIC(struct gif_list, ipv4_list) = CK_LIST_HEAD_INITIALIZER();
   86 #define V_ipv4_hashtbl          VNET(ipv4_hashtbl)
   87 #define V_ipv4_list             VNET(ipv4_list)
   88 
   89 #define GIF_HASH(src, dst)      (V_ipv4_hashtbl[\
   90     in_gif_hashval((src), (dst)) & (GIF_HASH_SIZE - 1)])
   91 #define GIF_HASH_SC(sc)         GIF_HASH((sc)->gif_iphdr->ip_src.s_addr,\
   92     (sc)->gif_iphdr->ip_dst.s_addr)
   93 static uint32_t
   94 in_gif_hashval(in_addr_t src, in_addr_t dst)
   95 {
   96         uint32_t ret;
   97 
   98         ret = fnv_32_buf(&src, sizeof(src), FNV1_32_INIT);
   99         return (fnv_32_buf(&dst, sizeof(dst), ret));
  100 }
  101 
  102 static int
  103 in_gif_checkdup(const struct gif_softc *sc, in_addr_t src, in_addr_t dst)
  104 {
  105         struct gif_softc *tmp;
  106 
  107         if (sc->gif_family == AF_INET &&
  108             sc->gif_iphdr->ip_src.s_addr == src &&
  109             sc->gif_iphdr->ip_dst.s_addr == dst)
  110                 return (EEXIST);
  111 
  112         CK_LIST_FOREACH(tmp, &GIF_HASH(src, dst), chain) {
  113                 if (tmp == sc)
  114                         continue;
  115                 if (tmp->gif_iphdr->ip_src.s_addr == src &&
  116                     tmp->gif_iphdr->ip_dst.s_addr == dst)
  117                         return (EADDRNOTAVAIL);
  118         }
  119         return (0);
  120 }
  121 
  122 static void
  123 in_gif_attach(struct gif_softc *sc)
  124 {
  125 
  126         if (sc->gif_options & GIF_IGNORE_SOURCE)
  127                 CK_LIST_INSERT_HEAD(&V_ipv4_list, sc, chain);
  128         else
  129                 CK_LIST_INSERT_HEAD(&GIF_HASH_SC(sc), sc, chain);
  130 }
  131 
  132 int
  133 in_gif_setopts(struct gif_softc *sc, u_int options)
  134 {
  135 
  136         /* NOTE: we are protected with gif_ioctl_sx lock */
  137         MPASS(sc->gif_family == AF_INET);
  138         MPASS(sc->gif_options != options);
  139 
  140         if ((options & GIF_IGNORE_SOURCE) !=
  141             (sc->gif_options & GIF_IGNORE_SOURCE)) {
  142                 CK_LIST_REMOVE(sc, chain);
  143                 sc->gif_options = options;
  144                 in_gif_attach(sc);
  145         }
  146         return (0);
  147 }
  148 
  149 int
  150 in_gif_ioctl(struct gif_softc *sc, u_long cmd, caddr_t data)
  151 {
  152         struct ifreq *ifr = (struct ifreq *)data;
  153         struct sockaddr_in *dst, *src;
  154         struct ip *ip;
  155         int error;
  156 
  157         /* NOTE: we are protected with gif_ioctl_sx lock */
  158         error = EINVAL;
  159         switch (cmd) {
  160         case SIOCSIFPHYADDR:
  161                 src = &((struct in_aliasreq *)data)->ifra_addr;
  162                 dst = &((struct in_aliasreq *)data)->ifra_dstaddr;
  163 
  164                 /* sanity checks */
  165                 if (src->sin_family != dst->sin_family ||
  166                     src->sin_family != AF_INET ||
  167                     src->sin_len != dst->sin_len ||
  168                     src->sin_len != sizeof(*src))
  169                         break;
  170                 if (src->sin_addr.s_addr == INADDR_ANY ||
  171                     dst->sin_addr.s_addr == INADDR_ANY) {
  172                         error = EADDRNOTAVAIL;
  173                         break;
  174                 }
  175                 if (V_ipv4_hashtbl == NULL)
  176                         V_ipv4_hashtbl = gif_hashinit();
  177                 error = in_gif_checkdup(sc, src->sin_addr.s_addr,
  178                     dst->sin_addr.s_addr);
  179                 if (error == EADDRNOTAVAIL)
  180                         break;
  181                 if (error == EEXIST) {
  182                         /* Addresses are the same. Just return. */
  183                         error = 0;
  184                         break;
  185                 }
  186                 ip = malloc(sizeof(*ip), M_GIF, M_WAITOK | M_ZERO);
  187                 ip->ip_src.s_addr = src->sin_addr.s_addr;
  188                 ip->ip_dst.s_addr = dst->sin_addr.s_addr;
  189                 if (sc->gif_family != 0) {
  190                         /* Detach existing tunnel first */
  191                         CK_LIST_REMOVE(sc, chain);
  192                         GIF_WAIT();
  193                         free(sc->gif_hdr, M_GIF);
  194                         /* XXX: should we notify about link state change? */
  195                 }
  196                 sc->gif_family = AF_INET;
  197                 sc->gif_iphdr = ip;
  198                 in_gif_attach(sc);
  199                 break;
  200         case SIOCGIFPSRCADDR:
  201         case SIOCGIFPDSTADDR:
  202                 if (sc->gif_family != AF_INET) {
  203                         error = EADDRNOTAVAIL;
  204                         break;
  205                 }
  206                 src = (struct sockaddr_in *)&ifr->ifr_addr;
  207                 memset(src, 0, sizeof(*src));
  208                 src->sin_family = AF_INET;
  209                 src->sin_len = sizeof(*src);
  210                 src->sin_addr = (cmd == SIOCGIFPSRCADDR) ?
  211                     sc->gif_iphdr->ip_src: sc->gif_iphdr->ip_dst;
  212                 error = prison_if(curthread->td_ucred, (struct sockaddr *)src);
  213                 if (error != 0)
  214                         memset(src, 0, sizeof(*src));
  215                 break;
  216         }
  217         return (error);
  218 }
  219 
  220 int
  221 in_gif_output(struct ifnet *ifp, struct mbuf *m, int proto, uint8_t ecn)
  222 {
  223         struct gif_softc *sc = ifp->if_softc;
  224         struct ip *ip;
  225         int len;
  226 
  227         /* prepend new IP header */
  228         MPASS(in_epoch(net_epoch_preempt));
  229         len = sizeof(struct ip);
  230 #ifndef __NO_STRICT_ALIGNMENT
  231         if (proto == IPPROTO_ETHERIP)
  232                 len += ETHERIP_ALIGN;
  233 #endif
  234         M_PREPEND(m, len, M_NOWAIT);
  235         if (m == NULL)
  236                 return (ENOBUFS);
  237 #ifndef __NO_STRICT_ALIGNMENT
  238         if (proto == IPPROTO_ETHERIP) {
  239                 len = mtod(m, vm_offset_t) & 3;
  240                 KASSERT(len == 0 || len == ETHERIP_ALIGN,
  241                     ("in_gif_output: unexpected misalignment"));
  242                 m->m_data += len;
  243                 m->m_len -= ETHERIP_ALIGN;
  244         }
  245 #endif
  246         ip = mtod(m, struct ip *);
  247 
  248         MPASS(sc->gif_family == AF_INET);
  249         bcopy(sc->gif_iphdr, ip, sizeof(struct ip));
  250         ip->ip_p = proto;
  251         /* version will be set in ip_output() */
  252         ip->ip_ttl = V_ip_gif_ttl;
  253         ip->ip_len = htons(m->m_pkthdr.len);
  254         ip->ip_tos = ecn;
  255 
  256         return (ip_output(m, NULL, NULL, 0, NULL, NULL));
  257 }
  258 
  259 static int
  260 in_gif_input(struct mbuf *m, int off, int proto, void *arg)
  261 {
  262         struct gif_softc *sc = arg;
  263         struct ifnet *gifp;
  264         struct ip *ip;
  265         uint8_t ecn;
  266 
  267         MPASS(in_epoch(net_epoch_preempt));
  268         if (sc == NULL) {
  269                 m_freem(m);
  270                 KMOD_IPSTAT_INC(ips_nogif);
  271                 return (IPPROTO_DONE);
  272         }
  273         gifp = GIF2IFP(sc);
  274         if ((gifp->if_flags & IFF_UP) != 0) {
  275                 ip = mtod(m, struct ip *);
  276                 ecn = ip->ip_tos;
  277                 m_adj(m, off);
  278                 gif_input(m, gifp, proto, ecn);
  279         } else {
  280                 m_freem(m);
  281                 KMOD_IPSTAT_INC(ips_nogif);
  282         }
  283         return (IPPROTO_DONE);
  284 }
  285 
  286 static int
  287 in_gif_lookup(const struct mbuf *m, int off, int proto, void **arg)
  288 {
  289         const struct ip *ip;
  290         struct gif_softc *sc;
  291         int ret;
  292 
  293         if (V_ipv4_hashtbl == NULL)
  294                 return (0);
  295 
  296         MPASS(in_epoch(net_epoch_preempt));
  297         ip = mtod(m, const struct ip *);
  298         /*
  299          * NOTE: it is safe to iterate without any locking here, because softc
  300          * can be reclaimed only when we are not within net_epoch_preempt
  301          * section, but ip_encap lookup+input are executed in epoch section.
  302          */
  303         ret = 0;
  304         CK_LIST_FOREACH(sc, &GIF_HASH(ip->ip_dst.s_addr,
  305             ip->ip_src.s_addr), chain) {
  306                 /*
  307                  * This is an inbound packet, its ip_dst is source address
  308                  * in softc.
  309                  */
  310                 if (sc->gif_iphdr->ip_src.s_addr == ip->ip_dst.s_addr &&
  311                     sc->gif_iphdr->ip_dst.s_addr == ip->ip_src.s_addr) {
  312                         ret = ENCAP_DRV_LOOKUP;
  313                         goto done;
  314                 }
  315         }
  316         /*
  317          * No exact match.
  318          * Check the list of interfaces with GIF_IGNORE_SOURCE flag.
  319          */
  320         CK_LIST_FOREACH(sc, &V_ipv4_list, chain) {
  321                 if (sc->gif_iphdr->ip_src.s_addr == ip->ip_dst.s_addr) {
  322                         ret = 32 + 8; /* src + proto */
  323                         goto done;
  324                 }
  325         }
  326         return (0);
  327 done:
  328         if ((GIF2IFP(sc)->if_flags & IFF_UP) == 0)
  329                 return (0);
  330         /* ingress filters on outer source */
  331         if ((GIF2IFP(sc)->if_flags & IFF_LINK2) == 0) {
  332                 struct nhop4_basic nh4;
  333                 struct in_addr dst;
  334 
  335                 dst = ip->ip_src;
  336                 if (fib4_lookup_nh_basic(sc->gif_fibnum, dst, 0, 0, &nh4) != 0)
  337                         return (0);
  338                 if (nh4.nh_ifp != m->m_pkthdr.rcvif)
  339                         return (0);
  340         }
  341         *arg = sc;
  342         return (ret);
  343 }
  344 
  345 static struct {
  346         const struct encap_config encap;
  347         const struct encaptab *cookie;
  348 } ipv4_encap_cfg[] = {
  349         {
  350                 .encap = {
  351                         .proto = IPPROTO_IPV4,
  352                         .min_length = 2 * sizeof(struct ip),
  353                         .exact_match = ENCAP_DRV_LOOKUP,
  354                         .lookup = in_gif_lookup,
  355                         .input = in_gif_input
  356                 },
  357         },
  358 #ifdef INET6
  359         {
  360                 .encap = {
  361                         .proto = IPPROTO_IPV6,
  362                         .min_length = sizeof(struct ip) +
  363                             sizeof(struct ip6_hdr),
  364                         .exact_match = ENCAP_DRV_LOOKUP,
  365                         .lookup = in_gif_lookup,
  366                         .input = in_gif_input
  367                 },
  368         },
  369 #endif
  370         {
  371                 .encap = {
  372                         .proto = IPPROTO_ETHERIP,
  373                         .min_length = sizeof(struct ip) +
  374                             sizeof(struct etherip_header) +
  375                             sizeof(struct ether_header),
  376                         .exact_match = ENCAP_DRV_LOOKUP,
  377                         .lookup = in_gif_lookup,
  378                         .input = in_gif_input
  379                 },
  380         }
  381 };
  382 
  383 void
  384 in_gif_init(void)
  385 {
  386         int i;
  387 
  388         if (!IS_DEFAULT_VNET(curvnet))
  389                 return;
  390         for (i = 0; i < nitems(ipv4_encap_cfg); i++)
  391                 ipv4_encap_cfg[i].cookie = ip_encap_attach(
  392                     &ipv4_encap_cfg[i].encap, NULL, M_WAITOK);
  393 }
  394 
  395 void
  396 in_gif_uninit(void)
  397 {
  398         int i;
  399 
  400         if (IS_DEFAULT_VNET(curvnet)) {
  401                 for (i = 0; i < nitems(ipv4_encap_cfg); i++)
  402                         ip_encap_detach(ipv4_encap_cfg[i].cookie);
  403         }
  404         if (V_ipv4_hashtbl != NULL)
  405                 gif_hashdestroy(V_ipv4_hashtbl);
  406 }
  407 

Cache object: 6c9251fb3e6173c276a4397bcd524546


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.