FreeBSD/Linux Kernel Cross Reference
sys/netinet/in_gif.c
1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * Copyright (c) 2018 Andrey V. Elsukov <ae@FreeBSD.org>
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 * $KAME: in_gif.c,v 1.54 2001/05/14 14:02:16 itojun Exp $
33 */
34
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
37
38 #include "opt_inet.h"
39 #include "opt_inet6.h"
40
41 #include <sys/param.h>
42 #include <sys/systm.h>
43 #include <sys/jail.h>
44 #include <sys/socket.h>
45 #include <sys/sockio.h>
46 #include <sys/mbuf.h>
47 #include <sys/errno.h>
48 #include <sys/kernel.h>
49 #include <sys/sysctl.h>
50 #include <sys/malloc.h>
51 #include <sys/proc.h>
52
53 #include <net/ethernet.h>
54 #include <net/if.h>
55 #include <net/if_var.h>
56 #include <net/route.h>
57 #include <net/vnet.h>
58
59 #include <netinet/in.h>
60 #include <netinet/in_systm.h>
61 #include <netinet/ip.h>
62 #include <netinet/ip_var.h>
63 #include <netinet/in_var.h>
64 #include <netinet/ip_encap.h>
65 #include <netinet/ip_ecn.h>
66 #include <netinet/in_fib.h>
67
68 #ifdef INET6
69 #include <netinet/ip6.h>
70 #endif
71
72 #include <net/if_gif.h>
73
74 #define GIF_TTL 30
75 VNET_DEFINE_STATIC(int, ip_gif_ttl) = GIF_TTL;
76 #define V_ip_gif_ttl VNET(ip_gif_ttl)
77 SYSCTL_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_VNET | CTLFLAG_RW,
78 &VNET_NAME(ip_gif_ttl), 0, "Default TTL value for encapsulated packets");
79
80 /*
81 * We keep interfaces in a hash table using src+dst as key.
82 * Interfaces with GIF_IGNORE_SOURCE flag are linked into plain list.
83 */
84 VNET_DEFINE_STATIC(struct gif_list *, ipv4_hashtbl) = NULL;
85 VNET_DEFINE_STATIC(struct gif_list *, ipv4_srchashtbl) = NULL;
86 VNET_DEFINE_STATIC(struct gif_list, ipv4_list) = CK_LIST_HEAD_INITIALIZER();
87 #define V_ipv4_hashtbl VNET(ipv4_hashtbl)
88 #define V_ipv4_srchashtbl VNET(ipv4_srchashtbl)
89 #define V_ipv4_list VNET(ipv4_list)
90
91 #define GIF_HASH(src, dst) (V_ipv4_hashtbl[\
92 in_gif_hashval((src), (dst)) & (GIF_HASH_SIZE - 1)])
93 #define GIF_SRCHASH(src) (V_ipv4_srchashtbl[\
94 fnv_32_buf(&(src), sizeof(src), FNV1_32_INIT) & (GIF_HASH_SIZE - 1)])
95 #define GIF_HASH_SC(sc) GIF_HASH((sc)->gif_iphdr->ip_src.s_addr,\
96 (sc)->gif_iphdr->ip_dst.s_addr)
97 static uint32_t
98 in_gif_hashval(in_addr_t src, in_addr_t dst)
99 {
100 uint32_t ret;
101
102 ret = fnv_32_buf(&src, sizeof(src), FNV1_32_INIT);
103 return (fnv_32_buf(&dst, sizeof(dst), ret));
104 }
105
106 static int
107 in_gif_checkdup(const struct gif_softc *sc, in_addr_t src, in_addr_t dst)
108 {
109 struct gif_softc *tmp;
110
111 if (sc->gif_family == AF_INET &&
112 sc->gif_iphdr->ip_src.s_addr == src &&
113 sc->gif_iphdr->ip_dst.s_addr == dst)
114 return (EEXIST);
115
116 CK_LIST_FOREACH(tmp, &GIF_HASH(src, dst), chain) {
117 if (tmp == sc)
118 continue;
119 if (tmp->gif_iphdr->ip_src.s_addr == src &&
120 tmp->gif_iphdr->ip_dst.s_addr == dst)
121 return (EADDRNOTAVAIL);
122 }
123 return (0);
124 }
125
126 /*
127 * Check that ingress address belongs to local host.
128 */
129 static void
130 in_gif_set_running(struct gif_softc *sc)
131 {
132
133 if (in_localip(sc->gif_iphdr->ip_src))
134 GIF2IFP(sc)->if_drv_flags |= IFF_DRV_RUNNING;
135 else
136 GIF2IFP(sc)->if_drv_flags &= ~IFF_DRV_RUNNING;
137 }
138
139 /*
140 * ifaddr_event handler.
141 * Clear IFF_DRV_RUNNING flag when ingress address disappears to prevent
142 * source address spoofing.
143 */
144 static void
145 in_gif_srcaddr(void *arg __unused, const struct sockaddr *sa,
146 int event __unused)
147 {
148 const struct sockaddr_in *sin;
149 struct gif_softc *sc;
150
151 /* Check that VNET is ready */
152 if (V_ipv4_hashtbl == NULL)
153 return;
154
155 MPASS(in_epoch(net_epoch_preempt));
156 sin = (const struct sockaddr_in *)sa;
157 CK_LIST_FOREACH(sc, &GIF_SRCHASH(sin->sin_addr.s_addr), srchash) {
158 if (sc->gif_iphdr->ip_src.s_addr != sin->sin_addr.s_addr)
159 continue;
160 in_gif_set_running(sc);
161 }
162 }
163
164 static void
165 in_gif_attach(struct gif_softc *sc)
166 {
167
168 if (sc->gif_options & GIF_IGNORE_SOURCE)
169 CK_LIST_INSERT_HEAD(&V_ipv4_list, sc, chain);
170 else
171 CK_LIST_INSERT_HEAD(&GIF_HASH_SC(sc), sc, chain);
172
173 CK_LIST_INSERT_HEAD(&GIF_SRCHASH(sc->gif_iphdr->ip_src.s_addr),
174 sc, srchash);
175 }
176
177 int
178 in_gif_setopts(struct gif_softc *sc, u_int options)
179 {
180
181 /* NOTE: we are protected with gif_ioctl_sx lock */
182 MPASS(sc->gif_family == AF_INET);
183 MPASS(sc->gif_options != options);
184
185 if ((options & GIF_IGNORE_SOURCE) !=
186 (sc->gif_options & GIF_IGNORE_SOURCE)) {
187 CK_LIST_REMOVE(sc, srchash);
188 CK_LIST_REMOVE(sc, chain);
189 sc->gif_options = options;
190 in_gif_attach(sc);
191 }
192 return (0);
193 }
194
195 int
196 in_gif_ioctl(struct gif_softc *sc, u_long cmd, caddr_t data)
197 {
198 struct ifreq *ifr = (struct ifreq *)data;
199 struct sockaddr_in *dst, *src;
200 struct ip *ip;
201 int error;
202
203 /* NOTE: we are protected with gif_ioctl_sx lock */
204 error = EINVAL;
205 switch (cmd) {
206 case SIOCSIFPHYADDR:
207 src = &((struct in_aliasreq *)data)->ifra_addr;
208 dst = &((struct in_aliasreq *)data)->ifra_dstaddr;
209
210 /* sanity checks */
211 if (src->sin_family != dst->sin_family ||
212 src->sin_family != AF_INET ||
213 src->sin_len != dst->sin_len ||
214 src->sin_len != sizeof(*src))
215 break;
216 if (src->sin_addr.s_addr == INADDR_ANY ||
217 dst->sin_addr.s_addr == INADDR_ANY) {
218 error = EADDRNOTAVAIL;
219 break;
220 }
221 if (V_ipv4_hashtbl == NULL) {
222 V_ipv4_hashtbl = gif_hashinit();
223 V_ipv4_srchashtbl = gif_hashinit();
224 }
225 error = in_gif_checkdup(sc, src->sin_addr.s_addr,
226 dst->sin_addr.s_addr);
227 if (error == EADDRNOTAVAIL)
228 break;
229 if (error == EEXIST) {
230 /* Addresses are the same. Just return. */
231 error = 0;
232 break;
233 }
234 ip = malloc(sizeof(*ip), M_GIF, M_WAITOK | M_ZERO);
235 ip->ip_src.s_addr = src->sin_addr.s_addr;
236 ip->ip_dst.s_addr = dst->sin_addr.s_addr;
237 if (sc->gif_family != 0) {
238 /* Detach existing tunnel first */
239 CK_LIST_REMOVE(sc, srchash);
240 CK_LIST_REMOVE(sc, chain);
241 GIF_WAIT();
242 free(sc->gif_hdr, M_GIF);
243 /* XXX: should we notify about link state change? */
244 }
245 sc->gif_family = AF_INET;
246 sc->gif_iphdr = ip;
247 in_gif_attach(sc);
248 in_gif_set_running(sc);
249 break;
250 case SIOCGIFPSRCADDR:
251 case SIOCGIFPDSTADDR:
252 if (sc->gif_family != AF_INET) {
253 error = EADDRNOTAVAIL;
254 break;
255 }
256 src = (struct sockaddr_in *)&ifr->ifr_addr;
257 memset(src, 0, sizeof(*src));
258 src->sin_family = AF_INET;
259 src->sin_len = sizeof(*src);
260 src->sin_addr = (cmd == SIOCGIFPSRCADDR) ?
261 sc->gif_iphdr->ip_src: sc->gif_iphdr->ip_dst;
262 error = prison_if(curthread->td_ucred, (struct sockaddr *)src);
263 if (error != 0)
264 memset(src, 0, sizeof(*src));
265 break;
266 }
267 return (error);
268 }
269
270 int
271 in_gif_output(struct ifnet *ifp, struct mbuf *m, int proto, uint8_t ecn)
272 {
273 struct gif_softc *sc = ifp->if_softc;
274 struct ip *ip;
275 int len;
276
277 /* prepend new IP header */
278 MPASS(in_epoch(net_epoch_preempt));
279 len = sizeof(struct ip);
280 #ifndef __NO_STRICT_ALIGNMENT
281 if (proto == IPPROTO_ETHERIP)
282 len += ETHERIP_ALIGN;
283 #endif
284 M_PREPEND(m, len, M_NOWAIT);
285 if (m == NULL)
286 return (ENOBUFS);
287 #ifndef __NO_STRICT_ALIGNMENT
288 if (proto == IPPROTO_ETHERIP) {
289 len = mtod(m, vm_offset_t) & 3;
290 KASSERT(len == 0 || len == ETHERIP_ALIGN,
291 ("in_gif_output: unexpected misalignment"));
292 m->m_data += len;
293 m->m_len -= ETHERIP_ALIGN;
294 }
295 #endif
296 ip = mtod(m, struct ip *);
297
298 MPASS(sc->gif_family == AF_INET);
299 bcopy(sc->gif_iphdr, ip, sizeof(struct ip));
300 ip->ip_p = proto;
301 /* version will be set in ip_output() */
302 ip->ip_ttl = V_ip_gif_ttl;
303 ip->ip_len = htons(m->m_pkthdr.len);
304 ip->ip_tos = ecn;
305
306 return (ip_output(m, NULL, NULL, 0, NULL, NULL));
307 }
308
309 static int
310 in_gif_input(struct mbuf *m, int off, int proto, void *arg)
311 {
312 struct gif_softc *sc = arg;
313 struct ifnet *gifp;
314 struct ip *ip;
315 uint8_t ecn;
316
317 MPASS(in_epoch(net_epoch_preempt));
318 if (sc == NULL) {
319 m_freem(m);
320 KMOD_IPSTAT_INC(ips_nogif);
321 return (IPPROTO_DONE);
322 }
323 gifp = GIF2IFP(sc);
324 if ((gifp->if_flags & IFF_UP) != 0) {
325 ip = mtod(m, struct ip *);
326 ecn = ip->ip_tos;
327 m_adj(m, off);
328 gif_input(m, gifp, proto, ecn);
329 } else {
330 m_freem(m);
331 KMOD_IPSTAT_INC(ips_nogif);
332 }
333 return (IPPROTO_DONE);
334 }
335
336 static int
337 in_gif_lookup(const struct mbuf *m, int off, int proto, void **arg)
338 {
339 const struct ip *ip;
340 struct gif_softc *sc;
341 int ret;
342
343 if (V_ipv4_hashtbl == NULL)
344 return (0);
345
346 MPASS(in_epoch(net_epoch_preempt));
347 ip = mtod(m, const struct ip *);
348 /*
349 * NOTE: it is safe to iterate without any locking here, because softc
350 * can be reclaimed only when we are not within net_epoch_preempt
351 * section, but ip_encap lookup+input are executed in epoch section.
352 */
353 ret = 0;
354 CK_LIST_FOREACH(sc, &GIF_HASH(ip->ip_dst.s_addr,
355 ip->ip_src.s_addr), chain) {
356 /*
357 * This is an inbound packet, its ip_dst is source address
358 * in softc.
359 */
360 if (sc->gif_iphdr->ip_src.s_addr == ip->ip_dst.s_addr &&
361 sc->gif_iphdr->ip_dst.s_addr == ip->ip_src.s_addr) {
362 ret = ENCAP_DRV_LOOKUP;
363 goto done;
364 }
365 }
366 /*
367 * No exact match.
368 * Check the list of interfaces with GIF_IGNORE_SOURCE flag.
369 */
370 CK_LIST_FOREACH(sc, &V_ipv4_list, chain) {
371 if (sc->gif_iphdr->ip_src.s_addr == ip->ip_dst.s_addr) {
372 ret = 32 + 8; /* src + proto */
373 goto done;
374 }
375 }
376 return (0);
377 done:
378 if ((GIF2IFP(sc)->if_flags & IFF_UP) == 0)
379 return (0);
380 /* ingress filters on outer source */
381 if ((GIF2IFP(sc)->if_flags & IFF_LINK2) == 0) {
382 struct nhop4_basic nh4;
383 struct in_addr dst;
384
385 dst = ip->ip_src;
386 if (fib4_lookup_nh_basic(sc->gif_fibnum, dst, 0, 0, &nh4) != 0)
387 return (0);
388 if (nh4.nh_ifp != m->m_pkthdr.rcvif)
389 return (0);
390 }
391 *arg = sc;
392 return (ret);
393 }
394
395 static const struct srcaddrtab *ipv4_srcaddrtab;
396 static struct {
397 const struct encap_config encap;
398 const struct encaptab *cookie;
399 } ipv4_encap_cfg[] = {
400 {
401 .encap = {
402 .proto = IPPROTO_IPV4,
403 .min_length = 2 * sizeof(struct ip),
404 .exact_match = ENCAP_DRV_LOOKUP,
405 .lookup = in_gif_lookup,
406 .input = in_gif_input
407 },
408 },
409 #ifdef INET6
410 {
411 .encap = {
412 .proto = IPPROTO_IPV6,
413 .min_length = sizeof(struct ip) +
414 sizeof(struct ip6_hdr),
415 .exact_match = ENCAP_DRV_LOOKUP,
416 .lookup = in_gif_lookup,
417 .input = in_gif_input
418 },
419 },
420 #endif
421 {
422 .encap = {
423 .proto = IPPROTO_ETHERIP,
424 .min_length = sizeof(struct ip) +
425 sizeof(struct etherip_header) +
426 sizeof(struct ether_header),
427 .exact_match = ENCAP_DRV_LOOKUP,
428 .lookup = in_gif_lookup,
429 .input = in_gif_input
430 },
431 }
432 };
433
434 void
435 in_gif_init(void)
436 {
437 int i;
438
439 if (!IS_DEFAULT_VNET(curvnet))
440 return;
441
442 ipv4_srcaddrtab = ip_encap_register_srcaddr(in_gif_srcaddr,
443 NULL, M_WAITOK);
444 for (i = 0; i < nitems(ipv4_encap_cfg); i++)
445 ipv4_encap_cfg[i].cookie = ip_encap_attach(
446 &ipv4_encap_cfg[i].encap, NULL, M_WAITOK);
447 }
448
449 void
450 in_gif_uninit(void)
451 {
452 int i;
453
454 if (IS_DEFAULT_VNET(curvnet)) {
455 for (i = 0; i < nitems(ipv4_encap_cfg); i++)
456 ip_encap_detach(ipv4_encap_cfg[i].cookie);
457 ip_encap_unregister_srcaddr(ipv4_srcaddrtab);
458 }
459 if (V_ipv4_hashtbl != NULL) {
460 gif_hashdestroy(V_ipv4_hashtbl);
461 V_ipv4_hashtbl = NULL;
462 GIF_WAIT();
463 gif_hashdestroy(V_ipv4_srchashtbl);
464 }
465 }
466
Cache object: 6b319ac73a6fa2ecaadfb381f8891657
|