FreeBSD/Linux Kernel Cross Reference
sys/netinet/ip_ecn.c
1 /* $OpenBSD: ip_ecn.c,v 1.9 2018/11/14 23:55:04 dlg Exp $ */
2 /* $KAME: ip_ecn.c,v 1.9 2000/10/01 12:44:48 itojun Exp $ */
3
4 /*
5 * Copyright (C) 1999 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 *
32 */
33 /*
34 * ECN consideration on tunnel ingress/egress operation.
35 * http://www.aciri.org/floyd/papers/draft-ipsec-ecn-00.txt
36 */
37
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/mbuf.h>
41
42 #include <netinet/in.h>
43 #include <netinet/ip.h>
44
45 #ifdef INET6
46 #include <netinet/ip6.h>
47 #endif
48
49 #include <netinet/ip_ecn.h>
50
51 /*
52 * ECN and TOS (or TCLASS) processing rules at tunnel encapsulation and
53 * decapsulation from RFC3168:
54 *
55 * Outer Hdr at Inner Hdr at
56 * Encapsulator Decapsulator
57 * Header fields: -------------------- ------------
58 * DS Field copied from inner hdr no change
59 * ECN Field constructed by (I) constructed by (E)
60 *
61 * ECN_ALLOWED (full functionality):
62 * (I) if the ECN field in the inner header is set to CE, then set the
63 * ECN field in the outer header to ECT(0).
64 * otherwise, copy the ECN field to the outer header.
65 *
66 * (E) if the ECN field in the outer header is set to CE and the ECN
67 * field of the inner header is not-ECT, drop the packet.
68 * if the ECN field in the inner header is set to ECT(0) or ECT(1)
69 * and the ECN field in the outer header is set to CE, then copy CE to
70 * the inner header. otherwise, make no change to the inner header.
71 *
72 * ECN_FORBIDDEN (limited functionality):
73 * (I) set the ECN field to not-ECT in the outer header.
74 *
75 * (E) if the ECN field in the outer header is set to CE, drop the packet.
76 * otherwise, make no change to the ECN field in the inner header.
77 *
78 * the drop rule is for backward compatibility and protection against
79 * erasure of CE.
80 */
81
82 /*
83 * modify outer ECN (TOS) field on ingress operation (tunnel encapsulation).
84 * call it after you've done the default initialization/copy for the outer.
85 */
86 void
87 ip_ecn_ingress(int mode, u_int8_t *outer, u_int8_t *inner)
88 {
89 if (!outer || !inner)
90 panic("NULL pointer passed to ip_ecn_ingress");
91
92 *outer = *inner;
93 switch (mode) {
94 case ECN_ALLOWED: /* ECN allowed */
95 case ECN_ALLOWED_IPSEC:
96 /*
97 * full-functionality: if the inner is CE, set ECT(0)
98 * to the outer. otherwise, copy the ECN field.
99 */
100 if ((*inner & IPTOS_ECN_MASK) == IPTOS_ECN_CE)
101 *outer &= ~IPTOS_ECN_ECT1;
102 break;
103 case ECN_FORBIDDEN: /* ECN forbidden */
104 /*
105 * limited-functionality: set not-ECT to the outer
106 */
107 *outer &= ~IPTOS_ECN_MASK;
108 break;
109 case ECN_NOCARE: /* no consideration to ECN */
110 break;
111 }
112 }
113
114 /*
115 * modify inner ECN (TOS) field on egress operation (tunnel decapsulation).
116 * call it after you've done the default initialization/copy for the inner.
117 * the caller should drop the packet if the return value is 0.
118 */
119 int
120 ip_ecn_egress(int mode, u_int8_t *outer, u_int8_t *inner)
121 {
122 if (!outer || !inner)
123 panic("NULL pointer passed to ip_ecn_egress");
124
125 switch (mode) {
126 case ECN_ALLOWED:
127 case ECN_ALLOWED_IPSEC:
128 /*
129 * full-functionality: if the outer is CE and the inner is
130 * not-ECT, should drop it. otherwise, copy CE.
131 * However, according to RFC4301, we should just leave the
132 * inner as non-ECT for IPsec.
133 */
134 if ((*outer & IPTOS_ECN_MASK) == IPTOS_ECN_CE) {
135 if ((*inner & IPTOS_ECN_MASK) == IPTOS_ECN_NOTECT) {
136 if (mode == ECN_ALLOWED_IPSEC)
137 return (1);
138 else
139 return (0);
140 }
141 *inner |= IPTOS_ECN_CE;
142 }
143 break;
144 case ECN_FORBIDDEN: /* ECN forbidden */
145 /*
146 * limited-functionality: if the outer is CE, should drop it.
147 * otherwise, leave the inner.
148 */
149 if ((*outer & IPTOS_ECN_MASK) == IPTOS_ECN_CE)
150 return (0);
151 break;
152 case ECN_NOCARE: /* no consideration to ECN */
153 break;
154 }
155 return (1);
156 }
157
158 /*
159 * Patch the checksum with the difference between the old and new tos.
160 * The patching is based on what pf_patch_8() and pf_cksum_fixkup() do,
161 * but they're in pf, so we can't rely on them being available.
162 */
163 void
164 ip_tos_patch(struct ip *ip, uint8_t tos)
165 {
166 uint16_t old;
167 uint16_t new;
168 uint32_t x;
169
170 old = htons(ip->ip_tos);
171 new = htons(tos);
172
173 ip->ip_tos = tos;
174
175 x = ip->ip_sum + old - new;
176 ip->ip_sum = (x) + (x >> 16);
177 }
Cache object: 42ecbd411704155cd74214092b2a154a
|