[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netinet6/in6_gif.c

Version: -  FREEBSD  -  FREEBSD10  -  FREEBSD9  -  FREEBSD92  -  FREEBSD91  -  FREEBSD90  -  FREEBSD8  -  FREEBSD82  -  FREEBSD81  -  FREEBSD80  -  FREEBSD7  -  FREEBSD74  -  FREEBSD73  -  FREEBSD72  -  FREEBSD71  -  FREEBSD70  -  FREEBSD6  -  FREEBSD64  -  FREEBSD63  -  FREEBSD62  -  FREEBSD61  -  FREEBSD60  -  FREEBSD5  -  FREEBSD55  -  FREEBSD54  -  FREEBSD53  -  FREEBSD52  -  FREEBSD51  -  FREEBSD50  -  FREEBSD4  -  FREEBSD3  -  FREEBSD22  -  cheribsd  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1  -  FREEBSD-LIBC  -  FREEBSD8-LIBC  -  FREEBSD7-LIBC  -  FREEBSD6-LIBC  -  GLIBC27 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    3  * All rights reserved.
    4  *
    5  * Redistribution and use in source and binary forms, with or without
    6  * modification, are permitted provided that the following conditions
    7  * are met:
    8  * 1. Redistributions of source code must retain the above copyright
    9  *    notice, this list of conditions and the following disclaimer.
   10  * 2. Redistributions in binary form must reproduce the above copyright
   11  *    notice, this list of conditions and the following disclaimer in the
   12  *    documentation and/or other materials provided with the distribution.
   13  * 3. Neither the name of the project nor the names of its contributors
   14  *    may be used to endorse or promote products derived from this software
   15  *    without specific prior written permission.
   16  *
   17  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   27  * SUCH DAMAGE.
   28  *
   29  *      $KAME: in6_gif.c,v 1.49 2001/05/14 14:02:17 itojun Exp $
   30  */
   31 
   32 #include <sys/cdefs.h>
   33 __FBSDID("$FreeBSD: head/sys/netinet6/in6_gif.c 257176 2013-10-26 17:58:36Z glebius $");
   34 
   35 #include "opt_inet.h"
   36 #include "opt_inet6.h"
   37 
   38 #include <sys/param.h>
   39 #include <sys/systm.h>
   40 #include <sys/socket.h>
   41 #include <sys/sockio.h>
   42 #include <sys/mbuf.h>
   43 #include <sys/errno.h>
   44 #include <sys/kernel.h>
   45 #include <sys/queue.h>
   46 #include <sys/syslog.h>
   47 #include <sys/sysctl.h>
   48 #include <sys/protosw.h>
   49 #include <sys/malloc.h>
   50 
   51 #include <net/if.h>
   52 #include <net/if_var.h>
   53 #include <net/route.h>
   54 #include <net/vnet.h>
   55 
   56 #include <netinet/in.h>
   57 #include <netinet/in_systm.h>
   58 #ifdef INET
   59 #include <netinet/ip.h>
   60 #endif
   61 #include <netinet/ip_encap.h>
   62 #ifdef INET6
   63 #include <netinet/ip6.h>
   64 #include <netinet6/ip6_var.h>
   65 #include <netinet6/in6_gif.h>
   66 #include <netinet6/in6_var.h>
   67 #endif
   68 #include <netinet6/ip6protosw.h>
   69 #include <netinet/ip_ecn.h>
   70 #ifdef INET6
   71 #include <netinet6/ip6_ecn.h>
   72 #endif
   73 
   74 #include <net/if_gif.h>
   75 
   76 VNET_DEFINE(int, ip6_gif_hlim) = GIF_HLIM;
   77 #define V_ip6_gif_hlim                  VNET(ip6_gif_hlim)
   78 
   79 SYSCTL_DECL(_net_inet6_ip6);
   80 SYSCTL_VNET_INT(_net_inet6_ip6, IPV6CTL_GIF_HLIM, gifhlim, CTLFLAG_RW,
   81     &VNET_NAME(ip6_gif_hlim), 0, "");
   82 
   83 static int gif_validate6(const struct ip6_hdr *, struct gif_softc *,
   84                          struct ifnet *);
   85 
   86 extern  struct domain inet6domain;
   87 struct ip6protosw in6_gif_protosw = {
   88         .pr_type =      SOCK_RAW,
   89         .pr_domain =    &inet6domain,
   90         .pr_protocol =  0,                      /* IPPROTO_IPV[46] */
   91         .pr_flags =     PR_ATOMIC|PR_ADDR,
   92         .pr_input =     in6_gif_input,
   93         .pr_output =    rip6_output,
   94         .pr_ctloutput = rip6_ctloutput,
   95         .pr_usrreqs =   &rip6_usrreqs
   96 };
   97 
   98 int
   99 in6_gif_output(struct ifnet *ifp,
  100     int family,                 /* family of the packet to be encapsulate */
  101     struct mbuf *m)
  102 {
  103         struct gif_softc *sc = ifp->if_softc;
  104         struct sockaddr_in6 *dst = (struct sockaddr_in6 *)&sc->gif_ro6.ro_dst;
  105         struct sockaddr_in6 *sin6_src = (struct sockaddr_in6 *)sc->gif_psrc;
  106         struct sockaddr_in6 *sin6_dst = (struct sockaddr_in6 *)sc->gif_pdst;
  107         struct ip6_hdr *ip6;
  108         struct etherip_header eiphdr;
  109         int error, len, proto;
  110         u_int8_t itos, otos;
  111 
  112         GIF_LOCK_ASSERT(sc);
  113 
  114         if (sin6_src == NULL || sin6_dst == NULL ||
  115             sin6_src->sin6_family != AF_INET6 ||
  116             sin6_dst->sin6_family != AF_INET6) {
  117                 m_freem(m);
  118                 return EAFNOSUPPORT;
  119         }
  120 
  121         switch (family) {
  122 #ifdef INET
  123         case AF_INET:
  124             {
  125                 struct ip *ip;
  126 
  127                 proto = IPPROTO_IPV4;
  128                 if (m->m_len < sizeof(*ip)) {
  129                         m = m_pullup(m, sizeof(*ip));
  130                         if (!m)
  131                                 return ENOBUFS;
  132                 }
  133                 ip = mtod(m, struct ip *);
  134                 itos = ip->ip_tos;
  135                 break;
  136             }
  137 #endif
  138 #ifdef INET6
  139         case AF_INET6:
  140             {
  141                 struct ip6_hdr *ip6;
  142                 proto = IPPROTO_IPV6;
  143                 if (m->m_len < sizeof(*ip6)) {
  144                         m = m_pullup(m, sizeof(*ip6));
  145                         if (!m)
  146                                 return ENOBUFS;
  147                 }
  148                 ip6 = mtod(m, struct ip6_hdr *);
  149                 itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
  150                 break;
  151             }
  152 #endif
  153         case AF_LINK:
  154                 proto = IPPROTO_ETHERIP;
  155 
  156                 /*
  157                  * GIF_SEND_REVETHIP (disabled by default) intentionally
  158                  * sends an EtherIP packet with revered version field in
  159                  * the header.  This is a knob for backward compatibility
  160                  * with FreeBSD 7.2R or prior.
  161                  */
  162                 if ((sc->gif_options & GIF_SEND_REVETHIP)) {
  163                         eiphdr.eip_ver = 0;
  164                         eiphdr.eip_resvl = ETHERIP_VERSION;
  165                         eiphdr.eip_resvh = 0;
  166                 } else {
  167                         eiphdr.eip_ver = ETHERIP_VERSION;
  168                         eiphdr.eip_resvl = 0;
  169                         eiphdr.eip_resvh = 0;
  170                 }
  171                 /* prepend Ethernet-in-IP header */
  172                 M_PREPEND(m, sizeof(struct etherip_header), M_NOWAIT);
  173                 if (m && m->m_len < sizeof(struct etherip_header))
  174                         m = m_pullup(m, sizeof(struct etherip_header));
  175                 if (m == NULL)
  176                         return ENOBUFS;
  177                 bcopy(&eiphdr, mtod(m, struct etherip_header *),
  178                     sizeof(struct etherip_header));
  179                 break;
  180 
  181         default:
  182 #ifdef DEBUG
  183                 printf("in6_gif_output: warning: unknown family %d passed\n",
  184                         family);
  185 #endif
  186                 m_freem(m);
  187                 return EAFNOSUPPORT;
  188         }
  189 
  190         /* prepend new IP header */
  191         len = sizeof(struct ip6_hdr);
  192 #ifndef __NO_STRICT_ALIGNMENT
  193         if (family == AF_LINK)
  194                 len += ETHERIP_ALIGN;
  195 #endif
  196         M_PREPEND(m, len, M_NOWAIT);
  197         if (m != NULL && m->m_len < len)
  198                 m = m_pullup(m, len);
  199         if (m == NULL) {
  200                 printf("ENOBUFS in in6_gif_output %d\n", __LINE__);
  201                 return ENOBUFS;
  202         }
  203 #ifndef __NO_STRICT_ALIGNMENT
  204         if (family == AF_LINK) {
  205                 len = mtod(m, vm_offset_t) & 3;
  206                 KASSERT(len == 0 || len == ETHERIP_ALIGN,
  207                     ("in6_gif_output: unexpected misalignment"));
  208                 m->m_data += len;
  209                 m->m_len -= ETHERIP_ALIGN;
  210         }
  211 #endif
  212 
  213         ip6 = mtod(m, struct ip6_hdr *);
  214         ip6->ip6_flow   = 0;
  215         ip6->ip6_vfc    &= ~IPV6_VERSION_MASK;
  216         ip6->ip6_vfc    |= IPV6_VERSION;
  217         ip6->ip6_plen   = htons((u_short)m->m_pkthdr.len);
  218         ip6->ip6_nxt    = proto;
  219         ip6->ip6_hlim   = V_ip6_gif_hlim;
  220         ip6->ip6_src    = sin6_src->sin6_addr;
  221         /* bidirectional configured tunnel mode */
  222         if (!IN6_IS_ADDR_UNSPECIFIED(&sin6_dst->sin6_addr))
  223                 ip6->ip6_dst = sin6_dst->sin6_addr;
  224         else  {
  225                 m_freem(m);
  226                 return ENETUNREACH;
  227         }
  228         ip_ecn_ingress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED : ECN_NOCARE,
  229                        &otos, &itos);
  230         ip6->ip6_flow &= ~htonl(0xff << 20);
  231         ip6->ip6_flow |= htonl((u_int32_t)otos << 20);
  232 
  233         M_SETFIB(m, sc->gif_fibnum);
  234 
  235         if (dst->sin6_family != sin6_dst->sin6_family ||
  236              !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &sin6_dst->sin6_addr)) {
  237                 /* cache route doesn't match */
  238                 bzero(dst, sizeof(*dst));
  239                 dst->sin6_family = sin6_dst->sin6_family;
  240                 dst->sin6_len = sizeof(struct sockaddr_in6);
  241                 dst->sin6_addr = sin6_dst->sin6_addr;
  242                 if (sc->gif_ro6.ro_rt) {
  243                         RTFREE(sc->gif_ro6.ro_rt);
  244                         sc->gif_ro6.ro_rt = NULL;
  245                 }
  246 #if 0
  247                 GIF2IFP(sc)->if_mtu = GIF_MTU;
  248 #endif
  249         }
  250 
  251         if (sc->gif_ro6.ro_rt == NULL) {
  252                 in6_rtalloc(&sc->gif_ro6, sc->gif_fibnum);
  253                 if (sc->gif_ro6.ro_rt == NULL) {
  254                         m_freem(m);
  255                         return ENETUNREACH;
  256                 }
  257 
  258                 /* if it constitutes infinite encapsulation, punt. */
  259                 if (sc->gif_ro.ro_rt->rt_ifp == ifp) {
  260                         m_freem(m);
  261                         return ENETUNREACH;     /*XXX*/
  262                 }
  263 #if 0
  264                 ifp->if_mtu = sc->gif_ro6.ro_rt->rt_ifp->if_mtu
  265                         - sizeof(struct ip6_hdr);
  266 #endif
  267         }
  268 
  269 #ifdef IPV6_MINMTU
  270         /*
  271          * force fragmentation to minimum MTU, to avoid path MTU discovery.
  272          * it is too painful to ask for resend of inner packet, to achieve
  273          * path MTU discovery for encapsulated packets.
  274          */
  275         error = ip6_output(m, 0, &sc->gif_ro6, IPV6_MINMTU, 0, NULL, NULL);
  276 #else
  277         error = ip6_output(m, 0, &sc->gif_ro6, 0, 0, NULL, NULL);
  278 #endif
  279 
  280         if (!(GIF2IFP(sc)->if_flags & IFF_LINK0) &&
  281             sc->gif_ro6.ro_rt != NULL) {
  282                 RTFREE(sc->gif_ro6.ro_rt);
  283                 sc->gif_ro6.ro_rt = NULL;
  284         }
  285 
  286         return (error);
  287 }
  288 
  289 int
  290 in6_gif_input(struct mbuf **mp, int *offp, int proto)
  291 {
  292         struct mbuf *m = *mp;
  293         struct ifnet *gifp = NULL;
  294         struct gif_softc *sc;
  295         struct ip6_hdr *ip6;
  296         int af = 0;
  297         u_int32_t otos;
  298 
  299         ip6 = mtod(m, struct ip6_hdr *);
  300 
  301         sc = (struct gif_softc *)encap_getarg(m);
  302         if (sc == NULL) {
  303                 m_freem(m);
  304                 IP6STAT_INC(ip6s_nogif);
  305                 return IPPROTO_DONE;
  306         }
  307 
  308         gifp = GIF2IFP(sc);
  309         if (gifp == NULL || (gifp->if_flags & IFF_UP) == 0) {
  310                 m_freem(m);
  311                 IP6STAT_INC(ip6s_nogif);
  312                 return IPPROTO_DONE;
  313         }
  314 
  315         otos = ip6->ip6_flow;
  316         m_adj(m, *offp);
  317 
  318         switch (proto) {
  319 #ifdef INET
  320         case IPPROTO_IPV4:
  321             {
  322                 struct ip *ip;
  323                 u_int8_t otos8;
  324                 af = AF_INET;
  325                 otos8 = (ntohl(otos) >> 20) & 0xff;
  326                 if (m->m_len < sizeof(*ip)) {
  327                         m = m_pullup(m, sizeof(*ip));
  328                         if (!m)
  329                                 return IPPROTO_DONE;
  330                 }
  331                 ip = mtod(m, struct ip *);
  332                 if (ip_ecn_egress((gifp->if_flags & IFF_LINK1) ?
  333                                   ECN_ALLOWED : ECN_NOCARE,
  334                                   &otos8, &ip->ip_tos) == 0) {
  335                         m_freem(m);
  336                         return IPPROTO_DONE;
  337                 }
  338                 break;
  339             }
  340 #endif /* INET */
  341 #ifdef INET6
  342         case IPPROTO_IPV6:
  343             {
  344                 struct ip6_hdr *ip6;
  345                 af = AF_INET6;
  346                 if (m->m_len < sizeof(*ip6)) {
  347                         m = m_pullup(m, sizeof(*ip6));
  348                         if (!m)
  349                                 return IPPROTO_DONE;
  350                 }
  351                 ip6 = mtod(m, struct ip6_hdr *);
  352                 if (ip6_ecn_egress((gifp->if_flags & IFF_LINK1) ?
  353                                    ECN_ALLOWED : ECN_NOCARE,
  354                                    &otos, &ip6->ip6_flow) == 0) {
  355                         m_freem(m);
  356                         return IPPROTO_DONE;
  357                 }
  358                 break;
  359             }
  360 #endif
  361         case IPPROTO_ETHERIP:
  362                 af = AF_LINK;
  363                 break;
  364 
  365         default:
  366                 IP6STAT_INC(ip6s_nogif);
  367                 m_freem(m);
  368                 return IPPROTO_DONE;
  369         }
  370 
  371         gif_input(m, af, gifp);
  372         return IPPROTO_DONE;
  373 }
  374 
  375 /*
  376  * validate outer address.
  377  */
  378 static int
  379 gif_validate6(const struct ip6_hdr *ip6, struct gif_softc *sc,
  380     struct ifnet *ifp)
  381 {
  382         struct sockaddr_in6 *src, *dst;
  383 
  384         src = (struct sockaddr_in6 *)sc->gif_psrc;
  385         dst = (struct sockaddr_in6 *)sc->gif_pdst;
  386 
  387         /*
  388          * Check for address match.  Note that the check is for an incoming
  389          * packet.  We should compare the *source* address in our configuration
  390          * and the *destination* address of the packet, and vice versa.
  391          */
  392         if (!IN6_ARE_ADDR_EQUAL(&src->sin6_addr, &ip6->ip6_dst) ||
  393             !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &ip6->ip6_src))
  394                 return 0;
  395 
  396         /* martian filters on outer source - done in ip6_input */
  397 
  398         /* ingress filters on outer source */
  399         if ((GIF2IFP(sc)->if_flags & IFF_LINK2) == 0 && ifp) {
  400                 struct sockaddr_in6 sin6;
  401                 struct rtentry *rt;
  402 
  403                 bzero(&sin6, sizeof(sin6));
  404                 sin6.sin6_family = AF_INET6;
  405                 sin6.sin6_len = sizeof(struct sockaddr_in6);
  406                 sin6.sin6_addr = ip6->ip6_src;
  407                 sin6.sin6_scope_id = 0; /* XXX */
  408 
  409                 rt = in6_rtalloc1((struct sockaddr *)&sin6, 0, 0UL,
  410                     sc->gif_fibnum);
  411                 if (!rt || rt->rt_ifp != ifp) {
  412 #if 0
  413                         char ip6buf[INET6_ADDRSTRLEN];
  414                         log(LOG_WARNING, "%s: packet from %s dropped "
  415                             "due to ingress filter\n", if_name(GIF2IFP(sc)),
  416                             ip6_sprintf(ip6buf, &sin6.sin6_addr));
  417 #endif
  418                         if (rt)
  419                                 RTFREE_LOCKED(rt);
  420                         return 0;
  421                 }
  422                 RTFREE_LOCKED(rt);
  423         }
  424 
  425         return 128 * 2;
  426 }
  427 
  428 /*
  429  * we know that we are in IFF_UP, outer address available, and outer family
  430  * matched the physical addr family.  see gif_encapcheck().
  431  * sanity check for arg should have been done in the caller.
  432  */
  433 int
  434 gif_encapcheck6(const struct mbuf *m, int off, int proto, void *arg)
  435 {
  436         struct ip6_hdr ip6;
  437         struct gif_softc *sc;
  438         struct ifnet *ifp;
  439 
  440         /* sanity check done in caller */
  441         sc = (struct gif_softc *)arg;
  442 
  443         /* LINTED const cast */
  444         m_copydata(m, 0, sizeof(ip6), (caddr_t)&ip6);
  445         ifp = ((m->m_flags & M_PKTHDR) != 0) ? m->m_pkthdr.rcvif : NULL;
  446 
  447         return gif_validate6(&ip6, sc, ifp);
  448 }
  449 
  450 int
  451 in6_gif_attach(struct gif_softc *sc)
  452 {
  453         sc->encap_cookie6 = encap_attach_func(AF_INET6, -1, gif_encapcheck,
  454             (void *)&in6_gif_protosw, sc);
  455         if (sc->encap_cookie6 == NULL)
  456                 return EEXIST;
  457         return 0;
  458 }
  459 
  460 int
  461 in6_gif_detach(struct gif_softc *sc)
  462 {
  463         int error;
  464 
  465         error = encap_detach(sc->encap_cookie6);
  466         if (error == 0)
  467                 sc->encap_cookie6 = NULL;
  468         return error;
  469 }

Cache object: cb2370c0de952044696d5ce622447a12


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.