The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/netinet6/in6_gif.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $NetBSD: in6_gif.c,v 1.37 2003/10/30 01:43:09 simonb Exp $      */
    2 /*      $KAME: in6_gif.c,v 1.62 2001/07/29 04:27:25 itojun Exp $        */
    3 
    4 /*
    5  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
    6  * All rights reserved.
    7  *
    8  * Redistribution and use in source and binary forms, with or without
    9  * modification, are permitted provided that the following conditions
   10  * are met:
   11  * 1. Redistributions of source code must retain the above copyright
   12  *    notice, this list of conditions and the following disclaimer.
   13  * 2. Redistributions in binary form must reproduce the above copyright
   14  *    notice, this list of conditions and the following disclaimer in the
   15  *    documentation and/or other materials provided with the distribution.
   16  * 3. Neither the name of the project nor the names of its contributors
   17  *    may be used to endorse or promote products derived from this software
   18  *    without specific prior written permission.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
   21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
   24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   30  * SUCH DAMAGE.
   31  */
   32 
   33 #include <sys/cdefs.h>
   34 __KERNEL_RCSID(0, "$NetBSD: in6_gif.c,v 1.37 2003/10/30 01:43:09 simonb Exp $");
   35 
   36 #include "opt_inet.h"
   37 #include "opt_iso.h"
   38 
   39 #include <sys/param.h>
   40 #include <sys/systm.h>
   41 #include <sys/socket.h>
   42 #include <sys/sockio.h>
   43 #include <sys/mbuf.h>
   44 #include <sys/errno.h>
   45 #include <sys/ioctl.h>
   46 #include <sys/queue.h>
   47 #include <sys/syslog.h>
   48 #include <sys/protosw.h>
   49 
   50 #include <net/if.h>
   51 #include <net/route.h>
   52 
   53 #include <netinet/in.h>
   54 #include <netinet/in_systm.h>
   55 #ifdef INET
   56 #include <netinet/ip.h>
   57 #endif
   58 #include <netinet/ip_encap.h>
   59 #ifdef INET6
   60 #include <netinet/ip6.h>
   61 #include <netinet6/ip6_var.h>
   62 #include <netinet6/in6_gif.h>
   63 #include <netinet6/in6_var.h>
   64 #endif
   65 #include <netinet6/ip6protosw.h>
   66 #include <netinet/ip_ecn.h>
   67 
   68 #include <net/if_gif.h>
   69 
   70 #include <net/net_osdep.h>
   71 
   72 static int gif_validate6 __P((const struct ip6_hdr *, struct gif_softc *,
   73         struct ifnet *));
   74 
   75 int     ip6_gif_hlim = GIF_HLIM;
   76 
   77 extern struct domain inet6domain;
   78 struct ip6protosw in6_gif_protosw =
   79 { SOCK_RAW,     &inet6domain,   0/* IPPROTO_IPV[46] */, PR_ATOMIC|PR_ADDR,
   80   in6_gif_input, rip6_output,   in6_gif_ctlinput, rip6_ctloutput,
   81   rip6_usrreq,
   82   0,            0,              0,              0,
   83 };
   84 
   85 extern LIST_HEAD(, gif_softc) gif_softc_list;
   86 
   87 int
   88 in6_gif_output(ifp, family, m)
   89         struct ifnet *ifp;
   90         int family; /* family of the packet to be encapsulate. */
   91         struct mbuf *m;
   92 {
   93         struct gif_softc *sc = (struct gif_softc*)ifp;
   94         struct sockaddr_in6 *dst = (struct sockaddr_in6 *)&sc->gif_ro6.ro_dst;
   95         struct sockaddr_in6 *sin6_src = (struct sockaddr_in6 *)sc->gif_psrc;
   96         struct sockaddr_in6 *sin6_dst = (struct sockaddr_in6 *)sc->gif_pdst;
   97         struct ip6_hdr *ip6;
   98         int proto, error;
   99         u_int8_t itos, otos;
  100 
  101         if (sin6_src == NULL || sin6_dst == NULL ||
  102             sin6_src->sin6_family != AF_INET6 ||
  103             sin6_dst->sin6_family != AF_INET6) {
  104                 m_freem(m);
  105                 return EAFNOSUPPORT;
  106         }
  107 
  108         switch (family) {
  109 #ifdef INET
  110         case AF_INET:
  111             {
  112                 struct ip *ip;
  113 
  114                 proto = IPPROTO_IPV4;
  115                 if (m->m_len < sizeof(*ip)) {
  116                         m = m_pullup(m, sizeof(*ip));
  117                         if (!m)
  118                                 return ENOBUFS;
  119                 }
  120                 ip = mtod(m, struct ip *);
  121                 itos = ip->ip_tos;
  122                 break;
  123             }
  124 #endif
  125 #ifdef INET6
  126         case AF_INET6:
  127             {
  128                 struct ip6_hdr *ip6;
  129                 proto = IPPROTO_IPV6;
  130                 if (m->m_len < sizeof(*ip6)) {
  131                         m = m_pullup(m, sizeof(*ip6));
  132                         if (!m)
  133                                 return ENOBUFS;
  134                 }
  135                 ip6 = mtod(m, struct ip6_hdr *);
  136                 itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
  137                 break;
  138             }
  139 #endif
  140 #ifdef ISO
  141         case AF_ISO:
  142                 proto = IPPROTO_EON;
  143                 itos = 0;
  144                 break;
  145 #endif
  146         default:
  147 #ifdef DEBUG
  148                 printf("in6_gif_output: warning: unknown family %d passed\n",
  149                         family);
  150 #endif
  151                 m_freem(m);
  152                 return EAFNOSUPPORT;
  153         }
  154 
  155         /* prepend new IP header */
  156         M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT);
  157         if (m && m->m_len < sizeof(struct ip6_hdr))
  158                 m = m_pullup(m, sizeof(struct ip6_hdr));
  159         if (m == NULL)
  160                 return ENOBUFS;
  161 
  162         ip6 = mtod(m, struct ip6_hdr *);
  163         ip6->ip6_flow   = 0;
  164         ip6->ip6_vfc    &= ~IPV6_VERSION_MASK;
  165         ip6->ip6_vfc    |= IPV6_VERSION;
  166 #if 0   /* ip6->ip6_plen will be filled by ip6_output */
  167         ip6->ip6_plen   = htons((u_int16_t)m->m_pkthdr.len);
  168 #endif
  169         ip6->ip6_nxt    = proto;
  170         ip6->ip6_hlim   = ip6_gif_hlim;
  171         ip6->ip6_src    = sin6_src->sin6_addr;
  172         /* bidirectional configured tunnel mode */
  173         if (!IN6_IS_ADDR_UNSPECIFIED(&sin6_dst->sin6_addr))
  174                 ip6->ip6_dst = sin6_dst->sin6_addr;
  175         else  {
  176                 m_freem(m);
  177                 return ENETUNREACH;
  178         }
  179         if (ifp->if_flags & IFF_LINK1)
  180                 ip_ecn_ingress(ECN_ALLOWED, &otos, &itos);
  181         else
  182                 ip_ecn_ingress(ECN_NOCARE, &otos, &itos);
  183         ip6->ip6_flow &= ~ntohl(0xff00000);
  184         ip6->ip6_flow |= htonl((u_int32_t)otos << 20);
  185 
  186         if (dst->sin6_family != sin6_dst->sin6_family ||
  187              !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &sin6_dst->sin6_addr)) {
  188                 /* cache route doesn't match */
  189                 bzero(dst, sizeof(*dst));
  190                 dst->sin6_family = sin6_dst->sin6_family;
  191                 dst->sin6_len = sizeof(struct sockaddr_in6);
  192                 dst->sin6_addr = sin6_dst->sin6_addr;
  193                 if (sc->gif_ro6.ro_rt) {
  194                         RTFREE(sc->gif_ro6.ro_rt);
  195                         sc->gif_ro6.ro_rt = NULL;
  196                 }
  197         }
  198 
  199         if (sc->gif_ro6.ro_rt == NULL) {
  200                 rtalloc((struct route *)&sc->gif_ro6);
  201                 if (sc->gif_ro6.ro_rt == NULL) {
  202                         m_freem(m);
  203                         return ENETUNREACH;
  204                 }
  205 
  206                 /* if it constitutes infinite encapsulation, punt. */
  207                 if (sc->gif_ro.ro_rt->rt_ifp == ifp) {
  208                         m_freem(m);
  209                         return ENETUNREACH;     /* XXX */
  210                 }
  211         }
  212 
  213 #ifdef IPV6_MINMTU
  214         /*
  215          * force fragmentation to minimum MTU, to avoid path MTU discovery.
  216          * it is too painful to ask for resend of inner packet, to achieve
  217          * path MTU discovery for encapsulated packets.
  218          */
  219         error = ip6_output(m, 0, &sc->gif_ro6, IPV6_MINMTU,
  220                     (struct ip6_moptions *)NULL, (struct socket *)NULL, NULL);
  221 #else
  222         error = ip6_output(m, 0, &sc->gif_ro6, 0, 
  223                     (struct ip6_moptions *)NULL, (struct socket *)NULL, NULL);
  224 #endif
  225 
  226         return (error);
  227 }
  228 
  229 int in6_gif_input(mp, offp, proto)
  230         struct mbuf **mp;
  231         int *offp, proto;
  232 {
  233         struct mbuf *m = *mp;
  234         struct ifnet *gifp = NULL;
  235         struct ip6_hdr *ip6;
  236         int af = 0;
  237         u_int32_t otos;
  238 
  239         ip6 = mtod(m, struct ip6_hdr *);
  240 
  241         gifp = (struct ifnet *)encap_getarg(m);
  242 
  243         if (gifp == NULL || (gifp->if_flags & IFF_UP) == 0) {
  244                 m_freem(m);
  245                 ip6stat.ip6s_nogif++;
  246                 return IPPROTO_DONE;
  247         }
  248 #ifndef GIF_ENCAPCHECK
  249         if (!gif_validate6(ip6, (struct gif_softc *)gifp, m->m_pkthdr.rcvif)) {
  250                 m_freem(m);
  251                 ip6stat.ip6s_nogif++;
  252                 return IPPROTO_DONE;
  253         }
  254 #endif
  255 
  256         otos = ip6->ip6_flow;
  257         m_adj(m, *offp);
  258 
  259         switch (proto) {
  260 #ifdef INET
  261         case IPPROTO_IPV4:
  262             {
  263                 struct ip *ip;
  264                 u_int8_t otos8;
  265                 af = AF_INET;
  266                 otos8 = (ntohl(otos) >> 20) & 0xff;
  267                 if (m->m_len < sizeof(*ip)) {
  268                         m = m_pullup(m, sizeof(*ip));
  269                         if (!m)
  270                                 return IPPROTO_DONE;
  271                 }
  272                 ip = mtod(m, struct ip *);
  273                 if (gifp->if_flags & IFF_LINK1)
  274                         ip_ecn_egress(ECN_ALLOWED, &otos8, &ip->ip_tos);
  275                 else
  276                         ip_ecn_egress(ECN_NOCARE, &otos8, &ip->ip_tos);
  277                 break;
  278             }
  279 #endif /* INET */
  280 #ifdef INET6
  281         case IPPROTO_IPV6:
  282             {
  283                 struct ip6_hdr *ip6;
  284                 af = AF_INET6;
  285                 if (m->m_len < sizeof(*ip6)) {
  286                         m = m_pullup(m, sizeof(*ip6));
  287                         if (!m)
  288                                 return IPPROTO_DONE;
  289                 }
  290                 ip6 = mtod(m, struct ip6_hdr *);
  291                 if (gifp->if_flags & IFF_LINK1)
  292                         ip6_ecn_egress(ECN_ALLOWED, &otos, &ip6->ip6_flow);
  293                 else
  294                         ip6_ecn_egress(ECN_NOCARE, &otos, &ip6->ip6_flow);
  295                 break;
  296             }
  297 #endif
  298 #ifdef ISO
  299         case IPPROTO_EON:
  300                 af = AF_ISO;
  301                 break;
  302 #endif
  303         default:
  304                 ip6stat.ip6s_nogif++;
  305                 m_freem(m);
  306                 return IPPROTO_DONE;
  307         }
  308 
  309         gif_input(m, af, gifp);
  310         return IPPROTO_DONE;
  311 }
  312 
  313 /*
  314  * validate outer address.
  315  */
  316 static int
  317 gif_validate6(ip6, sc, ifp)
  318         const struct ip6_hdr *ip6;
  319         struct gif_softc *sc;
  320         struct ifnet *ifp;
  321 {
  322         struct sockaddr_in6 *src, *dst;
  323 
  324         src = (struct sockaddr_in6 *)sc->gif_psrc;
  325         dst = (struct sockaddr_in6 *)sc->gif_pdst;
  326 
  327         /* check for address match */
  328         if (!IN6_ARE_ADDR_EQUAL(&src->sin6_addr, &ip6->ip6_dst) ||
  329             !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &ip6->ip6_src))
  330                 return 0;
  331 
  332         /* martian filters on outer source - done in ip6_input */
  333 
  334         /* ingress filters on outer source */
  335         if ((sc->gif_if.if_flags & IFF_LINK2) == 0 && ifp) {
  336                 struct sockaddr_in6 sin6;
  337                 struct rtentry *rt;
  338 
  339                 bzero(&sin6, sizeof(sin6));
  340                 sin6.sin6_family = AF_INET6;
  341                 sin6.sin6_len = sizeof(struct sockaddr_in6);
  342                 sin6.sin6_addr = ip6->ip6_src;
  343                 /* XXX scopeid */
  344                 rt = rtalloc1((struct sockaddr *)&sin6, 0);
  345                 if (!rt || rt->rt_ifp != ifp) {
  346 #if 0
  347                         log(LOG_WARNING, "%s: packet from %s dropped "
  348                             "due to ingress filter\n", if_name(&sc->gif_if),
  349                             ip6_sprintf(&sin6.sin6_addr));
  350 #endif
  351                         if (rt)
  352                                 rtfree(rt);
  353                         return 0;
  354                 }
  355                 rtfree(rt);
  356         }
  357 
  358         return 128 * 2;
  359 }
  360 
  361 #ifdef GIF_ENCAPCHECK
  362 /*
  363  * we know that we are in IFF_UP, outer address available, and outer family
  364  * matched the physical addr family.  see gif_encapcheck().
  365  */
  366 int
  367 gif_encapcheck6(m, off, proto, arg)
  368         const struct mbuf *m;
  369         int off;
  370         int proto;
  371         void *arg;
  372 {
  373         struct ip6_hdr ip6;
  374         struct gif_softc *sc;
  375         struct ifnet *ifp;
  376 
  377         /* sanity check done in caller */
  378         sc = (struct gif_softc *)arg;
  379 
  380         /* LINTED const cast */
  381         m_copydata((struct mbuf *)m, 0, sizeof(ip6), (caddr_t)&ip6);
  382         ifp = ((m->m_flags & M_PKTHDR) != 0) ? m->m_pkthdr.rcvif : NULL;
  383 
  384         return gif_validate6(&ip6, sc, ifp);
  385 }
  386 #endif
  387 
  388 int
  389 in6_gif_attach(sc)
  390         struct gif_softc *sc;
  391 {
  392 #ifndef GIF_ENCAPCHECK
  393         struct sockaddr_in6 mask6;
  394 
  395         bzero(&mask6, sizeof(mask6));
  396         mask6.sin6_len = sizeof(struct sockaddr_in6);
  397         mask6.sin6_addr.s6_addr32[0] = mask6.sin6_addr.s6_addr32[1] =
  398             mask6.sin6_addr.s6_addr32[2] = mask6.sin6_addr.s6_addr32[3] = ~0;
  399 
  400         if (!sc->gif_psrc || !sc->gif_pdst)
  401                 return EINVAL;
  402         sc->encap_cookie6 = encap_attach(AF_INET6, -1, sc->gif_psrc,
  403             (struct sockaddr *)&mask6, sc->gif_pdst, (struct sockaddr *)&mask6,
  404             (void *)&in6_gif_protosw, sc);
  405 #else
  406         sc->encap_cookie6 = encap_attach_func(AF_INET6, -1, gif_encapcheck,
  407             (struct protosw *)&in6_gif_protosw, sc);
  408 #endif
  409         if (sc->encap_cookie6 == NULL)
  410                 return EEXIST;
  411         return 0;
  412 }
  413 
  414 int
  415 in6_gif_detach(sc)
  416         struct gif_softc *sc;
  417 {
  418         int error;
  419 
  420         error = encap_detach(sc->encap_cookie6);
  421         if (error == 0)
  422                 sc->encap_cookie6 = NULL;
  423         return error;
  424 }
  425 
  426 void
  427 in6_gif_ctlinput(cmd, sa, d)
  428         int cmd;
  429         struct sockaddr *sa;
  430         void *d;
  431 {
  432         struct gif_softc *sc;
  433         struct ip6ctlparam *ip6cp = NULL;
  434         struct ip6_hdr *ip6;
  435         struct sockaddr_in6 *dst6;
  436 
  437         if (sa->sa_family != AF_INET6 ||
  438             sa->sa_len != sizeof(struct sockaddr_in6))
  439                 return;
  440 
  441         if ((unsigned)cmd >= PRC_NCMDS)
  442                 return;
  443         if (cmd == PRC_HOSTDEAD)
  444                 d = NULL;
  445         else if (inet6ctlerrmap[cmd] == 0)
  446                 return;
  447 
  448         /* if the parameter is from icmp6, decode it. */
  449         if (d != NULL) {
  450                 ip6cp = (struct ip6ctlparam *)d;
  451                 ip6 = ip6cp->ip6c_ip6;
  452         } else {
  453                 ip6 = NULL;
  454         }
  455 
  456         if (!ip6)
  457                 return;
  458 
  459         /*
  460          * for now we don't care which type it was, just flush the route cache.
  461          * XXX slow.  sc (or sc->encap_cookie6) should be passed from
  462          * ip_encap.c.
  463          */
  464         for (sc = LIST_FIRST(&gif_softc_list); sc;
  465              sc = LIST_NEXT(sc, gif_list)) {
  466                 if ((sc->gif_if.if_flags & IFF_RUNNING) == 0)
  467                         continue;
  468                 if (sc->gif_psrc->sa_family != AF_INET6)
  469                         continue;
  470                 if (!sc->gif_ro6.ro_rt)
  471                         continue;
  472 
  473                 dst6 = (struct sockaddr_in6 *)&sc->gif_ro6.ro_dst;
  474                 /* XXX scope */
  475                 if (IN6_ARE_ADDR_EQUAL(&ip6->ip6_dst, &dst6->sin6_addr)) {
  476                         /* flush route cache */
  477                         RTFREE(sc->gif_ro6.ro_rt);
  478                         sc->gif_ro6.ro_rt = NULL;
  479                 }
  480         }
  481 }

Cache object: 3e473e4254e26181d273703077056fa1


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.