1 /* $NetBSD: if_gre.c,v 1.42 2002/08/14 00:23:27 itojun Exp $ */
2 /* $FreeBSD: src/sys/net/if_gre.c,v 1.9.2.3 2003/01/23 21:06:44 sam Exp $ */
3 /* $DragonFly: src/sys/net/gre/if_gre.c,v 1.22 2008/10/27 02:56:30 sephe Exp $ */
6 * Copyright (c) 1998 The NetBSD Foundation, Inc.
9 * This code is derived from software contributed to The NetBSD Foundation
10 * by Heiko W.Rupp <hwr@pilhuhn.de>
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. All advertising materials mentioning features or use of this software
21 * must display the following acknowledgement:
22 * This product includes software developed by the NetBSD
23 * Foundation, Inc. and its contributors.
24 * 4. Neither the name of The NetBSD Foundation nor the names of its
25 * contributors may be used to endorse or promote products derived
26 * from this software without specific prior written permission.
28 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
29 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
30 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
31 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
32 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
33 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
34 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
35 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
36 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
37 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
38 * POSSIBILITY OF SUCH DAMAGE.
42 * Encapsulate L3 protocols into IP
43 * See RFC 1701 and 1702 for more details.
44 * If_gre is compatible with Cisco GRE tunnels, so you can
45 * have a NetBSD box as the other end of a tunnel interface of a Cisco
46 * router. See gre(4) for more details.
47 * Also supported: IP in IP encaps (proto 55) as of RFC 2004
50 #include "opt_atalk.h"
54 #include <sys/param.h>
55 #include <sys/kernel.h>
57 #include <sys/malloc.h>
61 #include <sys/protosw.h>
62 #include <sys/socket.h>
63 #include <sys/sockio.h>
64 #include <sys/sysctl.h>
65 #include <sys/systm.h>
66 #include <sys/thread2.h>
68 #include <net/ethernet.h>
70 #include <net/if_types.h>
71 #include <net/route.h>
72 #include <net/if_clone.h>
75 #include <netinet/in.h>
76 #include <netinet/in_systm.h>
77 #include <netinet/in_var.h>
78 #include <netinet/ip.h>
79 #include <netinet/ip_gre.h>
80 #include <netinet/ip_var.h>
81 #include <netinet/ip_encap.h>
83 #error "Huh? if_gre without inet?"
88 #include <net/net_osdep.h>
92 * It is not easy to calculate the right value for a GRE MTU.
93 * We leave this task to the admin and use the same default that
100 static MALLOC_DEFINE(M_GRE, GRENAME, "Generic Routing Encapsulation");
102 struct gre_softc_head gre_softc_list;
104 static int gre_clone_create(struct if_clone *, int);
105 static void gre_clone_destroy(struct ifnet *);
106 static int gre_ioctl(struct ifnet *, u_long, caddr_t, struct ucred *);
107 static int gre_output(struct ifnet *, struct mbuf *, struct sockaddr *,
110 static struct if_clone gre_cloner = IF_CLONE_INITIALIZER("gre",
111 gre_clone_create, gre_clone_destroy, 0, IF_MAXUNIT);
113 static int gre_compute_route(struct gre_softc *sc);
115 static void greattach(void);
118 extern struct domain inetdomain;
119 static const struct protosw in_gre_protosw =
120 { SOCK_RAW, &inetdomain, IPPROTO_GRE, PR_ATOMIC|PR_ADDR,
121 gre_input, rip_output, rip_ctlinput, rip_ctloutput,
122 cpu0_soport, cpu0_ctlport,
126 static const struct protosw in_mobile_protosw =
127 { SOCK_RAW, &inetdomain, IPPROTO_MOBILE, PR_ATOMIC|PR_ADDR,
128 gre_mobile_input, rip_output, rip_ctlinput, rip_ctloutput,
129 cpu0_soport, cpu0_ctlport,
135 SYSCTL_DECL(_net_link);
136 SYSCTL_NODE(_net_link, IFT_OTHER, gre, CTLFLAG_RW, 0,
137 "Generic Routing Encapsulation");
140 * This macro controls the default upper limitation on nesting of gre tunnels.
141 * Since, setting a large value to this macro with a careless configuration
142 * may introduce system crash, we don't allow any nestings by default.
143 * If you need to configure nested gre tunnels, you can define this macro
144 * in your kernel configuration file. However, if you do so, please be
145 * careful to configure the tunnels so that it won't make a loop.
147 #define MAX_GRE_NEST 1
149 static int max_gre_nesting = MAX_GRE_NEST;
150 SYSCTL_INT(_net_link_gre, OID_AUTO, max_nesting, CTLFLAG_RW,
151 &max_gre_nesting, 0, "Max nested tunnels");
158 LIST_INIT(&gre_softc_list);
159 if_clone_attach(&gre_cloner);
163 gre_clone_create(struct if_clone *ifc, int unit)
165 struct gre_softc *sc;
167 sc = kmalloc(sizeof(struct gre_softc), M_GRE, M_WAITOK);
168 memset(sc, 0, sizeof(struct gre_softc));
170 sc->sc_if.if_softc = sc;
171 if_initname(&(sc->sc_if), GRENAME, unit);
172 sc->sc_if.if_snd.ifq_maxlen = IFQ_MAXLEN;
173 sc->sc_if.if_type = IFT_OTHER;
174 sc->sc_if.if_addrlen = 0;
175 sc->sc_if.if_hdrlen = 24; /* IP + GRE */
176 sc->sc_if.if_mtu = GREMTU;
177 sc->sc_if.if_flags = IFF_POINTOPOINT|IFF_MULTICAST;
178 sc->sc_if.if_output = gre_output;
179 sc->sc_if.if_ioctl = gre_ioctl;
180 sc->g_dst.s_addr = sc->g_src.s_addr = INADDR_ANY;
181 sc->g_proto = IPPROTO_GRE;
182 sc->sc_if.if_flags |= IFF_LINK0;
185 if_attach(&sc->sc_if, NULL);
186 bpfattach(&sc->sc_if, DLT_NULL, sizeof(u_int32_t));
187 LIST_INSERT_HEAD(&gre_softc_list, sc, sc_list);
192 gre_clone_destroy(struct ifnet *ifp)
194 struct gre_softc *sc = ifp->if_softc;
197 if (sc->encap != NULL)
198 encap_detach(sc->encap);
200 LIST_REMOVE(sc, sc_list);
208 * The output routine. Takes a packet and encapsulates it in the protocol
209 * given by sc->g_proto. See also RFC 1701 and RFC 2004
212 gre_output_serialized(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
216 struct gre_softc *sc = ifp->if_softc;
221 struct mobile_h mob_h;
224 * gre may cause infinite recursion calls when misconfigured.
225 * We'll prevent this by introducing upper limit.
227 if (++(sc->called) > max_gre_nesting) {
228 kprintf("%s: gre_output: recursively called too many "
229 "times(%d)\n", if_name(&sc->sc_if), sc->called);
231 error = EIO; /* is there better errno? */
235 if ((ifp->if_flags & (IFF_UP | IFF_RUNNING)) == 0 ||
236 sc->g_src.s_addr == INADDR_ANY || sc->g_dst.s_addr == INADDR_ANY) {
247 uint32_t af = dst->sa_family;
249 bpf_ptap(ifp->if_bpf, m, &af, sizeof(af));
252 m->m_flags &= ~(M_BCAST|M_MCAST);
254 if (sc->g_proto == IPPROTO_MOBILE) {
255 if (dst->sa_family == AF_INET) {
259 ip = mtod(m, struct ip *);
262 * RFC2004 specifies that fragmented datagrams shouldn't
265 if (ip->ip_off & (IP_MF | IP_OFFMASK)) {
266 IF_DROP(&ifp->if_snd);
268 error = EINVAL; /* is there better errno? */
271 memset(&mob_h, 0, MOB_H_SIZ_L);
272 mob_h.proto = (ip->ip_p) << 8;
273 mob_h.odst = ip->ip_dst.s_addr;
274 ip->ip_dst.s_addr = sc->g_dst.s_addr;
277 * If the packet comes from our host, we only change
278 * the destination address in the IP header.
279 * Else we also need to save and change the source
281 if (in_hosteq(ip->ip_src, sc->g_src)) {
284 mob_h.proto |= MOB_H_SBIT;
285 mob_h.osrc = ip->ip_src.s_addr;
286 ip->ip_src.s_addr = sc->g_src.s_addr;
289 mob_h.proto = htons(mob_h.proto);
290 mob_h.hcrc = gre_in_cksum((u_short *)&mob_h, msiz);
292 if ((m->m_data - msiz) < m->m_pktdat) {
294 MGETHDR(m0, MB_DONTWAIT, MT_HEADER);
296 IF_DROP(&ifp->if_snd);
302 m->m_data += sizeof(struct ip);
303 m->m_len -= sizeof(struct ip);
304 m0->m_pkthdr.len = m->m_pkthdr.len + msiz;
305 m0->m_len = msiz + sizeof(struct ip);
306 m0->m_data += max_linkhdr;
307 memcpy(mtod(m0, caddr_t), (caddr_t)ip,
310 } else { /* we have some space left in the old one */
313 m->m_pkthdr.len += msiz;
314 bcopy(ip, mtod(m, caddr_t),
317 ip = mtod(m, struct ip *);
318 memcpy((caddr_t)(ip + 1), &mob_h, (unsigned)msiz);
319 ip->ip_len = ntohs(ip->ip_len) + msiz;
320 } else { /* AF_INET */
321 IF_DROP(&ifp->if_snd);
326 } else if (sc->g_proto == IPPROTO_GRE) {
327 switch (dst->sa_family) {
329 ip = mtod(m, struct ip *);
330 etype = ETHERTYPE_IP;
334 etype = ETHERTYPE_ATALK;
339 etype = ETHERTYPE_NS;
343 IF_DROP(&ifp->if_snd);
345 error = EAFNOSUPPORT;
348 M_PREPEND(m, sizeof(struct greip), MB_DONTWAIT);
350 IF_DROP(&ifp->if_snd);
356 if (m == NULL) { /* impossible */
357 IF_DROP(&ifp->if_snd);
362 gh = mtod(m, struct greip *);
363 if (sc->g_proto == IPPROTO_GRE) {
364 /* we don't have any GRE flags for now */
366 memset((void *)&gh->gi_g, 0, sizeof(struct gre_h));
367 gh->gi_ptype = htons(etype);
370 gh->gi_pr = sc->g_proto;
371 if (sc->g_proto != IPPROTO_MOBILE) {
372 gh->gi_src = sc->g_src;
373 gh->gi_dst = sc->g_dst;
374 ((struct ip*)gh)->ip_hl = (sizeof(struct ip)) >> 2;
375 ((struct ip*)gh)->ip_ttl = GRE_TTL;
376 ((struct ip*)gh)->ip_tos = ip->ip_tos;
377 ((struct ip*)gh)->ip_id = ip->ip_id;
378 gh->gi_len = m->m_pkthdr.len;
382 ifp->if_obytes += m->m_pkthdr.len;
384 error = ip_output(m, NULL, &sc->route, 0, NULL, NULL);
393 gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
398 lwkt_serialize_enter(ifp->if_serializer);
399 error = gre_output_serialized(ifp, m, dst, rt);
400 lwkt_serialize_exit(ifp->if_serializer);
406 gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
408 struct ifreq *ifr = (struct ifreq *)data;
409 struct if_laddrreq *lifr = (struct if_laddrreq *)data;
410 struct in_aliasreq *aifr = (struct in_aliasreq *)data;
411 struct gre_softc *sc = ifp->if_softc;
412 struct sockaddr_in si;
413 struct sockaddr *sa = NULL;
415 struct sockaddr_in sp, sm, dp, dm;
422 ifp->if_flags |= IFF_UP;
427 if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
429 if ((ifr->ifr_flags & IFF_LINK0) != 0)
430 sc->g_proto = IPPROTO_GRE;
432 sc->g_proto = IPPROTO_MOBILE;
435 if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
437 if (ifr->ifr_mtu < 576) {
441 ifp->if_mtu = ifr->ifr_mtu;
444 ifr->ifr_mtu = sc->sc_if.if_mtu;
448 if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
451 error = EAFNOSUPPORT;
454 switch (ifr->ifr_addr.sa_family) {
460 error = EAFNOSUPPORT;
465 if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
467 sc->g_proto = ifr->ifr_flags;
468 switch (sc->g_proto) {
470 ifp->if_flags |= IFF_LINK0;
473 ifp->if_flags &= ~IFF_LINK0;
476 error = EPROTONOSUPPORT;
481 ifr->ifr_flags = sc->g_proto;
485 if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
488 * set tunnel endpoints, compute a less specific route
489 * to the remote end and mark if as up
492 if (cmd == GRESADDRS)
493 sc->g_src = (satosin(sa))->sin_addr;
494 if (cmd == GRESADDRD)
495 sc->g_dst = (satosin(sa))->sin_addr;
498 if (sc->encap != NULL) {
499 encap_detach(sc->encap);
503 if ((sc->g_src.s_addr != INADDR_ANY) &&
504 (sc->g_dst.s_addr != INADDR_ANY)) {
505 bzero(&sp, sizeof(sp));
506 bzero(&sm, sizeof(sm));
507 bzero(&dp, sizeof(dp));
508 bzero(&dm, sizeof(dm));
509 sp.sin_len = sm.sin_len = dp.sin_len = dm.sin_len =
510 sizeof(struct sockaddr_in);
511 sp.sin_family = sm.sin_family = dp.sin_family =
512 dm.sin_family = AF_INET;
513 sp.sin_addr = sc->g_src;
514 dp.sin_addr = sc->g_dst;
515 sm.sin_addr.s_addr = dm.sin_addr.s_addr =
518 sc->encap = encap_attach(AF_INET, sc->g_proto,
519 sintosa(&sp), sintosa(&sm), sintosa(&dp),
520 sintosa(&dm), (sc->g_proto == IPPROTO_GRE) ?
521 &in_gre_protosw : &in_mobile_protosw, sc);
522 if (sc->encap == NULL)
523 kprintf("%s: unable to attach encap\n",
524 if_name(&sc->sc_if));
526 if (sc->route.ro_rt != 0) /* free old route */
527 RTFREE(sc->route.ro_rt);
528 if (gre_compute_route(sc) == 0)
529 ifp->if_flags |= IFF_RUNNING;
531 ifp->if_flags &= ~IFF_RUNNING;
535 memset(&si, 0, sizeof(si));
536 si.sin_family = AF_INET;
537 si.sin_len = sizeof(struct sockaddr_in);
538 si.sin_addr.s_addr = sc->g_src.s_addr;
543 memset(&si, 0, sizeof(si));
544 si.sin_family = AF_INET;
545 si.sin_len = sizeof(struct sockaddr_in);
546 si.sin_addr.s_addr = sc->g_dst.s_addr;
551 if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
553 if (aifr->ifra_addr.sin_family != AF_INET ||
554 aifr->ifra_dstaddr.sin_family != AF_INET) {
555 error = EAFNOSUPPORT;
558 if (aifr->ifra_addr.sin_len != sizeof(si) ||
559 aifr->ifra_dstaddr.sin_len != sizeof(si)) {
563 sc->g_src = aifr->ifra_addr.sin_addr;
564 sc->g_dst = aifr->ifra_dstaddr.sin_addr;
566 case SIOCSLIFPHYADDR:
567 if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
569 if (lifr->addr.ss_family != AF_INET ||
570 lifr->dstaddr.ss_family != AF_INET) {
571 error = EAFNOSUPPORT;
574 if (lifr->addr.ss_len != sizeof(si) ||
575 lifr->dstaddr.ss_len != sizeof(si)) {
579 sc->g_src = (satosin((struct sockadrr *)&lifr->addr))->sin_addr;
581 (satosin((struct sockadrr *)&lifr->dstaddr))->sin_addr;
584 if ((error = priv_check_cred(cr, PRIV_ROOT, NULL_CRED_OKAY)) != 0)
586 sc->g_src.s_addr = INADDR_ANY;
587 sc->g_dst.s_addr = INADDR_ANY;
589 case SIOCGLIFPHYADDR:
590 if (sc->g_src.s_addr == INADDR_ANY ||
591 sc->g_dst.s_addr == INADDR_ANY) {
592 error = EADDRNOTAVAIL;
595 memset(&si, 0, sizeof(si));
596 si.sin_family = AF_INET;
597 si.sin_len = sizeof(struct sockaddr_in);
598 si.sin_addr.s_addr = sc->g_src.s_addr;
599 memcpy(&lifr->addr, &si, sizeof(si));
600 si.sin_addr.s_addr = sc->g_dst.s_addr;
601 memcpy(&lifr->dstaddr, &si, sizeof(si));
603 case SIOCGIFPSRCADDR:
604 if (sc->g_src.s_addr == INADDR_ANY) {
605 error = EADDRNOTAVAIL;
608 memset(&si, 0, sizeof(si));
609 si.sin_family = AF_INET;
610 si.sin_len = sizeof(struct sockaddr_in);
611 si.sin_addr.s_addr = sc->g_src.s_addr;
612 bcopy(&si, &ifr->ifr_addr, sizeof(ifr->ifr_addr));
614 case SIOCGIFPDSTADDR:
615 if (sc->g_dst.s_addr == INADDR_ANY) {
616 error = EADDRNOTAVAIL;
619 memset(&si, 0, sizeof(si));
620 si.sin_family = AF_INET;
621 si.sin_len = sizeof(struct sockaddr_in);
622 si.sin_addr.s_addr = sc->g_dst.s_addr;
623 bcopy(&si, &ifr->ifr_addr, sizeof(ifr->ifr_addr));
635 * computes a route to our destination that is not the one
636 * which would be taken by ip_output(), as this one will loop back to
637 * us. If the interface is p2p as a--->b, then a routing entry exists
638 * If we now send a packet to b (e.g. ping b), this will come down here
639 * gets src=a, dst=b tacked on and would from ip_ouput() sent back to
641 * Goal here is to compute a route to b that is less specific than
642 * a-->b. We know that this one exists as in normal operation we have
643 * at least a default route which matches.
646 gre_compute_route(struct gre_softc *sc)
653 memset(ro, 0, sizeof(struct route));
654 ((struct sockaddr_in *)&ro->ro_dst)->sin_addr = sc->g_dst;
655 ro->ro_dst.sa_family = AF_INET;
656 ro->ro_dst.sa_len = sizeof(ro->ro_dst);
659 * toggle last bit, so our interface is not found, but a less
660 * specific route. I'd rather like to specify a shorter mask,
661 * but this is not possible. Should work though. XXX
662 * there is a simpler way ...
664 if ((sc->sc_if.if_flags & IFF_LINK1) == 0) {
665 a = ntohl(sc->g_dst.s_addr);
670 ((struct sockaddr_in *)&ro->ro_dst)->sin_addr.s_addr
675 kprintf("%s: searching a route to %s", if_name(&sc->sc_if),
676 inet_ntoa(((struct sockaddr_in *)&ro->ro_dst)->sin_addr));
682 * check if this returned a route at all and this route is no
683 * recursion to ourself
685 if (ro->ro_rt == NULL || ro->ro_rt->rt_ifp->if_softc == sc) {
687 if (ro->ro_rt == NULL)
688 kprintf(" - no route found!\n");
690 kprintf(" - route loops back to ourself!\n");
692 return EADDRNOTAVAIL;
696 * now change it back - else ip_output will just drop
697 * the route and search one to this interface ...
699 if ((sc->sc_if.if_flags & IFF_LINK1) == 0)
700 ((struct sockaddr_in *)&ro->ro_dst)->sin_addr = sc->g_dst;
703 kprintf(", choosing %s with gateway %s", if_name(ro->ro_rt->rt_ifp),
704 inet_ntoa(((struct sockaddr_in *)(ro->ro_rt->rt_gateway))->sin_addr));
712 * do a checksum of a buffer - much like in_cksum, which operates on
716 gre_in_cksum(u_short *p, u_int len)
719 int nwords = len >> 1;
721 while (nwords-- != 0)
729 u.c[0] = *(u_char *)p;
734 /* end-around-carry */
735 sum = (sum >> 16) + (sum & 0xffff);
741 gremodevent(module_t mod, int type, void *data)
749 if_clone_detach(&gre_cloner);
751 while (!LIST_EMPTY(&gre_softc_list))
752 gre_clone_destroy(&LIST_FIRST(&gre_softc_list)->sc_if);
759 static moduledata_t gre_mod = {
765 DECLARE_MODULE(if_gre, gre_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
766 MODULE_VERSION(if_gre, 1);
polachok's projects / dragonfly.git / blob