2 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the project nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * $FreeBSD: src/sys/net/if_gif.c,v 1.4.2.15 2002/11/08 16:57:13 ume Exp $
30 * $DragonFly: src/sys/net/gif/if_gif.c,v 1.21 2008/05/14 11:59:23 sephe Exp $
31 * $KAME: if_gif.c,v 1.87 2001/10/19 08:50:27 itojun Exp $
35 #include "opt_inet6.h"
37 #include <sys/param.h>
38 #include <sys/systm.h>
39 #include <sys/kernel.h>
41 #include <sys/malloc.h>
43 #include <sys/socket.h>
44 #include <sys/sockio.h>
45 #include <sys/errno.h>
47 #include <sys/sysctl.h>
48 #include <sys/syslog.h>
49 #include <sys/protosw.h>
51 #include <sys/thread2.h>
53 #include <machine/cpu.h>
56 #include <net/if_types.h>
57 #include <net/ifq_var.h>
58 #include <net/netisr2.h>
59 #include <net/route.h>
61 #include <net/if_clone.h>
63 #include <netinet/in.h>
64 #include <netinet/in_systm.h>
65 #include <netinet/ip.h>
67 #include <netinet/in_var.h>
68 #include <netinet/in_gif.h>
69 #include <netinet/ip_var.h>
74 #include <netinet/in.h>
76 #include <netinet6/in6_var.h>
77 #include <netinet/ip6.h>
78 #include <netinet6/ip6_var.h>
79 #include <netinet6/in6_gif.h>
80 #include <netinet6/ip6protosw.h>
83 #include <netinet/ip_encap.h>
86 #include <net/net_osdep.h>
90 static MALLOC_DEFINE(M_GIF, "gif", "Generic Tunnel Interface");
91 LIST_HEAD(, gif_softc) gif_softc_list;
93 int gif_clone_create(struct if_clone *, int, caddr_t, caddr_t);
94 int gif_clone_destroy(struct ifnet *);
96 struct if_clone gif_cloner = IF_CLONE_INITIALIZER("gif", gif_clone_create,
97 gif_clone_destroy, 0, IF_MAXUNIT);
99 static int gifmodevent(module_t, int, void *);
100 static void gif_clear_cache(struct gif_softc *sc);
102 SYSCTL_DECL(_net_link);
103 SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0,
104 "Generic Tunnel Interface");
108 * This macro controls the default upper limitation on nesting of gif tunnels.
109 * Since, setting a large value to this macro with a careless configuration
110 * may introduce system crash, we don't allow any nestings by default.
111 * If you need to configure nested gif tunnels, you can define this macro
112 * in your kernel configuration file. However, if you do so, please be
113 * careful to configure the tunnels so that it won't make a loop.
115 #define MAX_GIF_NEST 1
117 static int max_gif_nesting = MAX_GIF_NEST;
118 SYSCTL_INT(_net_link_gif, OID_AUTO, max_nesting, CTLFLAG_RW,
119 &max_gif_nesting, 0, "Max nested tunnels");
122 * By default, we disallow creation of multiple tunnels between the same
123 * pair of addresses. Some applications require this functionality so
124 * we allow control over this check here.
127 static int parallel_tunnels = 1;
129 static int parallel_tunnels = 0;
131 SYSCTL_INT(_net_link_gif, OID_AUTO, parallel_tunnels, CTLFLAG_RW,
132 ¶llel_tunnels, 0, "Allow parallel tunnels?");
136 gif_clone_create(struct if_clone *ifc, int unit,
137 caddr_t params __unused, caddr_t data __unused)
139 struct gif_softc *sc;
141 sc = kmalloc (sizeof(struct gif_softc), M_GIF, M_WAITOK | M_ZERO);
143 sc->gif_if.if_softc = sc;
144 if_initname(&(sc->gif_if), GIFNAME, unit);
148 LIST_INSERT_HEAD(&gif_softc_list, sc, gif_list);
153 gifattach0(struct gif_softc *sc)
156 sc->encap_cookie4 = sc->encap_cookie6 = NULL;
158 sc->gif_if.if_addrlen = 0;
159 sc->gif_if.if_mtu = GIF_MTU;
160 sc->gif_if.if_flags = IFF_POINTOPOINT | IFF_MULTICAST;
162 /* turn off ingress filter */
163 sc->gif_if.if_flags |= IFF_LINK2;
165 sc->gif_if.if_ioctl = gif_ioctl;
166 sc->gif_if.if_output = gif_output;
167 sc->gif_if.if_type = IFT_GIF;
168 ifq_set_maxlen(&sc->gif_if.if_snd, IFQ_MAXLEN);
169 if_attach(&sc->gif_if, NULL);
170 bpfattach(&sc->gif_if, DLT_NULL, sizeof(u_int));
174 gif_clone_destroy(struct ifnet *ifp)
176 struct gif_softc *sc = ifp->if_softc;
179 gif_delete_tunnel(&sc->gif_if);
180 LIST_REMOVE(sc, gif_list);
182 if (sc->encap_cookie6 != NULL) {
183 err = encap_detach(sc->encap_cookie6);
184 KASSERT(err == 0, ("Unexpected error detaching encap_cookie6"));
188 if (sc->encap_cookie4 != NULL) {
189 err = encap_detach(sc->encap_cookie4);
190 KASSERT(err == 0, ("Unexpected error detaching encap_cookie4"));
204 gif_clear_cache(struct gif_softc *sc)
209 for (n = 0; n < netisr_ncpus; ++n) {
210 rt = sc->gif_ro[n].ro_rt;
212 KASSERT(rt->rt_cpuid == n,
213 ("inet rt for cpu%d installed on cpu%d slot",
216 sc->gif_ro[n].ro_rt = NULL;
219 rt = sc->gif_ro6[n].ro_rt;
221 KASSERT(rt->rt_cpuid == n,
222 ("inet6 rt for cpu%d installed on cpu%d slot",
225 sc->gif_ro6[n].ro_rt = NULL;
232 gifmodevent(module_t mod, int type, void *data)
237 LIST_INIT(&gif_softc_list);
238 if_clone_attach(&gif_cloner);
241 ip6_gif_hlim = GIF_HLIM;
246 if_clone_detach(&gif_cloner);
248 while (!LIST_EMPTY(&gif_softc_list))
249 gif_clone_destroy(&LIST_FIRST(&gif_softc_list)->gif_if);
259 static moduledata_t gif_mod = {
265 DECLARE_MODULE(if_gif, gif_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
268 gif_encapcheck(const struct mbuf *m, int off, int proto, void *arg)
271 struct gif_softc *sc;
273 sc = (struct gif_softc *)arg;
277 if ((sc->gif_if.if_flags & IFF_UP) == 0)
280 /* no physical address */
281 if (!sc->gif_psrc || !sc->gif_pdst)
297 /* Bail on short packets */
298 if (m->m_pkthdr.len < sizeof(ip))
301 m_copydata(m, 0, sizeof(ip), (caddr_t)&ip);
306 if (sc->gif_psrc->sa_family != AF_INET ||
307 sc->gif_pdst->sa_family != AF_INET)
309 return gif_encapcheck4(m, off, proto, arg);
313 if (m->m_pkthdr.len < sizeof(struct ip6_hdr))
315 if (sc->gif_psrc->sa_family != AF_INET6 ||
316 sc->gif_pdst->sa_family != AF_INET6)
318 return gif_encapcheck6(m, off, proto, arg);
330 gif_output_serialized(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
333 struct gif_softc *sc = (struct gif_softc*)ifp;
335 static int called = 0; /* XXX: MUTEX */
338 * gif may cause infinite recursion calls when misconfigured.
339 * We'll prevent this by introducing upper limit.
340 * XXX: this mechanism may introduce another problem about
341 * mutual exclusion of the variable CALLED, especially if we
344 if (++called > max_gif_nesting) {
346 "gif_output: recursively called too many times(%d)\n",
349 error = EIO; /* is there better errno? */
353 m->m_flags &= ~(M_BCAST|M_MCAST);
354 if (!(ifp->if_flags & IFF_UP) ||
355 sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
365 * We need to prepend the address family as
368 uint32_t af = dst->sa_family;
370 bpf_ptap(ifp->if_bpf, m, &af, sizeof(af));
374 IFNET_STAT_INC(ifp, opackets, 1);
375 IFNET_STAT_INC(ifp, obytes, m->m_pkthdr.len);
377 /* inner AF-specific encapsulation */
379 /* XXX should we check if our outer source is legal? */
381 /* dispatch to output logic based on outer AF */
382 switch (sc->gif_psrc->sa_family) {
385 error = in_gif_output(ifp, dst->sa_family, m);
390 error = in6_gif_output(ifp, dst->sa_family, m);
400 called = 0; /* reset recursion counter */
402 IFNET_STAT_INC(ifp, oerrors, 1);
407 gif_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst,
410 struct ifaltq_subque *ifsq = ifq_get_subq_default(&ifp->if_snd);
413 ASSERT_NETISR_NCPUS(mycpuid);
415 ifsq_serialize_hw(ifsq);
416 error = gif_output_serialized(ifp, m, dst, rt);
417 ifsq_deserialize_hw(ifsq);
422 gif_input(struct mbuf *m, int af, struct ifnet *ifp)
432 m->m_pkthdr.rcvif = ifp;
438 * We need to prepend the address family as
443 bpf_ptap(ifp->if_bpf, m, &af1, sizeof(af1));
449 * Put the packet to the network layer input queue according to the
450 * specified address family.
451 * Note: older versions of gif_input directly called network layer
452 * input functions, e.g. ip6_input, here. We changed the policy to
453 * prevent too many recursive calls of such input functions, which
454 * might cause kernel panic. But the change may introduce another
455 * problem; if the input queue is full, packets are discarded.
456 * The kernel stack overflow really happened, and we believed
457 * queue-full rarely occurs, so we changed the policy.
475 IFNET_STAT_INC(ifp, ipackets, 1);
476 IFNET_STAT_INC(ifp, ibytes, m->m_pkthdr.len);
477 m->m_flags &= ~M_HASH;
478 netisr_queue(isr, m);
483 /* XXX how should we handle IPv6 scope on SIOC[GS]IFPHYADDR? */
485 gif_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data, struct ucred *cr)
487 struct gif_softc *sc = (struct gif_softc*)ifp;
488 struct ifreq *ifr = (struct ifreq*)data;
490 struct sockaddr *dst, *src;
491 #ifdef SIOCSIFMTU /* xxx */
497 ifp->if_flags |= IFF_UP;
507 #ifdef SIOCSIFMTU /* xxx */
513 if (mtu < GIF_MTU_MIN || mtu > GIF_MTU_MAX)
517 #endif /* SIOCSIFMTU */
523 case SIOCSIFPHYADDR_IN6:
525 case SIOCSLIFPHYADDR:
529 src = (struct sockaddr *)
530 &(((struct in_aliasreq *)data)->ifra_addr);
531 dst = (struct sockaddr *)
532 &(((struct in_aliasreq *)data)->ifra_dstaddr);
536 case SIOCSIFPHYADDR_IN6:
537 src = (struct sockaddr *)
538 &(((struct in6_aliasreq *)data)->ifra_addr);
539 dst = (struct sockaddr *)
540 &(((struct in6_aliasreq *)data)->ifra_dstaddr);
543 case SIOCSLIFPHYADDR:
544 src = (struct sockaddr *)
545 &(((struct if_laddrreq *)data)->addr);
546 dst = (struct sockaddr *)
547 &(((struct if_laddrreq *)data)->dstaddr);
553 /* sa_family must be equal */
554 if (src->sa_family != dst->sa_family)
557 /* validate sa_len */
558 switch (src->sa_family) {
561 if (src->sa_len != sizeof(struct sockaddr_in))
567 if (src->sa_len != sizeof(struct sockaddr_in6))
574 switch (dst->sa_family) {
577 if (dst->sa_len != sizeof(struct sockaddr_in))
583 if (dst->sa_len != sizeof(struct sockaddr_in6))
591 /* check sa_family looks sane for the cmd */
594 if (src->sa_family == AF_INET)
598 case SIOCSIFPHYADDR_IN6:
599 if (src->sa_family == AF_INET6)
603 case SIOCSLIFPHYADDR:
604 /* checks done in the above */
608 error = gif_set_tunnel(&sc->gif_if, src, dst);
611 #ifdef SIOCDIFPHYADDR
613 gif_delete_tunnel(&sc->gif_if);
617 case SIOCGIFPSRCADDR:
619 case SIOCGIFPSRCADDR_IN6:
621 if (sc->gif_psrc == NULL) {
622 error = EADDRNOTAVAIL;
628 case SIOCGIFPSRCADDR:
629 dst = &ifr->ifr_addr;
630 size = sizeof(ifr->ifr_addr);
634 case SIOCGIFPSRCADDR_IN6:
635 dst = (struct sockaddr *)
636 &(((struct in6_ifreq *)data)->ifr_addr);
637 size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
641 error = EADDRNOTAVAIL;
644 if (src->sa_len > size)
646 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
649 case SIOCGIFPDSTADDR:
651 case SIOCGIFPDSTADDR_IN6:
653 if (sc->gif_pdst == NULL) {
654 error = EADDRNOTAVAIL;
660 case SIOCGIFPDSTADDR:
661 dst = &ifr->ifr_addr;
662 size = sizeof(ifr->ifr_addr);
666 case SIOCGIFPDSTADDR_IN6:
667 dst = (struct sockaddr *)
668 &(((struct in6_ifreq *)data)->ifr_addr);
669 size = sizeof(((struct in6_ifreq *)data)->ifr_addr);
673 error = EADDRNOTAVAIL;
676 if (src->sa_len > size)
678 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
681 case SIOCGLIFPHYADDR:
682 if (sc->gif_psrc == NULL || sc->gif_pdst == NULL) {
683 error = EADDRNOTAVAIL;
689 dst = (struct sockaddr *)
690 &(((struct if_laddrreq *)data)->addr);
691 size = sizeof(((struct if_laddrreq *)data)->addr);
692 if (src->sa_len > size)
694 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
698 dst = (struct sockaddr *)
699 &(((struct if_laddrreq *)data)->dstaddr);
700 size = sizeof(((struct if_laddrreq *)data)->dstaddr);
701 if (src->sa_len > size)
703 bcopy((caddr_t)src, (caddr_t)dst, src->sa_len);
707 /* if_ioctl() takes care of it */
719 gif_set_tunnel(struct ifnet *ifp, struct sockaddr *src, struct sockaddr *dst)
721 struct gif_softc *sc = (struct gif_softc *)ifp;
722 struct gif_softc *sc2;
723 struct sockaddr *osrc, *odst, *sa;
728 LIST_FOREACH(sc2, &gif_softc_list, gif_list) {
731 if (!sc2->gif_pdst || !sc2->gif_psrc)
733 if (sc2->gif_pdst->sa_family != dst->sa_family ||
734 sc2->gif_pdst->sa_len != dst->sa_len ||
735 sc2->gif_psrc->sa_family != src->sa_family ||
736 sc2->gif_psrc->sa_len != src->sa_len)
740 * Disallow parallel tunnels unless instructed
743 if (!parallel_tunnels &&
744 bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 &&
745 bcmp(sc2->gif_psrc, src, src->sa_len) == 0) {
746 error = EADDRNOTAVAIL;
750 /* XXX both end must be valid? (I mean, not 0.0.0.0) */
753 /* XXX we can detach from both, but be polite just in case */
755 switch (sc->gif_psrc->sa_family) {
771 sa = (struct sockaddr *)kmalloc(src->sa_len, M_IFADDR, M_WAITOK);
772 bcopy((caddr_t)src, (caddr_t)sa, src->sa_len);
776 sa = (struct sockaddr *)kmalloc(dst->sa_len, M_IFADDR, M_WAITOK);
777 bcopy((caddr_t)dst, (caddr_t)sa, dst->sa_len);
780 switch (sc->gif_psrc->sa_family) {
783 error = in_gif_attach(sc);
788 error = in6_gif_attach(sc);
794 kfree((caddr_t)sc->gif_psrc, M_IFADDR);
795 kfree((caddr_t)sc->gif_pdst, M_IFADDR);
802 kfree((caddr_t)osrc, M_IFADDR);
804 kfree((caddr_t)odst, M_IFADDR);
806 if (sc->gif_psrc && sc->gif_pdst)
807 ifp->if_flags |= IFF_RUNNING;
809 ifp->if_flags &= ~IFF_RUNNING;
815 if (sc->gif_psrc && sc->gif_pdst)
816 ifp->if_flags |= IFF_RUNNING;
818 ifp->if_flags &= ~IFF_RUNNING;
825 gif_delete_tunnel(struct ifnet *ifp)
827 struct gif_softc *sc = (struct gif_softc *)ifp;
832 kfree((caddr_t)sc->gif_psrc, M_IFADDR);
836 kfree((caddr_t)sc->gif_pdst, M_IFADDR);
839 /* it is safe to detach from both */
848 if (sc->gif_psrc && sc->gif_pdst)
849 ifp->if_flags |= IFF_RUNNING;
851 ifp->if_flags &= ~IFF_RUNNING;
projects / dragonfly.git / blob