]> git.saurik.com Git - apple/xnu.git/blob - bsd/netinet/in_gif.c
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-1228.7.58.tar.gz
[apple/xnu.git] / bsd / netinet / in_gif.c
1 /*
2 * Copyright (c) 2000-2007 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /* $KAME: in_gif.c,v 1.54 2001/05/14 14:02:16 itojun Exp $ */
29
30 /*
31 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
32 * All rights reserved.
33 *
34 * Redistribution and use in source and binary forms, with or without
35 * modification, are permitted provided that the following conditions
36 * are met:
37 * 1. Redistributions of source code must retain the above copyright
38 * notice, this list of conditions and the following disclaimer.
39 * 2. Redistributions in binary form must reproduce the above copyright
40 * notice, this list of conditions and the following disclaimer in the
41 * documentation and/or other materials provided with the distribution.
42 * 3. Neither the name of the project nor the names of its contributors
43 * may be used to endorse or promote products derived from this software
44 * without specific prior written permission.
45 *
46 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
47 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
48 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
49 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
50 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
51 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
52 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
53 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
54 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
55 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
56 * SUCH DAMAGE.
57 */
58
59
60 #include <sys/param.h>
61 #include <sys/systm.h>
62 #include <sys/socket.h>
63 #include <sys/sockio.h>
64 #include <sys/mbuf.h>
65 #include <sys/errno.h>
66 #include <sys/kernel.h>
67 #include <sys/sysctl.h>
68
69 #include <sys/malloc.h>
70 #include <libkern/OSAtomic.h>
71
72 #include <net/if.h>
73 #include <net/route.h>
74
75 #include <netinet/in.h>
76 #include <netinet/in_systm.h>
77 #include <netinet/ip.h>
78 #include <netinet/ip_var.h>
79 #include <netinet/in_gif.h>
80 #include <netinet/in_var.h>
81 #include <netinet/ip_encap.h>
82 #include <netinet/ip_ecn.h>
83
84 #if INET6
85 #include <netinet/ip6.h>
86 #endif
87
88 #if MROUTING
89 #include <netinet/ip_mroute.h>
90 #endif /* MROUTING */
91
92 #include <net/if_gif.h>
93
94 #include <net/net_osdep.h>
95
96 extern u_long route_generation;
97
98 int ip_gif_ttl = GIF_TTL;
99 SYSCTL_INT(_net_inet_ip, IPCTL_GIF_TTL, gifttl, CTLFLAG_RW,
100 &ip_gif_ttl, 0, "");
101
102 int
103 in_gif_output(
104 struct ifnet *ifp,
105 int family,
106 struct mbuf *m,
107 __unused struct rtentry *rt)
108 {
109 struct gif_softc *sc = ifnet_softc(ifp);
110 struct sockaddr_in *dst = (struct sockaddr_in *)&sc->gif_ro.ro_dst;
111 struct sockaddr_in *sin_src = (struct sockaddr_in *)sc->gif_psrc;
112 struct sockaddr_in *sin_dst = (struct sockaddr_in *)sc->gif_pdst;
113 struct ip iphdr; /* capsule IP header, host byte ordered */
114 int proto, error;
115 u_int8_t tos;
116
117 if (sin_src == NULL || sin_dst == NULL ||
118 sin_src->sin_family != AF_INET ||
119 sin_dst->sin_family != AF_INET) {
120 m_freem(m);
121 return EAFNOSUPPORT;
122 }
123
124 switch (family) {
125 #if INET
126 case AF_INET:
127 {
128 struct ip *ip;
129
130 proto = IPPROTO_IPV4;
131 if (mbuf_len(m) < sizeof(*ip)) {
132 m = m_pullup(m, sizeof(*ip));
133 if (!m)
134 return ENOBUFS;
135 }
136 ip = mtod(m, struct ip *);
137 tos = ip->ip_tos;
138 break;
139 }
140 #endif /*INET*/
141 #if INET6
142 case AF_INET6:
143 {
144 struct ip6_hdr *ip6;
145 proto = IPPROTO_IPV6;
146 if (mbuf_len(m) < sizeof(*ip6)) {
147 m = m_pullup(m, sizeof(*ip6));
148 if (!m)
149 return ENOBUFS;
150 }
151 ip6 = mtod(m, struct ip6_hdr *);
152 tos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
153 break;
154 }
155 #endif /*INET6*/
156 default:
157 #if DEBUG
158 printf("in_gif_output: warning: unknown family %d passed\n",
159 family);
160 #endif
161 m_freem(m);
162 return EAFNOSUPPORT;
163 }
164
165 bzero(&iphdr, sizeof(iphdr));
166 iphdr.ip_src = sin_src->sin_addr;
167 /* bidirectional configured tunnel mode */
168 if (sin_dst->sin_addr.s_addr != INADDR_ANY)
169 iphdr.ip_dst = sin_dst->sin_addr;
170 else {
171 m_freem(m);
172 return ENETUNREACH;
173 }
174 iphdr.ip_p = proto;
175 /* version will be set in ip_output() */
176 iphdr.ip_ttl = ip_gif_ttl;
177 iphdr.ip_len = m->m_pkthdr.len + sizeof(struct ip);
178 if (ifp->if_flags & IFF_LINK1)
179 ip_ecn_ingress(ECN_ALLOWED, &iphdr.ip_tos, &tos);
180 else
181 ip_ecn_ingress(ECN_NOCARE, &iphdr.ip_tos, &tos);
182
183 /* prepend new IP header */
184 M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
185 if (m && mbuf_len(m) < sizeof(struct ip))
186 m = m_pullup(m, sizeof(struct ip));
187 if (m == NULL) {
188 printf("ENOBUFS in in_gif_output %d\n", __LINE__);
189 return ENOBUFS;
190 }
191 bcopy(&iphdr, mtod(m, struct ip *), sizeof(struct ip));
192
193 if (dst->sin_family != sin_dst->sin_family ||
194 dst->sin_addr.s_addr != sin_dst->sin_addr.s_addr ||
195 (sc->gif_ro.ro_rt != NULL &&
196 (sc->gif_ro.ro_rt->generation_id != route_generation ||
197 sc->gif_ro.ro_rt->rt_ifp == ifp))) {
198 /* cache route doesn't match */
199 dst->sin_family = sin_dst->sin_family;
200 dst->sin_len = sizeof(struct sockaddr_in);
201 dst->sin_addr = sin_dst->sin_addr;
202 if (sc->gif_ro.ro_rt) {
203 rtfree(sc->gif_ro.ro_rt);
204 sc->gif_ro.ro_rt = NULL;
205 }
206 #if 0
207 sc->gif_if.if_mtu = GIF_MTU;
208 #endif
209 }
210
211 if (sc->gif_ro.ro_rt == NULL) {
212 rtalloc(&sc->gif_ro);
213 if (sc->gif_ro.ro_rt == NULL) {
214 m_freem(m);
215 return ENETUNREACH;
216 }
217
218 /* if it constitutes infinite encapsulation, punt. */
219 if (sc->gif_ro.ro_rt->rt_ifp == ifp) {
220 m_freem(m);
221 return ENETUNREACH; /*XXX*/
222 }
223 #if 0
224 ifp->if_mtu = sc->gif_ro.ro_rt->rt_ifp->if_mtu
225 - sizeof(struct ip);
226 #endif
227 }
228
229 error = ip_output(m, NULL, &sc->gif_ro, 0, NULL, NULL);
230 return(error);
231 }
232
233 void
234 in_gif_input(m, off)
235 struct mbuf *m;
236 int off;
237 {
238 struct ifnet *gifp = NULL;
239 struct ip *ip;
240 int af, proto;
241 u_int8_t otos;
242
243 ip = mtod(m, struct ip *);
244 proto = ip->ip_p;
245
246
247 gifp = ((struct gif_softc*)encap_getarg(m))->gif_if;
248
249 if (gifp == NULL || (gifp->if_flags & IFF_UP) == 0) {
250 m_freem(m);
251 OSAddAtomic(1, (SInt32*)&ipstat.ips_nogif);
252 return;
253 }
254
255 otos = ip->ip_tos;
256 m_adj(m, off);
257
258 switch (proto) {
259 #if INET
260 case IPPROTO_IPV4:
261 {
262 af = AF_INET;
263 if (mbuf_len(m) < sizeof(*ip)) {
264 m = m_pullup(m, sizeof(*ip));
265 if (!m)
266 return;
267 }
268 ip = mtod(m, struct ip *);
269 if (gifp->if_flags & IFF_LINK1)
270 ip_ecn_egress(ECN_ALLOWED, &otos, &ip->ip_tos);
271 else
272 ip_ecn_egress(ECN_NOCARE, &otos, &ip->ip_tos);
273 break;
274 }
275 #endif
276 #if INET6
277 case IPPROTO_IPV6:
278 {
279 struct ip6_hdr *ip6;
280 u_int8_t itos;
281 af = AF_INET6;
282 if (mbuf_len(m) < sizeof(*ip6)) {
283 m = m_pullup(m, sizeof(*ip6));
284 if (!m)
285 return;
286 }
287 ip6 = mtod(m, struct ip6_hdr *);
288 itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
289 if (gifp->if_flags & IFF_LINK1)
290 ip_ecn_egress(ECN_ALLOWED, &otos, &itos);
291 else
292 ip_ecn_egress(ECN_NOCARE, &otos, &itos);
293 ip6->ip6_flow &= ~htonl(0xff << 20);
294 ip6->ip6_flow |= htonl((u_int32_t)itos << 20);
295 break;
296 }
297 #endif /* INET6 */
298 default:
299 OSAddAtomic(1, (SInt32*)&ipstat.ips_nogif);
300 m_freem(m);
301 return;
302 }
303 #ifdef __APPLE__
304 /* Should we free m if dlil_input returns an error? */
305 if (m->m_pkthdr.rcvif) /* replace the rcvif by gifp for dlil to route it correctly */
306 m->m_pkthdr.rcvif = gifp;
307 ifnet_input(gifp, m, NULL);
308 #else
309 gif_input(m, af, gifp);
310 #endif
311 return;
312 }
313
314 static __inline__ void*
315 _cast_non_const(const void * ptr) {
316 union {
317 const void* cval;
318 void* val;
319 } ret;
320
321 ret.cval = ptr;
322 return (ret.val);
323 }
324
325 /*
326 * we know that we are in IFF_UP, outer address available, and outer family
327 * matched the physical addr family. see gif_encapcheck().
328 */
329 int
330 gif_encapcheck4(
331 const struct mbuf *m,
332 __unused int off,
333 __unused int proto,
334 void *arg)
335 {
336 struct ip ip;
337 struct gif_softc *sc;
338 struct sockaddr_in *src, *dst;
339 int addrmatch;
340 struct in_ifaddr *ia4;
341
342 /* sanity check done in caller */
343 sc = (struct gif_softc *)arg;
344 src = (struct sockaddr_in *)sc->gif_psrc;
345 dst = (struct sockaddr_in *)sc->gif_pdst;
346
347 mbuf_copydata(m, 0, sizeof(ip), &ip);
348
349 /* check for address match */
350 addrmatch = 0;
351 if (src->sin_addr.s_addr == ip.ip_dst.s_addr)
352 addrmatch |= 1;
353 if (dst->sin_addr.s_addr == ip.ip_src.s_addr)
354 addrmatch |= 2;
355 if (addrmatch != 3)
356 return 0;
357
358 /* martian filters on outer source - NOT done in ip_input! */
359 if (IN_MULTICAST(ntohl(ip.ip_src.s_addr)))
360 return 0;
361 switch ((ntohl(ip.ip_src.s_addr) & 0xff000000) >> 24) {
362 case 0: case 127: case 255:
363 return 0;
364 }
365 /* reject packets with broadcast on source */
366 lck_mtx_lock(rt_mtx);
367 for (ia4 = TAILQ_FIRST(&in_ifaddrhead); ia4;
368 ia4 = TAILQ_NEXT(ia4, ia_link))
369 {
370 if ((ifnet_flags(ia4->ia_ifa.ifa_ifp) & IFF_BROADCAST) == 0)
371 continue;
372 if (ip.ip_src.s_addr == ia4->ia_broadaddr.sin_addr.s_addr) {
373 lck_mtx_unlock(rt_mtx);
374 return 0;
375 }
376 }
377 lck_mtx_unlock(rt_mtx);
378
379 /* ingress filters on outer source */
380 if ((ifnet_flags(sc->gif_if) & IFF_LINK2) == 0 &&
381 (m->m_flags & M_PKTHDR) != 0 && m->m_pkthdr.rcvif) {
382 struct sockaddr_in sin;
383 struct rtentry *rt;
384
385 bzero(&sin, sizeof(sin));
386 sin.sin_family = AF_INET;
387 sin.sin_len = sizeof(struct sockaddr_in);
388 sin.sin_addr = ip.ip_src;
389 rt = rtalloc1((struct sockaddr *)&sin, 0, 0UL);
390 if (!rt || rt->rt_ifp != m->m_pkthdr.rcvif) {
391 #if 0
392 log(LOG_WARNING, "%s: packet from 0x%x dropped "
393 "due to ingress filter\n", if_name(&sc->gif_if),
394 (u_int32_t)ntohl(sin.sin_addr.s_addr));
395 #endif
396 if (rt)
397 rtfree(rt);
398 return 0;
399 }
400 rtfree(rt);
401 }
402
403 return 32 * 2;
404 }
mirror of XNU