]> git.saurik.com Git - apple/xnu.git/blobdiff - bsd/netinet6/in6_gif.c
xnu-6153.11.26.tar.gz
[apple/xnu.git] / bsd / netinet6 / in6_gif.c
index 6142092c518d1adb8ac279c08a8a5587f0934699..f98fc60e3ce4b7c8c09064862d15cb57f0ae2e3a 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009-2013 Apple Inc. All rights reserved.
+ * Copyright (c) 2009-2016 Apple Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  *
@@ -118,74 +118,77 @@ in6_gif_output(
            sin6_src->sin6_family != AF_INET6 ||
            sin6_dst->sin6_family != AF_INET6) {
                m_freem(m);
-               return (EAFNOSUPPORT);
+               return EAFNOSUPPORT;
        }
 
        switch (family) {
 #if INET
        case AF_INET:
-           {
+       {
                struct ip *ip;
 
                proto = IPPROTO_IPV4;
-               if (mbuf_len(m) < sizeof (*ip)) {
-                       m = m_pullup(m, sizeof (*ip));
-                       if (!m)
-                               return (ENOBUFS);
+               if (mbuf_len(m) < sizeof(*ip)) {
+                       m = m_pullup(m, sizeof(*ip));
+                       if (!m) {
+                               return ENOBUFS;
+                       }
                }
                ip = mtod(m, struct ip *);
                itos = ip->ip_tos;
                break;
-           }
+       }
 #endif
 #if INET6
        case AF_INET6:
-           {
+       {
                proto = IPPROTO_IPV6;
-               if (mbuf_len(m) < sizeof (*ip6)) {
-                       m = m_pullup(m, sizeof (*ip6));
-                       if (!m)
-                               return (ENOBUFS);
+               if (mbuf_len(m) < sizeof(*ip6)) {
+                       m = m_pullup(m, sizeof(*ip6));
+                       if (!m) {
+                               return ENOBUFS;
+                       }
                }
                ip6 = mtod(m, struct ip6_hdr *);
                itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
                break;
-           }
+       }
 #endif
        default:
 #if DEBUG
                printf("in6_gif_output: warning: unknown family %d passed\n",
-                       family);
+                   family);
 #endif
                m_freem(m);
-               return (EAFNOSUPPORT);
+               return EAFNOSUPPORT;
        }
 
        /* prepend new IP header */
-       M_PREPEND(m, sizeof (struct ip6_hdr), M_DONTWAIT);
-       if (m && mbuf_len(m) < sizeof (struct ip6_hdr))
-               m = m_pullup(m, sizeof (struct ip6_hdr));
+       M_PREPEND(m, sizeof(struct ip6_hdr), M_DONTWAIT, 1);
+       if (m && mbuf_len(m) < sizeof(struct ip6_hdr)) {
+               m = m_pullup(m, sizeof(struct ip6_hdr));
+       }
        if (m == NULL) {
                printf("ENOBUFS in in6_gif_output %d\n", __LINE__);
-               return (ENOBUFS);
+               return ENOBUFS;
        }
 
        ip6 = mtod(m, struct ip6_hdr *);
-       ip6->ip6_flow   = 0;
-       ip6->ip6_vfc    &= ~IPV6_VERSION_MASK;
-       ip6->ip6_vfc    |= IPV6_VERSION;
-       ip6->ip6_plen   = htons((u_short)m->m_pkthdr.len);
-       ip6->ip6_nxt    = proto;
-       ip6->ip6_hlim   = ip6_gif_hlim;
-       ip6->ip6_src    = sin6_src->sin6_addr;
+       ip6->ip6_flow   = 0;
+       ip6->ip6_vfc    &= ~IPV6_VERSION_MASK;
+       ip6->ip6_vfc    |= IPV6_VERSION;
+       ip6->ip6_plen   = htons((u_short)m->m_pkthdr.len);
+       ip6->ip6_nxt    = proto;
+       ip6->ip6_hlim   = ip6_gif_hlim;
+       ip6->ip6_src    = sin6_src->sin6_addr;
        /* bidirectional configured tunnel mode */
-       if (!IN6_IS_ADDR_UNSPECIFIED(&sin6_dst->sin6_addr))
+       if (!IN6_IS_ADDR_UNSPECIFIED(&sin6_dst->sin6_addr)) {
                ip6->ip6_dst = sin6_dst->sin6_addr;
-       else  {
+       } else {
                m_freem(m);
-               return (ENETUNREACH);
+               return ENETUNREACH;
        }
-       ip_ecn_ingress((ifp->if_flags & IFF_LINK1) ? ECN_ALLOWED : ECN_NOCARE,
+       ip_ecn_ingress((ifp->if_flags & IFF_LINK1) ? ECN_NORMAL : ECN_NOCARE,
            &otos, &itos);
        ip6->ip6_flow &= ~htonl(0xff << 20);
        ip6->ip6_flow |= htonl((u_int32_t)otos << 20);
@@ -195,9 +198,9 @@ in6_gif_output(
            !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &sin6_dst->sin6_addr) ||
            (sc->gif_ro6.ro_rt != NULL && sc->gif_ro6.ro_rt->rt_ifp == ifp)) {
                /* cache route doesn't match or recursive route */
-               bzero(dst, sizeof (*dst));
+               bzero(dst, sizeof(*dst));
                dst->sin6_family = sin6_dst->sin6_family;
-               dst->sin6_len = sizeof (struct sockaddr_in6);
+               dst->sin6_len = sizeof(struct sockaddr_in6);
                dst->sin6_addr = sin6_dst->sin6_addr;
                ROUTE_RELEASE(&sc->gif_ro6);
 #if 0
@@ -209,18 +212,18 @@ in6_gif_output(
                rtalloc((struct route *)&sc->gif_ro6);
                if (sc->gif_ro6.ro_rt == NULL) {
                        m_freem(m);
-                       return (ENETUNREACH);
+                       return ENETUNREACH;
                }
                RT_LOCK(sc->gif_ro6.ro_rt);
                /* if it constitutes infinite encapsulation, punt. */
                if (sc->gif_ro6.ro_rt->rt_ifp == ifp) {
                        RT_UNLOCK(sc->gif_ro6.ro_rt);
                        m_freem(m);
-                       return (ENETUNREACH); /* XXX */
+                       return ENETUNREACH; /* XXX */
                }
 #if 0
                ifp->if_mtu = sc->gif_ro6.ro_rt->rt_ifp->if_mtu
-                       - sizeof (struct ip6_hdr);
+                   - sizeof(struct ip6_hdr);
 #endif
                RT_UNLOCK(sc->gif_ro6.ro_rt);
        }
@@ -231,9 +234,9 @@ in6_gif_output(
         * it is too painful to ask for resend of inner packet, to achieve
         * path MTU discovery for encapsulated packets.
         */
-       return (ip6_output(m, 0, &sc->gif_ro6, IPV6_MINMTU, 0, NULL, NULL));
+       return ip6_output(m, 0, &sc->gif_ro6, IPV6_MINMTU, 0, NULL, NULL);
 #else
-       return (ip6_output(m, 0, &sc->gif_ro6, 0, 0, NULL, NULL));
+       return ip6_output(m, 0, &sc->gif_ro6, 0, 0, NULL, NULL);
 #endif
 }
 
@@ -245,6 +248,7 @@ in6_gif_input(struct mbuf **mp, int *offp, int proto)
        struct ip6_hdr *ip6;
        int af = 0;
        u_int32_t otos;
+       int egress_success = 0;
 
        ip6 = mtod(m, struct ip6_hdr *);
 
@@ -253,7 +257,7 @@ in6_gif_input(struct mbuf **mp, int *offp, int proto)
        if (gifp == NULL || (gifp->if_flags & IFF_UP) == 0) {
                m_freem(m);
                ip6stat.ip6s_nogif++;
-               return (IPPROTO_DONE);
+               return IPPROTO_DONE;
        }
 
        otos = ip6->ip6_flow;
@@ -262,53 +266,74 @@ in6_gif_input(struct mbuf **mp, int *offp, int proto)
        switch (proto) {
 #if INET
        case IPPROTO_IPV4:
-           {
+       {
                struct ip *ip;
-               u_int8_t otos8;
+               u_int8_t otos8, old_tos;
+               int sum;
+
                af = AF_INET;
                otos8 = (ntohl(otos) >> 20) & 0xff;
-               if (mbuf_len(m) < sizeof (*ip)) {
-                       m = m_pullup(m, sizeof (*ip));
-                       if (!m)
-                               return (IPPROTO_DONE);
+               if (mbuf_len(m) < sizeof(*ip)) {
+                       m = m_pullup(m, sizeof(*ip));
+                       if (!m) {
+                               return IPPROTO_DONE;
+                       }
                }
                ip = mtod(m, struct ip *);
-               if (gifp->if_flags & IFF_LINK1)
-                       ip_ecn_egress(ECN_ALLOWED, &otos8, &ip->ip_tos);
-               else
-                       ip_ecn_egress(ECN_NOCARE, &otos8, &ip->ip_tos);
+               if (gifp->if_flags & IFF_LINK1) {
+                       old_tos = ip->ip_tos;
+                       egress_success = ip_ecn_egress(ECN_NORMAL, &otos8, &ip->ip_tos);
+                       if (old_tos != ip->ip_tos) {
+                               sum = ~ntohs(ip->ip_sum) & 0xffff;
+                               sum += (~old_tos & 0xffff) + ip->ip_tos;
+                               sum = (sum >> 16) + (sum & 0xffff);
+                               sum += (sum >> 16); /* add carry */
+                               ip->ip_sum = htons(~sum & 0xffff);
+                       }
+               } else {
+                       egress_success = ip_ecn_egress(ECN_NOCARE, &otos8, &ip->ip_tos);
+               }
                break;
-           }
+       }
 #endif /* INET */
 #if INET6
        case IPPROTO_IPV6:
-           {
+       {
                af = AF_INET6;
-               if (mbuf_len(m) < sizeof (*ip6)) {
-                       m = m_pullup(m, sizeof (*ip6));
-                       if (!m)
-                               return (IPPROTO_DONE);
+               if (mbuf_len(m) < sizeof(*ip6)) {
+                       m = m_pullup(m, sizeof(*ip6));
+                       if (!m) {
+                               return IPPROTO_DONE;
+                       }
                }
                ip6 = mtod(m, struct ip6_hdr *);
-               if (gifp->if_flags & IFF_LINK1)
-                       ip6_ecn_egress(ECN_ALLOWED, &otos, &ip6->ip6_flow);
-               else
-                       ip6_ecn_egress(ECN_NOCARE, &otos, &ip6->ip6_flow);
+               if (gifp->if_flags & IFF_LINK1) {
+                       egress_success = ip6_ecn_egress(ECN_NORMAL, &otos, &ip6->ip6_flow);
+               } else {
+                       egress_success = ip6_ecn_egress(ECN_NOCARE, &otos, &ip6->ip6_flow);
+               }
                break;
-           }
+       }
 #endif
        default:
                ip6stat.ip6s_nogif++;
                m_freem(m);
-               return (IPPROTO_DONE);
+               return IPPROTO_DONE;
+       }
+
+       if (egress_success == 0) {
+               ip6stat.ip6s_nogif++;
+               m_freem(m);
+               return IPPROTO_DONE;
        }
 
        /* Replace the rcvif by gifp for ifnet_input to route it correctly */
-       if (m->m_pkthdr.rcvif)
+       if (m->m_pkthdr.rcvif) {
                m->m_pkthdr.rcvif = gifp;
+       }
 
        ifnet_input(gifp, m, NULL);
-       return (IPPROTO_DONE);
+       return IPPROTO_DONE;
 }
 
 /*
@@ -331,8 +356,9 @@ gif_validate6(
         * and the *destination* address of the packet, and vice versa.
         */
        if (!IN6_ARE_ADDR_EQUAL(&src->sin6_addr, &ip6->ip6_dst) ||
-           !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &ip6->ip6_src))
-               return (0);
+           !IN6_ARE_ADDR_EQUAL(&dst->sin6_addr, &ip6->ip6_src)) {
+               return 0;
+       }
 
        /* martian filters on outer source - done in ip6_input */
 
@@ -341,14 +367,15 @@ gif_validate6(
                struct sockaddr_in6 sin6;
                struct rtentry *rt;
 
-               bzero(&sin6, sizeof (sin6));
+               bzero(&sin6, sizeof(sin6));
                sin6.sin6_family = AF_INET6;
-               sin6.sin6_len = sizeof (struct sockaddr_in6);
+               sin6.sin6_len = sizeof(struct sockaddr_in6);
                sin6.sin6_addr = ip6->ip6_src;
 
                rt = rtalloc1((struct sockaddr *)&sin6, 0, 0);
-               if (rt != NULL)
+               if (rt != NULL) {
                        RT_LOCK(rt);
+               }
                if (!rt || rt->rt_ifp != ifp) {
 #if 0
                        log(LOG_WARNING, "%s: packet from %s dropped "
@@ -359,13 +386,13 @@ gif_validate6(
                                RT_UNLOCK(rt);
                                rtfree(rt);
                        }
-                       return (0);
+                       return 0;
                }
                RT_UNLOCK(rt);
                rtfree(rt);
        }
 
-       return (128 * 2);
+       return 128 * 2;
 }
 
 /*
@@ -389,8 +416,8 @@ gif_encapcheck6(
 
        GIF_LOCK_ASSERT(sc);
 
-       mbuf_copydata((struct mbuf *)(size_t)m, 0, sizeof (ip6), &ip6);
+       mbuf_copydata((struct mbuf *)(size_t)m, 0, sizeof(ip6), &ip6);
        ifp = ((m->m_flags & M_PKTHDR) != 0) ? m->m_pkthdr.rcvif : NULL;
 
-       return (gif_validate6(&ip6, sc, ifp));
+       return gif_validate6(&ip6, sc, ifp);
 }