| @@ -1,875 +1,875 @@ | | | @@ -1,875 +1,875 @@ |
1 | /* $NetBSD: ip_encap.c,v 1.41 2015/04/15 03:38:50 ozaki-r Exp $ */ | | 1 | /* $NetBSD: ip_encap.c,v 1.42 2015/04/15 08:47:28 ozaki-r Exp $ */ |
2 | /* $KAME: ip_encap.c,v 1.73 2001/10/02 08:30:58 itojun Exp $ */ | | 2 | /* $KAME: ip_encap.c,v 1.73 2001/10/02 08:30:58 itojun Exp $ */ |
3 | | | 3 | |
4 | /* | | 4 | /* |
5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | | 5 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
6 | * All rights reserved. | | 6 | * All rights reserved. |
7 | * | | 7 | * |
8 | * Redistribution and use in source and binary forms, with or without | | 8 | * Redistribution and use in source and binary forms, with or without |
9 | * modification, are permitted provided that the following conditions | | 9 | * modification, are permitted provided that the following conditions |
10 | * are met: | | 10 | * are met: |
11 | * 1. Redistributions of source code must retain the above copyright | | 11 | * 1. Redistributions of source code must retain the above copyright |
12 | * notice, this list of conditions and the following disclaimer. | | 12 | * notice, this list of conditions and the following disclaimer. |
13 | * 2. Redistributions in binary form must reproduce the above copyright | | 13 | * 2. Redistributions in binary form must reproduce the above copyright |
14 | * notice, this list of conditions and the following disclaimer in the | | 14 | * notice, this list of conditions and the following disclaimer in the |
15 | * documentation and/or other materials provided with the distribution. | | 15 | * documentation and/or other materials provided with the distribution. |
16 | * 3. Neither the name of the project nor the names of its contributors | | 16 | * 3. Neither the name of the project nor the names of its contributors |
17 | * may be used to endorse or promote products derived from this software | | 17 | * may be used to endorse or promote products derived from this software |
18 | * without specific prior written permission. | | 18 | * without specific prior written permission. |
19 | * | | 19 | * |
20 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND | | 20 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | | 21 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | 22 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | | 23 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
24 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 24 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 25 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 26 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 27 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 28 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 29 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
30 | * SUCH DAMAGE. | | 30 | * SUCH DAMAGE. |
31 | */ | | 31 | */ |
32 | /* | | 32 | /* |
33 | * My grandfather said that there's a devil inside tunnelling technology... | | 33 | * My grandfather said that there's a devil inside tunnelling technology... |
34 | * | | 34 | * |
35 | * We have surprisingly many protocols that want packets with IP protocol | | 35 | * We have surprisingly many protocols that want packets with IP protocol |
36 | * #4 or #41. Here's a list of protocols that want protocol #41: | | 36 | * #4 or #41. Here's a list of protocols that want protocol #41: |
37 | * RFC1933 configured tunnel | | 37 | * RFC1933 configured tunnel |
38 | * RFC1933 automatic tunnel | | 38 | * RFC1933 automatic tunnel |
39 | * RFC2401 IPsec tunnel | | 39 | * RFC2401 IPsec tunnel |
40 | * RFC2473 IPv6 generic packet tunnelling | | 40 | * RFC2473 IPv6 generic packet tunnelling |
41 | * RFC2529 6over4 tunnel | | 41 | * RFC2529 6over4 tunnel |
42 | * RFC3056 6to4 tunnel | | 42 | * RFC3056 6to4 tunnel |
43 | * isatap tunnel | | 43 | * isatap tunnel |
44 | * mobile-ip6 (uses RFC2473) | | 44 | * mobile-ip6 (uses RFC2473) |
45 | * Here's a list of protocol that want protocol #4: | | 45 | * Here's a list of protocol that want protocol #4: |
46 | * RFC1853 IPv4-in-IPv4 tunnelling | | 46 | * RFC1853 IPv4-in-IPv4 tunnelling |
47 | * RFC2003 IPv4 encapsulation within IPv4 | | 47 | * RFC2003 IPv4 encapsulation within IPv4 |
48 | * RFC2344 reverse tunnelling for mobile-ip4 | | 48 | * RFC2344 reverse tunnelling for mobile-ip4 |
49 | * RFC2401 IPsec tunnel | | 49 | * RFC2401 IPsec tunnel |
50 | * Well, what can I say. They impose different en/decapsulation mechanism | | 50 | * Well, what can I say. They impose different en/decapsulation mechanism |
51 | * from each other, so they need separate protocol handler. The only one | | 51 | * from each other, so they need separate protocol handler. The only one |
52 | * we can easily determine by protocol # is IPsec, which always has | | 52 | * we can easily determine by protocol # is IPsec, which always has |
53 | * AH/ESP/IPComp header right after outer IP header. | | 53 | * AH/ESP/IPComp header right after outer IP header. |
54 | * | | 54 | * |
55 | * So, clearly good old protosw does not work for protocol #4 and #41. | | 55 | * So, clearly good old protosw does not work for protocol #4 and #41. |
56 | * The code will let you match protocol via src/dst address pair. | | 56 | * The code will let you match protocol via src/dst address pair. |
57 | */ | | 57 | */ |
58 | /* XXX is M_NETADDR correct? */ | | 58 | /* XXX is M_NETADDR correct? */ |
59 | | | 59 | |
60 | /* | | 60 | /* |
61 | * With USE_RADIX the code will use radix table for tunnel lookup, for | | 61 | * With USE_RADIX the code will use radix table for tunnel lookup, for |
62 | * tunnels registered with encap_attach() with a addr/mask pair. | | 62 | * tunnels registered with encap_attach() with a addr/mask pair. |
63 | * Faster on machines with thousands of tunnel registerations (= interfaces). | | 63 | * Faster on machines with thousands of tunnel registerations (= interfaces). |
64 | * | | 64 | * |
65 | * The code assumes that radix table code can handle non-continuous netmask, | | 65 | * The code assumes that radix table code can handle non-continuous netmask, |
66 | * as it will pass radix table memory region with (src + dst) sockaddr pair. | | 66 | * as it will pass radix table memory region with (src + dst) sockaddr pair. |
67 | * | | 67 | * |
68 | * FreeBSD is excluded here as they make max_keylen a static variable, and | | 68 | * FreeBSD is excluded here as they make max_keylen a static variable, and |
69 | * thus forbid definition of radix table other than proper domains. | | 69 | * thus forbid definition of radix table other than proper domains. |
70 | * | | 70 | * |
71 | * !!!!!!! | | 71 | * !!!!!!! |
72 | * !!NOTE: dom_maxrtkey assumes USE_RADIX is defined. | | 72 | * !!NOTE: dom_maxrtkey assumes USE_RADIX is defined. |
73 | * !!!!!!! | | 73 | * !!!!!!! |
74 | */ | | 74 | */ |
75 | #define USE_RADIX | | 75 | #define USE_RADIX |
76 | | | 76 | |
77 | #include <sys/cdefs.h> | | 77 | #include <sys/cdefs.h> |
78 | __KERNEL_RCSID(0, "$NetBSD: ip_encap.c,v 1.41 2015/04/15 03:38:50 ozaki-r Exp $"); | | 78 | __KERNEL_RCSID(0, "$NetBSD: ip_encap.c,v 1.42 2015/04/15 08:47:28 ozaki-r Exp $"); |
79 | | | 79 | |
80 | #include "opt_mrouting.h" | | 80 | #include "opt_mrouting.h" |
81 | #include "opt_inet.h" | | 81 | #include "opt_inet.h" |
82 | | | 82 | |
83 | #include <sys/param.h> | | 83 | #include <sys/param.h> |
84 | #include <sys/systm.h> | | 84 | #include <sys/systm.h> |
85 | #include <sys/socket.h> | | 85 | #include <sys/socket.h> |
86 | #include <sys/sockio.h> | | 86 | #include <sys/sockio.h> |
87 | #include <sys/mbuf.h> | | 87 | #include <sys/mbuf.h> |
88 | #include <sys/errno.h> | | 88 | #include <sys/errno.h> |
89 | #include <sys/protosw.h> | | 89 | #include <sys/protosw.h> |
90 | #include <sys/queue.h> | | 90 | #include <sys/queue.h> |
91 | | | 91 | |
92 | #include <net/if.h> | | 92 | #include <net/if.h> |
93 | #include <net/route.h> | | 93 | #include <net/route.h> |
94 | | | 94 | |
95 | #include <netinet/in.h> | | 95 | #include <netinet/in.h> |
96 | #include <netinet/in_systm.h> | | 96 | #include <netinet/in_systm.h> |
97 | #include <netinet/ip.h> | | 97 | #include <netinet/ip.h> |
98 | #include <netinet/ip_var.h> | | 98 | #include <netinet/ip_var.h> |
99 | #include <netinet/ip_encap.h> | | 99 | #include <netinet/ip_encap.h> |
100 | #ifdef MROUTING | | 100 | #ifdef MROUTING |
101 | #include <netinet/ip_mroute.h> | | 101 | #include <netinet/ip_mroute.h> |
102 | #endif /* MROUTING */ | | 102 | #endif /* MROUTING */ |
103 | | | 103 | |
104 | #ifdef INET6 | | 104 | #ifdef INET6 |
105 | #include <netinet/ip6.h> | | 105 | #include <netinet/ip6.h> |
106 | #include <netinet6/ip6_var.h> | | 106 | #include <netinet6/ip6_var.h> |
107 | #include <netinet6/ip6protosw.h> | | 107 | #include <netinet6/ip6protosw.h> |
108 | #include <netinet6/in6_var.h> | | 108 | #include <netinet6/in6_var.h> |
109 | #include <netinet6/in6_pcb.h> | | 109 | #include <netinet6/in6_pcb.h> |
110 | #include <netinet/icmp6.h> | | 110 | #include <netinet/icmp6.h> |
111 | #endif | | 111 | #endif |
112 | | | 112 | |
113 | #include <net/net_osdep.h> | | 113 | #include <net/net_osdep.h> |
114 | | | 114 | |
115 | enum direction { INBOUND, OUTBOUND }; | | 115 | enum direction { INBOUND, OUTBOUND }; |
116 | | | 116 | |
117 | #ifdef INET | | 117 | #ifdef INET |
118 | static struct encaptab *encap4_lookup(struct mbuf *, int, int, enum direction); | | 118 | static struct encaptab *encap4_lookup(struct mbuf *, int, int, enum direction); |
119 | #endif | | 119 | #endif |
120 | #ifdef INET6 | | 120 | #ifdef INET6 |
121 | static struct encaptab *encap6_lookup(struct mbuf *, int, int, enum direction); | | 121 | static struct encaptab *encap6_lookup(struct mbuf *, int, int, enum direction); |
122 | #endif | | 122 | #endif |
123 | static int encap_add(struct encaptab *); | | 123 | static int encap_add(struct encaptab *); |
124 | static int encap_remove(struct encaptab *); | | 124 | static int encap_remove(struct encaptab *); |
125 | static int encap_afcheck(int, const struct sockaddr *, const struct sockaddr *); | | 125 | static int encap_afcheck(int, const struct sockaddr *, const struct sockaddr *); |
126 | #ifdef USE_RADIX | | 126 | #ifdef USE_RADIX |
127 | static struct radix_node_head *encap_rnh(int); | | 127 | static struct radix_node_head *encap_rnh(int); |
128 | static int mask_matchlen(const struct sockaddr *); | | 128 | static int mask_matchlen(const struct sockaddr *); |
129 | #endif | | 129 | #endif |
130 | #ifndef USE_RADIX | | 130 | #ifndef USE_RADIX |
131 | static int mask_match(const struct encaptab *, const struct sockaddr *, | | 131 | static int mask_match(const struct encaptab *, const struct sockaddr *, |
132 | const struct sockaddr *); | | 132 | const struct sockaddr *); |
133 | #endif | | 133 | #endif |
134 | static void encap_fillarg(struct mbuf *, const struct encaptab *); | | 134 | static void encap_fillarg(struct mbuf *, const struct encaptab *); |
135 | | | 135 | |
136 | LIST_HEAD(, encaptab) encaptab = LIST_HEAD_INITIALIZER(&encaptab); | | 136 | LIST_HEAD(, encaptab) encaptab = LIST_HEAD_INITIALIZER(&encaptab); |
137 | | | 137 | |
138 | #ifdef USE_RADIX | | 138 | #ifdef USE_RADIX |
139 | extern int max_keylen; /* radix.c */ | | 139 | extern int max_keylen; /* radix.c */ |
140 | struct radix_node_head *encap_head[2]; /* 0 for AF_INET, 1 for AF_INET6 */ | | 140 | struct radix_node_head *encap_head[2]; /* 0 for AF_INET, 1 for AF_INET6 */ |
141 | #endif | | 141 | #endif |
142 | | | 142 | |
143 | void | | 143 | void |
144 | encap_init(void) | | 144 | encap_init(void) |
145 | { | | 145 | { |
146 | static int initialized = 0; | | 146 | static int initialized = 0; |
147 | | | 147 | |
148 | if (initialized) | | 148 | if (initialized) |
149 | return; | | 149 | return; |
150 | initialized++; | | 150 | initialized++; |
151 | #if 0 | | 151 | #if 0 |
152 | /* | | 152 | /* |
153 | * we cannot use LIST_INIT() here, since drivers may want to call | | 153 | * we cannot use LIST_INIT() here, since drivers may want to call |
154 | * encap_attach(), on driver attach. encap_init() will be called | | 154 | * encap_attach(), on driver attach. encap_init() will be called |
155 | * on AF_INET{,6} initialization, which happens after driver | | 155 | * on AF_INET{,6} initialization, which happens after driver |
156 | * initialization - using LIST_INIT() here can nuke encap_attach() | | 156 | * initialization - using LIST_INIT() here can nuke encap_attach() |
157 | * from drivers. | | 157 | * from drivers. |
158 | */ | | 158 | */ |
159 | LIST_INIT(&encaptab); | | 159 | LIST_INIT(&encaptab); |
160 | #endif | | 160 | #endif |
161 | | | 161 | |
162 | #ifdef USE_RADIX | | 162 | #ifdef USE_RADIX |
163 | /* | | 163 | /* |
164 | * initialize radix lookup table when the radix subsystem is inited. | | 164 | * initialize radix lookup table when the radix subsystem is inited. |
165 | */ | | 165 | */ |
166 | rn_delayedinit((void *)&encap_head[0], | | 166 | rn_delayedinit((void *)&encap_head[0], |
167 | sizeof(struct sockaddr_pack) << 3); | | 167 | sizeof(struct sockaddr_pack) << 3); |
168 | #ifdef INET6 | | 168 | #ifdef INET6 |
169 | rn_delayedinit((void *)&encap_head[1], | | 169 | rn_delayedinit((void *)&encap_head[1], |
170 | sizeof(struct sockaddr_pack) << 3); | | 170 | sizeof(struct sockaddr_pack) << 3); |
171 | #endif | | 171 | #endif |
172 | #endif | | 172 | #endif |
173 | } | | 173 | } |
174 | | | 174 | |
175 | #ifdef INET | | 175 | #ifdef INET |
176 | static struct encaptab * | | 176 | static struct encaptab * |
177 | encap4_lookup(struct mbuf *m, int off, int proto, enum direction dir) | | 177 | encap4_lookup(struct mbuf *m, int off, int proto, enum direction dir) |
178 | { | | 178 | { |
179 | struct ip *ip; | | 179 | struct ip *ip; |
180 | struct ip_pack4 pack; | | 180 | struct ip_pack4 pack; |
181 | struct encaptab *ep, *match; | | 181 | struct encaptab *ep, *match; |
182 | int prio, matchprio; | | 182 | int prio, matchprio; |
183 | #ifdef USE_RADIX | | 183 | #ifdef USE_RADIX |
184 | struct radix_node_head *rnh = encap_rnh(AF_INET); | | 184 | struct radix_node_head *rnh = encap_rnh(AF_INET); |
185 | struct radix_node *rn; | | 185 | struct radix_node *rn; |
186 | #endif | | 186 | #endif |
187 | | | 187 | |
188 | KASSERT(m->m_len >= sizeof(*ip)); | | 188 | KASSERT(m->m_len >= sizeof(*ip)); |
189 | | | 189 | |
190 | ip = mtod(m, struct ip *); | | 190 | ip = mtod(m, struct ip *); |
191 | | | 191 | |
192 | memset(&pack, 0, sizeof(pack)); | | 192 | memset(&pack, 0, sizeof(pack)); |
193 | pack.p.sp_len = sizeof(pack); | | 193 | pack.p.sp_len = sizeof(pack); |
194 | pack.mine.sin_family = pack.yours.sin_family = AF_INET; | | 194 | pack.mine.sin_family = pack.yours.sin_family = AF_INET; |
195 | pack.mine.sin_len = pack.yours.sin_len = sizeof(struct sockaddr_in); | | 195 | pack.mine.sin_len = pack.yours.sin_len = sizeof(struct sockaddr_in); |
196 | if (dir == INBOUND) { | | 196 | if (dir == INBOUND) { |
197 | pack.mine.sin_addr = ip->ip_dst; | | 197 | pack.mine.sin_addr = ip->ip_dst; |
198 | pack.yours.sin_addr = ip->ip_src; | | 198 | pack.yours.sin_addr = ip->ip_src; |
199 | } else { | | 199 | } else { |
200 | pack.mine.sin_addr = ip->ip_src; | | 200 | pack.mine.sin_addr = ip->ip_src; |
201 | pack.yours.sin_addr = ip->ip_dst; | | 201 | pack.yours.sin_addr = ip->ip_dst; |
202 | } | | 202 | } |
203 | | | 203 | |
204 | match = NULL; | | 204 | match = NULL; |
205 | matchprio = 0; | | 205 | matchprio = 0; |
206 | | | 206 | |
207 | #ifdef USE_RADIX | | 207 | #ifdef USE_RADIX |
208 | rn = rnh->rnh_matchaddr((void *)&pack, rnh); | | 208 | rn = rnh->rnh_matchaddr((void *)&pack, rnh); |
209 | if (rn && (rn->rn_flags & RNF_ROOT) == 0) { | | 209 | if (rn && (rn->rn_flags & RNF_ROOT) == 0) { |
210 | match = (struct encaptab *)rn; | | 210 | match = (struct encaptab *)rn; |
211 | matchprio = mask_matchlen(match->srcmask) + | | 211 | matchprio = mask_matchlen(match->srcmask) + |
212 | mask_matchlen(match->dstmask); | | 212 | mask_matchlen(match->dstmask); |
213 | } | | 213 | } |
214 | #endif | | 214 | #endif |
215 | | | 215 | |
216 | LIST_FOREACH(ep, &encaptab, chain) { | | 216 | LIST_FOREACH(ep, &encaptab, chain) { |
217 | if (ep->af != AF_INET) | | 217 | if (ep->af != AF_INET) |
218 | continue; | | 218 | continue; |
219 | if (ep->proto >= 0 && ep->proto != proto) | | 219 | if (ep->proto >= 0 && ep->proto != proto) |
220 | continue; | | 220 | continue; |
221 | if (ep->func) | | 221 | if (ep->func) |
222 | prio = (*ep->func)(m, off, proto, ep->arg); | | 222 | prio = (*ep->func)(m, off, proto, ep->arg); |
223 | else { | | 223 | else { |
224 | #ifdef USE_RADIX | | 224 | #ifdef USE_RADIX |
225 | continue; | | 225 | continue; |
226 | #else | | 226 | #else |
227 | prio = mask_match(ep, (struct sockaddr *)&pack.mine, | | 227 | prio = mask_match(ep, (struct sockaddr *)&pack.mine, |
228 | (struct sockaddr *)&pack.yours); | | 228 | (struct sockaddr *)&pack.yours); |
229 | #endif | | 229 | #endif |
230 | } | | 230 | } |
231 | | | 231 | |
232 | /* | | 232 | /* |
233 | * We prioritize the matches by using bit length of the | | 233 | * We prioritize the matches by using bit length of the |
234 | * matches. mask_match() and user-supplied matching function | | 234 | * matches. mask_match() and user-supplied matching function |
235 | * should return the bit length of the matches (for example, | | 235 | * should return the bit length of the matches (for example, |
236 | * if both src/dst are matched for IPv4, 64 should be returned). | | 236 | * if both src/dst are matched for IPv4, 64 should be returned). |
237 | * 0 or negative return value means "it did not match". | | 237 | * 0 or negative return value means "it did not match". |
238 | * | | 238 | * |
239 | * The question is, since we have two "mask" portion, we | | 239 | * The question is, since we have two "mask" portion, we |
240 | * cannot really define total order between entries. | | 240 | * cannot really define total order between entries. |
241 | * For example, which of these should be preferred? | | 241 | * For example, which of these should be preferred? |
242 | * mask_match() returns 48 (32 + 16) for both of them. | | 242 | * mask_match() returns 48 (32 + 16) for both of them. |
243 | * src=3ffe::/16, dst=3ffe:501::/32 | | 243 | * src=3ffe::/16, dst=3ffe:501::/32 |
244 | * src=3ffe:501::/32, dst=3ffe::/16 | | 244 | * src=3ffe:501::/32, dst=3ffe::/16 |
245 | * | | 245 | * |
246 | * We need to loop through all the possible candidates | | 246 | * We need to loop through all the possible candidates |
247 | * to get the best match - the search takes O(n) for | | 247 | * to get the best match - the search takes O(n) for |
248 | * n attachments (i.e. interfaces). | | 248 | * n attachments (i.e. interfaces). |
249 | * | | 249 | * |
250 | * For radix-based lookup, I guess source takes precedence. | | 250 | * For radix-based lookup, I guess source takes precedence. |
251 | * See rn_{refines,lexobetter} for the correct answer. | | 251 | * See rn_{refines,lexobetter} for the correct answer. |
252 | */ | | 252 | */ |
253 | if (prio <= 0) | | 253 | if (prio <= 0) |
254 | continue; | | 254 | continue; |
255 | if (prio > matchprio) { | | 255 | if (prio > matchprio) { |
256 | matchprio = prio; | | 256 | matchprio = prio; |
257 | match = ep; | | 257 | match = ep; |
258 | } | | 258 | } |
259 | } | | 259 | } |
260 | | | 260 | |
261 | return match; | | 261 | return match; |
262 | #undef s | | 262 | #undef s |
263 | #undef d | | 263 | #undef d |
264 | } | | 264 | } |
265 | | | 265 | |
266 | void | | 266 | void |
267 | encap4_input(struct mbuf *m, ...) | | 267 | encap4_input(struct mbuf *m, ...) |
268 | { | | 268 | { |
269 | int off, proto; | | 269 | int off, proto; |
270 | va_list ap; | | 270 | va_list ap; |
271 | const struct protosw *psw; | | 271 | const struct protosw *psw; |
272 | struct encaptab *match; | | 272 | struct encaptab *match; |
273 | | | 273 | |
274 | va_start(ap, m); | | 274 | va_start(ap, m); |
275 | off = va_arg(ap, int); | | 275 | off = va_arg(ap, int); |
276 | proto = va_arg(ap, int); | | 276 | proto = va_arg(ap, int); |
277 | va_end(ap); | | 277 | va_end(ap); |
278 | | | 278 | |
279 | match = encap4_lookup(m, off, proto, INBOUND); | | 279 | match = encap4_lookup(m, off, proto, INBOUND); |
280 | | | 280 | |
281 | if (match) { | | 281 | if (match) { |
282 | /* found a match, "match" has the best one */ | | 282 | /* found a match, "match" has the best one */ |
283 | psw = match->psw; | | 283 | psw = match->psw; |
284 | if (psw && psw->pr_input) { | | 284 | if (psw && psw->pr_input) { |
285 | encap_fillarg(m, match); | | 285 | encap_fillarg(m, match); |
286 | (*psw->pr_input)(m, off, proto); | | 286 | (*psw->pr_input)(m, off, proto); |
287 | } else | | 287 | } else |
288 | m_freem(m); | | 288 | m_freem(m); |
289 | return; | | 289 | return; |
290 | } | | 290 | } |
291 | | | 291 | |
292 | /* last resort: inject to raw socket */ | | 292 | /* last resort: inject to raw socket */ |
293 | rip_input(m, off, proto); | | 293 | rip_input(m, off, proto); |
294 | } | | 294 | } |
295 | #endif | | 295 | #endif |
296 | | | 296 | |
297 | #ifdef INET6 | | 297 | #ifdef INET6 |
298 | static struct encaptab * | | 298 | static struct encaptab * |
299 | encap6_lookup(struct mbuf *m, int off, int proto, enum direction dir) | | 299 | encap6_lookup(struct mbuf *m, int off, int proto, enum direction dir) |
300 | { | | 300 | { |
301 | struct ip6_hdr *ip6; | | 301 | struct ip6_hdr *ip6; |
302 | struct ip_pack6 pack; | | 302 | struct ip_pack6 pack; |
303 | int prio, matchprio; | | 303 | int prio, matchprio; |
304 | struct encaptab *ep, *match; | | 304 | struct encaptab *ep, *match; |
305 | #ifdef USE_RADIX | | 305 | #ifdef USE_RADIX |
306 | struct radix_node_head *rnh = encap_rnh(AF_INET6); | | 306 | struct radix_node_head *rnh = encap_rnh(AF_INET6); |
307 | struct radix_node *rn; | | 307 | struct radix_node *rn; |
308 | #endif | | 308 | #endif |
309 | | | 309 | |
310 | KASSERT(m->m_len >= sizeof(*ip6)); | | 310 | KASSERT(m->m_len >= sizeof(*ip6)); |
311 | | | 311 | |
312 | ip6 = mtod(m, struct ip6_hdr *); | | 312 | ip6 = mtod(m, struct ip6_hdr *); |
313 | | | 313 | |
314 | memset(&pack, 0, sizeof(pack)); | | 314 | memset(&pack, 0, sizeof(pack)); |
315 | pack.p.sp_len = sizeof(pack); | | 315 | pack.p.sp_len = sizeof(pack); |
316 | pack.mine.sin6_family = pack.yours.sin6_family = AF_INET6; | | 316 | pack.mine.sin6_family = pack.yours.sin6_family = AF_INET6; |
317 | pack.mine.sin6_len = pack.yours.sin6_len = sizeof(struct sockaddr_in6); | | 317 | pack.mine.sin6_len = pack.yours.sin6_len = sizeof(struct sockaddr_in6); |
318 | if (dir == INBOUND) { | | 318 | if (dir == INBOUND) { |
319 | pack.mine.sin6_addr = ip6->ip6_dst; | | 319 | pack.mine.sin6_addr = ip6->ip6_dst; |
320 | pack.yours.sin6_addr = ip6->ip6_src; | | 320 | pack.yours.sin6_addr = ip6->ip6_src; |
321 | } else { | | 321 | } else { |
322 | pack.mine.sin6_addr = ip6->ip6_src; | | 322 | pack.mine.sin6_addr = ip6->ip6_src; |
323 | pack.yours.sin6_addr = ip6->ip6_dst; | | 323 | pack.yours.sin6_addr = ip6->ip6_dst; |
324 | } | | 324 | } |
325 | | | 325 | |
326 | match = NULL; | | 326 | match = NULL; |
327 | matchprio = 0; | | 327 | matchprio = 0; |
328 | | | 328 | |
329 | #ifdef USE_RADIX | | 329 | #ifdef USE_RADIX |
330 | rn = rnh->rnh_matchaddr((void *)&pack, rnh); | | 330 | rn = rnh->rnh_matchaddr((void *)&pack, rnh); |
331 | if (rn && (rn->rn_flags & RNF_ROOT) == 0) { | | 331 | if (rn && (rn->rn_flags & RNF_ROOT) == 0) { |
332 | match = (struct encaptab *)rn; | | 332 | match = (struct encaptab *)rn; |
333 | matchprio = mask_matchlen(match->srcmask) + | | 333 | matchprio = mask_matchlen(match->srcmask) + |
334 | mask_matchlen(match->dstmask); | | 334 | mask_matchlen(match->dstmask); |
335 | } | | 335 | } |
336 | #endif | | 336 | #endif |
337 | | | 337 | |
338 | LIST_FOREACH(ep, &encaptab, chain) { | | 338 | LIST_FOREACH(ep, &encaptab, chain) { |
339 | if (ep->af != AF_INET6) | | 339 | if (ep->af != AF_INET6) |
340 | continue; | | 340 | continue; |
341 | if (ep->proto >= 0 && ep->proto != proto) | | 341 | if (ep->proto >= 0 && ep->proto != proto) |
342 | continue; | | 342 | continue; |
343 | if (ep->func) | | 343 | if (ep->func) |
344 | prio = (*ep->func)(m, off, proto, ep->arg); | | 344 | prio = (*ep->func)(m, off, proto, ep->arg); |
345 | else { | | 345 | else { |
346 | #ifdef USE_RADIX | | 346 | #ifdef USE_RADIX |
347 | continue; | | 347 | continue; |
348 | #else | | 348 | #else |
349 | prio = mask_match(ep, (struct sockaddr *)&pack.mine, | | 349 | prio = mask_match(ep, (struct sockaddr *)&pack.mine, |
350 | (struct sockaddr *)&pack.yours); | | 350 | (struct sockaddr *)&pack.yours); |
351 | #endif | | 351 | #endif |
352 | } | | 352 | } |
353 | | | 353 | |
354 | /* see encap4_lookup() for issues here */ | | 354 | /* see encap4_lookup() for issues here */ |
355 | if (prio <= 0) | | 355 | if (prio <= 0) |
356 | continue; | | 356 | continue; |
357 | if (prio > matchprio) { | | 357 | if (prio > matchprio) { |
358 | matchprio = prio; | | 358 | matchprio = prio; |
359 | match = ep; | | 359 | match = ep; |
360 | } | | 360 | } |
361 | } | | 361 | } |
362 | | | 362 | |
363 | return match; | | 363 | return match; |
364 | #undef s | | 364 | #undef s |
365 | #undef d | | 365 | #undef d |
366 | } | | 366 | } |
367 | | | 367 | |
368 | int | | 368 | int |
369 | encap6_input(struct mbuf **mp, int *offp, int proto) | | 369 | encap6_input(struct mbuf **mp, int *offp, int proto) |
370 | { | | 370 | { |
371 | struct mbuf *m = *mp; | | 371 | struct mbuf *m = *mp; |
372 | const struct ip6protosw *psw; | | 372 | const struct ip6protosw *psw; |
373 | struct encaptab *match; | | 373 | struct encaptab *match; |
374 | | | 374 | |
375 | match = encap6_lookup(m, *offp, proto, INBOUND); | | 375 | match = encap6_lookup(m, *offp, proto, INBOUND); |
376 | | | 376 | |
377 | if (match) { | | 377 | if (match) { |
378 | /* found a match */ | | 378 | /* found a match */ |
379 | psw = (const struct ip6protosw *)match->psw; | | 379 | psw = (const struct ip6protosw *)match->psw; |
380 | if (psw && psw->pr_input) { | | 380 | if (psw && psw->pr_input) { |
381 | encap_fillarg(m, match); | | 381 | encap_fillarg(m, match); |
382 | return (*psw->pr_input)(mp, offp, proto); | | 382 | return (*psw->pr_input)(mp, offp, proto); |
383 | } else { | | 383 | } else { |
384 | m_freem(m); | | 384 | m_freem(m); |
385 | return IPPROTO_DONE; | | 385 | return IPPROTO_DONE; |
386 | } | | 386 | } |
387 | } | | 387 | } |
388 | | | 388 | |
389 | /* last resort: inject to raw socket */ | | 389 | /* last resort: inject to raw socket */ |
390 | return rip6_input(mp, offp, proto); | | 390 | return rip6_input(mp, offp, proto); |
391 | } | | 391 | } |
392 | #endif | | 392 | #endif |
393 | | | 393 | |
394 | static int | | 394 | static int |
395 | encap_add(struct encaptab *ep) | | 395 | encap_add(struct encaptab *ep) |
396 | { | | 396 | { |
397 | #ifdef USE_RADIX | | 397 | #ifdef USE_RADIX |
398 | struct radix_node_head *rnh = encap_rnh(ep->af); | | 398 | struct radix_node_head *rnh = encap_rnh(ep->af); |
399 | #endif | | 399 | #endif |
400 | int error = 0; | | 400 | int error = 0; |
401 | | | 401 | |
402 | LIST_INSERT_HEAD(&encaptab, ep, chain); | | 402 | LIST_INSERT_HEAD(&encaptab, ep, chain); |
403 | #ifdef USE_RADIX | | 403 | #ifdef USE_RADIX |
404 | if (!ep->func && rnh) { | | 404 | if (!ep->func && rnh) { |
405 | if (!rnh->rnh_addaddr((void *)ep->addrpack, | | 405 | if (!rnh->rnh_addaddr((void *)ep->addrpack, |
406 | (void *)ep->maskpack, rnh, ep->nodes)) { | | 406 | (void *)ep->maskpack, rnh, ep->nodes)) { |
407 | error = EEXIST; | | 407 | error = EEXIST; |
408 | goto fail; | | 408 | goto fail; |
409 | } | | 409 | } |
410 | } | | 410 | } |
411 | #endif | | 411 | #endif |
412 | return error; | | 412 | return error; |
413 | | | 413 | |
414 | fail: | | 414 | fail: |
415 | LIST_REMOVE(ep, chain); | | 415 | LIST_REMOVE(ep, chain); |
416 | return error; | | 416 | return error; |
417 | } | | 417 | } |
418 | | | 418 | |
419 | static int | | 419 | static int |
420 | encap_remove(struct encaptab *ep) | | 420 | encap_remove(struct encaptab *ep) |
421 | { | | 421 | { |
422 | #ifdef USE_RADIX | | 422 | #ifdef USE_RADIX |
423 | struct radix_node_head *rnh = encap_rnh(ep->af); | | 423 | struct radix_node_head *rnh = encap_rnh(ep->af); |
424 | #endif | | 424 | #endif |
425 | int error = 0; | | 425 | int error = 0; |
426 | | | 426 | |
427 | LIST_REMOVE(ep, chain); | | 427 | LIST_REMOVE(ep, chain); |
428 | #ifdef USE_RADIX | | 428 | #ifdef USE_RADIX |
429 | if (!ep->func && rnh) { | | 429 | if (!ep->func && rnh) { |
430 | if (!rnh->rnh_deladdr((void *)ep->addrpack, | | 430 | if (!rnh->rnh_deladdr((void *)ep->addrpack, |
431 | (void *)ep->maskpack, rnh)) | | 431 | (void *)ep->maskpack, rnh)) |
432 | error = ESRCH; | | 432 | error = ESRCH; |
433 | } | | 433 | } |
434 | #endif | | 434 | #endif |
435 | return error; | | 435 | return error; |
436 | } | | 436 | } |
437 | | | 437 | |
438 | static int | | 438 | static int |
439 | encap_afcheck(int af, const struct sockaddr *sp, const struct sockaddr *dp) | | 439 | encap_afcheck(int af, const struct sockaddr *sp, const struct sockaddr *dp) |
440 | { | | 440 | { |
441 | if (sp && dp) { | | 441 | if (sp && dp) { |
442 | if (sp->sa_len != dp->sa_len) | | 442 | if (sp->sa_len != dp->sa_len) |
443 | return EINVAL; | | 443 | return EINVAL; |
444 | if (af != sp->sa_family || af != dp->sa_family) | | 444 | if (af != sp->sa_family || af != dp->sa_family) |
445 | return EINVAL; | | 445 | return EINVAL; |
446 | } else if (!sp && !dp) | | 446 | } else if (!sp && !dp) |
447 | ; | | 447 | ; |
448 | else | | 448 | else |
449 | return EINVAL; | | 449 | return EINVAL; |
450 | | | 450 | |
451 | switch (af) { | | 451 | switch (af) { |
452 | case AF_INET: | | 452 | case AF_INET: |
453 | if (sp && sp->sa_len != sizeof(struct sockaddr_in)) | | 453 | if (sp && sp->sa_len != sizeof(struct sockaddr_in)) |
454 | return EINVAL; | | 454 | return EINVAL; |
455 | if (dp && dp->sa_len != sizeof(struct sockaddr_in)) | | 455 | if (dp && dp->sa_len != sizeof(struct sockaddr_in)) |
456 | return EINVAL; | | 456 | return EINVAL; |
457 | break; | | 457 | break; |
458 | #ifdef INET6 | | 458 | #ifdef INET6 |
459 | case AF_INET6: | | 459 | case AF_INET6: |
460 | if (sp && sp->sa_len != sizeof(struct sockaddr_in6)) | | 460 | if (sp && sp->sa_len != sizeof(struct sockaddr_in6)) |
461 | return EINVAL; | | 461 | return EINVAL; |
462 | if (dp && dp->sa_len != sizeof(struct sockaddr_in6)) | | 462 | if (dp && dp->sa_len != sizeof(struct sockaddr_in6)) |
463 | return EINVAL; | | 463 | return EINVAL; |
464 | break; | | 464 | break; |
465 | #endif | | 465 | #endif |
466 | default: | | 466 | default: |
467 | return EAFNOSUPPORT; | | 467 | return EAFNOSUPPORT; |
468 | } | | 468 | } |
469 | | | 469 | |
470 | return 0; | | 470 | return 0; |
471 | } | | 471 | } |
472 | | | 472 | |
473 | /* | | 473 | /* |
474 | * sp (src ptr) is always my side, and dp (dst ptr) is always remote side. | | 474 | * sp (src ptr) is always my side, and dp (dst ptr) is always remote side. |
475 | * length of mask (sm and dm) is assumed to be same as sp/dp. | | 475 | * length of mask (sm and dm) is assumed to be same as sp/dp. |
476 | * Return value will be necessary as input (cookie) for encap_detach(). | | 476 | * Return value will be necessary as input (cookie) for encap_detach(). |
477 | */ | | 477 | */ |
478 | const struct encaptab * | | 478 | const struct encaptab * |
479 | encap_attach(int af, int proto, | | 479 | encap_attach(int af, int proto, |
480 | const struct sockaddr *sp, const struct sockaddr *sm, | | 480 | const struct sockaddr *sp, const struct sockaddr *sm, |
481 | const struct sockaddr *dp, const struct sockaddr *dm, | | 481 | const struct sockaddr *dp, const struct sockaddr *dm, |
482 | const struct protosw *psw, void *arg) | | 482 | const struct protosw *psw, void *arg) |
483 | { | | 483 | { |
484 | struct encaptab *ep; | | 484 | struct encaptab *ep; |
485 | int error; | | 485 | int error; |
486 | int s; | | 486 | int s; |
487 | size_t l; | | 487 | size_t l; |
488 | struct ip_pack4 *pack4; | | 488 | struct ip_pack4 *pack4; |
489 | #ifdef INET6 | | 489 | #ifdef INET6 |
490 | struct ip_pack6 *pack6; | | 490 | struct ip_pack6 *pack6; |
491 | #endif | | 491 | #endif |
492 | | | 492 | |
493 | s = splsoftnet(); | | 493 | s = splsoftnet(); |
494 | /* sanity check on args */ | | 494 | /* sanity check on args */ |
495 | error = encap_afcheck(af, sp, dp); | | 495 | error = encap_afcheck(af, sp, dp); |
496 | if (error) | | 496 | if (error) |
497 | goto fail; | | 497 | goto fail; |
498 | | | 498 | |
499 | /* check if anyone have already attached with exactly same config */ | | 499 | /* check if anyone have already attached with exactly same config */ |
500 | LIST_FOREACH(ep, &encaptab, chain) { | | 500 | LIST_FOREACH(ep, &encaptab, chain) { |
501 | if (ep->af != af) | | 501 | if (ep->af != af) |
502 | continue; | | 502 | continue; |
503 | if (ep->proto != proto) | | 503 | if (ep->proto != proto) |
504 | continue; | | 504 | continue; |
505 | if (ep->func) | | 505 | if (ep->func) |
506 | continue; | | 506 | continue; |
507 | | | 507 | |
508 | KASSERT(ep->src != NULL && ep->dst != NULL && | | 508 | KASSERT(ep->src != NULL && ep->dst != NULL && |
509 | ep->srcmask != NULL && ep->dstmask != NULL); | | 509 | ep->srcmask != NULL && ep->dstmask != NULL); |
510 | | | 510 | |
511 | if (ep->src->sa_len != sp->sa_len || | | 511 | if (ep->src->sa_len != sp->sa_len || |
512 | memcmp(ep->src, sp, sp->sa_len) != 0 || | | 512 | memcmp(ep->src, sp, sp->sa_len) != 0 || |
513 | memcmp(ep->srcmask, sm, sp->sa_len) != 0) | | 513 | memcmp(ep->srcmask, sm, sp->sa_len) != 0) |
514 | continue; | | 514 | continue; |
515 | if (ep->dst->sa_len != dp->sa_len || | | 515 | if (ep->dst->sa_len != dp->sa_len || |
516 | memcmp(ep->dst, dp, dp->sa_len) != 0 || | | 516 | memcmp(ep->dst, dp, dp->sa_len) != 0 || |
517 | memcmp(ep->dstmask, dm, dp->sa_len) != 0) | | 517 | memcmp(ep->dstmask, dm, dp->sa_len) != 0) |
518 | continue; | | 518 | continue; |
519 | | | 519 | |
520 | error = EEXIST; | | 520 | error = EEXIST; |
521 | goto fail; | | 521 | goto fail; |
522 | } | | 522 | } |
523 | | | 523 | |
524 | switch (af) { | | 524 | switch (af) { |
525 | case AF_INET: | | 525 | case AF_INET: |
526 | l = sizeof(*pack4); | | 526 | l = sizeof(*pack4); |
527 | break; | | 527 | break; |
528 | #ifdef INET6 | | 528 | #ifdef INET6 |
529 | case AF_INET6: | | 529 | case AF_INET6: |
530 | l = sizeof(*pack6); | | 530 | l = sizeof(*pack6); |
531 | break; | | 531 | break; |
532 | #endif | | 532 | #endif |
533 | default: | | 533 | default: |
534 | goto fail; | | 534 | goto fail; |
535 | } | | 535 | } |
536 | | | 536 | |
537 | /* M_NETADDR ok? */ | | 537 | /* M_NETADDR ok? */ |
538 | ep = malloc(sizeof(*ep), M_NETADDR, M_NOWAIT|M_ZERO); | | 538 | ep = malloc(sizeof(*ep), M_NETADDR, M_NOWAIT|M_ZERO); |
539 | if (ep == NULL) { | | 539 | if (ep == NULL) { |
540 | error = ENOBUFS; | | 540 | error = ENOBUFS; |
541 | goto fail; | | 541 | goto fail; |
542 | } | | 542 | } |
543 | ep->addrpack = malloc(l, M_NETADDR, M_NOWAIT|M_ZERO); | | 543 | ep->addrpack = malloc(l, M_NETADDR, M_NOWAIT|M_ZERO); |
544 | if (ep->addrpack == NULL) { | | 544 | if (ep->addrpack == NULL) { |
545 | error = ENOBUFS; | | 545 | error = ENOBUFS; |
546 | goto gc; | | 546 | goto gc; |
547 | } | | 547 | } |
548 | ep->maskpack = malloc(l, M_NETADDR, M_NOWAIT|M_ZERO); | | 548 | ep->maskpack = malloc(l, M_NETADDR, M_NOWAIT|M_ZERO); |
549 | if (ep->maskpack == NULL) { | | 549 | if (ep->maskpack == NULL) { |
550 | error = ENOBUFS; | | 550 | error = ENOBUFS; |
551 | goto gc; | | 551 | goto gc; |
552 | } | | 552 | } |
553 | | | 553 | |
554 | ep->af = af; | | 554 | ep->af = af; |
555 | ep->proto = proto; | | 555 | ep->proto = proto; |
556 | ep->addrpack->sa_len = l & 0xff; | | 556 | ep->addrpack->sa_len = l & 0xff; |
557 | ep->maskpack->sa_len = l & 0xff; | | 557 | ep->maskpack->sa_len = l & 0xff; |
558 | switch (af) { | | 558 | switch (af) { |
559 | case AF_INET: | | 559 | case AF_INET: |
560 | pack4 = (struct ip_pack4 *)ep->addrpack; | | 560 | pack4 = (struct ip_pack4 *)ep->addrpack; |
561 | ep->src = (struct sockaddr *)&pack4->mine; | | 561 | ep->src = (struct sockaddr *)&pack4->mine; |
562 | ep->dst = (struct sockaddr *)&pack4->yours; | | 562 | ep->dst = (struct sockaddr *)&pack4->yours; |
563 | pack4 = (struct ip_pack4 *)ep->maskpack; | | 563 | pack4 = (struct ip_pack4 *)ep->maskpack; |
564 | ep->srcmask = (struct sockaddr *)&pack4->mine; | | 564 | ep->srcmask = (struct sockaddr *)&pack4->mine; |
565 | ep->dstmask = (struct sockaddr *)&pack4->yours; | | 565 | ep->dstmask = (struct sockaddr *)&pack4->yours; |
566 | break; | | 566 | break; |
567 | #ifdef INET6 | | 567 | #ifdef INET6 |
568 | case AF_INET6: | | 568 | case AF_INET6: |
569 | pack6 = (struct ip_pack6 *)ep->addrpack; | | 569 | pack6 = (struct ip_pack6 *)ep->addrpack; |
570 | ep->src = (struct sockaddr *)&pack6->mine; | | 570 | ep->src = (struct sockaddr *)&pack6->mine; |
571 | ep->dst = (struct sockaddr *)&pack6->yours; | | 571 | ep->dst = (struct sockaddr *)&pack6->yours; |
572 | pack6 = (struct ip_pack6 *)ep->maskpack; | | 572 | pack6 = (struct ip_pack6 *)ep->maskpack; |
573 | ep->srcmask = (struct sockaddr *)&pack6->mine; | | 573 | ep->srcmask = (struct sockaddr *)&pack6->mine; |
574 | ep->dstmask = (struct sockaddr *)&pack6->yours; | | 574 | ep->dstmask = (struct sockaddr *)&pack6->yours; |
575 | break; | | 575 | break; |
576 | #endif | | 576 | #endif |
577 | } | | 577 | } |
578 | | | 578 | |
579 | memcpy(ep->src, sp, sp->sa_len); | | 579 | memcpy(ep->src, sp, sp->sa_len); |
580 | memcpy(ep->srcmask, sm, sp->sa_len); | | 580 | memcpy(ep->srcmask, sm, sp->sa_len); |
581 | memcpy(ep->dst, dp, dp->sa_len); | | 581 | memcpy(ep->dst, dp, dp->sa_len); |
582 | memcpy(ep->dstmask, dm, dp->sa_len); | | 582 | memcpy(ep->dstmask, dm, dp->sa_len); |
583 | ep->psw = psw; | | 583 | ep->psw = psw; |
584 | ep->arg = arg; | | 584 | ep->arg = arg; |
585 | | | 585 | |
586 | error = encap_add(ep); | | 586 | error = encap_add(ep); |
587 | if (error) | | 587 | if (error) |
588 | goto gc; | | 588 | goto gc; |
589 | | | 589 | |
590 | error = 0; | | 590 | error = 0; |
591 | splx(s); | | 591 | splx(s); |
592 | return ep; | | 592 | return ep; |
593 | | | 593 | |
594 | gc: | | 594 | gc: |
595 | if (ep->addrpack) | | 595 | if (ep->addrpack) |
596 | free(ep->addrpack, M_NETADDR); | | 596 | free(ep->addrpack, M_NETADDR); |
597 | if (ep->maskpack) | | 597 | if (ep->maskpack) |
598 | free(ep->maskpack, M_NETADDR); | | 598 | free(ep->maskpack, M_NETADDR); |
599 | if (ep) | | 599 | if (ep) |
600 | free(ep, M_NETADDR); | | 600 | free(ep, M_NETADDR); |
601 | fail: | | 601 | fail: |
602 | splx(s); | | 602 | splx(s); |
603 | return NULL; | | 603 | return NULL; |
604 | } | | 604 | } |
605 | | | 605 | |
606 | const struct encaptab * | | 606 | const struct encaptab * |
607 | encap_attach_func(int af, int proto, | | 607 | encap_attach_func(int af, int proto, |
608 | int (*func)(struct mbuf *, int, int, void *), | | 608 | int (*func)(struct mbuf *, int, int, void *), |
609 | const struct protosw *psw, void *arg) | | 609 | const struct protosw *psw, void *arg) |
610 | { | | 610 | { |
611 | struct encaptab *ep; | | 611 | struct encaptab *ep; |
612 | int error; | | 612 | int error; |
613 | int s; | | 613 | int s; |
614 | | | 614 | |
615 | s = splsoftnet(); | | 615 | s = splsoftnet(); |
616 | /* sanity check on args */ | | 616 | /* sanity check on args */ |
617 | if (!func) { | | 617 | if (!func) { |
618 | error = EINVAL; | | 618 | error = EINVAL; |
619 | goto fail; | | 619 | goto fail; |
620 | } | | 620 | } |
621 | | | 621 | |
622 | error = encap_afcheck(af, NULL, NULL); | | 622 | error = encap_afcheck(af, NULL, NULL); |
623 | if (error) | | 623 | if (error) |
624 | goto fail; | | 624 | goto fail; |
625 | | | 625 | |
626 | ep = malloc(sizeof(*ep), M_NETADDR, M_NOWAIT); /*XXX*/ | | 626 | ep = malloc(sizeof(*ep), M_NETADDR, M_NOWAIT); /*XXX*/ |
627 | if (ep == NULL) { | | 627 | if (ep == NULL) { |
628 | error = ENOBUFS; | | 628 | error = ENOBUFS; |
629 | goto fail; | | 629 | goto fail; |
630 | } | | 630 | } |
631 | memset(ep, 0, sizeof(*ep)); | | 631 | memset(ep, 0, sizeof(*ep)); |
632 | | | 632 | |
633 | ep->af = af; | | 633 | ep->af = af; |
634 | ep->proto = proto; | | 634 | ep->proto = proto; |
635 | ep->func = func; | | 635 | ep->func = func; |
636 | ep->psw = psw; | | 636 | ep->psw = psw; |
637 | ep->arg = arg; | | 637 | ep->arg = arg; |
638 | | | 638 | |
639 | error = encap_add(ep); | | 639 | error = encap_add(ep); |
640 | if (error) | | 640 | if (error) |
641 | goto fail; | | 641 | goto fail; |
642 | | | 642 | |
643 | error = 0; | | 643 | error = 0; |
644 | splx(s); | | 644 | splx(s); |
645 | return ep; | | 645 | return ep; |
646 | | | 646 | |
647 | fail: | | 647 | fail: |
648 | splx(s); | | 648 | splx(s); |
649 | return NULL; | | 649 | return NULL; |
650 | } | | 650 | } |
651 | | | 651 | |
652 | /* XXX encap4_ctlinput() is necessary if we set DF=1 on outer IPv4 header */ | | 652 | /* XXX encap4_ctlinput() is necessary if we set DF=1 on outer IPv4 header */ |
653 | | | 653 | |
654 | #ifdef INET6 | | 654 | #ifdef INET6 |
655 | void * | | 655 | void * |
656 | encap6_ctlinput(int cmd, const struct sockaddr *sa, void *d0) | | 656 | encap6_ctlinput(int cmd, const struct sockaddr *sa, void *d0) |
657 | { | | 657 | { |
658 | void *d = d0; | | 658 | void *d = d0; |
659 | struct ip6_hdr *ip6; | | 659 | struct ip6_hdr *ip6; |
660 | struct mbuf *m; | | 660 | struct mbuf *m; |
661 | int off; | | 661 | int off; |
662 | struct ip6ctlparam *ip6cp = NULL; | | 662 | struct ip6ctlparam *ip6cp = NULL; |
663 | int nxt; | | 663 | int nxt; |
664 | struct encaptab *ep; | | 664 | struct encaptab *ep; |
665 | const struct ip6protosw *psw; | | 665 | const struct ip6protosw *psw; |
666 | | | 666 | |
667 | if (sa->sa_family != AF_INET6 || | | 667 | if (sa->sa_family != AF_INET6 || |
668 | sa->sa_len != sizeof(struct sockaddr_in6)) | | 668 | sa->sa_len != sizeof(struct sockaddr_in6)) |
669 | return NULL; | | 669 | return NULL; |
670 | | | 670 | |
671 | if ((unsigned)cmd >= PRC_NCMDS) | | 671 | if ((unsigned)cmd >= PRC_NCMDS) |
672 | return NULL; | | 672 | return NULL; |
673 | if (cmd == PRC_HOSTDEAD) | | 673 | if (cmd == PRC_HOSTDEAD) |
674 | d = NULL; | | 674 | d = NULL; |
675 | else if (cmd == PRC_MSGSIZE) | | 675 | else if (cmd == PRC_MSGSIZE) |
676 | ; /* special code is present, see below */ | | 676 | ; /* special code is present, see below */ |
677 | else if (inet6ctlerrmap[cmd] == 0) | | 677 | else if (inet6ctlerrmap[cmd] == 0) |
678 | return NULL; | | 678 | return NULL; |
679 | | | 679 | |
680 | /* if the parameter is from icmp6, decode it. */ | | 680 | /* if the parameter is from icmp6, decode it. */ |
681 | if (d != NULL) { | | 681 | if (d != NULL) { |
682 | ip6cp = (struct ip6ctlparam *)d; | | 682 | ip6cp = (struct ip6ctlparam *)d; |
683 | m = ip6cp->ip6c_m; | | 683 | m = ip6cp->ip6c_m; |
684 | ip6 = ip6cp->ip6c_ip6; | | 684 | ip6 = ip6cp->ip6c_ip6; |
685 | off = ip6cp->ip6c_off; | | 685 | off = ip6cp->ip6c_off; |
686 | nxt = ip6cp->ip6c_nxt; | | 686 | nxt = ip6cp->ip6c_nxt; |
687 | | | 687 | |
688 | if (ip6 && cmd == PRC_MSGSIZE) { | | 688 | if (ip6 && cmd == PRC_MSGSIZE) { |
689 | int valid = 0; | | 689 | int valid = 0; |
690 | struct encaptab *match; | | 690 | struct encaptab *match; |
691 | | | 691 | |
692 | /* | | 692 | /* |
693 | * Check to see if we have a valid encap configuration. | | 693 | * Check to see if we have a valid encap configuration. |
694 | */ | | 694 | */ |
695 | match = encap6_lookup(m, off, nxt, OUTBOUND); | | 695 | match = encap6_lookup(m, off, nxt, OUTBOUND); |
696 | if (match) | | 696 | if (match) |
697 | valid++; | | 697 | valid++; |
698 | | | 698 | |
699 | /* | | 699 | /* |
700 | * Depending on the value of "valid" and routing table | | 700 | * Depending on the value of "valid" and routing table |
701 | * size (mtudisc_{hi,lo}wat), we will: | | 701 | * size (mtudisc_{hi,lo}wat), we will: |
702 | * - recalcurate the new MTU and create the | | 702 | * - recalcurate the new MTU and create the |
703 | * corresponding routing entry, or | | 703 | * corresponding routing entry, or |
704 | * - ignore the MTU change notification. | | 704 | * - ignore the MTU change notification. |
705 | */ | | 705 | */ |
706 | icmp6_mtudisc_update((struct ip6ctlparam *)d, valid); | | 706 | icmp6_mtudisc_update((struct ip6ctlparam *)d, valid); |
707 | } | | 707 | } |
708 | } else { | | 708 | } else { |
709 | m = NULL; | | 709 | m = NULL; |
710 | ip6 = NULL; | | 710 | ip6 = NULL; |
711 | nxt = -1; | | 711 | nxt = -1; |
712 | } | | 712 | } |
713 | | | 713 | |
714 | /* inform all listeners */ | | 714 | /* inform all listeners */ |
715 | LIST_FOREACH(ep, &encaptab, chain) { | | 715 | LIST_FOREACH(ep, &encaptab, chain) { |
716 | if (ep->af != AF_INET6) | | 716 | if (ep->af != AF_INET6) |
717 | continue; | | 717 | continue; |
718 | if (ep->proto >= 0 && ep->proto != nxt) | | 718 | if (ep->proto >= 0 && ep->proto != nxt) |
719 | continue; | | 719 | continue; |
720 | | | 720 | |
721 | /* should optimize by looking at address pairs */ | | 721 | /* should optimize by looking at address pairs */ |
722 | | | 722 | |
723 | /* XXX need to pass ep->arg or ep itself to listeners */ | | 723 | /* XXX need to pass ep->arg or ep itself to listeners */ |
724 | psw = (const struct ip6protosw *)ep->psw; | | 724 | psw = (const struct ip6protosw *)ep->psw; |
725 | if (psw && psw->pr_ctlinput) | | 725 | if (psw && psw->pr_ctlinput) |
726 | (*psw->pr_ctlinput)(cmd, sa, d); | | 726 | (*psw->pr_ctlinput)(cmd, sa, d); |
727 | } | | 727 | } |
728 | | | 728 | |
729 | rip6_ctlinput(cmd, sa, d0); | | 729 | rip6_ctlinput(cmd, sa, d0); |
730 | return NULL; | | 730 | return NULL; |
731 | } | | 731 | } |
732 | #endif | | 732 | #endif |
733 | | | 733 | |
734 | int | | 734 | int |
735 | encap_detach(const struct encaptab *cookie) | | 735 | encap_detach(const struct encaptab *cookie) |
736 | { | | 736 | { |
737 | const struct encaptab *ep = cookie; | | 737 | const struct encaptab *ep = cookie; |
738 | struct encaptab *p; | | 738 | struct encaptab *p, *np; |
739 | int error; | | 739 | int error; |
740 | | | 740 | |
741 | LIST_FOREACH(p, &encaptab, chain) { | | 741 | LIST_FOREACH_SAFE(p, &encaptab, chain, np) { |
742 | if (p == ep) { | | 742 | if (p == ep) { |
743 | error = encap_remove(p); | | 743 | error = encap_remove(p); |
744 | if (error) | | 744 | if (error) |
745 | return error; | | 745 | return error; |
746 | if (!ep->func) { | | 746 | if (!ep->func) { |
747 | free(p->addrpack, M_NETADDR); | | 747 | free(p->addrpack, M_NETADDR); |
748 | free(p->maskpack, M_NETADDR); | | 748 | free(p->maskpack, M_NETADDR); |
749 | } | | 749 | } |
750 | free(p, M_NETADDR); /*XXX*/ | | 750 | free(p, M_NETADDR); /*XXX*/ |
751 | return 0; | | 751 | return 0; |
752 | } | | 752 | } |
753 | } | | 753 | } |
754 | | | 754 | |
755 | return ENOENT; | | 755 | return ENOENT; |
756 | } | | 756 | } |
757 | | | 757 | |
758 | #ifdef USE_RADIX | | 758 | #ifdef USE_RADIX |
759 | static struct radix_node_head * | | 759 | static struct radix_node_head * |
760 | encap_rnh(int af) | | 760 | encap_rnh(int af) |
761 | { | | 761 | { |
762 | | | 762 | |
763 | switch (af) { | | 763 | switch (af) { |
764 | case AF_INET: | | 764 | case AF_INET: |
765 | return encap_head[0]; | | 765 | return encap_head[0]; |
766 | #ifdef INET6 | | 766 | #ifdef INET6 |
767 | case AF_INET6: | | 767 | case AF_INET6: |
768 | return encap_head[1]; | | 768 | return encap_head[1]; |
769 | #endif | | 769 | #endif |
770 | default: | | 770 | default: |
771 | return NULL; | | 771 | return NULL; |
772 | } | | 772 | } |
773 | } | | 773 | } |
774 | | | 774 | |
775 | static int | | 775 | static int |
776 | mask_matchlen(const struct sockaddr *sa) | | 776 | mask_matchlen(const struct sockaddr *sa) |
777 | { | | 777 | { |
778 | const char *p, *ep; | | 778 | const char *p, *ep; |
779 | int l; | | 779 | int l; |
780 | | | 780 | |
781 | p = (const char *)sa; | | 781 | p = (const char *)sa; |
782 | ep = p + sa->sa_len; | | 782 | ep = p + sa->sa_len; |
783 | p += 2; /* sa_len + sa_family */ | | 783 | p += 2; /* sa_len + sa_family */ |
784 | | | 784 | |
785 | l = 0; | | 785 | l = 0; |
786 | while (p < ep) { | | 786 | while (p < ep) { |
787 | l += (*p ? 8 : 0); /* estimate */ | | 787 | l += (*p ? 8 : 0); /* estimate */ |
788 | p++; | | 788 | p++; |
789 | } | | 789 | } |
790 | return l; | | 790 | return l; |
791 | } | | 791 | } |
792 | #endif | | 792 | #endif |
793 | | | 793 | |
794 | #ifndef USE_RADIX | | 794 | #ifndef USE_RADIX |
795 | static int | | 795 | static int |
796 | mask_match(const struct encaptab *ep, | | 796 | mask_match(const struct encaptab *ep, |
797 | const struct sockaddr *sp, | | 797 | const struct sockaddr *sp, |
798 | const struct sockaddr *dp) | | 798 | const struct sockaddr *dp) |
799 | { | | 799 | { |
800 | struct sockaddr_storage s; | | 800 | struct sockaddr_storage s; |
801 | struct sockaddr_storage d; | | 801 | struct sockaddr_storage d; |
802 | int i; | | 802 | int i; |
803 | const u_int8_t *p, *q; | | 803 | const u_int8_t *p, *q; |
804 | u_int8_t *r; | | 804 | u_int8_t *r; |
805 | int matchlen; | | 805 | int matchlen; |
806 | | | 806 | |
807 | KASSERTMSG(ep->func == NULL, "wrong encaptab passed to mask_match"); | | 807 | KASSERTMSG(ep->func == NULL, "wrong encaptab passed to mask_match"); |
808 | | | 808 | |
809 | if (sp->sa_len > sizeof(s) || dp->sa_len > sizeof(d)) | | 809 | if (sp->sa_len > sizeof(s) || dp->sa_len > sizeof(d)) |
810 | return 0; | | 810 | return 0; |
811 | if (sp->sa_family != ep->af || dp->sa_family != ep->af) | | 811 | if (sp->sa_family != ep->af || dp->sa_family != ep->af) |
812 | return 0; | | 812 | return 0; |
813 | if (sp->sa_len != ep->src->sa_len || dp->sa_len != ep->dst->sa_len) | | 813 | if (sp->sa_len != ep->src->sa_len || dp->sa_len != ep->dst->sa_len) |
814 | return 0; | | 814 | return 0; |
815 | | | 815 | |
816 | matchlen = 0; | | 816 | matchlen = 0; |
817 | | | 817 | |
818 | p = (const u_int8_t *)sp; | | 818 | p = (const u_int8_t *)sp; |
819 | q = (const u_int8_t *)ep->srcmask; | | 819 | q = (const u_int8_t *)ep->srcmask; |
820 | r = (u_int8_t *)&s; | | 820 | r = (u_int8_t *)&s; |
821 | for (i = 0 ; i < sp->sa_len; i++) { | | 821 | for (i = 0 ; i < sp->sa_len; i++) { |
822 | r[i] = p[i] & q[i]; | | 822 | r[i] = p[i] & q[i]; |
823 | /* XXX estimate */ | | 823 | /* XXX estimate */ |
824 | matchlen += (q[i] ? 8 : 0); | | 824 | matchlen += (q[i] ? 8 : 0); |
825 | } | | 825 | } |
826 | | | 826 | |
827 | p = (const u_int8_t *)dp; | | 827 | p = (const u_int8_t *)dp; |
828 | q = (const u_int8_t *)ep->dstmask; | | 828 | q = (const u_int8_t *)ep->dstmask; |
829 | r = (u_int8_t *)&d; | | 829 | r = (u_int8_t *)&d; |
830 | for (i = 0 ; i < dp->sa_len; i++) { | | 830 | for (i = 0 ; i < dp->sa_len; i++) { |
831 | r[i] = p[i] & q[i]; | | 831 | r[i] = p[i] & q[i]; |
832 | /* XXX rough estimate */ | | 832 | /* XXX rough estimate */ |
833 | matchlen += (q[i] ? 8 : 0); | | 833 | matchlen += (q[i] ? 8 : 0); |
834 | } | | 834 | } |
835 | | | 835 | |
836 | /* need to overwrite len/family portion as we don't compare them */ | | 836 | /* need to overwrite len/family portion as we don't compare them */ |
837 | s.ss_len = sp->sa_len; | | 837 | s.ss_len = sp->sa_len; |
838 | s.ss_family = sp->sa_family; | | 838 | s.ss_family = sp->sa_family; |
839 | d.ss_len = dp->sa_len; | | 839 | d.ss_len = dp->sa_len; |
840 | d.ss_family = dp->sa_family; | | 840 | d.ss_family = dp->sa_family; |
841 | | | 841 | |
842 | if (memcmp(&s, ep->src, ep->src->sa_len) == 0 && | | 842 | if (memcmp(&s, ep->src, ep->src->sa_len) == 0 && |
843 | memcmp(&d, ep->dst, ep->dst->sa_len) == 0) { | | 843 | memcmp(&d, ep->dst, ep->dst->sa_len) == 0) { |
844 | return matchlen; | | 844 | return matchlen; |
845 | } else | | 845 | } else |
846 | return 0; | | 846 | return 0; |
847 | } | | 847 | } |
848 | #endif | | 848 | #endif |
849 | | | 849 | |
850 | static void | | 850 | static void |
851 | encap_fillarg(struct mbuf *m, const struct encaptab *ep) | | 851 | encap_fillarg(struct mbuf *m, const struct encaptab *ep) |
852 | { | | 852 | { |
853 | struct m_tag *mtag; | | 853 | struct m_tag *mtag; |
854 | | | 854 | |
855 | mtag = m_tag_get(PACKET_TAG_ENCAP, sizeof(void *), M_NOWAIT); | | 855 | mtag = m_tag_get(PACKET_TAG_ENCAP, sizeof(void *), M_NOWAIT); |
856 | if (mtag) { | | 856 | if (mtag) { |
857 | *(void **)(mtag + 1) = ep->arg; | | 857 | *(void **)(mtag + 1) = ep->arg; |
858 | m_tag_prepend(m, mtag); | | 858 | m_tag_prepend(m, mtag); |
859 | } | | 859 | } |
860 | } | | 860 | } |
861 | | | 861 | |
862 | void * | | 862 | void * |
863 | encap_getarg(struct mbuf *m) | | 863 | encap_getarg(struct mbuf *m) |
864 | { | | 864 | { |
865 | void *p; | | 865 | void *p; |
866 | struct m_tag *mtag; | | 866 | struct m_tag *mtag; |
867 | | | 867 | |
868 | p = NULL; | | 868 | p = NULL; |
869 | mtag = m_tag_find(m, PACKET_TAG_ENCAP, NULL); | | 869 | mtag = m_tag_find(m, PACKET_TAG_ENCAP, NULL); |
870 | if (mtag != NULL) { | | 870 | if (mtag != NULL) { |
871 | p = *(void **)(mtag + 1); | | 871 | p = *(void **)(mtag + 1); |
872 | m_tag_delete(m, mtag); | | 872 | m_tag_delete(m, mtag); |
873 | } | | 873 | } |
874 | return p; | | 874 | return p; |
875 | } | | 875 | } |