diff options
| -rw-r--r-- | sys/net/if.c | 4 | ||||
| -rw-r--r-- | sys/net/if_gif.c | 14 | ||||
| -rw-r--r-- | sys/net/if_gif.h | 3 | ||||
| -rw-r--r-- | sys/net/if_gre.c | 36 | ||||
| -rw-r--r-- | sys/net/if_gre.h | 7 | ||||
| -rw-r--r-- | sys/netinet/in_gif.c | 19 | ||||
| -rw-r--r-- | sys/netinet/ip_ether.c | 3 | ||||
| -rw-r--r-- | sys/netinet/ip_gre.c | 6 | ||||
| -rw-r--r-- | sys/sys/sockio.h | 5 |
9 files changed, 79 insertions, 18 deletions
diff --git a/sys/net/if.c b/sys/net/if.c index 5c989cc8ab0..4637bf5af93 100644 --- a/sys/net/if.c +++ b/sys/net/if.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if.c,v 1.200 2009/11/03 10:59:04 claudio Exp $ */ +/* $OpenBSD: if.c,v 1.201 2009/11/21 14:08:14 claudio Exp $ */ /* $NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $ */ /* @@ -1381,6 +1381,7 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct proc *p) case SIOCSIFPHYADDR_IN6: #endif case SIOCSLIFPHYADDR: + case SIOCSLIFPHYRTABLEID: case SIOCADDMULTI: case SIOCDELMULTI: case SIOCSIFMEDIA: @@ -1390,6 +1391,7 @@ ifioctl(struct socket *so, u_long cmd, caddr_t data, struct proc *p) case SIOCGIFPSRCADDR: case SIOCGIFPDSTADDR: case SIOCGLIFPHYADDR: + case SIOCGLIFPHYRTABLEID: case SIOCGIFMEDIA: if (ifp->if_ioctl == 0) return (EOPNOTSUPP); diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c index 0869fb961df..fda89a0d958 100644 --- a/sys/net/if_gif.c +++ b/sys/net/if_gif.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_gif.c,v 1.51 2008/11/24 14:55:53 claudio Exp $ */ +/* $OpenBSD: if_gif.c,v 1.52 2009/11/21 14:08:14 claudio Exp $ */ /* $KAME: if_gif.c,v 1.43 2001/02/20 08:51:07 itojun Exp $ */ /* @@ -598,6 +598,18 @@ gif_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) ifp->if_mtu = ifr->ifr_mtu; break; + case SIOCSLIFPHYRTABLEID: + if (ifr->ifr_rdomainid < 0 || + ifr->ifr_rdomainid > RT_TABLEID_MAX || + !rtable_exists(ifr->ifr_rdomainid)) { + error = EINVAL; + break; + } + sc->gif_rtableid = ifr->ifr_rdomainid; + break; + case SIOCGLIFPHYRTABLEID: + ifr->ifr_rdomainid = sc->gif_rtableid; + break; default: error = ENOTTY; break; diff --git a/sys/net/if_gif.h b/sys/net/if_gif.h index 88cd1810f84..a1e8dd66f85 100644 --- a/sys/net/if_gif.h +++ b/sys/net/if_gif.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_gif.h,v 1.9 2003/12/03 14:51:05 markus Exp $ */ +/* $OpenBSD: if_gif.h,v 1.10 2009/11/21 14:08:14 claudio Exp $ */ /* $KAME: if_gif.h,v 1.17 2000/09/11 11:36:41 sumikawa Exp $ */ /* @@ -52,6 +52,7 @@ struct gif_softc { #endif } gifsc_gifscr; int gif_flags; + u_int gif_rtableid; LIST_ENTRY(gif_softc) gif_list; /* list of all gifs */ }; diff --git a/sys/net/if_gre.c b/sys/net/if_gre.c index 63695536a0d..d4b52337256 100644 --- a/sys/net/if_gre.c +++ b/sys/net/if_gre.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_gre.c,v 1.45 2009/06/02 17:10:23 henning Exp $ */ +/* $OpenBSD: if_gre.c,v 1.46 2009/11/21 14:08:14 claudio Exp $ */ /* $NetBSD: if_gre.c,v 1.9 1999/10/25 19:18:11 drochner Exp $ */ /* @@ -207,6 +207,15 @@ gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, goto end; } +#ifdef DIAGNOSTIC + if (ifp->if_rdomain != rtable_l2(m->m_pkthdr.rdomain)) { + printf("%s: trying to send packet on wrong domain. " + "if %d vs. mbuf %d, AF %d\n", ifp->if_xname, + ifp->if_rdomain, rtable_l2(m->m_pkthdr.rdomain), + dst->sa_family); + } +#endif + /* Try to limit infinite recursion through misconfiguration. */ for (mtag = m_tag_find(m, PACKET_TAG_GRE, NULL); mtag; mtag = m_tag_find(m, PACKET_TAG_GRE, mtag)) { @@ -410,6 +419,9 @@ gre_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, ifp->if_opackets++; ifp->if_obytes += m->m_pkthdr.len; + + m->m_pkthdr.rdomain = sc->g_rtableid; + #if NPF > 0 pf_pkt_addr_changed(m); #endif @@ -514,7 +526,7 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) sc->g_src = (satosin(sa))->sin_addr; if (cmd == GRESADDRD ) sc->g_dst = (satosin(sa))->sin_addr; - recompute: +recompute: if ((sc->g_src.s_addr != INADDR_ANY) && (sc->g_dst.s_addr != INADDR_ANY)) { if (sc->route.ro_rt != 0) { @@ -579,6 +591,20 @@ gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) si.sin_addr.s_addr = sc->g_dst.s_addr; memcpy(&lifr->dstaddr, &si, sizeof(si)); break; + case SIOCSLIFPHYRTABLEID: + if ((error = suser(prc, 0)) != 0) + break; + if (ifr->ifr_rdomainid < 0 || + ifr->ifr_rdomainid > RT_TABLEID_MAX || + !rtable_exists(ifr->ifr_rdomainid)) { + error = EINVAL; + break; + } + sc->g_rtableid = ifr->ifr_rdomainid; + goto recompute; + case SIOCGLIFPHYRTABLEID: + ifr->ifr_rdomainid = sc->g_rtableid; + break; default: error = ENOTTY; } @@ -627,8 +653,8 @@ gre_compute_route(struct gre_softc *sc) ((struct sockaddr_in *) &ro->ro_dst)->sin_addr.s_addr = htonl(a); } - rtalloc(ro); - if (ro->ro_rt == 0) + ro->ro_rt = rtalloc1(&ro->ro_dst, 1, sc->g_rtableid); + if (ro->ro_rt == NULL) return; /* @@ -638,7 +664,7 @@ gre_compute_route(struct gre_softc *sc) */ if (ro->ro_rt->rt_ifp == &sc->sc_if) { RTFREE(ro->ro_rt); - ro->ro_rt = (struct rtentry *) 0; + ro->ro_rt = NULL; return; } diff --git a/sys/net/if_gre.h b/sys/net/if_gre.h index 51c90779560..4b4e0c89678 100644 --- a/sys/net/if_gre.h +++ b/sys/net/if_gre.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_gre.h,v 1.11 2008/06/26 05:42:20 ray Exp $ */ +/* $OpenBSD: if_gre.h,v 1.12 2009/11/21 14:08:14 claudio Exp $ */ /* $NetBSD: if_gre.h,v 1.5 1999/11/19 20:41:19 thorpej Exp $ */ /* @@ -36,12 +36,13 @@ struct gre_softc { struct ifnet sc_if; LIST_ENTRY(gre_softc) sc_list; - int gre_unit; - int gre_flags; struct in_addr g_src; /* source address of gre packets */ struct in_addr g_dst; /* destination address of gre packets */ struct route route; /* routing entry that determines, where a encapsulated packet should go */ + int gre_unit; + int gre_flags; + u_int g_rtableid; /* routing table used for the tunnel */ u_char g_proto; /* protocol of encapsulator */ }; diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c index f726f68bde9..e2a92c0c57c 100644 --- a/sys/netinet/in_gif.c +++ b/sys/netinet/in_gif.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_gif.c,v 1.36 2009/06/02 17:01:20 blambert Exp $ */ +/* $OpenBSD: in_gif.c,v 1.37 2009/11/21 14:08:14 claudio Exp $ */ /* $KAME: in_gif.c,v 1.50 2001/01/22 07:27:16 itojun Exp $ */ /* @@ -77,6 +77,14 @@ in_gif_output(struct ifnet *ifp, int family, struct mbuf *m) return EAFNOSUPPORT; } +#ifdef DIAGNOSTIC + if (ifp->if_rdomain != rtable_l2(m->m_pkthdr.rdomain)) { + printf("%s: trying to send packet on wrong domain. " + "if %d vs. mbuf %d, AF %d\n", ifp->if_xname, + ifp->if_rdomain, rtable_l2(m->m_pkthdr.rdomain)); + } +#endif + /* setup dummy tdb. it highly depends on ipipoutput() code. */ bzero(&tdb, sizeof(tdb)); bzero(&xfs, sizeof(xfs)); @@ -124,6 +132,7 @@ in_gif_output(struct ifnet *ifp, int family, struct mbuf *m) m = mp; + m->m_pkthdr.rdomain = sc->gif_rtableid; #if NPF > 0 pf_pkt_addr_changed(m); #endif @@ -156,7 +165,9 @@ in_gif_input(struct mbuf *m, ...) LIST_FOREACH(sc, &gif_softc_list, gif_list) { if (sc->gif_psrc == NULL || sc->gif_pdst == NULL || sc->gif_psrc->sa_family != AF_INET || - sc->gif_pdst->sa_family != AF_INET) { + sc->gif_pdst->sa_family != AF_INET || + rtable_l2(sc->gif_rtableid) != + rtable_l2(m->m_pkthdr.rdomain)) { continue; } @@ -164,8 +175,7 @@ in_gif_input(struct mbuf *m, ...) continue; if (in_hosteq(satosin(sc->gif_psrc)->sin_addr, ip->ip_dst) && - in_hosteq(satosin(sc->gif_pdst)->sin_addr, ip->ip_src)) - { + in_hosteq(satosin(sc->gif_pdst)->sin_addr, ip->ip_src)) { gifp = &sc->gif_if; break; } @@ -173,6 +183,7 @@ in_gif_input(struct mbuf *m, ...) if (gifp) { m->m_pkthdr.rcvif = gifp; + m->m_pkthdr.rdomain = gifp->if_rdomain; gifp->if_ipackets++; gifp->if_ibytes += m->m_pkthdr.len; ipip_input(m, off, gifp); /* We have a configured GIF */ diff --git a/sys/netinet/ip_ether.c b/sys/netinet/ip_ether.c index c29d2dc54bb..a0afea77c80 100644 --- a/sys/netinet/ip_ether.c +++ b/sys/netinet/ip_ether.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ether.c,v 1.51 2007/12/14 18:33:41 deraadt Exp $ */ +/* $OpenBSD: ip_ether.c,v 1.52 2009/11/21 14:08:14 claudio Exp $ */ /* * The author of this code is Angelos D. Keromytis (kermit@adk.gr) * @@ -253,6 +253,7 @@ etherip_input(struct mbuf *m, ...) * bridge_input() returns non-NULL when an error occurs. */ m->m_pkthdr.rcvif = &sc->gif_if; + m->m_pkthdr.rdomain = sc->gif_if.if_rdomain; if (m->m_flags & (M_BCAST|M_MCAST)) sc->gif_if.if_imcasts++; diff --git a/sys/netinet/ip_gre.c b/sys/netinet/ip_gre.c index 886706ab10f..80bc7f8e879 100644 --- a/sys/netinet/ip_gre.c +++ b/sys/netinet/ip_gre.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_gre.c,v 1.33 2009/06/02 17:10:23 henning Exp $ */ +/* $OpenBSD: ip_gre.c,v 1.34 2009/11/21 14:08:14 claudio Exp $ */ /* $NetBSD: ip_gre.c,v 1.9 1999/10/25 19:18:11 drochner Exp $ */ /* @@ -116,6 +116,7 @@ gre_input2(m , hlen, proto) gip = mtod(m, struct greip *); m->m_pkthdr.rcvif = &sc->sc_if; + m->m_pkthdr.rdomain = sc->sc_if.if_rdomain; sc->sc_if.if_ipackets++; sc->sc_if.if_ibytes += m->m_pkthdr.len; @@ -193,6 +194,7 @@ gre_input2(m , hlen, proto) if (sc->sc_if.if_bpf) bpf_mtap_af(sc->sc_if.if_bpf, af, m, BPF_DIRECTION_IN); #endif + #if NPF > 0 pf_pkt_addr_changed(m); #endif @@ -343,6 +345,8 @@ gre_lookup(m, proto) if ((sc->g_dst.s_addr == ip->ip_src.s_addr) && (sc->g_src.s_addr == ip->ip_dst.s_addr) && (sc->g_proto == proto) && + (rtable_l2(sc->g_rtableid) == + rtable_l2(m->m_pkthdr.rdomain)) && ((sc->sc_if.if_flags & IFF_UP) != 0)) return (sc); } diff --git a/sys/sys/sockio.h b/sys/sys/sockio.h index 4e2c89e190d..6f7358756a8 100644 --- a/sys/sys/sockio.h +++ b/sys/sys/sockio.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sockio.h,v 1.45 2009/06/05 00:05:22 claudio Exp $ */ +/* $OpenBSD: sockio.h,v 1.46 2009/11/21 14:08:14 claudio Exp $ */ /* $NetBSD: sockio.h,v 1.5 1995/08/23 00:40:47 thorpej Exp $ */ /*- @@ -176,6 +176,9 @@ #define SIOCSIFRTABLEID _IOW('i', 159, struct ifreq) /* set ifnet VRF id */ #define SIOCGIFRTABLEID _IOWR('i', 160, struct ifreq) /* get ifnet VRF id */ +#define SIOCSLIFPHYRTABLEID _IOW('i', 161, struct ifreq) /* set tunnel VRF id */ +#define SIOCGLIFPHYRTABLEID _IOWR('i', 162, struct ifreq) /* get tunnel id */ + #define SIOCSVH _IOWR('i', 245, struct ifreq) /* set carp param */ #define SIOCGVH _IOWR('i', 246, struct ifreq) /* get carp param */ |