diff options
-rw-r--r-- | sys/conf/files | 4 | ||||
-rw-r--r-- | sys/net/if_gif.c | 294 | ||||
-rw-r--r-- | sys/net/if_gif.h | 5 | ||||
-rw-r--r-- | sys/netinet/in_gif.c | 205 | ||||
-rw-r--r-- | sys/netinet/in_gif.h | 39 | ||||
-rw-r--r-- | sys/netinet/in_proto.c | 4 | ||||
-rw-r--r-- | sys/netinet6/in6_gif.c | 193 | ||||
-rw-r--r-- | sys/netinet6/in6_gif.h | 39 | ||||
-rw-r--r-- | sys/netinet6/in6_proto.c | 4 |
9 files changed, 299 insertions, 488 deletions
diff --git a/sys/conf/files b/sys/conf/files index 691d7f2cfd9..7d3d5501956 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -1,4 +1,4 @@ -# $OpenBSD: files,v 1.602 2015/09/10 18:39:57 deraadt Exp $ +# $OpenBSD: files,v 1.603 2015/09/28 08:32:04 mpi Exp $ # $NetBSD: files,v 1.87 1996/05/19 17:17:50 jonathan Exp $ # @(#)files.newconf 7.5 (Berkeley) 5/10/93 @@ -937,8 +937,6 @@ file uvm/uvm_vnode.c # IPv6 file net/if_gif.c gif needs-count file netinet/ip_ecn.c -file netinet/in_gif.c gif -file netinet6/in6_gif.c gif & inet6 file netinet6/in6_pcb.c inet6 file netinet6/in6.c inet6 file netinet6/ip6_divert.c inet6 & pf diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c index c30b65872bb..65c8d08d123 100644 --- a/sys/net/if_gif.c +++ b/sys/net/if_gif.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_gif.c,v 1.79 2015/09/11 08:17:06 claudio Exp $ */ +/* $OpenBSD: if_gif.c,v 1.80 2015/09/28 08:32:05 mpi Exp $ */ /* $KAME: if_gif.c,v 1.43 2001/02/20 08:51:07 itojun Exp $ */ /* @@ -41,26 +41,36 @@ #include <net/if_var.h> #include <net/if_types.h> #include <net/route.h> -#include <net/bpf.h> #include <netinet/in.h> #include <netinet/in_var.h> -#include <netinet/in_gif.h> #include <netinet/ip.h> #include <netinet/ip_ether.h> #include <netinet/ip_var.h> +#include <netinet/ip_ipsp.h> #ifdef INET6 #include <netinet6/in6_var.h> #include <netinet/ip6.h> #include <netinet6/ip6_var.h> -#include <netinet6/in6_gif.h> #endif /* INET6 */ #include <net/if_gif.h> #include "bpfilter.h" +#if NBPFILTER > 0 +#include <net/bpf.h> +#endif + #include "bridge.h" +#if NBRIDGE > 0 || defined(MPLS) +#include <netinet/ip_ether.h> +#endif + +#include "pf.h" +#if NPF > 0 +#include <net/pfvar.h> +#endif #define GIF_MTU (1280) /* Default MTU */ #define GIF_MTU_MIN (1280) /* Minimum MTU */ @@ -75,6 +85,9 @@ int gif_ioctl(struct ifnet *, u_long, caddr_t); int gif_output(struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *); +int in_gif_output(struct ifnet *, int, struct mbuf **); +int in6_gif_output(struct ifnet *, int, struct mbuf **); + /* * gif global variable definitions */ @@ -628,3 +641,276 @@ gif_checkloop(struct ifnet *ifp, struct mbuf *m) m_tag_prepend(m, mtag); return 0; } + +int +in_gif_output(struct ifnet *ifp, int family, struct mbuf **m0) +{ + struct gif_softc *sc = (struct gif_softc*)ifp; + struct sockaddr_in *sin_src = satosin(sc->gif_psrc); + struct sockaddr_in *sin_dst = satosin(sc->gif_pdst); + struct tdb tdb; + struct xformsw xfs; + int error; + struct mbuf *m = *m0; + + if (sin_src == NULL || sin_dst == NULL || + sin_src->sin_family != AF_INET || + sin_dst->sin_family != AF_INET) { + m_freem(m); + return EAFNOSUPPORT; + } + +#ifdef DIAGNOSTIC + if (ifp->if_rdomain != rtable_l2(m->m_pkthdr.ph_rtableid)) { + printf("%s: trying to send packet on wrong domain. " + "if %d vs. mbuf %d, AF %d\n", ifp->if_xname, + ifp->if_rdomain, rtable_l2(m->m_pkthdr.ph_rtableid), + family); + } +#endif + + /* setup dummy tdb. it highly depends on ipip_output() code. */ + bzero(&tdb, sizeof(tdb)); + bzero(&xfs, sizeof(xfs)); + tdb.tdb_src.sin.sin_family = AF_INET; + tdb.tdb_src.sin.sin_len = sizeof(struct sockaddr_in); + tdb.tdb_src.sin.sin_addr = sin_src->sin_addr; + tdb.tdb_dst.sin.sin_family = AF_INET; + tdb.tdb_dst.sin.sin_len = sizeof(struct sockaddr_in); + tdb.tdb_dst.sin.sin_addr = sin_dst->sin_addr; + tdb.tdb_xform = &xfs; + xfs.xf_type = -1; /* not XF_IP4 */ + + switch (family) { + case AF_INET: + break; +#ifdef INET6 + case AF_INET6: + break; +#endif +#if NBRIDGE > 0 + case AF_LINK: + break; +#endif +#if MPLS + case AF_MPLS: + break; +#endif + default: +#ifdef DEBUG + printf("%s: warning: unknown family %d passed\n", __func__, + family); +#endif + m_freem(m); + return EAFNOSUPPORT; + } + + /* encapsulate into IPv4 packet */ + *m0 = NULL; +#if NBRIDGE > 0 + if (family == AF_LINK) + error = etherip_output(m, &tdb, m0, IPPROTO_ETHERIP); + else +#endif /* NBRIDGE */ +#ifdef MPLS + if (family == AF_MPLS) + error = etherip_output(m, &tdb, m0, IPPROTO_MPLS); + else +#endif + error = ipip_output(m, &tdb, m0, 0, 0); + if (error) + return error; + else if (*m0 == NULL) + return EFAULT; + + m = *m0; + + m->m_pkthdr.ph_rtableid = sc->gif_rtableid; +#if NPF > 0 + pf_pkt_addr_changed(m); +#endif + return 0; +} + +void +in_gif_input(struct mbuf *m, ...) +{ + int off; + struct gif_softc *sc; + struct ifnet *gifp = NULL; + struct ip *ip; + va_list ap; + + va_start(ap, m); + off = va_arg(ap, int); + va_end(ap); + + /* IP-in-IP header is caused by tunnel mode, so skip gif lookup */ + if (m->m_flags & M_TUNNEL) { + m->m_flags &= ~M_TUNNEL; + goto inject; + } + + ip = mtod(m, struct ip *); + + /* this code will be soon improved. */ + LIST_FOREACH(sc, &gif_softc_list, gif_list) { + if (sc->gif_psrc == NULL || sc->gif_pdst == NULL || + sc->gif_psrc->sa_family != AF_INET || + sc->gif_pdst->sa_family != AF_INET || + rtable_l2(sc->gif_rtableid) != + rtable_l2(m->m_pkthdr.ph_rtableid)) { + continue; + } + + if ((sc->gif_if.if_flags & IFF_UP) == 0) + continue; + + if (in_hosteq(satosin(sc->gif_psrc)->sin_addr, ip->ip_dst) && + in_hosteq(satosin(sc->gif_pdst)->sin_addr, ip->ip_src)) { + gifp = &sc->gif_if; + break; + } + } + + if (gifp) { + m->m_pkthdr.ph_ifidx = gifp->if_index; + m->m_pkthdr.ph_rtableid = gifp->if_rdomain; + gifp->if_ipackets++; + gifp->if_ibytes += m->m_pkthdr.len; + /* We have a configured GIF */ + ipip_input(m, off, gifp, ip->ip_p); + return; + } + +inject: + ip4_input(m, off); /* No GIF interface was configured */ + return; +} + +#ifdef INET6 +int +in6_gif_output(struct ifnet *ifp, int family, struct mbuf **m0) +{ + struct gif_softc *sc = (struct gif_softc*)ifp; + struct sockaddr_in6 *sin6_src = satosin6(sc->gif_psrc); + struct sockaddr_in6 *sin6_dst = satosin6(sc->gif_pdst); + struct tdb tdb; + struct xformsw xfs; + int error; + struct mbuf *m = *m0; + + if (sin6_src == NULL || sin6_dst == NULL || + sin6_src->sin6_family != AF_INET6 || + sin6_dst->sin6_family != AF_INET6) { + m_freem(m); + return EAFNOSUPPORT; + } + + /* setup dummy tdb. it highly depends on ipip_output() code. */ + bzero(&tdb, sizeof(tdb)); + bzero(&xfs, sizeof(xfs)); + tdb.tdb_src.sin6.sin6_family = AF_INET6; + tdb.tdb_src.sin6.sin6_len = sizeof(struct sockaddr_in6); + tdb.tdb_src.sin6.sin6_addr = sin6_src->sin6_addr; + tdb.tdb_dst.sin6.sin6_family = AF_INET6; + tdb.tdb_dst.sin6.sin6_len = sizeof(struct sockaddr_in6); + tdb.tdb_dst.sin6.sin6_addr = sin6_dst->sin6_addr; + tdb.tdb_xform = &xfs; + xfs.xf_type = -1; /* not XF_IP4 */ + + switch (family) { + case AF_INET: + break; +#ifdef INET6 + case AF_INET6: + break; +#endif +#if NBRIDGE > 0 + case AF_LINK: + break; +#endif +#ifdef MPLS + case AF_MPLS: + break; +#endif + default: +#ifdef DEBUG + printf("%s: warning: unknown family %d passed\n", __func__, + family); +#endif + m_freem(m); + return EAFNOSUPPORT; + } + + /* encapsulate into IPv6 packet */ + *m0 = NULL; +#if NBRIDGE > 0 + if (family == AF_LINK) + error = etherip_output(m, &tdb, m0, IPPROTO_ETHERIP); + else +#endif /* NBRIDGE */ +#if MPLS + if (family == AF_MPLS) + error = etherip_output(m, &tdb, m0, IPPROTO_MPLS); + else +#endif + error = ipip_output(m, &tdb, m0, 0, 0); + if (error) + return error; + else if (*m0 == NULL) + return EFAULT; + + m = *m0; + +#if NPF > 0 + pf_pkt_addr_changed(m); +#endif + return 0; +} + +int in6_gif_input(struct mbuf **mp, int *offp, int proto) +{ + struct mbuf *m = *mp; + struct gif_softc *sc; + struct ifnet *gifp = NULL; + struct ip6_hdr *ip6; + + /* XXX What if we run transport-mode IPsec to protect gif tunnel ? */ + if (m->m_flags & (M_AUTH | M_CONF)) + goto inject; + + ip6 = mtod(m, struct ip6_hdr *); + +#define satoin6(sa) (satosin6(sa)->sin6_addr) + LIST_FOREACH(sc, &gif_softc_list, gif_list) { + if (sc->gif_psrc == NULL || sc->gif_pdst == NULL || + sc->gif_psrc->sa_family != AF_INET6 || + sc->gif_pdst->sa_family != AF_INET6) { + continue; + } + + if ((sc->gif_if.if_flags & IFF_UP) == 0) + continue; + + if (IN6_ARE_ADDR_EQUAL(&satoin6(sc->gif_psrc), &ip6->ip6_dst) && + IN6_ARE_ADDR_EQUAL(&satoin6(sc->gif_pdst), &ip6->ip6_src)) { + gifp = &sc->gif_if; + break; + } + } + + if (gifp) { + m->m_pkthdr.ph_ifidx = gifp->if_index; + gifp->if_ipackets++; + gifp->if_ibytes += m->m_pkthdr.len; + ipip_input(m, *offp, gifp, proto); + return IPPROTO_DONE; + } + +inject: + /* No GIF tunnel configured */ + ip4_input6(&m, offp, proto); + return IPPROTO_DONE; +} +#endif /* INET6 */ diff --git a/sys/net/if_gif.h b/sys/net/if_gif.h index 563fd70f1aa..8fe78602d01 100644 --- a/sys/net/if_gif.h +++ b/sys/net/if_gif.h @@ -1,4 +1,4 @@ -/* $OpenBSD: if_gif.h,v 1.13 2015/07/17 18:05:59 mpi Exp $ */ +/* $OpenBSD: if_gif.h,v 1.14 2015/09/28 08:32:05 mpi Exp $ */ /* $KAME: if_gif.h,v 1.17 2000/09/11 11:36:41 sumikawa Exp $ */ /* @@ -49,4 +49,7 @@ extern LIST_HEAD(gif_softc_head, gif_softc) gif_softc_list; int gif_encap(struct ifnet *, struct mbuf **, sa_family_t); +void in_gif_input(struct mbuf *, ...); +int in6_gif_input(struct mbuf **, int *, int); + #endif /* _NET_IF_GIF_H_ */ diff --git a/sys/netinet/in_gif.c b/sys/netinet/in_gif.c deleted file mode 100644 index cff79901692..00000000000 --- a/sys/netinet/in_gif.c +++ /dev/null @@ -1,205 +0,0 @@ -/* $OpenBSD: in_gif.c,v 1.46 2015/08/14 18:07:28 bluhm Exp $ */ -/* $KAME: in_gif.c,v 1.50 2001/01/22 07:27:16 itojun Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "pf.h" - -#include <sys/param.h> -#include <sys/systm.h> -#include <sys/socket.h> -#include <sys/mbuf.h> - -#include <net/if.h> -#include <net/if_var.h> -#include <net/route.h> -#include <net/if_gif.h> - -#include <netinet/in.h> -#include <netinet/ip.h> -#include <netinet/ip_var.h> -#include <netinet/in_gif.h> -#include <netinet/ip_ipsp.h> - -#include "gif.h" -#include "bridge.h" -#if NBRIDGE > 0 || defined(MPLS) -#include <netinet/ip_ether.h> -#endif - -#if NPF > 0 -#include <net/pfvar.h> -#endif - -int -in_gif_output(struct ifnet *ifp, int family, struct mbuf **m0) -{ - struct gif_softc *sc = (struct gif_softc*)ifp; - struct sockaddr_in *sin_src = satosin(sc->gif_psrc); - struct sockaddr_in *sin_dst = satosin(sc->gif_pdst); - struct tdb tdb; - struct xformsw xfs; - int error; - struct mbuf *m = *m0; - - if (sin_src == NULL || sin_dst == NULL || - sin_src->sin_family != AF_INET || - sin_dst->sin_family != AF_INET) { - m_freem(m); - return EAFNOSUPPORT; - } - -#ifdef DIAGNOSTIC - if (ifp->if_rdomain != rtable_l2(m->m_pkthdr.ph_rtableid)) { - printf("%s: trying to send packet on wrong domain. " - "if %d vs. mbuf %d, AF %d\n", ifp->if_xname, - ifp->if_rdomain, rtable_l2(m->m_pkthdr.ph_rtableid), - family); - } -#endif - - /* setup dummy tdb. it highly depends on ipip_output() code. */ - bzero(&tdb, sizeof(tdb)); - bzero(&xfs, sizeof(xfs)); - tdb.tdb_src.sin.sin_family = AF_INET; - tdb.tdb_src.sin.sin_len = sizeof(struct sockaddr_in); - tdb.tdb_src.sin.sin_addr = sin_src->sin_addr; - tdb.tdb_dst.sin.sin_family = AF_INET; - tdb.tdb_dst.sin.sin_len = sizeof(struct sockaddr_in); - tdb.tdb_dst.sin.sin_addr = sin_dst->sin_addr; - tdb.tdb_xform = &xfs; - xfs.xf_type = -1; /* not XF_IP4 */ - - switch (family) { - case AF_INET: - break; -#ifdef INET6 - case AF_INET6: - break; -#endif -#if NBRIDGE > 0 - case AF_LINK: - break; -#endif -#if MPLS - case AF_MPLS: - break; -#endif - default: -#ifdef DEBUG - printf("in_gif_output: warning: unknown family %d passed\n", - family); -#endif - m_freem(m); - return EAFNOSUPPORT; - } - - /* encapsulate into IPv4 packet */ - *m0 = NULL; -#if NBRIDGE > 0 - if (family == AF_LINK) - error = etherip_output(m, &tdb, m0, IPPROTO_ETHERIP); - else -#endif /* NBRIDGE */ -#ifdef MPLS - if (family == AF_MPLS) - error = etherip_output(m, &tdb, m0, IPPROTO_MPLS); - else -#endif - error = ipip_output(m, &tdb, m0, 0, 0); - if (error) - return error; - else if (*m0 == NULL) - return EFAULT; - - m = *m0; - - m->m_pkthdr.ph_rtableid = sc->gif_rtableid; -#if NPF > 0 - pf_pkt_addr_changed(m); -#endif - return 0; -} - -void -in_gif_input(struct mbuf *m, ...) -{ - int off; - struct gif_softc *sc; - struct ifnet *gifp = NULL; - struct ip *ip; - va_list ap; - - va_start(ap, m); - off = va_arg(ap, int); - va_end(ap); - - /* IP-in-IP header is caused by tunnel mode, so skip gif lookup */ - if (m->m_flags & M_TUNNEL) { - m->m_flags &= ~M_TUNNEL; - goto inject; - } - - ip = mtod(m, struct ip *); - - /* this code will be soon improved. */ - LIST_FOREACH(sc, &gif_softc_list, gif_list) { - if (sc->gif_psrc == NULL || sc->gif_pdst == NULL || - sc->gif_psrc->sa_family != AF_INET || - sc->gif_pdst->sa_family != AF_INET || - rtable_l2(sc->gif_rtableid) != - rtable_l2(m->m_pkthdr.ph_rtableid)) { - continue; - } - - if ((sc->gif_if.if_flags & IFF_UP) == 0) - continue; - - if (in_hosteq(satosin(sc->gif_psrc)->sin_addr, ip->ip_dst) && - in_hosteq(satosin(sc->gif_pdst)->sin_addr, ip->ip_src)) { - gifp = &sc->gif_if; - break; - } - } - - if (gifp) { - m->m_pkthdr.ph_ifidx = gifp->if_index; - m->m_pkthdr.ph_rtableid = gifp->if_rdomain; - gifp->if_ipackets++; - gifp->if_ibytes += m->m_pkthdr.len; - /* We have a configured GIF */ - ipip_input(m, off, gifp, ip->ip_p); - return; - } - -inject: - ip4_input(m, off); /* No GIF interface was configured */ - return; -} diff --git a/sys/netinet/in_gif.h b/sys/netinet/in_gif.h deleted file mode 100644 index aa4b660a2b6..00000000000 --- a/sys/netinet/in_gif.h +++ /dev/null @@ -1,39 +0,0 @@ -/* $OpenBSD: in_gif.h,v 1.6 2010/05/11 09:36:07 claudio Exp $ */ -/* $KAME: in_gif.h,v 1.5 2000/04/14 08:36:02 itojun Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef _NETINET_IN_GIF_H_ -#define _NETINET_IN_GIF_H_ - -void in_gif_input(struct mbuf *, ...); -int in_gif_output(struct ifnet *, int, struct mbuf **); - -#endif /*_NETINET_IN_GIF_H_*/ diff --git a/sys/netinet/in_proto.c b/sys/netinet/in_proto.c index d8dea422e47..8196ffd0d4a 100644 --- a/sys/netinet/in_proto.c +++ b/sys/netinet/in_proto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in_proto.c,v 1.66 2015/09/04 08:43:39 mpi Exp $ */ +/* $OpenBSD: in_proto.c,v 1.67 2015/09/28 08:32:05 mpi Exp $ */ /* $NetBSD: in_proto.c,v 1.14 1996/02/18 18:58:32 christos Exp $ */ /* @@ -134,7 +134,7 @@ #include "gif.h" #if NGIF > 0 -#include <netinet/in_gif.h> +#include <net/if_gif.h> #endif #ifdef INET6 diff --git a/sys/netinet6/in6_gif.c b/sys/netinet6/in6_gif.c deleted file mode 100644 index 20f810ac128..00000000000 --- a/sys/netinet6/in6_gif.c +++ /dev/null @@ -1,193 +0,0 @@ -/* $OpenBSD: in6_gif.c,v 1.40 2015/06/16 11:09:40 mpi Exp $ */ -/* $KAME: in6_gif.c,v 1.43 2001/01/22 07:27:17 itojun Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "pf.h" - -#include <sys/param.h> -#include <sys/systm.h> -#include <sys/socket.h> -#include <sys/sockio.h> -#include <sys/mbuf.h> -#include <sys/errno.h> -#include <sys/ioctl.h> -#include <sys/protosw.h> - -#include <net/if.h> -#include <net/if_var.h> - -#include <netinet/in.h> -#include <netinet/ip_ipsp.h> - -#if NPF > 0 -#include <net/pfvar.h> -#endif - -#include <netinet/ip6.h> -#include <netinet6/ip6_var.h> -#include <netinet6/in6_gif.h> - -#include <netinet/ip_ecn.h> - -#include <net/if_gif.h> - -#include "bridge.h" -#if NBRIDGE > 0 || defined(MPLS) -#include <netinet/ip_ether.h> -#endif - -/* - * family - family of the packet to be encapsulate. - */ -int -in6_gif_output(struct ifnet *ifp, int family, struct mbuf **m0) -{ - struct gif_softc *sc = (struct gif_softc*)ifp; - struct sockaddr_in6 *sin6_src = satosin6(sc->gif_psrc); - struct sockaddr_in6 *sin6_dst = satosin6(sc->gif_pdst); - struct tdb tdb; - struct xformsw xfs; - int error; - struct mbuf *m = *m0; - - if (sin6_src == NULL || sin6_dst == NULL || - sin6_src->sin6_family != AF_INET6 || - sin6_dst->sin6_family != AF_INET6) { - m_freem(m); - return EAFNOSUPPORT; - } - - /* setup dummy tdb. it highly depends on ipip_output() code. */ - bzero(&tdb, sizeof(tdb)); - bzero(&xfs, sizeof(xfs)); - tdb.tdb_src.sin6.sin6_family = AF_INET6; - tdb.tdb_src.sin6.sin6_len = sizeof(struct sockaddr_in6); - tdb.tdb_src.sin6.sin6_addr = sin6_src->sin6_addr; - tdb.tdb_dst.sin6.sin6_family = AF_INET6; - tdb.tdb_dst.sin6.sin6_len = sizeof(struct sockaddr_in6); - tdb.tdb_dst.sin6.sin6_addr = sin6_dst->sin6_addr; - tdb.tdb_xform = &xfs; - xfs.xf_type = -1; /* not XF_IP4 */ - - switch (family) { - case AF_INET: - break; -#ifdef INET6 - case AF_INET6: - break; -#endif -#if NBRIDGE > 0 - case AF_LINK: - break; -#endif -#ifdef MPLS - case AF_MPLS: - break; -#endif - default: -#ifdef DEBUG - printf("in6_gif_output: warning: unknown family %d passed\n", - family); -#endif - m_freem(m); - return EAFNOSUPPORT; - } - - /* encapsulate into IPv6 packet */ - *m0 = NULL; -#if NBRIDGE > 0 - if (family == AF_LINK) - error = etherip_output(m, &tdb, m0, IPPROTO_ETHERIP); - else -#endif /* NBRIDGE */ -#if MPLS - if (family == AF_MPLS) - error = etherip_output(m, &tdb, m0, IPPROTO_MPLS); - else -#endif - error = ipip_output(m, &tdb, m0, 0, 0); - if (error) - return error; - else if (*m0 == NULL) - return EFAULT; - - m = *m0; - -#if NPF > 0 - pf_pkt_addr_changed(m); -#endif - return 0; -} - -int in6_gif_input(struct mbuf **mp, int *offp, int proto) -{ - struct mbuf *m = *mp; - struct gif_softc *sc; - struct ifnet *gifp = NULL; - struct ip6_hdr *ip6; - - /* XXX What if we run transport-mode IPsec to protect gif tunnel ? */ - if (m->m_flags & (M_AUTH | M_CONF)) - goto inject; - - ip6 = mtod(m, struct ip6_hdr *); - -#define satoin6(sa) (satosin6(sa)->sin6_addr) - LIST_FOREACH(sc, &gif_softc_list, gif_list) { - if (sc->gif_psrc == NULL || sc->gif_pdst == NULL || - sc->gif_psrc->sa_family != AF_INET6 || - sc->gif_pdst->sa_family != AF_INET6) { - continue; - } - - if ((sc->gif_if.if_flags & IFF_UP) == 0) - continue; - - if (IN6_ARE_ADDR_EQUAL(&satoin6(sc->gif_psrc), &ip6->ip6_dst) && - IN6_ARE_ADDR_EQUAL(&satoin6(sc->gif_pdst), &ip6->ip6_src)) { - gifp = &sc->gif_if; - break; - } - } - - if (gifp) { - m->m_pkthdr.ph_ifidx = gifp->if_index; - gifp->if_ipackets++; - gifp->if_ibytes += m->m_pkthdr.len; - ipip_input(m, *offp, gifp, proto); - return IPPROTO_DONE; - } - -inject: - /* No GIF tunnel configured */ - ip4_input6(&m, offp, proto); - return IPPROTO_DONE; -} diff --git a/sys/netinet6/in6_gif.h b/sys/netinet6/in6_gif.h deleted file mode 100644 index 62713f69120..00000000000 --- a/sys/netinet6/in6_gif.h +++ /dev/null @@ -1,39 +0,0 @@ -/* $OpenBSD: in6_gif.h,v 1.6 2010/05/11 09:36:07 claudio Exp $ */ -/* $KAME: in6_gif.h,v 1.5 2000/04/14 08:36:03 itojun Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef _NETINET6_IN6_GIF_H_ -#define _NETINET6_IN6_GIF_H_ - -int in6_gif_output(struct ifnet *, int, struct mbuf **); -int in6_gif_input(struct mbuf **, int *, int); - -#endif /*_NETINET6_IN6_GIF_H_*/ diff --git a/sys/netinet6/in6_proto.c b/sys/netinet6/in6_proto.c index 3c29cdeb568..ecf704ffdd3 100644 --- a/sys/netinet6/in6_proto.c +++ b/sys/netinet6/in6_proto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in6_proto.c,v 1.80 2015/09/04 08:43:39 mpi Exp $ */ +/* $OpenBSD: in6_proto.c,v 1.81 2015/09/28 08:32:05 mpi Exp $ */ /* $KAME: in6_proto.c,v 1.66 2000/10/10 15:35:47 itojun Exp $ */ /* @@ -102,7 +102,7 @@ #include "gif.h" #if NGIF > 0 #include <netinet/ip_ether.h> -#include <netinet6/in6_gif.h> +#include <net/if_gif.h> #endif #include "carp.h" |