Date: Sat, 6 Jun 2015 12:44:43 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r284066 - in stable/10: . sbin/ifconfig share/man/man4 sys/conf sys/modules sys/modules/if_gif sys/modules/if_gre sys/modules/if_me sys/net sys/netinet sys/netinet6 Message-ID: <201506061244.t56CihN9020959@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Sat Jun 6 12:44:42 2015 New Revision: 284066 URL: https://svnweb.freebsd.org/changeset/base/284066 Log: MFC r274246: Overhaul if_gre(4). Split it into two modules: if_gre(4) for GRE encapsulation and if_me(4) for minimal encapsulation within IP. gre(4) changes: * convert to if_transmit; * rework locking: protect access to softc with rmlock, protect from concurrent ioctls with sx lock; * correct interface accounting for outgoing datagramms (count only payload size); * implement generic support for using IPv6 as delivery header; * make implementation conform to the RFC 2784 and partially to RFC 2890; * add support for GRE checksums - calculate for outgoing datagramms and check for inconming datagramms; * add support for sending sequence number in GRE header; * remove support of cached routes. This fixes problem, when gre(4) doesn't work at system startup. But this also removes support for having tunnels with the same addresses for inner and outer header. * deprecate support for various GREXXX ioctls, that doesn't used in FreeBSD. Use our standard ioctls for tunnels. me(4): * implementation conform to RFC 2004; * use if_transmit; * use the same locking model as gre(4); PR: 164475 MFC r274289 (by bz): gcc requires variables to be initialised in two places. One of them is correctly used only under the same conditional though. For module builds properly check if the kernel supports INET or INET6, as otherwise various mips kernels without IPv6 support would fail to build. MFC r274964: Add ip_gre.h to ObsoleteFiles.inc. Added: stable/10/share/man/man4/me.4 - copied unchanged from r274246, head/share/man/man4/me.4 stable/10/sys/modules/if_me/ - copied from r274246, head/sys/modules/if_me/ stable/10/sys/net/if_me.c - copied, changed from r274246, head/sys/net/if_me.c stable/10/sys/netinet6/ip6_gre.c - copied, changed from r274246, head/sys/netinet6/ip6_gre.c Deleted: stable/10/sys/netinet/ip_gre.h Modified: stable/10/ObsoleteFiles.inc stable/10/sbin/ifconfig/ifgre.c stable/10/share/man/man4/Makefile stable/10/share/man/man4/gre.4 stable/10/sys/conf/NOTES stable/10/sys/conf/files stable/10/sys/modules/Makefile stable/10/sys/modules/if_gif/Makefile stable/10/sys/modules/if_gre/Makefile stable/10/sys/net/if_gre.c stable/10/sys/net/if_gre.h stable/10/sys/netinet/ip_gre.c stable/10/sys/netinet6/in6_proto.c Directory Properties: stable/10/ (props changed) stable/10/sys/gnu/dts/ (props changed) Modified: stable/10/ObsoleteFiles.inc ============================================================================== --- stable/10/ObsoleteFiles.inc Sat Jun 6 12:43:05 2015 (r284065) +++ stable/10/ObsoleteFiles.inc Sat Jun 6 12:44:42 2015 (r284066) @@ -44,6 +44,8 @@ OLD_FILES+=usr/share/man/man9/NDHASGIANT OLD_FILES+=usr/tests/sbin/mdconfig/legacy_test OLD_FILES+=usr/tests/sbin/mdconfig/mdconfig.test OLD_FILES+=usr/tests/sbin/mdconfig/run.pl +# 20141107: overhaul if_gre(4) +OLD_FILES+=usr/include/netinet/ip_gre.h # 20141028: debug files accidentally installed as directory name OLD_FILES+=usr/lib/debug/usr/lib/i18n OLD_FILES+=usr/lib/debug/usr/lib/private Modified: stable/10/sbin/ifconfig/ifgre.c ============================================================================== --- stable/10/sbin/ifconfig/ifgre.c Sat Jun 6 12:43:05 2015 (r284065) +++ stable/10/sbin/ifconfig/ifgre.c Sat Jun 6 12:44:42 2015 (r284066) @@ -23,52 +23,50 @@ * THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef lint -static const char rcsid[] = - "$FreeBSD$"; -#endif +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/ioctl.h> #include <sys/socket.h> #include <sys/sockio.h> - -#include <stdlib.h> -#include <unistd.h> - -#include <net/ethernet.h> #include <net/if.h> #include <net/if_gre.h> -#include <net/route.h> #include <ctype.h> +#include <limits.h> #include <stdio.h> -#include <string.h> #include <stdlib.h> -#include <unistd.h> +#include <string.h> #include <err.h> -#include <errno.h> #include "ifconfig.h" +#define GREBITS "\020\01ENABLE_CSUM\02ENABLE_SEQ" + static void gre_status(int s); static void gre_status(int s) { - int grekey = 0; + uint32_t opts = 0; - ifr.ifr_data = (caddr_t)&grekey; + ifr.ifr_data = (caddr_t)&opts; if (ioctl(s, GREGKEY, &ifr) == 0) - if (grekey != 0) - printf("\tgrekey: %d\n", grekey); + if (opts != 0) + printf("\tgrekey: 0x%x (%u)\n", opts, opts); + opts = 0; + if (ioctl(s, GREGOPTS, &ifr) != 0 || opts == 0) + return; + printb("\toptions", opts, GREBITS); + putchar('\n'); } static void setifgrekey(const char *val, int dummy __unused, int s, const struct afswtch *afp) { - uint32_t grekey = atol(val); + uint32_t grekey = strtol(val, NULL, 0); strncpy(ifr.ifr_name, name, sizeof (ifr.ifr_name)); ifr.ifr_data = (caddr_t)&grekey; @@ -76,8 +74,35 @@ setifgrekey(const char *val, int dummy _ warn("ioctl (set grekey)"); } +static void +setifgreopts(const char *val, int d, int s, const struct afswtch *afp) +{ + uint32_t opts; + + ifr.ifr_data = (caddr_t)&opts; + if (ioctl(s, GREGOPTS, &ifr) == -1) { + warn("ioctl(GREGOPTS)"); + return; + } + + if (d < 0) + opts &= ~(-d); + else + opts |= d; + + if (ioctl(s, GRESOPTS, &ifr) == -1) { + warn("ioctl(GIFSOPTS)"); + return; + } +} + + static struct cmd gre_cmds[] = { DEF_CMD_ARG("grekey", setifgrekey), + DEF_CMD("enable_csum", GRE_ENABLE_CSUM, setifgreopts), + DEF_CMD("-enable_csum",-GRE_ENABLE_CSUM,setifgreopts), + DEF_CMD("enable_seq", GRE_ENABLE_SEQ, setifgreopts), + DEF_CMD("-enable_seq",-GRE_ENABLE_SEQ, setifgreopts), }; static struct afswtch af_gre = { .af_name = "af_gre", Modified: stable/10/share/man/man4/Makefile ============================================================================== --- stable/10/share/man/man4/Makefile Sat Jun 6 12:43:05 2015 (r284065) +++ stable/10/share/man/man4/Makefile Sat Jun 6 12:44:42 2015 (r284066) @@ -250,6 +250,7 @@ MAN= aac.4 \ malo.4 \ mcd.4 \ md.4 \ + me.4 \ mem.4 \ meteor.4 \ mfi.4 \ Modified: stable/10/share/man/man4/gre.4 ============================================================================== --- stable/10/share/man/man4/gre.4 Sat Jun 6 12:43:05 2015 (r284065) +++ stable/10/share/man/man4/gre.4 Sat Jun 6 12:44:42 2015 (r284066) @@ -29,7 +29,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 20, 2008 +.Dd November 7, 2014 .Dt GRE 4 .Os .Sh NAME @@ -68,163 +68,30 @@ and .Cm destroy subcommands. .Pp -This driver currently supports the following modes of operation: -.Bl -tag -width indent -.It "GRE encapsulation (IP protocol number 47)" -Encapsulated datagrams are -prepended an outer datagram and a GRE header. +This driver corresponds to RFC 2784. +Encapsulated datagrams are prepended an outer datagram and a GRE header. The GRE header specifies the type of the encapsulated datagram and thus allows for tunneling other protocols than IP like e.g.\& AppleTalk. GRE mode is also the default tunnel mode on Cisco routers. -This is also the default mode of operation of the -.Nm -interfaces. -As part of the GRE mode, .Nm also supports Cisco WCCP protocol, both version 1 and version 2. -Since there is no reliable way to distinguish between WCCP versions, it -should be configured manually using the -.Cm link2 -flag. -If the -.Cm link2 -flag is not set (default), then WCCP version 1 is selected. -.It "MOBILE encapsulation (IP protocol number 55)" -Datagrams are -encapsulated into IP, but with a shorter encapsulation. -The original -IP header is modified and the modifications are inserted between the -so modified header and the original payload. -Like -.Xr gif 4 , -only for IP-in-IP encapsulation. -.El .Pp The .Nm -interfaces support a number of -.Xr ioctl 2 Ns s , -such as: -.Bl -tag -width ".Dv GRESADDRS" -.It Dv GRESADDRS -Set the IP address of the local tunnel end. -This is the source address -set by or displayed by -.Xr ifconfig 8 -for the -.Nm -interface. -.It Dv GRESADDRD -Set the IP address of the remote tunnel end. -This is the destination address -set by or displayed by -.Xr ifconfig 8 -for the -.Nm -interface. -.It Dv GREGADDRS -Query the IP address that is set for the local tunnel end. -This is the -address the encapsulation header carries as local address (i.e., the real -address of the tunnel start point). -.It Dv GREGADDRD -Query the IP address that is set for the remote tunnel end. -This is the -address the encapsulated packets are sent to (i.e., the real address of -the remote tunnel endpoint). -.It Dv GRESPROTO -Set the operation mode to the specified IP protocol value. -The -protocol is passed to the interface in -.Po Vt "struct ifreq" Pc Ns Li -> Ns Va ifr_flags . -The operation mode can also be given as -.Pp -.Bl -tag -width ".Cm -link0" -compact -.It Cm link0 -.Dv IPPROTO_GRE -.It Cm -link0 -.Dv IPPROTO_MOBILE -.El -.Pp -to -.Xr ifconfig 8 . -.Pp -The -.Cm link1 -flag is not used to choose encapsulation, but to modify the -internal route search for the remote tunnel endpoint, see the -.Sx BUGS -section below. -.It Dv GREGPROTO -Query operation mode. -.It Dv GRESKEY +interfaces support a number of additional parameters to the +.Xr ifconfig 8 : +.Bl -tag -width "enable_csum" +.It Ar grekey Set the GRE key used for outgoing packets. A value of 0 disables the key option. -.It Dv GREGKEY -Get the GRE key currently used for outgoing packets. -0 means no outgoing key. +.It Ar enable_csum +Enables checksum calculation for outgoing packets. +.It Ar enable_seq +Enables use of sequence number field in the GRE header for outgoing packets. .El -.Pp -Note that the IP addresses of the tunnel endpoints may be the same as the -ones defined with -.Xr ifconfig 8 -for the interface (as if IP is encapsulated), but need not be, as e.g.\& when -encapsulating AppleTalk. .Sh EXAMPLES -Configuration example: -.Bd -literal -Host X-- Host A ----------------tunnel---------- Cisco D------Host E - \\ | - \\ / - +------Host B----------Host C----------+ -.Ed .Pp -On host A -.Pq Fx : -.Bd -literal -offset indent -route add default B -ifconfig greN create -ifconfig greN A D netmask 0xffffffff linkX up -ifconfig greN tunnel A D -route add E D -.Ed -.Pp -On Host D (Cisco): -.Bd -literal -offset indent -Interface TunnelX - ip unnumbered D ! e.g. address from Ethernet interface - tunnel source D ! e.g. address from Ethernet interface - tunnel destination A -ip route C <some interface and mask> -ip route A mask C -ip route X mask tunnelX -.Ed -.Pp -OR -.Pp -On Host D -.Pq Fx : -.Bd -literal -offset indent -route add default C -ifconfig greN create -ifconfig greN D A -ifconfig greN tunnel D A -.Ed -.Pp -If all goes well, you should see packets flowing ;-) -.Pp -If you want to reach Host A over the tunnel (from Host D (Cisco)), then -you have to have an alias on Host A for e.g.\& the Ethernet interface like: -.Pp -.Dl "ifconfig <etherif> alias Y" -.Pp -and on the Cisco: -.Pp -.Dl "ip route Y mask tunnelX" -.Pp -A similar setup can be used to create a link between two private networks -(for example in the 192.168 subnet) over the Internet: .Bd -literal 192.168.1.* --- Router A -------tunnel-------- Router B --- 192.168.2.* \\ / @@ -239,29 +106,22 @@ Assuming router A has the (external) IP On router A: .Bd -literal -offset indent ifconfig greN create -ifconfig greN 192.168.1.1 192.168.2.1 link1 -ifconfig greN tunnel A B +ifconfig greN inet 192.168.1.1 192.168.2.1 +ifconfig greN inet tunnel A B route add -net 192.168.2 -netmask 255.255.255.0 192.168.2.1 .Ed .Pp On router B: .Bd -literal -offset indent ifconfig greN create -ifconfig greN 192.168.2.1 192.168.1.1 link1 -ifconfig greN tunnel B A +ifconfig greN inet 192.168.2.1 192.168.1.1 +ifconfig greN inet tunnel B A route add -net 192.168.1 -netmask 255.255.255.0 192.168.1.1 .Ed -.Pp -Note that this is a safe situation where the -.Cm link1 -flag (as discussed in the -.Sx BUGS -section below) may (and probably should) be set. .Sh NOTES The MTU of .Nm interfaces is set to 1476 by default, to match the value used by Cisco routers. -If grekey is set this is lowered to 1472. This may not be an optimal value, depending on the link between the two tunnel endpoints. It can be adjusted via @@ -269,25 +129,8 @@ It can be adjusted via .Pp For correct operation, the .Nm -device needs a route to the destination that is less specific than the -one over the tunnel. -(Basically, there needs to be a route to the decapsulating host that -does not run over the tunnel, as this would be a loop.) -If the addresses are ambiguous, doing the -.Nm ifconfig Cm tunnel -step before the -.Xr ifconfig 8 -call to set the -.Nm -IP addresses will help to find a route outside the tunnel. -.Pp -In order to tell -.Xr ifconfig 8 -to actually mark the interface as -.Dq up , -the keyword -.Cm up -must be given last on its command line. +device needs a route to the decapsulating host that does not run over the tunnel, +as this would be a loop. .Pp The kernel must be set to forward datagrams by setting the .Va net.inet.ip.forwarding @@ -298,41 +141,20 @@ variable to non-zero. .Xr gif 4 , .Xr inet 4 , .Xr ip 4 , +.Xr me 4 , .Xr netintro 4 , -.\" Xr options 4 , .Xr protocols 5 , .Xr ifconfig 8 , .Xr sysctl 8 .Pp -A description of GRE encapsulation can be found in RFC 1701 and RFC 1702. -.Pp -A description of MOBILE encapsulation can be found in RFC 2004. +A description of GRE encapsulation can be found in RFC 2784 and RFC 2890. .Sh AUTHORS -.An Heiko W.Rupp Aq hwr@pilhuhn.de +.An Andrey V. Elsukov Aq Mt ae@FreeBSD.org +.An Heiko W.Rupp Aq Mt hwr@pilhuhn.de .Sh BUGS -The -.Fn compute_route -code in -.Pa if_gre.c -toggles the last bit of the -IP-address to provoke the search for a less specific route than the -one directly over the tunnel to prevent loops. -This is possibly not the best solution. -.Pp -To avoid the address munging described above, turn on the -.Cm link1 -flag on the -.Xr ifconfig 8 -command line. -This implies that the GRE packet destination and the ifconfig remote host -are not the same IP addresses, and that the GRE destination does not route -over the -.Nm -interface itself. .Pp The current implementation uses the key only for outgoing packets. Incoming packets with a different key or without a key will be treated as if they would belong to this interface. .Pp -RFC1701 is not fully supported, however all unsupported features have been -deprecated in RFC2784. +The sequence number field also used only for outgoing packets. Copied: stable/10/share/man/man4/me.4 (from r274246, head/share/man/man4/me.4) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ stable/10/share/man/man4/me.4 Sat Jun 6 12:44:42 2015 (r284066, copy of r274246, head/share/man/man4/me.4) @@ -0,0 +1,85 @@ +.\" Copyright (c) Andrey V. Elsukov <ae@FreeBSD.org> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd November 7, 2014 +.Dt ME 4 +.Os +.Sh NAME +.Nm me +.Nd encapsulating network device +.Sh SYNOPSIS +To compile the +driver into the kernel, place the following line in the kernel +configuration file: +.Bd -ragged -offset indent +.Cd "device me" +.Ed +.Pp +Alternatively, to load the +driver as a module at boot time, place the following line in +.Xr loader.conf 5 : +.Bd -literal -offset indent +if_me_load="YES" +.Ed +.Sh DESCRIPTION +The +.Nm +network interface pseudo device encapsulates datagrams +into IP. +These encapsulated datagrams are routed to a destination host, +where they are decapsulated and further routed to their final destination. +.Pp +.Nm +interfaces are dynamically created and destroyed with the +.Xr ifconfig 8 +.Cm create +and +.Cm destroy +subcommands. +.Pp +This driver corresponds to RFC 2004. +Datagrams are encapsulated into IP with a shorter encapsulation. +The original +IP header is modified and the modifications are inserted between the +so modified header and the original payload. +The protocol number 55 is used for outer header. +.Sh NOTES +.Pp +For correct operation, the +.Nm +device needs a route to the decapsulating host that does not run over the tunnel, +as this would be a loop. +.Sh SEE ALSO +.Xr gif 4 , +.Xr gre 4 , +.Xr inet 4 , +.Xr ip 4 , +.Xr netintro 4 , +.Xr protocols 5 , +.Xr ifconfig 8 , +.Xr sysctl 8 +.Sh AUTHORS +.An Andrey V. Elsukov Aq Mt ae@FreeBSD.org Modified: stable/10/sys/conf/NOTES ============================================================================== --- stable/10/sys/conf/NOTES Sat Jun 6 12:43:05 2015 (r284065) +++ stable/10/sys/conf/NOTES Sat Jun 6 12:44:42 2015 (r284066) @@ -867,12 +867,15 @@ device tun # The `gif' device implements IPv6 over IP4 tunneling, # IPv4 over IPv6 tunneling, IPv4 over IPv4 tunneling and # IPv6 over IPv6 tunneling. -# The `gre' device implements two types of IP4 over IP4 tunneling: -# GRE and MOBILE, as specified in the RFC1701 and RFC2004. +# The `gre' device implements GRE (Generic Routing Encapsulation) tunneling, +# as specified in the RFC 2784 and RFC 2890. +# The `me' device implements Minimal Encapsulation within IPv4 as +# specified in the RFC 2004. # The XBONEHACK option allows the same pair of addresses to be configured on # multiple gif interfaces. device gif device gre +device me options XBONEHACK # The `faith' device captures packets sent to it and diverts them Modified: stable/10/sys/conf/files ============================================================================== --- stable/10/sys/conf/files Sat Jun 6 12:43:05 2015 (r284065) +++ stable/10/sys/conf/files Sat Jun 6 12:44:42 2015 (r284066) @@ -3224,11 +3224,12 @@ net/if_fddisubr.c optional fddi net/if_fwsubr.c optional fwip net/if_gif.c optional gif inet | gif inet6 | \ netgraph_gif inet | netgraph_gif inet6 -net/if_gre.c optional gre inet +net/if_gre.c optional gre inet | gre inet6 net/if_iso88025subr.c optional token net/if_lagg.c optional lagg net/if_loop.c optional loop net/if_llatbl.c standard +net/if_me.c optional me inet net/if_media.c standard net/if_mib.c standard net/if_spppfr.c optional sppp | netgraph_sppp @@ -3469,6 +3470,7 @@ netinet6/in6_proto.c optional inet6 netinet6/in6_rmx.c optional inet6 netinet6/in6_src.c optional inet6 netinet6/ip6_forward.c optional inet6 +netinet6/ip6_gre.c optional gre inet6 netinet6/ip6_id.c optional inet6 netinet6/ip6_input.c optional inet6 netinet6/ip6_mroute.c optional mrouting inet6 Modified: stable/10/sys/modules/Makefile ============================================================================== --- stable/10/sys/modules/Makefile Sat Jun 6 12:43:05 2015 (r284065) +++ stable/10/sys/modules/Makefile Sat Jun 6 12:44:42 2015 (r284066) @@ -141,8 +141,9 @@ SUBDIR= \ if_ef \ if_epair \ if_faith \ - if_gif \ + ${_if_gif} \ ${_if_gre} \ + ${_if_me} \ if_lagg \ ${_if_ndis} \ if_stf \ @@ -425,10 +426,12 @@ _random= random defined(ALL_MODULES) _carp= carp _toecore= toecore +_if_gif= if_gif +_if_gre= if_gre .endif .if ${MK_INET_SUPPORT} != "no" || defined(ALL_MODULES) -_if_gre= if_gre +_if_me= if_me .endif .if ${MK_IPFILTER} != "no" || defined(ALL_MODULES) Modified: stable/10/sys/modules/if_gif/Makefile ============================================================================== --- stable/10/sys/modules/if_gif/Makefile Sat Jun 6 12:43:05 2015 (r284065) +++ stable/10/sys/modules/if_gif/Makefile Sat Jun 6 12:44:42 2015 (r284066) @@ -19,7 +19,7 @@ opt_inet6.h: opt_mrouting.h: echo "#define MROUTING 1" > ${.TARGET} .else -OPT_INET6!= cat ${KERNBUILDDIR}/opt_inet6.h +OPT_INET6!= cat ${KERNBUILDDIR}/opt_inet6.h; echo .if empty(OPT_INET6) MK_INET6_SUPPORT= no .endif Modified: stable/10/sys/modules/if_gre/Makefile ============================================================================== --- stable/10/sys/modules/if_gre/Makefile Sat Jun 6 12:43:05 2015 (r284065) +++ stable/10/sys/modules/if_gre/Makefile Sat Jun 6 12:44:42 2015 (r284066) @@ -1,19 +1,36 @@ # $FreeBSD$ +.include <bsd.own.mk> .PATH: ${.CURDIR}/../../net ${.CURDIR}/../../netinet ${.CURDIR}/../../netinet6 KMOD= if_gre -SRCS= if_gre.c ip_gre.c opt_inet.h opt_inet6.h opt_atalk.h +SRCS= if_gre.c opt_inet.h opt_inet6.h .if !defined(KERNBUILDDIR) opt_inet.h: echo "#define INET 1" > ${.TARGET} +.if ${MK_INET6_SUPPORT} != "no" opt_inet6.h: echo "#define INET6 1" > ${.TARGET} +.endif +.else +OPT_INET!= cat ${KERNBUILDDIR}/opt_inet.h; echo +.if empty(OPT_INET) +MK_INET_SUPPORT=no +.endif +OPT_INET6!= cat ${KERNBUILDDIR}/opt_inet6.h; echo +.if empty(OPT_INET6) +MK_INET6_SUPPORT=no +.endif +.endif + +.if ${MK_INET_SUPPORT} != "no" +SRCS+= ip_gre.c +.endif -opt_atalk.h: - echo "#define NETATALK 1" > ${.TARGET} +.if ${MK_INET6_SUPPORT} != "no" +SRCS+= ip6_gre.c .endif .include <bsd.kmod.mk> Modified: stable/10/sys/net/if_gre.c ============================================================================== --- stable/10/sys/net/if_gre.c Sat Jun 6 12:43:05 2015 (r284065) +++ stable/10/sys/net/if_gre.c Sat Jun 6 12:44:42 2015 (r284066) @@ -1,8 +1,6 @@ -/* $NetBSD: if_gre.c,v 1.49 2003/12/11 00:22:29 itojun Exp $ */ -/* $FreeBSD$ */ - /*- * Copyright (c) 1998 The NetBSD Foundation, Inc. + * Copyright (c) 2014 Andrey V. Elsukov <ae@FreeBSD.org> * All rights reserved. * * This code is derived from software contributed to The NetBSD Foundation @@ -30,24 +28,20 @@ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. + * + * $NetBSD: if_gre.c,v 1.49 2003/12/11 00:22:29 itojun Exp $ */ -/* - * Encapsulate L3 protocols into IP - * See RFC 2784 (successor of RFC 1701 and 1702) for more details. - * If_gre is compatible with Cisco GRE tunnels, so you can - * have a NetBSD box as the other end of a tunnel interface of a Cisco - * router. See gre(4) for more details. - * Also supported: IP in IP encaps (proto 55) as of RFC 2004 - */ +#include <sys/cdefs.h> +__FBSDID("$FreeBSD$"); -#include "opt_atalk.h" #include "opt_inet.h" #include "opt_inet6.h" #include <sys/param.h> #include <sys/jail.h> #include <sys/kernel.h> +#include <sys/lock.h> #include <sys/libkern.h> #include <sys/malloc.h> #include <sys/module.h> @@ -55,94 +49,84 @@ #include <sys/priv.h> #include <sys/proc.h> #include <sys/protosw.h> +#include <sys/rmlock.h> #include <sys/socket.h> #include <sys/sockio.h> +#include <sys/sx.h> #include <sys/sysctl.h> +#include <sys/syslog.h> #include <sys/systm.h> #include <net/ethernet.h> #include <net/if.h> #include <net/if_clone.h> +#include <net/if_var.h> #include <net/if_types.h> -#include <net/route.h> +#include <net/netisr.h> #include <net/vnet.h> -#ifdef INET #include <netinet/in.h> +#ifdef INET #include <netinet/in_systm.h> #include <netinet/in_var.h> #include <netinet/ip.h> -#include <netinet/ip_gre.h> #include <netinet/ip_var.h> -#include <netinet/ip_encap.h> -#else -#error "Huh? if_gre without inet?" #endif -#include <net/bpf.h> +#ifdef INET6 +#include <netinet/ip6.h> +#include <netinet6/in6_var.h> +#include <netinet6/ip6_var.h> +#include <netinet6/scope6_var.h> +#endif +#include <netinet/ip_encap.h> +#include <net/bpf.h> #include <net/if_gre.h> -/* - * It is not easy to calculate the right value for a GRE MTU. - * We leave this task to the admin and use the same default that - * other vendors use. - */ -#define GREMTU 1476 - -#define MTAG_COOKIE_GRE 1307983903 -#define MTAG_GRE_NESTING 1 -struct mtag_gre_nesting { - uint16_t count; - uint16_t max; - struct ifnet *ifp[]; -}; - -/* - * gre_mtx protects all global variables in if_gre.c. - * XXX: gre_softc data not protected yet. - */ -VNET_DEFINE(struct mtx, gre_mtx); -VNET_DEFINE(struct gre_softc_head, gre_softc_list); +#include <machine/in_cksum.h> +#include <security/mac/mac_framework.h> +#define GREMTU 1500 static const char grename[] = "gre"; static MALLOC_DEFINE(M_GRE, grename, "Generic Routing Encapsulation"); +static VNET_DEFINE(struct mtx, gre_mtx); +#define V_gre_mtx VNET(gre_mtx) +#define GRE_LIST_LOCK_INIT(x) mtx_init(&V_gre_mtx, "gre_mtx", NULL, \ + MTX_DEF) +#define GRE_LIST_LOCK_DESTROY(x) mtx_destroy(&V_gre_mtx) +#define GRE_LIST_LOCK(x) mtx_lock(&V_gre_mtx) +#define GRE_LIST_UNLOCK(x) mtx_unlock(&V_gre_mtx) + +static VNET_DEFINE(LIST_HEAD(, gre_softc), gre_softc_list); +#define V_gre_softc_list VNET(gre_softc_list) +static struct sx gre_ioctl_sx; +SX_SYSINIT(gre_ioctl_sx, &gre_ioctl_sx, "gre_ioctl"); static int gre_clone_create(struct if_clone *, int, caddr_t); static void gre_clone_destroy(struct ifnet *); static VNET_DEFINE(struct if_clone *, gre_cloner); #define V_gre_cloner VNET(gre_cloner) +static void gre_qflush(struct ifnet *); +static int gre_transmit(struct ifnet *, struct mbuf *); static int gre_ioctl(struct ifnet *, u_long, caddr_t); static int gre_output(struct ifnet *, struct mbuf *, const struct sockaddr *, struct route *); -static int gre_compute_route(struct gre_softc *sc); +static void gre_updatehdr(struct gre_softc *); +static int gre_set_tunnel(struct ifnet *, struct sockaddr *, + struct sockaddr *); +static void gre_delete_tunnel(struct ifnet *); +int gre_input(struct mbuf **, int *, int); #ifdef INET -extern struct domain inetdomain; -static const struct protosw in_gre_protosw = { - .pr_type = SOCK_RAW, - .pr_domain = &inetdomain, - .pr_protocol = IPPROTO_GRE, - .pr_flags = PR_ATOMIC|PR_ADDR, - .pr_input = gre_input, - .pr_output = (pr_output_t *)rip_output, - .pr_ctlinput = rip_ctlinput, - .pr_ctloutput = rip_ctloutput, - .pr_usrreqs = &rip_usrreqs -}; -static const struct protosw in_mobile_protosw = { - .pr_type = SOCK_RAW, - .pr_domain = &inetdomain, - .pr_protocol = IPPROTO_MOBILE, - .pr_flags = PR_ATOMIC|PR_ADDR, - .pr_input = gre_mobile_input, - .pr_output = (pr_output_t *)rip_output, - .pr_ctlinput = rip_ctlinput, - .pr_ctloutput = rip_ctloutput, - .pr_usrreqs = &rip_usrreqs -}; +extern int in_gre_attach(struct gre_softc *); +extern int in_gre_output(struct mbuf *, int, int); +#endif +#ifdef INET6 +extern int in6_gre_attach(struct gre_softc *); +extern int in6_gre_output(struct mbuf *, int, int); #endif SYSCTL_DECL(_net_link); @@ -159,6 +143,7 @@ static SYSCTL_NODE(_net_link, IFT_TUNNEL */ #define MAX_GRE_NEST 1 #endif + static VNET_DEFINE(int, max_gre_nesting) = MAX_GRE_NEST; #define V_max_gre_nesting VNET(max_gre_nesting) SYSCTL_INT(_net_link_gre, OID_AUTO, max_nesting, CTLFLAG_RW | CTLFLAG_VNET, @@ -191,34 +176,22 @@ gre_clone_create(struct if_clone *ifc, i struct gre_softc *sc; sc = malloc(sizeof(struct gre_softc), M_GRE, M_WAITOK | M_ZERO); - + sc->gre_fibnum = curthread->td_proc->p_fibnum; GRE2IFP(sc) = if_alloc(IFT_TUNNEL); - if (GRE2IFP(sc) == NULL) { - free(sc, M_GRE); - return (ENOSPC); - } - + GRE_LOCK_INIT(sc); GRE2IFP(sc)->if_softc = sc; if_initname(GRE2IFP(sc), grename, unit); - GRE2IFP(sc)->if_snd.ifq_maxlen = ifqmaxlen; - GRE2IFP(sc)->if_addrlen = 0; - GRE2IFP(sc)->if_hdrlen = 24; /* IP + GRE */ - GRE2IFP(sc)->if_mtu = GREMTU; + GRE2IFP(sc)->if_mtu = sc->gre_mtu = GREMTU; GRE2IFP(sc)->if_flags = IFF_POINTOPOINT|IFF_MULTICAST; GRE2IFP(sc)->if_output = gre_output; GRE2IFP(sc)->if_ioctl = gre_ioctl; - sc->g_dst.s_addr = sc->g_src.s_addr = INADDR_ANY; - sc->g_proto = IPPROTO_GRE; - GRE2IFP(sc)->if_flags |= IFF_LINK0; - sc->encap = NULL; - sc->gre_fibnum = curthread->td_proc->p_fibnum; - sc->wccp_ver = WCCP_V1; - sc->key = 0; + GRE2IFP(sc)->if_transmit = gre_transmit; + GRE2IFP(sc)->if_qflush = gre_qflush; if_attach(GRE2IFP(sc)); bpfattach(GRE2IFP(sc), DLT_NULL, sizeof(u_int32_t)); GRE_LIST_LOCK(); - LIST_INSERT_HEAD(&V_gre_softc_list, sc, sc_list); + LIST_INSERT_HEAD(&V_gre_softc_list, sc, gre_list); GRE_LIST_UNLOCK(); return (0); } @@ -226,734 +199,752 @@ gre_clone_create(struct if_clone *ifc, i static void gre_clone_destroy(struct ifnet *ifp) { - struct gre_softc *sc = ifp->if_softc; + struct gre_softc *sc; + sx_xlock(&gre_ioctl_sx); + sc = ifp->if_softc; + gre_delete_tunnel(ifp); GRE_LIST_LOCK(); - LIST_REMOVE(sc, sc_list); + LIST_REMOVE(sc, gre_list); GRE_LIST_UNLOCK(); - -#ifdef INET - if (sc->encap != NULL) - encap_detach(sc->encap); -#endif bpfdetach(ifp); if_detach(ifp); + ifp->if_softc = NULL; + sx_xunlock(&gre_ioctl_sx); + if_free(ifp); + GRE_LOCK_DESTROY(sc); free(sc, M_GRE); } -/* - * The output routine. Takes a packet and encapsulates it in the protocol - * given by sc->g_proto. See also RFC 1701 and RFC 2004 - */ static int -gre_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, - struct route *ro) +gre_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data) { - int error = 0; - struct gre_softc *sc = ifp->if_softc; - struct greip *gh; - struct ip *ip; - struct m_tag *mtag; - struct mtag_gre_nesting *gt; - size_t len; - u_short gre_ip_id = 0; - uint8_t gre_ip_tos = 0; - u_int16_t etype = 0; - struct mobile_h mob_h; - u_int32_t af; - int extra = 0, max; - - /* - * gre may cause infinite recursion calls when misconfigured. High - * nesting level may cause stack exhaustion. We'll prevent this by - * detecting loops and by introducing upper limit. - */ - mtag = m_tag_locate(m, MTAG_COOKIE_GRE, MTAG_GRE_NESTING, NULL); - if (mtag != NULL) { - struct ifnet **ifp2; - - gt = (struct mtag_gre_nesting *)(mtag + 1); - gt->count++; - if (gt->count > min(gt->max, V_max_gre_nesting)) { - printf("%s: hit maximum recursion limit %u on %s\n", - __func__, gt->count - 1, ifp->if_xname); - m_freem(m); - error = EIO; /* is there better errno? */ - goto end; - } - - ifp2 = gt->ifp; - for (max = gt->count - 1; max > 0; max--) { - if (*ifp2 == ifp) - break; - ifp2++; - } - if (*ifp2 == ifp) { - printf("%s: detected loop with nexting %u on %s\n", - __func__, gt->count-1, ifp->if_xname); - m_freem(m); - error = EIO; /* is there better errno? */ - goto end; - } - *ifp2 = ifp; + GRE_RLOCK_TRACKER; + struct ifreq *ifr = (struct ifreq *)data; + struct sockaddr *src, *dst; + struct gre_softc *sc; +#ifdef INET + struct sockaddr_in *sin = NULL; +#endif +#ifdef INET6 + struct sockaddr_in6 *sin6 = NULL; +#endif + uint32_t opt; + int error; - } else { - /* - * Given that people should NOT increase max_gre_nesting beyond - * their real needs, we allocate once per packet rather than - * allocating an mtag once per passing through gre. - * - * Note: the sysctl does not actually check for saneness, so we - * limit the maximum numbers of possible recursions here. - */ - max = imin(V_max_gre_nesting, 256); - /* If someone sets the sysctl <= 0, we want at least 1. */ - max = imax(max, 1); - len = sizeof(struct mtag_gre_nesting) + - max * sizeof(struct ifnet *); - mtag = m_tag_alloc(MTAG_COOKIE_GRE, MTAG_GRE_NESTING, len, - M_NOWAIT); - if (mtag == NULL) { - m_freem(m); - error = ENOMEM; - goto end; - } - gt = (struct mtag_gre_nesting *)(mtag + 1); - bzero(gt, len); - gt->count = 1; - gt->max = max; - *gt->ifp = ifp; - m_tag_prepend(m, mtag); + switch (cmd) { + case SIOCSIFMTU: + /* XXX: */ + if (ifr->ifr_mtu < 576) + return (EINVAL); + break; + case SIOCSIFADDR: + ifp->if_flags |= IFF_UP; + case SIOCSIFFLAGS: + case SIOCADDMULTI: + case SIOCDELMULTI: + return (0); + case GRESADDRS: *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201506061244.t56CihN9020959>