search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Expand PMF_FN_* macros.
[netbsd-mini2440.git] / sys / net / if_stf.c
blob46d6adcc293989ca8d4e831aa77c3f5ac4442a97
1 /* $NetBSD: if_stf.c,v 1.72 2009/04/18 14:58:05 tsutsui Exp $ */
2 /* $KAME: if_stf.c,v 1.62 2001/06/07 22:32:16 itojun Exp $ */
3
4 /*
5 * Copyright (C) 2000 WIDE Project.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the project nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 /*
34 * 6to4 interface, based on RFC3056.
35 *
36 * 6to4 interface is NOT capable of link-layer (I mean, IPv4) multicasting.
37 * There is no address mapping defined from IPv6 multicast address to IPv4
38 * address. Therefore, we do not have IFF_MULTICAST on the interface.
39 *
40 * Due to the lack of address mapping for link-local addresses, we cannot
41 * throw packets toward link-local addresses (fe80::x). Also, we cannot throw
42 * packets to link-local multicast addresses (ff02::x).
43 *
44 * Here are interesting symptoms due to the lack of link-local address:
45 *
46 * Unicast routing exchange:
47 * - RIPng: Impossible. Uses link-local multicast packet toward ff02::9,
48 * and link-local addresses as nexthop.
49 * - OSPFv6: Impossible. OSPFv6 assumes that there's link-local address
50 * assigned to the link, and makes use of them. Also, HELLO packets use
51 * link-local multicast addresses (ff02::5 and ff02::6).
52 * - BGP4+: Maybe. You can only use global address as nexthop, and global
53 * address as TCP endpoint address.
54 *
55 * Multicast routing protocols:
56 * - PIM: Hello packet cannot be used to discover adjacent PIM routers.
57 * Adjacent PIM routers must be configured manually (is it really spec-wise
58 * correct thing to do?).
59 *
60 * ICMPv6:
61 * - Redirects cannot be used due to the lack of link-local address.
62 *
63 * stf interface does not have, and will not need, a link-local address.
64 * It seems to have no real benefit and does not help the above symptoms much.
65 * Even if we assign link-locals to interface, we cannot really
66 * use link-local unicast/multicast on top of 6to4 cloud (since there's no
67 * encapsulation defined for link-local address), and the above analysis does
68 * not change. RFC3056 does not mandate the assignment of link-local address
69 * either.
70 *
71 * 6to4 interface has security issues. Refer to
72 * http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt
73 * for details. The code tries to filter out some of malicious packets.
74 * Note that there is no way to be 100% secure.
75 */
76
77 #include <sys/cdefs.h>
78 __KERNEL_RCSID(0, "$NetBSD: if_stf.c,v 1.72 2009/04/18 14:58:05 tsutsui Exp $");
79
80 #include "opt_inet.h"
81
82 #include <sys/param.h>
83 #include <sys/systm.h>
84 #include <sys/socket.h>
85 #include <sys/sockio.h>
86 #include <sys/mbuf.h>
87 #include <sys/errno.h>
88 #include <sys/ioctl.h>
89 #include <sys/proc.h>
90 #include <sys/protosw.h>
91 #include <sys/queue.h>
92 #include <sys/syslog.h>
93 #include <sys/kauth.h>
94
95 #include <sys/cpu.h>
96
97 #include <net/if.h>
98 #include <net/route.h>
99 #include <net/netisr.h>
100 #include <net/if_types.h>
101 #include <net/if_stf.h>
102
103 #include <netinet/in.h>
104 #include <netinet/in_systm.h>
105 #include <netinet/ip.h>
106 #include <netinet/ip_var.h>
107 #include <netinet/in_var.h>
108
109 #include <netinet/ip6.h>
110 #include <netinet6/ip6_var.h>
111 #include <netinet6/in6_gif.h>
112 #include <netinet6/in6_var.h>
113 #include <netinet/ip_ecn.h>
114
115 #include <netinet/ip_encap.h>
116
117 #include <machine/stdarg.h>
118
119 #include <net/net_osdep.h>
120
121 #include "bpfilter.h"
122 #include "stf.h"
123 #include "gif.h" /*XXX*/
124
125 #if NBPFILTER > 0
126 #include <net/bpf.h>
127 #endif
128
129 #if NGIF > 0
130 #include <net/if_gif.h>
131 #endif
132
133 #define IN6_IS_ADDR_6TO4(x) (ntohs((x)->s6_addr16[0]) == 0x2002)
134 #define GET_V4(x) ((const struct in_addr *)(&(x)->s6_addr16[1]))
135
136 struct stf_softc {
137 struct ifnet sc_if; /* common area */
138 struct route sc_ro;
139 const struct encaptab *encap_cookie;
140 LIST_ENTRY(stf_softc) sc_list;
141 };
142
143 static LIST_HEAD(, stf_softc) stf_softc_list;
144
145 static int stf_clone_create(struct if_clone *, int);
146 static int stf_clone_destroy(struct ifnet *);
147
148 struct if_clone stf_cloner =
149 IF_CLONE_INITIALIZER("stf", stf_clone_create, stf_clone_destroy);
150
151 #if NGIF > 0
152 extern int ip_gif_ttl; /*XXX*/
153 #else
154 static int ip_gif_ttl = 40; /*XXX*/
155 #endif
156
157 extern struct domain inetdomain;
158 static const struct protosw in_stf_protosw =
159 { SOCK_RAW, &inetdomain, IPPROTO_IPV6, PR_ATOMIC|PR_ADDR,
160 in_stf_input, rip_output, 0, rip_ctloutput,
161 rip_usrreq,
162 0, 0, 0, 0
163 };
164
165 void stfattach(int);
166
167 static int stf_encapcheck(struct mbuf *, int, int, void *);
168 static struct in6_ifaddr *stf_getsrcifa6(struct ifnet *);
169 static int stf_output(struct ifnet *, struct mbuf *, const struct sockaddr *,
170 struct rtentry *);
171 static int isrfc1918addr(const struct in_addr *);
172 static int stf_checkaddr4(struct stf_softc *, const struct in_addr *,
173 struct ifnet *);
174 static int stf_checkaddr6(struct stf_softc *, const struct in6_addr *,
175 struct ifnet *);
176 static void stf_rtrequest(int, struct rtentry *, const struct rt_addrinfo *);
177 static int stf_ioctl(struct ifnet *, u_long, void *);
178
179 /* ARGSUSED */
180 void
181 stfattach(int count)
182 {
183
184 LIST_INIT(&stf_softc_list);
185 if_clone_attach(&stf_cloner);
186 }
187
188 static int
189 stf_clone_create(struct if_clone *ifc, int unit)
190 {
191 struct stf_softc *sc;
192
193 if (LIST_FIRST(&stf_softc_list) != NULL) {
194 /* Only one stf interface is allowed. */
195 return (EEXIST);
196 }
197
198 sc = malloc(sizeof(struct stf_softc), M_DEVBUF, M_WAIT|M_ZERO);
199
200 if_initname(&sc->sc_if, ifc->ifc_name, unit);
201
202 sc->encap_cookie = encap_attach_func(AF_INET, IPPROTO_IPV6,
203 stf_encapcheck, &in_stf_protosw, sc);
204 if (sc->encap_cookie == NULL) {
205 printf("%s: unable to attach encap\n", if_name(&sc->sc_if));
206 free(sc, M_DEVBUF);
207 return (EIO); /* XXX */
208 }
209
210 sc->sc_if.if_mtu = STF_MTU;
211 sc->sc_if.if_flags = 0;
212 sc->sc_if.if_ioctl = stf_ioctl;
213 sc->sc_if.if_output = stf_output;
214 sc->sc_if.if_type = IFT_STF;
215 sc->sc_if.if_dlt = DLT_NULL;
216 if_attach(&sc->sc_if);
217 if_alloc_sadl(&sc->sc_if);
218 #if NBPFILTER > 0
219 bpfattach(&sc->sc_if, DLT_NULL, sizeof(u_int));
220 #endif
221 LIST_INSERT_HEAD(&stf_softc_list, sc, sc_list);
222 return (0);
223 }
224
225 static int
226 stf_clone_destroy(struct ifnet *ifp)
227 {
228 struct stf_softc *sc = (void *) ifp;
229
230 LIST_REMOVE(sc, sc_list);
231 encap_detach(sc->encap_cookie);
232 #if NBPFILTER > 0
233 bpfdetach(ifp);
234 #endif
235 if_detach(ifp);
236 rtcache_free(&sc->sc_ro);
237 free(sc, M_DEVBUF);
238
239 return (0);
240 }
241
242 static int
243 stf_encapcheck(struct mbuf *m, int off, int proto, void *arg)
244 {
245 struct ip ip;
246 struct in6_ifaddr *ia6;
247 struct stf_softc *sc;
248 struct in_addr a, b;
249
250 sc = (struct stf_softc *)arg;
251 if (sc == NULL)
252 return 0;
253
254 if ((sc->sc_if.if_flags & IFF_UP) == 0)
255 return 0;
256
257 /* IFF_LINK0 means "no decapsulation" */
258 if ((sc->sc_if.if_flags & IFF_LINK0) != 0)
259 return 0;
260
261 if (proto != IPPROTO_IPV6)
262 return 0;
263
264 m_copydata(m, 0, sizeof(ip), (void *)&ip);
265
266 if (ip.ip_v != 4)
267 return 0;
268
269 ia6 = stf_getsrcifa6(&sc->sc_if);
270 if (ia6 == NULL)
271 return 0;
272
273 /*
274 * check if IPv4 dst matches the IPv4 address derived from the
275 * local 6to4 address.
276 * success on: dst = 10.1.1.1, ia6->ia_addr = 2002:0a01:0101:...
277 */
278 if (memcmp(GET_V4(&ia6->ia_addr.sin6_addr), &ip.ip_dst,
279 sizeof(ip.ip_dst)) != 0)
280 return 0;
281
282 /*
283 * check if IPv4 src matches the IPv4 address derived from the
284 * local 6to4 address masked by prefixmask.
285 * success on: src = 10.1.1.1, ia6->ia_addr = 2002:0a00:.../24
286 * fail on: src = 10.1.1.1, ia6->ia_addr = 2002:0b00:.../24
287 */
288 memset(&a, 0, sizeof(a));
289 a.s_addr = GET_V4(&ia6->ia_addr.sin6_addr)->s_addr;
290 a.s_addr &= GET_V4(&ia6->ia_prefixmask.sin6_addr)->s_addr;
291 b = ip.ip_src;
292 b.s_addr &= GET_V4(&ia6->ia_prefixmask.sin6_addr)->s_addr;
293 if (a.s_addr != b.s_addr)
294 return 0;
295
296 /* stf interface makes single side match only */
297 return 32;
298 }
299
300 static struct in6_ifaddr *
301 stf_getsrcifa6(struct ifnet *ifp)
302 {
303 struct ifaddr *ifa;
304 struct in_ifaddr *ia4;
305 struct sockaddr_in6 *sin6;
306 struct in_addr in;
307
308 IFADDR_FOREACH(ifa, ifp)
309 {
310 if (ifa->ifa_addr == NULL)
311 continue;
312 if (ifa->ifa_addr->sa_family != AF_INET6)
313 continue;
314 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
315 if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr))
316 continue;
317
318 memcpy(&in, GET_V4(&sin6->sin6_addr), sizeof(in));
319 INADDR_TO_IA(in, ia4);
320 if (ia4 == NULL)
321 continue;
322
323 return (struct in6_ifaddr *)ifa;
324 }
325
326 return NULL;
327 }
328
329 static int
330 stf_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst,
331 struct rtentry *rt0)
332 {
333 struct rtentry *rt;
334 struct stf_softc *sc;
335 const struct sockaddr_in6 *dst6;
336 const struct in_addr *in4;
337 uint8_t tos;
338 struct ip *ip;
339 struct ip6_hdr *ip6;
340 struct in6_ifaddr *ia6;
341 union {
342 struct sockaddr dst;
343 struct sockaddr_in dst4;
344 } u;
345
346 sc = (struct stf_softc*)ifp;
347 dst6 = (const struct sockaddr_in6 *)dst;
348
349 /* just in case */
350 if ((ifp->if_flags & IFF_UP) == 0) {
351 m_freem(m);
352 return ENETDOWN;
353 }
354
355 /*
356 * If we don't have an ip4 address that match my inner ip6 address,
357 * we shouldn't generate output. Without this check, we'll end up
358 * using wrong IPv4 source.
359 */
360 ia6 = stf_getsrcifa6(ifp);
361 if (ia6 == NULL) {
362 m_freem(m);
363 ifp->if_oerrors++;
364 return ENETDOWN;
365 }
366
367 if (m->m_len < sizeof(*ip6)) {
368 m = m_pullup(m, sizeof(*ip6));
369 if (m == NULL) {
370 ifp->if_oerrors++;
371 return ENOBUFS;
372 }
373 }
374 ip6 = mtod(m, struct ip6_hdr *);
375 tos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
376
377 /*
378 * Pickup the right outer dst addr from the list of candidates.
379 * ip6_dst has priority as it may be able to give us shorter IPv4 hops.
380 */
381 if (IN6_IS_ADDR_6TO4(&ip6->ip6_dst))
382 in4 = GET_V4(&ip6->ip6_dst);
383 else if (IN6_IS_ADDR_6TO4(&dst6->sin6_addr))
384 in4 = GET_V4(&dst6->sin6_addr);
385 else {
386 m_freem(m);
387 ifp->if_oerrors++;
388 return ENETUNREACH;
389 }
390
391 #if NBPFILTER > 0
392 if (ifp->if_bpf)
393 bpf_mtap_af(ifp->if_bpf, AF_INET6, m);
394 #endif /*NBPFILTER > 0*/
395
396 M_PREPEND(m, sizeof(struct ip), M_DONTWAIT);
397 if (m && m->m_len < sizeof(struct ip))
398 m = m_pullup(m, sizeof(struct ip));
399 if (m == NULL) {
400 ifp->if_oerrors++;
401 return ENOBUFS;
402 }
403 ip = mtod(m, struct ip *);
404
405 memset(ip, 0, sizeof(*ip));
406
407 bcopy(GET_V4(&((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr),
408 &ip->ip_src, sizeof(ip->ip_src));
409 memcpy(&ip->ip_dst, in4, sizeof(ip->ip_dst));
410 ip->ip_p = IPPROTO_IPV6;
411 ip->ip_ttl = ip_gif_ttl; /*XXX*/
412 ip->ip_len = htons(m->m_pkthdr.len);
413 if (ifp->if_flags & IFF_LINK1)
414 ip_ecn_ingress(ECN_ALLOWED, &ip->ip_tos, &tos);
415 else
416 ip_ecn_ingress(ECN_NOCARE, &ip->ip_tos, &tos);
417
418 sockaddr_in_init(&u.dst4, &ip->ip_dst, 0);
419 if ((rt = rtcache_lookup(&sc->sc_ro, &u.dst)) == NULL) {
420 m_freem(m);
421 ifp->if_oerrors++;
422 return ENETUNREACH;
423 }
424
425 /* If the route constitutes infinite encapsulation, punt. */
426 if (rt->rt_ifp == ifp) {
427 rtcache_free(&sc->sc_ro);
428 m_freem(m);
429 ifp->if_oerrors++;
430 return ENETUNREACH;
431 }
432
433 ifp->if_opackets++;
434 ifp->if_obytes += m->m_pkthdr.len - sizeof(struct ip);
435 return ip_output(m, NULL, &sc->sc_ro, 0, NULL, NULL);
436 }
437
438 static int
439 isrfc1918addr(const struct in_addr *in)
440 {
441 /*
442 * returns 1 if private address range:
443 * 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
444 */
445 if ((ntohl(in->s_addr) & 0xff000000) >> 24 == 10 ||
446 (ntohl(in->s_addr) & 0xfff00000) >> 16 == 172 * 256 + 16 ||
447 (ntohl(in->s_addr) & 0xffff0000) >> 16 == 192 * 256 + 168)
448 return 1;
449
450 return 0;
451 }
452
453 static int
454 stf_checkaddr4(struct stf_softc *sc, const struct in_addr *in,
455 struct ifnet *inifp /*incoming interface*/)
456 {
457 struct in_ifaddr *ia4;
458
459 /*
460 * reject packets with the following address:
461 * 224.0.0.0/4 0.0.0.0/8 127.0.0.0/8 255.0.0.0/8
462 */
463 if (IN_MULTICAST(in->s_addr))
464 return -1;
465 switch ((ntohl(in->s_addr) & 0xff000000) >> 24) {
466 case 0: case 127: case 255:
467 return -1;
468 }
469
470 /*
471 * reject packets with private address range.
472 * (requirement from RFC3056 section 2 1st paragraph)
473 */
474 if (isrfc1918addr(in))
475 return -1;
476
477 /*
478 * reject packet with IPv4 link-local (169.254.0.0/16),
479 * as suggested in draft-savola-v6ops-6to4-security-00.txt
480 */
481 if (((ntohl(in->s_addr) & 0xff000000) >> 24) == 169 &&
482 ((ntohl(in->s_addr) & 0x00ff0000) >> 16) == 254)
483 return -1;
484
485 /*
486 * reject packets with broadcast
487 */
488 TAILQ_FOREACH(ia4, &in_ifaddrhead, ia_list)
489 {
490 if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0)
491 continue;
492 if (in->s_addr == ia4->ia_broadaddr.sin_addr.s_addr)
493 return -1;
494 }
495
496 /*
497 * perform ingress filter
498 */
499 if (sc && (sc->sc_if.if_flags & IFF_LINK2) == 0 && inifp) {
500 struct sockaddr_in sin;
501 struct rtentry *rt;
502
503 memset(&sin, 0, sizeof(sin));
504 sin.sin_family = AF_INET;
505 sin.sin_len = sizeof(struct sockaddr_in);
506 sin.sin_addr = *in;
507 rt = rtalloc1((struct sockaddr *)&sin, 0);
508 if (!rt || rt->rt_ifp != inifp) {
509 #if 0
510 log(LOG_WARNING, "%s: packet from 0x%x dropped "
511 "due to ingress filter\n", if_name(&sc->sc_if),
512 (uint32_t)ntohl(sin.sin_addr.s_addr));
513 #endif
514 if (rt)
515 rtfree(rt);
516 return -1;
517 }
518 rtfree(rt);
519 }
520
521 return 0;
522 }
523
524 static int
525 stf_checkaddr6(struct stf_softc *sc, const struct in6_addr *in6,
526 struct ifnet *inifp /*incoming interface*/)
527 {
528
529 /*
530 * check 6to4 addresses
531 */
532 if (IN6_IS_ADDR_6TO4(in6))
533 return stf_checkaddr4(sc, GET_V4(in6), inifp);
534
535 /*
536 * reject anything that look suspicious. the test is implemented
537 * in ip6_input too, but we check here as well to
538 * (1) reject bad packets earlier, and
539 * (2) to be safe against future ip6_input change.
540 */
541 if (IN6_IS_ADDR_V4COMPAT(in6) || IN6_IS_ADDR_V4MAPPED(in6))
542 return -1;
543
544 /*
545 * reject link-local and site-local unicast
546 * as suggested in draft-savola-v6ops-6to4-security-00.txt
547 */
548 if (IN6_IS_ADDR_LINKLOCAL(in6) || IN6_IS_ADDR_SITELOCAL(in6))
549 return -1;
550
551 /*
552 * reject node-local and link-local multicast
553 * as suggested in draft-savola-v6ops-6to4-security-00.txt
554 */
555 if (IN6_IS_ADDR_MC_NODELOCAL(in6) || IN6_IS_ADDR_MC_LINKLOCAL(in6))
556 return -1;
557
558 return 0;
559 }
560
561 void
562 in_stf_input(struct mbuf *m, ...)
563 {
564 int off, proto;
565 struct stf_softc *sc;
566 struct ip *ip;
567 struct ip6_hdr *ip6;
568 uint8_t otos, itos;
569 int s, isr;
570 struct ifqueue *ifq = NULL;
571 struct ifnet *ifp;
572 va_list ap;
573
574 va_start(ap, m);
575 off = va_arg(ap, int);
576 proto = va_arg(ap, int);
577 va_end(ap);
578
579 if (proto != IPPROTO_IPV6) {
580 m_freem(m);
581 return;
582 }
583
584 ip = mtod(m, struct ip *);
585
586 sc = (struct stf_softc *)encap_getarg(m);
587
588 if (sc == NULL || (sc->sc_if.if_flags & IFF_UP) == 0) {
589 m_freem(m);
590 return;
591 }
592
593 ifp = &sc->sc_if;
594
595 /*
596 * perform sanity check against outer src/dst.
597 * for source, perform ingress filter as well.
598 */
599 if (stf_checkaddr4(sc, &ip->ip_dst, NULL) < 0 ||
600 stf_checkaddr4(sc, &ip->ip_src, m->m_pkthdr.rcvif) < 0) {
601 m_freem(m);
602 return;
603 }
604
605 otos = ip->ip_tos;
606 m_adj(m, off);
607
608 if (m->m_len < sizeof(*ip6)) {
609 m = m_pullup(m, sizeof(*ip6));
610 if (!m)
611 return;
612 }
613 ip6 = mtod(m, struct ip6_hdr *);
614
615 /*
616 * perform sanity check against inner src/dst.
617 * for source, perform ingress filter as well.
618 */
619 if (stf_checkaddr6(sc, &ip6->ip6_dst, NULL) < 0 ||
620 stf_checkaddr6(sc, &ip6->ip6_src, m->m_pkthdr.rcvif) < 0) {
621 m_freem(m);
622 return;
623 }
624
625 itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
626 if ((ifp->if_flags & IFF_LINK1) != 0)
627 ip_ecn_egress(ECN_ALLOWED, &otos, &itos);
628 else
629 ip_ecn_egress(ECN_NOCARE, &otos, &itos);
630 ip6->ip6_flow &= ~htonl(0xff << 20);
631 ip6->ip6_flow |= htonl((uint32_t)itos << 20);
632
633 m->m_pkthdr.rcvif = ifp;
634
635 #if NBPFILTER > 0
636 if (ifp->if_bpf)
637 bpf_mtap_af(ifp->if_bpf, AF_INET6, m);
638 #endif /*NBPFILTER > 0*/
639
640 /*
641 * Put the packet to the network layer input queue according to the
642 * specified address family.
643 * See net/if_gif.c for possible issues with packet processing
644 * reorder due to extra queueing.
645 */
646 ifq = &ip6intrq;
647 isr = NETISR_IPV6;
648
649 s = splnet();
650 if (IF_QFULL(ifq)) {
651 IF_DROP(ifq); /* update statistics */
652 m_freem(m);
653 splx(s);
654 return;
655 }
656 IF_ENQUEUE(ifq, m);
657 schednetisr(isr);
658 ifp->if_ipackets++;
659 ifp->if_ibytes += m->m_pkthdr.len;
660 splx(s);
661 }
662
663 /* ARGSUSED */
664 static void
665 stf_rtrequest(int cmd, struct rtentry *rt,
666 const struct rt_addrinfo *info)
667 {
668 if (rt != NULL) {
669 struct stf_softc *sc;
670
671 sc = LIST_FIRST(&stf_softc_list);
672 rt->rt_rmx.rmx_mtu = (sc != NULL) ? sc->sc_if.if_mtu : STF_MTU;
673 }
674 }
675
676 static int
677 stf_ioctl(struct ifnet *ifp, u_long cmd, void *data)
678 {
679 struct lwp *l = curlwp; /* XXX */
680 struct ifaddr *ifa;
681 struct ifreq *ifr = data;
682 struct sockaddr_in6 *sin6;
683 int error;
684
685 error = 0;
686 switch (cmd) {
687 case SIOCINITIFADDR:
688 ifa = (struct ifaddr *)data;
689 if (ifa == NULL || ifa->ifa_addr->sa_family != AF_INET6) {
690 error = EAFNOSUPPORT;
691 break;
692 }
693 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
694 if (IN6_IS_ADDR_6TO4(&sin6->sin6_addr) &&
695 !isrfc1918addr(GET_V4(&sin6->sin6_addr))) {
696 ifa->ifa_rtrequest = stf_rtrequest;
697 ifp->if_flags |= IFF_UP;
698 } else
699 error = EINVAL;
700 break;
701
702 case SIOCADDMULTI:
703 case SIOCDELMULTI:
704 if (ifr != NULL &&
705 ifreq_getaddr(cmd, ifr)->sa_family == AF_INET6)
706 ;
707 else
708 error = EAFNOSUPPORT;
709 break;
710
711 case SIOCSIFMTU:
712 error = kauth_authorize_network(l->l_cred,
713 KAUTH_NETWORK_INTERFACE,
714 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, ifp, KAUTH_ARG(cmd),
715 NULL);
716 if (error)
717 break;
718 if (ifr->ifr_mtu < STF_MTU_MIN || ifr->ifr_mtu > STF_MTU_MAX)
719 return EINVAL;
720 else if ((error = ifioctl_common(ifp, cmd, data)) == ENETRESET)
721 error = 0;
722 break;
723
724 default:
725 error = ifioctl_common(ifp, cmd, data);
726 break;
727 }
728
729 return error;
730 }
NetBSD on the FriendlyARM MINI2440