if_stf.c revision 103487
1/* $FreeBSD: head/sys/net/if_stf.c 103487 2002-09-17 14:25:19Z ume $ */ 2/* $KAME: if_stf.c,v 1.73 2001/12/03 11:08:30 keiichi Exp $ */ 3 4/* 5 * Copyright (C) 2000 WIDE Project. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. Neither the name of the project nor the names of its contributors 17 * may be used to endorse or promote products derived from this software 18 * without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30 * SUCH DAMAGE. 31 */ 32 33/* 34 * 6to4 interface, based on RFC3056. 35 * 36 * 6to4 interface is NOT capable of link-layer (I mean, IPv4) multicasting. 37 * There is no address mapping defined from IPv6 multicast address to IPv4 38 * address. Therefore, we do not have IFF_MULTICAST on the interface. 39 * 40 * Due to the lack of address mapping for link-local addresses, we cannot 41 * throw packets toward link-local addresses (fe80::x). Also, we cannot throw 42 * packets to link-local multicast addresses (ff02::x). 43 * 44 * Here are interesting symptoms due to the lack of link-local address: 45 * 46 * Unicast routing exchange: 47 * - RIPng: Impossible. Uses link-local multicast packet toward ff02::9, 48 * and link-local addresses as nexthop. 49 * - OSPFv6: Impossible. OSPFv6 assumes that there's link-local address 50 * assigned to the link, and makes use of them. Also, HELLO packets use 51 * link-local multicast addresses (ff02::5 and ff02::6). 52 * - BGP4+: Maybe. You can only use global address as nexthop, and global 53 * address as TCP endpoint address. 54 * 55 * Multicast routing protocols: 56 * - PIM: Hello packet cannot be used to discover adjacent PIM routers. 57 * Adjacent PIM routers must be configured manually (is it really spec-wise 58 * correct thing to do?). 59 * 60 * ICMPv6: 61 * - Redirects cannot be used due to the lack of link-local address. 62 * 63 * stf interface does not have, and will not need, a link-local address. 64 * It seems to have no real benefit and does not help the above symptoms much. 65 * Even if we assign link-locals to interface, we cannot really 66 * use link-local unicast/multicast on top of 6to4 cloud (since there's no 67 * encapsulation defined for link-local address), and the above analysis does 68 * not change. RFC3056 does not mandate the assignment of link-local address 69 * either. 70 * 71 * 6to4 interface has security issues. Refer to 72 * http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt 73 * for details. The code tries to filter out some of malicious packets. 74 * Note that there is no way to be 100% secure. 75 */ 76 77#include "opt_inet.h" 78#include "opt_inet6.h" 79 80#include <sys/param.h> 81#include <sys/systm.h> 82#include <sys/socket.h> 83#include <sys/sockio.h> 84#include <sys/mbuf.h> 85#include <sys/errno.h> 86#include <sys/kernel.h> 87#include <sys/protosw.h> 88#include <sys/queue.h> 89#include <machine/cpu.h> 90 91#include <sys/malloc.h> 92 93#include <net/if.h> 94#include <net/route.h> 95#include <net/netisr.h> 96#include <net/if_types.h> 97#include <net/if_stf.h> 98 99#include <netinet/in.h> 100#include <netinet/in_systm.h> 101#include <netinet/ip.h> 102#include <netinet/ip_var.h> 103#include <netinet/in_var.h> 104 105#include <netinet/ip6.h> 106#include <netinet6/ip6_var.h> 107#include <netinet6/in6_var.h> 108#include <netinet/ip_ecn.h> 109 110#include <netinet/ip_encap.h> 111 112#include <machine/stdarg.h> 113 114#include <net/net_osdep.h> 115 116#include <net/bpf.h> 117 118#define STFNAME "stf" 119 120#define IN6_IS_ADDR_6TO4(x) (ntohs((x)->s6_addr16[0]) == 0x2002) 121#define GET_V4(x) ((struct in_addr *)(&(x)->s6_addr16[1])) 122 123struct stf_softc { 124 struct ifnet sc_if; /* common area */ 125 union { 126 struct route __sc_ro4; 127 struct route_in6 __sc_ro6; /* just for safety */ 128 } __sc_ro46; 129#define sc_ro __sc_ro46.__sc_ro4 130 const struct encaptab *encap_cookie; 131 LIST_ENTRY(stf_softc) sc_list; /* all stf's are linked */ 132}; 133 134static LIST_HEAD(, stf_softc) stf_softc_list; 135 136static MALLOC_DEFINE(M_STF, STFNAME, "6to4 Tunnel Interface"); 137static int ip_stf_ttl = 40; 138 139extern struct domain inetdomain; 140struct protosw in_stf_protosw = 141{ SOCK_RAW, &inetdomain, IPPROTO_IPV6, PR_ATOMIC|PR_ADDR, 142 in_stf_input, (pr_output_t*)rip_output, 0, rip_ctloutput, 143 0, 144 0, 0, 0, 0, 145 &rip_usrreqs 146}; 147 148static int stfmodevent(module_t, int, void *); 149static int stf_encapcheck(const struct mbuf *, int, int, void *); 150static struct in6_ifaddr *stf_getsrcifa6(struct ifnet *); 151static int stf_output(struct ifnet *, struct mbuf *, struct sockaddr *, 152 struct rtentry *); 153static int isrfc1918addr(struct in_addr *); 154static int stf_checkaddr4(struct stf_softc *, struct in_addr *, 155 struct ifnet *); 156static int stf_checkaddr6(struct stf_softc *, struct in6_addr *, 157 struct ifnet *); 158static void stf_rtrequest(int, struct rtentry *, struct rt_addrinfo *); 159static int stf_ioctl(struct ifnet *, u_long, caddr_t); 160 161int stf_clone_create(struct if_clone *, int); 162void stf_clone_destroy(struct ifnet *); 163 164/* only one clone is currently allowed */ 165struct if_clone stf_cloner = 166 IF_CLONE_INITIALIZER(STFNAME, stf_clone_create, stf_clone_destroy, 0, 0); 167 168int 169stf_clone_create(ifc, unit) 170 struct if_clone *ifc; 171 int unit; 172{ 173 struct stf_softc *sc; 174 175 sc = malloc(sizeof(struct stf_softc), M_STF, M_WAITOK | M_ZERO); 176 sc->sc_if.if_name = STFNAME; 177 sc->sc_if.if_unit = unit; 178 179 sc->encap_cookie = encap_attach_func(AF_INET, IPPROTO_IPV6, 180 stf_encapcheck, &in_stf_protosw, sc); 181 if (sc->encap_cookie == NULL) { 182 printf("%s: attach failed\n", if_name(&sc->sc_if)); 183 free(sc, M_STF); 184 return (ENOMEM); 185 } 186 187 sc->sc_if.if_mtu = IPV6_MMTU; 188 sc->sc_if.if_ioctl = stf_ioctl; 189 sc->sc_if.if_output = stf_output; 190 sc->sc_if.if_type = IFT_STF; 191 sc->sc_if.if_snd.ifq_maxlen = IFQ_MAXLEN; 192 if_attach(&sc->sc_if); 193 bpfattach(&sc->sc_if, DLT_NULL, sizeof(u_int)); 194 LIST_INSERT_HEAD(&stf_softc_list, sc, sc_list); 195 return (0); 196} 197 198void 199stf_clone_destroy(ifp) 200 struct ifnet *ifp; 201{ 202 int err; 203 struct stf_softc *sc = (void *) ifp; 204 205 LIST_REMOVE(sc, sc_list); 206 err = encap_detach(sc->encap_cookie); 207 KASSERT(err == 0, ("Unexpected error detaching encap_cookie")); 208 bpfdetach(ifp); 209 if_detach(ifp); 210 211 free(sc, M_STF); 212} 213 214static int 215stfmodevent(mod, type, data) 216 module_t mod; 217 int type; 218 void *data; 219{ 220 221 switch (type) { 222 case MOD_LOAD: 223 LIST_INIT(&stf_softc_list); 224 if_clone_attach(&stf_cloner); 225 226 break; 227 case MOD_UNLOAD: 228 if_clone_detach(&stf_cloner); 229 230 while (!LIST_EMPTY(&stf_softc_list)) 231 stf_clone_destroy(&LIST_FIRST(&stf_softc_list)->sc_if); 232 break; 233 } 234 235 return (0); 236} 237 238static moduledata_t stf_mod = { 239 "if_stf", 240 stfmodevent, 241 0 242}; 243 244DECLARE_MODULE(if_stf, stf_mod, SI_SUB_PSEUDO, SI_ORDER_ANY); 245 246static int 247stf_encapcheck(m, off, proto, arg) 248 const struct mbuf *m; 249 int off; 250 int proto; 251 void *arg; 252{ 253 struct ip ip; 254 struct in6_ifaddr *ia6; 255 struct stf_softc *sc; 256 struct in_addr a, b; 257 258 sc = (struct stf_softc *)arg; 259 if (sc == NULL) 260 return 0; 261 262 if ((sc->sc_if.if_flags & IFF_UP) == 0) 263 return 0; 264 265 /* IFF_LINK0 means "no decapsulation" */ 266 if ((sc->sc_if.if_flags & IFF_LINK0) != 0) 267 return 0; 268 269 if (proto != IPPROTO_IPV6) 270 return 0; 271 272 /* LINTED const cast */ 273 m_copydata((struct mbuf *)(uintptr_t)m, 0, sizeof(ip), (caddr_t)&ip); 274 275 if (ip.ip_v != 4) 276 return 0; 277 278 ia6 = stf_getsrcifa6(&sc->sc_if); 279 if (ia6 == NULL) 280 return 0; 281 282 /* 283 * check if IPv4 dst matches the IPv4 address derived from the 284 * local 6to4 address. 285 * success on: dst = 10.1.1.1, ia6->ia_addr = 2002:0a01:0101:... 286 */ 287 if (bcmp(GET_V4(&ia6->ia_addr.sin6_addr), &ip.ip_dst, 288 sizeof(ip.ip_dst)) != 0) 289 return 0; 290 291 /* 292 * check if IPv4 src matches the IPv4 address derived from the 293 * local 6to4 address masked by prefixmask. 294 * success on: src = 10.1.1.1, ia6->ia_addr = 2002:0a00:.../24 295 * fail on: src = 10.1.1.1, ia6->ia_addr = 2002:0b00:.../24 296 */ 297 bzero(&a, sizeof(a)); 298 a.s_addr = GET_V4(&ia6->ia_addr.sin6_addr)->s_addr; 299 a.s_addr &= GET_V4(&ia6->ia_prefixmask.sin6_addr)->s_addr; 300 b = ip.ip_src; 301 b.s_addr &= GET_V4(&ia6->ia_prefixmask.sin6_addr)->s_addr; 302 if (a.s_addr != b.s_addr) 303 return 0; 304 305 /* stf interface makes single side match only */ 306 return 32; 307} 308 309static struct in6_ifaddr * 310stf_getsrcifa6(ifp) 311 struct ifnet *ifp; 312{ 313 struct ifaddr *ia; 314 struct in_ifaddr *ia4; 315 struct sockaddr_in6 *sin6; 316 struct in_addr in; 317 318 for (ia = TAILQ_FIRST(&ifp->if_addrlist); 319 ia; 320 ia = TAILQ_NEXT(ia, ifa_list)) 321 { 322 if (ia->ifa_addr == NULL) 323 continue; 324 if (ia->ifa_addr->sa_family != AF_INET6) 325 continue; 326 sin6 = (struct sockaddr_in6 *)ia->ifa_addr; 327 if (!IN6_IS_ADDR_6TO4(&sin6->sin6_addr)) 328 continue; 329 330 bcopy(GET_V4(&sin6->sin6_addr), &in, sizeof(in)); 331 LIST_FOREACH(ia4, INADDR_HASH(in.s_addr), ia_hash) 332 if (ia4->ia_addr.sin_addr.s_addr == in.s_addr) 333 break; 334 if (ia4 == NULL) 335 continue; 336 337 return (struct in6_ifaddr *)ia; 338 } 339 340 return NULL; 341} 342 343static int 344stf_output(ifp, m, dst, rt) 345 struct ifnet *ifp; 346 struct mbuf *m; 347 struct sockaddr *dst; 348 struct rtentry *rt; 349{ 350 struct stf_softc *sc; 351 struct sockaddr_in6 *dst6; 352 struct in_addr *in4; 353 struct sockaddr_in *dst4; 354 u_int8_t tos; 355 struct ip *ip; 356 struct ip6_hdr *ip6; 357 struct in6_ifaddr *ia6; 358 359 sc = (struct stf_softc*)ifp; 360 dst6 = (struct sockaddr_in6 *)dst; 361 362 /* just in case */ 363 if ((ifp->if_flags & IFF_UP) == 0) { 364 m_freem(m); 365 ifp->if_oerrors++; 366 return ENETDOWN; 367 } 368 369 /* 370 * If we don't have an ip4 address that match my inner ip6 address, 371 * we shouldn't generate output. Without this check, we'll end up 372 * using wrong IPv4 source. 373 */ 374 ia6 = stf_getsrcifa6(ifp); 375 if (ia6 == NULL) { 376 m_freem(m); 377 ifp->if_oerrors++; 378 return ENETDOWN; 379 } 380 381 if (m->m_len < sizeof(*ip6)) { 382 m = m_pullup(m, sizeof(*ip6)); 383 if (!m) { 384 ifp->if_oerrors++; 385 return ENOBUFS; 386 } 387 } 388 ip6 = mtod(m, struct ip6_hdr *); 389 tos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; 390 391 /* 392 * Pickup the right outer dst addr from the list of candidates. 393 * ip6_dst has priority as it may be able to give us shorter IPv4 hops. 394 */ 395 if (IN6_IS_ADDR_6TO4(&ip6->ip6_dst)) 396 in4 = GET_V4(&ip6->ip6_dst); 397 else if (IN6_IS_ADDR_6TO4(&dst6->sin6_addr)) 398 in4 = GET_V4(&dst6->sin6_addr); 399 else { 400 m_freem(m); 401 ifp->if_oerrors++; 402 return ENETUNREACH; 403 } 404 405#if NBPFILTER > 0 406 if (ifp->if_bpf) { 407 /* 408 * We need to prepend the address family as 409 * a four byte field. Cons up a dummy header 410 * to pacify bpf. This is safe because bpf 411 * will only read from the mbuf (i.e., it won't 412 * try to free it or keep a pointer a to it). 413 */ 414 struct mbuf m0; 415 u_int32_t af = AF_INET6; 416 417 m0.m_next = m; 418 m0.m_len = 4; 419 m0.m_data = (char *)⁡ 420 421#ifdef HAVE_OLD_BPF 422 bpf_mtap(ifp, &m0); 423#else 424 bpf_mtap(ifp->if_bpf, &m0); 425#endif 426 } 427#endif /*NBPFILTER > 0*/ 428 429 M_PREPEND(m, sizeof(struct ip), M_DONTWAIT); 430 if (m && m->m_len < sizeof(struct ip)) 431 m = m_pullup(m, sizeof(struct ip)); 432 if (m == NULL) { 433 ifp->if_oerrors++; 434 return ENOBUFS; 435 } 436 ip = mtod(m, struct ip *); 437 438 bzero(ip, sizeof(*ip)); 439 440 bcopy(GET_V4(&((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr), 441 &ip->ip_src, sizeof(ip->ip_src)); 442 bcopy(in4, &ip->ip_dst, sizeof(ip->ip_dst)); 443 ip->ip_p = IPPROTO_IPV6; 444 ip->ip_ttl = ip_stf_ttl; 445 ip->ip_len = m->m_pkthdr.len; /*host order*/ 446 if (ifp->if_flags & IFF_LINK1) 447 ip_ecn_ingress(ECN_ALLOWED, &ip->ip_tos, &tos); 448 else 449 ip_ecn_ingress(ECN_NOCARE, &ip->ip_tos, &tos); 450 451 dst4 = (struct sockaddr_in *)&sc->sc_ro.ro_dst; 452 if (dst4->sin_family != AF_INET || 453 bcmp(&dst4->sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)) != 0) { 454 /* cache route doesn't match */ 455 dst4->sin_family = AF_INET; 456 dst4->sin_len = sizeof(struct sockaddr_in); 457 bcopy(&ip->ip_dst, &dst4->sin_addr, sizeof(dst4->sin_addr)); 458 if (sc->sc_ro.ro_rt) { 459 RTFREE(sc->sc_ro.ro_rt); 460 sc->sc_ro.ro_rt = NULL; 461 } 462 } 463 464 if (sc->sc_ro.ro_rt == NULL) { 465 rtalloc(&sc->sc_ro); 466 if (sc->sc_ro.ro_rt == NULL) { 467 m_freem(m); 468 ifp->if_oerrors++; 469 return ENETUNREACH; 470 } 471 } 472 473 ifp->if_opackets++; 474 return ip_output(m, NULL, &sc->sc_ro, 0, NULL); 475} 476 477static int 478isrfc1918addr(in) 479 struct in_addr *in; 480{ 481 /* 482 * returns 1 if private address range: 483 * 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 484 */ 485 if ((ntohl(in->s_addr) & 0xff000000) >> 24 == 10 || 486 (ntohl(in->s_addr) & 0xfff00000) >> 16 == 172 * 256 + 16 || 487 (ntohl(in->s_addr) & 0xffff0000) >> 16 == 192 * 256 + 168) 488 return 1; 489 490 return 0; 491} 492 493static int 494stf_checkaddr4(sc, in, inifp) 495 struct stf_softc *sc; 496 struct in_addr *in; 497 struct ifnet *inifp; /* incoming interface */ 498{ 499 struct in_ifaddr *ia4; 500 501 /* 502 * reject packets with the following address: 503 * 224.0.0.0/4 0.0.0.0/8 127.0.0.0/8 255.0.0.0/8 504 */ 505 if (IN_MULTICAST(ntohl(in->s_addr))) 506 return -1; 507 switch ((ntohl(in->s_addr) & 0xff000000) >> 24) { 508 case 0: case 127: case 255: 509 return -1; 510 } 511 512 /* 513 * reject packets with private address range. 514 * (requirement from RFC3056 section 2 1st paragraph) 515 */ 516 if (isrfc1918addr(in)) 517 return -1; 518 519 /* 520 * reject packets with broadcast 521 */ 522 for (ia4 = TAILQ_FIRST(&in_ifaddrhead); 523 ia4; 524 ia4 = TAILQ_NEXT(ia4, ia_link)) 525 { 526 if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0) 527 continue; 528 if (in->s_addr == ia4->ia_broadaddr.sin_addr.s_addr) 529 return -1; 530 } 531 532 /* 533 * perform ingress filter 534 */ 535 if (sc && (sc->sc_if.if_flags & IFF_LINK2) == 0 && inifp) { 536 struct sockaddr_in sin; 537 struct rtentry *rt; 538 539 bzero(&sin, sizeof(sin)); 540 sin.sin_family = AF_INET; 541 sin.sin_len = sizeof(struct sockaddr_in); 542 sin.sin_addr = *in; 543 rt = rtalloc1((struct sockaddr *)&sin, 0, 0UL); 544 if (!rt || rt->rt_ifp != inifp) { 545#if 0 546 log(LOG_WARNING, "%s: packet from 0x%x dropped " 547 "due to ingress filter\n", if_name(&sc->sc_if), 548 (u_int32_t)ntohl(sin.sin_addr.s_addr)); 549#endif 550 if (rt) 551 rtfree(rt); 552 return -1; 553 } 554 rtfree(rt); 555 } 556 557 return 0; 558} 559 560static int 561stf_checkaddr6(sc, in6, inifp) 562 struct stf_softc *sc; 563 struct in6_addr *in6; 564 struct ifnet *inifp; /* incoming interface */ 565{ 566 /* 567 * check 6to4 addresses 568 */ 569 if (IN6_IS_ADDR_6TO4(in6)) 570 return stf_checkaddr4(sc, GET_V4(in6), inifp); 571 572 /* 573 * reject anything that look suspicious. the test is implemented 574 * in ip6_input too, but we check here as well to 575 * (1) reject bad packets earlier, and 576 * (2) to be safe against future ip6_input change. 577 */ 578 if (IN6_IS_ADDR_V4COMPAT(in6) || IN6_IS_ADDR_V4MAPPED(in6)) 579 return -1; 580 581 return 0; 582} 583 584void 585in_stf_input(m, off) 586 struct mbuf *m; 587 int off; 588{ 589 int proto; 590 struct stf_softc *sc; 591 struct ip *ip; 592 struct ip6_hdr *ip6; 593 u_int8_t otos, itos; 594 int len, isr; 595 struct ifqueue *ifq = NULL; 596 struct ifnet *ifp; 597 598 proto = mtod(m, struct ip *)->ip_p; 599 600 if (proto != IPPROTO_IPV6) { 601 m_freem(m); 602 return; 603 } 604 605 ip = mtod(m, struct ip *); 606 607 sc = (struct stf_softc *)encap_getarg(m); 608 609 if (sc == NULL || (sc->sc_if.if_flags & IFF_UP) == 0) { 610 m_freem(m); 611 return; 612 } 613 614 ifp = &sc->sc_if; 615 616 /* 617 * perform sanity check against outer src/dst. 618 * for source, perform ingress filter as well. 619 */ 620 if (stf_checkaddr4(sc, &ip->ip_dst, NULL) < 0 || 621 stf_checkaddr4(sc, &ip->ip_src, m->m_pkthdr.rcvif) < 0) { 622 m_freem(m); 623 return; 624 } 625 626 otos = ip->ip_tos; 627 m_adj(m, off); 628 629 if (m->m_len < sizeof(*ip6)) { 630 m = m_pullup(m, sizeof(*ip6)); 631 if (!m) 632 return; 633 } 634 ip6 = mtod(m, struct ip6_hdr *); 635 636 /* 637 * perform sanity check against inner src/dst. 638 * for source, perform ingress filter as well. 639 */ 640 if (stf_checkaddr6(sc, &ip6->ip6_dst, NULL) < 0 || 641 stf_checkaddr6(sc, &ip6->ip6_src, m->m_pkthdr.rcvif) < 0) { 642 m_freem(m); 643 return; 644 } 645 646 itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff; 647 if ((ifp->if_flags & IFF_LINK1) != 0) 648 ip_ecn_egress(ECN_ALLOWED, &otos, &itos); 649 else 650 ip_ecn_egress(ECN_NOCARE, &otos, &itos); 651 ip6->ip6_flow &= ~htonl(0xff << 20); 652 ip6->ip6_flow |= htonl((u_int32_t)itos << 20); 653 654 m->m_pkthdr.rcvif = ifp; 655 656 if (ifp->if_bpf) { 657 /* 658 * We need to prepend the address family as 659 * a four byte field. Cons up a dummy header 660 * to pacify bpf. This is safe because bpf 661 * will only read from the mbuf (i.e., it won't 662 * try to free it or keep a pointer a to it). 663 */ 664 struct mbuf m0; 665 u_int32_t af = AF_INET6; 666 667 m0.m_next = m; 668 m0.m_len = 4; 669 m0.m_data = (char *)⁡ 670 671#ifdef HAVE_OLD_BPF 672 bpf_mtap(ifp, &m0); 673#else 674 bpf_mtap(ifp->if_bpf, &m0); 675#endif 676 } 677 678 /* 679 * Put the packet to the network layer input queue according to the 680 * specified address family. 681 * See net/if_gif.c for possible issues with packet processing 682 * reorder due to extra queueing. 683 */ 684 ifq = &ip6intrq; 685 isr = NETISR_IPV6; 686 687 len = m->m_pkthdr.len; 688 if (! IF_HANDOFF(ifq, m, NULL)) 689 return; 690 schednetisr(isr); 691 ifp->if_ipackets++; 692 ifp->if_ibytes += len; 693} 694 695/* ARGSUSED */ 696static void 697stf_rtrequest(cmd, rt, info) 698 int cmd; 699 struct rtentry *rt; 700 struct rt_addrinfo *info; 701{ 702 703 if (rt) 704 rt->rt_rmx.rmx_mtu = IPV6_MMTU; 705} 706 707static int 708stf_ioctl(ifp, cmd, data) 709 struct ifnet *ifp; 710 u_long cmd; 711 caddr_t data; 712{ 713 struct ifaddr *ifa; 714 struct ifreq *ifr; 715 struct sockaddr_in6 *sin6; 716 int error; 717 718 error = 0; 719 switch (cmd) { 720 case SIOCSIFADDR: 721 ifa = (struct ifaddr *)data; 722 if (ifa == NULL || ifa->ifa_addr->sa_family != AF_INET6) { 723 error = EAFNOSUPPORT; 724 break; 725 } 726 sin6 = (struct sockaddr_in6 *)ifa->ifa_addr; 727 if (IN6_IS_ADDR_6TO4(&sin6->sin6_addr) && 728 !isrfc1918addr(GET_V4(&sin6->sin6_addr))) { 729 ifa->ifa_rtrequest = stf_rtrequest; 730 ifp->if_flags |= IFF_UP; 731 } else 732 error = EINVAL; 733 break; 734 735 case SIOCADDMULTI: 736 case SIOCDELMULTI: 737 ifr = (struct ifreq *)data; 738 if (ifr && ifr->ifr_addr.sa_family == AF_INET6) 739 ; 740 else 741 error = EAFNOSUPPORT; 742 break; 743 744 default: 745 error = EINVAL; 746 break; 747 } 748 749 return error; 750} 751