1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
|
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _INET_IPTUN_IMPL_H
#define _INET_IPTUN_IMPL_H
#include <sys/sunddi.h>
#include <sys/sunldi.h>
#include <sys/stream.h>
#include <sys/modhash.h>
#include <sys/list.h>
#include <sys/dls.h>
#include <sys/mac.h>
#include <sys/dld_impl.h>
#include <sys/netstack.h>
#include <sys/sunddi.h>
#include <sys/sunldi.h>
#include <sys/socket.h>
#include <inet/iptun.h>
#include <inet/ipclassifier.h>
#include <inet/ipsec_impl.h>
#include <netinet/in.h>
#ifdef __cplusplus
extern "C" {
#endif
#ifdef _KERNEL
#define IPTUN_MODID 5134
#define IPTUN_DRIVER_NAME "iptun"
typedef struct iptun_encaplim_s {
ip6_dest_t iel_destopt;
struct ip6_opt_tunnel iel_telopt;
uint8_t iel_padn[3];
} iptun_encaplim_t;
typedef struct iptun_ipv6hdrs_s {
ip6_t it6h_ip6h;
iptun_encaplim_t it6h_encaplim;
} iptun_ipv6hdrs_t;
typedef union iptun_header_u {
ipha_t ihu_hdr4;
iptun_ipv6hdrs_t ihu_hdr6;
} iptun_header_t;
typedef struct iptun_addr_s {
sa_family_t ia_family;
union {
ipaddr_t iau_addr4;
in6_addr_t iau_addr6;
} ia_addr;
} iptun_addr_t;
typedef struct iptun_typeinfo {
iptun_type_t iti_type;
const char *iti_ident; /* MAC-Type plugin identifier */
uint_t iti_ipvers; /* outer header IP version */
uint32_t iti_minmtu; /* minimum possible tunnel MTU */
uint32_t iti_maxmtu; /* maximum possible tunnel MTU */
boolean_t iti_hasraddr; /* has a remote adress */
} iptun_typeinfo_t;
/*
* An iptun_t represents an IP tunnel link. The iptun_lock protects the
* integrity of all fields except statistics which are updated atomically, and
* is also used by iptun_upcall_cv and iptun_enter_cv. Access to all fields
* must be done under the protection of iptun_lock with the following
* exceptions:
*
* The datapath reads certain fields without locks for performance reasons.
*
* - IPTUN_IS_RUNNING() is used (read access to iptun_flags IPTUN_BOUND and
* IPTUN_MAC_STARTED) to drop packets if they're sent while the tunnel is
* not running. This is harmless as the worst case scenario is that a
* packet will be needlessly sent down to ip and be dropped due to an
* unspecified source or destination.
*/
typedef struct iptun_s {
datalink_id_t iptun_linkid;
kmutex_t iptun_lock;
kcondvar_t iptun_upcall_cv;
kcondvar_t iptun_enter_cv;
uint32_t iptun_flags;
list_node_t iptun_link;
mac_handle_t iptun_mh;
conn_t *iptun_connp;
zoneid_t iptun_zoneid;
netstack_t *iptun_ns;
struct ipsec_tun_pol_s *iptun_itp;
iptun_typeinfo_t *iptun_typeinfo;
uint32_t iptun_mtu;
uint32_t iptun_dpmtu; /* destination path MTU */
uint8_t iptun_hoplimit;
uint8_t iptun_encaplimit;
iptun_addr_t iptun_laddr; /* local address */
iptun_addr_t iptun_raddr; /* remote address */
iptun_header_t iptun_header;
size_t iptun_header_size;
ipsec_req_t iptun_simple_policy;
/* statistics */
uint64_t iptun_ierrors;
uint64_t iptun_oerrors;
uint64_t iptun_rbytes;
uint64_t iptun_obytes;
uint64_t iptun_ipackets;
uint64_t iptun_opackets;
uint64_t iptun_norcvbuf;
uint64_t iptun_noxmtbuf;
uint64_t iptun_taskq_fail;
} iptun_t;
#define iptun_iptuns iptun_ns->netstack_iptun
#define iptun_laddr4 iptun_laddr.ia_addr.iau_addr4
#define iptun_laddr6 iptun_laddr.ia_addr.iau_addr6
#define iptun_raddr4 iptun_raddr.ia_addr.iau_addr4
#define iptun_raddr6 iptun_raddr.ia_addr.iau_addr6
#define iptun_header4 iptun_header.ihu_hdr4
#define iptun_header6 iptun_header.ihu_hdr6
/* iptun_flags */
#define IPTUN_BOUND 0x0001 /* tunnel address(es) bound with ip */
#define IPTUN_LADDR 0x0002 /* local address is set */
#define IPTUN_RADDR 0x0004 /* remote address is set */
#define IPTUN_MAC_REGISTERED 0x0008 /* registered with the mac module */
#define IPTUN_MAC_STARTED 0x0010 /* iptun_m_start() has been called */
#define IPTUN_HASH_INSERTED 0x0020 /* iptun_t in iptun_hash */
#define IPTUN_FIXED_MTU 0x0040 /* MTU was set using mtu link prop */
#define IPTUN_IMPLICIT 0x0080 /* implicitly created IP tunnel */
#define IPTUN_SIMPLE_POLICY 0x0100 /* cached iptun_simple_policy */
#define IPTUN_UPCALL_PENDING 0x0200 /* upcall to mac module in progress */
#define IPTUN_DELETE_PENDING 0x0400 /* iptun_delete() is issuing upcalls */
#define IPTUN_CONDEMNED 0x0800 /* iptun_t is to be freed */
#define IS_IPTUN_RUNNING(iptun) \
((iptun->iptun_flags & (IPTUN_BOUND | IPTUN_MAC_STARTED)) == \
(IPTUN_BOUND | IPTUN_MAC_STARTED))
/*
* iptuns_lock protects iptuns_iptunlist.
*/
typedef struct iptun_stack {
netstack_t *iptuns_netstack; /* Common netstack */
kmutex_t iptuns_lock;
list_t iptuns_iptunlist; /* list of tunnels in this stack. */
ipaddr_t iptuns_relay_rtr_addr;
} iptun_stack_t;
extern dev_info_t *iptun_dip;
extern mod_hash_t *iptun_hash;
extern kmem_cache_t *iptun_cache;
extern ddi_taskq_t *iptun_taskq;
extern ldi_ident_t iptun_ldi_ident;
extern int iptun_ioc_init(void);
extern void iptun_ioc_fini(void);
extern uint_t iptun_count(void);
extern int iptun_create(iptun_kparams_t *, cred_t *);
extern int iptun_delete(datalink_id_t, cred_t *);
extern int iptun_modify(const iptun_kparams_t *, cred_t *);
extern int iptun_info(iptun_kparams_t *, cred_t *);
extern int iptun_set_6to4relay(netstack_t *, ipaddr_t);
extern void iptun_get_6to4relay(netstack_t *, ipaddr_t *);
extern void iptun_set_policy(datalink_id_t, ipsec_tun_pol_t *);
#endif /* _KERNEL */
#ifdef __cplusplus
}
#endif
#endif /* _INET_IPTUN_IMPL_H */
|
