1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_INET_IPTUN_IMPL_H
27 #define	_INET_IPTUN_IMPL_H
28 
29 #include <sys/sunddi.h>
30 #include <sys/sunldi.h>
31 #include <sys/stream.h>
32 #include <sys/modhash.h>
33 #include <sys/list.h>
34 #include <sys/dls.h>
35 #include <sys/mac.h>
36 #include <sys/dld_impl.h>
37 #include <sys/netstack.h>
38 #include <sys/sunddi.h>
39 #include <sys/sunldi.h>
40 #include <sys/socket.h>
41 #include <inet/iptun.h>
42 #include <inet/ipclassifier.h>
43 #include <inet/ipsec_impl.h>
44 #include <netinet/in.h>
45 
46 #ifdef	__cplusplus
47 extern "C" {
48 #endif
49 
50 #ifdef _KERNEL
51 
52 #define	IPTUN_MODID		5134
53 #define	IPTUN_DRIVER_NAME	"iptun"
54 
55 typedef struct iptun_encaplim_s {
56 	ip6_dest_t		iel_destopt;
57 	struct ip6_opt_tunnel	iel_telopt;
58 	uint8_t			iel_padn[3];
59 } iptun_encaplim_t;
60 
61 typedef struct iptun_ipv6hdrs_s {
62 	ip6_t			it6h_ip6h;
63 	iptun_encaplim_t	it6h_encaplim;
64 } iptun_ipv6hdrs_t;
65 
66 typedef union iptun_header_u {
67 	ipha_t			ihu_hdr4;
68 	iptun_ipv6hdrs_t	ihu_hdr6;
69 } iptun_header_t;
70 
71 typedef struct iptun_addr_s {
72 	sa_family_t	ia_family;
73 	union {
74 		ipaddr_t	iau_addr4;
75 		in6_addr_t	iau_addr6;
76 	} ia_addr;
77 } iptun_addr_t;
78 
79 typedef struct iptun_typeinfo {
80 	iptun_type_t	iti_type;
81 	const char	*iti_ident;	/* MAC-Type plugin identifier */
82 	uint_t		iti_ipvers;	/* outer header IP version */
83 	uint32_t	iti_minmtu;	/* minimum possible tunnel MTU */
84 	uint32_t	iti_maxmtu;	/* maximum possible tunnel MTU */
85 	boolean_t	iti_hasraddr;	/* has a remote adress */
86 } iptun_typeinfo_t;
87 
88 /*
89  * An iptun_t represents an IP tunnel link.  The iptun_lock protects the
90  * integrity of all fields except statistics which are updated atomically, and
91  * is also used by iptun_upcall_cv and iptun_enter_cv.  Access to all fields
92  * must be done under the protection of iptun_lock with the following
93  * exceptions:
94  *
95  * The datapath reads certain fields without locks for performance reasons.
96  *
97  * - IPTUN_IS_RUNNING() is used (read access to iptun_flags IPTUN_BOUND and
98  *   IPTUN_MAC_STARTED) to drop packets if they're sent while the tunnel is
99  *   not running.  This is harmless as the worst case scenario is that a
100  *   packet will be needlessly sent down to ip and be dropped due to an
101  *   unspecified source or destination.
102  */
103 typedef struct iptun_s {
104 	datalink_id_t	iptun_linkid;
105 	kmutex_t	iptun_lock;
106 	kcondvar_t	iptun_upcall_cv;
107 	kcondvar_t	iptun_enter_cv;
108 	uint32_t	iptun_flags;
109 	list_node_t	iptun_link;
110 	mac_handle_t	iptun_mh;
111 	conn_t		*iptun_connp;
112 	zoneid_t	iptun_zoneid;
113 	netstack_t	*iptun_ns;
114 	struct ipsec_tun_pol_s	*iptun_itp;
115 	iptun_typeinfo_t	*iptun_typeinfo;
116 	uint32_t	iptun_mtu;
117 	uint32_t	iptun_dpmtu;	/* destination path MTU */
118 	uint8_t		iptun_hoplimit;
119 	uint8_t		iptun_encaplimit;
120 	iptun_addr_t	iptun_laddr;	/* local address */
121 	iptun_addr_t	iptun_raddr;	/* remote address */
122 	iptun_header_t	iptun_header;
123 	size_t		iptun_header_size;
124 	ipsec_req_t	iptun_simple_policy;
125 
126 	/* statistics */
127 	uint64_t	iptun_ierrors;
128 	uint64_t	iptun_oerrors;
129 	uint64_t	iptun_rbytes;
130 	uint64_t	iptun_obytes;
131 	uint64_t	iptun_ipackets;
132 	uint64_t	iptun_opackets;
133 	uint64_t	iptun_norcvbuf;
134 	uint64_t	iptun_noxmtbuf;
135 	uint64_t	iptun_taskq_fail;
136 } iptun_t;
137 
138 #define	iptun_iptuns	iptun_ns->netstack_iptun
139 #define	iptun_laddr4	iptun_laddr.ia_addr.iau_addr4
140 #define	iptun_laddr6	iptun_laddr.ia_addr.iau_addr6
141 #define	iptun_raddr4	iptun_raddr.ia_addr.iau_addr4
142 #define	iptun_raddr6	iptun_raddr.ia_addr.iau_addr6
143 #define	iptun_header4	iptun_header.ihu_hdr4
144 #define	iptun_header6	iptun_header.ihu_hdr6
145 
146 /* iptun_flags */
147 #define	IPTUN_BOUND		0x0001	/* tunnel address(es) bound with ip */
148 #define	IPTUN_LADDR		0x0002	/* local address is set */
149 #define	IPTUN_RADDR		0x0004	/* remote address is set */
150 #define	IPTUN_MAC_REGISTERED	0x0008	/* registered with the mac module */
151 #define	IPTUN_MAC_STARTED	0x0010	/* iptun_m_start() has been called */
152 #define	IPTUN_HASH_INSERTED	0x0020	/* iptun_t in iptun_hash */
153 #define	IPTUN_FIXED_MTU		0x0040	/* MTU was set using mtu link prop */
154 #define	IPTUN_IMPLICIT		0x0080	/* implicitly created IP tunnel */
155 #define	IPTUN_SIMPLE_POLICY	0x0100	/* cached iptun_simple_policy */
156 #define	IPTUN_UPCALL_PENDING	0x0200	/* upcall to mac module in progress */
157 #define	IPTUN_DELETE_PENDING	0x0400	/* iptun_delete() is issuing upcalls */
158 #define	IPTUN_CONDEMNED		0x0800	/* iptun_t is to be freed */
159 
160 #define	IS_IPTUN_RUNNING(iptun)						\
161 	((iptun->iptun_flags & (IPTUN_BOUND | IPTUN_MAC_STARTED)) ==	\
162 	    (IPTUN_BOUND | IPTUN_MAC_STARTED))
163 
164 /*
165  * iptuns_lock protects iptuns_iptunlist.
166  */
167 typedef struct iptun_stack {
168 	netstack_t	*iptuns_netstack; /* Common netstack */
169 	kmutex_t	iptuns_lock;
170 	list_t		iptuns_iptunlist; /* list of tunnels in this stack. */
171 	ipaddr_t	iptuns_relay_rtr_addr;
172 } iptun_stack_t;
173 
174 extern dev_info_t	*iptun_dip;
175 extern mod_hash_t	*iptun_hash;
176 extern kmem_cache_t	*iptun_cache;
177 extern ddi_taskq_t	*iptun_taskq;
178 extern ldi_ident_t	iptun_ldi_ident;
179 
180 extern int	iptun_ioc_init(void);
181 extern void	iptun_ioc_fini(void);
182 extern uint_t	iptun_count(void);
183 extern int	iptun_create(iptun_kparams_t *, cred_t *);
184 extern int	iptun_delete(datalink_id_t, cred_t *);
185 extern int	iptun_modify(const iptun_kparams_t *, cred_t *);
186 extern int	iptun_info(iptun_kparams_t *, cred_t *);
187 extern int	iptun_set_6to4relay(netstack_t *, ipaddr_t);
188 extern void	iptun_get_6to4relay(netstack_t *, ipaddr_t *);
189 extern void	iptun_set_policy(datalink_id_t, ipsec_tun_pol_t *);
190 
191 #endif	/* _KERNEL */
192 
193 #ifdef	__cplusplus
194 }
195 #endif
196 
197 #endif	/* _INET_IPTUN_IMPL_H */
198