110616SSebastien.Roy@Sun.COM /* 210616SSebastien.Roy@Sun.COM * CDDL HEADER START 310616SSebastien.Roy@Sun.COM * 410616SSebastien.Roy@Sun.COM * The contents of this file are subject to the terms of the 510616SSebastien.Roy@Sun.COM * Common Development and Distribution License (the "License"). 610616SSebastien.Roy@Sun.COM * You may not use this file except in compliance with the License. 710616SSebastien.Roy@Sun.COM * 810616SSebastien.Roy@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 910616SSebastien.Roy@Sun.COM * or http://www.opensolaris.org/os/licensing. 1010616SSebastien.Roy@Sun.COM * See the License for the specific language governing permissions 1110616SSebastien.Roy@Sun.COM * and limitations under the License. 1210616SSebastien.Roy@Sun.COM * 1310616SSebastien.Roy@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each 1410616SSebastien.Roy@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 1510616SSebastien.Roy@Sun.COM * If applicable, add the following below this CDDL HEADER, with the 1610616SSebastien.Roy@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying 1710616SSebastien.Roy@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner] 1810616SSebastien.Roy@Sun.COM * 1910616SSebastien.Roy@Sun.COM * CDDL HEADER END 2010616SSebastien.Roy@Sun.COM */ 2110616SSebastien.Roy@Sun.COM /* 2210616SSebastien.Roy@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 2310616SSebastien.Roy@Sun.COM * Use is subject to license terms. 2410616SSebastien.Roy@Sun.COM */ 2510616SSebastien.Roy@Sun.COM 2610616SSebastien.Roy@Sun.COM #ifndef _INET_IPTUN_IMPL_H 2710616SSebastien.Roy@Sun.COM #define _INET_IPTUN_IMPL_H 2810616SSebastien.Roy@Sun.COM 2910616SSebastien.Roy@Sun.COM #include <sys/sunddi.h> 3010616SSebastien.Roy@Sun.COM #include <sys/sunldi.h> 3110616SSebastien.Roy@Sun.COM #include <sys/stream.h> 3210616SSebastien.Roy@Sun.COM #include <sys/modhash.h> 3310616SSebastien.Roy@Sun.COM #include <sys/list.h> 3410616SSebastien.Roy@Sun.COM #include <sys/dls.h> 3510616SSebastien.Roy@Sun.COM #include <sys/mac.h> 3610616SSebastien.Roy@Sun.COM #include <sys/dld_impl.h> 3710616SSebastien.Roy@Sun.COM #include <sys/netstack.h> 3810616SSebastien.Roy@Sun.COM #include <sys/sunddi.h> 3910616SSebastien.Roy@Sun.COM #include <sys/sunldi.h> 4010616SSebastien.Roy@Sun.COM #include <sys/socket.h> 4110616SSebastien.Roy@Sun.COM #include <inet/iptun.h> 4210616SSebastien.Roy@Sun.COM #include <inet/ipclassifier.h> 4310616SSebastien.Roy@Sun.COM #include <inet/ipsec_impl.h> 4410616SSebastien.Roy@Sun.COM #include <netinet/in.h> 4510616SSebastien.Roy@Sun.COM 4610616SSebastien.Roy@Sun.COM #ifdef __cplusplus 4710616SSebastien.Roy@Sun.COM extern "C" { 4810616SSebastien.Roy@Sun.COM #endif 4910616SSebastien.Roy@Sun.COM 5010616SSebastien.Roy@Sun.COM #ifdef _KERNEL 5110616SSebastien.Roy@Sun.COM 5210616SSebastien.Roy@Sun.COM #define IPTUN_MODID 5134 5310616SSebastien.Roy@Sun.COM #define IPTUN_DRIVER_NAME "iptun" 5410616SSebastien.Roy@Sun.COM 5510616SSebastien.Roy@Sun.COM typedef struct iptun_encaplim_s { 5610616SSebastien.Roy@Sun.COM ip6_dest_t iel_destopt; 5710616SSebastien.Roy@Sun.COM struct ip6_opt_tunnel iel_telopt; 5810616SSebastien.Roy@Sun.COM uint8_t iel_padn[3]; 5910616SSebastien.Roy@Sun.COM } iptun_encaplim_t; 6010616SSebastien.Roy@Sun.COM 6110616SSebastien.Roy@Sun.COM typedef struct iptun_ipv6hdrs_s { 6210616SSebastien.Roy@Sun.COM ip6_t it6h_ip6h; 6310616SSebastien.Roy@Sun.COM iptun_encaplim_t it6h_encaplim; 6410616SSebastien.Roy@Sun.COM } iptun_ipv6hdrs_t; 6510616SSebastien.Roy@Sun.COM 6610616SSebastien.Roy@Sun.COM typedef union iptun_header_u { 6710616SSebastien.Roy@Sun.COM ipha_t ihu_hdr4; 6810616SSebastien.Roy@Sun.COM iptun_ipv6hdrs_t ihu_hdr6; 6910616SSebastien.Roy@Sun.COM } iptun_header_t; 7010616SSebastien.Roy@Sun.COM 7110616SSebastien.Roy@Sun.COM typedef struct iptun_addr_s { 7210616SSebastien.Roy@Sun.COM sa_family_t ia_family; 7310616SSebastien.Roy@Sun.COM union { 7410616SSebastien.Roy@Sun.COM ipaddr_t iau_addr4; 7510616SSebastien.Roy@Sun.COM in6_addr_t iau_addr6; 7610616SSebastien.Roy@Sun.COM } ia_addr; 7710616SSebastien.Roy@Sun.COM } iptun_addr_t; 7810616SSebastien.Roy@Sun.COM 7910616SSebastien.Roy@Sun.COM typedef struct iptun_typeinfo { 8010616SSebastien.Roy@Sun.COM iptun_type_t iti_type; 8110616SSebastien.Roy@Sun.COM const char *iti_ident; /* MAC-Type plugin identifier */ 8210616SSebastien.Roy@Sun.COM uint_t iti_ipvers; /* outer header IP version */ 8310616SSebastien.Roy@Sun.COM uint32_t iti_minmtu; /* minimum possible tunnel MTU */ 8410616SSebastien.Roy@Sun.COM uint32_t iti_maxmtu; /* maximum possible tunnel MTU */ 8510616SSebastien.Roy@Sun.COM boolean_t iti_hasraddr; /* has a remote adress */ 8610616SSebastien.Roy@Sun.COM } iptun_typeinfo_t; 8710616SSebastien.Roy@Sun.COM 8810616SSebastien.Roy@Sun.COM /* 8910616SSebastien.Roy@Sun.COM * An iptun_t represents an IP tunnel link. The iptun_lock protects the 9010616SSebastien.Roy@Sun.COM * integrity of all fields except statistics which are updated atomically, and 9110616SSebastien.Roy@Sun.COM * is also used by iptun_upcall_cv and iptun_enter_cv. Access to all fields 9210616SSebastien.Roy@Sun.COM * must be done under the protection of iptun_lock with the following 9310616SSebastien.Roy@Sun.COM * exceptions: 9410616SSebastien.Roy@Sun.COM * 9510616SSebastien.Roy@Sun.COM * The datapath reads certain fields without locks for performance reasons. 9610616SSebastien.Roy@Sun.COM * 9710616SSebastien.Roy@Sun.COM * - IPTUN_IS_RUNNING() is used (read access to iptun_flags IPTUN_BOUND and 9810616SSebastien.Roy@Sun.COM * IPTUN_MAC_STARTED) to drop packets if they're sent while the tunnel is 9910616SSebastien.Roy@Sun.COM * not running. This is harmless as the worst case scenario is that a 10010616SSebastien.Roy@Sun.COM * packet will be needlessly sent down to ip and be dropped due to an 10110616SSebastien.Roy@Sun.COM * unspecified source or destination. 10210616SSebastien.Roy@Sun.COM */ 10310616SSebastien.Roy@Sun.COM typedef struct iptun_s { 10410616SSebastien.Roy@Sun.COM datalink_id_t iptun_linkid; 10510616SSebastien.Roy@Sun.COM kmutex_t iptun_lock; 10610616SSebastien.Roy@Sun.COM kcondvar_t iptun_upcall_cv; 10710616SSebastien.Roy@Sun.COM kcondvar_t iptun_enter_cv; 10810616SSebastien.Roy@Sun.COM uint32_t iptun_flags; 10910616SSebastien.Roy@Sun.COM list_node_t iptun_link; 11010616SSebastien.Roy@Sun.COM mac_handle_t iptun_mh; 11110616SSebastien.Roy@Sun.COM conn_t *iptun_connp; 11210616SSebastien.Roy@Sun.COM zoneid_t iptun_zoneid; 11310616SSebastien.Roy@Sun.COM netstack_t *iptun_ns; 11410616SSebastien.Roy@Sun.COM struct ipsec_tun_pol_s *iptun_itp; 11510616SSebastien.Roy@Sun.COM iptun_typeinfo_t *iptun_typeinfo; 11610616SSebastien.Roy@Sun.COM uint32_t iptun_mtu; 11710616SSebastien.Roy@Sun.COM uint32_t iptun_dpmtu; /* destination path MTU */ 11810616SSebastien.Roy@Sun.COM uint8_t iptun_hoplimit; 11910616SSebastien.Roy@Sun.COM uint8_t iptun_encaplimit; 12010616SSebastien.Roy@Sun.COM iptun_addr_t iptun_laddr; /* local address */ 12110616SSebastien.Roy@Sun.COM iptun_addr_t iptun_raddr; /* remote address */ 12210616SSebastien.Roy@Sun.COM iptun_header_t iptun_header; 12310616SSebastien.Roy@Sun.COM size_t iptun_header_size; 12410616SSebastien.Roy@Sun.COM ipsec_req_t iptun_simple_policy; 12510616SSebastien.Roy@Sun.COM 12610616SSebastien.Roy@Sun.COM /* statistics */ 12710616SSebastien.Roy@Sun.COM uint64_t iptun_ierrors; 12810616SSebastien.Roy@Sun.COM uint64_t iptun_oerrors; 12910616SSebastien.Roy@Sun.COM uint64_t iptun_rbytes; 13010616SSebastien.Roy@Sun.COM uint64_t iptun_obytes; 13110616SSebastien.Roy@Sun.COM uint64_t iptun_ipackets; 13210616SSebastien.Roy@Sun.COM uint64_t iptun_opackets; 13310616SSebastien.Roy@Sun.COM uint64_t iptun_norcvbuf; 13410616SSebastien.Roy@Sun.COM uint64_t iptun_noxmtbuf; 13510616SSebastien.Roy@Sun.COM uint64_t iptun_taskq_fail; 13610616SSebastien.Roy@Sun.COM } iptun_t; 13710616SSebastien.Roy@Sun.COM 13810616SSebastien.Roy@Sun.COM #define iptun_iptuns iptun_ns->netstack_iptun 13910616SSebastien.Roy@Sun.COM #define iptun_laddr4 iptun_laddr.ia_addr.iau_addr4 14010616SSebastien.Roy@Sun.COM #define iptun_laddr6 iptun_laddr.ia_addr.iau_addr6 14110616SSebastien.Roy@Sun.COM #define iptun_raddr4 iptun_raddr.ia_addr.iau_addr4 14210616SSebastien.Roy@Sun.COM #define iptun_raddr6 iptun_raddr.ia_addr.iau_addr6 14310616SSebastien.Roy@Sun.COM #define iptun_header4 iptun_header.ihu_hdr4 14410616SSebastien.Roy@Sun.COM #define iptun_header6 iptun_header.ihu_hdr6 14510616SSebastien.Roy@Sun.COM 14610616SSebastien.Roy@Sun.COM /* iptun_flags */ 14710616SSebastien.Roy@Sun.COM #define IPTUN_BOUND 0x0001 /* tunnel address(es) bound with ip */ 14810616SSebastien.Roy@Sun.COM #define IPTUN_LADDR 0x0002 /* local address is set */ 14910616SSebastien.Roy@Sun.COM #define IPTUN_RADDR 0x0004 /* remote address is set */ 15010616SSebastien.Roy@Sun.COM #define IPTUN_MAC_REGISTERED 0x0008 /* registered with the mac module */ 15110616SSebastien.Roy@Sun.COM #define IPTUN_MAC_STARTED 0x0010 /* iptun_m_start() has been called */ 15210616SSebastien.Roy@Sun.COM #define IPTUN_HASH_INSERTED 0x0020 /* iptun_t in iptun_hash */ 15310616SSebastien.Roy@Sun.COM #define IPTUN_FIXED_MTU 0x0040 /* MTU was set using mtu link prop */ 15410616SSebastien.Roy@Sun.COM #define IPTUN_IMPLICIT 0x0080 /* implicitly created IP tunnel */ 15510616SSebastien.Roy@Sun.COM #define IPTUN_SIMPLE_POLICY 0x0100 /* cached iptun_simple_policy */ 15610616SSebastien.Roy@Sun.COM #define IPTUN_UPCALL_PENDING 0x0200 /* upcall to mac module in progress */ 15710616SSebastien.Roy@Sun.COM #define IPTUN_DELETE_PENDING 0x0400 /* iptun_delete() is issuing upcalls */ 15810616SSebastien.Roy@Sun.COM #define IPTUN_CONDEMNED 0x0800 /* iptun_t is to be freed */ 15910616SSebastien.Roy@Sun.COM 16010616SSebastien.Roy@Sun.COM #define IS_IPTUN_RUNNING(iptun) \ 16110616SSebastien.Roy@Sun.COM ((iptun->iptun_flags & (IPTUN_BOUND | IPTUN_MAC_STARTED)) == \ 16210616SSebastien.Roy@Sun.COM (IPTUN_BOUND | IPTUN_MAC_STARTED)) 16310616SSebastien.Roy@Sun.COM 16410616SSebastien.Roy@Sun.COM /* 165*11042SErik.Nordmark@Sun.COM * iptuns_lock protects iptuns_iptunlist. 16610616SSebastien.Roy@Sun.COM */ 16710616SSebastien.Roy@Sun.COM typedef struct iptun_stack { 16810616SSebastien.Roy@Sun.COM netstack_t *iptuns_netstack; /* Common netstack */ 16910616SSebastien.Roy@Sun.COM kmutex_t iptuns_lock; 17010616SSebastien.Roy@Sun.COM list_t iptuns_iptunlist; /* list of tunnels in this stack. */ 17110616SSebastien.Roy@Sun.COM ipaddr_t iptuns_relay_rtr_addr; 17210616SSebastien.Roy@Sun.COM } iptun_stack_t; 17310616SSebastien.Roy@Sun.COM 17410616SSebastien.Roy@Sun.COM extern dev_info_t *iptun_dip; 17510616SSebastien.Roy@Sun.COM extern mod_hash_t *iptun_hash; 17610616SSebastien.Roy@Sun.COM extern kmem_cache_t *iptun_cache; 17710616SSebastien.Roy@Sun.COM extern ddi_taskq_t *iptun_taskq; 17810616SSebastien.Roy@Sun.COM extern ldi_ident_t iptun_ldi_ident; 17910616SSebastien.Roy@Sun.COM 18010616SSebastien.Roy@Sun.COM extern int iptun_ioc_init(void); 18110616SSebastien.Roy@Sun.COM extern void iptun_ioc_fini(void); 18210616SSebastien.Roy@Sun.COM extern uint_t iptun_count(void); 18310616SSebastien.Roy@Sun.COM extern int iptun_create(iptun_kparams_t *, cred_t *); 18410616SSebastien.Roy@Sun.COM extern int iptun_delete(datalink_id_t, cred_t *); 18510616SSebastien.Roy@Sun.COM extern int iptun_modify(const iptun_kparams_t *, cred_t *); 18610616SSebastien.Roy@Sun.COM extern int iptun_info(iptun_kparams_t *, cred_t *); 18710616SSebastien.Roy@Sun.COM extern int iptun_set_6to4relay(netstack_t *, ipaddr_t); 18810616SSebastien.Roy@Sun.COM extern void iptun_get_6to4relay(netstack_t *, ipaddr_t *); 18910616SSebastien.Roy@Sun.COM extern void iptun_set_policy(datalink_id_t, ipsec_tun_pol_t *); 19010616SSebastien.Roy@Sun.COM 19110616SSebastien.Roy@Sun.COM #endif /* _KERNEL */ 19210616SSebastien.Roy@Sun.COM 19310616SSebastien.Roy@Sun.COM #ifdef __cplusplus 19410616SSebastien.Roy@Sun.COM } 19510616SSebastien.Roy@Sun.COM #endif 19610616SSebastien.Roy@Sun.COM 19710616SSebastien.Roy@Sun.COM #endif /* _INET_IPTUN_IMPL_H */ 198