cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for 10.1R and drop 9.2R.

Browse Source
This commit is contained in:
Jun Kuriyama 2014-12-09 14:34:56 +00:00
parent 4126c83152
commit 6ebb310345
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=374398
7 changed files with 3141 additions and 336 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
net/stf-6rd-kmod/Makefile
View File

@ -14,25 +14,22 @@ COMMENT= 6rd patched stf(4) kernel modules port for 8.4+
ONLY_FOR_ARCHS= amd64 i386
WRKSRC= ${WRKDIR}
SVN_REV= 267655
SVN_REV= 275558
PATCH_STRIP= -p1
#PATCH_DEBUG= YES
USES= kmod
.include <bsd.port.pre.mk>
.if ${OSREL} == "8.4"
#SVN_REV= 255447
PATCHDIR= ${MASTERDIR}/files-8
.elif ${OSREL} == "9.1"
#SVN_REV= 255448
.elif ${OSREL} == "9.2"
#SVN_REV= 255444
PATCHDIR= ${MASTERDIR}/files-9.2
PATCHDIR= ${MASTERDIR}/files-9.1
.elif ${OSREL} == "9.3"
#SVN_REV= 267655
PATCHDIR= ${MASTERDIR}/files-9.2
#.elif ${OSREL} == "10.0"
##SVN_REV= 258913
#PATCHDIR= ${MASTERDIR}/files-10.0
PATCHDIR= ${MASTERDIR}/files-9
.elif ${OSREL} == "10.1"
PATCHDIR= ${MASTERDIR}/files-10
.else
IGNORE= not supported $${OSREL} (${OSREL})
.endif
@ -44,9 +41,6 @@ post-extract:
${CP} -Rp ${SRC_BASE}/share/man/man4 ${WRKSRC}/share/man/
${CP} -Rp ${WRKSRC}/tmp/* ${WRKSRC}/sys/
pre-patch:
${REINPLACE_CMD} -e 's|\.Dd July 23, 2011|.Dd April 27, 2001|' ${WRKSRC}/share/man/man4/stf.4
do-build:
cd ${WRKSRC}/sys/modules/if_stf; ${MAKE} DEBUG_FLAGS=-g
@ -59,14 +53,24 @@ do-install:
# For maintainer only.
SVN_MIRROR?= http://svn.freebsd.org/base
EXPDIR= ${WRKSRC}/src/sys
maintainer-tar-all:
.for r in 8.4 9.1 9.3 10.1
${MAKE} OSREL=${r} OSVERSION=${r:C/\.//}0000 UNAMER=${r}-RELEASE maintainer-tar
.endfor
maintainer-diff:
.for r in 8 9 10
${FETCH_CMD} -o ${MASTERDIR}/files-${r}/patch-aa https://github.com/kuriyama/freebsd/compare/freebsd:stable/${r}...6rd-stable-${r}.diff
.endfor
${FETCH_CMD} -o ${MASTERDIR}/files-9.1/patch-aa https://github.com/kuriyama/freebsd/compare/freebsd:releng/9.1...6rd-releng-9.1.diff
maintainer-tar:
.for _osrel in 8.4 9.1 9.2 9.3 10.0
-${RM} -rf ${EXPDIR}
${MKDIR} ${EXPDIR}
cd ${EXPDIR} && svn export -r ${SVN_REV} ${SVN_MIRROR}/releng/${_osrel}/sys/net net
cd ${EXPDIR} && svn export -r ${SVN_REV} ${SVN_MIRROR}/releng/${_osrel}/sys/modules/if_stf modules/if_stf
cd ${EXPDIR} && ${TAR} cfz ${DISTDIR}/freebsd-stf-${_osrel}-${PORTVERSION}${EXTRACT_SUFX} net modules
.endfor
cd ${EXPDIR} && svn export -r ${SVN_REV} ${SVN_MIRROR}/releng/${OSREL}/sys/net net
cd ${EXPDIR} && svn export -r ${SVN_REV} ${SVN_MIRROR}/releng/${OSREL}/sys/modules/if_stf modules/if_stf
${SH} ${MASTERDIR}/files/fixup_mtime.sh ${EXPDIR} ${SVN_REV} ${SVN_MIRROR} ${OSREL}
cd ${EXPDIR} && ${TAR} cfz ${DISTDIR}/freebsd-stf-${OSREL}-${PORTVERSION}${EXTRACT_SUFX} net modules
maintainer-check:
@new=`svn log -ql 1 ${SVN_MIRROR}@HEAD releng/${OSREL}/sys/net/if_stf.c | ${GREP} -v ^- | ${SED} -e 's| .*||'`;\
@ -75,9 +79,10 @@ maintainer-check:
make-distinfo:
${RM} -f distinfo.tmp.*
.for r in 8.4 9.1 9.2 9.3 10.0
${MAKE} OSREL=${r} DISTINFO_FILE=${MASTERDIR}/distinfo.tmp.${r} makesum
.for r in 8.4 9.1 9.3 10.1
${MAKE} OSREL=${r} OSVERSION=${r:C/\.//}0000 UNAMER=${r}-RELEASE DISTINFO_FILE=${MASTERDIR}/distinfo.tmp.${r} makesum
.endfor
${CAT} ${MASTERDIR}/distinfo.tmp.* > ${MASTERDIR}/distinfo
${RM} -f distinfo.tmp.*
.include <bsd.port.post.mk>

18
net/stf-6rd-kmod/distinfo
View File

@ -1,10 +1,8 @@
SHA256 (freebsd-stf-10.0-0.267655.tar.gz) = 492bc45cf0b9651dde008199920435c782bad71616398e0c52814a381578adae
SIZE (freebsd-stf-10.0-0.267655.tar.gz) = 535733
SHA256 (freebsd-stf-8.4-0.267655.tar.gz) = 0c4dc42d0bbf8946cbde58f7047cd293a7de647f88db100ffe5db37125c635c0
SIZE (freebsd-stf-8.4-0.267655.tar.gz) = 504670
SHA256 (freebsd-stf-9.1-0.267655.tar.gz) = 239f90a4ac81d4b6f3ceb82a59e3d9a9152b08f611c9d7557dbca17877bb0ab9
SIZE (freebsd-stf-9.1-0.267655.tar.gz) = 510463
SHA256 (freebsd-stf-9.2-0.267655.tar.gz) = 7acfa2a90d6abf87302008a5357411b0732217d10b1e1c0b4cce292626a2024b
SIZE (freebsd-stf-9.2-0.267655.tar.gz) = 514295
SHA256 (freebsd-stf-9.3-0.267655.tar.gz) = 2ffb08ff5abcbed586623237e9e4a3891492ac592557eef250b67fd74c3749de
SIZE (freebsd-stf-9.3-0.267655.tar.gz) = 529933
SHA256 (freebsd-stf-10.1-0.275558.tar.gz) = f63f044ff403702601caf77ea6be8471df6cc63a747870eb8c1b618720508b6a
SIZE (freebsd-stf-10.1-0.275558.tar.gz) = 543214
SHA256 (freebsd-stf-8.4-0.275558.tar.gz) = 0496e8a23e55725f47e72e587b74b4963c11fdc98afe49e94aee861a0fad83bf
SIZE (freebsd-stf-8.4-0.275558.tar.gz) = 500025
SHA256 (freebsd-stf-9.1-0.275558.tar.gz) = dbcecda506697d7255220838146a8af3d10a3986e67f942ef4efe0cb91d5a72e
SIZE (freebsd-stf-9.1-0.275558.tar.gz) = 509740
SHA256 (freebsd-stf-9.3-0.275558.tar.gz) = 09c9a4dbafbb13bd1d6bbbe99792a7185725cd028a34228ed4be8bdc656e331b
SIZE (freebsd-stf-9.3-0.275558.tar.gz) = 528285

1298
net/stf-6rd-kmod/files-10/patch-aa Normal file
View File

File diff suppressed because it is too large Load Diff

493
net/stf-6rd-kmod/files/patch-stf_6rd_20100923-1.diff → net/stf-6rd-kmod/files-8/patch-aa
View File

@ -1,7 +1,181 @@
Index: sys/net/if_stf.c
===================================================================
--- sys/net/if_stf.c (revision 212820)
+++ sys/net/if_stf.c (working copy)
diff --git a/share/man/man4/stf.4 b/share/man/man4/stf.4
index 1178e03..9008738 100644
--- a/share/man/man4/stf.4
+++ b/share/man/man4/stf.4
@@ -1,6 +1,7 @@
.\" $KAME: stf.4,v 1.35 2001/05/02 06:24:49 itojun Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+.\" Copyright (c) 2010 Hiroki Sato <hrs@FreeBSD.org>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -42,21 +43,11 @@ tunnel interface
.Sh DESCRIPTION
The
.Nm
-interface supports
-.Dq 6to4
-IPv6 in IPv4 encapsulation.
-It can tunnel IPv6 traffic over IPv4, as specified in
-.Li RFC3056 .
-.Pp
-For ordinary nodes in 6to4 site, you do not need
-.Nm
-interface.
-The
-.Nm
-interface is necessary for site border router
-(called
-.Dq 6to4 router
-in the specification).
+interface supports IPv6 in IPv4 encapsulation by
+tunneling IPv6 traffic over IPv4, as specified in
+.Li RFC3056 Pq 6to4
+and
+.Li RFC5569 Pq 6rd .
.Pp
Each
.Nm
@@ -72,12 +63,28 @@ variable in
.Pp
Due to the way 6to4 protocol is specified,
.Nm
-interface requires certain configuration to work properly.
+interface requires certain configuration to work properly. Two
+different protocols defined in RFC3056 and RFC5569 are basically the
+same as each other except for address handling, so
+.Nm
+decides its behavior based on the configured IPv6 addresses as
+explained in the following.
+The
+.Nm
+interface can be configured with multiple IPv6 addresses including
+both 6to4 and 6rd.
+.Sh RFC3056 (a.k.a. 6to4)
Single
-(no more than 1)
-valid 6to4 address needs to be configured to the interface.
-.Dq A valid 6to4 address
-is an address which has the following properties.
+.Pq no more than 1 valid 6to4 address needs to be configured to the interface.
+.Dq a valid 6to4 address
+is an address which has the following properties. For ordinary nodes
+in 6to4 site, you do not need
+.Nm
+interface; it is necessary only for site border router
+(called
+.Dq 6to4 router
+in the specification).
+.Pp
If any of the following properties are not satisfied,
.Nm
raises runtime error on packet transmission.
@@ -110,6 +117,78 @@ you may want to configure IPv6 prefix length as
.Nm
interface will check the IPv4 source address on packets,
if the IPv6 prefix length is larger than 16.
+.Sh RFC5569 (a.k.a. 6rd)
+The
+.Nm
+interface works in the 6rd mode when one or more IPv6 addresses that
+consists of an IPv6 prefix and 32-bit IPv4 part with a prefix length
+equal to or shorter than 64. In 6rd protocol, an IPv6 address
+.Li 2001:db8:c000:205::1/32
+means the following, for example:
+.Bl -bullet
+.It
+The 6rd relay prefix is
+.Li 2001:db8::/32 .
+.It
+The 6rd router's IPv4 address is
+.Li 192.0.2.5 .
+.El
+.Pp
+As you can see the IPv4 address is embedded in the IPv6 address just
+after the prefix. While you can choose an IPv6 prefix length other
+than 32, it must be from 0 to 32.
+.Pp
+Assuming this address is configured on the
+.Nm
+interface, it does the following:
+.Bl -bullet
+.It
+An incoming IPv6 packet on
+.Nm
+will be encapsuled in an IPv4 packet with the source address
+.Li 192.0.2.5
+and then the IPv4 packet is delivered based on the IPv4 routing table.
+The IPv4 destination address is calculated from the destination
+address of the original IPv6 packet in the same way as the source.
+.It
+An incoming IPv4 packet which encapsules an IPv6 packet whose
+destination address matches a 6rd prefix with embedded IPv4 address
+configured on the
+.Nm
+interface, the IPv6 packet will be decapsulated and delivered based on
+the IPv6 routing table. Note that
+.Nm
+interface normally has a route which covers whole range of a 6rd relay
+prefix, the delivered IPv6 packet can return to
+.Nm
+if there is no more specific route. In that case, the returned packet
+will be discarded silently.
+.El
+.\" XXX: example configuration will be added
+.\" .Pp
+.\" By using this interface, you can configure a 6rd domain. For simplicity,
+.\" we assume the following here:
+.\" .Bl -bullet
+.\" .It
+.\" A 6rd Customer, who has an IPv6/IPv4 LAN and an IPv4-only access
+.\" toward network of his Internet Service Provider. The Customer has
+.\" a router called
+.\" .Dq CE Pq Customer Edge
+.\" Router, which can communicate between his LAN and the ISP over IPv4
+.\" and encapsulate
+.\" his networks.
+.\" .It
+.\" A 6rd Provider, who provides IPv6 Internet reachability by using 6rd
+.\" protocol. The Provider offers access to a router called
+.\" .Dq PE Pq Provider Edge
+.\" Router, which can communicate with
+.\" .El
+.\" .Pp
+.\" A 6rd customer
+.\" needs to configure
+.\" .Nm
+.\" on his CE (Customer Edge) router.
+.Sh Other Functionality of the Interface
.Pp
.Nm
can be configured to be ECN friendly.
@@ -147,9 +226,6 @@ Packets with IPv4 multicast address as outer IPv4 source/destination
Packets with limited broadcast address as outer IPv4 source/destination
.Pq Li 255.0.0.0/8
.It
-Packets with private address as outer IPv4 source/destination
-.Pq Li 10.0.0.0/8 , 172.16.0.0/12 , 192.168.0.0/16
-.It
Packets with subnet broadcast address as outer IPv4 source/destination.
The check is made against subnet broadcast addresses for
all of the directly connected subnets.
@@ -164,6 +240,11 @@ The same set of rules are applied against the IPv4 address embedded into
inner IPv6 address, if the IPv6 address matches 6to4 prefix.
.El
.Pp
+In addition to them, packets with private address as outer IPv4
+source/destination
+.Pq Li 10.0.0.0/8 , 172.16.0.0/12 , 192.168.0.0/16
+are filtered out only in the 6to4 mode.
+.Pp
It is recommended to filter/audit
incoming IPv4 packet with IP protocol number 41, as necessary.
It is also recommended to filter/audit encapsulated IPv6 packets as well.
diff --git a/sys/net/if_stf.c b/sys/net/if_stf.c
index e32956e..da4d2aa 100644
--- a/sys/net/if_stf.c
+++ b/sys/net/if_stf.c
@@ -3,6 +3,7 @@
/*-
@ -73,7 +247,7 @@ Index: sys/net/if_stf.c
+SYSCTL_VNET_INT(_net_link_stf, OID_AUTO, route_cache, CTLFLAG_RW,
+ &VNET_NAME(stf_route_cache), 0,
+ "Enable caching of IPv4 routes for 6to4 output.");
+
+#if STF_DEBUG
+static VNET_DEFINE(int, stf_debug) = 0;
+#define V_stf_debug VNET(stf_debug)
@ -81,13 +255,13 @@ Index: sys/net/if_stf.c
+ &VNET_NAME(stf_debug), 0,
+ "Enable displaying verbose debug message of stf interfaces");
+#endif
+
#define STFNAME "stf"
-#define STFUNIT 0
#define IN6_IS_ADDR_6TO4(x) (ntohs((x)->s6_addr16[0]) == 0x2002)
@@ -145,17 +178,26 @@
@@ -145,17 +178,26 @@ struct stf_softc {
struct route_in6 __sc_ro6; /* just for safety */
} __sc_ro46;
#define sc_ro __sc_ro46.__sc_ro4
@ -119,7 +293,7 @@ Index: sys/net/if_stf.c
static const int ip_stf_ttl = 40;
extern struct domain inetdomain;
@@ -170,8 +212,6 @@
@@ -170,8 +212,6 @@ struct protosw in_stf_protosw = {
.pr_usrreqs = &rip_usrreqs
};
@ -128,17 +302,18 @@ Index: sys/net/if_stf.c
static int stfmodevent(module_t, int, void *);
static int stf_encapcheck(const struct mbuf *, int, int, void *);
static struct in6_ifaddr *stf_getsrcifa6(struct ifnet *);
@@ -184,68 +224,45 @@
@@ -184,68 +224,45 @@ static int stf_checkaddr6(struct stf_softc *, struct in6_addr *,
struct ifnet *);
static void stf_rtrequest(int, struct rtentry *, struct rt_addrinfo *);
static int stf_ioctl(struct ifnet *, u_long, caddr_t);
+static int stf_is_up(struct ifnet *);
-
-static int stf_clone_match(struct if_clone *, const char *);
-static int stf_clone_create(struct if_clone *, char *, size_t, caddr_t);
-static int stf_clone_destroy(struct if_clone *, struct ifnet *);
-struct if_clone stf_cloner = IFC_CLONE_INITIALIZER(STFNAME, NULL, 0,
- NULL, stf_clone_match, stf_clone_create, stf_clone_destroy);
+static int stf_is_up(struct ifnet *);
+
+#define STF_GETIN4_USE_CACHE 1
+static struct sockaddr_in *stf_getin4addr(struct sockaddr_in *,
+ struct ifaddr *,
@ -151,13 +326,15 @@ Index: sys/net/if_stf.c
+ struct sockaddr_in6 *);
+static int stf_clone_create(struct if_clone *, int, caddr_t);
+static void stf_clone_destroy(struct ifnet *);
-static int
-stf_clone_match(struct if_clone *ifc, const char *name)
-{
- int i;
+
+IFC_SIMPLE_DECLARE(stf, 0);
static int
-stf_clone_match(struct if_clone *ifc, const char *name)
+stf_clone_create(struct if_clone *ifc, int unit, caddr_t params)
{
- int i;
-
- for(i = 0; stfnames[i] != NULL; i++) {
- if (strcmp(stfnames[i], name) == 0)
- return (1);
@ -166,10 +343,9 @@ Index: sys/net/if_stf.c
- return (0);
-}
-
static int
-static int
-stf_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params)
+stf_clone_create(struct if_clone *ifc, int unit, caddr_t params)
{
-{
- int err, unit;
struct stf_softc *sc;
struct ifnet *ifp;
@ -217,7 +393,7 @@ Index: sys/net/if_stf.c
return (ENOMEM);
}
@@ -255,41 +272,57 @@
@@ -255,41 +272,57 @@ stf_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params)
ifp->if_snd.ifq_maxlen = ifqmaxlen;
if_attach(ifp);
bpfattach(ifp, DLT_NULL, sizeof(u_int32_t));
@ -254,17 +430,17 @@ Index: sys/net/if_stf.c
- return (0);
+ return;
}
+}
+
+static void
+vnet_stf_init(const void *unused __unused)
+{
+
+ LIST_INIT(&V_stf_softc_list);
+}
}
+VNET_SYSINIT(vnet_stf_init, SI_SUB_PSEUDO, SI_ORDER_MIDDLE, vnet_stf_init,
+ NULL);
+
static int
-stfmodevent(mod, type, data)
- module_t mod;
@ -284,7 +460,7 @@ Index: sys/net/if_stf.c
break;
default:
return (EOPNOTSUPP);
@@ -305,28 +338,31 @@
@@ -305,28 +338,31 @@ static moduledata_t stf_mod = {
};
DECLARE_MODULE(if_stf, stf_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
@ -324,7 +500,7 @@ Index: sys/net/if_stf.c
return 0;
if (proto != IPPROTO_IPV6)
@@ -338,86 +374,162 @@
@@ -338,86 +374,162 @@ stf_encapcheck(m, off, proto, arg)
if (ip.ip_v != 4)
return 0;
@ -383,6 +559,12 @@ Index: sys/net/if_stf.c
- bzero(&a, sizeof(a));
- bcopy(GET_V4(&ia6->ia_addr.sin6_addr), &a, sizeof(a));
- bcopy(GET_V4(&ia6->ia_prefixmask.sin6_addr), &mask, sizeof(mask));
- ifa_free(&ia6->ia_ifa);
- a.s_addr &= mask.s_addr;
- b = ip.ip_src;
- b.s_addr &= mask.s_addr;
- if (a.s_addr != b.s_addr)
- return 0;
+ DEBUG_PRINTF(1, "%s: check2: ia6->ia_addr is 2002::/16?\n", __func__);
+ if (IN6_IS_ADDR_6TO4(&ia6->ia_addr.sin6_addr)) {
+ /* 6to4 (RFC 3056) */
@ -416,7 +598,7 @@ Index: sys/net/if_stf.c
+ __func__);
+ }
+#endif
+
+ if ((ia6_in4addr.sin_addr.s_addr & ia6_in4mask.sin_addr.s_addr) !=
+ (ip.ip_src.s_addr & ia6_in4mask.sin_addr.s_addr)) {
+ DEBUG_PRINTF(1, "%s: check3: false. Ignore this packet.\n",
@ -438,18 +620,12 @@ Index: sys/net/if_stf.c
+ */
+ }
+ DEBUG_PRINTF(1, "%s: all clear!\n", __func__);
+ /* stf interface makes single side match only */
/* stf interface makes single side match only */
- return 32;
+ ret = 32;
+freeit:
ifa_free(&ia6->ia_ifa);
- a.s_addr &= mask.s_addr;
- b = ip.ip_src;
- b.s_addr &= mask.s_addr;
- if (a.s_addr != b.s_addr)
- return 0;
- /* stf interface makes single side match only */
- return 32;
+ ifa_free(&ia6->ia_ifa);
+
+ return (ret);
}
@ -530,7 +706,7 @@ Index: sys/net/if_stf.c
struct sockaddr_in *dst4;
u_int8_t tos;
struct ip *ip;
@@ -479,20 +591,28 @@
@@ -479,20 +591,28 @@ stf_output(ifp, m, dst, ro)
/*
* Pickup the right outer dst addr from the list of candidates.
* ip6_dst has priority as it may be able to give us shorter IPv4 hops.
@ -566,14 +742,12 @@ Index: sys/net/if_stf.c
if (bpf_peers_present(ifp->if_bpf)) {
/*
* We need to prepend the address family as
@@ -516,11 +636,26 @@
@@ -516,11 +636,26 @@ stf_output(ifp, m, dst, ro)
ip = mtod(m, struct ip *);
bzero(ip, sizeof(*ip));
+ bcopy(&in4.sin_addr, &ip->ip_dst, sizeof(ip->ip_dst));
- bcopy(GET_V4(&((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr),
- &ip->ip_src, sizeof(ip->ip_src));
+
+ sin = stf_getin4addr_sin6(&in4, &ia6->ia_ifa, &ia6->ia_addr);
+ if (sin == NULL) {
+ ifa_free(&ia6->ia_ifa);
@ -586,7 +760,9 @@ Index: sys/net/if_stf.c
+ {
+ char buf[INET6_ADDRSTRLEN + 1];
+ memset(&buf, 0, sizeof(buf));
+
- bcopy(GET_V4(&((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr),
- &ip->ip_src, sizeof(ip->ip_src));
+ ip_sprintf(buf, &ip->ip_src);
+ DEBUG_PRINTF(1, "%s: ip_src = %s\n", __func__, buf);
+ }
@ -596,7 +772,7 @@ Index: sys/net/if_stf.c
ip->ip_p = IPPROTO_IPV6;
ip->ip_ttl = ip_stf_ttl;
ip->ip_len = m->m_pkthdr.len; /*host order*/
@@ -529,7 +664,7 @@
@@ -529,7 +664,7 @@ stf_output(ifp, m, dst, ro)
else
ip_ecn_ingress(ECN_NOCARE, &ip->ip_tos, &tos);
@ -605,7 +781,7 @@ Index: sys/net/if_stf.c
cached_route = NULL;
goto sendit;
}
@@ -537,7 +672,7 @@
@@ -537,7 +672,7 @@ stf_output(ifp, m, dst, ro)
/*
* Do we have a cached route?
*/
@ -614,25 +790,24 @@ Index: sys/net/if_stf.c
dst4 = (struct sockaddr_in *)&sc->sc_ro.ro_dst;
if (dst4->sin_family != AF_INET ||
bcmp(&dst4->sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)) != 0) {
@@ -555,44 +690,48 @@
@@ -555,8 +690,15 @@ stf_output(ifp, m, dst, ro)
rtalloc_fib(&sc->sc_ro, sc->sc_fibnum);
if (sc->sc_ro.ro_rt == NULL) {
m_freem(m);
- mtx_unlock(&(sc)->sc_ro_mtx);
ifp->if_oerrors++;
+ STF_UNLOCK(sc);
return ENETUNREACH;
}
+ return ENETUNREACH;
+ }
+ if (sc->sc_ro.ro_rt->rt_ifp == ifp) {
+ /* infinite loop detection */
+ m_free(m);
+ ifp->if_oerrors++;
+ STF_UNLOCK(sc);
+ return ENETUNREACH;
+ }
return ENETUNREACH;
}
}
cached_route = &sc->sc_ro;
@@ -565,34 +707,31 @@ stf_output(ifp, m, dst, ro)
sendit:
M_SETFIB(m, sc->sc_fibnum);
ifp->if_opackets++;
@ -674,7 +849,7 @@ Index: sys/net/if_stf.c
{
struct in_ifaddr *ia4;
@@ -608,20 +747,10 @@
@@ -608,20 +747,10 @@ stf_checkaddr4(sc, in, inifp)
}
/*
@ -696,7 +871,7 @@ Index: sys/net/if_stf.c
if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0)
continue;
if (in->s_addr == ia4->ia_broadaddr.sin_addr.s_addr) {
@@ -640,7 +769,7 @@
@@ -640,7 +769,7 @@ stf_checkaddr4(sc, in, inifp)
bzero(&sin, sizeof(sin));
sin.sin_family = AF_INET;
@ -705,7 +880,7 @@ Index: sys/net/if_stf.c
sin.sin_addr = *in;
rt = rtalloc1_fib((struct sockaddr *)&sin, 0,
0UL, sc->sc_fibnum);
@@ -661,10 +790,7 @@
@@ -661,10 +790,7 @@ stf_checkaddr4(sc, in, inifp)
}
static int
@ -717,7 +892,7 @@ Index: sys/net/if_stf.c
{
/*
* check 6to4 addresses
@@ -688,9 +814,7 @@
@@ -688,9 +814,7 @@ stf_checkaddr6(sc, in6, inifp)
}
void
@ -728,7 +903,7 @@ Index: sys/net/if_stf.c
{
int proto;
struct stf_softc *sc;
@@ -698,6 +822,7 @@
@@ -698,6 +822,7 @@ in_stf_input(m, off)
struct ip6_hdr *ip6;
u_int8_t otos, itos;
struct ifnet *ifp;
@ -736,7 +911,7 @@ Index: sys/net/if_stf.c
proto = mtod(m, struct ip *)->ip_p;
@@ -721,6 +846,17 @@
@@ -721,6 +846,17 @@ in_stf_input(m, off)
mac_ifnet_create_mbuf(ifp, m);
#endif
@ -754,7 +929,7 @@ Index: sys/net/if_stf.c
/*
* perform sanity check against outer src/dst.
* for source, perform ingress filter as well.
@@ -741,6 +877,17 @@
@@ -741,6 +877,17 @@ in_stf_input(m, off)
}
ip6 = mtod(m, struct ip6_hdr *);
@ -772,7 +947,7 @@ Index: sys/net/if_stf.c
/*
* perform sanity check against inner src/dst.
* for source, perform ingress filter as well.
@@ -751,6 +898,41 @@
@@ -751,6 +898,41 @@ in_stf_input(m, off)
return;
}
@ -814,7 +989,7 @@ Index: sys/net/if_stf.c
itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
if ((ifp->if_flags & IFF_LINK1) != 0)
ip_ecn_egress(ECN_ALLOWED, &otos, &itos);
@@ -760,7 +942,7 @@
@@ -760,7 +942,7 @@ in_stf_input(m, off)
ip6->ip6_flow |= htonl((u_int32_t)itos << 20);
m->m_pkthdr.rcvif = ifp;
@ -823,7 +998,7 @@ Index: sys/net/if_stf.c
if (bpf_peers_present(ifp->if_bpf)) {
/*
* We need to prepend the address family as
@@ -773,6 +955,7 @@
@@ -773,6 +955,7 @@ in_stf_input(m, off)
bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m);
}
@ -831,7 +1006,7 @@ Index: sys/net/if_stf.c
/*
* Put the packet to the network layer input queue according to the
* specified address family.
@@ -786,27 +969,277 @@
@@ -787,27 +970,277 @@ in_stf_input(m, off)
/* ARGSUSED */
static void
@ -853,7 +1028,7 @@ Index: sys/net/if_stf.c
- u_long cmd;
- caddr_t data;
+stf_is_up(struct ifnet *ifp)
{
+{
+ struct stf_softc *scp;
+ struct stf_softc *sc_cur;
+ struct stf_softc *sc_is_up;
@ -1085,7 +1260,7 @@ Index: sys/net/if_stf.c
+
+static int
+stf_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
+{
{
struct ifaddr *ifa;
struct ifreq *ifr;
- struct sockaddr_in6 *sin6;
@ -1119,7 +1294,7 @@ Index: sys/net/if_stf.c
error = 0;
switch (cmd) {
case SIOCSIFADDR:
@@ -815,17 +1248,16 @@
@@ -816,17 +1249,16 @@ stf_ioctl(ifp, cmd, data)
error = EAFNOSUPPORT;
break;
}
@ -1144,189 +1319,3 @@ Index: sys/net/if_stf.c
ifa->ifa_rtrequest = stf_rtrequest;
ifp->if_flags |= IFF_UP;
break;
Index: share/man/man4/stf.4
===================================================================
--- share/man/man4/stf.4 (revision 212990)
+++ share/man/man4/stf.4 (working copy)
@@ -1,6 +1,7 @@
.\" $KAME: stf.4,v 1.35 2001/05/02 06:24:49 itojun Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+.\" Copyright (c) 2010 Hiroki Sato <hrs@FreeBSD.org>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -29,7 +30,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd April 27, 2001
+.Dd September 23, 2010
.Dt STF 4
.Os
.Sh NAME
@@ -42,22 +43,12 @@
.Sh DESCRIPTION
The
.Nm
-interface supports
-.Dq 6to4
-IPv6 in IPv4 encapsulation.
-It can tunnel IPv6 traffic over IPv4, as specified in
-.Li RFC3056 .
+interface supports IPv6 in IPv4 encapsulation by
+tunneling IPv6 traffic over IPv4, as specified in
+.Li RFC3056 Pq 6to4
+and
+.Li RFC5569 Pq 6rd .
.Pp
-For ordinary nodes in 6to4 site, you do not need
-.Nm
-interface.
-The
-.Nm
-interface is necessary for site border router
-(called
-.Dq 6to4 router
-in the specification).
-.Pp
Each
.Nm
interface is created at runtime using interface cloning.
@@ -72,12 +63,28 @@
.Pp
Due to the way 6to4 protocol is specified,
.Nm
-interface requires certain configuration to work properly.
+interface requires certain configuration to work properly. Two
+different protocols defined in RFC3056 and RFC5569 are basically the
+same as each other except for address handling, so
+.Nm
+decides its behavior based on the configured IPv6 addresses as
+explained in the following.
+The
+.Nm
+interface can be configured with multiple IPv6 addresses including
+both 6to4 and 6rd.
+.Sh RFC3056 (a.k.a. 6to4)
Single
-(no more than 1)
-valid 6to4 address needs to be configured to the interface.
-.Dq A valid 6to4 address
-is an address which has the following properties.
+.Pq no more than 1 valid 6to4 address needs to be configured to the interface.
+.Dq a valid 6to4 address
+is an address which has the following properties. For ordinary nodes
+in 6to4 site, you do not need
+.Nm
+interface; it is necessary only for site border router
+(called
+.Dq 6to4 router
+in the specification).
+.Pp
If any of the following properties are not satisfied,
.Nm
raises runtime error on packet transmission.
@@ -110,8 +117,80 @@
.Nm
interface will check the IPv4 source address on packets,
if the IPv6 prefix length is larger than 16.
+.Sh RFC5569 (a.k.a. 6rd)
+The
+.Nm
+interface works in the 6rd mode when one or more IPv6 addresses that
+consists of an IPv6 prefix and 32-bit IPv4 part with a prefix length
+equal to or shorter than 64. In 6rd protocol, an IPv6 address
+.Li 2001:db8:c000:205::1/32
+means the following, for example:
+.Bl -bullet
+.It
+The 6rd relay prefix is
+.Li 2001:db8::/32 .
+.It
+The 6rd router's IPv4 address is
+.Li 192.0.2.5 .
+.El
.Pp
+As you can see the IPv4 address is embedded in the IPv6 address just
+after the prefix. While you can choose an IPv6 prefix length other
+than 32, it must be from 0 to 32.
+.Pp
+Assuming this address is configured on the
.Nm
+interface, it does the following:
+.Bl -bullet
+.It
+An incoming IPv6 packet on
+.Nm
+will be encapsuled in an IPv4 packet with the source address
+.Li 192.0.2.5
+and then the IPv4 packet is delivered based on the IPv4 routing table.
+The IPv4 destination address is calculated from the destination
+address of the original IPv6 packet in the same way as the source.
+.It
+An incoming IPv4 packet which encapsules an IPv6 packet whose
+destination address matches a 6rd prefix with embedded IPv4 address
+configured on the
+.Nm
+interface, the IPv6 packet will be decapsulated and delivered based on
+the IPv6 routing table. Note that
+.Nm
+interface normally has a route which covers whole range of a 6rd relay
+prefix, the delivered IPv6 packet can return to
+.Nm
+if there is no more specific route. In that case, the returned packet
+will be discarded silently.
+.El
+.\" XXX: example configuration will be added
+.\" .Pp
+.\" By using this interface, you can configure a 6rd domain. For simplicity,
+.\" we assume the following here:
+.\" .Bl -bullet
+.\" .It
+.\" A 6rd Customer, who has an IPv6/IPv4 LAN and an IPv4-only access
+.\" toward network of his Internet Service Provider. The Customer has
+.\" a router called
+.\" .Dq CE Pq Customer Edge
+.\" Router, which can communicate between his LAN and the ISP over IPv4
+.\" and encapsulate
+.\" his networks.
+.\" .It
+.\" A 6rd Provider, who provides IPv6 Internet reachability by using 6rd
+.\" protocol. The Provider offers access to a router called
+.\" .Dq PE Pq Provider Edge
+.\" Router, which can communicate with
+.\" .El
+.\" .Pp
+.\" A 6rd customer
+.\" needs to configure
+.\" .Nm
+.\" on his CE (Customer Edge) router.
+.Sh Other Functionality of the Interface
+.Pp
+.Nm
can be configured to be ECN friendly.
This can be configured by
.Dv IFF_LINK1 .
@@ -147,9 +226,6 @@
Packets with limited broadcast address as outer IPv4 source/destination
.Pq Li 255.0.0.0/8
.It
-Packets with private address as outer IPv4 source/destination
-.Pq Li 10.0.0.0/8 , 172.16.0.0/12 , 192.168.0.0/16
-.It
Packets with subnet broadcast address as outer IPv4 source/destination.
The check is made against subnet broadcast addresses for
all of the directly connected subnets.
@@ -164,6 +240,11 @@
inner IPv6 address, if the IPv6 address matches 6to4 prefix.
.El
.Pp
+In addition to them, packets with private address as outer IPv4
+source/destination
+.Pq Li 10.0.0.0/8 , 172.16.0.0/12 , 192.168.0.0/16
+are filtered out only in the 6to4 mode.
+.Pp
It is recommended to filter/audit
incoming IPv4 packet with IP protocol number 41, as necessary.
It is also recommended to filter/audit encapsulated IPv6 packets as well.

1321
net/stf-6rd-kmod/files-9.1/patch-aa Normal file
View File

File diff suppressed because it is too large Load Diff

284
net/stf-6rd-kmod/files-9.2/patch-if_stf.c → net/stf-6rd-kmod/files-9/patch-aa
View File

@ -1,5 +1,181 @@
--- sys/net/if_stf.c.orig 2013-03-27 03:57:25.000000000 +0900
+++ sys/net/if_stf.c 2014-07-22 00:08:07.662461319 +0900
diff --git a/share/man/man4/stf.4 b/share/man/man4/stf.4
index 5e32763..33dbab9 100644
--- a/share/man/man4/stf.4
+++ b/share/man/man4/stf.4
@@ -1,6 +1,7 @@
.\" $KAME: stf.4,v 1.35 2001/05/02 06:24:49 itojun Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+.\" Copyright (c) 2010 Hiroki Sato <hrs@FreeBSD.org>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -42,21 +43,11 @@ tunnel interface
.Sh DESCRIPTION
The
.Nm
-interface supports
-.Dq 6to4
-IPv6 in IPv4 encapsulation.
-It can tunnel IPv6 traffic over IPv4, as specified in
-.Li RFC3056 .
-.Pp
-For ordinary nodes in 6to4 site, you do not need
-.Nm
-interface.
-The
-.Nm
-interface is necessary for site border router
-(called
-.Dq 6to4 router
-in the specification).
+interface supports IPv6 in IPv4 encapsulation by
+tunneling IPv6 traffic over IPv4, as specified in
+.Li RFC3056 Pq 6to4
+and
+.Li RFC5569 Pq 6rd .
.Pp
Each
.Nm
@@ -72,12 +63,28 @@ variable in
.Pp
Due to the way 6to4 protocol is specified,
.Nm
-interface requires certain configuration to work properly.
+interface requires certain configuration to work properly. Two
+different protocols defined in RFC3056 and RFC5569 are basically the
+same as each other except for address handling, so
+.Nm
+decides its behavior based on the configured IPv6 addresses as
+explained in the following.
+The
+.Nm
+interface can be configured with multiple IPv6 addresses including
+both 6to4 and 6rd.
+.Sh RFC3056 (a.k.a. 6to4)
Single
-(no more than 1)
-valid 6to4 address needs to be configured to the interface.
-.Dq A valid 6to4 address
-is an address which has the following properties.
+.Pq no more than 1 valid 6to4 address needs to be configured to the interface.
+.Dq a valid 6to4 address
+is an address which has the following properties. For ordinary nodes
+in 6to4 site, you do not need
+.Nm
+interface; it is necessary only for site border router
+(called
+.Dq 6to4 router
+in the specification).
+.Pp
If any of the following properties are not satisfied,
.Nm
raises runtime error on packet transmission.
@@ -110,6 +117,78 @@ you may want to configure IPv6 prefix length as
.Nm
interface will check the IPv4 source address on packets,
if the IPv6 prefix length is larger than 16.
+.Sh RFC5569 (a.k.a. 6rd)
+The
+.Nm
+interface works in the 6rd mode when one or more IPv6 addresses that
+consists of an IPv6 prefix and 32-bit IPv4 part with a prefix length
+equal to or shorter than 64. In 6rd protocol, an IPv6 address
+.Li 2001:db8:c000:205::1/32
+means the following, for example:
+.Bl -bullet
+.It
+The 6rd relay prefix is
+.Li 2001:db8::/32 .
+.It
+The 6rd router's IPv4 address is
+.Li 192.0.2.5 .
+.El
+.Pp
+As you can see the IPv4 address is embedded in the IPv6 address just
+after the prefix. While you can choose an IPv6 prefix length other
+than 32, it must be from 0 to 32.
+.Pp
+Assuming this address is configured on the
+.Nm
+interface, it does the following:
+.Bl -bullet
+.It
+An incoming IPv6 packet on
+.Nm
+will be encapsuled in an IPv4 packet with the source address
+.Li 192.0.2.5
+and then the IPv4 packet is delivered based on the IPv4 routing table.
+The IPv4 destination address is calculated from the destination
+address of the original IPv6 packet in the same way as the source.
+.It
+An incoming IPv4 packet which encapsules an IPv6 packet whose
+destination address matches a 6rd prefix with embedded IPv4 address
+configured on the
+.Nm
+interface, the IPv6 packet will be decapsulated and delivered based on
+the IPv6 routing table. Note that
+.Nm
+interface normally has a route which covers whole range of a 6rd relay
+prefix, the delivered IPv6 packet can return to
+.Nm
+if there is no more specific route. In that case, the returned packet
+will be discarded silently.
+.El
+.\" XXX: example configuration will be added
+.\" .Pp
+.\" By using this interface, you can configure a 6rd domain. For simplicity,
+.\" we assume the following here:
+.\" .Bl -bullet
+.\" .It
+.\" A 6rd Customer, who has an IPv6/IPv4 LAN and an IPv4-only access
+.\" toward network of his Internet Service Provider. The Customer has
+.\" a router called
+.\" .Dq CE Pq Customer Edge
+.\" Router, which can communicate between his LAN and the ISP over IPv4
+.\" and encapsulate
+.\" his networks.
+.\" .It
+.\" A 6rd Provider, who provides IPv6 Internet reachability by using 6rd
+.\" protocol. The Provider offers access to a router called
+.\" .Dq PE Pq Provider Edge
+.\" Router, which can communicate with
+.\" .El
+.\" .Pp
+.\" A 6rd customer
+.\" needs to configure
+.\" .Nm
+.\" on his CE (Customer Edge) router.
+.Sh Other Functionality of the Interface
.Pp
.Nm
can be configured to be ECN friendly.
@@ -147,9 +226,6 @@ Packets with IPv4 multicast address as outer IPv4 source/destination
Packets with limited broadcast address as outer IPv4 source/destination
.Pq Li 255.0.0.0/8
.It
-Packets with private address as outer IPv4 source/destination
-.Pq Li 10.0.0.0/8 , 172.16.0.0/12 , 192.168.0.0/16
-.It
Packets with subnet broadcast address as outer IPv4 source/destination.
The check is made against subnet broadcast addresses for
all of the directly connected subnets.
@@ -164,6 +240,11 @@ The same set of rules are applied against the IPv4 address embedded into
inner IPv6 address, if the IPv6 address matches 6to4 prefix.
.El
.Pp
+In addition to them, packets with private address as outer IPv4
+source/destination
+.Pq Li 10.0.0.0/8 , 172.16.0.0/12 , 192.168.0.0/16
+are filtered out only in the 6to4 mode.
+.Pp
It is recommended to filter/audit
incoming IPv4 packet with IP protocol number 41, as necessary.
It is also recommended to filter/audit encapsulated IPv6 packets as well.
diff --git a/sys/net/if_stf.c b/sys/net/if_stf.c
index b4195bf..9630a86 100644
--- a/sys/net/if_stf.c
+++ b/sys/net/if_stf.c
@@ -3,6 +3,7 @@
/*-
@ -82,7 +258,7 @@
static int stf_permit_rfc1918 = 0;
TUNABLE_INT("net.link.stf.permit_rfc1918", &stf_permit_rfc1918);
@@ -133,7 +167,6 @@
@@ -133,7 +167,6 @@ SYSCTL_INT(_net_link_stf, OID_AUTO, permit_rfc1918, CTLFLAG_RW | CTLFLAG_TUN,
&stf_permit_rfc1918, 0, "Permit the use of private IPv4 addresses");
#define STFNAME "stf"
@ -90,7 +266,7 @@
#define IN6_IS_ADDR_6TO4(x) (ntohs((x)->s6_addr16[0]) == 0x2002)
@@ -150,17 +183,26 @@
@@ -150,17 +183,26 @@ struct stf_softc {
struct route_in6 __sc_ro6; /* just for safety */
} __sc_ro46;
#define sc_ro __sc_ro46.__sc_ro4
@ -122,7 +298,7 @@
static const int ip_stf_ttl = 40;
extern struct domain inetdomain;
@@ -175,8 +217,6 @@
@@ -175,8 +217,6 @@ struct protosw in_stf_protosw = {
.pr_usrreqs = &rip_usrreqs
};
@ -131,27 +307,18 @@
static int stfmodevent(module_t, int, void *);
static int stf_encapcheck(const struct mbuf *, int, int, void *);
static struct in6_ifaddr *stf_getsrcifa6(struct ifnet *);
@@ -189,68 +229,45 @@
@@ -189,68 +229,45 @@ static int stf_checkaddr6(struct stf_softc *, struct in6_addr *,
struct ifnet *);
static void stf_rtrequest(int, struct rtentry *, struct rt_addrinfo *);
static int stf_ioctl(struct ifnet *, u_long, caddr_t);
+static int stf_is_up(struct ifnet *);
-
-static int stf_clone_match(struct if_clone *, const char *);
-static int stf_clone_create(struct if_clone *, char *, size_t, caddr_t);
-static int stf_clone_destroy(struct if_clone *, struct ifnet *);
-struct if_clone stf_cloner = IFC_CLONE_INITIALIZER(STFNAME, NULL, 0,
- NULL, stf_clone_match, stf_clone_create, stf_clone_destroy);
-
-static int
-stf_clone_match(struct if_clone *ifc, const char *name)
-{
- int i;
-
- for(i = 0; stfnames[i] != NULL; i++) {
- if (strcmp(stfnames[i], name) == 0)
- return (1);
- }
+static int stf_is_up(struct ifnet *);
+
+#define STF_GETIN4_USE_CACHE 1
+static struct sockaddr_in *stf_getin4addr(struct sockaddr_in *,
+ struct ifaddr *,
@ -164,15 +331,26 @@
+ struct sockaddr_in6 *);
+static int stf_clone_create(struct if_clone *, int, caddr_t);
+static void stf_clone_destroy(struct ifnet *);
- return (0);
-}
+
+IFC_SIMPLE_DECLARE(stf, 0);
static int
-stf_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params)
-stf_clone_match(struct if_clone *ifc, const char *name)
+stf_clone_create(struct if_clone *ifc, int unit, caddr_t params)
{
- int i;
-
- for(i = 0; stfnames[i] != NULL; i++) {
- if (strcmp(stfnames[i], name) == 0)
- return (1);
- }
-
- return (0);
-}
-
-static int
-stf_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params)
-{
- int err, unit;
struct stf_softc *sc;
struct ifnet *ifp;
@ -220,7 +398,7 @@
return (ENOMEM);
}
@@ -260,41 +277,57 @@
@@ -260,41 +277,57 @@ stf_clone_create(struct if_clone *ifc, char *name, size_t len, caddr_t params)
ifp->if_snd.ifq_maxlen = ifqmaxlen;
if_attach(ifp);
bpfattach(ifp, DLT_NULL, sizeof(u_int32_t));
@ -257,17 +435,17 @@
- return (0);
+ return;
}
+}
+
+static void
+vnet_stf_init(const void *unused __unused)
+{
+
+ LIST_INIT(&V_stf_softc_list);
+}
}
+VNET_SYSINIT(vnet_stf_init, SI_SUB_PSEUDO, SI_ORDER_MIDDLE, vnet_stf_init,
+ NULL);
+
static int
-stfmodevent(mod, type, data)
- module_t mod;
@ -287,7 +465,7 @@
break;
default:
return (EOPNOTSUPP);
@@ -310,28 +343,31 @@
@@ -310,28 +343,31 @@ static moduledata_t stf_mod = {
};
DECLARE_MODULE(if_stf, stf_mod, SI_SUB_PSEUDO, SI_ORDER_ANY);
@ -327,7 +505,7 @@
return 0;
if (proto != IPPROTO_IPV6)
@@ -343,86 +379,162 @@
@@ -343,86 +379,162 @@ stf_encapcheck(m, off, proto, arg)
if (ip.ip_v != 4)
return 0;
@ -339,12 +517,12 @@
+ sin = stf_getin4addr(&ia6_in4addr, &ia6->ia_ifa, STF_GETIN4_USE_CACHE);
+ if (sin == NULL)
+ return 0;
+
+#if STF_DEBUG
+ {
+ char buf[INET6_ADDRSTRLEN + 1];
+ memset(&buf, 0, sizeof(buf));
+
+ ip6_sprintf(buf, &satosin6(ia6->ia_ifa.ifa_addr)->sin6_addr);
+ DEBUG_PRINTF(1, "%s: ia6->ia_ifa.ifa_addr = %s\n", __func__, buf);
+ ip6_sprintf(buf, &ia6->ia_addr.sin6_addr);
@ -533,7 +711,7 @@
struct sockaddr_in *dst4;
u_int8_t tos;
struct ip *ip;
@@ -484,20 +596,28 @@
@@ -484,20 +596,28 @@ stf_output(ifp, m, dst, ro)
/*
* Pickup the right outer dst addr from the list of candidates.
* ip6_dst has priority as it may be able to give us shorter IPv4 hops.
@ -569,14 +747,12 @@
if (bpf_peers_present(ifp->if_bpf)) {
/*
* We need to prepend the address family as
@@ -521,11 +641,26 @@
@@ -521,11 +641,26 @@ stf_output(ifp, m, dst, ro)
ip = mtod(m, struct ip *);
bzero(ip, sizeof(*ip));
+ bcopy(&in4.sin_addr, &ip->ip_dst, sizeof(ip->ip_dst));
- bcopy(GET_V4(&((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr),
- &ip->ip_src, sizeof(ip->ip_src));
+
+ sin = stf_getin4addr_sin6(&in4, &ia6->ia_ifa, &ia6->ia_addr);
+ if (sin == NULL) {
+ ifa_free(&ia6->ia_ifa);
@ -589,7 +765,9 @@
+ {
+ char buf[INET6_ADDRSTRLEN + 1];
+ memset(&buf, 0, sizeof(buf));
+
- bcopy(GET_V4(&((struct sockaddr_in6 *)&ia6->ia_addr)->sin6_addr),
- &ip->ip_src, sizeof(ip->ip_src));
+ ip_sprintf(buf, &ip->ip_src);
+ DEBUG_PRINTF(1, "%s: ip_src = %s\n", __func__, buf);
+ }
@ -599,7 +777,7 @@
ip->ip_p = IPPROTO_IPV6;
ip->ip_ttl = ip_stf_ttl;
ip->ip_len = m->m_pkthdr.len; /*host order*/
@@ -534,7 +669,7 @@
@@ -534,7 +669,7 @@ stf_output(ifp, m, dst, ro)
else
ip_ecn_ingress(ECN_NOCARE, &ip->ip_tos, &tos);
@ -608,7 +786,7 @@
cached_route = NULL;
goto sendit;
}
@@ -542,7 +677,7 @@
@@ -542,7 +677,7 @@ stf_output(ifp, m, dst, ro)
/*
* Do we have a cached route?
*/
@ -617,7 +795,7 @@
dst4 = (struct sockaddr_in *)&sc->sc_ro.ro_dst;
if (dst4->sin_family != AF_INET ||
bcmp(&dst4->sin_addr, &ip->ip_dst, sizeof(ip->ip_dst)) != 0) {
@@ -560,8 +695,15 @@
@@ -560,8 +695,15 @@ stf_output(ifp, m, dst, ro)
rtalloc_fib(&sc->sc_ro, sc->sc_fibnum);
if (sc->sc_ro.ro_rt == NULL) {
m_freem(m);
@ -634,7 +812,7 @@
return ENETUNREACH;
}
}
@@ -570,35 +712,32 @@
@@ -570,35 +712,32 @@ stf_output(ifp, m, dst, ro)
sendit:
M_SETFIB(m, sc->sc_fibnum);
ifp->if_opackets++;
@ -677,7 +855,7 @@
{
struct in_ifaddr *ia4;
@@ -614,20 +753,10 @@
@@ -614,20 +753,10 @@ stf_checkaddr4(sc, in, inifp)
}
/*
@ -699,7 +877,7 @@
if ((ia4->ia_ifa.ifa_ifp->if_flags & IFF_BROADCAST) == 0)
continue;
if (in->s_addr == ia4->ia_broadaddr.sin_addr.s_addr) {
@@ -646,7 +775,7 @@
@@ -646,7 +775,7 @@ stf_checkaddr4(sc, in, inifp)
bzero(&sin, sizeof(sin));
sin.sin_family = AF_INET;
@ -708,7 +886,7 @@
sin.sin_addr = *in;
rt = rtalloc1_fib((struct sockaddr *)&sin, 0,
0UL, sc->sc_fibnum);
@@ -667,10 +796,7 @@
@@ -667,10 +796,7 @@ stf_checkaddr4(sc, in, inifp)
}
static int
@ -720,7 +898,7 @@
{
/*
* check 6to4 addresses
@@ -694,9 +820,7 @@
@@ -694,9 +820,7 @@ stf_checkaddr6(sc, in6, inifp)
}
void
@ -731,7 +909,7 @@
{
int proto;
struct stf_softc *sc;
@@ -704,6 +828,7 @@
@@ -704,6 +828,7 @@ in_stf_input(m, off)
struct ip6_hdr *ip6;
u_int8_t otos, itos;
struct ifnet *ifp;
@ -739,7 +917,7 @@
proto = mtod(m, struct ip *)->ip_p;
@@ -727,6 +852,17 @@
@@ -727,6 +852,17 @@ in_stf_input(m, off)
mac_ifnet_create_mbuf(ifp, m);
#endif
@ -757,7 +935,7 @@
/*
* perform sanity check against outer src/dst.
* for source, perform ingress filter as well.
@@ -747,6 +883,17 @@
@@ -747,6 +883,17 @@ in_stf_input(m, off)
}
ip6 = mtod(m, struct ip6_hdr *);
@ -775,7 +953,7 @@
/*
* perform sanity check against inner src/dst.
* for source, perform ingress filter as well.
@@ -757,6 +904,41 @@
@@ -757,6 +904,41 @@ in_stf_input(m, off)
return;
}
@ -817,7 +995,7 @@
itos = (ntohl(ip6->ip6_flow) >> 20) & 0xff;
if ((ifp->if_flags & IFF_LINK1) != 0)
ip_ecn_egress(ECN_ALLOWED, &otos, &itos);
@@ -766,7 +948,7 @@
@@ -766,7 +948,7 @@ in_stf_input(m, off)
ip6->ip6_flow |= htonl((u_int32_t)itos << 20);
m->m_pkthdr.rcvif = ifp;
@ -826,7 +1004,7 @@
if (bpf_peers_present(ifp->if_bpf)) {
/*
* We need to prepend the address family as
@@ -779,6 +961,7 @@
@@ -779,6 +961,7 @@ in_stf_input(m, off)
bpf_mtap2(ifp->if_bpf, &af, sizeof(af), m);
}
@ -834,7 +1012,7 @@
/*
* Put the packet to the network layer input queue according to the
* specified address family.
@@ -793,27 +976,277 @@
@@ -793,27 +976,277 @@ in_stf_input(m, off)
/* ARGSUSED */
static void
@ -1122,7 +1300,7 @@
error = 0;
switch (cmd) {
case SIOCSIFADDR:
@@ -822,17 +1255,16 @@
@@ -822,17 +1255,16 @@ stf_ioctl(ifp, cmd, data)
error = EAFNOSUPPORT;
break;
}

16
net/stf-6rd-kmod/files/fixup_mtime.sh Normal file
View File

@ -0,0 +1,16 @@
#!/bin/sh
EXPDIR=$1
SVN_REV=$2
SVN_MIRROR=$3
OSREL=$4
cd ${EXPDIR} || exit 1
t=`TZ=UTC svn info -r${SVN_REV} ${SVN_MIRROR}/releng/${OSREL}/sys/net | grep 'Last Changed Date:' |\
sed -Ee 's|Last Changed Date: ||; s|(....-..-..) (..:..:..) .0000 \(.*|\1T\2Z|'`
find ${EXPDIR} -type d -print0 | xargs -0 touch -d$t
# Local Variables:
# sh-basic-offset: 8
# sh-indentation: 8
# End: