12b24ab6bSSebastien Roy /* 22b24ab6bSSebastien Roy * CDDL HEADER START 32b24ab6bSSebastien Roy * 42b24ab6bSSebastien Roy * The contents of this file are subject to the terms of the 52b24ab6bSSebastien Roy * Common Development and Distribution License (the "License"). 62b24ab6bSSebastien Roy * You may not use this file except in compliance with the License. 72b24ab6bSSebastien Roy * 82b24ab6bSSebastien Roy * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 92b24ab6bSSebastien Roy * or http://www.opensolaris.org/os/licensing. 102b24ab6bSSebastien Roy * See the License for the specific language governing permissions 112b24ab6bSSebastien Roy * and limitations under the License. 122b24ab6bSSebastien Roy * 132b24ab6bSSebastien Roy * When distributing Covered Code, include this CDDL HEADER in each 142b24ab6bSSebastien Roy * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 152b24ab6bSSebastien Roy * If applicable, add the following below this CDDL HEADER, with the 162b24ab6bSSebastien Roy * fields enclosed by brackets "[]" replaced with your own identifying 172b24ab6bSSebastien Roy * information: Portions Copyright [yyyy] [name of copyright owner] 182b24ab6bSSebastien Roy * 192b24ab6bSSebastien Roy * CDDL HEADER END 202b24ab6bSSebastien Roy */ 212b24ab6bSSebastien Roy /* 222b24ab6bSSebastien Roy * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 232b24ab6bSSebastien Roy * Use is subject to license terms. 242b24ab6bSSebastien Roy */ 252b24ab6bSSebastien Roy 262b24ab6bSSebastien Roy #ifndef _INET_IPTUN_IMPL_H 272b24ab6bSSebastien Roy #define _INET_IPTUN_IMPL_H 282b24ab6bSSebastien Roy 292b24ab6bSSebastien Roy #include <sys/sunddi.h> 302b24ab6bSSebastien Roy #include <sys/sunldi.h> 312b24ab6bSSebastien Roy #include <sys/stream.h> 322b24ab6bSSebastien Roy #include <sys/modhash.h> 332b24ab6bSSebastien Roy #include <sys/list.h> 342b24ab6bSSebastien Roy #include <sys/dls.h> 352b24ab6bSSebastien Roy #include <sys/mac.h> 362b24ab6bSSebastien Roy #include <sys/dld_impl.h> 372b24ab6bSSebastien Roy #include <sys/netstack.h> 382b24ab6bSSebastien Roy #include <sys/sunddi.h> 392b24ab6bSSebastien Roy #include <sys/sunldi.h> 402b24ab6bSSebastien Roy #include <sys/socket.h> 412b24ab6bSSebastien Roy #include <inet/iptun.h> 422b24ab6bSSebastien Roy #include <inet/ipclassifier.h> 432b24ab6bSSebastien Roy #include <inet/ipsec_impl.h> 442b24ab6bSSebastien Roy #include <netinet/in.h> 452b24ab6bSSebastien Roy 462b24ab6bSSebastien Roy #ifdef __cplusplus 472b24ab6bSSebastien Roy extern "C" { 482b24ab6bSSebastien Roy #endif 492b24ab6bSSebastien Roy 502b24ab6bSSebastien Roy #ifdef _KERNEL 512b24ab6bSSebastien Roy 522b24ab6bSSebastien Roy #define IPTUN_MODID 5134 532b24ab6bSSebastien Roy #define IPTUN_DRIVER_NAME "iptun" 542b24ab6bSSebastien Roy 552b24ab6bSSebastien Roy typedef struct iptun_encaplim_s { 562b24ab6bSSebastien Roy ip6_dest_t iel_destopt; 572b24ab6bSSebastien Roy struct ip6_opt_tunnel iel_telopt; 582b24ab6bSSebastien Roy uint8_t iel_padn[3]; 592b24ab6bSSebastien Roy } iptun_encaplim_t; 602b24ab6bSSebastien Roy 612b24ab6bSSebastien Roy typedef struct iptun_ipv6hdrs_s { 622b24ab6bSSebastien Roy ip6_t it6h_ip6h; 632b24ab6bSSebastien Roy iptun_encaplim_t it6h_encaplim; 642b24ab6bSSebastien Roy } iptun_ipv6hdrs_t; 652b24ab6bSSebastien Roy 662b24ab6bSSebastien Roy typedef union iptun_header_u { 672b24ab6bSSebastien Roy ipha_t ihu_hdr4; 682b24ab6bSSebastien Roy iptun_ipv6hdrs_t ihu_hdr6; 692b24ab6bSSebastien Roy } iptun_header_t; 702b24ab6bSSebastien Roy 712b24ab6bSSebastien Roy typedef struct iptun_addr_s { 722b24ab6bSSebastien Roy sa_family_t ia_family; 732b24ab6bSSebastien Roy union { 742b24ab6bSSebastien Roy ipaddr_t iau_addr4; 752b24ab6bSSebastien Roy in6_addr_t iau_addr6; 762b24ab6bSSebastien Roy } ia_addr; 772b24ab6bSSebastien Roy } iptun_addr_t; 782b24ab6bSSebastien Roy 792b24ab6bSSebastien Roy typedef struct iptun_typeinfo { 802b24ab6bSSebastien Roy iptun_type_t iti_type; 812b24ab6bSSebastien Roy const char *iti_ident; /* MAC-Type plugin identifier */ 822b24ab6bSSebastien Roy uint_t iti_ipvers; /* outer header IP version */ 832b24ab6bSSebastien Roy uint32_t iti_minmtu; /* minimum possible tunnel MTU */ 842b24ab6bSSebastien Roy uint32_t iti_maxmtu; /* maximum possible tunnel MTU */ 852b24ab6bSSebastien Roy boolean_t iti_hasraddr; /* has a remote adress */ 862b24ab6bSSebastien Roy } iptun_typeinfo_t; 872b24ab6bSSebastien Roy 882b24ab6bSSebastien Roy /* 892b24ab6bSSebastien Roy * An iptun_t represents an IP tunnel link. The iptun_lock protects the 902b24ab6bSSebastien Roy * integrity of all fields except statistics which are updated atomically, and 912b24ab6bSSebastien Roy * is also used by iptun_upcall_cv and iptun_enter_cv. Access to all fields 922b24ab6bSSebastien Roy * must be done under the protection of iptun_lock with the following 932b24ab6bSSebastien Roy * exceptions: 942b24ab6bSSebastien Roy * 952b24ab6bSSebastien Roy * The datapath reads certain fields without locks for performance reasons. 962b24ab6bSSebastien Roy * 972b24ab6bSSebastien Roy * - IPTUN_IS_RUNNING() is used (read access to iptun_flags IPTUN_BOUND and 982b24ab6bSSebastien Roy * IPTUN_MAC_STARTED) to drop packets if they're sent while the tunnel is 992b24ab6bSSebastien Roy * not running. This is harmless as the worst case scenario is that a 1002b24ab6bSSebastien Roy * packet will be needlessly sent down to ip and be dropped due to an 1012b24ab6bSSebastien Roy * unspecified source or destination. 1022b24ab6bSSebastien Roy */ 1032b24ab6bSSebastien Roy typedef struct iptun_s { 1042b24ab6bSSebastien Roy datalink_id_t iptun_linkid; 1052b24ab6bSSebastien Roy kmutex_t iptun_lock; 1062b24ab6bSSebastien Roy kcondvar_t iptun_upcall_cv; 1072b24ab6bSSebastien Roy kcondvar_t iptun_enter_cv; 1082b24ab6bSSebastien Roy uint32_t iptun_flags; 1092b24ab6bSSebastien Roy list_node_t iptun_link; 1102b24ab6bSSebastien Roy mac_handle_t iptun_mh; 1112b24ab6bSSebastien Roy conn_t *iptun_connp; 1122b24ab6bSSebastien Roy zoneid_t iptun_zoneid; 1132b24ab6bSSebastien Roy netstack_t *iptun_ns; 1142b24ab6bSSebastien Roy struct ipsec_tun_pol_s *iptun_itp; 1152b24ab6bSSebastien Roy iptun_typeinfo_t *iptun_typeinfo; 1162b24ab6bSSebastien Roy uint32_t iptun_mtu; 1172b24ab6bSSebastien Roy uint32_t iptun_dpmtu; /* destination path MTU */ 1182b24ab6bSSebastien Roy uint8_t iptun_hoplimit; 1192b24ab6bSSebastien Roy uint8_t iptun_encaplimit; 1202b24ab6bSSebastien Roy iptun_addr_t iptun_laddr; /* local address */ 1212b24ab6bSSebastien Roy iptun_addr_t iptun_raddr; /* remote address */ 1222b24ab6bSSebastien Roy iptun_header_t iptun_header; 1232b24ab6bSSebastien Roy size_t iptun_header_size; 1242b24ab6bSSebastien Roy ipsec_req_t iptun_simple_policy; 1252b24ab6bSSebastien Roy 1262b24ab6bSSebastien Roy /* statistics */ 1272b24ab6bSSebastien Roy uint64_t iptun_ierrors; 1282b24ab6bSSebastien Roy uint64_t iptun_oerrors; 1292b24ab6bSSebastien Roy uint64_t iptun_rbytes; 1302b24ab6bSSebastien Roy uint64_t iptun_obytes; 1312b24ab6bSSebastien Roy uint64_t iptun_ipackets; 1322b24ab6bSSebastien Roy uint64_t iptun_opackets; 1332b24ab6bSSebastien Roy uint64_t iptun_norcvbuf; 1342b24ab6bSSebastien Roy uint64_t iptun_noxmtbuf; 1352b24ab6bSSebastien Roy uint64_t iptun_taskq_fail; 1362b24ab6bSSebastien Roy } iptun_t; 1372b24ab6bSSebastien Roy 1382b24ab6bSSebastien Roy #define iptun_iptuns iptun_ns->netstack_iptun 1392b24ab6bSSebastien Roy #define iptun_laddr4 iptun_laddr.ia_addr.iau_addr4 1402b24ab6bSSebastien Roy #define iptun_laddr6 iptun_laddr.ia_addr.iau_addr6 1412b24ab6bSSebastien Roy #define iptun_raddr4 iptun_raddr.ia_addr.iau_addr4 1422b24ab6bSSebastien Roy #define iptun_raddr6 iptun_raddr.ia_addr.iau_addr6 1432b24ab6bSSebastien Roy #define iptun_header4 iptun_header.ihu_hdr4 1442b24ab6bSSebastien Roy #define iptun_header6 iptun_header.ihu_hdr6 1452b24ab6bSSebastien Roy 1462b24ab6bSSebastien Roy /* iptun_flags */ 1472b24ab6bSSebastien Roy #define IPTUN_BOUND 0x0001 /* tunnel address(es) bound with ip */ 1482b24ab6bSSebastien Roy #define IPTUN_LADDR 0x0002 /* local address is set */ 1492b24ab6bSSebastien Roy #define IPTUN_RADDR 0x0004 /* remote address is set */ 1502b24ab6bSSebastien Roy #define IPTUN_MAC_REGISTERED 0x0008 /* registered with the mac module */ 1512b24ab6bSSebastien Roy #define IPTUN_MAC_STARTED 0x0010 /* iptun_m_start() has been called */ 1522b24ab6bSSebastien Roy #define IPTUN_HASH_INSERTED 0x0020 /* iptun_t in iptun_hash */ 1532b24ab6bSSebastien Roy #define IPTUN_FIXED_MTU 0x0040 /* MTU was set using mtu link prop */ 1542b24ab6bSSebastien Roy #define IPTUN_IMPLICIT 0x0080 /* implicitly created IP tunnel */ 1552b24ab6bSSebastien Roy #define IPTUN_SIMPLE_POLICY 0x0100 /* cached iptun_simple_policy */ 1562b24ab6bSSebastien Roy #define IPTUN_UPCALL_PENDING 0x0200 /* upcall to mac module in progress */ 1572b24ab6bSSebastien Roy #define IPTUN_DELETE_PENDING 0x0400 /* iptun_delete() is issuing upcalls */ 1582b24ab6bSSebastien Roy #define IPTUN_CONDEMNED 0x0800 /* iptun_t is to be freed */ 1592b24ab6bSSebastien Roy 1602b24ab6bSSebastien Roy #define IS_IPTUN_RUNNING(iptun) \ 1612b24ab6bSSebastien Roy ((iptun->iptun_flags & (IPTUN_BOUND | IPTUN_MAC_STARTED)) == \ 1622b24ab6bSSebastien Roy (IPTUN_BOUND | IPTUN_MAC_STARTED)) 1632b24ab6bSSebastien Roy 1642b24ab6bSSebastien Roy /* 165*bd670b35SErik Nordmark * iptuns_lock protects iptuns_iptunlist. 1662b24ab6bSSebastien Roy */ 1672b24ab6bSSebastien Roy typedef struct iptun_stack { 1682b24ab6bSSebastien Roy netstack_t *iptuns_netstack; /* Common netstack */ 1692b24ab6bSSebastien Roy kmutex_t iptuns_lock; 1702b24ab6bSSebastien Roy list_t iptuns_iptunlist; /* list of tunnels in this stack. */ 1712b24ab6bSSebastien Roy ipaddr_t iptuns_relay_rtr_addr; 1722b24ab6bSSebastien Roy } iptun_stack_t; 1732b24ab6bSSebastien Roy 1742b24ab6bSSebastien Roy extern dev_info_t *iptun_dip; 1752b24ab6bSSebastien Roy extern mod_hash_t *iptun_hash; 1762b24ab6bSSebastien Roy extern kmem_cache_t *iptun_cache; 1772b24ab6bSSebastien Roy extern ddi_taskq_t *iptun_taskq; 1782b24ab6bSSebastien Roy extern ldi_ident_t iptun_ldi_ident; 1792b24ab6bSSebastien Roy 1802b24ab6bSSebastien Roy extern int iptun_ioc_init(void); 1812b24ab6bSSebastien Roy extern void iptun_ioc_fini(void); 1822b24ab6bSSebastien Roy extern uint_t iptun_count(void); 1832b24ab6bSSebastien Roy extern int iptun_create(iptun_kparams_t *, cred_t *); 1842b24ab6bSSebastien Roy extern int iptun_delete(datalink_id_t, cred_t *); 1852b24ab6bSSebastien Roy extern int iptun_modify(const iptun_kparams_t *, cred_t *); 1862b24ab6bSSebastien Roy extern int iptun_info(iptun_kparams_t *, cred_t *); 1872b24ab6bSSebastien Roy extern int iptun_set_6to4relay(netstack_t *, ipaddr_t); 1882b24ab6bSSebastien Roy extern void iptun_get_6to4relay(netstack_t *, ipaddr_t *); 1892b24ab6bSSebastien Roy extern void iptun_set_policy(datalink_id_t, ipsec_tun_pol_t *); 1902b24ab6bSSebastien Roy 1912b24ab6bSSebastien Roy #endif /* _KERNEL */ 1922b24ab6bSSebastien Roy 1932b24ab6bSSebastien Roy #ifdef __cplusplus 1942b24ab6bSSebastien Roy } 1952b24ab6bSSebastien Roy #endif 1962b24ab6bSSebastien Roy 1972b24ab6bSSebastien Roy #endif /* _INET_IPTUN_IMPL_H */ 198