/* $KAME: ip_ecn.c,v 1.12 2002/01/07 11:34:47 kjc Exp $ */ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (C) 1999 WIDE Project. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the project nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include "opt_inet.h" #include "opt_inet6.h" #include <sys/param.h> #include <sys/systm.h> #include <sys/mbuf.h> #include <sys/errno.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> #ifdef INET6 #include <netinet/ip6.h> #endif #include <netinet/ip_ecn.h> #ifdef INET6 #include <netinet6/ip6_ecn.h> #endif /* * ECN and TOS (or TCLASS) processing rules at tunnel encapsulation and * decapsulation from RFC6040: * * Outer Hdr at Inner Hdr at * Encapsulator Decapsulator * Header fields: -------------------- ------------ * DS Field copied from inner hdr no change * ECN Field constructed by (I) constructed by (E) * * ECN_ALLOWED (normal mode): * (I) copy the ECN field to the outer header. * * (E) if the ECN field in the outer header is set to CE and the ECN * field of the inner header is not-ECT, drop the packet. * If the ECN field in the inner header is set to ECT(0) and the ECN * field in the outer header is set to ECT(1), copy ECT(1) to * the inner header. If the ECN field in the inner header is set * to ECT(0) or ECT(1) and the ECN field in the outer header is set to * CE, copy CE to the inner header. * Otherwise, make no change to the inner header. This behaviour can be * summarized in the table below: * * Outer Header at Decapsulator * +---------+------------+------------+------------+ * | Not-ECT | ECT(0) | ECT(1) | CE | * Inner Hdr: +---------+------------+------------+------------+ * Not-ECT | Not-ECT |Not-ECT(!!!)|Not-ECT(!!!)| <drop>(!!!)| * ECT(0) | ECT(0) | ECT(0) | ECT(1) | CE | * ECT(1) | ECT(1) | ECT(1) (!) | ECT(1) | CE | * CE | CE | CE | CE(!!!)| CE | * +---------+------------+------------+------------+ * * ECN_COMPLETE (normal mode with security log): * certain combinations indicated in table by '(!!!)' or '(!)', * where '(!!!)' means the combination always potentially dangerous which * returns 3, while '(!)' means possibly dangerous in which returns 2. * These combinations are unsed by previous ECN tunneling specifications * and could be logged. Also, in case of more dangerous ones, the * decapsulator SHOULD log the event and MAY also raise an alarm. * * Note: Caller SHOULD use rate-limited alarms so that the anomalous * combinations will not amplify into a flood of alarm messages. * Also, it MUST be possible to suppress alarms or logging. * * ECN_FORBIDDEN (compatibility mode): * (I) set the ECN field to not-ECT in the outer header. * * (E) if the ECN field in the outer header is set to CE, drop the packet. * otherwise, make no change to the ECN field in the inner header. * * the drop rule is for backward compatibility and protection against * erasure of CE. */ /* * modify outer ECN (TOS) field on ingress operation (tunnel encapsulation). */ void ip_ecn_ingress(int mode, uint8_t *outer, const uint8_t *inner) { KASSERT(outer != NULL && inner != NULL, ("NULL pointer passed to %s", __func__)); *outer = *inner; switch (mode) { case ECN_COMPLETE: case ECN_ALLOWED: /* normal mode: always copy the ECN field. */ break; case ECN_FORBIDDEN: /* compatibility mode: set not-ECT to the outer */ *outer &= ~IPTOS_ECN_MASK; break; case ECN_NOCARE: break; } } /* * modify inner ECN (TOS) field on egress operation (tunnel decapsulation). * the caller should drop the packet if the return value is 0. */ int ip_ecn_egress(int mode, const uint8_t *outer, uint8_t *inner) { KASSERT(outer != NULL && inner != NULL, ("NULL pointer passed to %s", __func__)); switch (mode) { case ECN_COMPLETE: if ((*outer & IPTOS_ECN_MASK) == IPTOS_ECN_ECT0) { /* if the outer is ECT(0) and inner is ECT(1) raise a warning */ if ((*inner & IPTOS_ECN_MASK) == IPTOS_ECN_ECT1) return (ECN_WARN); /* if the inner is not-ECT and outer is ECT(0) raise an alarm */ if ((*inner & IPTOS_ECN_MASK) == IPTOS_ECN_NOTECT) return (ECN_ALARM); return (ECN_SUCCESS); } else if ((*outer & IPTOS_ECN_MASK) == IPTOS_ECN_ECT1) { /* if the outer is ECT(1) and inner is CE or ECT(1), raise an alarm */ if (((*inner & IPTOS_ECN_MASK) == IPTOS_ECN_CE) || ((*inner & IPTOS_ECN_MASK) == IPTOS_ECN_NOTECT)) return (ECN_ALARM); /* if the outer is ECT(1) and inner is ECT(0), copy ECT(1) */ if ((*inner & IPTOS_ECN_MASK) == IPTOS_ECN_ECT0) *inner = IPTOS_ECN_ECT1; return (ECN_SUCCESS); } /* fallthrough */ case ECN_ALLOWED: if ((*outer & IPTOS_ECN_MASK) == IPTOS_ECN_CE) { /* if the outer is CE and the inner is not-ECT, drop it. */ if ((*inner & IPTOS_ECN_MASK) == IPTOS_ECN_NOTECT) return (ECN_DROP); /* otherwise, copy CE */ *inner |= IPTOS_ECN_CE; } else if ((*outer & IPTOS_ECN_MASK) == IPTOS_ECN_ECT1) { /* if the outer is ECT(1) and inner is ECT(0), copy ECT(1) */ if ((*inner & IPTOS_ECN_MASK) == IPTOS_ECN_ECT0) *inner = IPTOS_ECN_ECT1; } break; case ECN_FORBIDDEN: /* * compatibility mode: if the outer is CE, should drop it. * otherwise, leave the inner. */ if ((*outer & IPTOS_ECN_MASK) == IPTOS_ECN_CE) return (ECN_DROP); break; case ECN_NOCARE: break; } return (ECN_SUCCESS); } #ifdef INET6 void ip6_ecn_ingress(int mode, uint32_t *outer, const uint32_t *inner) { uint8_t outer8, inner8; KASSERT(outer != NULL && inner != NULL, ("NULL pointer passed to %s", __func__)); inner8 = (ntohl(*inner) >> IPV6_FLOWLABEL_LEN) & 0xff; ip_ecn_ingress(mode, &outer8, &inner8); *outer &= ~htonl(0xff << IPV6_FLOWLABEL_LEN); *outer |= htonl((uint32_t)outer8 << IPV6_FLOWLABEL_LEN); } int ip6_ecn_egress(int mode, const uint32_t *outer, uint32_t *inner) { uint8_t outer8, inner8, oinner8; int ret; KASSERT(outer != NULL && inner != NULL, ("NULL pointer passed to %s", __func__)); outer8 = (ntohl(*outer) >> IPV6_FLOWLABEL_LEN) & 0xff; inner8 = oinner8 = (ntohl(*inner) >> IPV6_FLOWLABEL_LEN) & 0xff; ret = ip_ecn_egress(mode, &outer8, &inner8); if (ret == ECN_DROP) return (ECN_DROP); if (inner8 != oinner8) { *inner &= ~htonl(0xff << IPV6_FLOWLABEL_LEN); *inner |= htonl((uint32_t)inner8 << IPV6_FLOWLABEL_LEN); } return (ret); } #endif
