diff options
| author | brooks <brooks@FreeBSD.org> | 2002-02-26 01:56:56 +0000 |
|---|---|---|
| committer | brooks <brooks@FreeBSD.org> | 2002-02-26 01:56:56 +0000 |
| commit | 3cea5d4273fbb50c53a035ad676ddcb007850ab7 (patch) | |
| tree | d4e17f15d002fa30805984306c8fd561c3b42688 | |
| parent | bdb9bb2d04bc41e2bf008ea64e52ddf74e6c0a77 (diff) | |
| download | FreeBSD-src-3cea5d4273fbb50c53a035ad676ddcb007850ab7.zip FreeBSD-src-3cea5d4273fbb50c53a035ad676ddcb007850ab7.tar.gz | |
Make gif(4) nesting level and parallel tunnel support tunable at runtime
via sysctl's. The old #defines, MAX_GIF_NEST and XBONEHACK are
currently supported for backwards compatability, but will probably be
removed at some point in the future.
| -rw-r--r-- | share/man/man4/gif.4 | 18 | ||||
| -rw-r--r-- | sys/net/if_gif.c | 32 |
2 files changed, 45 insertions, 5 deletions
diff --git a/share/man/man4/gif.4 b/share/man/man4/gif.4 index 6d05748..e089357 100644 --- a/share/man/man4/gif.4 +++ b/share/man/man4/gif.4 @@ -153,6 +153,24 @@ Ingress filter can be turned off by .Dv IFF_LINK2 bit. .\" +.Pp +.Ss Miscellaneous +By default +.Nm +tunnels may not be nested. +This behavior may be modified at runtime by setting the +.Xr sysctl 8 +variable +.Va net.link.gif.max_nesting +to the desired level of nesting. +Additionally, +.Nm +tunnels are restricted to one per pair of end points. +Parallel tunnels may be enabled by setting the +.Xr sysctl 8 +variable +.Va net.link.gif.parallel_tunnels +to 1. .Sh SEE ALSO .Xr inet 4 , .Xr inet6 4 , diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c index 41c64ec..356c9d1 100644 --- a/sys/net/if_gif.c +++ b/sys/net/if_gif.c @@ -42,6 +42,7 @@ #include <sys/sockio.h> #include <sys/errno.h> #include <sys/time.h> +#include <sys/sysctl.h> #include <sys/syslog.h> #include <sys/protosw.h> #include <sys/conf.h> @@ -123,9 +124,12 @@ struct ip6protosw in6_gif_protosw = }; #endif +SYSCTL_DECL(_net_link); +SYSCTL_NODE(_net_link, IFT_GIF, gif, CTLFLAG_RW, 0, + "Generic Tunnel Interface"); #ifndef MAX_GIF_NEST /* - * This macro controls the upper limitation on nesting of gif tunnels. + * This macro controls the default upper limitation on nesting of gif tunnels. * Since, setting a large value to this macro with a careless configuration * may introduce system crash, we don't allow any nestings by default. * If you need to configure nested gif tunnels, you can define this macro @@ -135,6 +139,21 @@ struct ip6protosw in6_gif_protosw = #define MAX_GIF_NEST 1 #endif static int max_gif_nesting = MAX_GIF_NEST; +SYSCTL_INT(_net_link_gif, OID_AUTO, max_nesting, CTLFLAG_RW, + &max_gif_nesting, 0, "Max nested tunnels"); + +/* + * By default, we disallow creation of multiple tunnels between the same + * pair of addresses. Some applications require this functionality so + * we allow control over this check here. + */ +#ifdef XBONEHACK +static int parallel_tunnels = 1; +#else +static int parallel_tunnels = 0; +#endif +SYSCTL_INT(_net_link_gif, OID_AUTO, parallel_tunnels, CTLFLAG_RW, + ¶llel_tunnels, 0, "Allow parallel tunnels?"); int gif_clone_create(ifc, unit) @@ -659,14 +678,17 @@ gif_ioctl(ifp, cmd, data) sc2->gif_psrc->sa_family != src->sa_family || sc2->gif_psrc->sa_len != src->sa_len) continue; -#ifndef XBONEHACK - /* can't configure same pair of address onto two gifs */ - if (bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 && + + /* + * Disallow parallel tunnels unless instructed + * otherwise. + */ + if (!parallel_tunnels && + bcmp(sc2->gif_pdst, dst, dst->sa_len) == 0 && bcmp(sc2->gif_psrc, src, src->sa_len) == 0) { error = EADDRNOTAVAIL; goto bad; } -#endif /* can't configure multiple multi-dest interfaces */ #define multidest(x) \ |
