allow wccp processing to be enabled per interface with the link0 flag.

this also changes the wccp handling to peek into it's payload to
determine whether it is wccp 1 or 2. wccp1 says the gre header is
followed by ipv4, while wccp2 says there's a small header before
the ipv4 packet. the wccp2 header cannot have 4 in the first nibble,
while ipv4 must have 4 in the first nibble. the code now looks at
the nibble to determine whether it should strip the wccp2 header
or not.

diff --git a/share/man/man4/gre.4 b/share/man/man4/gre.4
index 6730afb..ac3ca9b 100644 (file)
--- a/share/man/man4/gre.4
+++ b/share/man/man4/gre.4
@@ -1,4 +1,4 @@
-.\" $OpenBSD: gre.4,v 1.55 2018/02/15 09:17:13 jmc Exp $
+.\" $OpenBSD: gre.4,v 1.56 2018/02/16 01:28:07 dlg Exp $
 .\" $NetBSD: gre.4,v 1.10 1999/12/22 14:55:49 kleink Exp $
 .\"
 .\" Copyright 1998 (c) The NetBSD Foundation, Inc.
@@ -28,7 +28,7 @@
 .\" ARISING IN ANY WAY  OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 15 2018 $
+.Dd $Mdocdate: February 16 2018 $
 .Dt GRE 4
 .Os
 .Sh NAME
@@ -112,6 +112,10 @@ virtual network idenfitier.
 .Nm gre
 optionally supports sending keepalive packets to the remote endpoint,
 which allows tunnel failure to be detected.
+.Nm gre
+interfaces can be individually configured to receive WCCP packets by
+setting the link-level flag
+.Cm link0 .
 .Sh EXAMPLES
 .Nm gre
 Configuration example:

diff --git a/sys/net/if_gre.c b/sys/net/if_gre.c
index 7a73b73..1a76d97 100644 (file)
--- a/sys/net/if_gre.c
+++ b/sys/net/if_gre.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: if_gre.c,v 1.101 2018/02/15 01:03:17 dlg Exp $ */
+/*      $OpenBSD: if_gre.c,v 1.102 2018/02/16 01:28:07 dlg Exp $ */
 /*     $NetBSD: if_gre.c,v 1.9 1999/10/25 19:18:11 drochner Exp $ */
 
 /*
@@ -563,8 +563,13 @@ gre_input_key(struct mbuf **mp, int *offp, int type, int af,
        if (sc == NULL)
                goto decline;
 
+       ifp = &sc->sc_if;
+
        switch (gh->gre_proto) {
-       case htons(GRE_WCCP):
+       case htons(GRE_WCCP): {
+               struct mbuf *n;
+               int off;
+
                /* WCCP/GRE:
                 *   So far as I can see (and test) it seems that Cisco's WCCP
                 *   GRE tunnel is precisely a IP-in-GRE tunnel that differs
@@ -574,22 +579,23 @@ gre_input_key(struct mbuf **mp, int *offp, int type, int af,
                 *   the following:
                 *     draft-forster-wrec-wccp-v1-00.txt
                 *     draft-wilson-wrec-wccp-v2-01.txt
-                *
-                *   So yes, we're doing a fall-through (unless, of course,
-                *   net.inet.gre.wccp is 0).
                 */
-               switch (gre_wccp) {
-               case 1:
-                       break;
-               case 2:
-                       hlen += sizeof(gre_wccp);
-                       break;
-               case 0:
-               default:
+
+               if (!gre_wccp && !ISSET(ifp->if_flags, IFF_LINK0))
                        goto decline;
-               }
+
+               /*
+                * If the first nibble of the payload does not look like
+                * IPv4, assume it is WCCP v2.
+                */
+               n = m_getptr(m, hlen, &off);
+               if (n == NULL)
+                       goto decline;
+               if (n->m_data[off] >> 4 != IPVERSION)
+                       hlen += sizeof(gre_wccp);
 
                /* FALLTHROUGH */
+       }
        case htons(ETHERTYPE_IP):
 #if NBPFILTER > 0
                bpf_af = AF_INET;
@@ -629,8 +635,6 @@ gre_input_key(struct mbuf **mp, int *offp, int type, int af,
                goto decline;
        }
 
-       ifp = &sc->sc_if;
-
        m_adj(m, hlen);
 
        if (sc->sc_tunnel.t_ttl == -1) {