From 3058f56482792d804647bcf2d464e9bc66b0da93 Mon Sep 17 00:00:00 2001 From: dlg Date: Fri, 16 Feb 2018 01:28:07 +0000 Subject: [PATCH] allow wccp processing to be enabled per interface with the link0 flag. this also changes the wccp handling to peek into it's payload to determine whether it is wccp 1 or 2. wccp1 says the gre header is followed by ipv4, while wccp2 says there's a small header before the ipv4 packet. the wccp2 header cannot have 4 in the first nibble, while ipv4 must have 4 in the first nibble. the code now looks at the nibble to determine whether it should strip the wccp2 header or not. --- share/man/man4/gre.4 | 8 ++++++-- sys/net/if_gre.c | 36 ++++++++++++++++++++---------------- 2 files changed, 26 insertions(+), 18 deletions(-) diff --git a/share/man/man4/gre.4 b/share/man/man4/gre.4 index 6730afb7fd8..ac3ca9bfeea 100644 --- a/share/man/man4/gre.4 +++ b/share/man/man4/gre.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: gre.4,v 1.55 2018/02/15 09:17:13 jmc Exp $ +.\" $OpenBSD: gre.4,v 1.56 2018/02/16 01:28:07 dlg Exp $ .\" $NetBSD: gre.4,v 1.10 1999/12/22 14:55:49 kleink Exp $ .\" .\" Copyright 1998 (c) The NetBSD Foundation, Inc. @@ -28,7 +28,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: February 15 2018 $ +.Dd $Mdocdate: February 16 2018 $ .Dt GRE 4 .Os .Sh NAME @@ -112,6 +112,10 @@ virtual network idenfitier. .Nm gre optionally supports sending keepalive packets to the remote endpoint, which allows tunnel failure to be detected. +.Nm gre +interfaces can be individually configured to receive WCCP packets by +setting the link-level flag +.Cm link0 . .Sh EXAMPLES .Nm gre Configuration example: diff --git a/sys/net/if_gre.c b/sys/net/if_gre.c index 7a73b732d34..1a76d97178f 100644 --- a/sys/net/if_gre.c +++ b/sys/net/if_gre.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_gre.c,v 1.101 2018/02/15 01:03:17 dlg Exp $ */ +/* $OpenBSD: if_gre.c,v 1.102 2018/02/16 01:28:07 dlg Exp $ */ /* $NetBSD: if_gre.c,v 1.9 1999/10/25 19:18:11 drochner Exp $ */ /* @@ -563,8 +563,13 @@ gre_input_key(struct mbuf **mp, int *offp, int type, int af, if (sc == NULL) goto decline; + ifp = &sc->sc_if; + switch (gh->gre_proto) { - case htons(GRE_WCCP): + case htons(GRE_WCCP): { + struct mbuf *n; + int off; + /* WCCP/GRE: * So far as I can see (and test) it seems that Cisco's WCCP * GRE tunnel is precisely a IP-in-GRE tunnel that differs @@ -574,22 +579,23 @@ gre_input_key(struct mbuf **mp, int *offp, int type, int af, * the following: * draft-forster-wrec-wccp-v1-00.txt * draft-wilson-wrec-wccp-v2-01.txt - * - * So yes, we're doing a fall-through (unless, of course, - * net.inet.gre.wccp is 0). */ - switch (gre_wccp) { - case 1: - break; - case 2: - hlen += sizeof(gre_wccp); - break; - case 0: - default: + + if (!gre_wccp && !ISSET(ifp->if_flags, IFF_LINK0)) goto decline; - } + + /* + * If the first nibble of the payload does not look like + * IPv4, assume it is WCCP v2. + */ + n = m_getptr(m, hlen, &off); + if (n == NULL) + goto decline; + if (n->m_data[off] >> 4 != IPVERSION) + hlen += sizeof(gre_wccp); /* FALLTHROUGH */ + } case htons(ETHERTYPE_IP): #if NBPFILTER > 0 bpf_af = AF_INET; @@ -629,8 +635,6 @@ gre_input_key(struct mbuf **mp, int *offp, int type, int af, goto decline; } - ifp = &sc->sc_if; - m_adj(m, hlen); if (sc->sc_tunnel.t_ttl == -1) { -- 2.20.1