/* $KAME: ip_ecn.c,v 1.12 2002/01/07 11:34:47 kjc Exp $ */12/*-3* SPDX-License-Identifier: BSD-3-Clause4*5* Copyright (C) 1999 WIDE Project.6* All rights reserved.7*8* Redistribution and use in source and binary forms, with or without9* modification, are permitted provided that the following conditions10* are met:11* 1. Redistributions of source code must retain the above copyright12* notice, this list of conditions and the following disclaimer.13* 2. Redistributions in binary form must reproduce the above copyright14* notice, this list of conditions and the following disclaimer in the15* documentation and/or other materials provided with the distribution.16* 3. Neither the name of the project nor the names of its contributors17* may be used to endorse or promote products derived from this software18* without specific prior written permission.19*20* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND21* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE22* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE23* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE24* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL25* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS26* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)27* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT28* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY29* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF30* SUCH DAMAGE.31*32*/33/*34* ECN consideration on tunnel ingress/egress operation.35* http://www.aciri.org/floyd/papers/draft-ipsec-ecn-00.txt36*/3738#include <sys/cdefs.h>39#include "opt_inet.h"40#include "opt_inet6.h"4142#include <sys/param.h>43#include <sys/systm.h>44#include <sys/mbuf.h>45#include <sys/errno.h>4647#include <netinet/in.h>48#include <netinet/in_systm.h>49#include <netinet/ip.h>50#ifdef INET651#include <netinet/ip6.h>52#endif5354#include <netinet/ip_ecn.h>55#ifdef INET656#include <netinet6/ip6_ecn.h>57#endif5859/*60* ECN and TOS (or TCLASS) processing rules at tunnel encapsulation and61* decapsulation from RFC3168:62*63* Outer Hdr at Inner Hdr at64* Encapsulator Decapsulator65* Header fields: -------------------- ------------66* DS Field copied from inner hdr no change67* ECN Field constructed by (I) constructed by (E)68*69* ECN_ALLOWED (full functionality):70* (I) if the ECN field in the inner header is set to CE, then set the71* ECN field in the outer header to ECT(0).72* otherwise, copy the ECN field to the outer header.73*74* (E) if the ECN field in the outer header is set to CE and the ECN75* field of the inner header is not-ECT, drop the packet.76* if the ECN field in the inner header is set to ECT(0) or ECT(1)77* and the ECN field in the outer header is set to CE, then copy CE to78* the inner header. otherwise, make no change to the inner header.79*80* ECN_FORBIDDEN (limited functionality):81* (I) set the ECN field to not-ECT in the outer header.82*83* (E) if the ECN field in the outer header is set to CE, drop the packet.84* otherwise, make no change to the ECN field in the inner header.85*86* the drop rule is for backward compatibility and protection against87* erasure of CE.88*/8990/*91* modify outer ECN (TOS) field on ingress operation (tunnel encapsulation).92*/93void94ip_ecn_ingress(int mode, u_int8_t *outer, const u_int8_t *inner)95{9697if (!outer || !inner)98panic("NULL pointer passed to ip_ecn_ingress");99100*outer = *inner;101switch (mode) {102case ECN_ALLOWED: /* ECN allowed */103/*104* full-functionality: if the inner is CE, set ECT(0)105* to the outer. otherwise, copy the ECN field.106*/107if ((*inner & IPTOS_ECN_MASK) == IPTOS_ECN_CE)108*outer &= ~IPTOS_ECN_ECT1;109break;110case ECN_FORBIDDEN: /* ECN forbidden */111/*112* limited-functionality: set not-ECT to the outer113*/114*outer &= ~IPTOS_ECN_MASK;115break;116case ECN_NOCARE: /* no consideration to ECN */117break;118}119}120121/*122* modify inner ECN (TOS) field on egress operation (tunnel decapsulation).123* the caller should drop the packet if the return value is 0.124*/125int126ip_ecn_egress(int mode, const u_int8_t *outer, u_int8_t *inner)127{128129if (!outer || !inner)130panic("NULL pointer passed to ip_ecn_egress");131132switch (mode) {133case ECN_ALLOWED:134/*135* full-functionality: if the outer is CE and the inner is136* not-ECT, should drop it. otherwise, copy CE.137*/138if ((*outer & IPTOS_ECN_MASK) == IPTOS_ECN_CE) {139if ((*inner & IPTOS_ECN_MASK) == IPTOS_ECN_NOTECT)140return (0);141*inner |= IPTOS_ECN_CE;142}143break;144case ECN_FORBIDDEN: /* ECN forbidden */145/*146* limited-functionality: if the outer is CE, should drop it.147* otherwise, leave the inner.148*/149if ((*outer & IPTOS_ECN_MASK) == IPTOS_ECN_CE)150return (0);151break;152case ECN_NOCARE: /* no consideration to ECN */153break;154}155return (1);156}157158#ifdef INET6159void160ip6_ecn_ingress(int mode, u_int32_t *outer, const u_int32_t *inner)161{162u_int8_t outer8, inner8;163164if (!outer || !inner)165panic("NULL pointer passed to ip6_ecn_ingress");166167inner8 = (ntohl(*inner) >> 20) & 0xff;168ip_ecn_ingress(mode, &outer8, &inner8);169*outer &= ~htonl(0xff << 20);170*outer |= htonl((u_int32_t)outer8 << 20);171}172173int174ip6_ecn_egress(int mode, const u_int32_t *outer, u_int32_t *inner)175{176u_int8_t outer8, inner8, oinner8;177178if (!outer || !inner)179panic("NULL pointer passed to ip6_ecn_egress");180181outer8 = (ntohl(*outer) >> 20) & 0xff;182inner8 = oinner8 = (ntohl(*inner) >> 20) & 0xff;183if (ip_ecn_egress(mode, &outer8, &inner8) == 0)184return (0);185if (inner8 != oinner8) {186*inner &= ~htonl(0xff << 20);187*inner |= htonl((u_int32_t)inner8 << 20);188}189return (1);190}191#endif192193194