Commit | Line | Data |
---|---|---|
1da177e4 | 1 | /* |
e905a9ed | 2 | * Linux NET3: GRE over IP protocol decoder. |
1da177e4 LT |
3 | * |
4 | * Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru) | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
10 | * | |
11 | */ | |
12 | ||
afd46503 JP |
13 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
14 | ||
4fc268d2 | 15 | #include <linux/capability.h> |
1da177e4 LT |
16 | #include <linux/module.h> |
17 | #include <linux/types.h> | |
1da177e4 | 18 | #include <linux/kernel.h> |
5a0e3ad6 | 19 | #include <linux/slab.h> |
1da177e4 LT |
20 | #include <asm/uaccess.h> |
21 | #include <linux/skbuff.h> | |
22 | #include <linux/netdevice.h> | |
23 | #include <linux/in.h> | |
24 | #include <linux/tcp.h> | |
25 | #include <linux/udp.h> | |
26 | #include <linux/if_arp.h> | |
27 | #include <linux/mroute.h> | |
28 | #include <linux/init.h> | |
29 | #include <linux/in6.h> | |
30 | #include <linux/inetdevice.h> | |
31 | #include <linux/igmp.h> | |
32 | #include <linux/netfilter_ipv4.h> | |
e1a80002 | 33 | #include <linux/etherdevice.h> |
46f25dff | 34 | #include <linux/if_ether.h> |
1da177e4 LT |
35 | |
36 | #include <net/sock.h> | |
37 | #include <net/ip.h> | |
38 | #include <net/icmp.h> | |
39 | #include <net/protocol.h> | |
40 | #include <net/ipip.h> | |
41 | #include <net/arp.h> | |
42 | #include <net/checksum.h> | |
43 | #include <net/dsfield.h> | |
44 | #include <net/inet_ecn.h> | |
45 | #include <net/xfrm.h> | |
59a4c759 PE |
46 | #include <net/net_namespace.h> |
47 | #include <net/netns/generic.h> | |
c19e654d | 48 | #include <net/rtnetlink.h> |
00959ade | 49 | #include <net/gre.h> |
1da177e4 | 50 | |
dfd56b8b | 51 | #if IS_ENABLED(CONFIG_IPV6) |
1da177e4 LT |
52 | #include <net/ipv6.h> |
53 | #include <net/ip6_fib.h> | |
54 | #include <net/ip6_route.h> | |
55 | #endif | |
56 | ||
57 | /* | |
58 | Problems & solutions | |
59 | -------------------- | |
60 | ||
61 | 1. The most important issue is detecting local dead loops. | |
62 | They would cause complete host lockup in transmit, which | |
63 | would be "resolved" by stack overflow or, if queueing is enabled, | |
64 | with infinite looping in net_bh. | |
65 | ||
66 | We cannot track such dead loops during route installation, | |
67 | it is infeasible task. The most general solutions would be | |
68 | to keep skb->encapsulation counter (sort of local ttl), | |
6d0722a2 | 69 | and silently drop packet when it expires. It is a good |
bff52857 | 70 | solution, but it supposes maintaining new variable in ALL |
1da177e4 LT |
71 | skb, even if no tunneling is used. |
72 | ||
6d0722a2 ED |
73 | Current solution: xmit_recursion breaks dead loops. This is a percpu |
74 | counter, since when we enter the first ndo_xmit(), cpu migration is | |
75 | forbidden. We force an exit if this counter reaches RECURSION_LIMIT | |
1da177e4 LT |
76 | |
77 | 2. Networking dead loops would not kill routers, but would really | |
78 | kill network. IP hop limit plays role of "t->recursion" in this case, | |
79 | if we copy it from packet being encapsulated to upper header. | |
80 | It is very good solution, but it introduces two problems: | |
81 | ||
82 | - Routing protocols, using packets with ttl=1 (OSPF, RIP2), | |
83 | do not work over tunnels. | |
84 | - traceroute does not work. I planned to relay ICMP from tunnel, | |
85 | so that this problem would be solved and traceroute output | |
86 | would even more informative. This idea appeared to be wrong: | |
87 | only Linux complies to rfc1812 now (yes, guys, Linux is the only | |
88 | true router now :-)), all routers (at least, in neighbourhood of mine) | |
89 | return only 8 bytes of payload. It is the end. | |
90 | ||
91 | Hence, if we want that OSPF worked or traceroute said something reasonable, | |
92 | we should search for another solution. | |
93 | ||
94 | One of them is to parse packet trying to detect inner encapsulation | |
95 | made by our node. It is difficult or even impossible, especially, | |
bff52857 | 96 | taking into account fragmentation. TO be short, ttl is not solution at all. |
1da177e4 LT |
97 | |
98 | Current solution: The solution was UNEXPECTEDLY SIMPLE. | |
99 | We force DF flag on tunnels with preconfigured hop limit, | |
100 | that is ALL. :-) Well, it does not remove the problem completely, | |
101 | but exponential growth of network traffic is changed to linear | |
102 | (branches, that exceed pmtu are pruned) and tunnel mtu | |
bff52857 | 103 | rapidly degrades to value <68, where looping stops. |
1da177e4 LT |
104 | Yes, it is not good if there exists a router in the loop, |
105 | which does not force DF, even when encapsulating packets have DF set. | |
106 | But it is not our problem! Nobody could accuse us, we made | |
107 | all that we could make. Even if it is your gated who injected | |
108 | fatal route to network, even if it were you who configured | |
109 | fatal static route: you are innocent. :-) | |
110 | ||
111 | ||
112 | ||
113 | 3. Really, ipv4/ipip.c, ipv4/ip_gre.c and ipv6/sit.c contain | |
114 | practically identical code. It would be good to glue them | |
115 | together, but it is not very evident, how to make them modular. | |
116 | sit is integral part of IPv6, ipip and gre are naturally modular. | |
117 | We could extract common parts (hash table, ioctl etc) | |
118 | to a separate module (ip_tunnel.c). | |
119 | ||
120 | Alexey Kuznetsov. | |
121 | */ | |
122 | ||
eccc1bb8 | 123 | static bool log_ecn_error = true; |
124 | module_param(log_ecn_error, bool, 0644); | |
125 | MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN"); | |
126 | ||
c19e654d | 127 | static struct rtnl_link_ops ipgre_link_ops __read_mostly; |
1da177e4 LT |
128 | static int ipgre_tunnel_init(struct net_device *dev); |
129 | static void ipgre_tunnel_setup(struct net_device *dev); | |
42aa9162 | 130 | static int ipgre_tunnel_bind_dev(struct net_device *dev); |
1da177e4 LT |
131 | |
132 | /* Fallback tunnel: no source, no destination, no key, no options */ | |
133 | ||
eb8ce741 PE |
134 | #define HASH_SIZE 16 |
135 | ||
f99189b1 | 136 | static int ipgre_net_id __read_mostly; |
59a4c759 | 137 | struct ipgre_net { |
1507850b | 138 | struct ip_tunnel __rcu *tunnels[4][HASH_SIZE]; |
eb8ce741 | 139 | |
7daa0004 | 140 | struct net_device *fb_tunnel_dev; |
59a4c759 PE |
141 | }; |
142 | ||
1da177e4 LT |
143 | /* Tunnel hash table */ |
144 | ||
145 | /* | |
146 | 4 hash tables: | |
147 | ||
148 | 3: (remote,local) | |
149 | 2: (remote,*) | |
150 | 1: (*,local) | |
151 | 0: (*,*) | |
152 | ||
153 | We require exact key match i.e. if a key is present in packet | |
154 | it will match only tunnel with the same key; if it is not present, | |
155 | it will match only keyless tunnel. | |
156 | ||
157 | All keysless packets, if not matched configured keyless tunnels | |
158 | will match fallback tunnel. | |
159 | */ | |
160 | ||
d5a0a1e3 | 161 | #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF) |
1da177e4 | 162 | |
eb8ce741 PE |
163 | #define tunnels_r_l tunnels[3] |
164 | #define tunnels_r tunnels[2] | |
165 | #define tunnels_l tunnels[1] | |
166 | #define tunnels_wc tunnels[0] | |
8d5b2c08 | 167 | /* |
1507850b | 168 | * Locking : hash tables are protected by RCU and RTNL |
8d5b2c08 | 169 | */ |
1da177e4 | 170 | |
8d5b2c08 ED |
171 | #define for_each_ip_tunnel_rcu(start) \ |
172 | for (t = rcu_dereference(start); t; t = rcu_dereference(t->next)) | |
1da177e4 | 173 | |
87b6d218 | 174 | static struct rtnl_link_stats64 *ipgre_get_stats64(struct net_device *dev, |
175 | struct rtnl_link_stats64 *tot) | |
e985aad7 | 176 | { |
e985aad7 ED |
177 | int i; |
178 | ||
179 | for_each_possible_cpu(i) { | |
180 | const struct pcpu_tstats *tstats = per_cpu_ptr(dev->tstats, i); | |
87b6d218 | 181 | u64 rx_packets, rx_bytes, tx_packets, tx_bytes; |
182 | unsigned int start; | |
183 | ||
184 | do { | |
185 | start = u64_stats_fetch_begin_bh(&tstats->syncp); | |
186 | rx_packets = tstats->rx_packets; | |
187 | tx_packets = tstats->tx_packets; | |
188 | rx_bytes = tstats->rx_bytes; | |
189 | tx_bytes = tstats->tx_bytes; | |
190 | } while (u64_stats_fetch_retry_bh(&tstats->syncp, start)); | |
191 | ||
192 | tot->rx_packets += rx_packets; | |
193 | tot->tx_packets += tx_packets; | |
194 | tot->rx_bytes += rx_bytes; | |
195 | tot->tx_bytes += tx_bytes; | |
e985aad7 | 196 | } |
87b6d218 | 197 | |
198 | tot->multicast = dev->stats.multicast; | |
199 | tot->rx_crc_errors = dev->stats.rx_crc_errors; | |
200 | tot->rx_fifo_errors = dev->stats.rx_fifo_errors; | |
201 | tot->rx_length_errors = dev->stats.rx_length_errors; | |
eccc1bb8 | 202 | tot->rx_frame_errors = dev->stats.rx_frame_errors; |
87b6d218 | 203 | tot->rx_errors = dev->stats.rx_errors; |
eccc1bb8 | 204 | |
87b6d218 | 205 | tot->tx_fifo_errors = dev->stats.tx_fifo_errors; |
206 | tot->tx_carrier_errors = dev->stats.tx_carrier_errors; | |
207 | tot->tx_dropped = dev->stats.tx_dropped; | |
208 | tot->tx_aborted_errors = dev->stats.tx_aborted_errors; | |
209 | tot->tx_errors = dev->stats.tx_errors; | |
210 | ||
211 | return tot; | |
e985aad7 ED |
212 | } |
213 | ||
d2083287 | 214 | /* Does key in tunnel parameters match packet */ |
215 | static bool ipgre_key_match(const struct ip_tunnel_parm *p, | |
9fbef059 | 216 | __be16 flags, __be32 key) |
d2083287 | 217 | { |
218 | if (p->i_flags & GRE_KEY) { | |
219 | if (flags & GRE_KEY) | |
220 | return key == p->i_key; | |
221 | else | |
222 | return false; /* key expected, none present */ | |
223 | } else | |
224 | return !(flags & GRE_KEY); | |
225 | } | |
226 | ||
1da177e4 LT |
227 | /* Given src, dst and key, find appropriate for input tunnel. */ |
228 | ||
5e73ea1a DB |
229 | static struct ip_tunnel *ipgre_tunnel_lookup(struct net_device *dev, |
230 | __be32 remote, __be32 local, | |
9fbef059 | 231 | __be16 flags, __be32 key, |
d2083287 | 232 | __be16 gre_proto) |
1da177e4 | 233 | { |
749c10f9 TT |
234 | struct net *net = dev_net(dev); |
235 | int link = dev->ifindex; | |
1507850b ED |
236 | unsigned int h0 = HASH(remote); |
237 | unsigned int h1 = HASH(key); | |
afcf1242 | 238 | struct ip_tunnel *t, *cand = NULL; |
7daa0004 | 239 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); |
e1a80002 HX |
240 | int dev_type = (gre_proto == htons(ETH_P_TEB)) ? |
241 | ARPHRD_ETHER : ARPHRD_IPGRE; | |
afcf1242 | 242 | int score, cand_score = 4; |
1da177e4 | 243 | |
8d5b2c08 | 244 | for_each_ip_tunnel_rcu(ign->tunnels_r_l[h0 ^ h1]) { |
749c10f9 TT |
245 | if (local != t->parms.iph.saddr || |
246 | remote != t->parms.iph.daddr || | |
749c10f9 TT |
247 | !(t->dev->flags & IFF_UP)) |
248 | continue; | |
249 | ||
d2083287 | 250 | if (!ipgre_key_match(&t->parms, flags, key)) |
251 | continue; | |
252 | ||
749c10f9 TT |
253 | if (t->dev->type != ARPHRD_IPGRE && |
254 | t->dev->type != dev_type) | |
255 | continue; | |
256 | ||
afcf1242 | 257 | score = 0; |
749c10f9 | 258 | if (t->parms.link != link) |
afcf1242 | 259 | score |= 1; |
749c10f9 | 260 | if (t->dev->type != dev_type) |
afcf1242 TT |
261 | score |= 2; |
262 | if (score == 0) | |
749c10f9 | 263 | return t; |
afcf1242 TT |
264 | |
265 | if (score < cand_score) { | |
266 | cand = t; | |
267 | cand_score = score; | |
268 | } | |
1da177e4 | 269 | } |
e1a80002 | 270 | |
8d5b2c08 | 271 | for_each_ip_tunnel_rcu(ign->tunnels_r[h0 ^ h1]) { |
749c10f9 | 272 | if (remote != t->parms.iph.daddr || |
749c10f9 TT |
273 | !(t->dev->flags & IFF_UP)) |
274 | continue; | |
275 | ||
d2083287 | 276 | if (!ipgre_key_match(&t->parms, flags, key)) |
277 | continue; | |
278 | ||
749c10f9 TT |
279 | if (t->dev->type != ARPHRD_IPGRE && |
280 | t->dev->type != dev_type) | |
281 | continue; | |
282 | ||
afcf1242 | 283 | score = 0; |
749c10f9 | 284 | if (t->parms.link != link) |
afcf1242 | 285 | score |= 1; |
749c10f9 | 286 | if (t->dev->type != dev_type) |
afcf1242 TT |
287 | score |= 2; |
288 | if (score == 0) | |
749c10f9 | 289 | return t; |
afcf1242 TT |
290 | |
291 | if (score < cand_score) { | |
292 | cand = t; | |
293 | cand_score = score; | |
294 | } | |
1da177e4 | 295 | } |
e1a80002 | 296 | |
8d5b2c08 | 297 | for_each_ip_tunnel_rcu(ign->tunnels_l[h1]) { |
749c10f9 TT |
298 | if ((local != t->parms.iph.saddr && |
299 | (local != t->parms.iph.daddr || | |
300 | !ipv4_is_multicast(local))) || | |
749c10f9 TT |
301 | !(t->dev->flags & IFF_UP)) |
302 | continue; | |
303 | ||
d2083287 | 304 | if (!ipgre_key_match(&t->parms, flags, key)) |
305 | continue; | |
306 | ||
749c10f9 TT |
307 | if (t->dev->type != ARPHRD_IPGRE && |
308 | t->dev->type != dev_type) | |
309 | continue; | |
310 | ||
afcf1242 | 311 | score = 0; |
749c10f9 | 312 | if (t->parms.link != link) |
afcf1242 | 313 | score |= 1; |
749c10f9 | 314 | if (t->dev->type != dev_type) |
afcf1242 TT |
315 | score |= 2; |
316 | if (score == 0) | |
749c10f9 | 317 | return t; |
afcf1242 TT |
318 | |
319 | if (score < cand_score) { | |
320 | cand = t; | |
321 | cand_score = score; | |
322 | } | |
1da177e4 | 323 | } |
e1a80002 | 324 | |
8d5b2c08 | 325 | for_each_ip_tunnel_rcu(ign->tunnels_wc[h1]) { |
749c10f9 TT |
326 | if (t->parms.i_key != key || |
327 | !(t->dev->flags & IFF_UP)) | |
328 | continue; | |
329 | ||
330 | if (t->dev->type != ARPHRD_IPGRE && | |
331 | t->dev->type != dev_type) | |
332 | continue; | |
333 | ||
afcf1242 | 334 | score = 0; |
749c10f9 | 335 | if (t->parms.link != link) |
afcf1242 | 336 | score |= 1; |
749c10f9 | 337 | if (t->dev->type != dev_type) |
afcf1242 TT |
338 | score |= 2; |
339 | if (score == 0) | |
749c10f9 | 340 | return t; |
afcf1242 TT |
341 | |
342 | if (score < cand_score) { | |
343 | cand = t; | |
344 | cand_score = score; | |
345 | } | |
1da177e4 LT |
346 | } |
347 | ||
afcf1242 TT |
348 | if (cand != NULL) |
349 | return cand; | |
e1a80002 | 350 | |
8d5b2c08 ED |
351 | dev = ign->fb_tunnel_dev; |
352 | if (dev->flags & IFF_UP) | |
353 | return netdev_priv(dev); | |
749c10f9 | 354 | |
1da177e4 LT |
355 | return NULL; |
356 | } | |
357 | ||
1507850b | 358 | static struct ip_tunnel __rcu **__ipgre_bucket(struct ipgre_net *ign, |
f57e7d5a | 359 | struct ip_tunnel_parm *parms) |
1da177e4 | 360 | { |
5056a1ef YH |
361 | __be32 remote = parms->iph.daddr; |
362 | __be32 local = parms->iph.saddr; | |
363 | __be32 key = parms->i_key; | |
1507850b | 364 | unsigned int h = HASH(key); |
1da177e4 LT |
365 | int prio = 0; |
366 | ||
367 | if (local) | |
368 | prio |= 1; | |
f97c1e0c | 369 | if (remote && !ipv4_is_multicast(remote)) { |
1da177e4 LT |
370 | prio |= 2; |
371 | h ^= HASH(remote); | |
372 | } | |
373 | ||
eb8ce741 | 374 | return &ign->tunnels[prio][h]; |
1da177e4 LT |
375 | } |
376 | ||
1507850b | 377 | static inline struct ip_tunnel __rcu **ipgre_bucket(struct ipgre_net *ign, |
f57e7d5a | 378 | struct ip_tunnel *t) |
5056a1ef | 379 | { |
f57e7d5a | 380 | return __ipgre_bucket(ign, &t->parms); |
5056a1ef YH |
381 | } |
382 | ||
f57e7d5a | 383 | static void ipgre_tunnel_link(struct ipgre_net *ign, struct ip_tunnel *t) |
1da177e4 | 384 | { |
1507850b | 385 | struct ip_tunnel __rcu **tp = ipgre_bucket(ign, t); |
1da177e4 | 386 | |
1507850b | 387 | rcu_assign_pointer(t->next, rtnl_dereference(*tp)); |
8d5b2c08 | 388 | rcu_assign_pointer(*tp, t); |
1da177e4 LT |
389 | } |
390 | ||
f57e7d5a | 391 | static void ipgre_tunnel_unlink(struct ipgre_net *ign, struct ip_tunnel *t) |
1da177e4 | 392 | { |
1507850b ED |
393 | struct ip_tunnel __rcu **tp; |
394 | struct ip_tunnel *iter; | |
395 | ||
396 | for (tp = ipgre_bucket(ign, t); | |
397 | (iter = rtnl_dereference(*tp)) != NULL; | |
398 | tp = &iter->next) { | |
399 | if (t == iter) { | |
400 | rcu_assign_pointer(*tp, t->next); | |
1da177e4 LT |
401 | break; |
402 | } | |
403 | } | |
404 | } | |
405 | ||
e1a80002 HX |
406 | static struct ip_tunnel *ipgre_tunnel_find(struct net *net, |
407 | struct ip_tunnel_parm *parms, | |
408 | int type) | |
1da177e4 | 409 | { |
d5a0a1e3 AV |
410 | __be32 remote = parms->iph.daddr; |
411 | __be32 local = parms->iph.saddr; | |
412 | __be32 key = parms->i_key; | |
749c10f9 | 413 | int link = parms->link; |
1507850b ED |
414 | struct ip_tunnel *t; |
415 | struct ip_tunnel __rcu **tp; | |
e1a80002 HX |
416 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); |
417 | ||
1507850b ED |
418 | for (tp = __ipgre_bucket(ign, parms); |
419 | (t = rtnl_dereference(*tp)) != NULL; | |
420 | tp = &t->next) | |
e1a80002 HX |
421 | if (local == t->parms.iph.saddr && |
422 | remote == t->parms.iph.daddr && | |
423 | key == t->parms.i_key && | |
749c10f9 | 424 | link == t->parms.link && |
e1a80002 HX |
425 | type == t->dev->type) |
426 | break; | |
427 | ||
428 | return t; | |
429 | } | |
430 | ||
1507850b | 431 | static struct ip_tunnel *ipgre_tunnel_locate(struct net *net, |
e1a80002 HX |
432 | struct ip_tunnel_parm *parms, int create) |
433 | { | |
434 | struct ip_tunnel *t, *nt; | |
1da177e4 | 435 | struct net_device *dev; |
1da177e4 | 436 | char name[IFNAMSIZ]; |
f57e7d5a | 437 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); |
1da177e4 | 438 | |
e1a80002 HX |
439 | t = ipgre_tunnel_find(net, parms, ARPHRD_IPGRE); |
440 | if (t || !create) | |
441 | return t; | |
1da177e4 LT |
442 | |
443 | if (parms->name[0]) | |
444 | strlcpy(name, parms->name, IFNAMSIZ); | |
34cc7ba6 | 445 | else |
407d6fcb | 446 | strcpy(name, "gre%d"); |
1da177e4 LT |
447 | |
448 | dev = alloc_netdev(sizeof(*t), name, ipgre_tunnel_setup); | |
449 | if (!dev) | |
407d6fcb | 450 | return NULL; |
1da177e4 | 451 | |
0b67eceb PE |
452 | dev_net_set(dev, net); |
453 | ||
2941a486 | 454 | nt = netdev_priv(dev); |
1da177e4 | 455 | nt->parms = *parms; |
c19e654d | 456 | dev->rtnl_link_ops = &ipgre_link_ops; |
1da177e4 | 457 | |
42aa9162 HX |
458 | dev->mtu = ipgre_tunnel_bind_dev(dev); |
459 | ||
b37d428b PE |
460 | if (register_netdevice(dev) < 0) |
461 | goto failed_free; | |
1da177e4 | 462 | |
f2b3ee9e WB |
463 | /* Can use a lockless transmit, unless we generate output sequences */ |
464 | if (!(nt->parms.o_flags & GRE_SEQ)) | |
465 | dev->features |= NETIF_F_LLTX; | |
466 | ||
1da177e4 | 467 | dev_hold(dev); |
f57e7d5a | 468 | ipgre_tunnel_link(ign, nt); |
1da177e4 LT |
469 | return nt; |
470 | ||
b37d428b PE |
471 | failed_free: |
472 | free_netdev(dev); | |
1da177e4 LT |
473 | return NULL; |
474 | } | |
475 | ||
476 | static void ipgre_tunnel_uninit(struct net_device *dev) | |
477 | { | |
f57e7d5a PE |
478 | struct net *net = dev_net(dev); |
479 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); | |
480 | ||
481 | ipgre_tunnel_unlink(ign, netdev_priv(dev)); | |
1da177e4 LT |
482 | dev_put(dev); |
483 | } | |
484 | ||
485 | ||
486 | static void ipgre_err(struct sk_buff *skb, u32 info) | |
487 | { | |
1da177e4 | 488 | |
071f92d0 | 489 | /* All the routers (except for Linux) return only |
1da177e4 LT |
490 | 8 bytes of packet payload. It means, that precise relaying of |
491 | ICMP in the real Internet is absolutely infeasible. | |
492 | ||
493 | Moreover, Cisco "wise men" put GRE key to the third word | |
494 | in GRE header. It makes impossible maintaining even soft state for keyed | |
495 | GRE tunnels with enabled checksum. Tell them "thank you". | |
496 | ||
497 | Well, I wonder, rfc1812 was written by Cisco employee, | |
bff52857 | 498 | what the hell these idiots break standards established |
499 | by themselves??? | |
1da177e4 LT |
500 | */ |
501 | ||
b71d1d42 | 502 | const struct iphdr *iph = (const struct iphdr *)skb->data; |
5e73ea1a | 503 | __be16 *p = (__be16 *)(skb->data+(iph->ihl<<2)); |
1da177e4 | 504 | int grehlen = (iph->ihl<<2) + 4; |
88c7664f ACM |
505 | const int type = icmp_hdr(skb)->type; |
506 | const int code = icmp_hdr(skb)->code; | |
1da177e4 | 507 | struct ip_tunnel *t; |
d5a0a1e3 | 508 | __be16 flags; |
d2083287 | 509 | __be32 key = 0; |
1da177e4 LT |
510 | |
511 | flags = p[0]; | |
512 | if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) { | |
513 | if (flags&(GRE_VERSION|GRE_ROUTING)) | |
514 | return; | |
515 | if (flags&GRE_KEY) { | |
516 | grehlen += 4; | |
517 | if (flags&GRE_CSUM) | |
518 | grehlen += 4; | |
519 | } | |
520 | } | |
521 | ||
522 | /* If only 8 bytes returned, keyed message will be dropped here */ | |
523 | if (skb_headlen(skb) < grehlen) | |
524 | return; | |
525 | ||
d2083287 | 526 | if (flags & GRE_KEY) |
527 | key = *(((__be32 *)p) + (grehlen / 4) - 1); | |
528 | ||
1da177e4 LT |
529 | switch (type) { |
530 | default: | |
531 | case ICMP_PARAMETERPROB: | |
532 | return; | |
533 | ||
534 | case ICMP_DEST_UNREACH: | |
535 | switch (code) { | |
536 | case ICMP_SR_FAILED: | |
537 | case ICMP_PORT_UNREACH: | |
538 | /* Impossible event. */ | |
539 | return; | |
1da177e4 LT |
540 | default: |
541 | /* All others are translated to HOST_UNREACH. | |
542 | rfc2003 contains "deep thoughts" about NET_UNREACH, | |
543 | I believe they are just ether pollution. --ANK | |
544 | */ | |
545 | break; | |
546 | } | |
547 | break; | |
548 | case ICMP_TIME_EXCEEDED: | |
549 | if (code != ICMP_EXC_TTL) | |
550 | return; | |
551 | break; | |
55be7a9c DM |
552 | |
553 | case ICMP_REDIRECT: | |
554 | break; | |
1da177e4 LT |
555 | } |
556 | ||
749c10f9 | 557 | t = ipgre_tunnel_lookup(skb->dev, iph->daddr, iph->saddr, |
d2083287 | 558 | flags, key, p[1]); |
559 | ||
36393395 | 560 | if (t == NULL) |
0c5794a6 | 561 | return; |
36393395 DM |
562 | |
563 | if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { | |
564 | ipv4_update_pmtu(skb, dev_net(skb->dev), info, | |
565 | t->parms.link, 0, IPPROTO_GRE, 0); | |
0c5794a6 | 566 | return; |
36393395 | 567 | } |
55be7a9c DM |
568 | if (type == ICMP_REDIRECT) { |
569 | ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0, | |
570 | IPPROTO_GRE, 0); | |
0c5794a6 | 571 | return; |
55be7a9c | 572 | } |
36393395 | 573 | if (t->parms.iph.daddr == 0 || |
f97c1e0c | 574 | ipv4_is_multicast(t->parms.iph.daddr)) |
0c5794a6 | 575 | return; |
1da177e4 LT |
576 | |
577 | if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED) | |
0c5794a6 | 578 | return; |
1da177e4 | 579 | |
da6185d8 | 580 | if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO)) |
1da177e4 LT |
581 | t->err_count++; |
582 | else | |
583 | t->err_count = 1; | |
584 | t->err_time = jiffies; | |
1da177e4 LT |
585 | } |
586 | ||
1da177e4 | 587 | static inline u8 |
b71d1d42 | 588 | ipgre_ecn_encapsulate(u8 tos, const struct iphdr *old_iph, struct sk_buff *skb) |
1da177e4 LT |
589 | { |
590 | u8 inner = 0; | |
591 | if (skb->protocol == htons(ETH_P_IP)) | |
592 | inner = old_iph->tos; | |
593 | else if (skb->protocol == htons(ETH_P_IPV6)) | |
b71d1d42 | 594 | inner = ipv6_get_dsfield((const struct ipv6hdr *)old_iph); |
1da177e4 LT |
595 | return INET_ECN_encapsulate(tos, inner); |
596 | } | |
597 | ||
598 | static int ipgre_rcv(struct sk_buff *skb) | |
599 | { | |
b71d1d42 | 600 | const struct iphdr *iph; |
1da177e4 | 601 | u8 *h; |
d5a0a1e3 | 602 | __be16 flags; |
d3bc23e7 | 603 | __sum16 csum = 0; |
d5a0a1e3 | 604 | __be32 key = 0; |
1da177e4 LT |
605 | u32 seqno = 0; |
606 | struct ip_tunnel *tunnel; | |
607 | int offset = 4; | |
e1a80002 | 608 | __be16 gre_proto; |
eccc1bb8 | 609 | int err; |
1da177e4 LT |
610 | |
611 | if (!pskb_may_pull(skb, 16)) | |
0c5794a6 | 612 | goto drop; |
1da177e4 | 613 | |
eddc9ec5 | 614 | iph = ip_hdr(skb); |
1da177e4 | 615 | h = skb->data; |
5e73ea1a | 616 | flags = *(__be16 *)h; |
1da177e4 LT |
617 | |
618 | if (flags&(GRE_CSUM|GRE_KEY|GRE_ROUTING|GRE_SEQ|GRE_VERSION)) { | |
619 | /* - Version must be 0. | |
620 | - We do not support routing headers. | |
621 | */ | |
622 | if (flags&(GRE_VERSION|GRE_ROUTING)) | |
0c5794a6 | 623 | goto drop; |
1da177e4 LT |
624 | |
625 | if (flags&GRE_CSUM) { | |
fb286bb2 | 626 | switch (skb->ip_summed) { |
84fa7933 | 627 | case CHECKSUM_COMPLETE: |
d3bc23e7 | 628 | csum = csum_fold(skb->csum); |
fb286bb2 HX |
629 | if (!csum) |
630 | break; | |
631 | /* fall through */ | |
632 | case CHECKSUM_NONE: | |
633 | skb->csum = 0; | |
634 | csum = __skb_checksum_complete(skb); | |
84fa7933 | 635 | skb->ip_summed = CHECKSUM_COMPLETE; |
1da177e4 LT |
636 | } |
637 | offset += 4; | |
638 | } | |
639 | if (flags&GRE_KEY) { | |
5e73ea1a | 640 | key = *(__be32 *)(h + offset); |
1da177e4 LT |
641 | offset += 4; |
642 | } | |
643 | if (flags&GRE_SEQ) { | |
5e73ea1a | 644 | seqno = ntohl(*(__be32 *)(h + offset)); |
1da177e4 LT |
645 | offset += 4; |
646 | } | |
647 | } | |
648 | ||
e1a80002 HX |
649 | gre_proto = *(__be16 *)(h + 2); |
650 | ||
d2083287 | 651 | tunnel = ipgre_tunnel_lookup(skb->dev, |
652 | iph->saddr, iph->daddr, flags, key, | |
653 | gre_proto); | |
654 | if (tunnel) { | |
e985aad7 | 655 | struct pcpu_tstats *tstats; |
addd68eb | 656 | |
1da177e4 LT |
657 | secpath_reset(skb); |
658 | ||
e1a80002 | 659 | skb->protocol = gre_proto; |
1da177e4 LT |
660 | /* WCCP version 1 and 2 protocol decoding. |
661 | * - Change protocol to IP | |
662 | * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header | |
663 | */ | |
e1a80002 | 664 | if (flags == 0 && gre_proto == htons(ETH_P_WCCP)) { |
496c98df | 665 | skb->protocol = htons(ETH_P_IP); |
e905a9ed | 666 | if ((*(h + offset) & 0xF0) != 0x40) |
1da177e4 LT |
667 | offset += 4; |
668 | } | |
669 | ||
1d069167 | 670 | skb->mac_header = skb->network_header; |
4209fb60 | 671 | __pskb_pull(skb, offset); |
9c70220b | 672 | skb_postpull_rcsum(skb, skb_transport_header(skb), offset); |
1da177e4 LT |
673 | skb->pkt_type = PACKET_HOST; |
674 | #ifdef CONFIG_NET_IPGRE_BROADCAST | |
f97c1e0c | 675 | if (ipv4_is_multicast(iph->daddr)) { |
1da177e4 | 676 | /* Looped back packet, drop it! */ |
c7537967 | 677 | if (rt_is_output_route(skb_rtable(skb))) |
1da177e4 | 678 | goto drop; |
e985aad7 | 679 | tunnel->dev->stats.multicast++; |
1da177e4 LT |
680 | skb->pkt_type = PACKET_BROADCAST; |
681 | } | |
682 | #endif | |
683 | ||
684 | if (((flags&GRE_CSUM) && csum) || | |
685 | (!(flags&GRE_CSUM) && tunnel->parms.i_flags&GRE_CSUM)) { | |
e985aad7 ED |
686 | tunnel->dev->stats.rx_crc_errors++; |
687 | tunnel->dev->stats.rx_errors++; | |
1da177e4 LT |
688 | goto drop; |
689 | } | |
690 | if (tunnel->parms.i_flags&GRE_SEQ) { | |
691 | if (!(flags&GRE_SEQ) || | |
692 | (tunnel->i_seqno && (s32)(seqno - tunnel->i_seqno) < 0)) { | |
e985aad7 ED |
693 | tunnel->dev->stats.rx_fifo_errors++; |
694 | tunnel->dev->stats.rx_errors++; | |
1da177e4 LT |
695 | goto drop; |
696 | } | |
697 | tunnel->i_seqno = seqno + 1; | |
698 | } | |
e1a80002 HX |
699 | |
700 | /* Warning: All skb pointers will be invalidated! */ | |
701 | if (tunnel->dev->type == ARPHRD_ETHER) { | |
702 | if (!pskb_may_pull(skb, ETH_HLEN)) { | |
e985aad7 ED |
703 | tunnel->dev->stats.rx_length_errors++; |
704 | tunnel->dev->stats.rx_errors++; | |
e1a80002 HX |
705 | goto drop; |
706 | } | |
707 | ||
708 | iph = ip_hdr(skb); | |
709 | skb->protocol = eth_type_trans(skb, tunnel->dev); | |
710 | skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN); | |
711 | } | |
712 | ||
eccc1bb8 | 713 | __skb_tunnel_rx(skb, tunnel->dev); |
714 | ||
715 | skb_reset_network_header(skb); | |
716 | err = IP_ECN_decapsulate(iph, skb); | |
717 | if (unlikely(err)) { | |
718 | if (log_ecn_error) | |
719 | net_info_ratelimited("non-ECT from %pI4 with TOS=%#x\n", | |
720 | &iph->saddr, iph->tos); | |
721 | if (err > 1) { | |
722 | ++tunnel->dev->stats.rx_frame_errors; | |
723 | ++tunnel->dev->stats.rx_errors; | |
724 | goto drop; | |
725 | } | |
726 | } | |
727 | ||
e985aad7 | 728 | tstats = this_cpu_ptr(tunnel->dev->tstats); |
87b6d218 | 729 | u64_stats_update_begin(&tstats->syncp); |
e985aad7 ED |
730 | tstats->rx_packets++; |
731 | tstats->rx_bytes += skb->len; | |
87b6d218 | 732 | u64_stats_update_end(&tstats->syncp); |
e985aad7 | 733 | |
60769a5d | 734 | gro_cells_receive(&tunnel->gro_cells, skb); |
8990f468 | 735 | return 0; |
1da177e4 | 736 | } |
45af08be | 737 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); |
1da177e4 LT |
738 | |
739 | drop: | |
1da177e4 | 740 | kfree_skb(skb); |
a02cec21 | 741 | return 0; |
1da177e4 LT |
742 | } |
743 | ||
6fef4c0c | 744 | static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) |
1da177e4 | 745 | { |
2941a486 | 746 | struct ip_tunnel *tunnel = netdev_priv(dev); |
b71d1d42 ED |
747 | const struct iphdr *old_iph = ip_hdr(skb); |
748 | const struct iphdr *tiph; | |
cbb1e85f | 749 | struct flowi4 fl4; |
1da177e4 | 750 | u8 tos; |
d5a0a1e3 | 751 | __be16 df; |
1da177e4 | 752 | struct rtable *rt; /* Route to the other host */ |
1507850b | 753 | struct net_device *tdev; /* Device to other host */ |
1da177e4 | 754 | struct iphdr *iph; /* Our new IP header */ |
c2636b4d | 755 | unsigned int max_headroom; /* The extra header space needed */ |
1da177e4 | 756 | int gre_hlen; |
d5a0a1e3 | 757 | __be32 dst; |
1da177e4 LT |
758 | int mtu; |
759 | ||
6b78f16e ED |
760 | if (skb->ip_summed == CHECKSUM_PARTIAL && |
761 | skb_checksum_help(skb)) | |
762 | goto tx_error; | |
763 | ||
e1a80002 HX |
764 | if (dev->type == ARPHRD_ETHER) |
765 | IPCB(skb)->flags = 0; | |
766 | ||
767 | if (dev->header_ops && dev->type == ARPHRD_IPGRE) { | |
1da177e4 | 768 | gre_hlen = 0; |
b71d1d42 | 769 | tiph = (const struct iphdr *)skb->data; |
1da177e4 LT |
770 | } else { |
771 | gre_hlen = tunnel->hlen; | |
772 | tiph = &tunnel->parms.iph; | |
773 | } | |
774 | ||
775 | if ((dst = tiph->daddr) == 0) { | |
776 | /* NBMA tunnel */ | |
777 | ||
adf30907 | 778 | if (skb_dst(skb) == NULL) { |
e985aad7 | 779 | dev->stats.tx_fifo_errors++; |
1da177e4 LT |
780 | goto tx_error; |
781 | } | |
782 | ||
61d57f87 | 783 | if (skb->protocol == htons(ETH_P_IP)) { |
511c3f92 | 784 | rt = skb_rtable(skb); |
f8126f1d | 785 | dst = rt_nexthop(rt, old_iph->daddr); |
61d57f87 | 786 | } |
dfd56b8b | 787 | #if IS_ENABLED(CONFIG_IPV6) |
1da177e4 | 788 | else if (skb->protocol == htons(ETH_P_IPV6)) { |
b71d1d42 | 789 | const struct in6_addr *addr6; |
0ec88662 DM |
790 | struct neighbour *neigh; |
791 | bool do_tx_error_icmp; | |
1da177e4 | 792 | int addr_type; |
1da177e4 | 793 | |
0ec88662 | 794 | neigh = dst_neigh_lookup(skb_dst(skb), &ipv6_hdr(skb)->daddr); |
1da177e4 LT |
795 | if (neigh == NULL) |
796 | goto tx_error; | |
797 | ||
b71d1d42 | 798 | addr6 = (const struct in6_addr *)&neigh->primary_key; |
1da177e4 LT |
799 | addr_type = ipv6_addr_type(addr6); |
800 | ||
801 | if (addr_type == IPV6_ADDR_ANY) { | |
0660e03f | 802 | addr6 = &ipv6_hdr(skb)->daddr; |
1da177e4 LT |
803 | addr_type = ipv6_addr_type(addr6); |
804 | } | |
805 | ||
806 | if ((addr_type & IPV6_ADDR_COMPATv4) == 0) | |
0ec88662 DM |
807 | do_tx_error_icmp = true; |
808 | else { | |
809 | do_tx_error_icmp = false; | |
810 | dst = addr6->s6_addr32[3]; | |
811 | } | |
812 | neigh_release(neigh); | |
813 | if (do_tx_error_icmp) | |
1da177e4 | 814 | goto tx_error_icmp; |
1da177e4 LT |
815 | } |
816 | #endif | |
817 | else | |
818 | goto tx_error; | |
819 | } | |
820 | ||
821 | tos = tiph->tos; | |
ee686ca9 AJ |
822 | if (tos == 1) { |
823 | tos = 0; | |
1da177e4 LT |
824 | if (skb->protocol == htons(ETH_P_IP)) |
825 | tos = old_iph->tos; | |
dd4ba83d | 826 | else if (skb->protocol == htons(ETH_P_IPV6)) |
b71d1d42 | 827 | tos = ipv6_get_dsfield((const struct ipv6hdr *)old_iph); |
1da177e4 LT |
828 | } |
829 | ||
cbb1e85f | 830 | rt = ip_route_output_gre(dev_net(dev), &fl4, dst, tiph->saddr, |
78fbfd8a DM |
831 | tunnel->parms.o_key, RT_TOS(tos), |
832 | tunnel->parms.link); | |
833 | if (IS_ERR(rt)) { | |
834 | dev->stats.tx_carrier_errors++; | |
835 | goto tx_error; | |
1da177e4 | 836 | } |
d8d1f30b | 837 | tdev = rt->dst.dev; |
1da177e4 LT |
838 | |
839 | if (tdev == dev) { | |
840 | ip_rt_put(rt); | |
e985aad7 | 841 | dev->stats.collisions++; |
1da177e4 LT |
842 | goto tx_error; |
843 | } | |
844 | ||
845 | df = tiph->frag_off; | |
846 | if (df) | |
d8d1f30b | 847 | mtu = dst_mtu(&rt->dst) - dev->hard_header_len - tunnel->hlen; |
1da177e4 | 848 | else |
adf30907 | 849 | mtu = skb_dst(skb) ? dst_mtu(skb_dst(skb)) : dev->mtu; |
1da177e4 | 850 | |
adf30907 | 851 | if (skb_dst(skb)) |
6700c270 | 852 | skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu); |
1da177e4 LT |
853 | |
854 | if (skb->protocol == htons(ETH_P_IP)) { | |
855 | df |= (old_iph->frag_off&htons(IP_DF)); | |
856 | ||
857 | if ((old_iph->frag_off&htons(IP_DF)) && | |
858 | mtu < ntohs(old_iph->tot_len)) { | |
859 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); | |
860 | ip_rt_put(rt); | |
861 | goto tx_error; | |
862 | } | |
863 | } | |
dfd56b8b | 864 | #if IS_ENABLED(CONFIG_IPV6) |
1da177e4 | 865 | else if (skb->protocol == htons(ETH_P_IPV6)) { |
adf30907 | 866 | struct rt6_info *rt6 = (struct rt6_info *)skb_dst(skb); |
1da177e4 | 867 | |
adf30907 | 868 | if (rt6 && mtu < dst_mtu(skb_dst(skb)) && mtu >= IPV6_MIN_MTU) { |
f97c1e0c JP |
869 | if ((tunnel->parms.iph.daddr && |
870 | !ipv4_is_multicast(tunnel->parms.iph.daddr)) || | |
1da177e4 LT |
871 | rt6->rt6i_dst.plen == 128) { |
872 | rt6->rt6i_flags |= RTF_MODIFIED; | |
defb3519 | 873 | dst_metric_set(skb_dst(skb), RTAX_MTU, mtu); |
1da177e4 LT |
874 | } |
875 | } | |
876 | ||
877 | if (mtu >= IPV6_MIN_MTU && mtu < skb->len - tunnel->hlen + gre_hlen) { | |
3ffe533c | 878 | icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); |
1da177e4 LT |
879 | ip_rt_put(rt); |
880 | goto tx_error; | |
881 | } | |
882 | } | |
883 | #endif | |
884 | ||
885 | if (tunnel->err_count > 0) { | |
da6185d8 WY |
886 | if (time_before(jiffies, |
887 | tunnel->err_time + IPTUNNEL_ERR_TIMEO)) { | |
1da177e4 LT |
888 | tunnel->err_count--; |
889 | ||
890 | dst_link_failure(skb); | |
891 | } else | |
892 | tunnel->err_count = 0; | |
893 | } | |
894 | ||
d8d1f30b | 895 | max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen + rt->dst.header_len; |
1da177e4 | 896 | |
cfbba49d PM |
897 | if (skb_headroom(skb) < max_headroom || skb_shared(skb)|| |
898 | (skb_cloned(skb) && !skb_clone_writable(skb, 0))) { | |
1da177e4 | 899 | struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom); |
805dc1d6 HX |
900 | if (max_headroom > dev->needed_headroom) |
901 | dev->needed_headroom = max_headroom; | |
1da177e4 LT |
902 | if (!new_skb) { |
903 | ip_rt_put(rt); | |
e985aad7 | 904 | dev->stats.tx_dropped++; |
1da177e4 | 905 | dev_kfree_skb(skb); |
6ed10654 | 906 | return NETDEV_TX_OK; |
1da177e4 LT |
907 | } |
908 | if (skb->sk) | |
909 | skb_set_owner_w(new_skb, skb->sk); | |
910 | dev_kfree_skb(skb); | |
911 | skb = new_skb; | |
eddc9ec5 | 912 | old_iph = ip_hdr(skb); |
1da177e4 LT |
913 | } |
914 | ||
64194c31 | 915 | skb_reset_transport_header(skb); |
e2d1bca7 ACM |
916 | skb_push(skb, gre_hlen); |
917 | skb_reset_network_header(skb); | |
1da177e4 | 918 | memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); |
48d5cad8 PM |
919 | IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | |
920 | IPSKB_REROUTED); | |
adf30907 | 921 | skb_dst_drop(skb); |
d8d1f30b | 922 | skb_dst_set(skb, &rt->dst); |
1da177e4 LT |
923 | |
924 | /* | |
925 | * Push down and install the IPIP header. | |
926 | */ | |
927 | ||
eddc9ec5 | 928 | iph = ip_hdr(skb); |
1da177e4 LT |
929 | iph->version = 4; |
930 | iph->ihl = sizeof(struct iphdr) >> 2; | |
931 | iph->frag_off = df; | |
932 | iph->protocol = IPPROTO_GRE; | |
933 | iph->tos = ipgre_ecn_encapsulate(tos, old_iph, skb); | |
cbb1e85f DM |
934 | iph->daddr = fl4.daddr; |
935 | iph->saddr = fl4.saddr; | |
1da177e4 LT |
936 | |
937 | if ((iph->ttl = tiph->ttl) == 0) { | |
938 | if (skb->protocol == htons(ETH_P_IP)) | |
939 | iph->ttl = old_iph->ttl; | |
dfd56b8b | 940 | #if IS_ENABLED(CONFIG_IPV6) |
1da177e4 | 941 | else if (skb->protocol == htons(ETH_P_IPV6)) |
b71d1d42 | 942 | iph->ttl = ((const struct ipv6hdr *)old_iph)->hop_limit; |
1da177e4 LT |
943 | #endif |
944 | else | |
323e126f | 945 | iph->ttl = ip4_dst_hoplimit(&rt->dst); |
1da177e4 LT |
946 | } |
947 | ||
e1a80002 HX |
948 | ((__be16 *)(iph + 1))[0] = tunnel->parms.o_flags; |
949 | ((__be16 *)(iph + 1))[1] = (dev->type == ARPHRD_ETHER) ? | |
950 | htons(ETH_P_TEB) : skb->protocol; | |
1da177e4 LT |
951 | |
952 | if (tunnel->parms.o_flags&(GRE_KEY|GRE_CSUM|GRE_SEQ)) { | |
5e73ea1a | 953 | __be32 *ptr = (__be32 *)(((u8 *)iph) + tunnel->hlen - 4); |
1da177e4 LT |
954 | |
955 | if (tunnel->parms.o_flags&GRE_SEQ) { | |
956 | ++tunnel->o_seqno; | |
957 | *ptr = htonl(tunnel->o_seqno); | |
958 | ptr--; | |
959 | } | |
960 | if (tunnel->parms.o_flags&GRE_KEY) { | |
961 | *ptr = tunnel->parms.o_key; | |
962 | ptr--; | |
963 | } | |
964 | if (tunnel->parms.o_flags&GRE_CSUM) { | |
965 | *ptr = 0; | |
5e73ea1a | 966 | *(__sum16 *)ptr = ip_compute_csum((void *)(iph+1), skb->len - sizeof(struct iphdr)); |
1da177e4 LT |
967 | } |
968 | } | |
969 | ||
aa0010f8 | 970 | iptunnel_xmit(skb, dev); |
6ed10654 | 971 | return NETDEV_TX_OK; |
1da177e4 | 972 | |
496053f4 | 973 | #if IS_ENABLED(CONFIG_IPV6) |
1da177e4 LT |
974 | tx_error_icmp: |
975 | dst_link_failure(skb); | |
496053f4 | 976 | #endif |
1da177e4 | 977 | tx_error: |
e985aad7 | 978 | dev->stats.tx_errors++; |
1da177e4 | 979 | dev_kfree_skb(skb); |
6ed10654 | 980 | return NETDEV_TX_OK; |
1da177e4 LT |
981 | } |
982 | ||
42aa9162 | 983 | static int ipgre_tunnel_bind_dev(struct net_device *dev) |
ee34c1eb MS |
984 | { |
985 | struct net_device *tdev = NULL; | |
986 | struct ip_tunnel *tunnel; | |
b71d1d42 | 987 | const struct iphdr *iph; |
ee34c1eb MS |
988 | int hlen = LL_MAX_HEADER; |
989 | int mtu = ETH_DATA_LEN; | |
990 | int addend = sizeof(struct iphdr) + 4; | |
991 | ||
992 | tunnel = netdev_priv(dev); | |
993 | iph = &tunnel->parms.iph; | |
994 | ||
c95b819a | 995 | /* Guess output device to choose reasonable mtu and needed_headroom */ |
ee34c1eb MS |
996 | |
997 | if (iph->daddr) { | |
cbb1e85f DM |
998 | struct flowi4 fl4; |
999 | struct rtable *rt; | |
1000 | ||
1001 | rt = ip_route_output_gre(dev_net(dev), &fl4, | |
1002 | iph->daddr, iph->saddr, | |
1003 | tunnel->parms.o_key, | |
1004 | RT_TOS(iph->tos), | |
1005 | tunnel->parms.link); | |
b23dd4fe | 1006 | if (!IS_ERR(rt)) { |
d8d1f30b | 1007 | tdev = rt->dst.dev; |
ee34c1eb MS |
1008 | ip_rt_put(rt); |
1009 | } | |
e1a80002 HX |
1010 | |
1011 | if (dev->type != ARPHRD_ETHER) | |
1012 | dev->flags |= IFF_POINTOPOINT; | |
ee34c1eb MS |
1013 | } |
1014 | ||
1015 | if (!tdev && tunnel->parms.link) | |
96635522 | 1016 | tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link); |
ee34c1eb MS |
1017 | |
1018 | if (tdev) { | |
c95b819a | 1019 | hlen = tdev->hard_header_len + tdev->needed_headroom; |
ee34c1eb MS |
1020 | mtu = tdev->mtu; |
1021 | } | |
1022 | dev->iflink = tunnel->parms.link; | |
1023 | ||
1024 | /* Precalculate GRE options length */ | |
1025 | if (tunnel->parms.o_flags&(GRE_CSUM|GRE_KEY|GRE_SEQ)) { | |
1026 | if (tunnel->parms.o_flags&GRE_CSUM) | |
1027 | addend += 4; | |
1028 | if (tunnel->parms.o_flags&GRE_KEY) | |
1029 | addend += 4; | |
1030 | if (tunnel->parms.o_flags&GRE_SEQ) | |
1031 | addend += 4; | |
1032 | } | |
c95b819a | 1033 | dev->needed_headroom = addend + hlen; |
8cdb0456 | 1034 | mtu -= dev->hard_header_len + addend; |
42aa9162 HX |
1035 | |
1036 | if (mtu < 68) | |
1037 | mtu = 68; | |
1038 | ||
ee34c1eb MS |
1039 | tunnel->hlen = addend; |
1040 | ||
42aa9162 | 1041 | return mtu; |
ee34c1eb MS |
1042 | } |
1043 | ||
1da177e4 LT |
1044 | static int |
1045 | ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd) | |
1046 | { | |
1047 | int err = 0; | |
1048 | struct ip_tunnel_parm p; | |
1049 | struct ip_tunnel *t; | |
f57e7d5a PE |
1050 | struct net *net = dev_net(dev); |
1051 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); | |
1da177e4 LT |
1052 | |
1053 | switch (cmd) { | |
1054 | case SIOCGETTUNNEL: | |
1055 | t = NULL; | |
7daa0004 | 1056 | if (dev == ign->fb_tunnel_dev) { |
1da177e4 LT |
1057 | if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) { |
1058 | err = -EFAULT; | |
1059 | break; | |
1060 | } | |
f57e7d5a | 1061 | t = ipgre_tunnel_locate(net, &p, 0); |
1da177e4 LT |
1062 | } |
1063 | if (t == NULL) | |
2941a486 | 1064 | t = netdev_priv(dev); |
1da177e4 LT |
1065 | memcpy(&p, &t->parms, sizeof(p)); |
1066 | if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) | |
1067 | err = -EFAULT; | |
1068 | break; | |
1069 | ||
1070 | case SIOCADDTUNNEL: | |
1071 | case SIOCCHGTUNNEL: | |
1072 | err = -EPERM; | |
1073 | if (!capable(CAP_NET_ADMIN)) | |
1074 | goto done; | |
1075 | ||
1076 | err = -EFAULT; | |
1077 | if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) | |
1078 | goto done; | |
1079 | ||
1080 | err = -EINVAL; | |
1081 | if (p.iph.version != 4 || p.iph.protocol != IPPROTO_GRE || | |
1082 | p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)) || | |
1083 | ((p.i_flags|p.o_flags)&(GRE_VERSION|GRE_ROUTING))) | |
1084 | goto done; | |
1085 | if (p.iph.ttl) | |
1086 | p.iph.frag_off |= htons(IP_DF); | |
1087 | ||
1088 | if (!(p.i_flags&GRE_KEY)) | |
1089 | p.i_key = 0; | |
1090 | if (!(p.o_flags&GRE_KEY)) | |
1091 | p.o_key = 0; | |
1092 | ||
f57e7d5a | 1093 | t = ipgre_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL); |
1da177e4 | 1094 | |
7daa0004 | 1095 | if (dev != ign->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) { |
1da177e4 LT |
1096 | if (t != NULL) { |
1097 | if (t->dev != dev) { | |
1098 | err = -EEXIST; | |
1099 | break; | |
1100 | } | |
1101 | } else { | |
1507850b | 1102 | unsigned int nflags = 0; |
1da177e4 | 1103 | |
2941a486 | 1104 | t = netdev_priv(dev); |
1da177e4 | 1105 | |
f97c1e0c | 1106 | if (ipv4_is_multicast(p.iph.daddr)) |
1da177e4 LT |
1107 | nflags = IFF_BROADCAST; |
1108 | else if (p.iph.daddr) | |
1109 | nflags = IFF_POINTOPOINT; | |
1110 | ||
1111 | if ((dev->flags^nflags)&(IFF_POINTOPOINT|IFF_BROADCAST)) { | |
1112 | err = -EINVAL; | |
1113 | break; | |
1114 | } | |
f57e7d5a | 1115 | ipgre_tunnel_unlink(ign, t); |
74b0b85b | 1116 | synchronize_net(); |
1da177e4 LT |
1117 | t->parms.iph.saddr = p.iph.saddr; |
1118 | t->parms.iph.daddr = p.iph.daddr; | |
1119 | t->parms.i_key = p.i_key; | |
1120 | t->parms.o_key = p.o_key; | |
1121 | memcpy(dev->dev_addr, &p.iph.saddr, 4); | |
1122 | memcpy(dev->broadcast, &p.iph.daddr, 4); | |
f57e7d5a | 1123 | ipgre_tunnel_link(ign, t); |
1da177e4 LT |
1124 | netdev_state_change(dev); |
1125 | } | |
1126 | } | |
1127 | ||
1128 | if (t) { | |
1129 | err = 0; | |
1130 | if (cmd == SIOCCHGTUNNEL) { | |
1131 | t->parms.iph.ttl = p.iph.ttl; | |
1132 | t->parms.iph.tos = p.iph.tos; | |
1133 | t->parms.iph.frag_off = p.iph.frag_off; | |
ee34c1eb MS |
1134 | if (t->parms.link != p.link) { |
1135 | t->parms.link = p.link; | |
42aa9162 | 1136 | dev->mtu = ipgre_tunnel_bind_dev(dev); |
ee34c1eb MS |
1137 | netdev_state_change(dev); |
1138 | } | |
1da177e4 LT |
1139 | } |
1140 | if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p))) | |
1141 | err = -EFAULT; | |
1142 | } else | |
1143 | err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT); | |
1144 | break; | |
1145 | ||
1146 | case SIOCDELTUNNEL: | |
1147 | err = -EPERM; | |
1148 | if (!capable(CAP_NET_ADMIN)) | |
1149 | goto done; | |
1150 | ||
7daa0004 | 1151 | if (dev == ign->fb_tunnel_dev) { |
1da177e4 LT |
1152 | err = -EFAULT; |
1153 | if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) | |
1154 | goto done; | |
1155 | err = -ENOENT; | |
f57e7d5a | 1156 | if ((t = ipgre_tunnel_locate(net, &p, 0)) == NULL) |
1da177e4 LT |
1157 | goto done; |
1158 | err = -EPERM; | |
7daa0004 | 1159 | if (t == netdev_priv(ign->fb_tunnel_dev)) |
1da177e4 LT |
1160 | goto done; |
1161 | dev = t->dev; | |
1162 | } | |
22f8cde5 SH |
1163 | unregister_netdevice(dev); |
1164 | err = 0; | |
1da177e4 LT |
1165 | break; |
1166 | ||
1167 | default: | |
1168 | err = -EINVAL; | |
1169 | } | |
1170 | ||
1171 | done: | |
1172 | return err; | |
1173 | } | |
1174 | ||
1da177e4 LT |
1175 | static int ipgre_tunnel_change_mtu(struct net_device *dev, int new_mtu) |
1176 | { | |
2941a486 | 1177 | struct ip_tunnel *tunnel = netdev_priv(dev); |
c95b819a HX |
1178 | if (new_mtu < 68 || |
1179 | new_mtu > 0xFFF8 - dev->hard_header_len - tunnel->hlen) | |
1da177e4 LT |
1180 | return -EINVAL; |
1181 | dev->mtu = new_mtu; | |
1182 | return 0; | |
1183 | } | |
1184 | ||
1da177e4 LT |
1185 | /* Nice toy. Unfortunately, useless in real life :-) |
1186 | It allows to construct virtual multiprotocol broadcast "LAN" | |
1187 | over the Internet, provided multicast routing is tuned. | |
1188 | ||
1189 | ||
1190 | I have no idea was this bicycle invented before me, | |
1191 | so that I had to set ARPHRD_IPGRE to a random value. | |
1192 | I have an impression, that Cisco could make something similar, | |
1193 | but this feature is apparently missing in IOS<=11.2(8). | |
e905a9ed | 1194 | |
1da177e4 LT |
1195 | I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks |
1196 | with broadcast 224.66.66.66. If you have access to mbone, play with me :-) | |
1197 | ||
1198 | ping -t 255 224.66.66.66 | |
1199 | ||
1200 | If nobody answers, mbone does not work. | |
1201 | ||
1202 | ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255 | |
1203 | ip addr add 10.66.66.<somewhat>/24 dev Universe | |
1204 | ifconfig Universe up | |
1205 | ifconfig Universe add fe80::<Your_real_addr>/10 | |
1206 | ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96 | |
1207 | ftp 10.66.66.66 | |
1208 | ... | |
1209 | ftp fec0:6666:6666::193.233.7.65 | |
1210 | ... | |
1211 | ||
1212 | */ | |
1213 | ||
3b04ddde SH |
1214 | static int ipgre_header(struct sk_buff *skb, struct net_device *dev, |
1215 | unsigned short type, | |
1507850b | 1216 | const void *daddr, const void *saddr, unsigned int len) |
1da177e4 | 1217 | { |
2941a486 | 1218 | struct ip_tunnel *t = netdev_priv(dev); |
1da177e4 | 1219 | struct iphdr *iph = (struct iphdr *)skb_push(skb, t->hlen); |
5e73ea1a | 1220 | __be16 *p = (__be16 *)(iph+1); |
1da177e4 LT |
1221 | |
1222 | memcpy(iph, &t->parms.iph, sizeof(struct iphdr)); | |
1223 | p[0] = t->parms.o_flags; | |
1224 | p[1] = htons(type); | |
1225 | ||
1226 | /* | |
e905a9ed | 1227 | * Set the source hardware address. |
1da177e4 | 1228 | */ |
e905a9ed | 1229 | |
1da177e4 LT |
1230 | if (saddr) |
1231 | memcpy(&iph->saddr, saddr, 4); | |
6d55cb91 | 1232 | if (daddr) |
1da177e4 | 1233 | memcpy(&iph->daddr, daddr, 4); |
6d55cb91 | 1234 | if (iph->daddr) |
1da177e4 | 1235 | return t->hlen; |
e905a9ed | 1236 | |
1da177e4 LT |
1237 | return -t->hlen; |
1238 | } | |
1239 | ||
6a5f44d7 TT |
1240 | static int ipgre_header_parse(const struct sk_buff *skb, unsigned char *haddr) |
1241 | { | |
b71d1d42 | 1242 | const struct iphdr *iph = (const struct iphdr *) skb_mac_header(skb); |
6a5f44d7 TT |
1243 | memcpy(haddr, &iph->saddr, 4); |
1244 | return 4; | |
1245 | } | |
1246 | ||
3b04ddde SH |
1247 | static const struct header_ops ipgre_header_ops = { |
1248 | .create = ipgre_header, | |
6a5f44d7 | 1249 | .parse = ipgre_header_parse, |
3b04ddde SH |
1250 | }; |
1251 | ||
6a5f44d7 | 1252 | #ifdef CONFIG_NET_IPGRE_BROADCAST |
1da177e4 LT |
1253 | static int ipgre_open(struct net_device *dev) |
1254 | { | |
2941a486 | 1255 | struct ip_tunnel *t = netdev_priv(dev); |
1da177e4 | 1256 | |
f97c1e0c | 1257 | if (ipv4_is_multicast(t->parms.iph.daddr)) { |
cbb1e85f DM |
1258 | struct flowi4 fl4; |
1259 | struct rtable *rt; | |
1260 | ||
1261 | rt = ip_route_output_gre(dev_net(dev), &fl4, | |
1262 | t->parms.iph.daddr, | |
1263 | t->parms.iph.saddr, | |
1264 | t->parms.o_key, | |
1265 | RT_TOS(t->parms.iph.tos), | |
1266 | t->parms.link); | |
b23dd4fe | 1267 | if (IS_ERR(rt)) |
1da177e4 | 1268 | return -EADDRNOTAVAIL; |
d8d1f30b | 1269 | dev = rt->dst.dev; |
1da177e4 | 1270 | ip_rt_put(rt); |
e5ed6399 | 1271 | if (__in_dev_get_rtnl(dev) == NULL) |
1da177e4 LT |
1272 | return -EADDRNOTAVAIL; |
1273 | t->mlink = dev->ifindex; | |
e5ed6399 | 1274 | ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr); |
1da177e4 LT |
1275 | } |
1276 | return 0; | |
1277 | } | |
1278 | ||
1279 | static int ipgre_close(struct net_device *dev) | |
1280 | { | |
2941a486 | 1281 | struct ip_tunnel *t = netdev_priv(dev); |
b8c26a33 | 1282 | |
f97c1e0c | 1283 | if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) { |
7fee0ca2 | 1284 | struct in_device *in_dev; |
c346dca1 | 1285 | in_dev = inetdev_by_index(dev_net(dev), t->mlink); |
8723e1b4 | 1286 | if (in_dev) |
1da177e4 | 1287 | ip_mc_dec_group(in_dev, t->parms.iph.daddr); |
1da177e4 LT |
1288 | } |
1289 | return 0; | |
1290 | } | |
1291 | ||
1292 | #endif | |
1293 | ||
b8c26a33 SH |
1294 | static const struct net_device_ops ipgre_netdev_ops = { |
1295 | .ndo_init = ipgre_tunnel_init, | |
1296 | .ndo_uninit = ipgre_tunnel_uninit, | |
1297 | #ifdef CONFIG_NET_IPGRE_BROADCAST | |
1298 | .ndo_open = ipgre_open, | |
1299 | .ndo_stop = ipgre_close, | |
1300 | #endif | |
1301 | .ndo_start_xmit = ipgre_tunnel_xmit, | |
1302 | .ndo_do_ioctl = ipgre_tunnel_ioctl, | |
1303 | .ndo_change_mtu = ipgre_tunnel_change_mtu, | |
87b6d218 | 1304 | .ndo_get_stats64 = ipgre_get_stats64, |
b8c26a33 SH |
1305 | }; |
1306 | ||
e985aad7 ED |
1307 | static void ipgre_dev_free(struct net_device *dev) |
1308 | { | |
60769a5d ED |
1309 | struct ip_tunnel *tunnel = netdev_priv(dev); |
1310 | ||
1311 | gro_cells_destroy(&tunnel->gro_cells); | |
e985aad7 ED |
1312 | free_percpu(dev->tstats); |
1313 | free_netdev(dev); | |
1314 | } | |
1315 | ||
6b78f16e ED |
1316 | #define GRE_FEATURES (NETIF_F_SG | \ |
1317 | NETIF_F_FRAGLIST | \ | |
1318 | NETIF_F_HIGHDMA | \ | |
1319 | NETIF_F_HW_CSUM) | |
1320 | ||
1da177e4 LT |
1321 | static void ipgre_tunnel_setup(struct net_device *dev) |
1322 | { | |
b8c26a33 | 1323 | dev->netdev_ops = &ipgre_netdev_ops; |
e985aad7 | 1324 | dev->destructor = ipgre_dev_free; |
1da177e4 LT |
1325 | |
1326 | dev->type = ARPHRD_IPGRE; | |
c95b819a | 1327 | dev->needed_headroom = LL_MAX_HEADER + sizeof(struct iphdr) + 4; |
46f25dff | 1328 | dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr) - 4; |
1da177e4 LT |
1329 | dev->flags = IFF_NOARP; |
1330 | dev->iflink = 0; | |
1331 | dev->addr_len = 4; | |
0b67eceb | 1332 | dev->features |= NETIF_F_NETNS_LOCAL; |
108bfa89 | 1333 | dev->priv_flags &= ~IFF_XMIT_DST_RELEASE; |
6b78f16e ED |
1334 | |
1335 | dev->features |= GRE_FEATURES; | |
1336 | dev->hw_features |= GRE_FEATURES; | |
1da177e4 LT |
1337 | } |
1338 | ||
1339 | static int ipgre_tunnel_init(struct net_device *dev) | |
1340 | { | |
1da177e4 LT |
1341 | struct ip_tunnel *tunnel; |
1342 | struct iphdr *iph; | |
60769a5d | 1343 | int err; |
1da177e4 | 1344 | |
2941a486 | 1345 | tunnel = netdev_priv(dev); |
1da177e4 LT |
1346 | iph = &tunnel->parms.iph; |
1347 | ||
1348 | tunnel->dev = dev; | |
1349 | strcpy(tunnel->parms.name, dev->name); | |
1350 | ||
1351 | memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4); | |
1352 | memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4); | |
1353 | ||
1da177e4 | 1354 | if (iph->daddr) { |
1da177e4 | 1355 | #ifdef CONFIG_NET_IPGRE_BROADCAST |
f97c1e0c | 1356 | if (ipv4_is_multicast(iph->daddr)) { |
1da177e4 LT |
1357 | if (!iph->saddr) |
1358 | return -EINVAL; | |
1359 | dev->flags = IFF_BROADCAST; | |
3b04ddde | 1360 | dev->header_ops = &ipgre_header_ops; |
1da177e4 LT |
1361 | } |
1362 | #endif | |
ee34c1eb | 1363 | } else |
6a5f44d7 | 1364 | dev->header_ops = &ipgre_header_ops; |
1da177e4 | 1365 | |
e985aad7 ED |
1366 | dev->tstats = alloc_percpu(struct pcpu_tstats); |
1367 | if (!dev->tstats) | |
1368 | return -ENOMEM; | |
1369 | ||
60769a5d ED |
1370 | err = gro_cells_init(&tunnel->gro_cells, dev); |
1371 | if (err) { | |
1372 | free_percpu(dev->tstats); | |
1373 | return err; | |
1374 | } | |
1375 | ||
1da177e4 LT |
1376 | return 0; |
1377 | } | |
1378 | ||
b8c26a33 | 1379 | static void ipgre_fb_tunnel_init(struct net_device *dev) |
1da177e4 | 1380 | { |
2941a486 | 1381 | struct ip_tunnel *tunnel = netdev_priv(dev); |
1da177e4 LT |
1382 | struct iphdr *iph = &tunnel->parms.iph; |
1383 | ||
1384 | tunnel->dev = dev; | |
1385 | strcpy(tunnel->parms.name, dev->name); | |
1386 | ||
1387 | iph->version = 4; | |
1388 | iph->protocol = IPPROTO_GRE; | |
1389 | iph->ihl = 5; | |
1390 | tunnel->hlen = sizeof(struct iphdr) + 4; | |
1391 | ||
1392 | dev_hold(dev); | |
1da177e4 LT |
1393 | } |
1394 | ||
1395 | ||
00959ade DK |
1396 | static const struct gre_protocol ipgre_protocol = { |
1397 | .handler = ipgre_rcv, | |
1398 | .err_handler = ipgre_err, | |
1da177e4 LT |
1399 | }; |
1400 | ||
eef6dd65 | 1401 | static void ipgre_destroy_tunnels(struct ipgre_net *ign, struct list_head *head) |
eb8ce741 PE |
1402 | { |
1403 | int prio; | |
1404 | ||
1405 | for (prio = 0; prio < 4; prio++) { | |
1406 | int h; | |
1407 | for (h = 0; h < HASH_SIZE; h++) { | |
1507850b ED |
1408 | struct ip_tunnel *t; |
1409 | ||
1410 | t = rtnl_dereference(ign->tunnels[prio][h]); | |
eef6dd65 ED |
1411 | |
1412 | while (t != NULL) { | |
1413 | unregister_netdevice_queue(t->dev, head); | |
1507850b | 1414 | t = rtnl_dereference(t->next); |
eef6dd65 | 1415 | } |
eb8ce741 PE |
1416 | } |
1417 | } | |
1418 | } | |
1419 | ||
2c8c1e72 | 1420 | static int __net_init ipgre_init_net(struct net *net) |
59a4c759 | 1421 | { |
cfb8fbf2 | 1422 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); |
59a4c759 | 1423 | int err; |
59a4c759 | 1424 | |
7daa0004 PE |
1425 | ign->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0", |
1426 | ipgre_tunnel_setup); | |
1427 | if (!ign->fb_tunnel_dev) { | |
1428 | err = -ENOMEM; | |
1429 | goto err_alloc_dev; | |
1430 | } | |
be77e593 | 1431 | dev_net_set(ign->fb_tunnel_dev, net); |
7daa0004 | 1432 | |
b8c26a33 | 1433 | ipgre_fb_tunnel_init(ign->fb_tunnel_dev); |
c19e654d | 1434 | ign->fb_tunnel_dev->rtnl_link_ops = &ipgre_link_ops; |
7daa0004 PE |
1435 | |
1436 | if ((err = register_netdev(ign->fb_tunnel_dev))) | |
1437 | goto err_reg_dev; | |
1438 | ||
3285ee3b ED |
1439 | rcu_assign_pointer(ign->tunnels_wc[0], |
1440 | netdev_priv(ign->fb_tunnel_dev)); | |
59a4c759 PE |
1441 | return 0; |
1442 | ||
7daa0004 | 1443 | err_reg_dev: |
3285ee3b | 1444 | ipgre_dev_free(ign->fb_tunnel_dev); |
7daa0004 | 1445 | err_alloc_dev: |
59a4c759 PE |
1446 | return err; |
1447 | } | |
1448 | ||
2c8c1e72 | 1449 | static void __net_exit ipgre_exit_net(struct net *net) |
59a4c759 PE |
1450 | { |
1451 | struct ipgre_net *ign; | |
eef6dd65 | 1452 | LIST_HEAD(list); |
59a4c759 PE |
1453 | |
1454 | ign = net_generic(net, ipgre_net_id); | |
7daa0004 | 1455 | rtnl_lock(); |
eef6dd65 ED |
1456 | ipgre_destroy_tunnels(ign, &list); |
1457 | unregister_netdevice_many(&list); | |
7daa0004 | 1458 | rtnl_unlock(); |
59a4c759 PE |
1459 | } |
1460 | ||
1461 | static struct pernet_operations ipgre_net_ops = { | |
1462 | .init = ipgre_init_net, | |
1463 | .exit = ipgre_exit_net, | |
cfb8fbf2 EB |
1464 | .id = &ipgre_net_id, |
1465 | .size = sizeof(struct ipgre_net), | |
59a4c759 | 1466 | }; |
1da177e4 | 1467 | |
c19e654d HX |
1468 | static int ipgre_tunnel_validate(struct nlattr *tb[], struct nlattr *data[]) |
1469 | { | |
1470 | __be16 flags; | |
1471 | ||
1472 | if (!data) | |
1473 | return 0; | |
1474 | ||
1475 | flags = 0; | |
1476 | if (data[IFLA_GRE_IFLAGS]) | |
1477 | flags |= nla_get_be16(data[IFLA_GRE_IFLAGS]); | |
1478 | if (data[IFLA_GRE_OFLAGS]) | |
1479 | flags |= nla_get_be16(data[IFLA_GRE_OFLAGS]); | |
1480 | if (flags & (GRE_VERSION|GRE_ROUTING)) | |
1481 | return -EINVAL; | |
1482 | ||
1483 | return 0; | |
1484 | } | |
1485 | ||
e1a80002 HX |
1486 | static int ipgre_tap_validate(struct nlattr *tb[], struct nlattr *data[]) |
1487 | { | |
1488 | __be32 daddr; | |
1489 | ||
1490 | if (tb[IFLA_ADDRESS]) { | |
1491 | if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) | |
1492 | return -EINVAL; | |
1493 | if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) | |
1494 | return -EADDRNOTAVAIL; | |
1495 | } | |
1496 | ||
1497 | if (!data) | |
1498 | goto out; | |
1499 | ||
1500 | if (data[IFLA_GRE_REMOTE]) { | |
1501 | memcpy(&daddr, nla_data(data[IFLA_GRE_REMOTE]), 4); | |
1502 | if (!daddr) | |
1503 | return -EINVAL; | |
1504 | } | |
1505 | ||
1506 | out: | |
1507 | return ipgre_tunnel_validate(tb, data); | |
1508 | } | |
1509 | ||
c19e654d HX |
1510 | static void ipgre_netlink_parms(struct nlattr *data[], |
1511 | struct ip_tunnel_parm *parms) | |
1512 | { | |
7bb82d92 | 1513 | memset(parms, 0, sizeof(*parms)); |
c19e654d HX |
1514 | |
1515 | parms->iph.protocol = IPPROTO_GRE; | |
1516 | ||
1517 | if (!data) | |
1518 | return; | |
1519 | ||
1520 | if (data[IFLA_GRE_LINK]) | |
1521 | parms->link = nla_get_u32(data[IFLA_GRE_LINK]); | |
1522 | ||
1523 | if (data[IFLA_GRE_IFLAGS]) | |
1524 | parms->i_flags = nla_get_be16(data[IFLA_GRE_IFLAGS]); | |
1525 | ||
1526 | if (data[IFLA_GRE_OFLAGS]) | |
1527 | parms->o_flags = nla_get_be16(data[IFLA_GRE_OFLAGS]); | |
1528 | ||
1529 | if (data[IFLA_GRE_IKEY]) | |
1530 | parms->i_key = nla_get_be32(data[IFLA_GRE_IKEY]); | |
1531 | ||
1532 | if (data[IFLA_GRE_OKEY]) | |
1533 | parms->o_key = nla_get_be32(data[IFLA_GRE_OKEY]); | |
1534 | ||
1535 | if (data[IFLA_GRE_LOCAL]) | |
4d74f8ba | 1536 | parms->iph.saddr = nla_get_be32(data[IFLA_GRE_LOCAL]); |
c19e654d HX |
1537 | |
1538 | if (data[IFLA_GRE_REMOTE]) | |
4d74f8ba | 1539 | parms->iph.daddr = nla_get_be32(data[IFLA_GRE_REMOTE]); |
c19e654d HX |
1540 | |
1541 | if (data[IFLA_GRE_TTL]) | |
1542 | parms->iph.ttl = nla_get_u8(data[IFLA_GRE_TTL]); | |
1543 | ||
1544 | if (data[IFLA_GRE_TOS]) | |
1545 | parms->iph.tos = nla_get_u8(data[IFLA_GRE_TOS]); | |
1546 | ||
1547 | if (!data[IFLA_GRE_PMTUDISC] || nla_get_u8(data[IFLA_GRE_PMTUDISC])) | |
1548 | parms->iph.frag_off = htons(IP_DF); | |
1549 | } | |
1550 | ||
e1a80002 HX |
1551 | static int ipgre_tap_init(struct net_device *dev) |
1552 | { | |
1553 | struct ip_tunnel *tunnel; | |
1554 | ||
1555 | tunnel = netdev_priv(dev); | |
1556 | ||
1557 | tunnel->dev = dev; | |
1558 | strcpy(tunnel->parms.name, dev->name); | |
1559 | ||
1560 | ipgre_tunnel_bind_dev(dev); | |
1561 | ||
e985aad7 ED |
1562 | dev->tstats = alloc_percpu(struct pcpu_tstats); |
1563 | if (!dev->tstats) | |
1564 | return -ENOMEM; | |
1565 | ||
e1a80002 HX |
1566 | return 0; |
1567 | } | |
1568 | ||
b8c26a33 SH |
1569 | static const struct net_device_ops ipgre_tap_netdev_ops = { |
1570 | .ndo_init = ipgre_tap_init, | |
1571 | .ndo_uninit = ipgre_tunnel_uninit, | |
1572 | .ndo_start_xmit = ipgre_tunnel_xmit, | |
1573 | .ndo_set_mac_address = eth_mac_addr, | |
1574 | .ndo_validate_addr = eth_validate_addr, | |
1575 | .ndo_change_mtu = ipgre_tunnel_change_mtu, | |
87b6d218 | 1576 | .ndo_get_stats64 = ipgre_get_stats64, |
b8c26a33 SH |
1577 | }; |
1578 | ||
e1a80002 HX |
1579 | static void ipgre_tap_setup(struct net_device *dev) |
1580 | { | |
1581 | ||
1582 | ether_setup(dev); | |
1583 | ||
2e9526b3 | 1584 | dev->netdev_ops = &ipgre_tap_netdev_ops; |
e985aad7 | 1585 | dev->destructor = ipgre_dev_free; |
e1a80002 HX |
1586 | |
1587 | dev->iflink = 0; | |
1588 | dev->features |= NETIF_F_NETNS_LOCAL; | |
1589 | } | |
1590 | ||
81adee47 | 1591 | static int ipgre_newlink(struct net *src_net, struct net_device *dev, struct nlattr *tb[], |
c19e654d HX |
1592 | struct nlattr *data[]) |
1593 | { | |
1594 | struct ip_tunnel *nt; | |
1595 | struct net *net = dev_net(dev); | |
1596 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); | |
1597 | int mtu; | |
1598 | int err; | |
1599 | ||
1600 | nt = netdev_priv(dev); | |
1601 | ipgre_netlink_parms(data, &nt->parms); | |
1602 | ||
e1a80002 | 1603 | if (ipgre_tunnel_find(net, &nt->parms, dev->type)) |
c19e654d HX |
1604 | return -EEXIST; |
1605 | ||
e1a80002 | 1606 | if (dev->type == ARPHRD_ETHER && !tb[IFLA_ADDRESS]) |
f2cedb63 | 1607 | eth_hw_addr_random(dev); |
e1a80002 | 1608 | |
c19e654d HX |
1609 | mtu = ipgre_tunnel_bind_dev(dev); |
1610 | if (!tb[IFLA_MTU]) | |
1611 | dev->mtu = mtu; | |
1612 | ||
b790e01a ED |
1613 | /* Can use a lockless transmit, unless we generate output sequences */ |
1614 | if (!(nt->parms.o_flags & GRE_SEQ)) | |
1615 | dev->features |= NETIF_F_LLTX; | |
1616 | ||
c19e654d HX |
1617 | err = register_netdevice(dev); |
1618 | if (err) | |
1619 | goto out; | |
1620 | ||
1621 | dev_hold(dev); | |
1622 | ipgre_tunnel_link(ign, nt); | |
1623 | ||
1624 | out: | |
1625 | return err; | |
1626 | } | |
1627 | ||
1628 | static int ipgre_changelink(struct net_device *dev, struct nlattr *tb[], | |
1629 | struct nlattr *data[]) | |
1630 | { | |
1631 | struct ip_tunnel *t, *nt; | |
1632 | struct net *net = dev_net(dev); | |
1633 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); | |
1634 | struct ip_tunnel_parm p; | |
1635 | int mtu; | |
1636 | ||
1637 | if (dev == ign->fb_tunnel_dev) | |
1638 | return -EINVAL; | |
1639 | ||
1640 | nt = netdev_priv(dev); | |
1641 | ipgre_netlink_parms(data, &p); | |
1642 | ||
1643 | t = ipgre_tunnel_locate(net, &p, 0); | |
1644 | ||
1645 | if (t) { | |
1646 | if (t->dev != dev) | |
1647 | return -EEXIST; | |
1648 | } else { | |
c19e654d HX |
1649 | t = nt; |
1650 | ||
2e9526b3 | 1651 | if (dev->type != ARPHRD_ETHER) { |
1507850b | 1652 | unsigned int nflags = 0; |
c19e654d | 1653 | |
2e9526b3 HX |
1654 | if (ipv4_is_multicast(p.iph.daddr)) |
1655 | nflags = IFF_BROADCAST; | |
1656 | else if (p.iph.daddr) | |
1657 | nflags = IFF_POINTOPOINT; | |
1658 | ||
1659 | if ((dev->flags ^ nflags) & | |
1660 | (IFF_POINTOPOINT | IFF_BROADCAST)) | |
1661 | return -EINVAL; | |
1662 | } | |
c19e654d HX |
1663 | |
1664 | ipgre_tunnel_unlink(ign, t); | |
1665 | t->parms.iph.saddr = p.iph.saddr; | |
1666 | t->parms.iph.daddr = p.iph.daddr; | |
1667 | t->parms.i_key = p.i_key; | |
2e9526b3 HX |
1668 | if (dev->type != ARPHRD_ETHER) { |
1669 | memcpy(dev->dev_addr, &p.iph.saddr, 4); | |
1670 | memcpy(dev->broadcast, &p.iph.daddr, 4); | |
1671 | } | |
c19e654d HX |
1672 | ipgre_tunnel_link(ign, t); |
1673 | netdev_state_change(dev); | |
1674 | } | |
1675 | ||
1676 | t->parms.o_key = p.o_key; | |
1677 | t->parms.iph.ttl = p.iph.ttl; | |
1678 | t->parms.iph.tos = p.iph.tos; | |
1679 | t->parms.iph.frag_off = p.iph.frag_off; | |
1680 | ||
1681 | if (t->parms.link != p.link) { | |
1682 | t->parms.link = p.link; | |
1683 | mtu = ipgre_tunnel_bind_dev(dev); | |
1684 | if (!tb[IFLA_MTU]) | |
1685 | dev->mtu = mtu; | |
1686 | netdev_state_change(dev); | |
1687 | } | |
1688 | ||
1689 | return 0; | |
1690 | } | |
1691 | ||
1692 | static size_t ipgre_get_size(const struct net_device *dev) | |
1693 | { | |
1694 | return | |
1695 | /* IFLA_GRE_LINK */ | |
1696 | nla_total_size(4) + | |
1697 | /* IFLA_GRE_IFLAGS */ | |
1698 | nla_total_size(2) + | |
1699 | /* IFLA_GRE_OFLAGS */ | |
1700 | nla_total_size(2) + | |
1701 | /* IFLA_GRE_IKEY */ | |
1702 | nla_total_size(4) + | |
1703 | /* IFLA_GRE_OKEY */ | |
1704 | nla_total_size(4) + | |
1705 | /* IFLA_GRE_LOCAL */ | |
1706 | nla_total_size(4) + | |
1707 | /* IFLA_GRE_REMOTE */ | |
1708 | nla_total_size(4) + | |
1709 | /* IFLA_GRE_TTL */ | |
1710 | nla_total_size(1) + | |
1711 | /* IFLA_GRE_TOS */ | |
1712 | nla_total_size(1) + | |
1713 | /* IFLA_GRE_PMTUDISC */ | |
1714 | nla_total_size(1) + | |
1715 | 0; | |
1716 | } | |
1717 | ||
1718 | static int ipgre_fill_info(struct sk_buff *skb, const struct net_device *dev) | |
1719 | { | |
1720 | struct ip_tunnel *t = netdev_priv(dev); | |
1721 | struct ip_tunnel_parm *p = &t->parms; | |
1722 | ||
f3756b79 DM |
1723 | if (nla_put_u32(skb, IFLA_GRE_LINK, p->link) || |
1724 | nla_put_be16(skb, IFLA_GRE_IFLAGS, p->i_flags) || | |
1725 | nla_put_be16(skb, IFLA_GRE_OFLAGS, p->o_flags) || | |
1726 | nla_put_be32(skb, IFLA_GRE_IKEY, p->i_key) || | |
1727 | nla_put_be32(skb, IFLA_GRE_OKEY, p->o_key) || | |
1728 | nla_put_be32(skb, IFLA_GRE_LOCAL, p->iph.saddr) || | |
1729 | nla_put_be32(skb, IFLA_GRE_REMOTE, p->iph.daddr) || | |
1730 | nla_put_u8(skb, IFLA_GRE_TTL, p->iph.ttl) || | |
1731 | nla_put_u8(skb, IFLA_GRE_TOS, p->iph.tos) || | |
1732 | nla_put_u8(skb, IFLA_GRE_PMTUDISC, | |
1733 | !!(p->iph.frag_off & htons(IP_DF)))) | |
1734 | goto nla_put_failure; | |
c19e654d HX |
1735 | return 0; |
1736 | ||
1737 | nla_put_failure: | |
1738 | return -EMSGSIZE; | |
1739 | } | |
1740 | ||
1741 | static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = { | |
1742 | [IFLA_GRE_LINK] = { .type = NLA_U32 }, | |
1743 | [IFLA_GRE_IFLAGS] = { .type = NLA_U16 }, | |
1744 | [IFLA_GRE_OFLAGS] = { .type = NLA_U16 }, | |
1745 | [IFLA_GRE_IKEY] = { .type = NLA_U32 }, | |
1746 | [IFLA_GRE_OKEY] = { .type = NLA_U32 }, | |
4d74f8ba PM |
1747 | [IFLA_GRE_LOCAL] = { .len = FIELD_SIZEOF(struct iphdr, saddr) }, |
1748 | [IFLA_GRE_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) }, | |
c19e654d HX |
1749 | [IFLA_GRE_TTL] = { .type = NLA_U8 }, |
1750 | [IFLA_GRE_TOS] = { .type = NLA_U8 }, | |
1751 | [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 }, | |
1752 | }; | |
1753 | ||
1754 | static struct rtnl_link_ops ipgre_link_ops __read_mostly = { | |
1755 | .kind = "gre", | |
1756 | .maxtype = IFLA_GRE_MAX, | |
1757 | .policy = ipgre_policy, | |
1758 | .priv_size = sizeof(struct ip_tunnel), | |
1759 | .setup = ipgre_tunnel_setup, | |
1760 | .validate = ipgre_tunnel_validate, | |
1761 | .newlink = ipgre_newlink, | |
1762 | .changelink = ipgre_changelink, | |
1763 | .get_size = ipgre_get_size, | |
1764 | .fill_info = ipgre_fill_info, | |
1765 | }; | |
1766 | ||
e1a80002 HX |
1767 | static struct rtnl_link_ops ipgre_tap_ops __read_mostly = { |
1768 | .kind = "gretap", | |
1769 | .maxtype = IFLA_GRE_MAX, | |
1770 | .policy = ipgre_policy, | |
1771 | .priv_size = sizeof(struct ip_tunnel), | |
1772 | .setup = ipgre_tap_setup, | |
1773 | .validate = ipgre_tap_validate, | |
1774 | .newlink = ipgre_newlink, | |
1775 | .changelink = ipgre_changelink, | |
1776 | .get_size = ipgre_get_size, | |
1777 | .fill_info = ipgre_fill_info, | |
1778 | }; | |
1779 | ||
1da177e4 LT |
1780 | /* |
1781 | * And now the modules code and kernel interface. | |
1782 | */ | |
1783 | ||
1784 | static int __init ipgre_init(void) | |
1785 | { | |
1786 | int err; | |
1787 | ||
058bd4d2 | 1788 | pr_info("GRE over IPv4 tunneling driver\n"); |
1da177e4 | 1789 | |
cfb8fbf2 | 1790 | err = register_pernet_device(&ipgre_net_ops); |
59a4c759 | 1791 | if (err < 0) |
c2892f02 AD |
1792 | return err; |
1793 | ||
00959ade | 1794 | err = gre_add_protocol(&ipgre_protocol, GREPROTO_CISCO); |
c2892f02 | 1795 | if (err < 0) { |
058bd4d2 | 1796 | pr_info("%s: can't add protocol\n", __func__); |
c2892f02 AD |
1797 | goto add_proto_failed; |
1798 | } | |
7daa0004 | 1799 | |
c19e654d HX |
1800 | err = rtnl_link_register(&ipgre_link_ops); |
1801 | if (err < 0) | |
1802 | goto rtnl_link_failed; | |
1803 | ||
e1a80002 HX |
1804 | err = rtnl_link_register(&ipgre_tap_ops); |
1805 | if (err < 0) | |
1806 | goto tap_ops_failed; | |
1807 | ||
c19e654d | 1808 | out: |
1da177e4 | 1809 | return err; |
c19e654d | 1810 | |
e1a80002 HX |
1811 | tap_ops_failed: |
1812 | rtnl_link_unregister(&ipgre_link_ops); | |
c19e654d | 1813 | rtnl_link_failed: |
00959ade | 1814 | gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO); |
c2892f02 AD |
1815 | add_proto_failed: |
1816 | unregister_pernet_device(&ipgre_net_ops); | |
c19e654d | 1817 | goto out; |
1da177e4 LT |
1818 | } |
1819 | ||
db44575f | 1820 | static void __exit ipgre_fini(void) |
1da177e4 | 1821 | { |
e1a80002 | 1822 | rtnl_link_unregister(&ipgre_tap_ops); |
c19e654d | 1823 | rtnl_link_unregister(&ipgre_link_ops); |
00959ade | 1824 | if (gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO) < 0) |
058bd4d2 | 1825 | pr_info("%s: can't remove protocol\n", __func__); |
c2892f02 | 1826 | unregister_pernet_device(&ipgre_net_ops); |
1da177e4 LT |
1827 | } |
1828 | ||
1829 | module_init(ipgre_init); | |
1830 | module_exit(ipgre_fini); | |
1831 | MODULE_LICENSE("GPL"); | |
4d74f8ba PM |
1832 | MODULE_ALIAS_RTNL_LINK("gre"); |
1833 | MODULE_ALIAS_RTNL_LINK("gretap"); | |
8909c9ad | 1834 | MODULE_ALIAS_NETDEV("gre0"); |