projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target...
[deliverable/linux.git] / net / ipv4 / ip_gre.c
1 /*
2 * Linux NET3: GRE over IP protocol decoder.
3 *
4 * Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15 #include <linux/capability.h>
16 #include <linux/module.h>
17 #include <linux/types.h>
18 #include <linux/kernel.h>
19 #include <linux/slab.h>
20 #include <asm/uaccess.h>
21 #include <linux/skbuff.h>
22 #include <linux/netdevice.h>
23 #include <linux/in.h>
24 #include <linux/tcp.h>
25 #include <linux/udp.h>
26 #include <linux/if_arp.h>
27 #include <linux/mroute.h>
28 #include <linux/init.h>
29 #include <linux/in6.h>
30 #include <linux/inetdevice.h>
31 #include <linux/igmp.h>
32 #include <linux/netfilter_ipv4.h>
33 #include <linux/etherdevice.h>
34 #include <linux/if_ether.h>
35
36 #include <net/sock.h>
37 #include <net/ip.h>
38 #include <net/icmp.h>
39 #include <net/protocol.h>
40 #include <net/ipip.h>
41 #include <net/arp.h>
42 #include <net/checksum.h>
43 #include <net/dsfield.h>
44 #include <net/inet_ecn.h>
45 #include <net/xfrm.h>
46 #include <net/net_namespace.h>
47 #include <net/netns/generic.h>
48 #include <net/rtnetlink.h>
49 #include <net/gre.h>
50
51 #if IS_ENABLED(CONFIG_IPV6)
52 #include <net/ipv6.h>
53 #include <net/ip6_fib.h>
54 #include <net/ip6_route.h>
55 #endif
56
57 /*
58 Problems & solutions
59 --------------------
60
61 1. The most important issue is detecting local dead loops.
62 They would cause complete host lockup in transmit, which
63 would be "resolved" by stack overflow or, if queueing is enabled,
64 with infinite looping in net_bh.
65
66 We cannot track such dead loops during route installation,
67 it is infeasible task. The most general solutions would be
68 to keep skb->encapsulation counter (sort of local ttl),
69 and silently drop packet when it expires. It is a good
70 solution, but it supposes maintaining new variable in ALL
71 skb, even if no tunneling is used.
72
73 Current solution: xmit_recursion breaks dead loops. This is a percpu
74 counter, since when we enter the first ndo_xmit(), cpu migration is
75 forbidden. We force an exit if this counter reaches RECURSION_LIMIT
76
77 2. Networking dead loops would not kill routers, but would really
78 kill network. IP hop limit plays role of "t->recursion" in this case,
79 if we copy it from packet being encapsulated to upper header.
80 It is very good solution, but it introduces two problems:
81
82 - Routing protocols, using packets with ttl=1 (OSPF, RIP2),
83 do not work over tunnels.
84 - traceroute does not work. I planned to relay ICMP from tunnel,
85 so that this problem would be solved and traceroute output
86 would even more informative. This idea appeared to be wrong:
87 only Linux complies to rfc1812 now (yes, guys, Linux is the only
88 true router now :-)), all routers (at least, in neighbourhood of mine)
89 return only 8 bytes of payload. It is the end.
90
91 Hence, if we want that OSPF worked or traceroute said something reasonable,
92 we should search for another solution.
93
94 One of them is to parse packet trying to detect inner encapsulation
95 made by our node. It is difficult or even impossible, especially,
96 taking into account fragmentation. TO be short, ttl is not solution at all.
97
98 Current solution: The solution was UNEXPECTEDLY SIMPLE.
99 We force DF flag on tunnels with preconfigured hop limit,
100 that is ALL. :-) Well, it does not remove the problem completely,
101 but exponential growth of network traffic is changed to linear
102 (branches, that exceed pmtu are pruned) and tunnel mtu
103 rapidly degrades to value <68, where looping stops.
104 Yes, it is not good if there exists a router in the loop,
105 which does not force DF, even when encapsulating packets have DF set.
106 But it is not our problem! Nobody could accuse us, we made
107 all that we could make. Even if it is your gated who injected
108 fatal route to network, even if it were you who configured
109 fatal static route: you are innocent. :-)
110
111
112
113 3. Really, ipv4/ipip.c, ipv4/ip_gre.c and ipv6/sit.c contain
114 practically identical code. It would be good to glue them
115 together, but it is not very evident, how to make them modular.
116 sit is integral part of IPv6, ipip and gre are naturally modular.
117 We could extract common parts (hash table, ioctl etc)
118 to a separate module (ip_tunnel.c).
119
120 Alexey Kuznetsov.
121 */
122
123 static bool log_ecn_error = true;
124 module_param(log_ecn_error, bool, 0644);
125 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
126
127 static struct rtnl_link_ops ipgre_link_ops __read_mostly;
128 static int ipgre_tunnel_init(struct net_device *dev);
129 static void ipgre_tunnel_setup(struct net_device *dev);
130 static int ipgre_tunnel_bind_dev(struct net_device *dev);
131
132 /* Fallback tunnel: no source, no destination, no key, no options */
133
134 #define HASH_SIZE 16
135
136 static int ipgre_net_id __read_mostly;
137 struct ipgre_net {
138 struct ip_tunnel __rcu *tunnels[4][HASH_SIZE];
139
140 struct net_device *fb_tunnel_dev;
141 };
142
143 /* Tunnel hash table */
144
145 /*
146 4 hash tables:
147
148 3: (remote,local)
149 2: (remote,*)
150 1: (*,local)
151 0: (*,*)
152
153 We require exact key match i.e. if a key is present in packet
154 it will match only tunnel with the same key; if it is not present,
155 it will match only keyless tunnel.
156
157 All keysless packets, if not matched configured keyless tunnels
158 will match fallback tunnel.
159 */
160
161 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
162
163 #define tunnels_r_l tunnels[3]
164 #define tunnels_r tunnels[2]
165 #define tunnels_l tunnels[1]
166 #define tunnels_wc tunnels[0]
167 /*
168 * Locking : hash tables are protected by RCU and RTNL
169 */
170
171 #define for_each_ip_tunnel_rcu(start) \
172 for (t = rcu_dereference(start); t; t = rcu_dereference(t->next))
173
174 /* often modified stats are per cpu, other are shared (netdev->stats) */
175 struct pcpu_tstats {
176 u64 rx_packets;
177 u64 rx_bytes;
178 u64 tx_packets;
179 u64 tx_bytes;
180 struct u64_stats_sync syncp;
181 };
182
183 static struct rtnl_link_stats64 *ipgre_get_stats64(struct net_device *dev,
184 struct rtnl_link_stats64 *tot)
185 {
186 int i;
187
188 for_each_possible_cpu(i) {
189 const struct pcpu_tstats *tstats = per_cpu_ptr(dev->tstats, i);
190 u64 rx_packets, rx_bytes, tx_packets, tx_bytes;
191 unsigned int start;
192
193 do {
194 start = u64_stats_fetch_begin_bh(&tstats->syncp);
195 rx_packets = tstats->rx_packets;
196 tx_packets = tstats->tx_packets;
197 rx_bytes = tstats->rx_bytes;
198 tx_bytes = tstats->tx_bytes;
199 } while (u64_stats_fetch_retry_bh(&tstats->syncp, start));
200
201 tot->rx_packets += rx_packets;
202 tot->tx_packets += tx_packets;
203 tot->rx_bytes += rx_bytes;
204 tot->tx_bytes += tx_bytes;
205 }
206
207 tot->multicast = dev->stats.multicast;
208 tot->rx_crc_errors = dev->stats.rx_crc_errors;
209 tot->rx_fifo_errors = dev->stats.rx_fifo_errors;
210 tot->rx_length_errors = dev->stats.rx_length_errors;
211 tot->rx_frame_errors = dev->stats.rx_frame_errors;
212 tot->rx_errors = dev->stats.rx_errors;
213
214 tot->tx_fifo_errors = dev->stats.tx_fifo_errors;
215 tot->tx_carrier_errors = dev->stats.tx_carrier_errors;
216 tot->tx_dropped = dev->stats.tx_dropped;
217 tot->tx_aborted_errors = dev->stats.tx_aborted_errors;
218 tot->tx_errors = dev->stats.tx_errors;
219
220 return tot;
221 }
222
223 /* Does key in tunnel parameters match packet */
224 static bool ipgre_key_match(const struct ip_tunnel_parm *p,
225 __be16 flags, __be32 key)
226 {
227 if (p->i_flags & GRE_KEY) {
228 if (flags & GRE_KEY)
229 return key == p->i_key;
230 else
231 return false; /* key expected, none present */
232 } else
233 return !(flags & GRE_KEY);
234 }
235
236 /* Given src, dst and key, find appropriate for input tunnel. */
237
238 static struct ip_tunnel *ipgre_tunnel_lookup(struct net_device *dev,
239 __be32 remote, __be32 local,
240 __be16 flags, __be32 key,
241 __be16 gre_proto)
242 {
243 struct net *net = dev_net(dev);
244 int link = dev->ifindex;
245 unsigned int h0 = HASH(remote);
246 unsigned int h1 = HASH(key);
247 struct ip_tunnel *t, *cand = NULL;
248 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
249 int dev_type = (gre_proto == htons(ETH_P_TEB)) ?
250 ARPHRD_ETHER : ARPHRD_IPGRE;
251 int score, cand_score = 4;
252
253 for_each_ip_tunnel_rcu(ign->tunnels_r_l[h0 ^ h1]) {
254 if (local != t->parms.iph.saddr ||
255 remote != t->parms.iph.daddr ||
256 !(t->dev->flags & IFF_UP))
257 continue;
258
259 if (!ipgre_key_match(&t->parms, flags, key))
260 continue;
261
262 if (t->dev->type != ARPHRD_IPGRE &&
263 t->dev->type != dev_type)
264 continue;
265
266 score = 0;
267 if (t->parms.link != link)
268 score |= 1;
269 if (t->dev->type != dev_type)
270 score |= 2;
271 if (score == 0)
272 return t;
273
274 if (score < cand_score) {
275 cand = t;
276 cand_score = score;
277 }
278 }
279
280 for_each_ip_tunnel_rcu(ign->tunnels_r[h0 ^ h1]) {
281 if (remote != t->parms.iph.daddr ||
282 !(t->dev->flags & IFF_UP))
283 continue;
284
285 if (!ipgre_key_match(&t->parms, flags, key))
286 continue;
287
288 if (t->dev->type != ARPHRD_IPGRE &&
289 t->dev->type != dev_type)
290 continue;
291
292 score = 0;
293 if (t->parms.link != link)
294 score |= 1;
295 if (t->dev->type != dev_type)
296 score |= 2;
297 if (score == 0)
298 return t;
299
300 if (score < cand_score) {
301 cand = t;
302 cand_score = score;
303 }
304 }
305
306 for_each_ip_tunnel_rcu(ign->tunnels_l[h1]) {
307 if ((local != t->parms.iph.saddr &&
308 (local != t->parms.iph.daddr ||
309 !ipv4_is_multicast(local))) ||
310 !(t->dev->flags & IFF_UP))
311 continue;
312
313 if (!ipgre_key_match(&t->parms, flags, key))
314 continue;
315
316 if (t->dev->type != ARPHRD_IPGRE &&
317 t->dev->type != dev_type)
318 continue;
319
320 score = 0;
321 if (t->parms.link != link)
322 score |= 1;
323 if (t->dev->type != dev_type)
324 score |= 2;
325 if (score == 0)
326 return t;
327
328 if (score < cand_score) {
329 cand = t;
330 cand_score = score;
331 }
332 }
333
334 for_each_ip_tunnel_rcu(ign->tunnels_wc[h1]) {
335 if (t->parms.i_key != key ||
336 !(t->dev->flags & IFF_UP))
337 continue;
338
339 if (t->dev->type != ARPHRD_IPGRE &&
340 t->dev->type != dev_type)
341 continue;
342
343 score = 0;
344 if (t->parms.link != link)
345 score |= 1;
346 if (t->dev->type != dev_type)
347 score |= 2;
348 if (score == 0)
349 return t;
350
351 if (score < cand_score) {
352 cand = t;
353 cand_score = score;
354 }
355 }
356
357 if (cand != NULL)
358 return cand;
359
360 dev = ign->fb_tunnel_dev;
361 if (dev->flags & IFF_UP)
362 return netdev_priv(dev);
363
364 return NULL;
365 }
366
367 static struct ip_tunnel __rcu **__ipgre_bucket(struct ipgre_net *ign,
368 struct ip_tunnel_parm *parms)
369 {
370 __be32 remote = parms->iph.daddr;
371 __be32 local = parms->iph.saddr;
372 __be32 key = parms->i_key;
373 unsigned int h = HASH(key);
374 int prio = 0;
375
376 if (local)
377 prio |= 1;
378 if (remote && !ipv4_is_multicast(remote)) {
379 prio |= 2;
380 h ^= HASH(remote);
381 }
382
383 return &ign->tunnels[prio][h];
384 }
385
386 static inline struct ip_tunnel __rcu **ipgre_bucket(struct ipgre_net *ign,
387 struct ip_tunnel *t)
388 {
389 return __ipgre_bucket(ign, &t->parms);
390 }
391
392 static void ipgre_tunnel_link(struct ipgre_net *ign, struct ip_tunnel *t)
393 {
394 struct ip_tunnel __rcu **tp = ipgre_bucket(ign, t);
395
396 rcu_assign_pointer(t->next, rtnl_dereference(*tp));
397 rcu_assign_pointer(*tp, t);
398 }
399
400 static void ipgre_tunnel_unlink(struct ipgre_net *ign, struct ip_tunnel *t)
401 {
402 struct ip_tunnel __rcu **tp;
403 struct ip_tunnel *iter;
404
405 for (tp = ipgre_bucket(ign, t);
406 (iter = rtnl_dereference(*tp)) != NULL;
407 tp = &iter->next) {
408 if (t == iter) {
409 rcu_assign_pointer(*tp, t->next);
410 break;
411 }
412 }
413 }
414
415 static struct ip_tunnel *ipgre_tunnel_find(struct net *net,
416 struct ip_tunnel_parm *parms,
417 int type)
418 {
419 __be32 remote = parms->iph.daddr;
420 __be32 local = parms->iph.saddr;
421 __be32 key = parms->i_key;
422 int link = parms->link;
423 struct ip_tunnel *t;
424 struct ip_tunnel __rcu **tp;
425 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
426
427 for (tp = __ipgre_bucket(ign, parms);
428 (t = rtnl_dereference(*tp)) != NULL;
429 tp = &t->next)
430 if (local == t->parms.iph.saddr &&
431 remote == t->parms.iph.daddr &&
432 key == t->parms.i_key &&
433 link == t->parms.link &&
434 type == t->dev->type)
435 break;
436
437 return t;
438 }
439
440 static struct ip_tunnel *ipgre_tunnel_locate(struct net *net,
441 struct ip_tunnel_parm *parms, int create)
442 {
443 struct ip_tunnel *t, *nt;
444 struct net_device *dev;
445 char name[IFNAMSIZ];
446 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
447
448 t = ipgre_tunnel_find(net, parms, ARPHRD_IPGRE);
449 if (t || !create)
450 return t;
451
452 if (parms->name[0])
453 strlcpy(name, parms->name, IFNAMSIZ);
454 else
455 strcpy(name, "gre%d");
456
457 dev = alloc_netdev(sizeof(*t), name, ipgre_tunnel_setup);
458 if (!dev)
459 return NULL;
460
461 dev_net_set(dev, net);
462
463 nt = netdev_priv(dev);
464 nt->parms = *parms;
465 dev->rtnl_link_ops = &ipgre_link_ops;
466
467 dev->mtu = ipgre_tunnel_bind_dev(dev);
468
469 if (register_netdevice(dev) < 0)
470 goto failed_free;
471
472 /* Can use a lockless transmit, unless we generate output sequences */
473 if (!(nt->parms.o_flags & GRE_SEQ))
474 dev->features |= NETIF_F_LLTX;
475
476 dev_hold(dev);
477 ipgre_tunnel_link(ign, nt);
478 return nt;
479
480 failed_free:
481 free_netdev(dev);
482 return NULL;
483 }
484
485 static void ipgre_tunnel_uninit(struct net_device *dev)
486 {
487 struct net *net = dev_net(dev);
488 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
489
490 ipgre_tunnel_unlink(ign, netdev_priv(dev));
491 dev_put(dev);
492 }
493
494
495 static void ipgre_err(struct sk_buff *skb, u32 info)
496 {
497
498 /* All the routers (except for Linux) return only
499 8 bytes of packet payload. It means, that precise relaying of
500 ICMP in the real Internet is absolutely infeasible.
501
502 Moreover, Cisco "wise men" put GRE key to the third word
503 in GRE header. It makes impossible maintaining even soft state for keyed
504 GRE tunnels with enabled checksum. Tell them "thank you".
505
506 Well, I wonder, rfc1812 was written by Cisco employee,
507 what the hell these idiots break standards established
508 by themselves???
509 */
510
511 const struct iphdr *iph = (const struct iphdr *)skb->data;
512 __be16 *p = (__be16 *)(skb->data+(iph->ihl<<2));
513 int grehlen = (iph->ihl<<2) + 4;
514 const int type = icmp_hdr(skb)->type;
515 const int code = icmp_hdr(skb)->code;
516 struct ip_tunnel *t;
517 __be16 flags;
518 __be32 key = 0;
519
520 flags = p[0];
521 if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) {
522 if (flags&(GRE_VERSION|GRE_ROUTING))
523 return;
524 if (flags&GRE_KEY) {
525 grehlen += 4;
526 if (flags&GRE_CSUM)
527 grehlen += 4;
528 }
529 }
530
531 /* If only 8 bytes returned, keyed message will be dropped here */
532 if (skb_headlen(skb) < grehlen)
533 return;
534
535 if (flags & GRE_KEY)
536 key = *(((__be32 *)p) + (grehlen / 4) - 1);
537
538 switch (type) {
539 default:
540 case ICMP_PARAMETERPROB:
541 return;
542
543 case ICMP_DEST_UNREACH:
544 switch (code) {
545 case ICMP_SR_FAILED:
546 case ICMP_PORT_UNREACH:
547 /* Impossible event. */
548 return;
549 default:
550 /* All others are translated to HOST_UNREACH.
551 rfc2003 contains "deep thoughts" about NET_UNREACH,
552 I believe they are just ether pollution. --ANK
553 */
554 break;
555 }
556 break;
557 case ICMP_TIME_EXCEEDED:
558 if (code != ICMP_EXC_TTL)
559 return;
560 break;
561
562 case ICMP_REDIRECT:
563 break;
564 }
565
566 t = ipgre_tunnel_lookup(skb->dev, iph->daddr, iph->saddr,
567 flags, key, p[1]);
568
569 if (t == NULL)
570 return;
571
572 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
573 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
574 t->parms.link, 0, IPPROTO_GRE, 0);
575 return;
576 }
577 if (type == ICMP_REDIRECT) {
578 ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0,
579 IPPROTO_GRE, 0);
580 return;
581 }
582 if (t->parms.iph.daddr == 0 ||
583 ipv4_is_multicast(t->parms.iph.daddr))
584 return;
585
586 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
587 return;
588
589 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
590 t->err_count++;
591 else
592 t->err_count = 1;
593 t->err_time = jiffies;
594 }
595
596 static inline u8
597 ipgre_ecn_encapsulate(u8 tos, const struct iphdr *old_iph, struct sk_buff *skb)
598 {
599 u8 inner = 0;
600 if (skb->protocol == htons(ETH_P_IP))
601 inner = old_iph->tos;
602 else if (skb->protocol == htons(ETH_P_IPV6))
603 inner = ipv6_get_dsfield((const struct ipv6hdr *)old_iph);
604 return INET_ECN_encapsulate(tos, inner);
605 }
606
607 static int ipgre_rcv(struct sk_buff *skb)
608 {
609 const struct iphdr *iph;
610 u8 *h;
611 __be16 flags;
612 __sum16 csum = 0;
613 __be32 key = 0;
614 u32 seqno = 0;
615 struct ip_tunnel *tunnel;
616 int offset = 4;
617 __be16 gre_proto;
618 int err;
619
620 if (!pskb_may_pull(skb, 16))
621 goto drop;
622
623 iph = ip_hdr(skb);
624 h = skb->data;
625 flags = *(__be16 *)h;
626
627 if (flags&(GRE_CSUM|GRE_KEY|GRE_ROUTING|GRE_SEQ|GRE_VERSION)) {
628 /* - Version must be 0.
629 - We do not support routing headers.
630 */
631 if (flags&(GRE_VERSION|GRE_ROUTING))
632 goto drop;
633
634 if (flags&GRE_CSUM) {
635 switch (skb->ip_summed) {
636 case CHECKSUM_COMPLETE:
637 csum = csum_fold(skb->csum);
638 if (!csum)
639 break;
640 /* fall through */
641 case CHECKSUM_NONE:
642 skb->csum = 0;
643 csum = __skb_checksum_complete(skb);
644 skb->ip_summed = CHECKSUM_COMPLETE;
645 }
646 offset += 4;
647 }
648 if (flags&GRE_KEY) {
649 key = *(__be32 *)(h + offset);
650 offset += 4;
651 }
652 if (flags&GRE_SEQ) {
653 seqno = ntohl(*(__be32 *)(h + offset));
654 offset += 4;
655 }
656 }
657
658 gre_proto = *(__be16 *)(h + 2);
659
660 tunnel = ipgre_tunnel_lookup(skb->dev,
661 iph->saddr, iph->daddr, flags, key,
662 gre_proto);
663 if (tunnel) {
664 struct pcpu_tstats *tstats;
665
666 secpath_reset(skb);
667
668 skb->protocol = gre_proto;
669 /* WCCP version 1 and 2 protocol decoding.
670 * - Change protocol to IP
671 * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header
672 */
673 if (flags == 0 && gre_proto == htons(ETH_P_WCCP)) {
674 skb->protocol = htons(ETH_P_IP);
675 if ((*(h + offset) & 0xF0) != 0x40)
676 offset += 4;
677 }
678
679 skb->mac_header = skb->network_header;
680 __pskb_pull(skb, offset);
681 skb_postpull_rcsum(skb, skb_transport_header(skb), offset);
682 skb->pkt_type = PACKET_HOST;
683 #ifdef CONFIG_NET_IPGRE_BROADCAST
684 if (ipv4_is_multicast(iph->daddr)) {
685 /* Looped back packet, drop it! */
686 if (rt_is_output_route(skb_rtable(skb)))
687 goto drop;
688 tunnel->dev->stats.multicast++;
689 skb->pkt_type = PACKET_BROADCAST;
690 }
691 #endif
692
693 if (((flags&GRE_CSUM) && csum) ||
694 (!(flags&GRE_CSUM) && tunnel->parms.i_flags&GRE_CSUM)) {
695 tunnel->dev->stats.rx_crc_errors++;
696 tunnel->dev->stats.rx_errors++;
697 goto drop;
698 }
699 if (tunnel->parms.i_flags&GRE_SEQ) {
700 if (!(flags&GRE_SEQ) ||
701 (tunnel->i_seqno && (s32)(seqno - tunnel->i_seqno) < 0)) {
702 tunnel->dev->stats.rx_fifo_errors++;
703 tunnel->dev->stats.rx_errors++;
704 goto drop;
705 }
706 tunnel->i_seqno = seqno + 1;
707 }
708
709 /* Warning: All skb pointers will be invalidated! */
710 if (tunnel->dev->type == ARPHRD_ETHER) {
711 if (!pskb_may_pull(skb, ETH_HLEN)) {
712 tunnel->dev->stats.rx_length_errors++;
713 tunnel->dev->stats.rx_errors++;
714 goto drop;
715 }
716
717 iph = ip_hdr(skb);
718 skb->protocol = eth_type_trans(skb, tunnel->dev);
719 skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
720 }
721
722 __skb_tunnel_rx(skb, tunnel->dev);
723
724 skb_reset_network_header(skb);
725 err = IP_ECN_decapsulate(iph, skb);
726 if (unlikely(err)) {
727 if (log_ecn_error)
728 net_info_ratelimited("non-ECT from %pI4 with TOS=%#x\n",
729 &iph->saddr, iph->tos);
730 if (err > 1) {
731 ++tunnel->dev->stats.rx_frame_errors;
732 ++tunnel->dev->stats.rx_errors;
733 goto drop;
734 }
735 }
736
737 tstats = this_cpu_ptr(tunnel->dev->tstats);
738 u64_stats_update_begin(&tstats->syncp);
739 tstats->rx_packets++;
740 tstats->rx_bytes += skb->len;
741 u64_stats_update_end(&tstats->syncp);
742
743 gro_cells_receive(&tunnel->gro_cells, skb);
744 return 0;
745 }
746 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
747
748 drop:
749 kfree_skb(skb);
750 return 0;
751 }
752
753 static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
754 {
755 struct ip_tunnel *tunnel = netdev_priv(dev);
756 struct pcpu_tstats *tstats;
757 const struct iphdr *old_iph = ip_hdr(skb);
758 const struct iphdr *tiph;
759 struct flowi4 fl4;
760 u8 tos;
761 __be16 df;
762 struct rtable *rt; /* Route to the other host */
763 struct net_device *tdev; /* Device to other host */
764 struct iphdr *iph; /* Our new IP header */
765 unsigned int max_headroom; /* The extra header space needed */
766 int gre_hlen;
767 __be32 dst;
768 int mtu;
769
770 if (skb->ip_summed == CHECKSUM_PARTIAL &&
771 skb_checksum_help(skb))
772 goto tx_error;
773
774 if (dev->type == ARPHRD_ETHER)
775 IPCB(skb)->flags = 0;
776
777 if (dev->header_ops && dev->type == ARPHRD_IPGRE) {
778 gre_hlen = 0;
779 tiph = (const struct iphdr *)skb->data;
780 } else {
781 gre_hlen = tunnel->hlen;
782 tiph = &tunnel->parms.iph;
783 }
784
785 if ((dst = tiph->daddr) == 0) {
786 /* NBMA tunnel */
787
788 if (skb_dst(skb) == NULL) {
789 dev->stats.tx_fifo_errors++;
790 goto tx_error;
791 }
792
793 if (skb->protocol == htons(ETH_P_IP)) {
794 rt = skb_rtable(skb);
795 dst = rt_nexthop(rt, old_iph->daddr);
796 }
797 #if IS_ENABLED(CONFIG_IPV6)
798 else if (skb->protocol == htons(ETH_P_IPV6)) {
799 const struct in6_addr *addr6;
800 struct neighbour *neigh;
801 bool do_tx_error_icmp;
802 int addr_type;
803
804 neigh = dst_neigh_lookup(skb_dst(skb), &ipv6_hdr(skb)->daddr);
805 if (neigh == NULL)
806 goto tx_error;
807
808 addr6 = (const struct in6_addr *)&neigh->primary_key;
809 addr_type = ipv6_addr_type(addr6);
810
811 if (addr_type == IPV6_ADDR_ANY) {
812 addr6 = &ipv6_hdr(skb)->daddr;
813 addr_type = ipv6_addr_type(addr6);
814 }
815
816 if ((addr_type & IPV6_ADDR_COMPATv4) == 0)
817 do_tx_error_icmp = true;
818 else {
819 do_tx_error_icmp = false;
820 dst = addr6->s6_addr32[3];
821 }
822 neigh_release(neigh);
823 if (do_tx_error_icmp)
824 goto tx_error_icmp;
825 }
826 #endif
827 else
828 goto tx_error;
829 }
830
831 tos = tiph->tos;
832 if (tos == 1) {
833 tos = 0;
834 if (skb->protocol == htons(ETH_P_IP))
835 tos = old_iph->tos;
836 else if (skb->protocol == htons(ETH_P_IPV6))
837 tos = ipv6_get_dsfield((const struct ipv6hdr *)old_iph);
838 }
839
840 rt = ip_route_output_gre(dev_net(dev), &fl4, dst, tiph->saddr,
841 tunnel->parms.o_key, RT_TOS(tos),
842 tunnel->parms.link);
843 if (IS_ERR(rt)) {
844 dev->stats.tx_carrier_errors++;
845 goto tx_error;
846 }
847 tdev = rt->dst.dev;
848
849 if (tdev == dev) {
850 ip_rt_put(rt);
851 dev->stats.collisions++;
852 goto tx_error;
853 }
854
855 df = tiph->frag_off;
856 if (df)
857 mtu = dst_mtu(&rt->dst) - dev->hard_header_len - tunnel->hlen;
858 else
859 mtu = skb_dst(skb) ? dst_mtu(skb_dst(skb)) : dev->mtu;
860
861 if (skb_dst(skb))
862 skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu);
863
864 if (skb->protocol == htons(ETH_P_IP)) {
865 df |= (old_iph->frag_off&htons(IP_DF));
866
867 if ((old_iph->frag_off&htons(IP_DF)) &&
868 mtu < ntohs(old_iph->tot_len)) {
869 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
870 ip_rt_put(rt);
871 goto tx_error;
872 }
873 }
874 #if IS_ENABLED(CONFIG_IPV6)
875 else if (skb->protocol == htons(ETH_P_IPV6)) {
876 struct rt6_info *rt6 = (struct rt6_info *)skb_dst(skb);
877
878 if (rt6 && mtu < dst_mtu(skb_dst(skb)) && mtu >= IPV6_MIN_MTU) {
879 if ((tunnel->parms.iph.daddr &&
880 !ipv4_is_multicast(tunnel->parms.iph.daddr)) ||
881 rt6->rt6i_dst.plen == 128) {
882 rt6->rt6i_flags |= RTF_MODIFIED;
883 dst_metric_set(skb_dst(skb), RTAX_MTU, mtu);
884 }
885 }
886
887 if (mtu >= IPV6_MIN_MTU && mtu < skb->len - tunnel->hlen + gre_hlen) {
888 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
889 ip_rt_put(rt);
890 goto tx_error;
891 }
892 }
893 #endif
894
895 if (tunnel->err_count > 0) {
896 if (time_before(jiffies,
897 tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
898 tunnel->err_count--;
899
900 dst_link_failure(skb);
901 } else
902 tunnel->err_count = 0;
903 }
904
905 max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen + rt->dst.header_len;
906
907 if (skb_headroom(skb) < max_headroom || skb_shared(skb)||
908 (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
909 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
910 if (max_headroom > dev->needed_headroom)
911 dev->needed_headroom = max_headroom;
912 if (!new_skb) {
913 ip_rt_put(rt);
914 dev->stats.tx_dropped++;
915 dev_kfree_skb(skb);
916 return NETDEV_TX_OK;
917 }
918 if (skb->sk)
919 skb_set_owner_w(new_skb, skb->sk);
920 dev_kfree_skb(skb);
921 skb = new_skb;
922 old_iph = ip_hdr(skb);
923 }
924
925 skb_reset_transport_header(skb);
926 skb_push(skb, gre_hlen);
927 skb_reset_network_header(skb);
928 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
929 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
930 IPSKB_REROUTED);
931 skb_dst_drop(skb);
932 skb_dst_set(skb, &rt->dst);
933
934 /*
935 * Push down and install the IPIP header.
936 */
937
938 iph = ip_hdr(skb);
939 iph->version = 4;
940 iph->ihl = sizeof(struct iphdr) >> 2;
941 iph->frag_off = df;
942 iph->protocol = IPPROTO_GRE;
943 iph->tos = ipgre_ecn_encapsulate(tos, old_iph, skb);
944 iph->daddr = fl4.daddr;
945 iph->saddr = fl4.saddr;
946
947 if ((iph->ttl = tiph->ttl) == 0) {
948 if (skb->protocol == htons(ETH_P_IP))
949 iph->ttl = old_iph->ttl;
950 #if IS_ENABLED(CONFIG_IPV6)
951 else if (skb->protocol == htons(ETH_P_IPV6))
952 iph->ttl = ((const struct ipv6hdr *)old_iph)->hop_limit;
953 #endif
954 else
955 iph->ttl = ip4_dst_hoplimit(&rt->dst);
956 }
957
958 ((__be16 *)(iph + 1))[0] = tunnel->parms.o_flags;
959 ((__be16 *)(iph + 1))[1] = (dev->type == ARPHRD_ETHER) ?
960 htons(ETH_P_TEB) : skb->protocol;
961
962 if (tunnel->parms.o_flags&(GRE_KEY|GRE_CSUM|GRE_SEQ)) {
963 __be32 *ptr = (__be32 *)(((u8 *)iph) + tunnel->hlen - 4);
964
965 if (tunnel->parms.o_flags&GRE_SEQ) {
966 ++tunnel->o_seqno;
967 *ptr = htonl(tunnel->o_seqno);
968 ptr--;
969 }
970 if (tunnel->parms.o_flags&GRE_KEY) {
971 *ptr = tunnel->parms.o_key;
972 ptr--;
973 }
974 if (tunnel->parms.o_flags&GRE_CSUM) {
975 *ptr = 0;
976 *(__sum16 *)ptr = ip_compute_csum((void *)(iph+1), skb->len - sizeof(struct iphdr));
977 }
978 }
979
980 nf_reset(skb);
981 tstats = this_cpu_ptr(dev->tstats);
982 __IPTUNNEL_XMIT(tstats, &dev->stats);
983 return NETDEV_TX_OK;
984
985 #if IS_ENABLED(CONFIG_IPV6)
986 tx_error_icmp:
987 dst_link_failure(skb);
988 #endif
989 tx_error:
990 dev->stats.tx_errors++;
991 dev_kfree_skb(skb);
992 return NETDEV_TX_OK;
993 }
994
995 static int ipgre_tunnel_bind_dev(struct net_device *dev)
996 {
997 struct net_device *tdev = NULL;
998 struct ip_tunnel *tunnel;
999 const struct iphdr *iph;
1000 int hlen = LL_MAX_HEADER;
1001 int mtu = ETH_DATA_LEN;
1002 int addend = sizeof(struct iphdr) + 4;
1003
1004 tunnel = netdev_priv(dev);
1005 iph = &tunnel->parms.iph;
1006
1007 /* Guess output device to choose reasonable mtu and needed_headroom */
1008
1009 if (iph->daddr) {
1010 struct flowi4 fl4;
1011 struct rtable *rt;
1012
1013 rt = ip_route_output_gre(dev_net(dev), &fl4,
1014 iph->daddr, iph->saddr,
1015 tunnel->parms.o_key,
1016 RT_TOS(iph->tos),
1017 tunnel->parms.link);
1018 if (!IS_ERR(rt)) {
1019 tdev = rt->dst.dev;
1020 ip_rt_put(rt);
1021 }
1022
1023 if (dev->type != ARPHRD_ETHER)
1024 dev->flags |= IFF_POINTOPOINT;
1025 }
1026
1027 if (!tdev && tunnel->parms.link)
1028 tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link);
1029
1030 if (tdev) {
1031 hlen = tdev->hard_header_len + tdev->needed_headroom;
1032 mtu = tdev->mtu;
1033 }
1034 dev->iflink = tunnel->parms.link;
1035
1036 /* Precalculate GRE options length */
1037 if (tunnel->parms.o_flags&(GRE_CSUM|GRE_KEY|GRE_SEQ)) {
1038 if (tunnel->parms.o_flags&GRE_CSUM)
1039 addend += 4;
1040 if (tunnel->parms.o_flags&GRE_KEY)
1041 addend += 4;
1042 if (tunnel->parms.o_flags&GRE_SEQ)
1043 addend += 4;
1044 }
1045 dev->needed_headroom = addend + hlen;
1046 mtu -= dev->hard_header_len + addend;
1047
1048 if (mtu < 68)
1049 mtu = 68;
1050
1051 tunnel->hlen = addend;
1052
1053 return mtu;
1054 }
1055
1056 static int
1057 ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
1058 {
1059 int err = 0;
1060 struct ip_tunnel_parm p;
1061 struct ip_tunnel *t;
1062 struct net *net = dev_net(dev);
1063 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
1064
1065 switch (cmd) {
1066 case SIOCGETTUNNEL:
1067 t = NULL;
1068 if (dev == ign->fb_tunnel_dev) {
1069 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
1070 err = -EFAULT;
1071 break;
1072 }
1073 t = ipgre_tunnel_locate(net, &p, 0);
1074 }
1075 if (t == NULL)
1076 t = netdev_priv(dev);
1077 memcpy(&p, &t->parms, sizeof(p));
1078 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
1079 err = -EFAULT;
1080 break;
1081
1082 case SIOCADDTUNNEL:
1083 case SIOCCHGTUNNEL:
1084 err = -EPERM;
1085 if (!capable(CAP_NET_ADMIN))
1086 goto done;
1087
1088 err = -EFAULT;
1089 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
1090 goto done;
1091
1092 err = -EINVAL;
1093 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_GRE ||
1094 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)) ||
1095 ((p.i_flags|p.o_flags)&(GRE_VERSION|GRE_ROUTING)))
1096 goto done;
1097 if (p.iph.ttl)
1098 p.iph.frag_off |= htons(IP_DF);
1099
1100 if (!(p.i_flags&GRE_KEY))
1101 p.i_key = 0;
1102 if (!(p.o_flags&GRE_KEY))
1103 p.o_key = 0;
1104
1105 t = ipgre_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL);
1106
1107 if (dev != ign->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
1108 if (t != NULL) {
1109 if (t->dev != dev) {
1110 err = -EEXIST;
1111 break;
1112 }
1113 } else {
1114 unsigned int nflags = 0;
1115
1116 t = netdev_priv(dev);
1117
1118 if (ipv4_is_multicast(p.iph.daddr))
1119 nflags = IFF_BROADCAST;
1120 else if (p.iph.daddr)
1121 nflags = IFF_POINTOPOINT;
1122
1123 if ((dev->flags^nflags)&(IFF_POINTOPOINT|IFF_BROADCAST)) {
1124 err = -EINVAL;
1125 break;
1126 }
1127 ipgre_tunnel_unlink(ign, t);
1128 synchronize_net();
1129 t->parms.iph.saddr = p.iph.saddr;
1130 t->parms.iph.daddr = p.iph.daddr;
1131 t->parms.i_key = p.i_key;
1132 t->parms.o_key = p.o_key;
1133 memcpy(dev->dev_addr, &p.iph.saddr, 4);
1134 memcpy(dev->broadcast, &p.iph.daddr, 4);
1135 ipgre_tunnel_link(ign, t);
1136 netdev_state_change(dev);
1137 }
1138 }
1139
1140 if (t) {
1141 err = 0;
1142 if (cmd == SIOCCHGTUNNEL) {
1143 t->parms.iph.ttl = p.iph.ttl;
1144 t->parms.iph.tos = p.iph.tos;
1145 t->parms.iph.frag_off = p.iph.frag_off;
1146 if (t->parms.link != p.link) {
1147 t->parms.link = p.link;
1148 dev->mtu = ipgre_tunnel_bind_dev(dev);
1149 netdev_state_change(dev);
1150 }
1151 }
1152 if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
1153 err = -EFAULT;
1154 } else
1155 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
1156 break;
1157
1158 case SIOCDELTUNNEL:
1159 err = -EPERM;
1160 if (!capable(CAP_NET_ADMIN))
1161 goto done;
1162
1163 if (dev == ign->fb_tunnel_dev) {
1164 err = -EFAULT;
1165 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
1166 goto done;
1167 err = -ENOENT;
1168 if ((t = ipgre_tunnel_locate(net, &p, 0)) == NULL)
1169 goto done;
1170 err = -EPERM;
1171 if (t == netdev_priv(ign->fb_tunnel_dev))
1172 goto done;
1173 dev = t->dev;
1174 }
1175 unregister_netdevice(dev);
1176 err = 0;
1177 break;
1178
1179 default:
1180 err = -EINVAL;
1181 }
1182
1183 done:
1184 return err;
1185 }
1186
1187 static int ipgre_tunnel_change_mtu(struct net_device *dev, int new_mtu)
1188 {
1189 struct ip_tunnel *tunnel = netdev_priv(dev);
1190 if (new_mtu < 68 ||
1191 new_mtu > 0xFFF8 - dev->hard_header_len - tunnel->hlen)
1192 return -EINVAL;
1193 dev->mtu = new_mtu;
1194 return 0;
1195 }
1196
1197 /* Nice toy. Unfortunately, useless in real life :-)
1198 It allows to construct virtual multiprotocol broadcast "LAN"
1199 over the Internet, provided multicast routing is tuned.
1200
1201
1202 I have no idea was this bicycle invented before me,
1203 so that I had to set ARPHRD_IPGRE to a random value.
1204 I have an impression, that Cisco could make something similar,
1205 but this feature is apparently missing in IOS<=11.2(8).
1206
1207 I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks
1208 with broadcast 224.66.66.66. If you have access to mbone, play with me :-)
1209
1210 ping -t 255 224.66.66.66
1211
1212 If nobody answers, mbone does not work.
1213
1214 ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255
1215 ip addr add 10.66.66.<somewhat>/24 dev Universe
1216 ifconfig Universe up
1217 ifconfig Universe add fe80::<Your_real_addr>/10
1218 ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96
1219 ftp 10.66.66.66
1220 ...
1221 ftp fec0:6666:6666::193.233.7.65
1222 ...
1223
1224 */
1225
1226 static int ipgre_header(struct sk_buff *skb, struct net_device *dev,
1227 unsigned short type,
1228 const void *daddr, const void *saddr, unsigned int len)
1229 {
1230 struct ip_tunnel *t = netdev_priv(dev);
1231 struct iphdr *iph = (struct iphdr *)skb_push(skb, t->hlen);
1232 __be16 *p = (__be16 *)(iph+1);
1233
1234 memcpy(iph, &t->parms.iph, sizeof(struct iphdr));
1235 p[0] = t->parms.o_flags;
1236 p[1] = htons(type);
1237
1238 /*
1239 * Set the source hardware address.
1240 */
1241
1242 if (saddr)
1243 memcpy(&iph->saddr, saddr, 4);
1244 if (daddr)
1245 memcpy(&iph->daddr, daddr, 4);
1246 if (iph->daddr)
1247 return t->hlen;
1248
1249 return -t->hlen;
1250 }
1251
1252 static int ipgre_header_parse(const struct sk_buff *skb, unsigned char *haddr)
1253 {
1254 const struct iphdr *iph = (const struct iphdr *) skb_mac_header(skb);
1255 memcpy(haddr, &iph->saddr, 4);
1256 return 4;
1257 }
1258
1259 static const struct header_ops ipgre_header_ops = {
1260 .create = ipgre_header,
1261 .parse = ipgre_header_parse,
1262 };
1263
1264 #ifdef CONFIG_NET_IPGRE_BROADCAST
1265 static int ipgre_open(struct net_device *dev)
1266 {
1267 struct ip_tunnel *t = netdev_priv(dev);
1268
1269 if (ipv4_is_multicast(t->parms.iph.daddr)) {
1270 struct flowi4 fl4;
1271 struct rtable *rt;
1272
1273 rt = ip_route_output_gre(dev_net(dev), &fl4,
1274 t->parms.iph.daddr,
1275 t->parms.iph.saddr,
1276 t->parms.o_key,
1277 RT_TOS(t->parms.iph.tos),
1278 t->parms.link);
1279 if (IS_ERR(rt))
1280 return -EADDRNOTAVAIL;
1281 dev = rt->dst.dev;
1282 ip_rt_put(rt);
1283 if (__in_dev_get_rtnl(dev) == NULL)
1284 return -EADDRNOTAVAIL;
1285 t->mlink = dev->ifindex;
1286 ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr);
1287 }
1288 return 0;
1289 }
1290
1291 static int ipgre_close(struct net_device *dev)
1292 {
1293 struct ip_tunnel *t = netdev_priv(dev);
1294
1295 if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) {
1296 struct in_device *in_dev;
1297 in_dev = inetdev_by_index(dev_net(dev), t->mlink);
1298 if (in_dev)
1299 ip_mc_dec_group(in_dev, t->parms.iph.daddr);
1300 }
1301 return 0;
1302 }
1303
1304 #endif
1305
1306 static const struct net_device_ops ipgre_netdev_ops = {
1307 .ndo_init = ipgre_tunnel_init,
1308 .ndo_uninit = ipgre_tunnel_uninit,
1309 #ifdef CONFIG_NET_IPGRE_BROADCAST
1310 .ndo_open = ipgre_open,
1311 .ndo_stop = ipgre_close,
1312 #endif
1313 .ndo_start_xmit = ipgre_tunnel_xmit,
1314 .ndo_do_ioctl = ipgre_tunnel_ioctl,
1315 .ndo_change_mtu = ipgre_tunnel_change_mtu,
1316 .ndo_get_stats64 = ipgre_get_stats64,
1317 };
1318
1319 static void ipgre_dev_free(struct net_device *dev)
1320 {
1321 struct ip_tunnel *tunnel = netdev_priv(dev);
1322
1323 gro_cells_destroy(&tunnel->gro_cells);
1324 free_percpu(dev->tstats);
1325 free_netdev(dev);
1326 }
1327
1328 #define GRE_FEATURES (NETIF_F_SG | \
1329 NETIF_F_FRAGLIST | \
1330 NETIF_F_HIGHDMA | \
1331 NETIF_F_HW_CSUM)
1332
1333 static void ipgre_tunnel_setup(struct net_device *dev)
1334 {
1335 dev->netdev_ops = &ipgre_netdev_ops;
1336 dev->destructor = ipgre_dev_free;
1337
1338 dev->type = ARPHRD_IPGRE;
1339 dev->needed_headroom = LL_MAX_HEADER + sizeof(struct iphdr) + 4;
1340 dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr) - 4;
1341 dev->flags = IFF_NOARP;
1342 dev->iflink = 0;
1343 dev->addr_len = 4;
1344 dev->features |= NETIF_F_NETNS_LOCAL;
1345 dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
1346
1347 dev->features |= GRE_FEATURES;
1348 dev->hw_features |= GRE_FEATURES;
1349 }
1350
1351 static int ipgre_tunnel_init(struct net_device *dev)
1352 {
1353 struct ip_tunnel *tunnel;
1354 struct iphdr *iph;
1355 int err;
1356
1357 tunnel = netdev_priv(dev);
1358 iph = &tunnel->parms.iph;
1359
1360 tunnel->dev = dev;
1361 strcpy(tunnel->parms.name, dev->name);
1362
1363 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
1364 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
1365
1366 if (iph->daddr) {
1367 #ifdef CONFIG_NET_IPGRE_BROADCAST
1368 if (ipv4_is_multicast(iph->daddr)) {
1369 if (!iph->saddr)
1370 return -EINVAL;
1371 dev->flags = IFF_BROADCAST;
1372 dev->header_ops = &ipgre_header_ops;
1373 }
1374 #endif
1375 } else
1376 dev->header_ops = &ipgre_header_ops;
1377
1378 dev->tstats = alloc_percpu(struct pcpu_tstats);
1379 if (!dev->tstats)
1380 return -ENOMEM;
1381
1382 err = gro_cells_init(&tunnel->gro_cells, dev);
1383 if (err) {
1384 free_percpu(dev->tstats);
1385 return err;
1386 }
1387
1388 return 0;
1389 }
1390
1391 static void ipgre_fb_tunnel_init(struct net_device *dev)
1392 {
1393 struct ip_tunnel *tunnel = netdev_priv(dev);
1394 struct iphdr *iph = &tunnel->parms.iph;
1395
1396 tunnel->dev = dev;
1397 strcpy(tunnel->parms.name, dev->name);
1398
1399 iph->version = 4;
1400 iph->protocol = IPPROTO_GRE;
1401 iph->ihl = 5;
1402 tunnel->hlen = sizeof(struct iphdr) + 4;
1403
1404 dev_hold(dev);
1405 }
1406
1407
1408 static const struct gre_protocol ipgre_protocol = {
1409 .handler = ipgre_rcv,
1410 .err_handler = ipgre_err,
1411 };
1412
1413 static void ipgre_destroy_tunnels(struct ipgre_net *ign, struct list_head *head)
1414 {
1415 int prio;
1416
1417 for (prio = 0; prio < 4; prio++) {
1418 int h;
1419 for (h = 0; h < HASH_SIZE; h++) {
1420 struct ip_tunnel *t;
1421
1422 t = rtnl_dereference(ign->tunnels[prio][h]);
1423
1424 while (t != NULL) {
1425 unregister_netdevice_queue(t->dev, head);
1426 t = rtnl_dereference(t->next);
1427 }
1428 }
1429 }
1430 }
1431
1432 static int __net_init ipgre_init_net(struct net *net)
1433 {
1434 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
1435 int err;
1436
1437 ign->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0",
1438 ipgre_tunnel_setup);
1439 if (!ign->fb_tunnel_dev) {
1440 err = -ENOMEM;
1441 goto err_alloc_dev;
1442 }
1443 dev_net_set(ign->fb_tunnel_dev, net);
1444
1445 ipgre_fb_tunnel_init(ign->fb_tunnel_dev);
1446 ign->fb_tunnel_dev->rtnl_link_ops = &ipgre_link_ops;
1447
1448 if ((err = register_netdev(ign->fb_tunnel_dev)))
1449 goto err_reg_dev;
1450
1451 rcu_assign_pointer(ign->tunnels_wc[0],
1452 netdev_priv(ign->fb_tunnel_dev));
1453 return 0;
1454
1455 err_reg_dev:
1456 ipgre_dev_free(ign->fb_tunnel_dev);
1457 err_alloc_dev:
1458 return err;
1459 }
1460
1461 static void __net_exit ipgre_exit_net(struct net *net)
1462 {
1463 struct ipgre_net *ign;
1464 LIST_HEAD(list);
1465
1466 ign = net_generic(net, ipgre_net_id);
1467 rtnl_lock();
1468 ipgre_destroy_tunnels(ign, &list);
1469 unregister_netdevice_many(&list);
1470 rtnl_unlock();
1471 }
1472
1473 static struct pernet_operations ipgre_net_ops = {
1474 .init = ipgre_init_net,
1475 .exit = ipgre_exit_net,
1476 .id = &ipgre_net_id,
1477 .size = sizeof(struct ipgre_net),
1478 };
1479
1480 static int ipgre_tunnel_validate(struct nlattr *tb[], struct nlattr *data[])
1481 {
1482 __be16 flags;
1483
1484 if (!data)
1485 return 0;
1486
1487 flags = 0;
1488 if (data[IFLA_GRE_IFLAGS])
1489 flags |= nla_get_be16(data[IFLA_GRE_IFLAGS]);
1490 if (data[IFLA_GRE_OFLAGS])
1491 flags |= nla_get_be16(data[IFLA_GRE_OFLAGS]);
1492 if (flags & (GRE_VERSION|GRE_ROUTING))
1493 return -EINVAL;
1494
1495 return 0;
1496 }
1497
1498 static int ipgre_tap_validate(struct nlattr *tb[], struct nlattr *data[])
1499 {
1500 __be32 daddr;
1501
1502 if (tb[IFLA_ADDRESS]) {
1503 if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN)
1504 return -EINVAL;
1505 if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS])))
1506 return -EADDRNOTAVAIL;
1507 }
1508
1509 if (!data)
1510 goto out;
1511
1512 if (data[IFLA_GRE_REMOTE]) {
1513 memcpy(&daddr, nla_data(data[IFLA_GRE_REMOTE]), 4);
1514 if (!daddr)
1515 return -EINVAL;
1516 }
1517
1518 out:
1519 return ipgre_tunnel_validate(tb, data);
1520 }
1521
1522 static void ipgre_netlink_parms(struct nlattr *data[],
1523 struct ip_tunnel_parm *parms)
1524 {
1525 memset(parms, 0, sizeof(*parms));
1526
1527 parms->iph.protocol = IPPROTO_GRE;
1528
1529 if (!data)
1530 return;
1531
1532 if (data[IFLA_GRE_LINK])
1533 parms->link = nla_get_u32(data[IFLA_GRE_LINK]);
1534
1535 if (data[IFLA_GRE_IFLAGS])
1536 parms->i_flags = nla_get_be16(data[IFLA_GRE_IFLAGS]);
1537
1538 if (data[IFLA_GRE_OFLAGS])
1539 parms->o_flags = nla_get_be16(data[IFLA_GRE_OFLAGS]);
1540
1541 if (data[IFLA_GRE_IKEY])
1542 parms->i_key = nla_get_be32(data[IFLA_GRE_IKEY]);
1543
1544 if (data[IFLA_GRE_OKEY])
1545 parms->o_key = nla_get_be32(data[IFLA_GRE_OKEY]);
1546
1547 if (data[IFLA_GRE_LOCAL])
1548 parms->iph.saddr = nla_get_be32(data[IFLA_GRE_LOCAL]);
1549
1550 if (data[IFLA_GRE_REMOTE])
1551 parms->iph.daddr = nla_get_be32(data[IFLA_GRE_REMOTE]);
1552
1553 if (data[IFLA_GRE_TTL])
1554 parms->iph.ttl = nla_get_u8(data[IFLA_GRE_TTL]);
1555
1556 if (data[IFLA_GRE_TOS])
1557 parms->iph.tos = nla_get_u8(data[IFLA_GRE_TOS]);
1558
1559 if (!data[IFLA_GRE_PMTUDISC] || nla_get_u8(data[IFLA_GRE_PMTUDISC]))
1560 parms->iph.frag_off = htons(IP_DF);
1561 }
1562
1563 static int ipgre_tap_init(struct net_device *dev)
1564 {
1565 struct ip_tunnel *tunnel;
1566
1567 tunnel = netdev_priv(dev);
1568
1569 tunnel->dev = dev;
1570 strcpy(tunnel->parms.name, dev->name);
1571
1572 ipgre_tunnel_bind_dev(dev);
1573
1574 dev->tstats = alloc_percpu(struct pcpu_tstats);
1575 if (!dev->tstats)
1576 return -ENOMEM;
1577
1578 return 0;
1579 }
1580
1581 static const struct net_device_ops ipgre_tap_netdev_ops = {
1582 .ndo_init = ipgre_tap_init,
1583 .ndo_uninit = ipgre_tunnel_uninit,
1584 .ndo_start_xmit = ipgre_tunnel_xmit,
1585 .ndo_set_mac_address = eth_mac_addr,
1586 .ndo_validate_addr = eth_validate_addr,
1587 .ndo_change_mtu = ipgre_tunnel_change_mtu,
1588 .ndo_get_stats64 = ipgre_get_stats64,
1589 };
1590
1591 static void ipgre_tap_setup(struct net_device *dev)
1592 {
1593
1594 ether_setup(dev);
1595
1596 dev->netdev_ops = &ipgre_tap_netdev_ops;
1597 dev->destructor = ipgre_dev_free;
1598
1599 dev->iflink = 0;
1600 dev->features |= NETIF_F_NETNS_LOCAL;
1601 }
1602
1603 static int ipgre_newlink(struct net *src_net, struct net_device *dev, struct nlattr *tb[],
1604 struct nlattr *data[])
1605 {
1606 struct ip_tunnel *nt;
1607 struct net *net = dev_net(dev);
1608 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
1609 int mtu;
1610 int err;
1611
1612 nt = netdev_priv(dev);
1613 ipgre_netlink_parms(data, &nt->parms);
1614
1615 if (ipgre_tunnel_find(net, &nt->parms, dev->type))
1616 return -EEXIST;
1617
1618 if (dev->type == ARPHRD_ETHER && !tb[IFLA_ADDRESS])
1619 eth_hw_addr_random(dev);
1620
1621 mtu = ipgre_tunnel_bind_dev(dev);
1622 if (!tb[IFLA_MTU])
1623 dev->mtu = mtu;
1624
1625 /* Can use a lockless transmit, unless we generate output sequences */
1626 if (!(nt->parms.o_flags & GRE_SEQ))
1627 dev->features |= NETIF_F_LLTX;
1628
1629 err = register_netdevice(dev);
1630 if (err)
1631 goto out;
1632
1633 dev_hold(dev);
1634 ipgre_tunnel_link(ign, nt);
1635
1636 out:
1637 return err;
1638 }
1639
1640 static int ipgre_changelink(struct net_device *dev, struct nlattr *tb[],
1641 struct nlattr *data[])
1642 {
1643 struct ip_tunnel *t, *nt;
1644 struct net *net = dev_net(dev);
1645 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
1646 struct ip_tunnel_parm p;
1647 int mtu;
1648
1649 if (dev == ign->fb_tunnel_dev)
1650 return -EINVAL;
1651
1652 nt = netdev_priv(dev);
1653 ipgre_netlink_parms(data, &p);
1654
1655 t = ipgre_tunnel_locate(net, &p, 0);
1656
1657 if (t) {
1658 if (t->dev != dev)
1659 return -EEXIST;
1660 } else {
1661 t = nt;
1662
1663 if (dev->type != ARPHRD_ETHER) {
1664 unsigned int nflags = 0;
1665
1666 if (ipv4_is_multicast(p.iph.daddr))
1667 nflags = IFF_BROADCAST;
1668 else if (p.iph.daddr)
1669 nflags = IFF_POINTOPOINT;
1670
1671 if ((dev->flags ^ nflags) &
1672 (IFF_POINTOPOINT | IFF_BROADCAST))
1673 return -EINVAL;
1674 }
1675
1676 ipgre_tunnel_unlink(ign, t);
1677 t->parms.iph.saddr = p.iph.saddr;
1678 t->parms.iph.daddr = p.iph.daddr;
1679 t->parms.i_key = p.i_key;
1680 if (dev->type != ARPHRD_ETHER) {
1681 memcpy(dev->dev_addr, &p.iph.saddr, 4);
1682 memcpy(dev->broadcast, &p.iph.daddr, 4);
1683 }
1684 ipgre_tunnel_link(ign, t);
1685 netdev_state_change(dev);
1686 }
1687
1688 t->parms.o_key = p.o_key;
1689 t->parms.iph.ttl = p.iph.ttl;
1690 t->parms.iph.tos = p.iph.tos;
1691 t->parms.iph.frag_off = p.iph.frag_off;
1692
1693 if (t->parms.link != p.link) {
1694 t->parms.link = p.link;
1695 mtu = ipgre_tunnel_bind_dev(dev);
1696 if (!tb[IFLA_MTU])
1697 dev->mtu = mtu;
1698 netdev_state_change(dev);
1699 }
1700
1701 return 0;
1702 }
1703
1704 static size_t ipgre_get_size(const struct net_device *dev)
1705 {
1706 return
1707 /* IFLA_GRE_LINK */
1708 nla_total_size(4) +
1709 /* IFLA_GRE_IFLAGS */
1710 nla_total_size(2) +
1711 /* IFLA_GRE_OFLAGS */
1712 nla_total_size(2) +
1713 /* IFLA_GRE_IKEY */
1714 nla_total_size(4) +
1715 /* IFLA_GRE_OKEY */
1716 nla_total_size(4) +
1717 /* IFLA_GRE_LOCAL */
1718 nla_total_size(4) +
1719 /* IFLA_GRE_REMOTE */
1720 nla_total_size(4) +
1721 /* IFLA_GRE_TTL */
1722 nla_total_size(1) +
1723 /* IFLA_GRE_TOS */
1724 nla_total_size(1) +
1725 /* IFLA_GRE_PMTUDISC */
1726 nla_total_size(1) +
1727 0;
1728 }
1729
1730 static int ipgre_fill_info(struct sk_buff *skb, const struct net_device *dev)
1731 {
1732 struct ip_tunnel *t = netdev_priv(dev);
1733 struct ip_tunnel_parm *p = &t->parms;
1734
1735 if (nla_put_u32(skb, IFLA_GRE_LINK, p->link) ||
1736 nla_put_be16(skb, IFLA_GRE_IFLAGS, p->i_flags) ||
1737 nla_put_be16(skb, IFLA_GRE_OFLAGS, p->o_flags) ||
1738 nla_put_be32(skb, IFLA_GRE_IKEY, p->i_key) ||
1739 nla_put_be32(skb, IFLA_GRE_OKEY, p->o_key) ||
1740 nla_put_be32(skb, IFLA_GRE_LOCAL, p->iph.saddr) ||
1741 nla_put_be32(skb, IFLA_GRE_REMOTE, p->iph.daddr) ||
1742 nla_put_u8(skb, IFLA_GRE_TTL, p->iph.ttl) ||
1743 nla_put_u8(skb, IFLA_GRE_TOS, p->iph.tos) ||
1744 nla_put_u8(skb, IFLA_GRE_PMTUDISC,
1745 !!(p->iph.frag_off & htons(IP_DF))))
1746 goto nla_put_failure;
1747 return 0;
1748
1749 nla_put_failure:
1750 return -EMSGSIZE;
1751 }
1752
1753 static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
1754 [IFLA_GRE_LINK] = { .type = NLA_U32 },
1755 [IFLA_GRE_IFLAGS] = { .type = NLA_U16 },
1756 [IFLA_GRE_OFLAGS] = { .type = NLA_U16 },
1757 [IFLA_GRE_IKEY] = { .type = NLA_U32 },
1758 [IFLA_GRE_OKEY] = { .type = NLA_U32 },
1759 [IFLA_GRE_LOCAL] = { .len = FIELD_SIZEOF(struct iphdr, saddr) },
1760 [IFLA_GRE_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) },
1761 [IFLA_GRE_TTL] = { .type = NLA_U8 },
1762 [IFLA_GRE_TOS] = { .type = NLA_U8 },
1763 [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 },
1764 };
1765
1766 static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
1767 .kind = "gre",
1768 .maxtype = IFLA_GRE_MAX,
1769 .policy = ipgre_policy,
1770 .priv_size = sizeof(struct ip_tunnel),
1771 .setup = ipgre_tunnel_setup,
1772 .validate = ipgre_tunnel_validate,
1773 .newlink = ipgre_newlink,
1774 .changelink = ipgre_changelink,
1775 .get_size = ipgre_get_size,
1776 .fill_info = ipgre_fill_info,
1777 };
1778
1779 static struct rtnl_link_ops ipgre_tap_ops __read_mostly = {
1780 .kind = "gretap",
1781 .maxtype = IFLA_GRE_MAX,
1782 .policy = ipgre_policy,
1783 .priv_size = sizeof(struct ip_tunnel),
1784 .setup = ipgre_tap_setup,
1785 .validate = ipgre_tap_validate,
1786 .newlink = ipgre_newlink,
1787 .changelink = ipgre_changelink,
1788 .get_size = ipgre_get_size,
1789 .fill_info = ipgre_fill_info,
1790 };
1791
1792 /*
1793 * And now the modules code and kernel interface.
1794 */
1795
1796 static int __init ipgre_init(void)
1797 {
1798 int err;
1799
1800 pr_info("GRE over IPv4 tunneling driver\n");
1801
1802 err = register_pernet_device(&ipgre_net_ops);
1803 if (err < 0)
1804 return err;
1805
1806 err = gre_add_protocol(&ipgre_protocol, GREPROTO_CISCO);
1807 if (err < 0) {
1808 pr_info("%s: can't add protocol\n", __func__);
1809 goto add_proto_failed;
1810 }
1811
1812 err = rtnl_link_register(&ipgre_link_ops);
1813 if (err < 0)
1814 goto rtnl_link_failed;
1815
1816 err = rtnl_link_register(&ipgre_tap_ops);
1817 if (err < 0)
1818 goto tap_ops_failed;
1819
1820 out:
1821 return err;
1822
1823 tap_ops_failed:
1824 rtnl_link_unregister(&ipgre_link_ops);
1825 rtnl_link_failed:
1826 gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
1827 add_proto_failed:
1828 unregister_pernet_device(&ipgre_net_ops);
1829 goto out;
1830 }
1831
1832 static void __exit ipgre_fini(void)
1833 {
1834 rtnl_link_unregister(&ipgre_tap_ops);
1835 rtnl_link_unregister(&ipgre_link_ops);
1836 if (gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO) < 0)
1837 pr_info("%s: can't remove protocol\n", __func__);
1838 unregister_pernet_device(&ipgre_net_ops);
1839 }
1840
1841 module_init(ipgre_init);
1842 module_exit(ipgre_fini);
1843 MODULE_LICENSE("GPL");
1844 MODULE_ALIAS_RTNL_LINK("gre");
1845 MODULE_ALIAS_RTNL_LINK("gretap");
1846 MODULE_ALIAS_NETDEV("gre0");
Linux kernel - Deliverables
This page took 0.068525 seconds and 5 git commands to generate.