]>
Commit | Line | Data |
---|---|---|
1da177e4 | 1 | /* |
e905a9ed | 2 | * Linux NET3: IP/IP protocol decoder. |
1da177e4 | 3 | * |
1da177e4 LT |
4 | * Authors: |
5 | * Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95 | |
6 | * | |
7 | * Fixes: | |
8 | * Alan Cox : Merged and made usable non modular (its so tiny its silly as | |
9 | * a module taking up 2 pages). | |
10 | * Alan Cox : Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph) | |
11 | * to keep ip_forward happy. | |
12 | * Alan Cox : More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8). | |
13 | * Kai Schulte : Fixed #defines for IP_FIREWALL->FIREWALL | |
14 | * David Woodhouse : Perform some basic ICMP handling. | |
15 | * IPIP Routing without decapsulation. | |
16 | * Carlos Picoto : GRE over IP support | |
17 | * Alexey Kuznetsov: Reworked. Really, now it is truncated version of ipv4/ip_gre.c. | |
18 | * I do not want to merge them together. | |
19 | * | |
20 | * This program is free software; you can redistribute it and/or | |
21 | * modify it under the terms of the GNU General Public License | |
22 | * as published by the Free Software Foundation; either version | |
23 | * 2 of the License, or (at your option) any later version. | |
24 | * | |
25 | */ | |
26 | ||
27 | /* tunnel.c: an IP tunnel driver | |
28 | ||
29 | The purpose of this driver is to provide an IP tunnel through | |
30 | which you can tunnel network traffic transparently across subnets. | |
31 | ||
32 | This was written by looking at Nick Holloway's dummy driver | |
33 | Thanks for the great code! | |
34 | ||
35 | -Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95 | |
e905a9ed | 36 | |
1da177e4 LT |
37 | Minor tweaks: |
38 | Cleaned up the code a little and added some pre-1.3.0 tweaks. | |
39 | dev->hard_header/hard_header_len changed to use no headers. | |
40 | Comments/bracketing tweaked. | |
41 | Made the tunnels use dev->name not tunnel: when error reporting. | |
42 | Added tx_dropped stat | |
e905a9ed | 43 | |
113aa838 | 44 | -Alan Cox (alan@lxorguk.ukuu.org.uk) 21 March 95 |
1da177e4 LT |
45 | |
46 | Reworked: | |
47 | Changed to tunnel to destination gateway in addition to the | |
48 | tunnel's pointopoint address | |
49 | Almost completely rewritten | |
50 | Note: There is currently no firewall or ICMP handling done. | |
51 | ||
52 | -Sam Lantinga (slouken@cs.ucdavis.edu) 02/13/96 | |
e905a9ed | 53 | |
1da177e4 LT |
54 | */ |
55 | ||
56 | /* Things I wish I had known when writing the tunnel driver: | |
57 | ||
58 | When the tunnel_xmit() function is called, the skb contains the | |
59 | packet to be sent (plus a great deal of extra info), and dev | |
60 | contains the tunnel device that _we_ are. | |
61 | ||
62 | When we are passed a packet, we are expected to fill in the | |
63 | source address with our source IP address. | |
64 | ||
65 | What is the proper way to allocate, copy and free a buffer? | |
66 | After you allocate it, it is a "0 length" chunk of memory | |
67 | starting at zero. If you want to add headers to the buffer | |
68 | later, you'll have to call "skb_reserve(skb, amount)" with | |
69 | the amount of memory you want reserved. Then, you call | |
70 | "skb_put(skb, amount)" with the amount of space you want in | |
71 | the buffer. skb_put() returns a pointer to the top (#0) of | |
72 | that buffer. skb->len is set to the amount of space you have | |
73 | "allocated" with skb_put(). You can then write up to skb->len | |
74 | bytes to that buffer. If you need more, you can call skb_put() | |
75 | again with the additional amount of space you need. You can | |
e905a9ed | 76 | find out how much more space you can allocate by calling |
1da177e4 LT |
77 | "skb_tailroom(skb)". |
78 | Now, to add header space, call "skb_push(skb, header_len)". | |
79 | This creates space at the beginning of the buffer and returns | |
80 | a pointer to this new space. If later you need to strip a | |
81 | header from a buffer, call "skb_pull(skb, header_len)". | |
82 | skb_headroom() will return how much space is left at the top | |
83 | of the buffer (before the main data). Remember, this headroom | |
84 | space must be reserved before the skb_put() function is called. | |
85 | */ | |
86 | ||
87 | /* | |
88 | This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c | |
89 | ||
90 | For comments look at net/ipv4/ip_gre.c --ANK | |
91 | */ | |
92 | ||
e905a9ed | 93 | |
4fc268d2 | 94 | #include <linux/capability.h> |
1da177e4 LT |
95 | #include <linux/module.h> |
96 | #include <linux/types.h> | |
1da177e4 | 97 | #include <linux/kernel.h> |
5a0e3ad6 | 98 | #include <linux/slab.h> |
7c0f6ba6 | 99 | #include <linux/uaccess.h> |
1da177e4 LT |
100 | #include <linux/skbuff.h> |
101 | #include <linux/netdevice.h> | |
102 | #include <linux/in.h> | |
103 | #include <linux/tcp.h> | |
104 | #include <linux/udp.h> | |
105 | #include <linux/if_arp.h> | |
1da177e4 LT |
106 | #include <linux/init.h> |
107 | #include <linux/netfilter_ipv4.h> | |
46f25dff | 108 | #include <linux/if_ether.h> |
1120a35b | 109 | #include <linux/inetdevice.h> |
1da177e4 LT |
110 | |
111 | #include <net/sock.h> | |
112 | #include <net/ip.h> | |
113 | #include <net/icmp.h> | |
c5441932 | 114 | #include <net/ip_tunnels.h> |
1da177e4 LT |
115 | #include <net/inet_ecn.h> |
116 | #include <net/xfrm.h> | |
10dc4c7b PE |
117 | #include <net/net_namespace.h> |
118 | #include <net/netns/generic.h> | |
cfc7381b | 119 | #include <net/dst_metadata.h> |
1da177e4 | 120 | |
eccc1bb8 | 121 | static bool log_ecn_error = true; |
122 | module_param(log_ecn_error, bool, 0644); | |
123 | MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN"); | |
124 | ||
c7d03a00 | 125 | static unsigned int ipip_net_id __read_mostly; |
10dc4c7b | 126 | |
3c97af99 | 127 | static int ipip_tunnel_init(struct net_device *dev); |
0974658d | 128 | static struct rtnl_link_ops ipip_link_ops __read_mostly; |
1da177e4 | 129 | |
d2acc347 | 130 | static int ipip_err(struct sk_buff *skb, u32 info) |
1da177e4 | 131 | { |
1da177e4 | 132 | |
071f92d0 | 133 | /* All the routers (except for Linux) return only |
1da177e4 LT |
134 | 8 bytes of packet payload. It means, that precise relaying of |
135 | ICMP in the real Internet is absolutely infeasible. | |
136 | */ | |
fd58156e PS |
137 | struct net *net = dev_net(skb->dev); |
138 | struct ip_tunnel_net *itn = net_generic(net, ipip_net_id); | |
b71d1d42 | 139 | const struct iphdr *iph = (const struct iphdr *)skb->data; |
1da177e4 | 140 | struct ip_tunnel *t; |
d2acc347 | 141 | int err; |
fd58156e PS |
142 | const int type = icmp_hdr(skb)->type; |
143 | const int code = icmp_hdr(skb)->code; | |
1da177e4 | 144 | |
d2acc347 | 145 | err = -ENOENT; |
fd58156e PS |
146 | t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY, |
147 | iph->daddr, iph->saddr, 0); | |
51456b29 | 148 | if (!t) |
36393395 DM |
149 | goto out; |
150 | ||
151 | if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { | |
152 | ipv4_update_pmtu(skb, dev_net(skb->dev), info, | |
1b69e7e6 | 153 | t->parms.link, 0, iph->protocol, 0); |
36393395 DM |
154 | err = 0; |
155 | goto out; | |
156 | } | |
157 | ||
55be7a9c | 158 | if (type == ICMP_REDIRECT) { |
2346829e | 159 | ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0, |
1b69e7e6 | 160 | iph->protocol, 0); |
55be7a9c DM |
161 | err = 0; |
162 | goto out; | |
163 | } | |
164 | ||
36393395 | 165 | if (t->parms.iph.daddr == 0) |
1da177e4 | 166 | goto out; |
d2acc347 HX |
167 | |
168 | err = 0; | |
1da177e4 LT |
169 | if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED) |
170 | goto out; | |
171 | ||
26d94b46 | 172 | if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO)) |
1da177e4 LT |
173 | t->err_count++; |
174 | else | |
175 | t->err_count = 1; | |
176 | t->err_time = jiffies; | |
b0558ef2 | 177 | |
fd58156e | 178 | out: |
d2acc347 | 179 | return err; |
1da177e4 LT |
180 | } |
181 | ||
1b69e7e6 | 182 | static const struct tnl_ptk_info ipip_tpi = { |
fd58156e PS |
183 | /* no tunnel info required for ipip. */ |
184 | .proto = htons(ETH_P_IP), | |
185 | }; | |
186 | ||
1b69e7e6 SH |
187 | #if IS_ENABLED(CONFIG_MPLS) |
188 | static const struct tnl_ptk_info mplsip_tpi = { | |
189 | /* no tunnel info required for mplsip. */ | |
190 | .proto = htons(ETH_P_MPLS_UC), | |
191 | }; | |
192 | #endif | |
193 | ||
194 | static int ipip_tunnel_rcv(struct sk_buff *skb, u8 ipproto) | |
1da177e4 | 195 | { |
fd58156e PS |
196 | struct net *net = dev_net(skb->dev); |
197 | struct ip_tunnel_net *itn = net_generic(net, ipip_net_id); | |
cfc7381b | 198 | struct metadata_dst *tun_dst = NULL; |
1da177e4 | 199 | struct ip_tunnel *tunnel; |
3d7b46cd | 200 | const struct iphdr *iph; |
3c97af99 | 201 | |
3d7b46cd | 202 | iph = ip_hdr(skb); |
fd58156e PS |
203 | tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY, |
204 | iph->saddr, iph->daddr, 0); | |
205 | if (tunnel) { | |
1b69e7e6 SH |
206 | const struct tnl_ptk_info *tpi; |
207 | ||
208 | if (tunnel->parms.iph.protocol != ipproto && | |
209 | tunnel->parms.iph.protocol != 0) | |
210 | goto drop; | |
211 | ||
eccc1bb8 | 212 | if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) |
213 | goto drop; | |
1b69e7e6 SH |
214 | #if IS_ENABLED(CONFIG_MPLS) |
215 | if (ipproto == IPPROTO_MPLS) | |
216 | tpi = &mplsip_tpi; | |
217 | else | |
218 | #endif | |
219 | tpi = &ipip_tpi; | |
220 | if (iptunnel_pull_header(skb, 0, tpi->proto, false)) | |
737e828b | 221 | goto drop; |
cfc7381b AS |
222 | if (tunnel->collect_md) { |
223 | tun_dst = ip_tun_rx_dst(skb, 0, 0, 0); | |
224 | if (!tun_dst) | |
225 | return 0; | |
226 | } | |
227 | return ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error); | |
1da177e4 | 228 | } |
1da177e4 | 229 | |
1da177e4 | 230 | return -1; |
eccc1bb8 | 231 | |
232 | drop: | |
233 | kfree_skb(skb); | |
234 | return 0; | |
1da177e4 LT |
235 | } |
236 | ||
1b69e7e6 SH |
237 | static int ipip_rcv(struct sk_buff *skb) |
238 | { | |
239 | return ipip_tunnel_rcv(skb, IPPROTO_IPIP); | |
240 | } | |
241 | ||
242 | #if IS_ENABLED(CONFIG_MPLS) | |
243 | static int mplsip_rcv(struct sk_buff *skb) | |
244 | { | |
245 | return ipip_tunnel_rcv(skb, IPPROTO_MPLS); | |
246 | } | |
247 | #endif | |
248 | ||
1120a35b JV |
249 | static int ipip_tunnel_is_fan(struct ip_tunnel *tunnel) |
250 | { | |
251 | return tunnel->parms.i_flags & TUNNEL_FAN; | |
252 | } | |
253 | ||
254 | /* | |
255 | * Determine fan tunnel endpoint to send packet to, based on the inner IP | |
256 | * address. For an overlay (inner) address Y.A.B.C, the transformation is | |
257 | * F.G.A.B, where "F" and "G" are the first two octets of the underlay | |
258 | * network (the network portion of a /16), "A" and "B" are the low order | |
259 | * two octets of the underlay network host (the host portion of a /16), | |
260 | * and "Y" is a configured first octet of the overlay network. | |
261 | * | |
262 | * E.g., underlay host 10.88.3.4 with an overlay of 99 would host overlay | |
263 | * subnet 99.3.4.0/24. An overlay network datagram from 99.3.4.5 to | |
264 | * 99.6.7.8, would be directed to underlay host 10.88.6.7, which hosts | |
265 | * overlay network 99.6.7.0/24. | |
266 | */ | |
267 | static int ipip_build_fan_iphdr(struct ip_tunnel *tunnel, struct sk_buff *skb, struct iphdr *iph) | |
268 | { | |
269 | unsigned int overlay; | |
270 | u32 daddr, underlay; | |
271 | ||
272 | daddr = ntohl(ip_hdr(skb)->daddr); | |
273 | overlay = daddr >> 24; | |
274 | underlay = tunnel->fan.map[overlay]; | |
275 | if (!underlay) | |
276 | return -EINVAL; | |
277 | ||
278 | *iph = tunnel->parms.iph; | |
279 | iph->daddr = htonl(underlay | ((daddr >> 8) & 0x0000ffff)); | |
280 | return 0; | |
281 | } | |
282 | ||
1da177e4 LT |
283 | /* |
284 | * This function assumes it is being called from dev_queue_xmit() | |
285 | * and that skb is filled properly by that function. | |
286 | */ | |
1b69e7e6 SH |
287 | static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, |
288 | struct net_device *dev) | |
1da177e4 | 289 | { |
2941a486 | 290 | struct ip_tunnel *tunnel = netdev_priv(dev); |
b71d1d42 | 291 | const struct iphdr *tiph = &tunnel->parms.iph; |
1b69e7e6 | 292 | u8 ipproto; |
1120a35b | 293 | struct iphdr fiph; |
1b69e7e6 SH |
294 | |
295 | switch (skb->protocol) { | |
296 | case htons(ETH_P_IP): | |
297 | ipproto = IPPROTO_IPIP; | |
298 | break; | |
299 | #if IS_ENABLED(CONFIG_MPLS) | |
300 | case htons(ETH_P_MPLS_UC): | |
301 | ipproto = IPPROTO_MPLS; | |
302 | break; | |
303 | #endif | |
304 | default: | |
305 | goto tx_error; | |
306 | } | |
1da177e4 | 307 | |
1b69e7e6 | 308 | if (tiph->protocol != ipproto && tiph->protocol != 0) |
1da177e4 | 309 | goto tx_error; |
1da177e4 | 310 | |
7e13318d | 311 | if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP4)) |
aed069df | 312 | goto tx_error; |
8344bfc6 | 313 | |
1120a35b JV |
314 | if (ipip_tunnel_is_fan(tunnel)) { |
315 | if (ipip_build_fan_iphdr(tunnel, skb, &fiph)) | |
316 | goto tx_error; | |
317 | tiph = &fiph; | |
318 | } else { | |
319 | tiph = &tunnel->parms.iph; | |
320 | } | |
321 | ||
1b69e7e6 | 322 | skb_set_inner_ipproto(skb, ipproto); |
077c5a09 | 323 | |
cfc7381b AS |
324 | if (tunnel->collect_md) |
325 | ip_md_tunnel_xmit(skb, dev, ipproto); | |
326 | else | |
327 | ip_tunnel_xmit(skb, dev, tiph, ipproto); | |
6ed10654 | 328 | return NETDEV_TX_OK; |
1da177e4 | 329 | |
1da177e4 | 330 | tx_error: |
3acfa1e7 | 331 | kfree_skb(skb); |
aed069df | 332 | |
cb32f511 | 333 | dev->stats.tx_errors++; |
6ed10654 | 334 | return NETDEV_TX_OK; |
1da177e4 LT |
335 | } |
336 | ||
1b69e7e6 SH |
337 | static bool ipip_tunnel_ioctl_verify_protocol(u8 ipproto) |
338 | { | |
339 | switch (ipproto) { | |
340 | case 0: | |
341 | case IPPROTO_IPIP: | |
342 | #if IS_ENABLED(CONFIG_MPLS) | |
343 | case IPPROTO_MPLS: | |
344 | #endif | |
345 | return true; | |
346 | } | |
347 | ||
348 | return false; | |
349 | } | |
350 | ||
1da177e4 | 351 | static int |
fd58156e | 352 | ipip_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) |
1da177e4 LT |
353 | { |
354 | int err = 0; | |
355 | struct ip_tunnel_parm p; | |
1da177e4 | 356 | |
fd58156e PS |
357 | if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) |
358 | return -EFAULT; | |
1da177e4 | 359 | |
3b7b514f | 360 | if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) { |
1b69e7e6 SH |
361 | if (p.iph.version != 4 || |
362 | !ipip_tunnel_ioctl_verify_protocol(p.iph.protocol) || | |
3b7b514f CW |
363 | p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF))) |
364 | return -EINVAL; | |
365 | } | |
366 | ||
252a8fbe ED |
367 | p.i_key = p.o_key = 0; |
368 | p.i_flags = p.o_flags = 0; | |
fd58156e PS |
369 | err = ip_tunnel_ioctl(dev, &p, cmd); |
370 | if (err) | |
371 | return err; | |
372 | ||
373 | if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) | |
374 | return -EFAULT; | |
375 | ||
1da177e4 LT |
376 | return 0; |
377 | } | |
378 | ||
23a12b14 | 379 | static const struct net_device_ops ipip_netdev_ops = { |
fd58156e PS |
380 | .ndo_init = ipip_tunnel_init, |
381 | .ndo_uninit = ip_tunnel_uninit, | |
23a12b14 SH |
382 | .ndo_start_xmit = ipip_tunnel_xmit, |
383 | .ndo_do_ioctl = ipip_tunnel_ioctl, | |
fd58156e PS |
384 | .ndo_change_mtu = ip_tunnel_change_mtu, |
385 | .ndo_get_stats64 = ip_tunnel_get_stats64, | |
1e99584b | 386 | .ndo_get_iflink = ip_tunnel_get_iflink, |
23a12b14 SH |
387 | }; |
388 | ||
c3b89fbb ED |
389 | #define IPIP_FEATURES (NETIF_F_SG | \ |
390 | NETIF_F_FRAGLIST | \ | |
391 | NETIF_F_HIGHDMA | \ | |
cb32f511 | 392 | NETIF_F_GSO_SOFTWARE | \ |
c3b89fbb ED |
393 | NETIF_F_HW_CSUM) |
394 | ||
1da177e4 LT |
395 | static void ipip_tunnel_setup(struct net_device *dev) |
396 | { | |
23a12b14 | 397 | dev->netdev_ops = &ipip_netdev_ops; |
1da177e4 LT |
398 | |
399 | dev->type = ARPHRD_TUNNEL; | |
1da177e4 | 400 | dev->flags = IFF_NOARP; |
1da177e4 | 401 | dev->addr_len = 4; |
153f0943 | 402 | dev->features |= NETIF_F_LLTX; |
02875878 | 403 | netif_keep_dst(dev); |
c3b89fbb ED |
404 | |
405 | dev->features |= IPIP_FEATURES; | |
406 | dev->hw_features |= IPIP_FEATURES; | |
fd58156e | 407 | ip_tunnel_setup(dev, ipip_net_id); |
1da177e4 LT |
408 | } |
409 | ||
3c97af99 | 410 | static int ipip_tunnel_init(struct net_device *dev) |
1da177e4 | 411 | { |
23a12b14 | 412 | struct ip_tunnel *tunnel = netdev_priv(dev); |
1da177e4 | 413 | |
1da177e4 LT |
414 | memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4); |
415 | memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4); | |
416 | ||
473ab820 TH |
417 | tunnel->tun_hlen = 0; |
418 | tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen; | |
fd58156e | 419 | return ip_tunnel_init(dev); |
1da177e4 LT |
420 | } |
421 | ||
1b69e7e6 SH |
422 | static int ipip_tunnel_validate(struct nlattr *tb[], struct nlattr *data[]) |
423 | { | |
424 | u8 proto; | |
425 | ||
426 | if (!data || !data[IFLA_IPTUN_PROTO]) | |
427 | return 0; | |
428 | ||
429 | proto = nla_get_u8(data[IFLA_IPTUN_PROTO]); | |
430 | if (proto != IPPROTO_IPIP && proto != IPPROTO_MPLS && proto != 0) | |
431 | return -EINVAL; | |
432 | ||
433 | return 0; | |
434 | } | |
435 | ||
be42da0e | 436 | static void ipip_netlink_parms(struct nlattr *data[], |
cfc7381b | 437 | struct ip_tunnel_parm *parms, bool *collect_md) |
be42da0e ND |
438 | { |
439 | memset(parms, 0, sizeof(*parms)); | |
440 | ||
441 | parms->iph.version = 4; | |
442 | parms->iph.protocol = IPPROTO_IPIP; | |
443 | parms->iph.ihl = 5; | |
cfc7381b | 444 | *collect_md = false; |
be42da0e ND |
445 | |
446 | if (!data) | |
447 | return; | |
448 | ||
449 | if (data[IFLA_IPTUN_LINK]) | |
450 | parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]); | |
451 | ||
452 | if (data[IFLA_IPTUN_LOCAL]) | |
67b61f6c | 453 | parms->iph.saddr = nla_get_in_addr(data[IFLA_IPTUN_LOCAL]); |
be42da0e ND |
454 | |
455 | if (data[IFLA_IPTUN_REMOTE]) | |
67b61f6c | 456 | parms->iph.daddr = nla_get_in_addr(data[IFLA_IPTUN_REMOTE]); |
be42da0e ND |
457 | |
458 | if (data[IFLA_IPTUN_TTL]) { | |
459 | parms->iph.ttl = nla_get_u8(data[IFLA_IPTUN_TTL]); | |
460 | if (parms->iph.ttl) | |
461 | parms->iph.frag_off = htons(IP_DF); | |
462 | } | |
463 | ||
464 | if (data[IFLA_IPTUN_TOS]) | |
465 | parms->iph.tos = nla_get_u8(data[IFLA_IPTUN_TOS]); | |
466 | ||
1b69e7e6 SH |
467 | if (data[IFLA_IPTUN_PROTO]) |
468 | parms->iph.protocol = nla_get_u8(data[IFLA_IPTUN_PROTO]); | |
469 | ||
be42da0e ND |
470 | if (!data[IFLA_IPTUN_PMTUDISC] || nla_get_u8(data[IFLA_IPTUN_PMTUDISC])) |
471 | parms->iph.frag_off = htons(IP_DF); | |
cfc7381b AS |
472 | |
473 | if (data[IFLA_IPTUN_COLLECT_METADATA]) | |
474 | *collect_md = true; | |
be42da0e ND |
475 | } |
476 | ||
473ab820 TH |
477 | /* This function returns true when ENCAP attributes are present in the nl msg */ |
478 | static bool ipip_netlink_encap_parms(struct nlattr *data[], | |
479 | struct ip_tunnel_encap *ipencap) | |
480 | { | |
481 | bool ret = false; | |
482 | ||
483 | memset(ipencap, 0, sizeof(*ipencap)); | |
484 | ||
485 | if (!data) | |
486 | return ret; | |
487 | ||
488 | if (data[IFLA_IPTUN_ENCAP_TYPE]) { | |
489 | ret = true; | |
490 | ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]); | |
491 | } | |
492 | ||
493 | if (data[IFLA_IPTUN_ENCAP_FLAGS]) { | |
494 | ret = true; | |
495 | ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]); | |
496 | } | |
497 | ||
498 | if (data[IFLA_IPTUN_ENCAP_SPORT]) { | |
499 | ret = true; | |
3e97fa70 | 500 | ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]); |
473ab820 TH |
501 | } |
502 | ||
503 | if (data[IFLA_IPTUN_ENCAP_DPORT]) { | |
504 | ret = true; | |
3e97fa70 | 505 | ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]); |
473ab820 TH |
506 | } |
507 | ||
508 | return ret; | |
509 | } | |
510 | ||
1120a35b JV |
511 | static void ipip_fan_free_map(struct ip_tunnel *t) |
512 | { | |
513 | memset(&t->fan.map, 0, sizeof(t->fan.map)); | |
514 | } | |
515 | ||
516 | static int ipip_fan_set_map(struct ip_tunnel *t, struct ip_tunnel_fan_map *map) | |
517 | { | |
518 | u32 overlay, overlay_mask, underlay, underlay_mask; | |
519 | ||
520 | if ((map->underlay_prefix && map->underlay_prefix != 16) || | |
521 | (map->overlay_prefix && map->overlay_prefix != 8)) | |
522 | return -EINVAL; | |
523 | ||
524 | overlay = ntohl(map->overlay); | |
525 | overlay_mask = ntohl(inet_make_mask(map->overlay_prefix)); | |
526 | ||
527 | underlay = ntohl(map->underlay); | |
528 | underlay_mask = ntohl(inet_make_mask(map->underlay_prefix)); | |
529 | ||
530 | if ((overlay & ~overlay_mask) || (underlay & ~underlay_mask)) | |
531 | return -EINVAL; | |
532 | ||
533 | if (!(overlay & overlay_mask) && (underlay & underlay_mask)) | |
534 | return -EINVAL; | |
535 | ||
536 | t->parms.i_flags |= TUNNEL_FAN; | |
537 | ||
538 | /* Special case: overlay 0 and underlay 0 clears all mappings */ | |
539 | if (!overlay && !underlay) { | |
540 | ipip_fan_free_map(t); | |
541 | return 0; | |
542 | } | |
543 | ||
544 | overlay >>= (32 - map->overlay_prefix); | |
545 | t->fan.map[overlay] = underlay; | |
546 | ||
547 | return 0; | |
548 | } | |
549 | ||
550 | ||
551 | static int ipip_netlink_fan(struct nlattr *data[], struct ip_tunnel *t, | |
552 | struct ip_tunnel_parm *parms) | |
553 | { | |
554 | struct ip_tunnel_fan_map *map; | |
555 | struct nlattr *attr; | |
556 | int rem, rv; | |
557 | ||
558 | if (!data[IFLA_IPTUN_FAN_MAP]) | |
559 | return 0; | |
560 | ||
561 | if (parms->iph.daddr) | |
562 | return -EINVAL; | |
563 | ||
564 | nla_for_each_nested(attr, data[IFLA_IPTUN_FAN_MAP], rem) { | |
565 | map = nla_data(attr); | |
566 | rv = ipip_fan_set_map(t, map); | |
567 | if (rv) | |
568 | return rv; | |
569 | } | |
570 | ||
571 | return 0; | |
572 | } | |
573 | ||
be42da0e ND |
574 | static int ipip_newlink(struct net *src_net, struct net_device *dev, |
575 | struct nlattr *tb[], struct nlattr *data[]) | |
576 | { | |
cfc7381b | 577 | struct ip_tunnel *t = netdev_priv(dev); |
fd58156e | 578 | struct ip_tunnel_parm p; |
473ab820 | 579 | struct ip_tunnel_encap ipencap; |
1120a35b JV |
580 | struct ip_tunnel *t = netdev_priv(dev); |
581 | int err; | |
473ab820 TH |
582 | |
583 | if (ipip_netlink_encap_parms(data, &ipencap)) { | |
1120a35b | 584 | err = ip_tunnel_encap_setup(t, &ipencap); |
473ab820 TH |
585 | |
586 | if (err < 0) | |
587 | return err; | |
588 | } | |
be42da0e | 589 | |
cfc7381b | 590 | ipip_netlink_parms(data, &p, &t->collect_md); |
1120a35b JV |
591 | err = ipip_netlink_fan(data, t, &p); |
592 | if (err < 0) | |
593 | return err; | |
fd58156e | 594 | return ip_tunnel_newlink(dev, tb, &p); |
be42da0e ND |
595 | } |
596 | ||
597 | static int ipip_changelink(struct net_device *dev, struct nlattr *tb[], | |
598 | struct nlattr *data[]) | |
599 | { | |
be42da0e | 600 | struct ip_tunnel_parm p; |
473ab820 | 601 | struct ip_tunnel_encap ipencap; |
cfc7381b | 602 | bool collect_md; |
1120a35b JV |
603 | struct ip_tunnel *t = netdev_priv(dev); |
604 | int err; | |
473ab820 TH |
605 | |
606 | if (ipip_netlink_encap_parms(data, &ipencap)) { | |
1120a35b | 607 | err = ip_tunnel_encap_setup(t, &ipencap); |
473ab820 TH |
608 | |
609 | if (err < 0) | |
610 | return err; | |
611 | } | |
be42da0e | 612 | |
cfc7381b AS |
613 | ipip_netlink_parms(data, &p, &collect_md); |
614 | if (collect_md) | |
615 | return -EINVAL; | |
1120a35b JV |
616 | err = ipip_netlink_fan(data, t, &p); |
617 | if (err < 0) | |
618 | return err; | |
be42da0e ND |
619 | |
620 | if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) || | |
621 | (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr)) | |
622 | return -EINVAL; | |
623 | ||
fd58156e | 624 | return ip_tunnel_changelink(dev, tb, &p); |
be42da0e ND |
625 | } |
626 | ||
0974658d ND |
627 | static size_t ipip_get_size(const struct net_device *dev) |
628 | { | |
629 | return | |
630 | /* IFLA_IPTUN_LINK */ | |
631 | nla_total_size(4) + | |
632 | /* IFLA_IPTUN_LOCAL */ | |
633 | nla_total_size(4) + | |
634 | /* IFLA_IPTUN_REMOTE */ | |
635 | nla_total_size(4) + | |
636 | /* IFLA_IPTUN_TTL */ | |
637 | nla_total_size(1) + | |
638 | /* IFLA_IPTUN_TOS */ | |
639 | nla_total_size(1) + | |
1b69e7e6 SH |
640 | /* IFLA_IPTUN_PROTO */ |
641 | nla_total_size(1) + | |
befe2aa1 ND |
642 | /* IFLA_IPTUN_PMTUDISC */ |
643 | nla_total_size(1) + | |
473ab820 TH |
644 | /* IFLA_IPTUN_ENCAP_TYPE */ |
645 | nla_total_size(2) + | |
646 | /* IFLA_IPTUN_ENCAP_FLAGS */ | |
647 | nla_total_size(2) + | |
648 | /* IFLA_IPTUN_ENCAP_SPORT */ | |
649 | nla_total_size(2) + | |
650 | /* IFLA_IPTUN_ENCAP_DPORT */ | |
651 | nla_total_size(2) + | |
cfc7381b AS |
652 | /* IFLA_IPTUN_COLLECT_METADATA */ |
653 | nla_total_size(0) + | |
1120a35b JV |
654 | /* IFLA_IPTUN_FAN_MAP */ |
655 | nla_total_size(sizeof(struct ip_tunnel_fan_map)) * 256 + | |
0974658d ND |
656 | 0; |
657 | } | |
658 | ||
659 | static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev) | |
660 | { | |
661 | struct ip_tunnel *tunnel = netdev_priv(dev); | |
662 | struct ip_tunnel_parm *parm = &tunnel->parms; | |
663 | ||
664 | if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) || | |
930345ea JB |
665 | nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) || |
666 | nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) || | |
0974658d | 667 | nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) || |
befe2aa1 | 668 | nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) || |
1b69e7e6 | 669 | nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->iph.protocol) || |
befe2aa1 ND |
670 | nla_put_u8(skb, IFLA_IPTUN_PMTUDISC, |
671 | !!(parm->iph.frag_off & htons(IP_DF)))) | |
0974658d | 672 | goto nla_put_failure; |
473ab820 TH |
673 | |
674 | if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE, | |
675 | tunnel->encap.type) || | |
3e97fa70 SD |
676 | nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT, |
677 | tunnel->encap.sport) || | |
678 | nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT, | |
679 | tunnel->encap.dport) || | |
473ab820 | 680 | nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS, |
e1b2cb65 | 681 | tunnel->encap.flags)) |
473ab820 TH |
682 | goto nla_put_failure; |
683 | ||
cfc7381b AS |
684 | if (tunnel->collect_md) |
685 | if (nla_put_flag(skb, IFLA_IPTUN_COLLECT_METADATA)) | |
686 | goto nla_put_failure; | |
1120a35b JV |
687 | if (tunnel->parms.i_flags & TUNNEL_FAN) { |
688 | struct nlattr *fan_nest; | |
689 | int i; | |
690 | ||
691 | fan_nest = nla_nest_start(skb, IFLA_IPTUN_FAN_MAP); | |
692 | if (!fan_nest) | |
693 | goto nla_put_failure; | |
694 | for (i = 0; i < 256; i++) { | |
695 | if (tunnel->fan.map[i]) { | |
696 | struct ip_tunnel_fan_map map; | |
697 | ||
698 | map.underlay = htonl(tunnel->fan.map[i]); | |
699 | map.underlay_prefix = 16; | |
700 | map.overlay = htonl(i << 24); | |
701 | map.overlay_prefix = 8; | |
702 | if (nla_put(skb, IFLA_FAN_MAPPING, | |
703 | sizeof(map), &map)) | |
704 | goto nla_put_failure; | |
705 | } | |
706 | } | |
707 | nla_nest_end(skb, fan_nest); | |
708 | } | |
709 | ||
0974658d ND |
710 | return 0; |
711 | ||
712 | nla_put_failure: | |
713 | return -EMSGSIZE; | |
714 | } | |
715 | ||
be42da0e ND |
716 | static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = { |
717 | [IFLA_IPTUN_LINK] = { .type = NLA_U32 }, | |
718 | [IFLA_IPTUN_LOCAL] = { .type = NLA_U32 }, | |
719 | [IFLA_IPTUN_REMOTE] = { .type = NLA_U32 }, | |
720 | [IFLA_IPTUN_TTL] = { .type = NLA_U8 }, | |
721 | [IFLA_IPTUN_TOS] = { .type = NLA_U8 }, | |
1b69e7e6 | 722 | [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, |
be42da0e | 723 | [IFLA_IPTUN_PMTUDISC] = { .type = NLA_U8 }, |
473ab820 TH |
724 | [IFLA_IPTUN_ENCAP_TYPE] = { .type = NLA_U16 }, |
725 | [IFLA_IPTUN_ENCAP_FLAGS] = { .type = NLA_U16 }, | |
726 | [IFLA_IPTUN_ENCAP_SPORT] = { .type = NLA_U16 }, | |
727 | [IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 }, | |
cfc7381b | 728 | [IFLA_IPTUN_COLLECT_METADATA] = { .type = NLA_FLAG }, |
1120a35b JV |
729 | |
730 | [__IFLA_IPTUN_VENDOR_BREAK ... IFLA_IPTUN_MAX] = { .type = NLA_BINARY }, | |
731 | [IFLA_IPTUN_FAN_MAP] = { .type = NLA_NESTED }, | |
be42da0e ND |
732 | }; |
733 | ||
0974658d ND |
734 | static struct rtnl_link_ops ipip_link_ops __read_mostly = { |
735 | .kind = "ipip", | |
736 | .maxtype = IFLA_IPTUN_MAX, | |
be42da0e | 737 | .policy = ipip_policy, |
0974658d | 738 | .priv_size = sizeof(struct ip_tunnel), |
be42da0e | 739 | .setup = ipip_tunnel_setup, |
1b69e7e6 | 740 | .validate = ipip_tunnel_validate, |
be42da0e ND |
741 | .newlink = ipip_newlink, |
742 | .changelink = ipip_changelink, | |
fd58156e | 743 | .dellink = ip_tunnel_dellink, |
0974658d ND |
744 | .get_size = ipip_get_size, |
745 | .fill_info = ipip_fill_info, | |
1728d4fa | 746 | .get_link_net = ip_tunnel_get_link_net, |
0974658d ND |
747 | }; |
748 | ||
6dcd814b | 749 | static struct xfrm_tunnel ipip_handler __read_mostly = { |
1da177e4 LT |
750 | .handler = ipip_rcv, |
751 | .err_handler = ipip_err, | |
d2acc347 | 752 | .priority = 1, |
1da177e4 LT |
753 | }; |
754 | ||
1b69e7e6 SH |
755 | #if IS_ENABLED(CONFIG_MPLS) |
756 | static struct xfrm_tunnel mplsip_handler __read_mostly = { | |
757 | .handler = mplsip_rcv, | |
758 | .err_handler = ipip_err, | |
759 | .priority = 1, | |
760 | }; | |
761 | #endif | |
762 | ||
2c8c1e72 | 763 | static int __net_init ipip_init_net(struct net *net) |
10dc4c7b | 764 | { |
fd58156e | 765 | return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0"); |
10dc4c7b PE |
766 | } |
767 | ||
2c8c1e72 | 768 | static void __net_exit ipip_exit_net(struct net *net) |
10dc4c7b | 769 | { |
fd58156e | 770 | struct ip_tunnel_net *itn = net_generic(net, ipip_net_id); |
6c742e71 | 771 | ip_tunnel_delete_net(itn, &ipip_link_ops); |
10dc4c7b PE |
772 | } |
773 | ||
774 | static struct pernet_operations ipip_net_ops = { | |
775 | .init = ipip_init_net, | |
776 | .exit = ipip_exit_net, | |
86de8a63 | 777 | .id = &ipip_net_id, |
fd58156e | 778 | .size = sizeof(struct ip_tunnel_net), |
10dc4c7b PE |
779 | }; |
780 | ||
1120a35b JV |
781 | #ifdef CONFIG_SYSCTL |
782 | static struct ctl_table_header *ipip_fan_header; | |
783 | static unsigned int ipip_fan_version = 3; | |
784 | ||
785 | static struct ctl_table ipip_fan_sysctls[] = { | |
786 | { | |
787 | .procname = "version", | |
788 | .data = &ipip_fan_version, | |
789 | .maxlen = sizeof(ipip_fan_version), | |
790 | .mode = 0444, | |
791 | .proc_handler = proc_dointvec, | |
792 | }, | |
793 | {}, | |
794 | }; | |
795 | ||
796 | #endif /* CONFIG_SYSCTL */ | |
797 | ||
1da177e4 LT |
798 | static int __init ipip_init(void) |
799 | { | |
800 | int err; | |
801 | ||
1b69e7e6 | 802 | pr_info("ipip: IPv4 and MPLS over IPv4 tunneling driver\n"); |
1da177e4 | 803 | |
d5aa407f AD |
804 | err = register_pernet_device(&ipip_net_ops); |
805 | if (err < 0) | |
806 | return err; | |
807 | err = xfrm4_tunnel_register(&ipip_handler, AF_INET); | |
808 | if (err < 0) { | |
058bd4d2 | 809 | pr_info("%s: can't register tunnel\n", __func__); |
1b69e7e6 SH |
810 | goto xfrm_tunnel_ipip_failed; |
811 | } | |
812 | #if IS_ENABLED(CONFIG_MPLS) | |
813 | err = xfrm4_tunnel_register(&mplsip_handler, AF_MPLS); | |
814 | if (err < 0) { | |
815 | pr_info("%s: can't register tunnel\n", __func__); | |
816 | goto xfrm_tunnel_mplsip_failed; | |
1da177e4 | 817 | } |
1b69e7e6 | 818 | #endif |
0974658d ND |
819 | err = rtnl_link_register(&ipip_link_ops); |
820 | if (err < 0) | |
821 | goto rtnl_link_failed; | |
822 | ||
1120a35b JV |
823 | #ifdef CONFIG_SYSCTL |
824 | ipip_fan_header = register_net_sysctl(&init_net, "net/fan", | |
825 | ipip_fan_sysctls); | |
826 | if (!ipip_fan_header) { | |
827 | err = -ENOMEM; | |
828 | goto sysctl_failed; | |
829 | } | |
830 | #endif /* CONFIG_SYSCTL */ | |
831 | ||
0974658d | 832 | out: |
1da177e4 | 833 | return err; |
0974658d | 834 | |
1120a35b JV |
835 | #ifdef CONFIG_SYSCTL |
836 | sysctl_failed: | |
837 | rtnl_link_unregister(&ipip_link_ops); | |
838 | #endif /* CONFIG_SYSCTL */ | |
0974658d | 839 | rtnl_link_failed: |
1b69e7e6 SH |
840 | #if IS_ENABLED(CONFIG_MPLS) |
841 | xfrm4_tunnel_deregister(&mplsip_handler, AF_INET); | |
842 | xfrm_tunnel_mplsip_failed: | |
843 | ||
844 | #endif | |
0974658d | 845 | xfrm4_tunnel_deregister(&ipip_handler, AF_INET); |
1b69e7e6 | 846 | xfrm_tunnel_ipip_failed: |
0974658d ND |
847 | unregister_pernet_device(&ipip_net_ops); |
848 | goto out; | |
1da177e4 LT |
849 | } |
850 | ||
851 | static void __exit ipip_fini(void) | |
852 | { | |
1120a35b JV |
853 | #ifdef CONFIG_SYSCTL |
854 | unregister_net_sysctl_table(ipip_fan_header); | |
855 | #endif /* CONFIG_SYSCTL */ | |
0974658d | 856 | rtnl_link_unregister(&ipip_link_ops); |
c0d56408 | 857 | if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET)) |
058bd4d2 | 858 | pr_info("%s: can't deregister tunnel\n", __func__); |
1b69e7e6 SH |
859 | #if IS_ENABLED(CONFIG_MPLS) |
860 | if (xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS)) | |
861 | pr_info("%s: can't deregister tunnel\n", __func__); | |
862 | #endif | |
86de8a63 | 863 | unregister_pernet_device(&ipip_net_ops); |
1da177e4 LT |
864 | } |
865 | ||
866 | module_init(ipip_init); | |
867 | module_exit(ipip_fini); | |
868 | MODULE_LICENSE("GPL"); | |
f98f89a0 | 869 | MODULE_ALIAS_RTNL_LINK("ipip"); |
8909c9ad | 870 | MODULE_ALIAS_NETDEV("tunl0"); |