]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - net/ipv4/ipip.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
UBUNTU: SAUCE: fan: tunnel multiple mapping mode (v3)
[mirror_ubuntu-zesty-kernel.git] / net / ipv4 / ipip.c
CommitLineData
1da177e4 1/*
e905a9ed 2 * Linux NET3: IP/IP protocol decoder.
1da177e4 3 *
1da177e4
LT		 4 * Authors:
5 * Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
6 *
7 * Fixes:
8 * Alan Cox : Merged and made usable non modular (its so tiny its silly as
9 * a module taking up 2 pages).
10 * Alan Cox : Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
11 * to keep ip_forward happy.
12 * Alan Cox : More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
13 * Kai Schulte : Fixed #defines for IP_FIREWALL->FIREWALL
14 * David Woodhouse : Perform some basic ICMP handling.
15 * IPIP Routing without decapsulation.
16 * Carlos Picoto : GRE over IP support
17 * Alexey Kuznetsov: Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
18 * I do not want to merge them together.
19 *
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
24 *
25 */
26
27/* tunnel.c: an IP tunnel driver
28
29 The purpose of this driver is to provide an IP tunnel through
30 which you can tunnel network traffic transparently across subnets.
31
32 This was written by looking at Nick Holloway's dummy driver
33 Thanks for the great code!
34
35 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
e905a9ed 36
1da177e4
LT		 37 Minor tweaks:
38 Cleaned up the code a little and added some pre-1.3.0 tweaks.
39 dev->hard_header/hard_header_len changed to use no headers.
40 Comments/bracketing tweaked.
41 Made the tunnels use dev->name not tunnel: when error reporting.
42 Added tx_dropped stat
e905a9ed 43
113aa838 44 -Alan Cox (alan@lxorguk.ukuu.org.uk) 21 March 95
1da177e4
LT		 45
46 Reworked:
47 Changed to tunnel to destination gateway in addition to the
48 tunnel's pointopoint address
49 Almost completely rewritten
50 Note: There is currently no firewall or ICMP handling done.
51
52 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/13/96
e905a9ed 53
1da177e4
LT		 54*/
55
56/* Things I wish I had known when writing the tunnel driver:
57
58 When the tunnel_xmit() function is called, the skb contains the
59 packet to be sent (plus a great deal of extra info), and dev
60 contains the tunnel device that _we_ are.
61
62 When we are passed a packet, we are expected to fill in the
63 source address with our source IP address.
64
65 What is the proper way to allocate, copy and free a buffer?
66 After you allocate it, it is a "0 length" chunk of memory
67 starting at zero. If you want to add headers to the buffer
68 later, you'll have to call "skb_reserve(skb, amount)" with
69 the amount of memory you want reserved. Then, you call
70 "skb_put(skb, amount)" with the amount of space you want in
71 the buffer. skb_put() returns a pointer to the top (#0) of
72 that buffer. skb->len is set to the amount of space you have
73 "allocated" with skb_put(). You can then write up to skb->len
74 bytes to that buffer. If you need more, you can call skb_put()
75 again with the additional amount of space you need. You can
e905a9ed 76 find out how much more space you can allocate by calling
1da177e4
LT		 77 "skb_tailroom(skb)".
78 Now, to add header space, call "skb_push(skb, header_len)".
79 This creates space at the beginning of the buffer and returns
80 a pointer to this new space. If later you need to strip a
81 header from a buffer, call "skb_pull(skb, header_len)".
82 skb_headroom() will return how much space is left at the top
83 of the buffer (before the main data). Remember, this headroom
84 space must be reserved before the skb_put() function is called.
85 */
86
87/*
88 This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
89
90 For comments look at net/ipv4/ip_gre.c --ANK
91 */
92
e905a9ed 93
4fc268d2 94#include <linux/capability.h>
1da177e4
LT		 95#include <linux/module.h>
96#include <linux/types.h>
1da177e4 97#include <linux/kernel.h>
5a0e3ad6 98#include <linux/slab.h>
7c0f6ba6 99#include <linux/uaccess.h>
1da177e4
LT		 100#include <linux/skbuff.h>
101#include <linux/netdevice.h>
102#include <linux/in.h>
103#include <linux/tcp.h>
104#include <linux/udp.h>
105#include <linux/if_arp.h>
1da177e4
LT		 106#include <linux/init.h>
107#include <linux/netfilter_ipv4.h>
46f25dff 108#include <linux/if_ether.h>
1120a35b 109#include <linux/inetdevice.h>
1da177e4
LT		 110
111#include <net/sock.h>
112#include <net/ip.h>
113#include <net/icmp.h>
c5441932 114#include <net/ip_tunnels.h>
1da177e4
LT		 115#include <net/inet_ecn.h>
116#include <net/xfrm.h>
10dc4c7b
PE		 117#include <net/net_namespace.h>
118#include <net/netns/generic.h>
cfc7381b 119#include <net/dst_metadata.h>
1da177e4 120
eccc1bb8 121static bool log_ecn_error = true;
122module_param(log_ecn_error, bool, 0644);
123MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
124
c7d03a00 125static unsigned int ipip_net_id __read_mostly;
10dc4c7b 126
3c97af99 127static int ipip_tunnel_init(struct net_device *dev);
0974658d 128static struct rtnl_link_ops ipip_link_ops __read_mostly;
1da177e4 129
d2acc347 130static int ipip_err(struct sk_buff *skb, u32 info)
1da177e4 131{
1da177e4 132
071f92d0 133/* All the routers (except for Linux) return only
1da177e4
LT		 134 8 bytes of packet payload. It means, that precise relaying of
135 ICMP in the real Internet is absolutely infeasible.
136 */
fd58156e
PS		 137 struct net *net = dev_net(skb->dev);
138 struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
b71d1d42 139 const struct iphdr *iph = (const struct iphdr *)skb->data;
1da177e4 140 struct ip_tunnel *t;
d2acc347 141 int err;
fd58156e
PS		 142 const int type = icmp_hdr(skb)->type;
143 const int code = icmp_hdr(skb)->code;
1da177e4 144
d2acc347 145 err = -ENOENT;
fd58156e
PS		 146 t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
147 iph->daddr, iph->saddr, 0);
51456b29 148 if (!t)
36393395
DM		 149 goto out;
150
151 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
152 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
1b69e7e6 153 t->parms.link, 0, iph->protocol, 0);
36393395
DM		 154 err = 0;
155 goto out;
156 }
157
55be7a9c 158 if (type == ICMP_REDIRECT) {
2346829e 159 ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0,
1b69e7e6 160 iph->protocol, 0);
55be7a9c
DM		 161 err = 0;
162 goto out;
163 }
164
36393395 165 if (t->parms.iph.daddr == 0)
1da177e4 166 goto out;
d2acc347
HX		 167
168 err = 0;
1da177e4
LT		 169 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
170 goto out;
171
26d94b46 172 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
1da177e4
LT		 173 t->err_count++;
174 else
175 t->err_count = 1;
176 t->err_time = jiffies;
b0558ef2 177
fd58156e 178out:
d2acc347 179 return err;
1da177e4
LT		 180}
181
1b69e7e6 182static const struct tnl_ptk_info ipip_tpi = {
fd58156e
PS		 183 /* no tunnel info required for ipip. */
184 .proto = htons(ETH_P_IP),
185};
186
1b69e7e6
SH		 187#if IS_ENABLED(CONFIG_MPLS)
188static const struct tnl_ptk_info mplsip_tpi = {
189 /* no tunnel info required for mplsip. */
190 .proto = htons(ETH_P_MPLS_UC),
191};
192#endif
193
194static int ipip_tunnel_rcv(struct sk_buff *skb, u8 ipproto)
1da177e4 195{
fd58156e
PS		 196 struct net *net = dev_net(skb->dev);
197 struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
cfc7381b 198 struct metadata_dst *tun_dst = NULL;
1da177e4 199 struct ip_tunnel *tunnel;
3d7b46cd 200 const struct iphdr *iph;
3c97af99 201
3d7b46cd 202 iph = ip_hdr(skb);
fd58156e
PS		 203 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
204 iph->saddr, iph->daddr, 0);
205 if (tunnel) {
1b69e7e6
SH		 206 const struct tnl_ptk_info *tpi;
207
208 if (tunnel->parms.iph.protocol != ipproto &&
209 tunnel->parms.iph.protocol != 0)
210 goto drop;
211
eccc1bb8 212 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
213 goto drop;
1b69e7e6
SH		 214#if IS_ENABLED(CONFIG_MPLS)
215 if (ipproto == IPPROTO_MPLS)
216 tpi = &mplsip_tpi;
217 else
218#endif
219 tpi = &ipip_tpi;
220 if (iptunnel_pull_header(skb, 0, tpi->proto, false))
737e828b 221 goto drop;
cfc7381b
AS		 222 if (tunnel->collect_md) {
223 tun_dst = ip_tun_rx_dst(skb, 0, 0, 0);
224 if (!tun_dst)
225 return 0;
226 }
227 return ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
1da177e4 228 }
1da177e4 229
1da177e4 230 return -1;
eccc1bb8 231
232drop:
233 kfree_skb(skb);
234 return 0;
1da177e4
LT		 235}
236
1b69e7e6
SH		 237static int ipip_rcv(struct sk_buff *skb)
238{
239 return ipip_tunnel_rcv(skb, IPPROTO_IPIP);
240}
241
242#if IS_ENABLED(CONFIG_MPLS)
243static int mplsip_rcv(struct sk_buff *skb)
244{
245 return ipip_tunnel_rcv(skb, IPPROTO_MPLS);
246}
247#endif
248
1120a35b
JV		 249static int ipip_tunnel_is_fan(struct ip_tunnel *tunnel)
250{
251 return tunnel->parms.i_flags & TUNNEL_FAN;
252}
253
254/*
255 * Determine fan tunnel endpoint to send packet to, based on the inner IP
256 * address. For an overlay (inner) address Y.A.B.C, the transformation is
257 * F.G.A.B, where "F" and "G" are the first two octets of the underlay
258 * network (the network portion of a /16), "A" and "B" are the low order
259 * two octets of the underlay network host (the host portion of a /16),
260 * and "Y" is a configured first octet of the overlay network.
261 *
262 * E.g., underlay host 10.88.3.4 with an overlay of 99 would host overlay
263 * subnet 99.3.4.0/24. An overlay network datagram from 99.3.4.5 to
264 * 99.6.7.8, would be directed to underlay host 10.88.6.7, which hosts
265 * overlay network 99.6.7.0/24.
266 */
267static int ipip_build_fan_iphdr(struct ip_tunnel *tunnel, struct sk_buff *skb, struct iphdr *iph)
268{
269 unsigned int overlay;
270 u32 daddr, underlay;
271
272 daddr = ntohl(ip_hdr(skb)->daddr);
273 overlay = daddr >> 24;
274 underlay = tunnel->fan.map[overlay];
275 if (!underlay)
276 return -EINVAL;
277
278 *iph = tunnel->parms.iph;
279 iph->daddr = htonl(underlay | ((daddr >> 8) & 0x0000ffff));
280 return 0;
281}
282
1da177e4
LT		 283/*
284 * This function assumes it is being called from dev_queue_xmit()
285 * and that skb is filled properly by that function.
286 */
1b69e7e6
SH		 287static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb,
288 struct net_device *dev)
1da177e4 289{
2941a486 290 struct ip_tunnel *tunnel = netdev_priv(dev);
b71d1d42 291 const struct iphdr *tiph = &tunnel->parms.iph;
1b69e7e6 292 u8 ipproto;
1120a35b 293 struct iphdr fiph;
1b69e7e6
SH		 294
295 switch (skb->protocol) {
296 case htons(ETH_P_IP):
297 ipproto = IPPROTO_IPIP;
298 break;
299#if IS_ENABLED(CONFIG_MPLS)
300 case htons(ETH_P_MPLS_UC):
301 ipproto = IPPROTO_MPLS;
302 break;
303#endif
304 default:
305 goto tx_error;
306 }
1da177e4 307
1b69e7e6 308 if (tiph->protocol != ipproto && tiph->protocol != 0)
1da177e4 309 goto tx_error;
1da177e4 310
7e13318d 311 if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP4))
aed069df 312 goto tx_error;
8344bfc6 313
1120a35b
JV		 314 if (ipip_tunnel_is_fan(tunnel)) {
315 if (ipip_build_fan_iphdr(tunnel, skb, &fiph))
316 goto tx_error;
317 tiph = &fiph;
318 } else {
319 tiph = &tunnel->parms.iph;
320 }
321
1b69e7e6 322 skb_set_inner_ipproto(skb, ipproto);
077c5a09 323
cfc7381b
AS		 324 if (tunnel->collect_md)
325 ip_md_tunnel_xmit(skb, dev, ipproto);
326 else
327 ip_tunnel_xmit(skb, dev, tiph, ipproto);
6ed10654 328 return NETDEV_TX_OK;
1da177e4 329
1da177e4 330tx_error:
3acfa1e7 331 kfree_skb(skb);
aed069df 332
cb32f511 333 dev->stats.tx_errors++;
6ed10654 334 return NETDEV_TX_OK;
1da177e4
LT		 335}
336
1b69e7e6
SH		 337static bool ipip_tunnel_ioctl_verify_protocol(u8 ipproto)
338{
339 switch (ipproto) {
340 case 0:
341 case IPPROTO_IPIP:
342#if IS_ENABLED(CONFIG_MPLS)
343 case IPPROTO_MPLS:
344#endif
345 return true;
346 }
347
348 return false;
349}
350
1da177e4 351static int
fd58156e 352ipip_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
1da177e4
LT		 353{
354 int err = 0;
355 struct ip_tunnel_parm p;
1da177e4 356
fd58156e
PS		 357 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
358 return -EFAULT;
1da177e4 359
3b7b514f 360 if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
1b69e7e6
SH		 361 if (p.iph.version != 4 ||
362 !ipip_tunnel_ioctl_verify_protocol(p.iph.protocol) ||
3b7b514f
CW		 363 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
364 return -EINVAL;
365 }
366
252a8fbe
ED		 367 p.i_key = p.o_key = 0;
368 p.i_flags = p.o_flags = 0;
fd58156e
PS		 369 err = ip_tunnel_ioctl(dev, &p, cmd);
370 if (err)
371 return err;
372
373 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
374 return -EFAULT;
375
1da177e4
LT		 376 return 0;
377}
378
23a12b14 379static const struct net_device_ops ipip_netdev_ops = {
fd58156e
PS		 380 .ndo_init = ipip_tunnel_init,
381 .ndo_uninit = ip_tunnel_uninit,
23a12b14
SH		 382 .ndo_start_xmit = ipip_tunnel_xmit,
383 .ndo_do_ioctl = ipip_tunnel_ioctl,
fd58156e
PS		 384 .ndo_change_mtu = ip_tunnel_change_mtu,
385 .ndo_get_stats64 = ip_tunnel_get_stats64,
1e99584b 386 .ndo_get_iflink = ip_tunnel_get_iflink,
23a12b14
SH		 387};
388
c3b89fbb
ED		 389#define IPIP_FEATURES (NETIF_F_SG | \
390 NETIF_F_FRAGLIST | \
391 NETIF_F_HIGHDMA | \
cb32f511 392 NETIF_F_GSO_SOFTWARE | \
c3b89fbb
ED		 393 NETIF_F_HW_CSUM)
394
1da177e4
LT		 395static void ipip_tunnel_setup(struct net_device *dev)
396{
23a12b14 397 dev->netdev_ops = &ipip_netdev_ops;
1da177e4
LT		 398
399 dev->type = ARPHRD_TUNNEL;
1da177e4 400 dev->flags = IFF_NOARP;
1da177e4 401 dev->addr_len = 4;
153f0943 402 dev->features |= NETIF_F_LLTX;
02875878 403 netif_keep_dst(dev);
c3b89fbb
ED		 404
405 dev->features |= IPIP_FEATURES;
406 dev->hw_features |= IPIP_FEATURES;
fd58156e 407 ip_tunnel_setup(dev, ipip_net_id);
1da177e4
LT		 408}
409
3c97af99 410static int ipip_tunnel_init(struct net_device *dev)
1da177e4 411{
23a12b14 412 struct ip_tunnel *tunnel = netdev_priv(dev);
1da177e4 413
1da177e4
LT		 414 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
415 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
416
473ab820
TH		 417 tunnel->tun_hlen = 0;
418 tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
fd58156e 419 return ip_tunnel_init(dev);
1da177e4
LT		 420}
421
1b69e7e6
SH		 422static int ipip_tunnel_validate(struct nlattr *tb[], struct nlattr *data[])
423{
424 u8 proto;
425
426 if (!data || !data[IFLA_IPTUN_PROTO])
427 return 0;
428
429 proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
430 if (proto != IPPROTO_IPIP && proto != IPPROTO_MPLS && proto != 0)
431 return -EINVAL;
432
433 return 0;
434}
435
be42da0e 436static void ipip_netlink_parms(struct nlattr *data[],
cfc7381b 437 struct ip_tunnel_parm *parms, bool *collect_md)
be42da0e
ND		 438{
439 memset(parms, 0, sizeof(*parms));
440
441 parms->iph.version = 4;
442 parms->iph.protocol = IPPROTO_IPIP;
443 parms->iph.ihl = 5;
cfc7381b 444 *collect_md = false;
be42da0e
ND		 445
446 if (!data)
447 return;
448
449 if (data[IFLA_IPTUN_LINK])
450 parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]);
451
452 if (data[IFLA_IPTUN_LOCAL])
67b61f6c 453 parms->iph.saddr = nla_get_in_addr(data[IFLA_IPTUN_LOCAL]);
be42da0e
ND		 454
455 if (data[IFLA_IPTUN_REMOTE])
67b61f6c 456 parms->iph.daddr = nla_get_in_addr(data[IFLA_IPTUN_REMOTE]);
be42da0e
ND		 457
458 if (data[IFLA_IPTUN_TTL]) {
459 parms->iph.ttl = nla_get_u8(data[IFLA_IPTUN_TTL]);
460 if (parms->iph.ttl)
461 parms->iph.frag_off = htons(IP_DF);
462 }
463
464 if (data[IFLA_IPTUN_TOS])
465 parms->iph.tos = nla_get_u8(data[IFLA_IPTUN_TOS]);
466
1b69e7e6
SH		 467 if (data[IFLA_IPTUN_PROTO])
468 parms->iph.protocol = nla_get_u8(data[IFLA_IPTUN_PROTO]);
469
be42da0e
ND		 470 if (!data[IFLA_IPTUN_PMTUDISC] || nla_get_u8(data[IFLA_IPTUN_PMTUDISC]))
471 parms->iph.frag_off = htons(IP_DF);
cfc7381b
AS		 472
473 if (data[IFLA_IPTUN_COLLECT_METADATA])
474 *collect_md = true;
be42da0e
ND		 475}
476
473ab820
TH		 477/* This function returns true when ENCAP attributes are present in the nl msg */
478static bool ipip_netlink_encap_parms(struct nlattr *data[],
479 struct ip_tunnel_encap *ipencap)
480{
481 bool ret = false;
482
483 memset(ipencap, 0, sizeof(*ipencap));
484
485 if (!data)
486 return ret;
487
488 if (data[IFLA_IPTUN_ENCAP_TYPE]) {
489 ret = true;
490 ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]);
491 }
492
493 if (data[IFLA_IPTUN_ENCAP_FLAGS]) {
494 ret = true;
495 ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]);
496 }
497
498 if (data[IFLA_IPTUN_ENCAP_SPORT]) {
499 ret = true;
3e97fa70 500 ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]);
473ab820
TH		 501 }
502
503 if (data[IFLA_IPTUN_ENCAP_DPORT]) {
504 ret = true;
3e97fa70 505 ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]);
473ab820
TH		 506 }
507
508 return ret;
509}
510
1120a35b
JV		 511static void ipip_fan_free_map(struct ip_tunnel *t)
512{
513 memset(&t->fan.map, 0, sizeof(t->fan.map));
514}
515
516static int ipip_fan_set_map(struct ip_tunnel *t, struct ip_tunnel_fan_map *map)
517{
518 u32 overlay, overlay_mask, underlay, underlay_mask;
519
520 if ((map->underlay_prefix && map->underlay_prefix != 16) ||
521 (map->overlay_prefix && map->overlay_prefix != 8))
522 return -EINVAL;
523
524 overlay = ntohl(map->overlay);
525 overlay_mask = ntohl(inet_make_mask(map->overlay_prefix));
526
527 underlay = ntohl(map->underlay);
528 underlay_mask = ntohl(inet_make_mask(map->underlay_prefix));
529
530 if ((overlay & ~overlay_mask) || (underlay & ~underlay_mask))
531 return -EINVAL;
532
533 if (!(overlay & overlay_mask) && (underlay & underlay_mask))
534 return -EINVAL;
535
536 t->parms.i_flags |= TUNNEL_FAN;
537
538 /* Special case: overlay 0 and underlay 0 clears all mappings */
539 if (!overlay && !underlay) {
540 ipip_fan_free_map(t);
541 return 0;
542 }
543
544 overlay >>= (32 - map->overlay_prefix);
545 t->fan.map[overlay] = underlay;
546
547 return 0;
548}
549
550
551static int ipip_netlink_fan(struct nlattr *data[], struct ip_tunnel *t,
552 struct ip_tunnel_parm *parms)
553{
554 struct ip_tunnel_fan_map *map;
555 struct nlattr *attr;
556 int rem, rv;
557
558 if (!data[IFLA_IPTUN_FAN_MAP])
559 return 0;
560
561 if (parms->iph.daddr)
562 return -EINVAL;
563
564 nla_for_each_nested(attr, data[IFLA_IPTUN_FAN_MAP], rem) {
565 map = nla_data(attr);
566 rv = ipip_fan_set_map(t, map);
567 if (rv)
568 return rv;
569 }
570
571 return 0;
572}
573
be42da0e
ND		 574static int ipip_newlink(struct net *src_net, struct net_device *dev,
575 struct nlattr *tb[], struct nlattr *data[])
576{
cfc7381b 577 struct ip_tunnel *t = netdev_priv(dev);
fd58156e 578 struct ip_tunnel_parm p;
473ab820 579 struct ip_tunnel_encap ipencap;
1120a35b
JV		 580 struct ip_tunnel *t = netdev_priv(dev);
581 int err;
473ab820
TH		 582
583 if (ipip_netlink_encap_parms(data, &ipencap)) {
1120a35b 584 err = ip_tunnel_encap_setup(t, &ipencap);
473ab820
TH		 585
586 if (err < 0)
587 return err;
588 }
be42da0e 589
cfc7381b 590 ipip_netlink_parms(data, &p, &t->collect_md);
1120a35b
JV		 591 err = ipip_netlink_fan(data, t, &p);
592 if (err < 0)
593 return err;
fd58156e 594 return ip_tunnel_newlink(dev, tb, &p);
be42da0e
ND		 595}
596
597static int ipip_changelink(struct net_device *dev, struct nlattr *tb[],
598 struct nlattr *data[])
599{
be42da0e 600 struct ip_tunnel_parm p;
473ab820 601 struct ip_tunnel_encap ipencap;
cfc7381b 602 bool collect_md;
1120a35b
JV		 603 struct ip_tunnel *t = netdev_priv(dev);
604 int err;
473ab820
TH		 605
606 if (ipip_netlink_encap_parms(data, &ipencap)) {
1120a35b 607 err = ip_tunnel_encap_setup(t, &ipencap);
473ab820
TH		 608
609 if (err < 0)
610 return err;
611 }
be42da0e 612
cfc7381b
AS		 613 ipip_netlink_parms(data, &p, &collect_md);
614 if (collect_md)
615 return -EINVAL;
1120a35b
JV		 616 err = ipip_netlink_fan(data, t, &p);
617 if (err < 0)
618 return err;
be42da0e
ND		 619
620 if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
621 (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
622 return -EINVAL;
623
fd58156e 624 return ip_tunnel_changelink(dev, tb, &p);
be42da0e
ND		 625}
626
0974658d
ND		 627static size_t ipip_get_size(const struct net_device *dev)
628{
629 return
630 /* IFLA_IPTUN_LINK */
631 nla_total_size(4) +
632 /* IFLA_IPTUN_LOCAL */
633 nla_total_size(4) +
634 /* IFLA_IPTUN_REMOTE */
635 nla_total_size(4) +
636 /* IFLA_IPTUN_TTL */
637 nla_total_size(1) +
638 /* IFLA_IPTUN_TOS */
639 nla_total_size(1) +
1b69e7e6
SH		 640 /* IFLA_IPTUN_PROTO */
641 nla_total_size(1) +
befe2aa1
ND		 642 /* IFLA_IPTUN_PMTUDISC */
643 nla_total_size(1) +
473ab820
TH		 644 /* IFLA_IPTUN_ENCAP_TYPE */
645 nla_total_size(2) +
646 /* IFLA_IPTUN_ENCAP_FLAGS */
647 nla_total_size(2) +
648 /* IFLA_IPTUN_ENCAP_SPORT */
649 nla_total_size(2) +
650 /* IFLA_IPTUN_ENCAP_DPORT */
651 nla_total_size(2) +
cfc7381b
AS		 652 /* IFLA_IPTUN_COLLECT_METADATA */
653 nla_total_size(0) +
1120a35b
JV		 654 /* IFLA_IPTUN_FAN_MAP */
655 nla_total_size(sizeof(struct ip_tunnel_fan_map)) * 256 +
0974658d
ND		 656 0;
657}
658
659static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev)
660{
661 struct ip_tunnel *tunnel = netdev_priv(dev);
662 struct ip_tunnel_parm *parm = &tunnel->parms;
663
664 if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
930345ea
JB		 665 nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
666 nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
0974658d 667 nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
befe2aa1 668 nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
1b69e7e6 669 nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->iph.protocol) ||
befe2aa1
ND		 670 nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
671 !!(parm->iph.frag_off & htons(IP_DF))))
0974658d 672 goto nla_put_failure;
473ab820
TH		 673
674 if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
675 tunnel->encap.type) ||
3e97fa70
SD		 676 nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
677 tunnel->encap.sport) ||
678 nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
679 tunnel->encap.dport) ||
473ab820 680 nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
e1b2cb65 681 tunnel->encap.flags))
473ab820
TH		 682 goto nla_put_failure;
683
cfc7381b
AS		 684 if (tunnel->collect_md)
685 if (nla_put_flag(skb, IFLA_IPTUN_COLLECT_METADATA))
686 goto nla_put_failure;
1120a35b
JV		 687 if (tunnel->parms.i_flags & TUNNEL_FAN) {
688 struct nlattr *fan_nest;
689 int i;
690
691 fan_nest = nla_nest_start(skb, IFLA_IPTUN_FAN_MAP);
692 if (!fan_nest)
693 goto nla_put_failure;
694 for (i = 0; i < 256; i++) {
695 if (tunnel->fan.map[i]) {
696 struct ip_tunnel_fan_map map;
697
698 map.underlay = htonl(tunnel->fan.map[i]);
699 map.underlay_prefix = 16;
700 map.overlay = htonl(i << 24);
701 map.overlay_prefix = 8;
702 if (nla_put(skb, IFLA_FAN_MAPPING,
703 sizeof(map), &map))
704 goto nla_put_failure;
705 }
706 }
707 nla_nest_end(skb, fan_nest);
708 }
709
0974658d
ND		 710 return 0;
711
712nla_put_failure:
713 return -EMSGSIZE;
714}
715
be42da0e
ND		 716static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
717 [IFLA_IPTUN_LINK] = { .type = NLA_U32 },
718 [IFLA_IPTUN_LOCAL] = { .type = NLA_U32 },
719 [IFLA_IPTUN_REMOTE] = { .type = NLA_U32 },
720 [IFLA_IPTUN_TTL] = { .type = NLA_U8 },
721 [IFLA_IPTUN_TOS] = { .type = NLA_U8 },
1b69e7e6 722 [IFLA_IPTUN_PROTO] = { .type = NLA_U8 },
be42da0e 723 [IFLA_IPTUN_PMTUDISC] = { .type = NLA_U8 },
473ab820
TH		 724 [IFLA_IPTUN_ENCAP_TYPE] = { .type = NLA_U16 },
725 [IFLA_IPTUN_ENCAP_FLAGS] = { .type = NLA_U16 },
726 [IFLA_IPTUN_ENCAP_SPORT] = { .type = NLA_U16 },
727 [IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 },
cfc7381b 728 [IFLA_IPTUN_COLLECT_METADATA] = { .type = NLA_FLAG },
1120a35b
JV		 729
730 [__IFLA_IPTUN_VENDOR_BREAK ... IFLA_IPTUN_MAX] = { .type = NLA_BINARY },
731 [IFLA_IPTUN_FAN_MAP] = { .type = NLA_NESTED },
be42da0e
ND		 732};
733
0974658d
ND		 734static struct rtnl_link_ops ipip_link_ops __read_mostly = {
735 .kind = "ipip",
736 .maxtype = IFLA_IPTUN_MAX,
be42da0e 737 .policy = ipip_policy,
0974658d 738 .priv_size = sizeof(struct ip_tunnel),
be42da0e 739 .setup = ipip_tunnel_setup,
1b69e7e6 740 .validate = ipip_tunnel_validate,
be42da0e
ND		 741 .newlink = ipip_newlink,
742 .changelink = ipip_changelink,
fd58156e 743 .dellink = ip_tunnel_dellink,
0974658d
ND		 744 .get_size = ipip_get_size,
745 .fill_info = ipip_fill_info,
1728d4fa 746 .get_link_net = ip_tunnel_get_link_net,
0974658d
ND		 747};
748
6dcd814b 749static struct xfrm_tunnel ipip_handler __read_mostly = {
1da177e4
LT		 750 .handler = ipip_rcv,
751 .err_handler = ipip_err,
d2acc347 752 .priority = 1,
1da177e4
LT		 753};
754
1b69e7e6
SH		 755#if IS_ENABLED(CONFIG_MPLS)
756static struct xfrm_tunnel mplsip_handler __read_mostly = {
757 .handler = mplsip_rcv,
758 .err_handler = ipip_err,
759 .priority = 1,
760};
761#endif
762
2c8c1e72 763static int __net_init ipip_init_net(struct net *net)
10dc4c7b 764{
fd58156e 765 return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
10dc4c7b
PE		 766}
767
2c8c1e72 768static void __net_exit ipip_exit_net(struct net *net)
10dc4c7b 769{
fd58156e 770 struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
6c742e71 771 ip_tunnel_delete_net(itn, &ipip_link_ops);
10dc4c7b
PE		 772}
773
774static struct pernet_operations ipip_net_ops = {
775 .init = ipip_init_net,
776 .exit = ipip_exit_net,
86de8a63 777 .id = &ipip_net_id,
fd58156e 778 .size = sizeof(struct ip_tunnel_net),
10dc4c7b
PE		 779};
780
1120a35b
JV		 781#ifdef CONFIG_SYSCTL
782static struct ctl_table_header *ipip_fan_header;
783static unsigned int ipip_fan_version = 3;
784
785static struct ctl_table ipip_fan_sysctls[] = {
786 {
787 .procname = "version",
788 .data = &ipip_fan_version,
789 .maxlen = sizeof(ipip_fan_version),
790 .mode = 0444,
791 .proc_handler = proc_dointvec,
792 },
793 {},
794};
795
796#endif /* CONFIG_SYSCTL */
797
1da177e4
LT		 798static int __init ipip_init(void)
799{
800 int err;
801
1b69e7e6 802 pr_info("ipip: IPv4 and MPLS over IPv4 tunneling driver\n");
1da177e4 803
d5aa407f
AD		 804 err = register_pernet_device(&ipip_net_ops);
805 if (err < 0)
806 return err;
807 err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
808 if (err < 0) {
058bd4d2 809 pr_info("%s: can't register tunnel\n", __func__);
1b69e7e6
SH		 810 goto xfrm_tunnel_ipip_failed;
811 }
812#if IS_ENABLED(CONFIG_MPLS)
813 err = xfrm4_tunnel_register(&mplsip_handler, AF_MPLS);
814 if (err < 0) {
815 pr_info("%s: can't register tunnel\n", __func__);
816 goto xfrm_tunnel_mplsip_failed;
1da177e4 817 }
1b69e7e6 818#endif
0974658d
ND		 819 err = rtnl_link_register(&ipip_link_ops);
820 if (err < 0)
821 goto rtnl_link_failed;
822
1120a35b
JV		 823#ifdef CONFIG_SYSCTL
824 ipip_fan_header = register_net_sysctl(&init_net, "net/fan",
825 ipip_fan_sysctls);
826 if (!ipip_fan_header) {
827 err = -ENOMEM;
828 goto sysctl_failed;
829 }
830#endif /* CONFIG_SYSCTL */
831
0974658d 832out:
1da177e4 833 return err;
0974658d 834
1120a35b
JV		 835#ifdef CONFIG_SYSCTL
836sysctl_failed:
837 rtnl_link_unregister(&ipip_link_ops);
838#endif /* CONFIG_SYSCTL */
0974658d 839rtnl_link_failed:
1b69e7e6
SH		 840#if IS_ENABLED(CONFIG_MPLS)
841 xfrm4_tunnel_deregister(&mplsip_handler, AF_INET);
842xfrm_tunnel_mplsip_failed:
843
844#endif
0974658d 845 xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
1b69e7e6 846xfrm_tunnel_ipip_failed:
0974658d
ND		 847 unregister_pernet_device(&ipip_net_ops);
848 goto out;
1da177e4
LT		 849}
850
851static void __exit ipip_fini(void)
852{
1120a35b
JV		 853#ifdef CONFIG_SYSCTL
854 unregister_net_sysctl_table(ipip_fan_header);
855#endif /* CONFIG_SYSCTL */
0974658d 856 rtnl_link_unregister(&ipip_link_ops);
c0d56408 857 if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
058bd4d2 858 pr_info("%s: can't deregister tunnel\n", __func__);
1b69e7e6
SH		 859#if IS_ENABLED(CONFIG_MPLS)
860 if (xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS))
861 pr_info("%s: can't deregister tunnel\n", __func__);
862#endif
86de8a63 863 unregister_pernet_device(&ipip_net_ops);
1da177e4
LT		 864}
865
866module_init(ipip_init);
867module_exit(ipip_fini);
868MODULE_LICENSE("GPL");
f98f89a0 869MODULE_ALIAS_RTNL_LINK("ipip");
8909c9ad 870MODULE_ALIAS_NETDEV("tunl0");
ubuntu-zesty-kernel mirror