Commit | Line | Data |
---|---|---|
1da177e4 | 1 | /* |
e905a9ed | 2 | * Linux NET3: GRE over IP protocol decoder. |
1da177e4 LT |
3 | * |
4 | * Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru) | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
10 | * | |
11 | */ | |
12 | ||
afd46503 JP |
13 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
14 | ||
4fc268d2 | 15 | #include <linux/capability.h> |
1da177e4 LT |
16 | #include <linux/module.h> |
17 | #include <linux/types.h> | |
1da177e4 | 18 | #include <linux/kernel.h> |
5a0e3ad6 | 19 | #include <linux/slab.h> |
1da177e4 LT |
20 | #include <asm/uaccess.h> |
21 | #include <linux/skbuff.h> | |
22 | #include <linux/netdevice.h> | |
23 | #include <linux/in.h> | |
24 | #include <linux/tcp.h> | |
25 | #include <linux/udp.h> | |
26 | #include <linux/if_arp.h> | |
27 | #include <linux/mroute.h> | |
28 | #include <linux/init.h> | |
29 | #include <linux/in6.h> | |
30 | #include <linux/inetdevice.h> | |
31 | #include <linux/igmp.h> | |
32 | #include <linux/netfilter_ipv4.h> | |
e1a80002 | 33 | #include <linux/etherdevice.h> |
46f25dff | 34 | #include <linux/if_ether.h> |
1da177e4 LT |
35 | |
36 | #include <net/sock.h> | |
37 | #include <net/ip.h> | |
38 | #include <net/icmp.h> | |
39 | #include <net/protocol.h> | |
40 | #include <net/ipip.h> | |
41 | #include <net/arp.h> | |
42 | #include <net/checksum.h> | |
43 | #include <net/dsfield.h> | |
44 | #include <net/inet_ecn.h> | |
45 | #include <net/xfrm.h> | |
59a4c759 PE |
46 | #include <net/net_namespace.h> |
47 | #include <net/netns/generic.h> | |
c19e654d | 48 | #include <net/rtnetlink.h> |
00959ade | 49 | #include <net/gre.h> |
1da177e4 | 50 | |
dfd56b8b | 51 | #if IS_ENABLED(CONFIG_IPV6) |
1da177e4 LT |
52 | #include <net/ipv6.h> |
53 | #include <net/ip6_fib.h> | |
54 | #include <net/ip6_route.h> | |
55 | #endif | |
56 | ||
57 | /* | |
58 | Problems & solutions | |
59 | -------------------- | |
60 | ||
61 | 1. The most important issue is detecting local dead loops. | |
62 | They would cause complete host lockup in transmit, which | |
63 | would be "resolved" by stack overflow or, if queueing is enabled, | |
64 | with infinite looping in net_bh. | |
65 | ||
66 | We cannot track such dead loops during route installation, | |
67 | it is infeasible task. The most general solutions would be | |
68 | to keep skb->encapsulation counter (sort of local ttl), | |
6d0722a2 | 69 | and silently drop packet when it expires. It is a good |
bff52857 | 70 | solution, but it supposes maintaining new variable in ALL |
1da177e4 LT |
71 | skb, even if no tunneling is used. |
72 | ||
6d0722a2 ED |
73 | Current solution: xmit_recursion breaks dead loops. This is a percpu |
74 | counter, since when we enter the first ndo_xmit(), cpu migration is | |
75 | forbidden. We force an exit if this counter reaches RECURSION_LIMIT | |
1da177e4 LT |
76 | |
77 | 2. Networking dead loops would not kill routers, but would really | |
78 | kill network. IP hop limit plays role of "t->recursion" in this case, | |
79 | if we copy it from packet being encapsulated to upper header. | |
80 | It is very good solution, but it introduces two problems: | |
81 | ||
82 | - Routing protocols, using packets with ttl=1 (OSPF, RIP2), | |
83 | do not work over tunnels. | |
84 | - traceroute does not work. I planned to relay ICMP from tunnel, | |
85 | so that this problem would be solved and traceroute output | |
86 | would even more informative. This idea appeared to be wrong: | |
87 | only Linux complies to rfc1812 now (yes, guys, Linux is the only | |
88 | true router now :-)), all routers (at least, in neighbourhood of mine) | |
89 | return only 8 bytes of payload. It is the end. | |
90 | ||
91 | Hence, if we want that OSPF worked or traceroute said something reasonable, | |
92 | we should search for another solution. | |
93 | ||
94 | One of them is to parse packet trying to detect inner encapsulation | |
95 | made by our node. It is difficult or even impossible, especially, | |
bff52857 | 96 | taking into account fragmentation. TO be short, ttl is not solution at all. |
1da177e4 LT |
97 | |
98 | Current solution: The solution was UNEXPECTEDLY SIMPLE. | |
99 | We force DF flag on tunnels with preconfigured hop limit, | |
100 | that is ALL. :-) Well, it does not remove the problem completely, | |
101 | but exponential growth of network traffic is changed to linear | |
102 | (branches, that exceed pmtu are pruned) and tunnel mtu | |
bff52857 | 103 | rapidly degrades to value <68, where looping stops. |
1da177e4 LT |
104 | Yes, it is not good if there exists a router in the loop, |
105 | which does not force DF, even when encapsulating packets have DF set. | |
106 | But it is not our problem! Nobody could accuse us, we made | |
107 | all that we could make. Even if it is your gated who injected | |
108 | fatal route to network, even if it were you who configured | |
109 | fatal static route: you are innocent. :-) | |
110 | ||
111 | ||
112 | ||
113 | 3. Really, ipv4/ipip.c, ipv4/ip_gre.c and ipv6/sit.c contain | |
114 | practically identical code. It would be good to glue them | |
115 | together, but it is not very evident, how to make them modular. | |
116 | sit is integral part of IPv6, ipip and gre are naturally modular. | |
117 | We could extract common parts (hash table, ioctl etc) | |
118 | to a separate module (ip_tunnel.c). | |
119 | ||
120 | Alexey Kuznetsov. | |
121 | */ | |
122 | ||
eccc1bb8 | 123 | static bool log_ecn_error = true; |
124 | module_param(log_ecn_error, bool, 0644); | |
125 | MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN"); | |
126 | ||
c19e654d | 127 | static struct rtnl_link_ops ipgre_link_ops __read_mostly; |
1da177e4 LT |
128 | static int ipgre_tunnel_init(struct net_device *dev); |
129 | static void ipgre_tunnel_setup(struct net_device *dev); | |
42aa9162 | 130 | static int ipgre_tunnel_bind_dev(struct net_device *dev); |
1da177e4 LT |
131 | |
132 | /* Fallback tunnel: no source, no destination, no key, no options */ | |
133 | ||
eb8ce741 PE |
134 | #define HASH_SIZE 16 |
135 | ||
f99189b1 | 136 | static int ipgre_net_id __read_mostly; |
59a4c759 | 137 | struct ipgre_net { |
1507850b | 138 | struct ip_tunnel __rcu *tunnels[4][HASH_SIZE]; |
eb8ce741 | 139 | |
7daa0004 | 140 | struct net_device *fb_tunnel_dev; |
59a4c759 PE |
141 | }; |
142 | ||
1da177e4 LT |
143 | /* Tunnel hash table */ |
144 | ||
145 | /* | |
146 | 4 hash tables: | |
147 | ||
148 | 3: (remote,local) | |
149 | 2: (remote,*) | |
150 | 1: (*,local) | |
151 | 0: (*,*) | |
152 | ||
153 | We require exact key match i.e. if a key is present in packet | |
154 | it will match only tunnel with the same key; if it is not present, | |
155 | it will match only keyless tunnel. | |
156 | ||
157 | All keysless packets, if not matched configured keyless tunnels | |
158 | will match fallback tunnel. | |
159 | */ | |
160 | ||
d5a0a1e3 | 161 | #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF) |
1da177e4 | 162 | |
eb8ce741 PE |
163 | #define tunnels_r_l tunnels[3] |
164 | #define tunnels_r tunnels[2] | |
165 | #define tunnels_l tunnels[1] | |
166 | #define tunnels_wc tunnels[0] | |
8d5b2c08 | 167 | /* |
1507850b | 168 | * Locking : hash tables are protected by RCU and RTNL |
8d5b2c08 | 169 | */ |
1da177e4 | 170 | |
8d5b2c08 ED |
171 | #define for_each_ip_tunnel_rcu(start) \ |
172 | for (t = rcu_dereference(start); t; t = rcu_dereference(t->next)) | |
1da177e4 | 173 | |
e985aad7 ED |
174 | /* often modified stats are per cpu, other are shared (netdev->stats) */ |
175 | struct pcpu_tstats { | |
87b6d218 | 176 | u64 rx_packets; |
177 | u64 rx_bytes; | |
178 | u64 tx_packets; | |
179 | u64 tx_bytes; | |
180 | struct u64_stats_sync syncp; | |
181 | }; | |
e985aad7 | 182 | |
87b6d218 | 183 | static struct rtnl_link_stats64 *ipgre_get_stats64(struct net_device *dev, |
184 | struct rtnl_link_stats64 *tot) | |
e985aad7 | 185 | { |
e985aad7 ED |
186 | int i; |
187 | ||
188 | for_each_possible_cpu(i) { | |
189 | const struct pcpu_tstats *tstats = per_cpu_ptr(dev->tstats, i); | |
87b6d218 | 190 | u64 rx_packets, rx_bytes, tx_packets, tx_bytes; |
191 | unsigned int start; | |
192 | ||
193 | do { | |
194 | start = u64_stats_fetch_begin_bh(&tstats->syncp); | |
195 | rx_packets = tstats->rx_packets; | |
196 | tx_packets = tstats->tx_packets; | |
197 | rx_bytes = tstats->rx_bytes; | |
198 | tx_bytes = tstats->tx_bytes; | |
199 | } while (u64_stats_fetch_retry_bh(&tstats->syncp, start)); | |
200 | ||
201 | tot->rx_packets += rx_packets; | |
202 | tot->tx_packets += tx_packets; | |
203 | tot->rx_bytes += rx_bytes; | |
204 | tot->tx_bytes += tx_bytes; | |
e985aad7 | 205 | } |
87b6d218 | 206 | |
207 | tot->multicast = dev->stats.multicast; | |
208 | tot->rx_crc_errors = dev->stats.rx_crc_errors; | |
209 | tot->rx_fifo_errors = dev->stats.rx_fifo_errors; | |
210 | tot->rx_length_errors = dev->stats.rx_length_errors; | |
eccc1bb8 | 211 | tot->rx_frame_errors = dev->stats.rx_frame_errors; |
87b6d218 | 212 | tot->rx_errors = dev->stats.rx_errors; |
eccc1bb8 | 213 | |
87b6d218 | 214 | tot->tx_fifo_errors = dev->stats.tx_fifo_errors; |
215 | tot->tx_carrier_errors = dev->stats.tx_carrier_errors; | |
216 | tot->tx_dropped = dev->stats.tx_dropped; | |
217 | tot->tx_aborted_errors = dev->stats.tx_aborted_errors; | |
218 | tot->tx_errors = dev->stats.tx_errors; | |
219 | ||
220 | return tot; | |
e985aad7 ED |
221 | } |
222 | ||
d2083287 | 223 | /* Does key in tunnel parameters match packet */ |
224 | static bool ipgre_key_match(const struct ip_tunnel_parm *p, | |
225 | __u32 flags, __be32 key) | |
226 | { | |
227 | if (p->i_flags & GRE_KEY) { | |
228 | if (flags & GRE_KEY) | |
229 | return key == p->i_key; | |
230 | else | |
231 | return false; /* key expected, none present */ | |
232 | } else | |
233 | return !(flags & GRE_KEY); | |
234 | } | |
235 | ||
1da177e4 LT |
236 | /* Given src, dst and key, find appropriate for input tunnel. */ |
237 | ||
5e73ea1a DB |
238 | static struct ip_tunnel *ipgre_tunnel_lookup(struct net_device *dev, |
239 | __be32 remote, __be32 local, | |
d2083287 | 240 | __u32 flags, __be32 key, |
241 | __be16 gre_proto) | |
1da177e4 | 242 | { |
749c10f9 TT |
243 | struct net *net = dev_net(dev); |
244 | int link = dev->ifindex; | |
1507850b ED |
245 | unsigned int h0 = HASH(remote); |
246 | unsigned int h1 = HASH(key); | |
afcf1242 | 247 | struct ip_tunnel *t, *cand = NULL; |
7daa0004 | 248 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); |
e1a80002 HX |
249 | int dev_type = (gre_proto == htons(ETH_P_TEB)) ? |
250 | ARPHRD_ETHER : ARPHRD_IPGRE; | |
afcf1242 | 251 | int score, cand_score = 4; |
1da177e4 | 252 | |
8d5b2c08 | 253 | for_each_ip_tunnel_rcu(ign->tunnels_r_l[h0 ^ h1]) { |
749c10f9 TT |
254 | if (local != t->parms.iph.saddr || |
255 | remote != t->parms.iph.daddr || | |
749c10f9 TT |
256 | !(t->dev->flags & IFF_UP)) |
257 | continue; | |
258 | ||
d2083287 | 259 | if (!ipgre_key_match(&t->parms, flags, key)) |
260 | continue; | |
261 | ||
749c10f9 TT |
262 | if (t->dev->type != ARPHRD_IPGRE && |
263 | t->dev->type != dev_type) | |
264 | continue; | |
265 | ||
afcf1242 | 266 | score = 0; |
749c10f9 | 267 | if (t->parms.link != link) |
afcf1242 | 268 | score |= 1; |
749c10f9 | 269 | if (t->dev->type != dev_type) |
afcf1242 TT |
270 | score |= 2; |
271 | if (score == 0) | |
749c10f9 | 272 | return t; |
afcf1242 TT |
273 | |
274 | if (score < cand_score) { | |
275 | cand = t; | |
276 | cand_score = score; | |
277 | } | |
1da177e4 | 278 | } |
e1a80002 | 279 | |
8d5b2c08 | 280 | for_each_ip_tunnel_rcu(ign->tunnels_r[h0 ^ h1]) { |
749c10f9 | 281 | if (remote != t->parms.iph.daddr || |
749c10f9 TT |
282 | !(t->dev->flags & IFF_UP)) |
283 | continue; | |
284 | ||
d2083287 | 285 | if (!ipgre_key_match(&t->parms, flags, key)) |
286 | continue; | |
287 | ||
749c10f9 TT |
288 | if (t->dev->type != ARPHRD_IPGRE && |
289 | t->dev->type != dev_type) | |
290 | continue; | |
291 | ||
afcf1242 | 292 | score = 0; |
749c10f9 | 293 | if (t->parms.link != link) |
afcf1242 | 294 | score |= 1; |
749c10f9 | 295 | if (t->dev->type != dev_type) |
afcf1242 TT |
296 | score |= 2; |
297 | if (score == 0) | |
749c10f9 | 298 | return t; |
afcf1242 TT |
299 | |
300 | if (score < cand_score) { | |
301 | cand = t; | |
302 | cand_score = score; | |
303 | } | |
1da177e4 | 304 | } |
e1a80002 | 305 | |
8d5b2c08 | 306 | for_each_ip_tunnel_rcu(ign->tunnels_l[h1]) { |
749c10f9 TT |
307 | if ((local != t->parms.iph.saddr && |
308 | (local != t->parms.iph.daddr || | |
309 | !ipv4_is_multicast(local))) || | |
749c10f9 TT |
310 | !(t->dev->flags & IFF_UP)) |
311 | continue; | |
312 | ||
d2083287 | 313 | if (!ipgre_key_match(&t->parms, flags, key)) |
314 | continue; | |
315 | ||
749c10f9 TT |
316 | if (t->dev->type != ARPHRD_IPGRE && |
317 | t->dev->type != dev_type) | |
318 | continue; | |
319 | ||
afcf1242 | 320 | score = 0; |
749c10f9 | 321 | if (t->parms.link != link) |
afcf1242 | 322 | score |= 1; |
749c10f9 | 323 | if (t->dev->type != dev_type) |
afcf1242 TT |
324 | score |= 2; |
325 | if (score == 0) | |
749c10f9 | 326 | return t; |
afcf1242 TT |
327 | |
328 | if (score < cand_score) { | |
329 | cand = t; | |
330 | cand_score = score; | |
331 | } | |
1da177e4 | 332 | } |
e1a80002 | 333 | |
8d5b2c08 | 334 | for_each_ip_tunnel_rcu(ign->tunnels_wc[h1]) { |
749c10f9 TT |
335 | if (t->parms.i_key != key || |
336 | !(t->dev->flags & IFF_UP)) | |
337 | continue; | |
338 | ||
339 | if (t->dev->type != ARPHRD_IPGRE && | |
340 | t->dev->type != dev_type) | |
341 | continue; | |
342 | ||
afcf1242 | 343 | score = 0; |
749c10f9 | 344 | if (t->parms.link != link) |
afcf1242 | 345 | score |= 1; |
749c10f9 | 346 | if (t->dev->type != dev_type) |
afcf1242 TT |
347 | score |= 2; |
348 | if (score == 0) | |
749c10f9 | 349 | return t; |
afcf1242 TT |
350 | |
351 | if (score < cand_score) { | |
352 | cand = t; | |
353 | cand_score = score; | |
354 | } | |
1da177e4 LT |
355 | } |
356 | ||
afcf1242 TT |
357 | if (cand != NULL) |
358 | return cand; | |
e1a80002 | 359 | |
8d5b2c08 ED |
360 | dev = ign->fb_tunnel_dev; |
361 | if (dev->flags & IFF_UP) | |
362 | return netdev_priv(dev); | |
749c10f9 | 363 | |
1da177e4 LT |
364 | return NULL; |
365 | } | |
366 | ||
1507850b | 367 | static struct ip_tunnel __rcu **__ipgre_bucket(struct ipgre_net *ign, |
f57e7d5a | 368 | struct ip_tunnel_parm *parms) |
1da177e4 | 369 | { |
5056a1ef YH |
370 | __be32 remote = parms->iph.daddr; |
371 | __be32 local = parms->iph.saddr; | |
372 | __be32 key = parms->i_key; | |
1507850b | 373 | unsigned int h = HASH(key); |
1da177e4 LT |
374 | int prio = 0; |
375 | ||
376 | if (local) | |
377 | prio |= 1; | |
f97c1e0c | 378 | if (remote && !ipv4_is_multicast(remote)) { |
1da177e4 LT |
379 | prio |= 2; |
380 | h ^= HASH(remote); | |
381 | } | |
382 | ||
eb8ce741 | 383 | return &ign->tunnels[prio][h]; |
1da177e4 LT |
384 | } |
385 | ||
1507850b | 386 | static inline struct ip_tunnel __rcu **ipgre_bucket(struct ipgre_net *ign, |
f57e7d5a | 387 | struct ip_tunnel *t) |
5056a1ef | 388 | { |
f57e7d5a | 389 | return __ipgre_bucket(ign, &t->parms); |
5056a1ef YH |
390 | } |
391 | ||
f57e7d5a | 392 | static void ipgre_tunnel_link(struct ipgre_net *ign, struct ip_tunnel *t) |
1da177e4 | 393 | { |
1507850b | 394 | struct ip_tunnel __rcu **tp = ipgre_bucket(ign, t); |
1da177e4 | 395 | |
1507850b | 396 | rcu_assign_pointer(t->next, rtnl_dereference(*tp)); |
8d5b2c08 | 397 | rcu_assign_pointer(*tp, t); |
1da177e4 LT |
398 | } |
399 | ||
f57e7d5a | 400 | static void ipgre_tunnel_unlink(struct ipgre_net *ign, struct ip_tunnel *t) |
1da177e4 | 401 | { |
1507850b ED |
402 | struct ip_tunnel __rcu **tp; |
403 | struct ip_tunnel *iter; | |
404 | ||
405 | for (tp = ipgre_bucket(ign, t); | |
406 | (iter = rtnl_dereference(*tp)) != NULL; | |
407 | tp = &iter->next) { | |
408 | if (t == iter) { | |
409 | rcu_assign_pointer(*tp, t->next); | |
1da177e4 LT |
410 | break; |
411 | } | |
412 | } | |
413 | } | |
414 | ||
e1a80002 HX |
415 | static struct ip_tunnel *ipgre_tunnel_find(struct net *net, |
416 | struct ip_tunnel_parm *parms, | |
417 | int type) | |
1da177e4 | 418 | { |
d5a0a1e3 AV |
419 | __be32 remote = parms->iph.daddr; |
420 | __be32 local = parms->iph.saddr; | |
421 | __be32 key = parms->i_key; | |
749c10f9 | 422 | int link = parms->link; |
1507850b ED |
423 | struct ip_tunnel *t; |
424 | struct ip_tunnel __rcu **tp; | |
e1a80002 HX |
425 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); |
426 | ||
1507850b ED |
427 | for (tp = __ipgre_bucket(ign, parms); |
428 | (t = rtnl_dereference(*tp)) != NULL; | |
429 | tp = &t->next) | |
e1a80002 HX |
430 | if (local == t->parms.iph.saddr && |
431 | remote == t->parms.iph.daddr && | |
432 | key == t->parms.i_key && | |
749c10f9 | 433 | link == t->parms.link && |
e1a80002 HX |
434 | type == t->dev->type) |
435 | break; | |
436 | ||
437 | return t; | |
438 | } | |
439 | ||
1507850b | 440 | static struct ip_tunnel *ipgre_tunnel_locate(struct net *net, |
e1a80002 HX |
441 | struct ip_tunnel_parm *parms, int create) |
442 | { | |
443 | struct ip_tunnel *t, *nt; | |
1da177e4 | 444 | struct net_device *dev; |
1da177e4 | 445 | char name[IFNAMSIZ]; |
f57e7d5a | 446 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); |
1da177e4 | 447 | |
e1a80002 HX |
448 | t = ipgre_tunnel_find(net, parms, ARPHRD_IPGRE); |
449 | if (t || !create) | |
450 | return t; | |
1da177e4 LT |
451 | |
452 | if (parms->name[0]) | |
453 | strlcpy(name, parms->name, IFNAMSIZ); | |
34cc7ba6 | 454 | else |
407d6fcb | 455 | strcpy(name, "gre%d"); |
1da177e4 LT |
456 | |
457 | dev = alloc_netdev(sizeof(*t), name, ipgre_tunnel_setup); | |
458 | if (!dev) | |
407d6fcb | 459 | return NULL; |
1da177e4 | 460 | |
0b67eceb PE |
461 | dev_net_set(dev, net); |
462 | ||
2941a486 | 463 | nt = netdev_priv(dev); |
1da177e4 | 464 | nt->parms = *parms; |
c19e654d | 465 | dev->rtnl_link_ops = &ipgre_link_ops; |
1da177e4 | 466 | |
42aa9162 HX |
467 | dev->mtu = ipgre_tunnel_bind_dev(dev); |
468 | ||
b37d428b PE |
469 | if (register_netdevice(dev) < 0) |
470 | goto failed_free; | |
1da177e4 | 471 | |
f2b3ee9e WB |
472 | /* Can use a lockless transmit, unless we generate output sequences */ |
473 | if (!(nt->parms.o_flags & GRE_SEQ)) | |
474 | dev->features |= NETIF_F_LLTX; | |
475 | ||
1da177e4 | 476 | dev_hold(dev); |
f57e7d5a | 477 | ipgre_tunnel_link(ign, nt); |
1da177e4 LT |
478 | return nt; |
479 | ||
b37d428b PE |
480 | failed_free: |
481 | free_netdev(dev); | |
1da177e4 LT |
482 | return NULL; |
483 | } | |
484 | ||
485 | static void ipgre_tunnel_uninit(struct net_device *dev) | |
486 | { | |
f57e7d5a PE |
487 | struct net *net = dev_net(dev); |
488 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); | |
489 | ||
490 | ipgre_tunnel_unlink(ign, netdev_priv(dev)); | |
1da177e4 LT |
491 | dev_put(dev); |
492 | } | |
493 | ||
494 | ||
495 | static void ipgre_err(struct sk_buff *skb, u32 info) | |
496 | { | |
1da177e4 | 497 | |
071f92d0 | 498 | /* All the routers (except for Linux) return only |
1da177e4 LT |
499 | 8 bytes of packet payload. It means, that precise relaying of |
500 | ICMP in the real Internet is absolutely infeasible. | |
501 | ||
502 | Moreover, Cisco "wise men" put GRE key to the third word | |
503 | in GRE header. It makes impossible maintaining even soft state for keyed | |
504 | GRE tunnels with enabled checksum. Tell them "thank you". | |
505 | ||
506 | Well, I wonder, rfc1812 was written by Cisco employee, | |
bff52857 | 507 | what the hell these idiots break standards established |
508 | by themselves??? | |
1da177e4 LT |
509 | */ |
510 | ||
b71d1d42 | 511 | const struct iphdr *iph = (const struct iphdr *)skb->data; |
5e73ea1a | 512 | __be16 *p = (__be16 *)(skb->data+(iph->ihl<<2)); |
1da177e4 | 513 | int grehlen = (iph->ihl<<2) + 4; |
88c7664f ACM |
514 | const int type = icmp_hdr(skb)->type; |
515 | const int code = icmp_hdr(skb)->code; | |
1da177e4 | 516 | struct ip_tunnel *t; |
d5a0a1e3 | 517 | __be16 flags; |
d2083287 | 518 | __be32 key = 0; |
1da177e4 LT |
519 | |
520 | flags = p[0]; | |
521 | if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) { | |
522 | if (flags&(GRE_VERSION|GRE_ROUTING)) | |
523 | return; | |
524 | if (flags&GRE_KEY) { | |
525 | grehlen += 4; | |
526 | if (flags&GRE_CSUM) | |
527 | grehlen += 4; | |
528 | } | |
529 | } | |
530 | ||
531 | /* If only 8 bytes returned, keyed message will be dropped here */ | |
532 | if (skb_headlen(skb) < grehlen) | |
533 | return; | |
534 | ||
d2083287 | 535 | if (flags & GRE_KEY) |
536 | key = *(((__be32 *)p) + (grehlen / 4) - 1); | |
537 | ||
1da177e4 LT |
538 | switch (type) { |
539 | default: | |
540 | case ICMP_PARAMETERPROB: | |
541 | return; | |
542 | ||
543 | case ICMP_DEST_UNREACH: | |
544 | switch (code) { | |
545 | case ICMP_SR_FAILED: | |
546 | case ICMP_PORT_UNREACH: | |
547 | /* Impossible event. */ | |
548 | return; | |
1da177e4 LT |
549 | default: |
550 | /* All others are translated to HOST_UNREACH. | |
551 | rfc2003 contains "deep thoughts" about NET_UNREACH, | |
552 | I believe they are just ether pollution. --ANK | |
553 | */ | |
554 | break; | |
555 | } | |
556 | break; | |
557 | case ICMP_TIME_EXCEEDED: | |
558 | if (code != ICMP_EXC_TTL) | |
559 | return; | |
560 | break; | |
55be7a9c DM |
561 | |
562 | case ICMP_REDIRECT: | |
563 | break; | |
1da177e4 LT |
564 | } |
565 | ||
749c10f9 | 566 | t = ipgre_tunnel_lookup(skb->dev, iph->daddr, iph->saddr, |
d2083287 | 567 | flags, key, p[1]); |
568 | ||
36393395 | 569 | if (t == NULL) |
0c5794a6 | 570 | return; |
36393395 DM |
571 | |
572 | if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { | |
573 | ipv4_update_pmtu(skb, dev_net(skb->dev), info, | |
574 | t->parms.link, 0, IPPROTO_GRE, 0); | |
0c5794a6 | 575 | return; |
36393395 | 576 | } |
55be7a9c DM |
577 | if (type == ICMP_REDIRECT) { |
578 | ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0, | |
579 | IPPROTO_GRE, 0); | |
0c5794a6 | 580 | return; |
55be7a9c | 581 | } |
36393395 | 582 | if (t->parms.iph.daddr == 0 || |
f97c1e0c | 583 | ipv4_is_multicast(t->parms.iph.daddr)) |
0c5794a6 | 584 | return; |
1da177e4 LT |
585 | |
586 | if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED) | |
0c5794a6 | 587 | return; |
1da177e4 | 588 | |
da6185d8 | 589 | if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO)) |
1da177e4 LT |
590 | t->err_count++; |
591 | else | |
592 | t->err_count = 1; | |
593 | t->err_time = jiffies; | |
1da177e4 LT |
594 | } |
595 | ||
1da177e4 | 596 | static inline u8 |
b71d1d42 | 597 | ipgre_ecn_encapsulate(u8 tos, const struct iphdr *old_iph, struct sk_buff *skb) |
1da177e4 LT |
598 | { |
599 | u8 inner = 0; | |
600 | if (skb->protocol == htons(ETH_P_IP)) | |
601 | inner = old_iph->tos; | |
602 | else if (skb->protocol == htons(ETH_P_IPV6)) | |
b71d1d42 | 603 | inner = ipv6_get_dsfield((const struct ipv6hdr *)old_iph); |
1da177e4 LT |
604 | return INET_ECN_encapsulate(tos, inner); |
605 | } | |
606 | ||
607 | static int ipgre_rcv(struct sk_buff *skb) | |
608 | { | |
b71d1d42 | 609 | const struct iphdr *iph; |
1da177e4 | 610 | u8 *h; |
d5a0a1e3 | 611 | __be16 flags; |
d3bc23e7 | 612 | __sum16 csum = 0; |
d5a0a1e3 | 613 | __be32 key = 0; |
1da177e4 LT |
614 | u32 seqno = 0; |
615 | struct ip_tunnel *tunnel; | |
616 | int offset = 4; | |
e1a80002 | 617 | __be16 gre_proto; |
eccc1bb8 | 618 | int err; |
1da177e4 LT |
619 | |
620 | if (!pskb_may_pull(skb, 16)) | |
0c5794a6 | 621 | goto drop; |
1da177e4 | 622 | |
eddc9ec5 | 623 | iph = ip_hdr(skb); |
1da177e4 | 624 | h = skb->data; |
5e73ea1a | 625 | flags = *(__be16 *)h; |
1da177e4 LT |
626 | |
627 | if (flags&(GRE_CSUM|GRE_KEY|GRE_ROUTING|GRE_SEQ|GRE_VERSION)) { | |
628 | /* - Version must be 0. | |
629 | - We do not support routing headers. | |
630 | */ | |
631 | if (flags&(GRE_VERSION|GRE_ROUTING)) | |
0c5794a6 | 632 | goto drop; |
1da177e4 LT |
633 | |
634 | if (flags&GRE_CSUM) { | |
fb286bb2 | 635 | switch (skb->ip_summed) { |
84fa7933 | 636 | case CHECKSUM_COMPLETE: |
d3bc23e7 | 637 | csum = csum_fold(skb->csum); |
fb286bb2 HX |
638 | if (!csum) |
639 | break; | |
640 | /* fall through */ | |
641 | case CHECKSUM_NONE: | |
642 | skb->csum = 0; | |
643 | csum = __skb_checksum_complete(skb); | |
84fa7933 | 644 | skb->ip_summed = CHECKSUM_COMPLETE; |
1da177e4 LT |
645 | } |
646 | offset += 4; | |
647 | } | |
648 | if (flags&GRE_KEY) { | |
5e73ea1a | 649 | key = *(__be32 *)(h + offset); |
1da177e4 LT |
650 | offset += 4; |
651 | } | |
652 | if (flags&GRE_SEQ) { | |
5e73ea1a | 653 | seqno = ntohl(*(__be32 *)(h + offset)); |
1da177e4 LT |
654 | offset += 4; |
655 | } | |
656 | } | |
657 | ||
e1a80002 HX |
658 | gre_proto = *(__be16 *)(h + 2); |
659 | ||
d2083287 | 660 | tunnel = ipgre_tunnel_lookup(skb->dev, |
661 | iph->saddr, iph->daddr, flags, key, | |
662 | gre_proto); | |
663 | if (tunnel) { | |
e985aad7 | 664 | struct pcpu_tstats *tstats; |
addd68eb | 665 | |
1da177e4 LT |
666 | secpath_reset(skb); |
667 | ||
e1a80002 | 668 | skb->protocol = gre_proto; |
1da177e4 LT |
669 | /* WCCP version 1 and 2 protocol decoding. |
670 | * - Change protocol to IP | |
671 | * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header | |
672 | */ | |
e1a80002 | 673 | if (flags == 0 && gre_proto == htons(ETH_P_WCCP)) { |
496c98df | 674 | skb->protocol = htons(ETH_P_IP); |
e905a9ed | 675 | if ((*(h + offset) & 0xF0) != 0x40) |
1da177e4 LT |
676 | offset += 4; |
677 | } | |
678 | ||
1d069167 | 679 | skb->mac_header = skb->network_header; |
4209fb60 | 680 | __pskb_pull(skb, offset); |
9c70220b | 681 | skb_postpull_rcsum(skb, skb_transport_header(skb), offset); |
1da177e4 LT |
682 | skb->pkt_type = PACKET_HOST; |
683 | #ifdef CONFIG_NET_IPGRE_BROADCAST | |
f97c1e0c | 684 | if (ipv4_is_multicast(iph->daddr)) { |
1da177e4 | 685 | /* Looped back packet, drop it! */ |
c7537967 | 686 | if (rt_is_output_route(skb_rtable(skb))) |
1da177e4 | 687 | goto drop; |
e985aad7 | 688 | tunnel->dev->stats.multicast++; |
1da177e4 LT |
689 | skb->pkt_type = PACKET_BROADCAST; |
690 | } | |
691 | #endif | |
692 | ||
693 | if (((flags&GRE_CSUM) && csum) || | |
694 | (!(flags&GRE_CSUM) && tunnel->parms.i_flags&GRE_CSUM)) { | |
e985aad7 ED |
695 | tunnel->dev->stats.rx_crc_errors++; |
696 | tunnel->dev->stats.rx_errors++; | |
1da177e4 LT |
697 | goto drop; |
698 | } | |
699 | if (tunnel->parms.i_flags&GRE_SEQ) { | |
700 | if (!(flags&GRE_SEQ) || | |
701 | (tunnel->i_seqno && (s32)(seqno - tunnel->i_seqno) < 0)) { | |
e985aad7 ED |
702 | tunnel->dev->stats.rx_fifo_errors++; |
703 | tunnel->dev->stats.rx_errors++; | |
1da177e4 LT |
704 | goto drop; |
705 | } | |
706 | tunnel->i_seqno = seqno + 1; | |
707 | } | |
e1a80002 HX |
708 | |
709 | /* Warning: All skb pointers will be invalidated! */ | |
710 | if (tunnel->dev->type == ARPHRD_ETHER) { | |
711 | if (!pskb_may_pull(skb, ETH_HLEN)) { | |
e985aad7 ED |
712 | tunnel->dev->stats.rx_length_errors++; |
713 | tunnel->dev->stats.rx_errors++; | |
e1a80002 HX |
714 | goto drop; |
715 | } | |
716 | ||
717 | iph = ip_hdr(skb); | |
718 | skb->protocol = eth_type_trans(skb, tunnel->dev); | |
719 | skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN); | |
720 | } | |
721 | ||
eccc1bb8 | 722 | __skb_tunnel_rx(skb, tunnel->dev); |
723 | ||
724 | skb_reset_network_header(skb); | |
725 | err = IP_ECN_decapsulate(iph, skb); | |
726 | if (unlikely(err)) { | |
727 | if (log_ecn_error) | |
728 | net_info_ratelimited("non-ECT from %pI4 with TOS=%#x\n", | |
729 | &iph->saddr, iph->tos); | |
730 | if (err > 1) { | |
731 | ++tunnel->dev->stats.rx_frame_errors; | |
732 | ++tunnel->dev->stats.rx_errors; | |
733 | goto drop; | |
734 | } | |
735 | } | |
736 | ||
e985aad7 | 737 | tstats = this_cpu_ptr(tunnel->dev->tstats); |
87b6d218 | 738 | u64_stats_update_begin(&tstats->syncp); |
e985aad7 ED |
739 | tstats->rx_packets++; |
740 | tstats->rx_bytes += skb->len; | |
87b6d218 | 741 | u64_stats_update_end(&tstats->syncp); |
e985aad7 | 742 | |
60769a5d | 743 | gro_cells_receive(&tunnel->gro_cells, skb); |
8990f468 | 744 | return 0; |
1da177e4 | 745 | } |
45af08be | 746 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); |
1da177e4 LT |
747 | |
748 | drop: | |
1da177e4 | 749 | kfree_skb(skb); |
a02cec21 | 750 | return 0; |
1da177e4 LT |
751 | } |
752 | ||
6fef4c0c | 753 | static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) |
1da177e4 | 754 | { |
2941a486 | 755 | struct ip_tunnel *tunnel = netdev_priv(dev); |
e985aad7 | 756 | struct pcpu_tstats *tstats; |
b71d1d42 ED |
757 | const struct iphdr *old_iph = ip_hdr(skb); |
758 | const struct iphdr *tiph; | |
cbb1e85f | 759 | struct flowi4 fl4; |
1da177e4 | 760 | u8 tos; |
d5a0a1e3 | 761 | __be16 df; |
1da177e4 | 762 | struct rtable *rt; /* Route to the other host */ |
1507850b | 763 | struct net_device *tdev; /* Device to other host */ |
1da177e4 | 764 | struct iphdr *iph; /* Our new IP header */ |
c2636b4d | 765 | unsigned int max_headroom; /* The extra header space needed */ |
1da177e4 | 766 | int gre_hlen; |
d5a0a1e3 | 767 | __be32 dst; |
1da177e4 LT |
768 | int mtu; |
769 | ||
6b78f16e ED |
770 | if (skb->ip_summed == CHECKSUM_PARTIAL && |
771 | skb_checksum_help(skb)) | |
772 | goto tx_error; | |
773 | ||
e1a80002 HX |
774 | if (dev->type == ARPHRD_ETHER) |
775 | IPCB(skb)->flags = 0; | |
776 | ||
777 | if (dev->header_ops && dev->type == ARPHRD_IPGRE) { | |
1da177e4 | 778 | gre_hlen = 0; |
b71d1d42 | 779 | tiph = (const struct iphdr *)skb->data; |
1da177e4 LT |
780 | } else { |
781 | gre_hlen = tunnel->hlen; | |
782 | tiph = &tunnel->parms.iph; | |
783 | } | |
784 | ||
785 | if ((dst = tiph->daddr) == 0) { | |
786 | /* NBMA tunnel */ | |
787 | ||
adf30907 | 788 | if (skb_dst(skb) == NULL) { |
e985aad7 | 789 | dev->stats.tx_fifo_errors++; |
1da177e4 LT |
790 | goto tx_error; |
791 | } | |
792 | ||
61d57f87 | 793 | if (skb->protocol == htons(ETH_P_IP)) { |
511c3f92 | 794 | rt = skb_rtable(skb); |
f8126f1d | 795 | dst = rt_nexthop(rt, old_iph->daddr); |
61d57f87 | 796 | } |
dfd56b8b | 797 | #if IS_ENABLED(CONFIG_IPV6) |
1da177e4 | 798 | else if (skb->protocol == htons(ETH_P_IPV6)) { |
b71d1d42 | 799 | const struct in6_addr *addr6; |
0ec88662 DM |
800 | struct neighbour *neigh; |
801 | bool do_tx_error_icmp; | |
1da177e4 | 802 | int addr_type; |
1da177e4 | 803 | |
0ec88662 | 804 | neigh = dst_neigh_lookup(skb_dst(skb), &ipv6_hdr(skb)->daddr); |
1da177e4 LT |
805 | if (neigh == NULL) |
806 | goto tx_error; | |
807 | ||
b71d1d42 | 808 | addr6 = (const struct in6_addr *)&neigh->primary_key; |
1da177e4 LT |
809 | addr_type = ipv6_addr_type(addr6); |
810 | ||
811 | if (addr_type == IPV6_ADDR_ANY) { | |
0660e03f | 812 | addr6 = &ipv6_hdr(skb)->daddr; |
1da177e4 LT |
813 | addr_type = ipv6_addr_type(addr6); |
814 | } | |
815 | ||
816 | if ((addr_type & IPV6_ADDR_COMPATv4) == 0) | |
0ec88662 DM |
817 | do_tx_error_icmp = true; |
818 | else { | |
819 | do_tx_error_icmp = false; | |
820 | dst = addr6->s6_addr32[3]; | |
821 | } | |
822 | neigh_release(neigh); | |
823 | if (do_tx_error_icmp) | |
1da177e4 | 824 | goto tx_error_icmp; |
1da177e4 LT |
825 | } |
826 | #endif | |
827 | else | |
828 | goto tx_error; | |
829 | } | |
830 | ||
831 | tos = tiph->tos; | |
ee686ca9 AJ |
832 | if (tos == 1) { |
833 | tos = 0; | |
1da177e4 LT |
834 | if (skb->protocol == htons(ETH_P_IP)) |
835 | tos = old_iph->tos; | |
dd4ba83d | 836 | else if (skb->protocol == htons(ETH_P_IPV6)) |
b71d1d42 | 837 | tos = ipv6_get_dsfield((const struct ipv6hdr *)old_iph); |
1da177e4 LT |
838 | } |
839 | ||
cbb1e85f | 840 | rt = ip_route_output_gre(dev_net(dev), &fl4, dst, tiph->saddr, |
78fbfd8a DM |
841 | tunnel->parms.o_key, RT_TOS(tos), |
842 | tunnel->parms.link); | |
843 | if (IS_ERR(rt)) { | |
844 | dev->stats.tx_carrier_errors++; | |
845 | goto tx_error; | |
1da177e4 | 846 | } |
d8d1f30b | 847 | tdev = rt->dst.dev; |
1da177e4 LT |
848 | |
849 | if (tdev == dev) { | |
850 | ip_rt_put(rt); | |
e985aad7 | 851 | dev->stats.collisions++; |
1da177e4 LT |
852 | goto tx_error; |
853 | } | |
854 | ||
855 | df = tiph->frag_off; | |
856 | if (df) | |
d8d1f30b | 857 | mtu = dst_mtu(&rt->dst) - dev->hard_header_len - tunnel->hlen; |
1da177e4 | 858 | else |
adf30907 | 859 | mtu = skb_dst(skb) ? dst_mtu(skb_dst(skb)) : dev->mtu; |
1da177e4 | 860 | |
adf30907 | 861 | if (skb_dst(skb)) |
6700c270 | 862 | skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu); |
1da177e4 LT |
863 | |
864 | if (skb->protocol == htons(ETH_P_IP)) { | |
865 | df |= (old_iph->frag_off&htons(IP_DF)); | |
866 | ||
867 | if ((old_iph->frag_off&htons(IP_DF)) && | |
868 | mtu < ntohs(old_iph->tot_len)) { | |
869 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); | |
870 | ip_rt_put(rt); | |
871 | goto tx_error; | |
872 | } | |
873 | } | |
dfd56b8b | 874 | #if IS_ENABLED(CONFIG_IPV6) |
1da177e4 | 875 | else if (skb->protocol == htons(ETH_P_IPV6)) { |
adf30907 | 876 | struct rt6_info *rt6 = (struct rt6_info *)skb_dst(skb); |
1da177e4 | 877 | |
adf30907 | 878 | if (rt6 && mtu < dst_mtu(skb_dst(skb)) && mtu >= IPV6_MIN_MTU) { |
f97c1e0c JP |
879 | if ((tunnel->parms.iph.daddr && |
880 | !ipv4_is_multicast(tunnel->parms.iph.daddr)) || | |
1da177e4 LT |
881 | rt6->rt6i_dst.plen == 128) { |
882 | rt6->rt6i_flags |= RTF_MODIFIED; | |
defb3519 | 883 | dst_metric_set(skb_dst(skb), RTAX_MTU, mtu); |
1da177e4 LT |
884 | } |
885 | } | |
886 | ||
887 | if (mtu >= IPV6_MIN_MTU && mtu < skb->len - tunnel->hlen + gre_hlen) { | |
3ffe533c | 888 | icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); |
1da177e4 LT |
889 | ip_rt_put(rt); |
890 | goto tx_error; | |
891 | } | |
892 | } | |
893 | #endif | |
894 | ||
895 | if (tunnel->err_count > 0) { | |
da6185d8 WY |
896 | if (time_before(jiffies, |
897 | tunnel->err_time + IPTUNNEL_ERR_TIMEO)) { | |
1da177e4 LT |
898 | tunnel->err_count--; |
899 | ||
900 | dst_link_failure(skb); | |
901 | } else | |
902 | tunnel->err_count = 0; | |
903 | } | |
904 | ||
d8d1f30b | 905 | max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen + rt->dst.header_len; |
1da177e4 | 906 | |
cfbba49d PM |
907 | if (skb_headroom(skb) < max_headroom || skb_shared(skb)|| |
908 | (skb_cloned(skb) && !skb_clone_writable(skb, 0))) { | |
1da177e4 | 909 | struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom); |
805dc1d6 HX |
910 | if (max_headroom > dev->needed_headroom) |
911 | dev->needed_headroom = max_headroom; | |
1da177e4 LT |
912 | if (!new_skb) { |
913 | ip_rt_put(rt); | |
e985aad7 | 914 | dev->stats.tx_dropped++; |
1da177e4 | 915 | dev_kfree_skb(skb); |
6ed10654 | 916 | return NETDEV_TX_OK; |
1da177e4 LT |
917 | } |
918 | if (skb->sk) | |
919 | skb_set_owner_w(new_skb, skb->sk); | |
920 | dev_kfree_skb(skb); | |
921 | skb = new_skb; | |
eddc9ec5 | 922 | old_iph = ip_hdr(skb); |
1da177e4 LT |
923 | } |
924 | ||
64194c31 | 925 | skb_reset_transport_header(skb); |
e2d1bca7 ACM |
926 | skb_push(skb, gre_hlen); |
927 | skb_reset_network_header(skb); | |
1da177e4 | 928 | memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); |
48d5cad8 PM |
929 | IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | |
930 | IPSKB_REROUTED); | |
adf30907 | 931 | skb_dst_drop(skb); |
d8d1f30b | 932 | skb_dst_set(skb, &rt->dst); |
1da177e4 LT |
933 | |
934 | /* | |
935 | * Push down and install the IPIP header. | |
936 | */ | |
937 | ||
eddc9ec5 | 938 | iph = ip_hdr(skb); |
1da177e4 LT |
939 | iph->version = 4; |
940 | iph->ihl = sizeof(struct iphdr) >> 2; | |
941 | iph->frag_off = df; | |
942 | iph->protocol = IPPROTO_GRE; | |
943 | iph->tos = ipgre_ecn_encapsulate(tos, old_iph, skb); | |
cbb1e85f DM |
944 | iph->daddr = fl4.daddr; |
945 | iph->saddr = fl4.saddr; | |
1da177e4 LT |
946 | |
947 | if ((iph->ttl = tiph->ttl) == 0) { | |
948 | if (skb->protocol == htons(ETH_P_IP)) | |
949 | iph->ttl = old_iph->ttl; | |
dfd56b8b | 950 | #if IS_ENABLED(CONFIG_IPV6) |
1da177e4 | 951 | else if (skb->protocol == htons(ETH_P_IPV6)) |
b71d1d42 | 952 | iph->ttl = ((const struct ipv6hdr *)old_iph)->hop_limit; |
1da177e4 LT |
953 | #endif |
954 | else | |
323e126f | 955 | iph->ttl = ip4_dst_hoplimit(&rt->dst); |
1da177e4 LT |
956 | } |
957 | ||
e1a80002 HX |
958 | ((__be16 *)(iph + 1))[0] = tunnel->parms.o_flags; |
959 | ((__be16 *)(iph + 1))[1] = (dev->type == ARPHRD_ETHER) ? | |
960 | htons(ETH_P_TEB) : skb->protocol; | |
1da177e4 LT |
961 | |
962 | if (tunnel->parms.o_flags&(GRE_KEY|GRE_CSUM|GRE_SEQ)) { | |
5e73ea1a | 963 | __be32 *ptr = (__be32 *)(((u8 *)iph) + tunnel->hlen - 4); |
1da177e4 LT |
964 | |
965 | if (tunnel->parms.o_flags&GRE_SEQ) { | |
966 | ++tunnel->o_seqno; | |
967 | *ptr = htonl(tunnel->o_seqno); | |
968 | ptr--; | |
969 | } | |
970 | if (tunnel->parms.o_flags&GRE_KEY) { | |
971 | *ptr = tunnel->parms.o_key; | |
972 | ptr--; | |
973 | } | |
974 | if (tunnel->parms.o_flags&GRE_CSUM) { | |
975 | *ptr = 0; | |
5e73ea1a | 976 | *(__sum16 *)ptr = ip_compute_csum((void *)(iph+1), skb->len - sizeof(struct iphdr)); |
1da177e4 LT |
977 | } |
978 | } | |
979 | ||
980 | nf_reset(skb); | |
e985aad7 ED |
981 | tstats = this_cpu_ptr(dev->tstats); |
982 | __IPTUNNEL_XMIT(tstats, &dev->stats); | |
6ed10654 | 983 | return NETDEV_TX_OK; |
1da177e4 | 984 | |
496053f4 | 985 | #if IS_ENABLED(CONFIG_IPV6) |
1da177e4 LT |
986 | tx_error_icmp: |
987 | dst_link_failure(skb); | |
496053f4 | 988 | #endif |
1da177e4 | 989 | tx_error: |
e985aad7 | 990 | dev->stats.tx_errors++; |
1da177e4 | 991 | dev_kfree_skb(skb); |
6ed10654 | 992 | return NETDEV_TX_OK; |
1da177e4 LT |
993 | } |
994 | ||
42aa9162 | 995 | static int ipgre_tunnel_bind_dev(struct net_device *dev) |
ee34c1eb MS |
996 | { |
997 | struct net_device *tdev = NULL; | |
998 | struct ip_tunnel *tunnel; | |
b71d1d42 | 999 | const struct iphdr *iph; |
ee34c1eb MS |
1000 | int hlen = LL_MAX_HEADER; |
1001 | int mtu = ETH_DATA_LEN; | |
1002 | int addend = sizeof(struct iphdr) + 4; | |
1003 | ||
1004 | tunnel = netdev_priv(dev); | |
1005 | iph = &tunnel->parms.iph; | |
1006 | ||
c95b819a | 1007 | /* Guess output device to choose reasonable mtu and needed_headroom */ |
ee34c1eb MS |
1008 | |
1009 | if (iph->daddr) { | |
cbb1e85f DM |
1010 | struct flowi4 fl4; |
1011 | struct rtable *rt; | |
1012 | ||
1013 | rt = ip_route_output_gre(dev_net(dev), &fl4, | |
1014 | iph->daddr, iph->saddr, | |
1015 | tunnel->parms.o_key, | |
1016 | RT_TOS(iph->tos), | |
1017 | tunnel->parms.link); | |
b23dd4fe | 1018 | if (!IS_ERR(rt)) { |
d8d1f30b | 1019 | tdev = rt->dst.dev; |
ee34c1eb MS |
1020 | ip_rt_put(rt); |
1021 | } | |
e1a80002 HX |
1022 | |
1023 | if (dev->type != ARPHRD_ETHER) | |
1024 | dev->flags |= IFF_POINTOPOINT; | |
ee34c1eb MS |
1025 | } |
1026 | ||
1027 | if (!tdev && tunnel->parms.link) | |
96635522 | 1028 | tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link); |
ee34c1eb MS |
1029 | |
1030 | if (tdev) { | |
c95b819a | 1031 | hlen = tdev->hard_header_len + tdev->needed_headroom; |
ee34c1eb MS |
1032 | mtu = tdev->mtu; |
1033 | } | |
1034 | dev->iflink = tunnel->parms.link; | |
1035 | ||
1036 | /* Precalculate GRE options length */ | |
1037 | if (tunnel->parms.o_flags&(GRE_CSUM|GRE_KEY|GRE_SEQ)) { | |
1038 | if (tunnel->parms.o_flags&GRE_CSUM) | |
1039 | addend += 4; | |
1040 | if (tunnel->parms.o_flags&GRE_KEY) | |
1041 | addend += 4; | |
1042 | if (tunnel->parms.o_flags&GRE_SEQ) | |
1043 | addend += 4; | |
1044 | } | |
c95b819a | 1045 | dev->needed_headroom = addend + hlen; |
8cdb0456 | 1046 | mtu -= dev->hard_header_len + addend; |
42aa9162 HX |
1047 | |
1048 | if (mtu < 68) | |
1049 | mtu = 68; | |
1050 | ||
ee34c1eb MS |
1051 | tunnel->hlen = addend; |
1052 | ||
42aa9162 | 1053 | return mtu; |
ee34c1eb MS |
1054 | } |
1055 | ||
1da177e4 LT |
1056 | static int |
1057 | ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd) | |
1058 | { | |
1059 | int err = 0; | |
1060 | struct ip_tunnel_parm p; | |
1061 | struct ip_tunnel *t; | |
f57e7d5a PE |
1062 | struct net *net = dev_net(dev); |
1063 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); | |
1da177e4 LT |
1064 | |
1065 | switch (cmd) { | |
1066 | case SIOCGETTUNNEL: | |
1067 | t = NULL; | |
7daa0004 | 1068 | if (dev == ign->fb_tunnel_dev) { |
1da177e4 LT |
1069 | if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) { |
1070 | err = -EFAULT; | |
1071 | break; | |
1072 | } | |
f57e7d5a | 1073 | t = ipgre_tunnel_locate(net, &p, 0); |
1da177e4 LT |
1074 | } |
1075 | if (t == NULL) | |
2941a486 | 1076 | t = netdev_priv(dev); |
1da177e4 LT |
1077 | memcpy(&p, &t->parms, sizeof(p)); |
1078 | if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) | |
1079 | err = -EFAULT; | |
1080 | break; | |
1081 | ||
1082 | case SIOCADDTUNNEL: | |
1083 | case SIOCCHGTUNNEL: | |
1084 | err = -EPERM; | |
1085 | if (!capable(CAP_NET_ADMIN)) | |
1086 | goto done; | |
1087 | ||
1088 | err = -EFAULT; | |
1089 | if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) | |
1090 | goto done; | |
1091 | ||
1092 | err = -EINVAL; | |
1093 | if (p.iph.version != 4 || p.iph.protocol != IPPROTO_GRE || | |
1094 | p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)) || | |
1095 | ((p.i_flags|p.o_flags)&(GRE_VERSION|GRE_ROUTING))) | |
1096 | goto done; | |
1097 | if (p.iph.ttl) | |
1098 | p.iph.frag_off |= htons(IP_DF); | |
1099 | ||
1100 | if (!(p.i_flags&GRE_KEY)) | |
1101 | p.i_key = 0; | |
1102 | if (!(p.o_flags&GRE_KEY)) | |
1103 | p.o_key = 0; | |
1104 | ||
f57e7d5a | 1105 | t = ipgre_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL); |
1da177e4 | 1106 | |
7daa0004 | 1107 | if (dev != ign->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) { |
1da177e4 LT |
1108 | if (t != NULL) { |
1109 | if (t->dev != dev) { | |
1110 | err = -EEXIST; | |
1111 | break; | |
1112 | } | |
1113 | } else { | |
1507850b | 1114 | unsigned int nflags = 0; |
1da177e4 | 1115 | |
2941a486 | 1116 | t = netdev_priv(dev); |
1da177e4 | 1117 | |
f97c1e0c | 1118 | if (ipv4_is_multicast(p.iph.daddr)) |
1da177e4 LT |
1119 | nflags = IFF_BROADCAST; |
1120 | else if (p.iph.daddr) | |
1121 | nflags = IFF_POINTOPOINT; | |
1122 | ||
1123 | if ((dev->flags^nflags)&(IFF_POINTOPOINT|IFF_BROADCAST)) { | |
1124 | err = -EINVAL; | |
1125 | break; | |
1126 | } | |
f57e7d5a | 1127 | ipgre_tunnel_unlink(ign, t); |
74b0b85b | 1128 | synchronize_net(); |
1da177e4 LT |
1129 | t->parms.iph.saddr = p.iph.saddr; |
1130 | t->parms.iph.daddr = p.iph.daddr; | |
1131 | t->parms.i_key = p.i_key; | |
1132 | t->parms.o_key = p.o_key; | |
1133 | memcpy(dev->dev_addr, &p.iph.saddr, 4); | |
1134 | memcpy(dev->broadcast, &p.iph.daddr, 4); | |
f57e7d5a | 1135 | ipgre_tunnel_link(ign, t); |
1da177e4 LT |
1136 | netdev_state_change(dev); |
1137 | } | |
1138 | } | |
1139 | ||
1140 | if (t) { | |
1141 | err = 0; | |
1142 | if (cmd == SIOCCHGTUNNEL) { | |
1143 | t->parms.iph.ttl = p.iph.ttl; | |
1144 | t->parms.iph.tos = p.iph.tos; | |
1145 | t->parms.iph.frag_off = p.iph.frag_off; | |
ee34c1eb MS |
1146 | if (t->parms.link != p.link) { |
1147 | t->parms.link = p.link; | |
42aa9162 | 1148 | dev->mtu = ipgre_tunnel_bind_dev(dev); |
ee34c1eb MS |
1149 | netdev_state_change(dev); |
1150 | } | |
1da177e4 LT |
1151 | } |
1152 | if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p))) | |
1153 | err = -EFAULT; | |
1154 | } else | |
1155 | err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT); | |
1156 | break; | |
1157 | ||
1158 | case SIOCDELTUNNEL: | |
1159 | err = -EPERM; | |
1160 | if (!capable(CAP_NET_ADMIN)) | |
1161 | goto done; | |
1162 | ||
7daa0004 | 1163 | if (dev == ign->fb_tunnel_dev) { |
1da177e4 LT |
1164 | err = -EFAULT; |
1165 | if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) | |
1166 | goto done; | |
1167 | err = -ENOENT; | |
f57e7d5a | 1168 | if ((t = ipgre_tunnel_locate(net, &p, 0)) == NULL) |
1da177e4 LT |
1169 | goto done; |
1170 | err = -EPERM; | |
7daa0004 | 1171 | if (t == netdev_priv(ign->fb_tunnel_dev)) |
1da177e4 LT |
1172 | goto done; |
1173 | dev = t->dev; | |
1174 | } | |
22f8cde5 SH |
1175 | unregister_netdevice(dev); |
1176 | err = 0; | |
1da177e4 LT |
1177 | break; |
1178 | ||
1179 | default: | |
1180 | err = -EINVAL; | |
1181 | } | |
1182 | ||
1183 | done: | |
1184 | return err; | |
1185 | } | |
1186 | ||
1da177e4 LT |
1187 | static int ipgre_tunnel_change_mtu(struct net_device *dev, int new_mtu) |
1188 | { | |
2941a486 | 1189 | struct ip_tunnel *tunnel = netdev_priv(dev); |
c95b819a HX |
1190 | if (new_mtu < 68 || |
1191 | new_mtu > 0xFFF8 - dev->hard_header_len - tunnel->hlen) | |
1da177e4 LT |
1192 | return -EINVAL; |
1193 | dev->mtu = new_mtu; | |
1194 | return 0; | |
1195 | } | |
1196 | ||
1da177e4 LT |
1197 | /* Nice toy. Unfortunately, useless in real life :-) |
1198 | It allows to construct virtual multiprotocol broadcast "LAN" | |
1199 | over the Internet, provided multicast routing is tuned. | |
1200 | ||
1201 | ||
1202 | I have no idea was this bicycle invented before me, | |
1203 | so that I had to set ARPHRD_IPGRE to a random value. | |
1204 | I have an impression, that Cisco could make something similar, | |
1205 | but this feature is apparently missing in IOS<=11.2(8). | |
e905a9ed | 1206 | |
1da177e4 LT |
1207 | I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks |
1208 | with broadcast 224.66.66.66. If you have access to mbone, play with me :-) | |
1209 | ||
1210 | ping -t 255 224.66.66.66 | |
1211 | ||
1212 | If nobody answers, mbone does not work. | |
1213 | ||
1214 | ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255 | |
1215 | ip addr add 10.66.66.<somewhat>/24 dev Universe | |
1216 | ifconfig Universe up | |
1217 | ifconfig Universe add fe80::<Your_real_addr>/10 | |
1218 | ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96 | |
1219 | ftp 10.66.66.66 | |
1220 | ... | |
1221 | ftp fec0:6666:6666::193.233.7.65 | |
1222 | ... | |
1223 | ||
1224 | */ | |
1225 | ||
3b04ddde SH |
1226 | static int ipgre_header(struct sk_buff *skb, struct net_device *dev, |
1227 | unsigned short type, | |
1507850b | 1228 | const void *daddr, const void *saddr, unsigned int len) |
1da177e4 | 1229 | { |
2941a486 | 1230 | struct ip_tunnel *t = netdev_priv(dev); |
1da177e4 | 1231 | struct iphdr *iph = (struct iphdr *)skb_push(skb, t->hlen); |
5e73ea1a | 1232 | __be16 *p = (__be16 *)(iph+1); |
1da177e4 LT |
1233 | |
1234 | memcpy(iph, &t->parms.iph, sizeof(struct iphdr)); | |
1235 | p[0] = t->parms.o_flags; | |
1236 | p[1] = htons(type); | |
1237 | ||
1238 | /* | |
e905a9ed | 1239 | * Set the source hardware address. |
1da177e4 | 1240 | */ |
e905a9ed | 1241 | |
1da177e4 LT |
1242 | if (saddr) |
1243 | memcpy(&iph->saddr, saddr, 4); | |
6d55cb91 | 1244 | if (daddr) |
1da177e4 | 1245 | memcpy(&iph->daddr, daddr, 4); |
6d55cb91 | 1246 | if (iph->daddr) |
1da177e4 | 1247 | return t->hlen; |
e905a9ed | 1248 | |
1da177e4 LT |
1249 | return -t->hlen; |
1250 | } | |
1251 | ||
6a5f44d7 TT |
1252 | static int ipgre_header_parse(const struct sk_buff *skb, unsigned char *haddr) |
1253 | { | |
b71d1d42 | 1254 | const struct iphdr *iph = (const struct iphdr *) skb_mac_header(skb); |
6a5f44d7 TT |
1255 | memcpy(haddr, &iph->saddr, 4); |
1256 | return 4; | |
1257 | } | |
1258 | ||
3b04ddde SH |
1259 | static const struct header_ops ipgre_header_ops = { |
1260 | .create = ipgre_header, | |
6a5f44d7 | 1261 | .parse = ipgre_header_parse, |
3b04ddde SH |
1262 | }; |
1263 | ||
6a5f44d7 | 1264 | #ifdef CONFIG_NET_IPGRE_BROADCAST |
1da177e4 LT |
1265 | static int ipgre_open(struct net_device *dev) |
1266 | { | |
2941a486 | 1267 | struct ip_tunnel *t = netdev_priv(dev); |
1da177e4 | 1268 | |
f97c1e0c | 1269 | if (ipv4_is_multicast(t->parms.iph.daddr)) { |
cbb1e85f DM |
1270 | struct flowi4 fl4; |
1271 | struct rtable *rt; | |
1272 | ||
1273 | rt = ip_route_output_gre(dev_net(dev), &fl4, | |
1274 | t->parms.iph.daddr, | |
1275 | t->parms.iph.saddr, | |
1276 | t->parms.o_key, | |
1277 | RT_TOS(t->parms.iph.tos), | |
1278 | t->parms.link); | |
b23dd4fe | 1279 | if (IS_ERR(rt)) |
1da177e4 | 1280 | return -EADDRNOTAVAIL; |
d8d1f30b | 1281 | dev = rt->dst.dev; |
1da177e4 | 1282 | ip_rt_put(rt); |
e5ed6399 | 1283 | if (__in_dev_get_rtnl(dev) == NULL) |
1da177e4 LT |
1284 | return -EADDRNOTAVAIL; |
1285 | t->mlink = dev->ifindex; | |
e5ed6399 | 1286 | ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr); |
1da177e4 LT |
1287 | } |
1288 | return 0; | |
1289 | } | |
1290 | ||
1291 | static int ipgre_close(struct net_device *dev) | |
1292 | { | |
2941a486 | 1293 | struct ip_tunnel *t = netdev_priv(dev); |
b8c26a33 | 1294 | |
f97c1e0c | 1295 | if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) { |
7fee0ca2 | 1296 | struct in_device *in_dev; |
c346dca1 | 1297 | in_dev = inetdev_by_index(dev_net(dev), t->mlink); |
8723e1b4 | 1298 | if (in_dev) |
1da177e4 | 1299 | ip_mc_dec_group(in_dev, t->parms.iph.daddr); |
1da177e4 LT |
1300 | } |
1301 | return 0; | |
1302 | } | |
1303 | ||
1304 | #endif | |
1305 | ||
b8c26a33 SH |
1306 | static const struct net_device_ops ipgre_netdev_ops = { |
1307 | .ndo_init = ipgre_tunnel_init, | |
1308 | .ndo_uninit = ipgre_tunnel_uninit, | |
1309 | #ifdef CONFIG_NET_IPGRE_BROADCAST | |
1310 | .ndo_open = ipgre_open, | |
1311 | .ndo_stop = ipgre_close, | |
1312 | #endif | |
1313 | .ndo_start_xmit = ipgre_tunnel_xmit, | |
1314 | .ndo_do_ioctl = ipgre_tunnel_ioctl, | |
1315 | .ndo_change_mtu = ipgre_tunnel_change_mtu, | |
87b6d218 | 1316 | .ndo_get_stats64 = ipgre_get_stats64, |
b8c26a33 SH |
1317 | }; |
1318 | ||
e985aad7 ED |
1319 | static void ipgre_dev_free(struct net_device *dev) |
1320 | { | |
60769a5d ED |
1321 | struct ip_tunnel *tunnel = netdev_priv(dev); |
1322 | ||
1323 | gro_cells_destroy(&tunnel->gro_cells); | |
e985aad7 ED |
1324 | free_percpu(dev->tstats); |
1325 | free_netdev(dev); | |
1326 | } | |
1327 | ||
6b78f16e ED |
1328 | #define GRE_FEATURES (NETIF_F_SG | \ |
1329 | NETIF_F_FRAGLIST | \ | |
1330 | NETIF_F_HIGHDMA | \ | |
1331 | NETIF_F_HW_CSUM) | |
1332 | ||
1da177e4 LT |
1333 | static void ipgre_tunnel_setup(struct net_device *dev) |
1334 | { | |
b8c26a33 | 1335 | dev->netdev_ops = &ipgre_netdev_ops; |
e985aad7 | 1336 | dev->destructor = ipgre_dev_free; |
1da177e4 LT |
1337 | |
1338 | dev->type = ARPHRD_IPGRE; | |
c95b819a | 1339 | dev->needed_headroom = LL_MAX_HEADER + sizeof(struct iphdr) + 4; |
46f25dff | 1340 | dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr) - 4; |
1da177e4 LT |
1341 | dev->flags = IFF_NOARP; |
1342 | dev->iflink = 0; | |
1343 | dev->addr_len = 4; | |
0b67eceb | 1344 | dev->features |= NETIF_F_NETNS_LOCAL; |
108bfa89 | 1345 | dev->priv_flags &= ~IFF_XMIT_DST_RELEASE; |
6b78f16e ED |
1346 | |
1347 | dev->features |= GRE_FEATURES; | |
1348 | dev->hw_features |= GRE_FEATURES; | |
1da177e4 LT |
1349 | } |
1350 | ||
1351 | static int ipgre_tunnel_init(struct net_device *dev) | |
1352 | { | |
1da177e4 LT |
1353 | struct ip_tunnel *tunnel; |
1354 | struct iphdr *iph; | |
60769a5d | 1355 | int err; |
1da177e4 | 1356 | |
2941a486 | 1357 | tunnel = netdev_priv(dev); |
1da177e4 LT |
1358 | iph = &tunnel->parms.iph; |
1359 | ||
1360 | tunnel->dev = dev; | |
1361 | strcpy(tunnel->parms.name, dev->name); | |
1362 | ||
1363 | memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4); | |
1364 | memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4); | |
1365 | ||
1da177e4 | 1366 | if (iph->daddr) { |
1da177e4 | 1367 | #ifdef CONFIG_NET_IPGRE_BROADCAST |
f97c1e0c | 1368 | if (ipv4_is_multicast(iph->daddr)) { |
1da177e4 LT |
1369 | if (!iph->saddr) |
1370 | return -EINVAL; | |
1371 | dev->flags = IFF_BROADCAST; | |
3b04ddde | 1372 | dev->header_ops = &ipgre_header_ops; |
1da177e4 LT |
1373 | } |
1374 | #endif | |
ee34c1eb | 1375 | } else |
6a5f44d7 | 1376 | dev->header_ops = &ipgre_header_ops; |
1da177e4 | 1377 | |
e985aad7 ED |
1378 | dev->tstats = alloc_percpu(struct pcpu_tstats); |
1379 | if (!dev->tstats) | |
1380 | return -ENOMEM; | |
1381 | ||
60769a5d ED |
1382 | err = gro_cells_init(&tunnel->gro_cells, dev); |
1383 | if (err) { | |
1384 | free_percpu(dev->tstats); | |
1385 | return err; | |
1386 | } | |
1387 | ||
1da177e4 LT |
1388 | return 0; |
1389 | } | |
1390 | ||
b8c26a33 | 1391 | static void ipgre_fb_tunnel_init(struct net_device *dev) |
1da177e4 | 1392 | { |
2941a486 | 1393 | struct ip_tunnel *tunnel = netdev_priv(dev); |
1da177e4 LT |
1394 | struct iphdr *iph = &tunnel->parms.iph; |
1395 | ||
1396 | tunnel->dev = dev; | |
1397 | strcpy(tunnel->parms.name, dev->name); | |
1398 | ||
1399 | iph->version = 4; | |
1400 | iph->protocol = IPPROTO_GRE; | |
1401 | iph->ihl = 5; | |
1402 | tunnel->hlen = sizeof(struct iphdr) + 4; | |
1403 | ||
1404 | dev_hold(dev); | |
1da177e4 LT |
1405 | } |
1406 | ||
1407 | ||
00959ade DK |
1408 | static const struct gre_protocol ipgre_protocol = { |
1409 | .handler = ipgre_rcv, | |
1410 | .err_handler = ipgre_err, | |
1da177e4 LT |
1411 | }; |
1412 | ||
eef6dd65 | 1413 | static void ipgre_destroy_tunnels(struct ipgre_net *ign, struct list_head *head) |
eb8ce741 PE |
1414 | { |
1415 | int prio; | |
1416 | ||
1417 | for (prio = 0; prio < 4; prio++) { | |
1418 | int h; | |
1419 | for (h = 0; h < HASH_SIZE; h++) { | |
1507850b ED |
1420 | struct ip_tunnel *t; |
1421 | ||
1422 | t = rtnl_dereference(ign->tunnels[prio][h]); | |
eef6dd65 ED |
1423 | |
1424 | while (t != NULL) { | |
1425 | unregister_netdevice_queue(t->dev, head); | |
1507850b | 1426 | t = rtnl_dereference(t->next); |
eef6dd65 | 1427 | } |
eb8ce741 PE |
1428 | } |
1429 | } | |
1430 | } | |
1431 | ||
2c8c1e72 | 1432 | static int __net_init ipgre_init_net(struct net *net) |
59a4c759 | 1433 | { |
cfb8fbf2 | 1434 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); |
59a4c759 | 1435 | int err; |
59a4c759 | 1436 | |
7daa0004 PE |
1437 | ign->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0", |
1438 | ipgre_tunnel_setup); | |
1439 | if (!ign->fb_tunnel_dev) { | |
1440 | err = -ENOMEM; | |
1441 | goto err_alloc_dev; | |
1442 | } | |
be77e593 | 1443 | dev_net_set(ign->fb_tunnel_dev, net); |
7daa0004 | 1444 | |
b8c26a33 | 1445 | ipgre_fb_tunnel_init(ign->fb_tunnel_dev); |
c19e654d | 1446 | ign->fb_tunnel_dev->rtnl_link_ops = &ipgre_link_ops; |
7daa0004 PE |
1447 | |
1448 | if ((err = register_netdev(ign->fb_tunnel_dev))) | |
1449 | goto err_reg_dev; | |
1450 | ||
3285ee3b ED |
1451 | rcu_assign_pointer(ign->tunnels_wc[0], |
1452 | netdev_priv(ign->fb_tunnel_dev)); | |
59a4c759 PE |
1453 | return 0; |
1454 | ||
7daa0004 | 1455 | err_reg_dev: |
3285ee3b | 1456 | ipgre_dev_free(ign->fb_tunnel_dev); |
7daa0004 | 1457 | err_alloc_dev: |
59a4c759 PE |
1458 | return err; |
1459 | } | |
1460 | ||
2c8c1e72 | 1461 | static void __net_exit ipgre_exit_net(struct net *net) |
59a4c759 PE |
1462 | { |
1463 | struct ipgre_net *ign; | |
eef6dd65 | 1464 | LIST_HEAD(list); |
59a4c759 PE |
1465 | |
1466 | ign = net_generic(net, ipgre_net_id); | |
7daa0004 | 1467 | rtnl_lock(); |
eef6dd65 ED |
1468 | ipgre_destroy_tunnels(ign, &list); |
1469 | unregister_netdevice_many(&list); | |
7daa0004 | 1470 | rtnl_unlock(); |
59a4c759 PE |
1471 | } |
1472 | ||
1473 | static struct pernet_operations ipgre_net_ops = { | |
1474 | .init = ipgre_init_net, | |
1475 | .exit = ipgre_exit_net, | |
cfb8fbf2 EB |
1476 | .id = &ipgre_net_id, |
1477 | .size = sizeof(struct ipgre_net), | |
59a4c759 | 1478 | }; |
1da177e4 | 1479 | |
c19e654d HX |
1480 | static int ipgre_tunnel_validate(struct nlattr *tb[], struct nlattr *data[]) |
1481 | { | |
1482 | __be16 flags; | |
1483 | ||
1484 | if (!data) | |
1485 | return 0; | |
1486 | ||
1487 | flags = 0; | |
1488 | if (data[IFLA_GRE_IFLAGS]) | |
1489 | flags |= nla_get_be16(data[IFLA_GRE_IFLAGS]); | |
1490 | if (data[IFLA_GRE_OFLAGS]) | |
1491 | flags |= nla_get_be16(data[IFLA_GRE_OFLAGS]); | |
1492 | if (flags & (GRE_VERSION|GRE_ROUTING)) | |
1493 | return -EINVAL; | |
1494 | ||
1495 | return 0; | |
1496 | } | |
1497 | ||
e1a80002 HX |
1498 | static int ipgre_tap_validate(struct nlattr *tb[], struct nlattr *data[]) |
1499 | { | |
1500 | __be32 daddr; | |
1501 | ||
1502 | if (tb[IFLA_ADDRESS]) { | |
1503 | if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) | |
1504 | return -EINVAL; | |
1505 | if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) | |
1506 | return -EADDRNOTAVAIL; | |
1507 | } | |
1508 | ||
1509 | if (!data) | |
1510 | goto out; | |
1511 | ||
1512 | if (data[IFLA_GRE_REMOTE]) { | |
1513 | memcpy(&daddr, nla_data(data[IFLA_GRE_REMOTE]), 4); | |
1514 | if (!daddr) | |
1515 | return -EINVAL; | |
1516 | } | |
1517 | ||
1518 | out: | |
1519 | return ipgre_tunnel_validate(tb, data); | |
1520 | } | |
1521 | ||
c19e654d HX |
1522 | static void ipgre_netlink_parms(struct nlattr *data[], |
1523 | struct ip_tunnel_parm *parms) | |
1524 | { | |
7bb82d92 | 1525 | memset(parms, 0, sizeof(*parms)); |
c19e654d HX |
1526 | |
1527 | parms->iph.protocol = IPPROTO_GRE; | |
1528 | ||
1529 | if (!data) | |
1530 | return; | |
1531 | ||
1532 | if (data[IFLA_GRE_LINK]) | |
1533 | parms->link = nla_get_u32(data[IFLA_GRE_LINK]); | |
1534 | ||
1535 | if (data[IFLA_GRE_IFLAGS]) | |
1536 | parms->i_flags = nla_get_be16(data[IFLA_GRE_IFLAGS]); | |
1537 | ||
1538 | if (data[IFLA_GRE_OFLAGS]) | |
1539 | parms->o_flags = nla_get_be16(data[IFLA_GRE_OFLAGS]); | |
1540 | ||
1541 | if (data[IFLA_GRE_IKEY]) | |
1542 | parms->i_key = nla_get_be32(data[IFLA_GRE_IKEY]); | |
1543 | ||
1544 | if (data[IFLA_GRE_OKEY]) | |
1545 | parms->o_key = nla_get_be32(data[IFLA_GRE_OKEY]); | |
1546 | ||
1547 | if (data[IFLA_GRE_LOCAL]) | |
4d74f8ba | 1548 | parms->iph.saddr = nla_get_be32(data[IFLA_GRE_LOCAL]); |
c19e654d HX |
1549 | |
1550 | if (data[IFLA_GRE_REMOTE]) | |
4d74f8ba | 1551 | parms->iph.daddr = nla_get_be32(data[IFLA_GRE_REMOTE]); |
c19e654d HX |
1552 | |
1553 | if (data[IFLA_GRE_TTL]) | |
1554 | parms->iph.ttl = nla_get_u8(data[IFLA_GRE_TTL]); | |
1555 | ||
1556 | if (data[IFLA_GRE_TOS]) | |
1557 | parms->iph.tos = nla_get_u8(data[IFLA_GRE_TOS]); | |
1558 | ||
1559 | if (!data[IFLA_GRE_PMTUDISC] || nla_get_u8(data[IFLA_GRE_PMTUDISC])) | |
1560 | parms->iph.frag_off = htons(IP_DF); | |
1561 | } | |
1562 | ||
e1a80002 HX |
1563 | static int ipgre_tap_init(struct net_device *dev) |
1564 | { | |
1565 | struct ip_tunnel *tunnel; | |
1566 | ||
1567 | tunnel = netdev_priv(dev); | |
1568 | ||
1569 | tunnel->dev = dev; | |
1570 | strcpy(tunnel->parms.name, dev->name); | |
1571 | ||
1572 | ipgre_tunnel_bind_dev(dev); | |
1573 | ||
e985aad7 ED |
1574 | dev->tstats = alloc_percpu(struct pcpu_tstats); |
1575 | if (!dev->tstats) | |
1576 | return -ENOMEM; | |
1577 | ||
e1a80002 HX |
1578 | return 0; |
1579 | } | |
1580 | ||
b8c26a33 SH |
1581 | static const struct net_device_ops ipgre_tap_netdev_ops = { |
1582 | .ndo_init = ipgre_tap_init, | |
1583 | .ndo_uninit = ipgre_tunnel_uninit, | |
1584 | .ndo_start_xmit = ipgre_tunnel_xmit, | |
1585 | .ndo_set_mac_address = eth_mac_addr, | |
1586 | .ndo_validate_addr = eth_validate_addr, | |
1587 | .ndo_change_mtu = ipgre_tunnel_change_mtu, | |
87b6d218 | 1588 | .ndo_get_stats64 = ipgre_get_stats64, |
b8c26a33 SH |
1589 | }; |
1590 | ||
e1a80002 HX |
1591 | static void ipgre_tap_setup(struct net_device *dev) |
1592 | { | |
1593 | ||
1594 | ether_setup(dev); | |
1595 | ||
2e9526b3 | 1596 | dev->netdev_ops = &ipgre_tap_netdev_ops; |
e985aad7 | 1597 | dev->destructor = ipgre_dev_free; |
e1a80002 HX |
1598 | |
1599 | dev->iflink = 0; | |
1600 | dev->features |= NETIF_F_NETNS_LOCAL; | |
1601 | } | |
1602 | ||
81adee47 | 1603 | static int ipgre_newlink(struct net *src_net, struct net_device *dev, struct nlattr *tb[], |
c19e654d HX |
1604 | struct nlattr *data[]) |
1605 | { | |
1606 | struct ip_tunnel *nt; | |
1607 | struct net *net = dev_net(dev); | |
1608 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); | |
1609 | int mtu; | |
1610 | int err; | |
1611 | ||
1612 | nt = netdev_priv(dev); | |
1613 | ipgre_netlink_parms(data, &nt->parms); | |
1614 | ||
e1a80002 | 1615 | if (ipgre_tunnel_find(net, &nt->parms, dev->type)) |
c19e654d HX |
1616 | return -EEXIST; |
1617 | ||
e1a80002 | 1618 | if (dev->type == ARPHRD_ETHER && !tb[IFLA_ADDRESS]) |
f2cedb63 | 1619 | eth_hw_addr_random(dev); |
e1a80002 | 1620 | |
c19e654d HX |
1621 | mtu = ipgre_tunnel_bind_dev(dev); |
1622 | if (!tb[IFLA_MTU]) | |
1623 | dev->mtu = mtu; | |
1624 | ||
b790e01a ED |
1625 | /* Can use a lockless transmit, unless we generate output sequences */ |
1626 | if (!(nt->parms.o_flags & GRE_SEQ)) | |
1627 | dev->features |= NETIF_F_LLTX; | |
1628 | ||
c19e654d HX |
1629 | err = register_netdevice(dev); |
1630 | if (err) | |
1631 | goto out; | |
1632 | ||
1633 | dev_hold(dev); | |
1634 | ipgre_tunnel_link(ign, nt); | |
1635 | ||
1636 | out: | |
1637 | return err; | |
1638 | } | |
1639 | ||
1640 | static int ipgre_changelink(struct net_device *dev, struct nlattr *tb[], | |
1641 | struct nlattr *data[]) | |
1642 | { | |
1643 | struct ip_tunnel *t, *nt; | |
1644 | struct net *net = dev_net(dev); | |
1645 | struct ipgre_net *ign = net_generic(net, ipgre_net_id); | |
1646 | struct ip_tunnel_parm p; | |
1647 | int mtu; | |
1648 | ||
1649 | if (dev == ign->fb_tunnel_dev) | |
1650 | return -EINVAL; | |
1651 | ||
1652 | nt = netdev_priv(dev); | |
1653 | ipgre_netlink_parms(data, &p); | |
1654 | ||
1655 | t = ipgre_tunnel_locate(net, &p, 0); | |
1656 | ||
1657 | if (t) { | |
1658 | if (t->dev != dev) | |
1659 | return -EEXIST; | |
1660 | } else { | |
c19e654d HX |
1661 | t = nt; |
1662 | ||
2e9526b3 | 1663 | if (dev->type != ARPHRD_ETHER) { |
1507850b | 1664 | unsigned int nflags = 0; |
c19e654d | 1665 | |
2e9526b3 HX |
1666 | if (ipv4_is_multicast(p.iph.daddr)) |
1667 | nflags = IFF_BROADCAST; | |
1668 | else if (p.iph.daddr) | |
1669 | nflags = IFF_POINTOPOINT; | |
1670 | ||
1671 | if ((dev->flags ^ nflags) & | |
1672 | (IFF_POINTOPOINT | IFF_BROADCAST)) | |
1673 | return -EINVAL; | |
1674 | } | |
c19e654d HX |
1675 | |
1676 | ipgre_tunnel_unlink(ign, t); | |
1677 | t->parms.iph.saddr = p.iph.saddr; | |
1678 | t->parms.iph.daddr = p.iph.daddr; | |
1679 | t->parms.i_key = p.i_key; | |
2e9526b3 HX |
1680 | if (dev->type != ARPHRD_ETHER) { |
1681 | memcpy(dev->dev_addr, &p.iph.saddr, 4); | |
1682 | memcpy(dev->broadcast, &p.iph.daddr, 4); | |
1683 | } | |
c19e654d HX |
1684 | ipgre_tunnel_link(ign, t); |
1685 | netdev_state_change(dev); | |
1686 | } | |
1687 | ||
1688 | t->parms.o_key = p.o_key; | |
1689 | t->parms.iph.ttl = p.iph.ttl; | |
1690 | t->parms.iph.tos = p.iph.tos; | |
1691 | t->parms.iph.frag_off = p.iph.frag_off; | |
1692 | ||
1693 | if (t->parms.link != p.link) { | |
1694 | t->parms.link = p.link; | |
1695 | mtu = ipgre_tunnel_bind_dev(dev); | |
1696 | if (!tb[IFLA_MTU]) | |
1697 | dev->mtu = mtu; | |
1698 | netdev_state_change(dev); | |
1699 | } | |
1700 | ||
1701 | return 0; | |
1702 | } | |
1703 | ||
1704 | static size_t ipgre_get_size(const struct net_device *dev) | |
1705 | { | |
1706 | return | |
1707 | /* IFLA_GRE_LINK */ | |
1708 | nla_total_size(4) + | |
1709 | /* IFLA_GRE_IFLAGS */ | |
1710 | nla_total_size(2) + | |
1711 | /* IFLA_GRE_OFLAGS */ | |
1712 | nla_total_size(2) + | |
1713 | /* IFLA_GRE_IKEY */ | |
1714 | nla_total_size(4) + | |
1715 | /* IFLA_GRE_OKEY */ | |
1716 | nla_total_size(4) + | |
1717 | /* IFLA_GRE_LOCAL */ | |
1718 | nla_total_size(4) + | |
1719 | /* IFLA_GRE_REMOTE */ | |
1720 | nla_total_size(4) + | |
1721 | /* IFLA_GRE_TTL */ | |
1722 | nla_total_size(1) + | |
1723 | /* IFLA_GRE_TOS */ | |
1724 | nla_total_size(1) + | |
1725 | /* IFLA_GRE_PMTUDISC */ | |
1726 | nla_total_size(1) + | |
1727 | 0; | |
1728 | } | |
1729 | ||
1730 | static int ipgre_fill_info(struct sk_buff *skb, const struct net_device *dev) | |
1731 | { | |
1732 | struct ip_tunnel *t = netdev_priv(dev); | |
1733 | struct ip_tunnel_parm *p = &t->parms; | |
1734 | ||
f3756b79 DM |
1735 | if (nla_put_u32(skb, IFLA_GRE_LINK, p->link) || |
1736 | nla_put_be16(skb, IFLA_GRE_IFLAGS, p->i_flags) || | |
1737 | nla_put_be16(skb, IFLA_GRE_OFLAGS, p->o_flags) || | |
1738 | nla_put_be32(skb, IFLA_GRE_IKEY, p->i_key) || | |
1739 | nla_put_be32(skb, IFLA_GRE_OKEY, p->o_key) || | |
1740 | nla_put_be32(skb, IFLA_GRE_LOCAL, p->iph.saddr) || | |
1741 | nla_put_be32(skb, IFLA_GRE_REMOTE, p->iph.daddr) || | |
1742 | nla_put_u8(skb, IFLA_GRE_TTL, p->iph.ttl) || | |
1743 | nla_put_u8(skb, IFLA_GRE_TOS, p->iph.tos) || | |
1744 | nla_put_u8(skb, IFLA_GRE_PMTUDISC, | |
1745 | !!(p->iph.frag_off & htons(IP_DF)))) | |
1746 | goto nla_put_failure; | |
c19e654d HX |
1747 | return 0; |
1748 | ||
1749 | nla_put_failure: | |
1750 | return -EMSGSIZE; | |
1751 | } | |
1752 | ||
1753 | static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = { | |
1754 | [IFLA_GRE_LINK] = { .type = NLA_U32 }, | |
1755 | [IFLA_GRE_IFLAGS] = { .type = NLA_U16 }, | |
1756 | [IFLA_GRE_OFLAGS] = { .type = NLA_U16 }, | |
1757 | [IFLA_GRE_IKEY] = { .type = NLA_U32 }, | |
1758 | [IFLA_GRE_OKEY] = { .type = NLA_U32 }, | |
4d74f8ba PM |
1759 | [IFLA_GRE_LOCAL] = { .len = FIELD_SIZEOF(struct iphdr, saddr) }, |
1760 | [IFLA_GRE_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) }, | |
c19e654d HX |
1761 | [IFLA_GRE_TTL] = { .type = NLA_U8 }, |
1762 | [IFLA_GRE_TOS] = { .type = NLA_U8 }, | |
1763 | [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 }, | |
1764 | }; | |
1765 | ||
1766 | static struct rtnl_link_ops ipgre_link_ops __read_mostly = { | |
1767 | .kind = "gre", | |
1768 | .maxtype = IFLA_GRE_MAX, | |
1769 | .policy = ipgre_policy, | |
1770 | .priv_size = sizeof(struct ip_tunnel), | |
1771 | .setup = ipgre_tunnel_setup, | |
1772 | .validate = ipgre_tunnel_validate, | |
1773 | .newlink = ipgre_newlink, | |
1774 | .changelink = ipgre_changelink, | |
1775 | .get_size = ipgre_get_size, | |
1776 | .fill_info = ipgre_fill_info, | |
1777 | }; | |
1778 | ||
e1a80002 HX |
1779 | static struct rtnl_link_ops ipgre_tap_ops __read_mostly = { |
1780 | .kind = "gretap", | |
1781 | .maxtype = IFLA_GRE_MAX, | |
1782 | .policy = ipgre_policy, | |
1783 | .priv_size = sizeof(struct ip_tunnel), | |
1784 | .setup = ipgre_tap_setup, | |
1785 | .validate = ipgre_tap_validate, | |
1786 | .newlink = ipgre_newlink, | |
1787 | .changelink = ipgre_changelink, | |
1788 | .get_size = ipgre_get_size, | |
1789 | .fill_info = ipgre_fill_info, | |
1790 | }; | |
1791 | ||
1da177e4 LT |
1792 | /* |
1793 | * And now the modules code and kernel interface. | |
1794 | */ | |
1795 | ||
1796 | static int __init ipgre_init(void) | |
1797 | { | |
1798 | int err; | |
1799 | ||
058bd4d2 | 1800 | pr_info("GRE over IPv4 tunneling driver\n"); |
1da177e4 | 1801 | |
cfb8fbf2 | 1802 | err = register_pernet_device(&ipgre_net_ops); |
59a4c759 | 1803 | if (err < 0) |
c2892f02 AD |
1804 | return err; |
1805 | ||
00959ade | 1806 | err = gre_add_protocol(&ipgre_protocol, GREPROTO_CISCO); |
c2892f02 | 1807 | if (err < 0) { |
058bd4d2 | 1808 | pr_info("%s: can't add protocol\n", __func__); |
c2892f02 AD |
1809 | goto add_proto_failed; |
1810 | } | |
7daa0004 | 1811 | |
c19e654d HX |
1812 | err = rtnl_link_register(&ipgre_link_ops); |
1813 | if (err < 0) | |
1814 | goto rtnl_link_failed; | |
1815 | ||
e1a80002 HX |
1816 | err = rtnl_link_register(&ipgre_tap_ops); |
1817 | if (err < 0) | |
1818 | goto tap_ops_failed; | |
1819 | ||
c19e654d | 1820 | out: |
1da177e4 | 1821 | return err; |
c19e654d | 1822 | |
e1a80002 HX |
1823 | tap_ops_failed: |
1824 | rtnl_link_unregister(&ipgre_link_ops); | |
c19e654d | 1825 | rtnl_link_failed: |
00959ade | 1826 | gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO); |
c2892f02 AD |
1827 | add_proto_failed: |
1828 | unregister_pernet_device(&ipgre_net_ops); | |
c19e654d | 1829 | goto out; |
1da177e4 LT |
1830 | } |
1831 | ||
db44575f | 1832 | static void __exit ipgre_fini(void) |
1da177e4 | 1833 | { |
e1a80002 | 1834 | rtnl_link_unregister(&ipgre_tap_ops); |
c19e654d | 1835 | rtnl_link_unregister(&ipgre_link_ops); |
00959ade | 1836 | if (gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO) < 0) |
058bd4d2 | 1837 | pr_info("%s: can't remove protocol\n", __func__); |
c2892f02 | 1838 | unregister_pernet_device(&ipgre_net_ops); |
1da177e4 LT |
1839 | } |
1840 | ||
1841 | module_init(ipgre_init); | |
1842 | module_exit(ipgre_fini); | |
1843 | MODULE_LICENSE("GPL"); | |
4d74f8ba PM |
1844 | MODULE_ALIAS_RTNL_LINK("gre"); |
1845 | MODULE_ALIAS_RTNL_LINK("gretap"); | |
8909c9ad | 1846 | MODULE_ALIAS_NETDEV("gre0"); |