This source file includes following definitions.
- HASH
- vti6_tnl_lookup
- vti6_tnl_bucket
- vti6_tnl_link
- vti6_tnl_unlink
- vti6_dev_free
- vti6_tnl_create2
- vti6_tnl_create
- vti6_locate
- vti6_dev_uninit
- vti6_rcv
- vti6_rcv_cb
- vti6_addr_conflict
- vti6_state_check
- vti6_xmit
- vti6_tnl_xmit
- vti6_err
- vti6_link_config
- vti6_tnl_change
- vti6_update
- vti6_parm_from_user
- vti6_parm_to_user
- vti6_ioctl
- vti6_dev_setup
- vti6_dev_init_gen
- vti6_dev_init
- vti6_fb_tnl_dev_init
- vti6_validate
- vti6_netlink_parms
- vti6_newlink
- vti6_dellink
- vti6_changelink
- vti6_get_size
- vti6_fill_info
- vti6_destroy_tunnels
- vti6_init_net
- vti6_exit_batch_net
- vti6_tunnel_init
- vti6_tunnel_cleanup
1
2
3
4
5
6
7
8
9
10
11
12
13
14 #include <linux/module.h>
15 #include <linux/capability.h>
16 #include <linux/errno.h>
17 #include <linux/types.h>
18 #include <linux/sockios.h>
19 #include <linux/icmp.h>
20 #include <linux/if.h>
21 #include <linux/in.h>
22 #include <linux/ip.h>
23 #include <linux/net.h>
24 #include <linux/in6.h>
25 #include <linux/netdevice.h>
26 #include <linux/if_arp.h>
27 #include <linux/icmpv6.h>
28 #include <linux/init.h>
29 #include <linux/route.h>
30 #include <linux/rtnetlink.h>
31 #include <linux/netfilter_ipv6.h>
32 #include <linux/slab.h>
33 #include <linux/hash.h>
34
35 #include <linux/uaccess.h>
36 #include <linux/atomic.h>
37
38 #include <net/icmp.h>
39 #include <net/ip.h>
40 #include <net/ip_tunnels.h>
41 #include <net/ipv6.h>
42 #include <net/ip6_route.h>
43 #include <net/addrconf.h>
44 #include <net/ip6_tunnel.h>
45 #include <net/xfrm.h>
46 #include <net/net_namespace.h>
47 #include <net/netns/generic.h>
48 #include <linux/etherdevice.h>
49
50 #define IP6_VTI_HASH_SIZE_SHIFT 5
51 #define IP6_VTI_HASH_SIZE (1 << IP6_VTI_HASH_SIZE_SHIFT)
52
53 static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
54 {
55 u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2);
56
57 return hash_32(hash, IP6_VTI_HASH_SIZE_SHIFT);
58 }
59
60 static int vti6_dev_init(struct net_device *dev);
61 static void vti6_dev_setup(struct net_device *dev);
62 static struct rtnl_link_ops vti6_link_ops __read_mostly;
63
64 static unsigned int vti6_net_id __read_mostly;
65 struct vti6_net {
66
67 struct net_device *fb_tnl_dev;
68
69 struct ip6_tnl __rcu *tnls_r_l[IP6_VTI_HASH_SIZE];
70 struct ip6_tnl __rcu *tnls_wc[1];
71 struct ip6_tnl __rcu **tnls[2];
72 };
73
74 #define for_each_vti6_tunnel_rcu(start) \
75 for (t = rcu_dereference(start); t; t = rcu_dereference(t->next))
76
77
78
79
80
81
82
83
84
85
86
87
88 static struct ip6_tnl *
89 vti6_tnl_lookup(struct net *net, const struct in6_addr *remote,
90 const struct in6_addr *local)
91 {
92 unsigned int hash = HASH(remote, local);
93 struct ip6_tnl *t;
94 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
95 struct in6_addr any;
96
97 for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
98 if (ipv6_addr_equal(local, &t->parms.laddr) &&
99 ipv6_addr_equal(remote, &t->parms.raddr) &&
100 (t->dev->flags & IFF_UP))
101 return t;
102 }
103
104 memset(&any, 0, sizeof(any));
105 hash = HASH(&any, local);
106 for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
107 if (ipv6_addr_equal(local, &t->parms.laddr) &&
108 (t->dev->flags & IFF_UP))
109 return t;
110 }
111
112 hash = HASH(remote, &any);
113 for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
114 if (ipv6_addr_equal(remote, &t->parms.raddr) &&
115 (t->dev->flags & IFF_UP))
116 return t;
117 }
118
119 t = rcu_dereference(ip6n->tnls_wc[0]);
120 if (t && (t->dev->flags & IFF_UP))
121 return t;
122
123 return NULL;
124 }
125
126
127
128
129
130
131
132
133
134
135
136 static struct ip6_tnl __rcu **
137 vti6_tnl_bucket(struct vti6_net *ip6n, const struct __ip6_tnl_parm *p)
138 {
139 const struct in6_addr *remote = &p->raddr;
140 const struct in6_addr *local = &p->laddr;
141 unsigned int h = 0;
142 int prio = 0;
143
144 if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) {
145 prio = 1;
146 h = HASH(remote, local);
147 }
148 return &ip6n->tnls[prio][h];
149 }
150
151 static void
152 vti6_tnl_link(struct vti6_net *ip6n, struct ip6_tnl *t)
153 {
154 struct ip6_tnl __rcu **tp = vti6_tnl_bucket(ip6n, &t->parms);
155
156 rcu_assign_pointer(t->next , rtnl_dereference(*tp));
157 rcu_assign_pointer(*tp, t);
158 }
159
160 static void
161 vti6_tnl_unlink(struct vti6_net *ip6n, struct ip6_tnl *t)
162 {
163 struct ip6_tnl __rcu **tp;
164 struct ip6_tnl *iter;
165
166 for (tp = vti6_tnl_bucket(ip6n, &t->parms);
167 (iter = rtnl_dereference(*tp)) != NULL;
168 tp = &iter->next) {
169 if (t == iter) {
170 rcu_assign_pointer(*tp, t->next);
171 break;
172 }
173 }
174 }
175
176 static void vti6_dev_free(struct net_device *dev)
177 {
178 free_percpu(dev->tstats);
179 }
180
181 static int vti6_tnl_create2(struct net_device *dev)
182 {
183 struct ip6_tnl *t = netdev_priv(dev);
184 struct net *net = dev_net(dev);
185 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
186 int err;
187
188 dev->rtnl_link_ops = &vti6_link_ops;
189 err = register_netdevice(dev);
190 if (err < 0)
191 goto out;
192
193 strcpy(t->parms.name, dev->name);
194
195 dev_hold(dev);
196 vti6_tnl_link(ip6n, t);
197
198 return 0;
199
200 out:
201 return err;
202 }
203
204 static struct ip6_tnl *vti6_tnl_create(struct net *net, struct __ip6_tnl_parm *p)
205 {
206 struct net_device *dev;
207 struct ip6_tnl *t;
208 char name[IFNAMSIZ];
209 int err;
210
211 if (p->name[0]) {
212 if (!dev_valid_name(p->name))
213 goto failed;
214 strlcpy(name, p->name, IFNAMSIZ);
215 } else {
216 sprintf(name, "ip6_vti%%d");
217 }
218
219 dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, vti6_dev_setup);
220 if (!dev)
221 goto failed;
222
223 dev_net_set(dev, net);
224
225 t = netdev_priv(dev);
226 t->parms = *p;
227 t->net = dev_net(dev);
228
229 err = vti6_tnl_create2(dev);
230 if (err < 0)
231 goto failed_free;
232
233 return t;
234
235 failed_free:
236 free_netdev(dev);
237 failed:
238 return NULL;
239 }
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255 static struct ip6_tnl *vti6_locate(struct net *net, struct __ip6_tnl_parm *p,
256 int create)
257 {
258 const struct in6_addr *remote = &p->raddr;
259 const struct in6_addr *local = &p->laddr;
260 struct ip6_tnl __rcu **tp;
261 struct ip6_tnl *t;
262 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
263
264 for (tp = vti6_tnl_bucket(ip6n, p);
265 (t = rtnl_dereference(*tp)) != NULL;
266 tp = &t->next) {
267 if (ipv6_addr_equal(local, &t->parms.laddr) &&
268 ipv6_addr_equal(remote, &t->parms.raddr)) {
269 if (create)
270 return NULL;
271
272 return t;
273 }
274 }
275 if (!create)
276 return NULL;
277 return vti6_tnl_create(net, p);
278 }
279
280
281
282
283
284
285
286
287 static void vti6_dev_uninit(struct net_device *dev)
288 {
289 struct ip6_tnl *t = netdev_priv(dev);
290 struct vti6_net *ip6n = net_generic(t->net, vti6_net_id);
291
292 if (dev == ip6n->fb_tnl_dev)
293 RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL);
294 else
295 vti6_tnl_unlink(ip6n, t);
296 dev_put(dev);
297 }
298
299 static int vti6_rcv(struct sk_buff *skb)
300 {
301 struct ip6_tnl *t;
302 const struct ipv6hdr *ipv6h = ipv6_hdr(skb);
303
304 rcu_read_lock();
305 t = vti6_tnl_lookup(dev_net(skb->dev), &ipv6h->saddr, &ipv6h->daddr);
306 if (t) {
307 if (t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) {
308 rcu_read_unlock();
309 goto discard;
310 }
311
312 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
313 rcu_read_unlock();
314 goto discard;
315 }
316
317 ipv6h = ipv6_hdr(skb);
318 if (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr)) {
319 t->dev->stats.rx_dropped++;
320 rcu_read_unlock();
321 goto discard;
322 }
323
324 rcu_read_unlock();
325
326 return xfrm6_rcv_tnl(skb, t);
327 }
328 rcu_read_unlock();
329 return -EINVAL;
330 discard:
331 kfree_skb(skb);
332 return 0;
333 }
334
335 static int vti6_rcv_cb(struct sk_buff *skb, int err)
336 {
337 unsigned short family;
338 struct net_device *dev;
339 struct pcpu_sw_netstats *tstats;
340 struct xfrm_state *x;
341 const struct xfrm_mode *inner_mode;
342 struct ip6_tnl *t = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6;
343 u32 orig_mark = skb->mark;
344 int ret;
345
346 if (!t)
347 return 1;
348
349 dev = t->dev;
350
351 if (err) {
352 dev->stats.rx_errors++;
353 dev->stats.rx_dropped++;
354
355 return 0;
356 }
357
358 x = xfrm_input_state(skb);
359
360 inner_mode = &x->inner_mode;
361
362 if (x->sel.family == AF_UNSPEC) {
363 inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
364 if (inner_mode == NULL) {
365 XFRM_INC_STATS(dev_net(skb->dev),
366 LINUX_MIB_XFRMINSTATEMODEERROR);
367 return -EINVAL;
368 }
369 }
370
371 family = inner_mode->family;
372
373 skb->mark = be32_to_cpu(t->parms.i_key);
374 ret = xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family);
375 skb->mark = orig_mark;
376
377 if (!ret)
378 return -EPERM;
379
380 skb_scrub_packet(skb, !net_eq(t->net, dev_net(skb->dev)));
381 skb->dev = dev;
382
383 tstats = this_cpu_ptr(dev->tstats);
384 u64_stats_update_begin(&tstats->syncp);
385 tstats->rx_packets++;
386 tstats->rx_bytes += skb->len;
387 u64_stats_update_end(&tstats->syncp);
388
389 return 0;
390 }
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405 static inline bool
406 vti6_addr_conflict(const struct ip6_tnl *t, const struct ipv6hdr *hdr)
407 {
408 return ipv6_addr_equal(&t->parms.raddr, &hdr->saddr);
409 }
410
411 static bool vti6_state_check(const struct xfrm_state *x,
412 const struct in6_addr *dst,
413 const struct in6_addr *src)
414 {
415 xfrm_address_t *daddr = (xfrm_address_t *)dst;
416 xfrm_address_t *saddr = (xfrm_address_t *)src;
417
418
419
420
421 if (!x || x->props.mode != XFRM_MODE_TUNNEL ||
422 x->props.family != AF_INET6)
423 return false;
424
425 if (ipv6_addr_any(dst))
426 return xfrm_addr_equal(saddr, &x->props.saddr, AF_INET6);
427
428 if (!xfrm_state_addr_check(x, daddr, saddr, AF_INET6))
429 return false;
430
431 return true;
432 }
433
434
435
436
437
438
439
440 static int
441 vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
442 {
443 struct ip6_tnl *t = netdev_priv(dev);
444 struct net_device_stats *stats = &t->dev->stats;
445 struct dst_entry *dst = skb_dst(skb);
446 struct net_device *tdev;
447 struct xfrm_state *x;
448 int pkt_len = skb->len;
449 int err = -1;
450 int mtu;
451
452 if (!dst) {
453 switch (skb->protocol) {
454 case htons(ETH_P_IP): {
455 struct rtable *rt;
456
457 fl->u.ip4.flowi4_oif = dev->ifindex;
458 fl->u.ip4.flowi4_flags |= FLOWI_FLAG_ANYSRC;
459 rt = __ip_route_output_key(dev_net(dev), &fl->u.ip4);
460 if (IS_ERR(rt))
461 goto tx_err_link_failure;
462 dst = &rt->dst;
463 skb_dst_set(skb, dst);
464 break;
465 }
466 case htons(ETH_P_IPV6):
467 fl->u.ip6.flowi6_oif = dev->ifindex;
468 fl->u.ip6.flowi6_flags |= FLOWI_FLAG_ANYSRC;
469 dst = ip6_route_output(dev_net(dev), NULL, &fl->u.ip6);
470 if (dst->error) {
471 dst_release(dst);
472 dst = NULL;
473 goto tx_err_link_failure;
474 }
475 skb_dst_set(skb, dst);
476 break;
477 default:
478 goto tx_err_link_failure;
479 }
480 }
481
482 dst_hold(dst);
483 dst = xfrm_lookup(t->net, dst, fl, NULL, 0);
484 if (IS_ERR(dst)) {
485 err = PTR_ERR(dst);
486 dst = NULL;
487 goto tx_err_link_failure;
488 }
489
490 x = dst->xfrm;
491 if (!vti6_state_check(x, &t->parms.raddr, &t->parms.laddr))
492 goto tx_err_link_failure;
493
494 if (!ip6_tnl_xmit_ctl(t, (const struct in6_addr *)&x->props.saddr,
495 (const struct in6_addr *)&x->id.daddr))
496 goto tx_err_link_failure;
497
498 tdev = dst->dev;
499
500 if (tdev == dev) {
501 stats->collisions++;
502 net_warn_ratelimited("%s: Local routing loop detected!\n",
503 t->parms.name);
504 goto tx_err_dst_release;
505 }
506
507 mtu = dst_mtu(dst);
508 if (skb->len > mtu) {
509 skb_dst_update_pmtu_no_confirm(skb, mtu);
510
511 if (skb->protocol == htons(ETH_P_IPV6)) {
512 if (mtu < IPV6_MIN_MTU)
513 mtu = IPV6_MIN_MTU;
514
515 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
516 } else {
517 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
518 htonl(mtu));
519 }
520
521 err = -EMSGSIZE;
522 goto tx_err_dst_release;
523 }
524
525 skb_scrub_packet(skb, !net_eq(t->net, dev_net(dev)));
526 skb_dst_set(skb, dst);
527 skb->dev = skb_dst(skb)->dev;
528
529 err = dst_output(t->net, skb->sk, skb);
530 if (net_xmit_eval(err) == 0)
531 err = pkt_len;
532 iptunnel_xmit_stats(dev, err);
533
534 return 0;
535 tx_err_link_failure:
536 stats->tx_carrier_errors++;
537 dst_link_failure(skb);
538 tx_err_dst_release:
539 dst_release(dst);
540 return err;
541 }
542
543 static netdev_tx_t
544 vti6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
545 {
546 struct ip6_tnl *t = netdev_priv(dev);
547 struct net_device_stats *stats = &t->dev->stats;
548 struct flowi fl;
549 int ret;
550
551 if (!pskb_inet_may_pull(skb))
552 goto tx_err;
553
554 memset(&fl, 0, sizeof(fl));
555
556 switch (skb->protocol) {
557 case htons(ETH_P_IPV6):
558 if ((t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) ||
559 vti6_addr_conflict(t, ipv6_hdr(skb)))
560 goto tx_err;
561
562 xfrm_decode_session(skb, &fl, AF_INET6);
563 memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
564 break;
565 case htons(ETH_P_IP):
566 xfrm_decode_session(skb, &fl, AF_INET);
567 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
568 break;
569 default:
570 goto tx_err;
571 }
572
573
574 fl.flowi_mark = be32_to_cpu(t->parms.o_key);
575
576 ret = vti6_xmit(skb, dev, &fl);
577 if (ret < 0)
578 goto tx_err;
579
580 return NETDEV_TX_OK;
581
582 tx_err:
583 stats->tx_errors++;
584 stats->tx_dropped++;
585 kfree_skb(skb);
586 return NETDEV_TX_OK;
587 }
588
589 static int vti6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
590 u8 type, u8 code, int offset, __be32 info)
591 {
592 __be32 spi;
593 __u32 mark;
594 struct xfrm_state *x;
595 struct ip6_tnl *t;
596 struct ip_esp_hdr *esph;
597 struct ip_auth_hdr *ah;
598 struct ip_comp_hdr *ipch;
599 struct net *net = dev_net(skb->dev);
600 const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
601 int protocol = iph->nexthdr;
602
603 t = vti6_tnl_lookup(dev_net(skb->dev), &iph->daddr, &iph->saddr);
604 if (!t)
605 return -1;
606
607 mark = be32_to_cpu(t->parms.o_key);
608
609 switch (protocol) {
610 case IPPROTO_ESP:
611 esph = (struct ip_esp_hdr *)(skb->data + offset);
612 spi = esph->spi;
613 break;
614 case IPPROTO_AH:
615 ah = (struct ip_auth_hdr *)(skb->data + offset);
616 spi = ah->spi;
617 break;
618 case IPPROTO_COMP:
619 ipch = (struct ip_comp_hdr *)(skb->data + offset);
620 spi = htonl(ntohs(ipch->cpi));
621 break;
622 default:
623 return 0;
624 }
625
626 if (type != ICMPV6_PKT_TOOBIG &&
627 type != NDISC_REDIRECT)
628 return 0;
629
630 x = xfrm_state_lookup(net, mark, (const xfrm_address_t *)&iph->daddr,
631 spi, protocol, AF_INET6);
632 if (!x)
633 return 0;
634
635 if (type == NDISC_REDIRECT)
636 ip6_redirect(skb, net, skb->dev->ifindex, 0,
637 sock_net_uid(net, NULL));
638 else
639 ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
640 xfrm_state_put(x);
641
642 return 0;
643 }
644
645 static void vti6_link_config(struct ip6_tnl *t, bool keep_mtu)
646 {
647 struct net_device *dev = t->dev;
648 struct __ip6_tnl_parm *p = &t->parms;
649 struct net_device *tdev = NULL;
650 int mtu;
651
652 memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr));
653 memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr));
654
655 p->flags &= ~(IP6_TNL_F_CAP_XMIT | IP6_TNL_F_CAP_RCV |
656 IP6_TNL_F_CAP_PER_PACKET);
657 p->flags |= ip6_tnl_get_cap(t, &p->laddr, &p->raddr);
658
659 if (p->flags & IP6_TNL_F_CAP_XMIT && p->flags & IP6_TNL_F_CAP_RCV)
660 dev->flags |= IFF_POINTOPOINT;
661 else
662 dev->flags &= ~IFF_POINTOPOINT;
663
664 if (keep_mtu && dev->mtu) {
665 dev->mtu = clamp(dev->mtu, dev->min_mtu, dev->max_mtu);
666 return;
667 }
668
669 if (p->flags & IP6_TNL_F_CAP_XMIT) {
670 int strict = (ipv6_addr_type(&p->raddr) &
671 (IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL));
672 struct rt6_info *rt = rt6_lookup(t->net,
673 &p->raddr, &p->laddr,
674 p->link, NULL, strict);
675
676 if (rt)
677 tdev = rt->dst.dev;
678 ip6_rt_put(rt);
679 }
680
681 if (!tdev && p->link)
682 tdev = __dev_get_by_index(t->net, p->link);
683
684 if (tdev)
685 mtu = tdev->mtu - sizeof(struct ipv6hdr);
686 else
687 mtu = ETH_DATA_LEN - LL_MAX_HEADER - sizeof(struct ipv6hdr);
688
689 dev->mtu = max_t(int, mtu, IPV4_MIN_MTU);
690 }
691
692
693
694
695
696
697
698
699
700
701 static int
702 vti6_tnl_change(struct ip6_tnl *t, const struct __ip6_tnl_parm *p,
703 bool keep_mtu)
704 {
705 t->parms.laddr = p->laddr;
706 t->parms.raddr = p->raddr;
707 t->parms.link = p->link;
708 t->parms.i_key = p->i_key;
709 t->parms.o_key = p->o_key;
710 t->parms.proto = p->proto;
711 t->parms.fwmark = p->fwmark;
712 dst_cache_reset(&t->dst_cache);
713 vti6_link_config(t, keep_mtu);
714 return 0;
715 }
716
717 static int vti6_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p,
718 bool keep_mtu)
719 {
720 struct net *net = dev_net(t->dev);
721 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
722 int err;
723
724 vti6_tnl_unlink(ip6n, t);
725 synchronize_net();
726 err = vti6_tnl_change(t, p, keep_mtu);
727 vti6_tnl_link(ip6n, t);
728 netdev_state_change(t->dev);
729 return err;
730 }
731
732 static void
733 vti6_parm_from_user(struct __ip6_tnl_parm *p, const struct ip6_tnl_parm2 *u)
734 {
735 p->laddr = u->laddr;
736 p->raddr = u->raddr;
737 p->link = u->link;
738 p->i_key = u->i_key;
739 p->o_key = u->o_key;
740 p->proto = u->proto;
741
742 memcpy(p->name, u->name, sizeof(u->name));
743 }
744
745 static void
746 vti6_parm_to_user(struct ip6_tnl_parm2 *u, const struct __ip6_tnl_parm *p)
747 {
748 u->laddr = p->laddr;
749 u->raddr = p->raddr;
750 u->link = p->link;
751 u->i_key = p->i_key;
752 u->o_key = p->o_key;
753 if (u->i_key)
754 u->i_flags |= GRE_KEY;
755 if (u->o_key)
756 u->o_flags |= GRE_KEY;
757 u->proto = p->proto;
758
759 memcpy(u->name, p->name, sizeof(u->name));
760 }
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789 static int
790 vti6_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
791 {
792 int err = 0;
793 struct ip6_tnl_parm2 p;
794 struct __ip6_tnl_parm p1;
795 struct ip6_tnl *t = NULL;
796 struct net *net = dev_net(dev);
797 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
798
799 switch (cmd) {
800 case SIOCGETTUNNEL:
801 if (dev == ip6n->fb_tnl_dev) {
802 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
803 err = -EFAULT;
804 break;
805 }
806 vti6_parm_from_user(&p1, &p);
807 t = vti6_locate(net, &p1, 0);
808 } else {
809 memset(&p, 0, sizeof(p));
810 }
811 if (!t)
812 t = netdev_priv(dev);
813 vti6_parm_to_user(&p, &t->parms);
814 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
815 err = -EFAULT;
816 break;
817 case SIOCADDTUNNEL:
818 case SIOCCHGTUNNEL:
819 err = -EPERM;
820 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
821 break;
822 err = -EFAULT;
823 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
824 break;
825 err = -EINVAL;
826 if (p.proto != IPPROTO_IPV6 && p.proto != 0)
827 break;
828 vti6_parm_from_user(&p1, &p);
829 t = vti6_locate(net, &p1, cmd == SIOCADDTUNNEL);
830 if (dev != ip6n->fb_tnl_dev && cmd == SIOCCHGTUNNEL) {
831 if (t) {
832 if (t->dev != dev) {
833 err = -EEXIST;
834 break;
835 }
836 } else
837 t = netdev_priv(dev);
838
839 err = vti6_update(t, &p1, false);
840 }
841 if (t) {
842 err = 0;
843 vti6_parm_to_user(&p, &t->parms);
844 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
845 err = -EFAULT;
846
847 } else
848 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
849 break;
850 case SIOCDELTUNNEL:
851 err = -EPERM;
852 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
853 break;
854
855 if (dev == ip6n->fb_tnl_dev) {
856 err = -EFAULT;
857 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
858 break;
859 err = -ENOENT;
860 vti6_parm_from_user(&p1, &p);
861 t = vti6_locate(net, &p1, 0);
862 if (!t)
863 break;
864 err = -EPERM;
865 if (t->dev == ip6n->fb_tnl_dev)
866 break;
867 dev = t->dev;
868 }
869 err = 0;
870 unregister_netdevice(dev);
871 break;
872 default:
873 err = -EINVAL;
874 }
875 return err;
876 }
877
878 static const struct net_device_ops vti6_netdev_ops = {
879 .ndo_init = vti6_dev_init,
880 .ndo_uninit = vti6_dev_uninit,
881 .ndo_start_xmit = vti6_tnl_xmit,
882 .ndo_do_ioctl = vti6_ioctl,
883 .ndo_get_stats64 = ip_tunnel_get_stats64,
884 .ndo_get_iflink = ip6_tnl_get_iflink,
885 };
886
887
888
889
890
891
892
893
894 static void vti6_dev_setup(struct net_device *dev)
895 {
896 dev->netdev_ops = &vti6_netdev_ops;
897 dev->needs_free_netdev = true;
898 dev->priv_destructor = vti6_dev_free;
899
900 dev->type = ARPHRD_TUNNEL6;
901 dev->min_mtu = IPV4_MIN_MTU;
902 dev->max_mtu = IP_MAX_MTU - sizeof(struct ipv6hdr);
903 dev->flags |= IFF_NOARP;
904 dev->addr_len = sizeof(struct in6_addr);
905 netif_keep_dst(dev);
906
907 dev->addr_assign_type = NET_ADDR_RANDOM;
908 eth_random_addr(dev->perm_addr);
909 }
910
911
912
913
914
915 static inline int vti6_dev_init_gen(struct net_device *dev)
916 {
917 struct ip6_tnl *t = netdev_priv(dev);
918
919 t->dev = dev;
920 t->net = dev_net(dev);
921 dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
922 if (!dev->tstats)
923 return -ENOMEM;
924 return 0;
925 }
926
927
928
929
930
931 static int vti6_dev_init(struct net_device *dev)
932 {
933 struct ip6_tnl *t = netdev_priv(dev);
934 int err = vti6_dev_init_gen(dev);
935
936 if (err)
937 return err;
938 vti6_link_config(t, true);
939 return 0;
940 }
941
942
943
944
945
946
947
948 static int __net_init vti6_fb_tnl_dev_init(struct net_device *dev)
949 {
950 struct ip6_tnl *t = netdev_priv(dev);
951 struct net *net = dev_net(dev);
952 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
953
954 t->parms.proto = IPPROTO_IPV6;
955 dev_hold(dev);
956
957 rcu_assign_pointer(ip6n->tnls_wc[0], t);
958 return 0;
959 }
960
961 static int vti6_validate(struct nlattr *tb[], struct nlattr *data[],
962 struct netlink_ext_ack *extack)
963 {
964 return 0;
965 }
966
967 static void vti6_netlink_parms(struct nlattr *data[],
968 struct __ip6_tnl_parm *parms)
969 {
970 memset(parms, 0, sizeof(*parms));
971
972 if (!data)
973 return;
974
975 if (data[IFLA_VTI_LINK])
976 parms->link = nla_get_u32(data[IFLA_VTI_LINK]);
977
978 if (data[IFLA_VTI_LOCAL])
979 parms->laddr = nla_get_in6_addr(data[IFLA_VTI_LOCAL]);
980
981 if (data[IFLA_VTI_REMOTE])
982 parms->raddr = nla_get_in6_addr(data[IFLA_VTI_REMOTE]);
983
984 if (data[IFLA_VTI_IKEY])
985 parms->i_key = nla_get_be32(data[IFLA_VTI_IKEY]);
986
987 if (data[IFLA_VTI_OKEY])
988 parms->o_key = nla_get_be32(data[IFLA_VTI_OKEY]);
989
990 if (data[IFLA_VTI_FWMARK])
991 parms->fwmark = nla_get_u32(data[IFLA_VTI_FWMARK]);
992 }
993
994 static int vti6_newlink(struct net *src_net, struct net_device *dev,
995 struct nlattr *tb[], struct nlattr *data[],
996 struct netlink_ext_ack *extack)
997 {
998 struct net *net = dev_net(dev);
999 struct ip6_tnl *nt;
1000
1001 nt = netdev_priv(dev);
1002 vti6_netlink_parms(data, &nt->parms);
1003
1004 nt->parms.proto = IPPROTO_IPV6;
1005
1006 if (vti6_locate(net, &nt->parms, 0))
1007 return -EEXIST;
1008
1009 return vti6_tnl_create2(dev);
1010 }
1011
1012 static void vti6_dellink(struct net_device *dev, struct list_head *head)
1013 {
1014 struct net *net = dev_net(dev);
1015 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
1016
1017 if (dev != ip6n->fb_tnl_dev)
1018 unregister_netdevice_queue(dev, head);
1019 }
1020
1021 static int vti6_changelink(struct net_device *dev, struct nlattr *tb[],
1022 struct nlattr *data[],
1023 struct netlink_ext_ack *extack)
1024 {
1025 struct ip6_tnl *t;
1026 struct __ip6_tnl_parm p;
1027 struct net *net = dev_net(dev);
1028 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
1029
1030 if (dev == ip6n->fb_tnl_dev)
1031 return -EINVAL;
1032
1033 vti6_netlink_parms(data, &p);
1034
1035 t = vti6_locate(net, &p, 0);
1036
1037 if (t) {
1038 if (t->dev != dev)
1039 return -EEXIST;
1040 } else
1041 t = netdev_priv(dev);
1042
1043 return vti6_update(t, &p, tb && tb[IFLA_MTU]);
1044 }
1045
1046 static size_t vti6_get_size(const struct net_device *dev)
1047 {
1048 return
1049
1050 nla_total_size(4) +
1051
1052 nla_total_size(sizeof(struct in6_addr)) +
1053
1054 nla_total_size(sizeof(struct in6_addr)) +
1055
1056 nla_total_size(4) +
1057
1058 nla_total_size(4) +
1059
1060 nla_total_size(4) +
1061 0;
1062 }
1063
1064 static int vti6_fill_info(struct sk_buff *skb, const struct net_device *dev)
1065 {
1066 struct ip6_tnl *tunnel = netdev_priv(dev);
1067 struct __ip6_tnl_parm *parm = &tunnel->parms;
1068
1069 if (nla_put_u32(skb, IFLA_VTI_LINK, parm->link) ||
1070 nla_put_in6_addr(skb, IFLA_VTI_LOCAL, &parm->laddr) ||
1071 nla_put_in6_addr(skb, IFLA_VTI_REMOTE, &parm->raddr) ||
1072 nla_put_be32(skb, IFLA_VTI_IKEY, parm->i_key) ||
1073 nla_put_be32(skb, IFLA_VTI_OKEY, parm->o_key) ||
1074 nla_put_u32(skb, IFLA_VTI_FWMARK, parm->fwmark))
1075 goto nla_put_failure;
1076 return 0;
1077
1078 nla_put_failure:
1079 return -EMSGSIZE;
1080 }
1081
1082 static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = {
1083 [IFLA_VTI_LINK] = { .type = NLA_U32 },
1084 [IFLA_VTI_LOCAL] = { .len = sizeof(struct in6_addr) },
1085 [IFLA_VTI_REMOTE] = { .len = sizeof(struct in6_addr) },
1086 [IFLA_VTI_IKEY] = { .type = NLA_U32 },
1087 [IFLA_VTI_OKEY] = { .type = NLA_U32 },
1088 [IFLA_VTI_FWMARK] = { .type = NLA_U32 },
1089 };
1090
1091 static struct rtnl_link_ops vti6_link_ops __read_mostly = {
1092 .kind = "vti6",
1093 .maxtype = IFLA_VTI_MAX,
1094 .policy = vti6_policy,
1095 .priv_size = sizeof(struct ip6_tnl),
1096 .setup = vti6_dev_setup,
1097 .validate = vti6_validate,
1098 .newlink = vti6_newlink,
1099 .dellink = vti6_dellink,
1100 .changelink = vti6_changelink,
1101 .get_size = vti6_get_size,
1102 .fill_info = vti6_fill_info,
1103 .get_link_net = ip6_tnl_get_link_net,
1104 };
1105
1106 static void __net_exit vti6_destroy_tunnels(struct vti6_net *ip6n,
1107 struct list_head *list)
1108 {
1109 int h;
1110 struct ip6_tnl *t;
1111
1112 for (h = 0; h < IP6_VTI_HASH_SIZE; h++) {
1113 t = rtnl_dereference(ip6n->tnls_r_l[h]);
1114 while (t) {
1115 unregister_netdevice_queue(t->dev, list);
1116 t = rtnl_dereference(t->next);
1117 }
1118 }
1119
1120 t = rtnl_dereference(ip6n->tnls_wc[0]);
1121 if (t)
1122 unregister_netdevice_queue(t->dev, list);
1123 }
1124
1125 static int __net_init vti6_init_net(struct net *net)
1126 {
1127 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
1128 struct ip6_tnl *t = NULL;
1129 int err;
1130
1131 ip6n->tnls[0] = ip6n->tnls_wc;
1132 ip6n->tnls[1] = ip6n->tnls_r_l;
1133
1134 if (!net_has_fallback_tunnels(net))
1135 return 0;
1136 err = -ENOMEM;
1137 ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6_vti0",
1138 NET_NAME_UNKNOWN, vti6_dev_setup);
1139
1140 if (!ip6n->fb_tnl_dev)
1141 goto err_alloc_dev;
1142 dev_net_set(ip6n->fb_tnl_dev, net);
1143 ip6n->fb_tnl_dev->rtnl_link_ops = &vti6_link_ops;
1144
1145 err = vti6_fb_tnl_dev_init(ip6n->fb_tnl_dev);
1146 if (err < 0)
1147 goto err_register;
1148
1149 err = register_netdev(ip6n->fb_tnl_dev);
1150 if (err < 0)
1151 goto err_register;
1152
1153 t = netdev_priv(ip6n->fb_tnl_dev);
1154
1155 strcpy(t->parms.name, ip6n->fb_tnl_dev->name);
1156 return 0;
1157
1158 err_register:
1159 free_netdev(ip6n->fb_tnl_dev);
1160 err_alloc_dev:
1161 return err;
1162 }
1163
1164 static void __net_exit vti6_exit_batch_net(struct list_head *net_list)
1165 {
1166 struct vti6_net *ip6n;
1167 struct net *net;
1168 LIST_HEAD(list);
1169
1170 rtnl_lock();
1171 list_for_each_entry(net, net_list, exit_list) {
1172 ip6n = net_generic(net, vti6_net_id);
1173 vti6_destroy_tunnels(ip6n, &list);
1174 }
1175 unregister_netdevice_many(&list);
1176 rtnl_unlock();
1177 }
1178
1179 static struct pernet_operations vti6_net_ops = {
1180 .init = vti6_init_net,
1181 .exit_batch = vti6_exit_batch_net,
1182 .id = &vti6_net_id,
1183 .size = sizeof(struct vti6_net),
1184 };
1185
1186 static struct xfrm6_protocol vti_esp6_protocol __read_mostly = {
1187 .handler = vti6_rcv,
1188 .cb_handler = vti6_rcv_cb,
1189 .err_handler = vti6_err,
1190 .priority = 100,
1191 };
1192
1193 static struct xfrm6_protocol vti_ah6_protocol __read_mostly = {
1194 .handler = vti6_rcv,
1195 .cb_handler = vti6_rcv_cb,
1196 .err_handler = vti6_err,
1197 .priority = 100,
1198 };
1199
1200 static struct xfrm6_protocol vti_ipcomp6_protocol __read_mostly = {
1201 .handler = vti6_rcv,
1202 .cb_handler = vti6_rcv_cb,
1203 .err_handler = vti6_err,
1204 .priority = 100,
1205 };
1206
1207
1208
1209
1210
1211
1212 static int __init vti6_tunnel_init(void)
1213 {
1214 const char *msg;
1215 int err;
1216
1217 msg = "tunnel device";
1218 err = register_pernet_device(&vti6_net_ops);
1219 if (err < 0)
1220 goto pernet_dev_failed;
1221
1222 msg = "tunnel protocols";
1223 err = xfrm6_protocol_register(&vti_esp6_protocol, IPPROTO_ESP);
1224 if (err < 0)
1225 goto xfrm_proto_esp_failed;
1226 err = xfrm6_protocol_register(&vti_ah6_protocol, IPPROTO_AH);
1227 if (err < 0)
1228 goto xfrm_proto_ah_failed;
1229 err = xfrm6_protocol_register(&vti_ipcomp6_protocol, IPPROTO_COMP);
1230 if (err < 0)
1231 goto xfrm_proto_comp_failed;
1232
1233 msg = "netlink interface";
1234 err = rtnl_link_register(&vti6_link_ops);
1235 if (err < 0)
1236 goto rtnl_link_failed;
1237
1238 return 0;
1239
1240 rtnl_link_failed:
1241 xfrm6_protocol_deregister(&vti_ipcomp6_protocol, IPPROTO_COMP);
1242 xfrm_proto_comp_failed:
1243 xfrm6_protocol_deregister(&vti_ah6_protocol, IPPROTO_AH);
1244 xfrm_proto_ah_failed:
1245 xfrm6_protocol_deregister(&vti_esp6_protocol, IPPROTO_ESP);
1246 xfrm_proto_esp_failed:
1247 unregister_pernet_device(&vti6_net_ops);
1248 pernet_dev_failed:
1249 pr_err("vti6 init: failed to register %s\n", msg);
1250 return err;
1251 }
1252
1253
1254
1255
1256 static void __exit vti6_tunnel_cleanup(void)
1257 {
1258 rtnl_link_unregister(&vti6_link_ops);
1259 xfrm6_protocol_deregister(&vti_ipcomp6_protocol, IPPROTO_COMP);
1260 xfrm6_protocol_deregister(&vti_ah6_protocol, IPPROTO_AH);
1261 xfrm6_protocol_deregister(&vti_esp6_protocol, IPPROTO_ESP);
1262 unregister_pernet_device(&vti6_net_ops);
1263 }
1264
1265 module_init(vti6_tunnel_init);
1266 module_exit(vti6_tunnel_cleanup);
1267 MODULE_LICENSE("GPL");
1268 MODULE_ALIAS_RTNL_LINK("vti6");
1269 MODULE_ALIAS_NETDEV("ip6_vti0");
1270 MODULE_AUTHOR("Steffen Klassert");
1271 MODULE_DESCRIPTION("IPv6 virtual tunnel interface");