root/net/ipv4/ipip.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. ipip_err
  2. ipip_tunnel_rcv
  3. ipip_rcv
  4. mplsip_rcv
  5. ipip_tunnel_xmit
  6. ipip_tunnel_ioctl_verify_protocol
  7. ipip_tunnel_ioctl
  8. ipip_tunnel_setup
  9. ipip_tunnel_init
  10. ipip_tunnel_validate
  11. ipip_netlink_parms
  12. ipip_netlink_encap_parms
  13. ipip_newlink
  14. ipip_changelink
  15. ipip_get_size
  16. ipip_fill_info
  17. ipip_init_net
  18. ipip_exit_batch_net
  19. ipip_init
  20. ipip_fini
   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /*
   3  *      Linux NET3:     IP/IP protocol decoder.
   4  *
   5  *      Authors:
   6  *              Sam Lantinga (slouken@cs.ucdavis.edu)  02/01/95
   7  *
   8  *      Fixes:
   9  *              Alan Cox        :       Merged and made usable non modular (its so tiny its silly as
  10  *                                      a module taking up 2 pages).
  11  *              Alan Cox        :       Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
  12  *                                      to keep ip_forward happy.
  13  *              Alan Cox        :       More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
  14  *              Kai Schulte     :       Fixed #defines for IP_FIREWALL->FIREWALL
  15  *              David Woodhouse :       Perform some basic ICMP handling.
  16  *                                      IPIP Routing without decapsulation.
  17  *              Carlos Picoto   :       GRE over IP support
  18  *              Alexey Kuznetsov:       Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
  19  *                                      I do not want to merge them together.
  20  */
  21 
  22 /* tunnel.c: an IP tunnel driver
  23 
  24         The purpose of this driver is to provide an IP tunnel through
  25         which you can tunnel network traffic transparently across subnets.
  26 
  27         This was written by looking at Nick Holloway's dummy driver
  28         Thanks for the great code!
  29 
  30                 -Sam Lantinga   (slouken@cs.ucdavis.edu)  02/01/95
  31 
  32         Minor tweaks:
  33                 Cleaned up the code a little and added some pre-1.3.0 tweaks.
  34                 dev->hard_header/hard_header_len changed to use no headers.
  35                 Comments/bracketing tweaked.
  36                 Made the tunnels use dev->name not tunnel: when error reporting.
  37                 Added tx_dropped stat
  38 
  39                 -Alan Cox       (alan@lxorguk.ukuu.org.uk) 21 March 95
  40 
  41         Reworked:
  42                 Changed to tunnel to destination gateway in addition to the
  43                         tunnel's pointopoint address
  44                 Almost completely rewritten
  45                 Note:  There is currently no firewall or ICMP handling done.
  46 
  47                 -Sam Lantinga   (slouken@cs.ucdavis.edu) 02/13/96
  48 
  49 */
  50 
  51 /* Things I wish I had known when writing the tunnel driver:
  52 
  53         When the tunnel_xmit() function is called, the skb contains the
  54         packet to be sent (plus a great deal of extra info), and dev
  55         contains the tunnel device that _we_ are.
  56 
  57         When we are passed a packet, we are expected to fill in the
  58         source address with our source IP address.
  59 
  60         What is the proper way to allocate, copy and free a buffer?
  61         After you allocate it, it is a "0 length" chunk of memory
  62         starting at zero.  If you want to add headers to the buffer
  63         later, you'll have to call "skb_reserve(skb, amount)" with
  64         the amount of memory you want reserved.  Then, you call
  65         "skb_put(skb, amount)" with the amount of space you want in
  66         the buffer.  skb_put() returns a pointer to the top (#0) of
  67         that buffer.  skb->len is set to the amount of space you have
  68         "allocated" with skb_put().  You can then write up to skb->len
  69         bytes to that buffer.  If you need more, you can call skb_put()
  70         again with the additional amount of space you need.  You can
  71         find out how much more space you can allocate by calling
  72         "skb_tailroom(skb)".
  73         Now, to add header space, call "skb_push(skb, header_len)".
  74         This creates space at the beginning of the buffer and returns
  75         a pointer to this new space.  If later you need to strip a
  76         header from a buffer, call "skb_pull(skb, header_len)".
  77         skb_headroom() will return how much space is left at the top
  78         of the buffer (before the main data).  Remember, this headroom
  79         space must be reserved before the skb_put() function is called.
  80         */
  81 
  82 /*
  83    This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
  84 
  85    For comments look at net/ipv4/ip_gre.c --ANK
  86  */
  87 
  88 
  89 #include <linux/capability.h>
  90 #include <linux/module.h>
  91 #include <linux/types.h>
  92 #include <linux/kernel.h>
  93 #include <linux/slab.h>
  94 #include <linux/uaccess.h>
  95 #include <linux/skbuff.h>
  96 #include <linux/netdevice.h>
  97 #include <linux/in.h>
  98 #include <linux/tcp.h>
  99 #include <linux/udp.h>
 100 #include <linux/if_arp.h>
 101 #include <linux/init.h>
 102 #include <linux/netfilter_ipv4.h>
 103 #include <linux/if_ether.h>
 104 
 105 #include <net/sock.h>
 106 #include <net/ip.h>
 107 #include <net/icmp.h>
 108 #include <net/ip_tunnels.h>
 109 #include <net/inet_ecn.h>
 110 #include <net/xfrm.h>
 111 #include <net/net_namespace.h>
 112 #include <net/netns/generic.h>
 113 #include <net/dst_metadata.h>
 114 
 115 static bool log_ecn_error = true;
 116 module_param(log_ecn_error, bool, 0644);
 117 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
 118 
 119 static unsigned int ipip_net_id __read_mostly;
 120 
 121 static int ipip_tunnel_init(struct net_device *dev);
 122 static struct rtnl_link_ops ipip_link_ops __read_mostly;
 123 
 124 static int ipip_err(struct sk_buff *skb, u32 info)
 125 {
 126         /* All the routers (except for Linux) return only
 127          * 8 bytes of packet payload. It means, that precise relaying of
 128          * ICMP in the real Internet is absolutely infeasible.
 129          */
 130         struct net *net = dev_net(skb->dev);
 131         struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
 132         const struct iphdr *iph = (const struct iphdr *)skb->data;
 133         const int type = icmp_hdr(skb)->type;
 134         const int code = icmp_hdr(skb)->code;
 135         struct ip_tunnel *t;
 136         int err = 0;
 137 
 138         t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
 139                              iph->daddr, iph->saddr, 0);
 140         if (!t) {
 141                 err = -ENOENT;
 142                 goto out;
 143         }
 144 
 145         switch (type) {
 146         case ICMP_DEST_UNREACH:
 147                 switch (code) {
 148                 case ICMP_SR_FAILED:
 149                         /* Impossible event. */
 150                         goto out;
 151                 default:
 152                         /* All others are translated to HOST_UNREACH.
 153                          * rfc2003 contains "deep thoughts" about NET_UNREACH,
 154                          * I believe they are just ether pollution. --ANK
 155                          */
 156                         break;
 157                 }
 158                 break;
 159 
 160         case ICMP_TIME_EXCEEDED:
 161                 if (code != ICMP_EXC_TTL)
 162                         goto out;
 163                 break;
 164 
 165         case ICMP_REDIRECT:
 166                 break;
 167 
 168         default:
 169                 goto out;
 170         }
 171 
 172         if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
 173                 ipv4_update_pmtu(skb, net, info, t->parms.link, iph->protocol);
 174                 goto out;
 175         }
 176 
 177         if (type == ICMP_REDIRECT) {
 178                 ipv4_redirect(skb, net, t->parms.link, iph->protocol);
 179                 goto out;
 180         }
 181 
 182         if (t->parms.iph.daddr == 0) {
 183                 err = -ENOENT;
 184                 goto out;
 185         }
 186 
 187         if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
 188                 goto out;
 189 
 190         if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
 191                 t->err_count++;
 192         else
 193                 t->err_count = 1;
 194         t->err_time = jiffies;
 195 
 196 out:
 197         return err;
 198 }
 199 
 200 static const struct tnl_ptk_info ipip_tpi = {
 201         /* no tunnel info required for ipip. */
 202         .proto = htons(ETH_P_IP),
 203 };
 204 
 205 #if IS_ENABLED(CONFIG_MPLS)
 206 static const struct tnl_ptk_info mplsip_tpi = {
 207         /* no tunnel info required for mplsip. */
 208         .proto = htons(ETH_P_MPLS_UC),
 209 };
 210 #endif
 211 
 212 static int ipip_tunnel_rcv(struct sk_buff *skb, u8 ipproto)
 213 {
 214         struct net *net = dev_net(skb->dev);
 215         struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
 216         struct metadata_dst *tun_dst = NULL;
 217         struct ip_tunnel *tunnel;
 218         const struct iphdr *iph;
 219 
 220         iph = ip_hdr(skb);
 221         tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
 222                         iph->saddr, iph->daddr, 0);
 223         if (tunnel) {
 224                 const struct tnl_ptk_info *tpi;
 225 
 226                 if (tunnel->parms.iph.protocol != ipproto &&
 227                     tunnel->parms.iph.protocol != 0)
 228                         goto drop;
 229 
 230                 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
 231                         goto drop;
 232 #if IS_ENABLED(CONFIG_MPLS)
 233                 if (ipproto == IPPROTO_MPLS)
 234                         tpi = &mplsip_tpi;
 235                 else
 236 #endif
 237                         tpi = &ipip_tpi;
 238                 if (iptunnel_pull_header(skb, 0, tpi->proto, false))
 239                         goto drop;
 240                 if (tunnel->collect_md) {
 241                         tun_dst = ip_tun_rx_dst(skb, 0, 0, 0);
 242                         if (!tun_dst)
 243                                 return 0;
 244                 }
 245                 return ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
 246         }
 247 
 248         return -1;
 249 
 250 drop:
 251         kfree_skb(skb);
 252         return 0;
 253 }
 254 
 255 static int ipip_rcv(struct sk_buff *skb)
 256 {
 257         return ipip_tunnel_rcv(skb, IPPROTO_IPIP);
 258 }
 259 
 260 #if IS_ENABLED(CONFIG_MPLS)
 261 static int mplsip_rcv(struct sk_buff *skb)
 262 {
 263         return ipip_tunnel_rcv(skb, IPPROTO_MPLS);
 264 }
 265 #endif
 266 
 267 /*
 268  *      This function assumes it is being called from dev_queue_xmit()
 269  *      and that skb is filled properly by that function.
 270  */
 271 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb,
 272                                     struct net_device *dev)
 273 {
 274         struct ip_tunnel *tunnel = netdev_priv(dev);
 275         const struct iphdr  *tiph = &tunnel->parms.iph;
 276         u8 ipproto;
 277 
 278         if (!pskb_inet_may_pull(skb))
 279                 goto tx_error;
 280 
 281         switch (skb->protocol) {
 282         case htons(ETH_P_IP):
 283                 ipproto = IPPROTO_IPIP;
 284                 break;
 285 #if IS_ENABLED(CONFIG_MPLS)
 286         case htons(ETH_P_MPLS_UC):
 287                 ipproto = IPPROTO_MPLS;
 288                 break;
 289 #endif
 290         default:
 291                 goto tx_error;
 292         }
 293 
 294         if (tiph->protocol != ipproto && tiph->protocol != 0)
 295                 goto tx_error;
 296 
 297         if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP4))
 298                 goto tx_error;
 299 
 300         skb_set_inner_ipproto(skb, ipproto);
 301 
 302         if (tunnel->collect_md)
 303                 ip_md_tunnel_xmit(skb, dev, ipproto, 0);
 304         else
 305                 ip_tunnel_xmit(skb, dev, tiph, ipproto);
 306         return NETDEV_TX_OK;
 307 
 308 tx_error:
 309         kfree_skb(skb);
 310 
 311         dev->stats.tx_errors++;
 312         return NETDEV_TX_OK;
 313 }
 314 
 315 static bool ipip_tunnel_ioctl_verify_protocol(u8 ipproto)
 316 {
 317         switch (ipproto) {
 318         case 0:
 319         case IPPROTO_IPIP:
 320 #if IS_ENABLED(CONFIG_MPLS)
 321         case IPPROTO_MPLS:
 322 #endif
 323                 return true;
 324         }
 325 
 326         return false;
 327 }
 328 
 329 static int
 330 ipip_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
 331 {
 332         int err = 0;
 333         struct ip_tunnel_parm p;
 334 
 335         if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
 336                 return -EFAULT;
 337 
 338         if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
 339                 if (p.iph.version != 4 ||
 340                     !ipip_tunnel_ioctl_verify_protocol(p.iph.protocol) ||
 341                     p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
 342                         return -EINVAL;
 343         }
 344 
 345         p.i_key = p.o_key = 0;
 346         p.i_flags = p.o_flags = 0;
 347         err = ip_tunnel_ioctl(dev, &p, cmd);
 348         if (err)
 349                 return err;
 350 
 351         if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
 352                 return -EFAULT;
 353 
 354         return 0;
 355 }
 356 
 357 static const struct net_device_ops ipip_netdev_ops = {
 358         .ndo_init       = ipip_tunnel_init,
 359         .ndo_uninit     = ip_tunnel_uninit,
 360         .ndo_start_xmit = ipip_tunnel_xmit,
 361         .ndo_do_ioctl   = ipip_tunnel_ioctl,
 362         .ndo_change_mtu = ip_tunnel_change_mtu,
 363         .ndo_get_stats64 = ip_tunnel_get_stats64,
 364         .ndo_get_iflink = ip_tunnel_get_iflink,
 365 };
 366 
 367 #define IPIP_FEATURES (NETIF_F_SG |             \
 368                        NETIF_F_FRAGLIST |       \
 369                        NETIF_F_HIGHDMA |        \
 370                        NETIF_F_GSO_SOFTWARE |   \
 371                        NETIF_F_HW_CSUM)
 372 
 373 static void ipip_tunnel_setup(struct net_device *dev)
 374 {
 375         dev->netdev_ops         = &ipip_netdev_ops;
 376 
 377         dev->type               = ARPHRD_TUNNEL;
 378         dev->flags              = IFF_NOARP;
 379         dev->addr_len           = 4;
 380         dev->features           |= NETIF_F_LLTX;
 381         netif_keep_dst(dev);
 382 
 383         dev->features           |= IPIP_FEATURES;
 384         dev->hw_features        |= IPIP_FEATURES;
 385         ip_tunnel_setup(dev, ipip_net_id);
 386 }
 387 
 388 static int ipip_tunnel_init(struct net_device *dev)
 389 {
 390         struct ip_tunnel *tunnel = netdev_priv(dev);
 391 
 392         memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
 393         memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
 394 
 395         tunnel->tun_hlen = 0;
 396         tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
 397         return ip_tunnel_init(dev);
 398 }
 399 
 400 static int ipip_tunnel_validate(struct nlattr *tb[], struct nlattr *data[],
 401                                 struct netlink_ext_ack *extack)
 402 {
 403         u8 proto;
 404 
 405         if (!data || !data[IFLA_IPTUN_PROTO])
 406                 return 0;
 407 
 408         proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
 409         if (proto != IPPROTO_IPIP && proto != IPPROTO_MPLS && proto != 0)
 410                 return -EINVAL;
 411 
 412         return 0;
 413 }
 414 
 415 static void ipip_netlink_parms(struct nlattr *data[],
 416                                struct ip_tunnel_parm *parms, bool *collect_md,
 417                                __u32 *fwmark)
 418 {
 419         memset(parms, 0, sizeof(*parms));
 420 
 421         parms->iph.version = 4;
 422         parms->iph.protocol = IPPROTO_IPIP;
 423         parms->iph.ihl = 5;
 424         *collect_md = false;
 425 
 426         if (!data)
 427                 return;
 428 
 429         if (data[IFLA_IPTUN_LINK])
 430                 parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]);
 431 
 432         if (data[IFLA_IPTUN_LOCAL])
 433                 parms->iph.saddr = nla_get_in_addr(data[IFLA_IPTUN_LOCAL]);
 434 
 435         if (data[IFLA_IPTUN_REMOTE])
 436                 parms->iph.daddr = nla_get_in_addr(data[IFLA_IPTUN_REMOTE]);
 437 
 438         if (data[IFLA_IPTUN_TTL]) {
 439                 parms->iph.ttl = nla_get_u8(data[IFLA_IPTUN_TTL]);
 440                 if (parms->iph.ttl)
 441                         parms->iph.frag_off = htons(IP_DF);
 442         }
 443 
 444         if (data[IFLA_IPTUN_TOS])
 445                 parms->iph.tos = nla_get_u8(data[IFLA_IPTUN_TOS]);
 446 
 447         if (data[IFLA_IPTUN_PROTO])
 448                 parms->iph.protocol = nla_get_u8(data[IFLA_IPTUN_PROTO]);
 449 
 450         if (!data[IFLA_IPTUN_PMTUDISC] || nla_get_u8(data[IFLA_IPTUN_PMTUDISC]))
 451                 parms->iph.frag_off = htons(IP_DF);
 452 
 453         if (data[IFLA_IPTUN_COLLECT_METADATA])
 454                 *collect_md = true;
 455 
 456         if (data[IFLA_IPTUN_FWMARK])
 457                 *fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]);
 458 }
 459 
 460 /* This function returns true when ENCAP attributes are present in the nl msg */
 461 static bool ipip_netlink_encap_parms(struct nlattr *data[],
 462                                      struct ip_tunnel_encap *ipencap)
 463 {
 464         bool ret = false;
 465 
 466         memset(ipencap, 0, sizeof(*ipencap));
 467 
 468         if (!data)
 469                 return ret;
 470 
 471         if (data[IFLA_IPTUN_ENCAP_TYPE]) {
 472                 ret = true;
 473                 ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]);
 474         }
 475 
 476         if (data[IFLA_IPTUN_ENCAP_FLAGS]) {
 477                 ret = true;
 478                 ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]);
 479         }
 480 
 481         if (data[IFLA_IPTUN_ENCAP_SPORT]) {
 482                 ret = true;
 483                 ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]);
 484         }
 485 
 486         if (data[IFLA_IPTUN_ENCAP_DPORT]) {
 487                 ret = true;
 488                 ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]);
 489         }
 490 
 491         return ret;
 492 }
 493 
 494 static int ipip_newlink(struct net *src_net, struct net_device *dev,
 495                         struct nlattr *tb[], struct nlattr *data[],
 496                         struct netlink_ext_ack *extack)
 497 {
 498         struct ip_tunnel *t = netdev_priv(dev);
 499         struct ip_tunnel_parm p;
 500         struct ip_tunnel_encap ipencap;
 501         __u32 fwmark = 0;
 502 
 503         if (ipip_netlink_encap_parms(data, &ipencap)) {
 504                 int err = ip_tunnel_encap_setup(t, &ipencap);
 505 
 506                 if (err < 0)
 507                         return err;
 508         }
 509 
 510         ipip_netlink_parms(data, &p, &t->collect_md, &fwmark);
 511         return ip_tunnel_newlink(dev, tb, &p, fwmark);
 512 }
 513 
 514 static int ipip_changelink(struct net_device *dev, struct nlattr *tb[],
 515                            struct nlattr *data[],
 516                            struct netlink_ext_ack *extack)
 517 {
 518         struct ip_tunnel *t = netdev_priv(dev);
 519         struct ip_tunnel_parm p;
 520         struct ip_tunnel_encap ipencap;
 521         bool collect_md;
 522         __u32 fwmark = t->fwmark;
 523 
 524         if (ipip_netlink_encap_parms(data, &ipencap)) {
 525                 int err = ip_tunnel_encap_setup(t, &ipencap);
 526 
 527                 if (err < 0)
 528                         return err;
 529         }
 530 
 531         ipip_netlink_parms(data, &p, &collect_md, &fwmark);
 532         if (collect_md)
 533                 return -EINVAL;
 534 
 535         if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
 536             (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
 537                 return -EINVAL;
 538 
 539         return ip_tunnel_changelink(dev, tb, &p, fwmark);
 540 }
 541 
 542 static size_t ipip_get_size(const struct net_device *dev)
 543 {
 544         return
 545                 /* IFLA_IPTUN_LINK */
 546                 nla_total_size(4) +
 547                 /* IFLA_IPTUN_LOCAL */
 548                 nla_total_size(4) +
 549                 /* IFLA_IPTUN_REMOTE */
 550                 nla_total_size(4) +
 551                 /* IFLA_IPTUN_TTL */
 552                 nla_total_size(1) +
 553                 /* IFLA_IPTUN_TOS */
 554                 nla_total_size(1) +
 555                 /* IFLA_IPTUN_PROTO */
 556                 nla_total_size(1) +
 557                 /* IFLA_IPTUN_PMTUDISC */
 558                 nla_total_size(1) +
 559                 /* IFLA_IPTUN_ENCAP_TYPE */
 560                 nla_total_size(2) +
 561                 /* IFLA_IPTUN_ENCAP_FLAGS */
 562                 nla_total_size(2) +
 563                 /* IFLA_IPTUN_ENCAP_SPORT */
 564                 nla_total_size(2) +
 565                 /* IFLA_IPTUN_ENCAP_DPORT */
 566                 nla_total_size(2) +
 567                 /* IFLA_IPTUN_COLLECT_METADATA */
 568                 nla_total_size(0) +
 569                 /* IFLA_IPTUN_FWMARK */
 570                 nla_total_size(4) +
 571                 0;
 572 }
 573 
 574 static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev)
 575 {
 576         struct ip_tunnel *tunnel = netdev_priv(dev);
 577         struct ip_tunnel_parm *parm = &tunnel->parms;
 578 
 579         if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
 580             nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
 581             nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
 582             nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
 583             nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
 584             nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->iph.protocol) ||
 585             nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
 586                        !!(parm->iph.frag_off & htons(IP_DF))) ||
 587             nla_put_u32(skb, IFLA_IPTUN_FWMARK, tunnel->fwmark))
 588                 goto nla_put_failure;
 589 
 590         if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
 591                         tunnel->encap.type) ||
 592             nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
 593                          tunnel->encap.sport) ||
 594             nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
 595                          tunnel->encap.dport) ||
 596             nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
 597                         tunnel->encap.flags))
 598                 goto nla_put_failure;
 599 
 600         if (tunnel->collect_md)
 601                 if (nla_put_flag(skb, IFLA_IPTUN_COLLECT_METADATA))
 602                         goto nla_put_failure;
 603         return 0;
 604 
 605 nla_put_failure:
 606         return -EMSGSIZE;
 607 }
 608 
 609 static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
 610         [IFLA_IPTUN_LINK]               = { .type = NLA_U32 },
 611         [IFLA_IPTUN_LOCAL]              = { .type = NLA_U32 },
 612         [IFLA_IPTUN_REMOTE]             = { .type = NLA_U32 },
 613         [IFLA_IPTUN_TTL]                = { .type = NLA_U8 },
 614         [IFLA_IPTUN_TOS]                = { .type = NLA_U8 },
 615         [IFLA_IPTUN_PROTO]              = { .type = NLA_U8 },
 616         [IFLA_IPTUN_PMTUDISC]           = { .type = NLA_U8 },
 617         [IFLA_IPTUN_ENCAP_TYPE]         = { .type = NLA_U16 },
 618         [IFLA_IPTUN_ENCAP_FLAGS]        = { .type = NLA_U16 },
 619         [IFLA_IPTUN_ENCAP_SPORT]        = { .type = NLA_U16 },
 620         [IFLA_IPTUN_ENCAP_DPORT]        = { .type = NLA_U16 },
 621         [IFLA_IPTUN_COLLECT_METADATA]   = { .type = NLA_FLAG },
 622         [IFLA_IPTUN_FWMARK]             = { .type = NLA_U32 },
 623 };
 624 
 625 static struct rtnl_link_ops ipip_link_ops __read_mostly = {
 626         .kind           = "ipip",
 627         .maxtype        = IFLA_IPTUN_MAX,
 628         .policy         = ipip_policy,
 629         .priv_size      = sizeof(struct ip_tunnel),
 630         .setup          = ipip_tunnel_setup,
 631         .validate       = ipip_tunnel_validate,
 632         .newlink        = ipip_newlink,
 633         .changelink     = ipip_changelink,
 634         .dellink        = ip_tunnel_dellink,
 635         .get_size       = ipip_get_size,
 636         .fill_info      = ipip_fill_info,
 637         .get_link_net   = ip_tunnel_get_link_net,
 638 };
 639 
 640 static struct xfrm_tunnel ipip_handler __read_mostly = {
 641         .handler        =       ipip_rcv,
 642         .err_handler    =       ipip_err,
 643         .priority       =       1,
 644 };
 645 
 646 #if IS_ENABLED(CONFIG_MPLS)
 647 static struct xfrm_tunnel mplsip_handler __read_mostly = {
 648         .handler        =       mplsip_rcv,
 649         .err_handler    =       ipip_err,
 650         .priority       =       1,
 651 };
 652 #endif
 653 
 654 static int __net_init ipip_init_net(struct net *net)
 655 {
 656         return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
 657 }
 658 
 659 static void __net_exit ipip_exit_batch_net(struct list_head *list_net)
 660 {
 661         ip_tunnel_delete_nets(list_net, ipip_net_id, &ipip_link_ops);
 662 }
 663 
 664 static struct pernet_operations ipip_net_ops = {
 665         .init = ipip_init_net,
 666         .exit_batch = ipip_exit_batch_net,
 667         .id   = &ipip_net_id,
 668         .size = sizeof(struct ip_tunnel_net),
 669 };
 670 
 671 static int __init ipip_init(void)
 672 {
 673         int err;
 674 
 675         pr_info("ipip: IPv4 and MPLS over IPv4 tunneling driver\n");
 676 
 677         err = register_pernet_device(&ipip_net_ops);
 678         if (err < 0)
 679                 return err;
 680         err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
 681         if (err < 0) {
 682                 pr_info("%s: can't register tunnel\n", __func__);
 683                 goto xfrm_tunnel_ipip_failed;
 684         }
 685 #if IS_ENABLED(CONFIG_MPLS)
 686         err = xfrm4_tunnel_register(&mplsip_handler, AF_MPLS);
 687         if (err < 0) {
 688                 pr_info("%s: can't register tunnel\n", __func__);
 689                 goto xfrm_tunnel_mplsip_failed;
 690         }
 691 #endif
 692         err = rtnl_link_register(&ipip_link_ops);
 693         if (err < 0)
 694                 goto rtnl_link_failed;
 695 
 696 out:
 697         return err;
 698 
 699 rtnl_link_failed:
 700 #if IS_ENABLED(CONFIG_MPLS)
 701         xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS);
 702 xfrm_tunnel_mplsip_failed:
 703 
 704 #endif
 705         xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
 706 xfrm_tunnel_ipip_failed:
 707         unregister_pernet_device(&ipip_net_ops);
 708         goto out;
 709 }
 710 
 711 static void __exit ipip_fini(void)
 712 {
 713         rtnl_link_unregister(&ipip_link_ops);
 714         if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
 715                 pr_info("%s: can't deregister tunnel\n", __func__);
 716 #if IS_ENABLED(CONFIG_MPLS)
 717         if (xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS))
 718                 pr_info("%s: can't deregister tunnel\n", __func__);
 719 #endif
 720         unregister_pernet_device(&ipip_net_ops);
 721 }
 722 
 723 module_init(ipip_init);
 724 module_exit(ipip_fini);
 725 MODULE_LICENSE("GPL");
 726 MODULE_ALIAS_RTNL_LINK("ipip");
 727 MODULE_ALIAS_NETDEV("tunl0");
/* [<][>][^][v][top][bottom][index][help] */