1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * Linux NET3: IP/IP protocol decoder. |
4 | * |
5 | * Authors: |
6 | * Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95 |
7 | * |
8 | * Fixes: |
9 | * Alan Cox : Merged and made usable non modular (its so tiny its silly as |
10 | * a module taking up 2 pages). |
11 | * Alan Cox : Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph) |
12 | * to keep ip_forward happy. |
13 | * Alan Cox : More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8). |
14 | * Kai Schulte : Fixed #defines for IP_FIREWALL->FIREWALL |
15 | * David Woodhouse : Perform some basic ICMP handling. |
16 | * IPIP Routing without decapsulation. |
17 | * Carlos Picoto : GRE over IP support |
18 | * Alexey Kuznetsov: Reworked. Really, now it is truncated version of ipv4/ip_gre.c. |
19 | * I do not want to merge them together. |
20 | */ |
21 | |
22 | /* tunnel.c: an IP tunnel driver |
23 | |
24 | The purpose of this driver is to provide an IP tunnel through |
25 | which you can tunnel network traffic transparently across subnets. |
26 | |
27 | This was written by looking at Nick Holloway's dummy driver |
28 | Thanks for the great code! |
29 | |
30 | -Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95 |
31 | |
32 | Minor tweaks: |
33 | Cleaned up the code a little and added some pre-1.3.0 tweaks. |
34 | dev->hard_header/hard_header_len changed to use no headers. |
35 | Comments/bracketing tweaked. |
36 | Made the tunnels use dev->name not tunnel: when error reporting. |
37 | Added tx_dropped stat |
38 | |
39 | -Alan Cox (alan@lxorguk.ukuu.org.uk) 21 March 95 |
40 | |
41 | Reworked: |
42 | Changed to tunnel to destination gateway in addition to the |
43 | tunnel's pointopoint address |
44 | Almost completely rewritten |
45 | Note: There is currently no firewall or ICMP handling done. |
46 | |
47 | -Sam Lantinga (slouken@cs.ucdavis.edu) 02/13/96 |
48 | |
49 | */ |
50 | |
51 | /* Things I wish I had known when writing the tunnel driver: |
52 | |
53 | When the tunnel_xmit() function is called, the skb contains the |
54 | packet to be sent (plus a great deal of extra info), and dev |
55 | contains the tunnel device that _we_ are. |
56 | |
57 | When we are passed a packet, we are expected to fill in the |
58 | source address with our source IP address. |
59 | |
60 | What is the proper way to allocate, copy and free a buffer? |
61 | After you allocate it, it is a "0 length" chunk of memory |
62 | starting at zero. If you want to add headers to the buffer |
63 | later, you'll have to call "skb_reserve(skb, amount)" with |
64 | the amount of memory you want reserved. Then, you call |
65 | "skb_put(skb, amount)" with the amount of space you want in |
66 | the buffer. skb_put() returns a pointer to the top (#0) of |
67 | that buffer. skb->len is set to the amount of space you have |
68 | "allocated" with skb_put(). You can then write up to skb->len |
69 | bytes to that buffer. If you need more, you can call skb_put() |
70 | again with the additional amount of space you need. You can |
71 | find out how much more space you can allocate by calling |
72 | "skb_tailroom(skb)". |
73 | Now, to add header space, call "skb_push(skb, header_len)". |
74 | This creates space at the beginning of the buffer and returns |
75 | a pointer to this new space. If later you need to strip a |
76 | header from a buffer, call "skb_pull(skb, header_len)". |
77 | skb_headroom() will return how much space is left at the top |
78 | of the buffer (before the main data). Remember, this headroom |
79 | space must be reserved before the skb_put() function is called. |
80 | */ |
81 | |
82 | /* |
83 | This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c |
84 | |
85 | For comments look at net/ipv4/ip_gre.c --ANK |
86 | */ |
87 | |
88 | |
89 | #include <linux/capability.h> |
90 | #include <linux/module.h> |
91 | #include <linux/types.h> |
92 | #include <linux/kernel.h> |
93 | #include <linux/slab.h> |
94 | #include <linux/uaccess.h> |
95 | #include <linux/skbuff.h> |
96 | #include <linux/netdevice.h> |
97 | #include <linux/in.h> |
98 | #include <linux/tcp.h> |
99 | #include <linux/udp.h> |
100 | #include <linux/if_arp.h> |
101 | #include <linux/init.h> |
102 | #include <linux/netfilter_ipv4.h> |
103 | #include <linux/if_ether.h> |
104 | |
105 | #include <net/sock.h> |
106 | #include <net/ip.h> |
107 | #include <net/icmp.h> |
108 | #include <net/ip_tunnels.h> |
109 | #include <net/inet_ecn.h> |
110 | #include <net/xfrm.h> |
111 | #include <net/net_namespace.h> |
112 | #include <net/netns/generic.h> |
113 | #include <net/dst_metadata.h> |
114 | |
115 | static bool log_ecn_error = true; |
116 | module_param(log_ecn_error, bool, 0644); |
117 | MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN" ); |
118 | |
119 | static unsigned int ipip_net_id __read_mostly; |
120 | |
121 | static int ipip_tunnel_init(struct net_device *dev); |
122 | static struct rtnl_link_ops ipip_link_ops __read_mostly; |
123 | |
124 | static int ipip_err(struct sk_buff *skb, u32 info) |
125 | { |
126 | /* All the routers (except for Linux) return only |
127 | * 8 bytes of packet payload. It means, that precise relaying of |
128 | * ICMP in the real Internet is absolutely infeasible. |
129 | */ |
130 | struct net *net = dev_net(dev: skb->dev); |
131 | struct ip_tunnel_net *itn = net_generic(net, id: ipip_net_id); |
132 | const struct iphdr *iph = (const struct iphdr *)skb->data; |
133 | const int type = icmp_hdr(skb)->type; |
134 | const int code = icmp_hdr(skb)->code; |
135 | struct ip_tunnel *t; |
136 | int err = 0; |
137 | |
138 | t = ip_tunnel_lookup(itn, link: skb->dev->ifindex, TUNNEL_NO_KEY, |
139 | remote: iph->daddr, local: iph->saddr, key: 0); |
140 | if (!t) { |
141 | err = -ENOENT; |
142 | goto out; |
143 | } |
144 | |
145 | switch (type) { |
146 | case ICMP_DEST_UNREACH: |
147 | switch (code) { |
148 | case ICMP_SR_FAILED: |
149 | /* Impossible event. */ |
150 | goto out; |
151 | default: |
152 | /* All others are translated to HOST_UNREACH. |
153 | * rfc2003 contains "deep thoughts" about NET_UNREACH, |
154 | * I believe they are just ether pollution. --ANK |
155 | */ |
156 | break; |
157 | } |
158 | break; |
159 | |
160 | case ICMP_TIME_EXCEEDED: |
161 | if (code != ICMP_EXC_TTL) |
162 | goto out; |
163 | break; |
164 | |
165 | case ICMP_REDIRECT: |
166 | break; |
167 | |
168 | default: |
169 | goto out; |
170 | } |
171 | |
172 | if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { |
173 | ipv4_update_pmtu(skb, net, mtu: info, oif: t->parms.link, protocol: iph->protocol); |
174 | goto out; |
175 | } |
176 | |
177 | if (type == ICMP_REDIRECT) { |
178 | ipv4_redirect(skb, net, oif: t->parms.link, protocol: iph->protocol); |
179 | goto out; |
180 | } |
181 | |
182 | if (t->parms.iph.daddr == 0) { |
183 | err = -ENOENT; |
184 | goto out; |
185 | } |
186 | |
187 | if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED) |
188 | goto out; |
189 | |
190 | if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO)) |
191 | t->err_count++; |
192 | else |
193 | t->err_count = 1; |
194 | t->err_time = jiffies; |
195 | |
196 | out: |
197 | return err; |
198 | } |
199 | |
200 | static const struct tnl_ptk_info ipip_tpi = { |
201 | /* no tunnel info required for ipip. */ |
202 | .proto = htons(ETH_P_IP), |
203 | }; |
204 | |
205 | #if IS_ENABLED(CONFIG_MPLS) |
206 | static const struct tnl_ptk_info mplsip_tpi = { |
207 | /* no tunnel info required for mplsip. */ |
208 | .proto = htons(ETH_P_MPLS_UC), |
209 | }; |
210 | #endif |
211 | |
212 | static int ipip_tunnel_rcv(struct sk_buff *skb, u8 ipproto) |
213 | { |
214 | struct net *net = dev_net(dev: skb->dev); |
215 | struct ip_tunnel_net *itn = net_generic(net, id: ipip_net_id); |
216 | struct metadata_dst *tun_dst = NULL; |
217 | struct ip_tunnel *tunnel; |
218 | const struct iphdr *iph; |
219 | |
220 | iph = ip_hdr(skb); |
221 | tunnel = ip_tunnel_lookup(itn, link: skb->dev->ifindex, TUNNEL_NO_KEY, |
222 | remote: iph->saddr, local: iph->daddr, key: 0); |
223 | if (tunnel) { |
224 | const struct tnl_ptk_info *tpi; |
225 | |
226 | if (tunnel->parms.iph.protocol != ipproto && |
227 | tunnel->parms.iph.protocol != 0) |
228 | goto drop; |
229 | |
230 | if (!xfrm4_policy_check(NULL, dir: XFRM_POLICY_IN, skb)) |
231 | goto drop; |
232 | #if IS_ENABLED(CONFIG_MPLS) |
233 | if (ipproto == IPPROTO_MPLS) |
234 | tpi = &mplsip_tpi; |
235 | else |
236 | #endif |
237 | tpi = &ipip_tpi; |
238 | if (iptunnel_pull_header(skb, hdr_len: 0, inner_proto: tpi->proto, xnet: false)) |
239 | goto drop; |
240 | if (tunnel->collect_md) { |
241 | tun_dst = ip_tun_rx_dst(skb, flags: 0, tunnel_id: 0, md_size: 0); |
242 | if (!tun_dst) |
243 | return 0; |
244 | ip_tunnel_md_udp_encap(skb, info: &tun_dst->u.tun_info); |
245 | } |
246 | skb_reset_mac_header(skb); |
247 | |
248 | return ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error); |
249 | } |
250 | |
251 | return -1; |
252 | |
253 | drop: |
254 | kfree_skb(skb); |
255 | return 0; |
256 | } |
257 | |
258 | static int ipip_rcv(struct sk_buff *skb) |
259 | { |
260 | return ipip_tunnel_rcv(skb, IPPROTO_IPIP); |
261 | } |
262 | |
263 | #if IS_ENABLED(CONFIG_MPLS) |
264 | static int mplsip_rcv(struct sk_buff *skb) |
265 | { |
266 | return ipip_tunnel_rcv(skb, IPPROTO_MPLS); |
267 | } |
268 | #endif |
269 | |
270 | /* |
271 | * This function assumes it is being called from dev_queue_xmit() |
272 | * and that skb is filled properly by that function. |
273 | */ |
274 | static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, |
275 | struct net_device *dev) |
276 | { |
277 | struct ip_tunnel *tunnel = netdev_priv(dev); |
278 | const struct iphdr *tiph = &tunnel->parms.iph; |
279 | u8 ipproto; |
280 | |
281 | if (!pskb_inet_may_pull(skb)) |
282 | goto tx_error; |
283 | |
284 | switch (skb->protocol) { |
285 | case htons(ETH_P_IP): |
286 | ipproto = IPPROTO_IPIP; |
287 | break; |
288 | #if IS_ENABLED(CONFIG_MPLS) |
289 | case htons(ETH_P_MPLS_UC): |
290 | ipproto = IPPROTO_MPLS; |
291 | break; |
292 | #endif |
293 | default: |
294 | goto tx_error; |
295 | } |
296 | |
297 | if (tiph->protocol != ipproto && tiph->protocol != 0) |
298 | goto tx_error; |
299 | |
300 | if (iptunnel_handle_offloads(skb, gso_type_mask: SKB_GSO_IPXIP4)) |
301 | goto tx_error; |
302 | |
303 | skb_set_inner_ipproto(skb, ipproto); |
304 | |
305 | if (tunnel->collect_md) |
306 | ip_md_tunnel_xmit(skb, dev, proto: ipproto, tunnel_hlen: 0); |
307 | else |
308 | ip_tunnel_xmit(skb, dev, tnl_params: tiph, protocol: ipproto); |
309 | return NETDEV_TX_OK; |
310 | |
311 | tx_error: |
312 | kfree_skb(skb); |
313 | |
314 | DEV_STATS_INC(dev, tx_errors); |
315 | return NETDEV_TX_OK; |
316 | } |
317 | |
318 | static bool ipip_tunnel_ioctl_verify_protocol(u8 ipproto) |
319 | { |
320 | switch (ipproto) { |
321 | case 0: |
322 | case IPPROTO_IPIP: |
323 | #if IS_ENABLED(CONFIG_MPLS) |
324 | case IPPROTO_MPLS: |
325 | #endif |
326 | return true; |
327 | } |
328 | |
329 | return false; |
330 | } |
331 | |
332 | static int |
333 | ipip_tunnel_ctl(struct net_device *dev, struct ip_tunnel_parm *p, int cmd) |
334 | { |
335 | if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) { |
336 | if (p->iph.version != 4 || |
337 | !ipip_tunnel_ioctl_verify_protocol(ipproto: p->iph.protocol) || |
338 | p->iph.ihl != 5 || (p->iph.frag_off & htons(~IP_DF))) |
339 | return -EINVAL; |
340 | } |
341 | |
342 | p->i_key = p->o_key = 0; |
343 | p->i_flags = p->o_flags = 0; |
344 | return ip_tunnel_ctl(dev, p, cmd); |
345 | } |
346 | |
347 | static const struct net_device_ops ipip_netdev_ops = { |
348 | .ndo_init = ipip_tunnel_init, |
349 | .ndo_uninit = ip_tunnel_uninit, |
350 | .ndo_start_xmit = ipip_tunnel_xmit, |
351 | .ndo_siocdevprivate = ip_tunnel_siocdevprivate, |
352 | .ndo_change_mtu = ip_tunnel_change_mtu, |
353 | .ndo_get_stats64 = dev_get_tstats64, |
354 | .ndo_get_iflink = ip_tunnel_get_iflink, |
355 | .ndo_tunnel_ctl = ipip_tunnel_ctl, |
356 | }; |
357 | |
358 | #define IPIP_FEATURES (NETIF_F_SG | \ |
359 | NETIF_F_FRAGLIST | \ |
360 | NETIF_F_HIGHDMA | \ |
361 | NETIF_F_GSO_SOFTWARE | \ |
362 | NETIF_F_HW_CSUM) |
363 | |
364 | static void ipip_tunnel_setup(struct net_device *dev) |
365 | { |
366 | dev->netdev_ops = &ipip_netdev_ops; |
367 | dev->header_ops = &ip_tunnel_header_ops; |
368 | |
369 | dev->type = ARPHRD_TUNNEL; |
370 | dev->flags = IFF_NOARP; |
371 | dev->addr_len = 4; |
372 | dev->features |= NETIF_F_LLTX; |
373 | netif_keep_dst(dev); |
374 | |
375 | dev->features |= IPIP_FEATURES; |
376 | dev->hw_features |= IPIP_FEATURES; |
377 | ip_tunnel_setup(dev, net_id: ipip_net_id); |
378 | } |
379 | |
380 | static int ipip_tunnel_init(struct net_device *dev) |
381 | { |
382 | struct ip_tunnel *tunnel = netdev_priv(dev); |
383 | |
384 | __dev_addr_set(dev, addr: &tunnel->parms.iph.saddr, len: 4); |
385 | memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4); |
386 | |
387 | tunnel->tun_hlen = 0; |
388 | tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen; |
389 | return ip_tunnel_init(dev); |
390 | } |
391 | |
392 | static int ipip_tunnel_validate(struct nlattr *tb[], struct nlattr *data[], |
393 | struct netlink_ext_ack *extack) |
394 | { |
395 | u8 proto; |
396 | |
397 | if (!data || !data[IFLA_IPTUN_PROTO]) |
398 | return 0; |
399 | |
400 | proto = nla_get_u8(nla: data[IFLA_IPTUN_PROTO]); |
401 | if (proto != IPPROTO_IPIP && proto != IPPROTO_MPLS && proto != 0) |
402 | return -EINVAL; |
403 | |
404 | return 0; |
405 | } |
406 | |
407 | static void ipip_netlink_parms(struct nlattr *data[], |
408 | struct ip_tunnel_parm *parms, bool *collect_md, |
409 | __u32 *fwmark) |
410 | { |
411 | memset(parms, 0, sizeof(*parms)); |
412 | |
413 | parms->iph.version = 4; |
414 | parms->iph.protocol = IPPROTO_IPIP; |
415 | parms->iph.ihl = 5; |
416 | *collect_md = false; |
417 | |
418 | if (!data) |
419 | return; |
420 | |
421 | ip_tunnel_netlink_parms(data, parms); |
422 | |
423 | if (data[IFLA_IPTUN_COLLECT_METADATA]) |
424 | *collect_md = true; |
425 | |
426 | if (data[IFLA_IPTUN_FWMARK]) |
427 | *fwmark = nla_get_u32(nla: data[IFLA_IPTUN_FWMARK]); |
428 | } |
429 | |
430 | static int ipip_newlink(struct net *src_net, struct net_device *dev, |
431 | struct nlattr *tb[], struct nlattr *data[], |
432 | struct netlink_ext_ack *extack) |
433 | { |
434 | struct ip_tunnel *t = netdev_priv(dev); |
435 | struct ip_tunnel_parm p; |
436 | struct ip_tunnel_encap ipencap; |
437 | __u32 fwmark = 0; |
438 | |
439 | if (ip_tunnel_netlink_encap_parms(data, encap: &ipencap)) { |
440 | int err = ip_tunnel_encap_setup(t, ipencap: &ipencap); |
441 | |
442 | if (err < 0) |
443 | return err; |
444 | } |
445 | |
446 | ipip_netlink_parms(data, parms: &p, collect_md: &t->collect_md, fwmark: &fwmark); |
447 | return ip_tunnel_newlink(dev, tb, p: &p, fwmark); |
448 | } |
449 | |
450 | static int ipip_changelink(struct net_device *dev, struct nlattr *tb[], |
451 | struct nlattr *data[], |
452 | struct netlink_ext_ack *extack) |
453 | { |
454 | struct ip_tunnel *t = netdev_priv(dev); |
455 | struct ip_tunnel_parm p; |
456 | struct ip_tunnel_encap ipencap; |
457 | bool collect_md; |
458 | __u32 fwmark = t->fwmark; |
459 | |
460 | if (ip_tunnel_netlink_encap_parms(data, encap: &ipencap)) { |
461 | int err = ip_tunnel_encap_setup(t, ipencap: &ipencap); |
462 | |
463 | if (err < 0) |
464 | return err; |
465 | } |
466 | |
467 | ipip_netlink_parms(data, parms: &p, collect_md: &collect_md, fwmark: &fwmark); |
468 | if (collect_md) |
469 | return -EINVAL; |
470 | |
471 | if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) || |
472 | (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr)) |
473 | return -EINVAL; |
474 | |
475 | return ip_tunnel_changelink(dev, tb, p: &p, fwmark); |
476 | } |
477 | |
478 | static size_t ipip_get_size(const struct net_device *dev) |
479 | { |
480 | return |
481 | /* IFLA_IPTUN_LINK */ |
482 | nla_total_size(payload: 4) + |
483 | /* IFLA_IPTUN_LOCAL */ |
484 | nla_total_size(payload: 4) + |
485 | /* IFLA_IPTUN_REMOTE */ |
486 | nla_total_size(payload: 4) + |
487 | /* IFLA_IPTUN_TTL */ |
488 | nla_total_size(payload: 1) + |
489 | /* IFLA_IPTUN_TOS */ |
490 | nla_total_size(payload: 1) + |
491 | /* IFLA_IPTUN_PROTO */ |
492 | nla_total_size(payload: 1) + |
493 | /* IFLA_IPTUN_PMTUDISC */ |
494 | nla_total_size(payload: 1) + |
495 | /* IFLA_IPTUN_ENCAP_TYPE */ |
496 | nla_total_size(payload: 2) + |
497 | /* IFLA_IPTUN_ENCAP_FLAGS */ |
498 | nla_total_size(payload: 2) + |
499 | /* IFLA_IPTUN_ENCAP_SPORT */ |
500 | nla_total_size(payload: 2) + |
501 | /* IFLA_IPTUN_ENCAP_DPORT */ |
502 | nla_total_size(payload: 2) + |
503 | /* IFLA_IPTUN_COLLECT_METADATA */ |
504 | nla_total_size(payload: 0) + |
505 | /* IFLA_IPTUN_FWMARK */ |
506 | nla_total_size(payload: 4) + |
507 | 0; |
508 | } |
509 | |
510 | static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev) |
511 | { |
512 | struct ip_tunnel *tunnel = netdev_priv(dev); |
513 | struct ip_tunnel_parm *parm = &tunnel->parms; |
514 | |
515 | if (nla_put_u32(skb, attrtype: IFLA_IPTUN_LINK, value: parm->link) || |
516 | nla_put_in_addr(skb, attrtype: IFLA_IPTUN_LOCAL, addr: parm->iph.saddr) || |
517 | nla_put_in_addr(skb, attrtype: IFLA_IPTUN_REMOTE, addr: parm->iph.daddr) || |
518 | nla_put_u8(skb, attrtype: IFLA_IPTUN_TTL, value: parm->iph.ttl) || |
519 | nla_put_u8(skb, attrtype: IFLA_IPTUN_TOS, value: parm->iph.tos) || |
520 | nla_put_u8(skb, attrtype: IFLA_IPTUN_PROTO, value: parm->iph.protocol) || |
521 | nla_put_u8(skb, attrtype: IFLA_IPTUN_PMTUDISC, |
522 | value: !!(parm->iph.frag_off & htons(IP_DF))) || |
523 | nla_put_u32(skb, attrtype: IFLA_IPTUN_FWMARK, value: tunnel->fwmark)) |
524 | goto nla_put_failure; |
525 | |
526 | if (nla_put_u16(skb, attrtype: IFLA_IPTUN_ENCAP_TYPE, |
527 | value: tunnel->encap.type) || |
528 | nla_put_be16(skb, attrtype: IFLA_IPTUN_ENCAP_SPORT, |
529 | value: tunnel->encap.sport) || |
530 | nla_put_be16(skb, attrtype: IFLA_IPTUN_ENCAP_DPORT, |
531 | value: tunnel->encap.dport) || |
532 | nla_put_u16(skb, attrtype: IFLA_IPTUN_ENCAP_FLAGS, |
533 | value: tunnel->encap.flags)) |
534 | goto nla_put_failure; |
535 | |
536 | if (tunnel->collect_md) |
537 | if (nla_put_flag(skb, attrtype: IFLA_IPTUN_COLLECT_METADATA)) |
538 | goto nla_put_failure; |
539 | return 0; |
540 | |
541 | nla_put_failure: |
542 | return -EMSGSIZE; |
543 | } |
544 | |
545 | static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = { |
546 | [IFLA_IPTUN_LINK] = { .type = NLA_U32 }, |
547 | [IFLA_IPTUN_LOCAL] = { .type = NLA_U32 }, |
548 | [IFLA_IPTUN_REMOTE] = { .type = NLA_U32 }, |
549 | [IFLA_IPTUN_TTL] = { .type = NLA_U8 }, |
550 | [IFLA_IPTUN_TOS] = { .type = NLA_U8 }, |
551 | [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, |
552 | [IFLA_IPTUN_PMTUDISC] = { .type = NLA_U8 }, |
553 | [IFLA_IPTUN_ENCAP_TYPE] = { .type = NLA_U16 }, |
554 | [IFLA_IPTUN_ENCAP_FLAGS] = { .type = NLA_U16 }, |
555 | [IFLA_IPTUN_ENCAP_SPORT] = { .type = NLA_U16 }, |
556 | [IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 }, |
557 | [IFLA_IPTUN_COLLECT_METADATA] = { .type = NLA_FLAG }, |
558 | [IFLA_IPTUN_FWMARK] = { .type = NLA_U32 }, |
559 | }; |
560 | |
561 | static struct rtnl_link_ops ipip_link_ops __read_mostly = { |
562 | .kind = "ipip" , |
563 | .maxtype = IFLA_IPTUN_MAX, |
564 | .policy = ipip_policy, |
565 | .priv_size = sizeof(struct ip_tunnel), |
566 | .setup = ipip_tunnel_setup, |
567 | .validate = ipip_tunnel_validate, |
568 | .newlink = ipip_newlink, |
569 | .changelink = ipip_changelink, |
570 | .dellink = ip_tunnel_dellink, |
571 | .get_size = ipip_get_size, |
572 | .fill_info = ipip_fill_info, |
573 | .get_link_net = ip_tunnel_get_link_net, |
574 | }; |
575 | |
576 | static struct xfrm_tunnel ipip_handler __read_mostly = { |
577 | .handler = ipip_rcv, |
578 | .err_handler = ipip_err, |
579 | .priority = 1, |
580 | }; |
581 | |
582 | #if IS_ENABLED(CONFIG_MPLS) |
583 | static struct xfrm_tunnel mplsip_handler __read_mostly = { |
584 | .handler = mplsip_rcv, |
585 | .err_handler = ipip_err, |
586 | .priority = 1, |
587 | }; |
588 | #endif |
589 | |
590 | static int __net_init ipip_init_net(struct net *net) |
591 | { |
592 | return ip_tunnel_init_net(net, ip_tnl_net_id: ipip_net_id, ops: &ipip_link_ops, devname: "tunl0" ); |
593 | } |
594 | |
595 | static void __net_exit ipip_exit_batch_net(struct list_head *list_net) |
596 | { |
597 | ip_tunnel_delete_nets(list_net, id: ipip_net_id, ops: &ipip_link_ops); |
598 | } |
599 | |
600 | static struct pernet_operations ipip_net_ops = { |
601 | .init = ipip_init_net, |
602 | .exit_batch = ipip_exit_batch_net, |
603 | .id = &ipip_net_id, |
604 | .size = sizeof(struct ip_tunnel_net), |
605 | }; |
606 | |
607 | static int __init ipip_init(void) |
608 | { |
609 | int err; |
610 | |
611 | pr_info("ipip: IPv4 and MPLS over IPv4 tunneling driver\n" ); |
612 | |
613 | err = register_pernet_device(&ipip_net_ops); |
614 | if (err < 0) |
615 | return err; |
616 | err = xfrm4_tunnel_register(handler: &ipip_handler, AF_INET); |
617 | if (err < 0) { |
618 | pr_info("%s: can't register tunnel\n" , __func__); |
619 | goto xfrm_tunnel_ipip_failed; |
620 | } |
621 | #if IS_ENABLED(CONFIG_MPLS) |
622 | err = xfrm4_tunnel_register(handler: &mplsip_handler, AF_MPLS); |
623 | if (err < 0) { |
624 | pr_info("%s: can't register tunnel\n" , __func__); |
625 | goto xfrm_tunnel_mplsip_failed; |
626 | } |
627 | #endif |
628 | err = rtnl_link_register(ops: &ipip_link_ops); |
629 | if (err < 0) |
630 | goto rtnl_link_failed; |
631 | |
632 | out: |
633 | return err; |
634 | |
635 | rtnl_link_failed: |
636 | #if IS_ENABLED(CONFIG_MPLS) |
637 | xfrm4_tunnel_deregister(handler: &mplsip_handler, AF_MPLS); |
638 | xfrm_tunnel_mplsip_failed: |
639 | |
640 | #endif |
641 | xfrm4_tunnel_deregister(handler: &ipip_handler, AF_INET); |
642 | xfrm_tunnel_ipip_failed: |
643 | unregister_pernet_device(&ipip_net_ops); |
644 | goto out; |
645 | } |
646 | |
647 | static void __exit ipip_fini(void) |
648 | { |
649 | rtnl_link_unregister(ops: &ipip_link_ops); |
650 | if (xfrm4_tunnel_deregister(handler: &ipip_handler, AF_INET)) |
651 | pr_info("%s: can't deregister tunnel\n" , __func__); |
652 | #if IS_ENABLED(CONFIG_MPLS) |
653 | if (xfrm4_tunnel_deregister(handler: &mplsip_handler, AF_MPLS)) |
654 | pr_info("%s: can't deregister tunnel\n" , __func__); |
655 | #endif |
656 | unregister_pernet_device(&ipip_net_ops); |
657 | } |
658 | |
659 | module_init(ipip_init); |
660 | module_exit(ipip_fini); |
661 | MODULE_LICENSE("GPL" ); |
662 | MODULE_ALIAS_RTNL_LINK("ipip" ); |
663 | MODULE_ALIAS_NETDEV("tunl0" ); |
664 | |