ipip.c source code [linux/net/ipv4/ipip.c]

1	// SPDX-License-Identifier: GPL-2.0-or-later
2	/*
3	* Linux NET3: IP/IP protocol decoder.
4	*
5	* Authors:
6	* Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
7	*
8	* Fixes:
9	* Alan Cox : Merged and made usable non modular (its so tiny its silly as
10	* a module taking up 2 pages).
11	* Alan Cox : Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
12	* to keep ip_forward happy.
13	* Alan Cox : More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
14	* Kai Schulte : Fixed #defines for IP_FIREWALL->FIREWALL
15	* David Woodhouse : Perform some basic ICMP handling.
16	* IPIP Routing without decapsulation.
17	* Carlos Picoto : GRE over IP support
18	* Alexey Kuznetsov: Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
19	* I do not want to merge them together.
20	*/
21
22	/ tunnel.c: an IP tunnel driver*
23
24	The purpose of this driver is to provide an IP tunnel through
25	which you can tunnel network traffic transparently across subnets.
26
27	This was written by looking at Nick Holloway's dummy driver
28	Thanks for the great code!
29
30	-Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
31
32	Minor tweaks:
33	Cleaned up the code a little and added some pre-1.3.0 tweaks.
34	dev->hard_header/hard_header_len changed to use no headers.
35	Comments/bracketing tweaked.
36	Made the tunnels use dev->name not tunnel: when error reporting.
37	Added tx_dropped stat
38
39	-Alan Cox (alan@lxorguk.ukuu.org.uk) 21 March 95
40
41	Reworked:
42	Changed to tunnel to destination gateway in addition to the
43	tunnel's pointopoint address
44	Almost completely rewritten
45	Note: There is currently no firewall or ICMP handling done.
46
47	-Sam Lantinga (slouken@cs.ucdavis.edu) 02/13/96
48
49	*/
50
51	/ Things I wish I had known when writing the tunnel driver:*
52
53	When the tunnel_xmit() function is called, the skb contains the
54	packet to be sent (plus a great deal of extra info), and dev
55	contains the tunnel device that _we_ are.
56
57	When we are passed a packet, we are expected to fill in the
58	source address with our source IP address.
59
60	What is the proper way to allocate, copy and free a buffer?
61	After you allocate it, it is a "0 length" chunk of memory
62	starting at zero. If you want to add headers to the buffer
63	later, you'll have to call "skb_reserve(skb, amount)" with
64	the amount of memory you want reserved. Then, you call
65	"skb_put(skb, amount)" with the amount of space you want in
66	the buffer. skb_put() returns a pointer to the top (#0) of
67	that buffer. skb->len is set to the amount of space you have
68	"allocated" with skb_put(). You can then write up to skb->len
69	bytes to that buffer. If you need more, you can call skb_put()
70	again with the additional amount of space you need. You can
71	find out how much more space you can allocate by calling
72	"skb_tailroom(skb)".
73	Now, to add header space, call "skb_push(skb, header_len)".
74	This creates space at the beginning of the buffer and returns
75	a pointer to this new space. If later you need to strip a
76	header from a buffer, call "skb_pull(skb, header_len)".
77	skb_headroom() will return how much space is left at the top
78	of the buffer (before the main data). Remember, this headroom
79	space must be reserved before the skb_put() function is called.
80	*/
81
82	/*
83	This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
84
85	For comments look at net/ipv4/ip_gre.c --ANK
86	*/
87
88
89	#include <linux/capability.h>
90	#include <linux/module.h>
91	#include <linux/types.h>
92	#include <linux/kernel.h>
93	#include <linux/slab.h>
94	#include <linux/uaccess.h>
95	#include <linux/skbuff.h>
96	#include <linux/netdevice.h>
97	#include <linux/in.h>
98	#include <linux/tcp.h>
99	#include <linux/udp.h>
100	#include <linux/if_arp.h>
101	#include <linux/init.h>
102	#include <linux/netfilter_ipv4.h>
103	#include <linux/if_ether.h>
104
105	#include <net/sock.h>
106	#include <net/ip.h>
107	#include <net/icmp.h>
108	#include <net/ip_tunnels.h>
109	#include <net/inet_ecn.h>
110	#include <net/xfrm.h>
111	#include <net/net_namespace.h>
112	#include <net/netns/generic.h>
113	#include <net/dst_metadata.h>
114
115	static bool log_ecn_error = true;
116	module_param(log_ecn_error, bool, `0644`);
117	MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
118
119	static unsigned int ipip_net_id __read_mostly;
120
121	static int ipip_tunnel_init(struct net_device *dev);
122	static struct rtnl_link_ops ipip_link_ops __read_mostly;
123
124	static int ipip_err(struct sk_buff *skb, u32 info)
125	{
126	/ All the routers (except for Linux) return only*
127	* 8 bytes of packet payload. It means, that precise relaying of
128	* ICMP in the real Internet is absolutely infeasible.
129	*/
130	struct net *net = dev_net(dev: skb->dev);
131	struct ip_tunnel_net *itn = net_generic(net, id: ipip_net_id);
132	const struct iphdr iph = (const* struct iphdr *)skb->data;
133	const int type = icmp_hdr(skb)->type;
134	const int code = icmp_hdr(skb)->code;
135	struct ip_tunnel *t;
136	int err = `0`;
137
138	t = ip_tunnel_lookup(itn, link: skb->dev->ifindex, TUNNEL_NO_KEY,
139	remote: iph->daddr, local: iph->saddr, key: `0`);
140	if (!t) {
141	err = -ENOENT;
142	goto out;
143	}
144
145	switch (type) {
146	case ICMP_DEST_UNREACH:
147	switch (code) {
148	case ICMP_SR_FAILED:
149	/ Impossible event. /
150	goto out;
151	default:
152	/ All others are translated to HOST_UNREACH.*
153	* rfc2003 contains "deep thoughts" about NET_UNREACH,
154	* I believe they are just ether pollution. --ANK
155	*/
156	break;
157	}
158	break;
159
160	case ICMP_TIME_EXCEEDED:
161	if (code != ICMP_EXC_TTL)
162	goto out;
163	break;
164
165	case ICMP_REDIRECT:
166	break;
167
168	default:
169	goto out;
170	}
171
172	if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
173	ipv4_update_pmtu(skb, net, mtu: info, oif: t->parms.link, protocol: iph->protocol);
174	goto out;
175	}
176
177	if (type == ICMP_REDIRECT) {
178	ipv4_redirect(skb, net, oif: t->parms.link, protocol: iph->protocol);
179	goto out;
180	}
181
182	if (t->parms.iph.daddr == `0`) {
183	err = -ENOENT;
184	goto out;
185	}
186
187	if (t->parms.iph.ttl == `0` && type == ICMP_TIME_EXCEEDED)
188	goto out;
189
190	if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
191	t->err_count++;
192	else
193	t->err_count = `1`;
194	t->err_time = jiffies;
195
196	out:
197	return err;
198	}
199
200	static const struct tnl_ptk_info ipip_tpi = {
201	/ no tunnel info required for ipip. /
202	.proto = htons(ETH_P_IP),
203	};
204
205	#if IS_ENABLED(CONFIG_MPLS)
206	static const struct tnl_ptk_info mplsip_tpi = {
207	/ no tunnel info required for mplsip. /
208	.proto = htons(ETH_P_MPLS_UC),
209	};
210	#endif
211
212	static int ipip_tunnel_rcv(struct sk_buff *skb, u8 ipproto)
213	{
214	struct net *net = dev_net(dev: skb->dev);
215	struct ip_tunnel_net *itn = net_generic(net, id: ipip_net_id);
216	struct metadata_dst *tun_dst = NULL;
217	struct ip_tunnel *tunnel;
218	const struct iphdr *iph;
219
220	iph = ip_hdr(skb);
221	tunnel = ip_tunnel_lookup(itn, link: skb->dev->ifindex, TUNNEL_NO_KEY,
222	remote: iph->saddr, local: iph->daddr, key: `0`);
223	if (tunnel) {
224	const struct tnl_ptk_info *tpi;
225
226	if (tunnel->parms.iph.protocol != ipproto &&
227	tunnel->parms.iph.protocol != `0`)
228	goto drop;
229
230	if (!xfrm4_policy_check(NULL, dir: XFRM_POLICY_IN, skb))
231	goto drop;
232	#if IS_ENABLED(CONFIG_MPLS)
233	if (ipproto == IPPROTO_MPLS)
234	tpi = &mplsip_tpi;
235	else
236	#endif
237	tpi = &ipip_tpi;
238	if (iptunnel_pull_header(skb, hdr_len: `0`, inner_proto: tpi->proto, xnet: false))
239	goto drop;
240	if (tunnel->collect_md) {
241	tun_dst = ip_tun_rx_dst(skb, flags: `0`, tunnel_id: `0`, md_size: `0`);
242	if (!tun_dst)
243	return `0`;
244	ip_tunnel_md_udp_encap(skb, info: &tun_dst->u.tun_info);
245	}
246	skb_reset_mac_header(skb);
247
248	return ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
249	}
250
251	return -`1`;
252
253	drop:
254	kfree_skb(skb);
255	return `0`;
256	}
257
258	static int ipip_rcv(struct sk_buff *skb)
259	{
260	return ipip_tunnel_rcv(skb, IPPROTO_IPIP);
261	}
262
263	#if IS_ENABLED(CONFIG_MPLS)
264	static int mplsip_rcv(struct sk_buff *skb)
265	{
266	return ipip_tunnel_rcv(skb, IPPROTO_MPLS);
267	}
268	#endif
269
270	/*
271	* This function assumes it is being called from dev_queue_xmit()
272	* and that skb is filled properly by that function.
273	*/
274	static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb,
275	struct net_device *dev)
276	{
277	struct ip_tunnel *tunnel = netdev_priv(dev);
278	const struct iphdr *tiph = &tunnel->parms.iph;
279	u8 ipproto;
280
281	if (!pskb_inet_may_pull(skb))
282	goto tx_error;
283
284	switch (skb->protocol) {
285	case htons(ETH_P_IP):
286	ipproto = IPPROTO_IPIP;
287	break;
288	#if IS_ENABLED(CONFIG_MPLS)
289	case htons(ETH_P_MPLS_UC):
290	ipproto = IPPROTO_MPLS;
291	break;
292	#endif
293	default:
294	goto tx_error;
295	}
296
297	if (tiph->protocol != ipproto && tiph->protocol != `0`)
298	goto tx_error;
299
300	if (iptunnel_handle_offloads(skb, gso_type_mask: SKB_GSO_IPXIP4))
301	goto tx_error;
302
303	skb_set_inner_ipproto(skb, ipproto);
304
305	if (tunnel->collect_md)
306	ip_md_tunnel_xmit(skb, dev, proto: ipproto, tunnel_hlen: `0`);
307	else
308	ip_tunnel_xmit(skb, dev, tnl_params: tiph, protocol: ipproto);
309	return NETDEV_TX_OK;
310
311	tx_error:
312	kfree_skb(skb);
313
314	DEV_STATS_INC(dev, tx_errors);
315	return NETDEV_TX_OK;
316	}
317
318	static bool ipip_tunnel_ioctl_verify_protocol(u8 ipproto)
319	{
320	switch (ipproto) {
321	case `0`:
322	case IPPROTO_IPIP:
323	#if IS_ENABLED(CONFIG_MPLS)
324	case IPPROTO_MPLS:
325	#endif
326	return true;
327	}
328
329	return false;
330	}
331
332	static int
333	ipip_tunnel_ctl(struct net_device dev, struct* ip_tunnel_parm p, int* cmd)
334	{
335	if (cmd == SIOCADDTUNNEL \|\| cmd == SIOCCHGTUNNEL) {
336	if (p->iph.version != `4` \|\|
337	!ipip_tunnel_ioctl_verify_protocol(ipproto: p->iph.protocol) \|\|
338	p->iph.ihl != `5` \|\| (p->iph.frag_off & htons(~IP_DF)))
339	return -EINVAL;
340	}
341
342	p->i_key = p->o_key = `0`;
343	p->i_flags = p->o_flags = `0`;
344	return ip_tunnel_ctl(dev, p, cmd);
345	}
346
347	static const struct net_device_ops ipip_netdev_ops = {
348	.ndo_init = ipip_tunnel_init,
349	.ndo_uninit = ip_tunnel_uninit,
350	.ndo_start_xmit = ipip_tunnel_xmit,
351	.ndo_siocdevprivate = ip_tunnel_siocdevprivate,
352	.ndo_change_mtu = ip_tunnel_change_mtu,
353	.ndo_get_stats64 = dev_get_tstats64,
354	.ndo_get_iflink = ip_tunnel_get_iflink,
355	.ndo_tunnel_ctl = ipip_tunnel_ctl,
356	};
357
358	#define IPIP_FEATURES (NETIF_F_SG \| \
359	NETIF_F_FRAGLIST \| \
360	NETIF_F_HIGHDMA \| \
361	NETIF_F_GSO_SOFTWARE \| \
362	NETIF_F_HW_CSUM)
363
364	static void ipip_tunnel_setup(struct net_device *dev)
365	{
366	dev->netdev_ops = &ipip_netdev_ops;
367	dev->header_ops = &ip_tunnel_header_ops;
368
369	dev->type = ARPHRD_TUNNEL;
370	dev->flags = IFF_NOARP;
371	dev->addr_len = `4`;
372	dev->features \|= NETIF_F_LLTX;
373	netif_keep_dst(dev);
374
375	dev->features \|= IPIP_FEATURES;
376	dev->hw_features \|= IPIP_FEATURES;
377	ip_tunnel_setup(dev, net_id: ipip_net_id);
378	}
379
380	static int ipip_tunnel_init(struct net_device *dev)
381	{
382	struct ip_tunnel *tunnel = netdev_priv(dev);
383
384	__dev_addr_set(dev, addr: &tunnel->parms.iph.saddr, len: `4`);
385	memcpy(dev->broadcast, &tunnel->parms.iph.daddr, `4`);
386
387	tunnel->tun_hlen = `0`;
388	tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
389	return ip_tunnel_init(dev);
390	}
391
392	static int ipip_tunnel_validate(struct nlattr tb[], struct* nlattr *data[],
393	struct netlink_ext_ack *extack)
394	{
395	u8 proto;
396
397	if (!data \|\| !data[IFLA_IPTUN_PROTO])
398	return `0`;
399
400	proto = nla_get_u8(nla: data[IFLA_IPTUN_PROTO]);
401	if (proto != IPPROTO_IPIP && proto != IPPROTO_MPLS && proto != `0`)
402	return -EINVAL;
403
404	return `0`;
405	}
406
407	static void ipip_netlink_parms(struct nlattr *data[],
408	struct ip_tunnel_parm parms, bool collect_md,
409	__u32 *fwmark)
410	{
411	memset(parms, `0`, sizeof(*parms));
412
413	parms->iph.version = `4`;
414	parms->iph.protocol = IPPROTO_IPIP;
415	parms->iph.ihl = `5`;
416	*collect_md = false;
417
418	if (!data)
419	return;
420
421	ip_tunnel_netlink_parms(data, parms);
422
423	if (data[IFLA_IPTUN_COLLECT_METADATA])
424	*collect_md = true;
425
426	if (data[IFLA_IPTUN_FWMARK])
427	*fwmark = nla_get_u32(nla: data[IFLA_IPTUN_FWMARK]);
428	}
429
430	static int ipip_newlink(struct net src_net, struct* net_device *dev,
431	struct nlattr tb[], struct* nlattr *data[],
432	struct netlink_ext_ack *extack)
433	{
434	struct ip_tunnel *t = netdev_priv(dev);
435	struct ip_tunnel_parm p;
436	struct ip_tunnel_encap ipencap;
437	__u32 fwmark = `0`;
438
439	if (ip_tunnel_netlink_encap_parms(data, encap: &ipencap)) {
440	int err = ip_tunnel_encap_setup(t, ipencap: &ipencap);
441
442	if (err < `0`)
443	return err;
444	}
445
446	ipip_netlink_parms(data, parms: &p, collect_md: &t->collect_md, fwmark: &fwmark);
447	return ip_tunnel_newlink(dev, tb, p: &p, fwmark);
448	}
449
450	static int ipip_changelink(struct net_device dev, struct* nlattr *tb[],
451	struct nlattr *data[],
452	struct netlink_ext_ack *extack)
453	{
454	struct ip_tunnel *t = netdev_priv(dev);
455	struct ip_tunnel_parm p;
456	struct ip_tunnel_encap ipencap;
457	bool collect_md;
458	__u32 fwmark = t->fwmark;
459
460	if (ip_tunnel_netlink_encap_parms(data, encap: &ipencap)) {
461	int err = ip_tunnel_encap_setup(t, ipencap: &ipencap);
462
463	if (err < `0`)
464	return err;
465	}
466
467	ipip_netlink_parms(data, parms: &p, collect_md: &collect_md, fwmark: &fwmark);
468	if (collect_md)
469	return -EINVAL;
470
471	if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) \|\|
472	(!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
473	return -EINVAL;
474
475	return ip_tunnel_changelink(dev, tb, p: &p, fwmark);
476	}
477
478	static size_t ipip_get_size(const struct net_device *dev)
479	{
480	return
481	/ IFLA_IPTUN_LINK /
482	nla_total_size(payload: `4`) +
483	/ IFLA_IPTUN_LOCAL /
484	nla_total_size(payload: `4`) +
485	/ IFLA_IPTUN_REMOTE /
486	nla_total_size(payload: `4`) +
487	/ IFLA_IPTUN_TTL /
488	nla_total_size(payload: `1`) +
489	/ IFLA_IPTUN_TOS /
490	nla_total_size(payload: `1`) +
491	/ IFLA_IPTUN_PROTO /
492	nla_total_size(payload: `1`) +
493	/ IFLA_IPTUN_PMTUDISC /
494	nla_total_size(payload: `1`) +
495	/ IFLA_IPTUN_ENCAP_TYPE /
496	nla_total_size(payload: `2`) +
497	/ IFLA_IPTUN_ENCAP_FLAGS /
498	nla_total_size(payload: `2`) +
499	/ IFLA_IPTUN_ENCAP_SPORT /
500	nla_total_size(payload: `2`) +
501	/ IFLA_IPTUN_ENCAP_DPORT /
502	nla_total_size(payload: `2`) +
503	/ IFLA_IPTUN_COLLECT_METADATA /
504	nla_total_size(payload: `0`) +
505	/ IFLA_IPTUN_FWMARK /
506	nla_total_size(payload: `4`) +
507	`0`;
508	}
509
510	static int ipip_fill_info(struct sk_buff skb, const* struct net_device *dev)
511	{
512	struct ip_tunnel *tunnel = netdev_priv(dev);
513	struct ip_tunnel_parm *parm = &tunnel->parms;
514
515	if (nla_put_u32(skb, attrtype: IFLA_IPTUN_LINK, value: parm->link) \|\|
516	nla_put_in_addr(skb, attrtype: IFLA_IPTUN_LOCAL, addr: parm->iph.saddr) \|\|
517	nla_put_in_addr(skb, attrtype: IFLA_IPTUN_REMOTE, addr: parm->iph.daddr) \|\|
518	nla_put_u8(skb, attrtype: IFLA_IPTUN_TTL, value: parm->iph.ttl) \|\|
519	nla_put_u8(skb, attrtype: IFLA_IPTUN_TOS, value: parm->iph.tos) \|\|
520	nla_put_u8(skb, attrtype: IFLA_IPTUN_PROTO, value: parm->iph.protocol) \|\|
521	nla_put_u8(skb, attrtype: IFLA_IPTUN_PMTUDISC,
522	value: !!(parm->iph.frag_off & htons(IP_DF))) \|\|
523	nla_put_u32(skb, attrtype: IFLA_IPTUN_FWMARK, value: tunnel->fwmark))
524	goto nla_put_failure;
525
526	if (nla_put_u16(skb, attrtype: IFLA_IPTUN_ENCAP_TYPE,
527	value: tunnel->encap.type) \|\|
528	nla_put_be16(skb, attrtype: IFLA_IPTUN_ENCAP_SPORT,
529	value: tunnel->encap.sport) \|\|
530	nla_put_be16(skb, attrtype: IFLA_IPTUN_ENCAP_DPORT,
531	value: tunnel->encap.dport) \|\|
532	nla_put_u16(skb, attrtype: IFLA_IPTUN_ENCAP_FLAGS,
533	value: tunnel->encap.flags))
534	goto nla_put_failure;
535
536	if (tunnel->collect_md)
537	if (nla_put_flag(skb, attrtype: IFLA_IPTUN_COLLECT_METADATA))
538	goto nla_put_failure;
539	return `0`;
540
541	nla_put_failure:
542	return -EMSGSIZE;
543	}
544
545	static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + `1`] = {
546	[IFLA_IPTUN_LINK] = { .type = NLA_U32 },
547	[IFLA_IPTUN_LOCAL] = { .type = NLA_U32 },
548	[IFLA_IPTUN_REMOTE] = { .type = NLA_U32 },
549	[IFLA_IPTUN_TTL] = { .type = NLA_U8 },
550	[IFLA_IPTUN_TOS] = { .type = NLA_U8 },
551	[IFLA_IPTUN_PROTO] = { .type = NLA_U8 },
552	[IFLA_IPTUN_PMTUDISC] = { .type = NLA_U8 },
553	[IFLA_IPTUN_ENCAP_TYPE] = { .type = NLA_U16 },
554	[IFLA_IPTUN_ENCAP_FLAGS] = { .type = NLA_U16 },
555	[IFLA_IPTUN_ENCAP_SPORT] = { .type = NLA_U16 },
556	[IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 },
557	[IFLA_IPTUN_COLLECT_METADATA] = { .type = NLA_FLAG },
558	[IFLA_IPTUN_FWMARK] = { .type = NLA_U32 },
559	};
560
561	static struct rtnl_link_ops ipip_link_ops __read_mostly = {
562	.kind = "ipip",
563	.maxtype = IFLA_IPTUN_MAX,
564	.policy = ipip_policy,
565	.priv_size = sizeof(struct ip_tunnel),
566	.setup = ipip_tunnel_setup,
567	.validate = ipip_tunnel_validate,
568	.newlink = ipip_newlink,
569	.changelink = ipip_changelink,
570	.dellink = ip_tunnel_dellink,
571	.get_size = ipip_get_size,
572	.fill_info = ipip_fill_info,
573	.get_link_net = ip_tunnel_get_link_net,
574	};
575
576	static struct xfrm_tunnel ipip_handler __read_mostly = {
577	.handler = ipip_rcv,
578	.err_handler = ipip_err,
579	.priority = `1`,
580	};
581
582	#if IS_ENABLED(CONFIG_MPLS)
583	static struct xfrm_tunnel mplsip_handler __read_mostly = {
584	.handler = mplsip_rcv,
585	.err_handler = ipip_err,
586	.priority = `1`,
587	};
588	#endif
589
590	static int __net_init ipip_init_net(struct net *net)
591	{
592	return ip_tunnel_init_net(net, ip_tnl_net_id: ipip_net_id, ops: &ipip_link_ops, devname: "tunl0");
593	}
594
595	static void __net_exit ipip_exit_batch_net(struct list_head *list_net)
596	{
597	ip_tunnel_delete_nets(list_net, id: ipip_net_id, ops: &ipip_link_ops);
598	}
599
600	static struct pernet_operations ipip_net_ops = {
601	.init = ipip_init_net,
602	.exit_batch = ipip_exit_batch_net,
603	.id = &ipip_net_id,
604	.size = sizeof(struct ip_tunnel_net),
605	};
606
607	static int __init ipip_init(void)
608	{
609	int err;
610
611	pr_info("ipip: IPv4 and MPLS over IPv4 tunneling driver\n");
612
613	err = register_pernet_device(&ipip_net_ops);
614	if (err < `0`)
615	return err;
616	err = xfrm4_tunnel_register(handler: &ipip_handler, AF_INET);
617	if (err < `0`) {
618	pr_info("%s: can't register tunnel\n", __func__);
619	goto xfrm_tunnel_ipip_failed;
620	}
621	#if IS_ENABLED(CONFIG_MPLS)
622	err = xfrm4_tunnel_register(handler: &mplsip_handler, AF_MPLS);
623	if (err < `0`) {
624	pr_info("%s: can't register tunnel\n", __func__);
625	goto xfrm_tunnel_mplsip_failed;
626	}
627	#endif
628	err = rtnl_link_register(ops: &ipip_link_ops);
629	if (err < `0`)
630	goto rtnl_link_failed;
631
632	out:
633	return err;
634
635	rtnl_link_failed:
636	#if IS_ENABLED(CONFIG_MPLS)
637	xfrm4_tunnel_deregister(handler: &mplsip_handler, AF_MPLS);
638	xfrm_tunnel_mplsip_failed:
639
640	#endif
641	xfrm4_tunnel_deregister(handler: &ipip_handler, AF_INET);
642	xfrm_tunnel_ipip_failed:
643	unregister_pernet_device(&ipip_net_ops);
644	goto out;
645	}
646
647	static void __exit ipip_fini(void)
648	{
649	rtnl_link_unregister(ops: &ipip_link_ops);
650	if (xfrm4_tunnel_deregister(handler: &ipip_handler, AF_INET))
651	pr_info("%s: can't deregister tunnel\n", __func__);
652	#if IS_ENABLED(CONFIG_MPLS)
653	if (xfrm4_tunnel_deregister(handler: &mplsip_handler, AF_MPLS))
654	pr_info("%s: can't deregister tunnel\n", __func__);
655	#endif
656	unregister_pernet_device(&ipip_net_ops);
657	}
658
659	module_init(ipip_init);
660	module_exit(ipip_fini);
661	MODULE_LICENSE("GPL");
662	MODULE_ALIAS_RTNL_LINK("ipip");
663	MODULE_ALIAS_NETDEV("tunl0");
664

source code of linux/net/ipv4/ipip.c