2 * Linux NET3: IP/IP protocol decoder.
5 * Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
8 * Alan Cox : Merged and made usable non modular (its so tiny its silly as
9 * a module taking up 2 pages).
10 * Alan Cox : Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
11 * to keep ip_forward happy.
12 * Alan Cox : More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
13 * Kai Schulte : Fixed #defines for IP_FIREWALL->FIREWALL
14 * David Woodhouse : Perform some basic ICMP handling.
15 * IPIP Routing without decapsulation.
16 * Carlos Picoto : GRE over IP support
17 * Alexey Kuznetsov: Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
18 * I do not want to merge them together.
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
27 /* tunnel.c: an IP tunnel driver
29 The purpose of this driver is to provide an IP tunnel through
30 which you can tunnel network traffic transparently across subnets.
32 This was written by looking at Nick Holloway's dummy driver
33 Thanks for the great code!
35 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
38 Cleaned up the code a little and added some pre-1.3.0 tweaks.
39 dev->hard_header/hard_header_len changed to use no headers.
40 Comments/bracketing tweaked.
41 Made the tunnels use dev->name not tunnel: when error reporting.
44 -Alan Cox (alan@lxorguk.ukuu.org.uk) 21 March 95
47 Changed to tunnel to destination gateway in addition to the
48 tunnel's pointopoint address
49 Almost completely rewritten
50 Note: There is currently no firewall or ICMP handling done.
52 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/13/96
56 /* Things I wish I had known when writing the tunnel driver:
58 When the tunnel_xmit() function is called, the skb contains the
59 packet to be sent (plus a great deal of extra info), and dev
60 contains the tunnel device that _we_ are.
62 When we are passed a packet, we are expected to fill in the
63 source address with our source IP address.
65 What is the proper way to allocate, copy and free a buffer?
66 After you allocate it, it is a "0 length" chunk of memory
67 starting at zero. If you want to add headers to the buffer
68 later, you'll have to call "skb_reserve(skb, amount)" with
69 the amount of memory you want reserved. Then, you call
70 "skb_put(skb, amount)" with the amount of space you want in
71 the buffer. skb_put() returns a pointer to the top (#0) of
72 that buffer. skb->len is set to the amount of space you have
73 "allocated" with skb_put(). You can then write up to skb->len
74 bytes to that buffer. If you need more, you can call skb_put()
75 again with the additional amount of space you need. You can
76 find out how much more space you can allocate by calling
78 Now, to add header space, call "skb_push(skb, header_len)".
79 This creates space at the beginning of the buffer and returns
80 a pointer to this new space. If later you need to strip a
81 header from a buffer, call "skb_pull(skb, header_len)".
82 skb_headroom() will return how much space is left at the top
83 of the buffer (before the main data). Remember, this headroom
84 space must be reserved before the skb_put() function is called.
88 This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
90 For comments look at net/ipv4/ip_gre.c --ANK
94 #include <linux/capability.h>
95 #include <linux/module.h>
96 #include <linux/types.h>
97 #include <linux/kernel.h>
98 #include <linux/slab.h>
99 #include <asm/uaccess.h>
100 #include <linux/skbuff.h>
101 #include <linux/netdevice.h>
102 #include <linux/in.h>
103 #include <linux/tcp.h>
104 #include <linux/udp.h>
105 #include <linux/if_arp.h>
106 #include <linux/mroute.h>
107 #include <linux/init.h>
108 #include <linux/netfilter_ipv4.h>
109 #include <linux/if_ether.h>
111 #include <net/sock.h>
113 #include <net/icmp.h>
114 #include <net/ipip.h>
115 #include <net/inet_ecn.h>
116 #include <net/xfrm.h>
117 #include <net/net_namespace.h>
118 #include <net/netns/generic.h>
121 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
123 static int ipip_net_id __read_mostly;
125 struct ip_tunnel __rcu *tunnels_r_l[HASH_SIZE];
126 struct ip_tunnel __rcu *tunnels_r[HASH_SIZE];
127 struct ip_tunnel __rcu *tunnels_l[HASH_SIZE];
128 struct ip_tunnel __rcu *tunnels_wc[1];
129 struct ip_tunnel __rcu **tunnels[4];
131 struct net_device *fb_tunnel_dev;
134 static int ipip_tunnel_init(struct net_device *dev);
135 static void ipip_tunnel_setup(struct net_device *dev);
136 static void ipip_dev_free(struct net_device *dev);
139 * Locking : hash tables are protected by RCU and RTNL
142 #define for_each_ip_tunnel_rcu(start) \
143 for (t = rcu_dereference(start); t; t = rcu_dereference(t->next))
145 /* often modified stats are per cpu, other are shared (netdev->stats) */
147 unsigned long rx_packets;
148 unsigned long rx_bytes;
149 unsigned long tx_packets;
150 unsigned long tx_bytes;
151 } __attribute__((aligned(4*sizeof(unsigned long))));
153 static struct net_device_stats *ipip_get_stats(struct net_device *dev)
155 struct pcpu_tstats sum = { 0 };
158 for_each_possible_cpu(i) {
159 const struct pcpu_tstats *tstats = per_cpu_ptr(dev->tstats, i);
161 sum.rx_packets += tstats->rx_packets;
162 sum.rx_bytes += tstats->rx_bytes;
163 sum.tx_packets += tstats->tx_packets;
164 sum.tx_bytes += tstats->tx_bytes;
166 dev->stats.rx_packets = sum.rx_packets;
167 dev->stats.rx_bytes = sum.rx_bytes;
168 dev->stats.tx_packets = sum.tx_packets;
169 dev->stats.tx_bytes = sum.tx_bytes;
173 static struct ip_tunnel * ipip_tunnel_lookup(struct net *net,
174 __be32 remote, __be32 local)
176 unsigned int h0 = HASH(remote);
177 unsigned int h1 = HASH(local);
179 struct ipip_net *ipn = net_generic(net, ipip_net_id);
181 for_each_ip_tunnel_rcu(ipn->tunnels_r_l[h0 ^ h1])
182 if (local == t->parms.iph.saddr &&
183 remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
186 for_each_ip_tunnel_rcu(ipn->tunnels_r[h0])
187 if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
190 for_each_ip_tunnel_rcu(ipn->tunnels_l[h1])
191 if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP))
194 t = rcu_dereference(ipn->tunnels_wc[0]);
195 if (t && (t->dev->flags&IFF_UP))
200 static struct ip_tunnel __rcu **__ipip_bucket(struct ipip_net *ipn,
201 struct ip_tunnel_parm *parms)
203 __be32 remote = parms->iph.daddr;
204 __be32 local = parms->iph.saddr;
216 return &ipn->tunnels[prio][h];
219 static inline struct ip_tunnel __rcu **ipip_bucket(struct ipip_net *ipn,
222 return __ipip_bucket(ipn, &t->parms);
225 static void ipip_tunnel_unlink(struct ipip_net *ipn, struct ip_tunnel *t)
227 struct ip_tunnel __rcu **tp;
228 struct ip_tunnel *iter;
230 for (tp = ipip_bucket(ipn, t);
231 (iter = rtnl_dereference(*tp)) != NULL;
234 rcu_assign_pointer(*tp, t->next);
240 static void ipip_tunnel_link(struct ipip_net *ipn, struct ip_tunnel *t)
242 struct ip_tunnel __rcu **tp = ipip_bucket(ipn, t);
244 rcu_assign_pointer(t->next, rtnl_dereference(*tp));
245 rcu_assign_pointer(*tp, t);
248 static struct ip_tunnel * ipip_tunnel_locate(struct net *net,
249 struct ip_tunnel_parm *parms, int create)
251 __be32 remote = parms->iph.daddr;
252 __be32 local = parms->iph.saddr;
253 struct ip_tunnel *t, *nt;
254 struct ip_tunnel __rcu **tp;
255 struct net_device *dev;
257 struct ipip_net *ipn = net_generic(net, ipip_net_id);
259 for (tp = __ipip_bucket(ipn, parms);
260 (t = rtnl_dereference(*tp)) != NULL;
262 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr)
269 strlcpy(name, parms->name, IFNAMSIZ);
271 strcpy(name, "tunl%d");
273 dev = alloc_netdev(sizeof(*t), name, ipip_tunnel_setup);
277 dev_net_set(dev, net);
279 nt = netdev_priv(dev);
282 if (ipip_tunnel_init(dev) < 0)
285 if (register_netdevice(dev) < 0)
288 strcpy(nt->parms.name, dev->name);
291 ipip_tunnel_link(ipn, nt);
299 /* called with RTNL */
300 static void ipip_tunnel_uninit(struct net_device *dev)
302 struct net *net = dev_net(dev);
303 struct ipip_net *ipn = net_generic(net, ipip_net_id);
305 if (dev == ipn->fb_tunnel_dev)
306 RCU_INIT_POINTER(ipn->tunnels_wc[0], NULL);
308 ipip_tunnel_unlink(ipn, netdev_priv(dev));
312 static int ipip_err(struct sk_buff *skb, u32 info)
315 /* All the routers (except for Linux) return only
316 8 bytes of packet payload. It means, that precise relaying of
317 ICMP in the real Internet is absolutely infeasible.
319 const struct iphdr *iph = (const struct iphdr *)skb->data;
320 const int type = icmp_hdr(skb)->type;
321 const int code = icmp_hdr(skb)->code;
327 case ICMP_PARAMETERPROB:
330 case ICMP_DEST_UNREACH:
333 case ICMP_PORT_UNREACH:
334 /* Impossible event. */
336 case ICMP_FRAG_NEEDED:
337 /* Soft state for pmtu is maintained by IP core. */
340 /* All others are translated to HOST_UNREACH.
341 rfc2003 contains "deep thoughts" about NET_UNREACH,
342 I believe they are just ether pollution. --ANK
347 case ICMP_TIME_EXCEEDED:
348 if (code != ICMP_EXC_TTL)
356 t = ipip_tunnel_lookup(dev_net(skb->dev), iph->daddr, iph->saddr);
357 if (t == NULL || t->parms.iph.daddr == 0)
361 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
364 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
368 t->err_time = jiffies;
374 static inline void ipip_ecn_decapsulate(const struct iphdr *outer_iph,
377 struct iphdr *inner_iph = ip_hdr(skb);
379 if (INET_ECN_is_ce(outer_iph->tos))
380 IP_ECN_set_ce(inner_iph);
383 static int ipip_rcv(struct sk_buff *skb)
385 struct ip_tunnel *tunnel;
386 const struct iphdr *iph = ip_hdr(skb);
389 tunnel = ipip_tunnel_lookup(dev_net(skb->dev), iph->saddr, iph->daddr);
390 if (tunnel != NULL) {
391 struct pcpu_tstats *tstats;
393 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
401 skb->mac_header = skb->network_header;
402 skb_reset_network_header(skb);
403 skb->protocol = htons(ETH_P_IP);
404 skb->pkt_type = PACKET_HOST;
406 tstats = this_cpu_ptr(tunnel->dev->tstats);
407 tstats->rx_packets++;
408 tstats->rx_bytes += skb->len;
410 __skb_tunnel_rx(skb, tunnel->dev);
412 ipip_ecn_decapsulate(iph, skb);
425 * This function assumes it is being called from dev_queue_xmit()
426 * and that skb is filled properly by that function.
429 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
431 struct ip_tunnel *tunnel = netdev_priv(dev);
432 struct pcpu_tstats *tstats;
433 const struct iphdr *tiph = &tunnel->parms.iph;
434 u8 tos = tunnel->parms.iph.tos;
435 __be16 df = tiph->frag_off;
436 struct rtable *rt; /* Route to the other host */
437 struct net_device *tdev; /* Device to other host */
438 const struct iphdr *old_iph = ip_hdr(skb);
439 struct iphdr *iph; /* Our new IP header */
440 unsigned int max_headroom; /* The extra header space needed */
441 __be32 dst = tiph->daddr;
445 if (skb->protocol != htons(ETH_P_IP))
453 if ((rt = skb_rtable(skb)) == NULL) {
454 dev->stats.tx_fifo_errors++;
457 dst = rt->rt_gateway;
460 rt = ip_route_output_ports(dev_net(dev), &fl4, NULL,
463 IPPROTO_IPIP, RT_TOS(tos),
466 dev->stats.tx_carrier_errors++;
473 dev->stats.collisions++;
477 df |= old_iph->frag_off & htons(IP_DF);
480 mtu = dst_mtu(&rt->dst) - sizeof(struct iphdr);
483 dev->stats.collisions++;
489 skb_dst(skb)->ops->update_pmtu(skb_dst(skb), mtu);
491 if ((old_iph->frag_off & htons(IP_DF)) &&
492 mtu < ntohs(old_iph->tot_len)) {
493 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
500 if (tunnel->err_count > 0) {
501 if (time_before(jiffies,
502 tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
504 dst_link_failure(skb);
506 tunnel->err_count = 0;
510 * Okay, now see if we can stuff it in the buffer as-is.
512 max_headroom = (LL_RESERVED_SPACE(tdev)+sizeof(struct iphdr));
514 if (skb_headroom(skb) < max_headroom || skb_shared(skb) ||
515 (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
516 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
519 dev->stats.tx_dropped++;
524 skb_set_owner_w(new_skb, skb->sk);
527 old_iph = ip_hdr(skb);
530 skb->transport_header = skb->network_header;
531 skb_push(skb, sizeof(struct iphdr));
532 skb_reset_network_header(skb);
533 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
534 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
537 skb_dst_set(skb, &rt->dst);
540 * Push down and install the IPIP header.
545 iph->ihl = sizeof(struct iphdr)>>2;
547 iph->protocol = IPPROTO_IPIP;
548 iph->tos = INET_ECN_encapsulate(tos, old_iph->tos);
549 iph->daddr = fl4.daddr;
550 iph->saddr = fl4.saddr;
552 if ((iph->ttl = tiph->ttl) == 0)
553 iph->ttl = old_iph->ttl;
556 tstats = this_cpu_ptr(dev->tstats);
557 __IPTUNNEL_XMIT(tstats, &dev->stats);
561 dst_link_failure(skb);
563 dev->stats.tx_errors++;
568 static void ipip_tunnel_bind_dev(struct net_device *dev)
570 struct net_device *tdev = NULL;
571 struct ip_tunnel *tunnel;
572 const struct iphdr *iph;
574 tunnel = netdev_priv(dev);
575 iph = &tunnel->parms.iph;
581 rt = ip_route_output_ports(dev_net(dev), &fl4, NULL,
582 iph->daddr, iph->saddr,
591 dev->flags |= IFF_POINTOPOINT;
594 if (!tdev && tunnel->parms.link)
595 tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link);
598 dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr);
599 dev->mtu = tdev->mtu - sizeof(struct iphdr);
601 dev->iflink = tunnel->parms.link;
605 ipip_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
608 struct ip_tunnel_parm p;
610 struct net *net = dev_net(dev);
611 struct ipip_net *ipn = net_generic(net, ipip_net_id);
616 if (dev == ipn->fb_tunnel_dev) {
617 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
621 t = ipip_tunnel_locate(net, &p, 0);
624 t = netdev_priv(dev);
625 memcpy(&p, &t->parms, sizeof(p));
626 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
633 if (!capable(CAP_NET_ADMIN))
637 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
641 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
642 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
645 p.iph.frag_off |= htons(IP_DF);
647 t = ipip_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL);
649 if (dev != ipn->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
656 if (((dev->flags&IFF_POINTOPOINT) && !p.iph.daddr) ||
657 (!(dev->flags&IFF_POINTOPOINT) && p.iph.daddr)) {
661 t = netdev_priv(dev);
662 ipip_tunnel_unlink(ipn, t);
664 t->parms.iph.saddr = p.iph.saddr;
665 t->parms.iph.daddr = p.iph.daddr;
666 memcpy(dev->dev_addr, &p.iph.saddr, 4);
667 memcpy(dev->broadcast, &p.iph.daddr, 4);
668 ipip_tunnel_link(ipn, t);
669 netdev_state_change(dev);
675 if (cmd == SIOCCHGTUNNEL) {
676 t->parms.iph.ttl = p.iph.ttl;
677 t->parms.iph.tos = p.iph.tos;
678 t->parms.iph.frag_off = p.iph.frag_off;
679 if (t->parms.link != p.link) {
680 t->parms.link = p.link;
681 ipip_tunnel_bind_dev(dev);
682 netdev_state_change(dev);
685 if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
688 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
693 if (!capable(CAP_NET_ADMIN))
696 if (dev == ipn->fb_tunnel_dev) {
698 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
701 if ((t = ipip_tunnel_locate(net, &p, 0)) == NULL)
704 if (t->dev == ipn->fb_tunnel_dev)
708 unregister_netdevice(dev);
720 static int ipip_tunnel_change_mtu(struct net_device *dev, int new_mtu)
722 if (new_mtu < 68 || new_mtu > 0xFFF8 - sizeof(struct iphdr))
728 static const struct net_device_ops ipip_netdev_ops = {
729 .ndo_uninit = ipip_tunnel_uninit,
730 .ndo_start_xmit = ipip_tunnel_xmit,
731 .ndo_do_ioctl = ipip_tunnel_ioctl,
732 .ndo_change_mtu = ipip_tunnel_change_mtu,
733 .ndo_get_stats = ipip_get_stats,
736 static void ipip_dev_free(struct net_device *dev)
738 free_percpu(dev->tstats);
742 static void ipip_tunnel_setup(struct net_device *dev)
744 dev->netdev_ops = &ipip_netdev_ops;
745 dev->destructor = ipip_dev_free;
747 dev->type = ARPHRD_TUNNEL;
748 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr);
749 dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr);
750 dev->flags = IFF_NOARP;
753 dev->features |= NETIF_F_NETNS_LOCAL;
754 dev->features |= NETIF_F_LLTX;
755 dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
758 static int ipip_tunnel_init(struct net_device *dev)
760 struct ip_tunnel *tunnel = netdev_priv(dev);
764 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
765 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
767 ipip_tunnel_bind_dev(dev);
769 dev->tstats = alloc_percpu(struct pcpu_tstats);
776 static int __net_init ipip_fb_tunnel_init(struct net_device *dev)
778 struct ip_tunnel *tunnel = netdev_priv(dev);
779 struct iphdr *iph = &tunnel->parms.iph;
780 struct ipip_net *ipn = net_generic(dev_net(dev), ipip_net_id);
783 strcpy(tunnel->parms.name, dev->name);
786 iph->protocol = IPPROTO_IPIP;
789 dev->tstats = alloc_percpu(struct pcpu_tstats);
794 rcu_assign_pointer(ipn->tunnels_wc[0], tunnel);
798 static struct xfrm_tunnel ipip_handler __read_mostly = {
800 .err_handler = ipip_err,
804 static const char banner[] __initconst =
805 KERN_INFO "IPv4 over IPv4 tunneling driver\n";
807 static void ipip_destroy_tunnels(struct ipip_net *ipn, struct list_head *head)
811 for (prio = 1; prio < 4; prio++) {
813 for (h = 0; h < HASH_SIZE; h++) {
816 t = rtnl_dereference(ipn->tunnels[prio][h]);
818 unregister_netdevice_queue(t->dev, head);
819 t = rtnl_dereference(t->next);
825 static int __net_init ipip_init_net(struct net *net)
827 struct ipip_net *ipn = net_generic(net, ipip_net_id);
831 ipn->tunnels[0] = ipn->tunnels_wc;
832 ipn->tunnels[1] = ipn->tunnels_l;
833 ipn->tunnels[2] = ipn->tunnels_r;
834 ipn->tunnels[3] = ipn->tunnels_r_l;
836 ipn->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel),
839 if (!ipn->fb_tunnel_dev) {
843 dev_net_set(ipn->fb_tunnel_dev, net);
845 err = ipip_fb_tunnel_init(ipn->fb_tunnel_dev);
849 if ((err = register_netdev(ipn->fb_tunnel_dev)))
852 t = netdev_priv(ipn->fb_tunnel_dev);
854 strcpy(t->parms.name, ipn->fb_tunnel_dev->name);
858 ipip_dev_free(ipn->fb_tunnel_dev);
864 static void __net_exit ipip_exit_net(struct net *net)
866 struct ipip_net *ipn = net_generic(net, ipip_net_id);
870 ipip_destroy_tunnels(ipn, &list);
871 unregister_netdevice_queue(ipn->fb_tunnel_dev, &list);
872 unregister_netdevice_many(&list);
876 static struct pernet_operations ipip_net_ops = {
877 .init = ipip_init_net,
878 .exit = ipip_exit_net,
880 .size = sizeof(struct ipip_net),
883 static int __init ipip_init(void)
889 err = register_pernet_device(&ipip_net_ops);
892 err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
894 unregister_pernet_device(&ipip_net_ops);
895 pr_info("%s: can't register tunnel\n", __func__);
900 static void __exit ipip_fini(void)
902 if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
903 pr_info("%s: can't deregister tunnel\n", __func__);
905 unregister_pernet_device(&ipip_net_ops);
908 module_init(ipip_init);
909 module_exit(ipip_fini);
910 MODULE_LICENSE("GPL");
911 MODULE_ALIAS_NETDEV("tunl0");
projects / firefly-linux-kernel-4.4.55.git / blob