1 /*
2 * Linux NET3: IP/IP protocol decoder modified to support
3 * virtual tunnel interface
4 *
5 * Authors:
6 * Saurabh Mohan (saurabh.mohan@vyatta.com) 05/07/2012
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version
11 * 2 of the License, or (at your option) any later version.
12 *
13 */
14
15 /*
16 This version of net/ipv4/ip_vti.c is cloned of net/ipv4/ipip.c
17
18 For comments look at net/ipv4/ip_gre.c --ANK
19 */
20
21
22 #include <linux/capability.h>
23 #include <linux/module.h>
24 #include <linux/types.h>
25 #include <linux/kernel.h>
26 #include <linux/uaccess.h>
27 #include <linux/skbuff.h>
28 #include <linux/netdevice.h>
29 #include <linux/in.h>
30 #include <linux/tcp.h>
31 #include <linux/udp.h>
32 #include <linux/if_arp.h>
33 #include <linux/mroute.h>
34 #include <linux/init.h>
35 #include <linux/netfilter_ipv4.h>
36 #include <linux/if_ether.h>
37
38 #include <net/sock.h>
39 #include <net/ip.h>
40 #include <net/icmp.h>
41 #include <net/ip_tunnels.h>
42 #include <net/inet_ecn.h>
43 #include <net/xfrm.h>
44 #include <net/net_namespace.h>
45 #include <net/netns/generic.h>
46
47 #define HASH_SIZE 16
48 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&(HASH_SIZE-1))
49
50 static struct rtnl_link_ops vti_link_ops __read_mostly;
51
52 static int vti_net_id __read_mostly;
53 struct vti_net {
54 struct ip_tunnel __rcu *tunnels_r_l[HASH_SIZE];
55 struct ip_tunnel __rcu *tunnels_r[HASH_SIZE];
56 struct ip_tunnel __rcu *tunnels_l[HASH_SIZE];
57 struct ip_tunnel __rcu *tunnels_wc[1];
58 struct ip_tunnel __rcu **tunnels[4];
59
60 struct net_device *fb_tunnel_dev;
61 };
62
63 static int vti_fb_tunnel_init(struct net_device *dev);
64 static int vti_tunnel_init(struct net_device *dev);
65 static void vti_tunnel_setup(struct net_device *dev);
66 static void vti_dev_free(struct net_device *dev);
67 static int vti_tunnel_bind_dev(struct net_device *dev);
68
69 #define VTI_XMIT(stats1, stats2) do { \
70 int err; \
71 int pkt_len = skb->len; \
72 err = dst_output(skb); \
73 if (net_xmit_eval(err) == 0) { \
74 u64_stats_update_begin(&(stats1)->syncp); \
75 (stats1)->tx_bytes += pkt_len; \
76 (stats1)->tx_packets++; \
77 u64_stats_update_end(&(stats1)->syncp); \
78 } else { \
79 (stats2)->tx_errors++; \
80 (stats2)->tx_aborted_errors++; \
81 } \
82 } while (0)
83
84
85 static struct ip_tunnel *vti_tunnel_lookup(struct net *net,
86 __be32 remote, __be32 local)
87 {
88 unsigned h0 = HASH(remote);
89 unsigned h1 = HASH(local);
90 struct ip_tunnel *t;
91 struct vti_net *ipn = net_generic(net, vti_net_id);
92
93 for_each_ip_tunnel_rcu(t, ipn->tunnels_r_l[h0 ^ h1])
94 if (local == t->parms.iph.saddr &&
95 remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
96 return t;
97 for_each_ip_tunnel_rcu(t, ipn->tunnels_r[h0])
98 if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
99 return t;
100
101 for_each_ip_tunnel_rcu(t, ipn->tunnels_l[h1])
102 if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP))
103 return t;
104
105 for_each_ip_tunnel_rcu(t, ipn->tunnels_wc[0])
106 if (t && (t->dev->flags&IFF_UP))
107 return t;
108 return NULL;
109 }
110
111 static struct ip_tunnel __rcu **__vti_bucket(struct vti_net *ipn,
112 struct ip_tunnel_parm *parms)
113 {
114 __be32 remote = parms->iph.daddr;
115 __be32 local = parms->iph.saddr;
116 unsigned h = 0;
117 int prio = 0;
118
119 if (remote) {
120 prio |= 2;
121 h ^= HASH(remote);
122 }
123 if (local) {
124 prio |= 1;
125 h ^= HASH(local);
126 }
127 return &ipn->tunnels[prio][h];
128 }
129
130 static inline struct ip_tunnel __rcu **vti_bucket(struct vti_net *ipn,
131 struct ip_tunnel *t)
132 {
133 return __vti_bucket(ipn, &t->parms);
134 }
135
136 static void vti_tunnel_unlink(struct vti_net *ipn, struct ip_tunnel *t)
137 {
138 struct ip_tunnel __rcu **tp;
139 struct ip_tunnel *iter;
140
141 for (tp = vti_bucket(ipn, t);
142 (iter = rtnl_dereference(*tp)) != NULL;
143 tp = &iter->next) {
144 if (t == iter) {
145 rcu_assign_pointer(*tp, t->next);
146 break;
147 }
148 }
149 }
150
151 static void vti_tunnel_link(struct vti_net *ipn, struct ip_tunnel *t)
152 {
153 struct ip_tunnel __rcu **tp = vti_bucket(ipn, t);
154
155 rcu_assign_pointer(t->next, rtnl_dereference(*tp));
156 rcu_assign_pointer(*tp, t);
157 }
158
159 static struct ip_tunnel *vti_tunnel_locate(struct net *net,
160 struct ip_tunnel_parm *parms,
161 int create)
162 {
163 __be32 remote = parms->iph.daddr;
164 __be32 local = parms->iph.saddr;
165 struct ip_tunnel *t, *nt;
166 struct ip_tunnel __rcu **tp;
167 struct net_device *dev;
168 char name[IFNAMSIZ];
169 struct vti_net *ipn = net_generic(net, vti_net_id);
170
171 for (tp = __vti_bucket(ipn, parms);
172 (t = rtnl_dereference(*tp)) != NULL;
173 tp = &t->next) {
174 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr)
175 return t;
176 }
177 if (!create)
178 return NULL;
179
180 if (parms->name[0])
181 strlcpy(name, parms->name, IFNAMSIZ);
182 else
183 strcpy(name, "vti%d");
184
185 dev = alloc_netdev(sizeof(*t), name, vti_tunnel_setup);
186 if (dev == NULL)
187 return NULL;
188
189 dev_net_set(dev, net);
190
191 nt = netdev_priv(dev);
192 nt->parms = *parms;
193 dev->rtnl_link_ops = &vti_link_ops;
194
195 vti_tunnel_bind_dev(dev);
196
197 if (register_netdevice(dev) < 0)
198 goto failed_free;
199
200 dev_hold(dev);
201 vti_tunnel_link(ipn, nt);
202 return nt;
203
204 failed_free:
205 free_netdev(dev);
206 return NULL;
207 }
208
209 static void vti_tunnel_uninit(struct net_device *dev)
210 {
211 struct net *net = dev_net(dev);
212 struct vti_net *ipn = net_generic(net, vti_net_id);
213
214 vti_tunnel_unlink(ipn, netdev_priv(dev));
215 dev_put(dev);
216 }
217
218 static int vti_err(struct sk_buff *skb, u32 info)
219 {
220
221 /* All the routers (except for Linux) return only
222 * 8 bytes of packet payload. It means, that precise relaying of
223 * ICMP in the real Internet is absolutely infeasible.
224 */
225 struct iphdr *iph = (struct iphdr *)skb->data;
226 const int type = icmp_hdr(skb)->type;
227 const int code = icmp_hdr(skb)->code;
228 struct ip_tunnel *t;
229 int err;
230
231 switch (type) {
232 default:
233 case ICMP_PARAMETERPROB:
234 return 0;
235
236 case ICMP_DEST_UNREACH:
237 switch (code) {
238 case ICMP_SR_FAILED:
239 case ICMP_PORT_UNREACH:
240 /* Impossible event. */
241 return 0;
242 default:
243 /* All others are translated to HOST_UNREACH. */
244 break;
245 }
246 break;
247 case ICMP_TIME_EXCEEDED:
248 if (code != ICMP_EXC_TTL)
249 return 0;
250 break;
251 }
252
253 err = -ENOENT;
254
255 t = vti_tunnel_lookup(dev_net(skb->dev), iph->daddr, iph->saddr);
256 if (t == NULL)
257 goto out;
258
259 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
260 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
261 t->parms.link, 0, IPPROTO_IPIP, 0);
262 err = 0;
263 goto out;
264 }
265
266 err = 0;
267 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
268 goto out;
269
270 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
271 t->err_count++;
272 else
273 t->err_count = 1;
274 t->err_time = jiffies;
275 out:
276 return err;
277 }
278
279 /* We dont digest the packet therefore let the packet pass */
280 static int vti_rcv(struct sk_buff *skb)
281 {
282 struct ip_tunnel *tunnel;
283 const struct iphdr *iph = ip_hdr(skb);
284
285 tunnel = vti_tunnel_lookup(dev_net(skb->dev), iph->saddr, iph->daddr);
286 if (tunnel != NULL) {
287 struct pcpu_tstats *tstats;
288 u32 oldmark = skb->mark;
289 int ret;
290
291
292 /* temporarily mark the skb with the tunnel o_key, to
293 * only match policies with this mark.
294 */
295 skb->mark = be32_to_cpu(tunnel->parms.o_key);
296 ret = xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb);
297 skb->mark = oldmark;
298 if (!ret)
299 return -1;
300
301 tstats = this_cpu_ptr(tunnel->dev->tstats);
302 u64_stats_update_begin(&tstats->syncp);
303 tstats->rx_packets++;
304 tstats->rx_bytes += skb->len;
305 u64_stats_update_end(&tstats->syncp);
306
307 secpath_reset(skb);
308 skb->dev = tunnel->dev;
309 return 1;
310 }
311
312 return -1;
313 }
314
315 /* This function assumes it is being called from dev_queue_xmit()
316 * and that skb is filled properly by that function.
317 */
318
319 static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
320 {
321 struct ip_tunnel *tunnel = netdev_priv(dev);
322 struct pcpu_tstats *tstats;
323 struct iphdr *tiph = &tunnel->parms.iph;
324 u8 tos;
325 struct rtable *rt; /* Route to the other host */
326 struct net_device *tdev; /* Device to other host */
327 struct iphdr *old_iph = ip_hdr(skb);
328 __be32 dst = tiph->daddr;
329 struct flowi4 fl4;
330
331 if (skb->protocol != htons(ETH_P_IP))
332 goto tx_error;
333
334 tos = old_iph->tos;
335
336 memset(&fl4, 0, sizeof(fl4));
337 flowi4_init_output(&fl4, tunnel->parms.link,
338 be32_to_cpu(tunnel->parms.o_key), RT_TOS(tos),
339 RT_SCOPE_UNIVERSE,
340 IPPROTO_IPIP, 0,
341 dst, tiph->saddr, 0, 0);
342 rt = ip_route_output_key(dev_net(dev), &fl4);
343 if (IS_ERR(rt)) {
344 dev->stats.tx_carrier_errors++;
345 goto tx_error_icmp;
346 }
347 /* if there is no transform then this tunnel is not functional.
348 * Or if the xfrm is not mode tunnel.
349 */
350 if (!rt->dst.xfrm ||
351 rt->dst.xfrm->props.mode != XFRM_MODE_TUNNEL) {
352 dev->stats.tx_carrier_errors++;
353 goto tx_error_icmp;
354 }
355 tdev = rt->dst.dev;
356
357 if (tdev == dev) {
358 ip_rt_put(rt);
359 dev->stats.collisions++;
360 goto tx_error;
361 }
362
363 if (tunnel->err_count > 0) {
364 if (time_before(jiffies,
365 tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
366 tunnel->err_count--;
367 dst_link_failure(skb);
368 } else
369 tunnel->err_count = 0;
370 }
371
372 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
373 skb_dst_drop(skb);
374 skb_dst_set(skb, &rt->dst);
375 nf_reset(skb);
376 skb->dev = skb_dst(skb)->dev;
377
378 tstats = this_cpu_ptr(dev->tstats);
379 VTI_XMIT(tstats, &dev->stats);
380 return NETDEV_TX_OK;
381
382 tx_error_icmp:
383 dst_link_failure(skb);
384 tx_error:
385 dev->stats.tx_errors++;
386 dev_kfree_skb(skb);
387 return NETDEV_TX_OK;
388 }
389
390 static int vti_tunnel_bind_dev(struct net_device *dev)
391 {
392 struct net_device *tdev = NULL;
393 struct ip_tunnel *tunnel;
394 struct iphdr *iph;
395
396 tunnel = netdev_priv(dev);
397 iph = &tunnel->parms.iph;
398
399 if (iph->daddr) {
400 struct rtable *rt;
401 struct flowi4 fl4;
402 memset(&fl4, 0, sizeof(fl4));
403 flowi4_init_output(&fl4, tunnel->parms.link,
404 be32_to_cpu(tunnel->parms.i_key),
405 RT_TOS(iph->tos), RT_SCOPE_UNIVERSE,
406 IPPROTO_IPIP, 0,
407 iph->daddr, iph->saddr, 0, 0);
408 rt = ip_route_output_key(dev_net(dev), &fl4);
409 if (!IS_ERR(rt)) {
410 tdev = rt->dst.dev;
411 ip_rt_put(rt);
412 }
413 dev->flags |= IFF_POINTOPOINT;
414 }
415
416 if (!tdev && tunnel->parms.link)
417 tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link);
418
419 if (tdev) {
420 dev->hard_header_len = tdev->hard_header_len +
421 sizeof(struct iphdr);
422 dev->mtu = tdev->mtu;
423 }
424 dev->iflink = tunnel->parms.link;
425 return dev->mtu;
426 }
427
428 static int
429 vti_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
430 {
431 int err = 0;
432 struct ip_tunnel_parm p;
433 struct ip_tunnel *t;
434 struct net *net = dev_net(dev);
435 struct vti_net *ipn = net_generic(net, vti_net_id);
436
437 switch (cmd) {
438 case SIOCGETTUNNEL:
439 t = NULL;
440 if (dev == ipn->fb_tunnel_dev) {
441 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data,
442 sizeof(p))) {
443 err = -EFAULT;
444 break;
445 }
446 t = vti_tunnel_locate(net, &p, 0);
447 }
448 if (t == NULL)
449 t = netdev_priv(dev);
450 memcpy(&p, &t->parms, sizeof(p));
451 p.i_flags |= GRE_KEY | VTI_ISVTI;
452 p.o_flags |= GRE_KEY;
453 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
454 err = -EFAULT;
455 break;
456
457 case SIOCADDTUNNEL:
458 case SIOCCHGTUNNEL:
459 err = -EPERM;
460 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
461 goto done;
462
463 err = -EFAULT;
464 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
465 goto done;
466
467 err = -EINVAL;
468 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
469 p.iph.ihl != 5)
470 goto done;
471
472 t = vti_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL);
473
474 if (dev != ipn->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
475 if (t != NULL) {
476 if (t->dev != dev) {
477 err = -EEXIST;
478 break;
479 }
480 } else {
481 if (((dev->flags&IFF_POINTOPOINT) &&
482 !p.iph.daddr) ||
483 (!(dev->flags&IFF_POINTOPOINT) &&
484 p.iph.daddr)) {
485 err = -EINVAL;
486 break;
487 }
488 t = netdev_priv(dev);
489 vti_tunnel_unlink(ipn, t);
490 synchronize_net();
491 t->parms.iph.saddr = p.iph.saddr;
492 t->parms.iph.daddr = p.iph.daddr;
493 t->parms.i_key = p.i_key;
494 t->parms.o_key = p.o_key;
495 t->parms.iph.protocol = IPPROTO_IPIP;
496 memcpy(dev->dev_addr, &p.iph.saddr, 4);
497 memcpy(dev->broadcast, &p.iph.daddr, 4);
498 vti_tunnel_link(ipn, t);
499 netdev_state_change(dev);
500 }
501 }
502
503 if (t) {
504 err = 0;
505 if (cmd == SIOCCHGTUNNEL) {
506 t->parms.i_key = p.i_key;
507 t->parms.o_key = p.o_key;
508 if (t->parms.link != p.link) {
509 t->parms.link = p.link;
510 vti_tunnel_bind_dev(dev);
511 netdev_state_change(dev);
512 }
513 }
514 p.i_flags |= GRE_KEY | VTI_ISVTI;
515 p.o_flags |= GRE_KEY;
516 if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms,
517 sizeof(p)))
518 err = -EFAULT;
519 } else
520 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
521 break;
522
523 case SIOCDELTUNNEL:
524 err = -EPERM;
525 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
526 goto done;
527
528 if (dev == ipn->fb_tunnel_dev) {
529 err = -EFAULT;
530 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data,
531 sizeof(p)))
532 goto done;
533 err = -ENOENT;
534
535 t = vti_tunnel_locate(net, &p, 0);
536 if (t == NULL)
537 goto done;
538 err = -EPERM;
539 if (t->dev == ipn->fb_tunnel_dev)
540 goto done;
541 dev = t->dev;
542 }
543 unregister_netdevice(dev);
544 err = 0;
545 break;
546
547 default:
548 err = -EINVAL;
549 }
550
551 done:
552 return err;
553 }
554
555 static int vti_tunnel_change_mtu(struct net_device *dev, int new_mtu)
556 {
557 if (new_mtu < 68 || new_mtu > 0xFFF8)
558 return -EINVAL;
559 dev->mtu = new_mtu;
560 return 0;
561 }
562
563 static const struct net_device_ops vti_netdev_ops = {
564 .ndo_init = vti_tunnel_init,
565 .ndo_uninit = vti_tunnel_uninit,
566 .ndo_start_xmit = vti_tunnel_xmit,
567 .ndo_do_ioctl = vti_tunnel_ioctl,
568 .ndo_change_mtu = vti_tunnel_change_mtu,
569 .ndo_get_stats64 = ip_tunnel_get_stats64,
570 };
571
572 static void vti_dev_free(struct net_device *dev)
573 {
574 free_percpu(dev->tstats);
575 free_netdev(dev);
576 }
577
578 static void vti_tunnel_setup(struct net_device *dev)
579 {
580 dev->netdev_ops = &vti_netdev_ops;
581 dev->destructor = vti_dev_free;
582
583 dev->type = ARPHRD_TUNNEL;
584 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr);
585 dev->mtu = ETH_DATA_LEN;
586 dev->flags = IFF_NOARP;
587 dev->iflink = 0;
588 dev->addr_len = 4;
589 dev->features |= NETIF_F_NETNS_LOCAL;
590 dev->features |= NETIF_F_LLTX;
591 dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
592 }
593
594 static int vti_tunnel_init(struct net_device *dev)
595 {
596 struct ip_tunnel *tunnel = netdev_priv(dev);
597
598 tunnel->dev = dev;
599 strcpy(tunnel->parms.name, dev->name);
600
601 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
602 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
603
604 dev->tstats = alloc_percpu(struct pcpu_tstats);
605 if (!dev->tstats)
606 return -ENOMEM;
607
608 return 0;
609 }
610
611 static int __net_init vti_fb_tunnel_init(struct net_device *dev)
612 {
613 struct ip_tunnel *tunnel = netdev_priv(dev);
614 struct iphdr *iph = &tunnel->parms.iph;
615 struct vti_net *ipn = net_generic(dev_net(dev), vti_net_id);
616
617 iph->version = 4;
618 iph->protocol = IPPROTO_IPIP;
619 iph->ihl = 5;
620
621 dev_hold(dev);
622 rcu_assign_pointer(ipn->tunnels_wc[0], tunnel);
623 return 0;
624 }
625
626 static struct xfrm_tunnel vti_handler __read_mostly = {
627 .handler = vti_rcv,
628 .err_handler = vti_err,
629 .priority = 1,
630 };
631
632 static void vti_destroy_tunnels(struct vti_net *ipn, struct list_head *head)
633 {
634 int prio;
635
636 for (prio = 1; prio < 4; prio++) {
637 int h;
638 for (h = 0; h < HASH_SIZE; h++) {
639 struct ip_tunnel *t;
640
641 t = rtnl_dereference(ipn->tunnels[prio][h]);
642 while (t != NULL) {
643 unregister_netdevice_queue(t->dev, head);
644 t = rtnl_dereference(t->next);
645 }
646 }
647 }
648 }
649
650 static int __net_init vti_init_net(struct net *net)
651 {
652 int err;
653 struct vti_net *ipn = net_generic(net, vti_net_id);
654
655 ipn->tunnels[0] = ipn->tunnels_wc;
656 ipn->tunnels[1] = ipn->tunnels_l;
657 ipn->tunnels[2] = ipn->tunnels_r;
658 ipn->tunnels[3] = ipn->tunnels_r_l;
659
660 ipn->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel),
661 "ip_vti0",
662 vti_tunnel_setup);
663 if (!ipn->fb_tunnel_dev) {
664 err = -ENOMEM;
665 goto err_alloc_dev;
666 }
667 dev_net_set(ipn->fb_tunnel_dev, net);
668
669 err = vti_fb_tunnel_init(ipn->fb_tunnel_dev);
670 if (err)
671 goto err_reg_dev;
672 ipn->fb_tunnel_dev->rtnl_link_ops = &vti_link_ops;
673
674 err = register_netdev(ipn->fb_tunnel_dev);
675 if (err)
676 goto err_reg_dev;
677 return 0;
678
679 err_reg_dev:
680 vti_dev_free(ipn->fb_tunnel_dev);
681 err_alloc_dev:
682 /* nothing */
683 return err;
684 }
685
686 static void __net_exit vti_exit_net(struct net *net)
687 {
688 struct vti_net *ipn = net_generic(net, vti_net_id);
689 LIST_HEAD(list);
690
691 rtnl_lock();
692 vti_destroy_tunnels(ipn, &list);
693 unregister_netdevice_many(&list);
694 rtnl_unlock();
695 }
696
697 static struct pernet_operations vti_net_ops = {
698 .init = vti_init_net,
699 .exit = vti_exit_net,
700 .id = &vti_net_id,
701 .size = sizeof(struct vti_net),
702 };
703
704 static int vti_tunnel_validate(struct nlattr *tb[], struct nlattr *data[])
705 {
706 return 0;
707 }
708
709 static void vti_netlink_parms(struct nlattr *data[],
710 struct ip_tunnel_parm *parms)
711 {
712 memset(parms, 0, sizeof(*parms));
713
714 parms->iph.protocol = IPPROTO_IPIP;
715
716 if (!data)
717 return;
718
719 if (data[IFLA_VTI_LINK])
720 parms->link = nla_get_u32(data[IFLA_VTI_LINK]);
721
722 if (data[IFLA_VTI_IKEY])
723 parms->i_key = nla_get_be32(data[IFLA_VTI_IKEY]);
724
725 if (data[IFLA_VTI_OKEY])
726 parms->o_key = nla_get_be32(data[IFLA_VTI_OKEY]);
727
728 if (data[IFLA_VTI_LOCAL])
729 parms->iph.saddr = nla_get_be32(data[IFLA_VTI_LOCAL]);
730
731 if (data[IFLA_VTI_REMOTE])
732 parms->iph.daddr = nla_get_be32(data[IFLA_VTI_REMOTE]);
733
734 }
735
736 static int vti_newlink(struct net *src_net, struct net_device *dev,
737 struct nlattr *tb[], struct nlattr *data[])
738 {
739 struct ip_tunnel *nt;
740 struct net *net = dev_net(dev);
741 struct vti_net *ipn = net_generic(net, vti_net_id);
742 int mtu;
743 int err;
744
745 nt = netdev_priv(dev);
746 vti_netlink_parms(data, &nt->parms);
747
748 if (vti_tunnel_locate(net, &nt->parms, 0))
749 return -EEXIST;
750
751 mtu = vti_tunnel_bind_dev(dev);
752 if (!tb[IFLA_MTU])
753 dev->mtu = mtu;
754
755 err = register_netdevice(dev);
756 if (err)
757 goto out;
758
759 dev_hold(dev);
760 vti_tunnel_link(ipn, nt);
761
762 out:
763 return err;
764 }
765
766 static int vti_changelink(struct net_device *dev, struct nlattr *tb[],
767 struct nlattr *data[])
768 {
769 struct ip_tunnel *t, *nt;
770 struct net *net = dev_net(dev);
771 struct vti_net *ipn = net_generic(net, vti_net_id);
772 struct ip_tunnel_parm p;
773 int mtu;
774
775 if (dev == ipn->fb_tunnel_dev)
776 return -EINVAL;
777
778 nt = netdev_priv(dev);
779 vti_netlink_parms(data, &p);
780
781 t = vti_tunnel_locate(net, &p, 0);
782
783 if (t) {
784 if (t->dev != dev)
785 return -EEXIST;
786 } else {
787 t = nt;
788
789 vti_tunnel_unlink(ipn, t);
790 t->parms.iph.saddr = p.iph.saddr;
791 t->parms.iph.daddr = p.iph.daddr;
792 t->parms.i_key = p.i_key;
793 t->parms.o_key = p.o_key;
794 if (dev->type != ARPHRD_ETHER) {
795 memcpy(dev->dev_addr, &p.iph.saddr, 4);
796 memcpy(dev->broadcast, &p.iph.daddr, 4);
797 }
798 vti_tunnel_link(ipn, t);
799 netdev_state_change(dev);
800 }
801
802 if (t->parms.link != p.link) {
803 t->parms.link = p.link;
804 mtu = vti_tunnel_bind_dev(dev);
805 if (!tb[IFLA_MTU])
806 dev->mtu = mtu;
807 netdev_state_change(dev);
808 }
809
810 return 0;
811 }
812
813 static size_t vti_get_size(const struct net_device *dev)
814 {
815 return
816 /* IFLA_VTI_LINK */
817 nla_total_size(4) +
818 /* IFLA_VTI_IKEY */
819 nla_total_size(4) +
820 /* IFLA_VTI_OKEY */
821 nla_total_size(4) +
822 /* IFLA_VTI_LOCAL */
823 nla_total_size(4) +
824 /* IFLA_VTI_REMOTE */
825 nla_total_size(4) +
826 0;
827 }
828
829 static int vti_fill_info(struct sk_buff *skb, const struct net_device *dev)
830 {
831 struct ip_tunnel *t = netdev_priv(dev);
832 struct ip_tunnel_parm *p = &t->parms;
833
834 nla_put_u32(skb, IFLA_VTI_LINK, p->link);
835 nla_put_be32(skb, IFLA_VTI_IKEY, p->i_key);
836 nla_put_be32(skb, IFLA_VTI_OKEY, p->o_key);
837 nla_put_be32(skb, IFLA_VTI_LOCAL, p->iph.saddr);
838 nla_put_be32(skb, IFLA_VTI_REMOTE, p->iph.daddr);
839
840 return 0;
841 }
842
843 static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = {
844 [IFLA_VTI_LINK] = { .type = NLA_U32 },
845 [IFLA_VTI_IKEY] = { .type = NLA_U32 },
846 [IFLA_VTI_OKEY] = { .type = NLA_U32 },
847 [IFLA_VTI_LOCAL] = { .len = FIELD_SIZEOF(struct iphdr, saddr) },
848 [IFLA_VTI_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) },
849 };
850
851 static struct rtnl_link_ops vti_link_ops __read_mostly = {
852 .kind = "vti",
853 .maxtype = IFLA_VTI_MAX,
854 .policy = vti_policy,
855 .priv_size = sizeof(struct ip_tunnel),
856 .setup = vti_tunnel_setup,
857 .validate = vti_tunnel_validate,
858 .newlink = vti_newlink,
859 .changelink = vti_changelink,
860 .get_size = vti_get_size,
861 .fill_info = vti_fill_info,
862 };
863
864 static int __init vti_init(void)
865 {
866 int err;
867
868 pr_info("IPv4 over IPSec tunneling driver\n");
869
870 err = register_pernet_device(&vti_net_ops);
871 if (err < 0)
872 return err;
873 err = xfrm4_mode_tunnel_input_register(&vti_handler);
874 if (err < 0) {
875 unregister_pernet_device(&vti_net_ops);
876 pr_info(KERN_INFO "vti init: can't register tunnel\n");
877 }
878
879 err = rtnl_link_register(&vti_link_ops);
880 if (err < 0)
881 goto rtnl_link_failed;
882
883 return err;
884
885 rtnl_link_failed:
886 xfrm4_mode_tunnel_input_deregister(&vti_handler);
887 unregister_pernet_device(&vti_net_ops);
888 return err;
889 }
890
891 static void __exit vti_fini(void)
892 {
893 rtnl_link_unregister(&vti_link_ops);
894 if (xfrm4_mode_tunnel_input_deregister(&vti_handler))
895 pr_info("vti close: can't deregister tunnel\n");
896
897 unregister_pernet_device(&vti_net_ops);
898 }
899
900 module_init(vti_init);
901 module_exit(vti_fini);
902 MODULE_LICENSE("GPL");
903 MODULE_ALIAS_RTNL_LINK("vti");
904 MODULE_ALIAS_NETDEV("ip_vti0");
905
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.