~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv4/ipip.c

Version: ~ [ linux-5.2-rc1 ] ~ [ linux-5.1.2 ] ~ [ linux-5.0.16 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.43 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.119 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.176 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.179 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.139 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.67 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.39.4 ] ~ [ linux-2.6.38.8 ] ~ [ linux-2.6.37.6 ] ~ [ linux-2.6.36.4 ] ~ [ linux-2.6.35.14 ] ~ [ linux-2.6.34.15 ] ~ [ linux-2.6.33.20 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  *      Linux NET3:     IP/IP protocol decoder.
  3  *
  4  *      Authors:
  5  *              Sam Lantinga (slouken@cs.ucdavis.edu)  02/01/95
  6  *
  7  *      Fixes:
  8  *              Alan Cox        :       Merged and made usable non modular (its so tiny its silly as
  9  *                                      a module taking up 2 pages).
 10  *              Alan Cox        :       Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
 11  *                                      to keep ip_forward happy.
 12  *              Alan Cox        :       More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
 13  *              Kai Schulte     :       Fixed #defines for IP_FIREWALL->FIREWALL
 14  *              David Woodhouse :       Perform some basic ICMP handling.
 15  *                                      IPIP Routing without decapsulation.
 16  *              Carlos Picoto   :       GRE over IP support
 17  *              Alexey Kuznetsov:       Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
 18  *                                      I do not want to merge them together.
 19  *
 20  *      This program is free software; you can redistribute it and/or
 21  *      modify it under the terms of the GNU General Public License
 22  *      as published by the Free Software Foundation; either version
 23  *      2 of the License, or (at your option) any later version.
 24  *
 25  */
 26 
 27 /* tunnel.c: an IP tunnel driver
 28 
 29         The purpose of this driver is to provide an IP tunnel through
 30         which you can tunnel network traffic transparently across subnets.
 31 
 32         This was written by looking at Nick Holloway's dummy driver
 33         Thanks for the great code!
 34 
 35                 -Sam Lantinga   (slouken@cs.ucdavis.edu)  02/01/95
 36 
 37         Minor tweaks:
 38                 Cleaned up the code a little and added some pre-1.3.0 tweaks.
 39                 dev->hard_header/hard_header_len changed to use no headers.
 40                 Comments/bracketing tweaked.
 41                 Made the tunnels use dev->name not tunnel: when error reporting.
 42                 Added tx_dropped stat
 43 
 44                 -Alan Cox       (alan@lxorguk.ukuu.org.uk) 21 March 95
 45 
 46         Reworked:
 47                 Changed to tunnel to destination gateway in addition to the
 48                         tunnel's pointopoint address
 49                 Almost completely rewritten
 50                 Note:  There is currently no firewall or ICMP handling done.
 51 
 52                 -Sam Lantinga   (slouken@cs.ucdavis.edu) 02/13/96
 53 
 54 */
 55 
 56 /* Things I wish I had known when writing the tunnel driver:
 57 
 58         When the tunnel_xmit() function is called, the skb contains the
 59         packet to be sent (plus a great deal of extra info), and dev
 60         contains the tunnel device that _we_ are.
 61 
 62         When we are passed a packet, we are expected to fill in the
 63         source address with our source IP address.
 64 
 65         What is the proper way to allocate, copy and free a buffer?
 66         After you allocate it, it is a "0 length" chunk of memory
 67         starting at zero.  If you want to add headers to the buffer
 68         later, you'll have to call "skb_reserve(skb, amount)" with
 69         the amount of memory you want reserved.  Then, you call
 70         "skb_put(skb, amount)" with the amount of space you want in
 71         the buffer.  skb_put() returns a pointer to the top (#0) of
 72         that buffer.  skb->len is set to the amount of space you have
 73         "allocated" with skb_put().  You can then write up to skb->len
 74         bytes to that buffer.  If you need more, you can call skb_put()
 75         again with the additional amount of space you need.  You can
 76         find out how much more space you can allocate by calling
 77         "skb_tailroom(skb)".
 78         Now, to add header space, call "skb_push(skb, header_len)".
 79         This creates space at the beginning of the buffer and returns
 80         a pointer to this new space.  If later you need to strip a
 81         header from a buffer, call "skb_pull(skb, header_len)".
 82         skb_headroom() will return how much space is left at the top
 83         of the buffer (before the main data).  Remember, this headroom
 84         space must be reserved before the skb_put() function is called.
 85         */
 86 
 87 /*
 88    This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
 89 
 90    For comments look at net/ipv4/ip_gre.c --ANK
 91  */
 92 
 93 
 94 #include <linux/capability.h>
 95 #include <linux/module.h>
 96 #include <linux/types.h>
 97 #include <linux/kernel.h>
 98 #include <asm/uaccess.h>
 99 #include <linux/skbuff.h>
100 #include <linux/netdevice.h>
101 #include <linux/in.h>
102 #include <linux/tcp.h>
103 #include <linux/udp.h>
104 #include <linux/if_arp.h>
105 #include <linux/mroute.h>
106 #include <linux/init.h>
107 #include <linux/netfilter_ipv4.h>
108 #include <linux/if_ether.h>
109 
110 #include <net/sock.h>
111 #include <net/ip.h>
112 #include <net/icmp.h>
113 #include <net/ipip.h>
114 #include <net/inet_ecn.h>
115 #include <net/xfrm.h>
116 #include <net/net_namespace.h>
117 #include <net/netns/generic.h>
118 
119 #define HASH_SIZE  16
120 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
121 
122 static int ipip_net_id;
123 struct ipip_net {
124         struct ip_tunnel *tunnels_r_l[HASH_SIZE];
125         struct ip_tunnel *tunnels_r[HASH_SIZE];
126         struct ip_tunnel *tunnels_l[HASH_SIZE];
127         struct ip_tunnel *tunnels_wc[1];
128         struct ip_tunnel **tunnels[4];
129 
130         struct net_device *fb_tunnel_dev;
131 };
132 
133 static void ipip_fb_tunnel_init(struct net_device *dev);
134 static void ipip_tunnel_init(struct net_device *dev);
135 static void ipip_tunnel_setup(struct net_device *dev);
136 
137 static DEFINE_RWLOCK(ipip_lock);
138 
139 static struct ip_tunnel * ipip_tunnel_lookup(struct net *net,
140                 __be32 remote, __be32 local)
141 {
142         unsigned h0 = HASH(remote);
143         unsigned h1 = HASH(local);
144         struct ip_tunnel *t;
145         struct ipip_net *ipn = net_generic(net, ipip_net_id);
146 
147         for (t = ipn->tunnels_r_l[h0^h1]; t; t = t->next) {
148                 if (local == t->parms.iph.saddr &&
149                     remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
150                         return t;
151         }
152         for (t = ipn->tunnels_r[h0]; t; t = t->next) {
153                 if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
154                         return t;
155         }
156         for (t = ipn->tunnels_l[h1]; t; t = t->next) {
157                 if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP))
158                         return t;
159         }
160         if ((t = ipn->tunnels_wc[0]) != NULL && (t->dev->flags&IFF_UP))
161                 return t;
162         return NULL;
163 }
164 
165 static struct ip_tunnel **__ipip_bucket(struct ipip_net *ipn,
166                 struct ip_tunnel_parm *parms)
167 {
168         __be32 remote = parms->iph.daddr;
169         __be32 local = parms->iph.saddr;
170         unsigned h = 0;
171         int prio = 0;
172 
173         if (remote) {
174                 prio |= 2;
175                 h ^= HASH(remote);
176         }
177         if (local) {
178                 prio |= 1;
179                 h ^= HASH(local);
180         }
181         return &ipn->tunnels[prio][h];
182 }
183 
184 static inline struct ip_tunnel **ipip_bucket(struct ipip_net *ipn,
185                 struct ip_tunnel *t)
186 {
187         return __ipip_bucket(ipn, &t->parms);
188 }
189 
190 static void ipip_tunnel_unlink(struct ipip_net *ipn, struct ip_tunnel *t)
191 {
192         struct ip_tunnel **tp;
193 
194         for (tp = ipip_bucket(ipn, t); *tp; tp = &(*tp)->next) {
195                 if (t == *tp) {
196                         write_lock_bh(&ipip_lock);
197                         *tp = t->next;
198                         write_unlock_bh(&ipip_lock);
199                         break;
200                 }
201         }
202 }
203 
204 static void ipip_tunnel_link(struct ipip_net *ipn, struct ip_tunnel *t)
205 {
206         struct ip_tunnel **tp = ipip_bucket(ipn, t);
207 
208         t->next = *tp;
209         write_lock_bh(&ipip_lock);
210         *tp = t;
211         write_unlock_bh(&ipip_lock);
212 }
213 
214 static struct ip_tunnel * ipip_tunnel_locate(struct net *net,
215                 struct ip_tunnel_parm *parms, int create)
216 {
217         __be32 remote = parms->iph.daddr;
218         __be32 local = parms->iph.saddr;
219         struct ip_tunnel *t, **tp, *nt;
220         struct net_device *dev;
221         char name[IFNAMSIZ];
222         struct ipip_net *ipn = net_generic(net, ipip_net_id);
223 
224         for (tp = __ipip_bucket(ipn, parms); (t = *tp) != NULL; tp = &t->next) {
225                 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr)
226                         return t;
227         }
228         if (!create)
229                 return NULL;
230 
231         if (parms->name[0])
232                 strlcpy(name, parms->name, IFNAMSIZ);
233         else
234                 sprintf(name, "tunl%%d");
235 
236         dev = alloc_netdev(sizeof(*t), name, ipip_tunnel_setup);
237         if (dev == NULL)
238                 return NULL;
239 
240         dev_net_set(dev, net);
241 
242         if (strchr(name, '%')) {
243                 if (dev_alloc_name(dev, name) < 0)
244                         goto failed_free;
245         }
246 
247         nt = netdev_priv(dev);
248         nt->parms = *parms;
249 
250         ipip_tunnel_init(dev);
251 
252         if (register_netdevice(dev) < 0)
253                 goto failed_free;
254 
255         dev_hold(dev);
256         ipip_tunnel_link(ipn, nt);
257         return nt;
258 
259 failed_free:
260         free_netdev(dev);
261         return NULL;
262 }
263 
264 static void ipip_tunnel_uninit(struct net_device *dev)
265 {
266         struct net *net = dev_net(dev);
267         struct ipip_net *ipn = net_generic(net, ipip_net_id);
268 
269         if (dev == ipn->fb_tunnel_dev) {
270                 write_lock_bh(&ipip_lock);
271                 ipn->tunnels_wc[0] = NULL;
272                 write_unlock_bh(&ipip_lock);
273         } else
274                 ipip_tunnel_unlink(ipn, netdev_priv(dev));
275         dev_put(dev);
276 }
277 
278 static int ipip_err(struct sk_buff *skb, u32 info)
279 {
280 
281 /* All the routers (except for Linux) return only
282    8 bytes of packet payload. It means, that precise relaying of
283    ICMP in the real Internet is absolutely infeasible.
284  */
285         struct iphdr *iph = (struct iphdr *)skb->data;
286         const int type = icmp_hdr(skb)->type;
287         const int code = icmp_hdr(skb)->code;
288         struct ip_tunnel *t;
289         int err;
290 
291         switch (type) {
292         default:
293         case ICMP_PARAMETERPROB:
294                 return 0;
295 
296         case ICMP_DEST_UNREACH:
297                 switch (code) {
298                 case ICMP_SR_FAILED:
299                 case ICMP_PORT_UNREACH:
300                         /* Impossible event. */
301                         return 0;
302                 case ICMP_FRAG_NEEDED:
303                         /* Soft state for pmtu is maintained by IP core. */
304                         return 0;
305                 default:
306                         /* All others are translated to HOST_UNREACH.
307                            rfc2003 contains "deep thoughts" about NET_UNREACH,
308                            I believe they are just ether pollution. --ANK
309                          */
310                         break;
311                 }
312                 break;
313         case ICMP_TIME_EXCEEDED:
314                 if (code != ICMP_EXC_TTL)
315                         return 0;
316                 break;
317         }
318 
319         err = -ENOENT;
320 
321         read_lock(&ipip_lock);
322         t = ipip_tunnel_lookup(dev_net(skb->dev), iph->daddr, iph->saddr);
323         if (t == NULL || t->parms.iph.daddr == 0)
324                 goto out;
325 
326         err = 0;
327         if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
328                 goto out;
329 
330         if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
331                 t->err_count++;
332         else
333                 t->err_count = 1;
334         t->err_time = jiffies;
335 out:
336         read_unlock(&ipip_lock);
337         return err;
338 }
339 
340 static inline void ipip_ecn_decapsulate(const struct iphdr *outer_iph,
341                                         struct sk_buff *skb)
342 {
343         struct iphdr *inner_iph = ip_hdr(skb);
344 
345         if (INET_ECN_is_ce(outer_iph->tos))
346                 IP_ECN_set_ce(inner_iph);
347 }
348 
349 static int ipip_rcv(struct sk_buff *skb)
350 {
351         struct ip_tunnel *tunnel;
352         const struct iphdr *iph = ip_hdr(skb);
353 
354         read_lock(&ipip_lock);
355         if ((tunnel = ipip_tunnel_lookup(dev_net(skb->dev),
356                                         iph->saddr, iph->daddr)) != NULL) {
357                 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
358                         read_unlock(&ipip_lock);
359                         kfree_skb(skb);
360                         return 0;
361                 }
362 
363                 secpath_reset(skb);
364 
365                 skb->mac_header = skb->network_header;
366                 skb_reset_network_header(skb);
367                 skb->protocol = htons(ETH_P_IP);
368                 skb->pkt_type = PACKET_HOST;
369 
370                 tunnel->dev->stats.rx_packets++;
371                 tunnel->dev->stats.rx_bytes += skb->len;
372                 skb->dev = tunnel->dev;
373                 skb_dst_drop(skb);
374                 nf_reset(skb);
375                 ipip_ecn_decapsulate(iph, skb);
376                 netif_rx(skb);
377                 read_unlock(&ipip_lock);
378                 return 0;
379         }
380         read_unlock(&ipip_lock);
381 
382         return -1;
383 }
384 
385 /*
386  *      This function assumes it is being called from dev_queue_xmit()
387  *      and that skb is filled properly by that function.
388  */
389 
390 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
391 {
392         struct ip_tunnel *tunnel = netdev_priv(dev);
393         struct net_device_stats *stats = &tunnel->dev->stats;
394         struct iphdr  *tiph = &tunnel->parms.iph;
395         u8     tos = tunnel->parms.iph.tos;
396         __be16 df = tiph->frag_off;
397         struct rtable *rt;                      /* Route to the other host */
398         struct net_device *tdev;                        /* Device to other host */
399         struct iphdr  *old_iph = ip_hdr(skb);
400         struct iphdr  *iph;                     /* Our new IP header */
401         unsigned int max_headroom;              /* The extra header space needed */
402         __be32 dst = tiph->daddr;
403         int    mtu;
404 
405         if (skb->protocol != htons(ETH_P_IP))
406                 goto tx_error;
407 
408         if (tos&1)
409                 tos = old_iph->tos;
410 
411         memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
412         if (!dst) {
413                 /* NBMA tunnel */
414                 if ((rt = skb_rtable(skb)) == NULL) {
415                         stats->tx_fifo_errors++;
416                         goto tx_error;
417                 }
418                 if ((dst = rt->rt_gateway) == 0)
419                         goto tx_error_icmp;
420         }
421 
422         {
423                 struct flowi fl = { .oif = tunnel->parms.link,
424                                     .nl_u = { .ip4_u =
425                                               { .daddr = dst,
426                                                 .saddr = tiph->saddr,
427                                                 .tos = RT_TOS(tos) } },
428                                     .proto = IPPROTO_IPIP };
429                 if (ip_route_output_key(dev_net(dev), &rt, &fl)) {
430                         stats->tx_carrier_errors++;
431                         goto tx_error_icmp;
432                 }
433         }
434         tdev = rt->u.dst.dev;
435 
436         if (tdev == dev) {
437                 ip_rt_put(rt);
438                 stats->collisions++;
439                 goto tx_error;
440         }
441 
442         df |= old_iph->frag_off & htons(IP_DF);
443 
444         if (df) {
445                 mtu = dst_mtu(&rt->u.dst) - sizeof(struct iphdr);
446 
447                 if (mtu < 68) {
448                         stats->collisions++;
449                         ip_rt_put(rt);
450                         goto tx_error;
451                 }
452 
453                 if (skb_dst(skb))
454                         skb_dst(skb)->ops->update_pmtu(skb_dst(skb), mtu);
455 
456                 if ((old_iph->frag_off & htons(IP_DF)) &&
457                     mtu < ntohs(old_iph->tot_len)) {
458                         icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
459                                   htonl(mtu));
460                         ip_rt_put(rt);
461                         goto tx_error;
462                 }
463         }
464 
465         if (tunnel->err_count > 0) {
466                 if (time_before(jiffies,
467                                 tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
468                         tunnel->err_count--;
469                         dst_link_failure(skb);
470                 } else
471                         tunnel->err_count = 0;
472         }
473 
474         /*
475          * Okay, now see if we can stuff it in the buffer as-is.
476          */
477         max_headroom = (LL_RESERVED_SPACE(tdev)+sizeof(struct iphdr));
478 
479         if (skb_headroom(skb) < max_headroom || skb_shared(skb) ||
480             (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
481                 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
482                 if (!new_skb) {
483                         ip_rt_put(rt);
484                         stats->tx_dropped++;
485                         dev_kfree_skb(skb);
486                         return NETDEV_TX_OK;
487                 }
488                 if (skb->sk)
489                         skb_set_owner_w(new_skb, skb->sk);
490                 dev_kfree_skb(skb);
491                 skb = new_skb;
492                 old_iph = ip_hdr(skb);
493         }
494 
495         skb->transport_header = skb->network_header;
496         skb_push(skb, sizeof(struct iphdr));
497         skb_reset_network_header(skb);
498         IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
499                               IPSKB_REROUTED);
500         skb_dst_drop(skb);
501         skb_dst_set(skb, &rt->u.dst);
502 
503         /*
504          *      Push down and install the IPIP header.
505          */
506 
507         iph                     =       ip_hdr(skb);
508         iph->version            =       4;
509         iph->ihl                =       sizeof(struct iphdr)>>2;
510         iph->frag_off           =       df;
511         iph->protocol           =       IPPROTO_IPIP;
512         iph->tos                =       INET_ECN_encapsulate(tos, old_iph->tos);
513         iph->daddr              =       rt->rt_dst;
514         iph->saddr              =       rt->rt_src;
515 
516         if ((iph->ttl = tiph->ttl) == 0)
517                 iph->ttl        =       old_iph->ttl;
518 
519         nf_reset(skb);
520 
521         IPTUNNEL_XMIT();
522         return NETDEV_TX_OK;
523 
524 tx_error_icmp:
525         dst_link_failure(skb);
526 tx_error:
527         stats->tx_errors++;
528         dev_kfree_skb(skb);
529         return NETDEV_TX_OK;
530 }
531 
532 static void ipip_tunnel_bind_dev(struct net_device *dev)
533 {
534         struct net_device *tdev = NULL;
535         struct ip_tunnel *tunnel;
536         struct iphdr *iph;
537 
538         tunnel = netdev_priv(dev);
539         iph = &tunnel->parms.iph;
540 
541         if (iph->daddr) {
542                 struct flowi fl = { .oif = tunnel->parms.link,
543                                     .nl_u = { .ip4_u =
544                                               { .daddr = iph->daddr,
545                                                 .saddr = iph->saddr,
546                                                 .tos = RT_TOS(iph->tos) } },
547                                     .proto = IPPROTO_IPIP };
548                 struct rtable *rt;
549                 if (!ip_route_output_key(dev_net(dev), &rt, &fl)) {
550                         tdev = rt->u.dst.dev;
551                         ip_rt_put(rt);
552                 }
553                 dev->flags |= IFF_POINTOPOINT;
554         }
555 
556         if (!tdev && tunnel->parms.link)
557                 tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link);
558 
559         if (tdev) {
560                 dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr);
561                 dev->mtu = tdev->mtu - sizeof(struct iphdr);
562         }
563         dev->iflink = tunnel->parms.link;
564 }
565 
566 static int
567 ipip_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
568 {
569         int err = 0;
570         struct ip_tunnel_parm p;
571         struct ip_tunnel *t;
572         struct net *net = dev_net(dev);
573         struct ipip_net *ipn = net_generic(net, ipip_net_id);
574 
575         switch (cmd) {
576         case SIOCGETTUNNEL:
577                 t = NULL;
578                 if (dev == ipn->fb_tunnel_dev) {
579                         if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
580                                 err = -EFAULT;
581                                 break;
582                         }
583                         t = ipip_tunnel_locate(net, &p, 0);
584                 }
585                 if (t == NULL)
586                         t = netdev_priv(dev);
587                 memcpy(&p, &t->parms, sizeof(p));
588                 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
589                         err = -EFAULT;
590                 break;
591 
592         case SIOCADDTUNNEL:
593         case SIOCCHGTUNNEL:
594                 err = -EPERM;
595                 if (!capable(CAP_NET_ADMIN))
596                         goto done;
597 
598                 err = -EFAULT;
599                 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
600                         goto done;
601 
602                 err = -EINVAL;
603                 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
604                     p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
605                         goto done;
606                 if (p.iph.ttl)
607                         p.iph.frag_off |= htons(IP_DF);
608 
609                 t = ipip_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL);
610 
611                 if (dev != ipn->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
612                         if (t != NULL) {
613                                 if (t->dev != dev) {
614                                         err = -EEXIST;
615                                         break;
616                                 }
617                         } else {
618                                 if (((dev->flags&IFF_POINTOPOINT) && !p.iph.daddr) ||
619                                     (!(dev->flags&IFF_POINTOPOINT) && p.iph.daddr)) {
620                                         err = -EINVAL;
621                                         break;
622                                 }
623                                 t = netdev_priv(dev);
624                                 ipip_tunnel_unlink(ipn, t);
625                                 t->parms.iph.saddr = p.iph.saddr;
626                                 t->parms.iph.daddr = p.iph.daddr;
627                                 memcpy(dev->dev_addr, &p.iph.saddr, 4);
628                                 memcpy(dev->broadcast, &p.iph.daddr, 4);
629                                 ipip_tunnel_link(ipn, t);
630                                 netdev_state_change(dev);
631                         }
632                 }
633 
634                 if (t) {
635                         err = 0;
636                         if (cmd == SIOCCHGTUNNEL) {
637                                 t->parms.iph.ttl = p.iph.ttl;
638                                 t->parms.iph.tos = p.iph.tos;
639                                 t->parms.iph.frag_off = p.iph.frag_off;
640                                 if (t->parms.link != p.link) {
641                                         t->parms.link = p.link;
642                                         ipip_tunnel_bind_dev(dev);
643                                         netdev_state_change(dev);
644                                 }
645                         }
646                         if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
647                                 err = -EFAULT;
648                 } else
649                         err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
650                 break;
651 
652         case SIOCDELTUNNEL:
653                 err = -EPERM;
654                 if (!capable(CAP_NET_ADMIN))
655                         goto done;
656 
657                 if (dev == ipn->fb_tunnel_dev) {
658                         err = -EFAULT;
659                         if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
660                                 goto done;
661                         err = -ENOENT;
662                         if ((t = ipip_tunnel_locate(net, &p, 0)) == NULL)
663                                 goto done;
664                         err = -EPERM;
665                         if (t->dev == ipn->fb_tunnel_dev)
666                                 goto done;
667                         dev = t->dev;
668                 }
669                 unregister_netdevice(dev);
670                 err = 0;
671                 break;
672 
673         default:
674                 err = -EINVAL;
675         }
676 
677 done:
678         return err;
679 }
680 
681 static int ipip_tunnel_change_mtu(struct net_device *dev, int new_mtu)
682 {
683         if (new_mtu < 68 || new_mtu > 0xFFF8 - sizeof(struct iphdr))
684                 return -EINVAL;
685         dev->mtu = new_mtu;
686         return 0;
687 }
688 
689 static const struct net_device_ops ipip_netdev_ops = {
690         .ndo_uninit     = ipip_tunnel_uninit,
691         .ndo_start_xmit = ipip_tunnel_xmit,
692         .ndo_do_ioctl   = ipip_tunnel_ioctl,
693         .ndo_change_mtu = ipip_tunnel_change_mtu,
694 
695 };
696 
697 static void ipip_tunnel_setup(struct net_device *dev)
698 {
699         dev->netdev_ops         = &ipip_netdev_ops;
700         dev->destructor         = free_netdev;
701 
702         dev->type               = ARPHRD_TUNNEL;
703         dev->hard_header_len    = LL_MAX_HEADER + sizeof(struct iphdr);
704         dev->mtu                = ETH_DATA_LEN - sizeof(struct iphdr);
705         dev->flags              = IFF_NOARP;
706         dev->iflink             = 0;
707         dev->addr_len           = 4;
708         dev->features           |= NETIF_F_NETNS_LOCAL;
709         dev->priv_flags         &= ~IFF_XMIT_DST_RELEASE;
710 }
711 
712 static void ipip_tunnel_init(struct net_device *dev)
713 {
714         struct ip_tunnel *tunnel = netdev_priv(dev);
715 
716         tunnel->dev = dev;
717         strcpy(tunnel->parms.name, dev->name);
718 
719         memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
720         memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
721 
722         ipip_tunnel_bind_dev(dev);
723 }
724 
725 static void ipip_fb_tunnel_init(struct net_device *dev)
726 {
727         struct ip_tunnel *tunnel = netdev_priv(dev);
728         struct iphdr *iph = &tunnel->parms.iph;
729         struct ipip_net *ipn = net_generic(dev_net(dev), ipip_net_id);
730 
731         tunnel->dev = dev;
732         strcpy(tunnel->parms.name, dev->name);
733 
734         iph->version            = 4;
735         iph->protocol           = IPPROTO_IPIP;
736         iph->ihl                = 5;
737 
738         dev_hold(dev);
739         ipn->tunnels_wc[0]      = tunnel;
740 }
741 
742 static struct xfrm_tunnel ipip_handler = {
743         .handler        =       ipip_rcv,
744         .err_handler    =       ipip_err,
745         .priority       =       1,
746 };
747 
748 static const char banner[] __initconst =
749         KERN_INFO "IPv4 over IPv4 tunneling driver\n";
750 
751 static void ipip_destroy_tunnels(struct ipip_net *ipn)
752 {
753         int prio;
754 
755         for (prio = 1; prio < 4; prio++) {
756                 int h;
757                 for (h = 0; h < HASH_SIZE; h++) {
758                         struct ip_tunnel *t;
759                         while ((t = ipn->tunnels[prio][h]) != NULL)
760                                 unregister_netdevice(t->dev);
761                 }
762         }
763 }
764 
765 static int ipip_init_net(struct net *net)
766 {
767         int err;
768         struct ipip_net *ipn;
769 
770         err = -ENOMEM;
771         ipn = kzalloc(sizeof(struct ipip_net), GFP_KERNEL);
772         if (ipn == NULL)
773                 goto err_alloc;
774 
775         err = net_assign_generic(net, ipip_net_id, ipn);
776         if (err < 0)
777                 goto err_assign;
778 
779         ipn->tunnels[0] = ipn->tunnels_wc;
780         ipn->tunnels[1] = ipn->tunnels_l;
781         ipn->tunnels[2] = ipn->tunnels_r;
782         ipn->tunnels[3] = ipn->tunnels_r_l;
783 
784         ipn->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel),
785                                            "tunl0",
786                                            ipip_tunnel_setup);
787         if (!ipn->fb_tunnel_dev) {
788                 err = -ENOMEM;
789                 goto err_alloc_dev;
790         }
791         dev_net_set(ipn->fb_tunnel_dev, net);
792 
793         ipip_fb_tunnel_init(ipn->fb_tunnel_dev);
794 
795         if ((err = register_netdev(ipn->fb_tunnel_dev)))
796                 goto err_reg_dev;
797 
798         return 0;
799 
800 err_reg_dev:
801         free_netdev(ipn->fb_tunnel_dev);
802 err_alloc_dev:
803         /* nothing */
804 err_assign:
805         kfree(ipn);
806 err_alloc:
807         return err;
808 }
809 
810 static void ipip_exit_net(struct net *net)
811 {
812         struct ipip_net *ipn;
813 
814         ipn = net_generic(net, ipip_net_id);
815         rtnl_lock();
816         ipip_destroy_tunnels(ipn);
817         unregister_netdevice(ipn->fb_tunnel_dev);
818         rtnl_unlock();
819         kfree(ipn);
820 }
821 
822 static struct pernet_operations ipip_net_ops = {
823         .init = ipip_init_net,
824         .exit = ipip_exit_net,
825 };
826 
827 static int __init ipip_init(void)
828 {
829         int err;
830 
831         printk(banner);
832 
833         err = register_pernet_gen_device(&ipip_net_id, &ipip_net_ops);
834         if (err < 0)
835                 return err;
836         err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
837         if (err < 0) {
838                 unregister_pernet_device(&ipip_net_ops);
839                 printk(KERN_INFO "ipip init: can't register tunnel\n");
840         }
841         return err;
842 }
843 
844 static void __exit ipip_fini(void)
845 {
846         if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
847                 printk(KERN_INFO "ipip close: can't deregister tunnel\n");
848 
849         unregister_pernet_gen_device(ipip_net_id, &ipip_net_ops);
850 }
851 
852 module_init(ipip_init);
853 module_exit(ipip_fini);
854 MODULE_LICENSE("GPL");
855 MODULE_ALIAS_NETDEV("tunl0");
856 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp