1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright (c) 2013 Nicira, Inc.
4 */
5
6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
7
8 #include <linux/capability.h>
9 #include <linux/module.h>
10 #include <linux/types.h>
11 #include <linux/kernel.h>
12 #include <linux/slab.h>
13 #include <linux/uaccess.h>
14 #include <linux/skbuff.h>
15 #include <linux/netdevice.h>
16 #include <linux/in.h>
17 #include <linux/tcp.h>
18 #include <linux/udp.h>
19 #include <linux/if_arp.h>
20 #include <linux/init.h>
21 #include <linux/in6.h>
22 #include <linux/inetdevice.h>
23 #include <linux/igmp.h>
24 #include <linux/netfilter_ipv4.h>
25 #include <linux/etherdevice.h>
26 #include <linux/if_ether.h>
27 #include <linux/if_vlan.h>
28 #include <linux/rculist.h>
29 #include <linux/err.h>
30
31 #include <net/sock.h>
32 #include <net/ip.h>
33 #include <net/icmp.h>
34 #include <net/protocol.h>
35 #include <net/ip_tunnels.h>
36 #include <net/arp.h>
37 #include <net/checksum.h>
38 #include <net/dsfield.h>
39 #include <net/inet_ecn.h>
40 #include <net/xfrm.h>
41 #include <net/net_namespace.h>
42 #include <net/netns/generic.h>
43 #include <net/rtnetlink.h>
44 #include <net/udp.h>
45 #include <net/dst_metadata.h>
46 #include <net/inet_dscp.h>
47
48 #if IS_ENABLED(CONFIG_IPV6)
49 #include <net/ipv6.h>
50 #include <net/ip6_fib.h>
51 #include <net/ip6_route.h>
52 #endif
53
ip_tunnel_hash(__be32 key,__be32 remote)54 static unsigned int ip_tunnel_hash(__be32 key, __be32 remote)
55 {
56 return hash_32((__force u32)key ^ (__force u32)remote,
57 IP_TNL_HASH_BITS);
58 }
59
ip_tunnel_key_match(const struct ip_tunnel_parm_kern * p,const unsigned long * flags,__be32 key)60 static bool ip_tunnel_key_match(const struct ip_tunnel_parm_kern *p,
61 const unsigned long *flags, __be32 key)
62 {
63 if (!test_bit(IP_TUNNEL_KEY_BIT, flags))
64 return !test_bit(IP_TUNNEL_KEY_BIT, p->i_flags);
65
66 return test_bit(IP_TUNNEL_KEY_BIT, p->i_flags) && p->i_key == key;
67 }
68
69 /* Fallback tunnel: no source, no destination, no key, no options
70
71 Tunnel hash table:
72 We require exact key match i.e. if a key is present in packet
73 it will match only tunnel with the same key; if it is not present,
74 it will match only keyless tunnel.
75
76 All keysless packets, if not matched configured keyless tunnels
77 will match fallback tunnel.
78 Given src, dst and key, find appropriate for input tunnel.
79 */
ip_tunnel_lookup(struct ip_tunnel_net * itn,int link,const unsigned long * flags,__be32 remote,__be32 local,__be32 key)80 struct ip_tunnel *ip_tunnel_lookup(struct ip_tunnel_net *itn,
81 int link, const unsigned long *flags,
82 __be32 remote, __be32 local,
83 __be32 key)
84 {
85 struct ip_tunnel *t, *cand = NULL;
86 struct hlist_head *head;
87 struct net_device *ndev;
88 unsigned int hash;
89
90 hash = ip_tunnel_hash(key, remote);
91 head = &itn->tunnels[hash];
92
93 hlist_for_each_entry_rcu(t, head, hash_node) {
94 if (local != t->parms.iph.saddr ||
95 remote != t->parms.iph.daddr ||
96 !(t->dev->flags & IFF_UP))
97 continue;
98
99 if (!ip_tunnel_key_match(&t->parms, flags, key))
100 continue;
101
102 if (READ_ONCE(t->parms.link) == link)
103 return t;
104 cand = t;
105 }
106
107 hlist_for_each_entry_rcu(t, head, hash_node) {
108 if (remote != t->parms.iph.daddr ||
109 t->parms.iph.saddr != 0 ||
110 !(t->dev->flags & IFF_UP))
111 continue;
112
113 if (!ip_tunnel_key_match(&t->parms, flags, key))
114 continue;
115
116 if (READ_ONCE(t->parms.link) == link)
117 return t;
118 if (!cand)
119 cand = t;
120 }
121
122 hash = ip_tunnel_hash(key, 0);
123 head = &itn->tunnels[hash];
124
125 hlist_for_each_entry_rcu(t, head, hash_node) {
126 if ((local != t->parms.iph.saddr || t->parms.iph.daddr != 0) &&
127 (local != t->parms.iph.daddr || !ipv4_is_multicast(local)))
128 continue;
129
130 if (!(t->dev->flags & IFF_UP))
131 continue;
132
133 if (!ip_tunnel_key_match(&t->parms, flags, key))
134 continue;
135
136 if (READ_ONCE(t->parms.link) == link)
137 return t;
138 if (!cand)
139 cand = t;
140 }
141
142 hlist_for_each_entry_rcu(t, head, hash_node) {
143 if ((!test_bit(IP_TUNNEL_NO_KEY_BIT, flags) &&
144 t->parms.i_key != key) ||
145 t->parms.iph.saddr != 0 ||
146 t->parms.iph.daddr != 0 ||
147 !(t->dev->flags & IFF_UP))
148 continue;
149
150 if (READ_ONCE(t->parms.link) == link)
151 return t;
152 if (!cand)
153 cand = t;
154 }
155
156 if (cand)
157 return cand;
158
159 t = rcu_dereference(itn->collect_md_tun);
160 if (t && t->dev->flags & IFF_UP)
161 return t;
162
163 ndev = READ_ONCE(itn->fb_tunnel_dev);
164 if (ndev && ndev->flags & IFF_UP)
165 return netdev_priv(ndev);
166
167 return NULL;
168 }
169 EXPORT_SYMBOL_GPL(ip_tunnel_lookup);
170
ip_bucket(struct ip_tunnel_net * itn,struct ip_tunnel_parm_kern * parms)171 static struct hlist_head *ip_bucket(struct ip_tunnel_net *itn,
172 struct ip_tunnel_parm_kern *parms)
173 {
174 unsigned int h;
175 __be32 remote;
176 __be32 i_key = parms->i_key;
177
178 if (parms->iph.daddr && !ipv4_is_multicast(parms->iph.daddr))
179 remote = parms->iph.daddr;
180 else
181 remote = 0;
182
183 if (!test_bit(IP_TUNNEL_KEY_BIT, parms->i_flags) &&
184 test_bit(IP_TUNNEL_VTI_BIT, parms->i_flags))
185 i_key = 0;
186
187 h = ip_tunnel_hash(i_key, remote);
188 return &itn->tunnels[h];
189 }
190
ip_tunnel_add(struct ip_tunnel_net * itn,struct ip_tunnel * t)191 static void ip_tunnel_add(struct ip_tunnel_net *itn, struct ip_tunnel *t)
192 {
193 struct hlist_head *head = ip_bucket(itn, &t->parms);
194
195 if (t->collect_md)
196 rcu_assign_pointer(itn->collect_md_tun, t);
197 hlist_add_head_rcu(&t->hash_node, head);
198 }
199
ip_tunnel_del(struct ip_tunnel_net * itn,struct ip_tunnel * t)200 static void ip_tunnel_del(struct ip_tunnel_net *itn, struct ip_tunnel *t)
201 {
202 if (t->collect_md)
203 rcu_assign_pointer(itn->collect_md_tun, NULL);
204 hlist_del_init_rcu(&t->hash_node);
205 }
206
ip_tunnel_find(struct ip_tunnel_net * itn,struct ip_tunnel_parm_kern * parms,int type)207 static struct ip_tunnel *ip_tunnel_find(struct ip_tunnel_net *itn,
208 struct ip_tunnel_parm_kern *parms,
209 int type)
210 {
211 __be32 remote = parms->iph.daddr;
212 __be32 local = parms->iph.saddr;
213 IP_TUNNEL_DECLARE_FLAGS(flags);
214 __be32 key = parms->i_key;
215 int link = parms->link;
216 struct ip_tunnel *t = NULL;
217 struct hlist_head *head = ip_bucket(itn, parms);
218
219 ip_tunnel_flags_copy(flags, parms->i_flags);
220
221 hlist_for_each_entry_rcu(t, head, hash_node) {
222 if (local == t->parms.iph.saddr &&
223 remote == t->parms.iph.daddr &&
224 link == READ_ONCE(t->parms.link) &&
225 type == t->dev->type &&
226 ip_tunnel_key_match(&t->parms, flags, key))
227 break;
228 }
229 return t;
230 }
231
__ip_tunnel_create(struct net * net,const struct rtnl_link_ops * ops,struct ip_tunnel_parm_kern * parms)232 static struct net_device *__ip_tunnel_create(struct net *net,
233 const struct rtnl_link_ops *ops,
234 struct ip_tunnel_parm_kern *parms)
235 {
236 int err;
237 struct ip_tunnel *tunnel;
238 struct net_device *dev;
239 char name[IFNAMSIZ];
240
241 err = -E2BIG;
242 if (parms->name[0]) {
243 if (!dev_valid_name(parms->name))
244 goto failed;
245 strscpy(name, parms->name, IFNAMSIZ);
246 } else {
247 if (strlen(ops->kind) > (IFNAMSIZ - 3))
248 goto failed;
249 strcpy(name, ops->kind);
250 strcat(name, "%d");
251 }
252
253 ASSERT_RTNL();
254 dev = alloc_netdev(ops->priv_size, name, NET_NAME_UNKNOWN, ops->setup);
255 if (!dev) {
256 err = -ENOMEM;
257 goto failed;
258 }
259 dev_net_set(dev, net);
260
261 dev->rtnl_link_ops = ops;
262
263 tunnel = netdev_priv(dev);
264 tunnel->parms = *parms;
265 tunnel->net = net;
266
267 err = register_netdevice(dev);
268 if (err)
269 goto failed_free;
270
271 return dev;
272
273 failed_free:
274 free_netdev(dev);
275 failed:
276 return ERR_PTR(err);
277 }
278
ip_tunnel_bind_dev(struct net_device * dev)279 static int ip_tunnel_bind_dev(struct net_device *dev)
280 {
281 struct net_device *tdev = NULL;
282 struct ip_tunnel *tunnel = netdev_priv(dev);
283 const struct iphdr *iph;
284 int hlen = LL_MAX_HEADER;
285 int mtu = ETH_DATA_LEN;
286 int t_hlen = tunnel->hlen + sizeof(struct iphdr);
287
288 iph = &tunnel->parms.iph;
289
290 /* Guess output device to choose reasonable mtu and needed_headroom */
291 if (iph->daddr) {
292 struct flowi4 fl4;
293 struct rtable *rt;
294
295 ip_tunnel_init_flow(&fl4, iph->protocol, iph->daddr,
296 iph->saddr, tunnel->parms.o_key,
297 iph->tos & INET_DSCP_MASK, dev_net(dev),
298 tunnel->parms.link, tunnel->fwmark, 0, 0);
299 rt = ip_route_output_key(tunnel->net, &fl4);
300
301 if (!IS_ERR(rt)) {
302 tdev = rt->dst.dev;
303 ip_rt_put(rt);
304 }
305 if (dev->type != ARPHRD_ETHER)
306 dev->flags |= IFF_POINTOPOINT;
307
308 dst_cache_reset(&tunnel->dst_cache);
309 }
310
311 if (!tdev && tunnel->parms.link)
312 tdev = __dev_get_by_index(tunnel->net, tunnel->parms.link);
313
314 if (tdev) {
315 hlen = tdev->hard_header_len + tdev->needed_headroom;
316 mtu = min(tdev->mtu, IP_MAX_MTU);
317 }
318
319 dev->needed_headroom = t_hlen + hlen;
320 mtu -= t_hlen + (dev->type == ARPHRD_ETHER ? dev->hard_header_len : 0);
321
322 if (mtu < IPV4_MIN_MTU)
323 mtu = IPV4_MIN_MTU;
324
325 return mtu;
326 }
327
ip_tunnel_create(struct net * net,struct ip_tunnel_net * itn,struct ip_tunnel_parm_kern * parms)328 static struct ip_tunnel *ip_tunnel_create(struct net *net,
329 struct ip_tunnel_net *itn,
330 struct ip_tunnel_parm_kern *parms)
331 {
332 struct ip_tunnel *nt;
333 struct net_device *dev;
334 int t_hlen;
335 int mtu;
336 int err;
337
338 dev = __ip_tunnel_create(net, itn->rtnl_link_ops, parms);
339 if (IS_ERR(dev))
340 return ERR_CAST(dev);
341
342 mtu = ip_tunnel_bind_dev(dev);
343 err = dev_set_mtu(dev, mtu);
344 if (err)
345 goto err_dev_set_mtu;
346
347 nt = netdev_priv(dev);
348 t_hlen = nt->hlen + sizeof(struct iphdr);
349 dev->min_mtu = ETH_MIN_MTU;
350 dev->max_mtu = IP_MAX_MTU - t_hlen;
351 if (dev->type == ARPHRD_ETHER)
352 dev->max_mtu -= dev->hard_header_len;
353
354 ip_tunnel_add(itn, nt);
355 return nt;
356
357 err_dev_set_mtu:
358 unregister_netdevice(dev);
359 return ERR_PTR(err);
360 }
361
ip_tunnel_md_udp_encap(struct sk_buff * skb,struct ip_tunnel_info * info)362 void ip_tunnel_md_udp_encap(struct sk_buff *skb, struct ip_tunnel_info *info)
363 {
364 const struct iphdr *iph = ip_hdr(skb);
365 const struct udphdr *udph;
366
367 if (iph->protocol != IPPROTO_UDP)
368 return;
369
370 udph = (struct udphdr *)((__u8 *)iph + (iph->ihl << 2));
371 info->encap.sport = udph->source;
372 info->encap.dport = udph->dest;
373 }
374 EXPORT_SYMBOL(ip_tunnel_md_udp_encap);
375
ip_tunnel_rcv(struct ip_tunnel * tunnel,struct sk_buff * skb,const struct tnl_ptk_info * tpi,struct metadata_dst * tun_dst,bool log_ecn_error)376 int ip_tunnel_rcv(struct ip_tunnel *tunnel, struct sk_buff *skb,
377 const struct tnl_ptk_info *tpi, struct metadata_dst *tun_dst,
378 bool log_ecn_error)
379 {
380 const struct iphdr *iph = ip_hdr(skb);
381 int nh, err;
382
383 #ifdef CONFIG_NET_IPGRE_BROADCAST
384 if (ipv4_is_multicast(iph->daddr)) {
385 DEV_STATS_INC(tunnel->dev, multicast);
386 skb->pkt_type = PACKET_BROADCAST;
387 }
388 #endif
389
390 if (test_bit(IP_TUNNEL_CSUM_BIT, tunnel->parms.i_flags) !=
391 test_bit(IP_TUNNEL_CSUM_BIT, tpi->flags)) {
392 DEV_STATS_INC(tunnel->dev, rx_crc_errors);
393 DEV_STATS_INC(tunnel->dev, rx_errors);
394 goto drop;
395 }
396
397 if (test_bit(IP_TUNNEL_SEQ_BIT, tunnel->parms.i_flags)) {
398 if (!test_bit(IP_TUNNEL_SEQ_BIT, tpi->flags) ||
399 (tunnel->i_seqno && (s32)(ntohl(tpi->seq) - tunnel->i_seqno) < 0)) {
400 DEV_STATS_INC(tunnel->dev, rx_fifo_errors);
401 DEV_STATS_INC(tunnel->dev, rx_errors);
402 goto drop;
403 }
404 tunnel->i_seqno = ntohl(tpi->seq) + 1;
405 }
406
407 /* Save offset of outer header relative to skb->head,
408 * because we are going to reset the network header to the inner header
409 * and might change skb->head.
410 */
411 nh = skb_network_header(skb) - skb->head;
412
413 skb_set_network_header(skb, (tunnel->dev->type == ARPHRD_ETHER) ? ETH_HLEN : 0);
414
415 if (!pskb_inet_may_pull(skb)) {
416 DEV_STATS_INC(tunnel->dev, rx_length_errors);
417 DEV_STATS_INC(tunnel->dev, rx_errors);
418 goto drop;
419 }
420 iph = (struct iphdr *)(skb->head + nh);
421
422 err = IP_ECN_decapsulate(iph, skb);
423 if (unlikely(err)) {
424 if (log_ecn_error)
425 net_info_ratelimited("non-ECT from %pI4 with TOS=%#x\n",
426 &iph->saddr, iph->tos);
427 if (err > 1) {
428 DEV_STATS_INC(tunnel->dev, rx_frame_errors);
429 DEV_STATS_INC(tunnel->dev, rx_errors);
430 goto drop;
431 }
432 }
433
434 dev_sw_netstats_rx_add(tunnel->dev, skb->len);
435 skb_scrub_packet(skb, !net_eq(tunnel->net, dev_net(tunnel->dev)));
436
437 if (tunnel->dev->type == ARPHRD_ETHER) {
438 skb->protocol = eth_type_trans(skb, tunnel->dev);
439 skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
440 } else {
441 skb->dev = tunnel->dev;
442 }
443
444 if (tun_dst)
445 skb_dst_set(skb, (struct dst_entry *)tun_dst);
446
447 gro_cells_receive(&tunnel->gro_cells, skb);
448 return 0;
449
450 drop:
451 if (tun_dst)
452 dst_release((struct dst_entry *)tun_dst);
453 kfree_skb(skb);
454 return 0;
455 }
456 EXPORT_SYMBOL_GPL(ip_tunnel_rcv);
457
ip_tunnel_encap_add_ops(const struct ip_tunnel_encap_ops * ops,unsigned int num)458 int ip_tunnel_encap_add_ops(const struct ip_tunnel_encap_ops *ops,
459 unsigned int num)
460 {
461 if (num >= MAX_IPTUN_ENCAP_OPS)
462 return -ERANGE;
463
464 return !cmpxchg((const struct ip_tunnel_encap_ops **)
465 &iptun_encaps[num],
466 NULL, ops) ? 0 : -1;
467 }
468 EXPORT_SYMBOL(ip_tunnel_encap_add_ops);
469
ip_tunnel_encap_del_ops(const struct ip_tunnel_encap_ops * ops,unsigned int num)470 int ip_tunnel_encap_del_ops(const struct ip_tunnel_encap_ops *ops,
471 unsigned int num)
472 {
473 int ret;
474
475 if (num >= MAX_IPTUN_ENCAP_OPS)
476 return -ERANGE;
477
478 ret = (cmpxchg((const struct ip_tunnel_encap_ops **)
479 &iptun_encaps[num],
480 ops, NULL) == ops) ? 0 : -1;
481
482 synchronize_net();
483
484 return ret;
485 }
486 EXPORT_SYMBOL(ip_tunnel_encap_del_ops);
487
ip_tunnel_encap_setup(struct ip_tunnel * t,struct ip_tunnel_encap * ipencap)488 int ip_tunnel_encap_setup(struct ip_tunnel *t,
489 struct ip_tunnel_encap *ipencap)
490 {
491 int hlen;
492
493 memset(&t->encap, 0, sizeof(t->encap));
494
495 hlen = ip_encap_hlen(ipencap);
496 if (hlen < 0)
497 return hlen;
498
499 t->encap.type = ipencap->type;
500 t->encap.sport = ipencap->sport;
501 t->encap.dport = ipencap->dport;
502 t->encap.flags = ipencap->flags;
503
504 t->encap_hlen = hlen;
505 t->hlen = t->encap_hlen + t->tun_hlen;
506
507 return 0;
508 }
509 EXPORT_SYMBOL_GPL(ip_tunnel_encap_setup);
510
tnl_update_pmtu(struct net_device * dev,struct sk_buff * skb,struct rtable * rt,__be16 df,const struct iphdr * inner_iph,int tunnel_hlen,__be32 dst,bool md)511 static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb,
512 struct rtable *rt, __be16 df,
513 const struct iphdr *inner_iph,
514 int tunnel_hlen, __be32 dst, bool md)
515 {
516 struct ip_tunnel *tunnel = netdev_priv(dev);
517 int pkt_size;
518 int mtu;
519
520 tunnel_hlen = md ? tunnel_hlen : tunnel->hlen;
521 pkt_size = skb->len - tunnel_hlen;
522 pkt_size -= dev->type == ARPHRD_ETHER ? dev->hard_header_len : 0;
523
524 if (df) {
525 mtu = dst_mtu(&rt->dst) - (sizeof(struct iphdr) + tunnel_hlen);
526 mtu -= dev->type == ARPHRD_ETHER ? dev->hard_header_len : 0;
527 } else {
528 mtu = skb_valid_dst(skb) ? dst_mtu(skb_dst(skb)) : dev->mtu;
529 }
530
531 if (skb_valid_dst(skb))
532 skb_dst_update_pmtu_no_confirm(skb, mtu);
533
534 if (skb->protocol == htons(ETH_P_IP)) {
535 if (!skb_is_gso(skb) &&
536 (inner_iph->frag_off & htons(IP_DF)) &&
537 mtu < pkt_size) {
538 icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
539 return -E2BIG;
540 }
541 }
542 #if IS_ENABLED(CONFIG_IPV6)
543 else if (skb->protocol == htons(ETH_P_IPV6)) {
544 struct rt6_info *rt6;
545 __be32 daddr;
546
547 rt6 = skb_valid_dst(skb) ? dst_rt6_info(skb_dst(skb)) :
548 NULL;
549 daddr = md ? dst : tunnel->parms.iph.daddr;
550
551 if (rt6 && mtu < dst_mtu(skb_dst(skb)) &&
552 mtu >= IPV6_MIN_MTU) {
553 if ((daddr && !ipv4_is_multicast(daddr)) ||
554 rt6->rt6i_dst.plen == 128) {
555 rt6->rt6i_flags |= RTF_MODIFIED;
556 dst_metric_set(skb_dst(skb), RTAX_MTU, mtu);
557 }
558 }
559
560 if (!skb_is_gso(skb) && mtu >= IPV6_MIN_MTU &&
561 mtu < pkt_size) {
562 icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
563 return -E2BIG;
564 }
565 }
566 #endif
567 return 0;
568 }
569
ip_tunnel_adj_headroom(struct net_device * dev,unsigned int headroom)570 static void ip_tunnel_adj_headroom(struct net_device *dev, unsigned int headroom)
571 {
572 /* we must cap headroom to some upperlimit, else pskb_expand_head
573 * will overflow header offsets in skb_headers_offset_update().
574 */
575 static const unsigned int max_allowed = 512;
576
577 if (headroom > max_allowed)
578 headroom = max_allowed;
579
580 if (headroom > READ_ONCE(dev->needed_headroom))
581 WRITE_ONCE(dev->needed_headroom, headroom);
582 }
583
ip_md_tunnel_xmit(struct sk_buff * skb,struct net_device * dev,u8 proto,int tunnel_hlen)584 void ip_md_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
585 u8 proto, int tunnel_hlen)
586 {
587 struct ip_tunnel *tunnel = netdev_priv(dev);
588 u32 headroom = sizeof(struct iphdr);
589 struct ip_tunnel_info *tun_info;
590 const struct ip_tunnel_key *key;
591 const struct iphdr *inner_iph;
592 struct rtable *rt = NULL;
593 struct flowi4 fl4;
594 __be16 df = 0;
595 u8 tos, ttl;
596 bool use_cache;
597
598 tun_info = skb_tunnel_info(skb);
599 if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
600 ip_tunnel_info_af(tun_info) != AF_INET))
601 goto tx_error;
602 key = &tun_info->key;
603 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
604 inner_iph = (const struct iphdr *)skb_inner_network_header(skb);
605 tos = key->tos;
606 if (tos == 1) {
607 if (skb->protocol == htons(ETH_P_IP))
608 tos = inner_iph->tos;
609 else if (skb->protocol == htons(ETH_P_IPV6))
610 tos = ipv6_get_dsfield((const struct ipv6hdr *)inner_iph);
611 }
612 ip_tunnel_init_flow(&fl4, proto, key->u.ipv4.dst, key->u.ipv4.src,
613 tunnel_id_to_key32(key->tun_id),
614 tos & INET_DSCP_MASK, dev_net(dev), 0, skb->mark,
615 skb_get_hash(skb), key->flow_flags);
616
617 if (!tunnel_hlen)
618 tunnel_hlen = ip_encap_hlen(&tun_info->encap);
619
620 if (ip_tunnel_encap(skb, &tun_info->encap, &proto, &fl4) < 0)
621 goto tx_error;
622
623 use_cache = ip_tunnel_dst_cache_usable(skb, tun_info);
624 if (use_cache)
625 rt = dst_cache_get_ip4(&tun_info->dst_cache, &fl4.saddr);
626 if (!rt) {
627 rt = ip_route_output_key(tunnel->net, &fl4);
628 if (IS_ERR(rt)) {
629 DEV_STATS_INC(dev, tx_carrier_errors);
630 goto tx_error;
631 }
632 if (use_cache)
633 dst_cache_set_ip4(&tun_info->dst_cache, &rt->dst,
634 fl4.saddr);
635 }
636 if (rt->dst.dev == dev) {
637 ip_rt_put(rt);
638 DEV_STATS_INC(dev, collisions);
639 goto tx_error;
640 }
641
642 if (test_bit(IP_TUNNEL_DONT_FRAGMENT_BIT, key->tun_flags))
643 df = htons(IP_DF);
644 if (tnl_update_pmtu(dev, skb, rt, df, inner_iph, tunnel_hlen,
645 key->u.ipv4.dst, true)) {
646 ip_rt_put(rt);
647 goto tx_error;
648 }
649
650 tos = ip_tunnel_ecn_encap(tos, inner_iph, skb);
651 ttl = key->ttl;
652 if (ttl == 0) {
653 if (skb->protocol == htons(ETH_P_IP))
654 ttl = inner_iph->ttl;
655 else if (skb->protocol == htons(ETH_P_IPV6))
656 ttl = ((const struct ipv6hdr *)inner_iph)->hop_limit;
657 else
658 ttl = ip4_dst_hoplimit(&rt->dst);
659 }
660
661 headroom += LL_RESERVED_SPACE(rt->dst.dev) + rt->dst.header_len;
662 if (skb_cow_head(skb, headroom)) {
663 ip_rt_put(rt);
664 goto tx_dropped;
665 }
666
667 ip_tunnel_adj_headroom(dev, headroom);
668
669 iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, proto, tos, ttl,
670 df, !net_eq(tunnel->net, dev_net(dev)));
671 return;
672 tx_error:
673 DEV_STATS_INC(dev, tx_errors);
674 goto kfree;
675 tx_dropped:
676 DEV_STATS_INC(dev, tx_dropped);
677 kfree:
678 kfree_skb(skb);
679 }
680 EXPORT_SYMBOL_GPL(ip_md_tunnel_xmit);
681
ip_tunnel_xmit(struct sk_buff * skb,struct net_device * dev,const struct iphdr * tnl_params,u8 protocol)682 void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
683 const struct iphdr *tnl_params, u8 protocol)
684 {
685 struct ip_tunnel *tunnel = netdev_priv(dev);
686 struct ip_tunnel_info *tun_info = NULL;
687 const struct iphdr *inner_iph;
688 unsigned int max_headroom; /* The extra header space needed */
689 struct rtable *rt = NULL; /* Route to the other host */
690 __be16 payload_protocol;
691 bool use_cache = false;
692 struct flowi4 fl4;
693 bool md = false;
694 bool connected;
695 u8 tos, ttl;
696 __be32 dst;
697 __be16 df;
698
699 inner_iph = (const struct iphdr *)skb_inner_network_header(skb);
700 connected = (tunnel->parms.iph.daddr != 0);
701 payload_protocol = skb_protocol(skb, true);
702
703 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
704
705 dst = tnl_params->daddr;
706 if (dst == 0) {
707 /* NBMA tunnel */
708
709 if (!skb_dst(skb)) {
710 DEV_STATS_INC(dev, tx_fifo_errors);
711 goto tx_error;
712 }
713
714 tun_info = skb_tunnel_info(skb);
715 if (tun_info && (tun_info->mode & IP_TUNNEL_INFO_TX) &&
716 ip_tunnel_info_af(tun_info) == AF_INET &&
717 tun_info->key.u.ipv4.dst) {
718 dst = tun_info->key.u.ipv4.dst;
719 md = true;
720 connected = true;
721 } else if (payload_protocol == htons(ETH_P_IP)) {
722 rt = skb_rtable(skb);
723 dst = rt_nexthop(rt, inner_iph->daddr);
724 }
725 #if IS_ENABLED(CONFIG_IPV6)
726 else if (payload_protocol == htons(ETH_P_IPV6)) {
727 const struct in6_addr *addr6;
728 struct neighbour *neigh;
729 bool do_tx_error_icmp;
730 int addr_type;
731
732 neigh = dst_neigh_lookup(skb_dst(skb),
733 &ipv6_hdr(skb)->daddr);
734 if (!neigh)
735 goto tx_error;
736
737 addr6 = (const struct in6_addr *)&neigh->primary_key;
738 addr_type = ipv6_addr_type(addr6);
739
740 if (addr_type == IPV6_ADDR_ANY) {
741 addr6 = &ipv6_hdr(skb)->daddr;
742 addr_type = ipv6_addr_type(addr6);
743 }
744
745 if ((addr_type & IPV6_ADDR_COMPATv4) == 0)
746 do_tx_error_icmp = true;
747 else {
748 do_tx_error_icmp = false;
749 dst = addr6->s6_addr32[3];
750 }
751 neigh_release(neigh);
752 if (do_tx_error_icmp)
753 goto tx_error_icmp;
754 }
755 #endif
756 else
757 goto tx_error;
758
759 if (!md)
760 connected = false;
761 }
762
763 tos = tnl_params->tos;
764 if (tos & 0x1) {
765 tos &= ~0x1;
766 if (payload_protocol == htons(ETH_P_IP)) {
767 tos = inner_iph->tos;
768 connected = false;
769 } else if (payload_protocol == htons(ETH_P_IPV6)) {
770 tos = ipv6_get_dsfield((const struct ipv6hdr *)inner_iph);
771 connected = false;
772 }
773 }
774
775 ip_tunnel_init_flow(&fl4, protocol, dst, tnl_params->saddr,
776 tunnel->parms.o_key, tos & INET_DSCP_MASK,
777 dev_net(dev), READ_ONCE(tunnel->parms.link),
778 tunnel->fwmark, skb_get_hash(skb), 0);
779
780 if (ip_tunnel_encap(skb, &tunnel->encap, &protocol, &fl4) < 0)
781 goto tx_error;
782
783 if (connected && md) {
784 use_cache = ip_tunnel_dst_cache_usable(skb, tun_info);
785 if (use_cache)
786 rt = dst_cache_get_ip4(&tun_info->dst_cache,
787 &fl4.saddr);
788 } else {
789 rt = connected ? dst_cache_get_ip4(&tunnel->dst_cache,
790 &fl4.saddr) : NULL;
791 }
792
793 if (!rt) {
794 rt = ip_route_output_key(tunnel->net, &fl4);
795
796 if (IS_ERR(rt)) {
797 DEV_STATS_INC(dev, tx_carrier_errors);
798 goto tx_error;
799 }
800 if (use_cache)
801 dst_cache_set_ip4(&tun_info->dst_cache, &rt->dst,
802 fl4.saddr);
803 else if (!md && connected)
804 dst_cache_set_ip4(&tunnel->dst_cache, &rt->dst,
805 fl4.saddr);
806 }
807
808 if (rt->dst.dev == dev) {
809 ip_rt_put(rt);
810 DEV_STATS_INC(dev, collisions);
811 goto tx_error;
812 }
813
814 df = tnl_params->frag_off;
815 if (payload_protocol == htons(ETH_P_IP) && !tunnel->ignore_df)
816 df |= (inner_iph->frag_off & htons(IP_DF));
817
818 if (tnl_update_pmtu(dev, skb, rt, df, inner_iph, 0, 0, false)) {
819 ip_rt_put(rt);
820 goto tx_error;
821 }
822
823 if (tunnel->err_count > 0) {
824 if (time_before(jiffies,
825 tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
826 tunnel->err_count--;
827
828 dst_link_failure(skb);
829 } else
830 tunnel->err_count = 0;
831 }
832
833 tos = ip_tunnel_ecn_encap(tos, inner_iph, skb);
834 ttl = tnl_params->ttl;
835 if (ttl == 0) {
836 if (payload_protocol == htons(ETH_P_IP))
837 ttl = inner_iph->ttl;
838 #if IS_ENABLED(CONFIG_IPV6)
839 else if (payload_protocol == htons(ETH_P_IPV6))
840 ttl = ((const struct ipv6hdr *)inner_iph)->hop_limit;
841 #endif
842 else
843 ttl = ip4_dst_hoplimit(&rt->dst);
844 }
845
846 max_headroom = LL_RESERVED_SPACE(rt->dst.dev) + sizeof(struct iphdr)
847 + rt->dst.header_len + ip_encap_hlen(&tunnel->encap);
848
849 if (skb_cow_head(skb, max_headroom)) {
850 ip_rt_put(rt);
851 DEV_STATS_INC(dev, tx_dropped);
852 kfree_skb(skb);
853 return;
854 }
855
856 ip_tunnel_adj_headroom(dev, max_headroom);
857
858 iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, protocol, tos, ttl,
859 df, !net_eq(tunnel->net, dev_net(dev)));
860 return;
861
862 #if IS_ENABLED(CONFIG_IPV6)
863 tx_error_icmp:
864 dst_link_failure(skb);
865 #endif
866 tx_error:
867 DEV_STATS_INC(dev, tx_errors);
868 kfree_skb(skb);
869 }
870 EXPORT_SYMBOL_GPL(ip_tunnel_xmit);
871
ip_tunnel_update(struct ip_tunnel_net * itn,struct ip_tunnel * t,struct net_device * dev,struct ip_tunnel_parm_kern * p,bool set_mtu,__u32 fwmark)872 static void ip_tunnel_update(struct ip_tunnel_net *itn,
873 struct ip_tunnel *t,
874 struct net_device *dev,
875 struct ip_tunnel_parm_kern *p,
876 bool set_mtu,
877 __u32 fwmark)
878 {
879 ip_tunnel_del(itn, t);
880 t->parms.iph.saddr = p->iph.saddr;
881 t->parms.iph.daddr = p->iph.daddr;
882 t->parms.i_key = p->i_key;
883 t->parms.o_key = p->o_key;
884 if (dev->type != ARPHRD_ETHER) {
885 __dev_addr_set(dev, &p->iph.saddr, 4);
886 memcpy(dev->broadcast, &p->iph.daddr, 4);
887 }
888 ip_tunnel_add(itn, t);
889
890 t->parms.iph.ttl = p->iph.ttl;
891 t->parms.iph.tos = p->iph.tos;
892 t->parms.iph.frag_off = p->iph.frag_off;
893
894 if (t->parms.link != p->link || t->fwmark != fwmark) {
895 int mtu;
896
897 WRITE_ONCE(t->parms.link, p->link);
898 t->fwmark = fwmark;
899 mtu = ip_tunnel_bind_dev(dev);
900 if (set_mtu)
901 WRITE_ONCE(dev->mtu, mtu);
902 }
903 dst_cache_reset(&t->dst_cache);
904 netdev_state_change(dev);
905 }
906
ip_tunnel_ctl(struct net_device * dev,struct ip_tunnel_parm_kern * p,int cmd)907 int ip_tunnel_ctl(struct net_device *dev, struct ip_tunnel_parm_kern *p,
908 int cmd)
909 {
910 int err = 0;
911 struct ip_tunnel *t = netdev_priv(dev);
912 struct net *net = t->net;
913 struct ip_tunnel_net *itn = net_generic(net, t->ip_tnl_net_id);
914
915 switch (cmd) {
916 case SIOCGETTUNNEL:
917 if (dev == itn->fb_tunnel_dev) {
918 t = ip_tunnel_find(itn, p, itn->fb_tunnel_dev->type);
919 if (!t)
920 t = netdev_priv(dev);
921 }
922 memcpy(p, &t->parms, sizeof(*p));
923 break;
924
925 case SIOCADDTUNNEL:
926 case SIOCCHGTUNNEL:
927 err = -EPERM;
928 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
929 goto done;
930 if (p->iph.ttl)
931 p->iph.frag_off |= htons(IP_DF);
932 if (!test_bit(IP_TUNNEL_VTI_BIT, p->i_flags)) {
933 if (!test_bit(IP_TUNNEL_KEY_BIT, p->i_flags))
934 p->i_key = 0;
935 if (!test_bit(IP_TUNNEL_KEY_BIT, p->o_flags))
936 p->o_key = 0;
937 }
938
939 t = ip_tunnel_find(itn, p, itn->type);
940
941 if (cmd == SIOCADDTUNNEL) {
942 if (!t) {
943 t = ip_tunnel_create(net, itn, p);
944 err = PTR_ERR_OR_ZERO(t);
945 break;
946 }
947
948 err = -EEXIST;
949 break;
950 }
951 if (dev != itn->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
952 if (t) {
953 if (t->dev != dev) {
954 err = -EEXIST;
955 break;
956 }
957 } else {
958 unsigned int nflags = 0;
959
960 if (ipv4_is_multicast(p->iph.daddr))
961 nflags = IFF_BROADCAST;
962 else if (p->iph.daddr)
963 nflags = IFF_POINTOPOINT;
964
965 if ((dev->flags^nflags)&(IFF_POINTOPOINT|IFF_BROADCAST)) {
966 err = -EINVAL;
967 break;
968 }
969
970 t = netdev_priv(dev);
971 }
972 }
973
974 if (t) {
975 err = 0;
976 ip_tunnel_update(itn, t, dev, p, true, 0);
977 } else {
978 err = -ENOENT;
979 }
980 break;
981
982 case SIOCDELTUNNEL:
983 err = -EPERM;
984 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
985 goto done;
986
987 if (dev == itn->fb_tunnel_dev) {
988 err = -ENOENT;
989 t = ip_tunnel_find(itn, p, itn->fb_tunnel_dev->type);
990 if (!t)
991 goto done;
992 err = -EPERM;
993 if (t == netdev_priv(itn->fb_tunnel_dev))
994 goto done;
995 dev = t->dev;
996 }
997 unregister_netdevice(dev);
998 err = 0;
999 break;
1000
1001 default:
1002 err = -EINVAL;
1003 }
1004
1005 done:
1006 return err;
1007 }
1008 EXPORT_SYMBOL_GPL(ip_tunnel_ctl);
1009
ip_tunnel_parm_from_user(struct ip_tunnel_parm_kern * kp,const void __user * data)1010 bool ip_tunnel_parm_from_user(struct ip_tunnel_parm_kern *kp,
1011 const void __user *data)
1012 {
1013 struct ip_tunnel_parm p;
1014
1015 if (copy_from_user(&p, data, sizeof(p)))
1016 return false;
1017
1018 strscpy(kp->name, p.name);
1019 kp->link = p.link;
1020 ip_tunnel_flags_from_be16(kp->i_flags, p.i_flags);
1021 ip_tunnel_flags_from_be16(kp->o_flags, p.o_flags);
1022 kp->i_key = p.i_key;
1023 kp->o_key = p.o_key;
1024 memcpy(&kp->iph, &p.iph, min(sizeof(kp->iph), sizeof(p.iph)));
1025
1026 return true;
1027 }
1028 EXPORT_SYMBOL_GPL(ip_tunnel_parm_from_user);
1029
ip_tunnel_parm_to_user(void __user * data,struct ip_tunnel_parm_kern * kp)1030 bool ip_tunnel_parm_to_user(void __user *data, struct ip_tunnel_parm_kern *kp)
1031 {
1032 struct ip_tunnel_parm p;
1033
1034 if (!ip_tunnel_flags_is_be16_compat(kp->i_flags) ||
1035 !ip_tunnel_flags_is_be16_compat(kp->o_flags))
1036 return false;
1037
1038 memset(&p, 0, sizeof(p));
1039
1040 strscpy(p.name, kp->name);
1041 p.link = kp->link;
1042 p.i_flags = ip_tunnel_flags_to_be16(kp->i_flags);
1043 p.o_flags = ip_tunnel_flags_to_be16(kp->o_flags);
1044 p.i_key = kp->i_key;
1045 p.o_key = kp->o_key;
1046 memcpy(&p.iph, &kp->iph, min(sizeof(p.iph), sizeof(kp->iph)));
1047
1048 return !copy_to_user(data, &p, sizeof(p));
1049 }
1050 EXPORT_SYMBOL_GPL(ip_tunnel_parm_to_user);
1051
ip_tunnel_siocdevprivate(struct net_device * dev,struct ifreq * ifr,void __user * data,int cmd)1052 int ip_tunnel_siocdevprivate(struct net_device *dev, struct ifreq *ifr,
1053 void __user *data, int cmd)
1054 {
1055 struct ip_tunnel_parm_kern p;
1056 int err;
1057
1058 if (!ip_tunnel_parm_from_user(&p, data))
1059 return -EFAULT;
1060 err = dev->netdev_ops->ndo_tunnel_ctl(dev, &p, cmd);
1061 if (!err && !ip_tunnel_parm_to_user(data, &p))
1062 return -EFAULT;
1063 return err;
1064 }
1065 EXPORT_SYMBOL_GPL(ip_tunnel_siocdevprivate);
1066
__ip_tunnel_change_mtu(struct net_device * dev,int new_mtu,bool strict)1067 int __ip_tunnel_change_mtu(struct net_device *dev, int new_mtu, bool strict)
1068 {
1069 struct ip_tunnel *tunnel = netdev_priv(dev);
1070 int t_hlen = tunnel->hlen + sizeof(struct iphdr);
1071 int max_mtu = IP_MAX_MTU - t_hlen;
1072
1073 if (dev->type == ARPHRD_ETHER)
1074 max_mtu -= dev->hard_header_len;
1075
1076 if (new_mtu < ETH_MIN_MTU)
1077 return -EINVAL;
1078
1079 if (new_mtu > max_mtu) {
1080 if (strict)
1081 return -EINVAL;
1082
1083 new_mtu = max_mtu;
1084 }
1085
1086 WRITE_ONCE(dev->mtu, new_mtu);
1087 return 0;
1088 }
1089 EXPORT_SYMBOL_GPL(__ip_tunnel_change_mtu);
1090
ip_tunnel_change_mtu(struct net_device * dev,int new_mtu)1091 int ip_tunnel_change_mtu(struct net_device *dev, int new_mtu)
1092 {
1093 return __ip_tunnel_change_mtu(dev, new_mtu, true);
1094 }
1095 EXPORT_SYMBOL_GPL(ip_tunnel_change_mtu);
1096
ip_tunnel_dev_free(struct net_device * dev)1097 static void ip_tunnel_dev_free(struct net_device *dev)
1098 {
1099 struct ip_tunnel *tunnel = netdev_priv(dev);
1100
1101 gro_cells_destroy(&tunnel->gro_cells);
1102 dst_cache_destroy(&tunnel->dst_cache);
1103 }
1104
ip_tunnel_dellink(struct net_device * dev,struct list_head * head)1105 void ip_tunnel_dellink(struct net_device *dev, struct list_head *head)
1106 {
1107 struct ip_tunnel *tunnel = netdev_priv(dev);
1108 struct ip_tunnel_net *itn;
1109
1110 itn = net_generic(tunnel->net, tunnel->ip_tnl_net_id);
1111
1112 if (itn->fb_tunnel_dev != dev) {
1113 ip_tunnel_del(itn, netdev_priv(dev));
1114 unregister_netdevice_queue(dev, head);
1115 }
1116 }
1117 EXPORT_SYMBOL_GPL(ip_tunnel_dellink);
1118
ip_tunnel_get_link_net(const struct net_device * dev)1119 struct net *ip_tunnel_get_link_net(const struct net_device *dev)
1120 {
1121 struct ip_tunnel *tunnel = netdev_priv(dev);
1122
1123 return READ_ONCE(tunnel->net);
1124 }
1125 EXPORT_SYMBOL(ip_tunnel_get_link_net);
1126
ip_tunnel_get_iflink(const struct net_device * dev)1127 int ip_tunnel_get_iflink(const struct net_device *dev)
1128 {
1129 const struct ip_tunnel *tunnel = netdev_priv(dev);
1130
1131 return READ_ONCE(tunnel->parms.link);
1132 }
1133 EXPORT_SYMBOL(ip_tunnel_get_iflink);
1134
ip_tunnel_init_net(struct net * net,unsigned int ip_tnl_net_id,struct rtnl_link_ops * ops,char * devname)1135 int ip_tunnel_init_net(struct net *net, unsigned int ip_tnl_net_id,
1136 struct rtnl_link_ops *ops, char *devname)
1137 {
1138 struct ip_tunnel_net *itn = net_generic(net, ip_tnl_net_id);
1139 struct ip_tunnel_parm_kern parms;
1140 unsigned int i;
1141
1142 itn->rtnl_link_ops = ops;
1143 for (i = 0; i < IP_TNL_HASH_SIZE; i++)
1144 INIT_HLIST_HEAD(&itn->tunnels[i]);
1145
1146 if (!ops || !net_has_fallback_tunnels(net)) {
1147 struct ip_tunnel_net *it_init_net;
1148
1149 it_init_net = net_generic(&init_net, ip_tnl_net_id);
1150 itn->type = it_init_net->type;
1151 itn->fb_tunnel_dev = NULL;
1152 return 0;
1153 }
1154
1155 memset(&parms, 0, sizeof(parms));
1156 if (devname)
1157 strscpy(parms.name, devname, IFNAMSIZ);
1158
1159 rtnl_lock();
1160 itn->fb_tunnel_dev = __ip_tunnel_create(net, ops, &parms);
1161 /* FB netdevice is special: we have one, and only one per netns.
1162 * Allowing to move it to another netns is clearly unsafe.
1163 */
1164 if (!IS_ERR(itn->fb_tunnel_dev)) {
1165 itn->fb_tunnel_dev->netns_local = true;
1166 itn->fb_tunnel_dev->mtu = ip_tunnel_bind_dev(itn->fb_tunnel_dev);
1167 ip_tunnel_add(itn, netdev_priv(itn->fb_tunnel_dev));
1168 itn->type = itn->fb_tunnel_dev->type;
1169 }
1170 rtnl_unlock();
1171
1172 return PTR_ERR_OR_ZERO(itn->fb_tunnel_dev);
1173 }
1174 EXPORT_SYMBOL_GPL(ip_tunnel_init_net);
1175
ip_tunnel_destroy(struct net * net,struct ip_tunnel_net * itn,struct list_head * head,struct rtnl_link_ops * ops)1176 static void ip_tunnel_destroy(struct net *net, struct ip_tunnel_net *itn,
1177 struct list_head *head,
1178 struct rtnl_link_ops *ops)
1179 {
1180 struct net_device *dev, *aux;
1181 int h;
1182
1183 for_each_netdev_safe(net, dev, aux)
1184 if (dev->rtnl_link_ops == ops)
1185 unregister_netdevice_queue(dev, head);
1186
1187 for (h = 0; h < IP_TNL_HASH_SIZE; h++) {
1188 struct ip_tunnel *t;
1189 struct hlist_node *n;
1190 struct hlist_head *thead = &itn->tunnels[h];
1191
1192 hlist_for_each_entry_safe(t, n, thead, hash_node)
1193 /* If dev is in the same netns, it has already
1194 * been added to the list by the previous loop.
1195 */
1196 if (!net_eq(dev_net(t->dev), net))
1197 unregister_netdevice_queue(t->dev, head);
1198 }
1199 }
1200
ip_tunnel_delete_nets(struct list_head * net_list,unsigned int id,struct rtnl_link_ops * ops,struct list_head * dev_to_kill)1201 void ip_tunnel_delete_nets(struct list_head *net_list, unsigned int id,
1202 struct rtnl_link_ops *ops,
1203 struct list_head *dev_to_kill)
1204 {
1205 struct ip_tunnel_net *itn;
1206 struct net *net;
1207
1208 ASSERT_RTNL();
1209 list_for_each_entry(net, net_list, exit_list) {
1210 itn = net_generic(net, id);
1211 ip_tunnel_destroy(net, itn, dev_to_kill, ops);
1212 }
1213 }
1214 EXPORT_SYMBOL_GPL(ip_tunnel_delete_nets);
1215
ip_tunnel_newlink(struct net_device * dev,struct nlattr * tb[],struct ip_tunnel_parm_kern * p,__u32 fwmark)1216 int ip_tunnel_newlink(struct net_device *dev, struct nlattr *tb[],
1217 struct ip_tunnel_parm_kern *p, __u32 fwmark)
1218 {
1219 struct ip_tunnel *nt;
1220 struct net *net = dev_net(dev);
1221 struct ip_tunnel_net *itn;
1222 int mtu;
1223 int err;
1224
1225 nt = netdev_priv(dev);
1226 itn = net_generic(net, nt->ip_tnl_net_id);
1227
1228 if (nt->collect_md) {
1229 if (rtnl_dereference(itn->collect_md_tun))
1230 return -EEXIST;
1231 } else {
1232 if (ip_tunnel_find(itn, p, dev->type))
1233 return -EEXIST;
1234 }
1235
1236 nt->net = net;
1237 nt->parms = *p;
1238 nt->fwmark = fwmark;
1239 err = register_netdevice(dev);
1240 if (err)
1241 goto err_register_netdevice;
1242
1243 if (dev->type == ARPHRD_ETHER && !tb[IFLA_ADDRESS])
1244 eth_hw_addr_random(dev);
1245
1246 mtu = ip_tunnel_bind_dev(dev);
1247 if (tb[IFLA_MTU]) {
1248 unsigned int max = IP_MAX_MTU - (nt->hlen + sizeof(struct iphdr));
1249
1250 if (dev->type == ARPHRD_ETHER)
1251 max -= dev->hard_header_len;
1252
1253 mtu = clamp(dev->mtu, (unsigned int)ETH_MIN_MTU, max);
1254 }
1255
1256 err = dev_set_mtu(dev, mtu);
1257 if (err)
1258 goto err_dev_set_mtu;
1259
1260 ip_tunnel_add(itn, nt);
1261 return 0;
1262
1263 err_dev_set_mtu:
1264 unregister_netdevice(dev);
1265 err_register_netdevice:
1266 return err;
1267 }
1268 EXPORT_SYMBOL_GPL(ip_tunnel_newlink);
1269
ip_tunnel_changelink(struct net_device * dev,struct nlattr * tb[],struct ip_tunnel_parm_kern * p,__u32 fwmark)1270 int ip_tunnel_changelink(struct net_device *dev, struct nlattr *tb[],
1271 struct ip_tunnel_parm_kern *p, __u32 fwmark)
1272 {
1273 struct ip_tunnel *t;
1274 struct ip_tunnel *tunnel = netdev_priv(dev);
1275 struct net *net = tunnel->net;
1276 struct ip_tunnel_net *itn = net_generic(net, tunnel->ip_tnl_net_id);
1277
1278 if (dev == itn->fb_tunnel_dev)
1279 return -EINVAL;
1280
1281 t = ip_tunnel_find(itn, p, dev->type);
1282
1283 if (t) {
1284 if (t->dev != dev)
1285 return -EEXIST;
1286 } else {
1287 t = tunnel;
1288
1289 if (dev->type != ARPHRD_ETHER) {
1290 unsigned int nflags = 0;
1291
1292 if (ipv4_is_multicast(p->iph.daddr))
1293 nflags = IFF_BROADCAST;
1294 else if (p->iph.daddr)
1295 nflags = IFF_POINTOPOINT;
1296
1297 if ((dev->flags ^ nflags) &
1298 (IFF_POINTOPOINT | IFF_BROADCAST))
1299 return -EINVAL;
1300 }
1301 }
1302
1303 ip_tunnel_update(itn, t, dev, p, !tb[IFLA_MTU], fwmark);
1304 return 0;
1305 }
1306 EXPORT_SYMBOL_GPL(ip_tunnel_changelink);
1307
ip_tunnel_init(struct net_device * dev)1308 int ip_tunnel_init(struct net_device *dev)
1309 {
1310 struct ip_tunnel *tunnel = netdev_priv(dev);
1311 struct iphdr *iph = &tunnel->parms.iph;
1312 int err;
1313
1314 dev->needs_free_netdev = true;
1315 dev->priv_destructor = ip_tunnel_dev_free;
1316 dev->pcpu_stat_type = NETDEV_PCPU_STAT_TSTATS;
1317
1318 err = dst_cache_init(&tunnel->dst_cache, GFP_KERNEL);
1319 if (err)
1320 return err;
1321
1322 err = gro_cells_init(&tunnel->gro_cells, dev);
1323 if (err) {
1324 dst_cache_destroy(&tunnel->dst_cache);
1325 return err;
1326 }
1327
1328 tunnel->dev = dev;
1329 tunnel->net = dev_net(dev);
1330 strscpy(tunnel->parms.name, dev->name);
1331 iph->version = 4;
1332 iph->ihl = 5;
1333
1334 if (tunnel->collect_md)
1335 netif_keep_dst(dev);
1336 netdev_lockdep_set_classes(dev);
1337 return 0;
1338 }
1339 EXPORT_SYMBOL_GPL(ip_tunnel_init);
1340
ip_tunnel_uninit(struct net_device * dev)1341 void ip_tunnel_uninit(struct net_device *dev)
1342 {
1343 struct ip_tunnel *tunnel = netdev_priv(dev);
1344 struct net *net = tunnel->net;
1345 struct ip_tunnel_net *itn;
1346
1347 itn = net_generic(net, tunnel->ip_tnl_net_id);
1348 ip_tunnel_del(itn, netdev_priv(dev));
1349 if (itn->fb_tunnel_dev == dev)
1350 WRITE_ONCE(itn->fb_tunnel_dev, NULL);
1351
1352 dst_cache_reset(&tunnel->dst_cache);
1353 }
1354 EXPORT_SYMBOL_GPL(ip_tunnel_uninit);
1355
1356 /* Do least required initialization, rest of init is done in tunnel_init call */
ip_tunnel_setup(struct net_device * dev,unsigned int net_id)1357 void ip_tunnel_setup(struct net_device *dev, unsigned int net_id)
1358 {
1359 struct ip_tunnel *tunnel = netdev_priv(dev);
1360 tunnel->ip_tnl_net_id = net_id;
1361 }
1362 EXPORT_SYMBOL_GPL(ip_tunnel_setup);
1363
1364 MODULE_DESCRIPTION("IPv4 tunnel implementation library");
1365 MODULE_LICENSE("GPL");
1366