11da177e4SLinus Torvalds /* 21da177e4SLinus Torvalds * Linux NET3: GRE over IP protocol decoder. 31da177e4SLinus Torvalds * 41da177e4SLinus Torvalds * Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru) 51da177e4SLinus Torvalds * 61da177e4SLinus Torvalds * This program is free software; you can redistribute it and/or 71da177e4SLinus Torvalds * modify it under the terms of the GNU General Public License 81da177e4SLinus Torvalds * as published by the Free Software Foundation; either version 91da177e4SLinus Torvalds * 2 of the License, or (at your option) any later version. 101da177e4SLinus Torvalds * 111da177e4SLinus Torvalds */ 121da177e4SLinus Torvalds 134fc268d2SRandy Dunlap #include <linux/capability.h> 141da177e4SLinus Torvalds #include <linux/module.h> 151da177e4SLinus Torvalds #include <linux/types.h> 161da177e4SLinus Torvalds #include <linux/kernel.h> 171da177e4SLinus Torvalds #include <asm/uaccess.h> 181da177e4SLinus Torvalds #include <linux/skbuff.h> 191da177e4SLinus Torvalds #include <linux/netdevice.h> 201da177e4SLinus Torvalds #include <linux/in.h> 211da177e4SLinus Torvalds #include <linux/tcp.h> 221da177e4SLinus Torvalds #include <linux/udp.h> 231da177e4SLinus Torvalds #include <linux/if_arp.h> 241da177e4SLinus Torvalds #include <linux/mroute.h> 251da177e4SLinus Torvalds #include <linux/init.h> 261da177e4SLinus Torvalds #include <linux/in6.h> 271da177e4SLinus Torvalds #include <linux/inetdevice.h> 281da177e4SLinus Torvalds #include <linux/igmp.h> 291da177e4SLinus Torvalds #include <linux/netfilter_ipv4.h> 3046f25dffSKris Katterjohn #include <linux/if_ether.h> 311da177e4SLinus Torvalds 321da177e4SLinus Torvalds #include <net/sock.h> 331da177e4SLinus Torvalds #include <net/ip.h> 341da177e4SLinus Torvalds #include <net/icmp.h> 351da177e4SLinus Torvalds #include <net/protocol.h> 361da177e4SLinus Torvalds #include <net/ipip.h> 371da177e4SLinus Torvalds #include <net/arp.h> 381da177e4SLinus Torvalds #include <net/checksum.h> 391da177e4SLinus Torvalds #include <net/dsfield.h> 401da177e4SLinus Torvalds #include <net/inet_ecn.h> 411da177e4SLinus Torvalds #include <net/xfrm.h> 4259a4c759SPavel Emelyanov #include <net/net_namespace.h> 4359a4c759SPavel Emelyanov #include <net/netns/generic.h> 441da177e4SLinus Torvalds 451da177e4SLinus Torvalds #ifdef CONFIG_IPV6 461da177e4SLinus Torvalds #include <net/ipv6.h> 471da177e4SLinus Torvalds #include <net/ip6_fib.h> 481da177e4SLinus Torvalds #include <net/ip6_route.h> 491da177e4SLinus Torvalds #endif 501da177e4SLinus Torvalds 511da177e4SLinus Torvalds /* 521da177e4SLinus Torvalds Problems & solutions 531da177e4SLinus Torvalds -------------------- 541da177e4SLinus Torvalds 551da177e4SLinus Torvalds 1. The most important issue is detecting local dead loops. 561da177e4SLinus Torvalds They would cause complete host lockup in transmit, which 571da177e4SLinus Torvalds would be "resolved" by stack overflow or, if queueing is enabled, 581da177e4SLinus Torvalds with infinite looping in net_bh. 591da177e4SLinus Torvalds 601da177e4SLinus Torvalds We cannot track such dead loops during route installation, 611da177e4SLinus Torvalds it is infeasible task. The most general solutions would be 621da177e4SLinus Torvalds to keep skb->encapsulation counter (sort of local ttl), 631da177e4SLinus Torvalds and silently drop packet when it expires. It is the best 641da177e4SLinus Torvalds solution, but it supposes maintaing new variable in ALL 651da177e4SLinus Torvalds skb, even if no tunneling is used. 661da177e4SLinus Torvalds 671da177e4SLinus Torvalds Current solution: t->recursion lock breaks dead loops. It looks 681da177e4SLinus Torvalds like dev->tbusy flag, but I preferred new variable, because 691da177e4SLinus Torvalds the semantics is different. One day, when hard_start_xmit 701da177e4SLinus Torvalds will be multithreaded we will have to use skb->encapsulation. 711da177e4SLinus Torvalds 721da177e4SLinus Torvalds 731da177e4SLinus Torvalds 741da177e4SLinus Torvalds 2. Networking dead loops would not kill routers, but would really 751da177e4SLinus Torvalds kill network. IP hop limit plays role of "t->recursion" in this case, 761da177e4SLinus Torvalds if we copy it from packet being encapsulated to upper header. 771da177e4SLinus Torvalds It is very good solution, but it introduces two problems: 781da177e4SLinus Torvalds 791da177e4SLinus Torvalds - Routing protocols, using packets with ttl=1 (OSPF, RIP2), 801da177e4SLinus Torvalds do not work over tunnels. 811da177e4SLinus Torvalds - traceroute does not work. I planned to relay ICMP from tunnel, 821da177e4SLinus Torvalds so that this problem would be solved and traceroute output 831da177e4SLinus Torvalds would even more informative. This idea appeared to be wrong: 841da177e4SLinus Torvalds only Linux complies to rfc1812 now (yes, guys, Linux is the only 851da177e4SLinus Torvalds true router now :-)), all routers (at least, in neighbourhood of mine) 861da177e4SLinus Torvalds return only 8 bytes of payload. It is the end. 871da177e4SLinus Torvalds 881da177e4SLinus Torvalds Hence, if we want that OSPF worked or traceroute said something reasonable, 891da177e4SLinus Torvalds we should search for another solution. 901da177e4SLinus Torvalds 911da177e4SLinus Torvalds One of them is to parse packet trying to detect inner encapsulation 921da177e4SLinus Torvalds made by our node. It is difficult or even impossible, especially, 931da177e4SLinus Torvalds taking into account fragmentation. TO be short, tt is not solution at all. 941da177e4SLinus Torvalds 951da177e4SLinus Torvalds Current solution: The solution was UNEXPECTEDLY SIMPLE. 961da177e4SLinus Torvalds We force DF flag on tunnels with preconfigured hop limit, 971da177e4SLinus Torvalds that is ALL. :-) Well, it does not remove the problem completely, 981da177e4SLinus Torvalds but exponential growth of network traffic is changed to linear 991da177e4SLinus Torvalds (branches, that exceed pmtu are pruned) and tunnel mtu 1001da177e4SLinus Torvalds fastly degrades to value <68, where looping stops. 1011da177e4SLinus Torvalds Yes, it is not good if there exists a router in the loop, 1021da177e4SLinus Torvalds which does not force DF, even when encapsulating packets have DF set. 1031da177e4SLinus Torvalds But it is not our problem! Nobody could accuse us, we made 1041da177e4SLinus Torvalds all that we could make. Even if it is your gated who injected 1051da177e4SLinus Torvalds fatal route to network, even if it were you who configured 1061da177e4SLinus Torvalds fatal static route: you are innocent. :-) 1071da177e4SLinus Torvalds 1081da177e4SLinus Torvalds 1091da177e4SLinus Torvalds 1101da177e4SLinus Torvalds 3. Really, ipv4/ipip.c, ipv4/ip_gre.c and ipv6/sit.c contain 1111da177e4SLinus Torvalds practically identical code. It would be good to glue them 1121da177e4SLinus Torvalds together, but it is not very evident, how to make them modular. 1131da177e4SLinus Torvalds sit is integral part of IPv6, ipip and gre are naturally modular. 1141da177e4SLinus Torvalds We could extract common parts (hash table, ioctl etc) 1151da177e4SLinus Torvalds to a separate module (ip_tunnel.c). 1161da177e4SLinus Torvalds 1171da177e4SLinus Torvalds Alexey Kuznetsov. 1181da177e4SLinus Torvalds */ 1191da177e4SLinus Torvalds 1201da177e4SLinus Torvalds static int ipgre_tunnel_init(struct net_device *dev); 1211da177e4SLinus Torvalds static void ipgre_tunnel_setup(struct net_device *dev); 1221da177e4SLinus Torvalds 1231da177e4SLinus Torvalds /* Fallback tunnel: no source, no destination, no key, no options */ 1241da177e4SLinus Torvalds 1251da177e4SLinus Torvalds static int ipgre_fb_tunnel_init(struct net_device *dev); 1261da177e4SLinus Torvalds 12759a4c759SPavel Emelyanov static int ipgre_net_id; 12859a4c759SPavel Emelyanov struct ipgre_net { 129*7daa0004SPavel Emelyanov struct net_device *fb_tunnel_dev; 13059a4c759SPavel Emelyanov }; 13159a4c759SPavel Emelyanov 1321da177e4SLinus Torvalds /* Tunnel hash table */ 1331da177e4SLinus Torvalds 1341da177e4SLinus Torvalds /* 1351da177e4SLinus Torvalds 4 hash tables: 1361da177e4SLinus Torvalds 1371da177e4SLinus Torvalds 3: (remote,local) 1381da177e4SLinus Torvalds 2: (remote,*) 1391da177e4SLinus Torvalds 1: (*,local) 1401da177e4SLinus Torvalds 0: (*,*) 1411da177e4SLinus Torvalds 1421da177e4SLinus Torvalds We require exact key match i.e. if a key is present in packet 1431da177e4SLinus Torvalds it will match only tunnel with the same key; if it is not present, 1441da177e4SLinus Torvalds it will match only keyless tunnel. 1451da177e4SLinus Torvalds 1461da177e4SLinus Torvalds All keysless packets, if not matched configured keyless tunnels 1471da177e4SLinus Torvalds will match fallback tunnel. 1481da177e4SLinus Torvalds */ 1491da177e4SLinus Torvalds 1501da177e4SLinus Torvalds #define HASH_SIZE 16 151d5a0a1e3SAl Viro #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF) 1521da177e4SLinus Torvalds 1531da177e4SLinus Torvalds static struct ip_tunnel *tunnels[4][HASH_SIZE]; 1541da177e4SLinus Torvalds 1551da177e4SLinus Torvalds #define tunnels_r_l (tunnels[3]) 1561da177e4SLinus Torvalds #define tunnels_r (tunnels[2]) 1571da177e4SLinus Torvalds #define tunnels_l (tunnels[1]) 1581da177e4SLinus Torvalds #define tunnels_wc (tunnels[0]) 1591da177e4SLinus Torvalds 1601da177e4SLinus Torvalds static DEFINE_RWLOCK(ipgre_lock); 1611da177e4SLinus Torvalds 1621da177e4SLinus Torvalds /* Given src, dst and key, find appropriate for input tunnel. */ 1631da177e4SLinus Torvalds 164f57e7d5aSPavel Emelyanov static struct ip_tunnel * ipgre_tunnel_lookup(struct net *net, 165f57e7d5aSPavel Emelyanov __be32 remote, __be32 local, __be32 key) 1661da177e4SLinus Torvalds { 1671da177e4SLinus Torvalds unsigned h0 = HASH(remote); 1681da177e4SLinus Torvalds unsigned h1 = HASH(key); 1691da177e4SLinus Torvalds struct ip_tunnel *t; 170*7daa0004SPavel Emelyanov struct ipgre_net *ign = net_generic(net, ipgre_net_id); 1711da177e4SLinus Torvalds 1721da177e4SLinus Torvalds for (t = tunnels_r_l[h0^h1]; t; t = t->next) { 1731da177e4SLinus Torvalds if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) { 1741da177e4SLinus Torvalds if (t->parms.i_key == key && (t->dev->flags&IFF_UP)) 1751da177e4SLinus Torvalds return t; 1761da177e4SLinus Torvalds } 1771da177e4SLinus Torvalds } 1781da177e4SLinus Torvalds for (t = tunnels_r[h0^h1]; t; t = t->next) { 1791da177e4SLinus Torvalds if (remote == t->parms.iph.daddr) { 1801da177e4SLinus Torvalds if (t->parms.i_key == key && (t->dev->flags&IFF_UP)) 1811da177e4SLinus Torvalds return t; 1821da177e4SLinus Torvalds } 1831da177e4SLinus Torvalds } 1841da177e4SLinus Torvalds for (t = tunnels_l[h1]; t; t = t->next) { 1851da177e4SLinus Torvalds if (local == t->parms.iph.saddr || 186f97c1e0cSJoe Perches (local == t->parms.iph.daddr && 187f97c1e0cSJoe Perches ipv4_is_multicast(local))) { 1881da177e4SLinus Torvalds if (t->parms.i_key == key && (t->dev->flags&IFF_UP)) 1891da177e4SLinus Torvalds return t; 1901da177e4SLinus Torvalds } 1911da177e4SLinus Torvalds } 1921da177e4SLinus Torvalds for (t = tunnels_wc[h1]; t; t = t->next) { 1931da177e4SLinus Torvalds if (t->parms.i_key == key && (t->dev->flags&IFF_UP)) 1941da177e4SLinus Torvalds return t; 1951da177e4SLinus Torvalds } 1961da177e4SLinus Torvalds 197*7daa0004SPavel Emelyanov if (ign->fb_tunnel_dev->flags&IFF_UP) 198*7daa0004SPavel Emelyanov return netdev_priv(ign->fb_tunnel_dev); 1991da177e4SLinus Torvalds return NULL; 2001da177e4SLinus Torvalds } 2011da177e4SLinus Torvalds 202f57e7d5aSPavel Emelyanov static struct ip_tunnel **__ipgre_bucket(struct ipgre_net *ign, 203f57e7d5aSPavel Emelyanov struct ip_tunnel_parm *parms) 2041da177e4SLinus Torvalds { 2055056a1efSYOSHIFUJI Hideaki __be32 remote = parms->iph.daddr; 2065056a1efSYOSHIFUJI Hideaki __be32 local = parms->iph.saddr; 2075056a1efSYOSHIFUJI Hideaki __be32 key = parms->i_key; 2081da177e4SLinus Torvalds unsigned h = HASH(key); 2091da177e4SLinus Torvalds int prio = 0; 2101da177e4SLinus Torvalds 2111da177e4SLinus Torvalds if (local) 2121da177e4SLinus Torvalds prio |= 1; 213f97c1e0cSJoe Perches if (remote && !ipv4_is_multicast(remote)) { 2141da177e4SLinus Torvalds prio |= 2; 2151da177e4SLinus Torvalds h ^= HASH(remote); 2161da177e4SLinus Torvalds } 2171da177e4SLinus Torvalds 2181da177e4SLinus Torvalds return &tunnels[prio][h]; 2191da177e4SLinus Torvalds } 2201da177e4SLinus Torvalds 221f57e7d5aSPavel Emelyanov static inline struct ip_tunnel **ipgre_bucket(struct ipgre_net *ign, 222f57e7d5aSPavel Emelyanov struct ip_tunnel *t) 2235056a1efSYOSHIFUJI Hideaki { 224f57e7d5aSPavel Emelyanov return __ipgre_bucket(ign, &t->parms); 2255056a1efSYOSHIFUJI Hideaki } 2265056a1efSYOSHIFUJI Hideaki 227f57e7d5aSPavel Emelyanov static void ipgre_tunnel_link(struct ipgre_net *ign, struct ip_tunnel *t) 2281da177e4SLinus Torvalds { 229f57e7d5aSPavel Emelyanov struct ip_tunnel **tp = ipgre_bucket(ign, t); 2301da177e4SLinus Torvalds 2311da177e4SLinus Torvalds t->next = *tp; 2321da177e4SLinus Torvalds write_lock_bh(&ipgre_lock); 2331da177e4SLinus Torvalds *tp = t; 2341da177e4SLinus Torvalds write_unlock_bh(&ipgre_lock); 2351da177e4SLinus Torvalds } 2361da177e4SLinus Torvalds 237f57e7d5aSPavel Emelyanov static void ipgre_tunnel_unlink(struct ipgre_net *ign, struct ip_tunnel *t) 2381da177e4SLinus Torvalds { 2391da177e4SLinus Torvalds struct ip_tunnel **tp; 2401da177e4SLinus Torvalds 241f57e7d5aSPavel Emelyanov for (tp = ipgre_bucket(ign, t); *tp; tp = &(*tp)->next) { 2421da177e4SLinus Torvalds if (t == *tp) { 2431da177e4SLinus Torvalds write_lock_bh(&ipgre_lock); 2441da177e4SLinus Torvalds *tp = t->next; 2451da177e4SLinus Torvalds write_unlock_bh(&ipgre_lock); 2461da177e4SLinus Torvalds break; 2471da177e4SLinus Torvalds } 2481da177e4SLinus Torvalds } 2491da177e4SLinus Torvalds } 2501da177e4SLinus Torvalds 251f57e7d5aSPavel Emelyanov static struct ip_tunnel * ipgre_tunnel_locate(struct net *net, 252f57e7d5aSPavel Emelyanov struct ip_tunnel_parm *parms, int create) 2531da177e4SLinus Torvalds { 254d5a0a1e3SAl Viro __be32 remote = parms->iph.daddr; 255d5a0a1e3SAl Viro __be32 local = parms->iph.saddr; 256d5a0a1e3SAl Viro __be32 key = parms->i_key; 2571da177e4SLinus Torvalds struct ip_tunnel *t, **tp, *nt; 2581da177e4SLinus Torvalds struct net_device *dev; 2591da177e4SLinus Torvalds char name[IFNAMSIZ]; 260f57e7d5aSPavel Emelyanov struct ipgre_net *ign = net_generic(net, ipgre_net_id); 2611da177e4SLinus Torvalds 262f57e7d5aSPavel Emelyanov for (tp = __ipgre_bucket(ign, parms); (t = *tp) != NULL; tp = &t->next) { 2631da177e4SLinus Torvalds if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) { 2641da177e4SLinus Torvalds if (key == t->parms.i_key) 2651da177e4SLinus Torvalds return t; 2661da177e4SLinus Torvalds } 2671da177e4SLinus Torvalds } 2681da177e4SLinus Torvalds if (!create) 2691da177e4SLinus Torvalds return NULL; 2701da177e4SLinus Torvalds 2711da177e4SLinus Torvalds if (parms->name[0]) 2721da177e4SLinus Torvalds strlcpy(name, parms->name, IFNAMSIZ); 27334cc7ba6SPavel Emelyanov else 27434cc7ba6SPavel Emelyanov sprintf(name, "gre%%d"); 2751da177e4SLinus Torvalds 2761da177e4SLinus Torvalds dev = alloc_netdev(sizeof(*t), name, ipgre_tunnel_setup); 2771da177e4SLinus Torvalds if (!dev) 2781da177e4SLinus Torvalds return NULL; 2791da177e4SLinus Torvalds 280b37d428bSPavel Emelyanov if (strchr(name, '%')) { 281b37d428bSPavel Emelyanov if (dev_alloc_name(dev, name) < 0) 282b37d428bSPavel Emelyanov goto failed_free; 283b37d428bSPavel Emelyanov } 284b37d428bSPavel Emelyanov 2851da177e4SLinus Torvalds dev->init = ipgre_tunnel_init; 2862941a486SPatrick McHardy nt = netdev_priv(dev); 2871da177e4SLinus Torvalds nt->parms = *parms; 2881da177e4SLinus Torvalds 289b37d428bSPavel Emelyanov if (register_netdevice(dev) < 0) 290b37d428bSPavel Emelyanov goto failed_free; 2911da177e4SLinus Torvalds 2921da177e4SLinus Torvalds dev_hold(dev); 293f57e7d5aSPavel Emelyanov ipgre_tunnel_link(ign, nt); 2941da177e4SLinus Torvalds return nt; 2951da177e4SLinus Torvalds 296b37d428bSPavel Emelyanov failed_free: 297b37d428bSPavel Emelyanov free_netdev(dev); 2981da177e4SLinus Torvalds return NULL; 2991da177e4SLinus Torvalds } 3001da177e4SLinus Torvalds 3011da177e4SLinus Torvalds static void ipgre_tunnel_uninit(struct net_device *dev) 3021da177e4SLinus Torvalds { 303f57e7d5aSPavel Emelyanov struct net *net = dev_net(dev); 304f57e7d5aSPavel Emelyanov struct ipgre_net *ign = net_generic(net, ipgre_net_id); 305f57e7d5aSPavel Emelyanov 306f57e7d5aSPavel Emelyanov ipgre_tunnel_unlink(ign, netdev_priv(dev)); 3071da177e4SLinus Torvalds dev_put(dev); 3081da177e4SLinus Torvalds } 3091da177e4SLinus Torvalds 3101da177e4SLinus Torvalds 3111da177e4SLinus Torvalds static void ipgre_err(struct sk_buff *skb, u32 info) 3121da177e4SLinus Torvalds { 3131da177e4SLinus Torvalds #ifndef I_WISH_WORLD_WERE_PERFECT 3141da177e4SLinus Torvalds 3151da177e4SLinus Torvalds /* It is not :-( All the routers (except for Linux) return only 3161da177e4SLinus Torvalds 8 bytes of packet payload. It means, that precise relaying of 3171da177e4SLinus Torvalds ICMP in the real Internet is absolutely infeasible. 3181da177e4SLinus Torvalds 3191da177e4SLinus Torvalds Moreover, Cisco "wise men" put GRE key to the third word 3201da177e4SLinus Torvalds in GRE header. It makes impossible maintaining even soft state for keyed 3211da177e4SLinus Torvalds GRE tunnels with enabled checksum. Tell them "thank you". 3221da177e4SLinus Torvalds 3231da177e4SLinus Torvalds Well, I wonder, rfc1812 was written by Cisco employee, 3241da177e4SLinus Torvalds what the hell these idiots break standrads established 3251da177e4SLinus Torvalds by themself??? 3261da177e4SLinus Torvalds */ 3271da177e4SLinus Torvalds 3281da177e4SLinus Torvalds struct iphdr *iph = (struct iphdr*)skb->data; 329d5a0a1e3SAl Viro __be16 *p = (__be16*)(skb->data+(iph->ihl<<2)); 3301da177e4SLinus Torvalds int grehlen = (iph->ihl<<2) + 4; 33188c7664fSArnaldo Carvalho de Melo const int type = icmp_hdr(skb)->type; 33288c7664fSArnaldo Carvalho de Melo const int code = icmp_hdr(skb)->code; 3331da177e4SLinus Torvalds struct ip_tunnel *t; 334d5a0a1e3SAl Viro __be16 flags; 3351da177e4SLinus Torvalds 3361da177e4SLinus Torvalds flags = p[0]; 3371da177e4SLinus Torvalds if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) { 3381da177e4SLinus Torvalds if (flags&(GRE_VERSION|GRE_ROUTING)) 3391da177e4SLinus Torvalds return; 3401da177e4SLinus Torvalds if (flags&GRE_KEY) { 3411da177e4SLinus Torvalds grehlen += 4; 3421da177e4SLinus Torvalds if (flags&GRE_CSUM) 3431da177e4SLinus Torvalds grehlen += 4; 3441da177e4SLinus Torvalds } 3451da177e4SLinus Torvalds } 3461da177e4SLinus Torvalds 3471da177e4SLinus Torvalds /* If only 8 bytes returned, keyed message will be dropped here */ 3481da177e4SLinus Torvalds if (skb_headlen(skb) < grehlen) 3491da177e4SLinus Torvalds return; 3501da177e4SLinus Torvalds 3511da177e4SLinus Torvalds switch (type) { 3521da177e4SLinus Torvalds default: 3531da177e4SLinus Torvalds case ICMP_PARAMETERPROB: 3541da177e4SLinus Torvalds return; 3551da177e4SLinus Torvalds 3561da177e4SLinus Torvalds case ICMP_DEST_UNREACH: 3571da177e4SLinus Torvalds switch (code) { 3581da177e4SLinus Torvalds case ICMP_SR_FAILED: 3591da177e4SLinus Torvalds case ICMP_PORT_UNREACH: 3601da177e4SLinus Torvalds /* Impossible event. */ 3611da177e4SLinus Torvalds return; 3621da177e4SLinus Torvalds case ICMP_FRAG_NEEDED: 3631da177e4SLinus Torvalds /* Soft state for pmtu is maintained by IP core. */ 3641da177e4SLinus Torvalds return; 3651da177e4SLinus Torvalds default: 3661da177e4SLinus Torvalds /* All others are translated to HOST_UNREACH. 3671da177e4SLinus Torvalds rfc2003 contains "deep thoughts" about NET_UNREACH, 3681da177e4SLinus Torvalds I believe they are just ether pollution. --ANK 3691da177e4SLinus Torvalds */ 3701da177e4SLinus Torvalds break; 3711da177e4SLinus Torvalds } 3721da177e4SLinus Torvalds break; 3731da177e4SLinus Torvalds case ICMP_TIME_EXCEEDED: 3741da177e4SLinus Torvalds if (code != ICMP_EXC_TTL) 3751da177e4SLinus Torvalds return; 3761da177e4SLinus Torvalds break; 3771da177e4SLinus Torvalds } 3781da177e4SLinus Torvalds 3791da177e4SLinus Torvalds read_lock(&ipgre_lock); 3803b4667f3SPavel Emelyanov t = ipgre_tunnel_lookup(dev_net(skb->dev), iph->daddr, iph->saddr, 381f57e7d5aSPavel Emelyanov (flags&GRE_KEY) ? 382f57e7d5aSPavel Emelyanov *(((__be32*)p) + (grehlen>>2) - 1) : 0); 383f97c1e0cSJoe Perches if (t == NULL || t->parms.iph.daddr == 0 || 384f97c1e0cSJoe Perches ipv4_is_multicast(t->parms.iph.daddr)) 3851da177e4SLinus Torvalds goto out; 3861da177e4SLinus Torvalds 3871da177e4SLinus Torvalds if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED) 3881da177e4SLinus Torvalds goto out; 3891da177e4SLinus Torvalds 3901da177e4SLinus Torvalds if (jiffies - t->err_time < IPTUNNEL_ERR_TIMEO) 3911da177e4SLinus Torvalds t->err_count++; 3921da177e4SLinus Torvalds else 3931da177e4SLinus Torvalds t->err_count = 1; 3941da177e4SLinus Torvalds t->err_time = jiffies; 3951da177e4SLinus Torvalds out: 3961da177e4SLinus Torvalds read_unlock(&ipgre_lock); 3971da177e4SLinus Torvalds return; 3981da177e4SLinus Torvalds #else 3991da177e4SLinus Torvalds struct iphdr *iph = (struct iphdr*)dp; 4001da177e4SLinus Torvalds struct iphdr *eiph; 401d5a0a1e3SAl Viro __be16 *p = (__be16*)(dp+(iph->ihl<<2)); 40288c7664fSArnaldo Carvalho de Melo const int type = icmp_hdr(skb)->type; 40388c7664fSArnaldo Carvalho de Melo const int code = icmp_hdr(skb)->code; 4041da177e4SLinus Torvalds int rel_type = 0; 4051da177e4SLinus Torvalds int rel_code = 0; 406c55e2f49SAl Viro __be32 rel_info = 0; 407c55e2f49SAl Viro __u32 n = 0; 408d5a0a1e3SAl Viro __be16 flags; 4091da177e4SLinus Torvalds int grehlen = (iph->ihl<<2) + 4; 4101da177e4SLinus Torvalds struct sk_buff *skb2; 4111da177e4SLinus Torvalds struct flowi fl; 4121da177e4SLinus Torvalds struct rtable *rt; 4131da177e4SLinus Torvalds 4141da177e4SLinus Torvalds if (p[1] != htons(ETH_P_IP)) 4151da177e4SLinus Torvalds return; 4161da177e4SLinus Torvalds 4171da177e4SLinus Torvalds flags = p[0]; 4181da177e4SLinus Torvalds if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) { 4191da177e4SLinus Torvalds if (flags&(GRE_VERSION|GRE_ROUTING)) 4201da177e4SLinus Torvalds return; 4211da177e4SLinus Torvalds if (flags&GRE_CSUM) 4221da177e4SLinus Torvalds grehlen += 4; 4231da177e4SLinus Torvalds if (flags&GRE_KEY) 4241da177e4SLinus Torvalds grehlen += 4; 4251da177e4SLinus Torvalds if (flags&GRE_SEQ) 4261da177e4SLinus Torvalds grehlen += 4; 4271da177e4SLinus Torvalds } 4281da177e4SLinus Torvalds if (len < grehlen + sizeof(struct iphdr)) 4291da177e4SLinus Torvalds return; 4301da177e4SLinus Torvalds eiph = (struct iphdr*)(dp + grehlen); 4311da177e4SLinus Torvalds 4321da177e4SLinus Torvalds switch (type) { 4331da177e4SLinus Torvalds default: 4341da177e4SLinus Torvalds return; 4351da177e4SLinus Torvalds case ICMP_PARAMETERPROB: 43688c7664fSArnaldo Carvalho de Melo n = ntohl(icmp_hdr(skb)->un.gateway) >> 24; 437c55e2f49SAl Viro if (n < (iph->ihl<<2)) 4381da177e4SLinus Torvalds return; 4391da177e4SLinus Torvalds 4401da177e4SLinus Torvalds /* So... This guy found something strange INSIDE encapsulated 4411da177e4SLinus Torvalds packet. Well, he is fool, but what can we do ? 4421da177e4SLinus Torvalds */ 4431da177e4SLinus Torvalds rel_type = ICMP_PARAMETERPROB; 444c55e2f49SAl Viro n -= grehlen; 445c55e2f49SAl Viro rel_info = htonl(n << 24); 4461da177e4SLinus Torvalds break; 4471da177e4SLinus Torvalds 4481da177e4SLinus Torvalds case ICMP_DEST_UNREACH: 4491da177e4SLinus Torvalds switch (code) { 4501da177e4SLinus Torvalds case ICMP_SR_FAILED: 4511da177e4SLinus Torvalds case ICMP_PORT_UNREACH: 4521da177e4SLinus Torvalds /* Impossible event. */ 4531da177e4SLinus Torvalds return; 4541da177e4SLinus Torvalds case ICMP_FRAG_NEEDED: 4551da177e4SLinus Torvalds /* And it is the only really necessary thing :-) */ 45688c7664fSArnaldo Carvalho de Melo n = ntohs(icmp_hdr(skb)->un.frag.mtu); 457c55e2f49SAl Viro if (n < grehlen+68) 4581da177e4SLinus Torvalds return; 459c55e2f49SAl Viro n -= grehlen; 4601da177e4SLinus Torvalds /* BSD 4.2 MORE DOES NOT EXIST IN NATURE. */ 461c55e2f49SAl Viro if (n > ntohs(eiph->tot_len)) 4621da177e4SLinus Torvalds return; 463c55e2f49SAl Viro rel_info = htonl(n); 4641da177e4SLinus Torvalds break; 4651da177e4SLinus Torvalds default: 4661da177e4SLinus Torvalds /* All others are translated to HOST_UNREACH. 4671da177e4SLinus Torvalds rfc2003 contains "deep thoughts" about NET_UNREACH, 4681da177e4SLinus Torvalds I believe, it is just ether pollution. --ANK 4691da177e4SLinus Torvalds */ 4701da177e4SLinus Torvalds rel_type = ICMP_DEST_UNREACH; 4711da177e4SLinus Torvalds rel_code = ICMP_HOST_UNREACH; 4721da177e4SLinus Torvalds break; 4731da177e4SLinus Torvalds } 4741da177e4SLinus Torvalds break; 4751da177e4SLinus Torvalds case ICMP_TIME_EXCEEDED: 4761da177e4SLinus Torvalds if (code != ICMP_EXC_TTL) 4771da177e4SLinus Torvalds return; 4781da177e4SLinus Torvalds break; 4791da177e4SLinus Torvalds } 4801da177e4SLinus Torvalds 4811da177e4SLinus Torvalds /* Prepare fake skb to feed it to icmp_send */ 4821da177e4SLinus Torvalds skb2 = skb_clone(skb, GFP_ATOMIC); 4831da177e4SLinus Torvalds if (skb2 == NULL) 4841da177e4SLinus Torvalds return; 4851da177e4SLinus Torvalds dst_release(skb2->dst); 4861da177e4SLinus Torvalds skb2->dst = NULL; 4871da177e4SLinus Torvalds skb_pull(skb2, skb->data - (u8*)eiph); 488c1d2bbe1SArnaldo Carvalho de Melo skb_reset_network_header(skb2); 4891da177e4SLinus Torvalds 4901da177e4SLinus Torvalds /* Try to guess incoming interface */ 4911da177e4SLinus Torvalds memset(&fl, 0, sizeof(fl)); 4921da177e4SLinus Torvalds fl.fl4_dst = eiph->saddr; 4931da177e4SLinus Torvalds fl.fl4_tos = RT_TOS(eiph->tos); 4941da177e4SLinus Torvalds fl.proto = IPPROTO_GRE; 495f206351aSDenis V. Lunev if (ip_route_output_key(&init_net, &rt, &fl)) { 4961da177e4SLinus Torvalds kfree_skb(skb2); 4971da177e4SLinus Torvalds return; 4981da177e4SLinus Torvalds } 4991da177e4SLinus Torvalds skb2->dev = rt->u.dst.dev; 5001da177e4SLinus Torvalds 5011da177e4SLinus Torvalds /* route "incoming" packet */ 5021da177e4SLinus Torvalds if (rt->rt_flags&RTCF_LOCAL) { 5031da177e4SLinus Torvalds ip_rt_put(rt); 5041da177e4SLinus Torvalds rt = NULL; 5051da177e4SLinus Torvalds fl.fl4_dst = eiph->daddr; 5061da177e4SLinus Torvalds fl.fl4_src = eiph->saddr; 5071da177e4SLinus Torvalds fl.fl4_tos = eiph->tos; 508f206351aSDenis V. Lunev if (ip_route_output_key(&init_net, &rt, &fl) || 5091da177e4SLinus Torvalds rt->u.dst.dev->type != ARPHRD_IPGRE) { 5101da177e4SLinus Torvalds ip_rt_put(rt); 5111da177e4SLinus Torvalds kfree_skb(skb2); 5121da177e4SLinus Torvalds return; 5131da177e4SLinus Torvalds } 5141da177e4SLinus Torvalds } else { 5151da177e4SLinus Torvalds ip_rt_put(rt); 5161da177e4SLinus Torvalds if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, skb2->dev) || 5171da177e4SLinus Torvalds skb2->dst->dev->type != ARPHRD_IPGRE) { 5181da177e4SLinus Torvalds kfree_skb(skb2); 5191da177e4SLinus Torvalds return; 5201da177e4SLinus Torvalds } 5211da177e4SLinus Torvalds } 5221da177e4SLinus Torvalds 5231da177e4SLinus Torvalds /* change mtu on this route */ 5241da177e4SLinus Torvalds if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { 525c55e2f49SAl Viro if (n > dst_mtu(skb2->dst)) { 5261da177e4SLinus Torvalds kfree_skb(skb2); 5271da177e4SLinus Torvalds return; 5281da177e4SLinus Torvalds } 529c55e2f49SAl Viro skb2->dst->ops->update_pmtu(skb2->dst, n); 5301da177e4SLinus Torvalds } else if (type == ICMP_TIME_EXCEEDED) { 5312941a486SPatrick McHardy struct ip_tunnel *t = netdev_priv(skb2->dev); 5321da177e4SLinus Torvalds if (t->parms.iph.ttl) { 5331da177e4SLinus Torvalds rel_type = ICMP_DEST_UNREACH; 5341da177e4SLinus Torvalds rel_code = ICMP_HOST_UNREACH; 5351da177e4SLinus Torvalds } 5361da177e4SLinus Torvalds } 5371da177e4SLinus Torvalds 5381da177e4SLinus Torvalds icmp_send(skb2, rel_type, rel_code, rel_info); 5391da177e4SLinus Torvalds kfree_skb(skb2); 5401da177e4SLinus Torvalds #endif 5411da177e4SLinus Torvalds } 5421da177e4SLinus Torvalds 5431da177e4SLinus Torvalds static inline void ipgre_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb) 5441da177e4SLinus Torvalds { 5451da177e4SLinus Torvalds if (INET_ECN_is_ce(iph->tos)) { 5461da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) { 547eddc9ec5SArnaldo Carvalho de Melo IP_ECN_set_ce(ip_hdr(skb)); 5481da177e4SLinus Torvalds } else if (skb->protocol == htons(ETH_P_IPV6)) { 5490660e03fSArnaldo Carvalho de Melo IP6_ECN_set_ce(ipv6_hdr(skb)); 5501da177e4SLinus Torvalds } 5511da177e4SLinus Torvalds } 5521da177e4SLinus Torvalds } 5531da177e4SLinus Torvalds 5541da177e4SLinus Torvalds static inline u8 5551da177e4SLinus Torvalds ipgre_ecn_encapsulate(u8 tos, struct iphdr *old_iph, struct sk_buff *skb) 5561da177e4SLinus Torvalds { 5571da177e4SLinus Torvalds u8 inner = 0; 5581da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) 5591da177e4SLinus Torvalds inner = old_iph->tos; 5601da177e4SLinus Torvalds else if (skb->protocol == htons(ETH_P_IPV6)) 5611da177e4SLinus Torvalds inner = ipv6_get_dsfield((struct ipv6hdr *)old_iph); 5621da177e4SLinus Torvalds return INET_ECN_encapsulate(tos, inner); 5631da177e4SLinus Torvalds } 5641da177e4SLinus Torvalds 5651da177e4SLinus Torvalds static int ipgre_rcv(struct sk_buff *skb) 5661da177e4SLinus Torvalds { 5671da177e4SLinus Torvalds struct iphdr *iph; 5681da177e4SLinus Torvalds u8 *h; 569d5a0a1e3SAl Viro __be16 flags; 570d3bc23e7SAl Viro __sum16 csum = 0; 571d5a0a1e3SAl Viro __be32 key = 0; 5721da177e4SLinus Torvalds u32 seqno = 0; 5731da177e4SLinus Torvalds struct ip_tunnel *tunnel; 5741da177e4SLinus Torvalds int offset = 4; 5751da177e4SLinus Torvalds 5761da177e4SLinus Torvalds if (!pskb_may_pull(skb, 16)) 5771da177e4SLinus Torvalds goto drop_nolock; 5781da177e4SLinus Torvalds 579eddc9ec5SArnaldo Carvalho de Melo iph = ip_hdr(skb); 5801da177e4SLinus Torvalds h = skb->data; 581d5a0a1e3SAl Viro flags = *(__be16*)h; 5821da177e4SLinus Torvalds 5831da177e4SLinus Torvalds if (flags&(GRE_CSUM|GRE_KEY|GRE_ROUTING|GRE_SEQ|GRE_VERSION)) { 5841da177e4SLinus Torvalds /* - Version must be 0. 5851da177e4SLinus Torvalds - We do not support routing headers. 5861da177e4SLinus Torvalds */ 5871da177e4SLinus Torvalds if (flags&(GRE_VERSION|GRE_ROUTING)) 5881da177e4SLinus Torvalds goto drop_nolock; 5891da177e4SLinus Torvalds 5901da177e4SLinus Torvalds if (flags&GRE_CSUM) { 591fb286bb2SHerbert Xu switch (skb->ip_summed) { 59284fa7933SPatrick McHardy case CHECKSUM_COMPLETE: 593d3bc23e7SAl Viro csum = csum_fold(skb->csum); 594fb286bb2SHerbert Xu if (!csum) 595fb286bb2SHerbert Xu break; 596fb286bb2SHerbert Xu /* fall through */ 597fb286bb2SHerbert Xu case CHECKSUM_NONE: 598fb286bb2SHerbert Xu skb->csum = 0; 599fb286bb2SHerbert Xu csum = __skb_checksum_complete(skb); 60084fa7933SPatrick McHardy skb->ip_summed = CHECKSUM_COMPLETE; 6011da177e4SLinus Torvalds } 6021da177e4SLinus Torvalds offset += 4; 6031da177e4SLinus Torvalds } 6041da177e4SLinus Torvalds if (flags&GRE_KEY) { 605d5a0a1e3SAl Viro key = *(__be32*)(h + offset); 6061da177e4SLinus Torvalds offset += 4; 6071da177e4SLinus Torvalds } 6081da177e4SLinus Torvalds if (flags&GRE_SEQ) { 609d5a0a1e3SAl Viro seqno = ntohl(*(__be32*)(h + offset)); 6101da177e4SLinus Torvalds offset += 4; 6111da177e4SLinus Torvalds } 6121da177e4SLinus Torvalds } 6131da177e4SLinus Torvalds 6141da177e4SLinus Torvalds read_lock(&ipgre_lock); 6153b4667f3SPavel Emelyanov if ((tunnel = ipgre_tunnel_lookup(dev_net(skb->dev), 616f57e7d5aSPavel Emelyanov iph->saddr, iph->daddr, key)) != NULL) { 6171da177e4SLinus Torvalds secpath_reset(skb); 6181da177e4SLinus Torvalds 619d5a0a1e3SAl Viro skb->protocol = *(__be16*)(h + 2); 6201da177e4SLinus Torvalds /* WCCP version 1 and 2 protocol decoding. 6211da177e4SLinus Torvalds * - Change protocol to IP 6221da177e4SLinus Torvalds * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header 6231da177e4SLinus Torvalds */ 6241da177e4SLinus Torvalds if (flags == 0 && 625496c98dfSYOSHIFUJI Hideaki skb->protocol == htons(ETH_P_WCCP)) { 626496c98dfSYOSHIFUJI Hideaki skb->protocol = htons(ETH_P_IP); 6271da177e4SLinus Torvalds if ((*(h + offset) & 0xF0) != 0x40) 6281da177e4SLinus Torvalds offset += 4; 6291da177e4SLinus Torvalds } 6301da177e4SLinus Torvalds 6311d069167STimo Teras skb->mac_header = skb->network_header; 6324209fb60SArnaldo Carvalho de Melo __pskb_pull(skb, offset); 6334209fb60SArnaldo Carvalho de Melo skb_reset_network_header(skb); 6349c70220bSArnaldo Carvalho de Melo skb_postpull_rcsum(skb, skb_transport_header(skb), offset); 6351da177e4SLinus Torvalds skb->pkt_type = PACKET_HOST; 6361da177e4SLinus Torvalds #ifdef CONFIG_NET_IPGRE_BROADCAST 637f97c1e0cSJoe Perches if (ipv4_is_multicast(iph->daddr)) { 6381da177e4SLinus Torvalds /* Looped back packet, drop it! */ 639ee6b9673SEric Dumazet if (skb->rtable->fl.iif == 0) 6401da177e4SLinus Torvalds goto drop; 6411da177e4SLinus Torvalds tunnel->stat.multicast++; 6421da177e4SLinus Torvalds skb->pkt_type = PACKET_BROADCAST; 6431da177e4SLinus Torvalds } 6441da177e4SLinus Torvalds #endif 6451da177e4SLinus Torvalds 6461da177e4SLinus Torvalds if (((flags&GRE_CSUM) && csum) || 6471da177e4SLinus Torvalds (!(flags&GRE_CSUM) && tunnel->parms.i_flags&GRE_CSUM)) { 6481da177e4SLinus Torvalds tunnel->stat.rx_crc_errors++; 6491da177e4SLinus Torvalds tunnel->stat.rx_errors++; 6501da177e4SLinus Torvalds goto drop; 6511da177e4SLinus Torvalds } 6521da177e4SLinus Torvalds if (tunnel->parms.i_flags&GRE_SEQ) { 6531da177e4SLinus Torvalds if (!(flags&GRE_SEQ) || 6541da177e4SLinus Torvalds (tunnel->i_seqno && (s32)(seqno - tunnel->i_seqno) < 0)) { 6551da177e4SLinus Torvalds tunnel->stat.rx_fifo_errors++; 6561da177e4SLinus Torvalds tunnel->stat.rx_errors++; 6571da177e4SLinus Torvalds goto drop; 6581da177e4SLinus Torvalds } 6591da177e4SLinus Torvalds tunnel->i_seqno = seqno + 1; 6601da177e4SLinus Torvalds } 6611da177e4SLinus Torvalds tunnel->stat.rx_packets++; 6621da177e4SLinus Torvalds tunnel->stat.rx_bytes += skb->len; 6631da177e4SLinus Torvalds skb->dev = tunnel->dev; 6641da177e4SLinus Torvalds dst_release(skb->dst); 6651da177e4SLinus Torvalds skb->dst = NULL; 6661da177e4SLinus Torvalds nf_reset(skb); 6671da177e4SLinus Torvalds ipgre_ecn_decapsulate(iph, skb); 6681da177e4SLinus Torvalds netif_rx(skb); 6691da177e4SLinus Torvalds read_unlock(&ipgre_lock); 6701da177e4SLinus Torvalds return(0); 6711da177e4SLinus Torvalds } 67245af08beSHerbert Xu icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 6731da177e4SLinus Torvalds 6741da177e4SLinus Torvalds drop: 6751da177e4SLinus Torvalds read_unlock(&ipgre_lock); 6761da177e4SLinus Torvalds drop_nolock: 6771da177e4SLinus Torvalds kfree_skb(skb); 6781da177e4SLinus Torvalds return(0); 6791da177e4SLinus Torvalds } 6801da177e4SLinus Torvalds 6811da177e4SLinus Torvalds static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) 6821da177e4SLinus Torvalds { 6832941a486SPatrick McHardy struct ip_tunnel *tunnel = netdev_priv(dev); 6841da177e4SLinus Torvalds struct net_device_stats *stats = &tunnel->stat; 685eddc9ec5SArnaldo Carvalho de Melo struct iphdr *old_iph = ip_hdr(skb); 6861da177e4SLinus Torvalds struct iphdr *tiph; 6871da177e4SLinus Torvalds u8 tos; 688d5a0a1e3SAl Viro __be16 df; 6891da177e4SLinus Torvalds struct rtable *rt; /* Route to the other host */ 6901da177e4SLinus Torvalds struct net_device *tdev; /* Device to other host */ 6911da177e4SLinus Torvalds struct iphdr *iph; /* Our new IP header */ 692c2636b4dSChuck Lever unsigned int max_headroom; /* The extra header space needed */ 6931da177e4SLinus Torvalds int gre_hlen; 694d5a0a1e3SAl Viro __be32 dst; 6951da177e4SLinus Torvalds int mtu; 6961da177e4SLinus Torvalds 6971da177e4SLinus Torvalds if (tunnel->recursion++) { 6981da177e4SLinus Torvalds tunnel->stat.collisions++; 6991da177e4SLinus Torvalds goto tx_error; 7001da177e4SLinus Torvalds } 7011da177e4SLinus Torvalds 7023b04dddeSStephen Hemminger if (dev->header_ops) { 7031da177e4SLinus Torvalds gre_hlen = 0; 7041da177e4SLinus Torvalds tiph = (struct iphdr*)skb->data; 7051da177e4SLinus Torvalds } else { 7061da177e4SLinus Torvalds gre_hlen = tunnel->hlen; 7071da177e4SLinus Torvalds tiph = &tunnel->parms.iph; 7081da177e4SLinus Torvalds } 7091da177e4SLinus Torvalds 7101da177e4SLinus Torvalds if ((dst = tiph->daddr) == 0) { 7111da177e4SLinus Torvalds /* NBMA tunnel */ 7121da177e4SLinus Torvalds 7131da177e4SLinus Torvalds if (skb->dst == NULL) { 7141da177e4SLinus Torvalds tunnel->stat.tx_fifo_errors++; 7151da177e4SLinus Torvalds goto tx_error; 7161da177e4SLinus Torvalds } 7171da177e4SLinus Torvalds 7181da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) { 719ee6b9673SEric Dumazet rt = skb->rtable; 7201da177e4SLinus Torvalds if ((dst = rt->rt_gateway) == 0) 7211da177e4SLinus Torvalds goto tx_error_icmp; 7221da177e4SLinus Torvalds } 7231da177e4SLinus Torvalds #ifdef CONFIG_IPV6 7241da177e4SLinus Torvalds else if (skb->protocol == htons(ETH_P_IPV6)) { 7251da177e4SLinus Torvalds struct in6_addr *addr6; 7261da177e4SLinus Torvalds int addr_type; 7271da177e4SLinus Torvalds struct neighbour *neigh = skb->dst->neighbour; 7281da177e4SLinus Torvalds 7291da177e4SLinus Torvalds if (neigh == NULL) 7301da177e4SLinus Torvalds goto tx_error; 7311da177e4SLinus Torvalds 7321da177e4SLinus Torvalds addr6 = (struct in6_addr*)&neigh->primary_key; 7331da177e4SLinus Torvalds addr_type = ipv6_addr_type(addr6); 7341da177e4SLinus Torvalds 7351da177e4SLinus Torvalds if (addr_type == IPV6_ADDR_ANY) { 7360660e03fSArnaldo Carvalho de Melo addr6 = &ipv6_hdr(skb)->daddr; 7371da177e4SLinus Torvalds addr_type = ipv6_addr_type(addr6); 7381da177e4SLinus Torvalds } 7391da177e4SLinus Torvalds 7401da177e4SLinus Torvalds if ((addr_type & IPV6_ADDR_COMPATv4) == 0) 7411da177e4SLinus Torvalds goto tx_error_icmp; 7421da177e4SLinus Torvalds 7431da177e4SLinus Torvalds dst = addr6->s6_addr32[3]; 7441da177e4SLinus Torvalds } 7451da177e4SLinus Torvalds #endif 7461da177e4SLinus Torvalds else 7471da177e4SLinus Torvalds goto tx_error; 7481da177e4SLinus Torvalds } 7491da177e4SLinus Torvalds 7501da177e4SLinus Torvalds tos = tiph->tos; 7511da177e4SLinus Torvalds if (tos&1) { 7521da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) 7531da177e4SLinus Torvalds tos = old_iph->tos; 7541da177e4SLinus Torvalds tos &= ~1; 7551da177e4SLinus Torvalds } 7561da177e4SLinus Torvalds 7571da177e4SLinus Torvalds { 7581da177e4SLinus Torvalds struct flowi fl = { .oif = tunnel->parms.link, 7591da177e4SLinus Torvalds .nl_u = { .ip4_u = 7601da177e4SLinus Torvalds { .daddr = dst, 7611da177e4SLinus Torvalds .saddr = tiph->saddr, 7621da177e4SLinus Torvalds .tos = RT_TOS(tos) } }, 7631da177e4SLinus Torvalds .proto = IPPROTO_GRE }; 764f206351aSDenis V. Lunev if (ip_route_output_key(&init_net, &rt, &fl)) { 7651da177e4SLinus Torvalds tunnel->stat.tx_carrier_errors++; 7661da177e4SLinus Torvalds goto tx_error; 7671da177e4SLinus Torvalds } 7681da177e4SLinus Torvalds } 7691da177e4SLinus Torvalds tdev = rt->u.dst.dev; 7701da177e4SLinus Torvalds 7711da177e4SLinus Torvalds if (tdev == dev) { 7721da177e4SLinus Torvalds ip_rt_put(rt); 7731da177e4SLinus Torvalds tunnel->stat.collisions++; 7741da177e4SLinus Torvalds goto tx_error; 7751da177e4SLinus Torvalds } 7761da177e4SLinus Torvalds 7771da177e4SLinus Torvalds df = tiph->frag_off; 7781da177e4SLinus Torvalds if (df) 7791da177e4SLinus Torvalds mtu = dst_mtu(&rt->u.dst) - tunnel->hlen; 7801da177e4SLinus Torvalds else 7811da177e4SLinus Torvalds mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu; 7821da177e4SLinus Torvalds 7831da177e4SLinus Torvalds if (skb->dst) 7841da177e4SLinus Torvalds skb->dst->ops->update_pmtu(skb->dst, mtu); 7851da177e4SLinus Torvalds 7861da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) { 7871da177e4SLinus Torvalds df |= (old_iph->frag_off&htons(IP_DF)); 7881da177e4SLinus Torvalds 7891da177e4SLinus Torvalds if ((old_iph->frag_off&htons(IP_DF)) && 7901da177e4SLinus Torvalds mtu < ntohs(old_iph->tot_len)) { 7911da177e4SLinus Torvalds icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); 7921da177e4SLinus Torvalds ip_rt_put(rt); 7931da177e4SLinus Torvalds goto tx_error; 7941da177e4SLinus Torvalds } 7951da177e4SLinus Torvalds } 7961da177e4SLinus Torvalds #ifdef CONFIG_IPV6 7971da177e4SLinus Torvalds else if (skb->protocol == htons(ETH_P_IPV6)) { 7981da177e4SLinus Torvalds struct rt6_info *rt6 = (struct rt6_info*)skb->dst; 7991da177e4SLinus Torvalds 8001da177e4SLinus Torvalds if (rt6 && mtu < dst_mtu(skb->dst) && mtu >= IPV6_MIN_MTU) { 801f97c1e0cSJoe Perches if ((tunnel->parms.iph.daddr && 802f97c1e0cSJoe Perches !ipv4_is_multicast(tunnel->parms.iph.daddr)) || 8031da177e4SLinus Torvalds rt6->rt6i_dst.plen == 128) { 8041da177e4SLinus Torvalds rt6->rt6i_flags |= RTF_MODIFIED; 8051da177e4SLinus Torvalds skb->dst->metrics[RTAX_MTU-1] = mtu; 8061da177e4SLinus Torvalds } 8071da177e4SLinus Torvalds } 8081da177e4SLinus Torvalds 8091da177e4SLinus Torvalds if (mtu >= IPV6_MIN_MTU && mtu < skb->len - tunnel->hlen + gre_hlen) { 8101da177e4SLinus Torvalds icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, dev); 8111da177e4SLinus Torvalds ip_rt_put(rt); 8121da177e4SLinus Torvalds goto tx_error; 8131da177e4SLinus Torvalds } 8141da177e4SLinus Torvalds } 8151da177e4SLinus Torvalds #endif 8161da177e4SLinus Torvalds 8171da177e4SLinus Torvalds if (tunnel->err_count > 0) { 8181da177e4SLinus Torvalds if (jiffies - tunnel->err_time < IPTUNNEL_ERR_TIMEO) { 8191da177e4SLinus Torvalds tunnel->err_count--; 8201da177e4SLinus Torvalds 8211da177e4SLinus Torvalds dst_link_failure(skb); 8221da177e4SLinus Torvalds } else 8231da177e4SLinus Torvalds tunnel->err_count = 0; 8241da177e4SLinus Torvalds } 8251da177e4SLinus Torvalds 8261da177e4SLinus Torvalds max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen; 8271da177e4SLinus Torvalds 828cfbba49dSPatrick McHardy if (skb_headroom(skb) < max_headroom || skb_shared(skb)|| 829cfbba49dSPatrick McHardy (skb_cloned(skb) && !skb_clone_writable(skb, 0))) { 8301da177e4SLinus Torvalds struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom); 8311da177e4SLinus Torvalds if (!new_skb) { 8321da177e4SLinus Torvalds ip_rt_put(rt); 8331da177e4SLinus Torvalds stats->tx_dropped++; 8341da177e4SLinus Torvalds dev_kfree_skb(skb); 8351da177e4SLinus Torvalds tunnel->recursion--; 8361da177e4SLinus Torvalds return 0; 8371da177e4SLinus Torvalds } 8381da177e4SLinus Torvalds if (skb->sk) 8391da177e4SLinus Torvalds skb_set_owner_w(new_skb, skb->sk); 8401da177e4SLinus Torvalds dev_kfree_skb(skb); 8411da177e4SLinus Torvalds skb = new_skb; 842eddc9ec5SArnaldo Carvalho de Melo old_iph = ip_hdr(skb); 8431da177e4SLinus Torvalds } 8441da177e4SLinus Torvalds 845b0e380b1SArnaldo Carvalho de Melo skb->transport_header = skb->network_header; 846e2d1bca7SArnaldo Carvalho de Melo skb_push(skb, gre_hlen); 847e2d1bca7SArnaldo Carvalho de Melo skb_reset_network_header(skb); 8481da177e4SLinus Torvalds memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); 84948d5cad8SPatrick McHardy IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | 85048d5cad8SPatrick McHardy IPSKB_REROUTED); 8511da177e4SLinus Torvalds dst_release(skb->dst); 8521da177e4SLinus Torvalds skb->dst = &rt->u.dst; 8531da177e4SLinus Torvalds 8541da177e4SLinus Torvalds /* 8551da177e4SLinus Torvalds * Push down and install the IPIP header. 8561da177e4SLinus Torvalds */ 8571da177e4SLinus Torvalds 858eddc9ec5SArnaldo Carvalho de Melo iph = ip_hdr(skb); 8591da177e4SLinus Torvalds iph->version = 4; 8601da177e4SLinus Torvalds iph->ihl = sizeof(struct iphdr) >> 2; 8611da177e4SLinus Torvalds iph->frag_off = df; 8621da177e4SLinus Torvalds iph->protocol = IPPROTO_GRE; 8631da177e4SLinus Torvalds iph->tos = ipgre_ecn_encapsulate(tos, old_iph, skb); 8641da177e4SLinus Torvalds iph->daddr = rt->rt_dst; 8651da177e4SLinus Torvalds iph->saddr = rt->rt_src; 8661da177e4SLinus Torvalds 8671da177e4SLinus Torvalds if ((iph->ttl = tiph->ttl) == 0) { 8681da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) 8691da177e4SLinus Torvalds iph->ttl = old_iph->ttl; 8701da177e4SLinus Torvalds #ifdef CONFIG_IPV6 8711da177e4SLinus Torvalds else if (skb->protocol == htons(ETH_P_IPV6)) 8721da177e4SLinus Torvalds iph->ttl = ((struct ipv6hdr*)old_iph)->hop_limit; 8731da177e4SLinus Torvalds #endif 8741da177e4SLinus Torvalds else 8751da177e4SLinus Torvalds iph->ttl = dst_metric(&rt->u.dst, RTAX_HOPLIMIT); 8761da177e4SLinus Torvalds } 8771da177e4SLinus Torvalds 878d5a0a1e3SAl Viro ((__be16*)(iph+1))[0] = tunnel->parms.o_flags; 879d5a0a1e3SAl Viro ((__be16*)(iph+1))[1] = skb->protocol; 8801da177e4SLinus Torvalds 8811da177e4SLinus Torvalds if (tunnel->parms.o_flags&(GRE_KEY|GRE_CSUM|GRE_SEQ)) { 882d5a0a1e3SAl Viro __be32 *ptr = (__be32*)(((u8*)iph) + tunnel->hlen - 4); 8831da177e4SLinus Torvalds 8841da177e4SLinus Torvalds if (tunnel->parms.o_flags&GRE_SEQ) { 8851da177e4SLinus Torvalds ++tunnel->o_seqno; 8861da177e4SLinus Torvalds *ptr = htonl(tunnel->o_seqno); 8871da177e4SLinus Torvalds ptr--; 8881da177e4SLinus Torvalds } 8891da177e4SLinus Torvalds if (tunnel->parms.o_flags&GRE_KEY) { 8901da177e4SLinus Torvalds *ptr = tunnel->parms.o_key; 8911da177e4SLinus Torvalds ptr--; 8921da177e4SLinus Torvalds } 8931da177e4SLinus Torvalds if (tunnel->parms.o_flags&GRE_CSUM) { 8941da177e4SLinus Torvalds *ptr = 0; 8955f92a738SAl Viro *(__sum16*)ptr = ip_compute_csum((void*)(iph+1), skb->len - sizeof(struct iphdr)); 8961da177e4SLinus Torvalds } 8971da177e4SLinus Torvalds } 8981da177e4SLinus Torvalds 8991da177e4SLinus Torvalds nf_reset(skb); 9001da177e4SLinus Torvalds 9011da177e4SLinus Torvalds IPTUNNEL_XMIT(); 9021da177e4SLinus Torvalds tunnel->recursion--; 9031da177e4SLinus Torvalds return 0; 9041da177e4SLinus Torvalds 9051da177e4SLinus Torvalds tx_error_icmp: 9061da177e4SLinus Torvalds dst_link_failure(skb); 9071da177e4SLinus Torvalds 9081da177e4SLinus Torvalds tx_error: 9091da177e4SLinus Torvalds stats->tx_errors++; 9101da177e4SLinus Torvalds dev_kfree_skb(skb); 9111da177e4SLinus Torvalds tunnel->recursion--; 9121da177e4SLinus Torvalds return 0; 9131da177e4SLinus Torvalds } 9141da177e4SLinus Torvalds 915ee34c1ebSMichal Schmidt static void ipgre_tunnel_bind_dev(struct net_device *dev) 916ee34c1ebSMichal Schmidt { 917ee34c1ebSMichal Schmidt struct net_device *tdev = NULL; 918ee34c1ebSMichal Schmidt struct ip_tunnel *tunnel; 919ee34c1ebSMichal Schmidt struct iphdr *iph; 920ee34c1ebSMichal Schmidt int hlen = LL_MAX_HEADER; 921ee34c1ebSMichal Schmidt int mtu = ETH_DATA_LEN; 922ee34c1ebSMichal Schmidt int addend = sizeof(struct iphdr) + 4; 923ee34c1ebSMichal Schmidt 924ee34c1ebSMichal Schmidt tunnel = netdev_priv(dev); 925ee34c1ebSMichal Schmidt iph = &tunnel->parms.iph; 926ee34c1ebSMichal Schmidt 927ee34c1ebSMichal Schmidt /* Guess output device to choose reasonable mtu and hard_header_len */ 928ee34c1ebSMichal Schmidt 929ee34c1ebSMichal Schmidt if (iph->daddr) { 930ee34c1ebSMichal Schmidt struct flowi fl = { .oif = tunnel->parms.link, 931ee34c1ebSMichal Schmidt .nl_u = { .ip4_u = 932ee34c1ebSMichal Schmidt { .daddr = iph->daddr, 933ee34c1ebSMichal Schmidt .saddr = iph->saddr, 934ee34c1ebSMichal Schmidt .tos = RT_TOS(iph->tos) } }, 935ee34c1ebSMichal Schmidt .proto = IPPROTO_GRE }; 936ee34c1ebSMichal Schmidt struct rtable *rt; 937f206351aSDenis V. Lunev if (!ip_route_output_key(&init_net, &rt, &fl)) { 938ee34c1ebSMichal Schmidt tdev = rt->u.dst.dev; 939ee34c1ebSMichal Schmidt ip_rt_put(rt); 940ee34c1ebSMichal Schmidt } 941ee34c1ebSMichal Schmidt dev->flags |= IFF_POINTOPOINT; 942ee34c1ebSMichal Schmidt } 943ee34c1ebSMichal Schmidt 944ee34c1ebSMichal Schmidt if (!tdev && tunnel->parms.link) 945ee34c1ebSMichal Schmidt tdev = __dev_get_by_index(&init_net, tunnel->parms.link); 946ee34c1ebSMichal Schmidt 947ee34c1ebSMichal Schmidt if (tdev) { 948ee34c1ebSMichal Schmidt hlen = tdev->hard_header_len; 949ee34c1ebSMichal Schmidt mtu = tdev->mtu; 950ee34c1ebSMichal Schmidt } 951ee34c1ebSMichal Schmidt dev->iflink = tunnel->parms.link; 952ee34c1ebSMichal Schmidt 953ee34c1ebSMichal Schmidt /* Precalculate GRE options length */ 954ee34c1ebSMichal Schmidt if (tunnel->parms.o_flags&(GRE_CSUM|GRE_KEY|GRE_SEQ)) { 955ee34c1ebSMichal Schmidt if (tunnel->parms.o_flags&GRE_CSUM) 956ee34c1ebSMichal Schmidt addend += 4; 957ee34c1ebSMichal Schmidt if (tunnel->parms.o_flags&GRE_KEY) 958ee34c1ebSMichal Schmidt addend += 4; 959ee34c1ebSMichal Schmidt if (tunnel->parms.o_flags&GRE_SEQ) 960ee34c1ebSMichal Schmidt addend += 4; 961ee34c1ebSMichal Schmidt } 962ee34c1ebSMichal Schmidt dev->hard_header_len = hlen + addend; 963ee34c1ebSMichal Schmidt dev->mtu = mtu - addend; 964ee34c1ebSMichal Schmidt tunnel->hlen = addend; 965ee34c1ebSMichal Schmidt 966ee34c1ebSMichal Schmidt } 967ee34c1ebSMichal Schmidt 9681da177e4SLinus Torvalds static int 9691da177e4SLinus Torvalds ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd) 9701da177e4SLinus Torvalds { 9711da177e4SLinus Torvalds int err = 0; 9721da177e4SLinus Torvalds struct ip_tunnel_parm p; 9731da177e4SLinus Torvalds struct ip_tunnel *t; 974f57e7d5aSPavel Emelyanov struct net *net = dev_net(dev); 975f57e7d5aSPavel Emelyanov struct ipgre_net *ign = net_generic(net, ipgre_net_id); 9761da177e4SLinus Torvalds 9771da177e4SLinus Torvalds switch (cmd) { 9781da177e4SLinus Torvalds case SIOCGETTUNNEL: 9791da177e4SLinus Torvalds t = NULL; 980*7daa0004SPavel Emelyanov if (dev == ign->fb_tunnel_dev) { 9811da177e4SLinus Torvalds if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) { 9821da177e4SLinus Torvalds err = -EFAULT; 9831da177e4SLinus Torvalds break; 9841da177e4SLinus Torvalds } 985f57e7d5aSPavel Emelyanov t = ipgre_tunnel_locate(net, &p, 0); 9861da177e4SLinus Torvalds } 9871da177e4SLinus Torvalds if (t == NULL) 9882941a486SPatrick McHardy t = netdev_priv(dev); 9891da177e4SLinus Torvalds memcpy(&p, &t->parms, sizeof(p)); 9901da177e4SLinus Torvalds if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) 9911da177e4SLinus Torvalds err = -EFAULT; 9921da177e4SLinus Torvalds break; 9931da177e4SLinus Torvalds 9941da177e4SLinus Torvalds case SIOCADDTUNNEL: 9951da177e4SLinus Torvalds case SIOCCHGTUNNEL: 9961da177e4SLinus Torvalds err = -EPERM; 9971da177e4SLinus Torvalds if (!capable(CAP_NET_ADMIN)) 9981da177e4SLinus Torvalds goto done; 9991da177e4SLinus Torvalds 10001da177e4SLinus Torvalds err = -EFAULT; 10011da177e4SLinus Torvalds if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 10021da177e4SLinus Torvalds goto done; 10031da177e4SLinus Torvalds 10041da177e4SLinus Torvalds err = -EINVAL; 10051da177e4SLinus Torvalds if (p.iph.version != 4 || p.iph.protocol != IPPROTO_GRE || 10061da177e4SLinus Torvalds p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)) || 10071da177e4SLinus Torvalds ((p.i_flags|p.o_flags)&(GRE_VERSION|GRE_ROUTING))) 10081da177e4SLinus Torvalds goto done; 10091da177e4SLinus Torvalds if (p.iph.ttl) 10101da177e4SLinus Torvalds p.iph.frag_off |= htons(IP_DF); 10111da177e4SLinus Torvalds 10121da177e4SLinus Torvalds if (!(p.i_flags&GRE_KEY)) 10131da177e4SLinus Torvalds p.i_key = 0; 10141da177e4SLinus Torvalds if (!(p.o_flags&GRE_KEY)) 10151da177e4SLinus Torvalds p.o_key = 0; 10161da177e4SLinus Torvalds 1017f57e7d5aSPavel Emelyanov t = ipgre_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL); 10181da177e4SLinus Torvalds 1019*7daa0004SPavel Emelyanov if (dev != ign->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) { 10201da177e4SLinus Torvalds if (t != NULL) { 10211da177e4SLinus Torvalds if (t->dev != dev) { 10221da177e4SLinus Torvalds err = -EEXIST; 10231da177e4SLinus Torvalds break; 10241da177e4SLinus Torvalds } 10251da177e4SLinus Torvalds } else { 10261da177e4SLinus Torvalds unsigned nflags=0; 10271da177e4SLinus Torvalds 10282941a486SPatrick McHardy t = netdev_priv(dev); 10291da177e4SLinus Torvalds 1030f97c1e0cSJoe Perches if (ipv4_is_multicast(p.iph.daddr)) 10311da177e4SLinus Torvalds nflags = IFF_BROADCAST; 10321da177e4SLinus Torvalds else if (p.iph.daddr) 10331da177e4SLinus Torvalds nflags = IFF_POINTOPOINT; 10341da177e4SLinus Torvalds 10351da177e4SLinus Torvalds if ((dev->flags^nflags)&(IFF_POINTOPOINT|IFF_BROADCAST)) { 10361da177e4SLinus Torvalds err = -EINVAL; 10371da177e4SLinus Torvalds break; 10381da177e4SLinus Torvalds } 1039f57e7d5aSPavel Emelyanov ipgre_tunnel_unlink(ign, t); 10401da177e4SLinus Torvalds t->parms.iph.saddr = p.iph.saddr; 10411da177e4SLinus Torvalds t->parms.iph.daddr = p.iph.daddr; 10421da177e4SLinus Torvalds t->parms.i_key = p.i_key; 10431da177e4SLinus Torvalds t->parms.o_key = p.o_key; 10441da177e4SLinus Torvalds memcpy(dev->dev_addr, &p.iph.saddr, 4); 10451da177e4SLinus Torvalds memcpy(dev->broadcast, &p.iph.daddr, 4); 1046f57e7d5aSPavel Emelyanov ipgre_tunnel_link(ign, t); 10471da177e4SLinus Torvalds netdev_state_change(dev); 10481da177e4SLinus Torvalds } 10491da177e4SLinus Torvalds } 10501da177e4SLinus Torvalds 10511da177e4SLinus Torvalds if (t) { 10521da177e4SLinus Torvalds err = 0; 10531da177e4SLinus Torvalds if (cmd == SIOCCHGTUNNEL) { 10541da177e4SLinus Torvalds t->parms.iph.ttl = p.iph.ttl; 10551da177e4SLinus Torvalds t->parms.iph.tos = p.iph.tos; 10561da177e4SLinus Torvalds t->parms.iph.frag_off = p.iph.frag_off; 1057ee34c1ebSMichal Schmidt if (t->parms.link != p.link) { 1058ee34c1ebSMichal Schmidt t->parms.link = p.link; 1059ee34c1ebSMichal Schmidt ipgre_tunnel_bind_dev(dev); 1060ee34c1ebSMichal Schmidt netdev_state_change(dev); 1061ee34c1ebSMichal Schmidt } 10621da177e4SLinus Torvalds } 10631da177e4SLinus Torvalds if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p))) 10641da177e4SLinus Torvalds err = -EFAULT; 10651da177e4SLinus Torvalds } else 10661da177e4SLinus Torvalds err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT); 10671da177e4SLinus Torvalds break; 10681da177e4SLinus Torvalds 10691da177e4SLinus Torvalds case SIOCDELTUNNEL: 10701da177e4SLinus Torvalds err = -EPERM; 10711da177e4SLinus Torvalds if (!capable(CAP_NET_ADMIN)) 10721da177e4SLinus Torvalds goto done; 10731da177e4SLinus Torvalds 1074*7daa0004SPavel Emelyanov if (dev == ign->fb_tunnel_dev) { 10751da177e4SLinus Torvalds err = -EFAULT; 10761da177e4SLinus Torvalds if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 10771da177e4SLinus Torvalds goto done; 10781da177e4SLinus Torvalds err = -ENOENT; 1079f57e7d5aSPavel Emelyanov if ((t = ipgre_tunnel_locate(net, &p, 0)) == NULL) 10801da177e4SLinus Torvalds goto done; 10811da177e4SLinus Torvalds err = -EPERM; 1082*7daa0004SPavel Emelyanov if (t == netdev_priv(ign->fb_tunnel_dev)) 10831da177e4SLinus Torvalds goto done; 10841da177e4SLinus Torvalds dev = t->dev; 10851da177e4SLinus Torvalds } 108622f8cde5SStephen Hemminger unregister_netdevice(dev); 108722f8cde5SStephen Hemminger err = 0; 10881da177e4SLinus Torvalds break; 10891da177e4SLinus Torvalds 10901da177e4SLinus Torvalds default: 10911da177e4SLinus Torvalds err = -EINVAL; 10921da177e4SLinus Torvalds } 10931da177e4SLinus Torvalds 10941da177e4SLinus Torvalds done: 10951da177e4SLinus Torvalds return err; 10961da177e4SLinus Torvalds } 10971da177e4SLinus Torvalds 10981da177e4SLinus Torvalds static struct net_device_stats *ipgre_tunnel_get_stats(struct net_device *dev) 10991da177e4SLinus Torvalds { 11002941a486SPatrick McHardy return &(((struct ip_tunnel*)netdev_priv(dev))->stat); 11011da177e4SLinus Torvalds } 11021da177e4SLinus Torvalds 11031da177e4SLinus Torvalds static int ipgre_tunnel_change_mtu(struct net_device *dev, int new_mtu) 11041da177e4SLinus Torvalds { 11052941a486SPatrick McHardy struct ip_tunnel *tunnel = netdev_priv(dev); 11061da177e4SLinus Torvalds if (new_mtu < 68 || new_mtu > 0xFFF8 - tunnel->hlen) 11071da177e4SLinus Torvalds return -EINVAL; 11081da177e4SLinus Torvalds dev->mtu = new_mtu; 11091da177e4SLinus Torvalds return 0; 11101da177e4SLinus Torvalds } 11111da177e4SLinus Torvalds 11121da177e4SLinus Torvalds /* Nice toy. Unfortunately, useless in real life :-) 11131da177e4SLinus Torvalds It allows to construct virtual multiprotocol broadcast "LAN" 11141da177e4SLinus Torvalds over the Internet, provided multicast routing is tuned. 11151da177e4SLinus Torvalds 11161da177e4SLinus Torvalds 11171da177e4SLinus Torvalds I have no idea was this bicycle invented before me, 11181da177e4SLinus Torvalds so that I had to set ARPHRD_IPGRE to a random value. 11191da177e4SLinus Torvalds I have an impression, that Cisco could make something similar, 11201da177e4SLinus Torvalds but this feature is apparently missing in IOS<=11.2(8). 11211da177e4SLinus Torvalds 11221da177e4SLinus Torvalds I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks 11231da177e4SLinus Torvalds with broadcast 224.66.66.66. If you have access to mbone, play with me :-) 11241da177e4SLinus Torvalds 11251da177e4SLinus Torvalds ping -t 255 224.66.66.66 11261da177e4SLinus Torvalds 11271da177e4SLinus Torvalds If nobody answers, mbone does not work. 11281da177e4SLinus Torvalds 11291da177e4SLinus Torvalds ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255 11301da177e4SLinus Torvalds ip addr add 10.66.66.<somewhat>/24 dev Universe 11311da177e4SLinus Torvalds ifconfig Universe up 11321da177e4SLinus Torvalds ifconfig Universe add fe80::<Your_real_addr>/10 11331da177e4SLinus Torvalds ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96 11341da177e4SLinus Torvalds ftp 10.66.66.66 11351da177e4SLinus Torvalds ... 11361da177e4SLinus Torvalds ftp fec0:6666:6666::193.233.7.65 11371da177e4SLinus Torvalds ... 11381da177e4SLinus Torvalds 11391da177e4SLinus Torvalds */ 11401da177e4SLinus Torvalds 11413b04dddeSStephen Hemminger static int ipgre_header(struct sk_buff *skb, struct net_device *dev, 11423b04dddeSStephen Hemminger unsigned short type, 11433b04dddeSStephen Hemminger const void *daddr, const void *saddr, unsigned len) 11441da177e4SLinus Torvalds { 11452941a486SPatrick McHardy struct ip_tunnel *t = netdev_priv(dev); 11461da177e4SLinus Torvalds struct iphdr *iph = (struct iphdr *)skb_push(skb, t->hlen); 1147d5a0a1e3SAl Viro __be16 *p = (__be16*)(iph+1); 11481da177e4SLinus Torvalds 11491da177e4SLinus Torvalds memcpy(iph, &t->parms.iph, sizeof(struct iphdr)); 11501da177e4SLinus Torvalds p[0] = t->parms.o_flags; 11511da177e4SLinus Torvalds p[1] = htons(type); 11521da177e4SLinus Torvalds 11531da177e4SLinus Torvalds /* 11541da177e4SLinus Torvalds * Set the source hardware address. 11551da177e4SLinus Torvalds */ 11561da177e4SLinus Torvalds 11571da177e4SLinus Torvalds if (saddr) 11581da177e4SLinus Torvalds memcpy(&iph->saddr, saddr, 4); 11591da177e4SLinus Torvalds 11601da177e4SLinus Torvalds if (daddr) { 11611da177e4SLinus Torvalds memcpy(&iph->daddr, daddr, 4); 11621da177e4SLinus Torvalds return t->hlen; 11631da177e4SLinus Torvalds } 1164f97c1e0cSJoe Perches if (iph->daddr && !ipv4_is_multicast(iph->daddr)) 11651da177e4SLinus Torvalds return t->hlen; 11661da177e4SLinus Torvalds 11671da177e4SLinus Torvalds return -t->hlen; 11681da177e4SLinus Torvalds } 11691da177e4SLinus Torvalds 11706a5f44d7STimo Teras static int ipgre_header_parse(const struct sk_buff *skb, unsigned char *haddr) 11716a5f44d7STimo Teras { 11726a5f44d7STimo Teras struct iphdr *iph = (struct iphdr*) skb_mac_header(skb); 11736a5f44d7STimo Teras memcpy(haddr, &iph->saddr, 4); 11746a5f44d7STimo Teras return 4; 11756a5f44d7STimo Teras } 11766a5f44d7STimo Teras 11773b04dddeSStephen Hemminger static const struct header_ops ipgre_header_ops = { 11783b04dddeSStephen Hemminger .create = ipgre_header, 11796a5f44d7STimo Teras .parse = ipgre_header_parse, 11803b04dddeSStephen Hemminger }; 11813b04dddeSStephen Hemminger 11826a5f44d7STimo Teras #ifdef CONFIG_NET_IPGRE_BROADCAST 11831da177e4SLinus Torvalds static int ipgre_open(struct net_device *dev) 11841da177e4SLinus Torvalds { 11852941a486SPatrick McHardy struct ip_tunnel *t = netdev_priv(dev); 11861da177e4SLinus Torvalds 1187f97c1e0cSJoe Perches if (ipv4_is_multicast(t->parms.iph.daddr)) { 11881da177e4SLinus Torvalds struct flowi fl = { .oif = t->parms.link, 11891da177e4SLinus Torvalds .nl_u = { .ip4_u = 11901da177e4SLinus Torvalds { .daddr = t->parms.iph.daddr, 11911da177e4SLinus Torvalds .saddr = t->parms.iph.saddr, 11921da177e4SLinus Torvalds .tos = RT_TOS(t->parms.iph.tos) } }, 11931da177e4SLinus Torvalds .proto = IPPROTO_GRE }; 11941da177e4SLinus Torvalds struct rtable *rt; 1195f206351aSDenis V. Lunev if (ip_route_output_key(&init_net, &rt, &fl)) 11961da177e4SLinus Torvalds return -EADDRNOTAVAIL; 11971da177e4SLinus Torvalds dev = rt->u.dst.dev; 11981da177e4SLinus Torvalds ip_rt_put(rt); 1199e5ed6399SHerbert Xu if (__in_dev_get_rtnl(dev) == NULL) 12001da177e4SLinus Torvalds return -EADDRNOTAVAIL; 12011da177e4SLinus Torvalds t->mlink = dev->ifindex; 1202e5ed6399SHerbert Xu ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr); 12031da177e4SLinus Torvalds } 12041da177e4SLinus Torvalds return 0; 12051da177e4SLinus Torvalds } 12061da177e4SLinus Torvalds 12071da177e4SLinus Torvalds static int ipgre_close(struct net_device *dev) 12081da177e4SLinus Torvalds { 12092941a486SPatrick McHardy struct ip_tunnel *t = netdev_priv(dev); 1210f97c1e0cSJoe Perches if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) { 12117fee0ca2SDenis V. Lunev struct in_device *in_dev; 1212c346dca1SYOSHIFUJI Hideaki in_dev = inetdev_by_index(dev_net(dev), t->mlink); 12131da177e4SLinus Torvalds if (in_dev) { 12141da177e4SLinus Torvalds ip_mc_dec_group(in_dev, t->parms.iph.daddr); 12151da177e4SLinus Torvalds in_dev_put(in_dev); 12161da177e4SLinus Torvalds } 12171da177e4SLinus Torvalds } 12181da177e4SLinus Torvalds return 0; 12191da177e4SLinus Torvalds } 12201da177e4SLinus Torvalds 12211da177e4SLinus Torvalds #endif 12221da177e4SLinus Torvalds 12231da177e4SLinus Torvalds static void ipgre_tunnel_setup(struct net_device *dev) 12241da177e4SLinus Torvalds { 12251da177e4SLinus Torvalds dev->uninit = ipgre_tunnel_uninit; 12261da177e4SLinus Torvalds dev->destructor = free_netdev; 12271da177e4SLinus Torvalds dev->hard_start_xmit = ipgre_tunnel_xmit; 12281da177e4SLinus Torvalds dev->get_stats = ipgre_tunnel_get_stats; 12291da177e4SLinus Torvalds dev->do_ioctl = ipgre_tunnel_ioctl; 12301da177e4SLinus Torvalds dev->change_mtu = ipgre_tunnel_change_mtu; 12311da177e4SLinus Torvalds 12321da177e4SLinus Torvalds dev->type = ARPHRD_IPGRE; 12331da177e4SLinus Torvalds dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr) + 4; 123446f25dffSKris Katterjohn dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr) - 4; 12351da177e4SLinus Torvalds dev->flags = IFF_NOARP; 12361da177e4SLinus Torvalds dev->iflink = 0; 12371da177e4SLinus Torvalds dev->addr_len = 4; 12381da177e4SLinus Torvalds } 12391da177e4SLinus Torvalds 12401da177e4SLinus Torvalds static int ipgre_tunnel_init(struct net_device *dev) 12411da177e4SLinus Torvalds { 12421da177e4SLinus Torvalds struct ip_tunnel *tunnel; 12431da177e4SLinus Torvalds struct iphdr *iph; 12441da177e4SLinus Torvalds 12452941a486SPatrick McHardy tunnel = netdev_priv(dev); 12461da177e4SLinus Torvalds iph = &tunnel->parms.iph; 12471da177e4SLinus Torvalds 12481da177e4SLinus Torvalds tunnel->dev = dev; 12491da177e4SLinus Torvalds strcpy(tunnel->parms.name, dev->name); 12501da177e4SLinus Torvalds 12511da177e4SLinus Torvalds memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4); 12521da177e4SLinus Torvalds memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4); 12531da177e4SLinus Torvalds 1254ee34c1ebSMichal Schmidt ipgre_tunnel_bind_dev(dev); 12551da177e4SLinus Torvalds 12561da177e4SLinus Torvalds if (iph->daddr) { 12571da177e4SLinus Torvalds #ifdef CONFIG_NET_IPGRE_BROADCAST 1258f97c1e0cSJoe Perches if (ipv4_is_multicast(iph->daddr)) { 12591da177e4SLinus Torvalds if (!iph->saddr) 12601da177e4SLinus Torvalds return -EINVAL; 12611da177e4SLinus Torvalds dev->flags = IFF_BROADCAST; 12623b04dddeSStephen Hemminger dev->header_ops = &ipgre_header_ops; 12631da177e4SLinus Torvalds dev->open = ipgre_open; 12641da177e4SLinus Torvalds dev->stop = ipgre_close; 12651da177e4SLinus Torvalds } 12661da177e4SLinus Torvalds #endif 1267ee34c1ebSMichal Schmidt } else 12686a5f44d7STimo Teras dev->header_ops = &ipgre_header_ops; 12691da177e4SLinus Torvalds 12701da177e4SLinus Torvalds return 0; 12711da177e4SLinus Torvalds } 12721da177e4SLinus Torvalds 1273*7daa0004SPavel Emelyanov static int ipgre_fb_tunnel_init(struct net_device *dev) 12741da177e4SLinus Torvalds { 12752941a486SPatrick McHardy struct ip_tunnel *tunnel = netdev_priv(dev); 12761da177e4SLinus Torvalds struct iphdr *iph = &tunnel->parms.iph; 12771da177e4SLinus Torvalds 12781da177e4SLinus Torvalds tunnel->dev = dev; 12791da177e4SLinus Torvalds strcpy(tunnel->parms.name, dev->name); 12801da177e4SLinus Torvalds 12811da177e4SLinus Torvalds iph->version = 4; 12821da177e4SLinus Torvalds iph->protocol = IPPROTO_GRE; 12831da177e4SLinus Torvalds iph->ihl = 5; 12841da177e4SLinus Torvalds tunnel->hlen = sizeof(struct iphdr) + 4; 12851da177e4SLinus Torvalds 12861da177e4SLinus Torvalds dev_hold(dev); 12871da177e4SLinus Torvalds tunnels_wc[0] = tunnel; 12881da177e4SLinus Torvalds return 0; 12891da177e4SLinus Torvalds } 12901da177e4SLinus Torvalds 12911da177e4SLinus Torvalds 12921da177e4SLinus Torvalds static struct net_protocol ipgre_protocol = { 12931da177e4SLinus Torvalds .handler = ipgre_rcv, 12941da177e4SLinus Torvalds .err_handler = ipgre_err, 12951da177e4SLinus Torvalds }; 12961da177e4SLinus Torvalds 129759a4c759SPavel Emelyanov static int ipgre_init_net(struct net *net) 129859a4c759SPavel Emelyanov { 129959a4c759SPavel Emelyanov int err; 130059a4c759SPavel Emelyanov struct ipgre_net *ign; 130159a4c759SPavel Emelyanov 130259a4c759SPavel Emelyanov err = -ENOMEM; 130359a4c759SPavel Emelyanov ign = kmalloc(sizeof(struct ipgre_net), GFP_KERNEL); 130459a4c759SPavel Emelyanov if (ign == NULL) 130559a4c759SPavel Emelyanov goto err_alloc; 130659a4c759SPavel Emelyanov 130759a4c759SPavel Emelyanov err = net_assign_generic(net, ipgre_net_id, ign); 130859a4c759SPavel Emelyanov if (err < 0) 130959a4c759SPavel Emelyanov goto err_assign; 131059a4c759SPavel Emelyanov 1311*7daa0004SPavel Emelyanov ign->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0", 1312*7daa0004SPavel Emelyanov ipgre_tunnel_setup); 1313*7daa0004SPavel Emelyanov if (!ign->fb_tunnel_dev) { 1314*7daa0004SPavel Emelyanov err = -ENOMEM; 1315*7daa0004SPavel Emelyanov goto err_alloc_dev; 1316*7daa0004SPavel Emelyanov } 1317*7daa0004SPavel Emelyanov 1318*7daa0004SPavel Emelyanov ign->fb_tunnel_dev->init = ipgre_fb_tunnel_init; 1319*7daa0004SPavel Emelyanov dev_net_set(ign->fb_tunnel_dev, net); 1320*7daa0004SPavel Emelyanov 1321*7daa0004SPavel Emelyanov if ((err = register_netdev(ign->fb_tunnel_dev))) 1322*7daa0004SPavel Emelyanov goto err_reg_dev; 1323*7daa0004SPavel Emelyanov 132459a4c759SPavel Emelyanov return 0; 132559a4c759SPavel Emelyanov 1326*7daa0004SPavel Emelyanov err_reg_dev: 1327*7daa0004SPavel Emelyanov free_netdev(ign->fb_tunnel_dev); 1328*7daa0004SPavel Emelyanov err_alloc_dev: 1329*7daa0004SPavel Emelyanov /* nothing */ 133059a4c759SPavel Emelyanov err_assign: 133159a4c759SPavel Emelyanov kfree(ign); 133259a4c759SPavel Emelyanov err_alloc: 133359a4c759SPavel Emelyanov return err; 133459a4c759SPavel Emelyanov } 133559a4c759SPavel Emelyanov 133659a4c759SPavel Emelyanov static void ipgre_exit_net(struct net *net) 133759a4c759SPavel Emelyanov { 133859a4c759SPavel Emelyanov struct ipgre_net *ign; 133959a4c759SPavel Emelyanov 134059a4c759SPavel Emelyanov ign = net_generic(net, ipgre_net_id); 1341*7daa0004SPavel Emelyanov rtnl_lock(); 1342*7daa0004SPavel Emelyanov if (net != &init_net) 1343*7daa0004SPavel Emelyanov unregister_netdevice(ign->fb_tunnel_dev); 1344*7daa0004SPavel Emelyanov rtnl_unlock(); 134559a4c759SPavel Emelyanov kfree(ign); 134659a4c759SPavel Emelyanov } 134759a4c759SPavel Emelyanov 134859a4c759SPavel Emelyanov static struct pernet_operations ipgre_net_ops = { 134959a4c759SPavel Emelyanov .init = ipgre_init_net, 135059a4c759SPavel Emelyanov .exit = ipgre_exit_net, 135159a4c759SPavel Emelyanov }; 13521da177e4SLinus Torvalds 13531da177e4SLinus Torvalds /* 13541da177e4SLinus Torvalds * And now the modules code and kernel interface. 13551da177e4SLinus Torvalds */ 13561da177e4SLinus Torvalds 13571da177e4SLinus Torvalds static int __init ipgre_init(void) 13581da177e4SLinus Torvalds { 13591da177e4SLinus Torvalds int err; 13601da177e4SLinus Torvalds 13611da177e4SLinus Torvalds printk(KERN_INFO "GRE over IPv4 tunneling driver\n"); 13621da177e4SLinus Torvalds 13631da177e4SLinus Torvalds if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) { 13641da177e4SLinus Torvalds printk(KERN_INFO "ipgre init: can't add protocol\n"); 13651da177e4SLinus Torvalds return -EAGAIN; 13661da177e4SLinus Torvalds } 13671da177e4SLinus Torvalds 136859a4c759SPavel Emelyanov err = register_pernet_gen_device(&ipgre_net_id, &ipgre_net_ops); 136959a4c759SPavel Emelyanov if (err < 0) 13701da177e4SLinus Torvalds inet_del_protocol(&ipgre_protocol, IPPROTO_GRE); 1371*7daa0004SPavel Emelyanov 1372*7daa0004SPavel Emelyanov return err; 13731da177e4SLinus Torvalds } 13741da177e4SLinus Torvalds 1375db44575fSAlexey Kuznetsov static void __exit ipgre_destroy_tunnels(void) 1376db44575fSAlexey Kuznetsov { 1377db44575fSAlexey Kuznetsov int prio; 1378db44575fSAlexey Kuznetsov 1379db44575fSAlexey Kuznetsov for (prio = 0; prio < 4; prio++) { 1380db44575fSAlexey Kuznetsov int h; 1381db44575fSAlexey Kuznetsov for (h = 0; h < HASH_SIZE; h++) { 1382db44575fSAlexey Kuznetsov struct ip_tunnel *t; 1383db44575fSAlexey Kuznetsov while ((t = tunnels[prio][h]) != NULL) 1384db44575fSAlexey Kuznetsov unregister_netdevice(t->dev); 1385db44575fSAlexey Kuznetsov } 1386db44575fSAlexey Kuznetsov } 1387db44575fSAlexey Kuznetsov } 1388db44575fSAlexey Kuznetsov 1389db44575fSAlexey Kuznetsov static void __exit ipgre_fini(void) 13901da177e4SLinus Torvalds { 13911da177e4SLinus Torvalds if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) 13921da177e4SLinus Torvalds printk(KERN_INFO "ipgre close: can't remove protocol\n"); 13931da177e4SLinus Torvalds 1394db44575fSAlexey Kuznetsov rtnl_lock(); 1395db44575fSAlexey Kuznetsov ipgre_destroy_tunnels(); 1396db44575fSAlexey Kuznetsov rtnl_unlock(); 139759a4c759SPavel Emelyanov 139859a4c759SPavel Emelyanov unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops); 13991da177e4SLinus Torvalds } 14001da177e4SLinus Torvalds 14011da177e4SLinus Torvalds module_init(ipgre_init); 14021da177e4SLinus Torvalds module_exit(ipgre_fini); 14031da177e4SLinus Torvalds MODULE_LICENSE("GPL"); 1404