11da177e4SLinus Torvalds /* 21da177e4SLinus Torvalds * Linux NET3: GRE over IP protocol decoder. 31da177e4SLinus Torvalds * 41da177e4SLinus Torvalds * Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru) 51da177e4SLinus Torvalds * 61da177e4SLinus Torvalds * This program is free software; you can redistribute it and/or 71da177e4SLinus Torvalds * modify it under the terms of the GNU General Public License 81da177e4SLinus Torvalds * as published by the Free Software Foundation; either version 91da177e4SLinus Torvalds * 2 of the License, or (at your option) any later version. 101da177e4SLinus Torvalds * 111da177e4SLinus Torvalds */ 121da177e4SLinus Torvalds 134fc268d2SRandy Dunlap #include <linux/capability.h> 141da177e4SLinus Torvalds #include <linux/module.h> 151da177e4SLinus Torvalds #include <linux/types.h> 161da177e4SLinus Torvalds #include <linux/kernel.h> 171da177e4SLinus Torvalds #include <asm/uaccess.h> 181da177e4SLinus Torvalds #include <linux/skbuff.h> 191da177e4SLinus Torvalds #include <linux/netdevice.h> 201da177e4SLinus Torvalds #include <linux/in.h> 211da177e4SLinus Torvalds #include <linux/tcp.h> 221da177e4SLinus Torvalds #include <linux/udp.h> 231da177e4SLinus Torvalds #include <linux/if_arp.h> 241da177e4SLinus Torvalds #include <linux/mroute.h> 251da177e4SLinus Torvalds #include <linux/init.h> 261da177e4SLinus Torvalds #include <linux/in6.h> 271da177e4SLinus Torvalds #include <linux/inetdevice.h> 281da177e4SLinus Torvalds #include <linux/igmp.h> 291da177e4SLinus Torvalds #include <linux/netfilter_ipv4.h> 3046f25dffSKris Katterjohn #include <linux/if_ether.h> 311da177e4SLinus Torvalds 321da177e4SLinus Torvalds #include <net/sock.h> 331da177e4SLinus Torvalds #include <net/ip.h> 341da177e4SLinus Torvalds #include <net/icmp.h> 351da177e4SLinus Torvalds #include <net/protocol.h> 361da177e4SLinus Torvalds #include <net/ipip.h> 371da177e4SLinus Torvalds #include <net/arp.h> 381da177e4SLinus Torvalds #include <net/checksum.h> 391da177e4SLinus Torvalds #include <net/dsfield.h> 401da177e4SLinus Torvalds #include <net/inet_ecn.h> 411da177e4SLinus Torvalds #include <net/xfrm.h> 421da177e4SLinus Torvalds 431da177e4SLinus Torvalds #ifdef CONFIG_IPV6 441da177e4SLinus Torvalds #include <net/ipv6.h> 451da177e4SLinus Torvalds #include <net/ip6_fib.h> 461da177e4SLinus Torvalds #include <net/ip6_route.h> 471da177e4SLinus Torvalds #endif 481da177e4SLinus Torvalds 491da177e4SLinus Torvalds /* 501da177e4SLinus Torvalds Problems & solutions 511da177e4SLinus Torvalds -------------------- 521da177e4SLinus Torvalds 531da177e4SLinus Torvalds 1. The most important issue is detecting local dead loops. 541da177e4SLinus Torvalds They would cause complete host lockup in transmit, which 551da177e4SLinus Torvalds would be "resolved" by stack overflow or, if queueing is enabled, 561da177e4SLinus Torvalds with infinite looping in net_bh. 571da177e4SLinus Torvalds 581da177e4SLinus Torvalds We cannot track such dead loops during route installation, 591da177e4SLinus Torvalds it is infeasible task. The most general solutions would be 601da177e4SLinus Torvalds to keep skb->encapsulation counter (sort of local ttl), 611da177e4SLinus Torvalds and silently drop packet when it expires. It is the best 621da177e4SLinus Torvalds solution, but it supposes maintaing new variable in ALL 631da177e4SLinus Torvalds skb, even if no tunneling is used. 641da177e4SLinus Torvalds 651da177e4SLinus Torvalds Current solution: t->recursion lock breaks dead loops. It looks 661da177e4SLinus Torvalds like dev->tbusy flag, but I preferred new variable, because 671da177e4SLinus Torvalds the semantics is different. One day, when hard_start_xmit 681da177e4SLinus Torvalds will be multithreaded we will have to use skb->encapsulation. 691da177e4SLinus Torvalds 701da177e4SLinus Torvalds 711da177e4SLinus Torvalds 721da177e4SLinus Torvalds 2. Networking dead loops would not kill routers, but would really 731da177e4SLinus Torvalds kill network. IP hop limit plays role of "t->recursion" in this case, 741da177e4SLinus Torvalds if we copy it from packet being encapsulated to upper header. 751da177e4SLinus Torvalds It is very good solution, but it introduces two problems: 761da177e4SLinus Torvalds 771da177e4SLinus Torvalds - Routing protocols, using packets with ttl=1 (OSPF, RIP2), 781da177e4SLinus Torvalds do not work over tunnels. 791da177e4SLinus Torvalds - traceroute does not work. I planned to relay ICMP from tunnel, 801da177e4SLinus Torvalds so that this problem would be solved and traceroute output 811da177e4SLinus Torvalds would even more informative. This idea appeared to be wrong: 821da177e4SLinus Torvalds only Linux complies to rfc1812 now (yes, guys, Linux is the only 831da177e4SLinus Torvalds true router now :-)), all routers (at least, in neighbourhood of mine) 841da177e4SLinus Torvalds return only 8 bytes of payload. It is the end. 851da177e4SLinus Torvalds 861da177e4SLinus Torvalds Hence, if we want that OSPF worked or traceroute said something reasonable, 871da177e4SLinus Torvalds we should search for another solution. 881da177e4SLinus Torvalds 891da177e4SLinus Torvalds One of them is to parse packet trying to detect inner encapsulation 901da177e4SLinus Torvalds made by our node. It is difficult or even impossible, especially, 911da177e4SLinus Torvalds taking into account fragmentation. TO be short, tt is not solution at all. 921da177e4SLinus Torvalds 931da177e4SLinus Torvalds Current solution: The solution was UNEXPECTEDLY SIMPLE. 941da177e4SLinus Torvalds We force DF flag on tunnels with preconfigured hop limit, 951da177e4SLinus Torvalds that is ALL. :-) Well, it does not remove the problem completely, 961da177e4SLinus Torvalds but exponential growth of network traffic is changed to linear 971da177e4SLinus Torvalds (branches, that exceed pmtu are pruned) and tunnel mtu 981da177e4SLinus Torvalds fastly degrades to value <68, where looping stops. 991da177e4SLinus Torvalds Yes, it is not good if there exists a router in the loop, 1001da177e4SLinus Torvalds which does not force DF, even when encapsulating packets have DF set. 1011da177e4SLinus Torvalds But it is not our problem! Nobody could accuse us, we made 1021da177e4SLinus Torvalds all that we could make. Even if it is your gated who injected 1031da177e4SLinus Torvalds fatal route to network, even if it were you who configured 1041da177e4SLinus Torvalds fatal static route: you are innocent. :-) 1051da177e4SLinus Torvalds 1061da177e4SLinus Torvalds 1071da177e4SLinus Torvalds 1081da177e4SLinus Torvalds 3. Really, ipv4/ipip.c, ipv4/ip_gre.c and ipv6/sit.c contain 1091da177e4SLinus Torvalds practically identical code. It would be good to glue them 1101da177e4SLinus Torvalds together, but it is not very evident, how to make them modular. 1111da177e4SLinus Torvalds sit is integral part of IPv6, ipip and gre are naturally modular. 1121da177e4SLinus Torvalds We could extract common parts (hash table, ioctl etc) 1131da177e4SLinus Torvalds to a separate module (ip_tunnel.c). 1141da177e4SLinus Torvalds 1151da177e4SLinus Torvalds Alexey Kuznetsov. 1161da177e4SLinus Torvalds */ 1171da177e4SLinus Torvalds 1181da177e4SLinus Torvalds static int ipgre_tunnel_init(struct net_device *dev); 1191da177e4SLinus Torvalds static void ipgre_tunnel_setup(struct net_device *dev); 1201da177e4SLinus Torvalds 1211da177e4SLinus Torvalds /* Fallback tunnel: no source, no destination, no key, no options */ 1221da177e4SLinus Torvalds 1231da177e4SLinus Torvalds static int ipgre_fb_tunnel_init(struct net_device *dev); 1241da177e4SLinus Torvalds 1251da177e4SLinus Torvalds static struct net_device *ipgre_fb_tunnel_dev; 1261da177e4SLinus Torvalds 1271da177e4SLinus Torvalds /* Tunnel hash table */ 1281da177e4SLinus Torvalds 1291da177e4SLinus Torvalds /* 1301da177e4SLinus Torvalds 4 hash tables: 1311da177e4SLinus Torvalds 1321da177e4SLinus Torvalds 3: (remote,local) 1331da177e4SLinus Torvalds 2: (remote,*) 1341da177e4SLinus Torvalds 1: (*,local) 1351da177e4SLinus Torvalds 0: (*,*) 1361da177e4SLinus Torvalds 1371da177e4SLinus Torvalds We require exact key match i.e. if a key is present in packet 1381da177e4SLinus Torvalds it will match only tunnel with the same key; if it is not present, 1391da177e4SLinus Torvalds it will match only keyless tunnel. 1401da177e4SLinus Torvalds 1411da177e4SLinus Torvalds All keysless packets, if not matched configured keyless tunnels 1421da177e4SLinus Torvalds will match fallback tunnel. 1431da177e4SLinus Torvalds */ 1441da177e4SLinus Torvalds 1451da177e4SLinus Torvalds #define HASH_SIZE 16 146d5a0a1e3SAl Viro #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF) 1471da177e4SLinus Torvalds 1481da177e4SLinus Torvalds static struct ip_tunnel *tunnels[4][HASH_SIZE]; 1491da177e4SLinus Torvalds 1501da177e4SLinus Torvalds #define tunnels_r_l (tunnels[3]) 1511da177e4SLinus Torvalds #define tunnels_r (tunnels[2]) 1521da177e4SLinus Torvalds #define tunnels_l (tunnels[1]) 1531da177e4SLinus Torvalds #define tunnels_wc (tunnels[0]) 1541da177e4SLinus Torvalds 1551da177e4SLinus Torvalds static DEFINE_RWLOCK(ipgre_lock); 1561da177e4SLinus Torvalds 1571da177e4SLinus Torvalds /* Given src, dst and key, find appropriate for input tunnel. */ 1581da177e4SLinus Torvalds 159d5a0a1e3SAl Viro static struct ip_tunnel * ipgre_tunnel_lookup(__be32 remote, __be32 local, __be32 key) 1601da177e4SLinus Torvalds { 1611da177e4SLinus Torvalds unsigned h0 = HASH(remote); 1621da177e4SLinus Torvalds unsigned h1 = HASH(key); 1631da177e4SLinus Torvalds struct ip_tunnel *t; 1641da177e4SLinus Torvalds 1651da177e4SLinus Torvalds for (t = tunnels_r_l[h0^h1]; t; t = t->next) { 1661da177e4SLinus Torvalds if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) { 1671da177e4SLinus Torvalds if (t->parms.i_key == key && (t->dev->flags&IFF_UP)) 1681da177e4SLinus Torvalds return t; 1691da177e4SLinus Torvalds } 1701da177e4SLinus Torvalds } 1711da177e4SLinus Torvalds for (t = tunnels_r[h0^h1]; t; t = t->next) { 1721da177e4SLinus Torvalds if (remote == t->parms.iph.daddr) { 1731da177e4SLinus Torvalds if (t->parms.i_key == key && (t->dev->flags&IFF_UP)) 1741da177e4SLinus Torvalds return t; 1751da177e4SLinus Torvalds } 1761da177e4SLinus Torvalds } 1771da177e4SLinus Torvalds for (t = tunnels_l[h1]; t; t = t->next) { 1781da177e4SLinus Torvalds if (local == t->parms.iph.saddr || 1791da177e4SLinus Torvalds (local == t->parms.iph.daddr && MULTICAST(local))) { 1801da177e4SLinus Torvalds if (t->parms.i_key == key && (t->dev->flags&IFF_UP)) 1811da177e4SLinus Torvalds return t; 1821da177e4SLinus Torvalds } 1831da177e4SLinus Torvalds } 1841da177e4SLinus Torvalds for (t = tunnels_wc[h1]; t; t = t->next) { 1851da177e4SLinus Torvalds if (t->parms.i_key == key && (t->dev->flags&IFF_UP)) 1861da177e4SLinus Torvalds return t; 1871da177e4SLinus Torvalds } 1881da177e4SLinus Torvalds 1891da177e4SLinus Torvalds if (ipgre_fb_tunnel_dev->flags&IFF_UP) 1902941a486SPatrick McHardy return netdev_priv(ipgre_fb_tunnel_dev); 1911da177e4SLinus Torvalds return NULL; 1921da177e4SLinus Torvalds } 1931da177e4SLinus Torvalds 1941da177e4SLinus Torvalds static struct ip_tunnel **ipgre_bucket(struct ip_tunnel *t) 1951da177e4SLinus Torvalds { 196d5a0a1e3SAl Viro __be32 remote = t->parms.iph.daddr; 197d5a0a1e3SAl Viro __be32 local = t->parms.iph.saddr; 198d5a0a1e3SAl Viro __be32 key = t->parms.i_key; 1991da177e4SLinus Torvalds unsigned h = HASH(key); 2001da177e4SLinus Torvalds int prio = 0; 2011da177e4SLinus Torvalds 2021da177e4SLinus Torvalds if (local) 2031da177e4SLinus Torvalds prio |= 1; 2041da177e4SLinus Torvalds if (remote && !MULTICAST(remote)) { 2051da177e4SLinus Torvalds prio |= 2; 2061da177e4SLinus Torvalds h ^= HASH(remote); 2071da177e4SLinus Torvalds } 2081da177e4SLinus Torvalds 2091da177e4SLinus Torvalds return &tunnels[prio][h]; 2101da177e4SLinus Torvalds } 2111da177e4SLinus Torvalds 2121da177e4SLinus Torvalds static void ipgre_tunnel_link(struct ip_tunnel *t) 2131da177e4SLinus Torvalds { 2141da177e4SLinus Torvalds struct ip_tunnel **tp = ipgre_bucket(t); 2151da177e4SLinus Torvalds 2161da177e4SLinus Torvalds t->next = *tp; 2171da177e4SLinus Torvalds write_lock_bh(&ipgre_lock); 2181da177e4SLinus Torvalds *tp = t; 2191da177e4SLinus Torvalds write_unlock_bh(&ipgre_lock); 2201da177e4SLinus Torvalds } 2211da177e4SLinus Torvalds 2221da177e4SLinus Torvalds static void ipgre_tunnel_unlink(struct ip_tunnel *t) 2231da177e4SLinus Torvalds { 2241da177e4SLinus Torvalds struct ip_tunnel **tp; 2251da177e4SLinus Torvalds 2261da177e4SLinus Torvalds for (tp = ipgre_bucket(t); *tp; tp = &(*tp)->next) { 2271da177e4SLinus Torvalds if (t == *tp) { 2281da177e4SLinus Torvalds write_lock_bh(&ipgre_lock); 2291da177e4SLinus Torvalds *tp = t->next; 2301da177e4SLinus Torvalds write_unlock_bh(&ipgre_lock); 2311da177e4SLinus Torvalds break; 2321da177e4SLinus Torvalds } 2331da177e4SLinus Torvalds } 2341da177e4SLinus Torvalds } 2351da177e4SLinus Torvalds 2361da177e4SLinus Torvalds static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int create) 2371da177e4SLinus Torvalds { 238d5a0a1e3SAl Viro __be32 remote = parms->iph.daddr; 239d5a0a1e3SAl Viro __be32 local = parms->iph.saddr; 240d5a0a1e3SAl Viro __be32 key = parms->i_key; 2411da177e4SLinus Torvalds struct ip_tunnel *t, **tp, *nt; 2421da177e4SLinus Torvalds struct net_device *dev; 2431da177e4SLinus Torvalds unsigned h = HASH(key); 2441da177e4SLinus Torvalds int prio = 0; 2451da177e4SLinus Torvalds char name[IFNAMSIZ]; 2461da177e4SLinus Torvalds 2471da177e4SLinus Torvalds if (local) 2481da177e4SLinus Torvalds prio |= 1; 2491da177e4SLinus Torvalds if (remote && !MULTICAST(remote)) { 2501da177e4SLinus Torvalds prio |= 2; 2511da177e4SLinus Torvalds h ^= HASH(remote); 2521da177e4SLinus Torvalds } 2531da177e4SLinus Torvalds for (tp = &tunnels[prio][h]; (t = *tp) != NULL; tp = &t->next) { 2541da177e4SLinus Torvalds if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) { 2551da177e4SLinus Torvalds if (key == t->parms.i_key) 2561da177e4SLinus Torvalds return t; 2571da177e4SLinus Torvalds } 2581da177e4SLinus Torvalds } 2591da177e4SLinus Torvalds if (!create) 2601da177e4SLinus Torvalds return NULL; 2611da177e4SLinus Torvalds 2621da177e4SLinus Torvalds if (parms->name[0]) 2631da177e4SLinus Torvalds strlcpy(name, parms->name, IFNAMSIZ); 2641da177e4SLinus Torvalds else { 2651da177e4SLinus Torvalds int i; 2661da177e4SLinus Torvalds for (i=1; i<100; i++) { 2671da177e4SLinus Torvalds sprintf(name, "gre%d", i); 2681da177e4SLinus Torvalds if (__dev_get_by_name(name) == NULL) 2691da177e4SLinus Torvalds break; 2701da177e4SLinus Torvalds } 2711da177e4SLinus Torvalds if (i==100) 2721da177e4SLinus Torvalds goto failed; 2731da177e4SLinus Torvalds } 2741da177e4SLinus Torvalds 2751da177e4SLinus Torvalds dev = alloc_netdev(sizeof(*t), name, ipgre_tunnel_setup); 2761da177e4SLinus Torvalds if (!dev) 2771da177e4SLinus Torvalds return NULL; 2781da177e4SLinus Torvalds 2791da177e4SLinus Torvalds dev->init = ipgre_tunnel_init; 2802941a486SPatrick McHardy nt = netdev_priv(dev); 2811da177e4SLinus Torvalds nt->parms = *parms; 2821da177e4SLinus Torvalds 2831da177e4SLinus Torvalds if (register_netdevice(dev) < 0) { 2841da177e4SLinus Torvalds free_netdev(dev); 2851da177e4SLinus Torvalds goto failed; 2861da177e4SLinus Torvalds } 2871da177e4SLinus Torvalds 2881da177e4SLinus Torvalds dev_hold(dev); 2891da177e4SLinus Torvalds ipgre_tunnel_link(nt); 2901da177e4SLinus Torvalds return nt; 2911da177e4SLinus Torvalds 2921da177e4SLinus Torvalds failed: 2931da177e4SLinus Torvalds return NULL; 2941da177e4SLinus Torvalds } 2951da177e4SLinus Torvalds 2961da177e4SLinus Torvalds static void ipgre_tunnel_uninit(struct net_device *dev) 2971da177e4SLinus Torvalds { 2982941a486SPatrick McHardy ipgre_tunnel_unlink(netdev_priv(dev)); 2991da177e4SLinus Torvalds dev_put(dev); 3001da177e4SLinus Torvalds } 3011da177e4SLinus Torvalds 3021da177e4SLinus Torvalds 3031da177e4SLinus Torvalds static void ipgre_err(struct sk_buff *skb, u32 info) 3041da177e4SLinus Torvalds { 3051da177e4SLinus Torvalds #ifndef I_WISH_WORLD_WERE_PERFECT 3061da177e4SLinus Torvalds 3071da177e4SLinus Torvalds /* It is not :-( All the routers (except for Linux) return only 3081da177e4SLinus Torvalds 8 bytes of packet payload. It means, that precise relaying of 3091da177e4SLinus Torvalds ICMP in the real Internet is absolutely infeasible. 3101da177e4SLinus Torvalds 3111da177e4SLinus Torvalds Moreover, Cisco "wise men" put GRE key to the third word 3121da177e4SLinus Torvalds in GRE header. It makes impossible maintaining even soft state for keyed 3131da177e4SLinus Torvalds GRE tunnels with enabled checksum. Tell them "thank you". 3141da177e4SLinus Torvalds 3151da177e4SLinus Torvalds Well, I wonder, rfc1812 was written by Cisco employee, 3161da177e4SLinus Torvalds what the hell these idiots break standrads established 3171da177e4SLinus Torvalds by themself??? 3181da177e4SLinus Torvalds */ 3191da177e4SLinus Torvalds 3201da177e4SLinus Torvalds struct iphdr *iph = (struct iphdr*)skb->data; 321d5a0a1e3SAl Viro __be16 *p = (__be16*)(skb->data+(iph->ihl<<2)); 3221da177e4SLinus Torvalds int grehlen = (iph->ihl<<2) + 4; 3231da177e4SLinus Torvalds int type = skb->h.icmph->type; 3241da177e4SLinus Torvalds int code = skb->h.icmph->code; 3251da177e4SLinus Torvalds struct ip_tunnel *t; 326d5a0a1e3SAl Viro __be16 flags; 3271da177e4SLinus Torvalds 3281da177e4SLinus Torvalds flags = p[0]; 3291da177e4SLinus Torvalds if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) { 3301da177e4SLinus Torvalds if (flags&(GRE_VERSION|GRE_ROUTING)) 3311da177e4SLinus Torvalds return; 3321da177e4SLinus Torvalds if (flags&GRE_KEY) { 3331da177e4SLinus Torvalds grehlen += 4; 3341da177e4SLinus Torvalds if (flags&GRE_CSUM) 3351da177e4SLinus Torvalds grehlen += 4; 3361da177e4SLinus Torvalds } 3371da177e4SLinus Torvalds } 3381da177e4SLinus Torvalds 3391da177e4SLinus Torvalds /* If only 8 bytes returned, keyed message will be dropped here */ 3401da177e4SLinus Torvalds if (skb_headlen(skb) < grehlen) 3411da177e4SLinus Torvalds return; 3421da177e4SLinus Torvalds 3431da177e4SLinus Torvalds switch (type) { 3441da177e4SLinus Torvalds default: 3451da177e4SLinus Torvalds case ICMP_PARAMETERPROB: 3461da177e4SLinus Torvalds return; 3471da177e4SLinus Torvalds 3481da177e4SLinus Torvalds case ICMP_DEST_UNREACH: 3491da177e4SLinus Torvalds switch (code) { 3501da177e4SLinus Torvalds case ICMP_SR_FAILED: 3511da177e4SLinus Torvalds case ICMP_PORT_UNREACH: 3521da177e4SLinus Torvalds /* Impossible event. */ 3531da177e4SLinus Torvalds return; 3541da177e4SLinus Torvalds case ICMP_FRAG_NEEDED: 3551da177e4SLinus Torvalds /* Soft state for pmtu is maintained by IP core. */ 3561da177e4SLinus Torvalds return; 3571da177e4SLinus Torvalds default: 3581da177e4SLinus Torvalds /* All others are translated to HOST_UNREACH. 3591da177e4SLinus Torvalds rfc2003 contains "deep thoughts" about NET_UNREACH, 3601da177e4SLinus Torvalds I believe they are just ether pollution. --ANK 3611da177e4SLinus Torvalds */ 3621da177e4SLinus Torvalds break; 3631da177e4SLinus Torvalds } 3641da177e4SLinus Torvalds break; 3651da177e4SLinus Torvalds case ICMP_TIME_EXCEEDED: 3661da177e4SLinus Torvalds if (code != ICMP_EXC_TTL) 3671da177e4SLinus Torvalds return; 3681da177e4SLinus Torvalds break; 3691da177e4SLinus Torvalds } 3701da177e4SLinus Torvalds 3711da177e4SLinus Torvalds read_lock(&ipgre_lock); 372d5a0a1e3SAl Viro t = ipgre_tunnel_lookup(iph->daddr, iph->saddr, (flags&GRE_KEY) ? *(((__be32*)p) + (grehlen>>2) - 1) : 0); 3731da177e4SLinus Torvalds if (t == NULL || t->parms.iph.daddr == 0 || MULTICAST(t->parms.iph.daddr)) 3741da177e4SLinus Torvalds goto out; 3751da177e4SLinus Torvalds 3761da177e4SLinus Torvalds if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED) 3771da177e4SLinus Torvalds goto out; 3781da177e4SLinus Torvalds 3791da177e4SLinus Torvalds if (jiffies - t->err_time < IPTUNNEL_ERR_TIMEO) 3801da177e4SLinus Torvalds t->err_count++; 3811da177e4SLinus Torvalds else 3821da177e4SLinus Torvalds t->err_count = 1; 3831da177e4SLinus Torvalds t->err_time = jiffies; 3841da177e4SLinus Torvalds out: 3851da177e4SLinus Torvalds read_unlock(&ipgre_lock); 3861da177e4SLinus Torvalds return; 3871da177e4SLinus Torvalds #else 3881da177e4SLinus Torvalds struct iphdr *iph = (struct iphdr*)dp; 3891da177e4SLinus Torvalds struct iphdr *eiph; 390d5a0a1e3SAl Viro __be16 *p = (__be16*)(dp+(iph->ihl<<2)); 3911da177e4SLinus Torvalds int type = skb->h.icmph->type; 3921da177e4SLinus Torvalds int code = skb->h.icmph->code; 3931da177e4SLinus Torvalds int rel_type = 0; 3941da177e4SLinus Torvalds int rel_code = 0; 395c55e2f49SAl Viro __be32 rel_info = 0; 396c55e2f49SAl Viro __u32 n = 0; 397d5a0a1e3SAl Viro __be16 flags; 3981da177e4SLinus Torvalds int grehlen = (iph->ihl<<2) + 4; 3991da177e4SLinus Torvalds struct sk_buff *skb2; 4001da177e4SLinus Torvalds struct flowi fl; 4011da177e4SLinus Torvalds struct rtable *rt; 4021da177e4SLinus Torvalds 4031da177e4SLinus Torvalds if (p[1] != htons(ETH_P_IP)) 4041da177e4SLinus Torvalds return; 4051da177e4SLinus Torvalds 4061da177e4SLinus Torvalds flags = p[0]; 4071da177e4SLinus Torvalds if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) { 4081da177e4SLinus Torvalds if (flags&(GRE_VERSION|GRE_ROUTING)) 4091da177e4SLinus Torvalds return; 4101da177e4SLinus Torvalds if (flags&GRE_CSUM) 4111da177e4SLinus Torvalds grehlen += 4; 4121da177e4SLinus Torvalds if (flags&GRE_KEY) 4131da177e4SLinus Torvalds grehlen += 4; 4141da177e4SLinus Torvalds if (flags&GRE_SEQ) 4151da177e4SLinus Torvalds grehlen += 4; 4161da177e4SLinus Torvalds } 4171da177e4SLinus Torvalds if (len < grehlen + sizeof(struct iphdr)) 4181da177e4SLinus Torvalds return; 4191da177e4SLinus Torvalds eiph = (struct iphdr*)(dp + grehlen); 4201da177e4SLinus Torvalds 4211da177e4SLinus Torvalds switch (type) { 4221da177e4SLinus Torvalds default: 4231da177e4SLinus Torvalds return; 4241da177e4SLinus Torvalds case ICMP_PARAMETERPROB: 425c55e2f49SAl Viro n = ntohl(skb->h.icmph->un.gateway) >> 24; 426c55e2f49SAl Viro if (n < (iph->ihl<<2)) 4271da177e4SLinus Torvalds return; 4281da177e4SLinus Torvalds 4291da177e4SLinus Torvalds /* So... This guy found something strange INSIDE encapsulated 4301da177e4SLinus Torvalds packet. Well, he is fool, but what can we do ? 4311da177e4SLinus Torvalds */ 4321da177e4SLinus Torvalds rel_type = ICMP_PARAMETERPROB; 433c55e2f49SAl Viro n -= grehlen; 434c55e2f49SAl Viro rel_info = htonl(n << 24); 4351da177e4SLinus Torvalds break; 4361da177e4SLinus Torvalds 4371da177e4SLinus Torvalds case ICMP_DEST_UNREACH: 4381da177e4SLinus Torvalds switch (code) { 4391da177e4SLinus Torvalds case ICMP_SR_FAILED: 4401da177e4SLinus Torvalds case ICMP_PORT_UNREACH: 4411da177e4SLinus Torvalds /* Impossible event. */ 4421da177e4SLinus Torvalds return; 4431da177e4SLinus Torvalds case ICMP_FRAG_NEEDED: 4441da177e4SLinus Torvalds /* And it is the only really necessary thing :-) */ 445c55e2f49SAl Viro n = ntohs(skb->h.icmph->un.frag.mtu); 446c55e2f49SAl Viro if (n < grehlen+68) 4471da177e4SLinus Torvalds return; 448c55e2f49SAl Viro n -= grehlen; 4491da177e4SLinus Torvalds /* BSD 4.2 MORE DOES NOT EXIST IN NATURE. */ 450c55e2f49SAl Viro if (n > ntohs(eiph->tot_len)) 4511da177e4SLinus Torvalds return; 452c55e2f49SAl Viro rel_info = htonl(n); 4531da177e4SLinus Torvalds break; 4541da177e4SLinus Torvalds default: 4551da177e4SLinus Torvalds /* All others are translated to HOST_UNREACH. 4561da177e4SLinus Torvalds rfc2003 contains "deep thoughts" about NET_UNREACH, 4571da177e4SLinus Torvalds I believe, it is just ether pollution. --ANK 4581da177e4SLinus Torvalds */ 4591da177e4SLinus Torvalds rel_type = ICMP_DEST_UNREACH; 4601da177e4SLinus Torvalds rel_code = ICMP_HOST_UNREACH; 4611da177e4SLinus Torvalds break; 4621da177e4SLinus Torvalds } 4631da177e4SLinus Torvalds break; 4641da177e4SLinus Torvalds case ICMP_TIME_EXCEEDED: 4651da177e4SLinus Torvalds if (code != ICMP_EXC_TTL) 4661da177e4SLinus Torvalds return; 4671da177e4SLinus Torvalds break; 4681da177e4SLinus Torvalds } 4691da177e4SLinus Torvalds 4701da177e4SLinus Torvalds /* Prepare fake skb to feed it to icmp_send */ 4711da177e4SLinus Torvalds skb2 = skb_clone(skb, GFP_ATOMIC); 4721da177e4SLinus Torvalds if (skb2 == NULL) 4731da177e4SLinus Torvalds return; 4741da177e4SLinus Torvalds dst_release(skb2->dst); 4751da177e4SLinus Torvalds skb2->dst = NULL; 4761da177e4SLinus Torvalds skb_pull(skb2, skb->data - (u8*)eiph); 477c1d2bbe1SArnaldo Carvalho de Melo skb_reset_network_header(skb2); 4781da177e4SLinus Torvalds 4791da177e4SLinus Torvalds /* Try to guess incoming interface */ 4801da177e4SLinus Torvalds memset(&fl, 0, sizeof(fl)); 4811da177e4SLinus Torvalds fl.fl4_dst = eiph->saddr; 4821da177e4SLinus Torvalds fl.fl4_tos = RT_TOS(eiph->tos); 4831da177e4SLinus Torvalds fl.proto = IPPROTO_GRE; 4841da177e4SLinus Torvalds if (ip_route_output_key(&rt, &fl)) { 4851da177e4SLinus Torvalds kfree_skb(skb2); 4861da177e4SLinus Torvalds return; 4871da177e4SLinus Torvalds } 4881da177e4SLinus Torvalds skb2->dev = rt->u.dst.dev; 4891da177e4SLinus Torvalds 4901da177e4SLinus Torvalds /* route "incoming" packet */ 4911da177e4SLinus Torvalds if (rt->rt_flags&RTCF_LOCAL) { 4921da177e4SLinus Torvalds ip_rt_put(rt); 4931da177e4SLinus Torvalds rt = NULL; 4941da177e4SLinus Torvalds fl.fl4_dst = eiph->daddr; 4951da177e4SLinus Torvalds fl.fl4_src = eiph->saddr; 4961da177e4SLinus Torvalds fl.fl4_tos = eiph->tos; 4971da177e4SLinus Torvalds if (ip_route_output_key(&rt, &fl) || 4981da177e4SLinus Torvalds rt->u.dst.dev->type != ARPHRD_IPGRE) { 4991da177e4SLinus Torvalds ip_rt_put(rt); 5001da177e4SLinus Torvalds kfree_skb(skb2); 5011da177e4SLinus Torvalds return; 5021da177e4SLinus Torvalds } 5031da177e4SLinus Torvalds } else { 5041da177e4SLinus Torvalds ip_rt_put(rt); 5051da177e4SLinus Torvalds if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, skb2->dev) || 5061da177e4SLinus Torvalds skb2->dst->dev->type != ARPHRD_IPGRE) { 5071da177e4SLinus Torvalds kfree_skb(skb2); 5081da177e4SLinus Torvalds return; 5091da177e4SLinus Torvalds } 5101da177e4SLinus Torvalds } 5111da177e4SLinus Torvalds 5121da177e4SLinus Torvalds /* change mtu on this route */ 5131da177e4SLinus Torvalds if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { 514c55e2f49SAl Viro if (n > dst_mtu(skb2->dst)) { 5151da177e4SLinus Torvalds kfree_skb(skb2); 5161da177e4SLinus Torvalds return; 5171da177e4SLinus Torvalds } 518c55e2f49SAl Viro skb2->dst->ops->update_pmtu(skb2->dst, n); 5191da177e4SLinus Torvalds } else if (type == ICMP_TIME_EXCEEDED) { 5202941a486SPatrick McHardy struct ip_tunnel *t = netdev_priv(skb2->dev); 5211da177e4SLinus Torvalds if (t->parms.iph.ttl) { 5221da177e4SLinus Torvalds rel_type = ICMP_DEST_UNREACH; 5231da177e4SLinus Torvalds rel_code = ICMP_HOST_UNREACH; 5241da177e4SLinus Torvalds } 5251da177e4SLinus Torvalds } 5261da177e4SLinus Torvalds 5271da177e4SLinus Torvalds icmp_send(skb2, rel_type, rel_code, rel_info); 5281da177e4SLinus Torvalds kfree_skb(skb2); 5291da177e4SLinus Torvalds #endif 5301da177e4SLinus Torvalds } 5311da177e4SLinus Torvalds 5321da177e4SLinus Torvalds static inline void ipgre_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb) 5331da177e4SLinus Torvalds { 5341da177e4SLinus Torvalds if (INET_ECN_is_ce(iph->tos)) { 5351da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) { 536*eddc9ec5SArnaldo Carvalho de Melo IP_ECN_set_ce(ip_hdr(skb)); 5371da177e4SLinus Torvalds } else if (skb->protocol == htons(ETH_P_IPV6)) { 5381da177e4SLinus Torvalds IP6_ECN_set_ce(skb->nh.ipv6h); 5391da177e4SLinus Torvalds } 5401da177e4SLinus Torvalds } 5411da177e4SLinus Torvalds } 5421da177e4SLinus Torvalds 5431da177e4SLinus Torvalds static inline u8 5441da177e4SLinus Torvalds ipgre_ecn_encapsulate(u8 tos, struct iphdr *old_iph, struct sk_buff *skb) 5451da177e4SLinus Torvalds { 5461da177e4SLinus Torvalds u8 inner = 0; 5471da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) 5481da177e4SLinus Torvalds inner = old_iph->tos; 5491da177e4SLinus Torvalds else if (skb->protocol == htons(ETH_P_IPV6)) 5501da177e4SLinus Torvalds inner = ipv6_get_dsfield((struct ipv6hdr *)old_iph); 5511da177e4SLinus Torvalds return INET_ECN_encapsulate(tos, inner); 5521da177e4SLinus Torvalds } 5531da177e4SLinus Torvalds 5541da177e4SLinus Torvalds static int ipgre_rcv(struct sk_buff *skb) 5551da177e4SLinus Torvalds { 5561da177e4SLinus Torvalds struct iphdr *iph; 5571da177e4SLinus Torvalds u8 *h; 558d5a0a1e3SAl Viro __be16 flags; 559d3bc23e7SAl Viro __sum16 csum = 0; 560d5a0a1e3SAl Viro __be32 key = 0; 5611da177e4SLinus Torvalds u32 seqno = 0; 5621da177e4SLinus Torvalds struct ip_tunnel *tunnel; 5631da177e4SLinus Torvalds int offset = 4; 5641da177e4SLinus Torvalds 5651da177e4SLinus Torvalds if (!pskb_may_pull(skb, 16)) 5661da177e4SLinus Torvalds goto drop_nolock; 5671da177e4SLinus Torvalds 568*eddc9ec5SArnaldo Carvalho de Melo iph = ip_hdr(skb); 5691da177e4SLinus Torvalds h = skb->data; 570d5a0a1e3SAl Viro flags = *(__be16*)h; 5711da177e4SLinus Torvalds 5721da177e4SLinus Torvalds if (flags&(GRE_CSUM|GRE_KEY|GRE_ROUTING|GRE_SEQ|GRE_VERSION)) { 5731da177e4SLinus Torvalds /* - Version must be 0. 5741da177e4SLinus Torvalds - We do not support routing headers. 5751da177e4SLinus Torvalds */ 5761da177e4SLinus Torvalds if (flags&(GRE_VERSION|GRE_ROUTING)) 5771da177e4SLinus Torvalds goto drop_nolock; 5781da177e4SLinus Torvalds 5791da177e4SLinus Torvalds if (flags&GRE_CSUM) { 580fb286bb2SHerbert Xu switch (skb->ip_summed) { 58184fa7933SPatrick McHardy case CHECKSUM_COMPLETE: 582d3bc23e7SAl Viro csum = csum_fold(skb->csum); 583fb286bb2SHerbert Xu if (!csum) 584fb286bb2SHerbert Xu break; 585fb286bb2SHerbert Xu /* fall through */ 586fb286bb2SHerbert Xu case CHECKSUM_NONE: 587fb286bb2SHerbert Xu skb->csum = 0; 588fb286bb2SHerbert Xu csum = __skb_checksum_complete(skb); 58984fa7933SPatrick McHardy skb->ip_summed = CHECKSUM_COMPLETE; 5901da177e4SLinus Torvalds } 5911da177e4SLinus Torvalds offset += 4; 5921da177e4SLinus Torvalds } 5931da177e4SLinus Torvalds if (flags&GRE_KEY) { 594d5a0a1e3SAl Viro key = *(__be32*)(h + offset); 5951da177e4SLinus Torvalds offset += 4; 5961da177e4SLinus Torvalds } 5971da177e4SLinus Torvalds if (flags&GRE_SEQ) { 598d5a0a1e3SAl Viro seqno = ntohl(*(__be32*)(h + offset)); 5991da177e4SLinus Torvalds offset += 4; 6001da177e4SLinus Torvalds } 6011da177e4SLinus Torvalds } 6021da177e4SLinus Torvalds 6031da177e4SLinus Torvalds read_lock(&ipgre_lock); 6041da177e4SLinus Torvalds if ((tunnel = ipgre_tunnel_lookup(iph->saddr, iph->daddr, key)) != NULL) { 6051da177e4SLinus Torvalds secpath_reset(skb); 6061da177e4SLinus Torvalds 607d5a0a1e3SAl Viro skb->protocol = *(__be16*)(h + 2); 6081da177e4SLinus Torvalds /* WCCP version 1 and 2 protocol decoding. 6091da177e4SLinus Torvalds * - Change protocol to IP 6101da177e4SLinus Torvalds * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header 6111da177e4SLinus Torvalds */ 6121da177e4SLinus Torvalds if (flags == 0 && 613496c98dfSYOSHIFUJI Hideaki skb->protocol == htons(ETH_P_WCCP)) { 614496c98dfSYOSHIFUJI Hideaki skb->protocol = htons(ETH_P_IP); 6151da177e4SLinus Torvalds if ((*(h + offset) & 0xF0) != 0x40) 6161da177e4SLinus Torvalds offset += 4; 6171da177e4SLinus Torvalds } 6181da177e4SLinus Torvalds 619459a98edSArnaldo Carvalho de Melo skb_reset_mac_header(skb); 6204209fb60SArnaldo Carvalho de Melo __pskb_pull(skb, offset); 6214209fb60SArnaldo Carvalho de Melo skb_reset_network_header(skb); 6221542272aSHerbert Xu skb_postpull_rcsum(skb, skb->h.raw, offset); 6231da177e4SLinus Torvalds skb->pkt_type = PACKET_HOST; 6241da177e4SLinus Torvalds #ifdef CONFIG_NET_IPGRE_BROADCAST 6251da177e4SLinus Torvalds if (MULTICAST(iph->daddr)) { 6261da177e4SLinus Torvalds /* Looped back packet, drop it! */ 6271da177e4SLinus Torvalds if (((struct rtable*)skb->dst)->fl.iif == 0) 6281da177e4SLinus Torvalds goto drop; 6291da177e4SLinus Torvalds tunnel->stat.multicast++; 6301da177e4SLinus Torvalds skb->pkt_type = PACKET_BROADCAST; 6311da177e4SLinus Torvalds } 6321da177e4SLinus Torvalds #endif 6331da177e4SLinus Torvalds 6341da177e4SLinus Torvalds if (((flags&GRE_CSUM) && csum) || 6351da177e4SLinus Torvalds (!(flags&GRE_CSUM) && tunnel->parms.i_flags&GRE_CSUM)) { 6361da177e4SLinus Torvalds tunnel->stat.rx_crc_errors++; 6371da177e4SLinus Torvalds tunnel->stat.rx_errors++; 6381da177e4SLinus Torvalds goto drop; 6391da177e4SLinus Torvalds } 6401da177e4SLinus Torvalds if (tunnel->parms.i_flags&GRE_SEQ) { 6411da177e4SLinus Torvalds if (!(flags&GRE_SEQ) || 6421da177e4SLinus Torvalds (tunnel->i_seqno && (s32)(seqno - tunnel->i_seqno) < 0)) { 6431da177e4SLinus Torvalds tunnel->stat.rx_fifo_errors++; 6441da177e4SLinus Torvalds tunnel->stat.rx_errors++; 6451da177e4SLinus Torvalds goto drop; 6461da177e4SLinus Torvalds } 6471da177e4SLinus Torvalds tunnel->i_seqno = seqno + 1; 6481da177e4SLinus Torvalds } 6491da177e4SLinus Torvalds tunnel->stat.rx_packets++; 6501da177e4SLinus Torvalds tunnel->stat.rx_bytes += skb->len; 6511da177e4SLinus Torvalds skb->dev = tunnel->dev; 6521da177e4SLinus Torvalds dst_release(skb->dst); 6531da177e4SLinus Torvalds skb->dst = NULL; 6541da177e4SLinus Torvalds nf_reset(skb); 6551da177e4SLinus Torvalds ipgre_ecn_decapsulate(iph, skb); 6561da177e4SLinus Torvalds netif_rx(skb); 6571da177e4SLinus Torvalds read_unlock(&ipgre_lock); 6581da177e4SLinus Torvalds return(0); 6591da177e4SLinus Torvalds } 66045af08beSHerbert Xu icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 6611da177e4SLinus Torvalds 6621da177e4SLinus Torvalds drop: 6631da177e4SLinus Torvalds read_unlock(&ipgre_lock); 6641da177e4SLinus Torvalds drop_nolock: 6651da177e4SLinus Torvalds kfree_skb(skb); 6661da177e4SLinus Torvalds return(0); 6671da177e4SLinus Torvalds } 6681da177e4SLinus Torvalds 6691da177e4SLinus Torvalds static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) 6701da177e4SLinus Torvalds { 6712941a486SPatrick McHardy struct ip_tunnel *tunnel = netdev_priv(dev); 6721da177e4SLinus Torvalds struct net_device_stats *stats = &tunnel->stat; 673*eddc9ec5SArnaldo Carvalho de Melo struct iphdr *old_iph = ip_hdr(skb); 6741da177e4SLinus Torvalds struct iphdr *tiph; 6751da177e4SLinus Torvalds u8 tos; 676d5a0a1e3SAl Viro __be16 df; 6771da177e4SLinus Torvalds struct rtable *rt; /* Route to the other host */ 6781da177e4SLinus Torvalds struct net_device *tdev; /* Device to other host */ 6791da177e4SLinus Torvalds struct iphdr *iph; /* Our new IP header */ 6801da177e4SLinus Torvalds int max_headroom; /* The extra header space needed */ 6811da177e4SLinus Torvalds int gre_hlen; 682d5a0a1e3SAl Viro __be32 dst; 6831da177e4SLinus Torvalds int mtu; 6841da177e4SLinus Torvalds 6851da177e4SLinus Torvalds if (tunnel->recursion++) { 6861da177e4SLinus Torvalds tunnel->stat.collisions++; 6871da177e4SLinus Torvalds goto tx_error; 6881da177e4SLinus Torvalds } 6891da177e4SLinus Torvalds 6901da177e4SLinus Torvalds if (dev->hard_header) { 6911da177e4SLinus Torvalds gre_hlen = 0; 6921da177e4SLinus Torvalds tiph = (struct iphdr*)skb->data; 6931da177e4SLinus Torvalds } else { 6941da177e4SLinus Torvalds gre_hlen = tunnel->hlen; 6951da177e4SLinus Torvalds tiph = &tunnel->parms.iph; 6961da177e4SLinus Torvalds } 6971da177e4SLinus Torvalds 6981da177e4SLinus Torvalds if ((dst = tiph->daddr) == 0) { 6991da177e4SLinus Torvalds /* NBMA tunnel */ 7001da177e4SLinus Torvalds 7011da177e4SLinus Torvalds if (skb->dst == NULL) { 7021da177e4SLinus Torvalds tunnel->stat.tx_fifo_errors++; 7031da177e4SLinus Torvalds goto tx_error; 7041da177e4SLinus Torvalds } 7051da177e4SLinus Torvalds 7061da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) { 7071da177e4SLinus Torvalds rt = (struct rtable*)skb->dst; 7081da177e4SLinus Torvalds if ((dst = rt->rt_gateway) == 0) 7091da177e4SLinus Torvalds goto tx_error_icmp; 7101da177e4SLinus Torvalds } 7111da177e4SLinus Torvalds #ifdef CONFIG_IPV6 7121da177e4SLinus Torvalds else if (skb->protocol == htons(ETH_P_IPV6)) { 7131da177e4SLinus Torvalds struct in6_addr *addr6; 7141da177e4SLinus Torvalds int addr_type; 7151da177e4SLinus Torvalds struct neighbour *neigh = skb->dst->neighbour; 7161da177e4SLinus Torvalds 7171da177e4SLinus Torvalds if (neigh == NULL) 7181da177e4SLinus Torvalds goto tx_error; 7191da177e4SLinus Torvalds 7201da177e4SLinus Torvalds addr6 = (struct in6_addr*)&neigh->primary_key; 7211da177e4SLinus Torvalds addr_type = ipv6_addr_type(addr6); 7221da177e4SLinus Torvalds 7231da177e4SLinus Torvalds if (addr_type == IPV6_ADDR_ANY) { 7241da177e4SLinus Torvalds addr6 = &skb->nh.ipv6h->daddr; 7251da177e4SLinus Torvalds addr_type = ipv6_addr_type(addr6); 7261da177e4SLinus Torvalds } 7271da177e4SLinus Torvalds 7281da177e4SLinus Torvalds if ((addr_type & IPV6_ADDR_COMPATv4) == 0) 7291da177e4SLinus Torvalds goto tx_error_icmp; 7301da177e4SLinus Torvalds 7311da177e4SLinus Torvalds dst = addr6->s6_addr32[3]; 7321da177e4SLinus Torvalds } 7331da177e4SLinus Torvalds #endif 7341da177e4SLinus Torvalds else 7351da177e4SLinus Torvalds goto tx_error; 7361da177e4SLinus Torvalds } 7371da177e4SLinus Torvalds 7381da177e4SLinus Torvalds tos = tiph->tos; 7391da177e4SLinus Torvalds if (tos&1) { 7401da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) 7411da177e4SLinus Torvalds tos = old_iph->tos; 7421da177e4SLinus Torvalds tos &= ~1; 7431da177e4SLinus Torvalds } 7441da177e4SLinus Torvalds 7451da177e4SLinus Torvalds { 7461da177e4SLinus Torvalds struct flowi fl = { .oif = tunnel->parms.link, 7471da177e4SLinus Torvalds .nl_u = { .ip4_u = 7481da177e4SLinus Torvalds { .daddr = dst, 7491da177e4SLinus Torvalds .saddr = tiph->saddr, 7501da177e4SLinus Torvalds .tos = RT_TOS(tos) } }, 7511da177e4SLinus Torvalds .proto = IPPROTO_GRE }; 7521da177e4SLinus Torvalds if (ip_route_output_key(&rt, &fl)) { 7531da177e4SLinus Torvalds tunnel->stat.tx_carrier_errors++; 7541da177e4SLinus Torvalds goto tx_error; 7551da177e4SLinus Torvalds } 7561da177e4SLinus Torvalds } 7571da177e4SLinus Torvalds tdev = rt->u.dst.dev; 7581da177e4SLinus Torvalds 7591da177e4SLinus Torvalds if (tdev == dev) { 7601da177e4SLinus Torvalds ip_rt_put(rt); 7611da177e4SLinus Torvalds tunnel->stat.collisions++; 7621da177e4SLinus Torvalds goto tx_error; 7631da177e4SLinus Torvalds } 7641da177e4SLinus Torvalds 7651da177e4SLinus Torvalds df = tiph->frag_off; 7661da177e4SLinus Torvalds if (df) 7671da177e4SLinus Torvalds mtu = dst_mtu(&rt->u.dst) - tunnel->hlen; 7681da177e4SLinus Torvalds else 7691da177e4SLinus Torvalds mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu; 7701da177e4SLinus Torvalds 7711da177e4SLinus Torvalds if (skb->dst) 7721da177e4SLinus Torvalds skb->dst->ops->update_pmtu(skb->dst, mtu); 7731da177e4SLinus Torvalds 7741da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) { 7751da177e4SLinus Torvalds df |= (old_iph->frag_off&htons(IP_DF)); 7761da177e4SLinus Torvalds 7771da177e4SLinus Torvalds if ((old_iph->frag_off&htons(IP_DF)) && 7781da177e4SLinus Torvalds mtu < ntohs(old_iph->tot_len)) { 7791da177e4SLinus Torvalds icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); 7801da177e4SLinus Torvalds ip_rt_put(rt); 7811da177e4SLinus Torvalds goto tx_error; 7821da177e4SLinus Torvalds } 7831da177e4SLinus Torvalds } 7841da177e4SLinus Torvalds #ifdef CONFIG_IPV6 7851da177e4SLinus Torvalds else if (skb->protocol == htons(ETH_P_IPV6)) { 7861da177e4SLinus Torvalds struct rt6_info *rt6 = (struct rt6_info*)skb->dst; 7871da177e4SLinus Torvalds 7881da177e4SLinus Torvalds if (rt6 && mtu < dst_mtu(skb->dst) && mtu >= IPV6_MIN_MTU) { 7891da177e4SLinus Torvalds if ((tunnel->parms.iph.daddr && !MULTICAST(tunnel->parms.iph.daddr)) || 7901da177e4SLinus Torvalds rt6->rt6i_dst.plen == 128) { 7911da177e4SLinus Torvalds rt6->rt6i_flags |= RTF_MODIFIED; 7921da177e4SLinus Torvalds skb->dst->metrics[RTAX_MTU-1] = mtu; 7931da177e4SLinus Torvalds } 7941da177e4SLinus Torvalds } 7951da177e4SLinus Torvalds 7961da177e4SLinus Torvalds if (mtu >= IPV6_MIN_MTU && mtu < skb->len - tunnel->hlen + gre_hlen) { 7971da177e4SLinus Torvalds icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, dev); 7981da177e4SLinus Torvalds ip_rt_put(rt); 7991da177e4SLinus Torvalds goto tx_error; 8001da177e4SLinus Torvalds } 8011da177e4SLinus Torvalds } 8021da177e4SLinus Torvalds #endif 8031da177e4SLinus Torvalds 8041da177e4SLinus Torvalds if (tunnel->err_count > 0) { 8051da177e4SLinus Torvalds if (jiffies - tunnel->err_time < IPTUNNEL_ERR_TIMEO) { 8061da177e4SLinus Torvalds tunnel->err_count--; 8071da177e4SLinus Torvalds 8081da177e4SLinus Torvalds dst_link_failure(skb); 8091da177e4SLinus Torvalds } else 8101da177e4SLinus Torvalds tunnel->err_count = 0; 8111da177e4SLinus Torvalds } 8121da177e4SLinus Torvalds 8131da177e4SLinus Torvalds max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen; 8141da177e4SLinus Torvalds 8151da177e4SLinus Torvalds if (skb_headroom(skb) < max_headroom || skb_cloned(skb) || skb_shared(skb)) { 8161da177e4SLinus Torvalds struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom); 8171da177e4SLinus Torvalds if (!new_skb) { 8181da177e4SLinus Torvalds ip_rt_put(rt); 8191da177e4SLinus Torvalds stats->tx_dropped++; 8201da177e4SLinus Torvalds dev_kfree_skb(skb); 8211da177e4SLinus Torvalds tunnel->recursion--; 8221da177e4SLinus Torvalds return 0; 8231da177e4SLinus Torvalds } 8241da177e4SLinus Torvalds if (skb->sk) 8251da177e4SLinus Torvalds skb_set_owner_w(new_skb, skb->sk); 8261da177e4SLinus Torvalds dev_kfree_skb(skb); 8271da177e4SLinus Torvalds skb = new_skb; 828*eddc9ec5SArnaldo Carvalho de Melo old_iph = ip_hdr(skb); 8291da177e4SLinus Torvalds } 8301da177e4SLinus Torvalds 8311da177e4SLinus Torvalds skb->h.raw = skb->nh.raw; 832e2d1bca7SArnaldo Carvalho de Melo skb_push(skb, gre_hlen); 833e2d1bca7SArnaldo Carvalho de Melo skb_reset_network_header(skb); 8341da177e4SLinus Torvalds memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); 83548d5cad8SPatrick McHardy IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | 83648d5cad8SPatrick McHardy IPSKB_REROUTED); 8371da177e4SLinus Torvalds dst_release(skb->dst); 8381da177e4SLinus Torvalds skb->dst = &rt->u.dst; 8391da177e4SLinus Torvalds 8401da177e4SLinus Torvalds /* 8411da177e4SLinus Torvalds * Push down and install the IPIP header. 8421da177e4SLinus Torvalds */ 8431da177e4SLinus Torvalds 844*eddc9ec5SArnaldo Carvalho de Melo iph = ip_hdr(skb); 8451da177e4SLinus Torvalds iph->version = 4; 8461da177e4SLinus Torvalds iph->ihl = sizeof(struct iphdr) >> 2; 8471da177e4SLinus Torvalds iph->frag_off = df; 8481da177e4SLinus Torvalds iph->protocol = IPPROTO_GRE; 8491da177e4SLinus Torvalds iph->tos = ipgre_ecn_encapsulate(tos, old_iph, skb); 8501da177e4SLinus Torvalds iph->daddr = rt->rt_dst; 8511da177e4SLinus Torvalds iph->saddr = rt->rt_src; 8521da177e4SLinus Torvalds 8531da177e4SLinus Torvalds if ((iph->ttl = tiph->ttl) == 0) { 8541da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) 8551da177e4SLinus Torvalds iph->ttl = old_iph->ttl; 8561da177e4SLinus Torvalds #ifdef CONFIG_IPV6 8571da177e4SLinus Torvalds else if (skb->protocol == htons(ETH_P_IPV6)) 8581da177e4SLinus Torvalds iph->ttl = ((struct ipv6hdr*)old_iph)->hop_limit; 8591da177e4SLinus Torvalds #endif 8601da177e4SLinus Torvalds else 8611da177e4SLinus Torvalds iph->ttl = dst_metric(&rt->u.dst, RTAX_HOPLIMIT); 8621da177e4SLinus Torvalds } 8631da177e4SLinus Torvalds 864d5a0a1e3SAl Viro ((__be16*)(iph+1))[0] = tunnel->parms.o_flags; 865d5a0a1e3SAl Viro ((__be16*)(iph+1))[1] = skb->protocol; 8661da177e4SLinus Torvalds 8671da177e4SLinus Torvalds if (tunnel->parms.o_flags&(GRE_KEY|GRE_CSUM|GRE_SEQ)) { 868d5a0a1e3SAl Viro __be32 *ptr = (__be32*)(((u8*)iph) + tunnel->hlen - 4); 8691da177e4SLinus Torvalds 8701da177e4SLinus Torvalds if (tunnel->parms.o_flags&GRE_SEQ) { 8711da177e4SLinus Torvalds ++tunnel->o_seqno; 8721da177e4SLinus Torvalds *ptr = htonl(tunnel->o_seqno); 8731da177e4SLinus Torvalds ptr--; 8741da177e4SLinus Torvalds } 8751da177e4SLinus Torvalds if (tunnel->parms.o_flags&GRE_KEY) { 8761da177e4SLinus Torvalds *ptr = tunnel->parms.o_key; 8771da177e4SLinus Torvalds ptr--; 8781da177e4SLinus Torvalds } 8791da177e4SLinus Torvalds if (tunnel->parms.o_flags&GRE_CSUM) { 8801da177e4SLinus Torvalds *ptr = 0; 8815f92a738SAl Viro *(__sum16*)ptr = ip_compute_csum((void*)(iph+1), skb->len - sizeof(struct iphdr)); 8821da177e4SLinus Torvalds } 8831da177e4SLinus Torvalds } 8841da177e4SLinus Torvalds 8851da177e4SLinus Torvalds nf_reset(skb); 8861da177e4SLinus Torvalds 8871da177e4SLinus Torvalds IPTUNNEL_XMIT(); 8881da177e4SLinus Torvalds tunnel->recursion--; 8891da177e4SLinus Torvalds return 0; 8901da177e4SLinus Torvalds 8911da177e4SLinus Torvalds tx_error_icmp: 8921da177e4SLinus Torvalds dst_link_failure(skb); 8931da177e4SLinus Torvalds 8941da177e4SLinus Torvalds tx_error: 8951da177e4SLinus Torvalds stats->tx_errors++; 8961da177e4SLinus Torvalds dev_kfree_skb(skb); 8971da177e4SLinus Torvalds tunnel->recursion--; 8981da177e4SLinus Torvalds return 0; 8991da177e4SLinus Torvalds } 9001da177e4SLinus Torvalds 9011da177e4SLinus Torvalds static int 9021da177e4SLinus Torvalds ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd) 9031da177e4SLinus Torvalds { 9041da177e4SLinus Torvalds int err = 0; 9051da177e4SLinus Torvalds struct ip_tunnel_parm p; 9061da177e4SLinus Torvalds struct ip_tunnel *t; 9071da177e4SLinus Torvalds 9081da177e4SLinus Torvalds switch (cmd) { 9091da177e4SLinus Torvalds case SIOCGETTUNNEL: 9101da177e4SLinus Torvalds t = NULL; 9111da177e4SLinus Torvalds if (dev == ipgre_fb_tunnel_dev) { 9121da177e4SLinus Torvalds if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) { 9131da177e4SLinus Torvalds err = -EFAULT; 9141da177e4SLinus Torvalds break; 9151da177e4SLinus Torvalds } 9161da177e4SLinus Torvalds t = ipgre_tunnel_locate(&p, 0); 9171da177e4SLinus Torvalds } 9181da177e4SLinus Torvalds if (t == NULL) 9192941a486SPatrick McHardy t = netdev_priv(dev); 9201da177e4SLinus Torvalds memcpy(&p, &t->parms, sizeof(p)); 9211da177e4SLinus Torvalds if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) 9221da177e4SLinus Torvalds err = -EFAULT; 9231da177e4SLinus Torvalds break; 9241da177e4SLinus Torvalds 9251da177e4SLinus Torvalds case SIOCADDTUNNEL: 9261da177e4SLinus Torvalds case SIOCCHGTUNNEL: 9271da177e4SLinus Torvalds err = -EPERM; 9281da177e4SLinus Torvalds if (!capable(CAP_NET_ADMIN)) 9291da177e4SLinus Torvalds goto done; 9301da177e4SLinus Torvalds 9311da177e4SLinus Torvalds err = -EFAULT; 9321da177e4SLinus Torvalds if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 9331da177e4SLinus Torvalds goto done; 9341da177e4SLinus Torvalds 9351da177e4SLinus Torvalds err = -EINVAL; 9361da177e4SLinus Torvalds if (p.iph.version != 4 || p.iph.protocol != IPPROTO_GRE || 9371da177e4SLinus Torvalds p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)) || 9381da177e4SLinus Torvalds ((p.i_flags|p.o_flags)&(GRE_VERSION|GRE_ROUTING))) 9391da177e4SLinus Torvalds goto done; 9401da177e4SLinus Torvalds if (p.iph.ttl) 9411da177e4SLinus Torvalds p.iph.frag_off |= htons(IP_DF); 9421da177e4SLinus Torvalds 9431da177e4SLinus Torvalds if (!(p.i_flags&GRE_KEY)) 9441da177e4SLinus Torvalds p.i_key = 0; 9451da177e4SLinus Torvalds if (!(p.o_flags&GRE_KEY)) 9461da177e4SLinus Torvalds p.o_key = 0; 9471da177e4SLinus Torvalds 9481da177e4SLinus Torvalds t = ipgre_tunnel_locate(&p, cmd == SIOCADDTUNNEL); 9491da177e4SLinus Torvalds 9501da177e4SLinus Torvalds if (dev != ipgre_fb_tunnel_dev && cmd == SIOCCHGTUNNEL) { 9511da177e4SLinus Torvalds if (t != NULL) { 9521da177e4SLinus Torvalds if (t->dev != dev) { 9531da177e4SLinus Torvalds err = -EEXIST; 9541da177e4SLinus Torvalds break; 9551da177e4SLinus Torvalds } 9561da177e4SLinus Torvalds } else { 9571da177e4SLinus Torvalds unsigned nflags=0; 9581da177e4SLinus Torvalds 9592941a486SPatrick McHardy t = netdev_priv(dev); 9601da177e4SLinus Torvalds 9611da177e4SLinus Torvalds if (MULTICAST(p.iph.daddr)) 9621da177e4SLinus Torvalds nflags = IFF_BROADCAST; 9631da177e4SLinus Torvalds else if (p.iph.daddr) 9641da177e4SLinus Torvalds nflags = IFF_POINTOPOINT; 9651da177e4SLinus Torvalds 9661da177e4SLinus Torvalds if ((dev->flags^nflags)&(IFF_POINTOPOINT|IFF_BROADCAST)) { 9671da177e4SLinus Torvalds err = -EINVAL; 9681da177e4SLinus Torvalds break; 9691da177e4SLinus Torvalds } 9701da177e4SLinus Torvalds ipgre_tunnel_unlink(t); 9711da177e4SLinus Torvalds t->parms.iph.saddr = p.iph.saddr; 9721da177e4SLinus Torvalds t->parms.iph.daddr = p.iph.daddr; 9731da177e4SLinus Torvalds t->parms.i_key = p.i_key; 9741da177e4SLinus Torvalds t->parms.o_key = p.o_key; 9751da177e4SLinus Torvalds memcpy(dev->dev_addr, &p.iph.saddr, 4); 9761da177e4SLinus Torvalds memcpy(dev->broadcast, &p.iph.daddr, 4); 9771da177e4SLinus Torvalds ipgre_tunnel_link(t); 9781da177e4SLinus Torvalds netdev_state_change(dev); 9791da177e4SLinus Torvalds } 9801da177e4SLinus Torvalds } 9811da177e4SLinus Torvalds 9821da177e4SLinus Torvalds if (t) { 9831da177e4SLinus Torvalds err = 0; 9841da177e4SLinus Torvalds if (cmd == SIOCCHGTUNNEL) { 9851da177e4SLinus Torvalds t->parms.iph.ttl = p.iph.ttl; 9861da177e4SLinus Torvalds t->parms.iph.tos = p.iph.tos; 9871da177e4SLinus Torvalds t->parms.iph.frag_off = p.iph.frag_off; 9881da177e4SLinus Torvalds } 9891da177e4SLinus Torvalds if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p))) 9901da177e4SLinus Torvalds err = -EFAULT; 9911da177e4SLinus Torvalds } else 9921da177e4SLinus Torvalds err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT); 9931da177e4SLinus Torvalds break; 9941da177e4SLinus Torvalds 9951da177e4SLinus Torvalds case SIOCDELTUNNEL: 9961da177e4SLinus Torvalds err = -EPERM; 9971da177e4SLinus Torvalds if (!capable(CAP_NET_ADMIN)) 9981da177e4SLinus Torvalds goto done; 9991da177e4SLinus Torvalds 10001da177e4SLinus Torvalds if (dev == ipgre_fb_tunnel_dev) { 10011da177e4SLinus Torvalds err = -EFAULT; 10021da177e4SLinus Torvalds if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 10031da177e4SLinus Torvalds goto done; 10041da177e4SLinus Torvalds err = -ENOENT; 10051da177e4SLinus Torvalds if ((t = ipgre_tunnel_locate(&p, 0)) == NULL) 10061da177e4SLinus Torvalds goto done; 10071da177e4SLinus Torvalds err = -EPERM; 10082941a486SPatrick McHardy if (t == netdev_priv(ipgre_fb_tunnel_dev)) 10091da177e4SLinus Torvalds goto done; 10101da177e4SLinus Torvalds dev = t->dev; 10111da177e4SLinus Torvalds } 101222f8cde5SStephen Hemminger unregister_netdevice(dev); 101322f8cde5SStephen Hemminger err = 0; 10141da177e4SLinus Torvalds break; 10151da177e4SLinus Torvalds 10161da177e4SLinus Torvalds default: 10171da177e4SLinus Torvalds err = -EINVAL; 10181da177e4SLinus Torvalds } 10191da177e4SLinus Torvalds 10201da177e4SLinus Torvalds done: 10211da177e4SLinus Torvalds return err; 10221da177e4SLinus Torvalds } 10231da177e4SLinus Torvalds 10241da177e4SLinus Torvalds static struct net_device_stats *ipgre_tunnel_get_stats(struct net_device *dev) 10251da177e4SLinus Torvalds { 10262941a486SPatrick McHardy return &(((struct ip_tunnel*)netdev_priv(dev))->stat); 10271da177e4SLinus Torvalds } 10281da177e4SLinus Torvalds 10291da177e4SLinus Torvalds static int ipgre_tunnel_change_mtu(struct net_device *dev, int new_mtu) 10301da177e4SLinus Torvalds { 10312941a486SPatrick McHardy struct ip_tunnel *tunnel = netdev_priv(dev); 10321da177e4SLinus Torvalds if (new_mtu < 68 || new_mtu > 0xFFF8 - tunnel->hlen) 10331da177e4SLinus Torvalds return -EINVAL; 10341da177e4SLinus Torvalds dev->mtu = new_mtu; 10351da177e4SLinus Torvalds return 0; 10361da177e4SLinus Torvalds } 10371da177e4SLinus Torvalds 10381da177e4SLinus Torvalds #ifdef CONFIG_NET_IPGRE_BROADCAST 10391da177e4SLinus Torvalds /* Nice toy. Unfortunately, useless in real life :-) 10401da177e4SLinus Torvalds It allows to construct virtual multiprotocol broadcast "LAN" 10411da177e4SLinus Torvalds over the Internet, provided multicast routing is tuned. 10421da177e4SLinus Torvalds 10431da177e4SLinus Torvalds 10441da177e4SLinus Torvalds I have no idea was this bicycle invented before me, 10451da177e4SLinus Torvalds so that I had to set ARPHRD_IPGRE to a random value. 10461da177e4SLinus Torvalds I have an impression, that Cisco could make something similar, 10471da177e4SLinus Torvalds but this feature is apparently missing in IOS<=11.2(8). 10481da177e4SLinus Torvalds 10491da177e4SLinus Torvalds I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks 10501da177e4SLinus Torvalds with broadcast 224.66.66.66. If you have access to mbone, play with me :-) 10511da177e4SLinus Torvalds 10521da177e4SLinus Torvalds ping -t 255 224.66.66.66 10531da177e4SLinus Torvalds 10541da177e4SLinus Torvalds If nobody answers, mbone does not work. 10551da177e4SLinus Torvalds 10561da177e4SLinus Torvalds ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255 10571da177e4SLinus Torvalds ip addr add 10.66.66.<somewhat>/24 dev Universe 10581da177e4SLinus Torvalds ifconfig Universe up 10591da177e4SLinus Torvalds ifconfig Universe add fe80::<Your_real_addr>/10 10601da177e4SLinus Torvalds ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96 10611da177e4SLinus Torvalds ftp 10.66.66.66 10621da177e4SLinus Torvalds ... 10631da177e4SLinus Torvalds ftp fec0:6666:6666::193.233.7.65 10641da177e4SLinus Torvalds ... 10651da177e4SLinus Torvalds 10661da177e4SLinus Torvalds */ 10671da177e4SLinus Torvalds 10681da177e4SLinus Torvalds static int ipgre_header(struct sk_buff *skb, struct net_device *dev, unsigned short type, 10691da177e4SLinus Torvalds void *daddr, void *saddr, unsigned len) 10701da177e4SLinus Torvalds { 10712941a486SPatrick McHardy struct ip_tunnel *t = netdev_priv(dev); 10721da177e4SLinus Torvalds struct iphdr *iph = (struct iphdr *)skb_push(skb, t->hlen); 1073d5a0a1e3SAl Viro __be16 *p = (__be16*)(iph+1); 10741da177e4SLinus Torvalds 10751da177e4SLinus Torvalds memcpy(iph, &t->parms.iph, sizeof(struct iphdr)); 10761da177e4SLinus Torvalds p[0] = t->parms.o_flags; 10771da177e4SLinus Torvalds p[1] = htons(type); 10781da177e4SLinus Torvalds 10791da177e4SLinus Torvalds /* 10801da177e4SLinus Torvalds * Set the source hardware address. 10811da177e4SLinus Torvalds */ 10821da177e4SLinus Torvalds 10831da177e4SLinus Torvalds if (saddr) 10841da177e4SLinus Torvalds memcpy(&iph->saddr, saddr, 4); 10851da177e4SLinus Torvalds 10861da177e4SLinus Torvalds if (daddr) { 10871da177e4SLinus Torvalds memcpy(&iph->daddr, daddr, 4); 10881da177e4SLinus Torvalds return t->hlen; 10891da177e4SLinus Torvalds } 10901da177e4SLinus Torvalds if (iph->daddr && !MULTICAST(iph->daddr)) 10911da177e4SLinus Torvalds return t->hlen; 10921da177e4SLinus Torvalds 10931da177e4SLinus Torvalds return -t->hlen; 10941da177e4SLinus Torvalds } 10951da177e4SLinus Torvalds 10961da177e4SLinus Torvalds static int ipgre_open(struct net_device *dev) 10971da177e4SLinus Torvalds { 10982941a486SPatrick McHardy struct ip_tunnel *t = netdev_priv(dev); 10991da177e4SLinus Torvalds 11001da177e4SLinus Torvalds if (MULTICAST(t->parms.iph.daddr)) { 11011da177e4SLinus Torvalds struct flowi fl = { .oif = t->parms.link, 11021da177e4SLinus Torvalds .nl_u = { .ip4_u = 11031da177e4SLinus Torvalds { .daddr = t->parms.iph.daddr, 11041da177e4SLinus Torvalds .saddr = t->parms.iph.saddr, 11051da177e4SLinus Torvalds .tos = RT_TOS(t->parms.iph.tos) } }, 11061da177e4SLinus Torvalds .proto = IPPROTO_GRE }; 11071da177e4SLinus Torvalds struct rtable *rt; 11081da177e4SLinus Torvalds if (ip_route_output_key(&rt, &fl)) 11091da177e4SLinus Torvalds return -EADDRNOTAVAIL; 11101da177e4SLinus Torvalds dev = rt->u.dst.dev; 11111da177e4SLinus Torvalds ip_rt_put(rt); 1112e5ed6399SHerbert Xu if (__in_dev_get_rtnl(dev) == NULL) 11131da177e4SLinus Torvalds return -EADDRNOTAVAIL; 11141da177e4SLinus Torvalds t->mlink = dev->ifindex; 1115e5ed6399SHerbert Xu ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr); 11161da177e4SLinus Torvalds } 11171da177e4SLinus Torvalds return 0; 11181da177e4SLinus Torvalds } 11191da177e4SLinus Torvalds 11201da177e4SLinus Torvalds static int ipgre_close(struct net_device *dev) 11211da177e4SLinus Torvalds { 11222941a486SPatrick McHardy struct ip_tunnel *t = netdev_priv(dev); 11231da177e4SLinus Torvalds if (MULTICAST(t->parms.iph.daddr) && t->mlink) { 11241da177e4SLinus Torvalds struct in_device *in_dev = inetdev_by_index(t->mlink); 11251da177e4SLinus Torvalds if (in_dev) { 11261da177e4SLinus Torvalds ip_mc_dec_group(in_dev, t->parms.iph.daddr); 11271da177e4SLinus Torvalds in_dev_put(in_dev); 11281da177e4SLinus Torvalds } 11291da177e4SLinus Torvalds } 11301da177e4SLinus Torvalds return 0; 11311da177e4SLinus Torvalds } 11321da177e4SLinus Torvalds 11331da177e4SLinus Torvalds #endif 11341da177e4SLinus Torvalds 11351da177e4SLinus Torvalds static void ipgre_tunnel_setup(struct net_device *dev) 11361da177e4SLinus Torvalds { 11371da177e4SLinus Torvalds SET_MODULE_OWNER(dev); 11381da177e4SLinus Torvalds dev->uninit = ipgre_tunnel_uninit; 11391da177e4SLinus Torvalds dev->destructor = free_netdev; 11401da177e4SLinus Torvalds dev->hard_start_xmit = ipgre_tunnel_xmit; 11411da177e4SLinus Torvalds dev->get_stats = ipgre_tunnel_get_stats; 11421da177e4SLinus Torvalds dev->do_ioctl = ipgre_tunnel_ioctl; 11431da177e4SLinus Torvalds dev->change_mtu = ipgre_tunnel_change_mtu; 11441da177e4SLinus Torvalds 11451da177e4SLinus Torvalds dev->type = ARPHRD_IPGRE; 11461da177e4SLinus Torvalds dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr) + 4; 114746f25dffSKris Katterjohn dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr) - 4; 11481da177e4SLinus Torvalds dev->flags = IFF_NOARP; 11491da177e4SLinus Torvalds dev->iflink = 0; 11501da177e4SLinus Torvalds dev->addr_len = 4; 11511da177e4SLinus Torvalds } 11521da177e4SLinus Torvalds 11531da177e4SLinus Torvalds static int ipgre_tunnel_init(struct net_device *dev) 11541da177e4SLinus Torvalds { 11551da177e4SLinus Torvalds struct net_device *tdev = NULL; 11561da177e4SLinus Torvalds struct ip_tunnel *tunnel; 11571da177e4SLinus Torvalds struct iphdr *iph; 11581da177e4SLinus Torvalds int hlen = LL_MAX_HEADER; 115946f25dffSKris Katterjohn int mtu = ETH_DATA_LEN; 11601da177e4SLinus Torvalds int addend = sizeof(struct iphdr) + 4; 11611da177e4SLinus Torvalds 11622941a486SPatrick McHardy tunnel = netdev_priv(dev); 11631da177e4SLinus Torvalds iph = &tunnel->parms.iph; 11641da177e4SLinus Torvalds 11651da177e4SLinus Torvalds tunnel->dev = dev; 11661da177e4SLinus Torvalds strcpy(tunnel->parms.name, dev->name); 11671da177e4SLinus Torvalds 11681da177e4SLinus Torvalds memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4); 11691da177e4SLinus Torvalds memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4); 11701da177e4SLinus Torvalds 11711da177e4SLinus Torvalds /* Guess output device to choose reasonable mtu and hard_header_len */ 11721da177e4SLinus Torvalds 11731da177e4SLinus Torvalds if (iph->daddr) { 11741da177e4SLinus Torvalds struct flowi fl = { .oif = tunnel->parms.link, 11751da177e4SLinus Torvalds .nl_u = { .ip4_u = 11761da177e4SLinus Torvalds { .daddr = iph->daddr, 11771da177e4SLinus Torvalds .saddr = iph->saddr, 11781da177e4SLinus Torvalds .tos = RT_TOS(iph->tos) } }, 11791da177e4SLinus Torvalds .proto = IPPROTO_GRE }; 11801da177e4SLinus Torvalds struct rtable *rt; 11811da177e4SLinus Torvalds if (!ip_route_output_key(&rt, &fl)) { 11821da177e4SLinus Torvalds tdev = rt->u.dst.dev; 11831da177e4SLinus Torvalds ip_rt_put(rt); 11841da177e4SLinus Torvalds } 11851da177e4SLinus Torvalds 11861da177e4SLinus Torvalds dev->flags |= IFF_POINTOPOINT; 11871da177e4SLinus Torvalds 11881da177e4SLinus Torvalds #ifdef CONFIG_NET_IPGRE_BROADCAST 11891da177e4SLinus Torvalds if (MULTICAST(iph->daddr)) { 11901da177e4SLinus Torvalds if (!iph->saddr) 11911da177e4SLinus Torvalds return -EINVAL; 11921da177e4SLinus Torvalds dev->flags = IFF_BROADCAST; 11931da177e4SLinus Torvalds dev->hard_header = ipgre_header; 11941da177e4SLinus Torvalds dev->open = ipgre_open; 11951da177e4SLinus Torvalds dev->stop = ipgre_close; 11961da177e4SLinus Torvalds } 11971da177e4SLinus Torvalds #endif 11981da177e4SLinus Torvalds } 11991da177e4SLinus Torvalds 12001da177e4SLinus Torvalds if (!tdev && tunnel->parms.link) 12011da177e4SLinus Torvalds tdev = __dev_get_by_index(tunnel->parms.link); 12021da177e4SLinus Torvalds 12031da177e4SLinus Torvalds if (tdev) { 12041da177e4SLinus Torvalds hlen = tdev->hard_header_len; 12051da177e4SLinus Torvalds mtu = tdev->mtu; 12061da177e4SLinus Torvalds } 12071da177e4SLinus Torvalds dev->iflink = tunnel->parms.link; 12081da177e4SLinus Torvalds 12091da177e4SLinus Torvalds /* Precalculate GRE options length */ 12101da177e4SLinus Torvalds if (tunnel->parms.o_flags&(GRE_CSUM|GRE_KEY|GRE_SEQ)) { 12111da177e4SLinus Torvalds if (tunnel->parms.o_flags&GRE_CSUM) 12121da177e4SLinus Torvalds addend += 4; 12131da177e4SLinus Torvalds if (tunnel->parms.o_flags&GRE_KEY) 12141da177e4SLinus Torvalds addend += 4; 12151da177e4SLinus Torvalds if (tunnel->parms.o_flags&GRE_SEQ) 12161da177e4SLinus Torvalds addend += 4; 12171da177e4SLinus Torvalds } 12181da177e4SLinus Torvalds dev->hard_header_len = hlen + addend; 12191da177e4SLinus Torvalds dev->mtu = mtu - addend; 12201da177e4SLinus Torvalds tunnel->hlen = addend; 12211da177e4SLinus Torvalds return 0; 12221da177e4SLinus Torvalds } 12231da177e4SLinus Torvalds 12244b30b1c6SAdrian Bunk static int __init ipgre_fb_tunnel_init(struct net_device *dev) 12251da177e4SLinus Torvalds { 12262941a486SPatrick McHardy struct ip_tunnel *tunnel = netdev_priv(dev); 12271da177e4SLinus Torvalds struct iphdr *iph = &tunnel->parms.iph; 12281da177e4SLinus Torvalds 12291da177e4SLinus Torvalds tunnel->dev = dev; 12301da177e4SLinus Torvalds strcpy(tunnel->parms.name, dev->name); 12311da177e4SLinus Torvalds 12321da177e4SLinus Torvalds iph->version = 4; 12331da177e4SLinus Torvalds iph->protocol = IPPROTO_GRE; 12341da177e4SLinus Torvalds iph->ihl = 5; 12351da177e4SLinus Torvalds tunnel->hlen = sizeof(struct iphdr) + 4; 12361da177e4SLinus Torvalds 12371da177e4SLinus Torvalds dev_hold(dev); 12381da177e4SLinus Torvalds tunnels_wc[0] = tunnel; 12391da177e4SLinus Torvalds return 0; 12401da177e4SLinus Torvalds } 12411da177e4SLinus Torvalds 12421da177e4SLinus Torvalds 12431da177e4SLinus Torvalds static struct net_protocol ipgre_protocol = { 12441da177e4SLinus Torvalds .handler = ipgre_rcv, 12451da177e4SLinus Torvalds .err_handler = ipgre_err, 12461da177e4SLinus Torvalds }; 12471da177e4SLinus Torvalds 12481da177e4SLinus Torvalds 12491da177e4SLinus Torvalds /* 12501da177e4SLinus Torvalds * And now the modules code and kernel interface. 12511da177e4SLinus Torvalds */ 12521da177e4SLinus Torvalds 12531da177e4SLinus Torvalds static int __init ipgre_init(void) 12541da177e4SLinus Torvalds { 12551da177e4SLinus Torvalds int err; 12561da177e4SLinus Torvalds 12571da177e4SLinus Torvalds printk(KERN_INFO "GRE over IPv4 tunneling driver\n"); 12581da177e4SLinus Torvalds 12591da177e4SLinus Torvalds if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) { 12601da177e4SLinus Torvalds printk(KERN_INFO "ipgre init: can't add protocol\n"); 12611da177e4SLinus Torvalds return -EAGAIN; 12621da177e4SLinus Torvalds } 12631da177e4SLinus Torvalds 12641da177e4SLinus Torvalds ipgre_fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0", 12651da177e4SLinus Torvalds ipgre_tunnel_setup); 12661da177e4SLinus Torvalds if (!ipgre_fb_tunnel_dev) { 12671da177e4SLinus Torvalds err = -ENOMEM; 12681da177e4SLinus Torvalds goto err1; 12691da177e4SLinus Torvalds } 12701da177e4SLinus Torvalds 12711da177e4SLinus Torvalds ipgre_fb_tunnel_dev->init = ipgre_fb_tunnel_init; 12721da177e4SLinus Torvalds 12731da177e4SLinus Torvalds if ((err = register_netdev(ipgre_fb_tunnel_dev))) 12741da177e4SLinus Torvalds goto err2; 12751da177e4SLinus Torvalds out: 12761da177e4SLinus Torvalds return err; 12771da177e4SLinus Torvalds err2: 12781da177e4SLinus Torvalds free_netdev(ipgre_fb_tunnel_dev); 12791da177e4SLinus Torvalds err1: 12801da177e4SLinus Torvalds inet_del_protocol(&ipgre_protocol, IPPROTO_GRE); 12811da177e4SLinus Torvalds goto out; 12821da177e4SLinus Torvalds } 12831da177e4SLinus Torvalds 1284db44575fSAlexey Kuznetsov static void __exit ipgre_destroy_tunnels(void) 1285db44575fSAlexey Kuznetsov { 1286db44575fSAlexey Kuznetsov int prio; 1287db44575fSAlexey Kuznetsov 1288db44575fSAlexey Kuznetsov for (prio = 0; prio < 4; prio++) { 1289db44575fSAlexey Kuznetsov int h; 1290db44575fSAlexey Kuznetsov for (h = 0; h < HASH_SIZE; h++) { 1291db44575fSAlexey Kuznetsov struct ip_tunnel *t; 1292db44575fSAlexey Kuznetsov while ((t = tunnels[prio][h]) != NULL) 1293db44575fSAlexey Kuznetsov unregister_netdevice(t->dev); 1294db44575fSAlexey Kuznetsov } 1295db44575fSAlexey Kuznetsov } 1296db44575fSAlexey Kuznetsov } 1297db44575fSAlexey Kuznetsov 1298db44575fSAlexey Kuznetsov static void __exit ipgre_fini(void) 12991da177e4SLinus Torvalds { 13001da177e4SLinus Torvalds if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) 13011da177e4SLinus Torvalds printk(KERN_INFO "ipgre close: can't remove protocol\n"); 13021da177e4SLinus Torvalds 1303db44575fSAlexey Kuznetsov rtnl_lock(); 1304db44575fSAlexey Kuznetsov ipgre_destroy_tunnels(); 1305db44575fSAlexey Kuznetsov rtnl_unlock(); 13061da177e4SLinus Torvalds } 13071da177e4SLinus Torvalds 13081da177e4SLinus Torvalds module_init(ipgre_init); 13091da177e4SLinus Torvalds module_exit(ipgre_fini); 13101da177e4SLinus Torvalds MODULE_LICENSE("GPL"); 1311