11da177e4SLinus Torvalds /* 21da177e4SLinus Torvalds * Linux NET3: GRE over IP protocol decoder. 31da177e4SLinus Torvalds * 41da177e4SLinus Torvalds * Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru) 51da177e4SLinus Torvalds * 61da177e4SLinus Torvalds * This program is free software; you can redistribute it and/or 71da177e4SLinus Torvalds * modify it under the terms of the GNU General Public License 81da177e4SLinus Torvalds * as published by the Free Software Foundation; either version 91da177e4SLinus Torvalds * 2 of the License, or (at your option) any later version. 101da177e4SLinus Torvalds * 111da177e4SLinus Torvalds */ 121da177e4SLinus Torvalds 134fc268d2SRandy Dunlap #include <linux/capability.h> 141da177e4SLinus Torvalds #include <linux/module.h> 151da177e4SLinus Torvalds #include <linux/types.h> 161da177e4SLinus Torvalds #include <linux/kernel.h> 171da177e4SLinus Torvalds #include <asm/uaccess.h> 181da177e4SLinus Torvalds #include <linux/skbuff.h> 191da177e4SLinus Torvalds #include <linux/netdevice.h> 201da177e4SLinus Torvalds #include <linux/in.h> 211da177e4SLinus Torvalds #include <linux/tcp.h> 221da177e4SLinus Torvalds #include <linux/udp.h> 231da177e4SLinus Torvalds #include <linux/if_arp.h> 241da177e4SLinus Torvalds #include <linux/mroute.h> 251da177e4SLinus Torvalds #include <linux/init.h> 261da177e4SLinus Torvalds #include <linux/in6.h> 271da177e4SLinus Torvalds #include <linux/inetdevice.h> 281da177e4SLinus Torvalds #include <linux/igmp.h> 291da177e4SLinus Torvalds #include <linux/netfilter_ipv4.h> 3046f25dffSKris Katterjohn #include <linux/if_ether.h> 311da177e4SLinus Torvalds 321da177e4SLinus Torvalds #include <net/sock.h> 331da177e4SLinus Torvalds #include <net/ip.h> 341da177e4SLinus Torvalds #include <net/icmp.h> 351da177e4SLinus Torvalds #include <net/protocol.h> 361da177e4SLinus Torvalds #include <net/ipip.h> 371da177e4SLinus Torvalds #include <net/arp.h> 381da177e4SLinus Torvalds #include <net/checksum.h> 391da177e4SLinus Torvalds #include <net/dsfield.h> 401da177e4SLinus Torvalds #include <net/inet_ecn.h> 411da177e4SLinus Torvalds #include <net/xfrm.h> 421da177e4SLinus Torvalds 431da177e4SLinus Torvalds #ifdef CONFIG_IPV6 441da177e4SLinus Torvalds #include <net/ipv6.h> 451da177e4SLinus Torvalds #include <net/ip6_fib.h> 461da177e4SLinus Torvalds #include <net/ip6_route.h> 471da177e4SLinus Torvalds #endif 481da177e4SLinus Torvalds 491da177e4SLinus Torvalds /* 501da177e4SLinus Torvalds Problems & solutions 511da177e4SLinus Torvalds -------------------- 521da177e4SLinus Torvalds 531da177e4SLinus Torvalds 1. The most important issue is detecting local dead loops. 541da177e4SLinus Torvalds They would cause complete host lockup in transmit, which 551da177e4SLinus Torvalds would be "resolved" by stack overflow or, if queueing is enabled, 561da177e4SLinus Torvalds with infinite looping in net_bh. 571da177e4SLinus Torvalds 581da177e4SLinus Torvalds We cannot track such dead loops during route installation, 591da177e4SLinus Torvalds it is infeasible task. The most general solutions would be 601da177e4SLinus Torvalds to keep skb->encapsulation counter (sort of local ttl), 611da177e4SLinus Torvalds and silently drop packet when it expires. It is the best 621da177e4SLinus Torvalds solution, but it supposes maintaing new variable in ALL 631da177e4SLinus Torvalds skb, even if no tunneling is used. 641da177e4SLinus Torvalds 651da177e4SLinus Torvalds Current solution: t->recursion lock breaks dead loops. It looks 661da177e4SLinus Torvalds like dev->tbusy flag, but I preferred new variable, because 671da177e4SLinus Torvalds the semantics is different. One day, when hard_start_xmit 681da177e4SLinus Torvalds will be multithreaded we will have to use skb->encapsulation. 691da177e4SLinus Torvalds 701da177e4SLinus Torvalds 711da177e4SLinus Torvalds 721da177e4SLinus Torvalds 2. Networking dead loops would not kill routers, but would really 731da177e4SLinus Torvalds kill network. IP hop limit plays role of "t->recursion" in this case, 741da177e4SLinus Torvalds if we copy it from packet being encapsulated to upper header. 751da177e4SLinus Torvalds It is very good solution, but it introduces two problems: 761da177e4SLinus Torvalds 771da177e4SLinus Torvalds - Routing protocols, using packets with ttl=1 (OSPF, RIP2), 781da177e4SLinus Torvalds do not work over tunnels. 791da177e4SLinus Torvalds - traceroute does not work. I planned to relay ICMP from tunnel, 801da177e4SLinus Torvalds so that this problem would be solved and traceroute output 811da177e4SLinus Torvalds would even more informative. This idea appeared to be wrong: 821da177e4SLinus Torvalds only Linux complies to rfc1812 now (yes, guys, Linux is the only 831da177e4SLinus Torvalds true router now :-)), all routers (at least, in neighbourhood of mine) 841da177e4SLinus Torvalds return only 8 bytes of payload. It is the end. 851da177e4SLinus Torvalds 861da177e4SLinus Torvalds Hence, if we want that OSPF worked or traceroute said something reasonable, 871da177e4SLinus Torvalds we should search for another solution. 881da177e4SLinus Torvalds 891da177e4SLinus Torvalds One of them is to parse packet trying to detect inner encapsulation 901da177e4SLinus Torvalds made by our node. It is difficult or even impossible, especially, 911da177e4SLinus Torvalds taking into account fragmentation. TO be short, tt is not solution at all. 921da177e4SLinus Torvalds 931da177e4SLinus Torvalds Current solution: The solution was UNEXPECTEDLY SIMPLE. 941da177e4SLinus Torvalds We force DF flag on tunnels with preconfigured hop limit, 951da177e4SLinus Torvalds that is ALL. :-) Well, it does not remove the problem completely, 961da177e4SLinus Torvalds but exponential growth of network traffic is changed to linear 971da177e4SLinus Torvalds (branches, that exceed pmtu are pruned) and tunnel mtu 981da177e4SLinus Torvalds fastly degrades to value <68, where looping stops. 991da177e4SLinus Torvalds Yes, it is not good if there exists a router in the loop, 1001da177e4SLinus Torvalds which does not force DF, even when encapsulating packets have DF set. 1011da177e4SLinus Torvalds But it is not our problem! Nobody could accuse us, we made 1021da177e4SLinus Torvalds all that we could make. Even if it is your gated who injected 1031da177e4SLinus Torvalds fatal route to network, even if it were you who configured 1041da177e4SLinus Torvalds fatal static route: you are innocent. :-) 1051da177e4SLinus Torvalds 1061da177e4SLinus Torvalds 1071da177e4SLinus Torvalds 1081da177e4SLinus Torvalds 3. Really, ipv4/ipip.c, ipv4/ip_gre.c and ipv6/sit.c contain 1091da177e4SLinus Torvalds practically identical code. It would be good to glue them 1101da177e4SLinus Torvalds together, but it is not very evident, how to make them modular. 1111da177e4SLinus Torvalds sit is integral part of IPv6, ipip and gre are naturally modular. 1121da177e4SLinus Torvalds We could extract common parts (hash table, ioctl etc) 1131da177e4SLinus Torvalds to a separate module (ip_tunnel.c). 1141da177e4SLinus Torvalds 1151da177e4SLinus Torvalds Alexey Kuznetsov. 1161da177e4SLinus Torvalds */ 1171da177e4SLinus Torvalds 1181da177e4SLinus Torvalds static int ipgre_tunnel_init(struct net_device *dev); 1191da177e4SLinus Torvalds static void ipgre_tunnel_setup(struct net_device *dev); 1201da177e4SLinus Torvalds 1211da177e4SLinus Torvalds /* Fallback tunnel: no source, no destination, no key, no options */ 1221da177e4SLinus Torvalds 1231da177e4SLinus Torvalds static int ipgre_fb_tunnel_init(struct net_device *dev); 1241da177e4SLinus Torvalds 1251da177e4SLinus Torvalds static struct net_device *ipgre_fb_tunnel_dev; 1261da177e4SLinus Torvalds 1271da177e4SLinus Torvalds /* Tunnel hash table */ 1281da177e4SLinus Torvalds 1291da177e4SLinus Torvalds /* 1301da177e4SLinus Torvalds 4 hash tables: 1311da177e4SLinus Torvalds 1321da177e4SLinus Torvalds 3: (remote,local) 1331da177e4SLinus Torvalds 2: (remote,*) 1341da177e4SLinus Torvalds 1: (*,local) 1351da177e4SLinus Torvalds 0: (*,*) 1361da177e4SLinus Torvalds 1371da177e4SLinus Torvalds We require exact key match i.e. if a key is present in packet 1381da177e4SLinus Torvalds it will match only tunnel with the same key; if it is not present, 1391da177e4SLinus Torvalds it will match only keyless tunnel. 1401da177e4SLinus Torvalds 1411da177e4SLinus Torvalds All keysless packets, if not matched configured keyless tunnels 1421da177e4SLinus Torvalds will match fallback tunnel. 1431da177e4SLinus Torvalds */ 1441da177e4SLinus Torvalds 1451da177e4SLinus Torvalds #define HASH_SIZE 16 146d5a0a1e3SAl Viro #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF) 1471da177e4SLinus Torvalds 1481da177e4SLinus Torvalds static struct ip_tunnel *tunnels[4][HASH_SIZE]; 1491da177e4SLinus Torvalds 1501da177e4SLinus Torvalds #define tunnels_r_l (tunnels[3]) 1511da177e4SLinus Torvalds #define tunnels_r (tunnels[2]) 1521da177e4SLinus Torvalds #define tunnels_l (tunnels[1]) 1531da177e4SLinus Torvalds #define tunnels_wc (tunnels[0]) 1541da177e4SLinus Torvalds 1551da177e4SLinus Torvalds static DEFINE_RWLOCK(ipgre_lock); 1561da177e4SLinus Torvalds 1571da177e4SLinus Torvalds /* Given src, dst and key, find appropriate for input tunnel. */ 1581da177e4SLinus Torvalds 159d5a0a1e3SAl Viro static struct ip_tunnel * ipgre_tunnel_lookup(__be32 remote, __be32 local, __be32 key) 1601da177e4SLinus Torvalds { 1611da177e4SLinus Torvalds unsigned h0 = HASH(remote); 1621da177e4SLinus Torvalds unsigned h1 = HASH(key); 1631da177e4SLinus Torvalds struct ip_tunnel *t; 1641da177e4SLinus Torvalds 1651da177e4SLinus Torvalds for (t = tunnels_r_l[h0^h1]; t; t = t->next) { 1661da177e4SLinus Torvalds if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) { 1671da177e4SLinus Torvalds if (t->parms.i_key == key && (t->dev->flags&IFF_UP)) 1681da177e4SLinus Torvalds return t; 1691da177e4SLinus Torvalds } 1701da177e4SLinus Torvalds } 1711da177e4SLinus Torvalds for (t = tunnels_r[h0^h1]; t; t = t->next) { 1721da177e4SLinus Torvalds if (remote == t->parms.iph.daddr) { 1731da177e4SLinus Torvalds if (t->parms.i_key == key && (t->dev->flags&IFF_UP)) 1741da177e4SLinus Torvalds return t; 1751da177e4SLinus Torvalds } 1761da177e4SLinus Torvalds } 1771da177e4SLinus Torvalds for (t = tunnels_l[h1]; t; t = t->next) { 1781da177e4SLinus Torvalds if (local == t->parms.iph.saddr || 179*f97c1e0cSJoe Perches (local == t->parms.iph.daddr && 180*f97c1e0cSJoe Perches ipv4_is_multicast(local))) { 1811da177e4SLinus Torvalds if (t->parms.i_key == key && (t->dev->flags&IFF_UP)) 1821da177e4SLinus Torvalds return t; 1831da177e4SLinus Torvalds } 1841da177e4SLinus Torvalds } 1851da177e4SLinus Torvalds for (t = tunnels_wc[h1]; t; t = t->next) { 1861da177e4SLinus Torvalds if (t->parms.i_key == key && (t->dev->flags&IFF_UP)) 1871da177e4SLinus Torvalds return t; 1881da177e4SLinus Torvalds } 1891da177e4SLinus Torvalds 1901da177e4SLinus Torvalds if (ipgre_fb_tunnel_dev->flags&IFF_UP) 1912941a486SPatrick McHardy return netdev_priv(ipgre_fb_tunnel_dev); 1921da177e4SLinus Torvalds return NULL; 1931da177e4SLinus Torvalds } 1941da177e4SLinus Torvalds 1955056a1efSYOSHIFUJI Hideaki static struct ip_tunnel **__ipgre_bucket(struct ip_tunnel_parm *parms) 1961da177e4SLinus Torvalds { 1975056a1efSYOSHIFUJI Hideaki __be32 remote = parms->iph.daddr; 1985056a1efSYOSHIFUJI Hideaki __be32 local = parms->iph.saddr; 1995056a1efSYOSHIFUJI Hideaki __be32 key = parms->i_key; 2001da177e4SLinus Torvalds unsigned h = HASH(key); 2011da177e4SLinus Torvalds int prio = 0; 2021da177e4SLinus Torvalds 2031da177e4SLinus Torvalds if (local) 2041da177e4SLinus Torvalds prio |= 1; 205*f97c1e0cSJoe Perches if (remote && !ipv4_is_multicast(remote)) { 2061da177e4SLinus Torvalds prio |= 2; 2071da177e4SLinus Torvalds h ^= HASH(remote); 2081da177e4SLinus Torvalds } 2091da177e4SLinus Torvalds 2101da177e4SLinus Torvalds return &tunnels[prio][h]; 2111da177e4SLinus Torvalds } 2121da177e4SLinus Torvalds 2135056a1efSYOSHIFUJI Hideaki static inline struct ip_tunnel **ipgre_bucket(struct ip_tunnel *t) 2145056a1efSYOSHIFUJI Hideaki { 2155056a1efSYOSHIFUJI Hideaki return __ipgre_bucket(&t->parms); 2165056a1efSYOSHIFUJI Hideaki } 2175056a1efSYOSHIFUJI Hideaki 2181da177e4SLinus Torvalds static void ipgre_tunnel_link(struct ip_tunnel *t) 2191da177e4SLinus Torvalds { 2201da177e4SLinus Torvalds struct ip_tunnel **tp = ipgre_bucket(t); 2211da177e4SLinus Torvalds 2221da177e4SLinus Torvalds t->next = *tp; 2231da177e4SLinus Torvalds write_lock_bh(&ipgre_lock); 2241da177e4SLinus Torvalds *tp = t; 2251da177e4SLinus Torvalds write_unlock_bh(&ipgre_lock); 2261da177e4SLinus Torvalds } 2271da177e4SLinus Torvalds 2281da177e4SLinus Torvalds static void ipgre_tunnel_unlink(struct ip_tunnel *t) 2291da177e4SLinus Torvalds { 2301da177e4SLinus Torvalds struct ip_tunnel **tp; 2311da177e4SLinus Torvalds 2321da177e4SLinus Torvalds for (tp = ipgre_bucket(t); *tp; tp = &(*tp)->next) { 2331da177e4SLinus Torvalds if (t == *tp) { 2341da177e4SLinus Torvalds write_lock_bh(&ipgre_lock); 2351da177e4SLinus Torvalds *tp = t->next; 2361da177e4SLinus Torvalds write_unlock_bh(&ipgre_lock); 2371da177e4SLinus Torvalds break; 2381da177e4SLinus Torvalds } 2391da177e4SLinus Torvalds } 2401da177e4SLinus Torvalds } 2411da177e4SLinus Torvalds 2421da177e4SLinus Torvalds static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int create) 2431da177e4SLinus Torvalds { 244d5a0a1e3SAl Viro __be32 remote = parms->iph.daddr; 245d5a0a1e3SAl Viro __be32 local = parms->iph.saddr; 246d5a0a1e3SAl Viro __be32 key = parms->i_key; 2471da177e4SLinus Torvalds struct ip_tunnel *t, **tp, *nt; 2481da177e4SLinus Torvalds struct net_device *dev; 2491da177e4SLinus Torvalds char name[IFNAMSIZ]; 2501da177e4SLinus Torvalds 2515056a1efSYOSHIFUJI Hideaki for (tp = __ipgre_bucket(parms); (t = *tp) != NULL; tp = &t->next) { 2521da177e4SLinus Torvalds if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) { 2531da177e4SLinus Torvalds if (key == t->parms.i_key) 2541da177e4SLinus Torvalds return t; 2551da177e4SLinus Torvalds } 2561da177e4SLinus Torvalds } 2571da177e4SLinus Torvalds if (!create) 2581da177e4SLinus Torvalds return NULL; 2591da177e4SLinus Torvalds 2601da177e4SLinus Torvalds if (parms->name[0]) 2611da177e4SLinus Torvalds strlcpy(name, parms->name, IFNAMSIZ); 2621da177e4SLinus Torvalds else { 2631da177e4SLinus Torvalds int i; 2641da177e4SLinus Torvalds for (i=1; i<100; i++) { 2651da177e4SLinus Torvalds sprintf(name, "gre%d", i); 266881d966bSEric W. Biederman if (__dev_get_by_name(&init_net, name) == NULL) 2671da177e4SLinus Torvalds break; 2681da177e4SLinus Torvalds } 2691da177e4SLinus Torvalds if (i==100) 2701da177e4SLinus Torvalds goto failed; 2711da177e4SLinus Torvalds } 2721da177e4SLinus Torvalds 2731da177e4SLinus Torvalds dev = alloc_netdev(sizeof(*t), name, ipgre_tunnel_setup); 2741da177e4SLinus Torvalds if (!dev) 2751da177e4SLinus Torvalds return NULL; 2761da177e4SLinus Torvalds 2771da177e4SLinus Torvalds dev->init = ipgre_tunnel_init; 2782941a486SPatrick McHardy nt = netdev_priv(dev); 2791da177e4SLinus Torvalds nt->parms = *parms; 2801da177e4SLinus Torvalds 2811da177e4SLinus Torvalds if (register_netdevice(dev) < 0) { 2821da177e4SLinus Torvalds free_netdev(dev); 2831da177e4SLinus Torvalds goto failed; 2841da177e4SLinus Torvalds } 2851da177e4SLinus Torvalds 2861da177e4SLinus Torvalds dev_hold(dev); 2871da177e4SLinus Torvalds ipgre_tunnel_link(nt); 2881da177e4SLinus Torvalds return nt; 2891da177e4SLinus Torvalds 2901da177e4SLinus Torvalds failed: 2911da177e4SLinus Torvalds return NULL; 2921da177e4SLinus Torvalds } 2931da177e4SLinus Torvalds 2941da177e4SLinus Torvalds static void ipgre_tunnel_uninit(struct net_device *dev) 2951da177e4SLinus Torvalds { 2962941a486SPatrick McHardy ipgre_tunnel_unlink(netdev_priv(dev)); 2971da177e4SLinus Torvalds dev_put(dev); 2981da177e4SLinus Torvalds } 2991da177e4SLinus Torvalds 3001da177e4SLinus Torvalds 3011da177e4SLinus Torvalds static void ipgre_err(struct sk_buff *skb, u32 info) 3021da177e4SLinus Torvalds { 3031da177e4SLinus Torvalds #ifndef I_WISH_WORLD_WERE_PERFECT 3041da177e4SLinus Torvalds 3051da177e4SLinus Torvalds /* It is not :-( All the routers (except for Linux) return only 3061da177e4SLinus Torvalds 8 bytes of packet payload. It means, that precise relaying of 3071da177e4SLinus Torvalds ICMP in the real Internet is absolutely infeasible. 3081da177e4SLinus Torvalds 3091da177e4SLinus Torvalds Moreover, Cisco "wise men" put GRE key to the third word 3101da177e4SLinus Torvalds in GRE header. It makes impossible maintaining even soft state for keyed 3111da177e4SLinus Torvalds GRE tunnels with enabled checksum. Tell them "thank you". 3121da177e4SLinus Torvalds 3131da177e4SLinus Torvalds Well, I wonder, rfc1812 was written by Cisco employee, 3141da177e4SLinus Torvalds what the hell these idiots break standrads established 3151da177e4SLinus Torvalds by themself??? 3161da177e4SLinus Torvalds */ 3171da177e4SLinus Torvalds 3181da177e4SLinus Torvalds struct iphdr *iph = (struct iphdr*)skb->data; 319d5a0a1e3SAl Viro __be16 *p = (__be16*)(skb->data+(iph->ihl<<2)); 3201da177e4SLinus Torvalds int grehlen = (iph->ihl<<2) + 4; 32188c7664fSArnaldo Carvalho de Melo const int type = icmp_hdr(skb)->type; 32288c7664fSArnaldo Carvalho de Melo const int code = icmp_hdr(skb)->code; 3231da177e4SLinus Torvalds struct ip_tunnel *t; 324d5a0a1e3SAl Viro __be16 flags; 3251da177e4SLinus Torvalds 3261da177e4SLinus Torvalds flags = p[0]; 3271da177e4SLinus Torvalds if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) { 3281da177e4SLinus Torvalds if (flags&(GRE_VERSION|GRE_ROUTING)) 3291da177e4SLinus Torvalds return; 3301da177e4SLinus Torvalds if (flags&GRE_KEY) { 3311da177e4SLinus Torvalds grehlen += 4; 3321da177e4SLinus Torvalds if (flags&GRE_CSUM) 3331da177e4SLinus Torvalds grehlen += 4; 3341da177e4SLinus Torvalds } 3351da177e4SLinus Torvalds } 3361da177e4SLinus Torvalds 3371da177e4SLinus Torvalds /* If only 8 bytes returned, keyed message will be dropped here */ 3381da177e4SLinus Torvalds if (skb_headlen(skb) < grehlen) 3391da177e4SLinus Torvalds return; 3401da177e4SLinus Torvalds 3411da177e4SLinus Torvalds switch (type) { 3421da177e4SLinus Torvalds default: 3431da177e4SLinus Torvalds case ICMP_PARAMETERPROB: 3441da177e4SLinus Torvalds return; 3451da177e4SLinus Torvalds 3461da177e4SLinus Torvalds case ICMP_DEST_UNREACH: 3471da177e4SLinus Torvalds switch (code) { 3481da177e4SLinus Torvalds case ICMP_SR_FAILED: 3491da177e4SLinus Torvalds case ICMP_PORT_UNREACH: 3501da177e4SLinus Torvalds /* Impossible event. */ 3511da177e4SLinus Torvalds return; 3521da177e4SLinus Torvalds case ICMP_FRAG_NEEDED: 3531da177e4SLinus Torvalds /* Soft state for pmtu is maintained by IP core. */ 3541da177e4SLinus Torvalds return; 3551da177e4SLinus Torvalds default: 3561da177e4SLinus Torvalds /* All others are translated to HOST_UNREACH. 3571da177e4SLinus Torvalds rfc2003 contains "deep thoughts" about NET_UNREACH, 3581da177e4SLinus Torvalds I believe they are just ether pollution. --ANK 3591da177e4SLinus Torvalds */ 3601da177e4SLinus Torvalds break; 3611da177e4SLinus Torvalds } 3621da177e4SLinus Torvalds break; 3631da177e4SLinus Torvalds case ICMP_TIME_EXCEEDED: 3641da177e4SLinus Torvalds if (code != ICMP_EXC_TTL) 3651da177e4SLinus Torvalds return; 3661da177e4SLinus Torvalds break; 3671da177e4SLinus Torvalds } 3681da177e4SLinus Torvalds 3691da177e4SLinus Torvalds read_lock(&ipgre_lock); 370d5a0a1e3SAl Viro t = ipgre_tunnel_lookup(iph->daddr, iph->saddr, (flags&GRE_KEY) ? *(((__be32*)p) + (grehlen>>2) - 1) : 0); 371*f97c1e0cSJoe Perches if (t == NULL || t->parms.iph.daddr == 0 || 372*f97c1e0cSJoe Perches ipv4_is_multicast(t->parms.iph.daddr)) 3731da177e4SLinus Torvalds goto out; 3741da177e4SLinus Torvalds 3751da177e4SLinus Torvalds if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED) 3761da177e4SLinus Torvalds goto out; 3771da177e4SLinus Torvalds 3781da177e4SLinus Torvalds if (jiffies - t->err_time < IPTUNNEL_ERR_TIMEO) 3791da177e4SLinus Torvalds t->err_count++; 3801da177e4SLinus Torvalds else 3811da177e4SLinus Torvalds t->err_count = 1; 3821da177e4SLinus Torvalds t->err_time = jiffies; 3831da177e4SLinus Torvalds out: 3841da177e4SLinus Torvalds read_unlock(&ipgre_lock); 3851da177e4SLinus Torvalds return; 3861da177e4SLinus Torvalds #else 3871da177e4SLinus Torvalds struct iphdr *iph = (struct iphdr*)dp; 3881da177e4SLinus Torvalds struct iphdr *eiph; 389d5a0a1e3SAl Viro __be16 *p = (__be16*)(dp+(iph->ihl<<2)); 39088c7664fSArnaldo Carvalho de Melo const int type = icmp_hdr(skb)->type; 39188c7664fSArnaldo Carvalho de Melo const int code = icmp_hdr(skb)->code; 3921da177e4SLinus Torvalds int rel_type = 0; 3931da177e4SLinus Torvalds int rel_code = 0; 394c55e2f49SAl Viro __be32 rel_info = 0; 395c55e2f49SAl Viro __u32 n = 0; 396d5a0a1e3SAl Viro __be16 flags; 3971da177e4SLinus Torvalds int grehlen = (iph->ihl<<2) + 4; 3981da177e4SLinus Torvalds struct sk_buff *skb2; 3991da177e4SLinus Torvalds struct flowi fl; 4001da177e4SLinus Torvalds struct rtable *rt; 4011da177e4SLinus Torvalds 4021da177e4SLinus Torvalds if (p[1] != htons(ETH_P_IP)) 4031da177e4SLinus Torvalds return; 4041da177e4SLinus Torvalds 4051da177e4SLinus Torvalds flags = p[0]; 4061da177e4SLinus Torvalds if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) { 4071da177e4SLinus Torvalds if (flags&(GRE_VERSION|GRE_ROUTING)) 4081da177e4SLinus Torvalds return; 4091da177e4SLinus Torvalds if (flags&GRE_CSUM) 4101da177e4SLinus Torvalds grehlen += 4; 4111da177e4SLinus Torvalds if (flags&GRE_KEY) 4121da177e4SLinus Torvalds grehlen += 4; 4131da177e4SLinus Torvalds if (flags&GRE_SEQ) 4141da177e4SLinus Torvalds grehlen += 4; 4151da177e4SLinus Torvalds } 4161da177e4SLinus Torvalds if (len < grehlen + sizeof(struct iphdr)) 4171da177e4SLinus Torvalds return; 4181da177e4SLinus Torvalds eiph = (struct iphdr*)(dp + grehlen); 4191da177e4SLinus Torvalds 4201da177e4SLinus Torvalds switch (type) { 4211da177e4SLinus Torvalds default: 4221da177e4SLinus Torvalds return; 4231da177e4SLinus Torvalds case ICMP_PARAMETERPROB: 42488c7664fSArnaldo Carvalho de Melo n = ntohl(icmp_hdr(skb)->un.gateway) >> 24; 425c55e2f49SAl Viro if (n < (iph->ihl<<2)) 4261da177e4SLinus Torvalds return; 4271da177e4SLinus Torvalds 4281da177e4SLinus Torvalds /* So... This guy found something strange INSIDE encapsulated 4291da177e4SLinus Torvalds packet. Well, he is fool, but what can we do ? 4301da177e4SLinus Torvalds */ 4311da177e4SLinus Torvalds rel_type = ICMP_PARAMETERPROB; 432c55e2f49SAl Viro n -= grehlen; 433c55e2f49SAl Viro rel_info = htonl(n << 24); 4341da177e4SLinus Torvalds break; 4351da177e4SLinus Torvalds 4361da177e4SLinus Torvalds case ICMP_DEST_UNREACH: 4371da177e4SLinus Torvalds switch (code) { 4381da177e4SLinus Torvalds case ICMP_SR_FAILED: 4391da177e4SLinus Torvalds case ICMP_PORT_UNREACH: 4401da177e4SLinus Torvalds /* Impossible event. */ 4411da177e4SLinus Torvalds return; 4421da177e4SLinus Torvalds case ICMP_FRAG_NEEDED: 4431da177e4SLinus Torvalds /* And it is the only really necessary thing :-) */ 44488c7664fSArnaldo Carvalho de Melo n = ntohs(icmp_hdr(skb)->un.frag.mtu); 445c55e2f49SAl Viro if (n < grehlen+68) 4461da177e4SLinus Torvalds return; 447c55e2f49SAl Viro n -= grehlen; 4481da177e4SLinus Torvalds /* BSD 4.2 MORE DOES NOT EXIST IN NATURE. */ 449c55e2f49SAl Viro if (n > ntohs(eiph->tot_len)) 4501da177e4SLinus Torvalds return; 451c55e2f49SAl Viro rel_info = htonl(n); 4521da177e4SLinus Torvalds break; 4531da177e4SLinus Torvalds default: 4541da177e4SLinus Torvalds /* All others are translated to HOST_UNREACH. 4551da177e4SLinus Torvalds rfc2003 contains "deep thoughts" about NET_UNREACH, 4561da177e4SLinus Torvalds I believe, it is just ether pollution. --ANK 4571da177e4SLinus Torvalds */ 4581da177e4SLinus Torvalds rel_type = ICMP_DEST_UNREACH; 4591da177e4SLinus Torvalds rel_code = ICMP_HOST_UNREACH; 4601da177e4SLinus Torvalds break; 4611da177e4SLinus Torvalds } 4621da177e4SLinus Torvalds break; 4631da177e4SLinus Torvalds case ICMP_TIME_EXCEEDED: 4641da177e4SLinus Torvalds if (code != ICMP_EXC_TTL) 4651da177e4SLinus Torvalds return; 4661da177e4SLinus Torvalds break; 4671da177e4SLinus Torvalds } 4681da177e4SLinus Torvalds 4691da177e4SLinus Torvalds /* Prepare fake skb to feed it to icmp_send */ 4701da177e4SLinus Torvalds skb2 = skb_clone(skb, GFP_ATOMIC); 4711da177e4SLinus Torvalds if (skb2 == NULL) 4721da177e4SLinus Torvalds return; 4731da177e4SLinus Torvalds dst_release(skb2->dst); 4741da177e4SLinus Torvalds skb2->dst = NULL; 4751da177e4SLinus Torvalds skb_pull(skb2, skb->data - (u8*)eiph); 476c1d2bbe1SArnaldo Carvalho de Melo skb_reset_network_header(skb2); 4771da177e4SLinus Torvalds 4781da177e4SLinus Torvalds /* Try to guess incoming interface */ 4791da177e4SLinus Torvalds memset(&fl, 0, sizeof(fl)); 4801da177e4SLinus Torvalds fl.fl4_dst = eiph->saddr; 4811da177e4SLinus Torvalds fl.fl4_tos = RT_TOS(eiph->tos); 4821da177e4SLinus Torvalds fl.proto = IPPROTO_GRE; 4831da177e4SLinus Torvalds if (ip_route_output_key(&rt, &fl)) { 4841da177e4SLinus Torvalds kfree_skb(skb2); 4851da177e4SLinus Torvalds return; 4861da177e4SLinus Torvalds } 4871da177e4SLinus Torvalds skb2->dev = rt->u.dst.dev; 4881da177e4SLinus Torvalds 4891da177e4SLinus Torvalds /* route "incoming" packet */ 4901da177e4SLinus Torvalds if (rt->rt_flags&RTCF_LOCAL) { 4911da177e4SLinus Torvalds ip_rt_put(rt); 4921da177e4SLinus Torvalds rt = NULL; 4931da177e4SLinus Torvalds fl.fl4_dst = eiph->daddr; 4941da177e4SLinus Torvalds fl.fl4_src = eiph->saddr; 4951da177e4SLinus Torvalds fl.fl4_tos = eiph->tos; 4961da177e4SLinus Torvalds if (ip_route_output_key(&rt, &fl) || 4971da177e4SLinus Torvalds rt->u.dst.dev->type != ARPHRD_IPGRE) { 4981da177e4SLinus Torvalds ip_rt_put(rt); 4991da177e4SLinus Torvalds kfree_skb(skb2); 5001da177e4SLinus Torvalds return; 5011da177e4SLinus Torvalds } 5021da177e4SLinus Torvalds } else { 5031da177e4SLinus Torvalds ip_rt_put(rt); 5041da177e4SLinus Torvalds if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, skb2->dev) || 5051da177e4SLinus Torvalds skb2->dst->dev->type != ARPHRD_IPGRE) { 5061da177e4SLinus Torvalds kfree_skb(skb2); 5071da177e4SLinus Torvalds return; 5081da177e4SLinus Torvalds } 5091da177e4SLinus Torvalds } 5101da177e4SLinus Torvalds 5111da177e4SLinus Torvalds /* change mtu on this route */ 5121da177e4SLinus Torvalds if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { 513c55e2f49SAl Viro if (n > dst_mtu(skb2->dst)) { 5141da177e4SLinus Torvalds kfree_skb(skb2); 5151da177e4SLinus Torvalds return; 5161da177e4SLinus Torvalds } 517c55e2f49SAl Viro skb2->dst->ops->update_pmtu(skb2->dst, n); 5181da177e4SLinus Torvalds } else if (type == ICMP_TIME_EXCEEDED) { 5192941a486SPatrick McHardy struct ip_tunnel *t = netdev_priv(skb2->dev); 5201da177e4SLinus Torvalds if (t->parms.iph.ttl) { 5211da177e4SLinus Torvalds rel_type = ICMP_DEST_UNREACH; 5221da177e4SLinus Torvalds rel_code = ICMP_HOST_UNREACH; 5231da177e4SLinus Torvalds } 5241da177e4SLinus Torvalds } 5251da177e4SLinus Torvalds 5261da177e4SLinus Torvalds icmp_send(skb2, rel_type, rel_code, rel_info); 5271da177e4SLinus Torvalds kfree_skb(skb2); 5281da177e4SLinus Torvalds #endif 5291da177e4SLinus Torvalds } 5301da177e4SLinus Torvalds 5311da177e4SLinus Torvalds static inline void ipgre_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb) 5321da177e4SLinus Torvalds { 5331da177e4SLinus Torvalds if (INET_ECN_is_ce(iph->tos)) { 5341da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) { 535eddc9ec5SArnaldo Carvalho de Melo IP_ECN_set_ce(ip_hdr(skb)); 5361da177e4SLinus Torvalds } else if (skb->protocol == htons(ETH_P_IPV6)) { 5370660e03fSArnaldo Carvalho de Melo IP6_ECN_set_ce(ipv6_hdr(skb)); 5381da177e4SLinus Torvalds } 5391da177e4SLinus Torvalds } 5401da177e4SLinus Torvalds } 5411da177e4SLinus Torvalds 5421da177e4SLinus Torvalds static inline u8 5431da177e4SLinus Torvalds ipgre_ecn_encapsulate(u8 tos, struct iphdr *old_iph, struct sk_buff *skb) 5441da177e4SLinus Torvalds { 5451da177e4SLinus Torvalds u8 inner = 0; 5461da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) 5471da177e4SLinus Torvalds inner = old_iph->tos; 5481da177e4SLinus Torvalds else if (skb->protocol == htons(ETH_P_IPV6)) 5491da177e4SLinus Torvalds inner = ipv6_get_dsfield((struct ipv6hdr *)old_iph); 5501da177e4SLinus Torvalds return INET_ECN_encapsulate(tos, inner); 5511da177e4SLinus Torvalds } 5521da177e4SLinus Torvalds 5531da177e4SLinus Torvalds static int ipgre_rcv(struct sk_buff *skb) 5541da177e4SLinus Torvalds { 5551da177e4SLinus Torvalds struct iphdr *iph; 5561da177e4SLinus Torvalds u8 *h; 557d5a0a1e3SAl Viro __be16 flags; 558d3bc23e7SAl Viro __sum16 csum = 0; 559d5a0a1e3SAl Viro __be32 key = 0; 5601da177e4SLinus Torvalds u32 seqno = 0; 5611da177e4SLinus Torvalds struct ip_tunnel *tunnel; 5621da177e4SLinus Torvalds int offset = 4; 5631da177e4SLinus Torvalds 5641da177e4SLinus Torvalds if (!pskb_may_pull(skb, 16)) 5651da177e4SLinus Torvalds goto drop_nolock; 5661da177e4SLinus Torvalds 567eddc9ec5SArnaldo Carvalho de Melo iph = ip_hdr(skb); 5681da177e4SLinus Torvalds h = skb->data; 569d5a0a1e3SAl Viro flags = *(__be16*)h; 5701da177e4SLinus Torvalds 5711da177e4SLinus Torvalds if (flags&(GRE_CSUM|GRE_KEY|GRE_ROUTING|GRE_SEQ|GRE_VERSION)) { 5721da177e4SLinus Torvalds /* - Version must be 0. 5731da177e4SLinus Torvalds - We do not support routing headers. 5741da177e4SLinus Torvalds */ 5751da177e4SLinus Torvalds if (flags&(GRE_VERSION|GRE_ROUTING)) 5761da177e4SLinus Torvalds goto drop_nolock; 5771da177e4SLinus Torvalds 5781da177e4SLinus Torvalds if (flags&GRE_CSUM) { 579fb286bb2SHerbert Xu switch (skb->ip_summed) { 58084fa7933SPatrick McHardy case CHECKSUM_COMPLETE: 581d3bc23e7SAl Viro csum = csum_fold(skb->csum); 582fb286bb2SHerbert Xu if (!csum) 583fb286bb2SHerbert Xu break; 584fb286bb2SHerbert Xu /* fall through */ 585fb286bb2SHerbert Xu case CHECKSUM_NONE: 586fb286bb2SHerbert Xu skb->csum = 0; 587fb286bb2SHerbert Xu csum = __skb_checksum_complete(skb); 58884fa7933SPatrick McHardy skb->ip_summed = CHECKSUM_COMPLETE; 5891da177e4SLinus Torvalds } 5901da177e4SLinus Torvalds offset += 4; 5911da177e4SLinus Torvalds } 5921da177e4SLinus Torvalds if (flags&GRE_KEY) { 593d5a0a1e3SAl Viro key = *(__be32*)(h + offset); 5941da177e4SLinus Torvalds offset += 4; 5951da177e4SLinus Torvalds } 5961da177e4SLinus Torvalds if (flags&GRE_SEQ) { 597d5a0a1e3SAl Viro seqno = ntohl(*(__be32*)(h + offset)); 5981da177e4SLinus Torvalds offset += 4; 5991da177e4SLinus Torvalds } 6001da177e4SLinus Torvalds } 6011da177e4SLinus Torvalds 6021da177e4SLinus Torvalds read_lock(&ipgre_lock); 6031da177e4SLinus Torvalds if ((tunnel = ipgre_tunnel_lookup(iph->saddr, iph->daddr, key)) != NULL) { 6041da177e4SLinus Torvalds secpath_reset(skb); 6051da177e4SLinus Torvalds 606d5a0a1e3SAl Viro skb->protocol = *(__be16*)(h + 2); 6071da177e4SLinus Torvalds /* WCCP version 1 and 2 protocol decoding. 6081da177e4SLinus Torvalds * - Change protocol to IP 6091da177e4SLinus Torvalds * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header 6101da177e4SLinus Torvalds */ 6111da177e4SLinus Torvalds if (flags == 0 && 612496c98dfSYOSHIFUJI Hideaki skb->protocol == htons(ETH_P_WCCP)) { 613496c98dfSYOSHIFUJI Hideaki skb->protocol = htons(ETH_P_IP); 6141da177e4SLinus Torvalds if ((*(h + offset) & 0xF0) != 0x40) 6151da177e4SLinus Torvalds offset += 4; 6161da177e4SLinus Torvalds } 6171da177e4SLinus Torvalds 6181d069167STimo Teras skb->mac_header = skb->network_header; 6194209fb60SArnaldo Carvalho de Melo __pskb_pull(skb, offset); 6204209fb60SArnaldo Carvalho de Melo skb_reset_network_header(skb); 6219c70220bSArnaldo Carvalho de Melo skb_postpull_rcsum(skb, skb_transport_header(skb), offset); 6221da177e4SLinus Torvalds skb->pkt_type = PACKET_HOST; 6231da177e4SLinus Torvalds #ifdef CONFIG_NET_IPGRE_BROADCAST 624*f97c1e0cSJoe Perches if (ipv4_is_multicast(iph->daddr)) { 6251da177e4SLinus Torvalds /* Looped back packet, drop it! */ 6261da177e4SLinus Torvalds if (((struct rtable*)skb->dst)->fl.iif == 0) 6271da177e4SLinus Torvalds goto drop; 6281da177e4SLinus Torvalds tunnel->stat.multicast++; 6291da177e4SLinus Torvalds skb->pkt_type = PACKET_BROADCAST; 6301da177e4SLinus Torvalds } 6311da177e4SLinus Torvalds #endif 6321da177e4SLinus Torvalds 6331da177e4SLinus Torvalds if (((flags&GRE_CSUM) && csum) || 6341da177e4SLinus Torvalds (!(flags&GRE_CSUM) && tunnel->parms.i_flags&GRE_CSUM)) { 6351da177e4SLinus Torvalds tunnel->stat.rx_crc_errors++; 6361da177e4SLinus Torvalds tunnel->stat.rx_errors++; 6371da177e4SLinus Torvalds goto drop; 6381da177e4SLinus Torvalds } 6391da177e4SLinus Torvalds if (tunnel->parms.i_flags&GRE_SEQ) { 6401da177e4SLinus Torvalds if (!(flags&GRE_SEQ) || 6411da177e4SLinus Torvalds (tunnel->i_seqno && (s32)(seqno - tunnel->i_seqno) < 0)) { 6421da177e4SLinus Torvalds tunnel->stat.rx_fifo_errors++; 6431da177e4SLinus Torvalds tunnel->stat.rx_errors++; 6441da177e4SLinus Torvalds goto drop; 6451da177e4SLinus Torvalds } 6461da177e4SLinus Torvalds tunnel->i_seqno = seqno + 1; 6471da177e4SLinus Torvalds } 6481da177e4SLinus Torvalds tunnel->stat.rx_packets++; 6491da177e4SLinus Torvalds tunnel->stat.rx_bytes += skb->len; 6501da177e4SLinus Torvalds skb->dev = tunnel->dev; 6511da177e4SLinus Torvalds dst_release(skb->dst); 6521da177e4SLinus Torvalds skb->dst = NULL; 6531da177e4SLinus Torvalds nf_reset(skb); 6541da177e4SLinus Torvalds ipgre_ecn_decapsulate(iph, skb); 6551da177e4SLinus Torvalds netif_rx(skb); 6561da177e4SLinus Torvalds read_unlock(&ipgre_lock); 6571da177e4SLinus Torvalds return(0); 6581da177e4SLinus Torvalds } 65945af08beSHerbert Xu icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 6601da177e4SLinus Torvalds 6611da177e4SLinus Torvalds drop: 6621da177e4SLinus Torvalds read_unlock(&ipgre_lock); 6631da177e4SLinus Torvalds drop_nolock: 6641da177e4SLinus Torvalds kfree_skb(skb); 6651da177e4SLinus Torvalds return(0); 6661da177e4SLinus Torvalds } 6671da177e4SLinus Torvalds 6681da177e4SLinus Torvalds static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) 6691da177e4SLinus Torvalds { 6702941a486SPatrick McHardy struct ip_tunnel *tunnel = netdev_priv(dev); 6711da177e4SLinus Torvalds struct net_device_stats *stats = &tunnel->stat; 672eddc9ec5SArnaldo Carvalho de Melo struct iphdr *old_iph = ip_hdr(skb); 6731da177e4SLinus Torvalds struct iphdr *tiph; 6741da177e4SLinus Torvalds u8 tos; 675d5a0a1e3SAl Viro __be16 df; 6761da177e4SLinus Torvalds struct rtable *rt; /* Route to the other host */ 6771da177e4SLinus Torvalds struct net_device *tdev; /* Device to other host */ 6781da177e4SLinus Torvalds struct iphdr *iph; /* Our new IP header */ 679c2636b4dSChuck Lever unsigned int max_headroom; /* The extra header space needed */ 6801da177e4SLinus Torvalds int gre_hlen; 681d5a0a1e3SAl Viro __be32 dst; 6821da177e4SLinus Torvalds int mtu; 6831da177e4SLinus Torvalds 6841da177e4SLinus Torvalds if (tunnel->recursion++) { 6851da177e4SLinus Torvalds tunnel->stat.collisions++; 6861da177e4SLinus Torvalds goto tx_error; 6871da177e4SLinus Torvalds } 6881da177e4SLinus Torvalds 6893b04dddeSStephen Hemminger if (dev->header_ops) { 6901da177e4SLinus Torvalds gre_hlen = 0; 6911da177e4SLinus Torvalds tiph = (struct iphdr*)skb->data; 6921da177e4SLinus Torvalds } else { 6931da177e4SLinus Torvalds gre_hlen = tunnel->hlen; 6941da177e4SLinus Torvalds tiph = &tunnel->parms.iph; 6951da177e4SLinus Torvalds } 6961da177e4SLinus Torvalds 6971da177e4SLinus Torvalds if ((dst = tiph->daddr) == 0) { 6981da177e4SLinus Torvalds /* NBMA tunnel */ 6991da177e4SLinus Torvalds 7001da177e4SLinus Torvalds if (skb->dst == NULL) { 7011da177e4SLinus Torvalds tunnel->stat.tx_fifo_errors++; 7021da177e4SLinus Torvalds goto tx_error; 7031da177e4SLinus Torvalds } 7041da177e4SLinus Torvalds 7051da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) { 7061da177e4SLinus Torvalds rt = (struct rtable*)skb->dst; 7071da177e4SLinus Torvalds if ((dst = rt->rt_gateway) == 0) 7081da177e4SLinus Torvalds goto tx_error_icmp; 7091da177e4SLinus Torvalds } 7101da177e4SLinus Torvalds #ifdef CONFIG_IPV6 7111da177e4SLinus Torvalds else if (skb->protocol == htons(ETH_P_IPV6)) { 7121da177e4SLinus Torvalds struct in6_addr *addr6; 7131da177e4SLinus Torvalds int addr_type; 7141da177e4SLinus Torvalds struct neighbour *neigh = skb->dst->neighbour; 7151da177e4SLinus Torvalds 7161da177e4SLinus Torvalds if (neigh == NULL) 7171da177e4SLinus Torvalds goto tx_error; 7181da177e4SLinus Torvalds 7191da177e4SLinus Torvalds addr6 = (struct in6_addr*)&neigh->primary_key; 7201da177e4SLinus Torvalds addr_type = ipv6_addr_type(addr6); 7211da177e4SLinus Torvalds 7221da177e4SLinus Torvalds if (addr_type == IPV6_ADDR_ANY) { 7230660e03fSArnaldo Carvalho de Melo addr6 = &ipv6_hdr(skb)->daddr; 7241da177e4SLinus Torvalds addr_type = ipv6_addr_type(addr6); 7251da177e4SLinus Torvalds } 7261da177e4SLinus Torvalds 7271da177e4SLinus Torvalds if ((addr_type & IPV6_ADDR_COMPATv4) == 0) 7281da177e4SLinus Torvalds goto tx_error_icmp; 7291da177e4SLinus Torvalds 7301da177e4SLinus Torvalds dst = addr6->s6_addr32[3]; 7311da177e4SLinus Torvalds } 7321da177e4SLinus Torvalds #endif 7331da177e4SLinus Torvalds else 7341da177e4SLinus Torvalds goto tx_error; 7351da177e4SLinus Torvalds } 7361da177e4SLinus Torvalds 7371da177e4SLinus Torvalds tos = tiph->tos; 7381da177e4SLinus Torvalds if (tos&1) { 7391da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) 7401da177e4SLinus Torvalds tos = old_iph->tos; 7411da177e4SLinus Torvalds tos &= ~1; 7421da177e4SLinus Torvalds } 7431da177e4SLinus Torvalds 7441da177e4SLinus Torvalds { 7451da177e4SLinus Torvalds struct flowi fl = { .oif = tunnel->parms.link, 7461da177e4SLinus Torvalds .nl_u = { .ip4_u = 7471da177e4SLinus Torvalds { .daddr = dst, 7481da177e4SLinus Torvalds .saddr = tiph->saddr, 7491da177e4SLinus Torvalds .tos = RT_TOS(tos) } }, 7501da177e4SLinus Torvalds .proto = IPPROTO_GRE }; 7511da177e4SLinus Torvalds if (ip_route_output_key(&rt, &fl)) { 7521da177e4SLinus Torvalds tunnel->stat.tx_carrier_errors++; 7531da177e4SLinus Torvalds goto tx_error; 7541da177e4SLinus Torvalds } 7551da177e4SLinus Torvalds } 7561da177e4SLinus Torvalds tdev = rt->u.dst.dev; 7571da177e4SLinus Torvalds 7581da177e4SLinus Torvalds if (tdev == dev) { 7591da177e4SLinus Torvalds ip_rt_put(rt); 7601da177e4SLinus Torvalds tunnel->stat.collisions++; 7611da177e4SLinus Torvalds goto tx_error; 7621da177e4SLinus Torvalds } 7631da177e4SLinus Torvalds 7641da177e4SLinus Torvalds df = tiph->frag_off; 7651da177e4SLinus Torvalds if (df) 7661da177e4SLinus Torvalds mtu = dst_mtu(&rt->u.dst) - tunnel->hlen; 7671da177e4SLinus Torvalds else 7681da177e4SLinus Torvalds mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu; 7691da177e4SLinus Torvalds 7701da177e4SLinus Torvalds if (skb->dst) 7711da177e4SLinus Torvalds skb->dst->ops->update_pmtu(skb->dst, mtu); 7721da177e4SLinus Torvalds 7731da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) { 7741da177e4SLinus Torvalds df |= (old_iph->frag_off&htons(IP_DF)); 7751da177e4SLinus Torvalds 7761da177e4SLinus Torvalds if ((old_iph->frag_off&htons(IP_DF)) && 7771da177e4SLinus Torvalds mtu < ntohs(old_iph->tot_len)) { 7781da177e4SLinus Torvalds icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); 7791da177e4SLinus Torvalds ip_rt_put(rt); 7801da177e4SLinus Torvalds goto tx_error; 7811da177e4SLinus Torvalds } 7821da177e4SLinus Torvalds } 7831da177e4SLinus Torvalds #ifdef CONFIG_IPV6 7841da177e4SLinus Torvalds else if (skb->protocol == htons(ETH_P_IPV6)) { 7851da177e4SLinus Torvalds struct rt6_info *rt6 = (struct rt6_info*)skb->dst; 7861da177e4SLinus Torvalds 7871da177e4SLinus Torvalds if (rt6 && mtu < dst_mtu(skb->dst) && mtu >= IPV6_MIN_MTU) { 788*f97c1e0cSJoe Perches if ((tunnel->parms.iph.daddr && 789*f97c1e0cSJoe Perches !ipv4_is_multicast(tunnel->parms.iph.daddr)) || 7901da177e4SLinus Torvalds rt6->rt6i_dst.plen == 128) { 7911da177e4SLinus Torvalds rt6->rt6i_flags |= RTF_MODIFIED; 7921da177e4SLinus Torvalds skb->dst->metrics[RTAX_MTU-1] = mtu; 7931da177e4SLinus Torvalds } 7941da177e4SLinus Torvalds } 7951da177e4SLinus Torvalds 7961da177e4SLinus Torvalds if (mtu >= IPV6_MIN_MTU && mtu < skb->len - tunnel->hlen + gre_hlen) { 7971da177e4SLinus Torvalds icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, dev); 7981da177e4SLinus Torvalds ip_rt_put(rt); 7991da177e4SLinus Torvalds goto tx_error; 8001da177e4SLinus Torvalds } 8011da177e4SLinus Torvalds } 8021da177e4SLinus Torvalds #endif 8031da177e4SLinus Torvalds 8041da177e4SLinus Torvalds if (tunnel->err_count > 0) { 8051da177e4SLinus Torvalds if (jiffies - tunnel->err_time < IPTUNNEL_ERR_TIMEO) { 8061da177e4SLinus Torvalds tunnel->err_count--; 8071da177e4SLinus Torvalds 8081da177e4SLinus Torvalds dst_link_failure(skb); 8091da177e4SLinus Torvalds } else 8101da177e4SLinus Torvalds tunnel->err_count = 0; 8111da177e4SLinus Torvalds } 8121da177e4SLinus Torvalds 8131da177e4SLinus Torvalds max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen; 8141da177e4SLinus Torvalds 815cfbba49dSPatrick McHardy if (skb_headroom(skb) < max_headroom || skb_shared(skb)|| 816cfbba49dSPatrick McHardy (skb_cloned(skb) && !skb_clone_writable(skb, 0))) { 8171da177e4SLinus Torvalds struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom); 8181da177e4SLinus Torvalds if (!new_skb) { 8191da177e4SLinus Torvalds ip_rt_put(rt); 8201da177e4SLinus Torvalds stats->tx_dropped++; 8211da177e4SLinus Torvalds dev_kfree_skb(skb); 8221da177e4SLinus Torvalds tunnel->recursion--; 8231da177e4SLinus Torvalds return 0; 8241da177e4SLinus Torvalds } 8251da177e4SLinus Torvalds if (skb->sk) 8261da177e4SLinus Torvalds skb_set_owner_w(new_skb, skb->sk); 8271da177e4SLinus Torvalds dev_kfree_skb(skb); 8281da177e4SLinus Torvalds skb = new_skb; 829eddc9ec5SArnaldo Carvalho de Melo old_iph = ip_hdr(skb); 8301da177e4SLinus Torvalds } 8311da177e4SLinus Torvalds 832b0e380b1SArnaldo Carvalho de Melo skb->transport_header = skb->network_header; 833e2d1bca7SArnaldo Carvalho de Melo skb_push(skb, gre_hlen); 834e2d1bca7SArnaldo Carvalho de Melo skb_reset_network_header(skb); 8351da177e4SLinus Torvalds memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); 83648d5cad8SPatrick McHardy IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | 83748d5cad8SPatrick McHardy IPSKB_REROUTED); 8381da177e4SLinus Torvalds dst_release(skb->dst); 8391da177e4SLinus Torvalds skb->dst = &rt->u.dst; 8401da177e4SLinus Torvalds 8411da177e4SLinus Torvalds /* 8421da177e4SLinus Torvalds * Push down and install the IPIP header. 8431da177e4SLinus Torvalds */ 8441da177e4SLinus Torvalds 845eddc9ec5SArnaldo Carvalho de Melo iph = ip_hdr(skb); 8461da177e4SLinus Torvalds iph->version = 4; 8471da177e4SLinus Torvalds iph->ihl = sizeof(struct iphdr) >> 2; 8481da177e4SLinus Torvalds iph->frag_off = df; 8491da177e4SLinus Torvalds iph->protocol = IPPROTO_GRE; 8501da177e4SLinus Torvalds iph->tos = ipgre_ecn_encapsulate(tos, old_iph, skb); 8511da177e4SLinus Torvalds iph->daddr = rt->rt_dst; 8521da177e4SLinus Torvalds iph->saddr = rt->rt_src; 8531da177e4SLinus Torvalds 8541da177e4SLinus Torvalds if ((iph->ttl = tiph->ttl) == 0) { 8551da177e4SLinus Torvalds if (skb->protocol == htons(ETH_P_IP)) 8561da177e4SLinus Torvalds iph->ttl = old_iph->ttl; 8571da177e4SLinus Torvalds #ifdef CONFIG_IPV6 8581da177e4SLinus Torvalds else if (skb->protocol == htons(ETH_P_IPV6)) 8591da177e4SLinus Torvalds iph->ttl = ((struct ipv6hdr*)old_iph)->hop_limit; 8601da177e4SLinus Torvalds #endif 8611da177e4SLinus Torvalds else 8621da177e4SLinus Torvalds iph->ttl = dst_metric(&rt->u.dst, RTAX_HOPLIMIT); 8631da177e4SLinus Torvalds } 8641da177e4SLinus Torvalds 865d5a0a1e3SAl Viro ((__be16*)(iph+1))[0] = tunnel->parms.o_flags; 866d5a0a1e3SAl Viro ((__be16*)(iph+1))[1] = skb->protocol; 8671da177e4SLinus Torvalds 8681da177e4SLinus Torvalds if (tunnel->parms.o_flags&(GRE_KEY|GRE_CSUM|GRE_SEQ)) { 869d5a0a1e3SAl Viro __be32 *ptr = (__be32*)(((u8*)iph) + tunnel->hlen - 4); 8701da177e4SLinus Torvalds 8711da177e4SLinus Torvalds if (tunnel->parms.o_flags&GRE_SEQ) { 8721da177e4SLinus Torvalds ++tunnel->o_seqno; 8731da177e4SLinus Torvalds *ptr = htonl(tunnel->o_seqno); 8741da177e4SLinus Torvalds ptr--; 8751da177e4SLinus Torvalds } 8761da177e4SLinus Torvalds if (tunnel->parms.o_flags&GRE_KEY) { 8771da177e4SLinus Torvalds *ptr = tunnel->parms.o_key; 8781da177e4SLinus Torvalds ptr--; 8791da177e4SLinus Torvalds } 8801da177e4SLinus Torvalds if (tunnel->parms.o_flags&GRE_CSUM) { 8811da177e4SLinus Torvalds *ptr = 0; 8825f92a738SAl Viro *(__sum16*)ptr = ip_compute_csum((void*)(iph+1), skb->len - sizeof(struct iphdr)); 8831da177e4SLinus Torvalds } 8841da177e4SLinus Torvalds } 8851da177e4SLinus Torvalds 8861da177e4SLinus Torvalds nf_reset(skb); 8871da177e4SLinus Torvalds 8881da177e4SLinus Torvalds IPTUNNEL_XMIT(); 8891da177e4SLinus Torvalds tunnel->recursion--; 8901da177e4SLinus Torvalds return 0; 8911da177e4SLinus Torvalds 8921da177e4SLinus Torvalds tx_error_icmp: 8931da177e4SLinus Torvalds dst_link_failure(skb); 8941da177e4SLinus Torvalds 8951da177e4SLinus Torvalds tx_error: 8961da177e4SLinus Torvalds stats->tx_errors++; 8971da177e4SLinus Torvalds dev_kfree_skb(skb); 8981da177e4SLinus Torvalds tunnel->recursion--; 8991da177e4SLinus Torvalds return 0; 9001da177e4SLinus Torvalds } 9011da177e4SLinus Torvalds 902ee34c1ebSMichal Schmidt static void ipgre_tunnel_bind_dev(struct net_device *dev) 903ee34c1ebSMichal Schmidt { 904ee34c1ebSMichal Schmidt struct net_device *tdev = NULL; 905ee34c1ebSMichal Schmidt struct ip_tunnel *tunnel; 906ee34c1ebSMichal Schmidt struct iphdr *iph; 907ee34c1ebSMichal Schmidt int hlen = LL_MAX_HEADER; 908ee34c1ebSMichal Schmidt int mtu = ETH_DATA_LEN; 909ee34c1ebSMichal Schmidt int addend = sizeof(struct iphdr) + 4; 910ee34c1ebSMichal Schmidt 911ee34c1ebSMichal Schmidt tunnel = netdev_priv(dev); 912ee34c1ebSMichal Schmidt iph = &tunnel->parms.iph; 913ee34c1ebSMichal Schmidt 914ee34c1ebSMichal Schmidt /* Guess output device to choose reasonable mtu and hard_header_len */ 915ee34c1ebSMichal Schmidt 916ee34c1ebSMichal Schmidt if (iph->daddr) { 917ee34c1ebSMichal Schmidt struct flowi fl = { .oif = tunnel->parms.link, 918ee34c1ebSMichal Schmidt .nl_u = { .ip4_u = 919ee34c1ebSMichal Schmidt { .daddr = iph->daddr, 920ee34c1ebSMichal Schmidt .saddr = iph->saddr, 921ee34c1ebSMichal Schmidt .tos = RT_TOS(iph->tos) } }, 922ee34c1ebSMichal Schmidt .proto = IPPROTO_GRE }; 923ee34c1ebSMichal Schmidt struct rtable *rt; 924ee34c1ebSMichal Schmidt if (!ip_route_output_key(&rt, &fl)) { 925ee34c1ebSMichal Schmidt tdev = rt->u.dst.dev; 926ee34c1ebSMichal Schmidt ip_rt_put(rt); 927ee34c1ebSMichal Schmidt } 928ee34c1ebSMichal Schmidt dev->flags |= IFF_POINTOPOINT; 929ee34c1ebSMichal Schmidt } 930ee34c1ebSMichal Schmidt 931ee34c1ebSMichal Schmidt if (!tdev && tunnel->parms.link) 932ee34c1ebSMichal Schmidt tdev = __dev_get_by_index(&init_net, tunnel->parms.link); 933ee34c1ebSMichal Schmidt 934ee34c1ebSMichal Schmidt if (tdev) { 935ee34c1ebSMichal Schmidt hlen = tdev->hard_header_len; 936ee34c1ebSMichal Schmidt mtu = tdev->mtu; 937ee34c1ebSMichal Schmidt } 938ee34c1ebSMichal Schmidt dev->iflink = tunnel->parms.link; 939ee34c1ebSMichal Schmidt 940ee34c1ebSMichal Schmidt /* Precalculate GRE options length */ 941ee34c1ebSMichal Schmidt if (tunnel->parms.o_flags&(GRE_CSUM|GRE_KEY|GRE_SEQ)) { 942ee34c1ebSMichal Schmidt if (tunnel->parms.o_flags&GRE_CSUM) 943ee34c1ebSMichal Schmidt addend += 4; 944ee34c1ebSMichal Schmidt if (tunnel->parms.o_flags&GRE_KEY) 945ee34c1ebSMichal Schmidt addend += 4; 946ee34c1ebSMichal Schmidt if (tunnel->parms.o_flags&GRE_SEQ) 947ee34c1ebSMichal Schmidt addend += 4; 948ee34c1ebSMichal Schmidt } 949ee34c1ebSMichal Schmidt dev->hard_header_len = hlen + addend; 950ee34c1ebSMichal Schmidt dev->mtu = mtu - addend; 951ee34c1ebSMichal Schmidt tunnel->hlen = addend; 952ee34c1ebSMichal Schmidt 953ee34c1ebSMichal Schmidt } 954ee34c1ebSMichal Schmidt 9551da177e4SLinus Torvalds static int 9561da177e4SLinus Torvalds ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd) 9571da177e4SLinus Torvalds { 9581da177e4SLinus Torvalds int err = 0; 9591da177e4SLinus Torvalds struct ip_tunnel_parm p; 9601da177e4SLinus Torvalds struct ip_tunnel *t; 9611da177e4SLinus Torvalds 9621da177e4SLinus Torvalds switch (cmd) { 9631da177e4SLinus Torvalds case SIOCGETTUNNEL: 9641da177e4SLinus Torvalds t = NULL; 9651da177e4SLinus Torvalds if (dev == ipgre_fb_tunnel_dev) { 9661da177e4SLinus Torvalds if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) { 9671da177e4SLinus Torvalds err = -EFAULT; 9681da177e4SLinus Torvalds break; 9691da177e4SLinus Torvalds } 9701da177e4SLinus Torvalds t = ipgre_tunnel_locate(&p, 0); 9711da177e4SLinus Torvalds } 9721da177e4SLinus Torvalds if (t == NULL) 9732941a486SPatrick McHardy t = netdev_priv(dev); 9741da177e4SLinus Torvalds memcpy(&p, &t->parms, sizeof(p)); 9751da177e4SLinus Torvalds if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) 9761da177e4SLinus Torvalds err = -EFAULT; 9771da177e4SLinus Torvalds break; 9781da177e4SLinus Torvalds 9791da177e4SLinus Torvalds case SIOCADDTUNNEL: 9801da177e4SLinus Torvalds case SIOCCHGTUNNEL: 9811da177e4SLinus Torvalds err = -EPERM; 9821da177e4SLinus Torvalds if (!capable(CAP_NET_ADMIN)) 9831da177e4SLinus Torvalds goto done; 9841da177e4SLinus Torvalds 9851da177e4SLinus Torvalds err = -EFAULT; 9861da177e4SLinus Torvalds if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 9871da177e4SLinus Torvalds goto done; 9881da177e4SLinus Torvalds 9891da177e4SLinus Torvalds err = -EINVAL; 9901da177e4SLinus Torvalds if (p.iph.version != 4 || p.iph.protocol != IPPROTO_GRE || 9911da177e4SLinus Torvalds p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)) || 9921da177e4SLinus Torvalds ((p.i_flags|p.o_flags)&(GRE_VERSION|GRE_ROUTING))) 9931da177e4SLinus Torvalds goto done; 9941da177e4SLinus Torvalds if (p.iph.ttl) 9951da177e4SLinus Torvalds p.iph.frag_off |= htons(IP_DF); 9961da177e4SLinus Torvalds 9971da177e4SLinus Torvalds if (!(p.i_flags&GRE_KEY)) 9981da177e4SLinus Torvalds p.i_key = 0; 9991da177e4SLinus Torvalds if (!(p.o_flags&GRE_KEY)) 10001da177e4SLinus Torvalds p.o_key = 0; 10011da177e4SLinus Torvalds 10021da177e4SLinus Torvalds t = ipgre_tunnel_locate(&p, cmd == SIOCADDTUNNEL); 10031da177e4SLinus Torvalds 10041da177e4SLinus Torvalds if (dev != ipgre_fb_tunnel_dev && cmd == SIOCCHGTUNNEL) { 10051da177e4SLinus Torvalds if (t != NULL) { 10061da177e4SLinus Torvalds if (t->dev != dev) { 10071da177e4SLinus Torvalds err = -EEXIST; 10081da177e4SLinus Torvalds break; 10091da177e4SLinus Torvalds } 10101da177e4SLinus Torvalds } else { 10111da177e4SLinus Torvalds unsigned nflags=0; 10121da177e4SLinus Torvalds 10132941a486SPatrick McHardy t = netdev_priv(dev); 10141da177e4SLinus Torvalds 1015*f97c1e0cSJoe Perches if (ipv4_is_multicast(p.iph.daddr)) 10161da177e4SLinus Torvalds nflags = IFF_BROADCAST; 10171da177e4SLinus Torvalds else if (p.iph.daddr) 10181da177e4SLinus Torvalds nflags = IFF_POINTOPOINT; 10191da177e4SLinus Torvalds 10201da177e4SLinus Torvalds if ((dev->flags^nflags)&(IFF_POINTOPOINT|IFF_BROADCAST)) { 10211da177e4SLinus Torvalds err = -EINVAL; 10221da177e4SLinus Torvalds break; 10231da177e4SLinus Torvalds } 10241da177e4SLinus Torvalds ipgre_tunnel_unlink(t); 10251da177e4SLinus Torvalds t->parms.iph.saddr = p.iph.saddr; 10261da177e4SLinus Torvalds t->parms.iph.daddr = p.iph.daddr; 10271da177e4SLinus Torvalds t->parms.i_key = p.i_key; 10281da177e4SLinus Torvalds t->parms.o_key = p.o_key; 10291da177e4SLinus Torvalds memcpy(dev->dev_addr, &p.iph.saddr, 4); 10301da177e4SLinus Torvalds memcpy(dev->broadcast, &p.iph.daddr, 4); 10311da177e4SLinus Torvalds ipgre_tunnel_link(t); 10321da177e4SLinus Torvalds netdev_state_change(dev); 10331da177e4SLinus Torvalds } 10341da177e4SLinus Torvalds } 10351da177e4SLinus Torvalds 10361da177e4SLinus Torvalds if (t) { 10371da177e4SLinus Torvalds err = 0; 10381da177e4SLinus Torvalds if (cmd == SIOCCHGTUNNEL) { 10391da177e4SLinus Torvalds t->parms.iph.ttl = p.iph.ttl; 10401da177e4SLinus Torvalds t->parms.iph.tos = p.iph.tos; 10411da177e4SLinus Torvalds t->parms.iph.frag_off = p.iph.frag_off; 1042ee34c1ebSMichal Schmidt if (t->parms.link != p.link) { 1043ee34c1ebSMichal Schmidt t->parms.link = p.link; 1044ee34c1ebSMichal Schmidt ipgre_tunnel_bind_dev(dev); 1045ee34c1ebSMichal Schmidt netdev_state_change(dev); 1046ee34c1ebSMichal Schmidt } 10471da177e4SLinus Torvalds } 10481da177e4SLinus Torvalds if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p))) 10491da177e4SLinus Torvalds err = -EFAULT; 10501da177e4SLinus Torvalds } else 10511da177e4SLinus Torvalds err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT); 10521da177e4SLinus Torvalds break; 10531da177e4SLinus Torvalds 10541da177e4SLinus Torvalds case SIOCDELTUNNEL: 10551da177e4SLinus Torvalds err = -EPERM; 10561da177e4SLinus Torvalds if (!capable(CAP_NET_ADMIN)) 10571da177e4SLinus Torvalds goto done; 10581da177e4SLinus Torvalds 10591da177e4SLinus Torvalds if (dev == ipgre_fb_tunnel_dev) { 10601da177e4SLinus Torvalds err = -EFAULT; 10611da177e4SLinus Torvalds if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 10621da177e4SLinus Torvalds goto done; 10631da177e4SLinus Torvalds err = -ENOENT; 10641da177e4SLinus Torvalds if ((t = ipgre_tunnel_locate(&p, 0)) == NULL) 10651da177e4SLinus Torvalds goto done; 10661da177e4SLinus Torvalds err = -EPERM; 10672941a486SPatrick McHardy if (t == netdev_priv(ipgre_fb_tunnel_dev)) 10681da177e4SLinus Torvalds goto done; 10691da177e4SLinus Torvalds dev = t->dev; 10701da177e4SLinus Torvalds } 107122f8cde5SStephen Hemminger unregister_netdevice(dev); 107222f8cde5SStephen Hemminger err = 0; 10731da177e4SLinus Torvalds break; 10741da177e4SLinus Torvalds 10751da177e4SLinus Torvalds default: 10761da177e4SLinus Torvalds err = -EINVAL; 10771da177e4SLinus Torvalds } 10781da177e4SLinus Torvalds 10791da177e4SLinus Torvalds done: 10801da177e4SLinus Torvalds return err; 10811da177e4SLinus Torvalds } 10821da177e4SLinus Torvalds 10831da177e4SLinus Torvalds static struct net_device_stats *ipgre_tunnel_get_stats(struct net_device *dev) 10841da177e4SLinus Torvalds { 10852941a486SPatrick McHardy return &(((struct ip_tunnel*)netdev_priv(dev))->stat); 10861da177e4SLinus Torvalds } 10871da177e4SLinus Torvalds 10881da177e4SLinus Torvalds static int ipgre_tunnel_change_mtu(struct net_device *dev, int new_mtu) 10891da177e4SLinus Torvalds { 10902941a486SPatrick McHardy struct ip_tunnel *tunnel = netdev_priv(dev); 10911da177e4SLinus Torvalds if (new_mtu < 68 || new_mtu > 0xFFF8 - tunnel->hlen) 10921da177e4SLinus Torvalds return -EINVAL; 10931da177e4SLinus Torvalds dev->mtu = new_mtu; 10941da177e4SLinus Torvalds return 0; 10951da177e4SLinus Torvalds } 10961da177e4SLinus Torvalds 10971da177e4SLinus Torvalds /* Nice toy. Unfortunately, useless in real life :-) 10981da177e4SLinus Torvalds It allows to construct virtual multiprotocol broadcast "LAN" 10991da177e4SLinus Torvalds over the Internet, provided multicast routing is tuned. 11001da177e4SLinus Torvalds 11011da177e4SLinus Torvalds 11021da177e4SLinus Torvalds I have no idea was this bicycle invented before me, 11031da177e4SLinus Torvalds so that I had to set ARPHRD_IPGRE to a random value. 11041da177e4SLinus Torvalds I have an impression, that Cisco could make something similar, 11051da177e4SLinus Torvalds but this feature is apparently missing in IOS<=11.2(8). 11061da177e4SLinus Torvalds 11071da177e4SLinus Torvalds I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks 11081da177e4SLinus Torvalds with broadcast 224.66.66.66. If you have access to mbone, play with me :-) 11091da177e4SLinus Torvalds 11101da177e4SLinus Torvalds ping -t 255 224.66.66.66 11111da177e4SLinus Torvalds 11121da177e4SLinus Torvalds If nobody answers, mbone does not work. 11131da177e4SLinus Torvalds 11141da177e4SLinus Torvalds ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255 11151da177e4SLinus Torvalds ip addr add 10.66.66.<somewhat>/24 dev Universe 11161da177e4SLinus Torvalds ifconfig Universe up 11171da177e4SLinus Torvalds ifconfig Universe add fe80::<Your_real_addr>/10 11181da177e4SLinus Torvalds ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96 11191da177e4SLinus Torvalds ftp 10.66.66.66 11201da177e4SLinus Torvalds ... 11211da177e4SLinus Torvalds ftp fec0:6666:6666::193.233.7.65 11221da177e4SLinus Torvalds ... 11231da177e4SLinus Torvalds 11241da177e4SLinus Torvalds */ 11251da177e4SLinus Torvalds 11263b04dddeSStephen Hemminger static int ipgre_header(struct sk_buff *skb, struct net_device *dev, 11273b04dddeSStephen Hemminger unsigned short type, 11283b04dddeSStephen Hemminger const void *daddr, const void *saddr, unsigned len) 11291da177e4SLinus Torvalds { 11302941a486SPatrick McHardy struct ip_tunnel *t = netdev_priv(dev); 11311da177e4SLinus Torvalds struct iphdr *iph = (struct iphdr *)skb_push(skb, t->hlen); 1132d5a0a1e3SAl Viro __be16 *p = (__be16*)(iph+1); 11331da177e4SLinus Torvalds 11341da177e4SLinus Torvalds memcpy(iph, &t->parms.iph, sizeof(struct iphdr)); 11351da177e4SLinus Torvalds p[0] = t->parms.o_flags; 11361da177e4SLinus Torvalds p[1] = htons(type); 11371da177e4SLinus Torvalds 11381da177e4SLinus Torvalds /* 11391da177e4SLinus Torvalds * Set the source hardware address. 11401da177e4SLinus Torvalds */ 11411da177e4SLinus Torvalds 11421da177e4SLinus Torvalds if (saddr) 11431da177e4SLinus Torvalds memcpy(&iph->saddr, saddr, 4); 11441da177e4SLinus Torvalds 11451da177e4SLinus Torvalds if (daddr) { 11461da177e4SLinus Torvalds memcpy(&iph->daddr, daddr, 4); 11471da177e4SLinus Torvalds return t->hlen; 11481da177e4SLinus Torvalds } 1149*f97c1e0cSJoe Perches if (iph->daddr && !ipv4_is_multicast(iph->daddr)) 11501da177e4SLinus Torvalds return t->hlen; 11511da177e4SLinus Torvalds 11521da177e4SLinus Torvalds return -t->hlen; 11531da177e4SLinus Torvalds } 11541da177e4SLinus Torvalds 11556a5f44d7STimo Teras static int ipgre_header_parse(const struct sk_buff *skb, unsigned char *haddr) 11566a5f44d7STimo Teras { 11576a5f44d7STimo Teras struct iphdr *iph = (struct iphdr*) skb_mac_header(skb); 11586a5f44d7STimo Teras memcpy(haddr, &iph->saddr, 4); 11596a5f44d7STimo Teras return 4; 11606a5f44d7STimo Teras } 11616a5f44d7STimo Teras 11623b04dddeSStephen Hemminger static const struct header_ops ipgre_header_ops = { 11633b04dddeSStephen Hemminger .create = ipgre_header, 11646a5f44d7STimo Teras .parse = ipgre_header_parse, 11653b04dddeSStephen Hemminger }; 11663b04dddeSStephen Hemminger 11676a5f44d7STimo Teras #ifdef CONFIG_NET_IPGRE_BROADCAST 11681da177e4SLinus Torvalds static int ipgre_open(struct net_device *dev) 11691da177e4SLinus Torvalds { 11702941a486SPatrick McHardy struct ip_tunnel *t = netdev_priv(dev); 11711da177e4SLinus Torvalds 1172*f97c1e0cSJoe Perches if (ipv4_is_multicast(t->parms.iph.daddr)) { 11731da177e4SLinus Torvalds struct flowi fl = { .oif = t->parms.link, 11741da177e4SLinus Torvalds .nl_u = { .ip4_u = 11751da177e4SLinus Torvalds { .daddr = t->parms.iph.daddr, 11761da177e4SLinus Torvalds .saddr = t->parms.iph.saddr, 11771da177e4SLinus Torvalds .tos = RT_TOS(t->parms.iph.tos) } }, 11781da177e4SLinus Torvalds .proto = IPPROTO_GRE }; 11791da177e4SLinus Torvalds struct rtable *rt; 11801da177e4SLinus Torvalds if (ip_route_output_key(&rt, &fl)) 11811da177e4SLinus Torvalds return -EADDRNOTAVAIL; 11821da177e4SLinus Torvalds dev = rt->u.dst.dev; 11831da177e4SLinus Torvalds ip_rt_put(rt); 1184e5ed6399SHerbert Xu if (__in_dev_get_rtnl(dev) == NULL) 11851da177e4SLinus Torvalds return -EADDRNOTAVAIL; 11861da177e4SLinus Torvalds t->mlink = dev->ifindex; 1187e5ed6399SHerbert Xu ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr); 11881da177e4SLinus Torvalds } 11891da177e4SLinus Torvalds return 0; 11901da177e4SLinus Torvalds } 11911da177e4SLinus Torvalds 11921da177e4SLinus Torvalds static int ipgre_close(struct net_device *dev) 11931da177e4SLinus Torvalds { 11942941a486SPatrick McHardy struct ip_tunnel *t = netdev_priv(dev); 1195*f97c1e0cSJoe Perches if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) { 11961da177e4SLinus Torvalds struct in_device *in_dev = inetdev_by_index(t->mlink); 11971da177e4SLinus Torvalds if (in_dev) { 11981da177e4SLinus Torvalds ip_mc_dec_group(in_dev, t->parms.iph.daddr); 11991da177e4SLinus Torvalds in_dev_put(in_dev); 12001da177e4SLinus Torvalds } 12011da177e4SLinus Torvalds } 12021da177e4SLinus Torvalds return 0; 12031da177e4SLinus Torvalds } 12041da177e4SLinus Torvalds 12051da177e4SLinus Torvalds #endif 12061da177e4SLinus Torvalds 12071da177e4SLinus Torvalds static void ipgre_tunnel_setup(struct net_device *dev) 12081da177e4SLinus Torvalds { 12091da177e4SLinus Torvalds dev->uninit = ipgre_tunnel_uninit; 12101da177e4SLinus Torvalds dev->destructor = free_netdev; 12111da177e4SLinus Torvalds dev->hard_start_xmit = ipgre_tunnel_xmit; 12121da177e4SLinus Torvalds dev->get_stats = ipgre_tunnel_get_stats; 12131da177e4SLinus Torvalds dev->do_ioctl = ipgre_tunnel_ioctl; 12141da177e4SLinus Torvalds dev->change_mtu = ipgre_tunnel_change_mtu; 12151da177e4SLinus Torvalds 12161da177e4SLinus Torvalds dev->type = ARPHRD_IPGRE; 12171da177e4SLinus Torvalds dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr) + 4; 121846f25dffSKris Katterjohn dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr) - 4; 12191da177e4SLinus Torvalds dev->flags = IFF_NOARP; 12201da177e4SLinus Torvalds dev->iflink = 0; 12211da177e4SLinus Torvalds dev->addr_len = 4; 12221da177e4SLinus Torvalds } 12231da177e4SLinus Torvalds 12241da177e4SLinus Torvalds static int ipgre_tunnel_init(struct net_device *dev) 12251da177e4SLinus Torvalds { 12261da177e4SLinus Torvalds struct ip_tunnel *tunnel; 12271da177e4SLinus Torvalds struct iphdr *iph; 12281da177e4SLinus Torvalds 12292941a486SPatrick McHardy tunnel = netdev_priv(dev); 12301da177e4SLinus Torvalds iph = &tunnel->parms.iph; 12311da177e4SLinus Torvalds 12321da177e4SLinus Torvalds tunnel->dev = dev; 12331da177e4SLinus Torvalds strcpy(tunnel->parms.name, dev->name); 12341da177e4SLinus Torvalds 12351da177e4SLinus Torvalds memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4); 12361da177e4SLinus Torvalds memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4); 12371da177e4SLinus Torvalds 1238ee34c1ebSMichal Schmidt ipgre_tunnel_bind_dev(dev); 12391da177e4SLinus Torvalds 12401da177e4SLinus Torvalds if (iph->daddr) { 12411da177e4SLinus Torvalds #ifdef CONFIG_NET_IPGRE_BROADCAST 1242*f97c1e0cSJoe Perches if (ipv4_is_multicast(iph->daddr)) { 12431da177e4SLinus Torvalds if (!iph->saddr) 12441da177e4SLinus Torvalds return -EINVAL; 12451da177e4SLinus Torvalds dev->flags = IFF_BROADCAST; 12463b04dddeSStephen Hemminger dev->header_ops = &ipgre_header_ops; 12471da177e4SLinus Torvalds dev->open = ipgre_open; 12481da177e4SLinus Torvalds dev->stop = ipgre_close; 12491da177e4SLinus Torvalds } 12501da177e4SLinus Torvalds #endif 1251ee34c1ebSMichal Schmidt } else 12526a5f44d7STimo Teras dev->header_ops = &ipgre_header_ops; 12531da177e4SLinus Torvalds 12541da177e4SLinus Torvalds return 0; 12551da177e4SLinus Torvalds } 12561da177e4SLinus Torvalds 12574b30b1c6SAdrian Bunk static int __init ipgre_fb_tunnel_init(struct net_device *dev) 12581da177e4SLinus Torvalds { 12592941a486SPatrick McHardy struct ip_tunnel *tunnel = netdev_priv(dev); 12601da177e4SLinus Torvalds struct iphdr *iph = &tunnel->parms.iph; 12611da177e4SLinus Torvalds 12621da177e4SLinus Torvalds tunnel->dev = dev; 12631da177e4SLinus Torvalds strcpy(tunnel->parms.name, dev->name); 12641da177e4SLinus Torvalds 12651da177e4SLinus Torvalds iph->version = 4; 12661da177e4SLinus Torvalds iph->protocol = IPPROTO_GRE; 12671da177e4SLinus Torvalds iph->ihl = 5; 12681da177e4SLinus Torvalds tunnel->hlen = sizeof(struct iphdr) + 4; 12691da177e4SLinus Torvalds 12701da177e4SLinus Torvalds dev_hold(dev); 12711da177e4SLinus Torvalds tunnels_wc[0] = tunnel; 12721da177e4SLinus Torvalds return 0; 12731da177e4SLinus Torvalds } 12741da177e4SLinus Torvalds 12751da177e4SLinus Torvalds 12761da177e4SLinus Torvalds static struct net_protocol ipgre_protocol = { 12771da177e4SLinus Torvalds .handler = ipgre_rcv, 12781da177e4SLinus Torvalds .err_handler = ipgre_err, 12791da177e4SLinus Torvalds }; 12801da177e4SLinus Torvalds 12811da177e4SLinus Torvalds 12821da177e4SLinus Torvalds /* 12831da177e4SLinus Torvalds * And now the modules code and kernel interface. 12841da177e4SLinus Torvalds */ 12851da177e4SLinus Torvalds 12861da177e4SLinus Torvalds static int __init ipgre_init(void) 12871da177e4SLinus Torvalds { 12881da177e4SLinus Torvalds int err; 12891da177e4SLinus Torvalds 12901da177e4SLinus Torvalds printk(KERN_INFO "GRE over IPv4 tunneling driver\n"); 12911da177e4SLinus Torvalds 12921da177e4SLinus Torvalds if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) { 12931da177e4SLinus Torvalds printk(KERN_INFO "ipgre init: can't add protocol\n"); 12941da177e4SLinus Torvalds return -EAGAIN; 12951da177e4SLinus Torvalds } 12961da177e4SLinus Torvalds 12971da177e4SLinus Torvalds ipgre_fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0", 12981da177e4SLinus Torvalds ipgre_tunnel_setup); 12991da177e4SLinus Torvalds if (!ipgre_fb_tunnel_dev) { 13001da177e4SLinus Torvalds err = -ENOMEM; 13011da177e4SLinus Torvalds goto err1; 13021da177e4SLinus Torvalds } 13031da177e4SLinus Torvalds 13041da177e4SLinus Torvalds ipgre_fb_tunnel_dev->init = ipgre_fb_tunnel_init; 13051da177e4SLinus Torvalds 13061da177e4SLinus Torvalds if ((err = register_netdev(ipgre_fb_tunnel_dev))) 13071da177e4SLinus Torvalds goto err2; 13081da177e4SLinus Torvalds out: 13091da177e4SLinus Torvalds return err; 13101da177e4SLinus Torvalds err2: 13111da177e4SLinus Torvalds free_netdev(ipgre_fb_tunnel_dev); 13121da177e4SLinus Torvalds err1: 13131da177e4SLinus Torvalds inet_del_protocol(&ipgre_protocol, IPPROTO_GRE); 13141da177e4SLinus Torvalds goto out; 13151da177e4SLinus Torvalds } 13161da177e4SLinus Torvalds 1317db44575fSAlexey Kuznetsov static void __exit ipgre_destroy_tunnels(void) 1318db44575fSAlexey Kuznetsov { 1319db44575fSAlexey Kuznetsov int prio; 1320db44575fSAlexey Kuznetsov 1321db44575fSAlexey Kuznetsov for (prio = 0; prio < 4; prio++) { 1322db44575fSAlexey Kuznetsov int h; 1323db44575fSAlexey Kuznetsov for (h = 0; h < HASH_SIZE; h++) { 1324db44575fSAlexey Kuznetsov struct ip_tunnel *t; 1325db44575fSAlexey Kuznetsov while ((t = tunnels[prio][h]) != NULL) 1326db44575fSAlexey Kuznetsov unregister_netdevice(t->dev); 1327db44575fSAlexey Kuznetsov } 1328db44575fSAlexey Kuznetsov } 1329db44575fSAlexey Kuznetsov } 1330db44575fSAlexey Kuznetsov 1331db44575fSAlexey Kuznetsov static void __exit ipgre_fini(void) 13321da177e4SLinus Torvalds { 13331da177e4SLinus Torvalds if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) 13341da177e4SLinus Torvalds printk(KERN_INFO "ipgre close: can't remove protocol\n"); 13351da177e4SLinus Torvalds 1336db44575fSAlexey Kuznetsov rtnl_lock(); 1337db44575fSAlexey Kuznetsov ipgre_destroy_tunnels(); 1338db44575fSAlexey Kuznetsov rtnl_unlock(); 13391da177e4SLinus Torvalds } 13401da177e4SLinus Torvalds 13411da177e4SLinus Torvalds module_init(ipgre_init); 13421da177e4SLinus Torvalds module_exit(ipgre_fini); 13431da177e4SLinus Torvalds MODULE_LICENSE("GPL"); 1344