xref: /linux/net/ipv4/ipip.c (revision 3027ce13e04eee76539ca65c2cb1028a01c8c508)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	Linux NET3:	IP/IP protocol decoder.
4  *
5  *	Authors:
6  *		Sam Lantinga (slouken@cs.ucdavis.edu)  02/01/95
7  *
8  *	Fixes:
9  *		Alan Cox	:	Merged and made usable non modular (its so tiny its silly as
10  *					a module taking up 2 pages).
11  *		Alan Cox	: 	Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
12  *					to keep ip_forward happy.
13  *		Alan Cox	:	More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
14  *		Kai Schulte	:	Fixed #defines for IP_FIREWALL->FIREWALL
15  *              David Woodhouse :       Perform some basic ICMP handling.
16  *                                      IPIP Routing without decapsulation.
17  *              Carlos Picoto   :       GRE over IP support
18  *		Alexey Kuznetsov:	Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
19  *					I do not want to merge them together.
20  */
21 
22 /* tunnel.c: an IP tunnel driver
23 
24 	The purpose of this driver is to provide an IP tunnel through
25 	which you can tunnel network traffic transparently across subnets.
26 
27 	This was written by looking at Nick Holloway's dummy driver
28 	Thanks for the great code!
29 
30 		-Sam Lantinga	(slouken@cs.ucdavis.edu)  02/01/95
31 
32 	Minor tweaks:
33 		Cleaned up the code a little and added some pre-1.3.0 tweaks.
34 		dev->hard_header/hard_header_len changed to use no headers.
35 		Comments/bracketing tweaked.
36 		Made the tunnels use dev->name not tunnel: when error reporting.
37 		Added tx_dropped stat
38 
39 		-Alan Cox	(alan@lxorguk.ukuu.org.uk) 21 March 95
40 
41 	Reworked:
42 		Changed to tunnel to destination gateway in addition to the
43 			tunnel's pointopoint address
44 		Almost completely rewritten
45 		Note:  There is currently no firewall or ICMP handling done.
46 
47 		-Sam Lantinga	(slouken@cs.ucdavis.edu) 02/13/96
48 
49 */
50 
51 /* Things I wish I had known when writing the tunnel driver:
52 
53 	When the tunnel_xmit() function is called, the skb contains the
54 	packet to be sent (plus a great deal of extra info), and dev
55 	contains the tunnel device that _we_ are.
56 
57 	When we are passed a packet, we are expected to fill in the
58 	source address with our source IP address.
59 
60 	What is the proper way to allocate, copy and free a buffer?
61 	After you allocate it, it is a "0 length" chunk of memory
62 	starting at zero.  If you want to add headers to the buffer
63 	later, you'll have to call "skb_reserve(skb, amount)" with
64 	the amount of memory you want reserved.  Then, you call
65 	"skb_put(skb, amount)" with the amount of space you want in
66 	the buffer.  skb_put() returns a pointer to the top (#0) of
67 	that buffer.  skb->len is set to the amount of space you have
68 	"allocated" with skb_put().  You can then write up to skb->len
69 	bytes to that buffer.  If you need more, you can call skb_put()
70 	again with the additional amount of space you need.  You can
71 	find out how much more space you can allocate by calling
72 	"skb_tailroom(skb)".
73 	Now, to add header space, call "skb_push(skb, header_len)".
74 	This creates space at the beginning of the buffer and returns
75 	a pointer to this new space.  If later you need to strip a
76 	header from a buffer, call "skb_pull(skb, header_len)".
77 	skb_headroom() will return how much space is left at the top
78 	of the buffer (before the main data).  Remember, this headroom
79 	space must be reserved before the skb_put() function is called.
80 	*/
81 
82 /*
83    This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
84 
85    For comments look at net/ipv4/ip_gre.c --ANK
86  */
87 
88 
89 #include <linux/capability.h>
90 #include <linux/module.h>
91 #include <linux/types.h>
92 #include <linux/kernel.h>
93 #include <linux/slab.h>
94 #include <linux/uaccess.h>
95 #include <linux/skbuff.h>
96 #include <linux/netdevice.h>
97 #include <linux/in.h>
98 #include <linux/tcp.h>
99 #include <linux/udp.h>
100 #include <linux/if_arp.h>
101 #include <linux/init.h>
102 #include <linux/netfilter_ipv4.h>
103 #include <linux/if_ether.h>
104 
105 #include <net/sock.h>
106 #include <net/ip.h>
107 #include <net/icmp.h>
108 #include <net/ip_tunnels.h>
109 #include <net/inet_ecn.h>
110 #include <net/xfrm.h>
111 #include <net/net_namespace.h>
112 #include <net/netns/generic.h>
113 #include <net/dst_metadata.h>
114 
115 static bool log_ecn_error = true;
116 module_param(log_ecn_error, bool, 0644);
117 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
118 
119 static unsigned int ipip_net_id __read_mostly;
120 
121 static int ipip_tunnel_init(struct net_device *dev);
122 static struct rtnl_link_ops ipip_link_ops __read_mostly;
123 
124 static int ipip_err(struct sk_buff *skb, u32 info)
125 {
126 	/* All the routers (except for Linux) return only
127 	 * 8 bytes of packet payload. It means, that precise relaying of
128 	 * ICMP in the real Internet is absolutely infeasible.
129 	 */
130 	struct net *net = dev_net(skb->dev);
131 	struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
132 	const struct iphdr *iph = (const struct iphdr *)skb->data;
133 	const int type = icmp_hdr(skb)->type;
134 	const int code = icmp_hdr(skb)->code;
135 	struct ip_tunnel *t;
136 	int err = 0;
137 
138 	t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
139 			     iph->daddr, iph->saddr, 0);
140 	if (!t) {
141 		err = -ENOENT;
142 		goto out;
143 	}
144 
145 	switch (type) {
146 	case ICMP_DEST_UNREACH:
147 		switch (code) {
148 		case ICMP_SR_FAILED:
149 			/* Impossible event. */
150 			goto out;
151 		default:
152 			/* All others are translated to HOST_UNREACH.
153 			 * rfc2003 contains "deep thoughts" about NET_UNREACH,
154 			 * I believe they are just ether pollution. --ANK
155 			 */
156 			break;
157 		}
158 		break;
159 
160 	case ICMP_TIME_EXCEEDED:
161 		if (code != ICMP_EXC_TTL)
162 			goto out;
163 		break;
164 
165 	case ICMP_REDIRECT:
166 		break;
167 
168 	default:
169 		goto out;
170 	}
171 
172 	if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
173 		ipv4_update_pmtu(skb, net, info, t->parms.link, iph->protocol);
174 		goto out;
175 	}
176 
177 	if (type == ICMP_REDIRECT) {
178 		ipv4_redirect(skb, net, t->parms.link, iph->protocol);
179 		goto out;
180 	}
181 
182 	if (t->parms.iph.daddr == 0) {
183 		err = -ENOENT;
184 		goto out;
185 	}
186 
187 	if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
188 		goto out;
189 
190 	if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
191 		t->err_count++;
192 	else
193 		t->err_count = 1;
194 	t->err_time = jiffies;
195 
196 out:
197 	return err;
198 }
199 
200 static const struct tnl_ptk_info ipip_tpi = {
201 	/* no tunnel info required for ipip. */
202 	.proto = htons(ETH_P_IP),
203 };
204 
205 #if IS_ENABLED(CONFIG_MPLS)
206 static const struct tnl_ptk_info mplsip_tpi = {
207 	/* no tunnel info required for mplsip. */
208 	.proto = htons(ETH_P_MPLS_UC),
209 };
210 #endif
211 
212 static int ipip_tunnel_rcv(struct sk_buff *skb, u8 ipproto)
213 {
214 	struct net *net = dev_net(skb->dev);
215 	struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
216 	struct metadata_dst *tun_dst = NULL;
217 	struct ip_tunnel *tunnel;
218 	const struct iphdr *iph;
219 
220 	iph = ip_hdr(skb);
221 	tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
222 			iph->saddr, iph->daddr, 0);
223 	if (tunnel) {
224 		const struct tnl_ptk_info *tpi;
225 
226 		if (tunnel->parms.iph.protocol != ipproto &&
227 		    tunnel->parms.iph.protocol != 0)
228 			goto drop;
229 
230 		if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
231 			goto drop;
232 #if IS_ENABLED(CONFIG_MPLS)
233 		if (ipproto == IPPROTO_MPLS)
234 			tpi = &mplsip_tpi;
235 		else
236 #endif
237 			tpi = &ipip_tpi;
238 		if (iptunnel_pull_header(skb, 0, tpi->proto, false))
239 			goto drop;
240 		if (tunnel->collect_md) {
241 			tun_dst = ip_tun_rx_dst(skb, 0, 0, 0);
242 			if (!tun_dst)
243 				return 0;
244 			ip_tunnel_md_udp_encap(skb, &tun_dst->u.tun_info);
245 		}
246 		skb_reset_mac_header(skb);
247 
248 		return ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
249 	}
250 
251 	return -1;
252 
253 drop:
254 	kfree_skb(skb);
255 	return 0;
256 }
257 
258 static int ipip_rcv(struct sk_buff *skb)
259 {
260 	return ipip_tunnel_rcv(skb, IPPROTO_IPIP);
261 }
262 
263 #if IS_ENABLED(CONFIG_MPLS)
264 static int mplsip_rcv(struct sk_buff *skb)
265 {
266 	return ipip_tunnel_rcv(skb, IPPROTO_MPLS);
267 }
268 #endif
269 
270 /*
271  *	This function assumes it is being called from dev_queue_xmit()
272  *	and that skb is filled properly by that function.
273  */
274 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb,
275 				    struct net_device *dev)
276 {
277 	struct ip_tunnel *tunnel = netdev_priv(dev);
278 	const struct iphdr  *tiph = &tunnel->parms.iph;
279 	u8 ipproto;
280 
281 	if (!pskb_inet_may_pull(skb))
282 		goto tx_error;
283 
284 	switch (skb->protocol) {
285 	case htons(ETH_P_IP):
286 		ipproto = IPPROTO_IPIP;
287 		break;
288 #if IS_ENABLED(CONFIG_MPLS)
289 	case htons(ETH_P_MPLS_UC):
290 		ipproto = IPPROTO_MPLS;
291 		break;
292 #endif
293 	default:
294 		goto tx_error;
295 	}
296 
297 	if (tiph->protocol != ipproto && tiph->protocol != 0)
298 		goto tx_error;
299 
300 	if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP4))
301 		goto tx_error;
302 
303 	skb_set_inner_ipproto(skb, ipproto);
304 
305 	if (tunnel->collect_md)
306 		ip_md_tunnel_xmit(skb, dev, ipproto, 0);
307 	else
308 		ip_tunnel_xmit(skb, dev, tiph, ipproto);
309 	return NETDEV_TX_OK;
310 
311 tx_error:
312 	kfree_skb(skb);
313 
314 	DEV_STATS_INC(dev, tx_errors);
315 	return NETDEV_TX_OK;
316 }
317 
318 static bool ipip_tunnel_ioctl_verify_protocol(u8 ipproto)
319 {
320 	switch (ipproto) {
321 	case 0:
322 	case IPPROTO_IPIP:
323 #if IS_ENABLED(CONFIG_MPLS)
324 	case IPPROTO_MPLS:
325 #endif
326 		return true;
327 	}
328 
329 	return false;
330 }
331 
332 static int
333 ipip_tunnel_ctl(struct net_device *dev, struct ip_tunnel_parm *p, int cmd)
334 {
335 	if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
336 		if (p->iph.version != 4 ||
337 		    !ipip_tunnel_ioctl_verify_protocol(p->iph.protocol) ||
338 		    p->iph.ihl != 5 || (p->iph.frag_off & htons(~IP_DF)))
339 			return -EINVAL;
340 	}
341 
342 	p->i_key = p->o_key = 0;
343 	p->i_flags = p->o_flags = 0;
344 	return ip_tunnel_ctl(dev, p, cmd);
345 }
346 
347 static const struct net_device_ops ipip_netdev_ops = {
348 	.ndo_init       = ipip_tunnel_init,
349 	.ndo_uninit     = ip_tunnel_uninit,
350 	.ndo_start_xmit	= ipip_tunnel_xmit,
351 	.ndo_siocdevprivate = ip_tunnel_siocdevprivate,
352 	.ndo_change_mtu = ip_tunnel_change_mtu,
353 	.ndo_get_stats64 = dev_get_tstats64,
354 	.ndo_get_iflink = ip_tunnel_get_iflink,
355 	.ndo_tunnel_ctl	= ipip_tunnel_ctl,
356 };
357 
358 #define IPIP_FEATURES (NETIF_F_SG |		\
359 		       NETIF_F_FRAGLIST |	\
360 		       NETIF_F_HIGHDMA |	\
361 		       NETIF_F_GSO_SOFTWARE |	\
362 		       NETIF_F_HW_CSUM)
363 
364 static void ipip_tunnel_setup(struct net_device *dev)
365 {
366 	dev->netdev_ops		= &ipip_netdev_ops;
367 	dev->header_ops		= &ip_tunnel_header_ops;
368 
369 	dev->type		= ARPHRD_TUNNEL;
370 	dev->flags		= IFF_NOARP;
371 	dev->addr_len		= 4;
372 	dev->features		|= NETIF_F_LLTX;
373 	netif_keep_dst(dev);
374 
375 	dev->features		|= IPIP_FEATURES;
376 	dev->hw_features	|= IPIP_FEATURES;
377 	ip_tunnel_setup(dev, ipip_net_id);
378 }
379 
380 static int ipip_tunnel_init(struct net_device *dev)
381 {
382 	struct ip_tunnel *tunnel = netdev_priv(dev);
383 
384 	__dev_addr_set(dev, &tunnel->parms.iph.saddr, 4);
385 	memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
386 
387 	tunnel->tun_hlen = 0;
388 	tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
389 	return ip_tunnel_init(dev);
390 }
391 
392 static int ipip_tunnel_validate(struct nlattr *tb[], struct nlattr *data[],
393 				struct netlink_ext_ack *extack)
394 {
395 	u8 proto;
396 
397 	if (!data || !data[IFLA_IPTUN_PROTO])
398 		return 0;
399 
400 	proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
401 	if (proto != IPPROTO_IPIP && proto != IPPROTO_MPLS && proto != 0)
402 		return -EINVAL;
403 
404 	return 0;
405 }
406 
407 static void ipip_netlink_parms(struct nlattr *data[],
408 			       struct ip_tunnel_parm *parms, bool *collect_md,
409 			       __u32 *fwmark)
410 {
411 	memset(parms, 0, sizeof(*parms));
412 
413 	parms->iph.version = 4;
414 	parms->iph.protocol = IPPROTO_IPIP;
415 	parms->iph.ihl = 5;
416 	*collect_md = false;
417 
418 	if (!data)
419 		return;
420 
421 	ip_tunnel_netlink_parms(data, parms);
422 
423 	if (data[IFLA_IPTUN_COLLECT_METADATA])
424 		*collect_md = true;
425 
426 	if (data[IFLA_IPTUN_FWMARK])
427 		*fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]);
428 }
429 
430 static int ipip_newlink(struct net *src_net, struct net_device *dev,
431 			struct nlattr *tb[], struct nlattr *data[],
432 			struct netlink_ext_ack *extack)
433 {
434 	struct ip_tunnel *t = netdev_priv(dev);
435 	struct ip_tunnel_parm p;
436 	struct ip_tunnel_encap ipencap;
437 	__u32 fwmark = 0;
438 
439 	if (ip_tunnel_netlink_encap_parms(data, &ipencap)) {
440 		int err = ip_tunnel_encap_setup(t, &ipencap);
441 
442 		if (err < 0)
443 			return err;
444 	}
445 
446 	ipip_netlink_parms(data, &p, &t->collect_md, &fwmark);
447 	return ip_tunnel_newlink(dev, tb, &p, fwmark);
448 }
449 
450 static int ipip_changelink(struct net_device *dev, struct nlattr *tb[],
451 			   struct nlattr *data[],
452 			   struct netlink_ext_ack *extack)
453 {
454 	struct ip_tunnel *t = netdev_priv(dev);
455 	struct ip_tunnel_parm p;
456 	struct ip_tunnel_encap ipencap;
457 	bool collect_md;
458 	__u32 fwmark = t->fwmark;
459 
460 	if (ip_tunnel_netlink_encap_parms(data, &ipencap)) {
461 		int err = ip_tunnel_encap_setup(t, &ipencap);
462 
463 		if (err < 0)
464 			return err;
465 	}
466 
467 	ipip_netlink_parms(data, &p, &collect_md, &fwmark);
468 	if (collect_md)
469 		return -EINVAL;
470 
471 	if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
472 	    (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
473 		return -EINVAL;
474 
475 	return ip_tunnel_changelink(dev, tb, &p, fwmark);
476 }
477 
478 static size_t ipip_get_size(const struct net_device *dev)
479 {
480 	return
481 		/* IFLA_IPTUN_LINK */
482 		nla_total_size(4) +
483 		/* IFLA_IPTUN_LOCAL */
484 		nla_total_size(4) +
485 		/* IFLA_IPTUN_REMOTE */
486 		nla_total_size(4) +
487 		/* IFLA_IPTUN_TTL */
488 		nla_total_size(1) +
489 		/* IFLA_IPTUN_TOS */
490 		nla_total_size(1) +
491 		/* IFLA_IPTUN_PROTO */
492 		nla_total_size(1) +
493 		/* IFLA_IPTUN_PMTUDISC */
494 		nla_total_size(1) +
495 		/* IFLA_IPTUN_ENCAP_TYPE */
496 		nla_total_size(2) +
497 		/* IFLA_IPTUN_ENCAP_FLAGS */
498 		nla_total_size(2) +
499 		/* IFLA_IPTUN_ENCAP_SPORT */
500 		nla_total_size(2) +
501 		/* IFLA_IPTUN_ENCAP_DPORT */
502 		nla_total_size(2) +
503 		/* IFLA_IPTUN_COLLECT_METADATA */
504 		nla_total_size(0) +
505 		/* IFLA_IPTUN_FWMARK */
506 		nla_total_size(4) +
507 		0;
508 }
509 
510 static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev)
511 {
512 	struct ip_tunnel *tunnel = netdev_priv(dev);
513 	struct ip_tunnel_parm *parm = &tunnel->parms;
514 
515 	if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
516 	    nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
517 	    nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
518 	    nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
519 	    nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
520 	    nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->iph.protocol) ||
521 	    nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
522 		       !!(parm->iph.frag_off & htons(IP_DF))) ||
523 	    nla_put_u32(skb, IFLA_IPTUN_FWMARK, tunnel->fwmark))
524 		goto nla_put_failure;
525 
526 	if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
527 			tunnel->encap.type) ||
528 	    nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
529 			 tunnel->encap.sport) ||
530 	    nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
531 			 tunnel->encap.dport) ||
532 	    nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
533 			tunnel->encap.flags))
534 		goto nla_put_failure;
535 
536 	if (tunnel->collect_md)
537 		if (nla_put_flag(skb, IFLA_IPTUN_COLLECT_METADATA))
538 			goto nla_put_failure;
539 	return 0;
540 
541 nla_put_failure:
542 	return -EMSGSIZE;
543 }
544 
545 static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
546 	[IFLA_IPTUN_LINK]		= { .type = NLA_U32 },
547 	[IFLA_IPTUN_LOCAL]		= { .type = NLA_U32 },
548 	[IFLA_IPTUN_REMOTE]		= { .type = NLA_U32 },
549 	[IFLA_IPTUN_TTL]		= { .type = NLA_U8 },
550 	[IFLA_IPTUN_TOS]		= { .type = NLA_U8 },
551 	[IFLA_IPTUN_PROTO]		= { .type = NLA_U8 },
552 	[IFLA_IPTUN_PMTUDISC]		= { .type = NLA_U8 },
553 	[IFLA_IPTUN_ENCAP_TYPE]		= { .type = NLA_U16 },
554 	[IFLA_IPTUN_ENCAP_FLAGS]	= { .type = NLA_U16 },
555 	[IFLA_IPTUN_ENCAP_SPORT]	= { .type = NLA_U16 },
556 	[IFLA_IPTUN_ENCAP_DPORT]	= { .type = NLA_U16 },
557 	[IFLA_IPTUN_COLLECT_METADATA]	= { .type = NLA_FLAG },
558 	[IFLA_IPTUN_FWMARK]		= { .type = NLA_U32 },
559 };
560 
561 static struct rtnl_link_ops ipip_link_ops __read_mostly = {
562 	.kind		= "ipip",
563 	.maxtype	= IFLA_IPTUN_MAX,
564 	.policy		= ipip_policy,
565 	.priv_size	= sizeof(struct ip_tunnel),
566 	.setup		= ipip_tunnel_setup,
567 	.validate	= ipip_tunnel_validate,
568 	.newlink	= ipip_newlink,
569 	.changelink	= ipip_changelink,
570 	.dellink	= ip_tunnel_dellink,
571 	.get_size	= ipip_get_size,
572 	.fill_info	= ipip_fill_info,
573 	.get_link_net	= ip_tunnel_get_link_net,
574 };
575 
576 static struct xfrm_tunnel ipip_handler __read_mostly = {
577 	.handler	=	ipip_rcv,
578 	.err_handler	=	ipip_err,
579 	.priority	=	1,
580 };
581 
582 #if IS_ENABLED(CONFIG_MPLS)
583 static struct xfrm_tunnel mplsip_handler __read_mostly = {
584 	.handler	=	mplsip_rcv,
585 	.err_handler	=	ipip_err,
586 	.priority	=	1,
587 };
588 #endif
589 
590 static int __net_init ipip_init_net(struct net *net)
591 {
592 	return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
593 }
594 
595 static void __net_exit ipip_exit_batch_rtnl(struct list_head *list_net,
596 					    struct list_head *dev_to_kill)
597 {
598 	ip_tunnel_delete_nets(list_net, ipip_net_id, &ipip_link_ops,
599 			      dev_to_kill);
600 }
601 
602 static struct pernet_operations ipip_net_ops = {
603 	.init = ipip_init_net,
604 	.exit_batch_rtnl = ipip_exit_batch_rtnl,
605 	.id   = &ipip_net_id,
606 	.size = sizeof(struct ip_tunnel_net),
607 };
608 
609 static int __init ipip_init(void)
610 {
611 	int err;
612 
613 	pr_info("ipip: IPv4 and MPLS over IPv4 tunneling driver\n");
614 
615 	err = register_pernet_device(&ipip_net_ops);
616 	if (err < 0)
617 		return err;
618 	err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
619 	if (err < 0) {
620 		pr_info("%s: can't register tunnel\n", __func__);
621 		goto xfrm_tunnel_ipip_failed;
622 	}
623 #if IS_ENABLED(CONFIG_MPLS)
624 	err = xfrm4_tunnel_register(&mplsip_handler, AF_MPLS);
625 	if (err < 0) {
626 		pr_info("%s: can't register tunnel\n", __func__);
627 		goto xfrm_tunnel_mplsip_failed;
628 	}
629 #endif
630 	err = rtnl_link_register(&ipip_link_ops);
631 	if (err < 0)
632 		goto rtnl_link_failed;
633 
634 out:
635 	return err;
636 
637 rtnl_link_failed:
638 #if IS_ENABLED(CONFIG_MPLS)
639 	xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS);
640 xfrm_tunnel_mplsip_failed:
641 
642 #endif
643 	xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
644 xfrm_tunnel_ipip_failed:
645 	unregister_pernet_device(&ipip_net_ops);
646 	goto out;
647 }
648 
649 static void __exit ipip_fini(void)
650 {
651 	rtnl_link_unregister(&ipip_link_ops);
652 	if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
653 		pr_info("%s: can't deregister tunnel\n", __func__);
654 #if IS_ENABLED(CONFIG_MPLS)
655 	if (xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS))
656 		pr_info("%s: can't deregister tunnel\n", __func__);
657 #endif
658 	unregister_pernet_device(&ipip_net_ops);
659 }
660 
661 module_init(ipip_init);
662 module_exit(ipip_fini);
663 MODULE_DESCRIPTION("IP/IP protocol decoder library");
664 MODULE_LICENSE("GPL");
665 MODULE_ALIAS_RTNL_LINK("ipip");
666 MODULE_ALIAS_NETDEV("tunl0");
667