xref: /linux/net/ipv4/ipip.c (revision 8f8d5745bb520c76b81abef4a2cb3023d0313bfd)
1 /*
2  *	Linux NET3:	IP/IP protocol decoder.
3  *
4  *	Authors:
5  *		Sam Lantinga (slouken@cs.ucdavis.edu)  02/01/95
6  *
7  *	Fixes:
8  *		Alan Cox	:	Merged and made usable non modular (its so tiny its silly as
9  *					a module taking up 2 pages).
10  *		Alan Cox	: 	Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
11  *					to keep ip_forward happy.
12  *		Alan Cox	:	More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
13  *		Kai Schulte	:	Fixed #defines for IP_FIREWALL->FIREWALL
14  *              David Woodhouse :       Perform some basic ICMP handling.
15  *                                      IPIP Routing without decapsulation.
16  *              Carlos Picoto   :       GRE over IP support
17  *		Alexey Kuznetsov:	Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
18  *					I do not want to merge them together.
19  *
20  *	This program is free software; you can redistribute it and/or
21  *	modify it under the terms of the GNU General Public License
22  *	as published by the Free Software Foundation; either version
23  *	2 of the License, or (at your option) any later version.
24  *
25  */
26 
27 /* tunnel.c: an IP tunnel driver
28 
29 	The purpose of this driver is to provide an IP tunnel through
30 	which you can tunnel network traffic transparently across subnets.
31 
32 	This was written by looking at Nick Holloway's dummy driver
33 	Thanks for the great code!
34 
35 		-Sam Lantinga	(slouken@cs.ucdavis.edu)  02/01/95
36 
37 	Minor tweaks:
38 		Cleaned up the code a little and added some pre-1.3.0 tweaks.
39 		dev->hard_header/hard_header_len changed to use no headers.
40 		Comments/bracketing tweaked.
41 		Made the tunnels use dev->name not tunnel: when error reporting.
42 		Added tx_dropped stat
43 
44 		-Alan Cox	(alan@lxorguk.ukuu.org.uk) 21 March 95
45 
46 	Reworked:
47 		Changed to tunnel to destination gateway in addition to the
48 			tunnel's pointopoint address
49 		Almost completely rewritten
50 		Note:  There is currently no firewall or ICMP handling done.
51 
52 		-Sam Lantinga	(slouken@cs.ucdavis.edu) 02/13/96
53 
54 */
55 
56 /* Things I wish I had known when writing the tunnel driver:
57 
58 	When the tunnel_xmit() function is called, the skb contains the
59 	packet to be sent (plus a great deal of extra info), and dev
60 	contains the tunnel device that _we_ are.
61 
62 	When we are passed a packet, we are expected to fill in the
63 	source address with our source IP address.
64 
65 	What is the proper way to allocate, copy and free a buffer?
66 	After you allocate it, it is a "0 length" chunk of memory
67 	starting at zero.  If you want to add headers to the buffer
68 	later, you'll have to call "skb_reserve(skb, amount)" with
69 	the amount of memory you want reserved.  Then, you call
70 	"skb_put(skb, amount)" with the amount of space you want in
71 	the buffer.  skb_put() returns a pointer to the top (#0) of
72 	that buffer.  skb->len is set to the amount of space you have
73 	"allocated" with skb_put().  You can then write up to skb->len
74 	bytes to that buffer.  If you need more, you can call skb_put()
75 	again with the additional amount of space you need.  You can
76 	find out how much more space you can allocate by calling
77 	"skb_tailroom(skb)".
78 	Now, to add header space, call "skb_push(skb, header_len)".
79 	This creates space at the beginning of the buffer and returns
80 	a pointer to this new space.  If later you need to strip a
81 	header from a buffer, call "skb_pull(skb, header_len)".
82 	skb_headroom() will return how much space is left at the top
83 	of the buffer (before the main data).  Remember, this headroom
84 	space must be reserved before the skb_put() function is called.
85 	*/
86 
87 /*
88    This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
89 
90    For comments look at net/ipv4/ip_gre.c --ANK
91  */
92 
93 
94 #include <linux/capability.h>
95 #include <linux/module.h>
96 #include <linux/types.h>
97 #include <linux/kernel.h>
98 #include <linux/slab.h>
99 #include <linux/uaccess.h>
100 #include <linux/skbuff.h>
101 #include <linux/netdevice.h>
102 #include <linux/in.h>
103 #include <linux/tcp.h>
104 #include <linux/udp.h>
105 #include <linux/if_arp.h>
106 #include <linux/init.h>
107 #include <linux/netfilter_ipv4.h>
108 #include <linux/if_ether.h>
109 
110 #include <net/sock.h>
111 #include <net/ip.h>
112 #include <net/icmp.h>
113 #include <net/ip_tunnels.h>
114 #include <net/inet_ecn.h>
115 #include <net/xfrm.h>
116 #include <net/net_namespace.h>
117 #include <net/netns/generic.h>
118 #include <net/dst_metadata.h>
119 
120 static bool log_ecn_error = true;
121 module_param(log_ecn_error, bool, 0644);
122 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
123 
124 static unsigned int ipip_net_id __read_mostly;
125 
126 static int ipip_tunnel_init(struct net_device *dev);
127 static struct rtnl_link_ops ipip_link_ops __read_mostly;
128 
129 static int ipip_err(struct sk_buff *skb, u32 info)
130 {
131 	/* All the routers (except for Linux) return only
132 	 * 8 bytes of packet payload. It means, that precise relaying of
133 	 * ICMP in the real Internet is absolutely infeasible.
134 	 */
135 	struct net *net = dev_net(skb->dev);
136 	struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
137 	const struct iphdr *iph = (const struct iphdr *)skb->data;
138 	const int type = icmp_hdr(skb)->type;
139 	const int code = icmp_hdr(skb)->code;
140 	struct ip_tunnel *t;
141 	int err = 0;
142 
143 	t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
144 			     iph->daddr, iph->saddr, 0);
145 	if (!t) {
146 		err = -ENOENT;
147 		goto out;
148 	}
149 
150 	switch (type) {
151 	case ICMP_DEST_UNREACH:
152 		switch (code) {
153 		case ICMP_SR_FAILED:
154 			/* Impossible event. */
155 			goto out;
156 		default:
157 			/* All others are translated to HOST_UNREACH.
158 			 * rfc2003 contains "deep thoughts" about NET_UNREACH,
159 			 * I believe they are just ether pollution. --ANK
160 			 */
161 			break;
162 		}
163 		break;
164 
165 	case ICMP_TIME_EXCEEDED:
166 		if (code != ICMP_EXC_TTL)
167 			goto out;
168 		break;
169 
170 	case ICMP_REDIRECT:
171 		break;
172 
173 	default:
174 		goto out;
175 	}
176 
177 	if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
178 		ipv4_update_pmtu(skb, net, info, t->parms.link, iph->protocol);
179 		goto out;
180 	}
181 
182 	if (type == ICMP_REDIRECT) {
183 		ipv4_redirect(skb, net, t->parms.link, iph->protocol);
184 		goto out;
185 	}
186 
187 	if (t->parms.iph.daddr == 0) {
188 		err = -ENOENT;
189 		goto out;
190 	}
191 
192 	if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
193 		goto out;
194 
195 	if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
196 		t->err_count++;
197 	else
198 		t->err_count = 1;
199 	t->err_time = jiffies;
200 
201 out:
202 	return err;
203 }
204 
205 static const struct tnl_ptk_info ipip_tpi = {
206 	/* no tunnel info required for ipip. */
207 	.proto = htons(ETH_P_IP),
208 };
209 
210 #if IS_ENABLED(CONFIG_MPLS)
211 static const struct tnl_ptk_info mplsip_tpi = {
212 	/* no tunnel info required for mplsip. */
213 	.proto = htons(ETH_P_MPLS_UC),
214 };
215 #endif
216 
217 static int ipip_tunnel_rcv(struct sk_buff *skb, u8 ipproto)
218 {
219 	struct net *net = dev_net(skb->dev);
220 	struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
221 	struct metadata_dst *tun_dst = NULL;
222 	struct ip_tunnel *tunnel;
223 	const struct iphdr *iph;
224 
225 	iph = ip_hdr(skb);
226 	tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
227 			iph->saddr, iph->daddr, 0);
228 	if (tunnel) {
229 		const struct tnl_ptk_info *tpi;
230 
231 		if (tunnel->parms.iph.protocol != ipproto &&
232 		    tunnel->parms.iph.protocol != 0)
233 			goto drop;
234 
235 		if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
236 			goto drop;
237 #if IS_ENABLED(CONFIG_MPLS)
238 		if (ipproto == IPPROTO_MPLS)
239 			tpi = &mplsip_tpi;
240 		else
241 #endif
242 			tpi = &ipip_tpi;
243 		if (iptunnel_pull_header(skb, 0, tpi->proto, false))
244 			goto drop;
245 		if (tunnel->collect_md) {
246 			tun_dst = ip_tun_rx_dst(skb, 0, 0, 0);
247 			if (!tun_dst)
248 				return 0;
249 		}
250 		return ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
251 	}
252 
253 	return -1;
254 
255 drop:
256 	kfree_skb(skb);
257 	return 0;
258 }
259 
260 static int ipip_rcv(struct sk_buff *skb)
261 {
262 	return ipip_tunnel_rcv(skb, IPPROTO_IPIP);
263 }
264 
265 #if IS_ENABLED(CONFIG_MPLS)
266 static int mplsip_rcv(struct sk_buff *skb)
267 {
268 	return ipip_tunnel_rcv(skb, IPPROTO_MPLS);
269 }
270 #endif
271 
272 /*
273  *	This function assumes it is being called from dev_queue_xmit()
274  *	and that skb is filled properly by that function.
275  */
276 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb,
277 				    struct net_device *dev)
278 {
279 	struct ip_tunnel *tunnel = netdev_priv(dev);
280 	const struct iphdr  *tiph = &tunnel->parms.iph;
281 	u8 ipproto;
282 
283 	switch (skb->protocol) {
284 	case htons(ETH_P_IP):
285 		ipproto = IPPROTO_IPIP;
286 		break;
287 #if IS_ENABLED(CONFIG_MPLS)
288 	case htons(ETH_P_MPLS_UC):
289 		ipproto = IPPROTO_MPLS;
290 		break;
291 #endif
292 	default:
293 		goto tx_error;
294 	}
295 
296 	if (tiph->protocol != ipproto && tiph->protocol != 0)
297 		goto tx_error;
298 
299 	if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP4))
300 		goto tx_error;
301 
302 	skb_set_inner_ipproto(skb, ipproto);
303 
304 	if (tunnel->collect_md)
305 		ip_md_tunnel_xmit(skb, dev, ipproto, 0);
306 	else
307 		ip_tunnel_xmit(skb, dev, tiph, ipproto);
308 	return NETDEV_TX_OK;
309 
310 tx_error:
311 	kfree_skb(skb);
312 
313 	dev->stats.tx_errors++;
314 	return NETDEV_TX_OK;
315 }
316 
317 static bool ipip_tunnel_ioctl_verify_protocol(u8 ipproto)
318 {
319 	switch (ipproto) {
320 	case 0:
321 	case IPPROTO_IPIP:
322 #if IS_ENABLED(CONFIG_MPLS)
323 	case IPPROTO_MPLS:
324 #endif
325 		return true;
326 	}
327 
328 	return false;
329 }
330 
331 static int
332 ipip_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
333 {
334 	int err = 0;
335 	struct ip_tunnel_parm p;
336 
337 	if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
338 		return -EFAULT;
339 
340 	if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
341 		if (p.iph.version != 4 ||
342 		    !ipip_tunnel_ioctl_verify_protocol(p.iph.protocol) ||
343 		    p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
344 			return -EINVAL;
345 	}
346 
347 	p.i_key = p.o_key = 0;
348 	p.i_flags = p.o_flags = 0;
349 	err = ip_tunnel_ioctl(dev, &p, cmd);
350 	if (err)
351 		return err;
352 
353 	if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
354 		return -EFAULT;
355 
356 	return 0;
357 }
358 
359 static const struct net_device_ops ipip_netdev_ops = {
360 	.ndo_init       = ipip_tunnel_init,
361 	.ndo_uninit     = ip_tunnel_uninit,
362 	.ndo_start_xmit	= ipip_tunnel_xmit,
363 	.ndo_do_ioctl	= ipip_tunnel_ioctl,
364 	.ndo_change_mtu = ip_tunnel_change_mtu,
365 	.ndo_get_stats64 = ip_tunnel_get_stats64,
366 	.ndo_get_iflink = ip_tunnel_get_iflink,
367 };
368 
369 #define IPIP_FEATURES (NETIF_F_SG |		\
370 		       NETIF_F_FRAGLIST |	\
371 		       NETIF_F_HIGHDMA |	\
372 		       NETIF_F_GSO_SOFTWARE |	\
373 		       NETIF_F_HW_CSUM)
374 
375 static void ipip_tunnel_setup(struct net_device *dev)
376 {
377 	dev->netdev_ops		= &ipip_netdev_ops;
378 
379 	dev->type		= ARPHRD_TUNNEL;
380 	dev->flags		= IFF_NOARP;
381 	dev->addr_len		= 4;
382 	dev->features		|= NETIF_F_LLTX;
383 	netif_keep_dst(dev);
384 
385 	dev->features		|= IPIP_FEATURES;
386 	dev->hw_features	|= IPIP_FEATURES;
387 	ip_tunnel_setup(dev, ipip_net_id);
388 }
389 
390 static int ipip_tunnel_init(struct net_device *dev)
391 {
392 	struct ip_tunnel *tunnel = netdev_priv(dev);
393 
394 	memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
395 	memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
396 
397 	tunnel->tun_hlen = 0;
398 	tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
399 	return ip_tunnel_init(dev);
400 }
401 
402 static int ipip_tunnel_validate(struct nlattr *tb[], struct nlattr *data[],
403 				struct netlink_ext_ack *extack)
404 {
405 	u8 proto;
406 
407 	if (!data || !data[IFLA_IPTUN_PROTO])
408 		return 0;
409 
410 	proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
411 	if (proto != IPPROTO_IPIP && proto != IPPROTO_MPLS && proto != 0)
412 		return -EINVAL;
413 
414 	return 0;
415 }
416 
417 static void ipip_netlink_parms(struct nlattr *data[],
418 			       struct ip_tunnel_parm *parms, bool *collect_md,
419 			       __u32 *fwmark)
420 {
421 	memset(parms, 0, sizeof(*parms));
422 
423 	parms->iph.version = 4;
424 	parms->iph.protocol = IPPROTO_IPIP;
425 	parms->iph.ihl = 5;
426 	*collect_md = false;
427 
428 	if (!data)
429 		return;
430 
431 	if (data[IFLA_IPTUN_LINK])
432 		parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]);
433 
434 	if (data[IFLA_IPTUN_LOCAL])
435 		parms->iph.saddr = nla_get_in_addr(data[IFLA_IPTUN_LOCAL]);
436 
437 	if (data[IFLA_IPTUN_REMOTE])
438 		parms->iph.daddr = nla_get_in_addr(data[IFLA_IPTUN_REMOTE]);
439 
440 	if (data[IFLA_IPTUN_TTL]) {
441 		parms->iph.ttl = nla_get_u8(data[IFLA_IPTUN_TTL]);
442 		if (parms->iph.ttl)
443 			parms->iph.frag_off = htons(IP_DF);
444 	}
445 
446 	if (data[IFLA_IPTUN_TOS])
447 		parms->iph.tos = nla_get_u8(data[IFLA_IPTUN_TOS]);
448 
449 	if (data[IFLA_IPTUN_PROTO])
450 		parms->iph.protocol = nla_get_u8(data[IFLA_IPTUN_PROTO]);
451 
452 	if (!data[IFLA_IPTUN_PMTUDISC] || nla_get_u8(data[IFLA_IPTUN_PMTUDISC]))
453 		parms->iph.frag_off = htons(IP_DF);
454 
455 	if (data[IFLA_IPTUN_COLLECT_METADATA])
456 		*collect_md = true;
457 
458 	if (data[IFLA_IPTUN_FWMARK])
459 		*fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]);
460 }
461 
462 /* This function returns true when ENCAP attributes are present in the nl msg */
463 static bool ipip_netlink_encap_parms(struct nlattr *data[],
464 				     struct ip_tunnel_encap *ipencap)
465 {
466 	bool ret = false;
467 
468 	memset(ipencap, 0, sizeof(*ipencap));
469 
470 	if (!data)
471 		return ret;
472 
473 	if (data[IFLA_IPTUN_ENCAP_TYPE]) {
474 		ret = true;
475 		ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]);
476 	}
477 
478 	if (data[IFLA_IPTUN_ENCAP_FLAGS]) {
479 		ret = true;
480 		ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]);
481 	}
482 
483 	if (data[IFLA_IPTUN_ENCAP_SPORT]) {
484 		ret = true;
485 		ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]);
486 	}
487 
488 	if (data[IFLA_IPTUN_ENCAP_DPORT]) {
489 		ret = true;
490 		ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]);
491 	}
492 
493 	return ret;
494 }
495 
496 static int ipip_newlink(struct net *src_net, struct net_device *dev,
497 			struct nlattr *tb[], struct nlattr *data[],
498 			struct netlink_ext_ack *extack)
499 {
500 	struct ip_tunnel *t = netdev_priv(dev);
501 	struct ip_tunnel_parm p;
502 	struct ip_tunnel_encap ipencap;
503 	__u32 fwmark = 0;
504 
505 	if (ipip_netlink_encap_parms(data, &ipencap)) {
506 		int err = ip_tunnel_encap_setup(t, &ipencap);
507 
508 		if (err < 0)
509 			return err;
510 	}
511 
512 	ipip_netlink_parms(data, &p, &t->collect_md, &fwmark);
513 	return ip_tunnel_newlink(dev, tb, &p, fwmark);
514 }
515 
516 static int ipip_changelink(struct net_device *dev, struct nlattr *tb[],
517 			   struct nlattr *data[],
518 			   struct netlink_ext_ack *extack)
519 {
520 	struct ip_tunnel *t = netdev_priv(dev);
521 	struct ip_tunnel_parm p;
522 	struct ip_tunnel_encap ipencap;
523 	bool collect_md;
524 	__u32 fwmark = t->fwmark;
525 
526 	if (ipip_netlink_encap_parms(data, &ipencap)) {
527 		int err = ip_tunnel_encap_setup(t, &ipencap);
528 
529 		if (err < 0)
530 			return err;
531 	}
532 
533 	ipip_netlink_parms(data, &p, &collect_md, &fwmark);
534 	if (collect_md)
535 		return -EINVAL;
536 
537 	if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
538 	    (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
539 		return -EINVAL;
540 
541 	return ip_tunnel_changelink(dev, tb, &p, fwmark);
542 }
543 
544 static size_t ipip_get_size(const struct net_device *dev)
545 {
546 	return
547 		/* IFLA_IPTUN_LINK */
548 		nla_total_size(4) +
549 		/* IFLA_IPTUN_LOCAL */
550 		nla_total_size(4) +
551 		/* IFLA_IPTUN_REMOTE */
552 		nla_total_size(4) +
553 		/* IFLA_IPTUN_TTL */
554 		nla_total_size(1) +
555 		/* IFLA_IPTUN_TOS */
556 		nla_total_size(1) +
557 		/* IFLA_IPTUN_PROTO */
558 		nla_total_size(1) +
559 		/* IFLA_IPTUN_PMTUDISC */
560 		nla_total_size(1) +
561 		/* IFLA_IPTUN_ENCAP_TYPE */
562 		nla_total_size(2) +
563 		/* IFLA_IPTUN_ENCAP_FLAGS */
564 		nla_total_size(2) +
565 		/* IFLA_IPTUN_ENCAP_SPORT */
566 		nla_total_size(2) +
567 		/* IFLA_IPTUN_ENCAP_DPORT */
568 		nla_total_size(2) +
569 		/* IFLA_IPTUN_COLLECT_METADATA */
570 		nla_total_size(0) +
571 		/* IFLA_IPTUN_FWMARK */
572 		nla_total_size(4) +
573 		0;
574 }
575 
576 static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev)
577 {
578 	struct ip_tunnel *tunnel = netdev_priv(dev);
579 	struct ip_tunnel_parm *parm = &tunnel->parms;
580 
581 	if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
582 	    nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
583 	    nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
584 	    nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
585 	    nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
586 	    nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->iph.protocol) ||
587 	    nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
588 		       !!(parm->iph.frag_off & htons(IP_DF))) ||
589 	    nla_put_u32(skb, IFLA_IPTUN_FWMARK, tunnel->fwmark))
590 		goto nla_put_failure;
591 
592 	if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
593 			tunnel->encap.type) ||
594 	    nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
595 			 tunnel->encap.sport) ||
596 	    nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
597 			 tunnel->encap.dport) ||
598 	    nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
599 			tunnel->encap.flags))
600 		goto nla_put_failure;
601 
602 	if (tunnel->collect_md)
603 		if (nla_put_flag(skb, IFLA_IPTUN_COLLECT_METADATA))
604 			goto nla_put_failure;
605 	return 0;
606 
607 nla_put_failure:
608 	return -EMSGSIZE;
609 }
610 
611 static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
612 	[IFLA_IPTUN_LINK]		= { .type = NLA_U32 },
613 	[IFLA_IPTUN_LOCAL]		= { .type = NLA_U32 },
614 	[IFLA_IPTUN_REMOTE]		= { .type = NLA_U32 },
615 	[IFLA_IPTUN_TTL]		= { .type = NLA_U8 },
616 	[IFLA_IPTUN_TOS]		= { .type = NLA_U8 },
617 	[IFLA_IPTUN_PROTO]		= { .type = NLA_U8 },
618 	[IFLA_IPTUN_PMTUDISC]		= { .type = NLA_U8 },
619 	[IFLA_IPTUN_ENCAP_TYPE]		= { .type = NLA_U16 },
620 	[IFLA_IPTUN_ENCAP_FLAGS]	= { .type = NLA_U16 },
621 	[IFLA_IPTUN_ENCAP_SPORT]	= { .type = NLA_U16 },
622 	[IFLA_IPTUN_ENCAP_DPORT]	= { .type = NLA_U16 },
623 	[IFLA_IPTUN_COLLECT_METADATA]	= { .type = NLA_FLAG },
624 	[IFLA_IPTUN_FWMARK]		= { .type = NLA_U32 },
625 };
626 
627 static struct rtnl_link_ops ipip_link_ops __read_mostly = {
628 	.kind		= "ipip",
629 	.maxtype	= IFLA_IPTUN_MAX,
630 	.policy		= ipip_policy,
631 	.priv_size	= sizeof(struct ip_tunnel),
632 	.setup		= ipip_tunnel_setup,
633 	.validate	= ipip_tunnel_validate,
634 	.newlink	= ipip_newlink,
635 	.changelink	= ipip_changelink,
636 	.dellink	= ip_tunnel_dellink,
637 	.get_size	= ipip_get_size,
638 	.fill_info	= ipip_fill_info,
639 	.get_link_net	= ip_tunnel_get_link_net,
640 };
641 
642 static struct xfrm_tunnel ipip_handler __read_mostly = {
643 	.handler	=	ipip_rcv,
644 	.err_handler	=	ipip_err,
645 	.priority	=	1,
646 };
647 
648 #if IS_ENABLED(CONFIG_MPLS)
649 static struct xfrm_tunnel mplsip_handler __read_mostly = {
650 	.handler	=	mplsip_rcv,
651 	.err_handler	=	ipip_err,
652 	.priority	=	1,
653 };
654 #endif
655 
656 static int __net_init ipip_init_net(struct net *net)
657 {
658 	return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
659 }
660 
661 static void __net_exit ipip_exit_batch_net(struct list_head *list_net)
662 {
663 	ip_tunnel_delete_nets(list_net, ipip_net_id, &ipip_link_ops);
664 }
665 
666 static struct pernet_operations ipip_net_ops = {
667 	.init = ipip_init_net,
668 	.exit_batch = ipip_exit_batch_net,
669 	.id   = &ipip_net_id,
670 	.size = sizeof(struct ip_tunnel_net),
671 };
672 
673 static int __init ipip_init(void)
674 {
675 	int err;
676 
677 	pr_info("ipip: IPv4 and MPLS over IPv4 tunneling driver\n");
678 
679 	err = register_pernet_device(&ipip_net_ops);
680 	if (err < 0)
681 		return err;
682 	err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
683 	if (err < 0) {
684 		pr_info("%s: can't register tunnel\n", __func__);
685 		goto xfrm_tunnel_ipip_failed;
686 	}
687 #if IS_ENABLED(CONFIG_MPLS)
688 	err = xfrm4_tunnel_register(&mplsip_handler, AF_MPLS);
689 	if (err < 0) {
690 		pr_info("%s: can't register tunnel\n", __func__);
691 		goto xfrm_tunnel_mplsip_failed;
692 	}
693 #endif
694 	err = rtnl_link_register(&ipip_link_ops);
695 	if (err < 0)
696 		goto rtnl_link_failed;
697 
698 out:
699 	return err;
700 
701 rtnl_link_failed:
702 #if IS_ENABLED(CONFIG_MPLS)
703 	xfrm4_tunnel_deregister(&mplsip_handler, AF_INET);
704 xfrm_tunnel_mplsip_failed:
705 
706 #endif
707 	xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
708 xfrm_tunnel_ipip_failed:
709 	unregister_pernet_device(&ipip_net_ops);
710 	goto out;
711 }
712 
713 static void __exit ipip_fini(void)
714 {
715 	rtnl_link_unregister(&ipip_link_ops);
716 	if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
717 		pr_info("%s: can't deregister tunnel\n", __func__);
718 #if IS_ENABLED(CONFIG_MPLS)
719 	if (xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS))
720 		pr_info("%s: can't deregister tunnel\n", __func__);
721 #endif
722 	unregister_pernet_device(&ipip_net_ops);
723 }
724 
725 module_init(ipip_init);
726 module_exit(ipip_fini);
727 MODULE_LICENSE("GPL");
728 MODULE_ALIAS_RTNL_LINK("ipip");
729 MODULE_ALIAS_NETDEV("tunl0");
730