1 /* 2 * IPv6 tunneling device 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Ville Nuorvala <vnuorval@tcs.hut.fi> 7 * Yasuyuki Kozakai <kozakai@linux-ipv6.org> 8 * 9 * Based on: 10 * linux/net/ipv6/sit.c and linux/net/ipv4/ipip.c 11 * 12 * RFC 2473 13 * 14 * This program is free software; you can redistribute it and/or 15 * modify it under the terms of the GNU General Public License 16 * as published by the Free Software Foundation; either version 17 * 2 of the License, or (at your option) any later version. 18 * 19 */ 20 21 #include <linux/module.h> 22 #include <linux/capability.h> 23 #include <linux/errno.h> 24 #include <linux/types.h> 25 #include <linux/sockios.h> 26 #include <linux/icmp.h> 27 #include <linux/if.h> 28 #include <linux/in.h> 29 #include <linux/ip.h> 30 #include <linux/if_tunnel.h> 31 #include <linux/net.h> 32 #include <linux/in6.h> 33 #include <linux/netdevice.h> 34 #include <linux/if_arp.h> 35 #include <linux/icmpv6.h> 36 #include <linux/init.h> 37 #include <linux/route.h> 38 #include <linux/rtnetlink.h> 39 #include <linux/netfilter_ipv6.h> 40 41 #include <asm/uaccess.h> 42 #include <asm/atomic.h> 43 44 #include <net/icmp.h> 45 #include <net/ip.h> 46 #include <net/ipv6.h> 47 #include <net/ip6_route.h> 48 #include <net/addrconf.h> 49 #include <net/ip6_tunnel.h> 50 #include <net/xfrm.h> 51 #include <net/dsfield.h> 52 #include <net/inet_ecn.h> 53 #include <net/net_namespace.h> 54 #include <net/netns/generic.h> 55 56 MODULE_AUTHOR("Ville Nuorvala"); 57 MODULE_DESCRIPTION("IPv6 tunneling device"); 58 MODULE_LICENSE("GPL"); 59 60 #define IPV6_TLV_TEL_DST_SIZE 8 61 62 #ifdef IP6_TNL_DEBUG 63 #define IP6_TNL_TRACE(x...) printk(KERN_DEBUG "%s:" x "\n", __func__) 64 #else 65 #define IP6_TNL_TRACE(x...) do {;} while(0) 66 #endif 67 68 #define IPV6_TCLASS_MASK (IPV6_FLOWINFO_MASK & ~IPV6_FLOWLABEL_MASK) 69 #define IPV6_TCLASS_SHIFT 20 70 71 #define HASH_SIZE 32 72 73 #define HASH(addr) ((__force u32)((addr)->s6_addr32[0] ^ (addr)->s6_addr32[1] ^ \ 74 (addr)->s6_addr32[2] ^ (addr)->s6_addr32[3]) & \ 75 (HASH_SIZE - 1)) 76 77 static void ip6_fb_tnl_dev_init(struct net_device *dev); 78 static void ip6_tnl_dev_init(struct net_device *dev); 79 static void ip6_tnl_dev_setup(struct net_device *dev); 80 81 static int ip6_tnl_net_id __read_mostly; 82 struct ip6_tnl_net { 83 /* the IPv6 tunnel fallback device */ 84 struct net_device *fb_tnl_dev; 85 /* lists for storing tunnels in use */ 86 struct ip6_tnl *tnls_r_l[HASH_SIZE]; 87 struct ip6_tnl *tnls_wc[1]; 88 struct ip6_tnl **tnls[2]; 89 }; 90 91 /* 92 * Locking : hash tables are protected by RCU and a spinlock 93 */ 94 static DEFINE_SPINLOCK(ip6_tnl_lock); 95 96 static inline struct dst_entry *ip6_tnl_dst_check(struct ip6_tnl *t) 97 { 98 struct dst_entry *dst = t->dst_cache; 99 100 if (dst && dst->obsolete && 101 dst->ops->check(dst, t->dst_cookie) == NULL) { 102 t->dst_cache = NULL; 103 dst_release(dst); 104 return NULL; 105 } 106 107 return dst; 108 } 109 110 static inline void ip6_tnl_dst_reset(struct ip6_tnl *t) 111 { 112 dst_release(t->dst_cache); 113 t->dst_cache = NULL; 114 } 115 116 static inline void ip6_tnl_dst_store(struct ip6_tnl *t, struct dst_entry *dst) 117 { 118 struct rt6_info *rt = (struct rt6_info *) dst; 119 t->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0; 120 dst_release(t->dst_cache); 121 t->dst_cache = dst; 122 } 123 124 /** 125 * ip6_tnl_lookup - fetch tunnel matching the end-point addresses 126 * @remote: the address of the tunnel exit-point 127 * @local: the address of the tunnel entry-point 128 * 129 * Return: 130 * tunnel matching given end-points if found, 131 * else fallback tunnel if its device is up, 132 * else %NULL 133 **/ 134 135 #define for_each_ip6_tunnel_rcu(start) \ 136 for (t = rcu_dereference(start); t; t = rcu_dereference(t->next)) 137 138 static struct ip6_tnl * 139 ip6_tnl_lookup(struct net *net, struct in6_addr *remote, struct in6_addr *local) 140 { 141 unsigned h0 = HASH(remote); 142 unsigned h1 = HASH(local); 143 struct ip6_tnl *t; 144 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 145 146 for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[h0 ^ h1]) { 147 if (ipv6_addr_equal(local, &t->parms.laddr) && 148 ipv6_addr_equal(remote, &t->parms.raddr) && 149 (t->dev->flags & IFF_UP)) 150 return t; 151 } 152 t = rcu_dereference(ip6n->tnls_wc[0]); 153 if (t && (t->dev->flags & IFF_UP)) 154 return t; 155 156 return NULL; 157 } 158 159 /** 160 * ip6_tnl_bucket - get head of list matching given tunnel parameters 161 * @p: parameters containing tunnel end-points 162 * 163 * Description: 164 * ip6_tnl_bucket() returns the head of the list matching the 165 * &struct in6_addr entries laddr and raddr in @p. 166 * 167 * Return: head of IPv6 tunnel list 168 **/ 169 170 static struct ip6_tnl ** 171 ip6_tnl_bucket(struct ip6_tnl_net *ip6n, struct ip6_tnl_parm *p) 172 { 173 struct in6_addr *remote = &p->raddr; 174 struct in6_addr *local = &p->laddr; 175 unsigned h = 0; 176 int prio = 0; 177 178 if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) { 179 prio = 1; 180 h = HASH(remote) ^ HASH(local); 181 } 182 return &ip6n->tnls[prio][h]; 183 } 184 185 /** 186 * ip6_tnl_link - add tunnel to hash table 187 * @t: tunnel to be added 188 **/ 189 190 static void 191 ip6_tnl_link(struct ip6_tnl_net *ip6n, struct ip6_tnl *t) 192 { 193 struct ip6_tnl **tp = ip6_tnl_bucket(ip6n, &t->parms); 194 195 spin_lock_bh(&ip6_tnl_lock); 196 t->next = *tp; 197 rcu_assign_pointer(*tp, t); 198 spin_unlock_bh(&ip6_tnl_lock); 199 } 200 201 /** 202 * ip6_tnl_unlink - remove tunnel from hash table 203 * @t: tunnel to be removed 204 **/ 205 206 static void 207 ip6_tnl_unlink(struct ip6_tnl_net *ip6n, struct ip6_tnl *t) 208 { 209 struct ip6_tnl **tp; 210 211 for (tp = ip6_tnl_bucket(ip6n, &t->parms); *tp; tp = &(*tp)->next) { 212 if (t == *tp) { 213 spin_lock_bh(&ip6_tnl_lock); 214 *tp = t->next; 215 spin_unlock_bh(&ip6_tnl_lock); 216 break; 217 } 218 } 219 } 220 221 /** 222 * ip6_tnl_create() - create a new tunnel 223 * @p: tunnel parameters 224 * @pt: pointer to new tunnel 225 * 226 * Description: 227 * Create tunnel matching given parameters. 228 * 229 * Return: 230 * created tunnel or NULL 231 **/ 232 233 static struct ip6_tnl *ip6_tnl_create(struct net *net, struct ip6_tnl_parm *p) 234 { 235 struct net_device *dev; 236 struct ip6_tnl *t; 237 char name[IFNAMSIZ]; 238 int err; 239 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 240 241 if (p->name[0]) 242 strlcpy(name, p->name, IFNAMSIZ); 243 else 244 sprintf(name, "ip6tnl%%d"); 245 246 dev = alloc_netdev(sizeof (*t), name, ip6_tnl_dev_setup); 247 if (dev == NULL) 248 goto failed; 249 250 dev_net_set(dev, net); 251 252 if (strchr(name, '%')) { 253 if (dev_alloc_name(dev, name) < 0) 254 goto failed_free; 255 } 256 257 t = netdev_priv(dev); 258 t->parms = *p; 259 ip6_tnl_dev_init(dev); 260 261 if ((err = register_netdevice(dev)) < 0) 262 goto failed_free; 263 264 dev_hold(dev); 265 ip6_tnl_link(ip6n, t); 266 return t; 267 268 failed_free: 269 free_netdev(dev); 270 failed: 271 return NULL; 272 } 273 274 /** 275 * ip6_tnl_locate - find or create tunnel matching given parameters 276 * @p: tunnel parameters 277 * @create: != 0 if allowed to create new tunnel if no match found 278 * 279 * Description: 280 * ip6_tnl_locate() first tries to locate an existing tunnel 281 * based on @parms. If this is unsuccessful, but @create is set a new 282 * tunnel device is created and registered for use. 283 * 284 * Return: 285 * matching tunnel or NULL 286 **/ 287 288 static struct ip6_tnl *ip6_tnl_locate(struct net *net, 289 struct ip6_tnl_parm *p, int create) 290 { 291 struct in6_addr *remote = &p->raddr; 292 struct in6_addr *local = &p->laddr; 293 struct ip6_tnl *t; 294 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 295 296 for (t = *ip6_tnl_bucket(ip6n, p); t; t = t->next) { 297 if (ipv6_addr_equal(local, &t->parms.laddr) && 298 ipv6_addr_equal(remote, &t->parms.raddr)) 299 return t; 300 } 301 if (!create) 302 return NULL; 303 return ip6_tnl_create(net, p); 304 } 305 306 /** 307 * ip6_tnl_dev_uninit - tunnel device uninitializer 308 * @dev: the device to be destroyed 309 * 310 * Description: 311 * ip6_tnl_dev_uninit() removes tunnel from its list 312 **/ 313 314 static void 315 ip6_tnl_dev_uninit(struct net_device *dev) 316 { 317 struct ip6_tnl *t = netdev_priv(dev); 318 struct net *net = dev_net(dev); 319 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 320 321 if (dev == ip6n->fb_tnl_dev) { 322 spin_lock_bh(&ip6_tnl_lock); 323 ip6n->tnls_wc[0] = NULL; 324 spin_unlock_bh(&ip6_tnl_lock); 325 } else { 326 ip6_tnl_unlink(ip6n, t); 327 } 328 ip6_tnl_dst_reset(t); 329 dev_put(dev); 330 } 331 332 /** 333 * parse_tvl_tnl_enc_lim - handle encapsulation limit option 334 * @skb: received socket buffer 335 * 336 * Return: 337 * 0 if none was found, 338 * else index to encapsulation limit 339 **/ 340 341 static __u16 342 parse_tlv_tnl_enc_lim(struct sk_buff *skb, __u8 * raw) 343 { 344 struct ipv6hdr *ipv6h = (struct ipv6hdr *) raw; 345 __u8 nexthdr = ipv6h->nexthdr; 346 __u16 off = sizeof (*ipv6h); 347 348 while (ipv6_ext_hdr(nexthdr) && nexthdr != NEXTHDR_NONE) { 349 __u16 optlen = 0; 350 struct ipv6_opt_hdr *hdr; 351 if (raw + off + sizeof (*hdr) > skb->data && 352 !pskb_may_pull(skb, raw - skb->data + off + sizeof (*hdr))) 353 break; 354 355 hdr = (struct ipv6_opt_hdr *) (raw + off); 356 if (nexthdr == NEXTHDR_FRAGMENT) { 357 struct frag_hdr *frag_hdr = (struct frag_hdr *) hdr; 358 if (frag_hdr->frag_off) 359 break; 360 optlen = 8; 361 } else if (nexthdr == NEXTHDR_AUTH) { 362 optlen = (hdr->hdrlen + 2) << 2; 363 } else { 364 optlen = ipv6_optlen(hdr); 365 } 366 if (nexthdr == NEXTHDR_DEST) { 367 __u16 i = off + 2; 368 while (1) { 369 struct ipv6_tlv_tnl_enc_lim *tel; 370 371 /* No more room for encapsulation limit */ 372 if (i + sizeof (*tel) > off + optlen) 373 break; 374 375 tel = (struct ipv6_tlv_tnl_enc_lim *) &raw[i]; 376 /* return index of option if found and valid */ 377 if (tel->type == IPV6_TLV_TNL_ENCAP_LIMIT && 378 tel->length == 1) 379 return i; 380 /* else jump to next option */ 381 if (tel->type) 382 i += tel->length + 2; 383 else 384 i++; 385 } 386 } 387 nexthdr = hdr->nexthdr; 388 off += optlen; 389 } 390 return 0; 391 } 392 393 /** 394 * ip6_tnl_err - tunnel error handler 395 * 396 * Description: 397 * ip6_tnl_err() should handle errors in the tunnel according 398 * to the specifications in RFC 2473. 399 **/ 400 401 static int 402 ip6_tnl_err(struct sk_buff *skb, __u8 ipproto, struct inet6_skb_parm *opt, 403 u8 *type, u8 *code, int *msg, __u32 *info, int offset) 404 { 405 struct ipv6hdr *ipv6h = (struct ipv6hdr *) skb->data; 406 struct ip6_tnl *t; 407 int rel_msg = 0; 408 u8 rel_type = ICMPV6_DEST_UNREACH; 409 u8 rel_code = ICMPV6_ADDR_UNREACH; 410 __u32 rel_info = 0; 411 __u16 len; 412 int err = -ENOENT; 413 414 /* If the packet doesn't contain the original IPv6 header we are 415 in trouble since we might need the source address for further 416 processing of the error. */ 417 418 rcu_read_lock(); 419 if ((t = ip6_tnl_lookup(dev_net(skb->dev), &ipv6h->daddr, 420 &ipv6h->saddr)) == NULL) 421 goto out; 422 423 if (t->parms.proto != ipproto && t->parms.proto != 0) 424 goto out; 425 426 err = 0; 427 428 switch (*type) { 429 __u32 teli; 430 struct ipv6_tlv_tnl_enc_lim *tel; 431 __u32 mtu; 432 case ICMPV6_DEST_UNREACH: 433 if (net_ratelimit()) 434 printk(KERN_WARNING 435 "%s: Path to destination invalid " 436 "or inactive!\n", t->parms.name); 437 rel_msg = 1; 438 break; 439 case ICMPV6_TIME_EXCEED: 440 if ((*code) == ICMPV6_EXC_HOPLIMIT) { 441 if (net_ratelimit()) 442 printk(KERN_WARNING 443 "%s: Too small hop limit or " 444 "routing loop in tunnel!\n", 445 t->parms.name); 446 rel_msg = 1; 447 } 448 break; 449 case ICMPV6_PARAMPROB: 450 teli = 0; 451 if ((*code) == ICMPV6_HDR_FIELD) 452 teli = parse_tlv_tnl_enc_lim(skb, skb->data); 453 454 if (teli && teli == *info - 2) { 455 tel = (struct ipv6_tlv_tnl_enc_lim *) &skb->data[teli]; 456 if (tel->encap_limit == 0) { 457 if (net_ratelimit()) 458 printk(KERN_WARNING 459 "%s: Too small encapsulation " 460 "limit or routing loop in " 461 "tunnel!\n", t->parms.name); 462 rel_msg = 1; 463 } 464 } else if (net_ratelimit()) { 465 printk(KERN_WARNING 466 "%s: Recipient unable to parse tunneled " 467 "packet!\n ", t->parms.name); 468 } 469 break; 470 case ICMPV6_PKT_TOOBIG: 471 mtu = *info - offset; 472 if (mtu < IPV6_MIN_MTU) 473 mtu = IPV6_MIN_MTU; 474 t->dev->mtu = mtu; 475 476 if ((len = sizeof (*ipv6h) + ntohs(ipv6h->payload_len)) > mtu) { 477 rel_type = ICMPV6_PKT_TOOBIG; 478 rel_code = 0; 479 rel_info = mtu; 480 rel_msg = 1; 481 } 482 break; 483 } 484 485 *type = rel_type; 486 *code = rel_code; 487 *info = rel_info; 488 *msg = rel_msg; 489 490 out: 491 rcu_read_unlock(); 492 return err; 493 } 494 495 static int 496 ip4ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 497 u8 type, u8 code, int offset, __be32 info) 498 { 499 int rel_msg = 0; 500 u8 rel_type = type; 501 u8 rel_code = code; 502 __u32 rel_info = ntohl(info); 503 int err; 504 struct sk_buff *skb2; 505 struct iphdr *eiph; 506 struct flowi fl; 507 struct rtable *rt; 508 509 err = ip6_tnl_err(skb, IPPROTO_IPIP, opt, &rel_type, &rel_code, 510 &rel_msg, &rel_info, offset); 511 if (err < 0) 512 return err; 513 514 if (rel_msg == 0) 515 return 0; 516 517 switch (rel_type) { 518 case ICMPV6_DEST_UNREACH: 519 if (rel_code != ICMPV6_ADDR_UNREACH) 520 return 0; 521 rel_type = ICMP_DEST_UNREACH; 522 rel_code = ICMP_HOST_UNREACH; 523 break; 524 case ICMPV6_PKT_TOOBIG: 525 if (rel_code != 0) 526 return 0; 527 rel_type = ICMP_DEST_UNREACH; 528 rel_code = ICMP_FRAG_NEEDED; 529 break; 530 default: 531 return 0; 532 } 533 534 if (!pskb_may_pull(skb, offset + sizeof(struct iphdr))) 535 return 0; 536 537 skb2 = skb_clone(skb, GFP_ATOMIC); 538 if (!skb2) 539 return 0; 540 541 skb_dst_drop(skb2); 542 543 skb_pull(skb2, offset); 544 skb_reset_network_header(skb2); 545 eiph = ip_hdr(skb2); 546 547 /* Try to guess incoming interface */ 548 memset(&fl, 0, sizeof(fl)); 549 fl.fl4_dst = eiph->saddr; 550 fl.fl4_tos = RT_TOS(eiph->tos); 551 fl.proto = IPPROTO_IPIP; 552 if (ip_route_output_key(dev_net(skb->dev), &rt, &fl)) 553 goto out; 554 555 skb2->dev = rt->u.dst.dev; 556 557 /* route "incoming" packet */ 558 if (rt->rt_flags & RTCF_LOCAL) { 559 ip_rt_put(rt); 560 rt = NULL; 561 fl.fl4_dst = eiph->daddr; 562 fl.fl4_src = eiph->saddr; 563 fl.fl4_tos = eiph->tos; 564 if (ip_route_output_key(dev_net(skb->dev), &rt, &fl) || 565 rt->u.dst.dev->type != ARPHRD_TUNNEL) { 566 ip_rt_put(rt); 567 goto out; 568 } 569 skb_dst_set(skb2, (struct dst_entry *)rt); 570 } else { 571 ip_rt_put(rt); 572 if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, 573 skb2->dev) || 574 skb_dst(skb2)->dev->type != ARPHRD_TUNNEL) 575 goto out; 576 } 577 578 /* change mtu on this route */ 579 if (rel_type == ICMP_DEST_UNREACH && rel_code == ICMP_FRAG_NEEDED) { 580 if (rel_info > dst_mtu(skb_dst(skb2))) 581 goto out; 582 583 skb_dst(skb2)->ops->update_pmtu(skb_dst(skb2), rel_info); 584 } 585 586 icmp_send(skb2, rel_type, rel_code, htonl(rel_info)); 587 588 out: 589 kfree_skb(skb2); 590 return 0; 591 } 592 593 static int 594 ip6ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 595 u8 type, u8 code, int offset, __be32 info) 596 { 597 int rel_msg = 0; 598 u8 rel_type = type; 599 u8 rel_code = code; 600 __u32 rel_info = ntohl(info); 601 int err; 602 603 err = ip6_tnl_err(skb, IPPROTO_IPV6, opt, &rel_type, &rel_code, 604 &rel_msg, &rel_info, offset); 605 if (err < 0) 606 return err; 607 608 if (rel_msg && pskb_may_pull(skb, offset + sizeof(struct ipv6hdr))) { 609 struct rt6_info *rt; 610 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); 611 612 if (!skb2) 613 return 0; 614 615 skb_dst_drop(skb2); 616 skb_pull(skb2, offset); 617 skb_reset_network_header(skb2); 618 619 /* Try to guess incoming interface */ 620 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, 621 NULL, 0, 0); 622 623 if (rt && rt->rt6i_dev) 624 skb2->dev = rt->rt6i_dev; 625 626 icmpv6_send(skb2, rel_type, rel_code, rel_info, skb2->dev); 627 628 if (rt) 629 dst_release(&rt->u.dst); 630 631 kfree_skb(skb2); 632 } 633 634 return 0; 635 } 636 637 static void ip4ip6_dscp_ecn_decapsulate(struct ip6_tnl *t, 638 struct ipv6hdr *ipv6h, 639 struct sk_buff *skb) 640 { 641 __u8 dsfield = ipv6_get_dsfield(ipv6h) & ~INET_ECN_MASK; 642 643 if (t->parms.flags & IP6_TNL_F_RCV_DSCP_COPY) 644 ipv4_change_dsfield(ip_hdr(skb), INET_ECN_MASK, dsfield); 645 646 if (INET_ECN_is_ce(dsfield)) 647 IP_ECN_set_ce(ip_hdr(skb)); 648 } 649 650 static void ip6ip6_dscp_ecn_decapsulate(struct ip6_tnl *t, 651 struct ipv6hdr *ipv6h, 652 struct sk_buff *skb) 653 { 654 if (t->parms.flags & IP6_TNL_F_RCV_DSCP_COPY) 655 ipv6_copy_dscp(ipv6_get_dsfield(ipv6h), ipv6_hdr(skb)); 656 657 if (INET_ECN_is_ce(ipv6_get_dsfield(ipv6h))) 658 IP6_ECN_set_ce(ipv6_hdr(skb)); 659 } 660 661 /* called with rcu_read_lock() */ 662 static inline int ip6_tnl_rcv_ctl(struct ip6_tnl *t) 663 { 664 struct ip6_tnl_parm *p = &t->parms; 665 int ret = 0; 666 struct net *net = dev_net(t->dev); 667 668 if (p->flags & IP6_TNL_F_CAP_RCV) { 669 struct net_device *ldev = NULL; 670 671 if (p->link) 672 ldev = dev_get_by_index_rcu(net, p->link); 673 674 if ((ipv6_addr_is_multicast(&p->laddr) || 675 likely(ipv6_chk_addr(net, &p->laddr, ldev, 0))) && 676 likely(!ipv6_chk_addr(net, &p->raddr, NULL, 0))) 677 ret = 1; 678 679 } 680 return ret; 681 } 682 683 /** 684 * ip6_tnl_rcv - decapsulate IPv6 packet and retransmit it locally 685 * @skb: received socket buffer 686 * @protocol: ethernet protocol ID 687 * @dscp_ecn_decapsulate: the function to decapsulate DSCP code and ECN 688 * 689 * Return: 0 690 **/ 691 692 static int ip6_tnl_rcv(struct sk_buff *skb, __u16 protocol, 693 __u8 ipproto, 694 void (*dscp_ecn_decapsulate)(struct ip6_tnl *t, 695 struct ipv6hdr *ipv6h, 696 struct sk_buff *skb)) 697 { 698 struct ip6_tnl *t; 699 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 700 701 rcu_read_lock(); 702 703 if ((t = ip6_tnl_lookup(dev_net(skb->dev), &ipv6h->saddr, 704 &ipv6h->daddr)) != NULL) { 705 if (t->parms.proto != ipproto && t->parms.proto != 0) { 706 rcu_read_unlock(); 707 goto discard; 708 } 709 710 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 711 rcu_read_unlock(); 712 goto discard; 713 } 714 715 if (!ip6_tnl_rcv_ctl(t)) { 716 t->dev->stats.rx_dropped++; 717 rcu_read_unlock(); 718 goto discard; 719 } 720 secpath_reset(skb); 721 skb->mac_header = skb->network_header; 722 skb_reset_network_header(skb); 723 skb->protocol = htons(protocol); 724 skb->pkt_type = PACKET_HOST; 725 memset(skb->cb, 0, sizeof(struct inet6_skb_parm)); 726 skb->dev = t->dev; 727 skb_dst_drop(skb); 728 nf_reset(skb); 729 730 dscp_ecn_decapsulate(t, ipv6h, skb); 731 732 t->dev->stats.rx_packets++; 733 t->dev->stats.rx_bytes += skb->len; 734 netif_rx(skb); 735 rcu_read_unlock(); 736 return 0; 737 } 738 rcu_read_unlock(); 739 return 1; 740 741 discard: 742 kfree_skb(skb); 743 return 0; 744 } 745 746 static int ip4ip6_rcv(struct sk_buff *skb) 747 { 748 return ip6_tnl_rcv(skb, ETH_P_IP, IPPROTO_IPIP, 749 ip4ip6_dscp_ecn_decapsulate); 750 } 751 752 static int ip6ip6_rcv(struct sk_buff *skb) 753 { 754 return ip6_tnl_rcv(skb, ETH_P_IPV6, IPPROTO_IPV6, 755 ip6ip6_dscp_ecn_decapsulate); 756 } 757 758 struct ipv6_tel_txoption { 759 struct ipv6_txoptions ops; 760 __u8 dst_opt[8]; 761 }; 762 763 static void init_tel_txopt(struct ipv6_tel_txoption *opt, __u8 encap_limit) 764 { 765 memset(opt, 0, sizeof(struct ipv6_tel_txoption)); 766 767 opt->dst_opt[2] = IPV6_TLV_TNL_ENCAP_LIMIT; 768 opt->dst_opt[3] = 1; 769 opt->dst_opt[4] = encap_limit; 770 opt->dst_opt[5] = IPV6_TLV_PADN; 771 opt->dst_opt[6] = 1; 772 773 opt->ops.dst0opt = (struct ipv6_opt_hdr *) opt->dst_opt; 774 opt->ops.opt_nflen = 8; 775 } 776 777 /** 778 * ip6_tnl_addr_conflict - compare packet addresses to tunnel's own 779 * @t: the outgoing tunnel device 780 * @hdr: IPv6 header from the incoming packet 781 * 782 * Description: 783 * Avoid trivial tunneling loop by checking that tunnel exit-point 784 * doesn't match source of incoming packet. 785 * 786 * Return: 787 * 1 if conflict, 788 * 0 else 789 **/ 790 791 static inline int 792 ip6_tnl_addr_conflict(struct ip6_tnl *t, struct ipv6hdr *hdr) 793 { 794 return ipv6_addr_equal(&t->parms.raddr, &hdr->saddr); 795 } 796 797 static inline int ip6_tnl_xmit_ctl(struct ip6_tnl *t) 798 { 799 struct ip6_tnl_parm *p = &t->parms; 800 int ret = 0; 801 struct net *net = dev_net(t->dev); 802 803 if (p->flags & IP6_TNL_F_CAP_XMIT) { 804 struct net_device *ldev = NULL; 805 806 rcu_read_lock(); 807 if (p->link) 808 ldev = dev_get_by_index_rcu(net, p->link); 809 810 if (unlikely(!ipv6_chk_addr(net, &p->laddr, ldev, 0))) 811 printk(KERN_WARNING 812 "%s xmit: Local address not yet configured!\n", 813 p->name); 814 else if (!ipv6_addr_is_multicast(&p->raddr) && 815 unlikely(ipv6_chk_addr(net, &p->raddr, NULL, 0))) 816 printk(KERN_WARNING 817 "%s xmit: Routing loop! " 818 "Remote address found on this node!\n", 819 p->name); 820 else 821 ret = 1; 822 rcu_read_unlock(); 823 } 824 return ret; 825 } 826 /** 827 * ip6_tnl_xmit2 - encapsulate packet and send 828 * @skb: the outgoing socket buffer 829 * @dev: the outgoing tunnel device 830 * @dsfield: dscp code for outer header 831 * @fl: flow of tunneled packet 832 * @encap_limit: encapsulation limit 833 * @pmtu: Path MTU is stored if packet is too big 834 * 835 * Description: 836 * Build new header and do some sanity checks on the packet before sending 837 * it. 838 * 839 * Return: 840 * 0 on success 841 * -1 fail 842 * %-EMSGSIZE message too big. return mtu in this case. 843 **/ 844 845 static int ip6_tnl_xmit2(struct sk_buff *skb, 846 struct net_device *dev, 847 __u8 dsfield, 848 struct flowi *fl, 849 int encap_limit, 850 __u32 *pmtu) 851 { 852 struct net *net = dev_net(dev); 853 struct ip6_tnl *t = netdev_priv(dev); 854 struct net_device_stats *stats = &t->dev->stats; 855 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 856 struct ipv6_tel_txoption opt; 857 struct dst_entry *dst; 858 struct net_device *tdev; 859 int mtu; 860 unsigned int max_headroom = sizeof(struct ipv6hdr); 861 u8 proto; 862 int err = -1; 863 int pkt_len; 864 865 if ((dst = ip6_tnl_dst_check(t)) != NULL) 866 dst_hold(dst); 867 else { 868 dst = ip6_route_output(net, NULL, fl); 869 870 if (dst->error || xfrm_lookup(net, &dst, fl, NULL, 0) < 0) 871 goto tx_err_link_failure; 872 } 873 874 tdev = dst->dev; 875 876 if (tdev == dev) { 877 stats->collisions++; 878 if (net_ratelimit()) 879 printk(KERN_WARNING 880 "%s: Local routing loop detected!\n", 881 t->parms.name); 882 goto tx_err_dst_release; 883 } 884 mtu = dst_mtu(dst) - sizeof (*ipv6h); 885 if (encap_limit >= 0) { 886 max_headroom += 8; 887 mtu -= 8; 888 } 889 if (mtu < IPV6_MIN_MTU) 890 mtu = IPV6_MIN_MTU; 891 if (skb_dst(skb)) 892 skb_dst(skb)->ops->update_pmtu(skb_dst(skb), mtu); 893 if (skb->len > mtu) { 894 *pmtu = mtu; 895 err = -EMSGSIZE; 896 goto tx_err_dst_release; 897 } 898 899 /* 900 * Okay, now see if we can stuff it in the buffer as-is. 901 */ 902 max_headroom += LL_RESERVED_SPACE(tdev); 903 904 if (skb_headroom(skb) < max_headroom || skb_shared(skb) || 905 (skb_cloned(skb) && !skb_clone_writable(skb, 0))) { 906 struct sk_buff *new_skb; 907 908 if (!(new_skb = skb_realloc_headroom(skb, max_headroom))) 909 goto tx_err_dst_release; 910 911 if (skb->sk) 912 skb_set_owner_w(new_skb, skb->sk); 913 kfree_skb(skb); 914 skb = new_skb; 915 } 916 skb_dst_drop(skb); 917 skb_dst_set(skb, dst_clone(dst)); 918 919 skb->transport_header = skb->network_header; 920 921 proto = fl->proto; 922 if (encap_limit >= 0) { 923 init_tel_txopt(&opt, encap_limit); 924 ipv6_push_nfrag_opts(skb, &opt.ops, &proto, NULL); 925 } 926 skb_push(skb, sizeof(struct ipv6hdr)); 927 skb_reset_network_header(skb); 928 ipv6h = ipv6_hdr(skb); 929 *(__be32*)ipv6h = fl->fl6_flowlabel | htonl(0x60000000); 930 dsfield = INET_ECN_encapsulate(0, dsfield); 931 ipv6_change_dsfield(ipv6h, ~INET_ECN_MASK, dsfield); 932 ipv6h->hop_limit = t->parms.hop_limit; 933 ipv6h->nexthdr = proto; 934 ipv6_addr_copy(&ipv6h->saddr, &fl->fl6_src); 935 ipv6_addr_copy(&ipv6h->daddr, &fl->fl6_dst); 936 nf_reset(skb); 937 pkt_len = skb->len; 938 err = ip6_local_out(skb); 939 940 if (net_xmit_eval(err) == 0) { 941 stats->tx_bytes += pkt_len; 942 stats->tx_packets++; 943 } else { 944 stats->tx_errors++; 945 stats->tx_aborted_errors++; 946 } 947 ip6_tnl_dst_store(t, dst); 948 return 0; 949 tx_err_link_failure: 950 stats->tx_carrier_errors++; 951 dst_link_failure(skb); 952 tx_err_dst_release: 953 dst_release(dst); 954 return err; 955 } 956 957 static inline int 958 ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) 959 { 960 struct ip6_tnl *t = netdev_priv(dev); 961 struct iphdr *iph = ip_hdr(skb); 962 int encap_limit = -1; 963 struct flowi fl; 964 __u8 dsfield; 965 __u32 mtu; 966 int err; 967 968 if ((t->parms.proto != IPPROTO_IPIP && t->parms.proto != 0) || 969 !ip6_tnl_xmit_ctl(t)) 970 return -1; 971 972 if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) 973 encap_limit = t->parms.encap_limit; 974 975 memcpy(&fl, &t->fl, sizeof (fl)); 976 fl.proto = IPPROTO_IPIP; 977 978 dsfield = ipv4_get_dsfield(iph); 979 980 if ((t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)) 981 fl.fl6_flowlabel |= htonl((__u32)iph->tos << IPV6_TCLASS_SHIFT) 982 & IPV6_TCLASS_MASK; 983 984 err = ip6_tnl_xmit2(skb, dev, dsfield, &fl, encap_limit, &mtu); 985 if (err != 0) { 986 /* XXX: send ICMP error even if DF is not set. */ 987 if (err == -EMSGSIZE) 988 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, 989 htonl(mtu)); 990 return -1; 991 } 992 993 return 0; 994 } 995 996 static inline int 997 ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) 998 { 999 struct ip6_tnl *t = netdev_priv(dev); 1000 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 1001 int encap_limit = -1; 1002 __u16 offset; 1003 struct flowi fl; 1004 __u8 dsfield; 1005 __u32 mtu; 1006 int err; 1007 1008 if ((t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) || 1009 !ip6_tnl_xmit_ctl(t) || ip6_tnl_addr_conflict(t, ipv6h)) 1010 return -1; 1011 1012 offset = parse_tlv_tnl_enc_lim(skb, skb_network_header(skb)); 1013 if (offset > 0) { 1014 struct ipv6_tlv_tnl_enc_lim *tel; 1015 tel = (struct ipv6_tlv_tnl_enc_lim *)&skb_network_header(skb)[offset]; 1016 if (tel->encap_limit == 0) { 1017 icmpv6_send(skb, ICMPV6_PARAMPROB, 1018 ICMPV6_HDR_FIELD, offset + 2, skb->dev); 1019 return -1; 1020 } 1021 encap_limit = tel->encap_limit - 1; 1022 } else if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) 1023 encap_limit = t->parms.encap_limit; 1024 1025 memcpy(&fl, &t->fl, sizeof (fl)); 1026 fl.proto = IPPROTO_IPV6; 1027 1028 dsfield = ipv6_get_dsfield(ipv6h); 1029 if ((t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)) 1030 fl.fl6_flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK); 1031 if ((t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)) 1032 fl.fl6_flowlabel |= (*(__be32 *) ipv6h & IPV6_FLOWLABEL_MASK); 1033 1034 err = ip6_tnl_xmit2(skb, dev, dsfield, &fl, encap_limit, &mtu); 1035 if (err != 0) { 1036 if (err == -EMSGSIZE) 1037 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, dev); 1038 return -1; 1039 } 1040 1041 return 0; 1042 } 1043 1044 static netdev_tx_t 1045 ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) 1046 { 1047 struct ip6_tnl *t = netdev_priv(dev); 1048 struct net_device_stats *stats = &t->dev->stats; 1049 int ret; 1050 1051 switch (skb->protocol) { 1052 case htons(ETH_P_IP): 1053 ret = ip4ip6_tnl_xmit(skb, dev); 1054 break; 1055 case htons(ETH_P_IPV6): 1056 ret = ip6ip6_tnl_xmit(skb, dev); 1057 break; 1058 default: 1059 goto tx_err; 1060 } 1061 1062 if (ret < 0) 1063 goto tx_err; 1064 1065 return NETDEV_TX_OK; 1066 1067 tx_err: 1068 stats->tx_errors++; 1069 stats->tx_dropped++; 1070 kfree_skb(skb); 1071 return NETDEV_TX_OK; 1072 } 1073 1074 static void ip6_tnl_set_cap(struct ip6_tnl *t) 1075 { 1076 struct ip6_tnl_parm *p = &t->parms; 1077 int ltype = ipv6_addr_type(&p->laddr); 1078 int rtype = ipv6_addr_type(&p->raddr); 1079 1080 p->flags &= ~(IP6_TNL_F_CAP_XMIT|IP6_TNL_F_CAP_RCV); 1081 1082 if (ltype & (IPV6_ADDR_UNICAST|IPV6_ADDR_MULTICAST) && 1083 rtype & (IPV6_ADDR_UNICAST|IPV6_ADDR_MULTICAST) && 1084 !((ltype|rtype) & IPV6_ADDR_LOOPBACK) && 1085 (!((ltype|rtype) & IPV6_ADDR_LINKLOCAL) || p->link)) { 1086 if (ltype&IPV6_ADDR_UNICAST) 1087 p->flags |= IP6_TNL_F_CAP_XMIT; 1088 if (rtype&IPV6_ADDR_UNICAST) 1089 p->flags |= IP6_TNL_F_CAP_RCV; 1090 } 1091 } 1092 1093 static void ip6_tnl_link_config(struct ip6_tnl *t) 1094 { 1095 struct net_device *dev = t->dev; 1096 struct ip6_tnl_parm *p = &t->parms; 1097 struct flowi *fl = &t->fl; 1098 1099 memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr)); 1100 memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr)); 1101 1102 /* Set up flowi template */ 1103 ipv6_addr_copy(&fl->fl6_src, &p->laddr); 1104 ipv6_addr_copy(&fl->fl6_dst, &p->raddr); 1105 fl->oif = p->link; 1106 fl->fl6_flowlabel = 0; 1107 1108 if (!(p->flags&IP6_TNL_F_USE_ORIG_TCLASS)) 1109 fl->fl6_flowlabel |= IPV6_TCLASS_MASK & p->flowinfo; 1110 if (!(p->flags&IP6_TNL_F_USE_ORIG_FLOWLABEL)) 1111 fl->fl6_flowlabel |= IPV6_FLOWLABEL_MASK & p->flowinfo; 1112 1113 ip6_tnl_set_cap(t); 1114 1115 if (p->flags&IP6_TNL_F_CAP_XMIT && p->flags&IP6_TNL_F_CAP_RCV) 1116 dev->flags |= IFF_POINTOPOINT; 1117 else 1118 dev->flags &= ~IFF_POINTOPOINT; 1119 1120 dev->iflink = p->link; 1121 1122 if (p->flags & IP6_TNL_F_CAP_XMIT) { 1123 int strict = (ipv6_addr_type(&p->raddr) & 1124 (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL)); 1125 1126 struct rt6_info *rt = rt6_lookup(dev_net(dev), 1127 &p->raddr, &p->laddr, 1128 p->link, strict); 1129 1130 if (rt == NULL) 1131 return; 1132 1133 if (rt->rt6i_dev) { 1134 dev->hard_header_len = rt->rt6i_dev->hard_header_len + 1135 sizeof (struct ipv6hdr); 1136 1137 dev->mtu = rt->rt6i_dev->mtu - sizeof (struct ipv6hdr); 1138 1139 if (dev->mtu < IPV6_MIN_MTU) 1140 dev->mtu = IPV6_MIN_MTU; 1141 } 1142 dst_release(&rt->u.dst); 1143 } 1144 } 1145 1146 /** 1147 * ip6_tnl_change - update the tunnel parameters 1148 * @t: tunnel to be changed 1149 * @p: tunnel configuration parameters 1150 * 1151 * Description: 1152 * ip6_tnl_change() updates the tunnel parameters 1153 **/ 1154 1155 static int 1156 ip6_tnl_change(struct ip6_tnl *t, struct ip6_tnl_parm *p) 1157 { 1158 ipv6_addr_copy(&t->parms.laddr, &p->laddr); 1159 ipv6_addr_copy(&t->parms.raddr, &p->raddr); 1160 t->parms.flags = p->flags; 1161 t->parms.hop_limit = p->hop_limit; 1162 t->parms.encap_limit = p->encap_limit; 1163 t->parms.flowinfo = p->flowinfo; 1164 t->parms.link = p->link; 1165 t->parms.proto = p->proto; 1166 ip6_tnl_dst_reset(t); 1167 ip6_tnl_link_config(t); 1168 return 0; 1169 } 1170 1171 /** 1172 * ip6_tnl_ioctl - configure ipv6 tunnels from userspace 1173 * @dev: virtual device associated with tunnel 1174 * @ifr: parameters passed from userspace 1175 * @cmd: command to be performed 1176 * 1177 * Description: 1178 * ip6_tnl_ioctl() is used for managing IPv6 tunnels 1179 * from userspace. 1180 * 1181 * The possible commands are the following: 1182 * %SIOCGETTUNNEL: get tunnel parameters for device 1183 * %SIOCADDTUNNEL: add tunnel matching given tunnel parameters 1184 * %SIOCCHGTUNNEL: change tunnel parameters to those given 1185 * %SIOCDELTUNNEL: delete tunnel 1186 * 1187 * The fallback device "ip6tnl0", created during module 1188 * initialization, can be used for creating other tunnel devices. 1189 * 1190 * Return: 1191 * 0 on success, 1192 * %-EFAULT if unable to copy data to or from userspace, 1193 * %-EPERM if current process hasn't %CAP_NET_ADMIN set 1194 * %-EINVAL if passed tunnel parameters are invalid, 1195 * %-EEXIST if changing a tunnel's parameters would cause a conflict 1196 * %-ENODEV if attempting to change or delete a nonexisting device 1197 **/ 1198 1199 static int 1200 ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) 1201 { 1202 int err = 0; 1203 struct ip6_tnl_parm p; 1204 struct ip6_tnl *t = NULL; 1205 struct net *net = dev_net(dev); 1206 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1207 1208 switch (cmd) { 1209 case SIOCGETTUNNEL: 1210 if (dev == ip6n->fb_tnl_dev) { 1211 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p))) { 1212 err = -EFAULT; 1213 break; 1214 } 1215 t = ip6_tnl_locate(net, &p, 0); 1216 } 1217 if (t == NULL) 1218 t = netdev_priv(dev); 1219 memcpy(&p, &t->parms, sizeof (p)); 1220 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof (p))) { 1221 err = -EFAULT; 1222 } 1223 break; 1224 case SIOCADDTUNNEL: 1225 case SIOCCHGTUNNEL: 1226 err = -EPERM; 1227 if (!capable(CAP_NET_ADMIN)) 1228 break; 1229 err = -EFAULT; 1230 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p))) 1231 break; 1232 err = -EINVAL; 1233 if (p.proto != IPPROTO_IPV6 && p.proto != IPPROTO_IPIP && 1234 p.proto != 0) 1235 break; 1236 t = ip6_tnl_locate(net, &p, cmd == SIOCADDTUNNEL); 1237 if (dev != ip6n->fb_tnl_dev && cmd == SIOCCHGTUNNEL) { 1238 if (t != NULL) { 1239 if (t->dev != dev) { 1240 err = -EEXIST; 1241 break; 1242 } 1243 } else 1244 t = netdev_priv(dev); 1245 1246 ip6_tnl_unlink(ip6n, t); 1247 err = ip6_tnl_change(t, &p); 1248 ip6_tnl_link(ip6n, t); 1249 netdev_state_change(dev); 1250 } 1251 if (t) { 1252 err = 0; 1253 if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof (p))) 1254 err = -EFAULT; 1255 1256 } else 1257 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT); 1258 break; 1259 case SIOCDELTUNNEL: 1260 err = -EPERM; 1261 if (!capable(CAP_NET_ADMIN)) 1262 break; 1263 1264 if (dev == ip6n->fb_tnl_dev) { 1265 err = -EFAULT; 1266 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p))) 1267 break; 1268 err = -ENOENT; 1269 if ((t = ip6_tnl_locate(net, &p, 0)) == NULL) 1270 break; 1271 err = -EPERM; 1272 if (t->dev == ip6n->fb_tnl_dev) 1273 break; 1274 dev = t->dev; 1275 } 1276 err = 0; 1277 unregister_netdevice(dev); 1278 break; 1279 default: 1280 err = -EINVAL; 1281 } 1282 return err; 1283 } 1284 1285 /** 1286 * ip6_tnl_change_mtu - change mtu manually for tunnel device 1287 * @dev: virtual device associated with tunnel 1288 * @new_mtu: the new mtu 1289 * 1290 * Return: 1291 * 0 on success, 1292 * %-EINVAL if mtu too small 1293 **/ 1294 1295 static int 1296 ip6_tnl_change_mtu(struct net_device *dev, int new_mtu) 1297 { 1298 if (new_mtu < IPV6_MIN_MTU) { 1299 return -EINVAL; 1300 } 1301 dev->mtu = new_mtu; 1302 return 0; 1303 } 1304 1305 1306 static const struct net_device_ops ip6_tnl_netdev_ops = { 1307 .ndo_uninit = ip6_tnl_dev_uninit, 1308 .ndo_start_xmit = ip6_tnl_xmit, 1309 .ndo_do_ioctl = ip6_tnl_ioctl, 1310 .ndo_change_mtu = ip6_tnl_change_mtu, 1311 }; 1312 1313 /** 1314 * ip6_tnl_dev_setup - setup virtual tunnel device 1315 * @dev: virtual device associated with tunnel 1316 * 1317 * Description: 1318 * Initialize function pointers and device parameters 1319 **/ 1320 1321 static void ip6_tnl_dev_setup(struct net_device *dev) 1322 { 1323 dev->netdev_ops = &ip6_tnl_netdev_ops; 1324 dev->destructor = free_netdev; 1325 1326 dev->type = ARPHRD_TUNNEL6; 1327 dev->hard_header_len = LL_MAX_HEADER + sizeof (struct ipv6hdr); 1328 dev->mtu = ETH_DATA_LEN - sizeof (struct ipv6hdr); 1329 dev->flags |= IFF_NOARP; 1330 dev->addr_len = sizeof(struct in6_addr); 1331 dev->features |= NETIF_F_NETNS_LOCAL; 1332 } 1333 1334 1335 /** 1336 * ip6_tnl_dev_init_gen - general initializer for all tunnel devices 1337 * @dev: virtual device associated with tunnel 1338 **/ 1339 1340 static inline void 1341 ip6_tnl_dev_init_gen(struct net_device *dev) 1342 { 1343 struct ip6_tnl *t = netdev_priv(dev); 1344 t->dev = dev; 1345 strcpy(t->parms.name, dev->name); 1346 } 1347 1348 /** 1349 * ip6_tnl_dev_init - initializer for all non fallback tunnel devices 1350 * @dev: virtual device associated with tunnel 1351 **/ 1352 1353 static void ip6_tnl_dev_init(struct net_device *dev) 1354 { 1355 struct ip6_tnl *t = netdev_priv(dev); 1356 ip6_tnl_dev_init_gen(dev); 1357 ip6_tnl_link_config(t); 1358 } 1359 1360 /** 1361 * ip6_fb_tnl_dev_init - initializer for fallback tunnel device 1362 * @dev: fallback device 1363 * 1364 * Return: 0 1365 **/ 1366 1367 static void ip6_fb_tnl_dev_init(struct net_device *dev) 1368 { 1369 struct ip6_tnl *t = netdev_priv(dev); 1370 struct net *net = dev_net(dev); 1371 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1372 1373 ip6_tnl_dev_init_gen(dev); 1374 t->parms.proto = IPPROTO_IPV6; 1375 dev_hold(dev); 1376 ip6n->tnls_wc[0] = t; 1377 } 1378 1379 static struct xfrm6_tunnel ip4ip6_handler = { 1380 .handler = ip4ip6_rcv, 1381 .err_handler = ip4ip6_err, 1382 .priority = 1, 1383 }; 1384 1385 static struct xfrm6_tunnel ip6ip6_handler = { 1386 .handler = ip6ip6_rcv, 1387 .err_handler = ip6ip6_err, 1388 .priority = 1, 1389 }; 1390 1391 static void ip6_tnl_destroy_tunnels(struct ip6_tnl_net *ip6n) 1392 { 1393 int h; 1394 struct ip6_tnl *t; 1395 LIST_HEAD(list); 1396 1397 for (h = 0; h < HASH_SIZE; h++) { 1398 t = ip6n->tnls_r_l[h]; 1399 while (t != NULL) { 1400 unregister_netdevice_queue(t->dev, &list); 1401 t = t->next; 1402 } 1403 } 1404 1405 t = ip6n->tnls_wc[0]; 1406 unregister_netdevice_queue(t->dev, &list); 1407 unregister_netdevice_many(&list); 1408 } 1409 1410 static int ip6_tnl_init_net(struct net *net) 1411 { 1412 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1413 int err; 1414 1415 ip6n->tnls[0] = ip6n->tnls_wc; 1416 ip6n->tnls[1] = ip6n->tnls_r_l; 1417 1418 err = -ENOMEM; 1419 ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6tnl0", 1420 ip6_tnl_dev_setup); 1421 1422 if (!ip6n->fb_tnl_dev) 1423 goto err_alloc_dev; 1424 dev_net_set(ip6n->fb_tnl_dev, net); 1425 1426 ip6_fb_tnl_dev_init(ip6n->fb_tnl_dev); 1427 1428 err = register_netdev(ip6n->fb_tnl_dev); 1429 if (err < 0) 1430 goto err_register; 1431 return 0; 1432 1433 err_register: 1434 free_netdev(ip6n->fb_tnl_dev); 1435 err_alloc_dev: 1436 return err; 1437 } 1438 1439 static void ip6_tnl_exit_net(struct net *net) 1440 { 1441 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1442 1443 rtnl_lock(); 1444 ip6_tnl_destroy_tunnels(ip6n); 1445 rtnl_unlock(); 1446 } 1447 1448 static struct pernet_operations ip6_tnl_net_ops = { 1449 .init = ip6_tnl_init_net, 1450 .exit = ip6_tnl_exit_net, 1451 .id = &ip6_tnl_net_id, 1452 .size = sizeof(struct ip6_tnl_net), 1453 }; 1454 1455 /** 1456 * ip6_tunnel_init - register protocol and reserve needed resources 1457 * 1458 * Return: 0 on success 1459 **/ 1460 1461 static int __init ip6_tunnel_init(void) 1462 { 1463 int err; 1464 1465 if (xfrm6_tunnel_register(&ip4ip6_handler, AF_INET)) { 1466 printk(KERN_ERR "ip6_tunnel init: can't register ip4ip6\n"); 1467 err = -EAGAIN; 1468 goto out; 1469 } 1470 1471 if (xfrm6_tunnel_register(&ip6ip6_handler, AF_INET6)) { 1472 printk(KERN_ERR "ip6_tunnel init: can't register ip6ip6\n"); 1473 err = -EAGAIN; 1474 goto unreg_ip4ip6; 1475 } 1476 1477 err = register_pernet_device(&ip6_tnl_net_ops); 1478 if (err < 0) 1479 goto err_pernet; 1480 return 0; 1481 err_pernet: 1482 xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6); 1483 unreg_ip4ip6: 1484 xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET); 1485 out: 1486 return err; 1487 } 1488 1489 /** 1490 * ip6_tunnel_cleanup - free resources and unregister protocol 1491 **/ 1492 1493 static void __exit ip6_tunnel_cleanup(void) 1494 { 1495 if (xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET)) 1496 printk(KERN_INFO "ip6_tunnel close: can't deregister ip4ip6\n"); 1497 1498 if (xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6)) 1499 printk(KERN_INFO "ip6_tunnel close: can't deregister ip6ip6\n"); 1500 1501 unregister_pernet_device(&ip6_tnl_net_ops); 1502 } 1503 1504 module_init(ip6_tunnel_init); 1505 module_exit(ip6_tunnel_cleanup); 1506