1 /* 2 * IPv6 tunneling device 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Ville Nuorvala <vnuorval@tcs.hut.fi> 7 * Yasuyuki Kozakai <kozakai@linux-ipv6.org> 8 * 9 * Based on: 10 * linux/net/ipv6/sit.c and linux/net/ipv4/ipip.c 11 * 12 * RFC 2473 13 * 14 * This program is free software; you can redistribute it and/or 15 * modify it under the terms of the GNU General Public License 16 * as published by the Free Software Foundation; either version 17 * 2 of the License, or (at your option) any later version. 18 * 19 */ 20 21 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 22 23 #include <linux/module.h> 24 #include <linux/capability.h> 25 #include <linux/errno.h> 26 #include <linux/types.h> 27 #include <linux/sockios.h> 28 #include <linux/icmp.h> 29 #include <linux/if.h> 30 #include <linux/in.h> 31 #include <linux/ip.h> 32 #include <linux/net.h> 33 #include <linux/in6.h> 34 #include <linux/netdevice.h> 35 #include <linux/if_arp.h> 36 #include <linux/icmpv6.h> 37 #include <linux/init.h> 38 #include <linux/route.h> 39 #include <linux/rtnetlink.h> 40 #include <linux/netfilter_ipv6.h> 41 #include <linux/slab.h> 42 #include <linux/hash.h> 43 #include <linux/etherdevice.h> 44 45 #include <asm/uaccess.h> 46 #include <linux/atomic.h> 47 48 #include <net/icmp.h> 49 #include <net/ip.h> 50 #include <net/ip_tunnels.h> 51 #include <net/ipv6.h> 52 #include <net/ip6_route.h> 53 #include <net/addrconf.h> 54 #include <net/ip6_tunnel.h> 55 #include <net/xfrm.h> 56 #include <net/dsfield.h> 57 #include <net/inet_ecn.h> 58 #include <net/net_namespace.h> 59 #include <net/netns/generic.h> 60 61 MODULE_AUTHOR("Ville Nuorvala"); 62 MODULE_DESCRIPTION("IPv6 tunneling device"); 63 MODULE_LICENSE("GPL"); 64 MODULE_ALIAS_NETDEV("ip6tnl0"); 65 66 #ifdef IP6_TNL_DEBUG 67 #define IP6_TNL_TRACE(x...) pr_debug("%s:" x "\n", __func__) 68 #else 69 #define IP6_TNL_TRACE(x...) do {;} while(0) 70 #endif 71 72 #define HASH_SIZE_SHIFT 5 73 #define HASH_SIZE (1 << HASH_SIZE_SHIFT) 74 75 static bool log_ecn_error = true; 76 module_param(log_ecn_error, bool, 0644); 77 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN"); 78 79 static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) 80 { 81 u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2); 82 83 return hash_32(hash, HASH_SIZE_SHIFT); 84 } 85 86 static int ip6_tnl_dev_init(struct net_device *dev); 87 static void ip6_tnl_dev_setup(struct net_device *dev); 88 static struct rtnl_link_ops ip6_link_ops __read_mostly; 89 90 static int ip6_tnl_net_id __read_mostly; 91 struct ip6_tnl_net { 92 /* the IPv6 tunnel fallback device */ 93 struct net_device *fb_tnl_dev; 94 /* lists for storing tunnels in use */ 95 struct ip6_tnl __rcu *tnls_r_l[HASH_SIZE]; 96 struct ip6_tnl __rcu *tnls_wc[1]; 97 struct ip6_tnl __rcu **tnls[2]; 98 }; 99 100 static struct net_device_stats *ip6_get_stats(struct net_device *dev) 101 { 102 struct pcpu_sw_netstats tmp, sum = { 0 }; 103 int i; 104 105 for_each_possible_cpu(i) { 106 unsigned int start; 107 const struct pcpu_sw_netstats *tstats = 108 per_cpu_ptr(dev->tstats, i); 109 110 do { 111 start = u64_stats_fetch_begin_irq(&tstats->syncp); 112 tmp.rx_packets = tstats->rx_packets; 113 tmp.rx_bytes = tstats->rx_bytes; 114 tmp.tx_packets = tstats->tx_packets; 115 tmp.tx_bytes = tstats->tx_bytes; 116 } while (u64_stats_fetch_retry_irq(&tstats->syncp, start)); 117 118 sum.rx_packets += tmp.rx_packets; 119 sum.rx_bytes += tmp.rx_bytes; 120 sum.tx_packets += tmp.tx_packets; 121 sum.tx_bytes += tmp.tx_bytes; 122 } 123 dev->stats.rx_packets = sum.rx_packets; 124 dev->stats.rx_bytes = sum.rx_bytes; 125 dev->stats.tx_packets = sum.tx_packets; 126 dev->stats.tx_bytes = sum.tx_bytes; 127 return &dev->stats; 128 } 129 130 /* 131 * Locking : hash tables are protected by RCU and RTNL 132 */ 133 134 struct dst_entry *ip6_tnl_dst_check(struct ip6_tnl *t) 135 { 136 struct dst_entry *dst = t->dst_cache; 137 138 if (dst && dst->obsolete && 139 dst->ops->check(dst, t->dst_cookie) == NULL) { 140 t->dst_cache = NULL; 141 dst_release(dst); 142 return NULL; 143 } 144 145 return dst; 146 } 147 EXPORT_SYMBOL_GPL(ip6_tnl_dst_check); 148 149 void ip6_tnl_dst_reset(struct ip6_tnl *t) 150 { 151 dst_release(t->dst_cache); 152 t->dst_cache = NULL; 153 } 154 EXPORT_SYMBOL_GPL(ip6_tnl_dst_reset); 155 156 void ip6_tnl_dst_store(struct ip6_tnl *t, struct dst_entry *dst) 157 { 158 struct rt6_info *rt = (struct rt6_info *) dst; 159 t->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0; 160 dst_release(t->dst_cache); 161 t->dst_cache = dst; 162 } 163 EXPORT_SYMBOL_GPL(ip6_tnl_dst_store); 164 165 /** 166 * ip6_tnl_lookup - fetch tunnel matching the end-point addresses 167 * @remote: the address of the tunnel exit-point 168 * @local: the address of the tunnel entry-point 169 * 170 * Return: 171 * tunnel matching given end-points if found, 172 * else fallback tunnel if its device is up, 173 * else %NULL 174 **/ 175 176 #define for_each_ip6_tunnel_rcu(start) \ 177 for (t = rcu_dereference(start); t; t = rcu_dereference(t->next)) 178 179 static struct ip6_tnl * 180 ip6_tnl_lookup(struct net *net, const struct in6_addr *remote, const struct in6_addr *local) 181 { 182 unsigned int hash = HASH(remote, local); 183 struct ip6_tnl *t; 184 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 185 186 for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) { 187 if (ipv6_addr_equal(local, &t->parms.laddr) && 188 ipv6_addr_equal(remote, &t->parms.raddr) && 189 (t->dev->flags & IFF_UP)) 190 return t; 191 } 192 t = rcu_dereference(ip6n->tnls_wc[0]); 193 if (t && (t->dev->flags & IFF_UP)) 194 return t; 195 196 return NULL; 197 } 198 199 /** 200 * ip6_tnl_bucket - get head of list matching given tunnel parameters 201 * @p: parameters containing tunnel end-points 202 * 203 * Description: 204 * ip6_tnl_bucket() returns the head of the list matching the 205 * &struct in6_addr entries laddr and raddr in @p. 206 * 207 * Return: head of IPv6 tunnel list 208 **/ 209 210 static struct ip6_tnl __rcu ** 211 ip6_tnl_bucket(struct ip6_tnl_net *ip6n, const struct __ip6_tnl_parm *p) 212 { 213 const struct in6_addr *remote = &p->raddr; 214 const struct in6_addr *local = &p->laddr; 215 unsigned int h = 0; 216 int prio = 0; 217 218 if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) { 219 prio = 1; 220 h = HASH(remote, local); 221 } 222 return &ip6n->tnls[prio][h]; 223 } 224 225 /** 226 * ip6_tnl_link - add tunnel to hash table 227 * @t: tunnel to be added 228 **/ 229 230 static void 231 ip6_tnl_link(struct ip6_tnl_net *ip6n, struct ip6_tnl *t) 232 { 233 struct ip6_tnl __rcu **tp = ip6_tnl_bucket(ip6n, &t->parms); 234 235 rcu_assign_pointer(t->next , rtnl_dereference(*tp)); 236 rcu_assign_pointer(*tp, t); 237 } 238 239 /** 240 * ip6_tnl_unlink - remove tunnel from hash table 241 * @t: tunnel to be removed 242 **/ 243 244 static void 245 ip6_tnl_unlink(struct ip6_tnl_net *ip6n, struct ip6_tnl *t) 246 { 247 struct ip6_tnl __rcu **tp; 248 struct ip6_tnl *iter; 249 250 for (tp = ip6_tnl_bucket(ip6n, &t->parms); 251 (iter = rtnl_dereference(*tp)) != NULL; 252 tp = &iter->next) { 253 if (t == iter) { 254 rcu_assign_pointer(*tp, t->next); 255 break; 256 } 257 } 258 } 259 260 static void ip6_dev_free(struct net_device *dev) 261 { 262 free_percpu(dev->tstats); 263 free_netdev(dev); 264 } 265 266 static int ip6_tnl_create2(struct net_device *dev) 267 { 268 struct ip6_tnl *t = netdev_priv(dev); 269 struct net *net = dev_net(dev); 270 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 271 int err; 272 273 t = netdev_priv(dev); 274 err = ip6_tnl_dev_init(dev); 275 if (err < 0) 276 goto out; 277 278 err = register_netdevice(dev); 279 if (err < 0) 280 goto out; 281 282 strcpy(t->parms.name, dev->name); 283 dev->rtnl_link_ops = &ip6_link_ops; 284 285 dev_hold(dev); 286 ip6_tnl_link(ip6n, t); 287 return 0; 288 289 out: 290 return err; 291 } 292 293 /** 294 * ip6_tnl_create - create a new tunnel 295 * @p: tunnel parameters 296 * @pt: pointer to new tunnel 297 * 298 * Description: 299 * Create tunnel matching given parameters. 300 * 301 * Return: 302 * created tunnel or NULL 303 **/ 304 305 static struct ip6_tnl *ip6_tnl_create(struct net *net, struct __ip6_tnl_parm *p) 306 { 307 struct net_device *dev; 308 struct ip6_tnl *t; 309 char name[IFNAMSIZ]; 310 int err; 311 312 if (p->name[0]) 313 strlcpy(name, p->name, IFNAMSIZ); 314 else 315 sprintf(name, "ip6tnl%%d"); 316 317 dev = alloc_netdev(sizeof (*t), name, ip6_tnl_dev_setup); 318 if (dev == NULL) 319 goto failed; 320 321 dev_net_set(dev, net); 322 323 t = netdev_priv(dev); 324 t->parms = *p; 325 t->net = dev_net(dev); 326 err = ip6_tnl_create2(dev); 327 if (err < 0) 328 goto failed_free; 329 330 return t; 331 332 failed_free: 333 ip6_dev_free(dev); 334 failed: 335 return NULL; 336 } 337 338 /** 339 * ip6_tnl_locate - find or create tunnel matching given parameters 340 * @p: tunnel parameters 341 * @create: != 0 if allowed to create new tunnel if no match found 342 * 343 * Description: 344 * ip6_tnl_locate() first tries to locate an existing tunnel 345 * based on @parms. If this is unsuccessful, but @create is set a new 346 * tunnel device is created and registered for use. 347 * 348 * Return: 349 * matching tunnel or NULL 350 **/ 351 352 static struct ip6_tnl *ip6_tnl_locate(struct net *net, 353 struct __ip6_tnl_parm *p, int create) 354 { 355 const struct in6_addr *remote = &p->raddr; 356 const struct in6_addr *local = &p->laddr; 357 struct ip6_tnl __rcu **tp; 358 struct ip6_tnl *t; 359 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 360 361 for (tp = ip6_tnl_bucket(ip6n, p); 362 (t = rtnl_dereference(*tp)) != NULL; 363 tp = &t->next) { 364 if (ipv6_addr_equal(local, &t->parms.laddr) && 365 ipv6_addr_equal(remote, &t->parms.raddr)) 366 return t; 367 } 368 if (!create) 369 return NULL; 370 return ip6_tnl_create(net, p); 371 } 372 373 /** 374 * ip6_tnl_dev_uninit - tunnel device uninitializer 375 * @dev: the device to be destroyed 376 * 377 * Description: 378 * ip6_tnl_dev_uninit() removes tunnel from its list 379 **/ 380 381 static void 382 ip6_tnl_dev_uninit(struct net_device *dev) 383 { 384 struct ip6_tnl *t = netdev_priv(dev); 385 struct net *net = t->net; 386 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 387 388 if (dev == ip6n->fb_tnl_dev) 389 RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL); 390 else 391 ip6_tnl_unlink(ip6n, t); 392 ip6_tnl_dst_reset(t); 393 dev_put(dev); 394 } 395 396 /** 397 * parse_tvl_tnl_enc_lim - handle encapsulation limit option 398 * @skb: received socket buffer 399 * 400 * Return: 401 * 0 if none was found, 402 * else index to encapsulation limit 403 **/ 404 405 __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw) 406 { 407 const struct ipv6hdr *ipv6h = (const struct ipv6hdr *) raw; 408 __u8 nexthdr = ipv6h->nexthdr; 409 __u16 off = sizeof (*ipv6h); 410 411 while (ipv6_ext_hdr(nexthdr) && nexthdr != NEXTHDR_NONE) { 412 __u16 optlen = 0; 413 struct ipv6_opt_hdr *hdr; 414 if (raw + off + sizeof (*hdr) > skb->data && 415 !pskb_may_pull(skb, raw - skb->data + off + sizeof (*hdr))) 416 break; 417 418 hdr = (struct ipv6_opt_hdr *) (raw + off); 419 if (nexthdr == NEXTHDR_FRAGMENT) { 420 struct frag_hdr *frag_hdr = (struct frag_hdr *) hdr; 421 if (frag_hdr->frag_off) 422 break; 423 optlen = 8; 424 } else if (nexthdr == NEXTHDR_AUTH) { 425 optlen = (hdr->hdrlen + 2) << 2; 426 } else { 427 optlen = ipv6_optlen(hdr); 428 } 429 if (nexthdr == NEXTHDR_DEST) { 430 __u16 i = off + 2; 431 while (1) { 432 struct ipv6_tlv_tnl_enc_lim *tel; 433 434 /* No more room for encapsulation limit */ 435 if (i + sizeof (*tel) > off + optlen) 436 break; 437 438 tel = (struct ipv6_tlv_tnl_enc_lim *) &raw[i]; 439 /* return index of option if found and valid */ 440 if (tel->type == IPV6_TLV_TNL_ENCAP_LIMIT && 441 tel->length == 1) 442 return i; 443 /* else jump to next option */ 444 if (tel->type) 445 i += tel->length + 2; 446 else 447 i++; 448 } 449 } 450 nexthdr = hdr->nexthdr; 451 off += optlen; 452 } 453 return 0; 454 } 455 EXPORT_SYMBOL(ip6_tnl_parse_tlv_enc_lim); 456 457 /** 458 * ip6_tnl_err - tunnel error handler 459 * 460 * Description: 461 * ip6_tnl_err() should handle errors in the tunnel according 462 * to the specifications in RFC 2473. 463 **/ 464 465 static int 466 ip6_tnl_err(struct sk_buff *skb, __u8 ipproto, struct inet6_skb_parm *opt, 467 u8 *type, u8 *code, int *msg, __u32 *info, int offset) 468 { 469 const struct ipv6hdr *ipv6h = (const struct ipv6hdr *) skb->data; 470 struct ip6_tnl *t; 471 int rel_msg = 0; 472 u8 rel_type = ICMPV6_DEST_UNREACH; 473 u8 rel_code = ICMPV6_ADDR_UNREACH; 474 __u32 rel_info = 0; 475 __u16 len; 476 int err = -ENOENT; 477 478 /* If the packet doesn't contain the original IPv6 header we are 479 in trouble since we might need the source address for further 480 processing of the error. */ 481 482 rcu_read_lock(); 483 if ((t = ip6_tnl_lookup(dev_net(skb->dev), &ipv6h->daddr, 484 &ipv6h->saddr)) == NULL) 485 goto out; 486 487 if (t->parms.proto != ipproto && t->parms.proto != 0) 488 goto out; 489 490 err = 0; 491 492 switch (*type) { 493 __u32 teli; 494 struct ipv6_tlv_tnl_enc_lim *tel; 495 __u32 mtu; 496 case ICMPV6_DEST_UNREACH: 497 net_warn_ratelimited("%s: Path to destination invalid or inactive!\n", 498 t->parms.name); 499 rel_msg = 1; 500 break; 501 case ICMPV6_TIME_EXCEED: 502 if ((*code) == ICMPV6_EXC_HOPLIMIT) { 503 net_warn_ratelimited("%s: Too small hop limit or routing loop in tunnel!\n", 504 t->parms.name); 505 rel_msg = 1; 506 } 507 break; 508 case ICMPV6_PARAMPROB: 509 teli = 0; 510 if ((*code) == ICMPV6_HDR_FIELD) 511 teli = ip6_tnl_parse_tlv_enc_lim(skb, skb->data); 512 513 if (teli && teli == *info - 2) { 514 tel = (struct ipv6_tlv_tnl_enc_lim *) &skb->data[teli]; 515 if (tel->encap_limit == 0) { 516 net_warn_ratelimited("%s: Too small encapsulation limit or routing loop in tunnel!\n", 517 t->parms.name); 518 rel_msg = 1; 519 } 520 } else { 521 net_warn_ratelimited("%s: Recipient unable to parse tunneled packet!\n", 522 t->parms.name); 523 } 524 break; 525 case ICMPV6_PKT_TOOBIG: 526 mtu = *info - offset; 527 if (mtu < IPV6_MIN_MTU) 528 mtu = IPV6_MIN_MTU; 529 t->dev->mtu = mtu; 530 531 if ((len = sizeof (*ipv6h) + ntohs(ipv6h->payload_len)) > mtu) { 532 rel_type = ICMPV6_PKT_TOOBIG; 533 rel_code = 0; 534 rel_info = mtu; 535 rel_msg = 1; 536 } 537 break; 538 } 539 540 *type = rel_type; 541 *code = rel_code; 542 *info = rel_info; 543 *msg = rel_msg; 544 545 out: 546 rcu_read_unlock(); 547 return err; 548 } 549 550 static int 551 ip4ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 552 u8 type, u8 code, int offset, __be32 info) 553 { 554 int rel_msg = 0; 555 u8 rel_type = type; 556 u8 rel_code = code; 557 __u32 rel_info = ntohl(info); 558 int err; 559 struct sk_buff *skb2; 560 const struct iphdr *eiph; 561 struct rtable *rt; 562 struct flowi4 fl4; 563 564 err = ip6_tnl_err(skb, IPPROTO_IPIP, opt, &rel_type, &rel_code, 565 &rel_msg, &rel_info, offset); 566 if (err < 0) 567 return err; 568 569 if (rel_msg == 0) 570 return 0; 571 572 switch (rel_type) { 573 case ICMPV6_DEST_UNREACH: 574 if (rel_code != ICMPV6_ADDR_UNREACH) 575 return 0; 576 rel_type = ICMP_DEST_UNREACH; 577 rel_code = ICMP_HOST_UNREACH; 578 break; 579 case ICMPV6_PKT_TOOBIG: 580 if (rel_code != 0) 581 return 0; 582 rel_type = ICMP_DEST_UNREACH; 583 rel_code = ICMP_FRAG_NEEDED; 584 break; 585 case NDISC_REDIRECT: 586 rel_type = ICMP_REDIRECT; 587 rel_code = ICMP_REDIR_HOST; 588 default: 589 return 0; 590 } 591 592 if (!pskb_may_pull(skb, offset + sizeof(struct iphdr))) 593 return 0; 594 595 skb2 = skb_clone(skb, GFP_ATOMIC); 596 if (!skb2) 597 return 0; 598 599 skb_dst_drop(skb2); 600 601 skb_pull(skb2, offset); 602 skb_reset_network_header(skb2); 603 eiph = ip_hdr(skb2); 604 605 /* Try to guess incoming interface */ 606 rt = ip_route_output_ports(dev_net(skb->dev), &fl4, NULL, 607 eiph->saddr, 0, 608 0, 0, 609 IPPROTO_IPIP, RT_TOS(eiph->tos), 0); 610 if (IS_ERR(rt)) 611 goto out; 612 613 skb2->dev = rt->dst.dev; 614 615 /* route "incoming" packet */ 616 if (rt->rt_flags & RTCF_LOCAL) { 617 ip_rt_put(rt); 618 rt = NULL; 619 rt = ip_route_output_ports(dev_net(skb->dev), &fl4, NULL, 620 eiph->daddr, eiph->saddr, 621 0, 0, 622 IPPROTO_IPIP, 623 RT_TOS(eiph->tos), 0); 624 if (IS_ERR(rt) || 625 rt->dst.dev->type != ARPHRD_TUNNEL) { 626 if (!IS_ERR(rt)) 627 ip_rt_put(rt); 628 goto out; 629 } 630 skb_dst_set(skb2, &rt->dst); 631 } else { 632 ip_rt_put(rt); 633 if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, 634 skb2->dev) || 635 skb_dst(skb2)->dev->type != ARPHRD_TUNNEL) 636 goto out; 637 } 638 639 /* change mtu on this route */ 640 if (rel_type == ICMP_DEST_UNREACH && rel_code == ICMP_FRAG_NEEDED) { 641 if (rel_info > dst_mtu(skb_dst(skb2))) 642 goto out; 643 644 skb_dst(skb2)->ops->update_pmtu(skb_dst(skb2), NULL, skb2, rel_info); 645 } 646 if (rel_type == ICMP_REDIRECT) 647 skb_dst(skb2)->ops->redirect(skb_dst(skb2), NULL, skb2); 648 649 icmp_send(skb2, rel_type, rel_code, htonl(rel_info)); 650 651 out: 652 kfree_skb(skb2); 653 return 0; 654 } 655 656 static int 657 ip6ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 658 u8 type, u8 code, int offset, __be32 info) 659 { 660 int rel_msg = 0; 661 u8 rel_type = type; 662 u8 rel_code = code; 663 __u32 rel_info = ntohl(info); 664 int err; 665 666 err = ip6_tnl_err(skb, IPPROTO_IPV6, opt, &rel_type, &rel_code, 667 &rel_msg, &rel_info, offset); 668 if (err < 0) 669 return err; 670 671 if (rel_msg && pskb_may_pull(skb, offset + sizeof(struct ipv6hdr))) { 672 struct rt6_info *rt; 673 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); 674 675 if (!skb2) 676 return 0; 677 678 skb_dst_drop(skb2); 679 skb_pull(skb2, offset); 680 skb_reset_network_header(skb2); 681 682 /* Try to guess incoming interface */ 683 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, 684 NULL, 0, 0); 685 686 if (rt && rt->dst.dev) 687 skb2->dev = rt->dst.dev; 688 689 icmpv6_send(skb2, rel_type, rel_code, rel_info); 690 691 ip6_rt_put(rt); 692 693 kfree_skb(skb2); 694 } 695 696 return 0; 697 } 698 699 static int ip4ip6_dscp_ecn_decapsulate(const struct ip6_tnl *t, 700 const struct ipv6hdr *ipv6h, 701 struct sk_buff *skb) 702 { 703 __u8 dsfield = ipv6_get_dsfield(ipv6h) & ~INET_ECN_MASK; 704 705 if (t->parms.flags & IP6_TNL_F_RCV_DSCP_COPY) 706 ipv4_change_dsfield(ip_hdr(skb), INET_ECN_MASK, dsfield); 707 708 return IP6_ECN_decapsulate(ipv6h, skb); 709 } 710 711 static int ip6ip6_dscp_ecn_decapsulate(const struct ip6_tnl *t, 712 const struct ipv6hdr *ipv6h, 713 struct sk_buff *skb) 714 { 715 if (t->parms.flags & IP6_TNL_F_RCV_DSCP_COPY) 716 ipv6_copy_dscp(ipv6_get_dsfield(ipv6h), ipv6_hdr(skb)); 717 718 return IP6_ECN_decapsulate(ipv6h, skb); 719 } 720 721 __u32 ip6_tnl_get_cap(struct ip6_tnl *t, 722 const struct in6_addr *laddr, 723 const struct in6_addr *raddr) 724 { 725 struct __ip6_tnl_parm *p = &t->parms; 726 int ltype = ipv6_addr_type(laddr); 727 int rtype = ipv6_addr_type(raddr); 728 __u32 flags = 0; 729 730 if (ltype == IPV6_ADDR_ANY || rtype == IPV6_ADDR_ANY) { 731 flags = IP6_TNL_F_CAP_PER_PACKET; 732 } else if (ltype & (IPV6_ADDR_UNICAST|IPV6_ADDR_MULTICAST) && 733 rtype & (IPV6_ADDR_UNICAST|IPV6_ADDR_MULTICAST) && 734 !((ltype|rtype) & IPV6_ADDR_LOOPBACK) && 735 (!((ltype|rtype) & IPV6_ADDR_LINKLOCAL) || p->link)) { 736 if (ltype&IPV6_ADDR_UNICAST) 737 flags |= IP6_TNL_F_CAP_XMIT; 738 if (rtype&IPV6_ADDR_UNICAST) 739 flags |= IP6_TNL_F_CAP_RCV; 740 } 741 return flags; 742 } 743 EXPORT_SYMBOL(ip6_tnl_get_cap); 744 745 /* called with rcu_read_lock() */ 746 int ip6_tnl_rcv_ctl(struct ip6_tnl *t, 747 const struct in6_addr *laddr, 748 const struct in6_addr *raddr) 749 { 750 struct __ip6_tnl_parm *p = &t->parms; 751 int ret = 0; 752 struct net *net = t->net; 753 754 if ((p->flags & IP6_TNL_F_CAP_RCV) || 755 ((p->flags & IP6_TNL_F_CAP_PER_PACKET) && 756 (ip6_tnl_get_cap(t, laddr, raddr) & IP6_TNL_F_CAP_RCV))) { 757 struct net_device *ldev = NULL; 758 759 if (p->link) 760 ldev = dev_get_by_index_rcu(net, p->link); 761 762 if ((ipv6_addr_is_multicast(laddr) || 763 likely(ipv6_chk_addr(net, laddr, ldev, 0))) && 764 likely(!ipv6_chk_addr(net, raddr, NULL, 0))) 765 ret = 1; 766 } 767 return ret; 768 } 769 EXPORT_SYMBOL_GPL(ip6_tnl_rcv_ctl); 770 771 /** 772 * ip6_tnl_rcv - decapsulate IPv6 packet and retransmit it locally 773 * @skb: received socket buffer 774 * @protocol: ethernet protocol ID 775 * @dscp_ecn_decapsulate: the function to decapsulate DSCP code and ECN 776 * 777 * Return: 0 778 **/ 779 780 static int ip6_tnl_rcv(struct sk_buff *skb, __u16 protocol, 781 __u8 ipproto, 782 int (*dscp_ecn_decapsulate)(const struct ip6_tnl *t, 783 const struct ipv6hdr *ipv6h, 784 struct sk_buff *skb)) 785 { 786 struct ip6_tnl *t; 787 const struct ipv6hdr *ipv6h = ipv6_hdr(skb); 788 int err; 789 790 rcu_read_lock(); 791 792 if ((t = ip6_tnl_lookup(dev_net(skb->dev), &ipv6h->saddr, 793 &ipv6h->daddr)) != NULL) { 794 struct pcpu_sw_netstats *tstats; 795 796 if (t->parms.proto != ipproto && t->parms.proto != 0) { 797 rcu_read_unlock(); 798 goto discard; 799 } 800 801 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 802 rcu_read_unlock(); 803 goto discard; 804 } 805 806 if (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr)) { 807 t->dev->stats.rx_dropped++; 808 rcu_read_unlock(); 809 goto discard; 810 } 811 skb->mac_header = skb->network_header; 812 skb_reset_network_header(skb); 813 skb->protocol = htons(protocol); 814 memset(skb->cb, 0, sizeof(struct inet6_skb_parm)); 815 816 __skb_tunnel_rx(skb, t->dev, t->net); 817 818 err = dscp_ecn_decapsulate(t, ipv6h, skb); 819 if (unlikely(err)) { 820 if (log_ecn_error) 821 net_info_ratelimited("non-ECT from %pI6 with dsfield=%#x\n", 822 &ipv6h->saddr, 823 ipv6_get_dsfield(ipv6h)); 824 if (err > 1) { 825 ++t->dev->stats.rx_frame_errors; 826 ++t->dev->stats.rx_errors; 827 rcu_read_unlock(); 828 goto discard; 829 } 830 } 831 832 tstats = this_cpu_ptr(t->dev->tstats); 833 u64_stats_update_begin(&tstats->syncp); 834 tstats->rx_packets++; 835 tstats->rx_bytes += skb->len; 836 u64_stats_update_end(&tstats->syncp); 837 838 netif_rx(skb); 839 840 rcu_read_unlock(); 841 return 0; 842 } 843 rcu_read_unlock(); 844 return 1; 845 846 discard: 847 kfree_skb(skb); 848 return 0; 849 } 850 851 static int ip4ip6_rcv(struct sk_buff *skb) 852 { 853 return ip6_tnl_rcv(skb, ETH_P_IP, IPPROTO_IPIP, 854 ip4ip6_dscp_ecn_decapsulate); 855 } 856 857 static int ip6ip6_rcv(struct sk_buff *skb) 858 { 859 return ip6_tnl_rcv(skb, ETH_P_IPV6, IPPROTO_IPV6, 860 ip6ip6_dscp_ecn_decapsulate); 861 } 862 863 struct ipv6_tel_txoption { 864 struct ipv6_txoptions ops; 865 __u8 dst_opt[8]; 866 }; 867 868 static void init_tel_txopt(struct ipv6_tel_txoption *opt, __u8 encap_limit) 869 { 870 memset(opt, 0, sizeof(struct ipv6_tel_txoption)); 871 872 opt->dst_opt[2] = IPV6_TLV_TNL_ENCAP_LIMIT; 873 opt->dst_opt[3] = 1; 874 opt->dst_opt[4] = encap_limit; 875 opt->dst_opt[5] = IPV6_TLV_PADN; 876 opt->dst_opt[6] = 1; 877 878 opt->ops.dst0opt = (struct ipv6_opt_hdr *) opt->dst_opt; 879 opt->ops.opt_nflen = 8; 880 } 881 882 /** 883 * ip6_tnl_addr_conflict - compare packet addresses to tunnel's own 884 * @t: the outgoing tunnel device 885 * @hdr: IPv6 header from the incoming packet 886 * 887 * Description: 888 * Avoid trivial tunneling loop by checking that tunnel exit-point 889 * doesn't match source of incoming packet. 890 * 891 * Return: 892 * 1 if conflict, 893 * 0 else 894 **/ 895 896 static inline bool 897 ip6_tnl_addr_conflict(const struct ip6_tnl *t, const struct ipv6hdr *hdr) 898 { 899 return ipv6_addr_equal(&t->parms.raddr, &hdr->saddr); 900 } 901 902 int ip6_tnl_xmit_ctl(struct ip6_tnl *t) 903 { 904 struct __ip6_tnl_parm *p = &t->parms; 905 int ret = 0; 906 struct net *net = t->net; 907 908 if (p->flags & IP6_TNL_F_CAP_XMIT) { 909 struct net_device *ldev = NULL; 910 911 rcu_read_lock(); 912 if (p->link) 913 ldev = dev_get_by_index_rcu(net, p->link); 914 915 if (unlikely(!ipv6_chk_addr(net, &p->laddr, ldev, 0))) 916 pr_warn("%s xmit: Local address not yet configured!\n", 917 p->name); 918 else if (!ipv6_addr_is_multicast(&p->raddr) && 919 unlikely(ipv6_chk_addr(net, &p->raddr, NULL, 0))) 920 pr_warn("%s xmit: Routing loop! Remote address found on this node!\n", 921 p->name); 922 else 923 ret = 1; 924 rcu_read_unlock(); 925 } 926 return ret; 927 } 928 EXPORT_SYMBOL_GPL(ip6_tnl_xmit_ctl); 929 930 /** 931 * ip6_tnl_xmit2 - encapsulate packet and send 932 * @skb: the outgoing socket buffer 933 * @dev: the outgoing tunnel device 934 * @dsfield: dscp code for outer header 935 * @fl: flow of tunneled packet 936 * @encap_limit: encapsulation limit 937 * @pmtu: Path MTU is stored if packet is too big 938 * 939 * Description: 940 * Build new header and do some sanity checks on the packet before sending 941 * it. 942 * 943 * Return: 944 * 0 on success 945 * -1 fail 946 * %-EMSGSIZE message too big. return mtu in this case. 947 **/ 948 949 static int ip6_tnl_xmit2(struct sk_buff *skb, 950 struct net_device *dev, 951 __u8 dsfield, 952 struct flowi6 *fl6, 953 int encap_limit, 954 __u32 *pmtu) 955 { 956 struct ip6_tnl *t = netdev_priv(dev); 957 struct net *net = t->net; 958 struct net_device_stats *stats = &t->dev->stats; 959 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 960 struct ipv6_tel_txoption opt; 961 struct dst_entry *dst = NULL, *ndst = NULL; 962 struct net_device *tdev; 963 int mtu; 964 unsigned int max_headroom = sizeof(struct ipv6hdr); 965 u8 proto; 966 int err = -1; 967 968 if (!fl6->flowi6_mark) 969 dst = ip6_tnl_dst_check(t); 970 if (!dst) { 971 ndst = ip6_route_output(net, NULL, fl6); 972 973 if (ndst->error) 974 goto tx_err_link_failure; 975 ndst = xfrm_lookup(net, ndst, flowi6_to_flowi(fl6), NULL, 0); 976 if (IS_ERR(ndst)) { 977 err = PTR_ERR(ndst); 978 ndst = NULL; 979 goto tx_err_link_failure; 980 } 981 dst = ndst; 982 } 983 984 tdev = dst->dev; 985 986 if (tdev == dev) { 987 stats->collisions++; 988 net_warn_ratelimited("%s: Local routing loop detected!\n", 989 t->parms.name); 990 goto tx_err_dst_release; 991 } 992 mtu = dst_mtu(dst) - sizeof (*ipv6h); 993 if (encap_limit >= 0) { 994 max_headroom += 8; 995 mtu -= 8; 996 } 997 if (mtu < IPV6_MIN_MTU) 998 mtu = IPV6_MIN_MTU; 999 if (skb_dst(skb)) 1000 skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu); 1001 if (skb->len > mtu) { 1002 *pmtu = mtu; 1003 err = -EMSGSIZE; 1004 goto tx_err_dst_release; 1005 } 1006 1007 skb_scrub_packet(skb, !net_eq(t->net, dev_net(dev))); 1008 1009 /* 1010 * Okay, now see if we can stuff it in the buffer as-is. 1011 */ 1012 max_headroom += LL_RESERVED_SPACE(tdev); 1013 1014 if (skb_headroom(skb) < max_headroom || skb_shared(skb) || 1015 (skb_cloned(skb) && !skb_clone_writable(skb, 0))) { 1016 struct sk_buff *new_skb; 1017 1018 if (!(new_skb = skb_realloc_headroom(skb, max_headroom))) 1019 goto tx_err_dst_release; 1020 1021 if (skb->sk) 1022 skb_set_owner_w(new_skb, skb->sk); 1023 consume_skb(skb); 1024 skb = new_skb; 1025 } 1026 if (fl6->flowi6_mark) { 1027 skb_dst_set(skb, dst); 1028 ndst = NULL; 1029 } else { 1030 skb_dst_set_noref(skb, dst); 1031 } 1032 skb->transport_header = skb->network_header; 1033 1034 proto = fl6->flowi6_proto; 1035 if (encap_limit >= 0) { 1036 init_tel_txopt(&opt, encap_limit); 1037 ipv6_push_nfrag_opts(skb, &opt.ops, &proto, NULL); 1038 } 1039 1040 if (likely(!skb->encapsulation)) { 1041 skb_reset_inner_headers(skb); 1042 skb->encapsulation = 1; 1043 } 1044 1045 skb_push(skb, sizeof(struct ipv6hdr)); 1046 skb_reset_network_header(skb); 1047 ipv6h = ipv6_hdr(skb); 1048 ip6_flow_hdr(ipv6h, INET_ECN_encapsulate(0, dsfield), fl6->flowlabel); 1049 ipv6h->hop_limit = t->parms.hop_limit; 1050 ipv6h->nexthdr = proto; 1051 ipv6h->saddr = fl6->saddr; 1052 ipv6h->daddr = fl6->daddr; 1053 ip6tunnel_xmit(skb, dev); 1054 if (ndst) 1055 ip6_tnl_dst_store(t, ndst); 1056 return 0; 1057 tx_err_link_failure: 1058 stats->tx_carrier_errors++; 1059 dst_link_failure(skb); 1060 tx_err_dst_release: 1061 dst_release(ndst); 1062 return err; 1063 } 1064 1065 static inline int 1066 ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) 1067 { 1068 struct ip6_tnl *t = netdev_priv(dev); 1069 const struct iphdr *iph = ip_hdr(skb); 1070 int encap_limit = -1; 1071 struct flowi6 fl6; 1072 __u8 dsfield; 1073 __u32 mtu; 1074 int err; 1075 1076 if ((t->parms.proto != IPPROTO_IPIP && t->parms.proto != 0) || 1077 !ip6_tnl_xmit_ctl(t)) 1078 return -1; 1079 1080 if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) 1081 encap_limit = t->parms.encap_limit; 1082 1083 memcpy(&fl6, &t->fl.u.ip6, sizeof (fl6)); 1084 fl6.flowi6_proto = IPPROTO_IPIP; 1085 1086 dsfield = ipv4_get_dsfield(iph); 1087 1088 if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) 1089 fl6.flowlabel |= htonl((__u32)iph->tos << IPV6_TCLASS_SHIFT) 1090 & IPV6_TCLASS_MASK; 1091 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) 1092 fl6.flowi6_mark = skb->mark; 1093 1094 err = ip6_tnl_xmit2(skb, dev, dsfield, &fl6, encap_limit, &mtu); 1095 if (err != 0) { 1096 /* XXX: send ICMP error even if DF is not set. */ 1097 if (err == -EMSGSIZE) 1098 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, 1099 htonl(mtu)); 1100 return -1; 1101 } 1102 1103 return 0; 1104 } 1105 1106 static inline int 1107 ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) 1108 { 1109 struct ip6_tnl *t = netdev_priv(dev); 1110 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 1111 int encap_limit = -1; 1112 __u16 offset; 1113 struct flowi6 fl6; 1114 __u8 dsfield; 1115 __u32 mtu; 1116 int err; 1117 1118 if ((t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) || 1119 !ip6_tnl_xmit_ctl(t) || ip6_tnl_addr_conflict(t, ipv6h)) 1120 return -1; 1121 1122 offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb)); 1123 if (offset > 0) { 1124 struct ipv6_tlv_tnl_enc_lim *tel; 1125 tel = (struct ipv6_tlv_tnl_enc_lim *)&skb_network_header(skb)[offset]; 1126 if (tel->encap_limit == 0) { 1127 icmpv6_send(skb, ICMPV6_PARAMPROB, 1128 ICMPV6_HDR_FIELD, offset + 2); 1129 return -1; 1130 } 1131 encap_limit = tel->encap_limit - 1; 1132 } else if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) 1133 encap_limit = t->parms.encap_limit; 1134 1135 memcpy(&fl6, &t->fl.u.ip6, sizeof (fl6)); 1136 fl6.flowi6_proto = IPPROTO_IPV6; 1137 1138 dsfield = ipv6_get_dsfield(ipv6h); 1139 if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) 1140 fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK); 1141 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL) 1142 fl6.flowlabel |= ip6_flowlabel(ipv6h); 1143 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) 1144 fl6.flowi6_mark = skb->mark; 1145 1146 err = ip6_tnl_xmit2(skb, dev, dsfield, &fl6, encap_limit, &mtu); 1147 if (err != 0) { 1148 if (err == -EMSGSIZE) 1149 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 1150 return -1; 1151 } 1152 1153 return 0; 1154 } 1155 1156 static netdev_tx_t 1157 ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) 1158 { 1159 struct ip6_tnl *t = netdev_priv(dev); 1160 struct net_device_stats *stats = &t->dev->stats; 1161 int ret; 1162 1163 switch (skb->protocol) { 1164 case htons(ETH_P_IP): 1165 ret = ip4ip6_tnl_xmit(skb, dev); 1166 break; 1167 case htons(ETH_P_IPV6): 1168 ret = ip6ip6_tnl_xmit(skb, dev); 1169 break; 1170 default: 1171 goto tx_err; 1172 } 1173 1174 if (ret < 0) 1175 goto tx_err; 1176 1177 return NETDEV_TX_OK; 1178 1179 tx_err: 1180 stats->tx_errors++; 1181 stats->tx_dropped++; 1182 kfree_skb(skb); 1183 return NETDEV_TX_OK; 1184 } 1185 1186 static void ip6_tnl_link_config(struct ip6_tnl *t) 1187 { 1188 struct net_device *dev = t->dev; 1189 struct __ip6_tnl_parm *p = &t->parms; 1190 struct flowi6 *fl6 = &t->fl.u.ip6; 1191 1192 memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr)); 1193 memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr)); 1194 1195 /* Set up flowi template */ 1196 fl6->saddr = p->laddr; 1197 fl6->daddr = p->raddr; 1198 fl6->flowi6_oif = p->link; 1199 fl6->flowlabel = 0; 1200 1201 if (!(p->flags&IP6_TNL_F_USE_ORIG_TCLASS)) 1202 fl6->flowlabel |= IPV6_TCLASS_MASK & p->flowinfo; 1203 if (!(p->flags&IP6_TNL_F_USE_ORIG_FLOWLABEL)) 1204 fl6->flowlabel |= IPV6_FLOWLABEL_MASK & p->flowinfo; 1205 1206 p->flags &= ~(IP6_TNL_F_CAP_XMIT|IP6_TNL_F_CAP_RCV|IP6_TNL_F_CAP_PER_PACKET); 1207 p->flags |= ip6_tnl_get_cap(t, &p->laddr, &p->raddr); 1208 1209 if (p->flags&IP6_TNL_F_CAP_XMIT && p->flags&IP6_TNL_F_CAP_RCV) 1210 dev->flags |= IFF_POINTOPOINT; 1211 else 1212 dev->flags &= ~IFF_POINTOPOINT; 1213 1214 dev->iflink = p->link; 1215 1216 if (p->flags & IP6_TNL_F_CAP_XMIT) { 1217 int strict = (ipv6_addr_type(&p->raddr) & 1218 (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL)); 1219 1220 struct rt6_info *rt = rt6_lookup(t->net, 1221 &p->raddr, &p->laddr, 1222 p->link, strict); 1223 1224 if (rt == NULL) 1225 return; 1226 1227 if (rt->dst.dev) { 1228 dev->hard_header_len = rt->dst.dev->hard_header_len + 1229 sizeof (struct ipv6hdr); 1230 1231 dev->mtu = rt->dst.dev->mtu - sizeof (struct ipv6hdr); 1232 if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) 1233 dev->mtu-=8; 1234 1235 if (dev->mtu < IPV6_MIN_MTU) 1236 dev->mtu = IPV6_MIN_MTU; 1237 } 1238 ip6_rt_put(rt); 1239 } 1240 } 1241 1242 /** 1243 * ip6_tnl_change - update the tunnel parameters 1244 * @t: tunnel to be changed 1245 * @p: tunnel configuration parameters 1246 * 1247 * Description: 1248 * ip6_tnl_change() updates the tunnel parameters 1249 **/ 1250 1251 static int 1252 ip6_tnl_change(struct ip6_tnl *t, const struct __ip6_tnl_parm *p) 1253 { 1254 t->parms.laddr = p->laddr; 1255 t->parms.raddr = p->raddr; 1256 t->parms.flags = p->flags; 1257 t->parms.hop_limit = p->hop_limit; 1258 t->parms.encap_limit = p->encap_limit; 1259 t->parms.flowinfo = p->flowinfo; 1260 t->parms.link = p->link; 1261 t->parms.proto = p->proto; 1262 ip6_tnl_dst_reset(t); 1263 ip6_tnl_link_config(t); 1264 return 0; 1265 } 1266 1267 static int ip6_tnl_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p) 1268 { 1269 struct net *net = t->net; 1270 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1271 int err; 1272 1273 ip6_tnl_unlink(ip6n, t); 1274 synchronize_net(); 1275 err = ip6_tnl_change(t, p); 1276 ip6_tnl_link(ip6n, t); 1277 netdev_state_change(t->dev); 1278 return err; 1279 } 1280 1281 static void 1282 ip6_tnl_parm_from_user(struct __ip6_tnl_parm *p, const struct ip6_tnl_parm *u) 1283 { 1284 p->laddr = u->laddr; 1285 p->raddr = u->raddr; 1286 p->flags = u->flags; 1287 p->hop_limit = u->hop_limit; 1288 p->encap_limit = u->encap_limit; 1289 p->flowinfo = u->flowinfo; 1290 p->link = u->link; 1291 p->proto = u->proto; 1292 memcpy(p->name, u->name, sizeof(u->name)); 1293 } 1294 1295 static void 1296 ip6_tnl_parm_to_user(struct ip6_tnl_parm *u, const struct __ip6_tnl_parm *p) 1297 { 1298 u->laddr = p->laddr; 1299 u->raddr = p->raddr; 1300 u->flags = p->flags; 1301 u->hop_limit = p->hop_limit; 1302 u->encap_limit = p->encap_limit; 1303 u->flowinfo = p->flowinfo; 1304 u->link = p->link; 1305 u->proto = p->proto; 1306 memcpy(u->name, p->name, sizeof(u->name)); 1307 } 1308 1309 /** 1310 * ip6_tnl_ioctl - configure ipv6 tunnels from userspace 1311 * @dev: virtual device associated with tunnel 1312 * @ifr: parameters passed from userspace 1313 * @cmd: command to be performed 1314 * 1315 * Description: 1316 * ip6_tnl_ioctl() is used for managing IPv6 tunnels 1317 * from userspace. 1318 * 1319 * The possible commands are the following: 1320 * %SIOCGETTUNNEL: get tunnel parameters for device 1321 * %SIOCADDTUNNEL: add tunnel matching given tunnel parameters 1322 * %SIOCCHGTUNNEL: change tunnel parameters to those given 1323 * %SIOCDELTUNNEL: delete tunnel 1324 * 1325 * The fallback device "ip6tnl0", created during module 1326 * initialization, can be used for creating other tunnel devices. 1327 * 1328 * Return: 1329 * 0 on success, 1330 * %-EFAULT if unable to copy data to or from userspace, 1331 * %-EPERM if current process hasn't %CAP_NET_ADMIN set 1332 * %-EINVAL if passed tunnel parameters are invalid, 1333 * %-EEXIST if changing a tunnel's parameters would cause a conflict 1334 * %-ENODEV if attempting to change or delete a nonexisting device 1335 **/ 1336 1337 static int 1338 ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) 1339 { 1340 int err = 0; 1341 struct ip6_tnl_parm p; 1342 struct __ip6_tnl_parm p1; 1343 struct ip6_tnl *t = netdev_priv(dev); 1344 struct net *net = t->net; 1345 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1346 1347 switch (cmd) { 1348 case SIOCGETTUNNEL: 1349 if (dev == ip6n->fb_tnl_dev) { 1350 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p))) { 1351 err = -EFAULT; 1352 break; 1353 } 1354 ip6_tnl_parm_from_user(&p1, &p); 1355 t = ip6_tnl_locate(net, &p1, 0); 1356 if (t == NULL) 1357 t = netdev_priv(dev); 1358 } else { 1359 memset(&p, 0, sizeof(p)); 1360 } 1361 ip6_tnl_parm_to_user(&p, &t->parms); 1362 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof (p))) { 1363 err = -EFAULT; 1364 } 1365 break; 1366 case SIOCADDTUNNEL: 1367 case SIOCCHGTUNNEL: 1368 err = -EPERM; 1369 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1370 break; 1371 err = -EFAULT; 1372 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p))) 1373 break; 1374 err = -EINVAL; 1375 if (p.proto != IPPROTO_IPV6 && p.proto != IPPROTO_IPIP && 1376 p.proto != 0) 1377 break; 1378 ip6_tnl_parm_from_user(&p1, &p); 1379 t = ip6_tnl_locate(net, &p1, cmd == SIOCADDTUNNEL); 1380 if (dev != ip6n->fb_tnl_dev && cmd == SIOCCHGTUNNEL) { 1381 if (t != NULL) { 1382 if (t->dev != dev) { 1383 err = -EEXIST; 1384 break; 1385 } 1386 } else 1387 t = netdev_priv(dev); 1388 1389 err = ip6_tnl_update(t, &p1); 1390 } 1391 if (t) { 1392 err = 0; 1393 ip6_tnl_parm_to_user(&p, &t->parms); 1394 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) 1395 err = -EFAULT; 1396 1397 } else 1398 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT); 1399 break; 1400 case SIOCDELTUNNEL: 1401 err = -EPERM; 1402 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1403 break; 1404 1405 if (dev == ip6n->fb_tnl_dev) { 1406 err = -EFAULT; 1407 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p))) 1408 break; 1409 err = -ENOENT; 1410 ip6_tnl_parm_from_user(&p1, &p); 1411 t = ip6_tnl_locate(net, &p1, 0); 1412 if (t == NULL) 1413 break; 1414 err = -EPERM; 1415 if (t->dev == ip6n->fb_tnl_dev) 1416 break; 1417 dev = t->dev; 1418 } 1419 err = 0; 1420 unregister_netdevice(dev); 1421 break; 1422 default: 1423 err = -EINVAL; 1424 } 1425 return err; 1426 } 1427 1428 /** 1429 * ip6_tnl_change_mtu - change mtu manually for tunnel device 1430 * @dev: virtual device associated with tunnel 1431 * @new_mtu: the new mtu 1432 * 1433 * Return: 1434 * 0 on success, 1435 * %-EINVAL if mtu too small 1436 **/ 1437 1438 static int 1439 ip6_tnl_change_mtu(struct net_device *dev, int new_mtu) 1440 { 1441 struct ip6_tnl *tnl = netdev_priv(dev); 1442 1443 if (tnl->parms.proto == IPPROTO_IPIP) { 1444 if (new_mtu < 68) 1445 return -EINVAL; 1446 } else { 1447 if (new_mtu < IPV6_MIN_MTU) 1448 return -EINVAL; 1449 } 1450 if (new_mtu > 0xFFF8 - dev->hard_header_len) 1451 return -EINVAL; 1452 dev->mtu = new_mtu; 1453 return 0; 1454 } 1455 1456 1457 static const struct net_device_ops ip6_tnl_netdev_ops = { 1458 .ndo_uninit = ip6_tnl_dev_uninit, 1459 .ndo_start_xmit = ip6_tnl_xmit, 1460 .ndo_do_ioctl = ip6_tnl_ioctl, 1461 .ndo_change_mtu = ip6_tnl_change_mtu, 1462 .ndo_get_stats = ip6_get_stats, 1463 }; 1464 1465 1466 /** 1467 * ip6_tnl_dev_setup - setup virtual tunnel device 1468 * @dev: virtual device associated with tunnel 1469 * 1470 * Description: 1471 * Initialize function pointers and device parameters 1472 **/ 1473 1474 static void ip6_tnl_dev_setup(struct net_device *dev) 1475 { 1476 struct ip6_tnl *t; 1477 1478 dev->netdev_ops = &ip6_tnl_netdev_ops; 1479 dev->destructor = ip6_dev_free; 1480 1481 dev->type = ARPHRD_TUNNEL6; 1482 dev->hard_header_len = LL_MAX_HEADER + sizeof (struct ipv6hdr); 1483 dev->mtu = ETH_DATA_LEN - sizeof (struct ipv6hdr); 1484 t = netdev_priv(dev); 1485 if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) 1486 dev->mtu-=8; 1487 dev->flags |= IFF_NOARP; 1488 dev->addr_len = sizeof(struct in6_addr); 1489 dev->priv_flags &= ~IFF_XMIT_DST_RELEASE; 1490 /* This perm addr will be used as interface identifier by IPv6 */ 1491 dev->addr_assign_type = NET_ADDR_RANDOM; 1492 eth_random_addr(dev->perm_addr); 1493 } 1494 1495 1496 /** 1497 * ip6_tnl_dev_init_gen - general initializer for all tunnel devices 1498 * @dev: virtual device associated with tunnel 1499 **/ 1500 1501 static inline int 1502 ip6_tnl_dev_init_gen(struct net_device *dev) 1503 { 1504 struct ip6_tnl *t = netdev_priv(dev); 1505 1506 t->dev = dev; 1507 t->net = dev_net(dev); 1508 dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats); 1509 if (!dev->tstats) 1510 return -ENOMEM; 1511 return 0; 1512 } 1513 1514 /** 1515 * ip6_tnl_dev_init - initializer for all non fallback tunnel devices 1516 * @dev: virtual device associated with tunnel 1517 **/ 1518 1519 static int ip6_tnl_dev_init(struct net_device *dev) 1520 { 1521 struct ip6_tnl *t = netdev_priv(dev); 1522 int err = ip6_tnl_dev_init_gen(dev); 1523 1524 if (err) 1525 return err; 1526 ip6_tnl_link_config(t); 1527 return 0; 1528 } 1529 1530 /** 1531 * ip6_fb_tnl_dev_init - initializer for fallback tunnel device 1532 * @dev: fallback device 1533 * 1534 * Return: 0 1535 **/ 1536 1537 static int __net_init ip6_fb_tnl_dev_init(struct net_device *dev) 1538 { 1539 struct ip6_tnl *t = netdev_priv(dev); 1540 struct net *net = dev_net(dev); 1541 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1542 int err = ip6_tnl_dev_init_gen(dev); 1543 1544 if (err) 1545 return err; 1546 1547 t->parms.proto = IPPROTO_IPV6; 1548 dev_hold(dev); 1549 1550 ip6_tnl_link_config(t); 1551 1552 rcu_assign_pointer(ip6n->tnls_wc[0], t); 1553 return 0; 1554 } 1555 1556 static int ip6_tnl_validate(struct nlattr *tb[], struct nlattr *data[]) 1557 { 1558 u8 proto; 1559 1560 if (!data) 1561 return 0; 1562 1563 proto = nla_get_u8(data[IFLA_IPTUN_PROTO]); 1564 if (proto != IPPROTO_IPV6 && 1565 proto != IPPROTO_IPIP && 1566 proto != 0) 1567 return -EINVAL; 1568 1569 return 0; 1570 } 1571 1572 static void ip6_tnl_netlink_parms(struct nlattr *data[], 1573 struct __ip6_tnl_parm *parms) 1574 { 1575 memset(parms, 0, sizeof(*parms)); 1576 1577 if (!data) 1578 return; 1579 1580 if (data[IFLA_IPTUN_LINK]) 1581 parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]); 1582 1583 if (data[IFLA_IPTUN_LOCAL]) 1584 nla_memcpy(&parms->laddr, data[IFLA_IPTUN_LOCAL], 1585 sizeof(struct in6_addr)); 1586 1587 if (data[IFLA_IPTUN_REMOTE]) 1588 nla_memcpy(&parms->raddr, data[IFLA_IPTUN_REMOTE], 1589 sizeof(struct in6_addr)); 1590 1591 if (data[IFLA_IPTUN_TTL]) 1592 parms->hop_limit = nla_get_u8(data[IFLA_IPTUN_TTL]); 1593 1594 if (data[IFLA_IPTUN_ENCAP_LIMIT]) 1595 parms->encap_limit = nla_get_u8(data[IFLA_IPTUN_ENCAP_LIMIT]); 1596 1597 if (data[IFLA_IPTUN_FLOWINFO]) 1598 parms->flowinfo = nla_get_be32(data[IFLA_IPTUN_FLOWINFO]); 1599 1600 if (data[IFLA_IPTUN_FLAGS]) 1601 parms->flags = nla_get_u32(data[IFLA_IPTUN_FLAGS]); 1602 1603 if (data[IFLA_IPTUN_PROTO]) 1604 parms->proto = nla_get_u8(data[IFLA_IPTUN_PROTO]); 1605 } 1606 1607 static int ip6_tnl_newlink(struct net *src_net, struct net_device *dev, 1608 struct nlattr *tb[], struct nlattr *data[]) 1609 { 1610 struct net *net = dev_net(dev); 1611 struct ip6_tnl *nt; 1612 1613 nt = netdev_priv(dev); 1614 ip6_tnl_netlink_parms(data, &nt->parms); 1615 1616 if (ip6_tnl_locate(net, &nt->parms, 0)) 1617 return -EEXIST; 1618 1619 return ip6_tnl_create2(dev); 1620 } 1621 1622 static int ip6_tnl_changelink(struct net_device *dev, struct nlattr *tb[], 1623 struct nlattr *data[]) 1624 { 1625 struct ip6_tnl *t = netdev_priv(dev); 1626 struct __ip6_tnl_parm p; 1627 struct net *net = t->net; 1628 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1629 1630 if (dev == ip6n->fb_tnl_dev) 1631 return -EINVAL; 1632 1633 ip6_tnl_netlink_parms(data, &p); 1634 1635 t = ip6_tnl_locate(net, &p, 0); 1636 1637 if (t) { 1638 if (t->dev != dev) 1639 return -EEXIST; 1640 } else 1641 t = netdev_priv(dev); 1642 1643 return ip6_tnl_update(t, &p); 1644 } 1645 1646 static void ip6_tnl_dellink(struct net_device *dev, struct list_head *head) 1647 { 1648 struct net *net = dev_net(dev); 1649 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1650 1651 if (dev != ip6n->fb_tnl_dev) 1652 unregister_netdevice_queue(dev, head); 1653 } 1654 1655 static size_t ip6_tnl_get_size(const struct net_device *dev) 1656 { 1657 return 1658 /* IFLA_IPTUN_LINK */ 1659 nla_total_size(4) + 1660 /* IFLA_IPTUN_LOCAL */ 1661 nla_total_size(sizeof(struct in6_addr)) + 1662 /* IFLA_IPTUN_REMOTE */ 1663 nla_total_size(sizeof(struct in6_addr)) + 1664 /* IFLA_IPTUN_TTL */ 1665 nla_total_size(1) + 1666 /* IFLA_IPTUN_ENCAP_LIMIT */ 1667 nla_total_size(1) + 1668 /* IFLA_IPTUN_FLOWINFO */ 1669 nla_total_size(4) + 1670 /* IFLA_IPTUN_FLAGS */ 1671 nla_total_size(4) + 1672 /* IFLA_IPTUN_PROTO */ 1673 nla_total_size(1) + 1674 0; 1675 } 1676 1677 static int ip6_tnl_fill_info(struct sk_buff *skb, const struct net_device *dev) 1678 { 1679 struct ip6_tnl *tunnel = netdev_priv(dev); 1680 struct __ip6_tnl_parm *parm = &tunnel->parms; 1681 1682 if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) || 1683 nla_put(skb, IFLA_IPTUN_LOCAL, sizeof(struct in6_addr), 1684 &parm->laddr) || 1685 nla_put(skb, IFLA_IPTUN_REMOTE, sizeof(struct in6_addr), 1686 &parm->raddr) || 1687 nla_put_u8(skb, IFLA_IPTUN_TTL, parm->hop_limit) || 1688 nla_put_u8(skb, IFLA_IPTUN_ENCAP_LIMIT, parm->encap_limit) || 1689 nla_put_be32(skb, IFLA_IPTUN_FLOWINFO, parm->flowinfo) || 1690 nla_put_u32(skb, IFLA_IPTUN_FLAGS, parm->flags) || 1691 nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->proto)) 1692 goto nla_put_failure; 1693 return 0; 1694 1695 nla_put_failure: 1696 return -EMSGSIZE; 1697 } 1698 1699 static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { 1700 [IFLA_IPTUN_LINK] = { .type = NLA_U32 }, 1701 [IFLA_IPTUN_LOCAL] = { .len = sizeof(struct in6_addr) }, 1702 [IFLA_IPTUN_REMOTE] = { .len = sizeof(struct in6_addr) }, 1703 [IFLA_IPTUN_TTL] = { .type = NLA_U8 }, 1704 [IFLA_IPTUN_ENCAP_LIMIT] = { .type = NLA_U8 }, 1705 [IFLA_IPTUN_FLOWINFO] = { .type = NLA_U32 }, 1706 [IFLA_IPTUN_FLAGS] = { .type = NLA_U32 }, 1707 [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, 1708 }; 1709 1710 static struct rtnl_link_ops ip6_link_ops __read_mostly = { 1711 .kind = "ip6tnl", 1712 .maxtype = IFLA_IPTUN_MAX, 1713 .policy = ip6_tnl_policy, 1714 .priv_size = sizeof(struct ip6_tnl), 1715 .setup = ip6_tnl_dev_setup, 1716 .validate = ip6_tnl_validate, 1717 .newlink = ip6_tnl_newlink, 1718 .changelink = ip6_tnl_changelink, 1719 .dellink = ip6_tnl_dellink, 1720 .get_size = ip6_tnl_get_size, 1721 .fill_info = ip6_tnl_fill_info, 1722 }; 1723 1724 static struct xfrm6_tunnel ip4ip6_handler __read_mostly = { 1725 .handler = ip4ip6_rcv, 1726 .err_handler = ip4ip6_err, 1727 .priority = 1, 1728 }; 1729 1730 static struct xfrm6_tunnel ip6ip6_handler __read_mostly = { 1731 .handler = ip6ip6_rcv, 1732 .err_handler = ip6ip6_err, 1733 .priority = 1, 1734 }; 1735 1736 static void __net_exit ip6_tnl_destroy_tunnels(struct net *net) 1737 { 1738 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1739 struct net_device *dev, *aux; 1740 int h; 1741 struct ip6_tnl *t; 1742 LIST_HEAD(list); 1743 1744 for_each_netdev_safe(net, dev, aux) 1745 if (dev->rtnl_link_ops == &ip6_link_ops) 1746 unregister_netdevice_queue(dev, &list); 1747 1748 for (h = 0; h < HASH_SIZE; h++) { 1749 t = rtnl_dereference(ip6n->tnls_r_l[h]); 1750 while (t != NULL) { 1751 /* If dev is in the same netns, it has already 1752 * been added to the list by the previous loop. 1753 */ 1754 if (!net_eq(dev_net(t->dev), net)) 1755 unregister_netdevice_queue(t->dev, &list); 1756 t = rtnl_dereference(t->next); 1757 } 1758 } 1759 1760 unregister_netdevice_many(&list); 1761 } 1762 1763 static int __net_init ip6_tnl_init_net(struct net *net) 1764 { 1765 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1766 struct ip6_tnl *t = NULL; 1767 int err; 1768 1769 ip6n->tnls[0] = ip6n->tnls_wc; 1770 ip6n->tnls[1] = ip6n->tnls_r_l; 1771 1772 err = -ENOMEM; 1773 ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6tnl0", 1774 ip6_tnl_dev_setup); 1775 1776 if (!ip6n->fb_tnl_dev) 1777 goto err_alloc_dev; 1778 dev_net_set(ip6n->fb_tnl_dev, net); 1779 ip6n->fb_tnl_dev->rtnl_link_ops = &ip6_link_ops; 1780 /* FB netdevice is special: we have one, and only one per netns. 1781 * Allowing to move it to another netns is clearly unsafe. 1782 */ 1783 ip6n->fb_tnl_dev->features |= NETIF_F_NETNS_LOCAL; 1784 1785 err = ip6_fb_tnl_dev_init(ip6n->fb_tnl_dev); 1786 if (err < 0) 1787 goto err_register; 1788 1789 err = register_netdev(ip6n->fb_tnl_dev); 1790 if (err < 0) 1791 goto err_register; 1792 1793 t = netdev_priv(ip6n->fb_tnl_dev); 1794 1795 strcpy(t->parms.name, ip6n->fb_tnl_dev->name); 1796 return 0; 1797 1798 err_register: 1799 ip6_dev_free(ip6n->fb_tnl_dev); 1800 err_alloc_dev: 1801 return err; 1802 } 1803 1804 static void __net_exit ip6_tnl_exit_net(struct net *net) 1805 { 1806 rtnl_lock(); 1807 ip6_tnl_destroy_tunnels(net); 1808 rtnl_unlock(); 1809 } 1810 1811 static struct pernet_operations ip6_tnl_net_ops = { 1812 .init = ip6_tnl_init_net, 1813 .exit = ip6_tnl_exit_net, 1814 .id = &ip6_tnl_net_id, 1815 .size = sizeof(struct ip6_tnl_net), 1816 }; 1817 1818 /** 1819 * ip6_tunnel_init - register protocol and reserve needed resources 1820 * 1821 * Return: 0 on success 1822 **/ 1823 1824 static int __init ip6_tunnel_init(void) 1825 { 1826 int err; 1827 1828 err = register_pernet_device(&ip6_tnl_net_ops); 1829 if (err < 0) 1830 goto out_pernet; 1831 1832 err = xfrm6_tunnel_register(&ip4ip6_handler, AF_INET); 1833 if (err < 0) { 1834 pr_err("%s: can't register ip4ip6\n", __func__); 1835 goto out_ip4ip6; 1836 } 1837 1838 err = xfrm6_tunnel_register(&ip6ip6_handler, AF_INET6); 1839 if (err < 0) { 1840 pr_err("%s: can't register ip6ip6\n", __func__); 1841 goto out_ip6ip6; 1842 } 1843 err = rtnl_link_register(&ip6_link_ops); 1844 if (err < 0) 1845 goto rtnl_link_failed; 1846 1847 return 0; 1848 1849 rtnl_link_failed: 1850 xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6); 1851 out_ip6ip6: 1852 xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET); 1853 out_ip4ip6: 1854 unregister_pernet_device(&ip6_tnl_net_ops); 1855 out_pernet: 1856 return err; 1857 } 1858 1859 /** 1860 * ip6_tunnel_cleanup - free resources and unregister protocol 1861 **/ 1862 1863 static void __exit ip6_tunnel_cleanup(void) 1864 { 1865 rtnl_link_unregister(&ip6_link_ops); 1866 if (xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET)) 1867 pr_info("%s: can't deregister ip4ip6\n", __func__); 1868 1869 if (xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6)) 1870 pr_info("%s: can't deregister ip6ip6\n", __func__); 1871 1872 unregister_pernet_device(&ip6_tnl_net_ops); 1873 } 1874 1875 module_init(ip6_tunnel_init); 1876 module_exit(ip6_tunnel_cleanup); 1877