1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Linux NET3: IP/IP protocol decoder.
4 *
5 * Authors:
6 * Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
7 *
8 * Fixes:
9 * Alan Cox : Merged and made usable non modular (its so tiny its silly as
10 * a module taking up 2 pages).
11 * Alan Cox : Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
12 * to keep ip_forward happy.
13 * Alan Cox : More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
14 * Kai Schulte : Fixed #defines for IP_FIREWALL->FIREWALL
15 * David Woodhouse : Perform some basic ICMP handling.
16 * IPIP Routing without decapsulation.
17 * Carlos Picoto : GRE over IP support
18 * Alexey Kuznetsov: Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
19 * I do not want to merge them together.
20 */
21
22 /* tunnel.c: an IP tunnel driver
23
24 The purpose of this driver is to provide an IP tunnel through
25 which you can tunnel network traffic transparently across subnets.
26
27 This was written by looking at Nick Holloway's dummy driver
28 Thanks for the great code!
29
30 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
31
32 Minor tweaks:
33 Cleaned up the code a little and added some pre-1.3.0 tweaks.
34 dev->hard_header/hard_header_len changed to use no headers.
35 Comments/bracketing tweaked.
36 Made the tunnels use dev->name not tunnel: when error reporting.
37 Added tx_dropped stat
38
39 -Alan Cox (alan@lxorguk.ukuu.org.uk) 21 March 95
40
41 Reworked:
42 Changed to tunnel to destination gateway in addition to the
43 tunnel's pointopoint address
44 Almost completely rewritten
45 Note: There is currently no firewall or ICMP handling done.
46
47 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/13/96
48
49 */
50
51 /* Things I wish I had known when writing the tunnel driver:
52
53 When the tunnel_xmit() function is called, the skb contains the
54 packet to be sent (plus a great deal of extra info), and dev
55 contains the tunnel device that _we_ are.
56
57 When we are passed a packet, we are expected to fill in the
58 source address with our source IP address.
59
60 What is the proper way to allocate, copy and free a buffer?
61 After you allocate it, it is a "0 length" chunk of memory
62 starting at zero. If you want to add headers to the buffer
63 later, you'll have to call "skb_reserve(skb, amount)" with
64 the amount of memory you want reserved. Then, you call
65 "skb_put(skb, amount)" with the amount of space you want in
66 the buffer. skb_put() returns a pointer to the top (#0) of
67 that buffer. skb->len is set to the amount of space you have
68 "allocated" with skb_put(). You can then write up to skb->len
69 bytes to that buffer. If you need more, you can call skb_put()
70 again with the additional amount of space you need. You can
71 find out how much more space you can allocate by calling
72 "skb_tailroom(skb)".
73 Now, to add header space, call "skb_push(skb, header_len)".
74 This creates space at the beginning of the buffer and returns
75 a pointer to this new space. If later you need to strip a
76 header from a buffer, call "skb_pull(skb, header_len)".
77 skb_headroom() will return how much space is left at the top
78 of the buffer (before the main data). Remember, this headroom
79 space must be reserved before the skb_put() function is called.
80 */
81
82 /*
83 This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
84
85 For comments look at net/ipv4/ip_gre.c --ANK
86 */
87
88
89 #include <linux/capability.h>
90 #include <linux/module.h>
91 #include <linux/types.h>
92 #include <linux/kernel.h>
93 #include <linux/slab.h>
94 #include <linux/uaccess.h>
95 #include <linux/skbuff.h>
96 #include <linux/netdevice.h>
97 #include <linux/in.h>
98 #include <linux/tcp.h>
99 #include <linux/udp.h>
100 #include <linux/if_arp.h>
101 #include <linux/init.h>
102 #include <linux/netfilter_ipv4.h>
103 #include <linux/if_ether.h>
104
105 #include <net/sock.h>
106 #include <net/ip.h>
107 #include <net/icmp.h>
108 #include <net/ip_tunnels.h>
109 #include <net/inet_ecn.h>
110 #include <net/xfrm.h>
111 #include <net/net_namespace.h>
112 #include <net/netns/generic.h>
113 #include <net/dst_metadata.h>
114
115 static bool log_ecn_error = true;
116 module_param(log_ecn_error, bool, 0644);
117 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
118
119 static unsigned int ipip_net_id __read_mostly;
120
121 static int ipip_tunnel_init(struct net_device *dev);
122 static struct rtnl_link_ops ipip_link_ops __read_mostly;
123
ipip_err(struct sk_buff * skb,u32 info)124 static int ipip_err(struct sk_buff *skb, u32 info)
125 {
126 /* All the routers (except for Linux) return only
127 * 8 bytes of packet payload. It means, that precise relaying of
128 * ICMP in the real Internet is absolutely infeasible.
129 */
130 struct net *net = dev_net(skb->dev);
131 struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
132 const struct iphdr *iph = (const struct iphdr *)skb->data;
133 const int type = icmp_hdr(skb)->type;
134 const int code = icmp_hdr(skb)->code;
135 struct ip_tunnel *t;
136 int err = 0;
137
138 t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
139 iph->daddr, iph->saddr, 0);
140 if (!t) {
141 err = -ENOENT;
142 goto out;
143 }
144
145 switch (type) {
146 case ICMP_DEST_UNREACH:
147 switch (code) {
148 case ICMP_SR_FAILED:
149 /* Impossible event. */
150 goto out;
151 default:
152 /* All others are translated to HOST_UNREACH.
153 * rfc2003 contains "deep thoughts" about NET_UNREACH,
154 * I believe they are just ether pollution. --ANK
155 */
156 break;
157 }
158 break;
159
160 case ICMP_TIME_EXCEEDED:
161 if (code != ICMP_EXC_TTL)
162 goto out;
163 break;
164
165 case ICMP_REDIRECT:
166 break;
167
168 default:
169 goto out;
170 }
171
172 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
173 ipv4_update_pmtu(skb, net, info, t->parms.link, iph->protocol);
174 goto out;
175 }
176
177 if (type == ICMP_REDIRECT) {
178 ipv4_redirect(skb, net, t->parms.link, iph->protocol);
179 goto out;
180 }
181
182 if (t->parms.iph.daddr == 0) {
183 err = -ENOENT;
184 goto out;
185 }
186
187 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
188 goto out;
189
190 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
191 t->err_count++;
192 else
193 t->err_count = 1;
194 t->err_time = jiffies;
195
196 out:
197 return err;
198 }
199
200 static const struct tnl_ptk_info ipip_tpi = {
201 /* no tunnel info required for ipip. */
202 .proto = htons(ETH_P_IP),
203 };
204
205 #if IS_ENABLED(CONFIG_MPLS)
206 static const struct tnl_ptk_info mplsip_tpi = {
207 /* no tunnel info required for mplsip. */
208 .proto = htons(ETH_P_MPLS_UC),
209 };
210 #endif
211
ipip_tunnel_rcv(struct sk_buff * skb,u8 ipproto)212 static int ipip_tunnel_rcv(struct sk_buff *skb, u8 ipproto)
213 {
214 struct net *net = dev_net(skb->dev);
215 struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
216 struct metadata_dst *tun_dst = NULL;
217 struct ip_tunnel *tunnel;
218 const struct iphdr *iph;
219
220 iph = ip_hdr(skb);
221 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
222 iph->saddr, iph->daddr, 0);
223 if (tunnel) {
224 const struct tnl_ptk_info *tpi;
225
226 if (tunnel->parms.iph.protocol != ipproto &&
227 tunnel->parms.iph.protocol != 0)
228 goto drop;
229
230 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
231 goto drop;
232 #if IS_ENABLED(CONFIG_MPLS)
233 if (ipproto == IPPROTO_MPLS)
234 tpi = &mplsip_tpi;
235 else
236 #endif
237 tpi = &ipip_tpi;
238 if (iptunnel_pull_header(skb, 0, tpi->proto, false))
239 goto drop;
240 if (tunnel->collect_md) {
241 tun_dst = ip_tun_rx_dst(skb, 0, 0, 0);
242 if (!tun_dst)
243 return 0;
244 }
245 skb_reset_mac_header(skb);
246
247 return ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
248 }
249
250 return -1;
251
252 drop:
253 kfree_skb(skb);
254 return 0;
255 }
256
ipip_rcv(struct sk_buff * skb)257 static int ipip_rcv(struct sk_buff *skb)
258 {
259 return ipip_tunnel_rcv(skb, IPPROTO_IPIP);
260 }
261
262 #if IS_ENABLED(CONFIG_MPLS)
mplsip_rcv(struct sk_buff * skb)263 static int mplsip_rcv(struct sk_buff *skb)
264 {
265 return ipip_tunnel_rcv(skb, IPPROTO_MPLS);
266 }
267 #endif
268
269 /*
270 * This function assumes it is being called from dev_queue_xmit()
271 * and that skb is filled properly by that function.
272 */
ipip_tunnel_xmit(struct sk_buff * skb,struct net_device * dev)273 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb,
274 struct net_device *dev)
275 {
276 struct ip_tunnel *tunnel = netdev_priv(dev);
277 const struct iphdr *tiph = &tunnel->parms.iph;
278 u8 ipproto;
279
280 if (!pskb_inet_may_pull(skb))
281 goto tx_error;
282
283 switch (skb->protocol) {
284 case htons(ETH_P_IP):
285 ipproto = IPPROTO_IPIP;
286 break;
287 #if IS_ENABLED(CONFIG_MPLS)
288 case htons(ETH_P_MPLS_UC):
289 ipproto = IPPROTO_MPLS;
290 break;
291 #endif
292 default:
293 goto tx_error;
294 }
295
296 if (tiph->protocol != ipproto && tiph->protocol != 0)
297 goto tx_error;
298
299 if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP4))
300 goto tx_error;
301
302 skb_set_inner_ipproto(skb, ipproto);
303
304 if (tunnel->collect_md)
305 ip_md_tunnel_xmit(skb, dev, ipproto, 0);
306 else
307 ip_tunnel_xmit(skb, dev, tiph, ipproto);
308 return NETDEV_TX_OK;
309
310 tx_error:
311 kfree_skb(skb);
312
313 dev->stats.tx_errors++;
314 return NETDEV_TX_OK;
315 }
316
ipip_tunnel_ioctl_verify_protocol(u8 ipproto)317 static bool ipip_tunnel_ioctl_verify_protocol(u8 ipproto)
318 {
319 switch (ipproto) {
320 case 0:
321 case IPPROTO_IPIP:
322 #if IS_ENABLED(CONFIG_MPLS)
323 case IPPROTO_MPLS:
324 #endif
325 return true;
326 }
327
328 return false;
329 }
330
331 static int
ipip_tunnel_ctl(struct net_device * dev,struct ip_tunnel_parm * p,int cmd)332 ipip_tunnel_ctl(struct net_device *dev, struct ip_tunnel_parm *p, int cmd)
333 {
334 if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
335 if (p->iph.version != 4 ||
336 !ipip_tunnel_ioctl_verify_protocol(p->iph.protocol) ||
337 p->iph.ihl != 5 || (p->iph.frag_off & htons(~IP_DF)))
338 return -EINVAL;
339 }
340
341 p->i_key = p->o_key = 0;
342 p->i_flags = p->o_flags = 0;
343 return ip_tunnel_ctl(dev, p, cmd);
344 }
345
346 static const struct net_device_ops ipip_netdev_ops = {
347 .ndo_init = ipip_tunnel_init,
348 .ndo_uninit = ip_tunnel_uninit,
349 .ndo_start_xmit = ipip_tunnel_xmit,
350 .ndo_siocdevprivate = ip_tunnel_siocdevprivate,
351 .ndo_change_mtu = ip_tunnel_change_mtu,
352 .ndo_get_stats64 = dev_get_tstats64,
353 .ndo_get_iflink = ip_tunnel_get_iflink,
354 .ndo_tunnel_ctl = ipip_tunnel_ctl,
355 };
356
357 #define IPIP_FEATURES (NETIF_F_SG | \
358 NETIF_F_FRAGLIST | \
359 NETIF_F_HIGHDMA | \
360 NETIF_F_GSO_SOFTWARE | \
361 NETIF_F_HW_CSUM)
362
ipip_tunnel_setup(struct net_device * dev)363 static void ipip_tunnel_setup(struct net_device *dev)
364 {
365 dev->netdev_ops = &ipip_netdev_ops;
366 dev->header_ops = &ip_tunnel_header_ops;
367
368 dev->type = ARPHRD_TUNNEL;
369 dev->flags = IFF_NOARP;
370 dev->addr_len = 4;
371 dev->features |= NETIF_F_LLTX;
372 netif_keep_dst(dev);
373
374 dev->features |= IPIP_FEATURES;
375 dev->hw_features |= IPIP_FEATURES;
376 ip_tunnel_setup(dev, ipip_net_id);
377 }
378
ipip_tunnel_init(struct net_device * dev)379 static int ipip_tunnel_init(struct net_device *dev)
380 {
381 struct ip_tunnel *tunnel = netdev_priv(dev);
382
383 __dev_addr_set(dev, &tunnel->parms.iph.saddr, 4);
384 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
385
386 tunnel->tun_hlen = 0;
387 tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
388 return ip_tunnel_init(dev);
389 }
390
ipip_tunnel_validate(struct nlattr * tb[],struct nlattr * data[],struct netlink_ext_ack * extack)391 static int ipip_tunnel_validate(struct nlattr *tb[], struct nlattr *data[],
392 struct netlink_ext_ack *extack)
393 {
394 u8 proto;
395
396 if (!data || !data[IFLA_IPTUN_PROTO])
397 return 0;
398
399 proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
400 if (proto != IPPROTO_IPIP && proto != IPPROTO_MPLS && proto != 0)
401 return -EINVAL;
402
403 return 0;
404 }
405
ipip_netlink_parms(struct nlattr * data[],struct ip_tunnel_parm * parms,bool * collect_md,__u32 * fwmark)406 static void ipip_netlink_parms(struct nlattr *data[],
407 struct ip_tunnel_parm *parms, bool *collect_md,
408 __u32 *fwmark)
409 {
410 memset(parms, 0, sizeof(*parms));
411
412 parms->iph.version = 4;
413 parms->iph.protocol = IPPROTO_IPIP;
414 parms->iph.ihl = 5;
415 *collect_md = false;
416
417 if (!data)
418 return;
419
420 if (data[IFLA_IPTUN_LINK])
421 parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]);
422
423 if (data[IFLA_IPTUN_LOCAL])
424 parms->iph.saddr = nla_get_in_addr(data[IFLA_IPTUN_LOCAL]);
425
426 if (data[IFLA_IPTUN_REMOTE])
427 parms->iph.daddr = nla_get_in_addr(data[IFLA_IPTUN_REMOTE]);
428
429 if (data[IFLA_IPTUN_TTL]) {
430 parms->iph.ttl = nla_get_u8(data[IFLA_IPTUN_TTL]);
431 if (parms->iph.ttl)
432 parms->iph.frag_off = htons(IP_DF);
433 }
434
435 if (data[IFLA_IPTUN_TOS])
436 parms->iph.tos = nla_get_u8(data[IFLA_IPTUN_TOS]);
437
438 if (data[IFLA_IPTUN_PROTO])
439 parms->iph.protocol = nla_get_u8(data[IFLA_IPTUN_PROTO]);
440
441 if (!data[IFLA_IPTUN_PMTUDISC] || nla_get_u8(data[IFLA_IPTUN_PMTUDISC]))
442 parms->iph.frag_off = htons(IP_DF);
443
444 if (data[IFLA_IPTUN_COLLECT_METADATA])
445 *collect_md = true;
446
447 if (data[IFLA_IPTUN_FWMARK])
448 *fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]);
449 }
450
451 /* This function returns true when ENCAP attributes are present in the nl msg */
ipip_netlink_encap_parms(struct nlattr * data[],struct ip_tunnel_encap * ipencap)452 static bool ipip_netlink_encap_parms(struct nlattr *data[],
453 struct ip_tunnel_encap *ipencap)
454 {
455 bool ret = false;
456
457 memset(ipencap, 0, sizeof(*ipencap));
458
459 if (!data)
460 return ret;
461
462 if (data[IFLA_IPTUN_ENCAP_TYPE]) {
463 ret = true;
464 ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]);
465 }
466
467 if (data[IFLA_IPTUN_ENCAP_FLAGS]) {
468 ret = true;
469 ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]);
470 }
471
472 if (data[IFLA_IPTUN_ENCAP_SPORT]) {
473 ret = true;
474 ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]);
475 }
476
477 if (data[IFLA_IPTUN_ENCAP_DPORT]) {
478 ret = true;
479 ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]);
480 }
481
482 return ret;
483 }
484
ipip_newlink(struct net * src_net,struct net_device * dev,struct nlattr * tb[],struct nlattr * data[],struct netlink_ext_ack * extack)485 static int ipip_newlink(struct net *src_net, struct net_device *dev,
486 struct nlattr *tb[], struct nlattr *data[],
487 struct netlink_ext_ack *extack)
488 {
489 struct ip_tunnel *t = netdev_priv(dev);
490 struct ip_tunnel_parm p;
491 struct ip_tunnel_encap ipencap;
492 __u32 fwmark = 0;
493
494 if (ipip_netlink_encap_parms(data, &ipencap)) {
495 int err = ip_tunnel_encap_setup(t, &ipencap);
496
497 if (err < 0)
498 return err;
499 }
500
501 ipip_netlink_parms(data, &p, &t->collect_md, &fwmark);
502 return ip_tunnel_newlink(dev, tb, &p, fwmark);
503 }
504
ipip_changelink(struct net_device * dev,struct nlattr * tb[],struct nlattr * data[],struct netlink_ext_ack * extack)505 static int ipip_changelink(struct net_device *dev, struct nlattr *tb[],
506 struct nlattr *data[],
507 struct netlink_ext_ack *extack)
508 {
509 struct ip_tunnel *t = netdev_priv(dev);
510 struct ip_tunnel_parm p;
511 struct ip_tunnel_encap ipencap;
512 bool collect_md;
513 __u32 fwmark = t->fwmark;
514
515 if (ipip_netlink_encap_parms(data, &ipencap)) {
516 int err = ip_tunnel_encap_setup(t, &ipencap);
517
518 if (err < 0)
519 return err;
520 }
521
522 ipip_netlink_parms(data, &p, &collect_md, &fwmark);
523 if (collect_md)
524 return -EINVAL;
525
526 if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
527 (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
528 return -EINVAL;
529
530 return ip_tunnel_changelink(dev, tb, &p, fwmark);
531 }
532
ipip_get_size(const struct net_device * dev)533 static size_t ipip_get_size(const struct net_device *dev)
534 {
535 return
536 /* IFLA_IPTUN_LINK */
537 nla_total_size(4) +
538 /* IFLA_IPTUN_LOCAL */
539 nla_total_size(4) +
540 /* IFLA_IPTUN_REMOTE */
541 nla_total_size(4) +
542 /* IFLA_IPTUN_TTL */
543 nla_total_size(1) +
544 /* IFLA_IPTUN_TOS */
545 nla_total_size(1) +
546 /* IFLA_IPTUN_PROTO */
547 nla_total_size(1) +
548 /* IFLA_IPTUN_PMTUDISC */
549 nla_total_size(1) +
550 /* IFLA_IPTUN_ENCAP_TYPE */
551 nla_total_size(2) +
552 /* IFLA_IPTUN_ENCAP_FLAGS */
553 nla_total_size(2) +
554 /* IFLA_IPTUN_ENCAP_SPORT */
555 nla_total_size(2) +
556 /* IFLA_IPTUN_ENCAP_DPORT */
557 nla_total_size(2) +
558 /* IFLA_IPTUN_COLLECT_METADATA */
559 nla_total_size(0) +
560 /* IFLA_IPTUN_FWMARK */
561 nla_total_size(4) +
562 0;
563 }
564
ipip_fill_info(struct sk_buff * skb,const struct net_device * dev)565 static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev)
566 {
567 struct ip_tunnel *tunnel = netdev_priv(dev);
568 struct ip_tunnel_parm *parm = &tunnel->parms;
569
570 if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
571 nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
572 nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
573 nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
574 nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
575 nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->iph.protocol) ||
576 nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
577 !!(parm->iph.frag_off & htons(IP_DF))) ||
578 nla_put_u32(skb, IFLA_IPTUN_FWMARK, tunnel->fwmark))
579 goto nla_put_failure;
580
581 if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
582 tunnel->encap.type) ||
583 nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
584 tunnel->encap.sport) ||
585 nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
586 tunnel->encap.dport) ||
587 nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
588 tunnel->encap.flags))
589 goto nla_put_failure;
590
591 if (tunnel->collect_md)
592 if (nla_put_flag(skb, IFLA_IPTUN_COLLECT_METADATA))
593 goto nla_put_failure;
594 return 0;
595
596 nla_put_failure:
597 return -EMSGSIZE;
598 }
599
600 static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
601 [IFLA_IPTUN_LINK] = { .type = NLA_U32 },
602 [IFLA_IPTUN_LOCAL] = { .type = NLA_U32 },
603 [IFLA_IPTUN_REMOTE] = { .type = NLA_U32 },
604 [IFLA_IPTUN_TTL] = { .type = NLA_U8 },
605 [IFLA_IPTUN_TOS] = { .type = NLA_U8 },
606 [IFLA_IPTUN_PROTO] = { .type = NLA_U8 },
607 [IFLA_IPTUN_PMTUDISC] = { .type = NLA_U8 },
608 [IFLA_IPTUN_ENCAP_TYPE] = { .type = NLA_U16 },
609 [IFLA_IPTUN_ENCAP_FLAGS] = { .type = NLA_U16 },
610 [IFLA_IPTUN_ENCAP_SPORT] = { .type = NLA_U16 },
611 [IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 },
612 [IFLA_IPTUN_COLLECT_METADATA] = { .type = NLA_FLAG },
613 [IFLA_IPTUN_FWMARK] = { .type = NLA_U32 },
614 };
615
616 static struct rtnl_link_ops ipip_link_ops __read_mostly = {
617 .kind = "ipip",
618 .maxtype = IFLA_IPTUN_MAX,
619 .policy = ipip_policy,
620 .priv_size = sizeof(struct ip_tunnel),
621 .setup = ipip_tunnel_setup,
622 .validate = ipip_tunnel_validate,
623 .newlink = ipip_newlink,
624 .changelink = ipip_changelink,
625 .dellink = ip_tunnel_dellink,
626 .get_size = ipip_get_size,
627 .fill_info = ipip_fill_info,
628 .get_link_net = ip_tunnel_get_link_net,
629 };
630
631 static struct xfrm_tunnel ipip_handler __read_mostly = {
632 .handler = ipip_rcv,
633 .err_handler = ipip_err,
634 .priority = 1,
635 };
636
637 #if IS_ENABLED(CONFIG_MPLS)
638 static struct xfrm_tunnel mplsip_handler __read_mostly = {
639 .handler = mplsip_rcv,
640 .err_handler = ipip_err,
641 .priority = 1,
642 };
643 #endif
644
ipip_init_net(struct net * net)645 static int __net_init ipip_init_net(struct net *net)
646 {
647 return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
648 }
649
ipip_exit_batch_net(struct list_head * list_net)650 static void __net_exit ipip_exit_batch_net(struct list_head *list_net)
651 {
652 ip_tunnel_delete_nets(list_net, ipip_net_id, &ipip_link_ops);
653 }
654
655 static struct pernet_operations ipip_net_ops = {
656 .init = ipip_init_net,
657 .exit_batch = ipip_exit_batch_net,
658 .id = &ipip_net_id,
659 .size = sizeof(struct ip_tunnel_net),
660 };
661
ipip_init(void)662 static int __init ipip_init(void)
663 {
664 int err;
665
666 pr_info("ipip: IPv4 and MPLS over IPv4 tunneling driver\n");
667
668 err = register_pernet_device(&ipip_net_ops);
669 if (err < 0)
670 return err;
671 err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
672 if (err < 0) {
673 pr_info("%s: can't register tunnel\n", __func__);
674 goto xfrm_tunnel_ipip_failed;
675 }
676 #if IS_ENABLED(CONFIG_MPLS)
677 err = xfrm4_tunnel_register(&mplsip_handler, AF_MPLS);
678 if (err < 0) {
679 pr_info("%s: can't register tunnel\n", __func__);
680 goto xfrm_tunnel_mplsip_failed;
681 }
682 #endif
683 err = rtnl_link_register(&ipip_link_ops);
684 if (err < 0)
685 goto rtnl_link_failed;
686
687 out:
688 return err;
689
690 rtnl_link_failed:
691 #if IS_ENABLED(CONFIG_MPLS)
692 xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS);
693 xfrm_tunnel_mplsip_failed:
694
695 #endif
696 xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
697 xfrm_tunnel_ipip_failed:
698 unregister_pernet_device(&ipip_net_ops);
699 goto out;
700 }
701
ipip_fini(void)702 static void __exit ipip_fini(void)
703 {
704 rtnl_link_unregister(&ipip_link_ops);
705 if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
706 pr_info("%s: can't deregister tunnel\n", __func__);
707 #if IS_ENABLED(CONFIG_MPLS)
708 if (xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS))
709 pr_info("%s: can't deregister tunnel\n", __func__);
710 #endif
711 unregister_pernet_device(&ipip_net_ops);
712 }
713
714 module_init(ipip_init);
715 module_exit(ipip_fini);
716 MODULE_LICENSE("GPL");
717 MODULE_ALIAS_RTNL_LINK("ipip");
718 MODULE_ALIAS_NETDEV("tunl0");
719