2 * Linux NET3: IP/IP protocol decoder.
5 * Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
8 * Alan Cox : Merged and made usable non modular (its so tiny its silly as
9 * a module taking up 2 pages).
10 * Alan Cox : Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
11 * to keep ip_forward happy.
12 * Alan Cox : More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
13 * Kai Schulte : Fixed #defines for IP_FIREWALL->FIREWALL
14 * David Woodhouse : Perform some basic ICMP handling.
15 * IPIP Routing without decapsulation.
16 * Carlos Picoto : GRE over IP support
17 * Alexey Kuznetsov: Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
18 * I do not want to merge them together.
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
27 /* tunnel.c: an IP tunnel driver
29 The purpose of this driver is to provide an IP tunnel through
30 which you can tunnel network traffic transparently across subnets.
32 This was written by looking at Nick Holloway's dummy driver
33 Thanks for the great code!
35 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
38 Cleaned up the code a little and added some pre-1.3.0 tweaks.
39 dev->hard_header/hard_header_len changed to use no headers.
40 Comments/bracketing tweaked.
41 Made the tunnels use dev->name not tunnel: when error reporting.
44 -Alan Cox (alan@lxorguk.ukuu.org.uk) 21 March 95
47 Changed to tunnel to destination gateway in addition to the
48 tunnel's pointopoint address
49 Almost completely rewritten
50 Note: There is currently no firewall or ICMP handling done.
52 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/13/96
56 /* Things I wish I had known when writing the tunnel driver:
58 When the tunnel_xmit() function is called, the skb contains the
59 packet to be sent (plus a great deal of extra info), and dev
60 contains the tunnel device that _we_ are.
62 When we are passed a packet, we are expected to fill in the
63 source address with our source IP address.
65 What is the proper way to allocate, copy and free a buffer?
66 After you allocate it, it is a "0 length" chunk of memory
67 starting at zero. If you want to add headers to the buffer
68 later, you'll have to call "skb_reserve(skb, amount)" with
69 the amount of memory you want reserved. Then, you call
70 "skb_put(skb, amount)" with the amount of space you want in
71 the buffer. skb_put() returns a pointer to the top (#0) of
72 that buffer. skb->len is set to the amount of space you have
73 "allocated" with skb_put(). You can then write up to skb->len
74 bytes to that buffer. If you need more, you can call skb_put()
75 again with the additional amount of space you need. You can
76 find out how much more space you can allocate by calling
78 Now, to add header space, call "skb_push(skb, header_len)".
79 This creates space at the beginning of the buffer and returns
80 a pointer to this new space. If later you need to strip a
81 header from a buffer, call "skb_pull(skb, header_len)".
82 skb_headroom() will return how much space is left at the top
83 of the buffer (before the main data). Remember, this headroom
84 space must be reserved before the skb_put() function is called.
88 This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
90 For comments look at net/ipv4/ip_gre.c --ANK
94 #include <linux/capability.h>
95 #include <linux/module.h>
96 #include <linux/types.h>
97 #include <linux/kernel.h>
98 #include <linux/slab.h>
99 #include <asm/uaccess.h>
100 #include <linux/skbuff.h>
101 #include <linux/netdevice.h>
102 #include <linux/in.h>
103 #include <linux/tcp.h>
104 #include <linux/udp.h>
105 #include <linux/if_arp.h>
106 #include <linux/init.h>
107 #include <linux/netfilter_ipv4.h>
108 #include <linux/if_ether.h>
110 #include <net/sock.h>
112 #include <net/icmp.h>
113 #include <net/ip_tunnels.h>
114 #include <net/inet_ecn.h>
115 #include <net/xfrm.h>
116 #include <net/net_namespace.h>
117 #include <net/netns/generic.h>
119 static bool log_ecn_error = true;
120 module_param(log_ecn_error, bool, 0644);
121 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
123 static int ipip_net_id __read_mostly;
125 static int ipip_tunnel_init(struct net_device *dev);
126 static struct rtnl_link_ops ipip_link_ops __read_mostly;
128 static int ipip_err(struct sk_buff *skb, u32 info)
131 /* All the routers (except for Linux) return only
132 8 bytes of packet payload. It means, that precise relaying of
133 ICMP in the real Internet is absolutely infeasible.
135 struct net *net = dev_net(skb->dev);
136 struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
137 const struct iphdr *iph = (const struct iphdr *)skb->data;
140 const int type = icmp_hdr(skb)->type;
141 const int code = icmp_hdr(skb)->code;
144 t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
145 iph->daddr, iph->saddr, 0);
149 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
150 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
151 t->parms.link, 0, IPPROTO_IPIP, 0);
156 if (type == ICMP_REDIRECT) {
157 ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0,
163 if (t->parms.iph.daddr == 0)
167 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
170 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
174 t->err_time = jiffies;
180 static const struct tnl_ptk_info tpi = {
181 /* no tunnel info required for ipip. */
182 .proto = htons(ETH_P_IP),
185 static int ipip_rcv(struct sk_buff *skb)
187 struct net *net = dev_net(skb->dev);
188 struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
189 struct ip_tunnel *tunnel;
190 const struct iphdr *iph;
193 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
194 iph->saddr, iph->daddr, 0);
196 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
198 if (iptunnel_pull_header(skb, 0, tpi.proto, false))
200 return ip_tunnel_rcv(tunnel, skb, &tpi, NULL, log_ecn_error);
211 * This function assumes it is being called from dev_queue_xmit()
212 * and that skb is filled properly by that function.
214 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
216 struct ip_tunnel *tunnel = netdev_priv(dev);
217 const struct iphdr *tiph = &tunnel->parms.iph;
219 if (unlikely(skb->protocol != htons(ETH_P_IP)))
222 if (iptunnel_handle_offloads(skb, SKB_GSO_IPIP))
225 skb_set_inner_ipproto(skb, IPPROTO_IPIP);
227 ip_tunnel_xmit(skb, dev, tiph, tiph->protocol);
233 dev->stats.tx_errors++;
238 ipip_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
241 struct ip_tunnel_parm p;
243 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
246 if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
247 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
248 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
252 p.i_key = p.o_key = 0;
253 p.i_flags = p.o_flags = 0;
254 err = ip_tunnel_ioctl(dev, &p, cmd);
258 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
264 static const struct net_device_ops ipip_netdev_ops = {
265 .ndo_init = ipip_tunnel_init,
266 .ndo_uninit = ip_tunnel_uninit,
267 .ndo_start_xmit = ipip_tunnel_xmit,
268 .ndo_do_ioctl = ipip_tunnel_ioctl,
269 .ndo_change_mtu = ip_tunnel_change_mtu,
270 .ndo_get_stats64 = ip_tunnel_get_stats64,
271 .ndo_get_iflink = ip_tunnel_get_iflink,
274 #define IPIP_FEATURES (NETIF_F_SG | \
277 NETIF_F_GSO_SOFTWARE | \
280 static void ipip_tunnel_setup(struct net_device *dev)
282 dev->netdev_ops = &ipip_netdev_ops;
284 dev->type = ARPHRD_TUNNEL;
285 dev->flags = IFF_NOARP;
287 dev->features |= NETIF_F_LLTX;
290 dev->features |= IPIP_FEATURES;
291 dev->hw_features |= IPIP_FEATURES;
292 ip_tunnel_setup(dev, ipip_net_id);
295 static int ipip_tunnel_init(struct net_device *dev)
297 struct ip_tunnel *tunnel = netdev_priv(dev);
299 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
300 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
302 tunnel->tun_hlen = 0;
303 tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
304 tunnel->parms.iph.protocol = IPPROTO_IPIP;
305 return ip_tunnel_init(dev);
308 static void ipip_netlink_parms(struct nlattr *data[],
309 struct ip_tunnel_parm *parms)
311 memset(parms, 0, sizeof(*parms));
313 parms->iph.version = 4;
314 parms->iph.protocol = IPPROTO_IPIP;
320 if (data[IFLA_IPTUN_LINK])
321 parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]);
323 if (data[IFLA_IPTUN_LOCAL])
324 parms->iph.saddr = nla_get_in_addr(data[IFLA_IPTUN_LOCAL]);
326 if (data[IFLA_IPTUN_REMOTE])
327 parms->iph.daddr = nla_get_in_addr(data[IFLA_IPTUN_REMOTE]);
329 if (data[IFLA_IPTUN_TTL]) {
330 parms->iph.ttl = nla_get_u8(data[IFLA_IPTUN_TTL]);
332 parms->iph.frag_off = htons(IP_DF);
335 if (data[IFLA_IPTUN_TOS])
336 parms->iph.tos = nla_get_u8(data[IFLA_IPTUN_TOS]);
338 if (!data[IFLA_IPTUN_PMTUDISC] || nla_get_u8(data[IFLA_IPTUN_PMTUDISC]))
339 parms->iph.frag_off = htons(IP_DF);
342 /* This function returns true when ENCAP attributes are present in the nl msg */
343 static bool ipip_netlink_encap_parms(struct nlattr *data[],
344 struct ip_tunnel_encap *ipencap)
348 memset(ipencap, 0, sizeof(*ipencap));
353 if (data[IFLA_IPTUN_ENCAP_TYPE]) {
355 ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]);
358 if (data[IFLA_IPTUN_ENCAP_FLAGS]) {
360 ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]);
363 if (data[IFLA_IPTUN_ENCAP_SPORT]) {
365 ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]);
368 if (data[IFLA_IPTUN_ENCAP_DPORT]) {
370 ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]);
376 static int ipip_newlink(struct net *src_net, struct net_device *dev,
377 struct nlattr *tb[], struct nlattr *data[])
379 struct ip_tunnel_parm p;
380 struct ip_tunnel_encap ipencap;
382 if (ipip_netlink_encap_parms(data, &ipencap)) {
383 struct ip_tunnel *t = netdev_priv(dev);
384 int err = ip_tunnel_encap_setup(t, &ipencap);
390 ipip_netlink_parms(data, &p);
391 return ip_tunnel_newlink(dev, tb, &p);
394 static int ipip_changelink(struct net_device *dev, struct nlattr *tb[],
395 struct nlattr *data[])
397 struct ip_tunnel_parm p;
398 struct ip_tunnel_encap ipencap;
400 if (ipip_netlink_encap_parms(data, &ipencap)) {
401 struct ip_tunnel *t = netdev_priv(dev);
402 int err = ip_tunnel_encap_setup(t, &ipencap);
408 ipip_netlink_parms(data, &p);
410 if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
411 (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
414 return ip_tunnel_changelink(dev, tb, &p);
417 static size_t ipip_get_size(const struct net_device *dev)
420 /* IFLA_IPTUN_LINK */
422 /* IFLA_IPTUN_LOCAL */
424 /* IFLA_IPTUN_REMOTE */
430 /* IFLA_IPTUN_PMTUDISC */
432 /* IFLA_IPTUN_ENCAP_TYPE */
434 /* IFLA_IPTUN_ENCAP_FLAGS */
436 /* IFLA_IPTUN_ENCAP_SPORT */
438 /* IFLA_IPTUN_ENCAP_DPORT */
443 static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev)
445 struct ip_tunnel *tunnel = netdev_priv(dev);
446 struct ip_tunnel_parm *parm = &tunnel->parms;
448 if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
449 nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
450 nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
451 nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
452 nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
453 nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
454 !!(parm->iph.frag_off & htons(IP_DF))))
455 goto nla_put_failure;
457 if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
458 tunnel->encap.type) ||
459 nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
460 tunnel->encap.sport) ||
461 nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
462 tunnel->encap.dport) ||
463 nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
464 tunnel->encap.flags))
465 goto nla_put_failure;
473 static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
474 [IFLA_IPTUN_LINK] = { .type = NLA_U32 },
475 [IFLA_IPTUN_LOCAL] = { .type = NLA_U32 },
476 [IFLA_IPTUN_REMOTE] = { .type = NLA_U32 },
477 [IFLA_IPTUN_TTL] = { .type = NLA_U8 },
478 [IFLA_IPTUN_TOS] = { .type = NLA_U8 },
479 [IFLA_IPTUN_PMTUDISC] = { .type = NLA_U8 },
480 [IFLA_IPTUN_ENCAP_TYPE] = { .type = NLA_U16 },
481 [IFLA_IPTUN_ENCAP_FLAGS] = { .type = NLA_U16 },
482 [IFLA_IPTUN_ENCAP_SPORT] = { .type = NLA_U16 },
483 [IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 },
486 static struct rtnl_link_ops ipip_link_ops __read_mostly = {
488 .maxtype = IFLA_IPTUN_MAX,
489 .policy = ipip_policy,
490 .priv_size = sizeof(struct ip_tunnel),
491 .setup = ipip_tunnel_setup,
492 .newlink = ipip_newlink,
493 .changelink = ipip_changelink,
494 .dellink = ip_tunnel_dellink,
495 .get_size = ipip_get_size,
496 .fill_info = ipip_fill_info,
497 .get_link_net = ip_tunnel_get_link_net,
500 static struct xfrm_tunnel ipip_handler __read_mostly = {
502 .err_handler = ipip_err,
506 static int __net_init ipip_init_net(struct net *net)
508 return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
511 static void __net_exit ipip_exit_net(struct net *net)
513 struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
514 ip_tunnel_delete_net(itn, &ipip_link_ops);
517 static struct pernet_operations ipip_net_ops = {
518 .init = ipip_init_net,
519 .exit = ipip_exit_net,
521 .size = sizeof(struct ip_tunnel_net),
524 static int __init ipip_init(void)
528 pr_info("ipip: IPv4 over IPv4 tunneling driver\n");
530 err = register_pernet_device(&ipip_net_ops);
533 err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
535 pr_info("%s: can't register tunnel\n", __func__);
536 goto xfrm_tunnel_failed;
538 err = rtnl_link_register(&ipip_link_ops);
540 goto rtnl_link_failed;
546 xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
548 unregister_pernet_device(&ipip_net_ops);
552 static void __exit ipip_fini(void)
554 rtnl_link_unregister(&ipip_link_ops);
555 if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
556 pr_info("%s: can't deregister tunnel\n", __func__);
558 unregister_pernet_device(&ipip_net_ops);
561 module_init(ipip_init);
562 module_exit(ipip_fini);
563 MODULE_LICENSE("GPL");
564 MODULE_ALIAS_RTNL_LINK("ipip");
565 MODULE_ALIAS_NETDEV("tunl0");
projects / cascardo / linux.git / blob