2 * Linux NET3: GRE over IP protocol decoder.
4 * Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
13 #include <linux/capability.h>
14 #include <linux/module.h>
15 #include <linux/types.h>
16 #include <linux/kernel.h>
17 #include <asm/uaccess.h>
18 #include <linux/skbuff.h>
19 #include <linux/netdevice.h>
21 #include <linux/tcp.h>
22 #include <linux/udp.h>
23 #include <linux/if_arp.h>
24 #include <linux/mroute.h>
25 #include <linux/init.h>
26 #include <linux/in6.h>
27 #include <linux/inetdevice.h>
28 #include <linux/igmp.h>
29 #include <linux/netfilter_ipv4.h>
30 #include <linux/etherdevice.h>
31 #include <linux/if_ether.h>
36 #include <net/protocol.h>
39 #include <net/checksum.h>
40 #include <net/dsfield.h>
41 #include <net/inet_ecn.h>
43 #include <net/net_namespace.h>
44 #include <net/netns/generic.h>
45 #include <net/rtnetlink.h>
49 #include <net/ip6_fib.h>
50 #include <net/ip6_route.h>
57 1. The most important issue is detecting local dead loops.
58 They would cause complete host lockup in transmit, which
59 would be "resolved" by stack overflow or, if queueing is enabled,
60 with infinite looping in net_bh.
62 We cannot track such dead loops during route installation,
63 it is infeasible task. The most general solutions would be
64 to keep skb->encapsulation counter (sort of local ttl),
65 and silently drop packet when it expires. It is the best
66 solution, but it supposes maintaing new variable in ALL
67 skb, even if no tunneling is used.
69 Current solution: HARD_TX_LOCK lock breaks dead loops.
73 2. Networking dead loops would not kill routers, but would really
74 kill network. IP hop limit plays role of "t->recursion" in this case,
75 if we copy it from packet being encapsulated to upper header.
76 It is very good solution, but it introduces two problems:
78 - Routing protocols, using packets with ttl=1 (OSPF, RIP2),
79 do not work over tunnels.
80 - traceroute does not work. I planned to relay ICMP from tunnel,
81 so that this problem would be solved and traceroute output
82 would even more informative. This idea appeared to be wrong:
83 only Linux complies to rfc1812 now (yes, guys, Linux is the only
84 true router now :-)), all routers (at least, in neighbourhood of mine)
85 return only 8 bytes of payload. It is the end.
87 Hence, if we want that OSPF worked or traceroute said something reasonable,
88 we should search for another solution.
90 One of them is to parse packet trying to detect inner encapsulation
91 made by our node. It is difficult or even impossible, especially,
92 taking into account fragmentation. TO be short, tt is not solution at all.
94 Current solution: The solution was UNEXPECTEDLY SIMPLE.
95 We force DF flag on tunnels with preconfigured hop limit,
96 that is ALL. :-) Well, it does not remove the problem completely,
97 but exponential growth of network traffic is changed to linear
98 (branches, that exceed pmtu are pruned) and tunnel mtu
99 fastly degrades to value <68, where looping stops.
100 Yes, it is not good if there exists a router in the loop,
101 which does not force DF, even when encapsulating packets have DF set.
102 But it is not our problem! Nobody could accuse us, we made
103 all that we could make. Even if it is your gated who injected
104 fatal route to network, even if it were you who configured
105 fatal static route: you are innocent. :-)
109 3. Really, ipv4/ipip.c, ipv4/ip_gre.c and ipv6/sit.c contain
110 practically identical code. It would be good to glue them
111 together, but it is not very evident, how to make them modular.
112 sit is integral part of IPv6, ipip and gre are naturally modular.
113 We could extract common parts (hash table, ioctl etc)
114 to a separate module (ip_tunnel.c).
119 static struct rtnl_link_ops ipgre_link_ops __read_mostly;
120 static int ipgre_tunnel_init(struct net_device *dev);
121 static void ipgre_tunnel_setup(struct net_device *dev);
122 static int ipgre_tunnel_bind_dev(struct net_device *dev);
124 /* Fallback tunnel: no source, no destination, no key, no options */
128 static int ipgre_net_id;
130 struct ip_tunnel *tunnels[4][HASH_SIZE];
132 struct net_device *fb_tunnel_dev;
135 /* Tunnel hash table */
145 We require exact key match i.e. if a key is present in packet
146 it will match only tunnel with the same key; if it is not present,
147 it will match only keyless tunnel.
149 All keysless packets, if not matched configured keyless tunnels
150 will match fallback tunnel.
153 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
155 #define tunnels_r_l tunnels[3]
156 #define tunnels_r tunnels[2]
157 #define tunnels_l tunnels[1]
158 #define tunnels_wc tunnels[0]
160 static DEFINE_RWLOCK(ipgre_lock);
162 /* Given src, dst and key, find appropriate for input tunnel. */
164 static struct ip_tunnel * ipgre_tunnel_lookup(struct net_device *dev,
165 __be32 remote, __be32 local,
166 __be32 key, __be16 gre_proto)
168 struct net *net = dev_net(dev);
169 int link = dev->ifindex;
170 unsigned h0 = HASH(remote);
171 unsigned h1 = HASH(key);
172 struct ip_tunnel *t, *cand = NULL;
173 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
174 int dev_type = (gre_proto == htons(ETH_P_TEB)) ?
175 ARPHRD_ETHER : ARPHRD_IPGRE;
176 int score, cand_score = 4;
178 for (t = ign->tunnels_r_l[h0^h1]; t; t = t->next) {
179 if (local != t->parms.iph.saddr ||
180 remote != t->parms.iph.daddr ||
181 key != t->parms.i_key ||
182 !(t->dev->flags & IFF_UP))
185 if (t->dev->type != ARPHRD_IPGRE &&
186 t->dev->type != dev_type)
190 if (t->parms.link != link)
192 if (t->dev->type != dev_type)
197 if (score < cand_score) {
203 for (t = ign->tunnels_r[h0^h1]; t; t = t->next) {
204 if (remote != t->parms.iph.daddr ||
205 key != t->parms.i_key ||
206 !(t->dev->flags & IFF_UP))
209 if (t->dev->type != ARPHRD_IPGRE &&
210 t->dev->type != dev_type)
214 if (t->parms.link != link)
216 if (t->dev->type != dev_type)
221 if (score < cand_score) {
227 for (t = ign->tunnels_l[h1]; t; t = t->next) {
228 if ((local != t->parms.iph.saddr &&
229 (local != t->parms.iph.daddr ||
230 !ipv4_is_multicast(local))) ||
231 key != t->parms.i_key ||
232 !(t->dev->flags & IFF_UP))
235 if (t->dev->type != ARPHRD_IPGRE &&
236 t->dev->type != dev_type)
240 if (t->parms.link != link)
242 if (t->dev->type != dev_type)
247 if (score < cand_score) {
253 for (t = ign->tunnels_wc[h1]; t; t = t->next) {
254 if (t->parms.i_key != key ||
255 !(t->dev->flags & IFF_UP))
258 if (t->dev->type != ARPHRD_IPGRE &&
259 t->dev->type != dev_type)
263 if (t->parms.link != link)
265 if (t->dev->type != dev_type)
270 if (score < cand_score) {
279 if (ign->fb_tunnel_dev->flags & IFF_UP)
280 return netdev_priv(ign->fb_tunnel_dev);
285 static struct ip_tunnel **__ipgre_bucket(struct ipgre_net *ign,
286 struct ip_tunnel_parm *parms)
288 __be32 remote = parms->iph.daddr;
289 __be32 local = parms->iph.saddr;
290 __be32 key = parms->i_key;
291 unsigned h = HASH(key);
296 if (remote && !ipv4_is_multicast(remote)) {
301 return &ign->tunnels[prio][h];
304 static inline struct ip_tunnel **ipgre_bucket(struct ipgre_net *ign,
307 return __ipgre_bucket(ign, &t->parms);
310 static void ipgre_tunnel_link(struct ipgre_net *ign, struct ip_tunnel *t)
312 struct ip_tunnel **tp = ipgre_bucket(ign, t);
315 write_lock_bh(&ipgre_lock);
317 write_unlock_bh(&ipgre_lock);
320 static void ipgre_tunnel_unlink(struct ipgre_net *ign, struct ip_tunnel *t)
322 struct ip_tunnel **tp;
324 for (tp = ipgre_bucket(ign, t); *tp; tp = &(*tp)->next) {
326 write_lock_bh(&ipgre_lock);
328 write_unlock_bh(&ipgre_lock);
334 static struct ip_tunnel *ipgre_tunnel_find(struct net *net,
335 struct ip_tunnel_parm *parms,
338 __be32 remote = parms->iph.daddr;
339 __be32 local = parms->iph.saddr;
340 __be32 key = parms->i_key;
341 int link = parms->link;
342 struct ip_tunnel *t, **tp;
343 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
345 for (tp = __ipgre_bucket(ign, parms); (t = *tp) != NULL; tp = &t->next)
346 if (local == t->parms.iph.saddr &&
347 remote == t->parms.iph.daddr &&
348 key == t->parms.i_key &&
349 link == t->parms.link &&
350 type == t->dev->type)
356 static struct ip_tunnel * ipgre_tunnel_locate(struct net *net,
357 struct ip_tunnel_parm *parms, int create)
359 struct ip_tunnel *t, *nt;
360 struct net_device *dev;
362 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
364 t = ipgre_tunnel_find(net, parms, ARPHRD_IPGRE);
369 strlcpy(name, parms->name, IFNAMSIZ);
371 sprintf(name, "gre%%d");
373 dev = alloc_netdev(sizeof(*t), name, ipgre_tunnel_setup);
377 dev_net_set(dev, net);
379 if (strchr(name, '%')) {
380 if (dev_alloc_name(dev, name) < 0)
384 nt = netdev_priv(dev);
386 dev->rtnl_link_ops = &ipgre_link_ops;
388 dev->mtu = ipgre_tunnel_bind_dev(dev);
390 if (register_netdevice(dev) < 0)
394 ipgre_tunnel_link(ign, nt);
402 static void ipgre_tunnel_uninit(struct net_device *dev)
404 struct net *net = dev_net(dev);
405 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
407 ipgre_tunnel_unlink(ign, netdev_priv(dev));
412 static void ipgre_err(struct sk_buff *skb, u32 info)
415 /* All the routers (except for Linux) return only
416 8 bytes of packet payload. It means, that precise relaying of
417 ICMP in the real Internet is absolutely infeasible.
419 Moreover, Cisco "wise men" put GRE key to the third word
420 in GRE header. It makes impossible maintaining even soft state for keyed
421 GRE tunnels with enabled checksum. Tell them "thank you".
423 Well, I wonder, rfc1812 was written by Cisco employee,
424 what the hell these idiots break standrads established
428 struct iphdr *iph = (struct iphdr *)skb->data;
429 __be16 *p = (__be16*)(skb->data+(iph->ihl<<2));
430 int grehlen = (iph->ihl<<2) + 4;
431 const int type = icmp_hdr(skb)->type;
432 const int code = icmp_hdr(skb)->code;
437 if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) {
438 if (flags&(GRE_VERSION|GRE_ROUTING))
447 /* If only 8 bytes returned, keyed message will be dropped here */
448 if (skb_headlen(skb) < grehlen)
453 case ICMP_PARAMETERPROB:
456 case ICMP_DEST_UNREACH:
459 case ICMP_PORT_UNREACH:
460 /* Impossible event. */
462 case ICMP_FRAG_NEEDED:
463 /* Soft state for pmtu is maintained by IP core. */
466 /* All others are translated to HOST_UNREACH.
467 rfc2003 contains "deep thoughts" about NET_UNREACH,
468 I believe they are just ether pollution. --ANK
473 case ICMP_TIME_EXCEEDED:
474 if (code != ICMP_EXC_TTL)
479 read_lock(&ipgre_lock);
480 t = ipgre_tunnel_lookup(skb->dev, iph->daddr, iph->saddr,
482 *(((__be32 *)p) + (grehlen / 4) - 1) : 0,
484 if (t == NULL || t->parms.iph.daddr == 0 ||
485 ipv4_is_multicast(t->parms.iph.daddr))
488 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
491 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
495 t->err_time = jiffies;
497 read_unlock(&ipgre_lock);
501 static inline void ipgre_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb)
503 if (INET_ECN_is_ce(iph->tos)) {
504 if (skb->protocol == htons(ETH_P_IP)) {
505 IP_ECN_set_ce(ip_hdr(skb));
506 } else if (skb->protocol == htons(ETH_P_IPV6)) {
507 IP6_ECN_set_ce(ipv6_hdr(skb));
513 ipgre_ecn_encapsulate(u8 tos, struct iphdr *old_iph, struct sk_buff *skb)
516 if (skb->protocol == htons(ETH_P_IP))
517 inner = old_iph->tos;
518 else if (skb->protocol == htons(ETH_P_IPV6))
519 inner = ipv6_get_dsfield((struct ipv6hdr *)old_iph);
520 return INET_ECN_encapsulate(tos, inner);
523 static int ipgre_rcv(struct sk_buff *skb)
531 struct ip_tunnel *tunnel;
536 if (!pskb_may_pull(skb, 16))
543 if (flags&(GRE_CSUM|GRE_KEY|GRE_ROUTING|GRE_SEQ|GRE_VERSION)) {
544 /* - Version must be 0.
545 - We do not support routing headers.
547 if (flags&(GRE_VERSION|GRE_ROUTING))
550 if (flags&GRE_CSUM) {
551 switch (skb->ip_summed) {
552 case CHECKSUM_COMPLETE:
553 csum = csum_fold(skb->csum);
559 csum = __skb_checksum_complete(skb);
560 skb->ip_summed = CHECKSUM_COMPLETE;
565 key = *(__be32*)(h + offset);
569 seqno = ntohl(*(__be32*)(h + offset));
574 gre_proto = *(__be16 *)(h + 2);
576 read_lock(&ipgre_lock);
577 if ((tunnel = ipgre_tunnel_lookup(skb->dev,
578 iph->saddr, iph->daddr, key,
580 struct net_device_stats *stats = &tunnel->dev->stats;
584 skb->protocol = gre_proto;
585 /* WCCP version 1 and 2 protocol decoding.
586 * - Change protocol to IP
587 * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header
589 if (flags == 0 && gre_proto == htons(ETH_P_WCCP)) {
590 skb->protocol = htons(ETH_P_IP);
591 if ((*(h + offset) & 0xF0) != 0x40)
595 skb->mac_header = skb->network_header;
596 __pskb_pull(skb, offset);
597 skb_postpull_rcsum(skb, skb_transport_header(skb), offset);
598 skb->pkt_type = PACKET_HOST;
599 #ifdef CONFIG_NET_IPGRE_BROADCAST
600 if (ipv4_is_multicast(iph->daddr)) {
601 /* Looped back packet, drop it! */
602 if (skb_rtable(skb)->fl.iif == 0)
605 skb->pkt_type = PACKET_BROADCAST;
609 if (((flags&GRE_CSUM) && csum) ||
610 (!(flags&GRE_CSUM) && tunnel->parms.i_flags&GRE_CSUM)) {
611 stats->rx_crc_errors++;
615 if (tunnel->parms.i_flags&GRE_SEQ) {
616 if (!(flags&GRE_SEQ) ||
617 (tunnel->i_seqno && (s32)(seqno - tunnel->i_seqno) < 0)) {
618 stats->rx_fifo_errors++;
622 tunnel->i_seqno = seqno + 1;
627 /* Warning: All skb pointers will be invalidated! */
628 if (tunnel->dev->type == ARPHRD_ETHER) {
629 if (!pskb_may_pull(skb, ETH_HLEN)) {
630 stats->rx_length_errors++;
636 skb->protocol = eth_type_trans(skb, tunnel->dev);
637 skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
641 stats->rx_bytes += len;
642 skb->dev = tunnel->dev;
646 skb_reset_network_header(skb);
647 ipgre_ecn_decapsulate(iph, skb);
650 read_unlock(&ipgre_lock);
653 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
656 read_unlock(&ipgre_lock);
662 static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
664 struct ip_tunnel *tunnel = netdev_priv(dev);
665 struct net_device_stats *stats = &tunnel->dev->stats;
666 struct iphdr *old_iph = ip_hdr(skb);
670 struct rtable *rt; /* Route to the other host */
671 struct net_device *tdev; /* Device to other host */
672 struct iphdr *iph; /* Our new IP header */
673 unsigned int max_headroom; /* The extra header space needed */
678 if (dev->type == ARPHRD_ETHER)
679 IPCB(skb)->flags = 0;
681 if (dev->header_ops && dev->type == ARPHRD_IPGRE) {
683 tiph = (struct iphdr *)skb->data;
685 gre_hlen = tunnel->hlen;
686 tiph = &tunnel->parms.iph;
689 if ((dst = tiph->daddr) == 0) {
692 if (skb_dst(skb) == NULL) {
693 stats->tx_fifo_errors++;
697 if (skb->protocol == htons(ETH_P_IP)) {
698 rt = skb_rtable(skb);
699 if ((dst = rt->rt_gateway) == 0)
703 else if (skb->protocol == htons(ETH_P_IPV6)) {
704 struct in6_addr *addr6;
706 struct neighbour *neigh = skb_dst(skb)->neighbour;
711 addr6 = (struct in6_addr *)&neigh->primary_key;
712 addr_type = ipv6_addr_type(addr6);
714 if (addr_type == IPV6_ADDR_ANY) {
715 addr6 = &ipv6_hdr(skb)->daddr;
716 addr_type = ipv6_addr_type(addr6);
719 if ((addr_type & IPV6_ADDR_COMPATv4) == 0)
722 dst = addr6->s6_addr32[3];
732 if (skb->protocol == htons(ETH_P_IP))
737 struct flowi fl = { .oif = tunnel->parms.link,
740 .saddr = tiph->saddr,
741 .tos = RT_TOS(tos) } },
742 .proto = IPPROTO_GRE };
743 if (ip_route_output_key(dev_net(dev), &rt, &fl)) {
744 stats->tx_carrier_errors++;
748 tdev = rt->u.dst.dev;
758 mtu = dst_mtu(&rt->u.dst) - dev->hard_header_len - tunnel->hlen;
760 mtu = skb_dst(skb) ? dst_mtu(skb_dst(skb)) : dev->mtu;
763 skb_dst(skb)->ops->update_pmtu(skb_dst(skb), mtu);
765 if (skb->protocol == htons(ETH_P_IP)) {
766 df |= (old_iph->frag_off&htons(IP_DF));
768 if ((old_iph->frag_off&htons(IP_DF)) &&
769 mtu < ntohs(old_iph->tot_len)) {
770 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
776 else if (skb->protocol == htons(ETH_P_IPV6)) {
777 struct rt6_info *rt6 = (struct rt6_info *)skb_dst(skb);
779 if (rt6 && mtu < dst_mtu(skb_dst(skb)) && mtu >= IPV6_MIN_MTU) {
780 if ((tunnel->parms.iph.daddr &&
781 !ipv4_is_multicast(tunnel->parms.iph.daddr)) ||
782 rt6->rt6i_dst.plen == 128) {
783 rt6->rt6i_flags |= RTF_MODIFIED;
784 skb_dst(skb)->metrics[RTAX_MTU-1] = mtu;
788 if (mtu >= IPV6_MIN_MTU && mtu < skb->len - tunnel->hlen + gre_hlen) {
789 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, dev);
796 if (tunnel->err_count > 0) {
797 if (time_before(jiffies,
798 tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
801 dst_link_failure(skb);
803 tunnel->err_count = 0;
806 max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen;
808 if (skb_headroom(skb) < max_headroom || skb_shared(skb)||
809 (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
810 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
818 skb_set_owner_w(new_skb, skb->sk);
821 old_iph = ip_hdr(skb);
824 skb_reset_transport_header(skb);
825 skb_push(skb, gre_hlen);
826 skb_reset_network_header(skb);
827 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
828 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
831 skb_dst_set(skb, &rt->u.dst);
834 * Push down and install the IPIP header.
839 iph->ihl = sizeof(struct iphdr) >> 2;
841 iph->protocol = IPPROTO_GRE;
842 iph->tos = ipgre_ecn_encapsulate(tos, old_iph, skb);
843 iph->daddr = rt->rt_dst;
844 iph->saddr = rt->rt_src;
846 if ((iph->ttl = tiph->ttl) == 0) {
847 if (skb->protocol == htons(ETH_P_IP))
848 iph->ttl = old_iph->ttl;
850 else if (skb->protocol == htons(ETH_P_IPV6))
851 iph->ttl = ((struct ipv6hdr *)old_iph)->hop_limit;
854 iph->ttl = dst_metric(&rt->u.dst, RTAX_HOPLIMIT);
857 ((__be16 *)(iph + 1))[0] = tunnel->parms.o_flags;
858 ((__be16 *)(iph + 1))[1] = (dev->type == ARPHRD_ETHER) ?
859 htons(ETH_P_TEB) : skb->protocol;
861 if (tunnel->parms.o_flags&(GRE_KEY|GRE_CSUM|GRE_SEQ)) {
862 __be32 *ptr = (__be32*)(((u8*)iph) + tunnel->hlen - 4);
864 if (tunnel->parms.o_flags&GRE_SEQ) {
866 *ptr = htonl(tunnel->o_seqno);
869 if (tunnel->parms.o_flags&GRE_KEY) {
870 *ptr = tunnel->parms.o_key;
873 if (tunnel->parms.o_flags&GRE_CSUM) {
875 *(__sum16*)ptr = ip_compute_csum((void*)(iph+1), skb->len - sizeof(struct iphdr));
885 dst_link_failure(skb);
893 static int ipgre_tunnel_bind_dev(struct net_device *dev)
895 struct net_device *tdev = NULL;
896 struct ip_tunnel *tunnel;
898 int hlen = LL_MAX_HEADER;
899 int mtu = ETH_DATA_LEN;
900 int addend = sizeof(struct iphdr) + 4;
902 tunnel = netdev_priv(dev);
903 iph = &tunnel->parms.iph;
905 /* Guess output device to choose reasonable mtu and needed_headroom */
908 struct flowi fl = { .oif = tunnel->parms.link,
910 { .daddr = iph->daddr,
912 .tos = RT_TOS(iph->tos) } },
913 .proto = IPPROTO_GRE };
915 if (!ip_route_output_key(dev_net(dev), &rt, &fl)) {
916 tdev = rt->u.dst.dev;
920 if (dev->type != ARPHRD_ETHER)
921 dev->flags |= IFF_POINTOPOINT;
924 if (!tdev && tunnel->parms.link)
925 tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link);
928 hlen = tdev->hard_header_len + tdev->needed_headroom;
931 dev->iflink = tunnel->parms.link;
933 /* Precalculate GRE options length */
934 if (tunnel->parms.o_flags&(GRE_CSUM|GRE_KEY|GRE_SEQ)) {
935 if (tunnel->parms.o_flags&GRE_CSUM)
937 if (tunnel->parms.o_flags&GRE_KEY)
939 if (tunnel->parms.o_flags&GRE_SEQ)
942 dev->needed_headroom = addend + hlen;
943 mtu -= dev->hard_header_len + addend;
948 tunnel->hlen = addend;
954 ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
957 struct ip_tunnel_parm p;
959 struct net *net = dev_net(dev);
960 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
965 if (dev == ign->fb_tunnel_dev) {
966 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
970 t = ipgre_tunnel_locate(net, &p, 0);
973 t = netdev_priv(dev);
974 memcpy(&p, &t->parms, sizeof(p));
975 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
982 if (!capable(CAP_NET_ADMIN))
986 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
990 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_GRE ||
991 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)) ||
992 ((p.i_flags|p.o_flags)&(GRE_VERSION|GRE_ROUTING)))
995 p.iph.frag_off |= htons(IP_DF);
997 if (!(p.i_flags&GRE_KEY))
999 if (!(p.o_flags&GRE_KEY))
1002 t = ipgre_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL);
1004 if (dev != ign->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
1006 if (t->dev != dev) {
1011 unsigned nflags = 0;
1013 t = netdev_priv(dev);
1015 if (ipv4_is_multicast(p.iph.daddr))
1016 nflags = IFF_BROADCAST;
1017 else if (p.iph.daddr)
1018 nflags = IFF_POINTOPOINT;
1020 if ((dev->flags^nflags)&(IFF_POINTOPOINT|IFF_BROADCAST)) {
1024 ipgre_tunnel_unlink(ign, t);
1025 t->parms.iph.saddr = p.iph.saddr;
1026 t->parms.iph.daddr = p.iph.daddr;
1027 t->parms.i_key = p.i_key;
1028 t->parms.o_key = p.o_key;
1029 memcpy(dev->dev_addr, &p.iph.saddr, 4);
1030 memcpy(dev->broadcast, &p.iph.daddr, 4);
1031 ipgre_tunnel_link(ign, t);
1032 netdev_state_change(dev);
1038 if (cmd == SIOCCHGTUNNEL) {
1039 t->parms.iph.ttl = p.iph.ttl;
1040 t->parms.iph.tos = p.iph.tos;
1041 t->parms.iph.frag_off = p.iph.frag_off;
1042 if (t->parms.link != p.link) {
1043 t->parms.link = p.link;
1044 dev->mtu = ipgre_tunnel_bind_dev(dev);
1045 netdev_state_change(dev);
1048 if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
1051 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
1056 if (!capable(CAP_NET_ADMIN))
1059 if (dev == ign->fb_tunnel_dev) {
1061 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
1064 if ((t = ipgre_tunnel_locate(net, &p, 0)) == NULL)
1067 if (t == netdev_priv(ign->fb_tunnel_dev))
1071 unregister_netdevice(dev);
1083 static int ipgre_tunnel_change_mtu(struct net_device *dev, int new_mtu)
1085 struct ip_tunnel *tunnel = netdev_priv(dev);
1087 new_mtu > 0xFFF8 - dev->hard_header_len - tunnel->hlen)
1093 /* Nice toy. Unfortunately, useless in real life :-)
1094 It allows to construct virtual multiprotocol broadcast "LAN"
1095 over the Internet, provided multicast routing is tuned.
1098 I have no idea was this bicycle invented before me,
1099 so that I had to set ARPHRD_IPGRE to a random value.
1100 I have an impression, that Cisco could make something similar,
1101 but this feature is apparently missing in IOS<=11.2(8).
1103 I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks
1104 with broadcast 224.66.66.66. If you have access to mbone, play with me :-)
1106 ping -t 255 224.66.66.66
1108 If nobody answers, mbone does not work.
1110 ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255
1111 ip addr add 10.66.66.<somewhat>/24 dev Universe
1112 ifconfig Universe up
1113 ifconfig Universe add fe80::<Your_real_addr>/10
1114 ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96
1117 ftp fec0:6666:6666::193.233.7.65
1122 static int ipgre_header(struct sk_buff *skb, struct net_device *dev,
1123 unsigned short type,
1124 const void *daddr, const void *saddr, unsigned len)
1126 struct ip_tunnel *t = netdev_priv(dev);
1127 struct iphdr *iph = (struct iphdr *)skb_push(skb, t->hlen);
1128 __be16 *p = (__be16*)(iph+1);
1130 memcpy(iph, &t->parms.iph, sizeof(struct iphdr));
1131 p[0] = t->parms.o_flags;
1135 * Set the source hardware address.
1139 memcpy(&iph->saddr, saddr, 4);
1142 memcpy(&iph->daddr, daddr, 4);
1145 if (iph->daddr && !ipv4_is_multicast(iph->daddr))
1151 static int ipgre_header_parse(const struct sk_buff *skb, unsigned char *haddr)
1153 struct iphdr *iph = (struct iphdr *) skb_mac_header(skb);
1154 memcpy(haddr, &iph->saddr, 4);
1158 static const struct header_ops ipgre_header_ops = {
1159 .create = ipgre_header,
1160 .parse = ipgre_header_parse,
1163 #ifdef CONFIG_NET_IPGRE_BROADCAST
1164 static int ipgre_open(struct net_device *dev)
1166 struct ip_tunnel *t = netdev_priv(dev);
1168 if (ipv4_is_multicast(t->parms.iph.daddr)) {
1169 struct flowi fl = { .oif = t->parms.link,
1171 { .daddr = t->parms.iph.daddr,
1172 .saddr = t->parms.iph.saddr,
1173 .tos = RT_TOS(t->parms.iph.tos) } },
1174 .proto = IPPROTO_GRE };
1176 if (ip_route_output_key(dev_net(dev), &rt, &fl))
1177 return -EADDRNOTAVAIL;
1178 dev = rt->u.dst.dev;
1180 if (__in_dev_get_rtnl(dev) == NULL)
1181 return -EADDRNOTAVAIL;
1182 t->mlink = dev->ifindex;
1183 ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr);
1188 static int ipgre_close(struct net_device *dev)
1190 struct ip_tunnel *t = netdev_priv(dev);
1192 if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) {
1193 struct in_device *in_dev;
1194 in_dev = inetdev_by_index(dev_net(dev), t->mlink);
1196 ip_mc_dec_group(in_dev, t->parms.iph.daddr);
1205 static const struct net_device_ops ipgre_netdev_ops = {
1206 .ndo_init = ipgre_tunnel_init,
1207 .ndo_uninit = ipgre_tunnel_uninit,
1208 #ifdef CONFIG_NET_IPGRE_BROADCAST
1209 .ndo_open = ipgre_open,
1210 .ndo_stop = ipgre_close,
1212 .ndo_start_xmit = ipgre_tunnel_xmit,
1213 .ndo_do_ioctl = ipgre_tunnel_ioctl,
1214 .ndo_change_mtu = ipgre_tunnel_change_mtu,
1217 static void ipgre_tunnel_setup(struct net_device *dev)
1219 dev->netdev_ops = &ipgre_netdev_ops;
1220 dev->destructor = free_netdev;
1222 dev->type = ARPHRD_IPGRE;
1223 dev->needed_headroom = LL_MAX_HEADER + sizeof(struct iphdr) + 4;
1224 dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr) - 4;
1225 dev->flags = IFF_NOARP;
1228 dev->features |= NETIF_F_NETNS_LOCAL;
1229 dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
1232 static int ipgre_tunnel_init(struct net_device *dev)
1234 struct ip_tunnel *tunnel;
1237 tunnel = netdev_priv(dev);
1238 iph = &tunnel->parms.iph;
1241 strcpy(tunnel->parms.name, dev->name);
1243 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
1244 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
1247 #ifdef CONFIG_NET_IPGRE_BROADCAST
1248 if (ipv4_is_multicast(iph->daddr)) {
1251 dev->flags = IFF_BROADCAST;
1252 dev->header_ops = &ipgre_header_ops;
1256 dev->header_ops = &ipgre_header_ops;
1261 static void ipgre_fb_tunnel_init(struct net_device *dev)
1263 struct ip_tunnel *tunnel = netdev_priv(dev);
1264 struct iphdr *iph = &tunnel->parms.iph;
1265 struct ipgre_net *ign = net_generic(dev_net(dev), ipgre_net_id);
1268 strcpy(tunnel->parms.name, dev->name);
1271 iph->protocol = IPPROTO_GRE;
1273 tunnel->hlen = sizeof(struct iphdr) + 4;
1276 ign->tunnels_wc[0] = tunnel;
1280 static const struct net_protocol ipgre_protocol = {
1281 .handler = ipgre_rcv,
1282 .err_handler = ipgre_err,
1286 static void ipgre_destroy_tunnels(struct ipgre_net *ign)
1290 for (prio = 0; prio < 4; prio++) {
1292 for (h = 0; h < HASH_SIZE; h++) {
1293 struct ip_tunnel *t;
1294 while ((t = ign->tunnels[prio][h]) != NULL)
1295 unregister_netdevice(t->dev);
1300 static int ipgre_init_net(struct net *net)
1303 struct ipgre_net *ign;
1306 ign = kzalloc(sizeof(struct ipgre_net), GFP_KERNEL);
1310 err = net_assign_generic(net, ipgre_net_id, ign);
1314 ign->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0",
1315 ipgre_tunnel_setup);
1316 if (!ign->fb_tunnel_dev) {
1320 dev_net_set(ign->fb_tunnel_dev, net);
1322 ipgre_fb_tunnel_init(ign->fb_tunnel_dev);
1323 ign->fb_tunnel_dev->rtnl_link_ops = &ipgre_link_ops;
1325 if ((err = register_netdev(ign->fb_tunnel_dev)))
1331 free_netdev(ign->fb_tunnel_dev);
1340 static void ipgre_exit_net(struct net *net)
1342 struct ipgre_net *ign;
1344 ign = net_generic(net, ipgre_net_id);
1346 ipgre_destroy_tunnels(ign);
1351 static struct pernet_operations ipgre_net_ops = {
1352 .init = ipgre_init_net,
1353 .exit = ipgre_exit_net,
1356 static int ipgre_tunnel_validate(struct nlattr *tb[], struct nlattr *data[])
1364 if (data[IFLA_GRE_IFLAGS])
1365 flags |= nla_get_be16(data[IFLA_GRE_IFLAGS]);
1366 if (data[IFLA_GRE_OFLAGS])
1367 flags |= nla_get_be16(data[IFLA_GRE_OFLAGS]);
1368 if (flags & (GRE_VERSION|GRE_ROUTING))
1374 static int ipgre_tap_validate(struct nlattr *tb[], struct nlattr *data[])
1378 if (tb[IFLA_ADDRESS]) {
1379 if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN)
1381 if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS])))
1382 return -EADDRNOTAVAIL;
1388 if (data[IFLA_GRE_REMOTE]) {
1389 memcpy(&daddr, nla_data(data[IFLA_GRE_REMOTE]), 4);
1395 return ipgre_tunnel_validate(tb, data);
1398 static void ipgre_netlink_parms(struct nlattr *data[],
1399 struct ip_tunnel_parm *parms)
1401 memset(parms, 0, sizeof(*parms));
1403 parms->iph.protocol = IPPROTO_GRE;
1408 if (data[IFLA_GRE_LINK])
1409 parms->link = nla_get_u32(data[IFLA_GRE_LINK]);
1411 if (data[IFLA_GRE_IFLAGS])
1412 parms->i_flags = nla_get_be16(data[IFLA_GRE_IFLAGS]);
1414 if (data[IFLA_GRE_OFLAGS])
1415 parms->o_flags = nla_get_be16(data[IFLA_GRE_OFLAGS]);
1417 if (data[IFLA_GRE_IKEY])
1418 parms->i_key = nla_get_be32(data[IFLA_GRE_IKEY]);
1420 if (data[IFLA_GRE_OKEY])
1421 parms->o_key = nla_get_be32(data[IFLA_GRE_OKEY]);
1423 if (data[IFLA_GRE_LOCAL])
1424 parms->iph.saddr = nla_get_be32(data[IFLA_GRE_LOCAL]);
1426 if (data[IFLA_GRE_REMOTE])
1427 parms->iph.daddr = nla_get_be32(data[IFLA_GRE_REMOTE]);
1429 if (data[IFLA_GRE_TTL])
1430 parms->iph.ttl = nla_get_u8(data[IFLA_GRE_TTL]);
1432 if (data[IFLA_GRE_TOS])
1433 parms->iph.tos = nla_get_u8(data[IFLA_GRE_TOS]);
1435 if (!data[IFLA_GRE_PMTUDISC] || nla_get_u8(data[IFLA_GRE_PMTUDISC]))
1436 parms->iph.frag_off = htons(IP_DF);
1439 static int ipgre_tap_init(struct net_device *dev)
1441 struct ip_tunnel *tunnel;
1443 tunnel = netdev_priv(dev);
1446 strcpy(tunnel->parms.name, dev->name);
1448 ipgre_tunnel_bind_dev(dev);
1453 static const struct net_device_ops ipgre_tap_netdev_ops = {
1454 .ndo_init = ipgre_tap_init,
1455 .ndo_uninit = ipgre_tunnel_uninit,
1456 .ndo_start_xmit = ipgre_tunnel_xmit,
1457 .ndo_set_mac_address = eth_mac_addr,
1458 .ndo_validate_addr = eth_validate_addr,
1459 .ndo_change_mtu = ipgre_tunnel_change_mtu,
1462 static void ipgre_tap_setup(struct net_device *dev)
1467 dev->netdev_ops = &ipgre_netdev_ops;
1468 dev->destructor = free_netdev;
1471 dev->features |= NETIF_F_NETNS_LOCAL;
1474 static int ipgre_newlink(struct net_device *dev, struct nlattr *tb[],
1475 struct nlattr *data[])
1477 struct ip_tunnel *nt;
1478 struct net *net = dev_net(dev);
1479 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
1483 nt = netdev_priv(dev);
1484 ipgre_netlink_parms(data, &nt->parms);
1486 if (ipgre_tunnel_find(net, &nt->parms, dev->type))
1489 if (dev->type == ARPHRD_ETHER && !tb[IFLA_ADDRESS])
1490 random_ether_addr(dev->dev_addr);
1492 mtu = ipgre_tunnel_bind_dev(dev);
1496 err = register_netdevice(dev);
1501 ipgre_tunnel_link(ign, nt);
1507 static int ipgre_changelink(struct net_device *dev, struct nlattr *tb[],
1508 struct nlattr *data[])
1510 struct ip_tunnel *t, *nt;
1511 struct net *net = dev_net(dev);
1512 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
1513 struct ip_tunnel_parm p;
1516 if (dev == ign->fb_tunnel_dev)
1519 nt = netdev_priv(dev);
1520 ipgre_netlink_parms(data, &p);
1522 t = ipgre_tunnel_locate(net, &p, 0);
1528 unsigned nflags = 0;
1532 if (ipv4_is_multicast(p.iph.daddr))
1533 nflags = IFF_BROADCAST;
1534 else if (p.iph.daddr)
1535 nflags = IFF_POINTOPOINT;
1537 if ((dev->flags ^ nflags) &
1538 (IFF_POINTOPOINT | IFF_BROADCAST))
1541 ipgre_tunnel_unlink(ign, t);
1542 t->parms.iph.saddr = p.iph.saddr;
1543 t->parms.iph.daddr = p.iph.daddr;
1544 t->parms.i_key = p.i_key;
1545 memcpy(dev->dev_addr, &p.iph.saddr, 4);
1546 memcpy(dev->broadcast, &p.iph.daddr, 4);
1547 ipgre_tunnel_link(ign, t);
1548 netdev_state_change(dev);
1551 t->parms.o_key = p.o_key;
1552 t->parms.iph.ttl = p.iph.ttl;
1553 t->parms.iph.tos = p.iph.tos;
1554 t->parms.iph.frag_off = p.iph.frag_off;
1556 if (t->parms.link != p.link) {
1557 t->parms.link = p.link;
1558 mtu = ipgre_tunnel_bind_dev(dev);
1561 netdev_state_change(dev);
1567 static size_t ipgre_get_size(const struct net_device *dev)
1572 /* IFLA_GRE_IFLAGS */
1574 /* IFLA_GRE_OFLAGS */
1580 /* IFLA_GRE_LOCAL */
1582 /* IFLA_GRE_REMOTE */
1588 /* IFLA_GRE_PMTUDISC */
1593 static int ipgre_fill_info(struct sk_buff *skb, const struct net_device *dev)
1595 struct ip_tunnel *t = netdev_priv(dev);
1596 struct ip_tunnel_parm *p = &t->parms;
1598 NLA_PUT_U32(skb, IFLA_GRE_LINK, p->link);
1599 NLA_PUT_BE16(skb, IFLA_GRE_IFLAGS, p->i_flags);
1600 NLA_PUT_BE16(skb, IFLA_GRE_OFLAGS, p->o_flags);
1601 NLA_PUT_BE32(skb, IFLA_GRE_IKEY, p->i_key);
1602 NLA_PUT_BE32(skb, IFLA_GRE_OKEY, p->o_key);
1603 NLA_PUT_BE32(skb, IFLA_GRE_LOCAL, p->iph.saddr);
1604 NLA_PUT_BE32(skb, IFLA_GRE_REMOTE, p->iph.daddr);
1605 NLA_PUT_U8(skb, IFLA_GRE_TTL, p->iph.ttl);
1606 NLA_PUT_U8(skb, IFLA_GRE_TOS, p->iph.tos);
1607 NLA_PUT_U8(skb, IFLA_GRE_PMTUDISC, !!(p->iph.frag_off & htons(IP_DF)));
1615 static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
1616 [IFLA_GRE_LINK] = { .type = NLA_U32 },
1617 [IFLA_GRE_IFLAGS] = { .type = NLA_U16 },
1618 [IFLA_GRE_OFLAGS] = { .type = NLA_U16 },
1619 [IFLA_GRE_IKEY] = { .type = NLA_U32 },
1620 [IFLA_GRE_OKEY] = { .type = NLA_U32 },
1621 [IFLA_GRE_LOCAL] = { .len = FIELD_SIZEOF(struct iphdr, saddr) },
1622 [IFLA_GRE_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) },
1623 [IFLA_GRE_TTL] = { .type = NLA_U8 },
1624 [IFLA_GRE_TOS] = { .type = NLA_U8 },
1625 [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 },
1628 static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
1630 .maxtype = IFLA_GRE_MAX,
1631 .policy = ipgre_policy,
1632 .priv_size = sizeof(struct ip_tunnel),
1633 .setup = ipgre_tunnel_setup,
1634 .validate = ipgre_tunnel_validate,
1635 .newlink = ipgre_newlink,
1636 .changelink = ipgre_changelink,
1637 .get_size = ipgre_get_size,
1638 .fill_info = ipgre_fill_info,
1641 static struct rtnl_link_ops ipgre_tap_ops __read_mostly = {
1643 .maxtype = IFLA_GRE_MAX,
1644 .policy = ipgre_policy,
1645 .priv_size = sizeof(struct ip_tunnel),
1646 .setup = ipgre_tap_setup,
1647 .validate = ipgre_tap_validate,
1648 .newlink = ipgre_newlink,
1649 .changelink = ipgre_changelink,
1650 .get_size = ipgre_get_size,
1651 .fill_info = ipgre_fill_info,
1655 * And now the modules code and kernel interface.
1658 static int __init ipgre_init(void)
1662 printk(KERN_INFO "GRE over IPv4 tunneling driver\n");
1664 if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
1665 printk(KERN_INFO "ipgre init: can't add protocol\n");
1669 err = register_pernet_gen_device(&ipgre_net_id, &ipgre_net_ops);
1671 goto gen_device_failed;
1673 err = rtnl_link_register(&ipgre_link_ops);
1675 goto rtnl_link_failed;
1677 err = rtnl_link_register(&ipgre_tap_ops);
1679 goto tap_ops_failed;
1685 rtnl_link_unregister(&ipgre_link_ops);
1687 unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
1689 inet_del_protocol(&ipgre_protocol, IPPROTO_GRE);
1693 static void __exit ipgre_fini(void)
1695 rtnl_link_unregister(&ipgre_tap_ops);
1696 rtnl_link_unregister(&ipgre_link_ops);
1697 unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
1698 if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0)
1699 printk(KERN_INFO "ipgre close: can't remove protocol\n");
1702 module_init(ipgre_init);
1703 module_exit(ipgre_fini);
1704 MODULE_LICENSE("GPL");
1705 MODULE_ALIAS_RTNL_LINK("gre");
1706 MODULE_ALIAS_RTNL_LINK("gretap");
git.openpandora.org / pandora-kernel.git / blob