1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Linux NET3: IP/IP protocol decoder modified to support
4 * virtual tunnel interface
5 *
6 * Authors:
7 * Saurabh Mohan (saurabh.mohan@vyatta.com) 05/07/2012
8 */
9
10 /*
11 This version of net/ipv4/ip_vti.c is cloned of net/ipv4/ipip.c
12
13 For comments look at net/ipv4/ip_gre.c --ANK
14 */
15
16
17 #include <linux/capability.h>
18 #include <linux/module.h>
19 #include <linux/types.h>
20 #include <linux/kernel.h>
21 #include <linux/uaccess.h>
22 #include <linux/skbuff.h>
23 #include <linux/netdevice.h>
24 #include <linux/in.h>
25 #include <linux/tcp.h>
26 #include <linux/udp.h>
27 #include <linux/if_arp.h>
28 #include <linux/init.h>
29 #include <linux/netfilter_ipv4.h>
30 #include <linux/if_ether.h>
31 #include <linux/icmpv6.h>
32
33 #include <net/sock.h>
34 #include <net/ip.h>
35 #include <net/icmp.h>
36 #include <net/ip_tunnels.h>
37 #include <net/inet_ecn.h>
38 #include <net/xfrm.h>
39 #include <net/net_namespace.h>
40 #include <net/netns/generic.h>
41
42 static struct rtnl_link_ops vti_link_ops __read_mostly;
43
44 static unsigned int vti_net_id __read_mostly;
45 static int vti_tunnel_init(struct net_device *dev);
46
vti_input(struct sk_buff * skb,int nexthdr,__be32 spi,int encap_type,bool update_skb_dev)47 static int vti_input(struct sk_buff *skb, int nexthdr, __be32 spi,
48 int encap_type, bool update_skb_dev)
49 {
50 struct ip_tunnel *tunnel;
51 const struct iphdr *iph = ip_hdr(skb);
52 struct net *net = dev_net(skb->dev);
53 struct ip_tunnel_net *itn = net_generic(net, vti_net_id);
54
55 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
56 iph->saddr, iph->daddr, 0);
57 if (tunnel) {
58 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
59 goto drop;
60
61 XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = tunnel;
62
63 if (update_skb_dev)
64 skb->dev = tunnel->dev;
65
66 return xfrm_input(skb, nexthdr, spi, encap_type);
67 }
68
69 return -EINVAL;
70 drop:
71 kfree_skb(skb);
72 return 0;
73 }
74
vti_input_proto(struct sk_buff * skb,int nexthdr,__be32 spi,int encap_type)75 static int vti_input_proto(struct sk_buff *skb, int nexthdr, __be32 spi,
76 int encap_type)
77 {
78 return vti_input(skb, nexthdr, spi, encap_type, false);
79 }
80
vti_rcv(struct sk_buff * skb,__be32 spi,bool update_skb_dev)81 static int vti_rcv(struct sk_buff *skb, __be32 spi, bool update_skb_dev)
82 {
83 XFRM_SPI_SKB_CB(skb)->family = AF_INET;
84 XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
85
86 return vti_input(skb, ip_hdr(skb)->protocol, spi, 0, update_skb_dev);
87 }
88
vti_rcv_proto(struct sk_buff * skb)89 static int vti_rcv_proto(struct sk_buff *skb)
90 {
91 return vti_rcv(skb, 0, false);
92 }
93
vti_rcv_cb(struct sk_buff * skb,int err)94 static int vti_rcv_cb(struct sk_buff *skb, int err)
95 {
96 unsigned short family;
97 struct net_device *dev;
98 struct xfrm_state *x;
99 const struct xfrm_mode *inner_mode;
100 struct ip_tunnel *tunnel = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4;
101 u32 orig_mark = skb->mark;
102 int ret;
103
104 if (!tunnel)
105 return 1;
106
107 dev = tunnel->dev;
108
109 if (err) {
110 DEV_STATS_INC(dev, rx_errors);
111 DEV_STATS_INC(dev, rx_dropped);
112
113 return 0;
114 }
115
116 x = xfrm_input_state(skb);
117
118 inner_mode = &x->inner_mode;
119
120 if (x->sel.family == AF_UNSPEC) {
121 inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
122 if (inner_mode == NULL) {
123 XFRM_INC_STATS(dev_net(skb->dev),
124 LINUX_MIB_XFRMINSTATEMODEERROR);
125 return -EINVAL;
126 }
127 }
128
129 family = inner_mode->family;
130
131 skb->mark = be32_to_cpu(tunnel->parms.i_key);
132 ret = xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family);
133 skb->mark = orig_mark;
134
135 if (!ret)
136 return -EPERM;
137
138 skb_scrub_packet(skb, !net_eq(tunnel->net, dev_net(skb->dev)));
139 skb->dev = dev;
140 dev_sw_netstats_rx_add(dev, skb->len);
141
142 return 0;
143 }
144
vti_state_check(const struct xfrm_state * x,__be32 dst,__be32 src)145 static bool vti_state_check(const struct xfrm_state *x, __be32 dst, __be32 src)
146 {
147 xfrm_address_t *daddr = (xfrm_address_t *)&dst;
148 xfrm_address_t *saddr = (xfrm_address_t *)&src;
149
150 /* if there is no transform then this tunnel is not functional.
151 * Or if the xfrm is not mode tunnel.
152 */
153 if (!x || x->props.mode != XFRM_MODE_TUNNEL ||
154 x->props.family != AF_INET)
155 return false;
156
157 if (!dst)
158 return xfrm_addr_equal(saddr, &x->props.saddr, AF_INET);
159
160 if (!xfrm_state_addr_check(x, daddr, saddr, AF_INET))
161 return false;
162
163 return true;
164 }
165
vti_xmit(struct sk_buff * skb,struct net_device * dev,struct flowi * fl)166 static netdev_tx_t vti_xmit(struct sk_buff *skb, struct net_device *dev,
167 struct flowi *fl)
168 {
169 struct ip_tunnel *tunnel = netdev_priv(dev);
170 struct ip_tunnel_parm *parms = &tunnel->parms;
171 struct dst_entry *dst = skb_dst(skb);
172 struct net_device *tdev; /* Device to other host */
173 int pkt_len = skb->len;
174 int err;
175 int mtu;
176
177 if (!dst) {
178 switch (skb->protocol) {
179 case htons(ETH_P_IP): {
180 struct rtable *rt;
181
182 fl->u.ip4.flowi4_oif = dev->ifindex;
183 fl->u.ip4.flowi4_flags |= FLOWI_FLAG_ANYSRC;
184 rt = __ip_route_output_key(dev_net(dev), &fl->u.ip4);
185 if (IS_ERR(rt)) {
186 DEV_STATS_INC(dev, tx_carrier_errors);
187 goto tx_error_icmp;
188 }
189 dst = &rt->dst;
190 skb_dst_set(skb, dst);
191 break;
192 }
193 #if IS_ENABLED(CONFIG_IPV6)
194 case htons(ETH_P_IPV6):
195 fl->u.ip6.flowi6_oif = dev->ifindex;
196 fl->u.ip6.flowi6_flags |= FLOWI_FLAG_ANYSRC;
197 dst = ip6_route_output(dev_net(dev), NULL, &fl->u.ip6);
198 if (dst->error) {
199 dst_release(dst);
200 dst = NULL;
201 DEV_STATS_INC(dev, tx_carrier_errors);
202 goto tx_error_icmp;
203 }
204 skb_dst_set(skb, dst);
205 break;
206 #endif
207 default:
208 DEV_STATS_INC(dev, tx_carrier_errors);
209 goto tx_error_icmp;
210 }
211 }
212
213 dst_hold(dst);
214 dst = xfrm_lookup_route(tunnel->net, dst, fl, NULL, 0);
215 if (IS_ERR(dst)) {
216 DEV_STATS_INC(dev, tx_carrier_errors);
217 goto tx_error_icmp;
218 }
219
220 if (dst->flags & DST_XFRM_QUEUE)
221 goto xmit;
222
223 if (!vti_state_check(dst->xfrm, parms->iph.daddr, parms->iph.saddr)) {
224 DEV_STATS_INC(dev, tx_carrier_errors);
225 dst_release(dst);
226 goto tx_error_icmp;
227 }
228
229 tdev = dst->dev;
230
231 if (tdev == dev) {
232 dst_release(dst);
233 DEV_STATS_INC(dev, collisions);
234 goto tx_error;
235 }
236
237 mtu = dst_mtu(dst);
238 if (skb->len > mtu) {
239 skb_dst_update_pmtu_no_confirm(skb, mtu);
240 if (skb->protocol == htons(ETH_P_IP)) {
241 if (!(ip_hdr(skb)->frag_off & htons(IP_DF)))
242 goto xmit;
243 icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
244 htonl(mtu));
245 } else {
246 if (mtu < IPV6_MIN_MTU)
247 mtu = IPV6_MIN_MTU;
248
249 icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
250 }
251
252 dst_release(dst);
253 goto tx_error;
254 }
255
256 xmit:
257 skb_scrub_packet(skb, !net_eq(tunnel->net, dev_net(dev)));
258 skb_dst_set(skb, dst);
259 skb->dev = skb_dst(skb)->dev;
260
261 err = dst_output(tunnel->net, skb->sk, skb);
262 if (net_xmit_eval(err) == 0)
263 err = pkt_len;
264 iptunnel_xmit_stats(dev, err);
265 return NETDEV_TX_OK;
266
267 tx_error_icmp:
268 dst_link_failure(skb);
269 tx_error:
270 DEV_STATS_INC(dev, tx_errors);
271 kfree_skb(skb);
272 return NETDEV_TX_OK;
273 }
274
275 /* This function assumes it is being called from dev_queue_xmit()
276 * and that skb is filled properly by that function.
277 */
vti_tunnel_xmit(struct sk_buff * skb,struct net_device * dev)278 static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
279 {
280 struct ip_tunnel *tunnel = netdev_priv(dev);
281 struct flowi fl;
282
283 if (!pskb_inet_may_pull(skb))
284 goto tx_err;
285
286 memset(&fl, 0, sizeof(fl));
287
288 switch (skb->protocol) {
289 case htons(ETH_P_IP):
290 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
291 xfrm_decode_session(skb, &fl, AF_INET);
292 break;
293 case htons(ETH_P_IPV6):
294 memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
295 xfrm_decode_session(skb, &fl, AF_INET6);
296 break;
297 default:
298 goto tx_err;
299 }
300
301 /* override mark with tunnel output key */
302 fl.flowi_mark = be32_to_cpu(tunnel->parms.o_key);
303
304 return vti_xmit(skb, dev, &fl);
305
306 tx_err:
307 DEV_STATS_INC(dev, tx_errors);
308 kfree_skb(skb);
309 return NETDEV_TX_OK;
310 }
311
vti4_err(struct sk_buff * skb,u32 info)312 static int vti4_err(struct sk_buff *skb, u32 info)
313 {
314 __be32 spi;
315 __u32 mark;
316 struct xfrm_state *x;
317 struct ip_tunnel *tunnel;
318 struct ip_esp_hdr *esph;
319 struct ip_auth_hdr *ah ;
320 struct ip_comp_hdr *ipch;
321 struct net *net = dev_net(skb->dev);
322 const struct iphdr *iph = (const struct iphdr *)skb->data;
323 int protocol = iph->protocol;
324 struct ip_tunnel_net *itn = net_generic(net, vti_net_id);
325
326 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
327 iph->daddr, iph->saddr, 0);
328 if (!tunnel)
329 return -1;
330
331 mark = be32_to_cpu(tunnel->parms.o_key);
332
333 switch (protocol) {
334 case IPPROTO_ESP:
335 esph = (struct ip_esp_hdr *)(skb->data+(iph->ihl<<2));
336 spi = esph->spi;
337 break;
338 case IPPROTO_AH:
339 ah = (struct ip_auth_hdr *)(skb->data+(iph->ihl<<2));
340 spi = ah->spi;
341 break;
342 case IPPROTO_COMP:
343 ipch = (struct ip_comp_hdr *)(skb->data+(iph->ihl<<2));
344 spi = htonl(ntohs(ipch->cpi));
345 break;
346 default:
347 return 0;
348 }
349
350 switch (icmp_hdr(skb)->type) {
351 case ICMP_DEST_UNREACH:
352 if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
353 return 0;
354 break;
355 case ICMP_REDIRECT:
356 break;
357 default:
358 return 0;
359 }
360
361 x = xfrm_state_lookup(net, mark, (const xfrm_address_t *)&iph->daddr,
362 spi, protocol, AF_INET);
363 if (!x)
364 return 0;
365
366 if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
367 ipv4_update_pmtu(skb, net, info, 0, protocol);
368 else
369 ipv4_redirect(skb, net, 0, protocol);
370 xfrm_state_put(x);
371
372 return 0;
373 }
374
375 static int
vti_tunnel_ctl(struct net_device * dev,struct ip_tunnel_parm * p,int cmd)376 vti_tunnel_ctl(struct net_device *dev, struct ip_tunnel_parm *p, int cmd)
377 {
378 int err = 0;
379
380 if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
381 if (p->iph.version != 4 || p->iph.protocol != IPPROTO_IPIP ||
382 p->iph.ihl != 5)
383 return -EINVAL;
384 }
385
386 if (!(p->i_flags & GRE_KEY))
387 p->i_key = 0;
388 if (!(p->o_flags & GRE_KEY))
389 p->o_key = 0;
390
391 p->i_flags = VTI_ISVTI;
392
393 err = ip_tunnel_ctl(dev, p, cmd);
394 if (err)
395 return err;
396
397 if (cmd != SIOCDELTUNNEL) {
398 p->i_flags |= GRE_KEY;
399 p->o_flags |= GRE_KEY;
400 }
401 return 0;
402 }
403
404 static const struct net_device_ops vti_netdev_ops = {
405 .ndo_init = vti_tunnel_init,
406 .ndo_uninit = ip_tunnel_uninit,
407 .ndo_start_xmit = vti_tunnel_xmit,
408 .ndo_siocdevprivate = ip_tunnel_siocdevprivate,
409 .ndo_change_mtu = ip_tunnel_change_mtu,
410 .ndo_get_stats64 = dev_get_tstats64,
411 .ndo_get_iflink = ip_tunnel_get_iflink,
412 .ndo_tunnel_ctl = vti_tunnel_ctl,
413 };
414
vti_tunnel_setup(struct net_device * dev)415 static void vti_tunnel_setup(struct net_device *dev)
416 {
417 dev->netdev_ops = &vti_netdev_ops;
418 dev->header_ops = &ip_tunnel_header_ops;
419 dev->type = ARPHRD_TUNNEL;
420 ip_tunnel_setup(dev, vti_net_id);
421 }
422
vti_tunnel_init(struct net_device * dev)423 static int vti_tunnel_init(struct net_device *dev)
424 {
425 struct ip_tunnel *tunnel = netdev_priv(dev);
426 struct iphdr *iph = &tunnel->parms.iph;
427
428 __dev_addr_set(dev, &iph->saddr, 4);
429 memcpy(dev->broadcast, &iph->daddr, 4);
430
431 dev->flags = IFF_NOARP;
432 dev->addr_len = 4;
433 dev->features |= NETIF_F_LLTX;
434 netif_keep_dst(dev);
435
436 return ip_tunnel_init(dev);
437 }
438
vti_fb_tunnel_init(struct net_device * dev)439 static void __net_init vti_fb_tunnel_init(struct net_device *dev)
440 {
441 struct ip_tunnel *tunnel = netdev_priv(dev);
442 struct iphdr *iph = &tunnel->parms.iph;
443
444 iph->version = 4;
445 iph->protocol = IPPROTO_IPIP;
446 iph->ihl = 5;
447 }
448
449 static struct xfrm4_protocol vti_esp4_protocol __read_mostly = {
450 .handler = vti_rcv_proto,
451 .input_handler = vti_input_proto,
452 .cb_handler = vti_rcv_cb,
453 .err_handler = vti4_err,
454 .priority = 100,
455 };
456
457 static struct xfrm4_protocol vti_ah4_protocol __read_mostly = {
458 .handler = vti_rcv_proto,
459 .input_handler = vti_input_proto,
460 .cb_handler = vti_rcv_cb,
461 .err_handler = vti4_err,
462 .priority = 100,
463 };
464
465 static struct xfrm4_protocol vti_ipcomp4_protocol __read_mostly = {
466 .handler = vti_rcv_proto,
467 .input_handler = vti_input_proto,
468 .cb_handler = vti_rcv_cb,
469 .err_handler = vti4_err,
470 .priority = 100,
471 };
472
473 #if IS_ENABLED(CONFIG_INET_XFRM_TUNNEL)
vti_rcv_tunnel(struct sk_buff * skb)474 static int vti_rcv_tunnel(struct sk_buff *skb)
475 {
476 XFRM_SPI_SKB_CB(skb)->family = AF_INET;
477 XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
478
479 return vti_input(skb, IPPROTO_IPIP, ip_hdr(skb)->saddr, 0, false);
480 }
481
482 static struct xfrm_tunnel vti_ipip_handler __read_mostly = {
483 .handler = vti_rcv_tunnel,
484 .cb_handler = vti_rcv_cb,
485 .err_handler = vti4_err,
486 .priority = 0,
487 };
488
489 #if IS_ENABLED(CONFIG_IPV6)
490 static struct xfrm_tunnel vti_ipip6_handler __read_mostly = {
491 .handler = vti_rcv_tunnel,
492 .cb_handler = vti_rcv_cb,
493 .err_handler = vti4_err,
494 .priority = 0,
495 };
496 #endif
497 #endif
498
vti_init_net(struct net * net)499 static int __net_init vti_init_net(struct net *net)
500 {
501 int err;
502 struct ip_tunnel_net *itn;
503
504 err = ip_tunnel_init_net(net, vti_net_id, &vti_link_ops, "ip_vti0");
505 if (err)
506 return err;
507 itn = net_generic(net, vti_net_id);
508 if (itn->fb_tunnel_dev)
509 vti_fb_tunnel_init(itn->fb_tunnel_dev);
510 return 0;
511 }
512
vti_exit_batch_net(struct list_head * list_net)513 static void __net_exit vti_exit_batch_net(struct list_head *list_net)
514 {
515 ip_tunnel_delete_nets(list_net, vti_net_id, &vti_link_ops);
516 }
517
518 static struct pernet_operations vti_net_ops = {
519 .init = vti_init_net,
520 .exit_batch = vti_exit_batch_net,
521 .id = &vti_net_id,
522 .size = sizeof(struct ip_tunnel_net),
523 };
524
vti_tunnel_validate(struct nlattr * tb[],struct nlattr * data[],struct netlink_ext_ack * extack)525 static int vti_tunnel_validate(struct nlattr *tb[], struct nlattr *data[],
526 struct netlink_ext_ack *extack)
527 {
528 return 0;
529 }
530
vti_netlink_parms(struct nlattr * data[],struct ip_tunnel_parm * parms,__u32 * fwmark)531 static void vti_netlink_parms(struct nlattr *data[],
532 struct ip_tunnel_parm *parms,
533 __u32 *fwmark)
534 {
535 memset(parms, 0, sizeof(*parms));
536
537 parms->iph.protocol = IPPROTO_IPIP;
538
539 if (!data)
540 return;
541
542 parms->i_flags = VTI_ISVTI;
543
544 if (data[IFLA_VTI_LINK])
545 parms->link = nla_get_u32(data[IFLA_VTI_LINK]);
546
547 if (data[IFLA_VTI_IKEY])
548 parms->i_key = nla_get_be32(data[IFLA_VTI_IKEY]);
549
550 if (data[IFLA_VTI_OKEY])
551 parms->o_key = nla_get_be32(data[IFLA_VTI_OKEY]);
552
553 if (data[IFLA_VTI_LOCAL])
554 parms->iph.saddr = nla_get_in_addr(data[IFLA_VTI_LOCAL]);
555
556 if (data[IFLA_VTI_REMOTE])
557 parms->iph.daddr = nla_get_in_addr(data[IFLA_VTI_REMOTE]);
558
559 if (data[IFLA_VTI_FWMARK])
560 *fwmark = nla_get_u32(data[IFLA_VTI_FWMARK]);
561 }
562
vti_newlink(struct net * src_net,struct net_device * dev,struct nlattr * tb[],struct nlattr * data[],struct netlink_ext_ack * extack)563 static int vti_newlink(struct net *src_net, struct net_device *dev,
564 struct nlattr *tb[], struct nlattr *data[],
565 struct netlink_ext_ack *extack)
566 {
567 struct ip_tunnel_parm parms;
568 __u32 fwmark = 0;
569
570 vti_netlink_parms(data, &parms, &fwmark);
571 return ip_tunnel_newlink(dev, tb, &parms, fwmark);
572 }
573
vti_changelink(struct net_device * dev,struct nlattr * tb[],struct nlattr * data[],struct netlink_ext_ack * extack)574 static int vti_changelink(struct net_device *dev, struct nlattr *tb[],
575 struct nlattr *data[],
576 struct netlink_ext_ack *extack)
577 {
578 struct ip_tunnel *t = netdev_priv(dev);
579 __u32 fwmark = t->fwmark;
580 struct ip_tunnel_parm p;
581
582 vti_netlink_parms(data, &p, &fwmark);
583 return ip_tunnel_changelink(dev, tb, &p, fwmark);
584 }
585
vti_get_size(const struct net_device * dev)586 static size_t vti_get_size(const struct net_device *dev)
587 {
588 return
589 /* IFLA_VTI_LINK */
590 nla_total_size(4) +
591 /* IFLA_VTI_IKEY */
592 nla_total_size(4) +
593 /* IFLA_VTI_OKEY */
594 nla_total_size(4) +
595 /* IFLA_VTI_LOCAL */
596 nla_total_size(4) +
597 /* IFLA_VTI_REMOTE */
598 nla_total_size(4) +
599 /* IFLA_VTI_FWMARK */
600 nla_total_size(4) +
601 0;
602 }
603
vti_fill_info(struct sk_buff * skb,const struct net_device * dev)604 static int vti_fill_info(struct sk_buff *skb, const struct net_device *dev)
605 {
606 struct ip_tunnel *t = netdev_priv(dev);
607 struct ip_tunnel_parm *p = &t->parms;
608
609 if (nla_put_u32(skb, IFLA_VTI_LINK, p->link) ||
610 nla_put_be32(skb, IFLA_VTI_IKEY, p->i_key) ||
611 nla_put_be32(skb, IFLA_VTI_OKEY, p->o_key) ||
612 nla_put_in_addr(skb, IFLA_VTI_LOCAL, p->iph.saddr) ||
613 nla_put_in_addr(skb, IFLA_VTI_REMOTE, p->iph.daddr) ||
614 nla_put_u32(skb, IFLA_VTI_FWMARK, t->fwmark))
615 return -EMSGSIZE;
616
617 return 0;
618 }
619
620 static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = {
621 [IFLA_VTI_LINK] = { .type = NLA_U32 },
622 [IFLA_VTI_IKEY] = { .type = NLA_U32 },
623 [IFLA_VTI_OKEY] = { .type = NLA_U32 },
624 [IFLA_VTI_LOCAL] = { .len = sizeof_field(struct iphdr, saddr) },
625 [IFLA_VTI_REMOTE] = { .len = sizeof_field(struct iphdr, daddr) },
626 [IFLA_VTI_FWMARK] = { .type = NLA_U32 },
627 };
628
629 static struct rtnl_link_ops vti_link_ops __read_mostly = {
630 .kind = "vti",
631 .maxtype = IFLA_VTI_MAX,
632 .policy = vti_policy,
633 .priv_size = sizeof(struct ip_tunnel),
634 .setup = vti_tunnel_setup,
635 .validate = vti_tunnel_validate,
636 .newlink = vti_newlink,
637 .changelink = vti_changelink,
638 .dellink = ip_tunnel_dellink,
639 .get_size = vti_get_size,
640 .fill_info = vti_fill_info,
641 .get_link_net = ip_tunnel_get_link_net,
642 };
643
vti_init(void)644 static int __init vti_init(void)
645 {
646 const char *msg;
647 int err;
648
649 pr_info("IPv4 over IPsec tunneling driver\n");
650
651 msg = "tunnel device";
652 err = register_pernet_device(&vti_net_ops);
653 if (err < 0)
654 goto pernet_dev_failed;
655
656 msg = "tunnel protocols";
657 err = xfrm4_protocol_register(&vti_esp4_protocol, IPPROTO_ESP);
658 if (err < 0)
659 goto xfrm_proto_esp_failed;
660 err = xfrm4_protocol_register(&vti_ah4_protocol, IPPROTO_AH);
661 if (err < 0)
662 goto xfrm_proto_ah_failed;
663 err = xfrm4_protocol_register(&vti_ipcomp4_protocol, IPPROTO_COMP);
664 if (err < 0)
665 goto xfrm_proto_comp_failed;
666
667 #if IS_ENABLED(CONFIG_INET_XFRM_TUNNEL)
668 msg = "ipip tunnel";
669 err = xfrm4_tunnel_register(&vti_ipip_handler, AF_INET);
670 if (err < 0)
671 goto xfrm_tunnel_ipip_failed;
672 #if IS_ENABLED(CONFIG_IPV6)
673 err = xfrm4_tunnel_register(&vti_ipip6_handler, AF_INET6);
674 if (err < 0)
675 goto xfrm_tunnel_ipip6_failed;
676 #endif
677 #endif
678
679 msg = "netlink interface";
680 err = rtnl_link_register(&vti_link_ops);
681 if (err < 0)
682 goto rtnl_link_failed;
683
684 return err;
685
686 rtnl_link_failed:
687 #if IS_ENABLED(CONFIG_INET_XFRM_TUNNEL)
688 #if IS_ENABLED(CONFIG_IPV6)
689 xfrm4_tunnel_deregister(&vti_ipip6_handler, AF_INET6);
690 xfrm_tunnel_ipip6_failed:
691 #endif
692 xfrm4_tunnel_deregister(&vti_ipip_handler, AF_INET);
693 xfrm_tunnel_ipip_failed:
694 #endif
695 xfrm4_protocol_deregister(&vti_ipcomp4_protocol, IPPROTO_COMP);
696 xfrm_proto_comp_failed:
697 xfrm4_protocol_deregister(&vti_ah4_protocol, IPPROTO_AH);
698 xfrm_proto_ah_failed:
699 xfrm4_protocol_deregister(&vti_esp4_protocol, IPPROTO_ESP);
700 xfrm_proto_esp_failed:
701 unregister_pernet_device(&vti_net_ops);
702 pernet_dev_failed:
703 pr_err("vti init: failed to register %s\n", msg);
704 return err;
705 }
706
vti_fini(void)707 static void __exit vti_fini(void)
708 {
709 rtnl_link_unregister(&vti_link_ops);
710 #if IS_ENABLED(CONFIG_INET_XFRM_TUNNEL)
711 #if IS_ENABLED(CONFIG_IPV6)
712 xfrm4_tunnel_deregister(&vti_ipip6_handler, AF_INET6);
713 #endif
714 xfrm4_tunnel_deregister(&vti_ipip_handler, AF_INET);
715 #endif
716 xfrm4_protocol_deregister(&vti_ipcomp4_protocol, IPPROTO_COMP);
717 xfrm4_protocol_deregister(&vti_ah4_protocol, IPPROTO_AH);
718 xfrm4_protocol_deregister(&vti_esp4_protocol, IPPROTO_ESP);
719 unregister_pernet_device(&vti_net_ops);
720 }
721
722 module_init(vti_init);
723 module_exit(vti_fini);
724 MODULE_LICENSE("GPL");
725 MODULE_ALIAS_RTNL_LINK("vti");
726 MODULE_ALIAS_NETDEV("ip_vti0");
727