1 /* 2 * GRE over IPv4 demultiplexer driver 3 * 4 * Authors: Dmitry Kozlov (xeb@mail.ru) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 * 11 */ 12 13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 14 15 #include <linux/module.h> 16 #include <linux/if.h> 17 #include <linux/icmp.h> 18 #include <linux/kernel.h> 19 #include <linux/kmod.h> 20 #include <linux/skbuff.h> 21 #include <linux/in.h> 22 #include <linux/ip.h> 23 #include <linux/netdevice.h> 24 #include <linux/if_tunnel.h> 25 #include <linux/spinlock.h> 26 #include <net/protocol.h> 27 #include <net/gre.h> 28 29 #include <net/icmp.h> 30 #include <net/route.h> 31 #include <net/xfrm.h> 32 33 static const struct gre_protocol __rcu *gre_proto[GREPROTO_MAX] __read_mostly; 34 static struct gre_cisco_protocol __rcu *gre_cisco_proto_list[GRE_IP_PROTO_MAX]; 35 36 int gre_add_protocol(const struct gre_protocol *proto, u8 version) 37 { 38 if (version >= GREPROTO_MAX) 39 return -EINVAL; 40 41 return (cmpxchg((const struct gre_protocol **)&gre_proto[version], NULL, proto) == NULL) ? 42 0 : -EBUSY; 43 } 44 EXPORT_SYMBOL_GPL(gre_add_protocol); 45 46 int gre_del_protocol(const struct gre_protocol *proto, u8 version) 47 { 48 int ret; 49 50 if (version >= GREPROTO_MAX) 51 return -EINVAL; 52 53 ret = (cmpxchg((const struct gre_protocol **)&gre_proto[version], proto, NULL) == proto) ? 54 0 : -EBUSY; 55 56 if (ret) 57 return ret; 58 59 synchronize_rcu(); 60 return 0; 61 } 62 EXPORT_SYMBOL_GPL(gre_del_protocol); 63 64 void gre_build_header(struct sk_buff *skb, const struct tnl_ptk_info *tpi, 65 int hdr_len) 66 { 67 struct gre_base_hdr *greh; 68 69 skb_push(skb, hdr_len); 70 71 greh = (struct gre_base_hdr *)skb->data; 72 greh->flags = tnl_flags_to_gre_flags(tpi->flags); 73 greh->protocol = tpi->proto; 74 75 if (tpi->flags&(TUNNEL_KEY|TUNNEL_CSUM|TUNNEL_SEQ)) { 76 __be32 *ptr = (__be32 *)(((u8 *)greh) + hdr_len - 4); 77 78 if (tpi->flags&TUNNEL_SEQ) { 79 *ptr = tpi->seq; 80 ptr--; 81 } 82 if (tpi->flags&TUNNEL_KEY) { 83 *ptr = tpi->key; 84 ptr--; 85 } 86 if (tpi->flags&TUNNEL_CSUM && 87 !(skb_shinfo(skb)->gso_type & SKB_GSO_GRE)) { 88 *ptr = 0; 89 *(__sum16 *)ptr = csum_fold(skb_checksum(skb, 0, 90 skb->len, 0)); 91 } 92 } 93 } 94 EXPORT_SYMBOL_GPL(gre_build_header); 95 96 static __sum16 check_checksum(struct sk_buff *skb) 97 { 98 __sum16 csum = 0; 99 100 switch (skb->ip_summed) { 101 case CHECKSUM_COMPLETE: 102 csum = csum_fold(skb->csum); 103 104 if (!csum) 105 break; 106 /* Fall through. */ 107 108 case CHECKSUM_NONE: 109 skb->csum = 0; 110 csum = __skb_checksum_complete(skb); 111 skb->ip_summed = CHECKSUM_COMPLETE; 112 break; 113 } 114 115 return csum; 116 } 117 118 static int parse_gre_header(struct sk_buff *skb, struct tnl_ptk_info *tpi, 119 bool *csum_err) 120 { 121 unsigned int ip_hlen = ip_hdrlen(skb); 122 const struct gre_base_hdr *greh; 123 __be32 *options; 124 int hdr_len; 125 126 if (unlikely(!pskb_may_pull(skb, sizeof(struct gre_base_hdr)))) 127 return -EINVAL; 128 129 greh = (struct gre_base_hdr *)(skb_network_header(skb) + ip_hlen); 130 if (unlikely(greh->flags & (GRE_VERSION | GRE_ROUTING))) 131 return -EINVAL; 132 133 tpi->flags = gre_flags_to_tnl_flags(greh->flags); 134 hdr_len = ip_gre_calc_hlen(tpi->flags); 135 136 if (!pskb_may_pull(skb, hdr_len)) 137 return -EINVAL; 138 139 greh = (struct gre_base_hdr *)(skb_network_header(skb) + ip_hlen); 140 tpi->proto = greh->protocol; 141 142 options = (__be32 *)(greh + 1); 143 if (greh->flags & GRE_CSUM) { 144 if (check_checksum(skb)) { 145 *csum_err = true; 146 return -EINVAL; 147 } 148 options++; 149 } 150 151 if (greh->flags & GRE_KEY) { 152 tpi->key = *options; 153 options++; 154 } else 155 tpi->key = 0; 156 157 if (unlikely(greh->flags & GRE_SEQ)) { 158 tpi->seq = *options; 159 options++; 160 } else 161 tpi->seq = 0; 162 163 /* WCCP version 1 and 2 protocol decoding. 164 * - Change protocol to IP 165 * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header 166 */ 167 if (greh->flags == 0 && tpi->proto == htons(ETH_P_WCCP)) { 168 tpi->proto = htons(ETH_P_IP); 169 if ((*(u8 *)options & 0xF0) != 0x40) { 170 hdr_len += 4; 171 if (!pskb_may_pull(skb, hdr_len)) 172 return -EINVAL; 173 } 174 } 175 176 return iptunnel_pull_header(skb, hdr_len, tpi->proto); 177 } 178 179 static int gre_cisco_rcv(struct sk_buff *skb) 180 { 181 struct tnl_ptk_info tpi; 182 int i; 183 bool csum_err = false; 184 185 #ifdef CONFIG_NET_IPGRE_BROADCAST 186 if (ipv4_is_multicast(ip_hdr(skb)->daddr)) { 187 /* Looped back packet, drop it! */ 188 if (rt_is_output_route(skb_rtable(skb))) 189 goto drop; 190 } 191 #endif 192 193 if (parse_gre_header(skb, &tpi, &csum_err) < 0) 194 goto drop; 195 196 rcu_read_lock(); 197 for (i = 0; i < GRE_IP_PROTO_MAX; i++) { 198 struct gre_cisco_protocol *proto; 199 int ret; 200 201 proto = rcu_dereference(gre_cisco_proto_list[i]); 202 if (!proto) 203 continue; 204 ret = proto->handler(skb, &tpi); 205 if (ret == PACKET_RCVD) { 206 rcu_read_unlock(); 207 return 0; 208 } 209 } 210 rcu_read_unlock(); 211 212 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 213 drop: 214 kfree_skb(skb); 215 return 0; 216 } 217 218 static void gre_cisco_err(struct sk_buff *skb, u32 info) 219 { 220 /* All the routers (except for Linux) return only 221 * 8 bytes of packet payload. It means, that precise relaying of 222 * ICMP in the real Internet is absolutely infeasible. 223 * 224 * Moreover, Cisco "wise men" put GRE key to the third word 225 * in GRE header. It makes impossible maintaining even soft 226 * state for keyed 227 * GRE tunnels with enabled checksum. Tell them "thank you". 228 * 229 * Well, I wonder, rfc1812 was written by Cisco employee, 230 * what the hell these idiots break standards established 231 * by themselves??? 232 */ 233 234 const int type = icmp_hdr(skb)->type; 235 const int code = icmp_hdr(skb)->code; 236 struct tnl_ptk_info tpi; 237 bool csum_err = false; 238 int i; 239 240 if (parse_gre_header(skb, &tpi, &csum_err)) { 241 if (!csum_err) /* ignore csum errors. */ 242 return; 243 } 244 245 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { 246 ipv4_update_pmtu(skb, dev_net(skb->dev), info, 247 skb->dev->ifindex, 0, IPPROTO_GRE, 0); 248 return; 249 } 250 if (type == ICMP_REDIRECT) { 251 ipv4_redirect(skb, dev_net(skb->dev), skb->dev->ifindex, 0, 252 IPPROTO_GRE, 0); 253 return; 254 } 255 256 rcu_read_lock(); 257 for (i = 0; i < GRE_IP_PROTO_MAX; i++) { 258 struct gre_cisco_protocol *proto; 259 260 proto = rcu_dereference(gre_cisco_proto_list[i]); 261 if (!proto) 262 continue; 263 264 if (proto->err_handler(skb, info, &tpi) == PACKET_RCVD) 265 goto out; 266 267 } 268 out: 269 rcu_read_unlock(); 270 } 271 272 static int gre_rcv(struct sk_buff *skb) 273 { 274 const struct gre_protocol *proto; 275 u8 ver; 276 int ret; 277 278 if (!pskb_may_pull(skb, 12)) 279 goto drop; 280 281 ver = skb->data[1]&0x7f; 282 if (ver >= GREPROTO_MAX) 283 goto drop; 284 285 rcu_read_lock(); 286 proto = rcu_dereference(gre_proto[ver]); 287 if (!proto || !proto->handler) 288 goto drop_unlock; 289 ret = proto->handler(skb); 290 rcu_read_unlock(); 291 return ret; 292 293 drop_unlock: 294 rcu_read_unlock(); 295 drop: 296 kfree_skb(skb); 297 return NET_RX_DROP; 298 } 299 300 static void gre_err(struct sk_buff *skb, u32 info) 301 { 302 const struct gre_protocol *proto; 303 const struct iphdr *iph = (const struct iphdr *)skb->data; 304 u8 ver = skb->data[(iph->ihl<<2) + 1]&0x7f; 305 306 if (ver >= GREPROTO_MAX) 307 return; 308 309 rcu_read_lock(); 310 proto = rcu_dereference(gre_proto[ver]); 311 if (proto && proto->err_handler) 312 proto->err_handler(skb, info); 313 rcu_read_unlock(); 314 } 315 316 static const struct net_protocol net_gre_protocol = { 317 .handler = gre_rcv, 318 .err_handler = gre_err, 319 .netns_ok = 1, 320 }; 321 322 static const struct gre_protocol ipgre_protocol = { 323 .handler = gre_cisco_rcv, 324 .err_handler = gre_cisco_err, 325 }; 326 327 int gre_cisco_register(struct gre_cisco_protocol *newp) 328 { 329 struct gre_cisco_protocol **proto = (struct gre_cisco_protocol **) 330 &gre_cisco_proto_list[newp->priority]; 331 332 return (cmpxchg(proto, NULL, newp) == NULL) ? 0 : -EBUSY; 333 } 334 EXPORT_SYMBOL_GPL(gre_cisco_register); 335 336 int gre_cisco_unregister(struct gre_cisco_protocol *del_proto) 337 { 338 struct gre_cisco_protocol **proto = (struct gre_cisco_protocol **) 339 &gre_cisco_proto_list[del_proto->priority]; 340 int ret; 341 342 ret = (cmpxchg(proto, del_proto, NULL) == del_proto) ? 0 : -EINVAL; 343 344 if (ret) 345 return ret; 346 347 synchronize_net(); 348 return 0; 349 } 350 EXPORT_SYMBOL_GPL(gre_cisco_unregister); 351 352 static int __init gre_init(void) 353 { 354 pr_info("GRE over IPv4 demultiplexor driver\n"); 355 356 if (inet_add_protocol(&net_gre_protocol, IPPROTO_GRE) < 0) { 357 pr_err("can't add protocol\n"); 358 goto err; 359 } 360 361 if (gre_add_protocol(&ipgre_protocol, GREPROTO_CISCO) < 0) { 362 pr_info("%s: can't add ipgre handler\n", __func__); 363 goto err_gre; 364 } 365 366 return 0; 367 err_gre: 368 inet_del_protocol(&net_gre_protocol, IPPROTO_GRE); 369 err: 370 return -EAGAIN; 371 } 372 373 static void __exit gre_exit(void) 374 { 375 gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO); 376 inet_del_protocol(&net_gre_protocol, IPPROTO_GRE); 377 } 378 379 module_init(gre_init); 380 module_exit(gre_exit); 381 382 MODULE_DESCRIPTION("GRE over IPv4 demultiplexer driver"); 383 MODULE_AUTHOR("D. Kozlov (xeb@mail.ru)"); 384 MODULE_LICENSE("GPL"); 385