xref: /openbmc/linux/net/ipv4/gre_demux.c (revision bc000245) 
1 /*
2  *	GRE over IPv4 demultiplexer driver
3  *
4  *	Authors: Dmitry Kozlov (xeb@mail.ru)
5  *
6  *	This program is free software; you can redistribute it and/or
7  *	modify it under the terms of the GNU General Public License
8  *	as published by the Free Software Foundation; either version
9  *	2 of the License, or (at your option) any later version.
10  *
11  */
12 
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14 
15 #include <linux/module.h>
16 #include <linux/if.h>
17 #include <linux/icmp.h>
18 #include <linux/kernel.h>
19 #include <linux/kmod.h>
20 #include <linux/skbuff.h>
21 #include <linux/in.h>
22 #include <linux/ip.h>
23 #include <linux/netdevice.h>
24 #include <linux/if_tunnel.h>
25 #include <linux/spinlock.h>
26 #include <net/protocol.h>
27 #include <net/gre.h>
28 
29 #include <net/icmp.h>
30 #include <net/route.h>
31 #include <net/xfrm.h>
32 
33 static const struct gre_protocol __rcu *gre_proto[GREPROTO_MAX] __read_mostly;
34 static struct gre_cisco_protocol __rcu *gre_cisco_proto_list[GRE_IP_PROTO_MAX];
35 
36 int gre_add_protocol(const struct gre_protocol *proto, u8 version)
37 {
38 	if (version >= GREPROTO_MAX)
39 		return -EINVAL;
40 
41 	return (cmpxchg((const struct gre_protocol **)&gre_proto[version], NULL, proto) == NULL) ?
42 		0 : -EBUSY;
43 }
44 EXPORT_SYMBOL_GPL(gre_add_protocol);
45 
46 int gre_del_protocol(const struct gre_protocol *proto, u8 version)
47 {
48 	int ret;
49 
50 	if (version >= GREPROTO_MAX)
51 		return -EINVAL;
52 
53 	ret = (cmpxchg((const struct gre_protocol **)&gre_proto[version], proto, NULL) == proto) ?
54 		0 : -EBUSY;
55 
56 	if (ret)
57 		return ret;
58 
59 	synchronize_rcu();
60 	return 0;
61 }
62 EXPORT_SYMBOL_GPL(gre_del_protocol);
63 
64 void gre_build_header(struct sk_buff *skb, const struct tnl_ptk_info *tpi,
65 		      int hdr_len)
66 {
67 	struct gre_base_hdr *greh;
68 
69 	skb_push(skb, hdr_len);
70 
71 	greh = (struct gre_base_hdr *)skb->data;
72 	greh->flags = tnl_flags_to_gre_flags(tpi->flags);
73 	greh->protocol = tpi->proto;
74 
75 	if (tpi->flags&(TUNNEL_KEY|TUNNEL_CSUM|TUNNEL_SEQ)) {
76 		__be32 *ptr = (__be32 *)(((u8 *)greh) + hdr_len - 4);
77 
78 		if (tpi->flags&TUNNEL_SEQ) {
79 			*ptr = tpi->seq;
80 			ptr--;
81 		}
82 		if (tpi->flags&TUNNEL_KEY) {
83 			*ptr = tpi->key;
84 			ptr--;
85 		}
86 		if (tpi->flags&TUNNEL_CSUM &&
87 		    !(skb_shinfo(skb)->gso_type & SKB_GSO_GRE)) {
88 			*ptr = 0;
89 			*(__sum16 *)ptr = csum_fold(skb_checksum(skb, 0,
90 								 skb->len, 0));
91 		}
92 	}
93 }
94 EXPORT_SYMBOL_GPL(gre_build_header);
95 
96 static __sum16 check_checksum(struct sk_buff *skb)
97 {
98 	__sum16 csum = 0;
99 
100 	switch (skb->ip_summed) {
101 	case CHECKSUM_COMPLETE:
102 		csum = csum_fold(skb->csum);
103 
104 		if (!csum)
105 			break;
106 		/* Fall through. */
107 
108 	case CHECKSUM_NONE:
109 		skb->csum = 0;
110 		csum = __skb_checksum_complete(skb);
111 		skb->ip_summed = CHECKSUM_COMPLETE;
112 		break;
113 	}
114 
115 	return csum;
116 }
117 
118 static int parse_gre_header(struct sk_buff *skb, struct tnl_ptk_info *tpi,
119 			    bool *csum_err)
120 {
121 	unsigned int ip_hlen = ip_hdrlen(skb);
122 	const struct gre_base_hdr *greh;
123 	__be32 *options;
124 	int hdr_len;
125 
126 	if (unlikely(!pskb_may_pull(skb, sizeof(struct gre_base_hdr))))
127 		return -EINVAL;
128 
129 	greh = (struct gre_base_hdr *)(skb_network_header(skb) + ip_hlen);
130 	if (unlikely(greh->flags & (GRE_VERSION | GRE_ROUTING)))
131 		return -EINVAL;
132 
133 	tpi->flags = gre_flags_to_tnl_flags(greh->flags);
134 	hdr_len = ip_gre_calc_hlen(tpi->flags);
135 
136 	if (!pskb_may_pull(skb, hdr_len))
137 		return -EINVAL;
138 
139 	greh = (struct gre_base_hdr *)(skb_network_header(skb) + ip_hlen);
140 	tpi->proto = greh->protocol;
141 
142 	options = (__be32 *)(greh + 1);
143 	if (greh->flags & GRE_CSUM) {
144 		if (check_checksum(skb)) {
145 			*csum_err = true;
146 			return -EINVAL;
147 		}
148 		options++;
149 	}
150 
151 	if (greh->flags & GRE_KEY) {
152 		tpi->key = *options;
153 		options++;
154 	} else
155 		tpi->key = 0;
156 
157 	if (unlikely(greh->flags & GRE_SEQ)) {
158 		tpi->seq = *options;
159 		options++;
160 	} else
161 		tpi->seq = 0;
162 
163 	/* WCCP version 1 and 2 protocol decoding.
164 	 * - Change protocol to IP
165 	 * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header
166 	 */
167 	if (greh->flags == 0 && tpi->proto == htons(ETH_P_WCCP)) {
168 		tpi->proto = htons(ETH_P_IP);
169 		if ((*(u8 *)options & 0xF0) != 0x40) {
170 			hdr_len += 4;
171 			if (!pskb_may_pull(skb, hdr_len))
172 				return -EINVAL;
173 		}
174 	}
175 
176 	return iptunnel_pull_header(skb, hdr_len, tpi->proto);
177 }
178 
179 static int gre_cisco_rcv(struct sk_buff *skb)
180 {
181 	struct tnl_ptk_info tpi;
182 	int i;
183 	bool csum_err = false;
184 
185 	if (parse_gre_header(skb, &tpi, &csum_err) < 0)
186 		goto drop;
187 
188 	rcu_read_lock();
189 	for (i = 0; i < GRE_IP_PROTO_MAX; i++) {
190 		struct gre_cisco_protocol *proto;
191 		int ret;
192 
193 		proto = rcu_dereference(gre_cisco_proto_list[i]);
194 		if (!proto)
195 			continue;
196 		ret = proto->handler(skb, &tpi);
197 		if (ret == PACKET_RCVD) {
198 			rcu_read_unlock();
199 			return 0;
200 		}
201 	}
202 	rcu_read_unlock();
203 
204 	icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
205 drop:
206 	kfree_skb(skb);
207 	return 0;
208 }
209 
210 static void gre_cisco_err(struct sk_buff *skb, u32 info)
211 {
212 	/* All the routers (except for Linux) return only
213 	 * 8 bytes of packet payload. It means, that precise relaying of
214 	 * ICMP in the real Internet is absolutely infeasible.
215 	 *
216 	 * Moreover, Cisco "wise men" put GRE key to the third word
217 	 * in GRE header. It makes impossible maintaining even soft
218 	 * state for keyed
219 	 * GRE tunnels with enabled checksum. Tell them "thank you".
220 	 *
221 	 * Well, I wonder, rfc1812 was written by Cisco employee,
222 	 * what the hell these idiots break standards established
223 	 * by themselves???
224 	 */
225 
226 	const int type = icmp_hdr(skb)->type;
227 	const int code = icmp_hdr(skb)->code;
228 	struct tnl_ptk_info tpi;
229 	bool csum_err = false;
230 	int i;
231 
232 	if (parse_gre_header(skb, &tpi, &csum_err)) {
233 		if (!csum_err)		/* ignore csum errors. */
234 			return;
235 	}
236 
237 	if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
238 		ipv4_update_pmtu(skb, dev_net(skb->dev), info,
239 				skb->dev->ifindex, 0, IPPROTO_GRE, 0);
240 		return;
241 	}
242 	if (type == ICMP_REDIRECT) {
243 		ipv4_redirect(skb, dev_net(skb->dev), skb->dev->ifindex, 0,
244 				IPPROTO_GRE, 0);
245 		return;
246 	}
247 
248 	rcu_read_lock();
249 	for (i = 0; i < GRE_IP_PROTO_MAX; i++) {
250 		struct gre_cisco_protocol *proto;
251 
252 		proto = rcu_dereference(gre_cisco_proto_list[i]);
253 		if (!proto)
254 			continue;
255 
256 		if (proto->err_handler(skb, info, &tpi) == PACKET_RCVD)
257 			goto out;
258 
259 	}
260 out:
261 	rcu_read_unlock();
262 }
263 
264 static int gre_rcv(struct sk_buff *skb)
265 {
266 	const struct gre_protocol *proto;
267 	u8 ver;
268 	int ret;
269 
270 	if (!pskb_may_pull(skb, 12))
271 		goto drop;
272 
273 	ver = skb->data[1]&0x7f;
274 	if (ver >= GREPROTO_MAX)
275 		goto drop;
276 
277 	rcu_read_lock();
278 	proto = rcu_dereference(gre_proto[ver]);
279 	if (!proto || !proto->handler)
280 		goto drop_unlock;
281 	ret = proto->handler(skb);
282 	rcu_read_unlock();
283 	return ret;
284 
285 drop_unlock:
286 	rcu_read_unlock();
287 drop:
288 	kfree_skb(skb);
289 	return NET_RX_DROP;
290 }
291 
292 static void gre_err(struct sk_buff *skb, u32 info)
293 {
294 	const struct gre_protocol *proto;
295 	const struct iphdr *iph = (const struct iphdr *)skb->data;
296 	u8 ver = skb->data[(iph->ihl<<2) + 1]&0x7f;
297 
298 	if (ver >= GREPROTO_MAX)
299 		return;
300 
301 	rcu_read_lock();
302 	proto = rcu_dereference(gre_proto[ver]);
303 	if (proto && proto->err_handler)
304 		proto->err_handler(skb, info);
305 	rcu_read_unlock();
306 }
307 
308 static const struct net_protocol net_gre_protocol = {
309 	.handler     = gre_rcv,
310 	.err_handler = gre_err,
311 	.netns_ok    = 1,
312 };
313 
314 static const struct gre_protocol ipgre_protocol = {
315 	.handler     = gre_cisco_rcv,
316 	.err_handler = gre_cisco_err,
317 };
318 
319 int gre_cisco_register(struct gre_cisco_protocol *newp)
320 {
321 	struct gre_cisco_protocol **proto = (struct gre_cisco_protocol **)
322 					    &gre_cisco_proto_list[newp->priority];
323 
324 	return (cmpxchg(proto, NULL, newp) == NULL) ? 0 : -EBUSY;
325 }
326 EXPORT_SYMBOL_GPL(gre_cisco_register);
327 
328 int gre_cisco_unregister(struct gre_cisco_protocol *del_proto)
329 {
330 	struct gre_cisco_protocol **proto = (struct gre_cisco_protocol **)
331 					    &gre_cisco_proto_list[del_proto->priority];
332 	int ret;
333 
334 	ret = (cmpxchg(proto, del_proto, NULL) == del_proto) ? 0 : -EINVAL;
335 
336 	if (ret)
337 		return ret;
338 
339 	synchronize_net();
340 	return 0;
341 }
342 EXPORT_SYMBOL_GPL(gre_cisco_unregister);
343 
344 static int __init gre_init(void)
345 {
346 	pr_info("GRE over IPv4 demultiplexor driver\n");
347 
348 	if (inet_add_protocol(&net_gre_protocol, IPPROTO_GRE) < 0) {
349 		pr_err("can't add protocol\n");
350 		goto err;
351 	}
352 
353 	if (gre_add_protocol(&ipgre_protocol, GREPROTO_CISCO) < 0) {
354 		pr_info("%s: can't add ipgre handler\n", __func__);
355 		goto err_gre;
356 	}
357 
358 	if (gre_offload_init()) {
359 		pr_err("can't add protocol offload\n");
360 		goto err_gso;
361 	}
362 
363 	return 0;
364 err_gso:
365 	gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
366 err_gre:
367 	inet_del_protocol(&net_gre_protocol, IPPROTO_GRE);
368 err:
369 	return -EAGAIN;
370 }
371 
372 static void __exit gre_exit(void)
373 {
374 	gre_offload_exit();
375 
376 	gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
377 	inet_del_protocol(&net_gre_protocol, IPPROTO_GRE);
378 }
379 
380 module_init(gre_init);
381 module_exit(gre_exit);
382 
383 MODULE_DESCRIPTION("GRE over IPv4 demultiplexer driver");
384 MODULE_AUTHOR("D. Kozlov (xeb@mail.ru)");
385 MODULE_LICENSE("GPL");
386