1 /* 2 * Linux NET3: IP/IP protocol decoder modified to support 3 * virtual tunnel interface 4 * 5 * Authors: 6 * Saurabh Mohan (saurabh.mohan@vyatta.com) 05/07/2012 7 * 8 * This program is free software; you can redistribute it and/or 9 * modify it under the terms of the GNU General Public License 10 * as published by the Free Software Foundation; either version 11 * 2 of the License, or (at your option) any later version. 12 * 13 */ 14 15 /* 16 This version of net/ipv4/ip_vti.c is cloned of net/ipv4/ipip.c 17 18 For comments look at net/ipv4/ip_gre.c --ANK 19 */ 20 21 22 #include <linux/capability.h> 23 #include <linux/module.h> 24 #include <linux/types.h> 25 #include <linux/kernel.h> 26 #include <linux/uaccess.h> 27 #include <linux/skbuff.h> 28 #include <linux/netdevice.h> 29 #include <linux/in.h> 30 #include <linux/tcp.h> 31 #include <linux/udp.h> 32 #include <linux/if_arp.h> 33 #include <linux/mroute.h> 34 #include <linux/init.h> 35 #include <linux/netfilter_ipv4.h> 36 #include <linux/if_ether.h> 37 38 #include <net/sock.h> 39 #include <net/ip.h> 40 #include <net/icmp.h> 41 #include <net/ip_tunnels.h> 42 #include <net/inet_ecn.h> 43 #include <net/xfrm.h> 44 #include <net/net_namespace.h> 45 #include <net/netns/generic.h> 46 47 #define HASH_SIZE 16 48 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&(HASH_SIZE-1)) 49 50 static struct rtnl_link_ops vti_link_ops __read_mostly; 51 52 static int vti_net_id __read_mostly; 53 struct vti_net { 54 struct ip_tunnel __rcu *tunnels_r_l[HASH_SIZE]; 55 struct ip_tunnel __rcu *tunnels_r[HASH_SIZE]; 56 struct ip_tunnel __rcu *tunnels_l[HASH_SIZE]; 57 struct ip_tunnel __rcu *tunnels_wc[1]; 58 struct ip_tunnel __rcu **tunnels[4]; 59 60 struct net_device *fb_tunnel_dev; 61 }; 62 63 static int vti_fb_tunnel_init(struct net_device *dev); 64 static int vti_tunnel_init(struct net_device *dev); 65 static void vti_tunnel_setup(struct net_device *dev); 66 static void vti_dev_free(struct net_device *dev); 67 static int vti_tunnel_bind_dev(struct net_device *dev); 68 69 #define VTI_XMIT(stats1, stats2) do { \ 70 int err; \ 71 int pkt_len = skb->len; \ 72 err = dst_output(skb); \ 73 if (net_xmit_eval(err) == 0) { \ 74 u64_stats_update_begin(&(stats1)->syncp); \ 75 (stats1)->tx_bytes += pkt_len; \ 76 (stats1)->tx_packets++; \ 77 u64_stats_update_end(&(stats1)->syncp); \ 78 } else { \ 79 (stats2)->tx_errors++; \ 80 (stats2)->tx_aborted_errors++; \ 81 } \ 82 } while (0) 83 84 85 static struct ip_tunnel *vti_tunnel_lookup(struct net *net, 86 __be32 remote, __be32 local) 87 { 88 unsigned h0 = HASH(remote); 89 unsigned h1 = HASH(local); 90 struct ip_tunnel *t; 91 struct vti_net *ipn = net_generic(net, vti_net_id); 92 93 for_each_ip_tunnel_rcu(t, ipn->tunnels_r_l[h0 ^ h1]) 94 if (local == t->parms.iph.saddr && 95 remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP)) 96 return t; 97 for_each_ip_tunnel_rcu(t, ipn->tunnels_r[h0]) 98 if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP)) 99 return t; 100 101 for_each_ip_tunnel_rcu(t, ipn->tunnels_l[h1]) 102 if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP)) 103 return t; 104 105 for_each_ip_tunnel_rcu(t, ipn->tunnels_wc[0]) 106 if (t && (t->dev->flags&IFF_UP)) 107 return t; 108 return NULL; 109 } 110 111 static struct ip_tunnel __rcu **__vti_bucket(struct vti_net *ipn, 112 struct ip_tunnel_parm *parms) 113 { 114 __be32 remote = parms->iph.daddr; 115 __be32 local = parms->iph.saddr; 116 unsigned h = 0; 117 int prio = 0; 118 119 if (remote) { 120 prio |= 2; 121 h ^= HASH(remote); 122 } 123 if (local) { 124 prio |= 1; 125 h ^= HASH(local); 126 } 127 return &ipn->tunnels[prio][h]; 128 } 129 130 static inline struct ip_tunnel __rcu **vti_bucket(struct vti_net *ipn, 131 struct ip_tunnel *t) 132 { 133 return __vti_bucket(ipn, &t->parms); 134 } 135 136 static void vti_tunnel_unlink(struct vti_net *ipn, struct ip_tunnel *t) 137 { 138 struct ip_tunnel __rcu **tp; 139 struct ip_tunnel *iter; 140 141 for (tp = vti_bucket(ipn, t); 142 (iter = rtnl_dereference(*tp)) != NULL; 143 tp = &iter->next) { 144 if (t == iter) { 145 rcu_assign_pointer(*tp, t->next); 146 break; 147 } 148 } 149 } 150 151 static void vti_tunnel_link(struct vti_net *ipn, struct ip_tunnel *t) 152 { 153 struct ip_tunnel __rcu **tp = vti_bucket(ipn, t); 154 155 rcu_assign_pointer(t->next, rtnl_dereference(*tp)); 156 rcu_assign_pointer(*tp, t); 157 } 158 159 static struct ip_tunnel *vti_tunnel_locate(struct net *net, 160 struct ip_tunnel_parm *parms, 161 int create) 162 { 163 __be32 remote = parms->iph.daddr; 164 __be32 local = parms->iph.saddr; 165 struct ip_tunnel *t, *nt; 166 struct ip_tunnel __rcu **tp; 167 struct net_device *dev; 168 char name[IFNAMSIZ]; 169 struct vti_net *ipn = net_generic(net, vti_net_id); 170 171 for (tp = __vti_bucket(ipn, parms); 172 (t = rtnl_dereference(*tp)) != NULL; 173 tp = &t->next) { 174 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) 175 return t; 176 } 177 if (!create) 178 return NULL; 179 180 if (parms->name[0]) 181 strlcpy(name, parms->name, IFNAMSIZ); 182 else 183 strcpy(name, "vti%d"); 184 185 dev = alloc_netdev(sizeof(*t), name, vti_tunnel_setup); 186 if (dev == NULL) 187 return NULL; 188 189 dev_net_set(dev, net); 190 191 nt = netdev_priv(dev); 192 nt->parms = *parms; 193 dev->rtnl_link_ops = &vti_link_ops; 194 195 vti_tunnel_bind_dev(dev); 196 197 if (register_netdevice(dev) < 0) 198 goto failed_free; 199 200 dev_hold(dev); 201 vti_tunnel_link(ipn, nt); 202 return nt; 203 204 failed_free: 205 free_netdev(dev); 206 return NULL; 207 } 208 209 static void vti_tunnel_uninit(struct net_device *dev) 210 { 211 struct net *net = dev_net(dev); 212 struct vti_net *ipn = net_generic(net, vti_net_id); 213 214 vti_tunnel_unlink(ipn, netdev_priv(dev)); 215 dev_put(dev); 216 } 217 218 static int vti_err(struct sk_buff *skb, u32 info) 219 { 220 221 /* All the routers (except for Linux) return only 222 * 8 bytes of packet payload. It means, that precise relaying of 223 * ICMP in the real Internet is absolutely infeasible. 224 */ 225 struct iphdr *iph = (struct iphdr *)skb->data; 226 const int type = icmp_hdr(skb)->type; 227 const int code = icmp_hdr(skb)->code; 228 struct ip_tunnel *t; 229 int err; 230 231 switch (type) { 232 default: 233 case ICMP_PARAMETERPROB: 234 return 0; 235 236 case ICMP_DEST_UNREACH: 237 switch (code) { 238 case ICMP_SR_FAILED: 239 case ICMP_PORT_UNREACH: 240 /* Impossible event. */ 241 return 0; 242 default: 243 /* All others are translated to HOST_UNREACH. */ 244 break; 245 } 246 break; 247 case ICMP_TIME_EXCEEDED: 248 if (code != ICMP_EXC_TTL) 249 return 0; 250 break; 251 } 252 253 err = -ENOENT; 254 255 t = vti_tunnel_lookup(dev_net(skb->dev), iph->daddr, iph->saddr); 256 if (t == NULL) 257 goto out; 258 259 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { 260 ipv4_update_pmtu(skb, dev_net(skb->dev), info, 261 t->parms.link, 0, IPPROTO_IPIP, 0); 262 err = 0; 263 goto out; 264 } 265 266 err = 0; 267 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED) 268 goto out; 269 270 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO)) 271 t->err_count++; 272 else 273 t->err_count = 1; 274 t->err_time = jiffies; 275 out: 276 return err; 277 } 278 279 /* We dont digest the packet therefore let the packet pass */ 280 static int vti_rcv(struct sk_buff *skb) 281 { 282 struct ip_tunnel *tunnel; 283 const struct iphdr *iph = ip_hdr(skb); 284 285 tunnel = vti_tunnel_lookup(dev_net(skb->dev), iph->saddr, iph->daddr); 286 if (tunnel != NULL) { 287 struct pcpu_tstats *tstats; 288 289 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) 290 return -1; 291 292 tstats = this_cpu_ptr(tunnel->dev->tstats); 293 u64_stats_update_begin(&tstats->syncp); 294 tstats->rx_packets++; 295 tstats->rx_bytes += skb->len; 296 u64_stats_update_end(&tstats->syncp); 297 298 skb->mark = 0; 299 secpath_reset(skb); 300 skb->dev = tunnel->dev; 301 return 1; 302 } 303 304 return -1; 305 } 306 307 /* This function assumes it is being called from dev_queue_xmit() 308 * and that skb is filled properly by that function. 309 */ 310 311 static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) 312 { 313 struct ip_tunnel *tunnel = netdev_priv(dev); 314 struct pcpu_tstats *tstats; 315 struct iphdr *tiph = &tunnel->parms.iph; 316 u8 tos; 317 struct rtable *rt; /* Route to the other host */ 318 struct net_device *tdev; /* Device to other host */ 319 struct iphdr *old_iph = ip_hdr(skb); 320 __be32 dst = tiph->daddr; 321 struct flowi4 fl4; 322 323 if (skb->protocol != htons(ETH_P_IP)) 324 goto tx_error; 325 326 tos = old_iph->tos; 327 328 memset(&fl4, 0, sizeof(fl4)); 329 flowi4_init_output(&fl4, tunnel->parms.link, 330 be32_to_cpu(tunnel->parms.i_key), RT_TOS(tos), 331 RT_SCOPE_UNIVERSE, 332 IPPROTO_IPIP, 0, 333 dst, tiph->saddr, 0, 0); 334 rt = ip_route_output_key(dev_net(dev), &fl4); 335 if (IS_ERR(rt)) { 336 dev->stats.tx_carrier_errors++; 337 goto tx_error_icmp; 338 } 339 /* if there is no transform then this tunnel is not functional. 340 * Or if the xfrm is not mode tunnel. 341 */ 342 if (!rt->dst.xfrm || 343 rt->dst.xfrm->props.mode != XFRM_MODE_TUNNEL) { 344 dev->stats.tx_carrier_errors++; 345 goto tx_error_icmp; 346 } 347 tdev = rt->dst.dev; 348 349 if (tdev == dev) { 350 ip_rt_put(rt); 351 dev->stats.collisions++; 352 goto tx_error; 353 } 354 355 if (tunnel->err_count > 0) { 356 if (time_before(jiffies, 357 tunnel->err_time + IPTUNNEL_ERR_TIMEO)) { 358 tunnel->err_count--; 359 dst_link_failure(skb); 360 } else 361 tunnel->err_count = 0; 362 } 363 364 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED | 365 IPSKB_REROUTED); 366 skb_dst_drop(skb); 367 skb_dst_set(skb, &rt->dst); 368 nf_reset(skb); 369 skb->dev = skb_dst(skb)->dev; 370 371 tstats = this_cpu_ptr(dev->tstats); 372 VTI_XMIT(tstats, &dev->stats); 373 return NETDEV_TX_OK; 374 375 tx_error_icmp: 376 dst_link_failure(skb); 377 tx_error: 378 dev->stats.tx_errors++; 379 dev_kfree_skb(skb); 380 return NETDEV_TX_OK; 381 } 382 383 static int vti_tunnel_bind_dev(struct net_device *dev) 384 { 385 struct net_device *tdev = NULL; 386 struct ip_tunnel *tunnel; 387 struct iphdr *iph; 388 389 tunnel = netdev_priv(dev); 390 iph = &tunnel->parms.iph; 391 392 if (iph->daddr) { 393 struct rtable *rt; 394 struct flowi4 fl4; 395 memset(&fl4, 0, sizeof(fl4)); 396 flowi4_init_output(&fl4, tunnel->parms.link, 397 be32_to_cpu(tunnel->parms.i_key), 398 RT_TOS(iph->tos), RT_SCOPE_UNIVERSE, 399 IPPROTO_IPIP, 0, 400 iph->daddr, iph->saddr, 0, 0); 401 rt = ip_route_output_key(dev_net(dev), &fl4); 402 if (!IS_ERR(rt)) { 403 tdev = rt->dst.dev; 404 ip_rt_put(rt); 405 } 406 dev->flags |= IFF_POINTOPOINT; 407 } 408 409 if (!tdev && tunnel->parms.link) 410 tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link); 411 412 if (tdev) { 413 dev->hard_header_len = tdev->hard_header_len + 414 sizeof(struct iphdr); 415 dev->mtu = tdev->mtu; 416 } 417 dev->iflink = tunnel->parms.link; 418 return dev->mtu; 419 } 420 421 static int 422 vti_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) 423 { 424 int err = 0; 425 struct ip_tunnel_parm p; 426 struct ip_tunnel *t; 427 struct net *net = dev_net(dev); 428 struct vti_net *ipn = net_generic(net, vti_net_id); 429 430 switch (cmd) { 431 case SIOCGETTUNNEL: 432 t = NULL; 433 if (dev == ipn->fb_tunnel_dev) { 434 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, 435 sizeof(p))) { 436 err = -EFAULT; 437 break; 438 } 439 t = vti_tunnel_locate(net, &p, 0); 440 } 441 if (t == NULL) 442 t = netdev_priv(dev); 443 memcpy(&p, &t->parms, sizeof(p)); 444 p.i_flags |= GRE_KEY | VTI_ISVTI; 445 p.o_flags |= GRE_KEY; 446 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) 447 err = -EFAULT; 448 break; 449 450 case SIOCADDTUNNEL: 451 case SIOCCHGTUNNEL: 452 err = -EPERM; 453 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 454 goto done; 455 456 err = -EFAULT; 457 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 458 goto done; 459 460 err = -EINVAL; 461 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP || 462 p.iph.ihl != 5) 463 goto done; 464 465 t = vti_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL); 466 467 if (dev != ipn->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) { 468 if (t != NULL) { 469 if (t->dev != dev) { 470 err = -EEXIST; 471 break; 472 } 473 } else { 474 if (((dev->flags&IFF_POINTOPOINT) && 475 !p.iph.daddr) || 476 (!(dev->flags&IFF_POINTOPOINT) && 477 p.iph.daddr)) { 478 err = -EINVAL; 479 break; 480 } 481 t = netdev_priv(dev); 482 vti_tunnel_unlink(ipn, t); 483 synchronize_net(); 484 t->parms.iph.saddr = p.iph.saddr; 485 t->parms.iph.daddr = p.iph.daddr; 486 t->parms.i_key = p.i_key; 487 t->parms.o_key = p.o_key; 488 t->parms.iph.protocol = IPPROTO_IPIP; 489 memcpy(dev->dev_addr, &p.iph.saddr, 4); 490 memcpy(dev->broadcast, &p.iph.daddr, 4); 491 vti_tunnel_link(ipn, t); 492 netdev_state_change(dev); 493 } 494 } 495 496 if (t) { 497 err = 0; 498 if (cmd == SIOCCHGTUNNEL) { 499 t->parms.i_key = p.i_key; 500 t->parms.o_key = p.o_key; 501 if (t->parms.link != p.link) { 502 t->parms.link = p.link; 503 vti_tunnel_bind_dev(dev); 504 netdev_state_change(dev); 505 } 506 } 507 p.i_flags |= GRE_KEY | VTI_ISVTI; 508 p.o_flags |= GRE_KEY; 509 if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, 510 sizeof(p))) 511 err = -EFAULT; 512 } else 513 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT); 514 break; 515 516 case SIOCDELTUNNEL: 517 err = -EPERM; 518 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 519 goto done; 520 521 if (dev == ipn->fb_tunnel_dev) { 522 err = -EFAULT; 523 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, 524 sizeof(p))) 525 goto done; 526 err = -ENOENT; 527 528 t = vti_tunnel_locate(net, &p, 0); 529 if (t == NULL) 530 goto done; 531 err = -EPERM; 532 if (t->dev == ipn->fb_tunnel_dev) 533 goto done; 534 dev = t->dev; 535 } 536 unregister_netdevice(dev); 537 err = 0; 538 break; 539 540 default: 541 err = -EINVAL; 542 } 543 544 done: 545 return err; 546 } 547 548 static int vti_tunnel_change_mtu(struct net_device *dev, int new_mtu) 549 { 550 if (new_mtu < 68 || new_mtu > 0xFFF8) 551 return -EINVAL; 552 dev->mtu = new_mtu; 553 return 0; 554 } 555 556 static const struct net_device_ops vti_netdev_ops = { 557 .ndo_init = vti_tunnel_init, 558 .ndo_uninit = vti_tunnel_uninit, 559 .ndo_start_xmit = vti_tunnel_xmit, 560 .ndo_do_ioctl = vti_tunnel_ioctl, 561 .ndo_change_mtu = vti_tunnel_change_mtu, 562 .ndo_get_stats64 = ip_tunnel_get_stats64, 563 }; 564 565 static void vti_dev_free(struct net_device *dev) 566 { 567 free_percpu(dev->tstats); 568 free_netdev(dev); 569 } 570 571 static void vti_tunnel_setup(struct net_device *dev) 572 { 573 dev->netdev_ops = &vti_netdev_ops; 574 dev->destructor = vti_dev_free; 575 576 dev->type = ARPHRD_TUNNEL; 577 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr); 578 dev->mtu = ETH_DATA_LEN; 579 dev->flags = IFF_NOARP; 580 dev->iflink = 0; 581 dev->addr_len = 4; 582 dev->features |= NETIF_F_NETNS_LOCAL; 583 dev->features |= NETIF_F_LLTX; 584 dev->priv_flags &= ~IFF_XMIT_DST_RELEASE; 585 } 586 587 static int vti_tunnel_init(struct net_device *dev) 588 { 589 struct ip_tunnel *tunnel = netdev_priv(dev); 590 591 tunnel->dev = dev; 592 strcpy(tunnel->parms.name, dev->name); 593 594 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4); 595 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4); 596 597 dev->tstats = alloc_percpu(struct pcpu_tstats); 598 if (!dev->tstats) 599 return -ENOMEM; 600 601 return 0; 602 } 603 604 static int __net_init vti_fb_tunnel_init(struct net_device *dev) 605 { 606 struct ip_tunnel *tunnel = netdev_priv(dev); 607 struct iphdr *iph = &tunnel->parms.iph; 608 struct vti_net *ipn = net_generic(dev_net(dev), vti_net_id); 609 610 tunnel->dev = dev; 611 strcpy(tunnel->parms.name, dev->name); 612 613 iph->version = 4; 614 iph->protocol = IPPROTO_IPIP; 615 iph->ihl = 5; 616 617 dev->tstats = alloc_percpu(struct pcpu_tstats); 618 if (!dev->tstats) 619 return -ENOMEM; 620 621 dev_hold(dev); 622 rcu_assign_pointer(ipn->tunnels_wc[0], tunnel); 623 return 0; 624 } 625 626 static struct xfrm_tunnel vti_handler __read_mostly = { 627 .handler = vti_rcv, 628 .err_handler = vti_err, 629 .priority = 1, 630 }; 631 632 static void vti_destroy_tunnels(struct vti_net *ipn, struct list_head *head) 633 { 634 int prio; 635 636 for (prio = 1; prio < 4; prio++) { 637 int h; 638 for (h = 0; h < HASH_SIZE; h++) { 639 struct ip_tunnel *t; 640 641 t = rtnl_dereference(ipn->tunnels[prio][h]); 642 while (t != NULL) { 643 unregister_netdevice_queue(t->dev, head); 644 t = rtnl_dereference(t->next); 645 } 646 } 647 } 648 } 649 650 static int __net_init vti_init_net(struct net *net) 651 { 652 int err; 653 struct vti_net *ipn = net_generic(net, vti_net_id); 654 655 ipn->tunnels[0] = ipn->tunnels_wc; 656 ipn->tunnels[1] = ipn->tunnels_l; 657 ipn->tunnels[2] = ipn->tunnels_r; 658 ipn->tunnels[3] = ipn->tunnels_r_l; 659 660 ipn->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), 661 "ip_vti0", 662 vti_tunnel_setup); 663 if (!ipn->fb_tunnel_dev) { 664 err = -ENOMEM; 665 goto err_alloc_dev; 666 } 667 dev_net_set(ipn->fb_tunnel_dev, net); 668 669 err = vti_fb_tunnel_init(ipn->fb_tunnel_dev); 670 if (err) 671 goto err_reg_dev; 672 ipn->fb_tunnel_dev->rtnl_link_ops = &vti_link_ops; 673 674 err = register_netdev(ipn->fb_tunnel_dev); 675 if (err) 676 goto err_reg_dev; 677 return 0; 678 679 err_reg_dev: 680 vti_dev_free(ipn->fb_tunnel_dev); 681 err_alloc_dev: 682 /* nothing */ 683 return err; 684 } 685 686 static void __net_exit vti_exit_net(struct net *net) 687 { 688 struct vti_net *ipn = net_generic(net, vti_net_id); 689 LIST_HEAD(list); 690 691 rtnl_lock(); 692 vti_destroy_tunnels(ipn, &list); 693 unregister_netdevice_many(&list); 694 rtnl_unlock(); 695 } 696 697 static struct pernet_operations vti_net_ops = { 698 .init = vti_init_net, 699 .exit = vti_exit_net, 700 .id = &vti_net_id, 701 .size = sizeof(struct vti_net), 702 }; 703 704 static int vti_tunnel_validate(struct nlattr *tb[], struct nlattr *data[]) 705 { 706 return 0; 707 } 708 709 static void vti_netlink_parms(struct nlattr *data[], 710 struct ip_tunnel_parm *parms) 711 { 712 memset(parms, 0, sizeof(*parms)); 713 714 parms->iph.protocol = IPPROTO_IPIP; 715 716 if (!data) 717 return; 718 719 if (data[IFLA_VTI_LINK]) 720 parms->link = nla_get_u32(data[IFLA_VTI_LINK]); 721 722 if (data[IFLA_VTI_IKEY]) 723 parms->i_key = nla_get_be32(data[IFLA_VTI_IKEY]); 724 725 if (data[IFLA_VTI_OKEY]) 726 parms->o_key = nla_get_be32(data[IFLA_VTI_OKEY]); 727 728 if (data[IFLA_VTI_LOCAL]) 729 parms->iph.saddr = nla_get_be32(data[IFLA_VTI_LOCAL]); 730 731 if (data[IFLA_VTI_REMOTE]) 732 parms->iph.daddr = nla_get_be32(data[IFLA_VTI_REMOTE]); 733 734 } 735 736 static int vti_newlink(struct net *src_net, struct net_device *dev, 737 struct nlattr *tb[], struct nlattr *data[]) 738 { 739 struct ip_tunnel *nt; 740 struct net *net = dev_net(dev); 741 struct vti_net *ipn = net_generic(net, vti_net_id); 742 int mtu; 743 int err; 744 745 nt = netdev_priv(dev); 746 vti_netlink_parms(data, &nt->parms); 747 748 if (vti_tunnel_locate(net, &nt->parms, 0)) 749 return -EEXIST; 750 751 mtu = vti_tunnel_bind_dev(dev); 752 if (!tb[IFLA_MTU]) 753 dev->mtu = mtu; 754 755 err = register_netdevice(dev); 756 if (err) 757 goto out; 758 759 dev_hold(dev); 760 vti_tunnel_link(ipn, nt); 761 762 out: 763 return err; 764 } 765 766 static int vti_changelink(struct net_device *dev, struct nlattr *tb[], 767 struct nlattr *data[]) 768 { 769 struct ip_tunnel *t, *nt; 770 struct net *net = dev_net(dev); 771 struct vti_net *ipn = net_generic(net, vti_net_id); 772 struct ip_tunnel_parm p; 773 int mtu; 774 775 if (dev == ipn->fb_tunnel_dev) 776 return -EINVAL; 777 778 nt = netdev_priv(dev); 779 vti_netlink_parms(data, &p); 780 781 t = vti_tunnel_locate(net, &p, 0); 782 783 if (t) { 784 if (t->dev != dev) 785 return -EEXIST; 786 } else { 787 t = nt; 788 789 vti_tunnel_unlink(ipn, t); 790 t->parms.iph.saddr = p.iph.saddr; 791 t->parms.iph.daddr = p.iph.daddr; 792 t->parms.i_key = p.i_key; 793 t->parms.o_key = p.o_key; 794 if (dev->type != ARPHRD_ETHER) { 795 memcpy(dev->dev_addr, &p.iph.saddr, 4); 796 memcpy(dev->broadcast, &p.iph.daddr, 4); 797 } 798 vti_tunnel_link(ipn, t); 799 netdev_state_change(dev); 800 } 801 802 if (t->parms.link != p.link) { 803 t->parms.link = p.link; 804 mtu = vti_tunnel_bind_dev(dev); 805 if (!tb[IFLA_MTU]) 806 dev->mtu = mtu; 807 netdev_state_change(dev); 808 } 809 810 return 0; 811 } 812 813 static size_t vti_get_size(const struct net_device *dev) 814 { 815 return 816 /* IFLA_VTI_LINK */ 817 nla_total_size(4) + 818 /* IFLA_VTI_IKEY */ 819 nla_total_size(4) + 820 /* IFLA_VTI_OKEY */ 821 nla_total_size(4) + 822 /* IFLA_VTI_LOCAL */ 823 nla_total_size(4) + 824 /* IFLA_VTI_REMOTE */ 825 nla_total_size(4) + 826 0; 827 } 828 829 static int vti_fill_info(struct sk_buff *skb, const struct net_device *dev) 830 { 831 struct ip_tunnel *t = netdev_priv(dev); 832 struct ip_tunnel_parm *p = &t->parms; 833 834 nla_put_u32(skb, IFLA_VTI_LINK, p->link); 835 nla_put_be32(skb, IFLA_VTI_IKEY, p->i_key); 836 nla_put_be32(skb, IFLA_VTI_OKEY, p->o_key); 837 nla_put_be32(skb, IFLA_VTI_LOCAL, p->iph.saddr); 838 nla_put_be32(skb, IFLA_VTI_REMOTE, p->iph.daddr); 839 840 return 0; 841 } 842 843 static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = { 844 [IFLA_VTI_LINK] = { .type = NLA_U32 }, 845 [IFLA_VTI_IKEY] = { .type = NLA_U32 }, 846 [IFLA_VTI_OKEY] = { .type = NLA_U32 }, 847 [IFLA_VTI_LOCAL] = { .len = FIELD_SIZEOF(struct iphdr, saddr) }, 848 [IFLA_VTI_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) }, 849 }; 850 851 static struct rtnl_link_ops vti_link_ops __read_mostly = { 852 .kind = "vti", 853 .maxtype = IFLA_VTI_MAX, 854 .policy = vti_policy, 855 .priv_size = sizeof(struct ip_tunnel), 856 .setup = vti_tunnel_setup, 857 .validate = vti_tunnel_validate, 858 .newlink = vti_newlink, 859 .changelink = vti_changelink, 860 .get_size = vti_get_size, 861 .fill_info = vti_fill_info, 862 }; 863 864 static int __init vti_init(void) 865 { 866 int err; 867 868 pr_info("IPv4 over IPSec tunneling driver\n"); 869 870 err = register_pernet_device(&vti_net_ops); 871 if (err < 0) 872 return err; 873 err = xfrm4_mode_tunnel_input_register(&vti_handler); 874 if (err < 0) { 875 unregister_pernet_device(&vti_net_ops); 876 pr_info(KERN_INFO "vti init: can't register tunnel\n"); 877 } 878 879 err = rtnl_link_register(&vti_link_ops); 880 if (err < 0) 881 goto rtnl_link_failed; 882 883 return err; 884 885 rtnl_link_failed: 886 xfrm4_mode_tunnel_input_deregister(&vti_handler); 887 unregister_pernet_device(&vti_net_ops); 888 return err; 889 } 890 891 static void __exit vti_fini(void) 892 { 893 rtnl_link_unregister(&vti_link_ops); 894 if (xfrm4_mode_tunnel_input_deregister(&vti_handler)) 895 pr_info("vti close: can't deregister tunnel\n"); 896 897 unregister_pernet_device(&vti_net_ops); 898 } 899 900 module_init(vti_init); 901 module_exit(vti_fini); 902 MODULE_LICENSE("GPL"); 903 MODULE_ALIAS_RTNL_LINK("vti"); 904 MODULE_ALIAS_NETDEV("ip_vti0"); 905