1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Linux NET3: IP/IP protocol decoder. 4 * 5 * Authors: 6 * Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95 7 * 8 * Fixes: 9 * Alan Cox : Merged and made usable non modular (its so tiny its silly as 10 * a module taking up 2 pages). 11 * Alan Cox : Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph) 12 * to keep ip_forward happy. 13 * Alan Cox : More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8). 14 * Kai Schulte : Fixed #defines for IP_FIREWALL->FIREWALL 15 * David Woodhouse : Perform some basic ICMP handling. 16 * IPIP Routing without decapsulation. 17 * Carlos Picoto : GRE over IP support 18 * Alexey Kuznetsov: Reworked. Really, now it is truncated version of ipv4/ip_gre.c. 19 * I do not want to merge them together. 20 */ 21 22 /* tunnel.c: an IP tunnel driver 23 24 The purpose of this driver is to provide an IP tunnel through 25 which you can tunnel network traffic transparently across subnets. 26 27 This was written by looking at Nick Holloway's dummy driver 28 Thanks for the great code! 29 30 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95 31 32 Minor tweaks: 33 Cleaned up the code a little and added some pre-1.3.0 tweaks. 34 dev->hard_header/hard_header_len changed to use no headers. 35 Comments/bracketing tweaked. 36 Made the tunnels use dev->name not tunnel: when error reporting. 37 Added tx_dropped stat 38 39 -Alan Cox (alan@lxorguk.ukuu.org.uk) 21 March 95 40 41 Reworked: 42 Changed to tunnel to destination gateway in addition to the 43 tunnel's pointopoint address 44 Almost completely rewritten 45 Note: There is currently no firewall or ICMP handling done. 46 47 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/13/96 48 49 */ 50 51 /* Things I wish I had known when writing the tunnel driver: 52 53 When the tunnel_xmit() function is called, the skb contains the 54 packet to be sent (plus a great deal of extra info), and dev 55 contains the tunnel device that _we_ are. 56 57 When we are passed a packet, we are expected to fill in the 58 source address with our source IP address. 59 60 What is the proper way to allocate, copy and free a buffer? 61 After you allocate it, it is a "0 length" chunk of memory 62 starting at zero. If you want to add headers to the buffer 63 later, you'll have to call "skb_reserve(skb, amount)" with 64 the amount of memory you want reserved. Then, you call 65 "skb_put(skb, amount)" with the amount of space you want in 66 the buffer. skb_put() returns a pointer to the top (#0) of 67 that buffer. skb->len is set to the amount of space you have 68 "allocated" with skb_put(). You can then write up to skb->len 69 bytes to that buffer. If you need more, you can call skb_put() 70 again with the additional amount of space you need. You can 71 find out how much more space you can allocate by calling 72 "skb_tailroom(skb)". 73 Now, to add header space, call "skb_push(skb, header_len)". 74 This creates space at the beginning of the buffer and returns 75 a pointer to this new space. If later you need to strip a 76 header from a buffer, call "skb_pull(skb, header_len)". 77 skb_headroom() will return how much space is left at the top 78 of the buffer (before the main data). Remember, this headroom 79 space must be reserved before the skb_put() function is called. 80 */ 81 82 /* 83 This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c 84 85 For comments look at net/ipv4/ip_gre.c --ANK 86 */ 87 88 89 #include <linux/capability.h> 90 #include <linux/module.h> 91 #include <linux/types.h> 92 #include <linux/kernel.h> 93 #include <linux/slab.h> 94 #include <linux/uaccess.h> 95 #include <linux/skbuff.h> 96 #include <linux/netdevice.h> 97 #include <linux/in.h> 98 #include <linux/tcp.h> 99 #include <linux/udp.h> 100 #include <linux/if_arp.h> 101 #include <linux/init.h> 102 #include <linux/netfilter_ipv4.h> 103 #include <linux/if_ether.h> 104 105 #include <net/sock.h> 106 #include <net/ip.h> 107 #include <net/icmp.h> 108 #include <net/ip_tunnels.h> 109 #include <net/inet_ecn.h> 110 #include <net/xfrm.h> 111 #include <net/net_namespace.h> 112 #include <net/netns/generic.h> 113 #include <net/dst_metadata.h> 114 115 static bool log_ecn_error = true; 116 module_param(log_ecn_error, bool, 0644); 117 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN"); 118 119 static unsigned int ipip_net_id __read_mostly; 120 121 static int ipip_tunnel_init(struct net_device *dev); 122 static struct rtnl_link_ops ipip_link_ops __read_mostly; 123 124 static int ipip_err(struct sk_buff *skb, u32 info) 125 { 126 /* All the routers (except for Linux) return only 127 * 8 bytes of packet payload. It means, that precise relaying of 128 * ICMP in the real Internet is absolutely infeasible. 129 */ 130 struct net *net = dev_net(skb->dev); 131 struct ip_tunnel_net *itn = net_generic(net, ipip_net_id); 132 const struct iphdr *iph = (const struct iphdr *)skb->data; 133 const int type = icmp_hdr(skb)->type; 134 const int code = icmp_hdr(skb)->code; 135 struct ip_tunnel *t; 136 int err = 0; 137 138 t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY, 139 iph->daddr, iph->saddr, 0); 140 if (!t) { 141 err = -ENOENT; 142 goto out; 143 } 144 145 switch (type) { 146 case ICMP_DEST_UNREACH: 147 switch (code) { 148 case ICMP_SR_FAILED: 149 /* Impossible event. */ 150 goto out; 151 default: 152 /* All others are translated to HOST_UNREACH. 153 * rfc2003 contains "deep thoughts" about NET_UNREACH, 154 * I believe they are just ether pollution. --ANK 155 */ 156 break; 157 } 158 break; 159 160 case ICMP_TIME_EXCEEDED: 161 if (code != ICMP_EXC_TTL) 162 goto out; 163 break; 164 165 case ICMP_REDIRECT: 166 break; 167 168 default: 169 goto out; 170 } 171 172 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { 173 ipv4_update_pmtu(skb, net, info, t->parms.link, iph->protocol); 174 goto out; 175 } 176 177 if (type == ICMP_REDIRECT) { 178 ipv4_redirect(skb, net, t->parms.link, iph->protocol); 179 goto out; 180 } 181 182 if (t->parms.iph.daddr == 0) { 183 err = -ENOENT; 184 goto out; 185 } 186 187 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED) 188 goto out; 189 190 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO)) 191 t->err_count++; 192 else 193 t->err_count = 1; 194 t->err_time = jiffies; 195 196 out: 197 return err; 198 } 199 200 static const struct tnl_ptk_info ipip_tpi = { 201 /* no tunnel info required for ipip. */ 202 .proto = htons(ETH_P_IP), 203 }; 204 205 #if IS_ENABLED(CONFIG_MPLS) 206 static const struct tnl_ptk_info mplsip_tpi = { 207 /* no tunnel info required for mplsip. */ 208 .proto = htons(ETH_P_MPLS_UC), 209 }; 210 #endif 211 212 static int ipip_tunnel_rcv(struct sk_buff *skb, u8 ipproto) 213 { 214 struct net *net = dev_net(skb->dev); 215 struct ip_tunnel_net *itn = net_generic(net, ipip_net_id); 216 struct metadata_dst *tun_dst = NULL; 217 struct ip_tunnel *tunnel; 218 const struct iphdr *iph; 219 220 iph = ip_hdr(skb); 221 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY, 222 iph->saddr, iph->daddr, 0); 223 if (tunnel) { 224 const struct tnl_ptk_info *tpi; 225 226 if (tunnel->parms.iph.protocol != ipproto && 227 tunnel->parms.iph.protocol != 0) 228 goto drop; 229 230 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) 231 goto drop; 232 #if IS_ENABLED(CONFIG_MPLS) 233 if (ipproto == IPPROTO_MPLS) 234 tpi = &mplsip_tpi; 235 else 236 #endif 237 tpi = &ipip_tpi; 238 if (iptunnel_pull_header(skb, 0, tpi->proto, false)) 239 goto drop; 240 if (tunnel->collect_md) { 241 tun_dst = ip_tun_rx_dst(skb, 0, 0, 0); 242 if (!tun_dst) 243 return 0; 244 } 245 return ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error); 246 } 247 248 return -1; 249 250 drop: 251 kfree_skb(skb); 252 return 0; 253 } 254 255 static int ipip_rcv(struct sk_buff *skb) 256 { 257 return ipip_tunnel_rcv(skb, IPPROTO_IPIP); 258 } 259 260 #if IS_ENABLED(CONFIG_MPLS) 261 static int mplsip_rcv(struct sk_buff *skb) 262 { 263 return ipip_tunnel_rcv(skb, IPPROTO_MPLS); 264 } 265 #endif 266 267 /* 268 * This function assumes it is being called from dev_queue_xmit() 269 * and that skb is filled properly by that function. 270 */ 271 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, 272 struct net_device *dev) 273 { 274 struct ip_tunnel *tunnel = netdev_priv(dev); 275 const struct iphdr *tiph = &tunnel->parms.iph; 276 u8 ipproto; 277 278 if (!pskb_inet_may_pull(skb)) 279 goto tx_error; 280 281 switch (skb->protocol) { 282 case htons(ETH_P_IP): 283 ipproto = IPPROTO_IPIP; 284 break; 285 #if IS_ENABLED(CONFIG_MPLS) 286 case htons(ETH_P_MPLS_UC): 287 ipproto = IPPROTO_MPLS; 288 break; 289 #endif 290 default: 291 goto tx_error; 292 } 293 294 if (tiph->protocol != ipproto && tiph->protocol != 0) 295 goto tx_error; 296 297 if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP4)) 298 goto tx_error; 299 300 skb_set_inner_ipproto(skb, ipproto); 301 302 if (tunnel->collect_md) 303 ip_md_tunnel_xmit(skb, dev, ipproto, 0); 304 else 305 ip_tunnel_xmit(skb, dev, tiph, ipproto); 306 return NETDEV_TX_OK; 307 308 tx_error: 309 kfree_skb(skb); 310 311 dev->stats.tx_errors++; 312 return NETDEV_TX_OK; 313 } 314 315 static bool ipip_tunnel_ioctl_verify_protocol(u8 ipproto) 316 { 317 switch (ipproto) { 318 case 0: 319 case IPPROTO_IPIP: 320 #if IS_ENABLED(CONFIG_MPLS) 321 case IPPROTO_MPLS: 322 #endif 323 return true; 324 } 325 326 return false; 327 } 328 329 static int 330 ipip_tunnel_ctl(struct net_device *dev, struct ip_tunnel_parm *p, int cmd) 331 { 332 if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) { 333 if (p->iph.version != 4 || 334 !ipip_tunnel_ioctl_verify_protocol(p->iph.protocol) || 335 p->iph.ihl != 5 || (p->iph.frag_off & htons(~IP_DF))) 336 return -EINVAL; 337 } 338 339 p->i_key = p->o_key = 0; 340 p->i_flags = p->o_flags = 0; 341 return ip_tunnel_ctl(dev, p, cmd); 342 } 343 344 static const struct net_device_ops ipip_netdev_ops = { 345 .ndo_init = ipip_tunnel_init, 346 .ndo_uninit = ip_tunnel_uninit, 347 .ndo_start_xmit = ipip_tunnel_xmit, 348 .ndo_do_ioctl = ip_tunnel_ioctl, 349 .ndo_change_mtu = ip_tunnel_change_mtu, 350 .ndo_get_stats64 = ip_tunnel_get_stats64, 351 .ndo_get_iflink = ip_tunnel_get_iflink, 352 .ndo_tunnel_ctl = ipip_tunnel_ctl, 353 }; 354 355 #define IPIP_FEATURES (NETIF_F_SG | \ 356 NETIF_F_FRAGLIST | \ 357 NETIF_F_HIGHDMA | \ 358 NETIF_F_GSO_SOFTWARE | \ 359 NETIF_F_HW_CSUM) 360 361 static void ipip_tunnel_setup(struct net_device *dev) 362 { 363 dev->netdev_ops = &ipip_netdev_ops; 364 365 dev->type = ARPHRD_TUNNEL; 366 dev->flags = IFF_NOARP; 367 dev->addr_len = 4; 368 dev->features |= NETIF_F_LLTX; 369 netif_keep_dst(dev); 370 371 dev->features |= IPIP_FEATURES; 372 dev->hw_features |= IPIP_FEATURES; 373 ip_tunnel_setup(dev, ipip_net_id); 374 } 375 376 static int ipip_tunnel_init(struct net_device *dev) 377 { 378 struct ip_tunnel *tunnel = netdev_priv(dev); 379 380 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4); 381 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4); 382 383 tunnel->tun_hlen = 0; 384 tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen; 385 return ip_tunnel_init(dev); 386 } 387 388 static int ipip_tunnel_validate(struct nlattr *tb[], struct nlattr *data[], 389 struct netlink_ext_ack *extack) 390 { 391 u8 proto; 392 393 if (!data || !data[IFLA_IPTUN_PROTO]) 394 return 0; 395 396 proto = nla_get_u8(data[IFLA_IPTUN_PROTO]); 397 if (proto != IPPROTO_IPIP && proto != IPPROTO_MPLS && proto != 0) 398 return -EINVAL; 399 400 return 0; 401 } 402 403 static void ipip_netlink_parms(struct nlattr *data[], 404 struct ip_tunnel_parm *parms, bool *collect_md, 405 __u32 *fwmark) 406 { 407 memset(parms, 0, sizeof(*parms)); 408 409 parms->iph.version = 4; 410 parms->iph.protocol = IPPROTO_IPIP; 411 parms->iph.ihl = 5; 412 *collect_md = false; 413 414 if (!data) 415 return; 416 417 if (data[IFLA_IPTUN_LINK]) 418 parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]); 419 420 if (data[IFLA_IPTUN_LOCAL]) 421 parms->iph.saddr = nla_get_in_addr(data[IFLA_IPTUN_LOCAL]); 422 423 if (data[IFLA_IPTUN_REMOTE]) 424 parms->iph.daddr = nla_get_in_addr(data[IFLA_IPTUN_REMOTE]); 425 426 if (data[IFLA_IPTUN_TTL]) { 427 parms->iph.ttl = nla_get_u8(data[IFLA_IPTUN_TTL]); 428 if (parms->iph.ttl) 429 parms->iph.frag_off = htons(IP_DF); 430 } 431 432 if (data[IFLA_IPTUN_TOS]) 433 parms->iph.tos = nla_get_u8(data[IFLA_IPTUN_TOS]); 434 435 if (data[IFLA_IPTUN_PROTO]) 436 parms->iph.protocol = nla_get_u8(data[IFLA_IPTUN_PROTO]); 437 438 if (!data[IFLA_IPTUN_PMTUDISC] || nla_get_u8(data[IFLA_IPTUN_PMTUDISC])) 439 parms->iph.frag_off = htons(IP_DF); 440 441 if (data[IFLA_IPTUN_COLLECT_METADATA]) 442 *collect_md = true; 443 444 if (data[IFLA_IPTUN_FWMARK]) 445 *fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]); 446 } 447 448 /* This function returns true when ENCAP attributes are present in the nl msg */ 449 static bool ipip_netlink_encap_parms(struct nlattr *data[], 450 struct ip_tunnel_encap *ipencap) 451 { 452 bool ret = false; 453 454 memset(ipencap, 0, sizeof(*ipencap)); 455 456 if (!data) 457 return ret; 458 459 if (data[IFLA_IPTUN_ENCAP_TYPE]) { 460 ret = true; 461 ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]); 462 } 463 464 if (data[IFLA_IPTUN_ENCAP_FLAGS]) { 465 ret = true; 466 ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]); 467 } 468 469 if (data[IFLA_IPTUN_ENCAP_SPORT]) { 470 ret = true; 471 ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]); 472 } 473 474 if (data[IFLA_IPTUN_ENCAP_DPORT]) { 475 ret = true; 476 ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]); 477 } 478 479 return ret; 480 } 481 482 static int ipip_newlink(struct net *src_net, struct net_device *dev, 483 struct nlattr *tb[], struct nlattr *data[], 484 struct netlink_ext_ack *extack) 485 { 486 struct ip_tunnel *t = netdev_priv(dev); 487 struct ip_tunnel_parm p; 488 struct ip_tunnel_encap ipencap; 489 __u32 fwmark = 0; 490 491 if (ipip_netlink_encap_parms(data, &ipencap)) { 492 int err = ip_tunnel_encap_setup(t, &ipencap); 493 494 if (err < 0) 495 return err; 496 } 497 498 ipip_netlink_parms(data, &p, &t->collect_md, &fwmark); 499 return ip_tunnel_newlink(dev, tb, &p, fwmark); 500 } 501 502 static int ipip_changelink(struct net_device *dev, struct nlattr *tb[], 503 struct nlattr *data[], 504 struct netlink_ext_ack *extack) 505 { 506 struct ip_tunnel *t = netdev_priv(dev); 507 struct ip_tunnel_parm p; 508 struct ip_tunnel_encap ipencap; 509 bool collect_md; 510 __u32 fwmark = t->fwmark; 511 512 if (ipip_netlink_encap_parms(data, &ipencap)) { 513 int err = ip_tunnel_encap_setup(t, &ipencap); 514 515 if (err < 0) 516 return err; 517 } 518 519 ipip_netlink_parms(data, &p, &collect_md, &fwmark); 520 if (collect_md) 521 return -EINVAL; 522 523 if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) || 524 (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr)) 525 return -EINVAL; 526 527 return ip_tunnel_changelink(dev, tb, &p, fwmark); 528 } 529 530 static size_t ipip_get_size(const struct net_device *dev) 531 { 532 return 533 /* IFLA_IPTUN_LINK */ 534 nla_total_size(4) + 535 /* IFLA_IPTUN_LOCAL */ 536 nla_total_size(4) + 537 /* IFLA_IPTUN_REMOTE */ 538 nla_total_size(4) + 539 /* IFLA_IPTUN_TTL */ 540 nla_total_size(1) + 541 /* IFLA_IPTUN_TOS */ 542 nla_total_size(1) + 543 /* IFLA_IPTUN_PROTO */ 544 nla_total_size(1) + 545 /* IFLA_IPTUN_PMTUDISC */ 546 nla_total_size(1) + 547 /* IFLA_IPTUN_ENCAP_TYPE */ 548 nla_total_size(2) + 549 /* IFLA_IPTUN_ENCAP_FLAGS */ 550 nla_total_size(2) + 551 /* IFLA_IPTUN_ENCAP_SPORT */ 552 nla_total_size(2) + 553 /* IFLA_IPTUN_ENCAP_DPORT */ 554 nla_total_size(2) + 555 /* IFLA_IPTUN_COLLECT_METADATA */ 556 nla_total_size(0) + 557 /* IFLA_IPTUN_FWMARK */ 558 nla_total_size(4) + 559 0; 560 } 561 562 static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev) 563 { 564 struct ip_tunnel *tunnel = netdev_priv(dev); 565 struct ip_tunnel_parm *parm = &tunnel->parms; 566 567 if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) || 568 nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) || 569 nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) || 570 nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) || 571 nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) || 572 nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->iph.protocol) || 573 nla_put_u8(skb, IFLA_IPTUN_PMTUDISC, 574 !!(parm->iph.frag_off & htons(IP_DF))) || 575 nla_put_u32(skb, IFLA_IPTUN_FWMARK, tunnel->fwmark)) 576 goto nla_put_failure; 577 578 if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE, 579 tunnel->encap.type) || 580 nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT, 581 tunnel->encap.sport) || 582 nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT, 583 tunnel->encap.dport) || 584 nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS, 585 tunnel->encap.flags)) 586 goto nla_put_failure; 587 588 if (tunnel->collect_md) 589 if (nla_put_flag(skb, IFLA_IPTUN_COLLECT_METADATA)) 590 goto nla_put_failure; 591 return 0; 592 593 nla_put_failure: 594 return -EMSGSIZE; 595 } 596 597 static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = { 598 [IFLA_IPTUN_LINK] = { .type = NLA_U32 }, 599 [IFLA_IPTUN_LOCAL] = { .type = NLA_U32 }, 600 [IFLA_IPTUN_REMOTE] = { .type = NLA_U32 }, 601 [IFLA_IPTUN_TTL] = { .type = NLA_U8 }, 602 [IFLA_IPTUN_TOS] = { .type = NLA_U8 }, 603 [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, 604 [IFLA_IPTUN_PMTUDISC] = { .type = NLA_U8 }, 605 [IFLA_IPTUN_ENCAP_TYPE] = { .type = NLA_U16 }, 606 [IFLA_IPTUN_ENCAP_FLAGS] = { .type = NLA_U16 }, 607 [IFLA_IPTUN_ENCAP_SPORT] = { .type = NLA_U16 }, 608 [IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 }, 609 [IFLA_IPTUN_COLLECT_METADATA] = { .type = NLA_FLAG }, 610 [IFLA_IPTUN_FWMARK] = { .type = NLA_U32 }, 611 }; 612 613 static struct rtnl_link_ops ipip_link_ops __read_mostly = { 614 .kind = "ipip", 615 .maxtype = IFLA_IPTUN_MAX, 616 .policy = ipip_policy, 617 .priv_size = sizeof(struct ip_tunnel), 618 .setup = ipip_tunnel_setup, 619 .validate = ipip_tunnel_validate, 620 .newlink = ipip_newlink, 621 .changelink = ipip_changelink, 622 .dellink = ip_tunnel_dellink, 623 .get_size = ipip_get_size, 624 .fill_info = ipip_fill_info, 625 .get_link_net = ip_tunnel_get_link_net, 626 }; 627 628 static struct xfrm_tunnel ipip_handler __read_mostly = { 629 .handler = ipip_rcv, 630 .err_handler = ipip_err, 631 .priority = 1, 632 }; 633 634 #if IS_ENABLED(CONFIG_MPLS) 635 static struct xfrm_tunnel mplsip_handler __read_mostly = { 636 .handler = mplsip_rcv, 637 .err_handler = ipip_err, 638 .priority = 1, 639 }; 640 #endif 641 642 static int __net_init ipip_init_net(struct net *net) 643 { 644 return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0"); 645 } 646 647 static void __net_exit ipip_exit_batch_net(struct list_head *list_net) 648 { 649 ip_tunnel_delete_nets(list_net, ipip_net_id, &ipip_link_ops); 650 } 651 652 static struct pernet_operations ipip_net_ops = { 653 .init = ipip_init_net, 654 .exit_batch = ipip_exit_batch_net, 655 .id = &ipip_net_id, 656 .size = sizeof(struct ip_tunnel_net), 657 }; 658 659 static int __init ipip_init(void) 660 { 661 int err; 662 663 pr_info("ipip: IPv4 and MPLS over IPv4 tunneling driver\n"); 664 665 err = register_pernet_device(&ipip_net_ops); 666 if (err < 0) 667 return err; 668 err = xfrm4_tunnel_register(&ipip_handler, AF_INET); 669 if (err < 0) { 670 pr_info("%s: can't register tunnel\n", __func__); 671 goto xfrm_tunnel_ipip_failed; 672 } 673 #if IS_ENABLED(CONFIG_MPLS) 674 err = xfrm4_tunnel_register(&mplsip_handler, AF_MPLS); 675 if (err < 0) { 676 pr_info("%s: can't register tunnel\n", __func__); 677 goto xfrm_tunnel_mplsip_failed; 678 } 679 #endif 680 err = rtnl_link_register(&ipip_link_ops); 681 if (err < 0) 682 goto rtnl_link_failed; 683 684 out: 685 return err; 686 687 rtnl_link_failed: 688 #if IS_ENABLED(CONFIG_MPLS) 689 xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS); 690 xfrm_tunnel_mplsip_failed: 691 692 #endif 693 xfrm4_tunnel_deregister(&ipip_handler, AF_INET); 694 xfrm_tunnel_ipip_failed: 695 unregister_pernet_device(&ipip_net_ops); 696 goto out; 697 } 698 699 static void __exit ipip_fini(void) 700 { 701 rtnl_link_unregister(&ipip_link_ops); 702 if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET)) 703 pr_info("%s: can't deregister tunnel\n", __func__); 704 #if IS_ENABLED(CONFIG_MPLS) 705 if (xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS)) 706 pr_info("%s: can't deregister tunnel\n", __func__); 707 #endif 708 unregister_pernet_device(&ipip_net_ops); 709 } 710 711 module_init(ipip_init); 712 module_exit(ipip_fini); 713 MODULE_LICENSE("GPL"); 714 MODULE_ALIAS_RTNL_LINK("ipip"); 715 MODULE_ALIAS_NETDEV("tunl0"); 716