xref: /openbmc/linux/net/ipv4/ipip.c (revision 3bf90eca)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	Linux NET3:	IP/IP protocol decoder.
4  *
5  *	Authors:
6  *		Sam Lantinga (slouken@cs.ucdavis.edu)  02/01/95
7  *
8  *	Fixes:
9  *		Alan Cox	:	Merged and made usable non modular (its so tiny its silly as
10  *					a module taking up 2 pages).
11  *		Alan Cox	: 	Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
12  *					to keep ip_forward happy.
13  *		Alan Cox	:	More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
14  *		Kai Schulte	:	Fixed #defines for IP_FIREWALL->FIREWALL
15  *              David Woodhouse :       Perform some basic ICMP handling.
16  *                                      IPIP Routing without decapsulation.
17  *              Carlos Picoto   :       GRE over IP support
18  *		Alexey Kuznetsov:	Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
19  *					I do not want to merge them together.
20  */
21 
22 /* tunnel.c: an IP tunnel driver
23 
24 	The purpose of this driver is to provide an IP tunnel through
25 	which you can tunnel network traffic transparently across subnets.
26 
27 	This was written by looking at Nick Holloway's dummy driver
28 	Thanks for the great code!
29 
30 		-Sam Lantinga	(slouken@cs.ucdavis.edu)  02/01/95
31 
32 	Minor tweaks:
33 		Cleaned up the code a little and added some pre-1.3.0 tweaks.
34 		dev->hard_header/hard_header_len changed to use no headers.
35 		Comments/bracketing tweaked.
36 		Made the tunnels use dev->name not tunnel: when error reporting.
37 		Added tx_dropped stat
38 
39 		-Alan Cox	(alan@lxorguk.ukuu.org.uk) 21 March 95
40 
41 	Reworked:
42 		Changed to tunnel to destination gateway in addition to the
43 			tunnel's pointopoint address
44 		Almost completely rewritten
45 		Note:  There is currently no firewall or ICMP handling done.
46 
47 		-Sam Lantinga	(slouken@cs.ucdavis.edu) 02/13/96
48 
49 */
50 
51 /* Things I wish I had known when writing the tunnel driver:
52 
53 	When the tunnel_xmit() function is called, the skb contains the
54 	packet to be sent (plus a great deal of extra info), and dev
55 	contains the tunnel device that _we_ are.
56 
57 	When we are passed a packet, we are expected to fill in the
58 	source address with our source IP address.
59 
60 	What is the proper way to allocate, copy and free a buffer?
61 	After you allocate it, it is a "0 length" chunk of memory
62 	starting at zero.  If you want to add headers to the buffer
63 	later, you'll have to call "skb_reserve(skb, amount)" with
64 	the amount of memory you want reserved.  Then, you call
65 	"skb_put(skb, amount)" with the amount of space you want in
66 	the buffer.  skb_put() returns a pointer to the top (#0) of
67 	that buffer.  skb->len is set to the amount of space you have
68 	"allocated" with skb_put().  You can then write up to skb->len
69 	bytes to that buffer.  If you need more, you can call skb_put()
70 	again with the additional amount of space you need.  You can
71 	find out how much more space you can allocate by calling
72 	"skb_tailroom(skb)".
73 	Now, to add header space, call "skb_push(skb, header_len)".
74 	This creates space at the beginning of the buffer and returns
75 	a pointer to this new space.  If later you need to strip a
76 	header from a buffer, call "skb_pull(skb, header_len)".
77 	skb_headroom() will return how much space is left at the top
78 	of the buffer (before the main data).  Remember, this headroom
79 	space must be reserved before the skb_put() function is called.
80 	*/
81 
82 /*
83    This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
84 
85    For comments look at net/ipv4/ip_gre.c --ANK
86  */
87 
88 
89 #include <linux/capability.h>
90 #include <linux/module.h>
91 #include <linux/types.h>
92 #include <linux/kernel.h>
93 #include <linux/slab.h>
94 #include <linux/uaccess.h>
95 #include <linux/skbuff.h>
96 #include <linux/netdevice.h>
97 #include <linux/in.h>
98 #include <linux/tcp.h>
99 #include <linux/udp.h>
100 #include <linux/if_arp.h>
101 #include <linux/init.h>
102 #include <linux/netfilter_ipv4.h>
103 #include <linux/if_ether.h>
104 
105 #include <net/sock.h>
106 #include <net/ip.h>
107 #include <net/icmp.h>
108 #include <net/ip_tunnels.h>
109 #include <net/inet_ecn.h>
110 #include <net/xfrm.h>
111 #include <net/net_namespace.h>
112 #include <net/netns/generic.h>
113 #include <net/dst_metadata.h>
114 
115 static bool log_ecn_error = true;
116 module_param(log_ecn_error, bool, 0644);
117 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
118 
119 static unsigned int ipip_net_id __read_mostly;
120 
121 static int ipip_tunnel_init(struct net_device *dev);
122 static struct rtnl_link_ops ipip_link_ops __read_mostly;
123 
124 static int ipip_err(struct sk_buff *skb, u32 info)
125 {
126 	/* All the routers (except for Linux) return only
127 	 * 8 bytes of packet payload. It means, that precise relaying of
128 	 * ICMP in the real Internet is absolutely infeasible.
129 	 */
130 	struct net *net = dev_net(skb->dev);
131 	struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
132 	const struct iphdr *iph = (const struct iphdr *)skb->data;
133 	const int type = icmp_hdr(skb)->type;
134 	const int code = icmp_hdr(skb)->code;
135 	struct ip_tunnel *t;
136 	int err = 0;
137 
138 	t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
139 			     iph->daddr, iph->saddr, 0);
140 	if (!t) {
141 		err = -ENOENT;
142 		goto out;
143 	}
144 
145 	switch (type) {
146 	case ICMP_DEST_UNREACH:
147 		switch (code) {
148 		case ICMP_SR_FAILED:
149 			/* Impossible event. */
150 			goto out;
151 		default:
152 			/* All others are translated to HOST_UNREACH.
153 			 * rfc2003 contains "deep thoughts" about NET_UNREACH,
154 			 * I believe they are just ether pollution. --ANK
155 			 */
156 			break;
157 		}
158 		break;
159 
160 	case ICMP_TIME_EXCEEDED:
161 		if (code != ICMP_EXC_TTL)
162 			goto out;
163 		break;
164 
165 	case ICMP_REDIRECT:
166 		break;
167 
168 	default:
169 		goto out;
170 	}
171 
172 	if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
173 		ipv4_update_pmtu(skb, net, info, t->parms.link, iph->protocol);
174 		goto out;
175 	}
176 
177 	if (type == ICMP_REDIRECT) {
178 		ipv4_redirect(skb, net, t->parms.link, iph->protocol);
179 		goto out;
180 	}
181 
182 	if (t->parms.iph.daddr == 0) {
183 		err = -ENOENT;
184 		goto out;
185 	}
186 
187 	if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
188 		goto out;
189 
190 	if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
191 		t->err_count++;
192 	else
193 		t->err_count = 1;
194 	t->err_time = jiffies;
195 
196 out:
197 	return err;
198 }
199 
200 static const struct tnl_ptk_info ipip_tpi = {
201 	/* no tunnel info required for ipip. */
202 	.proto = htons(ETH_P_IP),
203 };
204 
205 #if IS_ENABLED(CONFIG_MPLS)
206 static const struct tnl_ptk_info mplsip_tpi = {
207 	/* no tunnel info required for mplsip. */
208 	.proto = htons(ETH_P_MPLS_UC),
209 };
210 #endif
211 
212 static int ipip_tunnel_rcv(struct sk_buff *skb, u8 ipproto)
213 {
214 	struct net *net = dev_net(skb->dev);
215 	struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
216 	struct metadata_dst *tun_dst = NULL;
217 	struct ip_tunnel *tunnel;
218 	const struct iphdr *iph;
219 
220 	iph = ip_hdr(skb);
221 	tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
222 			iph->saddr, iph->daddr, 0);
223 	if (tunnel) {
224 		const struct tnl_ptk_info *tpi;
225 
226 		if (tunnel->parms.iph.protocol != ipproto &&
227 		    tunnel->parms.iph.protocol != 0)
228 			goto drop;
229 
230 		if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
231 			goto drop;
232 #if IS_ENABLED(CONFIG_MPLS)
233 		if (ipproto == IPPROTO_MPLS)
234 			tpi = &mplsip_tpi;
235 		else
236 #endif
237 			tpi = &ipip_tpi;
238 		if (iptunnel_pull_header(skb, 0, tpi->proto, false))
239 			goto drop;
240 		if (tunnel->collect_md) {
241 			tun_dst = ip_tun_rx_dst(skb, 0, 0, 0);
242 			if (!tun_dst)
243 				return 0;
244 		}
245 		skb_reset_mac_header(skb);
246 
247 		return ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
248 	}
249 
250 	return -1;
251 
252 drop:
253 	kfree_skb(skb);
254 	return 0;
255 }
256 
257 static int ipip_rcv(struct sk_buff *skb)
258 {
259 	return ipip_tunnel_rcv(skb, IPPROTO_IPIP);
260 }
261 
262 #if IS_ENABLED(CONFIG_MPLS)
263 static int mplsip_rcv(struct sk_buff *skb)
264 {
265 	return ipip_tunnel_rcv(skb, IPPROTO_MPLS);
266 }
267 #endif
268 
269 /*
270  *	This function assumes it is being called from dev_queue_xmit()
271  *	and that skb is filled properly by that function.
272  */
273 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb,
274 				    struct net_device *dev)
275 {
276 	struct ip_tunnel *tunnel = netdev_priv(dev);
277 	const struct iphdr  *tiph = &tunnel->parms.iph;
278 	u8 ipproto;
279 
280 	if (!pskb_inet_may_pull(skb))
281 		goto tx_error;
282 
283 	switch (skb->protocol) {
284 	case htons(ETH_P_IP):
285 		ipproto = IPPROTO_IPIP;
286 		break;
287 #if IS_ENABLED(CONFIG_MPLS)
288 	case htons(ETH_P_MPLS_UC):
289 		ipproto = IPPROTO_MPLS;
290 		break;
291 #endif
292 	default:
293 		goto tx_error;
294 	}
295 
296 	if (tiph->protocol != ipproto && tiph->protocol != 0)
297 		goto tx_error;
298 
299 	if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP4))
300 		goto tx_error;
301 
302 	skb_set_inner_ipproto(skb, ipproto);
303 
304 	if (tunnel->collect_md)
305 		ip_md_tunnel_xmit(skb, dev, ipproto, 0);
306 	else
307 		ip_tunnel_xmit(skb, dev, tiph, ipproto);
308 	return NETDEV_TX_OK;
309 
310 tx_error:
311 	kfree_skb(skb);
312 
313 	DEV_STATS_INC(dev, tx_errors);
314 	return NETDEV_TX_OK;
315 }
316 
317 static bool ipip_tunnel_ioctl_verify_protocol(u8 ipproto)
318 {
319 	switch (ipproto) {
320 	case 0:
321 	case IPPROTO_IPIP:
322 #if IS_ENABLED(CONFIG_MPLS)
323 	case IPPROTO_MPLS:
324 #endif
325 		return true;
326 	}
327 
328 	return false;
329 }
330 
331 static int
332 ipip_tunnel_ctl(struct net_device *dev, struct ip_tunnel_parm *p, int cmd)
333 {
334 	if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
335 		if (p->iph.version != 4 ||
336 		    !ipip_tunnel_ioctl_verify_protocol(p->iph.protocol) ||
337 		    p->iph.ihl != 5 || (p->iph.frag_off & htons(~IP_DF)))
338 			return -EINVAL;
339 	}
340 
341 	p->i_key = p->o_key = 0;
342 	p->i_flags = p->o_flags = 0;
343 	return ip_tunnel_ctl(dev, p, cmd);
344 }
345 
346 static const struct net_device_ops ipip_netdev_ops = {
347 	.ndo_init       = ipip_tunnel_init,
348 	.ndo_uninit     = ip_tunnel_uninit,
349 	.ndo_start_xmit	= ipip_tunnel_xmit,
350 	.ndo_siocdevprivate = ip_tunnel_siocdevprivate,
351 	.ndo_change_mtu = ip_tunnel_change_mtu,
352 	.ndo_get_stats64 = dev_get_tstats64,
353 	.ndo_get_iflink = ip_tunnel_get_iflink,
354 	.ndo_tunnel_ctl	= ipip_tunnel_ctl,
355 };
356 
357 #define IPIP_FEATURES (NETIF_F_SG |		\
358 		       NETIF_F_FRAGLIST |	\
359 		       NETIF_F_HIGHDMA |	\
360 		       NETIF_F_GSO_SOFTWARE |	\
361 		       NETIF_F_HW_CSUM)
362 
363 static void ipip_tunnel_setup(struct net_device *dev)
364 {
365 	dev->netdev_ops		= &ipip_netdev_ops;
366 	dev->header_ops		= &ip_tunnel_header_ops;
367 
368 	dev->type		= ARPHRD_TUNNEL;
369 	dev->flags		= IFF_NOARP;
370 	dev->addr_len		= 4;
371 	dev->features		|= NETIF_F_LLTX;
372 	netif_keep_dst(dev);
373 
374 	dev->features		|= IPIP_FEATURES;
375 	dev->hw_features	|= IPIP_FEATURES;
376 	ip_tunnel_setup(dev, ipip_net_id);
377 }
378 
379 static int ipip_tunnel_init(struct net_device *dev)
380 {
381 	struct ip_tunnel *tunnel = netdev_priv(dev);
382 
383 	__dev_addr_set(dev, &tunnel->parms.iph.saddr, 4);
384 	memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
385 
386 	tunnel->tun_hlen = 0;
387 	tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
388 	return ip_tunnel_init(dev);
389 }
390 
391 static int ipip_tunnel_validate(struct nlattr *tb[], struct nlattr *data[],
392 				struct netlink_ext_ack *extack)
393 {
394 	u8 proto;
395 
396 	if (!data || !data[IFLA_IPTUN_PROTO])
397 		return 0;
398 
399 	proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
400 	if (proto != IPPROTO_IPIP && proto != IPPROTO_MPLS && proto != 0)
401 		return -EINVAL;
402 
403 	return 0;
404 }
405 
406 static void ipip_netlink_parms(struct nlattr *data[],
407 			       struct ip_tunnel_parm *parms, bool *collect_md,
408 			       __u32 *fwmark)
409 {
410 	memset(parms, 0, sizeof(*parms));
411 
412 	parms->iph.version = 4;
413 	parms->iph.protocol = IPPROTO_IPIP;
414 	parms->iph.ihl = 5;
415 	*collect_md = false;
416 
417 	if (!data)
418 		return;
419 
420 	ip_tunnel_netlink_parms(data, parms);
421 
422 	if (data[IFLA_IPTUN_COLLECT_METADATA])
423 		*collect_md = true;
424 
425 	if (data[IFLA_IPTUN_FWMARK])
426 		*fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]);
427 }
428 
429 static int ipip_newlink(struct net *src_net, struct net_device *dev,
430 			struct nlattr *tb[], struct nlattr *data[],
431 			struct netlink_ext_ack *extack)
432 {
433 	struct ip_tunnel *t = netdev_priv(dev);
434 	struct ip_tunnel_parm p;
435 	struct ip_tunnel_encap ipencap;
436 	__u32 fwmark = 0;
437 
438 	if (ip_tunnel_netlink_encap_parms(data, &ipencap)) {
439 		int err = ip_tunnel_encap_setup(t, &ipencap);
440 
441 		if (err < 0)
442 			return err;
443 	}
444 
445 	ipip_netlink_parms(data, &p, &t->collect_md, &fwmark);
446 	return ip_tunnel_newlink(dev, tb, &p, fwmark);
447 }
448 
449 static int ipip_changelink(struct net_device *dev, struct nlattr *tb[],
450 			   struct nlattr *data[],
451 			   struct netlink_ext_ack *extack)
452 {
453 	struct ip_tunnel *t = netdev_priv(dev);
454 	struct ip_tunnel_parm p;
455 	struct ip_tunnel_encap ipencap;
456 	bool collect_md;
457 	__u32 fwmark = t->fwmark;
458 
459 	if (ip_tunnel_netlink_encap_parms(data, &ipencap)) {
460 		int err = ip_tunnel_encap_setup(t, &ipencap);
461 
462 		if (err < 0)
463 			return err;
464 	}
465 
466 	ipip_netlink_parms(data, &p, &collect_md, &fwmark);
467 	if (collect_md)
468 		return -EINVAL;
469 
470 	if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
471 	    (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
472 		return -EINVAL;
473 
474 	return ip_tunnel_changelink(dev, tb, &p, fwmark);
475 }
476 
477 static size_t ipip_get_size(const struct net_device *dev)
478 {
479 	return
480 		/* IFLA_IPTUN_LINK */
481 		nla_total_size(4) +
482 		/* IFLA_IPTUN_LOCAL */
483 		nla_total_size(4) +
484 		/* IFLA_IPTUN_REMOTE */
485 		nla_total_size(4) +
486 		/* IFLA_IPTUN_TTL */
487 		nla_total_size(1) +
488 		/* IFLA_IPTUN_TOS */
489 		nla_total_size(1) +
490 		/* IFLA_IPTUN_PROTO */
491 		nla_total_size(1) +
492 		/* IFLA_IPTUN_PMTUDISC */
493 		nla_total_size(1) +
494 		/* IFLA_IPTUN_ENCAP_TYPE */
495 		nla_total_size(2) +
496 		/* IFLA_IPTUN_ENCAP_FLAGS */
497 		nla_total_size(2) +
498 		/* IFLA_IPTUN_ENCAP_SPORT */
499 		nla_total_size(2) +
500 		/* IFLA_IPTUN_ENCAP_DPORT */
501 		nla_total_size(2) +
502 		/* IFLA_IPTUN_COLLECT_METADATA */
503 		nla_total_size(0) +
504 		/* IFLA_IPTUN_FWMARK */
505 		nla_total_size(4) +
506 		0;
507 }
508 
509 static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev)
510 {
511 	struct ip_tunnel *tunnel = netdev_priv(dev);
512 	struct ip_tunnel_parm *parm = &tunnel->parms;
513 
514 	if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
515 	    nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
516 	    nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
517 	    nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
518 	    nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
519 	    nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->iph.protocol) ||
520 	    nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
521 		       !!(parm->iph.frag_off & htons(IP_DF))) ||
522 	    nla_put_u32(skb, IFLA_IPTUN_FWMARK, tunnel->fwmark))
523 		goto nla_put_failure;
524 
525 	if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
526 			tunnel->encap.type) ||
527 	    nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
528 			 tunnel->encap.sport) ||
529 	    nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
530 			 tunnel->encap.dport) ||
531 	    nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
532 			tunnel->encap.flags))
533 		goto nla_put_failure;
534 
535 	if (tunnel->collect_md)
536 		if (nla_put_flag(skb, IFLA_IPTUN_COLLECT_METADATA))
537 			goto nla_put_failure;
538 	return 0;
539 
540 nla_put_failure:
541 	return -EMSGSIZE;
542 }
543 
544 static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
545 	[IFLA_IPTUN_LINK]		= { .type = NLA_U32 },
546 	[IFLA_IPTUN_LOCAL]		= { .type = NLA_U32 },
547 	[IFLA_IPTUN_REMOTE]		= { .type = NLA_U32 },
548 	[IFLA_IPTUN_TTL]		= { .type = NLA_U8 },
549 	[IFLA_IPTUN_TOS]		= { .type = NLA_U8 },
550 	[IFLA_IPTUN_PROTO]		= { .type = NLA_U8 },
551 	[IFLA_IPTUN_PMTUDISC]		= { .type = NLA_U8 },
552 	[IFLA_IPTUN_ENCAP_TYPE]		= { .type = NLA_U16 },
553 	[IFLA_IPTUN_ENCAP_FLAGS]	= { .type = NLA_U16 },
554 	[IFLA_IPTUN_ENCAP_SPORT]	= { .type = NLA_U16 },
555 	[IFLA_IPTUN_ENCAP_DPORT]	= { .type = NLA_U16 },
556 	[IFLA_IPTUN_COLLECT_METADATA]	= { .type = NLA_FLAG },
557 	[IFLA_IPTUN_FWMARK]		= { .type = NLA_U32 },
558 };
559 
560 static struct rtnl_link_ops ipip_link_ops __read_mostly = {
561 	.kind		= "ipip",
562 	.maxtype	= IFLA_IPTUN_MAX,
563 	.policy		= ipip_policy,
564 	.priv_size	= sizeof(struct ip_tunnel),
565 	.setup		= ipip_tunnel_setup,
566 	.validate	= ipip_tunnel_validate,
567 	.newlink	= ipip_newlink,
568 	.changelink	= ipip_changelink,
569 	.dellink	= ip_tunnel_dellink,
570 	.get_size	= ipip_get_size,
571 	.fill_info	= ipip_fill_info,
572 	.get_link_net	= ip_tunnel_get_link_net,
573 };
574 
575 static struct xfrm_tunnel ipip_handler __read_mostly = {
576 	.handler	=	ipip_rcv,
577 	.err_handler	=	ipip_err,
578 	.priority	=	1,
579 };
580 
581 #if IS_ENABLED(CONFIG_MPLS)
582 static struct xfrm_tunnel mplsip_handler __read_mostly = {
583 	.handler	=	mplsip_rcv,
584 	.err_handler	=	ipip_err,
585 	.priority	=	1,
586 };
587 #endif
588 
589 static int __net_init ipip_init_net(struct net *net)
590 {
591 	return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
592 }
593 
594 static void __net_exit ipip_exit_batch_net(struct list_head *list_net)
595 {
596 	ip_tunnel_delete_nets(list_net, ipip_net_id, &ipip_link_ops);
597 }
598 
599 static struct pernet_operations ipip_net_ops = {
600 	.init = ipip_init_net,
601 	.exit_batch = ipip_exit_batch_net,
602 	.id   = &ipip_net_id,
603 	.size = sizeof(struct ip_tunnel_net),
604 };
605 
606 static int __init ipip_init(void)
607 {
608 	int err;
609 
610 	pr_info("ipip: IPv4 and MPLS over IPv4 tunneling driver\n");
611 
612 	err = register_pernet_device(&ipip_net_ops);
613 	if (err < 0)
614 		return err;
615 	err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
616 	if (err < 0) {
617 		pr_info("%s: can't register tunnel\n", __func__);
618 		goto xfrm_tunnel_ipip_failed;
619 	}
620 #if IS_ENABLED(CONFIG_MPLS)
621 	err = xfrm4_tunnel_register(&mplsip_handler, AF_MPLS);
622 	if (err < 0) {
623 		pr_info("%s: can't register tunnel\n", __func__);
624 		goto xfrm_tunnel_mplsip_failed;
625 	}
626 #endif
627 	err = rtnl_link_register(&ipip_link_ops);
628 	if (err < 0)
629 		goto rtnl_link_failed;
630 
631 out:
632 	return err;
633 
634 rtnl_link_failed:
635 #if IS_ENABLED(CONFIG_MPLS)
636 	xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS);
637 xfrm_tunnel_mplsip_failed:
638 
639 #endif
640 	xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
641 xfrm_tunnel_ipip_failed:
642 	unregister_pernet_device(&ipip_net_ops);
643 	goto out;
644 }
645 
646 static void __exit ipip_fini(void)
647 {
648 	rtnl_link_unregister(&ipip_link_ops);
649 	if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
650 		pr_info("%s: can't deregister tunnel\n", __func__);
651 #if IS_ENABLED(CONFIG_MPLS)
652 	if (xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS))
653 		pr_info("%s: can't deregister tunnel\n", __func__);
654 #endif
655 	unregister_pernet_device(&ipip_net_ops);
656 }
657 
658 module_init(ipip_init);
659 module_exit(ipip_fini);
660 MODULE_LICENSE("GPL");
661 MODULE_ALIAS_RTNL_LINK("ipip");
662 MODULE_ALIAS_NETDEV("tunl0");
663