1 /* 2 * IPv6 tunneling device 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Ville Nuorvala <vnuorval@tcs.hut.fi> 7 * Yasuyuki Kozakai <kozakai@linux-ipv6.org> 8 * 9 * Based on: 10 * linux/net/ipv6/sit.c and linux/net/ipv4/ipip.c 11 * 12 * RFC 2473 13 * 14 * This program is free software; you can redistribute it and/or 15 * modify it under the terms of the GNU General Public License 16 * as published by the Free Software Foundation; either version 17 * 2 of the License, or (at your option) any later version. 18 * 19 */ 20 21 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 22 23 #include <linux/module.h> 24 #include <linux/capability.h> 25 #include <linux/errno.h> 26 #include <linux/types.h> 27 #include <linux/sockios.h> 28 #include <linux/icmp.h> 29 #include <linux/if.h> 30 #include <linux/in.h> 31 #include <linux/ip.h> 32 #include <linux/net.h> 33 #include <linux/in6.h> 34 #include <linux/netdevice.h> 35 #include <linux/if_arp.h> 36 #include <linux/icmpv6.h> 37 #include <linux/init.h> 38 #include <linux/route.h> 39 #include <linux/rtnetlink.h> 40 #include <linux/netfilter_ipv6.h> 41 #include <linux/slab.h> 42 #include <linux/hash.h> 43 #include <linux/etherdevice.h> 44 45 #include <asm/uaccess.h> 46 #include <linux/atomic.h> 47 48 #include <net/icmp.h> 49 #include <net/ip.h> 50 #include <net/ip_tunnels.h> 51 #include <net/ipv6.h> 52 #include <net/ip6_route.h> 53 #include <net/addrconf.h> 54 #include <net/ip6_tunnel.h> 55 #include <net/xfrm.h> 56 #include <net/dsfield.h> 57 #include <net/inet_ecn.h> 58 #include <net/net_namespace.h> 59 #include <net/netns/generic.h> 60 61 MODULE_AUTHOR("Ville Nuorvala"); 62 MODULE_DESCRIPTION("IPv6 tunneling device"); 63 MODULE_LICENSE("GPL"); 64 MODULE_ALIAS_RTNL_LINK("ip6tnl"); 65 MODULE_ALIAS_NETDEV("ip6tnl0"); 66 67 #ifdef IP6_TNL_DEBUG 68 #define IP6_TNL_TRACE(x...) pr_debug("%s:" x "\n", __func__) 69 #else 70 #define IP6_TNL_TRACE(x...) do {;} while(0) 71 #endif 72 73 #define HASH_SIZE_SHIFT 5 74 #define HASH_SIZE (1 << HASH_SIZE_SHIFT) 75 76 static bool log_ecn_error = true; 77 module_param(log_ecn_error, bool, 0644); 78 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN"); 79 80 static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) 81 { 82 u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2); 83 84 return hash_32(hash, HASH_SIZE_SHIFT); 85 } 86 87 static int ip6_tnl_dev_init(struct net_device *dev); 88 static void ip6_tnl_dev_setup(struct net_device *dev); 89 static struct rtnl_link_ops ip6_link_ops __read_mostly; 90 91 static int ip6_tnl_net_id __read_mostly; 92 struct ip6_tnl_net { 93 /* the IPv6 tunnel fallback device */ 94 struct net_device *fb_tnl_dev; 95 /* lists for storing tunnels in use */ 96 struct ip6_tnl __rcu *tnls_r_l[HASH_SIZE]; 97 struct ip6_tnl __rcu *tnls_wc[1]; 98 struct ip6_tnl __rcu **tnls[2]; 99 }; 100 101 static struct net_device_stats *ip6_get_stats(struct net_device *dev) 102 { 103 struct pcpu_sw_netstats tmp, sum = { 0 }; 104 int i; 105 106 for_each_possible_cpu(i) { 107 unsigned int start; 108 const struct pcpu_sw_netstats *tstats = 109 per_cpu_ptr(dev->tstats, i); 110 111 do { 112 start = u64_stats_fetch_begin_irq(&tstats->syncp); 113 tmp.rx_packets = tstats->rx_packets; 114 tmp.rx_bytes = tstats->rx_bytes; 115 tmp.tx_packets = tstats->tx_packets; 116 tmp.tx_bytes = tstats->tx_bytes; 117 } while (u64_stats_fetch_retry_irq(&tstats->syncp, start)); 118 119 sum.rx_packets += tmp.rx_packets; 120 sum.rx_bytes += tmp.rx_bytes; 121 sum.tx_packets += tmp.tx_packets; 122 sum.tx_bytes += tmp.tx_bytes; 123 } 124 dev->stats.rx_packets = sum.rx_packets; 125 dev->stats.rx_bytes = sum.rx_bytes; 126 dev->stats.tx_packets = sum.tx_packets; 127 dev->stats.tx_bytes = sum.tx_bytes; 128 return &dev->stats; 129 } 130 131 /* 132 * Locking : hash tables are protected by RCU and RTNL 133 */ 134 135 struct dst_entry *ip6_tnl_dst_check(struct ip6_tnl *t) 136 { 137 struct dst_entry *dst = t->dst_cache; 138 139 if (dst && dst->obsolete && 140 dst->ops->check(dst, t->dst_cookie) == NULL) { 141 t->dst_cache = NULL; 142 dst_release(dst); 143 return NULL; 144 } 145 146 return dst; 147 } 148 EXPORT_SYMBOL_GPL(ip6_tnl_dst_check); 149 150 void ip6_tnl_dst_reset(struct ip6_tnl *t) 151 { 152 dst_release(t->dst_cache); 153 t->dst_cache = NULL; 154 } 155 EXPORT_SYMBOL_GPL(ip6_tnl_dst_reset); 156 157 void ip6_tnl_dst_store(struct ip6_tnl *t, struct dst_entry *dst) 158 { 159 struct rt6_info *rt = (struct rt6_info *) dst; 160 t->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0; 161 dst_release(t->dst_cache); 162 t->dst_cache = dst; 163 } 164 EXPORT_SYMBOL_GPL(ip6_tnl_dst_store); 165 166 /** 167 * ip6_tnl_lookup - fetch tunnel matching the end-point addresses 168 * @remote: the address of the tunnel exit-point 169 * @local: the address of the tunnel entry-point 170 * 171 * Return: 172 * tunnel matching given end-points if found, 173 * else fallback tunnel if its device is up, 174 * else %NULL 175 **/ 176 177 #define for_each_ip6_tunnel_rcu(start) \ 178 for (t = rcu_dereference(start); t; t = rcu_dereference(t->next)) 179 180 static struct ip6_tnl * 181 ip6_tnl_lookup(struct net *net, const struct in6_addr *remote, const struct in6_addr *local) 182 { 183 unsigned int hash = HASH(remote, local); 184 struct ip6_tnl *t; 185 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 186 struct in6_addr any; 187 188 for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) { 189 if (ipv6_addr_equal(local, &t->parms.laddr) && 190 ipv6_addr_equal(remote, &t->parms.raddr) && 191 (t->dev->flags & IFF_UP)) 192 return t; 193 } 194 195 memset(&any, 0, sizeof(any)); 196 hash = HASH(&any, local); 197 for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) { 198 if (ipv6_addr_equal(local, &t->parms.laddr) && 199 (t->dev->flags & IFF_UP)) 200 return t; 201 } 202 203 hash = HASH(remote, &any); 204 for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) { 205 if (ipv6_addr_equal(remote, &t->parms.raddr) && 206 (t->dev->flags & IFF_UP)) 207 return t; 208 } 209 210 t = rcu_dereference(ip6n->tnls_wc[0]); 211 if (t && (t->dev->flags & IFF_UP)) 212 return t; 213 214 return NULL; 215 } 216 217 /** 218 * ip6_tnl_bucket - get head of list matching given tunnel parameters 219 * @p: parameters containing tunnel end-points 220 * 221 * Description: 222 * ip6_tnl_bucket() returns the head of the list matching the 223 * &struct in6_addr entries laddr and raddr in @p. 224 * 225 * Return: head of IPv6 tunnel list 226 **/ 227 228 static struct ip6_tnl __rcu ** 229 ip6_tnl_bucket(struct ip6_tnl_net *ip6n, const struct __ip6_tnl_parm *p) 230 { 231 const struct in6_addr *remote = &p->raddr; 232 const struct in6_addr *local = &p->laddr; 233 unsigned int h = 0; 234 int prio = 0; 235 236 if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) { 237 prio = 1; 238 h = HASH(remote, local); 239 } 240 return &ip6n->tnls[prio][h]; 241 } 242 243 /** 244 * ip6_tnl_link - add tunnel to hash table 245 * @t: tunnel to be added 246 **/ 247 248 static void 249 ip6_tnl_link(struct ip6_tnl_net *ip6n, struct ip6_tnl *t) 250 { 251 struct ip6_tnl __rcu **tp = ip6_tnl_bucket(ip6n, &t->parms); 252 253 rcu_assign_pointer(t->next , rtnl_dereference(*tp)); 254 rcu_assign_pointer(*tp, t); 255 } 256 257 /** 258 * ip6_tnl_unlink - remove tunnel from hash table 259 * @t: tunnel to be removed 260 **/ 261 262 static void 263 ip6_tnl_unlink(struct ip6_tnl_net *ip6n, struct ip6_tnl *t) 264 { 265 struct ip6_tnl __rcu **tp; 266 struct ip6_tnl *iter; 267 268 for (tp = ip6_tnl_bucket(ip6n, &t->parms); 269 (iter = rtnl_dereference(*tp)) != NULL; 270 tp = &iter->next) { 271 if (t == iter) { 272 rcu_assign_pointer(*tp, t->next); 273 break; 274 } 275 } 276 } 277 278 static void ip6_dev_free(struct net_device *dev) 279 { 280 free_percpu(dev->tstats); 281 free_netdev(dev); 282 } 283 284 static int ip6_tnl_create2(struct net_device *dev) 285 { 286 struct ip6_tnl *t = netdev_priv(dev); 287 struct net *net = dev_net(dev); 288 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 289 int err; 290 291 t = netdev_priv(dev); 292 293 err = register_netdevice(dev); 294 if (err < 0) 295 goto out; 296 297 strcpy(t->parms.name, dev->name); 298 dev->rtnl_link_ops = &ip6_link_ops; 299 300 dev_hold(dev); 301 ip6_tnl_link(ip6n, t); 302 return 0; 303 304 out: 305 return err; 306 } 307 308 /** 309 * ip6_tnl_create - create a new tunnel 310 * @p: tunnel parameters 311 * @pt: pointer to new tunnel 312 * 313 * Description: 314 * Create tunnel matching given parameters. 315 * 316 * Return: 317 * created tunnel or NULL 318 **/ 319 320 static struct ip6_tnl *ip6_tnl_create(struct net *net, struct __ip6_tnl_parm *p) 321 { 322 struct net_device *dev; 323 struct ip6_tnl *t; 324 char name[IFNAMSIZ]; 325 int err; 326 327 if (p->name[0]) 328 strlcpy(name, p->name, IFNAMSIZ); 329 else 330 sprintf(name, "ip6tnl%%d"); 331 332 dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, 333 ip6_tnl_dev_setup); 334 if (dev == NULL) 335 goto failed; 336 337 dev_net_set(dev, net); 338 339 t = netdev_priv(dev); 340 t->parms = *p; 341 t->net = dev_net(dev); 342 err = ip6_tnl_create2(dev); 343 if (err < 0) 344 goto failed_free; 345 346 return t; 347 348 failed_free: 349 ip6_dev_free(dev); 350 failed: 351 return NULL; 352 } 353 354 /** 355 * ip6_tnl_locate - find or create tunnel matching given parameters 356 * @p: tunnel parameters 357 * @create: != 0 if allowed to create new tunnel if no match found 358 * 359 * Description: 360 * ip6_tnl_locate() first tries to locate an existing tunnel 361 * based on @parms. If this is unsuccessful, but @create is set a new 362 * tunnel device is created and registered for use. 363 * 364 * Return: 365 * matching tunnel or NULL 366 **/ 367 368 static struct ip6_tnl *ip6_tnl_locate(struct net *net, 369 struct __ip6_tnl_parm *p, int create) 370 { 371 const struct in6_addr *remote = &p->raddr; 372 const struct in6_addr *local = &p->laddr; 373 struct ip6_tnl __rcu **tp; 374 struct ip6_tnl *t; 375 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 376 377 for (tp = ip6_tnl_bucket(ip6n, p); 378 (t = rtnl_dereference(*tp)) != NULL; 379 tp = &t->next) { 380 if (ipv6_addr_equal(local, &t->parms.laddr) && 381 ipv6_addr_equal(remote, &t->parms.raddr)) { 382 if (create) 383 return NULL; 384 385 return t; 386 } 387 } 388 if (!create) 389 return NULL; 390 return ip6_tnl_create(net, p); 391 } 392 393 /** 394 * ip6_tnl_dev_uninit - tunnel device uninitializer 395 * @dev: the device to be destroyed 396 * 397 * Description: 398 * ip6_tnl_dev_uninit() removes tunnel from its list 399 **/ 400 401 static void 402 ip6_tnl_dev_uninit(struct net_device *dev) 403 { 404 struct ip6_tnl *t = netdev_priv(dev); 405 struct net *net = t->net; 406 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 407 408 if (dev == ip6n->fb_tnl_dev) 409 RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL); 410 else 411 ip6_tnl_unlink(ip6n, t); 412 ip6_tnl_dst_reset(t); 413 dev_put(dev); 414 } 415 416 /** 417 * parse_tvl_tnl_enc_lim - handle encapsulation limit option 418 * @skb: received socket buffer 419 * 420 * Return: 421 * 0 if none was found, 422 * else index to encapsulation limit 423 **/ 424 425 __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw) 426 { 427 const struct ipv6hdr *ipv6h = (const struct ipv6hdr *) raw; 428 __u8 nexthdr = ipv6h->nexthdr; 429 __u16 off = sizeof(*ipv6h); 430 431 while (ipv6_ext_hdr(nexthdr) && nexthdr != NEXTHDR_NONE) { 432 __u16 optlen = 0; 433 struct ipv6_opt_hdr *hdr; 434 if (raw + off + sizeof(*hdr) > skb->data && 435 !pskb_may_pull(skb, raw - skb->data + off + sizeof (*hdr))) 436 break; 437 438 hdr = (struct ipv6_opt_hdr *) (raw + off); 439 if (nexthdr == NEXTHDR_FRAGMENT) { 440 struct frag_hdr *frag_hdr = (struct frag_hdr *) hdr; 441 if (frag_hdr->frag_off) 442 break; 443 optlen = 8; 444 } else if (nexthdr == NEXTHDR_AUTH) { 445 optlen = (hdr->hdrlen + 2) << 2; 446 } else { 447 optlen = ipv6_optlen(hdr); 448 } 449 if (nexthdr == NEXTHDR_DEST) { 450 __u16 i = off + 2; 451 while (1) { 452 struct ipv6_tlv_tnl_enc_lim *tel; 453 454 /* No more room for encapsulation limit */ 455 if (i + sizeof (*tel) > off + optlen) 456 break; 457 458 tel = (struct ipv6_tlv_tnl_enc_lim *) &raw[i]; 459 /* return index of option if found and valid */ 460 if (tel->type == IPV6_TLV_TNL_ENCAP_LIMIT && 461 tel->length == 1) 462 return i; 463 /* else jump to next option */ 464 if (tel->type) 465 i += tel->length + 2; 466 else 467 i++; 468 } 469 } 470 nexthdr = hdr->nexthdr; 471 off += optlen; 472 } 473 return 0; 474 } 475 EXPORT_SYMBOL(ip6_tnl_parse_tlv_enc_lim); 476 477 /** 478 * ip6_tnl_err - tunnel error handler 479 * 480 * Description: 481 * ip6_tnl_err() should handle errors in the tunnel according 482 * to the specifications in RFC 2473. 483 **/ 484 485 static int 486 ip6_tnl_err(struct sk_buff *skb, __u8 ipproto, struct inet6_skb_parm *opt, 487 u8 *type, u8 *code, int *msg, __u32 *info, int offset) 488 { 489 const struct ipv6hdr *ipv6h = (const struct ipv6hdr *) skb->data; 490 struct ip6_tnl *t; 491 int rel_msg = 0; 492 u8 rel_type = ICMPV6_DEST_UNREACH; 493 u8 rel_code = ICMPV6_ADDR_UNREACH; 494 u8 tproto; 495 __u32 rel_info = 0; 496 __u16 len; 497 int err = -ENOENT; 498 499 /* If the packet doesn't contain the original IPv6 header we are 500 in trouble since we might need the source address for further 501 processing of the error. */ 502 503 rcu_read_lock(); 504 t = ip6_tnl_lookup(dev_net(skb->dev), &ipv6h->daddr, &ipv6h->saddr); 505 if (t == NULL) 506 goto out; 507 508 tproto = ACCESS_ONCE(t->parms.proto); 509 if (tproto != ipproto && tproto != 0) 510 goto out; 511 512 err = 0; 513 514 switch (*type) { 515 __u32 teli; 516 struct ipv6_tlv_tnl_enc_lim *tel; 517 __u32 mtu; 518 case ICMPV6_DEST_UNREACH: 519 net_warn_ratelimited("%s: Path to destination invalid or inactive!\n", 520 t->parms.name); 521 rel_msg = 1; 522 break; 523 case ICMPV6_TIME_EXCEED: 524 if ((*code) == ICMPV6_EXC_HOPLIMIT) { 525 net_warn_ratelimited("%s: Too small hop limit or routing loop in tunnel!\n", 526 t->parms.name); 527 rel_msg = 1; 528 } 529 break; 530 case ICMPV6_PARAMPROB: 531 teli = 0; 532 if ((*code) == ICMPV6_HDR_FIELD) 533 teli = ip6_tnl_parse_tlv_enc_lim(skb, skb->data); 534 535 if (teli && teli == *info - 2) { 536 tel = (struct ipv6_tlv_tnl_enc_lim *) &skb->data[teli]; 537 if (tel->encap_limit == 0) { 538 net_warn_ratelimited("%s: Too small encapsulation limit or routing loop in tunnel!\n", 539 t->parms.name); 540 rel_msg = 1; 541 } 542 } else { 543 net_warn_ratelimited("%s: Recipient unable to parse tunneled packet!\n", 544 t->parms.name); 545 } 546 break; 547 case ICMPV6_PKT_TOOBIG: 548 mtu = *info - offset; 549 if (mtu < IPV6_MIN_MTU) 550 mtu = IPV6_MIN_MTU; 551 t->dev->mtu = mtu; 552 553 len = sizeof(*ipv6h) + ntohs(ipv6h->payload_len); 554 if (len > mtu) { 555 rel_type = ICMPV6_PKT_TOOBIG; 556 rel_code = 0; 557 rel_info = mtu; 558 rel_msg = 1; 559 } 560 break; 561 } 562 563 *type = rel_type; 564 *code = rel_code; 565 *info = rel_info; 566 *msg = rel_msg; 567 568 out: 569 rcu_read_unlock(); 570 return err; 571 } 572 573 static int 574 ip4ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 575 u8 type, u8 code, int offset, __be32 info) 576 { 577 int rel_msg = 0; 578 u8 rel_type = type; 579 u8 rel_code = code; 580 __u32 rel_info = ntohl(info); 581 int err; 582 struct sk_buff *skb2; 583 const struct iphdr *eiph; 584 struct rtable *rt; 585 struct flowi4 fl4; 586 587 err = ip6_tnl_err(skb, IPPROTO_IPIP, opt, &rel_type, &rel_code, 588 &rel_msg, &rel_info, offset); 589 if (err < 0) 590 return err; 591 592 if (rel_msg == 0) 593 return 0; 594 595 switch (rel_type) { 596 case ICMPV6_DEST_UNREACH: 597 if (rel_code != ICMPV6_ADDR_UNREACH) 598 return 0; 599 rel_type = ICMP_DEST_UNREACH; 600 rel_code = ICMP_HOST_UNREACH; 601 break; 602 case ICMPV6_PKT_TOOBIG: 603 if (rel_code != 0) 604 return 0; 605 rel_type = ICMP_DEST_UNREACH; 606 rel_code = ICMP_FRAG_NEEDED; 607 break; 608 case NDISC_REDIRECT: 609 rel_type = ICMP_REDIRECT; 610 rel_code = ICMP_REDIR_HOST; 611 default: 612 return 0; 613 } 614 615 if (!pskb_may_pull(skb, offset + sizeof(struct iphdr))) 616 return 0; 617 618 skb2 = skb_clone(skb, GFP_ATOMIC); 619 if (!skb2) 620 return 0; 621 622 skb_dst_drop(skb2); 623 624 skb_pull(skb2, offset); 625 skb_reset_network_header(skb2); 626 eiph = ip_hdr(skb2); 627 628 /* Try to guess incoming interface */ 629 rt = ip_route_output_ports(dev_net(skb->dev), &fl4, NULL, 630 eiph->saddr, 0, 631 0, 0, 632 IPPROTO_IPIP, RT_TOS(eiph->tos), 0); 633 if (IS_ERR(rt)) 634 goto out; 635 636 skb2->dev = rt->dst.dev; 637 638 /* route "incoming" packet */ 639 if (rt->rt_flags & RTCF_LOCAL) { 640 ip_rt_put(rt); 641 rt = NULL; 642 rt = ip_route_output_ports(dev_net(skb->dev), &fl4, NULL, 643 eiph->daddr, eiph->saddr, 644 0, 0, 645 IPPROTO_IPIP, 646 RT_TOS(eiph->tos), 0); 647 if (IS_ERR(rt) || 648 rt->dst.dev->type != ARPHRD_TUNNEL) { 649 if (!IS_ERR(rt)) 650 ip_rt_put(rt); 651 goto out; 652 } 653 skb_dst_set(skb2, &rt->dst); 654 } else { 655 ip_rt_put(rt); 656 if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, 657 skb2->dev) || 658 skb_dst(skb2)->dev->type != ARPHRD_TUNNEL) 659 goto out; 660 } 661 662 /* change mtu on this route */ 663 if (rel_type == ICMP_DEST_UNREACH && rel_code == ICMP_FRAG_NEEDED) { 664 if (rel_info > dst_mtu(skb_dst(skb2))) 665 goto out; 666 667 skb_dst(skb2)->ops->update_pmtu(skb_dst(skb2), NULL, skb2, rel_info); 668 } 669 if (rel_type == ICMP_REDIRECT) 670 skb_dst(skb2)->ops->redirect(skb_dst(skb2), NULL, skb2); 671 672 icmp_send(skb2, rel_type, rel_code, htonl(rel_info)); 673 674 out: 675 kfree_skb(skb2); 676 return 0; 677 } 678 679 static int 680 ip6ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 681 u8 type, u8 code, int offset, __be32 info) 682 { 683 int rel_msg = 0; 684 u8 rel_type = type; 685 u8 rel_code = code; 686 __u32 rel_info = ntohl(info); 687 int err; 688 689 err = ip6_tnl_err(skb, IPPROTO_IPV6, opt, &rel_type, &rel_code, 690 &rel_msg, &rel_info, offset); 691 if (err < 0) 692 return err; 693 694 if (rel_msg && pskb_may_pull(skb, offset + sizeof(struct ipv6hdr))) { 695 struct rt6_info *rt; 696 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); 697 698 if (!skb2) 699 return 0; 700 701 skb_dst_drop(skb2); 702 skb_pull(skb2, offset); 703 skb_reset_network_header(skb2); 704 705 /* Try to guess incoming interface */ 706 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, 707 NULL, 0, 0); 708 709 if (rt && rt->dst.dev) 710 skb2->dev = rt->dst.dev; 711 712 icmpv6_send(skb2, rel_type, rel_code, rel_info); 713 714 ip6_rt_put(rt); 715 716 kfree_skb(skb2); 717 } 718 719 return 0; 720 } 721 722 static int ip4ip6_dscp_ecn_decapsulate(const struct ip6_tnl *t, 723 const struct ipv6hdr *ipv6h, 724 struct sk_buff *skb) 725 { 726 __u8 dsfield = ipv6_get_dsfield(ipv6h) & ~INET_ECN_MASK; 727 728 if (t->parms.flags & IP6_TNL_F_RCV_DSCP_COPY) 729 ipv4_change_dsfield(ip_hdr(skb), INET_ECN_MASK, dsfield); 730 731 return IP6_ECN_decapsulate(ipv6h, skb); 732 } 733 734 static int ip6ip6_dscp_ecn_decapsulate(const struct ip6_tnl *t, 735 const struct ipv6hdr *ipv6h, 736 struct sk_buff *skb) 737 { 738 if (t->parms.flags & IP6_TNL_F_RCV_DSCP_COPY) 739 ipv6_copy_dscp(ipv6_get_dsfield(ipv6h), ipv6_hdr(skb)); 740 741 return IP6_ECN_decapsulate(ipv6h, skb); 742 } 743 744 __u32 ip6_tnl_get_cap(struct ip6_tnl *t, 745 const struct in6_addr *laddr, 746 const struct in6_addr *raddr) 747 { 748 struct __ip6_tnl_parm *p = &t->parms; 749 int ltype = ipv6_addr_type(laddr); 750 int rtype = ipv6_addr_type(raddr); 751 __u32 flags = 0; 752 753 if (ltype == IPV6_ADDR_ANY || rtype == IPV6_ADDR_ANY) { 754 flags = IP6_TNL_F_CAP_PER_PACKET; 755 } else if (ltype & (IPV6_ADDR_UNICAST|IPV6_ADDR_MULTICAST) && 756 rtype & (IPV6_ADDR_UNICAST|IPV6_ADDR_MULTICAST) && 757 !((ltype|rtype) & IPV6_ADDR_LOOPBACK) && 758 (!((ltype|rtype) & IPV6_ADDR_LINKLOCAL) || p->link)) { 759 if (ltype&IPV6_ADDR_UNICAST) 760 flags |= IP6_TNL_F_CAP_XMIT; 761 if (rtype&IPV6_ADDR_UNICAST) 762 flags |= IP6_TNL_F_CAP_RCV; 763 } 764 return flags; 765 } 766 EXPORT_SYMBOL(ip6_tnl_get_cap); 767 768 /* called with rcu_read_lock() */ 769 int ip6_tnl_rcv_ctl(struct ip6_tnl *t, 770 const struct in6_addr *laddr, 771 const struct in6_addr *raddr) 772 { 773 struct __ip6_tnl_parm *p = &t->parms; 774 int ret = 0; 775 struct net *net = t->net; 776 777 if ((p->flags & IP6_TNL_F_CAP_RCV) || 778 ((p->flags & IP6_TNL_F_CAP_PER_PACKET) && 779 (ip6_tnl_get_cap(t, laddr, raddr) & IP6_TNL_F_CAP_RCV))) { 780 struct net_device *ldev = NULL; 781 782 if (p->link) 783 ldev = dev_get_by_index_rcu(net, p->link); 784 785 if ((ipv6_addr_is_multicast(laddr) || 786 likely(ipv6_chk_addr(net, laddr, ldev, 0))) && 787 likely(!ipv6_chk_addr(net, raddr, NULL, 0))) 788 ret = 1; 789 } 790 return ret; 791 } 792 EXPORT_SYMBOL_GPL(ip6_tnl_rcv_ctl); 793 794 /** 795 * ip6_tnl_rcv - decapsulate IPv6 packet and retransmit it locally 796 * @skb: received socket buffer 797 * @protocol: ethernet protocol ID 798 * @dscp_ecn_decapsulate: the function to decapsulate DSCP code and ECN 799 * 800 * Return: 0 801 **/ 802 803 static int ip6_tnl_rcv(struct sk_buff *skb, __u16 protocol, 804 __u8 ipproto, 805 int (*dscp_ecn_decapsulate)(const struct ip6_tnl *t, 806 const struct ipv6hdr *ipv6h, 807 struct sk_buff *skb)) 808 { 809 struct ip6_tnl *t; 810 const struct ipv6hdr *ipv6h = ipv6_hdr(skb); 811 u8 tproto; 812 int err; 813 814 rcu_read_lock(); 815 t = ip6_tnl_lookup(dev_net(skb->dev), &ipv6h->saddr, &ipv6h->daddr); 816 if (t != NULL) { 817 struct pcpu_sw_netstats *tstats; 818 819 tproto = ACCESS_ONCE(t->parms.proto); 820 if (tproto != ipproto && tproto != 0) { 821 rcu_read_unlock(); 822 goto discard; 823 } 824 825 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 826 rcu_read_unlock(); 827 goto discard; 828 } 829 830 if (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr)) { 831 t->dev->stats.rx_dropped++; 832 rcu_read_unlock(); 833 goto discard; 834 } 835 skb->mac_header = skb->network_header; 836 skb_reset_network_header(skb); 837 skb->protocol = htons(protocol); 838 memset(skb->cb, 0, sizeof(struct inet6_skb_parm)); 839 840 __skb_tunnel_rx(skb, t->dev, t->net); 841 842 err = dscp_ecn_decapsulate(t, ipv6h, skb); 843 if (unlikely(err)) { 844 if (log_ecn_error) 845 net_info_ratelimited("non-ECT from %pI6 with dsfield=%#x\n", 846 &ipv6h->saddr, 847 ipv6_get_dsfield(ipv6h)); 848 if (err > 1) { 849 ++t->dev->stats.rx_frame_errors; 850 ++t->dev->stats.rx_errors; 851 rcu_read_unlock(); 852 goto discard; 853 } 854 } 855 856 tstats = this_cpu_ptr(t->dev->tstats); 857 u64_stats_update_begin(&tstats->syncp); 858 tstats->rx_packets++; 859 tstats->rx_bytes += skb->len; 860 u64_stats_update_end(&tstats->syncp); 861 862 netif_rx(skb); 863 864 rcu_read_unlock(); 865 return 0; 866 } 867 rcu_read_unlock(); 868 return 1; 869 870 discard: 871 kfree_skb(skb); 872 return 0; 873 } 874 875 static int ip4ip6_rcv(struct sk_buff *skb) 876 { 877 return ip6_tnl_rcv(skb, ETH_P_IP, IPPROTO_IPIP, 878 ip4ip6_dscp_ecn_decapsulate); 879 } 880 881 static int ip6ip6_rcv(struct sk_buff *skb) 882 { 883 return ip6_tnl_rcv(skb, ETH_P_IPV6, IPPROTO_IPV6, 884 ip6ip6_dscp_ecn_decapsulate); 885 } 886 887 struct ipv6_tel_txoption { 888 struct ipv6_txoptions ops; 889 __u8 dst_opt[8]; 890 }; 891 892 static void init_tel_txopt(struct ipv6_tel_txoption *opt, __u8 encap_limit) 893 { 894 memset(opt, 0, sizeof(struct ipv6_tel_txoption)); 895 896 opt->dst_opt[2] = IPV6_TLV_TNL_ENCAP_LIMIT; 897 opt->dst_opt[3] = 1; 898 opt->dst_opt[4] = encap_limit; 899 opt->dst_opt[5] = IPV6_TLV_PADN; 900 opt->dst_opt[6] = 1; 901 902 opt->ops.dst0opt = (struct ipv6_opt_hdr *) opt->dst_opt; 903 opt->ops.opt_nflen = 8; 904 } 905 906 /** 907 * ip6_tnl_addr_conflict - compare packet addresses to tunnel's own 908 * @t: the outgoing tunnel device 909 * @hdr: IPv6 header from the incoming packet 910 * 911 * Description: 912 * Avoid trivial tunneling loop by checking that tunnel exit-point 913 * doesn't match source of incoming packet. 914 * 915 * Return: 916 * 1 if conflict, 917 * 0 else 918 **/ 919 920 static inline bool 921 ip6_tnl_addr_conflict(const struct ip6_tnl *t, const struct ipv6hdr *hdr) 922 { 923 return ipv6_addr_equal(&t->parms.raddr, &hdr->saddr); 924 } 925 926 int ip6_tnl_xmit_ctl(struct ip6_tnl *t, 927 const struct in6_addr *laddr, 928 const struct in6_addr *raddr) 929 { 930 struct __ip6_tnl_parm *p = &t->parms; 931 int ret = 0; 932 struct net *net = t->net; 933 934 if ((p->flags & IP6_TNL_F_CAP_XMIT) || 935 ((p->flags & IP6_TNL_F_CAP_PER_PACKET) && 936 (ip6_tnl_get_cap(t, laddr, raddr) & IP6_TNL_F_CAP_XMIT))) { 937 struct net_device *ldev = NULL; 938 939 rcu_read_lock(); 940 if (p->link) 941 ldev = dev_get_by_index_rcu(net, p->link); 942 943 if (unlikely(!ipv6_chk_addr(net, laddr, ldev, 0))) 944 pr_warn("%s xmit: Local address not yet configured!\n", 945 p->name); 946 else if (!ipv6_addr_is_multicast(raddr) && 947 unlikely(ipv6_chk_addr(net, raddr, NULL, 0))) 948 pr_warn("%s xmit: Routing loop! Remote address found on this node!\n", 949 p->name); 950 else 951 ret = 1; 952 rcu_read_unlock(); 953 } 954 return ret; 955 } 956 EXPORT_SYMBOL_GPL(ip6_tnl_xmit_ctl); 957 958 /** 959 * ip6_tnl_xmit2 - encapsulate packet and send 960 * @skb: the outgoing socket buffer 961 * @dev: the outgoing tunnel device 962 * @dsfield: dscp code for outer header 963 * @fl: flow of tunneled packet 964 * @encap_limit: encapsulation limit 965 * @pmtu: Path MTU is stored if packet is too big 966 * 967 * Description: 968 * Build new header and do some sanity checks on the packet before sending 969 * it. 970 * 971 * Return: 972 * 0 on success 973 * -1 fail 974 * %-EMSGSIZE message too big. return mtu in this case. 975 **/ 976 977 static int ip6_tnl_xmit2(struct sk_buff *skb, 978 struct net_device *dev, 979 __u8 dsfield, 980 struct flowi6 *fl6, 981 int encap_limit, 982 __u32 *pmtu) 983 { 984 struct ip6_tnl *t = netdev_priv(dev); 985 struct net *net = t->net; 986 struct net_device_stats *stats = &t->dev->stats; 987 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 988 struct ipv6_tel_txoption opt; 989 struct dst_entry *dst = NULL, *ndst = NULL; 990 struct net_device *tdev; 991 int mtu; 992 unsigned int max_headroom = sizeof(struct ipv6hdr); 993 u8 proto; 994 int err = -1; 995 996 /* NBMA tunnel */ 997 if (ipv6_addr_any(&t->parms.raddr)) { 998 struct in6_addr *addr6; 999 struct neighbour *neigh; 1000 int addr_type; 1001 1002 if (!skb_dst(skb)) 1003 goto tx_err_link_failure; 1004 1005 neigh = dst_neigh_lookup(skb_dst(skb), 1006 &ipv6_hdr(skb)->daddr); 1007 if (!neigh) 1008 goto tx_err_link_failure; 1009 1010 addr6 = (struct in6_addr *)&neigh->primary_key; 1011 addr_type = ipv6_addr_type(addr6); 1012 1013 if (addr_type == IPV6_ADDR_ANY) 1014 addr6 = &ipv6_hdr(skb)->daddr; 1015 1016 memcpy(&fl6->daddr, addr6, sizeof(fl6->daddr)); 1017 neigh_release(neigh); 1018 } else if (!fl6->flowi6_mark) 1019 dst = ip6_tnl_dst_check(t); 1020 1021 if (!ip6_tnl_xmit_ctl(t, &fl6->saddr, &fl6->daddr)) 1022 goto tx_err_link_failure; 1023 1024 if (!dst) { 1025 ndst = ip6_route_output(net, NULL, fl6); 1026 1027 if (ndst->error) 1028 goto tx_err_link_failure; 1029 ndst = xfrm_lookup(net, ndst, flowi6_to_flowi(fl6), NULL, 0); 1030 if (IS_ERR(ndst)) { 1031 err = PTR_ERR(ndst); 1032 ndst = NULL; 1033 goto tx_err_link_failure; 1034 } 1035 dst = ndst; 1036 } 1037 1038 tdev = dst->dev; 1039 1040 if (tdev == dev) { 1041 stats->collisions++; 1042 net_warn_ratelimited("%s: Local routing loop detected!\n", 1043 t->parms.name); 1044 goto tx_err_dst_release; 1045 } 1046 mtu = dst_mtu(dst) - sizeof(*ipv6h); 1047 if (encap_limit >= 0) { 1048 max_headroom += 8; 1049 mtu -= 8; 1050 } 1051 if (mtu < IPV6_MIN_MTU) 1052 mtu = IPV6_MIN_MTU; 1053 if (skb_dst(skb)) 1054 skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu); 1055 if (skb->len > mtu) { 1056 *pmtu = mtu; 1057 err = -EMSGSIZE; 1058 goto tx_err_dst_release; 1059 } 1060 1061 skb_scrub_packet(skb, !net_eq(t->net, dev_net(dev))); 1062 1063 /* 1064 * Okay, now see if we can stuff it in the buffer as-is. 1065 */ 1066 max_headroom += LL_RESERVED_SPACE(tdev); 1067 1068 if (skb_headroom(skb) < max_headroom || skb_shared(skb) || 1069 (skb_cloned(skb) && !skb_clone_writable(skb, 0))) { 1070 struct sk_buff *new_skb; 1071 1072 new_skb = skb_realloc_headroom(skb, max_headroom); 1073 if (!new_skb) 1074 goto tx_err_dst_release; 1075 1076 if (skb->sk) 1077 skb_set_owner_w(new_skb, skb->sk); 1078 consume_skb(skb); 1079 skb = new_skb; 1080 } 1081 if (fl6->flowi6_mark) { 1082 skb_dst_set(skb, dst); 1083 ndst = NULL; 1084 } else { 1085 skb_dst_set_noref(skb, dst); 1086 } 1087 skb->transport_header = skb->network_header; 1088 1089 proto = fl6->flowi6_proto; 1090 if (encap_limit >= 0) { 1091 init_tel_txopt(&opt, encap_limit); 1092 ipv6_push_nfrag_opts(skb, &opt.ops, &proto, NULL); 1093 } 1094 1095 if (likely(!skb->encapsulation)) { 1096 skb_reset_inner_headers(skb); 1097 skb->encapsulation = 1; 1098 } 1099 1100 skb_push(skb, sizeof(struct ipv6hdr)); 1101 skb_reset_network_header(skb); 1102 ipv6h = ipv6_hdr(skb); 1103 ip6_flow_hdr(ipv6h, INET_ECN_encapsulate(0, dsfield), 1104 ip6_make_flowlabel(net, skb, fl6->flowlabel, false)); 1105 ipv6h->hop_limit = t->parms.hop_limit; 1106 ipv6h->nexthdr = proto; 1107 ipv6h->saddr = fl6->saddr; 1108 ipv6h->daddr = fl6->daddr; 1109 ip6tunnel_xmit(skb, dev); 1110 if (ndst) 1111 ip6_tnl_dst_store(t, ndst); 1112 return 0; 1113 tx_err_link_failure: 1114 stats->tx_carrier_errors++; 1115 dst_link_failure(skb); 1116 tx_err_dst_release: 1117 dst_release(ndst); 1118 return err; 1119 } 1120 1121 static inline int 1122 ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) 1123 { 1124 struct ip6_tnl *t = netdev_priv(dev); 1125 const struct iphdr *iph = ip_hdr(skb); 1126 int encap_limit = -1; 1127 struct flowi6 fl6; 1128 __u8 dsfield; 1129 __u32 mtu; 1130 u8 tproto; 1131 int err; 1132 1133 tproto = ACCESS_ONCE(t->parms.proto); 1134 if (tproto != IPPROTO_IPIP && tproto != 0) 1135 return -1; 1136 1137 if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) 1138 encap_limit = t->parms.encap_limit; 1139 1140 memcpy(&fl6, &t->fl.u.ip6, sizeof(fl6)); 1141 fl6.flowi6_proto = IPPROTO_IPIP; 1142 1143 dsfield = ipv4_get_dsfield(iph); 1144 1145 if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) 1146 fl6.flowlabel |= htonl((__u32)iph->tos << IPV6_TCLASS_SHIFT) 1147 & IPV6_TCLASS_MASK; 1148 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) 1149 fl6.flowi6_mark = skb->mark; 1150 1151 err = ip6_tnl_xmit2(skb, dev, dsfield, &fl6, encap_limit, &mtu); 1152 if (err != 0) { 1153 /* XXX: send ICMP error even if DF is not set. */ 1154 if (err == -EMSGSIZE) 1155 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, 1156 htonl(mtu)); 1157 return -1; 1158 } 1159 1160 return 0; 1161 } 1162 1163 static inline int 1164 ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) 1165 { 1166 struct ip6_tnl *t = netdev_priv(dev); 1167 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 1168 int encap_limit = -1; 1169 __u16 offset; 1170 struct flowi6 fl6; 1171 __u8 dsfield; 1172 __u32 mtu; 1173 u8 tproto; 1174 int err; 1175 1176 tproto = ACCESS_ONCE(t->parms.proto); 1177 if ((tproto != IPPROTO_IPV6 && tproto != 0) || 1178 ip6_tnl_addr_conflict(t, ipv6h)) 1179 return -1; 1180 1181 offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb)); 1182 if (offset > 0) { 1183 struct ipv6_tlv_tnl_enc_lim *tel; 1184 tel = (struct ipv6_tlv_tnl_enc_lim *)&skb_network_header(skb)[offset]; 1185 if (tel->encap_limit == 0) { 1186 icmpv6_send(skb, ICMPV6_PARAMPROB, 1187 ICMPV6_HDR_FIELD, offset + 2); 1188 return -1; 1189 } 1190 encap_limit = tel->encap_limit - 1; 1191 } else if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) 1192 encap_limit = t->parms.encap_limit; 1193 1194 memcpy(&fl6, &t->fl.u.ip6, sizeof(fl6)); 1195 fl6.flowi6_proto = IPPROTO_IPV6; 1196 1197 dsfield = ipv6_get_dsfield(ipv6h); 1198 if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS) 1199 fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK); 1200 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL) 1201 fl6.flowlabel |= ip6_flowlabel(ipv6h); 1202 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK) 1203 fl6.flowi6_mark = skb->mark; 1204 1205 err = ip6_tnl_xmit2(skb, dev, dsfield, &fl6, encap_limit, &mtu); 1206 if (err != 0) { 1207 if (err == -EMSGSIZE) 1208 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu); 1209 return -1; 1210 } 1211 1212 return 0; 1213 } 1214 1215 static netdev_tx_t 1216 ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) 1217 { 1218 struct ip6_tnl *t = netdev_priv(dev); 1219 struct net_device_stats *stats = &t->dev->stats; 1220 int ret; 1221 1222 switch (skb->protocol) { 1223 case htons(ETH_P_IP): 1224 ret = ip4ip6_tnl_xmit(skb, dev); 1225 break; 1226 case htons(ETH_P_IPV6): 1227 ret = ip6ip6_tnl_xmit(skb, dev); 1228 break; 1229 default: 1230 goto tx_err; 1231 } 1232 1233 if (ret < 0) 1234 goto tx_err; 1235 1236 return NETDEV_TX_OK; 1237 1238 tx_err: 1239 stats->tx_errors++; 1240 stats->tx_dropped++; 1241 kfree_skb(skb); 1242 return NETDEV_TX_OK; 1243 } 1244 1245 static void ip6_tnl_link_config(struct ip6_tnl *t) 1246 { 1247 struct net_device *dev = t->dev; 1248 struct __ip6_tnl_parm *p = &t->parms; 1249 struct flowi6 *fl6 = &t->fl.u.ip6; 1250 1251 memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr)); 1252 memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr)); 1253 1254 /* Set up flowi template */ 1255 fl6->saddr = p->laddr; 1256 fl6->daddr = p->raddr; 1257 fl6->flowi6_oif = p->link; 1258 fl6->flowlabel = 0; 1259 1260 if (!(p->flags&IP6_TNL_F_USE_ORIG_TCLASS)) 1261 fl6->flowlabel |= IPV6_TCLASS_MASK & p->flowinfo; 1262 if (!(p->flags&IP6_TNL_F_USE_ORIG_FLOWLABEL)) 1263 fl6->flowlabel |= IPV6_FLOWLABEL_MASK & p->flowinfo; 1264 1265 p->flags &= ~(IP6_TNL_F_CAP_XMIT|IP6_TNL_F_CAP_RCV|IP6_TNL_F_CAP_PER_PACKET); 1266 p->flags |= ip6_tnl_get_cap(t, &p->laddr, &p->raddr); 1267 1268 if (p->flags&IP6_TNL_F_CAP_XMIT && p->flags&IP6_TNL_F_CAP_RCV) 1269 dev->flags |= IFF_POINTOPOINT; 1270 else 1271 dev->flags &= ~IFF_POINTOPOINT; 1272 1273 dev->iflink = p->link; 1274 1275 if (p->flags & IP6_TNL_F_CAP_XMIT) { 1276 int strict = (ipv6_addr_type(&p->raddr) & 1277 (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL)); 1278 1279 struct rt6_info *rt = rt6_lookup(t->net, 1280 &p->raddr, &p->laddr, 1281 p->link, strict); 1282 1283 if (rt == NULL) 1284 return; 1285 1286 if (rt->dst.dev) { 1287 dev->hard_header_len = rt->dst.dev->hard_header_len + 1288 sizeof(struct ipv6hdr); 1289 1290 dev->mtu = rt->dst.dev->mtu - sizeof(struct ipv6hdr); 1291 if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) 1292 dev->mtu -= 8; 1293 1294 if (dev->mtu < IPV6_MIN_MTU) 1295 dev->mtu = IPV6_MIN_MTU; 1296 } 1297 ip6_rt_put(rt); 1298 } 1299 } 1300 1301 /** 1302 * ip6_tnl_change - update the tunnel parameters 1303 * @t: tunnel to be changed 1304 * @p: tunnel configuration parameters 1305 * 1306 * Description: 1307 * ip6_tnl_change() updates the tunnel parameters 1308 **/ 1309 1310 static int 1311 ip6_tnl_change(struct ip6_tnl *t, const struct __ip6_tnl_parm *p) 1312 { 1313 t->parms.laddr = p->laddr; 1314 t->parms.raddr = p->raddr; 1315 t->parms.flags = p->flags; 1316 t->parms.hop_limit = p->hop_limit; 1317 t->parms.encap_limit = p->encap_limit; 1318 t->parms.flowinfo = p->flowinfo; 1319 t->parms.link = p->link; 1320 t->parms.proto = p->proto; 1321 ip6_tnl_dst_reset(t); 1322 ip6_tnl_link_config(t); 1323 return 0; 1324 } 1325 1326 static int ip6_tnl_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p) 1327 { 1328 struct net *net = t->net; 1329 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1330 int err; 1331 1332 ip6_tnl_unlink(ip6n, t); 1333 synchronize_net(); 1334 err = ip6_tnl_change(t, p); 1335 ip6_tnl_link(ip6n, t); 1336 netdev_state_change(t->dev); 1337 return err; 1338 } 1339 1340 static int ip6_tnl0_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p) 1341 { 1342 /* for default tnl0 device allow to change only the proto */ 1343 t->parms.proto = p->proto; 1344 netdev_state_change(t->dev); 1345 return 0; 1346 } 1347 1348 static void 1349 ip6_tnl_parm_from_user(struct __ip6_tnl_parm *p, const struct ip6_tnl_parm *u) 1350 { 1351 p->laddr = u->laddr; 1352 p->raddr = u->raddr; 1353 p->flags = u->flags; 1354 p->hop_limit = u->hop_limit; 1355 p->encap_limit = u->encap_limit; 1356 p->flowinfo = u->flowinfo; 1357 p->link = u->link; 1358 p->proto = u->proto; 1359 memcpy(p->name, u->name, sizeof(u->name)); 1360 } 1361 1362 static void 1363 ip6_tnl_parm_to_user(struct ip6_tnl_parm *u, const struct __ip6_tnl_parm *p) 1364 { 1365 u->laddr = p->laddr; 1366 u->raddr = p->raddr; 1367 u->flags = p->flags; 1368 u->hop_limit = p->hop_limit; 1369 u->encap_limit = p->encap_limit; 1370 u->flowinfo = p->flowinfo; 1371 u->link = p->link; 1372 u->proto = p->proto; 1373 memcpy(u->name, p->name, sizeof(u->name)); 1374 } 1375 1376 /** 1377 * ip6_tnl_ioctl - configure ipv6 tunnels from userspace 1378 * @dev: virtual device associated with tunnel 1379 * @ifr: parameters passed from userspace 1380 * @cmd: command to be performed 1381 * 1382 * Description: 1383 * ip6_tnl_ioctl() is used for managing IPv6 tunnels 1384 * from userspace. 1385 * 1386 * The possible commands are the following: 1387 * %SIOCGETTUNNEL: get tunnel parameters for device 1388 * %SIOCADDTUNNEL: add tunnel matching given tunnel parameters 1389 * %SIOCCHGTUNNEL: change tunnel parameters to those given 1390 * %SIOCDELTUNNEL: delete tunnel 1391 * 1392 * The fallback device "ip6tnl0", created during module 1393 * initialization, can be used for creating other tunnel devices. 1394 * 1395 * Return: 1396 * 0 on success, 1397 * %-EFAULT if unable to copy data to or from userspace, 1398 * %-EPERM if current process hasn't %CAP_NET_ADMIN set 1399 * %-EINVAL if passed tunnel parameters are invalid, 1400 * %-EEXIST if changing a tunnel's parameters would cause a conflict 1401 * %-ENODEV if attempting to change or delete a nonexisting device 1402 **/ 1403 1404 static int 1405 ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) 1406 { 1407 int err = 0; 1408 struct ip6_tnl_parm p; 1409 struct __ip6_tnl_parm p1; 1410 struct ip6_tnl *t = netdev_priv(dev); 1411 struct net *net = t->net; 1412 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1413 1414 switch (cmd) { 1415 case SIOCGETTUNNEL: 1416 if (dev == ip6n->fb_tnl_dev) { 1417 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) { 1418 err = -EFAULT; 1419 break; 1420 } 1421 ip6_tnl_parm_from_user(&p1, &p); 1422 t = ip6_tnl_locate(net, &p1, 0); 1423 if (t == NULL) 1424 t = netdev_priv(dev); 1425 } else { 1426 memset(&p, 0, sizeof(p)); 1427 } 1428 ip6_tnl_parm_to_user(&p, &t->parms); 1429 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) { 1430 err = -EFAULT; 1431 } 1432 break; 1433 case SIOCADDTUNNEL: 1434 case SIOCCHGTUNNEL: 1435 err = -EPERM; 1436 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1437 break; 1438 err = -EFAULT; 1439 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 1440 break; 1441 err = -EINVAL; 1442 if (p.proto != IPPROTO_IPV6 && p.proto != IPPROTO_IPIP && 1443 p.proto != 0) 1444 break; 1445 ip6_tnl_parm_from_user(&p1, &p); 1446 t = ip6_tnl_locate(net, &p1, cmd == SIOCADDTUNNEL); 1447 if (cmd == SIOCCHGTUNNEL) { 1448 if (t != NULL) { 1449 if (t->dev != dev) { 1450 err = -EEXIST; 1451 break; 1452 } 1453 } else 1454 t = netdev_priv(dev); 1455 if (dev == ip6n->fb_tnl_dev) 1456 err = ip6_tnl0_update(t, &p1); 1457 else 1458 err = ip6_tnl_update(t, &p1); 1459 } 1460 if (t) { 1461 err = 0; 1462 ip6_tnl_parm_to_user(&p, &t->parms); 1463 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) 1464 err = -EFAULT; 1465 1466 } else 1467 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT); 1468 break; 1469 case SIOCDELTUNNEL: 1470 err = -EPERM; 1471 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 1472 break; 1473 1474 if (dev == ip6n->fb_tnl_dev) { 1475 err = -EFAULT; 1476 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 1477 break; 1478 err = -ENOENT; 1479 ip6_tnl_parm_from_user(&p1, &p); 1480 t = ip6_tnl_locate(net, &p1, 0); 1481 if (t == NULL) 1482 break; 1483 err = -EPERM; 1484 if (t->dev == ip6n->fb_tnl_dev) 1485 break; 1486 dev = t->dev; 1487 } 1488 err = 0; 1489 unregister_netdevice(dev); 1490 break; 1491 default: 1492 err = -EINVAL; 1493 } 1494 return err; 1495 } 1496 1497 /** 1498 * ip6_tnl_change_mtu - change mtu manually for tunnel device 1499 * @dev: virtual device associated with tunnel 1500 * @new_mtu: the new mtu 1501 * 1502 * Return: 1503 * 0 on success, 1504 * %-EINVAL if mtu too small 1505 **/ 1506 1507 static int 1508 ip6_tnl_change_mtu(struct net_device *dev, int new_mtu) 1509 { 1510 struct ip6_tnl *tnl = netdev_priv(dev); 1511 1512 if (tnl->parms.proto == IPPROTO_IPIP) { 1513 if (new_mtu < 68) 1514 return -EINVAL; 1515 } else { 1516 if (new_mtu < IPV6_MIN_MTU) 1517 return -EINVAL; 1518 } 1519 if (new_mtu > 0xFFF8 - dev->hard_header_len) 1520 return -EINVAL; 1521 dev->mtu = new_mtu; 1522 return 0; 1523 } 1524 1525 1526 static const struct net_device_ops ip6_tnl_netdev_ops = { 1527 .ndo_init = ip6_tnl_dev_init, 1528 .ndo_uninit = ip6_tnl_dev_uninit, 1529 .ndo_start_xmit = ip6_tnl_xmit, 1530 .ndo_do_ioctl = ip6_tnl_ioctl, 1531 .ndo_change_mtu = ip6_tnl_change_mtu, 1532 .ndo_get_stats = ip6_get_stats, 1533 }; 1534 1535 1536 /** 1537 * ip6_tnl_dev_setup - setup virtual tunnel device 1538 * @dev: virtual device associated with tunnel 1539 * 1540 * Description: 1541 * Initialize function pointers and device parameters 1542 **/ 1543 1544 static void ip6_tnl_dev_setup(struct net_device *dev) 1545 { 1546 struct ip6_tnl *t; 1547 1548 dev->netdev_ops = &ip6_tnl_netdev_ops; 1549 dev->destructor = ip6_dev_free; 1550 1551 dev->type = ARPHRD_TUNNEL6; 1552 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct ipv6hdr); 1553 dev->mtu = ETH_DATA_LEN - sizeof(struct ipv6hdr); 1554 t = netdev_priv(dev); 1555 if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) 1556 dev->mtu -= 8; 1557 dev->flags |= IFF_NOARP; 1558 dev->addr_len = sizeof(struct in6_addr); 1559 netif_keep_dst(dev); 1560 /* This perm addr will be used as interface identifier by IPv6 */ 1561 dev->addr_assign_type = NET_ADDR_RANDOM; 1562 eth_random_addr(dev->perm_addr); 1563 } 1564 1565 1566 /** 1567 * ip6_tnl_dev_init_gen - general initializer for all tunnel devices 1568 * @dev: virtual device associated with tunnel 1569 **/ 1570 1571 static inline int 1572 ip6_tnl_dev_init_gen(struct net_device *dev) 1573 { 1574 struct ip6_tnl *t = netdev_priv(dev); 1575 1576 t->dev = dev; 1577 t->net = dev_net(dev); 1578 dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats); 1579 if (!dev->tstats) 1580 return -ENOMEM; 1581 return 0; 1582 } 1583 1584 /** 1585 * ip6_tnl_dev_init - initializer for all non fallback tunnel devices 1586 * @dev: virtual device associated with tunnel 1587 **/ 1588 1589 static int ip6_tnl_dev_init(struct net_device *dev) 1590 { 1591 struct ip6_tnl *t = netdev_priv(dev); 1592 int err = ip6_tnl_dev_init_gen(dev); 1593 1594 if (err) 1595 return err; 1596 ip6_tnl_link_config(t); 1597 return 0; 1598 } 1599 1600 /** 1601 * ip6_fb_tnl_dev_init - initializer for fallback tunnel device 1602 * @dev: fallback device 1603 * 1604 * Return: 0 1605 **/ 1606 1607 static int __net_init ip6_fb_tnl_dev_init(struct net_device *dev) 1608 { 1609 struct ip6_tnl *t = netdev_priv(dev); 1610 struct net *net = dev_net(dev); 1611 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1612 1613 t->parms.proto = IPPROTO_IPV6; 1614 dev_hold(dev); 1615 1616 rcu_assign_pointer(ip6n->tnls_wc[0], t); 1617 return 0; 1618 } 1619 1620 static int ip6_tnl_validate(struct nlattr *tb[], struct nlattr *data[]) 1621 { 1622 u8 proto; 1623 1624 if (!data || !data[IFLA_IPTUN_PROTO]) 1625 return 0; 1626 1627 proto = nla_get_u8(data[IFLA_IPTUN_PROTO]); 1628 if (proto != IPPROTO_IPV6 && 1629 proto != IPPROTO_IPIP && 1630 proto != 0) 1631 return -EINVAL; 1632 1633 return 0; 1634 } 1635 1636 static void ip6_tnl_netlink_parms(struct nlattr *data[], 1637 struct __ip6_tnl_parm *parms) 1638 { 1639 memset(parms, 0, sizeof(*parms)); 1640 1641 if (!data) 1642 return; 1643 1644 if (data[IFLA_IPTUN_LINK]) 1645 parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]); 1646 1647 if (data[IFLA_IPTUN_LOCAL]) 1648 nla_memcpy(&parms->laddr, data[IFLA_IPTUN_LOCAL], 1649 sizeof(struct in6_addr)); 1650 1651 if (data[IFLA_IPTUN_REMOTE]) 1652 nla_memcpy(&parms->raddr, data[IFLA_IPTUN_REMOTE], 1653 sizeof(struct in6_addr)); 1654 1655 if (data[IFLA_IPTUN_TTL]) 1656 parms->hop_limit = nla_get_u8(data[IFLA_IPTUN_TTL]); 1657 1658 if (data[IFLA_IPTUN_ENCAP_LIMIT]) 1659 parms->encap_limit = nla_get_u8(data[IFLA_IPTUN_ENCAP_LIMIT]); 1660 1661 if (data[IFLA_IPTUN_FLOWINFO]) 1662 parms->flowinfo = nla_get_be32(data[IFLA_IPTUN_FLOWINFO]); 1663 1664 if (data[IFLA_IPTUN_FLAGS]) 1665 parms->flags = nla_get_u32(data[IFLA_IPTUN_FLAGS]); 1666 1667 if (data[IFLA_IPTUN_PROTO]) 1668 parms->proto = nla_get_u8(data[IFLA_IPTUN_PROTO]); 1669 } 1670 1671 static int ip6_tnl_newlink(struct net *src_net, struct net_device *dev, 1672 struct nlattr *tb[], struct nlattr *data[]) 1673 { 1674 struct net *net = dev_net(dev); 1675 struct ip6_tnl *nt; 1676 1677 nt = netdev_priv(dev); 1678 ip6_tnl_netlink_parms(data, &nt->parms); 1679 1680 if (ip6_tnl_locate(net, &nt->parms, 0)) 1681 return -EEXIST; 1682 1683 return ip6_tnl_create2(dev); 1684 } 1685 1686 static int ip6_tnl_changelink(struct net_device *dev, struct nlattr *tb[], 1687 struct nlattr *data[]) 1688 { 1689 struct ip6_tnl *t = netdev_priv(dev); 1690 struct __ip6_tnl_parm p; 1691 struct net *net = t->net; 1692 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1693 1694 if (dev == ip6n->fb_tnl_dev) 1695 return -EINVAL; 1696 1697 ip6_tnl_netlink_parms(data, &p); 1698 1699 t = ip6_tnl_locate(net, &p, 0); 1700 1701 if (t) { 1702 if (t->dev != dev) 1703 return -EEXIST; 1704 } else 1705 t = netdev_priv(dev); 1706 1707 return ip6_tnl_update(t, &p); 1708 } 1709 1710 static void ip6_tnl_dellink(struct net_device *dev, struct list_head *head) 1711 { 1712 struct net *net = dev_net(dev); 1713 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1714 1715 if (dev != ip6n->fb_tnl_dev) 1716 unregister_netdevice_queue(dev, head); 1717 } 1718 1719 static size_t ip6_tnl_get_size(const struct net_device *dev) 1720 { 1721 return 1722 /* IFLA_IPTUN_LINK */ 1723 nla_total_size(4) + 1724 /* IFLA_IPTUN_LOCAL */ 1725 nla_total_size(sizeof(struct in6_addr)) + 1726 /* IFLA_IPTUN_REMOTE */ 1727 nla_total_size(sizeof(struct in6_addr)) + 1728 /* IFLA_IPTUN_TTL */ 1729 nla_total_size(1) + 1730 /* IFLA_IPTUN_ENCAP_LIMIT */ 1731 nla_total_size(1) + 1732 /* IFLA_IPTUN_FLOWINFO */ 1733 nla_total_size(4) + 1734 /* IFLA_IPTUN_FLAGS */ 1735 nla_total_size(4) + 1736 /* IFLA_IPTUN_PROTO */ 1737 nla_total_size(1) + 1738 0; 1739 } 1740 1741 static int ip6_tnl_fill_info(struct sk_buff *skb, const struct net_device *dev) 1742 { 1743 struct ip6_tnl *tunnel = netdev_priv(dev); 1744 struct __ip6_tnl_parm *parm = &tunnel->parms; 1745 1746 if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) || 1747 nla_put(skb, IFLA_IPTUN_LOCAL, sizeof(struct in6_addr), 1748 &parm->laddr) || 1749 nla_put(skb, IFLA_IPTUN_REMOTE, sizeof(struct in6_addr), 1750 &parm->raddr) || 1751 nla_put_u8(skb, IFLA_IPTUN_TTL, parm->hop_limit) || 1752 nla_put_u8(skb, IFLA_IPTUN_ENCAP_LIMIT, parm->encap_limit) || 1753 nla_put_be32(skb, IFLA_IPTUN_FLOWINFO, parm->flowinfo) || 1754 nla_put_u32(skb, IFLA_IPTUN_FLAGS, parm->flags) || 1755 nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->proto)) 1756 goto nla_put_failure; 1757 return 0; 1758 1759 nla_put_failure: 1760 return -EMSGSIZE; 1761 } 1762 1763 struct net *ip6_tnl_get_link_net(const struct net_device *dev) 1764 { 1765 struct ip6_tnl *tunnel = netdev_priv(dev); 1766 1767 return tunnel->net; 1768 } 1769 EXPORT_SYMBOL(ip6_tnl_get_link_net); 1770 1771 static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { 1772 [IFLA_IPTUN_LINK] = { .type = NLA_U32 }, 1773 [IFLA_IPTUN_LOCAL] = { .len = sizeof(struct in6_addr) }, 1774 [IFLA_IPTUN_REMOTE] = { .len = sizeof(struct in6_addr) }, 1775 [IFLA_IPTUN_TTL] = { .type = NLA_U8 }, 1776 [IFLA_IPTUN_ENCAP_LIMIT] = { .type = NLA_U8 }, 1777 [IFLA_IPTUN_FLOWINFO] = { .type = NLA_U32 }, 1778 [IFLA_IPTUN_FLAGS] = { .type = NLA_U32 }, 1779 [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, 1780 }; 1781 1782 static struct rtnl_link_ops ip6_link_ops __read_mostly = { 1783 .kind = "ip6tnl", 1784 .maxtype = IFLA_IPTUN_MAX, 1785 .policy = ip6_tnl_policy, 1786 .priv_size = sizeof(struct ip6_tnl), 1787 .setup = ip6_tnl_dev_setup, 1788 .validate = ip6_tnl_validate, 1789 .newlink = ip6_tnl_newlink, 1790 .changelink = ip6_tnl_changelink, 1791 .dellink = ip6_tnl_dellink, 1792 .get_size = ip6_tnl_get_size, 1793 .fill_info = ip6_tnl_fill_info, 1794 .get_link_net = ip6_tnl_get_link_net, 1795 }; 1796 1797 static struct xfrm6_tunnel ip4ip6_handler __read_mostly = { 1798 .handler = ip4ip6_rcv, 1799 .err_handler = ip4ip6_err, 1800 .priority = 1, 1801 }; 1802 1803 static struct xfrm6_tunnel ip6ip6_handler __read_mostly = { 1804 .handler = ip6ip6_rcv, 1805 .err_handler = ip6ip6_err, 1806 .priority = 1, 1807 }; 1808 1809 static void __net_exit ip6_tnl_destroy_tunnels(struct net *net) 1810 { 1811 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1812 struct net_device *dev, *aux; 1813 int h; 1814 struct ip6_tnl *t; 1815 LIST_HEAD(list); 1816 1817 for_each_netdev_safe(net, dev, aux) 1818 if (dev->rtnl_link_ops == &ip6_link_ops) 1819 unregister_netdevice_queue(dev, &list); 1820 1821 for (h = 0; h < HASH_SIZE; h++) { 1822 t = rtnl_dereference(ip6n->tnls_r_l[h]); 1823 while (t != NULL) { 1824 /* If dev is in the same netns, it has already 1825 * been added to the list by the previous loop. 1826 */ 1827 if (!net_eq(dev_net(t->dev), net)) 1828 unregister_netdevice_queue(t->dev, &list); 1829 t = rtnl_dereference(t->next); 1830 } 1831 } 1832 1833 unregister_netdevice_many(&list); 1834 } 1835 1836 static int __net_init ip6_tnl_init_net(struct net *net) 1837 { 1838 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); 1839 struct ip6_tnl *t = NULL; 1840 int err; 1841 1842 ip6n->tnls[0] = ip6n->tnls_wc; 1843 ip6n->tnls[1] = ip6n->tnls_r_l; 1844 1845 err = -ENOMEM; 1846 ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6tnl0", 1847 NET_NAME_UNKNOWN, ip6_tnl_dev_setup); 1848 1849 if (!ip6n->fb_tnl_dev) 1850 goto err_alloc_dev; 1851 dev_net_set(ip6n->fb_tnl_dev, net); 1852 ip6n->fb_tnl_dev->rtnl_link_ops = &ip6_link_ops; 1853 /* FB netdevice is special: we have one, and only one per netns. 1854 * Allowing to move it to another netns is clearly unsafe. 1855 */ 1856 ip6n->fb_tnl_dev->features |= NETIF_F_NETNS_LOCAL; 1857 1858 err = ip6_fb_tnl_dev_init(ip6n->fb_tnl_dev); 1859 if (err < 0) 1860 goto err_register; 1861 1862 err = register_netdev(ip6n->fb_tnl_dev); 1863 if (err < 0) 1864 goto err_register; 1865 1866 t = netdev_priv(ip6n->fb_tnl_dev); 1867 1868 strcpy(t->parms.name, ip6n->fb_tnl_dev->name); 1869 return 0; 1870 1871 err_register: 1872 ip6_dev_free(ip6n->fb_tnl_dev); 1873 err_alloc_dev: 1874 return err; 1875 } 1876 1877 static void __net_exit ip6_tnl_exit_net(struct net *net) 1878 { 1879 rtnl_lock(); 1880 ip6_tnl_destroy_tunnels(net); 1881 rtnl_unlock(); 1882 } 1883 1884 static struct pernet_operations ip6_tnl_net_ops = { 1885 .init = ip6_tnl_init_net, 1886 .exit = ip6_tnl_exit_net, 1887 .id = &ip6_tnl_net_id, 1888 .size = sizeof(struct ip6_tnl_net), 1889 }; 1890 1891 /** 1892 * ip6_tunnel_init - register protocol and reserve needed resources 1893 * 1894 * Return: 0 on success 1895 **/ 1896 1897 static int __init ip6_tunnel_init(void) 1898 { 1899 int err; 1900 1901 err = register_pernet_device(&ip6_tnl_net_ops); 1902 if (err < 0) 1903 goto out_pernet; 1904 1905 err = xfrm6_tunnel_register(&ip4ip6_handler, AF_INET); 1906 if (err < 0) { 1907 pr_err("%s: can't register ip4ip6\n", __func__); 1908 goto out_ip4ip6; 1909 } 1910 1911 err = xfrm6_tunnel_register(&ip6ip6_handler, AF_INET6); 1912 if (err < 0) { 1913 pr_err("%s: can't register ip6ip6\n", __func__); 1914 goto out_ip6ip6; 1915 } 1916 err = rtnl_link_register(&ip6_link_ops); 1917 if (err < 0) 1918 goto rtnl_link_failed; 1919 1920 return 0; 1921 1922 rtnl_link_failed: 1923 xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6); 1924 out_ip6ip6: 1925 xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET); 1926 out_ip4ip6: 1927 unregister_pernet_device(&ip6_tnl_net_ops); 1928 out_pernet: 1929 return err; 1930 } 1931 1932 /** 1933 * ip6_tunnel_cleanup - free resources and unregister protocol 1934 **/ 1935 1936 static void __exit ip6_tunnel_cleanup(void) 1937 { 1938 rtnl_link_unregister(&ip6_link_ops); 1939 if (xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET)) 1940 pr_info("%s: can't deregister ip4ip6\n", __func__); 1941 1942 if (xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6)) 1943 pr_info("%s: can't deregister ip6ip6\n", __func__); 1944 1945 unregister_pernet_device(&ip6_tnl_net_ops); 1946 } 1947 1948 module_init(ip6_tunnel_init); 1949 module_exit(ip6_tunnel_cleanup); 1950