xref: /openbmc/linux/net/ipv6/ip6_vti.c (revision 31b90347)
1 /*
2  *	IPv6 virtual tunneling interface
3  *
4  *	Copyright (C) 2013 secunet Security Networks AG
5  *
6  *	Author:
7  *	Steffen Klassert <steffen.klassert@secunet.com>
8  *
9  *	Based on:
10  *	net/ipv6/ip6_tunnel.c
11  *
12  *	This program is free software; you can redistribute it and/or
13  *	modify it under the terms of the GNU General Public License
14  *	as published by the Free Software Foundation; either version
15  *	2 of the License, or (at your option) any later version.
16  */
17 
18 #include <linux/module.h>
19 #include <linux/capability.h>
20 #include <linux/errno.h>
21 #include <linux/types.h>
22 #include <linux/sockios.h>
23 #include <linux/icmp.h>
24 #include <linux/if.h>
25 #include <linux/in.h>
26 #include <linux/ip.h>
27 #include <linux/if_tunnel.h>
28 #include <linux/net.h>
29 #include <linux/in6.h>
30 #include <linux/netdevice.h>
31 #include <linux/if_arp.h>
32 #include <linux/icmpv6.h>
33 #include <linux/init.h>
34 #include <linux/route.h>
35 #include <linux/rtnetlink.h>
36 #include <linux/netfilter_ipv6.h>
37 #include <linux/slab.h>
38 #include <linux/hash.h>
39 
40 #include <linux/uaccess.h>
41 #include <linux/atomic.h>
42 
43 #include <net/icmp.h>
44 #include <net/ip.h>
45 #include <net/ip_tunnels.h>
46 #include <net/ipv6.h>
47 #include <net/ip6_route.h>
48 #include <net/addrconf.h>
49 #include <net/ip6_tunnel.h>
50 #include <net/xfrm.h>
51 #include <net/net_namespace.h>
52 #include <net/netns/generic.h>
53 
54 #define HASH_SIZE_SHIFT  5
55 #define HASH_SIZE (1 << HASH_SIZE_SHIFT)
56 
57 static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
58 {
59 	u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2);
60 
61 	return hash_32(hash, HASH_SIZE_SHIFT);
62 }
63 
64 static int vti6_dev_init(struct net_device *dev);
65 static void vti6_dev_setup(struct net_device *dev);
66 static struct rtnl_link_ops vti6_link_ops __read_mostly;
67 
68 static int vti6_net_id __read_mostly;
69 struct vti6_net {
70 	/* the vti6 tunnel fallback device */
71 	struct net_device *fb_tnl_dev;
72 	/* lists for storing tunnels in use */
73 	struct ip6_tnl __rcu *tnls_r_l[HASH_SIZE];
74 	struct ip6_tnl __rcu *tnls_wc[1];
75 	struct ip6_tnl __rcu **tnls[2];
76 };
77 
78 #define for_each_vti6_tunnel_rcu(start) \
79 	for (t = rcu_dereference(start); t; t = rcu_dereference(t->next))
80 
81 /**
82  * vti6_tnl_lookup - fetch tunnel matching the end-point addresses
83  *   @net: network namespace
84  *   @remote: the address of the tunnel exit-point
85  *   @local: the address of the tunnel entry-point
86  *
87  * Return:
88  *   tunnel matching given end-points if found,
89  *   else fallback tunnel if its device is up,
90  *   else %NULL
91  **/
92 static struct ip6_tnl *
93 vti6_tnl_lookup(struct net *net, const struct in6_addr *remote,
94 		const struct in6_addr *local)
95 {
96 	unsigned int hash = HASH(remote, local);
97 	struct ip6_tnl *t;
98 	struct vti6_net *ip6n = net_generic(net, vti6_net_id);
99 
100 	for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
101 		if (ipv6_addr_equal(local, &t->parms.laddr) &&
102 		    ipv6_addr_equal(remote, &t->parms.raddr) &&
103 		    (t->dev->flags & IFF_UP))
104 			return t;
105 	}
106 	t = rcu_dereference(ip6n->tnls_wc[0]);
107 	if (t && (t->dev->flags & IFF_UP))
108 		return t;
109 
110 	return NULL;
111 }
112 
113 /**
114  * vti6_tnl_bucket - get head of list matching given tunnel parameters
115  *   @p: parameters containing tunnel end-points
116  *
117  * Description:
118  *   vti6_tnl_bucket() returns the head of the list matching the
119  *   &struct in6_addr entries laddr and raddr in @p.
120  *
121  * Return: head of IPv6 tunnel list
122  **/
123 static struct ip6_tnl __rcu **
124 vti6_tnl_bucket(struct vti6_net *ip6n, const struct __ip6_tnl_parm *p)
125 {
126 	const struct in6_addr *remote = &p->raddr;
127 	const struct in6_addr *local = &p->laddr;
128 	unsigned int h = 0;
129 	int prio = 0;
130 
131 	if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) {
132 		prio = 1;
133 		h = HASH(remote, local);
134 	}
135 	return &ip6n->tnls[prio][h];
136 }
137 
138 static void
139 vti6_tnl_link(struct vti6_net *ip6n, struct ip6_tnl *t)
140 {
141 	struct ip6_tnl __rcu **tp = vti6_tnl_bucket(ip6n, &t->parms);
142 
143 	rcu_assign_pointer(t->next , rtnl_dereference(*tp));
144 	rcu_assign_pointer(*tp, t);
145 }
146 
147 static void
148 vti6_tnl_unlink(struct vti6_net *ip6n, struct ip6_tnl *t)
149 {
150 	struct ip6_tnl __rcu **tp;
151 	struct ip6_tnl *iter;
152 
153 	for (tp = vti6_tnl_bucket(ip6n, &t->parms);
154 	     (iter = rtnl_dereference(*tp)) != NULL;
155 	     tp = &iter->next) {
156 		if (t == iter) {
157 			rcu_assign_pointer(*tp, t->next);
158 			break;
159 		}
160 	}
161 }
162 
163 static void vti6_dev_free(struct net_device *dev)
164 {
165 	free_percpu(dev->tstats);
166 	free_netdev(dev);
167 }
168 
169 static int vti6_tnl_create2(struct net_device *dev)
170 {
171 	struct ip6_tnl *t = netdev_priv(dev);
172 	struct net *net = dev_net(dev);
173 	struct vti6_net *ip6n = net_generic(net, vti6_net_id);
174 	int err;
175 
176 	err = vti6_dev_init(dev);
177 	if (err < 0)
178 		goto out;
179 
180 	err = register_netdevice(dev);
181 	if (err < 0)
182 		goto out;
183 
184 	strcpy(t->parms.name, dev->name);
185 	dev->rtnl_link_ops = &vti6_link_ops;
186 
187 	dev_hold(dev);
188 	vti6_tnl_link(ip6n, t);
189 
190 	return 0;
191 
192 out:
193 	return err;
194 }
195 
196 static struct ip6_tnl *vti6_tnl_create(struct net *net, struct __ip6_tnl_parm *p)
197 {
198 	struct net_device *dev;
199 	struct ip6_tnl *t;
200 	char name[IFNAMSIZ];
201 	int err;
202 
203 	if (p->name[0])
204 		strlcpy(name, p->name, IFNAMSIZ);
205 	else
206 		sprintf(name, "ip6_vti%%d");
207 
208 	dev = alloc_netdev(sizeof(*t), name, vti6_dev_setup);
209 	if (dev == NULL)
210 		goto failed;
211 
212 	dev_net_set(dev, net);
213 
214 	t = netdev_priv(dev);
215 	t->parms = *p;
216 	t->net = dev_net(dev);
217 
218 	err = vti6_tnl_create2(dev);
219 	if (err < 0)
220 		goto failed_free;
221 
222 	return t;
223 
224 failed_free:
225 	vti6_dev_free(dev);
226 failed:
227 	return NULL;
228 }
229 
230 /**
231  * vti6_locate - find or create tunnel matching given parameters
232  *   @net: network namespace
233  *   @p: tunnel parameters
234  *   @create: != 0 if allowed to create new tunnel if no match found
235  *
236  * Description:
237  *   vti6_locate() first tries to locate an existing tunnel
238  *   based on @parms. If this is unsuccessful, but @create is set a new
239  *   tunnel device is created and registered for use.
240  *
241  * Return:
242  *   matching tunnel or NULL
243  **/
244 static struct ip6_tnl *vti6_locate(struct net *net, struct __ip6_tnl_parm *p,
245 				   int create)
246 {
247 	const struct in6_addr *remote = &p->raddr;
248 	const struct in6_addr *local = &p->laddr;
249 	struct ip6_tnl __rcu **tp;
250 	struct ip6_tnl *t;
251 	struct vti6_net *ip6n = net_generic(net, vti6_net_id);
252 
253 	for (tp = vti6_tnl_bucket(ip6n, p);
254 	     (t = rtnl_dereference(*tp)) != NULL;
255 	     tp = &t->next) {
256 		if (ipv6_addr_equal(local, &t->parms.laddr) &&
257 		    ipv6_addr_equal(remote, &t->parms.raddr))
258 			return t;
259 	}
260 	if (!create)
261 		return NULL;
262 	return vti6_tnl_create(net, p);
263 }
264 
265 /**
266  * vti6_dev_uninit - tunnel device uninitializer
267  *   @dev: the device to be destroyed
268  *
269  * Description:
270  *   vti6_dev_uninit() removes tunnel from its list
271  **/
272 static void vti6_dev_uninit(struct net_device *dev)
273 {
274 	struct ip6_tnl *t = netdev_priv(dev);
275 	struct net *net = dev_net(dev);
276 	struct vti6_net *ip6n = net_generic(net, vti6_net_id);
277 
278 	if (dev == ip6n->fb_tnl_dev)
279 		RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL);
280 	else
281 		vti6_tnl_unlink(ip6n, t);
282 	ip6_tnl_dst_reset(t);
283 	dev_put(dev);
284 }
285 
286 static int vti6_rcv(struct sk_buff *skb)
287 {
288 	struct ip6_tnl *t;
289 	const struct ipv6hdr *ipv6h = ipv6_hdr(skb);
290 
291 	rcu_read_lock();
292 
293 	if ((t = vti6_tnl_lookup(dev_net(skb->dev), &ipv6h->saddr,
294 				 &ipv6h->daddr)) != NULL) {
295 		struct pcpu_tstats *tstats;
296 
297 		if (t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) {
298 			rcu_read_unlock();
299 			goto discard;
300 		}
301 
302 		if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
303 			rcu_read_unlock();
304 			return 0;
305 		}
306 
307 		if (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr)) {
308 			t->dev->stats.rx_dropped++;
309 			rcu_read_unlock();
310 			goto discard;
311 		}
312 
313 		tstats = this_cpu_ptr(t->dev->tstats);
314 		u64_stats_update_begin(&tstats->syncp);
315 		tstats->rx_packets++;
316 		tstats->rx_bytes += skb->len;
317 		u64_stats_update_end(&tstats->syncp);
318 
319 		skb->mark = 0;
320 		secpath_reset(skb);
321 		skb->dev = t->dev;
322 
323 		rcu_read_unlock();
324 		return 0;
325 	}
326 	rcu_read_unlock();
327 	return 1;
328 
329 discard:
330 	kfree_skb(skb);
331 	return 0;
332 }
333 
334 /**
335  * vti6_addr_conflict - compare packet addresses to tunnel's own
336  *   @t: the outgoing tunnel device
337  *   @hdr: IPv6 header from the incoming packet
338  *
339  * Description:
340  *   Avoid trivial tunneling loop by checking that tunnel exit-point
341  *   doesn't match source of incoming packet.
342  *
343  * Return:
344  *   1 if conflict,
345  *   0 else
346  **/
347 static inline bool
348 vti6_addr_conflict(const struct ip6_tnl *t, const struct ipv6hdr *hdr)
349 {
350 	return ipv6_addr_equal(&t->parms.raddr, &hdr->saddr);
351 }
352 
353 /**
354  * vti6_xmit - send a packet
355  *   @skb: the outgoing socket buffer
356  *   @dev: the outgoing tunnel device
357  **/
358 static int vti6_xmit(struct sk_buff *skb, struct net_device *dev)
359 {
360 	struct net *net = dev_net(dev);
361 	struct ip6_tnl *t = netdev_priv(dev);
362 	struct net_device_stats *stats = &t->dev->stats;
363 	struct dst_entry *dst = NULL, *ndst = NULL;
364 	struct flowi6 fl6;
365 	struct ipv6hdr *ipv6h = ipv6_hdr(skb);
366 	struct net_device *tdev;
367 	int err = -1;
368 
369 	if ((t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) ||
370 	    !ip6_tnl_xmit_ctl(t) || vti6_addr_conflict(t, ipv6h))
371 		return err;
372 
373 	dst = ip6_tnl_dst_check(t);
374 	if (!dst) {
375 		memcpy(&fl6, &t->fl.u.ip6, sizeof(fl6));
376 
377 		ndst = ip6_route_output(net, NULL, &fl6);
378 
379 		if (ndst->error)
380 			goto tx_err_link_failure;
381 		ndst = xfrm_lookup(net, ndst, flowi6_to_flowi(&fl6), NULL, 0);
382 		if (IS_ERR(ndst)) {
383 			err = PTR_ERR(ndst);
384 			ndst = NULL;
385 			goto tx_err_link_failure;
386 		}
387 		dst = ndst;
388 	}
389 
390 	if (!dst->xfrm || dst->xfrm->props.mode != XFRM_MODE_TUNNEL)
391 		goto tx_err_link_failure;
392 
393 	tdev = dst->dev;
394 
395 	if (tdev == dev) {
396 		stats->collisions++;
397 		net_warn_ratelimited("%s: Local routing loop detected!\n",
398 				     t->parms.name);
399 		goto tx_err_dst_release;
400 	}
401 
402 
403 	skb_dst_drop(skb);
404 	skb_dst_set_noref(skb, dst);
405 
406 	ip6tunnel_xmit(skb, dev);
407 	if (ndst) {
408 		dev->mtu = dst_mtu(ndst);
409 		ip6_tnl_dst_store(t, ndst);
410 	}
411 
412 	return 0;
413 tx_err_link_failure:
414 	stats->tx_carrier_errors++;
415 	dst_link_failure(skb);
416 tx_err_dst_release:
417 	dst_release(ndst);
418 	return err;
419 }
420 
421 static netdev_tx_t
422 vti6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
423 {
424 	struct ip6_tnl *t = netdev_priv(dev);
425 	struct net_device_stats *stats = &t->dev->stats;
426 	int ret;
427 
428 	switch (skb->protocol) {
429 	case htons(ETH_P_IPV6):
430 		ret = vti6_xmit(skb, dev);
431 		break;
432 	default:
433 		goto tx_err;
434 	}
435 
436 	if (ret < 0)
437 		goto tx_err;
438 
439 	return NETDEV_TX_OK;
440 
441 tx_err:
442 	stats->tx_errors++;
443 	stats->tx_dropped++;
444 	kfree_skb(skb);
445 	return NETDEV_TX_OK;
446 }
447 
448 static void vti6_link_config(struct ip6_tnl *t)
449 {
450 	struct dst_entry *dst;
451 	struct net_device *dev = t->dev;
452 	struct __ip6_tnl_parm *p = &t->parms;
453 	struct flowi6 *fl6 = &t->fl.u.ip6;
454 
455 	memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr));
456 	memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr));
457 
458 	/* Set up flowi template */
459 	fl6->saddr = p->laddr;
460 	fl6->daddr = p->raddr;
461 	fl6->flowi6_oif = p->link;
462 	fl6->flowi6_mark = be32_to_cpu(p->i_key);
463 	fl6->flowi6_proto = p->proto;
464 	fl6->flowlabel = 0;
465 
466 	p->flags &= ~(IP6_TNL_F_CAP_XMIT | IP6_TNL_F_CAP_RCV |
467 		      IP6_TNL_F_CAP_PER_PACKET);
468 	p->flags |= ip6_tnl_get_cap(t, &p->laddr, &p->raddr);
469 
470 	if (p->flags & IP6_TNL_F_CAP_XMIT && p->flags & IP6_TNL_F_CAP_RCV)
471 		dev->flags |= IFF_POINTOPOINT;
472 	else
473 		dev->flags &= ~IFF_POINTOPOINT;
474 
475 	dev->iflink = p->link;
476 
477 	if (p->flags & IP6_TNL_F_CAP_XMIT) {
478 
479 		dst = ip6_route_output(dev_net(dev), NULL, fl6);
480 		if (dst->error)
481 			return;
482 
483 		dst = xfrm_lookup(dev_net(dev), dst, flowi6_to_flowi(fl6),
484 				  NULL, 0);
485 		if (IS_ERR(dst))
486 			return;
487 
488 		if (dst->dev) {
489 			dev->hard_header_len = dst->dev->hard_header_len;
490 
491 			dev->mtu = dst_mtu(dst);
492 
493 			if (dev->mtu < IPV6_MIN_MTU)
494 				dev->mtu = IPV6_MIN_MTU;
495 		}
496 		dst_release(dst);
497 	}
498 }
499 
500 /**
501  * vti6_tnl_change - update the tunnel parameters
502  *   @t: tunnel to be changed
503  *   @p: tunnel configuration parameters
504  *
505  * Description:
506  *   vti6_tnl_change() updates the tunnel parameters
507  **/
508 static int
509 vti6_tnl_change(struct ip6_tnl *t, const struct __ip6_tnl_parm *p)
510 {
511 	t->parms.laddr = p->laddr;
512 	t->parms.raddr = p->raddr;
513 	t->parms.link = p->link;
514 	t->parms.i_key = p->i_key;
515 	t->parms.o_key = p->o_key;
516 	t->parms.proto = p->proto;
517 	ip6_tnl_dst_reset(t);
518 	vti6_link_config(t);
519 	return 0;
520 }
521 
522 static int vti6_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p)
523 {
524 	struct net *net = dev_net(t->dev);
525 	struct vti6_net *ip6n = net_generic(net, vti6_net_id);
526 	int err;
527 
528 	vti6_tnl_unlink(ip6n, t);
529 	synchronize_net();
530 	err = vti6_tnl_change(t, p);
531 	vti6_tnl_link(ip6n, t);
532 	netdev_state_change(t->dev);
533 	return err;
534 }
535 
536 static void
537 vti6_parm_from_user(struct __ip6_tnl_parm *p, const struct ip6_tnl_parm2 *u)
538 {
539 	p->laddr = u->laddr;
540 	p->raddr = u->raddr;
541 	p->link = u->link;
542 	p->i_key = u->i_key;
543 	p->o_key = u->o_key;
544 	p->proto = u->proto;
545 
546 	memcpy(p->name, u->name, sizeof(u->name));
547 }
548 
549 static void
550 vti6_parm_to_user(struct ip6_tnl_parm2 *u, const struct __ip6_tnl_parm *p)
551 {
552 	u->laddr = p->laddr;
553 	u->raddr = p->raddr;
554 	u->link = p->link;
555 	u->i_key = p->i_key;
556 	u->o_key = p->o_key;
557 	u->proto = p->proto;
558 
559 	memcpy(u->name, p->name, sizeof(u->name));
560 }
561 
562 /**
563  * vti6_tnl_ioctl - configure vti6 tunnels from userspace
564  *   @dev: virtual device associated with tunnel
565  *   @ifr: parameters passed from userspace
566  *   @cmd: command to be performed
567  *
568  * Description:
569  *   vti6_ioctl() is used for managing vti6 tunnels
570  *   from userspace.
571  *
572  *   The possible commands are the following:
573  *     %SIOCGETTUNNEL: get tunnel parameters for device
574  *     %SIOCADDTUNNEL: add tunnel matching given tunnel parameters
575  *     %SIOCCHGTUNNEL: change tunnel parameters to those given
576  *     %SIOCDELTUNNEL: delete tunnel
577  *
578  *   The fallback device "ip6_vti0", created during module
579  *   initialization, can be used for creating other tunnel devices.
580  *
581  * Return:
582  *   0 on success,
583  *   %-EFAULT if unable to copy data to or from userspace,
584  *   %-EPERM if current process hasn't %CAP_NET_ADMIN set
585  *   %-EINVAL if passed tunnel parameters are invalid,
586  *   %-EEXIST if changing a tunnel's parameters would cause a conflict
587  *   %-ENODEV if attempting to change or delete a nonexisting device
588  **/
589 static int
590 vti6_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
591 {
592 	int err = 0;
593 	struct ip6_tnl_parm2 p;
594 	struct __ip6_tnl_parm p1;
595 	struct ip6_tnl *t = NULL;
596 	struct net *net = dev_net(dev);
597 	struct vti6_net *ip6n = net_generic(net, vti6_net_id);
598 
599 	switch (cmd) {
600 	case SIOCGETTUNNEL:
601 		if (dev == ip6n->fb_tnl_dev) {
602 			if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
603 				err = -EFAULT;
604 				break;
605 			}
606 			vti6_parm_from_user(&p1, &p);
607 			t = vti6_locate(net, &p1, 0);
608 		} else {
609 			memset(&p, 0, sizeof(p));
610 		}
611 		if (t == NULL)
612 			t = netdev_priv(dev);
613 		vti6_parm_to_user(&p, &t->parms);
614 		if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
615 			err = -EFAULT;
616 		break;
617 	case SIOCADDTUNNEL:
618 	case SIOCCHGTUNNEL:
619 		err = -EPERM;
620 		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
621 			break;
622 		err = -EFAULT;
623 		if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
624 			break;
625 		err = -EINVAL;
626 		if (p.proto != IPPROTO_IPV6  && p.proto != 0)
627 			break;
628 		vti6_parm_from_user(&p1, &p);
629 		t = vti6_locate(net, &p1, cmd == SIOCADDTUNNEL);
630 		if (dev != ip6n->fb_tnl_dev && cmd == SIOCCHGTUNNEL) {
631 			if (t != NULL) {
632 				if (t->dev != dev) {
633 					err = -EEXIST;
634 					break;
635 				}
636 			} else
637 				t = netdev_priv(dev);
638 
639 			err = vti6_update(t, &p1);
640 		}
641 		if (t) {
642 			err = 0;
643 			vti6_parm_to_user(&p, &t->parms);
644 			if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
645 				err = -EFAULT;
646 
647 		} else
648 			err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
649 		break;
650 	case SIOCDELTUNNEL:
651 		err = -EPERM;
652 		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
653 			break;
654 
655 		if (dev == ip6n->fb_tnl_dev) {
656 			err = -EFAULT;
657 			if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
658 				break;
659 			err = -ENOENT;
660 			vti6_parm_from_user(&p1, &p);
661 			t = vti6_locate(net, &p1, 0);
662 			if (t == NULL)
663 				break;
664 			err = -EPERM;
665 			if (t->dev == ip6n->fb_tnl_dev)
666 				break;
667 			dev = t->dev;
668 		}
669 		err = 0;
670 		unregister_netdevice(dev);
671 		break;
672 	default:
673 		err = -EINVAL;
674 	}
675 	return err;
676 }
677 
678 /**
679  * vti6_tnl_change_mtu - change mtu manually for tunnel device
680  *   @dev: virtual device associated with tunnel
681  *   @new_mtu: the new mtu
682  *
683  * Return:
684  *   0 on success,
685  *   %-EINVAL if mtu too small
686  **/
687 static int vti6_change_mtu(struct net_device *dev, int new_mtu)
688 {
689 	if (new_mtu < IPV6_MIN_MTU)
690 		return -EINVAL;
691 
692 	dev->mtu = new_mtu;
693 	return 0;
694 }
695 
696 static const struct net_device_ops vti6_netdev_ops = {
697 	.ndo_uninit	= vti6_dev_uninit,
698 	.ndo_start_xmit = vti6_tnl_xmit,
699 	.ndo_do_ioctl	= vti6_ioctl,
700 	.ndo_change_mtu = vti6_change_mtu,
701 	.ndo_get_stats64 = ip_tunnel_get_stats64,
702 };
703 
704 /**
705  * vti6_dev_setup - setup virtual tunnel device
706  *   @dev: virtual device associated with tunnel
707  *
708  * Description:
709  *   Initialize function pointers and device parameters
710  **/
711 static void vti6_dev_setup(struct net_device *dev)
712 {
713 	struct ip6_tnl *t;
714 
715 	dev->netdev_ops = &vti6_netdev_ops;
716 	dev->destructor = vti6_dev_free;
717 
718 	dev->type = ARPHRD_TUNNEL6;
719 	dev->hard_header_len = LL_MAX_HEADER + sizeof(struct ipv6hdr);
720 	dev->mtu = ETH_DATA_LEN;
721 	t = netdev_priv(dev);
722 	dev->flags |= IFF_NOARP;
723 	dev->addr_len = sizeof(struct in6_addr);
724 	dev->features |= NETIF_F_NETNS_LOCAL;
725 	dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
726 }
727 
728 /**
729  * vti6_dev_init_gen - general initializer for all tunnel devices
730  *   @dev: virtual device associated with tunnel
731  **/
732 static inline int vti6_dev_init_gen(struct net_device *dev)
733 {
734 	struct ip6_tnl *t = netdev_priv(dev);
735 	int i;
736 
737 	t->dev = dev;
738 	t->net = dev_net(dev);
739 	dev->tstats = alloc_percpu(struct pcpu_tstats);
740 	if (!dev->tstats)
741 		return -ENOMEM;
742 	for_each_possible_cpu(i) {
743 		struct pcpu_tstats *stats;
744 		stats = per_cpu_ptr(dev->tstats, i);
745 		u64_stats_init(&stats->syncp);
746 	}
747 	return 0;
748 }
749 
750 /**
751  * vti6_dev_init - initializer for all non fallback tunnel devices
752  *   @dev: virtual device associated with tunnel
753  **/
754 static int vti6_dev_init(struct net_device *dev)
755 {
756 	struct ip6_tnl *t = netdev_priv(dev);
757 	int err = vti6_dev_init_gen(dev);
758 
759 	if (err)
760 		return err;
761 	vti6_link_config(t);
762 	return 0;
763 }
764 
765 /**
766  * vti6_fb_tnl_dev_init - initializer for fallback tunnel device
767  *   @dev: fallback device
768  *
769  * Return: 0
770  **/
771 static int __net_init vti6_fb_tnl_dev_init(struct net_device *dev)
772 {
773 	struct ip6_tnl *t = netdev_priv(dev);
774 	struct net *net = dev_net(dev);
775 	struct vti6_net *ip6n = net_generic(net, vti6_net_id);
776 	int err = vti6_dev_init_gen(dev);
777 
778 	if (err)
779 		return err;
780 
781 	t->parms.proto = IPPROTO_IPV6;
782 	dev_hold(dev);
783 
784 	vti6_link_config(t);
785 
786 	rcu_assign_pointer(ip6n->tnls_wc[0], t);
787 	return 0;
788 }
789 
790 static int vti6_validate(struct nlattr *tb[], struct nlattr *data[])
791 {
792 	return 0;
793 }
794 
795 static void vti6_netlink_parms(struct nlattr *data[],
796 			       struct __ip6_tnl_parm *parms)
797 {
798 	memset(parms, 0, sizeof(*parms));
799 
800 	if (!data)
801 		return;
802 
803 	if (data[IFLA_VTI_LINK])
804 		parms->link = nla_get_u32(data[IFLA_VTI_LINK]);
805 
806 	if (data[IFLA_VTI_LOCAL])
807 		nla_memcpy(&parms->laddr, data[IFLA_VTI_LOCAL],
808 			   sizeof(struct in6_addr));
809 
810 	if (data[IFLA_VTI_REMOTE])
811 		nla_memcpy(&parms->raddr, data[IFLA_VTI_REMOTE],
812 			   sizeof(struct in6_addr));
813 
814 	if (data[IFLA_VTI_IKEY])
815 		parms->i_key = nla_get_be32(data[IFLA_VTI_IKEY]);
816 
817 	if (data[IFLA_VTI_OKEY])
818 		parms->o_key = nla_get_be32(data[IFLA_VTI_OKEY]);
819 }
820 
821 static int vti6_newlink(struct net *src_net, struct net_device *dev,
822 			struct nlattr *tb[], struct nlattr *data[])
823 {
824 	struct net *net = dev_net(dev);
825 	struct ip6_tnl *nt;
826 
827 	nt = netdev_priv(dev);
828 	vti6_netlink_parms(data, &nt->parms);
829 
830 	nt->parms.proto = IPPROTO_IPV6;
831 
832 	if (vti6_locate(net, &nt->parms, 0))
833 		return -EEXIST;
834 
835 	return vti6_tnl_create2(dev);
836 }
837 
838 static int vti6_changelink(struct net_device *dev, struct nlattr *tb[],
839 			   struct nlattr *data[])
840 {
841 	struct ip6_tnl *t;
842 	struct __ip6_tnl_parm p;
843 	struct net *net = dev_net(dev);
844 	struct vti6_net *ip6n = net_generic(net, vti6_net_id);
845 
846 	if (dev == ip6n->fb_tnl_dev)
847 		return -EINVAL;
848 
849 	vti6_netlink_parms(data, &p);
850 
851 	t = vti6_locate(net, &p, 0);
852 
853 	if (t) {
854 		if (t->dev != dev)
855 			return -EEXIST;
856 	} else
857 		t = netdev_priv(dev);
858 
859 	return vti6_update(t, &p);
860 }
861 
862 static size_t vti6_get_size(const struct net_device *dev)
863 {
864 	return
865 		/* IFLA_VTI_LINK */
866 		nla_total_size(4) +
867 		/* IFLA_VTI_LOCAL */
868 		nla_total_size(sizeof(struct in6_addr)) +
869 		/* IFLA_VTI_REMOTE */
870 		nla_total_size(sizeof(struct in6_addr)) +
871 		/* IFLA_VTI_IKEY */
872 		nla_total_size(4) +
873 		/* IFLA_VTI_OKEY */
874 		nla_total_size(4) +
875 		0;
876 }
877 
878 static int vti6_fill_info(struct sk_buff *skb, const struct net_device *dev)
879 {
880 	struct ip6_tnl *tunnel = netdev_priv(dev);
881 	struct __ip6_tnl_parm *parm = &tunnel->parms;
882 
883 	if (nla_put_u32(skb, IFLA_VTI_LINK, parm->link) ||
884 	    nla_put(skb, IFLA_VTI_LOCAL, sizeof(struct in6_addr),
885 		    &parm->laddr) ||
886 	    nla_put(skb, IFLA_VTI_REMOTE, sizeof(struct in6_addr),
887 		    &parm->raddr) ||
888 	    nla_put_be32(skb, IFLA_VTI_IKEY, parm->i_key) ||
889 	    nla_put_be32(skb, IFLA_VTI_OKEY, parm->o_key))
890 		goto nla_put_failure;
891 	return 0;
892 
893 nla_put_failure:
894 	return -EMSGSIZE;
895 }
896 
897 static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = {
898 	[IFLA_VTI_LINK]		= { .type = NLA_U32 },
899 	[IFLA_VTI_LOCAL]	= { .len = sizeof(struct in6_addr) },
900 	[IFLA_VTI_REMOTE]	= { .len = sizeof(struct in6_addr) },
901 	[IFLA_VTI_IKEY]		= { .type = NLA_U32 },
902 	[IFLA_VTI_OKEY]		= { .type = NLA_U32 },
903 };
904 
905 static struct rtnl_link_ops vti6_link_ops __read_mostly = {
906 	.kind		= "vti6",
907 	.maxtype	= IFLA_VTI_MAX,
908 	.policy		= vti6_policy,
909 	.priv_size	= sizeof(struct ip6_tnl),
910 	.setup		= vti6_dev_setup,
911 	.validate	= vti6_validate,
912 	.newlink	= vti6_newlink,
913 	.changelink	= vti6_changelink,
914 	.get_size	= vti6_get_size,
915 	.fill_info	= vti6_fill_info,
916 };
917 
918 static struct xfrm_tunnel_notifier vti6_handler __read_mostly = {
919 	.handler	= vti6_rcv,
920 	.priority	=	1,
921 };
922 
923 static void __net_exit vti6_destroy_tunnels(struct vti6_net *ip6n)
924 {
925 	int h;
926 	struct ip6_tnl *t;
927 	LIST_HEAD(list);
928 
929 	for (h = 0; h < HASH_SIZE; h++) {
930 		t = rtnl_dereference(ip6n->tnls_r_l[h]);
931 		while (t != NULL) {
932 			unregister_netdevice_queue(t->dev, &list);
933 			t = rtnl_dereference(t->next);
934 		}
935 	}
936 
937 	t = rtnl_dereference(ip6n->tnls_wc[0]);
938 	unregister_netdevice_queue(t->dev, &list);
939 	unregister_netdevice_many(&list);
940 }
941 
942 static int __net_init vti6_init_net(struct net *net)
943 {
944 	struct vti6_net *ip6n = net_generic(net, vti6_net_id);
945 	struct ip6_tnl *t = NULL;
946 	int err;
947 
948 	ip6n->tnls[0] = ip6n->tnls_wc;
949 	ip6n->tnls[1] = ip6n->tnls_r_l;
950 
951 	err = -ENOMEM;
952 	ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6_vti0",
953 					vti6_dev_setup);
954 
955 	if (!ip6n->fb_tnl_dev)
956 		goto err_alloc_dev;
957 	dev_net_set(ip6n->fb_tnl_dev, net);
958 
959 	err = vti6_fb_tnl_dev_init(ip6n->fb_tnl_dev);
960 	if (err < 0)
961 		goto err_register;
962 
963 	err = register_netdev(ip6n->fb_tnl_dev);
964 	if (err < 0)
965 		goto err_register;
966 
967 	t = netdev_priv(ip6n->fb_tnl_dev);
968 
969 	strcpy(t->parms.name, ip6n->fb_tnl_dev->name);
970 	return 0;
971 
972 err_register:
973 	vti6_dev_free(ip6n->fb_tnl_dev);
974 err_alloc_dev:
975 	return err;
976 }
977 
978 static void __net_exit vti6_exit_net(struct net *net)
979 {
980 	struct vti6_net *ip6n = net_generic(net, vti6_net_id);
981 
982 	rtnl_lock();
983 	vti6_destroy_tunnels(ip6n);
984 	rtnl_unlock();
985 }
986 
987 static struct pernet_operations vti6_net_ops = {
988 	.init = vti6_init_net,
989 	.exit = vti6_exit_net,
990 	.id   = &vti6_net_id,
991 	.size = sizeof(struct vti6_net),
992 };
993 
994 /**
995  * vti6_tunnel_init - register protocol and reserve needed resources
996  *
997  * Return: 0 on success
998  **/
999 static int __init vti6_tunnel_init(void)
1000 {
1001 	int  err;
1002 
1003 	err = register_pernet_device(&vti6_net_ops);
1004 	if (err < 0)
1005 		goto out_pernet;
1006 
1007 	err = xfrm6_mode_tunnel_input_register(&vti6_handler);
1008 	if (err < 0) {
1009 		pr_err("%s: can't register vti6\n", __func__);
1010 		goto out;
1011 	}
1012 	err = rtnl_link_register(&vti6_link_ops);
1013 	if (err < 0)
1014 		goto rtnl_link_failed;
1015 
1016 	return 0;
1017 
1018 rtnl_link_failed:
1019 	xfrm6_mode_tunnel_input_deregister(&vti6_handler);
1020 out:
1021 	unregister_pernet_device(&vti6_net_ops);
1022 out_pernet:
1023 	return err;
1024 }
1025 
1026 /**
1027  * vti6_tunnel_cleanup - free resources and unregister protocol
1028  **/
1029 static void __exit vti6_tunnel_cleanup(void)
1030 {
1031 	rtnl_link_unregister(&vti6_link_ops);
1032 	if (xfrm6_mode_tunnel_input_deregister(&vti6_handler))
1033 		pr_info("%s: can't deregister vti6\n", __func__);
1034 
1035 	unregister_pernet_device(&vti6_net_ops);
1036 }
1037 
1038 module_init(vti6_tunnel_init);
1039 module_exit(vti6_tunnel_cleanup);
1040 MODULE_LICENSE("GPL");
1041 MODULE_ALIAS_RTNL_LINK("vti6");
1042 MODULE_ALIAS_NETDEV("ip6_vti0");
1043 MODULE_AUTHOR("Steffen Klassert");
1044 MODULE_DESCRIPTION("IPv6 virtual tunnel interface");
1045