1 /* 2 * IPv6 virtual tunneling interface 3 * 4 * Copyright (C) 2013 secunet Security Networks AG 5 * 6 * Author: 7 * Steffen Klassert <steffen.klassert@secunet.com> 8 * 9 * Based on: 10 * net/ipv6/ip6_tunnel.c 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 #include <linux/module.h> 19 #include <linux/capability.h> 20 #include <linux/errno.h> 21 #include <linux/types.h> 22 #include <linux/sockios.h> 23 #include <linux/icmp.h> 24 #include <linux/if.h> 25 #include <linux/in.h> 26 #include <linux/ip.h> 27 #include <linux/if_tunnel.h> 28 #include <linux/net.h> 29 #include <linux/in6.h> 30 #include <linux/netdevice.h> 31 #include <linux/if_arp.h> 32 #include <linux/icmpv6.h> 33 #include <linux/init.h> 34 #include <linux/route.h> 35 #include <linux/rtnetlink.h> 36 #include <linux/netfilter_ipv6.h> 37 #include <linux/slab.h> 38 #include <linux/hash.h> 39 40 #include <linux/uaccess.h> 41 #include <linux/atomic.h> 42 43 #include <net/icmp.h> 44 #include <net/ip.h> 45 #include <net/ip_tunnels.h> 46 #include <net/ipv6.h> 47 #include <net/ip6_route.h> 48 #include <net/addrconf.h> 49 #include <net/ip6_tunnel.h> 50 #include <net/xfrm.h> 51 #include <net/net_namespace.h> 52 #include <net/netns/generic.h> 53 54 #define HASH_SIZE_SHIFT 5 55 #define HASH_SIZE (1 << HASH_SIZE_SHIFT) 56 57 static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) 58 { 59 u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2); 60 61 return hash_32(hash, HASH_SIZE_SHIFT); 62 } 63 64 static int vti6_dev_init(struct net_device *dev); 65 static void vti6_dev_setup(struct net_device *dev); 66 static struct rtnl_link_ops vti6_link_ops __read_mostly; 67 68 static int vti6_net_id __read_mostly; 69 struct vti6_net { 70 /* the vti6 tunnel fallback device */ 71 struct net_device *fb_tnl_dev; 72 /* lists for storing tunnels in use */ 73 struct ip6_tnl __rcu *tnls_r_l[HASH_SIZE]; 74 struct ip6_tnl __rcu *tnls_wc[1]; 75 struct ip6_tnl __rcu **tnls[2]; 76 }; 77 78 #define for_each_vti6_tunnel_rcu(start) \ 79 for (t = rcu_dereference(start); t; t = rcu_dereference(t->next)) 80 81 /** 82 * vti6_tnl_lookup - fetch tunnel matching the end-point addresses 83 * @net: network namespace 84 * @remote: the address of the tunnel exit-point 85 * @local: the address of the tunnel entry-point 86 * 87 * Return: 88 * tunnel matching given end-points if found, 89 * else fallback tunnel if its device is up, 90 * else %NULL 91 **/ 92 static struct ip6_tnl * 93 vti6_tnl_lookup(struct net *net, const struct in6_addr *remote, 94 const struct in6_addr *local) 95 { 96 unsigned int hash = HASH(remote, local); 97 struct ip6_tnl *t; 98 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 99 100 for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) { 101 if (ipv6_addr_equal(local, &t->parms.laddr) && 102 ipv6_addr_equal(remote, &t->parms.raddr) && 103 (t->dev->flags & IFF_UP)) 104 return t; 105 } 106 t = rcu_dereference(ip6n->tnls_wc[0]); 107 if (t && (t->dev->flags & IFF_UP)) 108 return t; 109 110 return NULL; 111 } 112 113 /** 114 * vti6_tnl_bucket - get head of list matching given tunnel parameters 115 * @p: parameters containing tunnel end-points 116 * 117 * Description: 118 * vti6_tnl_bucket() returns the head of the list matching the 119 * &struct in6_addr entries laddr and raddr in @p. 120 * 121 * Return: head of IPv6 tunnel list 122 **/ 123 static struct ip6_tnl __rcu ** 124 vti6_tnl_bucket(struct vti6_net *ip6n, const struct __ip6_tnl_parm *p) 125 { 126 const struct in6_addr *remote = &p->raddr; 127 const struct in6_addr *local = &p->laddr; 128 unsigned int h = 0; 129 int prio = 0; 130 131 if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) { 132 prio = 1; 133 h = HASH(remote, local); 134 } 135 return &ip6n->tnls[prio][h]; 136 } 137 138 static void 139 vti6_tnl_link(struct vti6_net *ip6n, struct ip6_tnl *t) 140 { 141 struct ip6_tnl __rcu **tp = vti6_tnl_bucket(ip6n, &t->parms); 142 143 rcu_assign_pointer(t->next , rtnl_dereference(*tp)); 144 rcu_assign_pointer(*tp, t); 145 } 146 147 static void 148 vti6_tnl_unlink(struct vti6_net *ip6n, struct ip6_tnl *t) 149 { 150 struct ip6_tnl __rcu **tp; 151 struct ip6_tnl *iter; 152 153 for (tp = vti6_tnl_bucket(ip6n, &t->parms); 154 (iter = rtnl_dereference(*tp)) != NULL; 155 tp = &iter->next) { 156 if (t == iter) { 157 rcu_assign_pointer(*tp, t->next); 158 break; 159 } 160 } 161 } 162 163 static void vti6_dev_free(struct net_device *dev) 164 { 165 free_percpu(dev->tstats); 166 free_netdev(dev); 167 } 168 169 static int vti6_tnl_create2(struct net_device *dev) 170 { 171 struct ip6_tnl *t = netdev_priv(dev); 172 struct net *net = dev_net(dev); 173 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 174 int err; 175 176 err = vti6_dev_init(dev); 177 if (err < 0) 178 goto out; 179 180 err = register_netdevice(dev); 181 if (err < 0) 182 goto out; 183 184 strcpy(t->parms.name, dev->name); 185 dev->rtnl_link_ops = &vti6_link_ops; 186 187 dev_hold(dev); 188 vti6_tnl_link(ip6n, t); 189 190 return 0; 191 192 out: 193 return err; 194 } 195 196 static struct ip6_tnl *vti6_tnl_create(struct net *net, struct __ip6_tnl_parm *p) 197 { 198 struct net_device *dev; 199 struct ip6_tnl *t; 200 char name[IFNAMSIZ]; 201 int err; 202 203 if (p->name[0]) 204 strlcpy(name, p->name, IFNAMSIZ); 205 else 206 sprintf(name, "ip6_vti%%d"); 207 208 dev = alloc_netdev(sizeof(*t), name, vti6_dev_setup); 209 if (dev == NULL) 210 goto failed; 211 212 dev_net_set(dev, net); 213 214 t = netdev_priv(dev); 215 t->parms = *p; 216 t->net = dev_net(dev); 217 218 err = vti6_tnl_create2(dev); 219 if (err < 0) 220 goto failed_free; 221 222 return t; 223 224 failed_free: 225 vti6_dev_free(dev); 226 failed: 227 return NULL; 228 } 229 230 /** 231 * vti6_locate - find or create tunnel matching given parameters 232 * @net: network namespace 233 * @p: tunnel parameters 234 * @create: != 0 if allowed to create new tunnel if no match found 235 * 236 * Description: 237 * vti6_locate() first tries to locate an existing tunnel 238 * based on @parms. If this is unsuccessful, but @create is set a new 239 * tunnel device is created and registered for use. 240 * 241 * Return: 242 * matching tunnel or NULL 243 **/ 244 static struct ip6_tnl *vti6_locate(struct net *net, struct __ip6_tnl_parm *p, 245 int create) 246 { 247 const struct in6_addr *remote = &p->raddr; 248 const struct in6_addr *local = &p->laddr; 249 struct ip6_tnl __rcu **tp; 250 struct ip6_tnl *t; 251 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 252 253 for (tp = vti6_tnl_bucket(ip6n, p); 254 (t = rtnl_dereference(*tp)) != NULL; 255 tp = &t->next) { 256 if (ipv6_addr_equal(local, &t->parms.laddr) && 257 ipv6_addr_equal(remote, &t->parms.raddr)) 258 return t; 259 } 260 if (!create) 261 return NULL; 262 return vti6_tnl_create(net, p); 263 } 264 265 /** 266 * vti6_dev_uninit - tunnel device uninitializer 267 * @dev: the device to be destroyed 268 * 269 * Description: 270 * vti6_dev_uninit() removes tunnel from its list 271 **/ 272 static void vti6_dev_uninit(struct net_device *dev) 273 { 274 struct ip6_tnl *t = netdev_priv(dev); 275 struct net *net = dev_net(dev); 276 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 277 278 if (dev == ip6n->fb_tnl_dev) 279 RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL); 280 else 281 vti6_tnl_unlink(ip6n, t); 282 ip6_tnl_dst_reset(t); 283 dev_put(dev); 284 } 285 286 static int vti6_rcv(struct sk_buff *skb) 287 { 288 struct ip6_tnl *t; 289 const struct ipv6hdr *ipv6h = ipv6_hdr(skb); 290 291 rcu_read_lock(); 292 293 if ((t = vti6_tnl_lookup(dev_net(skb->dev), &ipv6h->saddr, 294 &ipv6h->daddr)) != NULL) { 295 struct pcpu_tstats *tstats; 296 297 if (t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) { 298 rcu_read_unlock(); 299 goto discard; 300 } 301 302 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 303 rcu_read_unlock(); 304 return 0; 305 } 306 307 if (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr)) { 308 t->dev->stats.rx_dropped++; 309 rcu_read_unlock(); 310 goto discard; 311 } 312 313 tstats = this_cpu_ptr(t->dev->tstats); 314 u64_stats_update_begin(&tstats->syncp); 315 tstats->rx_packets++; 316 tstats->rx_bytes += skb->len; 317 u64_stats_update_end(&tstats->syncp); 318 319 skb->mark = 0; 320 secpath_reset(skb); 321 skb->dev = t->dev; 322 323 rcu_read_unlock(); 324 return 0; 325 } 326 rcu_read_unlock(); 327 return 1; 328 329 discard: 330 kfree_skb(skb); 331 return 0; 332 } 333 334 /** 335 * vti6_addr_conflict - compare packet addresses to tunnel's own 336 * @t: the outgoing tunnel device 337 * @hdr: IPv6 header from the incoming packet 338 * 339 * Description: 340 * Avoid trivial tunneling loop by checking that tunnel exit-point 341 * doesn't match source of incoming packet. 342 * 343 * Return: 344 * 1 if conflict, 345 * 0 else 346 **/ 347 static inline bool 348 vti6_addr_conflict(const struct ip6_tnl *t, const struct ipv6hdr *hdr) 349 { 350 return ipv6_addr_equal(&t->parms.raddr, &hdr->saddr); 351 } 352 353 /** 354 * vti6_xmit - send a packet 355 * @skb: the outgoing socket buffer 356 * @dev: the outgoing tunnel device 357 **/ 358 static int vti6_xmit(struct sk_buff *skb, struct net_device *dev) 359 { 360 struct net *net = dev_net(dev); 361 struct ip6_tnl *t = netdev_priv(dev); 362 struct net_device_stats *stats = &t->dev->stats; 363 struct dst_entry *dst = NULL, *ndst = NULL; 364 struct flowi6 fl6; 365 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 366 struct net_device *tdev; 367 int err = -1; 368 369 if ((t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) || 370 !ip6_tnl_xmit_ctl(t) || vti6_addr_conflict(t, ipv6h)) 371 return err; 372 373 dst = ip6_tnl_dst_check(t); 374 if (!dst) { 375 memcpy(&fl6, &t->fl.u.ip6, sizeof(fl6)); 376 377 ndst = ip6_route_output(net, NULL, &fl6); 378 379 if (ndst->error) 380 goto tx_err_link_failure; 381 ndst = xfrm_lookup(net, ndst, flowi6_to_flowi(&fl6), NULL, 0); 382 if (IS_ERR(ndst)) { 383 err = PTR_ERR(ndst); 384 ndst = NULL; 385 goto tx_err_link_failure; 386 } 387 dst = ndst; 388 } 389 390 if (!dst->xfrm || dst->xfrm->props.mode != XFRM_MODE_TUNNEL) 391 goto tx_err_link_failure; 392 393 tdev = dst->dev; 394 395 if (tdev == dev) { 396 stats->collisions++; 397 net_warn_ratelimited("%s: Local routing loop detected!\n", 398 t->parms.name); 399 goto tx_err_dst_release; 400 } 401 402 403 skb_dst_drop(skb); 404 skb_dst_set_noref(skb, dst); 405 406 ip6tunnel_xmit(skb, dev); 407 if (ndst) { 408 dev->mtu = dst_mtu(ndst); 409 ip6_tnl_dst_store(t, ndst); 410 } 411 412 return 0; 413 tx_err_link_failure: 414 stats->tx_carrier_errors++; 415 dst_link_failure(skb); 416 tx_err_dst_release: 417 dst_release(ndst); 418 return err; 419 } 420 421 static netdev_tx_t 422 vti6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) 423 { 424 struct ip6_tnl *t = netdev_priv(dev); 425 struct net_device_stats *stats = &t->dev->stats; 426 int ret; 427 428 switch (skb->protocol) { 429 case htons(ETH_P_IPV6): 430 ret = vti6_xmit(skb, dev); 431 break; 432 default: 433 goto tx_err; 434 } 435 436 if (ret < 0) 437 goto tx_err; 438 439 return NETDEV_TX_OK; 440 441 tx_err: 442 stats->tx_errors++; 443 stats->tx_dropped++; 444 kfree_skb(skb); 445 return NETDEV_TX_OK; 446 } 447 448 static void vti6_link_config(struct ip6_tnl *t) 449 { 450 struct dst_entry *dst; 451 struct net_device *dev = t->dev; 452 struct __ip6_tnl_parm *p = &t->parms; 453 struct flowi6 *fl6 = &t->fl.u.ip6; 454 455 memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr)); 456 memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr)); 457 458 /* Set up flowi template */ 459 fl6->saddr = p->laddr; 460 fl6->daddr = p->raddr; 461 fl6->flowi6_oif = p->link; 462 fl6->flowi6_mark = be32_to_cpu(p->i_key); 463 fl6->flowi6_proto = p->proto; 464 fl6->flowlabel = 0; 465 466 p->flags &= ~(IP6_TNL_F_CAP_XMIT | IP6_TNL_F_CAP_RCV | 467 IP6_TNL_F_CAP_PER_PACKET); 468 p->flags |= ip6_tnl_get_cap(t, &p->laddr, &p->raddr); 469 470 if (p->flags & IP6_TNL_F_CAP_XMIT && p->flags & IP6_TNL_F_CAP_RCV) 471 dev->flags |= IFF_POINTOPOINT; 472 else 473 dev->flags &= ~IFF_POINTOPOINT; 474 475 dev->iflink = p->link; 476 477 if (p->flags & IP6_TNL_F_CAP_XMIT) { 478 479 dst = ip6_route_output(dev_net(dev), NULL, fl6); 480 if (dst->error) 481 return; 482 483 dst = xfrm_lookup(dev_net(dev), dst, flowi6_to_flowi(fl6), 484 NULL, 0); 485 if (IS_ERR(dst)) 486 return; 487 488 if (dst->dev) { 489 dev->hard_header_len = dst->dev->hard_header_len; 490 491 dev->mtu = dst_mtu(dst); 492 493 if (dev->mtu < IPV6_MIN_MTU) 494 dev->mtu = IPV6_MIN_MTU; 495 } 496 dst_release(dst); 497 } 498 } 499 500 /** 501 * vti6_tnl_change - update the tunnel parameters 502 * @t: tunnel to be changed 503 * @p: tunnel configuration parameters 504 * 505 * Description: 506 * vti6_tnl_change() updates the tunnel parameters 507 **/ 508 static int 509 vti6_tnl_change(struct ip6_tnl *t, const struct __ip6_tnl_parm *p) 510 { 511 t->parms.laddr = p->laddr; 512 t->parms.raddr = p->raddr; 513 t->parms.link = p->link; 514 t->parms.i_key = p->i_key; 515 t->parms.o_key = p->o_key; 516 t->parms.proto = p->proto; 517 ip6_tnl_dst_reset(t); 518 vti6_link_config(t); 519 return 0; 520 } 521 522 static int vti6_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p) 523 { 524 struct net *net = dev_net(t->dev); 525 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 526 int err; 527 528 vti6_tnl_unlink(ip6n, t); 529 synchronize_net(); 530 err = vti6_tnl_change(t, p); 531 vti6_tnl_link(ip6n, t); 532 netdev_state_change(t->dev); 533 return err; 534 } 535 536 static void 537 vti6_parm_from_user(struct __ip6_tnl_parm *p, const struct ip6_tnl_parm2 *u) 538 { 539 p->laddr = u->laddr; 540 p->raddr = u->raddr; 541 p->link = u->link; 542 p->i_key = u->i_key; 543 p->o_key = u->o_key; 544 p->proto = u->proto; 545 546 memcpy(p->name, u->name, sizeof(u->name)); 547 } 548 549 static void 550 vti6_parm_to_user(struct ip6_tnl_parm2 *u, const struct __ip6_tnl_parm *p) 551 { 552 u->laddr = p->laddr; 553 u->raddr = p->raddr; 554 u->link = p->link; 555 u->i_key = p->i_key; 556 u->o_key = p->o_key; 557 u->proto = p->proto; 558 559 memcpy(u->name, p->name, sizeof(u->name)); 560 } 561 562 /** 563 * vti6_tnl_ioctl - configure vti6 tunnels from userspace 564 * @dev: virtual device associated with tunnel 565 * @ifr: parameters passed from userspace 566 * @cmd: command to be performed 567 * 568 * Description: 569 * vti6_ioctl() is used for managing vti6 tunnels 570 * from userspace. 571 * 572 * The possible commands are the following: 573 * %SIOCGETTUNNEL: get tunnel parameters for device 574 * %SIOCADDTUNNEL: add tunnel matching given tunnel parameters 575 * %SIOCCHGTUNNEL: change tunnel parameters to those given 576 * %SIOCDELTUNNEL: delete tunnel 577 * 578 * The fallback device "ip6_vti0", created during module 579 * initialization, can be used for creating other tunnel devices. 580 * 581 * Return: 582 * 0 on success, 583 * %-EFAULT if unable to copy data to or from userspace, 584 * %-EPERM if current process hasn't %CAP_NET_ADMIN set 585 * %-EINVAL if passed tunnel parameters are invalid, 586 * %-EEXIST if changing a tunnel's parameters would cause a conflict 587 * %-ENODEV if attempting to change or delete a nonexisting device 588 **/ 589 static int 590 vti6_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) 591 { 592 int err = 0; 593 struct ip6_tnl_parm2 p; 594 struct __ip6_tnl_parm p1; 595 struct ip6_tnl *t = NULL; 596 struct net *net = dev_net(dev); 597 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 598 599 switch (cmd) { 600 case SIOCGETTUNNEL: 601 if (dev == ip6n->fb_tnl_dev) { 602 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) { 603 err = -EFAULT; 604 break; 605 } 606 vti6_parm_from_user(&p1, &p); 607 t = vti6_locate(net, &p1, 0); 608 } else { 609 memset(&p, 0, sizeof(p)); 610 } 611 if (t == NULL) 612 t = netdev_priv(dev); 613 vti6_parm_to_user(&p, &t->parms); 614 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) 615 err = -EFAULT; 616 break; 617 case SIOCADDTUNNEL: 618 case SIOCCHGTUNNEL: 619 err = -EPERM; 620 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 621 break; 622 err = -EFAULT; 623 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 624 break; 625 err = -EINVAL; 626 if (p.proto != IPPROTO_IPV6 && p.proto != 0) 627 break; 628 vti6_parm_from_user(&p1, &p); 629 t = vti6_locate(net, &p1, cmd == SIOCADDTUNNEL); 630 if (dev != ip6n->fb_tnl_dev && cmd == SIOCCHGTUNNEL) { 631 if (t != NULL) { 632 if (t->dev != dev) { 633 err = -EEXIST; 634 break; 635 } 636 } else 637 t = netdev_priv(dev); 638 639 err = vti6_update(t, &p1); 640 } 641 if (t) { 642 err = 0; 643 vti6_parm_to_user(&p, &t->parms); 644 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) 645 err = -EFAULT; 646 647 } else 648 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT); 649 break; 650 case SIOCDELTUNNEL: 651 err = -EPERM; 652 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 653 break; 654 655 if (dev == ip6n->fb_tnl_dev) { 656 err = -EFAULT; 657 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 658 break; 659 err = -ENOENT; 660 vti6_parm_from_user(&p1, &p); 661 t = vti6_locate(net, &p1, 0); 662 if (t == NULL) 663 break; 664 err = -EPERM; 665 if (t->dev == ip6n->fb_tnl_dev) 666 break; 667 dev = t->dev; 668 } 669 err = 0; 670 unregister_netdevice(dev); 671 break; 672 default: 673 err = -EINVAL; 674 } 675 return err; 676 } 677 678 /** 679 * vti6_tnl_change_mtu - change mtu manually for tunnel device 680 * @dev: virtual device associated with tunnel 681 * @new_mtu: the new mtu 682 * 683 * Return: 684 * 0 on success, 685 * %-EINVAL if mtu too small 686 **/ 687 static int vti6_change_mtu(struct net_device *dev, int new_mtu) 688 { 689 if (new_mtu < IPV6_MIN_MTU) 690 return -EINVAL; 691 692 dev->mtu = new_mtu; 693 return 0; 694 } 695 696 static const struct net_device_ops vti6_netdev_ops = { 697 .ndo_uninit = vti6_dev_uninit, 698 .ndo_start_xmit = vti6_tnl_xmit, 699 .ndo_do_ioctl = vti6_ioctl, 700 .ndo_change_mtu = vti6_change_mtu, 701 .ndo_get_stats64 = ip_tunnel_get_stats64, 702 }; 703 704 /** 705 * vti6_dev_setup - setup virtual tunnel device 706 * @dev: virtual device associated with tunnel 707 * 708 * Description: 709 * Initialize function pointers and device parameters 710 **/ 711 static void vti6_dev_setup(struct net_device *dev) 712 { 713 struct ip6_tnl *t; 714 715 dev->netdev_ops = &vti6_netdev_ops; 716 dev->destructor = vti6_dev_free; 717 718 dev->type = ARPHRD_TUNNEL6; 719 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct ipv6hdr); 720 dev->mtu = ETH_DATA_LEN; 721 t = netdev_priv(dev); 722 dev->flags |= IFF_NOARP; 723 dev->addr_len = sizeof(struct in6_addr); 724 dev->features |= NETIF_F_NETNS_LOCAL; 725 dev->priv_flags &= ~IFF_XMIT_DST_RELEASE; 726 } 727 728 /** 729 * vti6_dev_init_gen - general initializer for all tunnel devices 730 * @dev: virtual device associated with tunnel 731 **/ 732 static inline int vti6_dev_init_gen(struct net_device *dev) 733 { 734 struct ip6_tnl *t = netdev_priv(dev); 735 int i; 736 737 t->dev = dev; 738 t->net = dev_net(dev); 739 dev->tstats = alloc_percpu(struct pcpu_tstats); 740 if (!dev->tstats) 741 return -ENOMEM; 742 for_each_possible_cpu(i) { 743 struct pcpu_tstats *stats; 744 stats = per_cpu_ptr(dev->tstats, i); 745 u64_stats_init(&stats->syncp); 746 } 747 return 0; 748 } 749 750 /** 751 * vti6_dev_init - initializer for all non fallback tunnel devices 752 * @dev: virtual device associated with tunnel 753 **/ 754 static int vti6_dev_init(struct net_device *dev) 755 { 756 struct ip6_tnl *t = netdev_priv(dev); 757 int err = vti6_dev_init_gen(dev); 758 759 if (err) 760 return err; 761 vti6_link_config(t); 762 return 0; 763 } 764 765 /** 766 * vti6_fb_tnl_dev_init - initializer for fallback tunnel device 767 * @dev: fallback device 768 * 769 * Return: 0 770 **/ 771 static int __net_init vti6_fb_tnl_dev_init(struct net_device *dev) 772 { 773 struct ip6_tnl *t = netdev_priv(dev); 774 struct net *net = dev_net(dev); 775 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 776 int err = vti6_dev_init_gen(dev); 777 778 if (err) 779 return err; 780 781 t->parms.proto = IPPROTO_IPV6; 782 dev_hold(dev); 783 784 vti6_link_config(t); 785 786 rcu_assign_pointer(ip6n->tnls_wc[0], t); 787 return 0; 788 } 789 790 static int vti6_validate(struct nlattr *tb[], struct nlattr *data[]) 791 { 792 return 0; 793 } 794 795 static void vti6_netlink_parms(struct nlattr *data[], 796 struct __ip6_tnl_parm *parms) 797 { 798 memset(parms, 0, sizeof(*parms)); 799 800 if (!data) 801 return; 802 803 if (data[IFLA_VTI_LINK]) 804 parms->link = nla_get_u32(data[IFLA_VTI_LINK]); 805 806 if (data[IFLA_VTI_LOCAL]) 807 nla_memcpy(&parms->laddr, data[IFLA_VTI_LOCAL], 808 sizeof(struct in6_addr)); 809 810 if (data[IFLA_VTI_REMOTE]) 811 nla_memcpy(&parms->raddr, data[IFLA_VTI_REMOTE], 812 sizeof(struct in6_addr)); 813 814 if (data[IFLA_VTI_IKEY]) 815 parms->i_key = nla_get_be32(data[IFLA_VTI_IKEY]); 816 817 if (data[IFLA_VTI_OKEY]) 818 parms->o_key = nla_get_be32(data[IFLA_VTI_OKEY]); 819 } 820 821 static int vti6_newlink(struct net *src_net, struct net_device *dev, 822 struct nlattr *tb[], struct nlattr *data[]) 823 { 824 struct net *net = dev_net(dev); 825 struct ip6_tnl *nt; 826 827 nt = netdev_priv(dev); 828 vti6_netlink_parms(data, &nt->parms); 829 830 nt->parms.proto = IPPROTO_IPV6; 831 832 if (vti6_locate(net, &nt->parms, 0)) 833 return -EEXIST; 834 835 return vti6_tnl_create2(dev); 836 } 837 838 static int vti6_changelink(struct net_device *dev, struct nlattr *tb[], 839 struct nlattr *data[]) 840 { 841 struct ip6_tnl *t; 842 struct __ip6_tnl_parm p; 843 struct net *net = dev_net(dev); 844 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 845 846 if (dev == ip6n->fb_tnl_dev) 847 return -EINVAL; 848 849 vti6_netlink_parms(data, &p); 850 851 t = vti6_locate(net, &p, 0); 852 853 if (t) { 854 if (t->dev != dev) 855 return -EEXIST; 856 } else 857 t = netdev_priv(dev); 858 859 return vti6_update(t, &p); 860 } 861 862 static size_t vti6_get_size(const struct net_device *dev) 863 { 864 return 865 /* IFLA_VTI_LINK */ 866 nla_total_size(4) + 867 /* IFLA_VTI_LOCAL */ 868 nla_total_size(sizeof(struct in6_addr)) + 869 /* IFLA_VTI_REMOTE */ 870 nla_total_size(sizeof(struct in6_addr)) + 871 /* IFLA_VTI_IKEY */ 872 nla_total_size(4) + 873 /* IFLA_VTI_OKEY */ 874 nla_total_size(4) + 875 0; 876 } 877 878 static int vti6_fill_info(struct sk_buff *skb, const struct net_device *dev) 879 { 880 struct ip6_tnl *tunnel = netdev_priv(dev); 881 struct __ip6_tnl_parm *parm = &tunnel->parms; 882 883 if (nla_put_u32(skb, IFLA_VTI_LINK, parm->link) || 884 nla_put(skb, IFLA_VTI_LOCAL, sizeof(struct in6_addr), 885 &parm->laddr) || 886 nla_put(skb, IFLA_VTI_REMOTE, sizeof(struct in6_addr), 887 &parm->raddr) || 888 nla_put_be32(skb, IFLA_VTI_IKEY, parm->i_key) || 889 nla_put_be32(skb, IFLA_VTI_OKEY, parm->o_key)) 890 goto nla_put_failure; 891 return 0; 892 893 nla_put_failure: 894 return -EMSGSIZE; 895 } 896 897 static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = { 898 [IFLA_VTI_LINK] = { .type = NLA_U32 }, 899 [IFLA_VTI_LOCAL] = { .len = sizeof(struct in6_addr) }, 900 [IFLA_VTI_REMOTE] = { .len = sizeof(struct in6_addr) }, 901 [IFLA_VTI_IKEY] = { .type = NLA_U32 }, 902 [IFLA_VTI_OKEY] = { .type = NLA_U32 }, 903 }; 904 905 static struct rtnl_link_ops vti6_link_ops __read_mostly = { 906 .kind = "vti6", 907 .maxtype = IFLA_VTI_MAX, 908 .policy = vti6_policy, 909 .priv_size = sizeof(struct ip6_tnl), 910 .setup = vti6_dev_setup, 911 .validate = vti6_validate, 912 .newlink = vti6_newlink, 913 .changelink = vti6_changelink, 914 .get_size = vti6_get_size, 915 .fill_info = vti6_fill_info, 916 }; 917 918 static struct xfrm_tunnel_notifier vti6_handler __read_mostly = { 919 .handler = vti6_rcv, 920 .priority = 1, 921 }; 922 923 static void __net_exit vti6_destroy_tunnels(struct vti6_net *ip6n) 924 { 925 int h; 926 struct ip6_tnl *t; 927 LIST_HEAD(list); 928 929 for (h = 0; h < HASH_SIZE; h++) { 930 t = rtnl_dereference(ip6n->tnls_r_l[h]); 931 while (t != NULL) { 932 unregister_netdevice_queue(t->dev, &list); 933 t = rtnl_dereference(t->next); 934 } 935 } 936 937 t = rtnl_dereference(ip6n->tnls_wc[0]); 938 unregister_netdevice_queue(t->dev, &list); 939 unregister_netdevice_many(&list); 940 } 941 942 static int __net_init vti6_init_net(struct net *net) 943 { 944 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 945 struct ip6_tnl *t = NULL; 946 int err; 947 948 ip6n->tnls[0] = ip6n->tnls_wc; 949 ip6n->tnls[1] = ip6n->tnls_r_l; 950 951 err = -ENOMEM; 952 ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6_vti0", 953 vti6_dev_setup); 954 955 if (!ip6n->fb_tnl_dev) 956 goto err_alloc_dev; 957 dev_net_set(ip6n->fb_tnl_dev, net); 958 959 err = vti6_fb_tnl_dev_init(ip6n->fb_tnl_dev); 960 if (err < 0) 961 goto err_register; 962 963 err = register_netdev(ip6n->fb_tnl_dev); 964 if (err < 0) 965 goto err_register; 966 967 t = netdev_priv(ip6n->fb_tnl_dev); 968 969 strcpy(t->parms.name, ip6n->fb_tnl_dev->name); 970 return 0; 971 972 err_register: 973 vti6_dev_free(ip6n->fb_tnl_dev); 974 err_alloc_dev: 975 return err; 976 } 977 978 static void __net_exit vti6_exit_net(struct net *net) 979 { 980 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 981 982 rtnl_lock(); 983 vti6_destroy_tunnels(ip6n); 984 rtnl_unlock(); 985 } 986 987 static struct pernet_operations vti6_net_ops = { 988 .init = vti6_init_net, 989 .exit = vti6_exit_net, 990 .id = &vti6_net_id, 991 .size = sizeof(struct vti6_net), 992 }; 993 994 /** 995 * vti6_tunnel_init - register protocol and reserve needed resources 996 * 997 * Return: 0 on success 998 **/ 999 static int __init vti6_tunnel_init(void) 1000 { 1001 int err; 1002 1003 err = register_pernet_device(&vti6_net_ops); 1004 if (err < 0) 1005 goto out_pernet; 1006 1007 err = xfrm6_mode_tunnel_input_register(&vti6_handler); 1008 if (err < 0) { 1009 pr_err("%s: can't register vti6\n", __func__); 1010 goto out; 1011 } 1012 err = rtnl_link_register(&vti6_link_ops); 1013 if (err < 0) 1014 goto rtnl_link_failed; 1015 1016 return 0; 1017 1018 rtnl_link_failed: 1019 xfrm6_mode_tunnel_input_deregister(&vti6_handler); 1020 out: 1021 unregister_pernet_device(&vti6_net_ops); 1022 out_pernet: 1023 return err; 1024 } 1025 1026 /** 1027 * vti6_tunnel_cleanup - free resources and unregister protocol 1028 **/ 1029 static void __exit vti6_tunnel_cleanup(void) 1030 { 1031 rtnl_link_unregister(&vti6_link_ops); 1032 if (xfrm6_mode_tunnel_input_deregister(&vti6_handler)) 1033 pr_info("%s: can't deregister vti6\n", __func__); 1034 1035 unregister_pernet_device(&vti6_net_ops); 1036 } 1037 1038 module_init(vti6_tunnel_init); 1039 module_exit(vti6_tunnel_cleanup); 1040 MODULE_LICENSE("GPL"); 1041 MODULE_ALIAS_RTNL_LINK("vti6"); 1042 MODULE_ALIAS_NETDEV("ip6_vti0"); 1043 MODULE_AUTHOR("Steffen Klassert"); 1044 MODULE_DESCRIPTION("IPv6 virtual tunnel interface"); 1045