1 /* 2 * IPv6 virtual tunneling interface 3 * 4 * Copyright (C) 2013 secunet Security Networks AG 5 * 6 * Author: 7 * Steffen Klassert <steffen.klassert@secunet.com> 8 * 9 * Based on: 10 * net/ipv6/ip6_tunnel.c 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 #include <linux/module.h> 19 #include <linux/capability.h> 20 #include <linux/errno.h> 21 #include <linux/types.h> 22 #include <linux/sockios.h> 23 #include <linux/icmp.h> 24 #include <linux/if.h> 25 #include <linux/in.h> 26 #include <linux/ip.h> 27 #include <linux/net.h> 28 #include <linux/in6.h> 29 #include <linux/netdevice.h> 30 #include <linux/if_arp.h> 31 #include <linux/icmpv6.h> 32 #include <linux/init.h> 33 #include <linux/route.h> 34 #include <linux/rtnetlink.h> 35 #include <linux/netfilter_ipv6.h> 36 #include <linux/slab.h> 37 #include <linux/hash.h> 38 39 #include <linux/uaccess.h> 40 #include <linux/atomic.h> 41 42 #include <net/icmp.h> 43 #include <net/ip.h> 44 #include <net/ip_tunnels.h> 45 #include <net/ipv6.h> 46 #include <net/ip6_route.h> 47 #include <net/addrconf.h> 48 #include <net/ip6_tunnel.h> 49 #include <net/xfrm.h> 50 #include <net/net_namespace.h> 51 #include <net/netns/generic.h> 52 53 #define HASH_SIZE_SHIFT 5 54 #define HASH_SIZE (1 << HASH_SIZE_SHIFT) 55 56 static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) 57 { 58 u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2); 59 60 return hash_32(hash, HASH_SIZE_SHIFT); 61 } 62 63 static int vti6_dev_init(struct net_device *dev); 64 static void vti6_dev_setup(struct net_device *dev); 65 static struct rtnl_link_ops vti6_link_ops __read_mostly; 66 67 static int vti6_net_id __read_mostly; 68 struct vti6_net { 69 /* the vti6 tunnel fallback device */ 70 struct net_device *fb_tnl_dev; 71 /* lists for storing tunnels in use */ 72 struct ip6_tnl __rcu *tnls_r_l[HASH_SIZE]; 73 struct ip6_tnl __rcu *tnls_wc[1]; 74 struct ip6_tnl __rcu **tnls[2]; 75 }; 76 77 #define for_each_vti6_tunnel_rcu(start) \ 78 for (t = rcu_dereference(start); t; t = rcu_dereference(t->next)) 79 80 /** 81 * vti6_tnl_lookup - fetch tunnel matching the end-point addresses 82 * @net: network namespace 83 * @remote: the address of the tunnel exit-point 84 * @local: the address of the tunnel entry-point 85 * 86 * Return: 87 * tunnel matching given end-points if found, 88 * else fallback tunnel if its device is up, 89 * else %NULL 90 **/ 91 static struct ip6_tnl * 92 vti6_tnl_lookup(struct net *net, const struct in6_addr *remote, 93 const struct in6_addr *local) 94 { 95 unsigned int hash = HASH(remote, local); 96 struct ip6_tnl *t; 97 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 98 99 for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) { 100 if (ipv6_addr_equal(local, &t->parms.laddr) && 101 ipv6_addr_equal(remote, &t->parms.raddr) && 102 (t->dev->flags & IFF_UP)) 103 return t; 104 } 105 t = rcu_dereference(ip6n->tnls_wc[0]); 106 if (t && (t->dev->flags & IFF_UP)) 107 return t; 108 109 return NULL; 110 } 111 112 /** 113 * vti6_tnl_bucket - get head of list matching given tunnel parameters 114 * @p: parameters containing tunnel end-points 115 * 116 * Description: 117 * vti6_tnl_bucket() returns the head of the list matching the 118 * &struct in6_addr entries laddr and raddr in @p. 119 * 120 * Return: head of IPv6 tunnel list 121 **/ 122 static struct ip6_tnl __rcu ** 123 vti6_tnl_bucket(struct vti6_net *ip6n, const struct __ip6_tnl_parm *p) 124 { 125 const struct in6_addr *remote = &p->raddr; 126 const struct in6_addr *local = &p->laddr; 127 unsigned int h = 0; 128 int prio = 0; 129 130 if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) { 131 prio = 1; 132 h = HASH(remote, local); 133 } 134 return &ip6n->tnls[prio][h]; 135 } 136 137 static void 138 vti6_tnl_link(struct vti6_net *ip6n, struct ip6_tnl *t) 139 { 140 struct ip6_tnl __rcu **tp = vti6_tnl_bucket(ip6n, &t->parms); 141 142 rcu_assign_pointer(t->next , rtnl_dereference(*tp)); 143 rcu_assign_pointer(*tp, t); 144 } 145 146 static void 147 vti6_tnl_unlink(struct vti6_net *ip6n, struct ip6_tnl *t) 148 { 149 struct ip6_tnl __rcu **tp; 150 struct ip6_tnl *iter; 151 152 for (tp = vti6_tnl_bucket(ip6n, &t->parms); 153 (iter = rtnl_dereference(*tp)) != NULL; 154 tp = &iter->next) { 155 if (t == iter) { 156 rcu_assign_pointer(*tp, t->next); 157 break; 158 } 159 } 160 } 161 162 static void vti6_dev_free(struct net_device *dev) 163 { 164 free_percpu(dev->tstats); 165 free_netdev(dev); 166 } 167 168 static int vti6_tnl_create2(struct net_device *dev) 169 { 170 struct ip6_tnl *t = netdev_priv(dev); 171 struct net *net = dev_net(dev); 172 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 173 int err; 174 175 err = vti6_dev_init(dev); 176 if (err < 0) 177 goto out; 178 179 err = register_netdevice(dev); 180 if (err < 0) 181 goto out; 182 183 strcpy(t->parms.name, dev->name); 184 dev->rtnl_link_ops = &vti6_link_ops; 185 186 dev_hold(dev); 187 vti6_tnl_link(ip6n, t); 188 189 return 0; 190 191 out: 192 return err; 193 } 194 195 static struct ip6_tnl *vti6_tnl_create(struct net *net, struct __ip6_tnl_parm *p) 196 { 197 struct net_device *dev; 198 struct ip6_tnl *t; 199 char name[IFNAMSIZ]; 200 int err; 201 202 if (p->name[0]) 203 strlcpy(name, p->name, IFNAMSIZ); 204 else 205 sprintf(name, "ip6_vti%%d"); 206 207 dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, vti6_dev_setup); 208 if (dev == NULL) 209 goto failed; 210 211 dev_net_set(dev, net); 212 213 t = netdev_priv(dev); 214 t->parms = *p; 215 t->net = dev_net(dev); 216 217 err = vti6_tnl_create2(dev); 218 if (err < 0) 219 goto failed_free; 220 221 return t; 222 223 failed_free: 224 vti6_dev_free(dev); 225 failed: 226 return NULL; 227 } 228 229 /** 230 * vti6_locate - find or create tunnel matching given parameters 231 * @net: network namespace 232 * @p: tunnel parameters 233 * @create: != 0 if allowed to create new tunnel if no match found 234 * 235 * Description: 236 * vti6_locate() first tries to locate an existing tunnel 237 * based on @parms. If this is unsuccessful, but @create is set a new 238 * tunnel device is created and registered for use. 239 * 240 * Return: 241 * matching tunnel or NULL 242 **/ 243 static struct ip6_tnl *vti6_locate(struct net *net, struct __ip6_tnl_parm *p, 244 int create) 245 { 246 const struct in6_addr *remote = &p->raddr; 247 const struct in6_addr *local = &p->laddr; 248 struct ip6_tnl __rcu **tp; 249 struct ip6_tnl *t; 250 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 251 252 for (tp = vti6_tnl_bucket(ip6n, p); 253 (t = rtnl_dereference(*tp)) != NULL; 254 tp = &t->next) { 255 if (ipv6_addr_equal(local, &t->parms.laddr) && 256 ipv6_addr_equal(remote, &t->parms.raddr)) { 257 if (create) 258 return NULL; 259 260 return t; 261 } 262 } 263 if (!create) 264 return NULL; 265 return vti6_tnl_create(net, p); 266 } 267 268 /** 269 * vti6_dev_uninit - tunnel device uninitializer 270 * @dev: the device to be destroyed 271 * 272 * Description: 273 * vti6_dev_uninit() removes tunnel from its list 274 **/ 275 static void vti6_dev_uninit(struct net_device *dev) 276 { 277 struct ip6_tnl *t = netdev_priv(dev); 278 struct net *net = dev_net(dev); 279 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 280 281 if (dev == ip6n->fb_tnl_dev) 282 RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL); 283 else 284 vti6_tnl_unlink(ip6n, t); 285 dev_put(dev); 286 } 287 288 static int vti6_rcv(struct sk_buff *skb) 289 { 290 struct ip6_tnl *t; 291 const struct ipv6hdr *ipv6h = ipv6_hdr(skb); 292 293 rcu_read_lock(); 294 if ((t = vti6_tnl_lookup(dev_net(skb->dev), &ipv6h->saddr, 295 &ipv6h->daddr)) != NULL) { 296 if (t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) { 297 rcu_read_unlock(); 298 goto discard; 299 } 300 301 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 302 rcu_read_unlock(); 303 return 0; 304 } 305 306 if (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr)) { 307 t->dev->stats.rx_dropped++; 308 rcu_read_unlock(); 309 goto discard; 310 } 311 312 XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = t; 313 skb->mark = be32_to_cpu(t->parms.i_key); 314 315 rcu_read_unlock(); 316 317 return xfrm6_rcv(skb); 318 } 319 rcu_read_unlock(); 320 return -EINVAL; 321 discard: 322 kfree_skb(skb); 323 return 0; 324 } 325 326 static int vti6_rcv_cb(struct sk_buff *skb, int err) 327 { 328 unsigned short family; 329 struct net_device *dev; 330 struct pcpu_sw_netstats *tstats; 331 struct xfrm_state *x; 332 struct ip6_tnl *t = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6; 333 334 if (!t) 335 return 1; 336 337 dev = t->dev; 338 339 if (err) { 340 dev->stats.rx_errors++; 341 dev->stats.rx_dropped++; 342 343 return 0; 344 } 345 346 x = xfrm_input_state(skb); 347 family = x->inner_mode->afinfo->family; 348 349 if (!xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family)) 350 return -EPERM; 351 352 skb_scrub_packet(skb, !net_eq(t->net, dev_net(skb->dev))); 353 skb->dev = dev; 354 355 tstats = this_cpu_ptr(dev->tstats); 356 u64_stats_update_begin(&tstats->syncp); 357 tstats->rx_packets++; 358 tstats->rx_bytes += skb->len; 359 u64_stats_update_end(&tstats->syncp); 360 361 return 0; 362 } 363 364 /** 365 * vti6_addr_conflict - compare packet addresses to tunnel's own 366 * @t: the outgoing tunnel device 367 * @hdr: IPv6 header from the incoming packet 368 * 369 * Description: 370 * Avoid trivial tunneling loop by checking that tunnel exit-point 371 * doesn't match source of incoming packet. 372 * 373 * Return: 374 * 1 if conflict, 375 * 0 else 376 **/ 377 static inline bool 378 vti6_addr_conflict(const struct ip6_tnl *t, const struct ipv6hdr *hdr) 379 { 380 return ipv6_addr_equal(&t->parms.raddr, &hdr->saddr); 381 } 382 383 static bool vti6_state_check(const struct xfrm_state *x, 384 const struct in6_addr *dst, 385 const struct in6_addr *src) 386 { 387 xfrm_address_t *daddr = (xfrm_address_t *)dst; 388 xfrm_address_t *saddr = (xfrm_address_t *)src; 389 390 /* if there is no transform then this tunnel is not functional. 391 * Or if the xfrm is not mode tunnel. 392 */ 393 if (!x || x->props.mode != XFRM_MODE_TUNNEL || 394 x->props.family != AF_INET6) 395 return false; 396 397 if (ipv6_addr_any(dst)) 398 return xfrm_addr_equal(saddr, &x->props.saddr, AF_INET6); 399 400 if (!xfrm_state_addr_check(x, daddr, saddr, AF_INET6)) 401 return false; 402 403 return true; 404 } 405 406 /** 407 * vti6_xmit - send a packet 408 * @skb: the outgoing socket buffer 409 * @dev: the outgoing tunnel device 410 * @fl: the flow informations for the xfrm_lookup 411 **/ 412 static int 413 vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl) 414 { 415 struct ip6_tnl *t = netdev_priv(dev); 416 struct net_device_stats *stats = &t->dev->stats; 417 struct dst_entry *dst = skb_dst(skb); 418 struct net_device *tdev; 419 int err = -1; 420 421 if (!dst) 422 goto tx_err_link_failure; 423 424 dst_hold(dst); 425 dst = xfrm_lookup(t->net, dst, fl, NULL, 0); 426 if (IS_ERR(dst)) { 427 err = PTR_ERR(dst); 428 dst = NULL; 429 goto tx_err_link_failure; 430 } 431 432 if (!vti6_state_check(dst->xfrm, &t->parms.raddr, &t->parms.laddr)) 433 goto tx_err_link_failure; 434 435 tdev = dst->dev; 436 437 if (tdev == dev) { 438 stats->collisions++; 439 net_warn_ratelimited("%s: Local routing loop detected!\n", 440 t->parms.name); 441 goto tx_err_dst_release; 442 } 443 444 skb_scrub_packet(skb, !net_eq(t->net, dev_net(dev))); 445 skb_dst_set(skb, dst); 446 skb->dev = skb_dst(skb)->dev; 447 448 err = dst_output(skb); 449 if (net_xmit_eval(err) == 0) { 450 struct pcpu_sw_netstats *tstats = this_cpu_ptr(dev->tstats); 451 452 u64_stats_update_begin(&tstats->syncp); 453 tstats->tx_bytes += skb->len; 454 tstats->tx_packets++; 455 u64_stats_update_end(&tstats->syncp); 456 } else { 457 stats->tx_errors++; 458 stats->tx_aborted_errors++; 459 } 460 461 return 0; 462 tx_err_link_failure: 463 stats->tx_carrier_errors++; 464 dst_link_failure(skb); 465 tx_err_dst_release: 466 dst_release(dst); 467 return err; 468 } 469 470 static netdev_tx_t 471 vti6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) 472 { 473 struct ip6_tnl *t = netdev_priv(dev); 474 struct net_device_stats *stats = &t->dev->stats; 475 struct ipv6hdr *ipv6h; 476 struct flowi fl; 477 int ret; 478 479 memset(&fl, 0, sizeof(fl)); 480 skb->mark = be32_to_cpu(t->parms.o_key); 481 482 switch (skb->protocol) { 483 case htons(ETH_P_IPV6): 484 ipv6h = ipv6_hdr(skb); 485 486 if ((t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) || 487 !ip6_tnl_xmit_ctl(t) || vti6_addr_conflict(t, ipv6h)) 488 goto tx_err; 489 490 xfrm_decode_session(skb, &fl, AF_INET6); 491 memset(IP6CB(skb), 0, sizeof(*IP6CB(skb))); 492 break; 493 case htons(ETH_P_IP): 494 xfrm_decode_session(skb, &fl, AF_INET); 495 memset(IPCB(skb), 0, sizeof(*IPCB(skb))); 496 break; 497 default: 498 goto tx_err; 499 } 500 501 ret = vti6_xmit(skb, dev, &fl); 502 if (ret < 0) 503 goto tx_err; 504 505 return NETDEV_TX_OK; 506 507 tx_err: 508 stats->tx_errors++; 509 stats->tx_dropped++; 510 kfree_skb(skb); 511 return NETDEV_TX_OK; 512 } 513 514 static int vti6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 515 u8 type, u8 code, int offset, __be32 info) 516 { 517 __be32 spi; 518 __u32 mark; 519 struct xfrm_state *x; 520 struct ip6_tnl *t; 521 struct ip_esp_hdr *esph; 522 struct ip_auth_hdr *ah; 523 struct ip_comp_hdr *ipch; 524 struct net *net = dev_net(skb->dev); 525 const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data; 526 int protocol = iph->nexthdr; 527 528 t = vti6_tnl_lookup(dev_net(skb->dev), &iph->daddr, &iph->saddr); 529 if (!t) 530 return -1; 531 532 mark = be32_to_cpu(t->parms.o_key); 533 534 switch (protocol) { 535 case IPPROTO_ESP: 536 esph = (struct ip_esp_hdr *)(skb->data + offset); 537 spi = esph->spi; 538 break; 539 case IPPROTO_AH: 540 ah = (struct ip_auth_hdr *)(skb->data + offset); 541 spi = ah->spi; 542 break; 543 case IPPROTO_COMP: 544 ipch = (struct ip_comp_hdr *)(skb->data + offset); 545 spi = htonl(ntohs(ipch->cpi)); 546 break; 547 default: 548 return 0; 549 } 550 551 if (type != ICMPV6_PKT_TOOBIG && 552 type != NDISC_REDIRECT) 553 return 0; 554 555 x = xfrm_state_lookup(net, mark, (const xfrm_address_t *)&iph->daddr, 556 spi, protocol, AF_INET6); 557 if (!x) 558 return 0; 559 560 if (type == NDISC_REDIRECT) 561 ip6_redirect(skb, net, skb->dev->ifindex, 0); 562 else 563 ip6_update_pmtu(skb, net, info, 0, 0); 564 xfrm_state_put(x); 565 566 return 0; 567 } 568 569 static void vti6_link_config(struct ip6_tnl *t) 570 { 571 struct net_device *dev = t->dev; 572 struct __ip6_tnl_parm *p = &t->parms; 573 574 memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr)); 575 memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr)); 576 577 p->flags &= ~(IP6_TNL_F_CAP_XMIT | IP6_TNL_F_CAP_RCV | 578 IP6_TNL_F_CAP_PER_PACKET); 579 p->flags |= ip6_tnl_get_cap(t, &p->laddr, &p->raddr); 580 581 if (p->flags & IP6_TNL_F_CAP_XMIT && p->flags & IP6_TNL_F_CAP_RCV) 582 dev->flags |= IFF_POINTOPOINT; 583 else 584 dev->flags &= ~IFF_POINTOPOINT; 585 586 dev->iflink = p->link; 587 } 588 589 /** 590 * vti6_tnl_change - update the tunnel parameters 591 * @t: tunnel to be changed 592 * @p: tunnel configuration parameters 593 * 594 * Description: 595 * vti6_tnl_change() updates the tunnel parameters 596 **/ 597 static int 598 vti6_tnl_change(struct ip6_tnl *t, const struct __ip6_tnl_parm *p) 599 { 600 t->parms.laddr = p->laddr; 601 t->parms.raddr = p->raddr; 602 t->parms.link = p->link; 603 t->parms.i_key = p->i_key; 604 t->parms.o_key = p->o_key; 605 t->parms.proto = p->proto; 606 ip6_tnl_dst_reset(t); 607 vti6_link_config(t); 608 return 0; 609 } 610 611 static int vti6_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p) 612 { 613 struct net *net = dev_net(t->dev); 614 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 615 int err; 616 617 vti6_tnl_unlink(ip6n, t); 618 synchronize_net(); 619 err = vti6_tnl_change(t, p); 620 vti6_tnl_link(ip6n, t); 621 netdev_state_change(t->dev); 622 return err; 623 } 624 625 static void 626 vti6_parm_from_user(struct __ip6_tnl_parm *p, const struct ip6_tnl_parm2 *u) 627 { 628 p->laddr = u->laddr; 629 p->raddr = u->raddr; 630 p->link = u->link; 631 p->i_key = u->i_key; 632 p->o_key = u->o_key; 633 p->proto = u->proto; 634 635 memcpy(p->name, u->name, sizeof(u->name)); 636 } 637 638 static void 639 vti6_parm_to_user(struct ip6_tnl_parm2 *u, const struct __ip6_tnl_parm *p) 640 { 641 u->laddr = p->laddr; 642 u->raddr = p->raddr; 643 u->link = p->link; 644 u->i_key = p->i_key; 645 u->o_key = p->o_key; 646 u->proto = p->proto; 647 648 memcpy(u->name, p->name, sizeof(u->name)); 649 } 650 651 /** 652 * vti6_tnl_ioctl - configure vti6 tunnels from userspace 653 * @dev: virtual device associated with tunnel 654 * @ifr: parameters passed from userspace 655 * @cmd: command to be performed 656 * 657 * Description: 658 * vti6_ioctl() is used for managing vti6 tunnels 659 * from userspace. 660 * 661 * The possible commands are the following: 662 * %SIOCGETTUNNEL: get tunnel parameters for device 663 * %SIOCADDTUNNEL: add tunnel matching given tunnel parameters 664 * %SIOCCHGTUNNEL: change tunnel parameters to those given 665 * %SIOCDELTUNNEL: delete tunnel 666 * 667 * The fallback device "ip6_vti0", created during module 668 * initialization, can be used for creating other tunnel devices. 669 * 670 * Return: 671 * 0 on success, 672 * %-EFAULT if unable to copy data to or from userspace, 673 * %-EPERM if current process hasn't %CAP_NET_ADMIN set 674 * %-EINVAL if passed tunnel parameters are invalid, 675 * %-EEXIST if changing a tunnel's parameters would cause a conflict 676 * %-ENODEV if attempting to change or delete a nonexisting device 677 **/ 678 static int 679 vti6_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) 680 { 681 int err = 0; 682 struct ip6_tnl_parm2 p; 683 struct __ip6_tnl_parm p1; 684 struct ip6_tnl *t = NULL; 685 struct net *net = dev_net(dev); 686 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 687 688 switch (cmd) { 689 case SIOCGETTUNNEL: 690 if (dev == ip6n->fb_tnl_dev) { 691 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) { 692 err = -EFAULT; 693 break; 694 } 695 vti6_parm_from_user(&p1, &p); 696 t = vti6_locate(net, &p1, 0); 697 } else { 698 memset(&p, 0, sizeof(p)); 699 } 700 if (t == NULL) 701 t = netdev_priv(dev); 702 vti6_parm_to_user(&p, &t->parms); 703 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) 704 err = -EFAULT; 705 break; 706 case SIOCADDTUNNEL: 707 case SIOCCHGTUNNEL: 708 err = -EPERM; 709 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 710 break; 711 err = -EFAULT; 712 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 713 break; 714 err = -EINVAL; 715 if (p.proto != IPPROTO_IPV6 && p.proto != 0) 716 break; 717 vti6_parm_from_user(&p1, &p); 718 t = vti6_locate(net, &p1, cmd == SIOCADDTUNNEL); 719 if (dev != ip6n->fb_tnl_dev && cmd == SIOCCHGTUNNEL) { 720 if (t != NULL) { 721 if (t->dev != dev) { 722 err = -EEXIST; 723 break; 724 } 725 } else 726 t = netdev_priv(dev); 727 728 err = vti6_update(t, &p1); 729 } 730 if (t) { 731 err = 0; 732 vti6_parm_to_user(&p, &t->parms); 733 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) 734 err = -EFAULT; 735 736 } else 737 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT); 738 break; 739 case SIOCDELTUNNEL: 740 err = -EPERM; 741 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 742 break; 743 744 if (dev == ip6n->fb_tnl_dev) { 745 err = -EFAULT; 746 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 747 break; 748 err = -ENOENT; 749 vti6_parm_from_user(&p1, &p); 750 t = vti6_locate(net, &p1, 0); 751 if (t == NULL) 752 break; 753 err = -EPERM; 754 if (t->dev == ip6n->fb_tnl_dev) 755 break; 756 dev = t->dev; 757 } 758 err = 0; 759 unregister_netdevice(dev); 760 break; 761 default: 762 err = -EINVAL; 763 } 764 return err; 765 } 766 767 /** 768 * vti6_tnl_change_mtu - change mtu manually for tunnel device 769 * @dev: virtual device associated with tunnel 770 * @new_mtu: the new mtu 771 * 772 * Return: 773 * 0 on success, 774 * %-EINVAL if mtu too small 775 **/ 776 static int vti6_change_mtu(struct net_device *dev, int new_mtu) 777 { 778 if (new_mtu < IPV6_MIN_MTU) 779 return -EINVAL; 780 781 dev->mtu = new_mtu; 782 return 0; 783 } 784 785 static const struct net_device_ops vti6_netdev_ops = { 786 .ndo_uninit = vti6_dev_uninit, 787 .ndo_start_xmit = vti6_tnl_xmit, 788 .ndo_do_ioctl = vti6_ioctl, 789 .ndo_change_mtu = vti6_change_mtu, 790 .ndo_get_stats64 = ip_tunnel_get_stats64, 791 }; 792 793 /** 794 * vti6_dev_setup - setup virtual tunnel device 795 * @dev: virtual device associated with tunnel 796 * 797 * Description: 798 * Initialize function pointers and device parameters 799 **/ 800 static void vti6_dev_setup(struct net_device *dev) 801 { 802 dev->netdev_ops = &vti6_netdev_ops; 803 dev->destructor = vti6_dev_free; 804 805 dev->type = ARPHRD_TUNNEL6; 806 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct ipv6hdr); 807 dev->mtu = ETH_DATA_LEN; 808 dev->flags |= IFF_NOARP; 809 dev->addr_len = sizeof(struct in6_addr); 810 netif_keep_dst(dev); 811 } 812 813 /** 814 * vti6_dev_init_gen - general initializer for all tunnel devices 815 * @dev: virtual device associated with tunnel 816 **/ 817 static inline int vti6_dev_init_gen(struct net_device *dev) 818 { 819 struct ip6_tnl *t = netdev_priv(dev); 820 821 t->dev = dev; 822 t->net = dev_net(dev); 823 dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats); 824 if (!dev->tstats) 825 return -ENOMEM; 826 return 0; 827 } 828 829 /** 830 * vti6_dev_init - initializer for all non fallback tunnel devices 831 * @dev: virtual device associated with tunnel 832 **/ 833 static int vti6_dev_init(struct net_device *dev) 834 { 835 struct ip6_tnl *t = netdev_priv(dev); 836 int err = vti6_dev_init_gen(dev); 837 838 if (err) 839 return err; 840 vti6_link_config(t); 841 return 0; 842 } 843 844 /** 845 * vti6_fb_tnl_dev_init - initializer for fallback tunnel device 846 * @dev: fallback device 847 * 848 * Return: 0 849 **/ 850 static int __net_init vti6_fb_tnl_dev_init(struct net_device *dev) 851 { 852 struct ip6_tnl *t = netdev_priv(dev); 853 struct net *net = dev_net(dev); 854 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 855 int err = vti6_dev_init_gen(dev); 856 857 if (err) 858 return err; 859 860 t->parms.proto = IPPROTO_IPV6; 861 dev_hold(dev); 862 863 vti6_link_config(t); 864 865 rcu_assign_pointer(ip6n->tnls_wc[0], t); 866 return 0; 867 } 868 869 static int vti6_validate(struct nlattr *tb[], struct nlattr *data[]) 870 { 871 return 0; 872 } 873 874 static void vti6_netlink_parms(struct nlattr *data[], 875 struct __ip6_tnl_parm *parms) 876 { 877 memset(parms, 0, sizeof(*parms)); 878 879 if (!data) 880 return; 881 882 if (data[IFLA_VTI_LINK]) 883 parms->link = nla_get_u32(data[IFLA_VTI_LINK]); 884 885 if (data[IFLA_VTI_LOCAL]) 886 nla_memcpy(&parms->laddr, data[IFLA_VTI_LOCAL], 887 sizeof(struct in6_addr)); 888 889 if (data[IFLA_VTI_REMOTE]) 890 nla_memcpy(&parms->raddr, data[IFLA_VTI_REMOTE], 891 sizeof(struct in6_addr)); 892 893 if (data[IFLA_VTI_IKEY]) 894 parms->i_key = nla_get_be32(data[IFLA_VTI_IKEY]); 895 896 if (data[IFLA_VTI_OKEY]) 897 parms->o_key = nla_get_be32(data[IFLA_VTI_OKEY]); 898 } 899 900 static int vti6_newlink(struct net *src_net, struct net_device *dev, 901 struct nlattr *tb[], struct nlattr *data[]) 902 { 903 struct net *net = dev_net(dev); 904 struct ip6_tnl *nt; 905 906 nt = netdev_priv(dev); 907 vti6_netlink_parms(data, &nt->parms); 908 909 nt->parms.proto = IPPROTO_IPV6; 910 911 if (vti6_locate(net, &nt->parms, 0)) 912 return -EEXIST; 913 914 return vti6_tnl_create2(dev); 915 } 916 917 static int vti6_changelink(struct net_device *dev, struct nlattr *tb[], 918 struct nlattr *data[]) 919 { 920 struct ip6_tnl *t; 921 struct __ip6_tnl_parm p; 922 struct net *net = dev_net(dev); 923 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 924 925 if (dev == ip6n->fb_tnl_dev) 926 return -EINVAL; 927 928 vti6_netlink_parms(data, &p); 929 930 t = vti6_locate(net, &p, 0); 931 932 if (t) { 933 if (t->dev != dev) 934 return -EEXIST; 935 } else 936 t = netdev_priv(dev); 937 938 return vti6_update(t, &p); 939 } 940 941 static size_t vti6_get_size(const struct net_device *dev) 942 { 943 return 944 /* IFLA_VTI_LINK */ 945 nla_total_size(4) + 946 /* IFLA_VTI_LOCAL */ 947 nla_total_size(sizeof(struct in6_addr)) + 948 /* IFLA_VTI_REMOTE */ 949 nla_total_size(sizeof(struct in6_addr)) + 950 /* IFLA_VTI_IKEY */ 951 nla_total_size(4) + 952 /* IFLA_VTI_OKEY */ 953 nla_total_size(4) + 954 0; 955 } 956 957 static int vti6_fill_info(struct sk_buff *skb, const struct net_device *dev) 958 { 959 struct ip6_tnl *tunnel = netdev_priv(dev); 960 struct __ip6_tnl_parm *parm = &tunnel->parms; 961 962 if (nla_put_u32(skb, IFLA_VTI_LINK, parm->link) || 963 nla_put(skb, IFLA_VTI_LOCAL, sizeof(struct in6_addr), 964 &parm->laddr) || 965 nla_put(skb, IFLA_VTI_REMOTE, sizeof(struct in6_addr), 966 &parm->raddr) || 967 nla_put_be32(skb, IFLA_VTI_IKEY, parm->i_key) || 968 nla_put_be32(skb, IFLA_VTI_OKEY, parm->o_key)) 969 goto nla_put_failure; 970 return 0; 971 972 nla_put_failure: 973 return -EMSGSIZE; 974 } 975 976 static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = { 977 [IFLA_VTI_LINK] = { .type = NLA_U32 }, 978 [IFLA_VTI_LOCAL] = { .len = sizeof(struct in6_addr) }, 979 [IFLA_VTI_REMOTE] = { .len = sizeof(struct in6_addr) }, 980 [IFLA_VTI_IKEY] = { .type = NLA_U32 }, 981 [IFLA_VTI_OKEY] = { .type = NLA_U32 }, 982 }; 983 984 static struct rtnl_link_ops vti6_link_ops __read_mostly = { 985 .kind = "vti6", 986 .maxtype = IFLA_VTI_MAX, 987 .policy = vti6_policy, 988 .priv_size = sizeof(struct ip6_tnl), 989 .setup = vti6_dev_setup, 990 .validate = vti6_validate, 991 .newlink = vti6_newlink, 992 .changelink = vti6_changelink, 993 .get_size = vti6_get_size, 994 .fill_info = vti6_fill_info, 995 }; 996 997 static void __net_exit vti6_destroy_tunnels(struct vti6_net *ip6n) 998 { 999 int h; 1000 struct ip6_tnl *t; 1001 LIST_HEAD(list); 1002 1003 for (h = 0; h < HASH_SIZE; h++) { 1004 t = rtnl_dereference(ip6n->tnls_r_l[h]); 1005 while (t != NULL) { 1006 unregister_netdevice_queue(t->dev, &list); 1007 t = rtnl_dereference(t->next); 1008 } 1009 } 1010 1011 t = rtnl_dereference(ip6n->tnls_wc[0]); 1012 unregister_netdevice_queue(t->dev, &list); 1013 unregister_netdevice_many(&list); 1014 } 1015 1016 static int __net_init vti6_init_net(struct net *net) 1017 { 1018 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 1019 struct ip6_tnl *t = NULL; 1020 int err; 1021 1022 ip6n->tnls[0] = ip6n->tnls_wc; 1023 ip6n->tnls[1] = ip6n->tnls_r_l; 1024 1025 err = -ENOMEM; 1026 ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6_vti0", 1027 NET_NAME_UNKNOWN, vti6_dev_setup); 1028 1029 if (!ip6n->fb_tnl_dev) 1030 goto err_alloc_dev; 1031 dev_net_set(ip6n->fb_tnl_dev, net); 1032 1033 err = vti6_fb_tnl_dev_init(ip6n->fb_tnl_dev); 1034 if (err < 0) 1035 goto err_register; 1036 1037 err = register_netdev(ip6n->fb_tnl_dev); 1038 if (err < 0) 1039 goto err_register; 1040 1041 t = netdev_priv(ip6n->fb_tnl_dev); 1042 1043 strcpy(t->parms.name, ip6n->fb_tnl_dev->name); 1044 return 0; 1045 1046 err_register: 1047 vti6_dev_free(ip6n->fb_tnl_dev); 1048 err_alloc_dev: 1049 return err; 1050 } 1051 1052 static void __net_exit vti6_exit_net(struct net *net) 1053 { 1054 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 1055 1056 rtnl_lock(); 1057 vti6_destroy_tunnels(ip6n); 1058 rtnl_unlock(); 1059 } 1060 1061 static struct pernet_operations vti6_net_ops = { 1062 .init = vti6_init_net, 1063 .exit = vti6_exit_net, 1064 .id = &vti6_net_id, 1065 .size = sizeof(struct vti6_net), 1066 }; 1067 1068 static struct xfrm6_protocol vti_esp6_protocol __read_mostly = { 1069 .handler = vti6_rcv, 1070 .cb_handler = vti6_rcv_cb, 1071 .err_handler = vti6_err, 1072 .priority = 100, 1073 }; 1074 1075 static struct xfrm6_protocol vti_ah6_protocol __read_mostly = { 1076 .handler = vti6_rcv, 1077 .cb_handler = vti6_rcv_cb, 1078 .err_handler = vti6_err, 1079 .priority = 100, 1080 }; 1081 1082 static struct xfrm6_protocol vti_ipcomp6_protocol __read_mostly = { 1083 .handler = vti6_rcv, 1084 .cb_handler = vti6_rcv_cb, 1085 .err_handler = vti6_err, 1086 .priority = 100, 1087 }; 1088 1089 /** 1090 * vti6_tunnel_init - register protocol and reserve needed resources 1091 * 1092 * Return: 0 on success 1093 **/ 1094 static int __init vti6_tunnel_init(void) 1095 { 1096 const char *msg; 1097 int err; 1098 1099 msg = "tunnel device"; 1100 err = register_pernet_device(&vti6_net_ops); 1101 if (err < 0) 1102 goto pernet_dev_failed; 1103 1104 msg = "tunnel protocols"; 1105 err = xfrm6_protocol_register(&vti_esp6_protocol, IPPROTO_ESP); 1106 if (err < 0) 1107 goto xfrm_proto_esp_failed; 1108 err = xfrm6_protocol_register(&vti_ah6_protocol, IPPROTO_AH); 1109 if (err < 0) 1110 goto xfrm_proto_ah_failed; 1111 err = xfrm6_protocol_register(&vti_ipcomp6_protocol, IPPROTO_COMP); 1112 if (err < 0) 1113 goto xfrm_proto_comp_failed; 1114 1115 msg = "netlink interface"; 1116 err = rtnl_link_register(&vti6_link_ops); 1117 if (err < 0) 1118 goto rtnl_link_failed; 1119 1120 return 0; 1121 1122 rtnl_link_failed: 1123 xfrm6_protocol_deregister(&vti_ipcomp6_protocol, IPPROTO_COMP); 1124 xfrm_proto_comp_failed: 1125 xfrm6_protocol_deregister(&vti_ah6_protocol, IPPROTO_AH); 1126 xfrm_proto_ah_failed: 1127 xfrm6_protocol_deregister(&vti_esp6_protocol, IPPROTO_ESP); 1128 xfrm_proto_esp_failed: 1129 unregister_pernet_device(&vti6_net_ops); 1130 pernet_dev_failed: 1131 pr_err("vti6 init: failed to register %s\n", msg); 1132 return err; 1133 } 1134 1135 /** 1136 * vti6_tunnel_cleanup - free resources and unregister protocol 1137 **/ 1138 static void __exit vti6_tunnel_cleanup(void) 1139 { 1140 rtnl_link_unregister(&vti6_link_ops); 1141 xfrm6_protocol_deregister(&vti_ipcomp6_protocol, IPPROTO_COMP); 1142 xfrm6_protocol_deregister(&vti_ah6_protocol, IPPROTO_AH); 1143 xfrm6_protocol_deregister(&vti_esp6_protocol, IPPROTO_ESP); 1144 unregister_pernet_device(&vti6_net_ops); 1145 } 1146 1147 module_init(vti6_tunnel_init); 1148 module_exit(vti6_tunnel_cleanup); 1149 MODULE_LICENSE("GPL"); 1150 MODULE_ALIAS_RTNL_LINK("vti6"); 1151 MODULE_ALIAS_NETDEV("ip6_vti0"); 1152 MODULE_AUTHOR("Steffen Klassert"); 1153 MODULE_DESCRIPTION("IPv6 virtual tunnel interface"); 1154