1 /* 2 * IPv6 virtual tunneling interface 3 * 4 * Copyright (C) 2013 secunet Security Networks AG 5 * 6 * Author: 7 * Steffen Klassert <steffen.klassert@secunet.com> 8 * 9 * Based on: 10 * net/ipv6/ip6_tunnel.c 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 #include <linux/module.h> 19 #include <linux/capability.h> 20 #include <linux/errno.h> 21 #include <linux/types.h> 22 #include <linux/sockios.h> 23 #include <linux/icmp.h> 24 #include <linux/if.h> 25 #include <linux/in.h> 26 #include <linux/ip.h> 27 #include <linux/if_tunnel.h> 28 #include <linux/net.h> 29 #include <linux/in6.h> 30 #include <linux/netdevice.h> 31 #include <linux/if_arp.h> 32 #include <linux/icmpv6.h> 33 #include <linux/init.h> 34 #include <linux/route.h> 35 #include <linux/rtnetlink.h> 36 #include <linux/netfilter_ipv6.h> 37 #include <linux/slab.h> 38 #include <linux/hash.h> 39 40 #include <linux/uaccess.h> 41 #include <linux/atomic.h> 42 43 #include <net/icmp.h> 44 #include <net/ip.h> 45 #include <net/ip_tunnels.h> 46 #include <net/ipv6.h> 47 #include <net/ip6_route.h> 48 #include <net/addrconf.h> 49 #include <net/ip6_tunnel.h> 50 #include <net/xfrm.h> 51 #include <net/net_namespace.h> 52 #include <net/netns/generic.h> 53 54 #define HASH_SIZE_SHIFT 5 55 #define HASH_SIZE (1 << HASH_SIZE_SHIFT) 56 57 static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) 58 { 59 u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2); 60 61 return hash_32(hash, HASH_SIZE_SHIFT); 62 } 63 64 static int vti6_dev_init(struct net_device *dev); 65 static void vti6_dev_setup(struct net_device *dev); 66 static struct rtnl_link_ops vti6_link_ops __read_mostly; 67 68 static int vti6_net_id __read_mostly; 69 struct vti6_net { 70 /* the vti6 tunnel fallback device */ 71 struct net_device *fb_tnl_dev; 72 /* lists for storing tunnels in use */ 73 struct ip6_tnl __rcu *tnls_r_l[HASH_SIZE]; 74 struct ip6_tnl __rcu *tnls_wc[1]; 75 struct ip6_tnl __rcu **tnls[2]; 76 }; 77 78 static struct net_device_stats *vti6_get_stats(struct net_device *dev) 79 { 80 struct pcpu_tstats sum = { 0 }; 81 int i; 82 83 for_each_possible_cpu(i) { 84 const struct pcpu_tstats *tstats = per_cpu_ptr(dev->tstats, i); 85 86 sum.rx_packets += tstats->rx_packets; 87 sum.rx_bytes += tstats->rx_bytes; 88 sum.tx_packets += tstats->tx_packets; 89 sum.tx_bytes += tstats->tx_bytes; 90 } 91 dev->stats.rx_packets = sum.rx_packets; 92 dev->stats.rx_bytes = sum.rx_bytes; 93 dev->stats.tx_packets = sum.tx_packets; 94 dev->stats.tx_bytes = sum.tx_bytes; 95 return &dev->stats; 96 } 97 98 #define for_each_vti6_tunnel_rcu(start) \ 99 for (t = rcu_dereference(start); t; t = rcu_dereference(t->next)) 100 101 /** 102 * vti6_tnl_lookup - fetch tunnel matching the end-point addresses 103 * @net: network namespace 104 * @remote: the address of the tunnel exit-point 105 * @local: the address of the tunnel entry-point 106 * 107 * Return: 108 * tunnel matching given end-points if found, 109 * else fallback tunnel if its device is up, 110 * else %NULL 111 **/ 112 static struct ip6_tnl * 113 vti6_tnl_lookup(struct net *net, const struct in6_addr *remote, 114 const struct in6_addr *local) 115 { 116 unsigned int hash = HASH(remote, local); 117 struct ip6_tnl *t; 118 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 119 120 for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) { 121 if (ipv6_addr_equal(local, &t->parms.laddr) && 122 ipv6_addr_equal(remote, &t->parms.raddr) && 123 (t->dev->flags & IFF_UP)) 124 return t; 125 } 126 t = rcu_dereference(ip6n->tnls_wc[0]); 127 if (t && (t->dev->flags & IFF_UP)) 128 return t; 129 130 return NULL; 131 } 132 133 /** 134 * vti6_tnl_bucket - get head of list matching given tunnel parameters 135 * @p: parameters containing tunnel end-points 136 * 137 * Description: 138 * vti6_tnl_bucket() returns the head of the list matching the 139 * &struct in6_addr entries laddr and raddr in @p. 140 * 141 * Return: head of IPv6 tunnel list 142 **/ 143 static struct ip6_tnl __rcu ** 144 vti6_tnl_bucket(struct vti6_net *ip6n, const struct __ip6_tnl_parm *p) 145 { 146 const struct in6_addr *remote = &p->raddr; 147 const struct in6_addr *local = &p->laddr; 148 unsigned int h = 0; 149 int prio = 0; 150 151 if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) { 152 prio = 1; 153 h = HASH(remote, local); 154 } 155 return &ip6n->tnls[prio][h]; 156 } 157 158 static void 159 vti6_tnl_link(struct vti6_net *ip6n, struct ip6_tnl *t) 160 { 161 struct ip6_tnl __rcu **tp = vti6_tnl_bucket(ip6n, &t->parms); 162 163 rcu_assign_pointer(t->next , rtnl_dereference(*tp)); 164 rcu_assign_pointer(*tp, t); 165 } 166 167 static void 168 vti6_tnl_unlink(struct vti6_net *ip6n, struct ip6_tnl *t) 169 { 170 struct ip6_tnl __rcu **tp; 171 struct ip6_tnl *iter; 172 173 for (tp = vti6_tnl_bucket(ip6n, &t->parms); 174 (iter = rtnl_dereference(*tp)) != NULL; 175 tp = &iter->next) { 176 if (t == iter) { 177 rcu_assign_pointer(*tp, t->next); 178 break; 179 } 180 } 181 } 182 183 static void vti6_dev_free(struct net_device *dev) 184 { 185 free_percpu(dev->tstats); 186 free_netdev(dev); 187 } 188 189 static int vti6_tnl_create2(struct net_device *dev) 190 { 191 struct ip6_tnl *t = netdev_priv(dev); 192 struct net *net = dev_net(dev); 193 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 194 int err; 195 196 err = vti6_dev_init(dev); 197 if (err < 0) 198 goto out; 199 200 err = register_netdevice(dev); 201 if (err < 0) 202 goto out; 203 204 strcpy(t->parms.name, dev->name); 205 dev->rtnl_link_ops = &vti6_link_ops; 206 207 dev_hold(dev); 208 vti6_tnl_link(ip6n, t); 209 210 return 0; 211 212 out: 213 return err; 214 } 215 216 static struct ip6_tnl *vti6_tnl_create(struct net *net, struct __ip6_tnl_parm *p) 217 { 218 struct net_device *dev; 219 struct ip6_tnl *t; 220 char name[IFNAMSIZ]; 221 int err; 222 223 if (p->name[0]) 224 strlcpy(name, p->name, IFNAMSIZ); 225 else 226 sprintf(name, "ip6_vti%%d"); 227 228 dev = alloc_netdev(sizeof(*t), name, vti6_dev_setup); 229 if (dev == NULL) 230 goto failed; 231 232 dev_net_set(dev, net); 233 234 t = netdev_priv(dev); 235 t->parms = *p; 236 t->net = dev_net(dev); 237 238 err = vti6_tnl_create2(dev); 239 if (err < 0) 240 goto failed_free; 241 242 return t; 243 244 failed_free: 245 vti6_dev_free(dev); 246 failed: 247 return NULL; 248 } 249 250 /** 251 * vti6_locate - find or create tunnel matching given parameters 252 * @net: network namespace 253 * @p: tunnel parameters 254 * @create: != 0 if allowed to create new tunnel if no match found 255 * 256 * Description: 257 * vti6_locate() first tries to locate an existing tunnel 258 * based on @parms. If this is unsuccessful, but @create is set a new 259 * tunnel device is created and registered for use. 260 * 261 * Return: 262 * matching tunnel or NULL 263 **/ 264 static struct ip6_tnl *vti6_locate(struct net *net, struct __ip6_tnl_parm *p, 265 int create) 266 { 267 const struct in6_addr *remote = &p->raddr; 268 const struct in6_addr *local = &p->laddr; 269 struct ip6_tnl __rcu **tp; 270 struct ip6_tnl *t; 271 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 272 273 for (tp = vti6_tnl_bucket(ip6n, p); 274 (t = rtnl_dereference(*tp)) != NULL; 275 tp = &t->next) { 276 if (ipv6_addr_equal(local, &t->parms.laddr) && 277 ipv6_addr_equal(remote, &t->parms.raddr)) 278 return t; 279 } 280 if (!create) 281 return NULL; 282 return vti6_tnl_create(net, p); 283 } 284 285 /** 286 * vti6_dev_uninit - tunnel device uninitializer 287 * @dev: the device to be destroyed 288 * 289 * Description: 290 * vti6_dev_uninit() removes tunnel from its list 291 **/ 292 static void vti6_dev_uninit(struct net_device *dev) 293 { 294 struct ip6_tnl *t = netdev_priv(dev); 295 struct net *net = dev_net(dev); 296 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 297 298 if (dev == ip6n->fb_tnl_dev) 299 RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL); 300 else 301 vti6_tnl_unlink(ip6n, t); 302 ip6_tnl_dst_reset(t); 303 dev_put(dev); 304 } 305 306 static int vti6_rcv(struct sk_buff *skb) 307 { 308 struct ip6_tnl *t; 309 const struct ipv6hdr *ipv6h = ipv6_hdr(skb); 310 311 rcu_read_lock(); 312 313 if ((t = vti6_tnl_lookup(dev_net(skb->dev), &ipv6h->saddr, 314 &ipv6h->daddr)) != NULL) { 315 struct pcpu_tstats *tstats; 316 317 if (t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) { 318 rcu_read_unlock(); 319 goto discard; 320 } 321 322 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 323 rcu_read_unlock(); 324 return 0; 325 } 326 327 if (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr)) { 328 t->dev->stats.rx_dropped++; 329 rcu_read_unlock(); 330 goto discard; 331 } 332 333 tstats = this_cpu_ptr(t->dev->tstats); 334 tstats->rx_packets++; 335 tstats->rx_bytes += skb->len; 336 337 skb->mark = 0; 338 secpath_reset(skb); 339 skb->dev = t->dev; 340 341 rcu_read_unlock(); 342 return 0; 343 } 344 rcu_read_unlock(); 345 return 1; 346 347 discard: 348 kfree_skb(skb); 349 return 0; 350 } 351 352 /** 353 * vti6_addr_conflict - compare packet addresses to tunnel's own 354 * @t: the outgoing tunnel device 355 * @hdr: IPv6 header from the incoming packet 356 * 357 * Description: 358 * Avoid trivial tunneling loop by checking that tunnel exit-point 359 * doesn't match source of incoming packet. 360 * 361 * Return: 362 * 1 if conflict, 363 * 0 else 364 **/ 365 static inline bool 366 vti6_addr_conflict(const struct ip6_tnl *t, const struct ipv6hdr *hdr) 367 { 368 return ipv6_addr_equal(&t->parms.raddr, &hdr->saddr); 369 } 370 371 /** 372 * vti6_xmit - send a packet 373 * @skb: the outgoing socket buffer 374 * @dev: the outgoing tunnel device 375 **/ 376 static int vti6_xmit(struct sk_buff *skb, struct net_device *dev) 377 { 378 struct net *net = dev_net(dev); 379 struct ip6_tnl *t = netdev_priv(dev); 380 struct net_device_stats *stats = &t->dev->stats; 381 struct dst_entry *dst = NULL, *ndst = NULL; 382 struct flowi6 fl6; 383 struct ipv6hdr *ipv6h = ipv6_hdr(skb); 384 struct net_device *tdev; 385 int err = -1; 386 387 if ((t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) || 388 !ip6_tnl_xmit_ctl(t) || vti6_addr_conflict(t, ipv6h)) 389 return err; 390 391 dst = ip6_tnl_dst_check(t); 392 if (!dst) { 393 memcpy(&fl6, &t->fl.u.ip6, sizeof(fl6)); 394 395 ndst = ip6_route_output(net, NULL, &fl6); 396 397 if (ndst->error) 398 goto tx_err_link_failure; 399 ndst = xfrm_lookup(net, ndst, flowi6_to_flowi(&fl6), NULL, 0); 400 if (IS_ERR(ndst)) { 401 err = PTR_ERR(ndst); 402 ndst = NULL; 403 goto tx_err_link_failure; 404 } 405 dst = ndst; 406 } 407 408 if (!dst->xfrm || dst->xfrm->props.mode != XFRM_MODE_TUNNEL) 409 goto tx_err_link_failure; 410 411 tdev = dst->dev; 412 413 if (tdev == dev) { 414 stats->collisions++; 415 net_warn_ratelimited("%s: Local routing loop detected!\n", 416 t->parms.name); 417 goto tx_err_dst_release; 418 } 419 420 421 skb_dst_drop(skb); 422 skb_dst_set_noref(skb, dst); 423 424 ip6tunnel_xmit(skb, dev); 425 if (ndst) { 426 dev->mtu = dst_mtu(ndst); 427 ip6_tnl_dst_store(t, ndst); 428 } 429 430 return 0; 431 tx_err_link_failure: 432 stats->tx_carrier_errors++; 433 dst_link_failure(skb); 434 tx_err_dst_release: 435 dst_release(ndst); 436 return err; 437 } 438 439 static netdev_tx_t 440 vti6_tnl_xmit(struct sk_buff *skb, struct net_device *dev) 441 { 442 struct ip6_tnl *t = netdev_priv(dev); 443 struct net_device_stats *stats = &t->dev->stats; 444 int ret; 445 446 switch (skb->protocol) { 447 case htons(ETH_P_IPV6): 448 ret = vti6_xmit(skb, dev); 449 break; 450 default: 451 goto tx_err; 452 } 453 454 if (ret < 0) 455 goto tx_err; 456 457 return NETDEV_TX_OK; 458 459 tx_err: 460 stats->tx_errors++; 461 stats->tx_dropped++; 462 kfree_skb(skb); 463 return NETDEV_TX_OK; 464 } 465 466 static void vti6_link_config(struct ip6_tnl *t) 467 { 468 struct dst_entry *dst; 469 struct net_device *dev = t->dev; 470 struct __ip6_tnl_parm *p = &t->parms; 471 struct flowi6 *fl6 = &t->fl.u.ip6; 472 473 memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr)); 474 memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr)); 475 476 /* Set up flowi template */ 477 fl6->saddr = p->laddr; 478 fl6->daddr = p->raddr; 479 fl6->flowi6_oif = p->link; 480 fl6->flowi6_mark = be32_to_cpu(p->i_key); 481 fl6->flowi6_proto = p->proto; 482 fl6->flowlabel = 0; 483 484 p->flags &= ~(IP6_TNL_F_CAP_XMIT | IP6_TNL_F_CAP_RCV | 485 IP6_TNL_F_CAP_PER_PACKET); 486 p->flags |= ip6_tnl_get_cap(t, &p->laddr, &p->raddr); 487 488 if (p->flags & IP6_TNL_F_CAP_XMIT && p->flags & IP6_TNL_F_CAP_RCV) 489 dev->flags |= IFF_POINTOPOINT; 490 else 491 dev->flags &= ~IFF_POINTOPOINT; 492 493 dev->iflink = p->link; 494 495 if (p->flags & IP6_TNL_F_CAP_XMIT) { 496 497 dst = ip6_route_output(dev_net(dev), NULL, fl6); 498 if (dst->error) 499 return; 500 501 dst = xfrm_lookup(dev_net(dev), dst, flowi6_to_flowi(fl6), 502 NULL, 0); 503 if (IS_ERR(dst)) 504 return; 505 506 if (dst->dev) { 507 dev->hard_header_len = dst->dev->hard_header_len; 508 509 dev->mtu = dst_mtu(dst); 510 511 if (dev->mtu < IPV6_MIN_MTU) 512 dev->mtu = IPV6_MIN_MTU; 513 } 514 dst_release(dst); 515 } 516 } 517 518 /** 519 * vti6_tnl_change - update the tunnel parameters 520 * @t: tunnel to be changed 521 * @p: tunnel configuration parameters 522 * 523 * Description: 524 * vti6_tnl_change() updates the tunnel parameters 525 **/ 526 static int 527 vti6_tnl_change(struct ip6_tnl *t, const struct __ip6_tnl_parm *p) 528 { 529 t->parms.laddr = p->laddr; 530 t->parms.raddr = p->raddr; 531 t->parms.link = p->link; 532 t->parms.i_key = p->i_key; 533 t->parms.o_key = p->o_key; 534 t->parms.proto = p->proto; 535 ip6_tnl_dst_reset(t); 536 vti6_link_config(t); 537 return 0; 538 } 539 540 static int vti6_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p) 541 { 542 struct net *net = dev_net(t->dev); 543 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 544 int err; 545 546 vti6_tnl_unlink(ip6n, t); 547 synchronize_net(); 548 err = vti6_tnl_change(t, p); 549 vti6_tnl_link(ip6n, t); 550 netdev_state_change(t->dev); 551 return err; 552 } 553 554 static void 555 vti6_parm_from_user(struct __ip6_tnl_parm *p, const struct ip6_tnl_parm2 *u) 556 { 557 p->laddr = u->laddr; 558 p->raddr = u->raddr; 559 p->link = u->link; 560 p->i_key = u->i_key; 561 p->o_key = u->o_key; 562 p->proto = u->proto; 563 564 memcpy(p->name, u->name, sizeof(u->name)); 565 } 566 567 static void 568 vti6_parm_to_user(struct ip6_tnl_parm2 *u, const struct __ip6_tnl_parm *p) 569 { 570 u->laddr = p->laddr; 571 u->raddr = p->raddr; 572 u->link = p->link; 573 u->i_key = p->i_key; 574 u->o_key = p->o_key; 575 u->proto = p->proto; 576 577 memcpy(u->name, p->name, sizeof(u->name)); 578 } 579 580 /** 581 * vti6_tnl_ioctl - configure vti6 tunnels from userspace 582 * @dev: virtual device associated with tunnel 583 * @ifr: parameters passed from userspace 584 * @cmd: command to be performed 585 * 586 * Description: 587 * vti6_ioctl() is used for managing vti6 tunnels 588 * from userspace. 589 * 590 * The possible commands are the following: 591 * %SIOCGETTUNNEL: get tunnel parameters for device 592 * %SIOCADDTUNNEL: add tunnel matching given tunnel parameters 593 * %SIOCCHGTUNNEL: change tunnel parameters to those given 594 * %SIOCDELTUNNEL: delete tunnel 595 * 596 * The fallback device "ip6_vti0", created during module 597 * initialization, can be used for creating other tunnel devices. 598 * 599 * Return: 600 * 0 on success, 601 * %-EFAULT if unable to copy data to or from userspace, 602 * %-EPERM if current process hasn't %CAP_NET_ADMIN set 603 * %-EINVAL if passed tunnel parameters are invalid, 604 * %-EEXIST if changing a tunnel's parameters would cause a conflict 605 * %-ENODEV if attempting to change or delete a nonexisting device 606 **/ 607 static int 608 vti6_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) 609 { 610 int err = 0; 611 struct ip6_tnl_parm2 p; 612 struct __ip6_tnl_parm p1; 613 struct ip6_tnl *t = NULL; 614 struct net *net = dev_net(dev); 615 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 616 617 switch (cmd) { 618 case SIOCGETTUNNEL: 619 if (dev == ip6n->fb_tnl_dev) { 620 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) { 621 err = -EFAULT; 622 break; 623 } 624 vti6_parm_from_user(&p1, &p); 625 t = vti6_locate(net, &p1, 0); 626 } else { 627 memset(&p, 0, sizeof(p)); 628 } 629 if (t == NULL) 630 t = netdev_priv(dev); 631 vti6_parm_to_user(&p, &t->parms); 632 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) 633 err = -EFAULT; 634 break; 635 case SIOCADDTUNNEL: 636 case SIOCCHGTUNNEL: 637 err = -EPERM; 638 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 639 break; 640 err = -EFAULT; 641 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 642 break; 643 err = -EINVAL; 644 if (p.proto != IPPROTO_IPV6 && p.proto != 0) 645 break; 646 vti6_parm_from_user(&p1, &p); 647 t = vti6_locate(net, &p1, cmd == SIOCADDTUNNEL); 648 if (dev != ip6n->fb_tnl_dev && cmd == SIOCCHGTUNNEL) { 649 if (t != NULL) { 650 if (t->dev != dev) { 651 err = -EEXIST; 652 break; 653 } 654 } else 655 t = netdev_priv(dev); 656 657 err = vti6_update(t, &p1); 658 } 659 if (t) { 660 err = 0; 661 vti6_parm_to_user(&p, &t->parms); 662 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) 663 err = -EFAULT; 664 665 } else 666 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT); 667 break; 668 case SIOCDELTUNNEL: 669 err = -EPERM; 670 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 671 break; 672 673 if (dev == ip6n->fb_tnl_dev) { 674 err = -EFAULT; 675 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) 676 break; 677 err = -ENOENT; 678 vti6_parm_from_user(&p1, &p); 679 t = vti6_locate(net, &p1, 0); 680 if (t == NULL) 681 break; 682 err = -EPERM; 683 if (t->dev == ip6n->fb_tnl_dev) 684 break; 685 dev = t->dev; 686 } 687 err = 0; 688 unregister_netdevice(dev); 689 break; 690 default: 691 err = -EINVAL; 692 } 693 return err; 694 } 695 696 /** 697 * vti6_tnl_change_mtu - change mtu manually for tunnel device 698 * @dev: virtual device associated with tunnel 699 * @new_mtu: the new mtu 700 * 701 * Return: 702 * 0 on success, 703 * %-EINVAL if mtu too small 704 **/ 705 static int vti6_change_mtu(struct net_device *dev, int new_mtu) 706 { 707 if (new_mtu < IPV6_MIN_MTU) 708 return -EINVAL; 709 710 dev->mtu = new_mtu; 711 return 0; 712 } 713 714 static const struct net_device_ops vti6_netdev_ops = { 715 .ndo_uninit = vti6_dev_uninit, 716 .ndo_start_xmit = vti6_tnl_xmit, 717 .ndo_do_ioctl = vti6_ioctl, 718 .ndo_change_mtu = vti6_change_mtu, 719 .ndo_get_stats = vti6_get_stats, 720 }; 721 722 /** 723 * vti6_dev_setup - setup virtual tunnel device 724 * @dev: virtual device associated with tunnel 725 * 726 * Description: 727 * Initialize function pointers and device parameters 728 **/ 729 static void vti6_dev_setup(struct net_device *dev) 730 { 731 struct ip6_tnl *t; 732 733 dev->netdev_ops = &vti6_netdev_ops; 734 dev->destructor = vti6_dev_free; 735 736 dev->type = ARPHRD_TUNNEL6; 737 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct ipv6hdr); 738 dev->mtu = ETH_DATA_LEN; 739 t = netdev_priv(dev); 740 dev->flags |= IFF_NOARP; 741 dev->addr_len = sizeof(struct in6_addr); 742 dev->features |= NETIF_F_NETNS_LOCAL; 743 dev->priv_flags &= ~IFF_XMIT_DST_RELEASE; 744 } 745 746 /** 747 * vti6_dev_init_gen - general initializer for all tunnel devices 748 * @dev: virtual device associated with tunnel 749 **/ 750 static inline int vti6_dev_init_gen(struct net_device *dev) 751 { 752 struct ip6_tnl *t = netdev_priv(dev); 753 754 t->dev = dev; 755 t->net = dev_net(dev); 756 dev->tstats = alloc_percpu(struct pcpu_tstats); 757 if (!dev->tstats) 758 return -ENOMEM; 759 return 0; 760 } 761 762 /** 763 * vti6_dev_init - initializer for all non fallback tunnel devices 764 * @dev: virtual device associated with tunnel 765 **/ 766 static int vti6_dev_init(struct net_device *dev) 767 { 768 struct ip6_tnl *t = netdev_priv(dev); 769 int err = vti6_dev_init_gen(dev); 770 771 if (err) 772 return err; 773 vti6_link_config(t); 774 return 0; 775 } 776 777 /** 778 * vti6_fb_tnl_dev_init - initializer for fallback tunnel device 779 * @dev: fallback device 780 * 781 * Return: 0 782 **/ 783 static int __net_init vti6_fb_tnl_dev_init(struct net_device *dev) 784 { 785 struct ip6_tnl *t = netdev_priv(dev); 786 struct net *net = dev_net(dev); 787 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 788 int err = vti6_dev_init_gen(dev); 789 790 if (err) 791 return err; 792 793 t->parms.proto = IPPROTO_IPV6; 794 dev_hold(dev); 795 796 vti6_link_config(t); 797 798 rcu_assign_pointer(ip6n->tnls_wc[0], t); 799 return 0; 800 } 801 802 static int vti6_validate(struct nlattr *tb[], struct nlattr *data[]) 803 { 804 return 0; 805 } 806 807 static void vti6_netlink_parms(struct nlattr *data[], 808 struct __ip6_tnl_parm *parms) 809 { 810 memset(parms, 0, sizeof(*parms)); 811 812 if (!data) 813 return; 814 815 if (data[IFLA_VTI_LINK]) 816 parms->link = nla_get_u32(data[IFLA_VTI_LINK]); 817 818 if (data[IFLA_VTI_LOCAL]) 819 nla_memcpy(&parms->laddr, data[IFLA_VTI_LOCAL], 820 sizeof(struct in6_addr)); 821 822 if (data[IFLA_VTI_REMOTE]) 823 nla_memcpy(&parms->raddr, data[IFLA_VTI_REMOTE], 824 sizeof(struct in6_addr)); 825 826 if (data[IFLA_VTI_IKEY]) 827 parms->i_key = nla_get_be32(data[IFLA_VTI_IKEY]); 828 829 if (data[IFLA_VTI_OKEY]) 830 parms->o_key = nla_get_be32(data[IFLA_VTI_OKEY]); 831 } 832 833 static int vti6_newlink(struct net *src_net, struct net_device *dev, 834 struct nlattr *tb[], struct nlattr *data[]) 835 { 836 struct net *net = dev_net(dev); 837 struct ip6_tnl *nt; 838 839 nt = netdev_priv(dev); 840 vti6_netlink_parms(data, &nt->parms); 841 842 nt->parms.proto = IPPROTO_IPV6; 843 844 if (vti6_locate(net, &nt->parms, 0)) 845 return -EEXIST; 846 847 return vti6_tnl_create2(dev); 848 } 849 850 static int vti6_changelink(struct net_device *dev, struct nlattr *tb[], 851 struct nlattr *data[]) 852 { 853 struct ip6_tnl *t; 854 struct __ip6_tnl_parm p; 855 struct net *net = dev_net(dev); 856 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 857 858 if (dev == ip6n->fb_tnl_dev) 859 return -EINVAL; 860 861 vti6_netlink_parms(data, &p); 862 863 t = vti6_locate(net, &p, 0); 864 865 if (t) { 866 if (t->dev != dev) 867 return -EEXIST; 868 } else 869 t = netdev_priv(dev); 870 871 return vti6_update(t, &p); 872 } 873 874 static size_t vti6_get_size(const struct net_device *dev) 875 { 876 return 877 /* IFLA_VTI_LINK */ 878 nla_total_size(4) + 879 /* IFLA_VTI_LOCAL */ 880 nla_total_size(sizeof(struct in6_addr)) + 881 /* IFLA_VTI_REMOTE */ 882 nla_total_size(sizeof(struct in6_addr)) + 883 /* IFLA_VTI_IKEY */ 884 nla_total_size(4) + 885 /* IFLA_VTI_OKEY */ 886 nla_total_size(4) + 887 0; 888 } 889 890 static int vti6_fill_info(struct sk_buff *skb, const struct net_device *dev) 891 { 892 struct ip6_tnl *tunnel = netdev_priv(dev); 893 struct __ip6_tnl_parm *parm = &tunnel->parms; 894 895 if (nla_put_u32(skb, IFLA_VTI_LINK, parm->link) || 896 nla_put(skb, IFLA_VTI_LOCAL, sizeof(struct in6_addr), 897 &parm->laddr) || 898 nla_put(skb, IFLA_VTI_REMOTE, sizeof(struct in6_addr), 899 &parm->raddr) || 900 nla_put_be32(skb, IFLA_VTI_IKEY, parm->i_key) || 901 nla_put_be32(skb, IFLA_VTI_OKEY, parm->o_key)) 902 goto nla_put_failure; 903 return 0; 904 905 nla_put_failure: 906 return -EMSGSIZE; 907 } 908 909 static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = { 910 [IFLA_VTI_LINK] = { .type = NLA_U32 }, 911 [IFLA_VTI_LOCAL] = { .len = sizeof(struct in6_addr) }, 912 [IFLA_VTI_REMOTE] = { .len = sizeof(struct in6_addr) }, 913 [IFLA_VTI_IKEY] = { .type = NLA_U32 }, 914 [IFLA_VTI_OKEY] = { .type = NLA_U32 }, 915 }; 916 917 static struct rtnl_link_ops vti6_link_ops __read_mostly = { 918 .kind = "vti6", 919 .maxtype = IFLA_VTI_MAX, 920 .policy = vti6_policy, 921 .priv_size = sizeof(struct ip6_tnl), 922 .setup = vti6_dev_setup, 923 .validate = vti6_validate, 924 .newlink = vti6_newlink, 925 .changelink = vti6_changelink, 926 .get_size = vti6_get_size, 927 .fill_info = vti6_fill_info, 928 }; 929 930 static struct xfrm_tunnel_notifier vti6_handler __read_mostly = { 931 .handler = vti6_rcv, 932 .priority = 1, 933 }; 934 935 static void __net_exit vti6_destroy_tunnels(struct vti6_net *ip6n) 936 { 937 int h; 938 struct ip6_tnl *t; 939 LIST_HEAD(list); 940 941 for (h = 0; h < HASH_SIZE; h++) { 942 t = rtnl_dereference(ip6n->tnls_r_l[h]); 943 while (t != NULL) { 944 unregister_netdevice_queue(t->dev, &list); 945 t = rtnl_dereference(t->next); 946 } 947 } 948 949 t = rtnl_dereference(ip6n->tnls_wc[0]); 950 unregister_netdevice_queue(t->dev, &list); 951 unregister_netdevice_many(&list); 952 } 953 954 static int __net_init vti6_init_net(struct net *net) 955 { 956 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 957 struct ip6_tnl *t = NULL; 958 int err; 959 960 ip6n->tnls[0] = ip6n->tnls_wc; 961 ip6n->tnls[1] = ip6n->tnls_r_l; 962 963 err = -ENOMEM; 964 ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6_vti0", 965 vti6_dev_setup); 966 967 if (!ip6n->fb_tnl_dev) 968 goto err_alloc_dev; 969 dev_net_set(ip6n->fb_tnl_dev, net); 970 971 err = vti6_fb_tnl_dev_init(ip6n->fb_tnl_dev); 972 if (err < 0) 973 goto err_register; 974 975 err = register_netdev(ip6n->fb_tnl_dev); 976 if (err < 0) 977 goto err_register; 978 979 t = netdev_priv(ip6n->fb_tnl_dev); 980 981 strcpy(t->parms.name, ip6n->fb_tnl_dev->name); 982 return 0; 983 984 err_register: 985 vti6_dev_free(ip6n->fb_tnl_dev); 986 err_alloc_dev: 987 return err; 988 } 989 990 static void __net_exit vti6_exit_net(struct net *net) 991 { 992 struct vti6_net *ip6n = net_generic(net, vti6_net_id); 993 994 rtnl_lock(); 995 vti6_destroy_tunnels(ip6n); 996 rtnl_unlock(); 997 } 998 999 static struct pernet_operations vti6_net_ops = { 1000 .init = vti6_init_net, 1001 .exit = vti6_exit_net, 1002 .id = &vti6_net_id, 1003 .size = sizeof(struct vti6_net), 1004 }; 1005 1006 /** 1007 * vti6_tunnel_init - register protocol and reserve needed resources 1008 * 1009 * Return: 0 on success 1010 **/ 1011 static int __init vti6_tunnel_init(void) 1012 { 1013 int err; 1014 1015 err = register_pernet_device(&vti6_net_ops); 1016 if (err < 0) 1017 goto out_pernet; 1018 1019 err = xfrm6_mode_tunnel_input_register(&vti6_handler); 1020 if (err < 0) { 1021 pr_err("%s: can't register vti6\n", __func__); 1022 goto out; 1023 } 1024 err = rtnl_link_register(&vti6_link_ops); 1025 if (err < 0) 1026 goto rtnl_link_failed; 1027 1028 return 0; 1029 1030 rtnl_link_failed: 1031 xfrm6_mode_tunnel_input_deregister(&vti6_handler); 1032 out: 1033 unregister_pernet_device(&vti6_net_ops); 1034 out_pernet: 1035 return err; 1036 } 1037 1038 /** 1039 * vti6_tunnel_cleanup - free resources and unregister protocol 1040 **/ 1041 static void __exit vti6_tunnel_cleanup(void) 1042 { 1043 rtnl_link_unregister(&vti6_link_ops); 1044 if (xfrm6_mode_tunnel_input_deregister(&vti6_handler)) 1045 pr_info("%s: can't deregister vti6\n", __func__); 1046 1047 unregister_pernet_device(&vti6_net_ops); 1048 } 1049 1050 module_init(vti6_tunnel_init); 1051 module_exit(vti6_tunnel_cleanup); 1052 MODULE_LICENSE("GPL"); 1053 MODULE_ALIAS_RTNL_LINK("vti6"); 1054 MODULE_ALIAS_NETDEV("ip6_vti0"); 1055 MODULE_AUTHOR("Steffen Klassert"); 1056 MODULE_DESCRIPTION("IPv6 virtual tunnel interface"); 1057