2 * Linux NET3: GRE over IP protocol decoder.
4 * Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
13 #include <linux/capability.h>
14 #include <linux/module.h>
15 #include <linux/types.h>
16 #include <linux/kernel.h>
17 #include <asm/uaccess.h>
18 #include <linux/skbuff.h>
19 #include <linux/netdevice.h>
21 #include <linux/tcp.h>
22 #include <linux/udp.h>
23 #include <linux/if_arp.h>
24 #include <linux/mroute.h>
25 #include <linux/init.h>
26 #include <linux/in6.h>
27 #include <linux/inetdevice.h>
28 #include <linux/igmp.h>
29 #include <linux/netfilter_ipv4.h>
30 #include <linux/if_ether.h>
35 #include <net/protocol.h>
38 #include <net/checksum.h>
39 #include <net/dsfield.h>
40 #include <net/inet_ecn.h>
42 #include <net/net_namespace.h>
43 #include <net/netns/generic.h>
47 #include <net/ip6_fib.h>
48 #include <net/ip6_route.h>
55 1. The most important issue is detecting local dead loops.
56 They would cause complete host lockup in transmit, which
57 would be "resolved" by stack overflow or, if queueing is enabled,
58 with infinite looping in net_bh.
60 We cannot track such dead loops during route installation,
61 it is infeasible task. The most general solutions would be
62 to keep skb->encapsulation counter (sort of local ttl),
63 and silently drop packet when it expires. It is the best
64 solution, but it supposes maintaing new variable in ALL
65 skb, even if no tunneling is used.
67 Current solution: t->recursion lock breaks dead loops. It looks
68 like dev->tbusy flag, but I preferred new variable, because
69 the semantics is different. One day, when hard_start_xmit
70 will be multithreaded we will have to use skb->encapsulation.
74 2. Networking dead loops would not kill routers, but would really
75 kill network. IP hop limit plays role of "t->recursion" in this case,
76 if we copy it from packet being encapsulated to upper header.
77 It is very good solution, but it introduces two problems:
79 - Routing protocols, using packets with ttl=1 (OSPF, RIP2),
80 do not work over tunnels.
81 - traceroute does not work. I planned to relay ICMP from tunnel,
82 so that this problem would be solved and traceroute output
83 would even more informative. This idea appeared to be wrong:
84 only Linux complies to rfc1812 now (yes, guys, Linux is the only
85 true router now :-)), all routers (at least, in neighbourhood of mine)
86 return only 8 bytes of payload. It is the end.
88 Hence, if we want that OSPF worked or traceroute said something reasonable,
89 we should search for another solution.
91 One of them is to parse packet trying to detect inner encapsulation
92 made by our node. It is difficult or even impossible, especially,
93 taking into account fragmentation. TO be short, tt is not solution at all.
95 Current solution: The solution was UNEXPECTEDLY SIMPLE.
96 We force DF flag on tunnels with preconfigured hop limit,
97 that is ALL. :-) Well, it does not remove the problem completely,
98 but exponential growth of network traffic is changed to linear
99 (branches, that exceed pmtu are pruned) and tunnel mtu
100 fastly degrades to value <68, where looping stops.
101 Yes, it is not good if there exists a router in the loop,
102 which does not force DF, even when encapsulating packets have DF set.
103 But it is not our problem! Nobody could accuse us, we made
104 all that we could make. Even if it is your gated who injected
105 fatal route to network, even if it were you who configured
106 fatal static route: you are innocent. :-)
110 3. Really, ipv4/ipip.c, ipv4/ip_gre.c and ipv6/sit.c contain
111 practically identical code. It would be good to glue them
112 together, but it is not very evident, how to make them modular.
113 sit is integral part of IPv6, ipip and gre are naturally modular.
114 We could extract common parts (hash table, ioctl etc)
115 to a separate module (ip_tunnel.c).
120 static int ipgre_tunnel_init(struct net_device *dev);
121 static void ipgre_tunnel_setup(struct net_device *dev);
123 /* Fallback tunnel: no source, no destination, no key, no options */
125 static int ipgre_fb_tunnel_init(struct net_device *dev);
129 static int ipgre_net_id;
131 struct ip_tunnel *tunnels[4][HASH_SIZE];
133 struct net_device *fb_tunnel_dev;
136 /* Tunnel hash table */
146 We require exact key match i.e. if a key is present in packet
147 it will match only tunnel with the same key; if it is not present,
148 it will match only keyless tunnel.
150 All keysless packets, if not matched configured keyless tunnels
151 will match fallback tunnel.
154 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
156 #define tunnels_r_l tunnels[3]
157 #define tunnels_r tunnels[2]
158 #define tunnels_l tunnels[1]
159 #define tunnels_wc tunnels[0]
161 static DEFINE_RWLOCK(ipgre_lock);
163 /* Given src, dst and key, find appropriate for input tunnel. */
165 static struct ip_tunnel * ipgre_tunnel_lookup(struct net *net,
166 __be32 remote, __be32 local, __be32 key)
168 unsigned h0 = HASH(remote);
169 unsigned h1 = HASH(key);
171 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
173 for (t = ign->tunnels_r_l[h0^h1]; t; t = t->next) {
174 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) {
175 if (t->parms.i_key == key && (t->dev->flags&IFF_UP))
179 for (t = ign->tunnels_r[h0^h1]; t; t = t->next) {
180 if (remote == t->parms.iph.daddr) {
181 if (t->parms.i_key == key && (t->dev->flags&IFF_UP))
185 for (t = ign->tunnels_l[h1]; t; t = t->next) {
186 if (local == t->parms.iph.saddr ||
187 (local == t->parms.iph.daddr &&
188 ipv4_is_multicast(local))) {
189 if (t->parms.i_key == key && (t->dev->flags&IFF_UP))
193 for (t = ign->tunnels_wc[h1]; t; t = t->next) {
194 if (t->parms.i_key == key && (t->dev->flags&IFF_UP))
198 if (ign->fb_tunnel_dev->flags&IFF_UP)
199 return netdev_priv(ign->fb_tunnel_dev);
203 static struct ip_tunnel **__ipgre_bucket(struct ipgre_net *ign,
204 struct ip_tunnel_parm *parms)
206 __be32 remote = parms->iph.daddr;
207 __be32 local = parms->iph.saddr;
208 __be32 key = parms->i_key;
209 unsigned h = HASH(key);
214 if (remote && !ipv4_is_multicast(remote)) {
219 return &ign->tunnels[prio][h];
222 static inline struct ip_tunnel **ipgre_bucket(struct ipgre_net *ign,
225 return __ipgre_bucket(ign, &t->parms);
228 static void ipgre_tunnel_link(struct ipgre_net *ign, struct ip_tunnel *t)
230 struct ip_tunnel **tp = ipgre_bucket(ign, t);
233 write_lock_bh(&ipgre_lock);
235 write_unlock_bh(&ipgre_lock);
238 static void ipgre_tunnel_unlink(struct ipgre_net *ign, struct ip_tunnel *t)
240 struct ip_tunnel **tp;
242 for (tp = ipgre_bucket(ign, t); *tp; tp = &(*tp)->next) {
244 write_lock_bh(&ipgre_lock);
246 write_unlock_bh(&ipgre_lock);
252 static struct ip_tunnel * ipgre_tunnel_locate(struct net *net,
253 struct ip_tunnel_parm *parms, int create)
255 __be32 remote = parms->iph.daddr;
256 __be32 local = parms->iph.saddr;
257 __be32 key = parms->i_key;
258 struct ip_tunnel *t, **tp, *nt;
259 struct net_device *dev;
261 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
263 for (tp = __ipgre_bucket(ign, parms); (t = *tp) != NULL; tp = &t->next) {
264 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) {
265 if (key == t->parms.i_key)
273 strlcpy(name, parms->name, IFNAMSIZ);
275 sprintf(name, "gre%%d");
277 dev = alloc_netdev(sizeof(*t), name, ipgre_tunnel_setup);
281 dev_net_set(dev, net);
283 if (strchr(name, '%')) {
284 if (dev_alloc_name(dev, name) < 0)
288 dev->init = ipgre_tunnel_init;
289 nt = netdev_priv(dev);
292 if (register_netdevice(dev) < 0)
296 ipgre_tunnel_link(ign, nt);
304 static void ipgre_tunnel_uninit(struct net_device *dev)
306 struct net *net = dev_net(dev);
307 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
309 ipgre_tunnel_unlink(ign, netdev_priv(dev));
314 static void ipgre_err(struct sk_buff *skb, u32 info)
316 #ifndef I_WISH_WORLD_WERE_PERFECT
318 /* It is not :-( All the routers (except for Linux) return only
319 8 bytes of packet payload. It means, that precise relaying of
320 ICMP in the real Internet is absolutely infeasible.
322 Moreover, Cisco "wise men" put GRE key to the third word
323 in GRE header. It makes impossible maintaining even soft state for keyed
324 GRE tunnels with enabled checksum. Tell them "thank you".
326 Well, I wonder, rfc1812 was written by Cisco employee,
327 what the hell these idiots break standrads established
331 struct iphdr *iph = (struct iphdr*)skb->data;
332 __be16 *p = (__be16*)(skb->data+(iph->ihl<<2));
333 int grehlen = (iph->ihl<<2) + 4;
334 const int type = icmp_hdr(skb)->type;
335 const int code = icmp_hdr(skb)->code;
340 if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) {
341 if (flags&(GRE_VERSION|GRE_ROUTING))
350 /* If only 8 bytes returned, keyed message will be dropped here */
351 if (skb_headlen(skb) < grehlen)
356 case ICMP_PARAMETERPROB:
359 case ICMP_DEST_UNREACH:
362 case ICMP_PORT_UNREACH:
363 /* Impossible event. */
365 case ICMP_FRAG_NEEDED:
366 /* Soft state for pmtu is maintained by IP core. */
369 /* All others are translated to HOST_UNREACH.
370 rfc2003 contains "deep thoughts" about NET_UNREACH,
371 I believe they are just ether pollution. --ANK
376 case ICMP_TIME_EXCEEDED:
377 if (code != ICMP_EXC_TTL)
382 read_lock(&ipgre_lock);
383 t = ipgre_tunnel_lookup(dev_net(skb->dev), iph->daddr, iph->saddr,
385 *(((__be32*)p) + (grehlen>>2) - 1) : 0);
386 if (t == NULL || t->parms.iph.daddr == 0 ||
387 ipv4_is_multicast(t->parms.iph.daddr))
390 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
393 if (jiffies - t->err_time < IPTUNNEL_ERR_TIMEO)
397 t->err_time = jiffies;
399 read_unlock(&ipgre_lock);
402 struct iphdr *iph = (struct iphdr*)dp;
404 __be16 *p = (__be16*)(dp+(iph->ihl<<2));
405 const int type = icmp_hdr(skb)->type;
406 const int code = icmp_hdr(skb)->code;
412 int grehlen = (iph->ihl<<2) + 4;
413 struct sk_buff *skb2;
417 if (p[1] != htons(ETH_P_IP))
421 if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) {
422 if (flags&(GRE_VERSION|GRE_ROUTING))
431 if (len < grehlen + sizeof(struct iphdr))
433 eiph = (struct iphdr*)(dp + grehlen);
438 case ICMP_PARAMETERPROB:
439 n = ntohl(icmp_hdr(skb)->un.gateway) >> 24;
440 if (n < (iph->ihl<<2))
443 /* So... This guy found something strange INSIDE encapsulated
444 packet. Well, he is fool, but what can we do ?
446 rel_type = ICMP_PARAMETERPROB;
448 rel_info = htonl(n << 24);
451 case ICMP_DEST_UNREACH:
454 case ICMP_PORT_UNREACH:
455 /* Impossible event. */
457 case ICMP_FRAG_NEEDED:
458 /* And it is the only really necessary thing :-) */
459 n = ntohs(icmp_hdr(skb)->un.frag.mtu);
463 /* BSD 4.2 MORE DOES NOT EXIST IN NATURE. */
464 if (n > ntohs(eiph->tot_len))
469 /* All others are translated to HOST_UNREACH.
470 rfc2003 contains "deep thoughts" about NET_UNREACH,
471 I believe, it is just ether pollution. --ANK
473 rel_type = ICMP_DEST_UNREACH;
474 rel_code = ICMP_HOST_UNREACH;
478 case ICMP_TIME_EXCEEDED:
479 if (code != ICMP_EXC_TTL)
484 /* Prepare fake skb to feed it to icmp_send */
485 skb2 = skb_clone(skb, GFP_ATOMIC);
488 dst_release(skb2->dst);
490 skb_pull(skb2, skb->data - (u8*)eiph);
491 skb_reset_network_header(skb2);
493 /* Try to guess incoming interface */
494 memset(&fl, 0, sizeof(fl));
495 fl.fl4_dst = eiph->saddr;
496 fl.fl4_tos = RT_TOS(eiph->tos);
497 fl.proto = IPPROTO_GRE;
498 if (ip_route_output_key(dev_net(skb->dev), &rt, &fl)) {
502 skb2->dev = rt->u.dst.dev;
504 /* route "incoming" packet */
505 if (rt->rt_flags&RTCF_LOCAL) {
508 fl.fl4_dst = eiph->daddr;
509 fl.fl4_src = eiph->saddr;
510 fl.fl4_tos = eiph->tos;
511 if (ip_route_output_key(dev_net(skb->dev), &rt, &fl) ||
512 rt->u.dst.dev->type != ARPHRD_IPGRE) {
519 if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, skb2->dev) ||
520 skb2->dst->dev->type != ARPHRD_IPGRE) {
526 /* change mtu on this route */
527 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
528 if (n > dst_mtu(skb2->dst)) {
532 skb2->dst->ops->update_pmtu(skb2->dst, n);
533 } else if (type == ICMP_TIME_EXCEEDED) {
534 struct ip_tunnel *t = netdev_priv(skb2->dev);
535 if (t->parms.iph.ttl) {
536 rel_type = ICMP_DEST_UNREACH;
537 rel_code = ICMP_HOST_UNREACH;
541 icmp_send(skb2, rel_type, rel_code, rel_info);
546 static inline void ipgre_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb)
548 if (INET_ECN_is_ce(iph->tos)) {
549 if (skb->protocol == htons(ETH_P_IP)) {
550 IP_ECN_set_ce(ip_hdr(skb));
551 } else if (skb->protocol == htons(ETH_P_IPV6)) {
552 IP6_ECN_set_ce(ipv6_hdr(skb));
558 ipgre_ecn_encapsulate(u8 tos, struct iphdr *old_iph, struct sk_buff *skb)
561 if (skb->protocol == htons(ETH_P_IP))
562 inner = old_iph->tos;
563 else if (skb->protocol == htons(ETH_P_IPV6))
564 inner = ipv6_get_dsfield((struct ipv6hdr *)old_iph);
565 return INET_ECN_encapsulate(tos, inner);
568 static int ipgre_rcv(struct sk_buff *skb)
576 struct ip_tunnel *tunnel;
579 if (!pskb_may_pull(skb, 16))
586 if (flags&(GRE_CSUM|GRE_KEY|GRE_ROUTING|GRE_SEQ|GRE_VERSION)) {
587 /* - Version must be 0.
588 - We do not support routing headers.
590 if (flags&(GRE_VERSION|GRE_ROUTING))
593 if (flags&GRE_CSUM) {
594 switch (skb->ip_summed) {
595 case CHECKSUM_COMPLETE:
596 csum = csum_fold(skb->csum);
602 csum = __skb_checksum_complete(skb);
603 skb->ip_summed = CHECKSUM_COMPLETE;
608 key = *(__be32*)(h + offset);
612 seqno = ntohl(*(__be32*)(h + offset));
617 read_lock(&ipgre_lock);
618 if ((tunnel = ipgre_tunnel_lookup(dev_net(skb->dev),
619 iph->saddr, iph->daddr, key)) != NULL) {
620 struct net_device_stats *stats = &tunnel->dev->stats;
624 skb->protocol = *(__be16*)(h + 2);
625 /* WCCP version 1 and 2 protocol decoding.
626 * - Change protocol to IP
627 * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header
630 skb->protocol == htons(ETH_P_WCCP)) {
631 skb->protocol = htons(ETH_P_IP);
632 if ((*(h + offset) & 0xF0) != 0x40)
636 skb->mac_header = skb->network_header;
637 __pskb_pull(skb, offset);
638 skb_reset_network_header(skb);
639 skb_postpull_rcsum(skb, skb_transport_header(skb), offset);
640 skb->pkt_type = PACKET_HOST;
641 #ifdef CONFIG_NET_IPGRE_BROADCAST
642 if (ipv4_is_multicast(iph->daddr)) {
643 /* Looped back packet, drop it! */
644 if (skb->rtable->fl.iif == 0)
647 skb->pkt_type = PACKET_BROADCAST;
651 if (((flags&GRE_CSUM) && csum) ||
652 (!(flags&GRE_CSUM) && tunnel->parms.i_flags&GRE_CSUM)) {
653 stats->rx_crc_errors++;
657 if (tunnel->parms.i_flags&GRE_SEQ) {
658 if (!(flags&GRE_SEQ) ||
659 (tunnel->i_seqno && (s32)(seqno - tunnel->i_seqno) < 0)) {
660 stats->rx_fifo_errors++;
664 tunnel->i_seqno = seqno + 1;
667 stats->rx_bytes += skb->len;
668 skb->dev = tunnel->dev;
669 dst_release(skb->dst);
672 ipgre_ecn_decapsulate(iph, skb);
674 read_unlock(&ipgre_lock);
677 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
680 read_unlock(&ipgre_lock);
686 static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
688 struct ip_tunnel *tunnel = netdev_priv(dev);
689 struct net_device_stats *stats = &tunnel->dev->stats;
690 struct iphdr *old_iph = ip_hdr(skb);
694 struct rtable *rt; /* Route to the other host */
695 struct net_device *tdev; /* Device to other host */
696 struct iphdr *iph; /* Our new IP header */
697 unsigned int max_headroom; /* The extra header space needed */
702 if (tunnel->recursion++) {
707 if (dev->header_ops) {
709 tiph = (struct iphdr*)skb->data;
711 gre_hlen = tunnel->hlen;
712 tiph = &tunnel->parms.iph;
715 if ((dst = tiph->daddr) == 0) {
718 if (skb->dst == NULL) {
719 stats->tx_fifo_errors++;
723 if (skb->protocol == htons(ETH_P_IP)) {
725 if ((dst = rt->rt_gateway) == 0)
729 else if (skb->protocol == htons(ETH_P_IPV6)) {
730 struct in6_addr *addr6;
732 struct neighbour *neigh = skb->dst->neighbour;
737 addr6 = (struct in6_addr*)&neigh->primary_key;
738 addr_type = ipv6_addr_type(addr6);
740 if (addr_type == IPV6_ADDR_ANY) {
741 addr6 = &ipv6_hdr(skb)->daddr;
742 addr_type = ipv6_addr_type(addr6);
745 if ((addr_type & IPV6_ADDR_COMPATv4) == 0)
748 dst = addr6->s6_addr32[3];
757 if (skb->protocol == htons(ETH_P_IP))
763 struct flowi fl = { .oif = tunnel->parms.link,
766 .saddr = tiph->saddr,
767 .tos = RT_TOS(tos) } },
768 .proto = IPPROTO_GRE };
769 if (ip_route_output_key(dev_net(dev), &rt, &fl)) {
770 stats->tx_carrier_errors++;
774 tdev = rt->u.dst.dev;
784 mtu = dst_mtu(&rt->u.dst) - tunnel->hlen;
786 mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu;
789 skb->dst->ops->update_pmtu(skb->dst, mtu);
791 if (skb->protocol == htons(ETH_P_IP)) {
792 df |= (old_iph->frag_off&htons(IP_DF));
794 if ((old_iph->frag_off&htons(IP_DF)) &&
795 mtu < ntohs(old_iph->tot_len)) {
796 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
802 else if (skb->protocol == htons(ETH_P_IPV6)) {
803 struct rt6_info *rt6 = (struct rt6_info*)skb->dst;
805 if (rt6 && mtu < dst_mtu(skb->dst) && mtu >= IPV6_MIN_MTU) {
806 if ((tunnel->parms.iph.daddr &&
807 !ipv4_is_multicast(tunnel->parms.iph.daddr)) ||
808 rt6->rt6i_dst.plen == 128) {
809 rt6->rt6i_flags |= RTF_MODIFIED;
810 skb->dst->metrics[RTAX_MTU-1] = mtu;
814 if (mtu >= IPV6_MIN_MTU && mtu < skb->len - tunnel->hlen + gre_hlen) {
815 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, dev);
822 if (tunnel->err_count > 0) {
823 if (jiffies - tunnel->err_time < IPTUNNEL_ERR_TIMEO) {
826 dst_link_failure(skb);
828 tunnel->err_count = 0;
831 max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen;
833 if (skb_headroom(skb) < max_headroom || skb_shared(skb)||
834 (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
835 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
844 skb_set_owner_w(new_skb, skb->sk);
847 old_iph = ip_hdr(skb);
850 skb->transport_header = skb->network_header;
851 skb_push(skb, gre_hlen);
852 skb_reset_network_header(skb);
853 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
854 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
856 dst_release(skb->dst);
857 skb->dst = &rt->u.dst;
860 * Push down and install the IPIP header.
865 iph->ihl = sizeof(struct iphdr) >> 2;
867 iph->protocol = IPPROTO_GRE;
868 iph->tos = ipgre_ecn_encapsulate(tos, old_iph, skb);
869 iph->daddr = rt->rt_dst;
870 iph->saddr = rt->rt_src;
872 if ((iph->ttl = tiph->ttl) == 0) {
873 if (skb->protocol == htons(ETH_P_IP))
874 iph->ttl = old_iph->ttl;
876 else if (skb->protocol == htons(ETH_P_IPV6))
877 iph->ttl = ((struct ipv6hdr*)old_iph)->hop_limit;
880 iph->ttl = dst_metric(&rt->u.dst, RTAX_HOPLIMIT);
883 ((__be16*)(iph+1))[0] = tunnel->parms.o_flags;
884 ((__be16*)(iph+1))[1] = skb->protocol;
886 if (tunnel->parms.o_flags&(GRE_KEY|GRE_CSUM|GRE_SEQ)) {
887 __be32 *ptr = (__be32*)(((u8*)iph) + tunnel->hlen - 4);
889 if (tunnel->parms.o_flags&GRE_SEQ) {
891 *ptr = htonl(tunnel->o_seqno);
894 if (tunnel->parms.o_flags&GRE_KEY) {
895 *ptr = tunnel->parms.o_key;
898 if (tunnel->parms.o_flags&GRE_CSUM) {
900 *(__sum16*)ptr = ip_compute_csum((void*)(iph+1), skb->len - sizeof(struct iphdr));
911 dst_link_failure(skb);
920 static void ipgre_tunnel_bind_dev(struct net_device *dev)
922 struct net_device *tdev = NULL;
923 struct ip_tunnel *tunnel;
925 int hlen = LL_MAX_HEADER;
926 int mtu = ETH_DATA_LEN;
927 int addend = sizeof(struct iphdr) + 4;
929 tunnel = netdev_priv(dev);
930 iph = &tunnel->parms.iph;
932 /* Guess output device to choose reasonable mtu and hard_header_len */
935 struct flowi fl = { .oif = tunnel->parms.link,
937 { .daddr = iph->daddr,
939 .tos = RT_TOS(iph->tos) } },
940 .proto = IPPROTO_GRE };
942 if (!ip_route_output_key(dev_net(dev), &rt, &fl)) {
943 tdev = rt->u.dst.dev;
946 dev->flags |= IFF_POINTOPOINT;
949 if (!tdev && tunnel->parms.link)
950 tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link);
953 hlen = tdev->hard_header_len;
956 dev->iflink = tunnel->parms.link;
958 /* Precalculate GRE options length */
959 if (tunnel->parms.o_flags&(GRE_CSUM|GRE_KEY|GRE_SEQ)) {
960 if (tunnel->parms.o_flags&GRE_CSUM)
962 if (tunnel->parms.o_flags&GRE_KEY)
964 if (tunnel->parms.o_flags&GRE_SEQ)
967 dev->hard_header_len = hlen + addend;
968 dev->mtu = mtu - addend;
969 tunnel->hlen = addend;
974 ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
977 struct ip_tunnel_parm p;
979 struct net *net = dev_net(dev);
980 struct ipgre_net *ign = net_generic(net, ipgre_net_id);
985 if (dev == ign->fb_tunnel_dev) {
986 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
990 t = ipgre_tunnel_locate(net, &p, 0);
993 t = netdev_priv(dev);
994 memcpy(&p, &t->parms, sizeof(p));
995 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
1002 if (!capable(CAP_NET_ADMIN))
1006 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
1010 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_GRE ||
1011 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)) ||
1012 ((p.i_flags|p.o_flags)&(GRE_VERSION|GRE_ROUTING)))
1015 p.iph.frag_off |= htons(IP_DF);
1017 if (!(p.i_flags&GRE_KEY))
1019 if (!(p.o_flags&GRE_KEY))
1022 t = ipgre_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL);
1024 if (dev != ign->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
1026 if (t->dev != dev) {
1033 t = netdev_priv(dev);
1035 if (ipv4_is_multicast(p.iph.daddr))
1036 nflags = IFF_BROADCAST;
1037 else if (p.iph.daddr)
1038 nflags = IFF_POINTOPOINT;
1040 if ((dev->flags^nflags)&(IFF_POINTOPOINT|IFF_BROADCAST)) {
1044 ipgre_tunnel_unlink(ign, t);
1045 t->parms.iph.saddr = p.iph.saddr;
1046 t->parms.iph.daddr = p.iph.daddr;
1047 t->parms.i_key = p.i_key;
1048 t->parms.o_key = p.o_key;
1049 memcpy(dev->dev_addr, &p.iph.saddr, 4);
1050 memcpy(dev->broadcast, &p.iph.daddr, 4);
1051 ipgre_tunnel_link(ign, t);
1052 netdev_state_change(dev);
1058 if (cmd == SIOCCHGTUNNEL) {
1059 t->parms.iph.ttl = p.iph.ttl;
1060 t->parms.iph.tos = p.iph.tos;
1061 t->parms.iph.frag_off = p.iph.frag_off;
1062 if (t->parms.link != p.link) {
1063 t->parms.link = p.link;
1064 ipgre_tunnel_bind_dev(dev);
1065 netdev_state_change(dev);
1068 if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
1071 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
1076 if (!capable(CAP_NET_ADMIN))
1079 if (dev == ign->fb_tunnel_dev) {
1081 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
1084 if ((t = ipgre_tunnel_locate(net, &p, 0)) == NULL)
1087 if (t == netdev_priv(ign->fb_tunnel_dev))
1091 unregister_netdevice(dev);
1103 static int ipgre_tunnel_change_mtu(struct net_device *dev, int new_mtu)
1105 struct ip_tunnel *tunnel = netdev_priv(dev);
1106 if (new_mtu < 68 || new_mtu > 0xFFF8 - tunnel->hlen)
1112 /* Nice toy. Unfortunately, useless in real life :-)
1113 It allows to construct virtual multiprotocol broadcast "LAN"
1114 over the Internet, provided multicast routing is tuned.
1117 I have no idea was this bicycle invented before me,
1118 so that I had to set ARPHRD_IPGRE to a random value.
1119 I have an impression, that Cisco could make something similar,
1120 but this feature is apparently missing in IOS<=11.2(8).
1122 I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks
1123 with broadcast 224.66.66.66. If you have access to mbone, play with me :-)
1125 ping -t 255 224.66.66.66
1127 If nobody answers, mbone does not work.
1129 ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255
1130 ip addr add 10.66.66.<somewhat>/24 dev Universe
1131 ifconfig Universe up
1132 ifconfig Universe add fe80::<Your_real_addr>/10
1133 ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96
1136 ftp fec0:6666:6666::193.233.7.65
1141 static int ipgre_header(struct sk_buff *skb, struct net_device *dev,
1142 unsigned short type,
1143 const void *daddr, const void *saddr, unsigned len)
1145 struct ip_tunnel *t = netdev_priv(dev);
1146 struct iphdr *iph = (struct iphdr *)skb_push(skb, t->hlen);
1147 __be16 *p = (__be16*)(iph+1);
1149 memcpy(iph, &t->parms.iph, sizeof(struct iphdr));
1150 p[0] = t->parms.o_flags;
1154 * Set the source hardware address.
1158 memcpy(&iph->saddr, saddr, 4);
1161 memcpy(&iph->daddr, daddr, 4);
1164 if (iph->daddr && !ipv4_is_multicast(iph->daddr))
1170 static int ipgre_header_parse(const struct sk_buff *skb, unsigned char *haddr)
1172 struct iphdr *iph = (struct iphdr*) skb_mac_header(skb);
1173 memcpy(haddr, &iph->saddr, 4);
1177 static const struct header_ops ipgre_header_ops = {
1178 .create = ipgre_header,
1179 .parse = ipgre_header_parse,
1182 #ifdef CONFIG_NET_IPGRE_BROADCAST
1183 static int ipgre_open(struct net_device *dev)
1185 struct ip_tunnel *t = netdev_priv(dev);
1187 if (ipv4_is_multicast(t->parms.iph.daddr)) {
1188 struct flowi fl = { .oif = t->parms.link,
1190 { .daddr = t->parms.iph.daddr,
1191 .saddr = t->parms.iph.saddr,
1192 .tos = RT_TOS(t->parms.iph.tos) } },
1193 .proto = IPPROTO_GRE };
1195 if (ip_route_output_key(dev_net(dev), &rt, &fl))
1196 return -EADDRNOTAVAIL;
1197 dev = rt->u.dst.dev;
1199 if (__in_dev_get_rtnl(dev) == NULL)
1200 return -EADDRNOTAVAIL;
1201 t->mlink = dev->ifindex;
1202 ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr);
1207 static int ipgre_close(struct net_device *dev)
1209 struct ip_tunnel *t = netdev_priv(dev);
1210 if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) {
1211 struct in_device *in_dev;
1212 in_dev = inetdev_by_index(dev_net(dev), t->mlink);
1214 ip_mc_dec_group(in_dev, t->parms.iph.daddr);
1223 static void ipgre_tunnel_setup(struct net_device *dev)
1225 dev->uninit = ipgre_tunnel_uninit;
1226 dev->destructor = free_netdev;
1227 dev->hard_start_xmit = ipgre_tunnel_xmit;
1228 dev->do_ioctl = ipgre_tunnel_ioctl;
1229 dev->change_mtu = ipgre_tunnel_change_mtu;
1231 dev->type = ARPHRD_IPGRE;
1232 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr) + 4;
1233 dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr) - 4;
1234 dev->flags = IFF_NOARP;
1237 dev->features |= NETIF_F_NETNS_LOCAL;
1240 static int ipgre_tunnel_init(struct net_device *dev)
1242 struct ip_tunnel *tunnel;
1245 tunnel = netdev_priv(dev);
1246 iph = &tunnel->parms.iph;
1249 strcpy(tunnel->parms.name, dev->name);
1251 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
1252 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
1254 ipgre_tunnel_bind_dev(dev);
1257 #ifdef CONFIG_NET_IPGRE_BROADCAST
1258 if (ipv4_is_multicast(iph->daddr)) {
1261 dev->flags = IFF_BROADCAST;
1262 dev->header_ops = &ipgre_header_ops;
1263 dev->open = ipgre_open;
1264 dev->stop = ipgre_close;
1268 dev->header_ops = &ipgre_header_ops;
1273 static int ipgre_fb_tunnel_init(struct net_device *dev)
1275 struct ip_tunnel *tunnel = netdev_priv(dev);
1276 struct iphdr *iph = &tunnel->parms.iph;
1277 struct ipgre_net *ign = net_generic(dev_net(dev), ipgre_net_id);
1280 strcpy(tunnel->parms.name, dev->name);
1283 iph->protocol = IPPROTO_GRE;
1285 tunnel->hlen = sizeof(struct iphdr) + 4;
1288 ign->tunnels_wc[0] = tunnel;
1293 static struct net_protocol ipgre_protocol = {
1294 .handler = ipgre_rcv,
1295 .err_handler = ipgre_err,
1299 static void ipgre_destroy_tunnels(struct ipgre_net *ign)
1303 for (prio = 0; prio < 4; prio++) {
1305 for (h = 0; h < HASH_SIZE; h++) {
1306 struct ip_tunnel *t;
1307 while ((t = ign->tunnels[prio][h]) != NULL)
1308 unregister_netdevice(t->dev);
1313 static int ipgre_init_net(struct net *net)
1316 struct ipgre_net *ign;
1319 ign = kzalloc(sizeof(struct ipgre_net), GFP_KERNEL);
1323 err = net_assign_generic(net, ipgre_net_id, ign);
1327 ign->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0",
1328 ipgre_tunnel_setup);
1329 if (!ign->fb_tunnel_dev) {
1334 ign->fb_tunnel_dev->init = ipgre_fb_tunnel_init;
1335 dev_net_set(ign->fb_tunnel_dev, net);
1337 if ((err = register_netdev(ign->fb_tunnel_dev)))
1343 free_netdev(ign->fb_tunnel_dev);
1352 static void ipgre_exit_net(struct net *net)
1354 struct ipgre_net *ign;
1356 ign = net_generic(net, ipgre_net_id);
1358 ipgre_destroy_tunnels(ign);
1363 static struct pernet_operations ipgre_net_ops = {
1364 .init = ipgre_init_net,
1365 .exit = ipgre_exit_net,
1369 * And now the modules code and kernel interface.
1372 static int __init ipgre_init(void)
1376 printk(KERN_INFO "GRE over IPv4 tunneling driver\n");
1378 if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
1379 printk(KERN_INFO "ipgre init: can't add protocol\n");
1383 err = register_pernet_gen_device(&ipgre_net_id, &ipgre_net_ops);
1385 inet_del_protocol(&ipgre_protocol, IPPROTO_GRE);
1390 static void __exit ipgre_fini(void)
1392 if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0)
1393 printk(KERN_INFO "ipgre close: can't remove protocol\n");
1395 unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
1398 module_init(ipgre_init);
1399 module_exit(ipgre_fini);
1400 MODULE_LICENSE("GPL");
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob