2 * IPv6 over IPv4 tunnel device - Simple Internet Transition (SIT)
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
9 * $Id: sit.c,v 1.53 2001/09/25 05:09:53 davem Exp $
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation; either version
14 * 2 of the License, or (at your option) any later version.
17 * Roger Venning <r.venning@telstra.com>: 6to4 support
18 * Nate Thompson <nate@thebog.net>: 6to4 support
21 #include <linux/module.h>
22 #include <linux/capability.h>
23 #include <linux/errno.h>
24 #include <linux/types.h>
25 #include <linux/socket.h>
26 #include <linux/sockios.h>
27 #include <linux/sched.h>
28 #include <linux/net.h>
29 #include <linux/in6.h>
30 #include <linux/netdevice.h>
31 #include <linux/if_arp.h>
32 #include <linux/icmp.h>
33 #include <asm/uaccess.h>
34 #include <linux/init.h>
35 #include <linux/netfilter_ipv4.h>
36 #include <linux/if_ether.h>
42 #include <net/protocol.h>
43 #include <net/transp_v6.h>
44 #include <net/ip6_fib.h>
45 #include <net/ip6_route.h>
46 #include <net/ndisc.h>
47 #include <net/addrconf.h>
52 #include <net/inet_ecn.h>
54 #include <net/dsfield.h>
57 This version of net/ipv6/sit.c is cloned of net/ipv4/ip_gre.c
59 For comments look at net/ipv4/ip_gre.c --ANK
63 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
65 static int ipip6_fb_tunnel_init(struct net_device *dev);
66 static int ipip6_tunnel_init(struct net_device *dev);
67 static void ipip6_tunnel_setup(struct net_device *dev);
69 static struct net_device *ipip6_fb_tunnel_dev;
71 static struct ip_tunnel *tunnels_r_l[HASH_SIZE];
72 static struct ip_tunnel *tunnels_r[HASH_SIZE];
73 static struct ip_tunnel *tunnels_l[HASH_SIZE];
74 static struct ip_tunnel *tunnels_wc[1];
75 static struct ip_tunnel **tunnels[4] = { tunnels_wc, tunnels_l, tunnels_r, tunnels_r_l };
77 static DEFINE_RWLOCK(ipip6_lock);
79 static struct ip_tunnel * ipip6_tunnel_lookup(__be32 remote, __be32 local)
81 unsigned h0 = HASH(remote);
82 unsigned h1 = HASH(local);
85 for (t = tunnels_r_l[h0^h1]; t; t = t->next) {
86 if (local == t->parms.iph.saddr &&
87 remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
90 for (t = tunnels_r[h0]; t; t = t->next) {
91 if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
94 for (t = tunnels_l[h1]; t; t = t->next) {
95 if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP))
98 if ((t = tunnels_wc[0]) != NULL && (t->dev->flags&IFF_UP))
103 static struct ip_tunnel ** ipip6_bucket(struct ip_tunnel *t)
105 __be32 remote = t->parms.iph.daddr;
106 __be32 local = t->parms.iph.saddr;
118 return &tunnels[prio][h];
121 static void ipip6_tunnel_unlink(struct ip_tunnel *t)
123 struct ip_tunnel **tp;
125 for (tp = ipip6_bucket(t); *tp; tp = &(*tp)->next) {
127 write_lock_bh(&ipip6_lock);
129 write_unlock_bh(&ipip6_lock);
135 static void ipip6_tunnel_link(struct ip_tunnel *t)
137 struct ip_tunnel **tp = ipip6_bucket(t);
140 write_lock_bh(&ipip6_lock);
142 write_unlock_bh(&ipip6_lock);
145 static struct ip_tunnel * ipip6_tunnel_locate(struct ip_tunnel_parm *parms, int create)
147 __be32 remote = parms->iph.daddr;
148 __be32 local = parms->iph.saddr;
149 struct ip_tunnel *t, **tp, *nt;
150 struct net_device *dev;
163 for (tp = &tunnels[prio][h]; (t = *tp) != NULL; tp = &t->next) {
164 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr)
171 strlcpy(name, parms->name, IFNAMSIZ);
174 for (i=1; i<100; i++) {
175 sprintf(name, "sit%d", i);
176 if (__dev_get_by_name(name) == NULL)
183 dev = alloc_netdev(sizeof(*t), name, ipip6_tunnel_setup);
187 nt = netdev_priv(dev);
188 dev->init = ipip6_tunnel_init;
191 if (register_netdevice(dev) < 0) {
198 ipip6_tunnel_link(nt);
205 static void ipip6_tunnel_uninit(struct net_device *dev)
207 if (dev == ipip6_fb_tunnel_dev) {
208 write_lock_bh(&ipip6_lock);
209 tunnels_wc[0] = NULL;
210 write_unlock_bh(&ipip6_lock);
213 ipip6_tunnel_unlink(netdev_priv(dev));
219 static int ipip6_err(struct sk_buff *skb, u32 info)
221 #ifndef I_WISH_WORLD_WERE_PERFECT
223 /* It is not :-( All the routers (except for Linux) return only
224 8 bytes of packet payload. It means, that precise relaying of
225 ICMP in the real Internet is absolutely infeasible.
227 struct iphdr *iph = (struct iphdr*)skb->data;
228 int type = skb->h.icmph->type;
229 int code = skb->h.icmph->code;
235 case ICMP_PARAMETERPROB:
238 case ICMP_DEST_UNREACH:
241 case ICMP_PORT_UNREACH:
242 /* Impossible event. */
244 case ICMP_FRAG_NEEDED:
245 /* Soft state for pmtu is maintained by IP core. */
248 /* All others are translated to HOST_UNREACH.
249 rfc2003 contains "deep thoughts" about NET_UNREACH,
250 I believe they are just ether pollution. --ANK
255 case ICMP_TIME_EXCEEDED:
256 if (code != ICMP_EXC_TTL)
263 read_lock(&ipip6_lock);
264 t = ipip6_tunnel_lookup(iph->daddr, iph->saddr);
265 if (t == NULL || t->parms.iph.daddr == 0)
269 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
272 if (jiffies - t->err_time < IPTUNNEL_ERR_TIMEO)
276 t->err_time = jiffies;
278 read_unlock(&ipip6_lock);
281 struct iphdr *iph = (struct iphdr*)dp;
282 int hlen = iph->ihl<<2;
283 struct ipv6hdr *iph6;
284 int type = skb->h.icmph->type;
285 int code = skb->h.icmph->code;
289 struct sk_buff *skb2;
290 struct rt6_info *rt6i;
292 if (len < hlen + sizeof(struct ipv6hdr))
294 iph6 = (struct ipv6hdr*)(dp + hlen);
299 case ICMP_PARAMETERPROB:
300 if (skb->h.icmph->un.gateway < hlen)
303 /* So... This guy found something strange INSIDE encapsulated
304 packet. Well, he is fool, but what can we do ?
306 rel_type = ICMPV6_PARAMPROB;
307 rel_info = skb->h.icmph->un.gateway - hlen;
310 case ICMP_DEST_UNREACH:
313 case ICMP_PORT_UNREACH:
314 /* Impossible event. */
316 case ICMP_FRAG_NEEDED:
317 /* Too complicated case ... */
320 /* All others are translated to HOST_UNREACH.
321 rfc2003 contains "deep thoughts" about NET_UNREACH,
322 I believe, it is just ether pollution. --ANK
324 rel_type = ICMPV6_DEST_UNREACH;
325 rel_code = ICMPV6_ADDR_UNREACH;
329 case ICMP_TIME_EXCEEDED:
330 if (code != ICMP_EXC_TTL)
332 rel_type = ICMPV6_TIME_EXCEED;
333 rel_code = ICMPV6_EXC_HOPLIMIT;
337 /* Prepare fake skb to feed it to icmpv6_send */
338 skb2 = skb_clone(skb, GFP_ATOMIC);
341 dst_release(skb2->dst);
343 skb_pull(skb2, skb->data - (u8*)iph6);
344 skb2->nh.raw = skb2->data;
346 /* Try to guess incoming interface */
347 rt6i = rt6_lookup(&iph6->saddr, NULL, NULL, 0);
348 if (rt6i && rt6i->rt6i_dev) {
349 skb2->dev = rt6i->rt6i_dev;
351 rt6i = rt6_lookup(&iph6->daddr, &iph6->saddr, NULL, 0);
353 if (rt6i && rt6i->rt6i_dev && rt6i->rt6i_dev->type == ARPHRD_SIT) {
354 struct ip_tunnel *t = netdev_priv(rt6i->rt6i_dev);
355 if (rel_type == ICMPV6_TIME_EXCEED && t->parms.iph.ttl) {
356 rel_type = ICMPV6_DEST_UNREACH;
357 rel_code = ICMPV6_ADDR_UNREACH;
359 icmpv6_send(skb2, rel_type, rel_code, rel_info, skb2->dev);
367 static inline void ipip6_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb)
369 if (INET_ECN_is_ce(iph->tos))
370 IP6_ECN_set_ce(skb->nh.ipv6h);
373 static int ipip6_rcv(struct sk_buff *skb)
376 struct ip_tunnel *tunnel;
378 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
383 read_lock(&ipip6_lock);
384 if ((tunnel = ipip6_tunnel_lookup(iph->saddr, iph->daddr)) != NULL) {
386 skb->mac.raw = skb->nh.raw;
387 skb->nh.raw = skb->data;
388 IPCB(skb)->flags = 0;
389 skb->protocol = htons(ETH_P_IPV6);
390 skb->pkt_type = PACKET_HOST;
391 tunnel->stat.rx_packets++;
392 tunnel->stat.rx_bytes += skb->len;
393 skb->dev = tunnel->dev;
394 dst_release(skb->dst);
397 ipip6_ecn_decapsulate(iph, skb);
399 read_unlock(&ipip6_lock);
403 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
405 read_unlock(&ipip6_lock);
410 /* Returns the embedded IPv4 address if the IPv6 address
411 comes from 6to4 (RFC 3056) addr space */
413 static inline __be32 try_6to4(struct in6_addr *v6dst)
417 if (v6dst->s6_addr16[0] == htons(0x2002)) {
418 /* 6to4 v6 addr has 16 bits prefix, 32 v4addr, 16 SLA, ... */
419 memcpy(&dst, &v6dst->s6_addr16[1], 4);
425 * This function assumes it is being called from dev_queue_xmit()
426 * and that skb is filled properly by that function.
429 static int ipip6_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
431 struct ip_tunnel *tunnel = netdev_priv(dev);
432 struct net_device_stats *stats = &tunnel->stat;
433 struct iphdr *tiph = &tunnel->parms.iph;
434 struct ipv6hdr *iph6 = skb->nh.ipv6h;
435 u8 tos = tunnel->parms.iph.tos;
436 struct rtable *rt; /* Route to the other host */
437 struct net_device *tdev; /* Device to other host */
438 struct iphdr *iph; /* Our new IP header */
439 int max_headroom; /* The extra header space needed */
440 __be32 dst = tiph->daddr;
442 struct in6_addr *addr6;
445 if (tunnel->recursion++) {
446 tunnel->stat.collisions++;
450 if (skb->protocol != htons(ETH_P_IPV6))
454 dst = try_6to4(&iph6->daddr);
457 struct neighbour *neigh = NULL;
460 neigh = skb->dst->neighbour;
464 printk(KERN_DEBUG "sit: nexthop == NULL\n");
468 addr6 = (struct in6_addr*)&neigh->primary_key;
469 addr_type = ipv6_addr_type(addr6);
471 if (addr_type == IPV6_ADDR_ANY) {
472 addr6 = &skb->nh.ipv6h->daddr;
473 addr_type = ipv6_addr_type(addr6);
476 if ((addr_type & IPV6_ADDR_COMPATv4) == 0)
479 dst = addr6->s6_addr32[3];
483 struct flowi fl = { .nl_u = { .ip4_u =
485 .saddr = tiph->saddr,
486 .tos = RT_TOS(tos) } },
487 .oif = tunnel->parms.link,
488 .proto = IPPROTO_IPV6 };
489 if (ip_route_output_key(&rt, &fl)) {
490 tunnel->stat.tx_carrier_errors++;
494 if (rt->rt_type != RTN_UNICAST) {
496 tunnel->stat.tx_carrier_errors++;
499 tdev = rt->u.dst.dev;
503 tunnel->stat.collisions++;
508 mtu = dst_mtu(&rt->u.dst) - sizeof(struct iphdr);
510 mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu;
513 tunnel->stat.collisions++;
517 if (mtu < IPV6_MIN_MTU)
519 if (tunnel->parms.iph.daddr && skb->dst)
520 skb->dst->ops->update_pmtu(skb->dst, mtu);
522 if (skb->len > mtu) {
523 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, dev);
528 if (tunnel->err_count > 0) {
529 if (jiffies - tunnel->err_time < IPTUNNEL_ERR_TIMEO) {
531 dst_link_failure(skb);
533 tunnel->err_count = 0;
537 * Okay, now see if we can stuff it in the buffer as-is.
539 max_headroom = LL_RESERVED_SPACE(tdev)+sizeof(struct iphdr);
541 if (skb_headroom(skb) < max_headroom || skb_cloned(skb) || skb_shared(skb)) {
542 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
551 skb_set_owner_w(new_skb, skb->sk);
554 iph6 = skb->nh.ipv6h;
557 skb->h.raw = skb->nh.raw;
558 skb->nh.raw = skb_push(skb, sizeof(struct iphdr));
559 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
560 IPCB(skb)->flags = 0;
561 dst_release(skb->dst);
562 skb->dst = &rt->u.dst;
565 * Push down and install the IPIP header.
570 iph->ihl = sizeof(struct iphdr)>>2;
571 if (mtu > IPV6_MIN_MTU)
572 iph->frag_off = htons(IP_DF);
576 iph->protocol = IPPROTO_IPV6;
577 iph->tos = INET_ECN_encapsulate(tos, ipv6_get_dsfield(iph6));
578 iph->daddr = rt->rt_dst;
579 iph->saddr = rt->rt_src;
581 if ((iph->ttl = tiph->ttl) == 0)
582 iph->ttl = iph6->hop_limit;
591 dst_link_failure(skb);
600 ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
603 struct ip_tunnel_parm p;
609 if (dev == ipip6_fb_tunnel_dev) {
610 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
614 t = ipip6_tunnel_locate(&p, 0);
617 t = netdev_priv(dev);
618 memcpy(&p, &t->parms, sizeof(p));
619 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
626 if (!capable(CAP_NET_ADMIN))
630 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
634 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPV6 ||
635 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
638 p.iph.frag_off |= htons(IP_DF);
640 t = ipip6_tunnel_locate(&p, cmd == SIOCADDTUNNEL);
642 if (dev != ipip6_fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
649 if (((dev->flags&IFF_POINTOPOINT) && !p.iph.daddr) ||
650 (!(dev->flags&IFF_POINTOPOINT) && p.iph.daddr)) {
654 t = netdev_priv(dev);
655 ipip6_tunnel_unlink(t);
656 t->parms.iph.saddr = p.iph.saddr;
657 t->parms.iph.daddr = p.iph.daddr;
658 memcpy(dev->dev_addr, &p.iph.saddr, 4);
659 memcpy(dev->broadcast, &p.iph.daddr, 4);
660 ipip6_tunnel_link(t);
661 netdev_state_change(dev);
667 if (cmd == SIOCCHGTUNNEL) {
668 t->parms.iph.ttl = p.iph.ttl;
669 t->parms.iph.tos = p.iph.tos;
671 if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
674 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
679 if (!capable(CAP_NET_ADMIN))
682 if (dev == ipip6_fb_tunnel_dev) {
684 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
687 if ((t = ipip6_tunnel_locate(&p, 0)) == NULL)
690 if (t == netdev_priv(ipip6_fb_tunnel_dev))
694 unregister_netdevice(dev);
706 static struct net_device_stats *ipip6_tunnel_get_stats(struct net_device *dev)
708 return &(((struct ip_tunnel*)netdev_priv(dev))->stat);
711 static int ipip6_tunnel_change_mtu(struct net_device *dev, int new_mtu)
713 if (new_mtu < IPV6_MIN_MTU || new_mtu > 0xFFF8 - sizeof(struct iphdr))
719 static void ipip6_tunnel_setup(struct net_device *dev)
721 SET_MODULE_OWNER(dev);
722 dev->uninit = ipip6_tunnel_uninit;
723 dev->destructor = free_netdev;
724 dev->hard_start_xmit = ipip6_tunnel_xmit;
725 dev->get_stats = ipip6_tunnel_get_stats;
726 dev->do_ioctl = ipip6_tunnel_ioctl;
727 dev->change_mtu = ipip6_tunnel_change_mtu;
729 dev->type = ARPHRD_SIT;
730 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr);
731 dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr);
732 dev->flags = IFF_NOARP;
737 static int ipip6_tunnel_init(struct net_device *dev)
739 struct net_device *tdev = NULL;
740 struct ip_tunnel *tunnel;
743 tunnel = netdev_priv(dev);
744 iph = &tunnel->parms.iph;
747 strcpy(tunnel->parms.name, dev->name);
749 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
750 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
753 struct flowi fl = { .nl_u = { .ip4_u =
754 { .daddr = iph->daddr,
756 .tos = RT_TOS(iph->tos) } },
757 .oif = tunnel->parms.link,
758 .proto = IPPROTO_IPV6 };
760 if (!ip_route_output_key(&rt, &fl)) {
761 tdev = rt->u.dst.dev;
764 dev->flags |= IFF_POINTOPOINT;
767 if (!tdev && tunnel->parms.link)
768 tdev = __dev_get_by_index(tunnel->parms.link);
771 dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr);
772 dev->mtu = tdev->mtu - sizeof(struct iphdr);
773 if (dev->mtu < IPV6_MIN_MTU)
774 dev->mtu = IPV6_MIN_MTU;
776 dev->iflink = tunnel->parms.link;
781 static int __init ipip6_fb_tunnel_init(struct net_device *dev)
783 struct ip_tunnel *tunnel = netdev_priv(dev);
784 struct iphdr *iph = &tunnel->parms.iph;
787 strcpy(tunnel->parms.name, dev->name);
790 iph->protocol = IPPROTO_IPV6;
795 tunnels_wc[0] = tunnel;
799 static struct xfrm_tunnel sit_handler = {
800 .handler = ipip6_rcv,
801 .err_handler = ipip6_err,
805 static void __exit sit_destroy_tunnels(void)
809 for (prio = 1; prio < 4; prio++) {
811 for (h = 0; h < HASH_SIZE; h++) {
813 while ((t = tunnels[prio][h]) != NULL)
814 unregister_netdevice(t->dev);
819 static void __exit sit_cleanup(void)
821 xfrm4_tunnel_deregister(&sit_handler, AF_INET6);
824 sit_destroy_tunnels();
825 unregister_netdevice(ipip6_fb_tunnel_dev);
829 static int __init sit_init(void)
833 printk(KERN_INFO "IPv6 over IPv4 tunneling driver\n");
835 if (xfrm4_tunnel_register(&sit_handler, AF_INET6) < 0) {
836 printk(KERN_INFO "sit init: Can't add protocol\n");
840 ipip6_fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "sit0",
842 if (!ipip6_fb_tunnel_dev) {
847 ipip6_fb_tunnel_dev->init = ipip6_fb_tunnel_init;
849 if ((err = register_netdev(ipip6_fb_tunnel_dev)))
855 free_netdev(ipip6_fb_tunnel_dev);
857 xfrm4_tunnel_deregister(&sit_handler, AF_INET6);
861 module_init(sit_init);
862 module_exit(sit_cleanup);
863 MODULE_LICENSE("GPL");
864 MODULE_ALIAS("sit0");
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob