2 * Linux NET3: IP/IP protocol decoder.
4 * Version: $Id: ipip.c,v 1.50 2001/10/02 02:22:36 davem Exp $
7 * Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
10 * Alan Cox : Merged and made usable non modular (its so tiny its silly as
11 * a module taking up 2 pages).
12 * Alan Cox : Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
13 * to keep ip_forward happy.
14 * Alan Cox : More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
15 * Kai Schulte : Fixed #defines for IP_FIREWALL->FIREWALL
16 * David Woodhouse : Perform some basic ICMP handling.
17 * IPIP Routing without decapsulation.
18 * Carlos Picoto : GRE over IP support
19 * Alexey Kuznetsov: Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
20 * I do not want to merge them together.
22 * This program is free software; you can redistribute it and/or
23 * modify it under the terms of the GNU General Public License
24 * as published by the Free Software Foundation; either version
25 * 2 of the License, or (at your option) any later version.
29 /* tunnel.c: an IP tunnel driver
31 The purpose of this driver is to provide an IP tunnel through
32 which you can tunnel network traffic transparently across subnets.
34 This was written by looking at Nick Holloway's dummy driver
35 Thanks for the great code!
37 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
40 Cleaned up the code a little and added some pre-1.3.0 tweaks.
41 dev->hard_header/hard_header_len changed to use no headers.
42 Comments/bracketing tweaked.
43 Made the tunnels use dev->name not tunnel: when error reporting.
46 -Alan Cox (Alan.Cox@linux.org) 21 March 95
49 Changed to tunnel to destination gateway in addition to the
50 tunnel's pointopoint address
51 Almost completely rewritten
52 Note: There is currently no firewall or ICMP handling done.
54 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/13/96
58 /* Things I wish I had known when writing the tunnel driver:
60 When the tunnel_xmit() function is called, the skb contains the
61 packet to be sent (plus a great deal of extra info), and dev
62 contains the tunnel device that _we_ are.
64 When we are passed a packet, we are expected to fill in the
65 source address with our source IP address.
67 What is the proper way to allocate, copy and free a buffer?
68 After you allocate it, it is a "0 length" chunk of memory
69 starting at zero. If you want to add headers to the buffer
70 later, you'll have to call "skb_reserve(skb, amount)" with
71 the amount of memory you want reserved. Then, you call
72 "skb_put(skb, amount)" with the amount of space you want in
73 the buffer. skb_put() returns a pointer to the top (#0) of
74 that buffer. skb->len is set to the amount of space you have
75 "allocated" with skb_put(). You can then write up to skb->len
76 bytes to that buffer. If you need more, you can call skb_put()
77 again with the additional amount of space you need. You can
78 find out how much more space you can allocate by calling
80 Now, to add header space, call "skb_push(skb, header_len)".
81 This creates space at the beginning of the buffer and returns
82 a pointer to this new space. If later you need to strip a
83 header from a buffer, call "skb_pull(skb, header_len)".
84 skb_headroom() will return how much space is left at the top
85 of the buffer (before the main data). Remember, this headroom
86 space must be reserved before the skb_put() function is called.
90 This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
92 For comments look at net/ipv4/ip_gre.c --ANK
96 #include <linux/capability.h>
97 #include <linux/module.h>
98 #include <linux/types.h>
99 #include <linux/kernel.h>
100 #include <asm/uaccess.h>
101 #include <linux/skbuff.h>
102 #include <linux/netdevice.h>
103 #include <linux/in.h>
104 #include <linux/tcp.h>
105 #include <linux/udp.h>
106 #include <linux/if_arp.h>
107 #include <linux/mroute.h>
108 #include <linux/init.h>
109 #include <linux/netfilter_ipv4.h>
110 #include <linux/if_ether.h>
112 #include <net/sock.h>
114 #include <net/icmp.h>
115 #include <net/ipip.h>
116 #include <net/inet_ecn.h>
117 #include <net/xfrm.h>
120 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
122 static int ipip_fb_tunnel_init(struct net_device *dev);
123 static int ipip_tunnel_init(struct net_device *dev);
124 static void ipip_tunnel_setup(struct net_device *dev);
126 static struct net_device *ipip_fb_tunnel_dev;
128 static struct ip_tunnel *tunnels_r_l[HASH_SIZE];
129 static struct ip_tunnel *tunnels_r[HASH_SIZE];
130 static struct ip_tunnel *tunnels_l[HASH_SIZE];
131 static struct ip_tunnel *tunnels_wc[1];
132 static struct ip_tunnel **tunnels[4] = { tunnels_wc, tunnels_l, tunnels_r, tunnels_r_l };
134 static DEFINE_RWLOCK(ipip_lock);
136 static struct ip_tunnel * ipip_tunnel_lookup(__be32 remote, __be32 local)
138 unsigned h0 = HASH(remote);
139 unsigned h1 = HASH(local);
142 for (t = tunnels_r_l[h0^h1]; t; t = t->next) {
143 if (local == t->parms.iph.saddr &&
144 remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
147 for (t = tunnels_r[h0]; t; t = t->next) {
148 if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
151 for (t = tunnels_l[h1]; t; t = t->next) {
152 if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP))
155 if ((t = tunnels_wc[0]) != NULL && (t->dev->flags&IFF_UP))
160 static struct ip_tunnel **ipip_bucket(struct ip_tunnel *t)
162 __be32 remote = t->parms.iph.daddr;
163 __be32 local = t->parms.iph.saddr;
175 return &tunnels[prio][h];
179 static void ipip_tunnel_unlink(struct ip_tunnel *t)
181 struct ip_tunnel **tp;
183 for (tp = ipip_bucket(t); *tp; tp = &(*tp)->next) {
185 write_lock_bh(&ipip_lock);
187 write_unlock_bh(&ipip_lock);
193 static void ipip_tunnel_link(struct ip_tunnel *t)
195 struct ip_tunnel **tp = ipip_bucket(t);
198 write_lock_bh(&ipip_lock);
200 write_unlock_bh(&ipip_lock);
203 static struct ip_tunnel * ipip_tunnel_locate(struct ip_tunnel_parm *parms, int create)
205 __be32 remote = parms->iph.daddr;
206 __be32 local = parms->iph.saddr;
207 struct ip_tunnel *t, **tp, *nt;
208 struct net_device *dev;
221 for (tp = &tunnels[prio][h]; (t = *tp) != NULL; tp = &t->next) {
222 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr)
229 strlcpy(name, parms->name, IFNAMSIZ);
232 for (i=1; i<100; i++) {
233 sprintf(name, "tunl%d", i);
234 if (__dev_get_by_name(name) == NULL)
241 dev = alloc_netdev(sizeof(*t), name, ipip_tunnel_setup);
245 nt = netdev_priv(dev);
246 SET_MODULE_OWNER(dev);
247 dev->init = ipip_tunnel_init;
250 if (register_netdevice(dev) < 0) {
256 ipip_tunnel_link(nt);
263 static void ipip_tunnel_uninit(struct net_device *dev)
265 if (dev == ipip_fb_tunnel_dev) {
266 write_lock_bh(&ipip_lock);
267 tunnels_wc[0] = NULL;
268 write_unlock_bh(&ipip_lock);
270 ipip_tunnel_unlink(netdev_priv(dev));
274 static int ipip_err(struct sk_buff *skb, u32 info)
276 #ifndef I_WISH_WORLD_WERE_PERFECT
278 /* It is not :-( All the routers (except for Linux) return only
279 8 bytes of packet payload. It means, that precise relaying of
280 ICMP in the real Internet is absolutely infeasible.
282 struct iphdr *iph = (struct iphdr*)skb->data;
283 int type = skb->h.icmph->type;
284 int code = skb->h.icmph->code;
290 case ICMP_PARAMETERPROB:
293 case ICMP_DEST_UNREACH:
296 case ICMP_PORT_UNREACH:
297 /* Impossible event. */
299 case ICMP_FRAG_NEEDED:
300 /* Soft state for pmtu is maintained by IP core. */
303 /* All others are translated to HOST_UNREACH.
304 rfc2003 contains "deep thoughts" about NET_UNREACH,
305 I believe they are just ether pollution. --ANK
310 case ICMP_TIME_EXCEEDED:
311 if (code != ICMP_EXC_TTL)
318 read_lock(&ipip_lock);
319 t = ipip_tunnel_lookup(iph->daddr, iph->saddr);
320 if (t == NULL || t->parms.iph.daddr == 0)
324 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
327 if (jiffies - t->err_time < IPTUNNEL_ERR_TIMEO)
331 t->err_time = jiffies;
333 read_unlock(&ipip_lock);
336 struct iphdr *iph = (struct iphdr*)dp;
337 int hlen = iph->ihl<<2;
339 int type = skb->h.icmph->type;
340 int code = skb->h.icmph->code;
345 struct sk_buff *skb2;
349 if (len < hlen + sizeof(struct iphdr))
351 eiph = (struct iphdr*)(dp + hlen);
356 case ICMP_PARAMETERPROB:
357 n = ntohl(skb->h.icmph->un.gateway) >> 24;
361 /* So... This guy found something strange INSIDE encapsulated
362 packet. Well, he is fool, but what can we do ?
364 rel_type = ICMP_PARAMETERPROB;
365 rel_info = htonl((n - hlen) << 24);
368 case ICMP_DEST_UNREACH:
371 case ICMP_PORT_UNREACH:
372 /* Impossible event. */
374 case ICMP_FRAG_NEEDED:
375 /* And it is the only really necessary thing :-) */
376 n = ntohs(skb->h.icmph->un.frag.mtu);
380 /* BSD 4.2 MORE DOES NOT EXIST IN NATURE. */
381 if (n > ntohs(eiph->tot_len))
386 /* All others are translated to HOST_UNREACH.
387 rfc2003 contains "deep thoughts" about NET_UNREACH,
388 I believe, it is just ether pollution. --ANK
390 rel_type = ICMP_DEST_UNREACH;
391 rel_code = ICMP_HOST_UNREACH;
395 case ICMP_TIME_EXCEEDED:
396 if (code != ICMP_EXC_TTL)
401 /* Prepare fake skb to feed it to icmp_send */
402 skb2 = skb_clone(skb, GFP_ATOMIC);
405 dst_release(skb2->dst);
407 skb_pull(skb2, skb->data - (u8*)eiph);
408 skb_reset_network_header(skb2);
410 /* Try to guess incoming interface */
411 memset(&fl, 0, sizeof(fl));
412 fl.fl4_daddr = eiph->saddr;
413 fl.fl4_tos = RT_TOS(eiph->tos);
414 fl.proto = IPPROTO_IPIP;
415 if (ip_route_output_key(&rt, &key)) {
419 skb2->dev = rt->u.dst.dev;
421 /* route "incoming" packet */
422 if (rt->rt_flags&RTCF_LOCAL) {
425 fl.fl4_daddr = eiph->daddr;
426 fl.fl4_src = eiph->saddr;
427 fl.fl4_tos = eiph->tos;
428 if (ip_route_output_key(&rt, &fl) ||
429 rt->u.dst.dev->type != ARPHRD_TUNNEL) {
436 if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, skb2->dev) ||
437 skb2->dst->dev->type != ARPHRD_TUNNEL) {
443 /* change mtu on this route */
444 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
445 if (n > dst_mtu(skb2->dst)) {
449 skb2->dst->ops->update_pmtu(skb2->dst, n);
450 } else if (type == ICMP_TIME_EXCEEDED) {
451 struct ip_tunnel *t = netdev_priv(skb2->dev);
452 if (t->parms.iph.ttl) {
453 rel_type = ICMP_DEST_UNREACH;
454 rel_code = ICMP_HOST_UNREACH;
458 icmp_send(skb2, rel_type, rel_code, rel_info);
464 static inline void ipip_ecn_decapsulate(const struct iphdr *outer_iph,
467 struct iphdr *inner_iph = ip_hdr(skb);
469 if (INET_ECN_is_ce(outer_iph->tos))
470 IP_ECN_set_ce(inner_iph);
473 static int ipip_rcv(struct sk_buff *skb)
475 struct ip_tunnel *tunnel;
476 const struct iphdr *iph = ip_hdr(skb);
478 read_lock(&ipip_lock);
479 if ((tunnel = ipip_tunnel_lookup(iph->saddr, iph->daddr)) != NULL) {
480 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
481 read_unlock(&ipip_lock);
488 skb->mac.raw = skb->nh.raw;
489 skb_reset_network_header(skb);
490 skb->protocol = htons(ETH_P_IP);
491 skb->pkt_type = PACKET_HOST;
493 tunnel->stat.rx_packets++;
494 tunnel->stat.rx_bytes += skb->len;
495 skb->dev = tunnel->dev;
496 dst_release(skb->dst);
499 ipip_ecn_decapsulate(iph, skb);
501 read_unlock(&ipip_lock);
504 read_unlock(&ipip_lock);
510 * This function assumes it is being called from dev_queue_xmit()
511 * and that skb is filled properly by that function.
514 static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
516 struct ip_tunnel *tunnel = netdev_priv(dev);
517 struct net_device_stats *stats = &tunnel->stat;
518 struct iphdr *tiph = &tunnel->parms.iph;
519 u8 tos = tunnel->parms.iph.tos;
520 __be16 df = tiph->frag_off;
521 struct rtable *rt; /* Route to the other host */
522 struct net_device *tdev; /* Device to other host */
523 struct iphdr *old_iph = ip_hdr(skb);
524 struct iphdr *iph; /* Our new IP header */
525 int max_headroom; /* The extra header space needed */
526 __be32 dst = tiph->daddr;
529 if (tunnel->recursion++) {
530 tunnel->stat.collisions++;
534 if (skb->protocol != htons(ETH_P_IP))
542 if ((rt = (struct rtable*)skb->dst) == NULL) {
543 tunnel->stat.tx_fifo_errors++;
546 if ((dst = rt->rt_gateway) == 0)
551 struct flowi fl = { .oif = tunnel->parms.link,
554 .saddr = tiph->saddr,
555 .tos = RT_TOS(tos) } },
556 .proto = IPPROTO_IPIP };
557 if (ip_route_output_key(&rt, &fl)) {
558 tunnel->stat.tx_carrier_errors++;
562 tdev = rt->u.dst.dev;
566 tunnel->stat.collisions++;
571 mtu = dst_mtu(&rt->u.dst) - sizeof(struct iphdr);
573 mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu;
576 tunnel->stat.collisions++;
581 skb->dst->ops->update_pmtu(skb->dst, mtu);
583 df |= (old_iph->frag_off&htons(IP_DF));
585 if ((old_iph->frag_off&htons(IP_DF)) && mtu < ntohs(old_iph->tot_len)) {
586 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
591 if (tunnel->err_count > 0) {
592 if (jiffies - tunnel->err_time < IPTUNNEL_ERR_TIMEO) {
594 dst_link_failure(skb);
596 tunnel->err_count = 0;
600 * Okay, now see if we can stuff it in the buffer as-is.
602 max_headroom = (LL_RESERVED_SPACE(tdev)+sizeof(struct iphdr));
604 if (skb_headroom(skb) < max_headroom || skb_cloned(skb) || skb_shared(skb)) {
605 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
614 skb_set_owner_w(new_skb, skb->sk);
617 old_iph = ip_hdr(skb);
620 skb->h.raw = skb->nh.raw;
621 skb_push(skb, sizeof(struct iphdr));
622 skb_reset_network_header(skb);
623 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
624 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
626 dst_release(skb->dst);
627 skb->dst = &rt->u.dst;
630 * Push down and install the IPIP header.
635 iph->ihl = sizeof(struct iphdr)>>2;
637 iph->protocol = IPPROTO_IPIP;
638 iph->tos = INET_ECN_encapsulate(tos, old_iph->tos);
639 iph->daddr = rt->rt_dst;
640 iph->saddr = rt->rt_src;
642 if ((iph->ttl = tiph->ttl) == 0)
643 iph->ttl = old_iph->ttl;
652 dst_link_failure(skb);
661 ipip_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
664 struct ip_tunnel_parm p;
670 if (dev == ipip_fb_tunnel_dev) {
671 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
675 t = ipip_tunnel_locate(&p, 0);
678 t = netdev_priv(dev);
679 memcpy(&p, &t->parms, sizeof(p));
680 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
687 if (!capable(CAP_NET_ADMIN))
691 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
695 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
696 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
699 p.iph.frag_off |= htons(IP_DF);
701 t = ipip_tunnel_locate(&p, cmd == SIOCADDTUNNEL);
703 if (dev != ipip_fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
710 if (((dev->flags&IFF_POINTOPOINT) && !p.iph.daddr) ||
711 (!(dev->flags&IFF_POINTOPOINT) && p.iph.daddr)) {
715 t = netdev_priv(dev);
716 ipip_tunnel_unlink(t);
717 t->parms.iph.saddr = p.iph.saddr;
718 t->parms.iph.daddr = p.iph.daddr;
719 memcpy(dev->dev_addr, &p.iph.saddr, 4);
720 memcpy(dev->broadcast, &p.iph.daddr, 4);
722 netdev_state_change(dev);
728 if (cmd == SIOCCHGTUNNEL) {
729 t->parms.iph.ttl = p.iph.ttl;
730 t->parms.iph.tos = p.iph.tos;
731 t->parms.iph.frag_off = p.iph.frag_off;
733 if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
736 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
741 if (!capable(CAP_NET_ADMIN))
744 if (dev == ipip_fb_tunnel_dev) {
746 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
749 if ((t = ipip_tunnel_locate(&p, 0)) == NULL)
752 if (t->dev == ipip_fb_tunnel_dev)
756 unregister_netdevice(dev);
768 static struct net_device_stats *ipip_tunnel_get_stats(struct net_device *dev)
770 return &(((struct ip_tunnel*)netdev_priv(dev))->stat);
773 static int ipip_tunnel_change_mtu(struct net_device *dev, int new_mtu)
775 if (new_mtu < 68 || new_mtu > 0xFFF8 - sizeof(struct iphdr))
781 static void ipip_tunnel_setup(struct net_device *dev)
783 SET_MODULE_OWNER(dev);
784 dev->uninit = ipip_tunnel_uninit;
785 dev->hard_start_xmit = ipip_tunnel_xmit;
786 dev->get_stats = ipip_tunnel_get_stats;
787 dev->do_ioctl = ipip_tunnel_ioctl;
788 dev->change_mtu = ipip_tunnel_change_mtu;
789 dev->destructor = free_netdev;
791 dev->type = ARPHRD_TUNNEL;
792 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr);
793 dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr);
794 dev->flags = IFF_NOARP;
799 static int ipip_tunnel_init(struct net_device *dev)
801 struct net_device *tdev = NULL;
802 struct ip_tunnel *tunnel;
805 tunnel = netdev_priv(dev);
806 iph = &tunnel->parms.iph;
809 strcpy(tunnel->parms.name, dev->name);
811 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
812 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
815 struct flowi fl = { .oif = tunnel->parms.link,
817 { .daddr = iph->daddr,
819 .tos = RT_TOS(iph->tos) } },
820 .proto = IPPROTO_IPIP };
822 if (!ip_route_output_key(&rt, &fl)) {
823 tdev = rt->u.dst.dev;
826 dev->flags |= IFF_POINTOPOINT;
829 if (!tdev && tunnel->parms.link)
830 tdev = __dev_get_by_index(tunnel->parms.link);
833 dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr);
834 dev->mtu = tdev->mtu - sizeof(struct iphdr);
836 dev->iflink = tunnel->parms.link;
841 static int __init ipip_fb_tunnel_init(struct net_device *dev)
843 struct ip_tunnel *tunnel = netdev_priv(dev);
844 struct iphdr *iph = &tunnel->parms.iph;
847 strcpy(tunnel->parms.name, dev->name);
850 iph->protocol = IPPROTO_IPIP;
854 tunnels_wc[0] = tunnel;
858 static struct xfrm_tunnel ipip_handler = {
860 .err_handler = ipip_err,
864 static char banner[] __initdata =
865 KERN_INFO "IPv4 over IPv4 tunneling driver\n";
867 static int __init ipip_init(void)
873 if (xfrm4_tunnel_register(&ipip_handler, AF_INET)) {
874 printk(KERN_INFO "ipip init: can't register tunnel\n");
878 ipip_fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel),
881 if (!ipip_fb_tunnel_dev) {
886 ipip_fb_tunnel_dev->init = ipip_fb_tunnel_init;
888 if ((err = register_netdev(ipip_fb_tunnel_dev)))
893 free_netdev(ipip_fb_tunnel_dev);
895 xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
899 static void __exit ipip_destroy_tunnels(void)
903 for (prio = 1; prio < 4; prio++) {
905 for (h = 0; h < HASH_SIZE; h++) {
907 while ((t = tunnels[prio][h]) != NULL)
908 unregister_netdevice(t->dev);
913 static void __exit ipip_fini(void)
915 if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
916 printk(KERN_INFO "ipip close: can't deregister tunnel\n");
919 ipip_destroy_tunnels();
920 unregister_netdevice(ipip_fb_tunnel_dev);
924 module_init(ipip_init);
925 module_exit(ipip_fini);
926 MODULE_LICENSE("GPL");
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob