2 * Linux NET3: IP/IP protocol decoder.
5 * Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
8 * Alan Cox : Merged and made usable non modular (its so tiny its silly as
9 * a module taking up 2 pages).
10 * Alan Cox : Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
11 * to keep ip_forward happy.
12 * Alan Cox : More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
13 * Kai Schulte : Fixed #defines for IP_FIREWALL->FIREWALL
14 * David Woodhouse : Perform some basic ICMP handling.
15 * IPIP Routing without decapsulation.
16 * Carlos Picoto : GRE over IP support
17 * Alexey Kuznetsov: Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
18 * I do not want to merge them together.
20 * This program is free software; you can redistribute it and/or
21 * modify it under the terms of the GNU General Public License
22 * as published by the Free Software Foundation; either version
23 * 2 of the License, or (at your option) any later version.
27 /* tunnel.c: an IP tunnel driver
29 The purpose of this driver is to provide an IP tunnel through
30 which you can tunnel network traffic transparently across subnets.
32 This was written by looking at Nick Holloway's dummy driver
33 Thanks for the great code!
35 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
38 Cleaned up the code a little and added some pre-1.3.0 tweaks.
39 dev->hard_header/hard_header_len changed to use no headers.
40 Comments/bracketing tweaked.
41 Made the tunnels use dev->name not tunnel: when error reporting.
44 -Alan Cox (alan@lxorguk.ukuu.org.uk) 21 March 95
47 Changed to tunnel to destination gateway in addition to the
48 tunnel's pointopoint address
49 Almost completely rewritten
50 Note: There is currently no firewall or ICMP handling done.
52 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/13/96
56 /* Things I wish I had known when writing the tunnel driver:
58 When the tunnel_xmit() function is called, the skb contains the
59 packet to be sent (plus a great deal of extra info), and dev
60 contains the tunnel device that _we_ are.
62 When we are passed a packet, we are expected to fill in the
63 source address with our source IP address.
65 What is the proper way to allocate, copy and free a buffer?
66 After you allocate it, it is a "0 length" chunk of memory
67 starting at zero. If you want to add headers to the buffer
68 later, you'll have to call "skb_reserve(skb, amount)" with
69 the amount of memory you want reserved. Then, you call
70 "skb_put(skb, amount)" with the amount of space you want in
71 the buffer. skb_put() returns a pointer to the top (#0) of
72 that buffer. skb->len is set to the amount of space you have
73 "allocated" with skb_put(). You can then write up to skb->len
74 bytes to that buffer. If you need more, you can call skb_put()
75 again with the additional amount of space you need. You can
76 find out how much more space you can allocate by calling
78 Now, to add header space, call "skb_push(skb, header_len)".
79 This creates space at the beginning of the buffer and returns
80 a pointer to this new space. If later you need to strip a
81 header from a buffer, call "skb_pull(skb, header_len)".
82 skb_headroom() will return how much space is left at the top
83 of the buffer (before the main data). Remember, this headroom
84 space must be reserved before the skb_put() function is called.
88 This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
90 For comments look at net/ipv4/ip_gre.c --ANK
94 #include <linux/capability.h>
95 #include <linux/module.h>
96 #include <linux/types.h>
97 #include <linux/kernel.h>
98 #include <asm/uaccess.h>
99 #include <linux/skbuff.h>
100 #include <linux/netdevice.h>
101 #include <linux/in.h>
102 #include <linux/tcp.h>
103 #include <linux/udp.h>
104 #include <linux/if_arp.h>
105 #include <linux/mroute.h>
106 #include <linux/init.h>
107 #include <linux/netfilter_ipv4.h>
108 #include <linux/if_ether.h>
110 #include <net/sock.h>
112 #include <net/icmp.h>
113 #include <net/ipip.h>
114 #include <net/inet_ecn.h>
115 #include <net/xfrm.h>
116 #include <net/net_namespace.h>
117 #include <net/netns/generic.h>
120 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
122 static int ipip_net_id;
124 struct ip_tunnel *tunnels_r_l[HASH_SIZE];
125 struct ip_tunnel *tunnels_r[HASH_SIZE];
126 struct ip_tunnel *tunnels_l[HASH_SIZE];
127 struct ip_tunnel *tunnels_wc[1];
128 struct ip_tunnel **tunnels[4];
130 struct net_device *fb_tunnel_dev;
133 static void ipip_fb_tunnel_init(struct net_device *dev);
134 static void ipip_tunnel_init(struct net_device *dev);
135 static void ipip_tunnel_setup(struct net_device *dev);
137 static DEFINE_RWLOCK(ipip_lock);
139 static struct ip_tunnel * ipip_tunnel_lookup(struct net *net,
140 __be32 remote, __be32 local)
142 unsigned h0 = HASH(remote);
143 unsigned h1 = HASH(local);
145 struct ipip_net *ipn = net_generic(net, ipip_net_id);
147 for (t = ipn->tunnels_r_l[h0^h1]; t; t = t->next) {
148 if (local == t->parms.iph.saddr &&
149 remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
152 for (t = ipn->tunnels_r[h0]; t; t = t->next) {
153 if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
156 for (t = ipn->tunnels_l[h1]; t; t = t->next) {
157 if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP))
160 if ((t = ipn->tunnels_wc[0]) != NULL && (t->dev->flags&IFF_UP))
165 static struct ip_tunnel **__ipip_bucket(struct ipip_net *ipn,
166 struct ip_tunnel_parm *parms)
168 __be32 remote = parms->iph.daddr;
169 __be32 local = parms->iph.saddr;
181 return &ipn->tunnels[prio][h];
184 static inline struct ip_tunnel **ipip_bucket(struct ipip_net *ipn,
187 return __ipip_bucket(ipn, &t->parms);
190 static void ipip_tunnel_unlink(struct ipip_net *ipn, struct ip_tunnel *t)
192 struct ip_tunnel **tp;
194 for (tp = ipip_bucket(ipn, t); *tp; tp = &(*tp)->next) {
196 write_lock_bh(&ipip_lock);
198 write_unlock_bh(&ipip_lock);
204 static void ipip_tunnel_link(struct ipip_net *ipn, struct ip_tunnel *t)
206 struct ip_tunnel **tp = ipip_bucket(ipn, t);
209 write_lock_bh(&ipip_lock);
211 write_unlock_bh(&ipip_lock);
214 static struct ip_tunnel * ipip_tunnel_locate(struct net *net,
215 struct ip_tunnel_parm *parms, int create)
217 __be32 remote = parms->iph.daddr;
218 __be32 local = parms->iph.saddr;
219 struct ip_tunnel *t, **tp, *nt;
220 struct net_device *dev;
222 struct ipip_net *ipn = net_generic(net, ipip_net_id);
224 for (tp = __ipip_bucket(ipn, parms); (t = *tp) != NULL; tp = &t->next) {
225 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr)
232 strlcpy(name, parms->name, IFNAMSIZ);
234 sprintf(name, "tunl%%d");
236 dev = alloc_netdev(sizeof(*t), name, ipip_tunnel_setup);
240 dev_net_set(dev, net);
242 if (strchr(name, '%')) {
243 if (dev_alloc_name(dev, name) < 0)
247 nt = netdev_priv(dev);
250 ipip_tunnel_init(dev);
252 if (register_netdevice(dev) < 0)
256 ipip_tunnel_link(ipn, nt);
264 static void ipip_tunnel_uninit(struct net_device *dev)
266 struct net *net = dev_net(dev);
267 struct ipip_net *ipn = net_generic(net, ipip_net_id);
269 if (dev == ipn->fb_tunnel_dev) {
270 write_lock_bh(&ipip_lock);
271 ipn->tunnels_wc[0] = NULL;
272 write_unlock_bh(&ipip_lock);
274 ipip_tunnel_unlink(ipn, netdev_priv(dev));
278 static int ipip_err(struct sk_buff *skb, u32 info)
281 /* All the routers (except for Linux) return only
282 8 bytes of packet payload. It means, that precise relaying of
283 ICMP in the real Internet is absolutely infeasible.
285 struct iphdr *iph = (struct iphdr *)skb->data;
286 const int type = icmp_hdr(skb)->type;
287 const int code = icmp_hdr(skb)->code;
293 case ICMP_PARAMETERPROB:
296 case ICMP_DEST_UNREACH:
299 case ICMP_PORT_UNREACH:
300 /* Impossible event. */
302 case ICMP_FRAG_NEEDED:
303 /* Soft state for pmtu is maintained by IP core. */
306 /* All others are translated to HOST_UNREACH.
307 rfc2003 contains "deep thoughts" about NET_UNREACH,
308 I believe they are just ether pollution. --ANK
313 case ICMP_TIME_EXCEEDED:
314 if (code != ICMP_EXC_TTL)
321 read_lock(&ipip_lock);
322 t = ipip_tunnel_lookup(dev_net(skb->dev), iph->daddr, iph->saddr);
323 if (t == NULL || t->parms.iph.daddr == 0)
327 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
330 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
334 t->err_time = jiffies;
336 read_unlock(&ipip_lock);
340 static inline void ipip_ecn_decapsulate(const struct iphdr *outer_iph,
343 struct iphdr *inner_iph = ip_hdr(skb);
345 if (INET_ECN_is_ce(outer_iph->tos))
346 IP_ECN_set_ce(inner_iph);
349 static int ipip_rcv(struct sk_buff *skb)
351 struct ip_tunnel *tunnel;
352 const struct iphdr *iph = ip_hdr(skb);
354 read_lock(&ipip_lock);
355 if ((tunnel = ipip_tunnel_lookup(dev_net(skb->dev),
356 iph->saddr, iph->daddr)) != NULL) {
357 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
358 read_unlock(&ipip_lock);
365 skb->mac_header = skb->network_header;
366 skb_reset_network_header(skb);
367 skb->protocol = htons(ETH_P_IP);
368 skb->pkt_type = PACKET_HOST;
370 tunnel->dev->stats.rx_packets++;
371 tunnel->dev->stats.rx_bytes += skb->len;
372 skb->dev = tunnel->dev;
373 dst_release(skb->dst);
376 ipip_ecn_decapsulate(iph, skb);
378 read_unlock(&ipip_lock);
381 read_unlock(&ipip_lock);
387 * This function assumes it is being called from dev_queue_xmit()
388 * and that skb is filled properly by that function.
391 static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
393 struct ip_tunnel *tunnel = netdev_priv(dev);
394 struct net_device_stats *stats = &tunnel->dev->stats;
395 struct iphdr *tiph = &tunnel->parms.iph;
396 u8 tos = tunnel->parms.iph.tos;
397 __be16 df = tiph->frag_off;
398 struct rtable *rt; /* Route to the other host */
399 struct net_device *tdev; /* Device to other host */
400 struct iphdr *old_iph = ip_hdr(skb);
401 struct iphdr *iph; /* Our new IP header */
402 unsigned int max_headroom; /* The extra header space needed */
403 __be32 dst = tiph->daddr;
406 if (tunnel->recursion++) {
411 if (skb->protocol != htons(ETH_P_IP))
419 if ((rt = skb_rtable(skb)) == NULL) {
420 stats->tx_fifo_errors++;
423 if ((dst = rt->rt_gateway) == 0)
428 struct flowi fl = { .oif = tunnel->parms.link,
431 .saddr = tiph->saddr,
432 .tos = RT_TOS(tos) } },
433 .proto = IPPROTO_IPIP };
434 if (ip_route_output_key(dev_net(dev), &rt, &fl)) {
435 stats->tx_carrier_errors++;
439 tdev = rt->u.dst.dev;
448 mtu = dst_mtu(&rt->u.dst) - sizeof(struct iphdr);
450 mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu;
458 skb->dst->ops->update_pmtu(skb->dst, mtu);
460 df |= (old_iph->frag_off&htons(IP_DF));
462 if ((old_iph->frag_off&htons(IP_DF)) && mtu < ntohs(old_iph->tot_len)) {
463 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
468 if (tunnel->err_count > 0) {
469 if (time_before(jiffies,
470 tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
472 dst_link_failure(skb);
474 tunnel->err_count = 0;
478 * Okay, now see if we can stuff it in the buffer as-is.
480 max_headroom = (LL_RESERVED_SPACE(tdev)+sizeof(struct iphdr));
482 if (skb_headroom(skb) < max_headroom || skb_shared(skb) ||
483 (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
484 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
493 skb_set_owner_w(new_skb, skb->sk);
496 old_iph = ip_hdr(skb);
499 skb->transport_header = skb->network_header;
500 skb_push(skb, sizeof(struct iphdr));
501 skb_reset_network_header(skb);
502 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
503 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
505 dst_release(skb->dst);
506 skb->dst = &rt->u.dst;
509 * Push down and install the IPIP header.
514 iph->ihl = sizeof(struct iphdr)>>2;
516 iph->protocol = IPPROTO_IPIP;
517 iph->tos = INET_ECN_encapsulate(tos, old_iph->tos);
518 iph->daddr = rt->rt_dst;
519 iph->saddr = rt->rt_src;
521 if ((iph->ttl = tiph->ttl) == 0)
522 iph->ttl = old_iph->ttl;
531 dst_link_failure(skb);
539 static void ipip_tunnel_bind_dev(struct net_device *dev)
541 struct net_device *tdev = NULL;
542 struct ip_tunnel *tunnel;
545 tunnel = netdev_priv(dev);
546 iph = &tunnel->parms.iph;
549 struct flowi fl = { .oif = tunnel->parms.link,
551 { .daddr = iph->daddr,
553 .tos = RT_TOS(iph->tos) } },
554 .proto = IPPROTO_IPIP };
556 if (!ip_route_output_key(dev_net(dev), &rt, &fl)) {
557 tdev = rt->u.dst.dev;
560 dev->flags |= IFF_POINTOPOINT;
563 if (!tdev && tunnel->parms.link)
564 tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link);
567 dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr);
568 dev->mtu = tdev->mtu - sizeof(struct iphdr);
570 dev->iflink = tunnel->parms.link;
574 ipip_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
577 struct ip_tunnel_parm p;
579 struct net *net = dev_net(dev);
580 struct ipip_net *ipn = net_generic(net, ipip_net_id);
585 if (dev == ipn->fb_tunnel_dev) {
586 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
590 t = ipip_tunnel_locate(net, &p, 0);
593 t = netdev_priv(dev);
594 memcpy(&p, &t->parms, sizeof(p));
595 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
602 if (!capable(CAP_NET_ADMIN))
606 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
610 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
611 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
614 p.iph.frag_off |= htons(IP_DF);
616 t = ipip_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL);
618 if (dev != ipn->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
625 if (((dev->flags&IFF_POINTOPOINT) && !p.iph.daddr) ||
626 (!(dev->flags&IFF_POINTOPOINT) && p.iph.daddr)) {
630 t = netdev_priv(dev);
631 ipip_tunnel_unlink(ipn, t);
632 t->parms.iph.saddr = p.iph.saddr;
633 t->parms.iph.daddr = p.iph.daddr;
634 memcpy(dev->dev_addr, &p.iph.saddr, 4);
635 memcpy(dev->broadcast, &p.iph.daddr, 4);
636 ipip_tunnel_link(ipn, t);
637 netdev_state_change(dev);
643 if (cmd == SIOCCHGTUNNEL) {
644 t->parms.iph.ttl = p.iph.ttl;
645 t->parms.iph.tos = p.iph.tos;
646 t->parms.iph.frag_off = p.iph.frag_off;
647 if (t->parms.link != p.link) {
648 t->parms.link = p.link;
649 ipip_tunnel_bind_dev(dev);
650 netdev_state_change(dev);
653 if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
656 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
661 if (!capable(CAP_NET_ADMIN))
664 if (dev == ipn->fb_tunnel_dev) {
666 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
669 if ((t = ipip_tunnel_locate(net, &p, 0)) == NULL)
672 if (t->dev == ipn->fb_tunnel_dev)
676 unregister_netdevice(dev);
688 static int ipip_tunnel_change_mtu(struct net_device *dev, int new_mtu)
690 if (new_mtu < 68 || new_mtu > 0xFFF8 - sizeof(struct iphdr))
696 static const struct net_device_ops ipip_netdev_ops = {
697 .ndo_uninit = ipip_tunnel_uninit,
698 .ndo_start_xmit = ipip_tunnel_xmit,
699 .ndo_do_ioctl = ipip_tunnel_ioctl,
700 .ndo_change_mtu = ipip_tunnel_change_mtu,
704 static void ipip_tunnel_setup(struct net_device *dev)
706 dev->netdev_ops = &ipip_netdev_ops;
707 dev->destructor = free_netdev;
709 dev->type = ARPHRD_TUNNEL;
710 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr);
711 dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr);
712 dev->flags = IFF_NOARP;
715 dev->features |= NETIF_F_NETNS_LOCAL;
716 dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
719 static void ipip_tunnel_init(struct net_device *dev)
721 struct ip_tunnel *tunnel = netdev_priv(dev);
724 strcpy(tunnel->parms.name, dev->name);
726 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
727 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
729 ipip_tunnel_bind_dev(dev);
732 static void ipip_fb_tunnel_init(struct net_device *dev)
734 struct ip_tunnel *tunnel = netdev_priv(dev);
735 struct iphdr *iph = &tunnel->parms.iph;
736 struct ipip_net *ipn = net_generic(dev_net(dev), ipip_net_id);
739 strcpy(tunnel->parms.name, dev->name);
742 iph->protocol = IPPROTO_IPIP;
746 ipn->tunnels_wc[0] = tunnel;
749 static struct xfrm_tunnel ipip_handler = {
751 .err_handler = ipip_err,
755 static const char banner[] __initconst =
756 KERN_INFO "IPv4 over IPv4 tunneling driver\n";
758 static void ipip_destroy_tunnels(struct ipip_net *ipn)
762 for (prio = 1; prio < 4; prio++) {
764 for (h = 0; h < HASH_SIZE; h++) {
766 while ((t = ipn->tunnels[prio][h]) != NULL)
767 unregister_netdevice(t->dev);
772 static int ipip_init_net(struct net *net)
775 struct ipip_net *ipn;
778 ipn = kzalloc(sizeof(struct ipip_net), GFP_KERNEL);
782 err = net_assign_generic(net, ipip_net_id, ipn);
786 ipn->tunnels[0] = ipn->tunnels_wc;
787 ipn->tunnels[1] = ipn->tunnels_l;
788 ipn->tunnels[2] = ipn->tunnels_r;
789 ipn->tunnels[3] = ipn->tunnels_r_l;
791 ipn->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel),
794 if (!ipn->fb_tunnel_dev) {
798 dev_net_set(ipn->fb_tunnel_dev, net);
800 ipip_fb_tunnel_init(ipn->fb_tunnel_dev);
802 if ((err = register_netdev(ipn->fb_tunnel_dev)))
808 free_netdev(ipn->fb_tunnel_dev);
817 static void ipip_exit_net(struct net *net)
819 struct ipip_net *ipn;
821 ipn = net_generic(net, ipip_net_id);
823 ipip_destroy_tunnels(ipn);
824 unregister_netdevice(ipn->fb_tunnel_dev);
829 static struct pernet_operations ipip_net_ops = {
830 .init = ipip_init_net,
831 .exit = ipip_exit_net,
834 static int __init ipip_init(void)
840 if (xfrm4_tunnel_register(&ipip_handler, AF_INET)) {
841 printk(KERN_INFO "ipip init: can't register tunnel\n");
845 err = register_pernet_gen_device(&ipip_net_id, &ipip_net_ops);
847 xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
852 static void __exit ipip_fini(void)
854 if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
855 printk(KERN_INFO "ipip close: can't deregister tunnel\n");
857 unregister_pernet_gen_device(ipip_net_id, &ipip_net_ops);
860 module_init(ipip_init);
861 module_exit(ipip_fini);
862 MODULE_LICENSE("GPL");
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob