linux/net/ipv6/ip6_tunnel.c
<<
>>
Prefs
   1/*
   2 *      IPv6 tunneling device
   3 *      Linux INET6 implementation
   4 *
   5 *      Authors:
   6 *      Ville Nuorvala          <vnuorval@tcs.hut.fi>
   7 *      Yasuyuki Kozakai        <kozakai@linux-ipv6.org>
   8 *
   9 *      Based on:
  10 *      linux/net/ipv6/sit.c and linux/net/ipv4/ipip.c
  11 *
  12 *      RFC 2473
  13 *
  14 *      This program is free software; you can redistribute it and/or
  15 *      modify it under the terms of the GNU General Public License
  16 *      as published by the Free Software Foundation; either version
  17 *      2 of the License, or (at your option) any later version.
  18 *
  19 */
  20
  21#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  22
  23#include <linux/module.h>
  24#include <linux/capability.h>
  25#include <linux/errno.h>
  26#include <linux/types.h>
  27#include <linux/sockios.h>
  28#include <linux/icmp.h>
  29#include <linux/if.h>
  30#include <linux/in.h>
  31#include <linux/ip.h>
  32#include <linux/if_tunnel.h>
  33#include <linux/net.h>
  34#include <linux/in6.h>
  35#include <linux/netdevice.h>
  36#include <linux/if_arp.h>
  37#include <linux/icmpv6.h>
  38#include <linux/init.h>
  39#include <linux/route.h>
  40#include <linux/rtnetlink.h>
  41#include <linux/netfilter_ipv6.h>
  42#include <linux/slab.h>
  43#include <linux/hash.h>
  44
  45#include <asm/uaccess.h>
  46#include <linux/atomic.h>
  47
  48#include <net/icmp.h>
  49#include <net/ip.h>
  50#include <net/ipv6.h>
  51#include <net/ip6_route.h>
  52#include <net/addrconf.h>
  53#include <net/ip6_tunnel.h>
  54#include <net/xfrm.h>
  55#include <net/dsfield.h>
  56#include <net/inet_ecn.h>
  57#include <net/net_namespace.h>
  58#include <net/netns/generic.h>
  59
  60MODULE_AUTHOR("Ville Nuorvala");
  61MODULE_DESCRIPTION("IPv6 tunneling device");
  62MODULE_LICENSE("GPL");
  63MODULE_ALIAS_NETDEV("ip6tnl0");
  64
  65#ifdef IP6_TNL_DEBUG
  66#define IP6_TNL_TRACE(x...) pr_debug("%s:" x "\n", __func__)
  67#else
  68#define IP6_TNL_TRACE(x...) do {;} while(0)
  69#endif
  70
  71#define IPV6_TCLASS_MASK (IPV6_FLOWINFO_MASK & ~IPV6_FLOWLABEL_MASK)
  72#define IPV6_TCLASS_SHIFT 20
  73
  74#define HASH_SIZE_SHIFT  5
  75#define HASH_SIZE (1 << HASH_SIZE_SHIFT)
  76
  77static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
  78{
  79        u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2);
  80
  81        return hash_32(hash, HASH_SIZE_SHIFT);
  82}
  83
  84static int ip6_tnl_dev_init(struct net_device *dev);
  85static void ip6_tnl_dev_setup(struct net_device *dev);
  86
  87static int ip6_tnl_net_id __read_mostly;
  88struct ip6_tnl_net {
  89        /* the IPv6 tunnel fallback device */
  90        struct net_device *fb_tnl_dev;
  91        /* lists for storing tunnels in use */
  92        struct ip6_tnl __rcu *tnls_r_l[HASH_SIZE];
  93        struct ip6_tnl __rcu *tnls_wc[1];
  94        struct ip6_tnl __rcu **tnls[2];
  95};
  96
  97/* often modified stats are per cpu, other are shared (netdev->stats) */
  98struct pcpu_tstats {
  99        unsigned long   rx_packets;
 100        unsigned long   rx_bytes;
 101        unsigned long   tx_packets;
 102        unsigned long   tx_bytes;
 103} __attribute__((aligned(4*sizeof(unsigned long))));
 104
 105static struct net_device_stats *ip6_get_stats(struct net_device *dev)
 106{
 107        struct pcpu_tstats sum = { 0 };
 108        int i;
 109
 110        for_each_possible_cpu(i) {
 111                const struct pcpu_tstats *tstats = per_cpu_ptr(dev->tstats, i);
 112
 113                sum.rx_packets += tstats->rx_packets;
 114                sum.rx_bytes   += tstats->rx_bytes;
 115                sum.tx_packets += tstats->tx_packets;
 116                sum.tx_bytes   += tstats->tx_bytes;
 117        }
 118        dev->stats.rx_packets = sum.rx_packets;
 119        dev->stats.rx_bytes   = sum.rx_bytes;
 120        dev->stats.tx_packets = sum.tx_packets;
 121        dev->stats.tx_bytes   = sum.tx_bytes;
 122        return &dev->stats;
 123}
 124
 125/*
 126 * Locking : hash tables are protected by RCU and RTNL
 127 */
 128
 129struct dst_entry *ip6_tnl_dst_check(struct ip6_tnl *t)
 130{
 131        struct dst_entry *dst = t->dst_cache;
 132
 133        if (dst && dst->obsolete &&
 134            dst->ops->check(dst, t->dst_cookie) == NULL) {
 135                t->dst_cache = NULL;
 136                dst_release(dst);
 137                return NULL;
 138        }
 139
 140        return dst;
 141}
 142EXPORT_SYMBOL_GPL(ip6_tnl_dst_check);
 143
 144void ip6_tnl_dst_reset(struct ip6_tnl *t)
 145{
 146        dst_release(t->dst_cache);
 147        t->dst_cache = NULL;
 148}
 149EXPORT_SYMBOL_GPL(ip6_tnl_dst_reset);
 150
 151void ip6_tnl_dst_store(struct ip6_tnl *t, struct dst_entry *dst)
 152{
 153        struct rt6_info *rt = (struct rt6_info *) dst;
 154        t->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0;
 155        dst_release(t->dst_cache);
 156        t->dst_cache = dst;
 157}
 158EXPORT_SYMBOL_GPL(ip6_tnl_dst_store);
 159
 160/**
 161 * ip6_tnl_lookup - fetch tunnel matching the end-point addresses
 162 *   @remote: the address of the tunnel exit-point
 163 *   @local: the address of the tunnel entry-point
 164 *
 165 * Return:
 166 *   tunnel matching given end-points if found,
 167 *   else fallback tunnel if its device is up,
 168 *   else %NULL
 169 **/
 170
 171#define for_each_ip6_tunnel_rcu(start) \
 172        for (t = rcu_dereference(start); t; t = rcu_dereference(t->next))
 173
 174static struct ip6_tnl *
 175ip6_tnl_lookup(struct net *net, const struct in6_addr *remote, const struct in6_addr *local)
 176{
 177        unsigned int hash = HASH(remote, local);
 178        struct ip6_tnl *t;
 179        struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
 180
 181        for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
 182                if (ipv6_addr_equal(local, &t->parms.laddr) &&
 183                    ipv6_addr_equal(remote, &t->parms.raddr) &&
 184                    (t->dev->flags & IFF_UP))
 185                        return t;
 186        }
 187        t = rcu_dereference(ip6n->tnls_wc[0]);
 188        if (t && (t->dev->flags & IFF_UP))
 189                return t;
 190
 191        return NULL;
 192}
 193
 194/**
 195 * ip6_tnl_bucket - get head of list matching given tunnel parameters
 196 *   @p: parameters containing tunnel end-points
 197 *
 198 * Description:
 199 *   ip6_tnl_bucket() returns the head of the list matching the
 200 *   &struct in6_addr entries laddr and raddr in @p.
 201 *
 202 * Return: head of IPv6 tunnel list
 203 **/
 204
 205static struct ip6_tnl __rcu **
 206ip6_tnl_bucket(struct ip6_tnl_net *ip6n, const struct __ip6_tnl_parm *p)
 207{
 208        const struct in6_addr *remote = &p->raddr;
 209        const struct in6_addr *local = &p->laddr;
 210        unsigned int h = 0;
 211        int prio = 0;
 212
 213        if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) {
 214                prio = 1;
 215                h = HASH(remote, local);
 216        }
 217        return &ip6n->tnls[prio][h];
 218}
 219
 220/**
 221 * ip6_tnl_link - add tunnel to hash table
 222 *   @t: tunnel to be added
 223 **/
 224
 225static void
 226ip6_tnl_link(struct ip6_tnl_net *ip6n, struct ip6_tnl *t)
 227{
 228        struct ip6_tnl __rcu **tp = ip6_tnl_bucket(ip6n, &t->parms);
 229
 230        rcu_assign_pointer(t->next , rtnl_dereference(*tp));
 231        rcu_assign_pointer(*tp, t);
 232}
 233
 234/**
 235 * ip6_tnl_unlink - remove tunnel from hash table
 236 *   @t: tunnel to be removed
 237 **/
 238
 239static void
 240ip6_tnl_unlink(struct ip6_tnl_net *ip6n, struct ip6_tnl *t)
 241{
 242        struct ip6_tnl __rcu **tp;
 243        struct ip6_tnl *iter;
 244
 245        for (tp = ip6_tnl_bucket(ip6n, &t->parms);
 246             (iter = rtnl_dereference(*tp)) != NULL;
 247             tp = &iter->next) {
 248                if (t == iter) {
 249                        rcu_assign_pointer(*tp, t->next);
 250                        break;
 251                }
 252        }
 253}
 254
 255static void ip6_dev_free(struct net_device *dev)
 256{
 257        free_percpu(dev->tstats);
 258        free_netdev(dev);
 259}
 260
 261/**
 262 * ip6_tnl_create - create a new tunnel
 263 *   @p: tunnel parameters
 264 *   @pt: pointer to new tunnel
 265 *
 266 * Description:
 267 *   Create tunnel matching given parameters.
 268 *
 269 * Return:
 270 *   created tunnel or NULL
 271 **/
 272
 273static struct ip6_tnl *ip6_tnl_create(struct net *net, struct __ip6_tnl_parm *p)
 274{
 275        struct net_device *dev;
 276        struct ip6_tnl *t;
 277        char name[IFNAMSIZ];
 278        int err;
 279        struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
 280
 281        if (p->name[0])
 282                strlcpy(name, p->name, IFNAMSIZ);
 283        else
 284                sprintf(name, "ip6tnl%%d");
 285
 286        dev = alloc_netdev(sizeof (*t), name, ip6_tnl_dev_setup);
 287        if (dev == NULL)
 288                goto failed;
 289
 290        dev_net_set(dev, net);
 291
 292        t = netdev_priv(dev);
 293        t->parms = *p;
 294        err = ip6_tnl_dev_init(dev);
 295        if (err < 0)
 296                goto failed_free;
 297
 298        if ((err = register_netdevice(dev)) < 0)
 299                goto failed_free;
 300
 301        strcpy(t->parms.name, dev->name);
 302
 303        dev_hold(dev);
 304        ip6_tnl_link(ip6n, t);
 305        return t;
 306
 307failed_free:
 308        ip6_dev_free(dev);
 309failed:
 310        return NULL;
 311}
 312
 313/**
 314 * ip6_tnl_locate - find or create tunnel matching given parameters
 315 *   @p: tunnel parameters
 316 *   @create: != 0 if allowed to create new tunnel if no match found
 317 *
 318 * Description:
 319 *   ip6_tnl_locate() first tries to locate an existing tunnel
 320 *   based on @parms. If this is unsuccessful, but @create is set a new
 321 *   tunnel device is created and registered for use.
 322 *
 323 * Return:
 324 *   matching tunnel or NULL
 325 **/
 326
 327static struct ip6_tnl *ip6_tnl_locate(struct net *net,
 328                struct __ip6_tnl_parm *p, int create)
 329{
 330        const struct in6_addr *remote = &p->raddr;
 331        const struct in6_addr *local = &p->laddr;
 332        struct ip6_tnl __rcu **tp;
 333        struct ip6_tnl *t;
 334        struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
 335
 336        for (tp = ip6_tnl_bucket(ip6n, p);
 337             (t = rtnl_dereference(*tp)) != NULL;
 338             tp = &t->next) {
 339                if (ipv6_addr_equal(local, &t->parms.laddr) &&
 340                    ipv6_addr_equal(remote, &t->parms.raddr))
 341                        return t;
 342        }
 343        if (!create)
 344                return NULL;
 345        return ip6_tnl_create(net, p);
 346}
 347
 348/**
 349 * ip6_tnl_dev_uninit - tunnel device uninitializer
 350 *   @dev: the device to be destroyed
 351 *
 352 * Description:
 353 *   ip6_tnl_dev_uninit() removes tunnel from its list
 354 **/
 355
 356static void
 357ip6_tnl_dev_uninit(struct net_device *dev)
 358{
 359        struct ip6_tnl *t = netdev_priv(dev);
 360        struct net *net = dev_net(dev);
 361        struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
 362
 363        if (dev == ip6n->fb_tnl_dev)
 364                RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL);
 365        else
 366                ip6_tnl_unlink(ip6n, t);
 367        ip6_tnl_dst_reset(t);
 368        dev_put(dev);
 369}
 370
 371/**
 372 * parse_tvl_tnl_enc_lim - handle encapsulation limit option
 373 *   @skb: received socket buffer
 374 *
 375 * Return:
 376 *   0 if none was found,
 377 *   else index to encapsulation limit
 378 **/
 379
 380__u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw)
 381{
 382        const struct ipv6hdr *ipv6h = (const struct ipv6hdr *) raw;
 383        __u8 nexthdr = ipv6h->nexthdr;
 384        __u16 off = sizeof (*ipv6h);
 385
 386        while (ipv6_ext_hdr(nexthdr) && nexthdr != NEXTHDR_NONE) {
 387                __u16 optlen = 0;
 388                struct ipv6_opt_hdr *hdr;
 389                if (raw + off + sizeof (*hdr) > skb->data &&
 390                    !pskb_may_pull(skb, raw - skb->data + off + sizeof (*hdr)))
 391                        break;
 392
 393                hdr = (struct ipv6_opt_hdr *) (raw + off);
 394                if (nexthdr == NEXTHDR_FRAGMENT) {
 395                        struct frag_hdr *frag_hdr = (struct frag_hdr *) hdr;
 396                        if (frag_hdr->frag_off)
 397                                break;
 398                        optlen = 8;
 399                } else if (nexthdr == NEXTHDR_AUTH) {
 400                        optlen = (hdr->hdrlen + 2) << 2;
 401                } else {
 402                        optlen = ipv6_optlen(hdr);
 403                }
 404                if (nexthdr == NEXTHDR_DEST) {
 405                        __u16 i = off + 2;
 406                        while (1) {
 407                                struct ipv6_tlv_tnl_enc_lim *tel;
 408
 409                                /* No more room for encapsulation limit */
 410                                if (i + sizeof (*tel) > off + optlen)
 411                                        break;
 412
 413                                tel = (struct ipv6_tlv_tnl_enc_lim *) &raw[i];
 414                                /* return index of option if found and valid */
 415                                if (tel->type == IPV6_TLV_TNL_ENCAP_LIMIT &&
 416                                    tel->length == 1)
 417                                        return i;
 418                                /* else jump to next option */
 419                                if (tel->type)
 420                                        i += tel->length + 2;
 421                                else
 422                                        i++;
 423                        }
 424                }
 425                nexthdr = hdr->nexthdr;
 426                off += optlen;
 427        }
 428        return 0;
 429}
 430EXPORT_SYMBOL(ip6_tnl_parse_tlv_enc_lim);
 431
 432/**
 433 * ip6_tnl_err - tunnel error handler
 434 *
 435 * Description:
 436 *   ip6_tnl_err() should handle errors in the tunnel according
 437 *   to the specifications in RFC 2473.
 438 **/
 439
 440static int
 441ip6_tnl_err(struct sk_buff *skb, __u8 ipproto, struct inet6_skb_parm *opt,
 442            u8 *type, u8 *code, int *msg, __u32 *info, int offset)
 443{
 444        const struct ipv6hdr *ipv6h = (const struct ipv6hdr *) skb->data;
 445        struct ip6_tnl *t;
 446        int rel_msg = 0;
 447        u8 rel_type = ICMPV6_DEST_UNREACH;
 448        u8 rel_code = ICMPV6_ADDR_UNREACH;
 449        __u32 rel_info = 0;
 450        __u16 len;
 451        int err = -ENOENT;
 452
 453        /* If the packet doesn't contain the original IPv6 header we are
 454           in trouble since we might need the source address for further
 455           processing of the error. */
 456
 457        rcu_read_lock();
 458        if ((t = ip6_tnl_lookup(dev_net(skb->dev), &ipv6h->daddr,
 459                                        &ipv6h->saddr)) == NULL)
 460                goto out;
 461
 462        if (t->parms.proto != ipproto && t->parms.proto != 0)
 463                goto out;
 464
 465        err = 0;
 466
 467        switch (*type) {
 468                __u32 teli;
 469                struct ipv6_tlv_tnl_enc_lim *tel;
 470                __u32 mtu;
 471        case ICMPV6_DEST_UNREACH:
 472                net_warn_ratelimited("%s: Path to destination invalid or inactive!\n",
 473                                     t->parms.name);
 474                rel_msg = 1;
 475                break;
 476        case ICMPV6_TIME_EXCEED:
 477                if ((*code) == ICMPV6_EXC_HOPLIMIT) {
 478                        net_warn_ratelimited("%s: Too small hop limit or routing loop in tunnel!\n",
 479                                             t->parms.name);
 480                        rel_msg = 1;
 481                }
 482                break;
 483        case ICMPV6_PARAMPROB:
 484                teli = 0;
 485                if ((*code) == ICMPV6_HDR_FIELD)
 486                        teli = ip6_tnl_parse_tlv_enc_lim(skb, skb->data);
 487
 488                if (teli && teli == *info - 2) {
 489                        tel = (struct ipv6_tlv_tnl_enc_lim *) &skb->data[teli];
 490                        if (tel->encap_limit == 0) {
 491                                net_warn_ratelimited("%s: Too small encapsulation limit or routing loop in tunnel!\n",
 492                                                     t->parms.name);
 493                                rel_msg = 1;
 494                        }
 495                } else {
 496                        net_warn_ratelimited("%s: Recipient unable to parse tunneled packet!\n",
 497                                             t->parms.name);
 498                }
 499                break;
 500        case ICMPV6_PKT_TOOBIG:
 501                mtu = *info - offset;
 502                if (mtu < IPV6_MIN_MTU)
 503                        mtu = IPV6_MIN_MTU;
 504                t->dev->mtu = mtu;
 505
 506                if ((len = sizeof (*ipv6h) + ntohs(ipv6h->payload_len)) > mtu) {
 507                        rel_type = ICMPV6_PKT_TOOBIG;
 508                        rel_code = 0;
 509                        rel_info = mtu;
 510                        rel_msg = 1;
 511                }
 512                break;
 513        }
 514
 515        *type = rel_type;
 516        *code = rel_code;
 517        *info = rel_info;
 518        *msg = rel_msg;
 519
 520out:
 521        rcu_read_unlock();
 522        return err;
 523}
 524
 525static int
 526ip4ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
 527           u8 type, u8 code, int offset, __be32 info)
 528{
 529        int rel_msg = 0;
 530        u8 rel_type = type;
 531        u8 rel_code = code;
 532        __u32 rel_info = ntohl(info);
 533        int err;
 534        struct sk_buff *skb2;
 535        const struct iphdr *eiph;
 536        struct rtable *rt;
 537        struct flowi4 fl4;
 538
 539        err = ip6_tnl_err(skb, IPPROTO_IPIP, opt, &rel_type, &rel_code,
 540                          &rel_msg, &rel_info, offset);
 541        if (err < 0)
 542                return err;
 543
 544        if (rel_msg == 0)
 545                return 0;
 546
 547        switch (rel_type) {
 548        case ICMPV6_DEST_UNREACH:
 549                if (rel_code != ICMPV6_ADDR_UNREACH)
 550                        return 0;
 551                rel_type = ICMP_DEST_UNREACH;
 552                rel_code = ICMP_HOST_UNREACH;
 553                break;
 554        case ICMPV6_PKT_TOOBIG:
 555                if (rel_code != 0)
 556                        return 0;
 557                rel_type = ICMP_DEST_UNREACH;
 558                rel_code = ICMP_FRAG_NEEDED;
 559                break;
 560        case NDISC_REDIRECT:
 561                rel_type = ICMP_REDIRECT;
 562                rel_code = ICMP_REDIR_HOST;
 563        default:
 564                return 0;
 565        }
 566
 567        if (!pskb_may_pull(skb, offset + sizeof(struct iphdr)))
 568                return 0;
 569
 570        skb2 = skb_clone(skb, GFP_ATOMIC);
 571        if (!skb2)
 572                return 0;
 573
 574        skb_dst_drop(skb2);
 575
 576        skb_pull(skb2, offset);
 577        skb_reset_network_header(skb2);
 578        eiph = ip_hdr(skb2);
 579
 580        /* Try to guess incoming interface */
 581        rt = ip_route_output_ports(dev_net(skb->dev), &fl4, NULL,
 582                                   eiph->saddr, 0,
 583                                   0, 0,
 584                                   IPPROTO_IPIP, RT_TOS(eiph->tos), 0);
 585        if (IS_ERR(rt))
 586                goto out;
 587
 588        skb2->dev = rt->dst.dev;
 589
 590        /* route "incoming" packet */
 591        if (rt->rt_flags & RTCF_LOCAL) {
 592                ip_rt_put(rt);
 593                rt = NULL;
 594                rt = ip_route_output_ports(dev_net(skb->dev), &fl4, NULL,
 595                                           eiph->daddr, eiph->saddr,
 596                                           0, 0,
 597                                           IPPROTO_IPIP,
 598                                           RT_TOS(eiph->tos), 0);
 599                if (IS_ERR(rt) ||
 600                    rt->dst.dev->type != ARPHRD_TUNNEL) {
 601                        if (!IS_ERR(rt))
 602                                ip_rt_put(rt);
 603                        goto out;
 604                }
 605                skb_dst_set(skb2, &rt->dst);
 606        } else {
 607                ip_rt_put(rt);
 608                if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos,
 609                                   skb2->dev) ||
 610                    skb_dst(skb2)->dev->type != ARPHRD_TUNNEL)
 611                        goto out;
 612        }
 613
 614        /* change mtu on this route */
 615        if (rel_type == ICMP_DEST_UNREACH && rel_code == ICMP_FRAG_NEEDED) {
 616                if (rel_info > dst_mtu(skb_dst(skb2)))
 617                        goto out;
 618
 619                skb_dst(skb2)->ops->update_pmtu(skb_dst(skb2), NULL, skb2, rel_info);
 620        }
 621        if (rel_type == ICMP_REDIRECT)
 622                skb_dst(skb2)->ops->redirect(skb_dst(skb2), NULL, skb2);
 623
 624        icmp_send(skb2, rel_type, rel_code, htonl(rel_info));
 625
 626out:
 627        kfree_skb(skb2);
 628        return 0;
 629}
 630
 631static int
 632ip6ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
 633           u8 type, u8 code, int offset, __be32 info)
 634{
 635        int rel_msg = 0;
 636        u8 rel_type = type;
 637        u8 rel_code = code;
 638        __u32 rel_info = ntohl(info);
 639        int err;
 640
 641        err = ip6_tnl_err(skb, IPPROTO_IPV6, opt, &rel_type, &rel_code,
 642                          &rel_msg, &rel_info, offset);
 643        if (err < 0)
 644                return err;
 645
 646        if (rel_msg && pskb_may_pull(skb, offset + sizeof(struct ipv6hdr))) {
 647                struct rt6_info *rt;
 648                struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
 649
 650                if (!skb2)
 651                        return 0;
 652
 653                skb_dst_drop(skb2);
 654                skb_pull(skb2, offset);
 655                skb_reset_network_header(skb2);
 656
 657                /* Try to guess incoming interface */
 658                rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr,
 659                                NULL, 0, 0);
 660
 661                if (rt && rt->dst.dev)
 662                        skb2->dev = rt->dst.dev;
 663
 664                icmpv6_send(skb2, rel_type, rel_code, rel_info);
 665
 666                if (rt)
 667                        dst_release(&rt->dst);
 668
 669                kfree_skb(skb2);
 670        }
 671
 672        return 0;
 673}
 674
 675static void ip4ip6_dscp_ecn_decapsulate(const struct ip6_tnl *t,
 676                                        const struct ipv6hdr *ipv6h,
 677                                        struct sk_buff *skb)
 678{
 679        __u8 dsfield = ipv6_get_dsfield(ipv6h) & ~INET_ECN_MASK;
 680
 681        if (t->parms.flags & IP6_TNL_F_RCV_DSCP_COPY)
 682                ipv4_change_dsfield(ip_hdr(skb), INET_ECN_MASK, dsfield);
 683
 684        if (INET_ECN_is_ce(dsfield))
 685                IP_ECN_set_ce(ip_hdr(skb));
 686}
 687
 688static void ip6ip6_dscp_ecn_decapsulate(const struct ip6_tnl *t,
 689                                        const struct ipv6hdr *ipv6h,
 690                                        struct sk_buff *skb)
 691{
 692        if (t->parms.flags & IP6_TNL_F_RCV_DSCP_COPY)
 693                ipv6_copy_dscp(ipv6_get_dsfield(ipv6h), ipv6_hdr(skb));
 694
 695        if (INET_ECN_is_ce(ipv6_get_dsfield(ipv6h)))
 696                IP6_ECN_set_ce(ipv6_hdr(skb));
 697}
 698
 699__u32 ip6_tnl_get_cap(struct ip6_tnl *t,
 700                             const struct in6_addr *laddr,
 701                             const struct in6_addr *raddr)
 702{
 703        struct __ip6_tnl_parm *p = &t->parms;
 704        int ltype = ipv6_addr_type(laddr);
 705        int rtype = ipv6_addr_type(raddr);
 706        __u32 flags = 0;
 707
 708        if (ltype == IPV6_ADDR_ANY || rtype == IPV6_ADDR_ANY) {
 709                flags = IP6_TNL_F_CAP_PER_PACKET;
 710        } else if (ltype & (IPV6_ADDR_UNICAST|IPV6_ADDR_MULTICAST) &&
 711                   rtype & (IPV6_ADDR_UNICAST|IPV6_ADDR_MULTICAST) &&
 712                   !((ltype|rtype) & IPV6_ADDR_LOOPBACK) &&
 713                   (!((ltype|rtype) & IPV6_ADDR_LINKLOCAL) || p->link)) {
 714                if (ltype&IPV6_ADDR_UNICAST)
 715                        flags |= IP6_TNL_F_CAP_XMIT;
 716                if (rtype&IPV6_ADDR_UNICAST)
 717                        flags |= IP6_TNL_F_CAP_RCV;
 718        }
 719        return flags;
 720}
 721EXPORT_SYMBOL(ip6_tnl_get_cap);
 722
 723/* called with rcu_read_lock() */
 724int ip6_tnl_rcv_ctl(struct ip6_tnl *t,
 725                                  const struct in6_addr *laddr,
 726                                  const struct in6_addr *raddr)
 727{
 728        struct __ip6_tnl_parm *p = &t->parms;
 729        int ret = 0;
 730        struct net *net = dev_net(t->dev);
 731
 732        if ((p->flags & IP6_TNL_F_CAP_RCV) ||
 733            ((p->flags & IP6_TNL_F_CAP_PER_PACKET) &&
 734             (ip6_tnl_get_cap(t, laddr, raddr) & IP6_TNL_F_CAP_RCV))) {
 735                struct net_device *ldev = NULL;
 736
 737                if (p->link)
 738                        ldev = dev_get_by_index_rcu(net, p->link);
 739
 740                if ((ipv6_addr_is_multicast(laddr) ||
 741                     likely(ipv6_chk_addr(net, laddr, ldev, 0))) &&
 742                    likely(!ipv6_chk_addr(net, raddr, NULL, 0)))
 743                        ret = 1;
 744        }
 745        return ret;
 746}
 747EXPORT_SYMBOL_GPL(ip6_tnl_rcv_ctl);
 748
 749/**
 750 * ip6_tnl_rcv - decapsulate IPv6 packet and retransmit it locally
 751 *   @skb: received socket buffer
 752 *   @protocol: ethernet protocol ID
 753 *   @dscp_ecn_decapsulate: the function to decapsulate DSCP code and ECN
 754 *
 755 * Return: 0
 756 **/
 757
 758static int ip6_tnl_rcv(struct sk_buff *skb, __u16 protocol,
 759                       __u8 ipproto,
 760                       void (*dscp_ecn_decapsulate)(const struct ip6_tnl *t,
 761                                                    const struct ipv6hdr *ipv6h,
 762                                                    struct sk_buff *skb))
 763{
 764        struct ip6_tnl *t;
 765        const struct ipv6hdr *ipv6h = ipv6_hdr(skb);
 766
 767        rcu_read_lock();
 768
 769        if ((t = ip6_tnl_lookup(dev_net(skb->dev), &ipv6h->saddr,
 770                                        &ipv6h->daddr)) != NULL) {
 771                struct pcpu_tstats *tstats;
 772
 773                if (t->parms.proto != ipproto && t->parms.proto != 0) {
 774                        rcu_read_unlock();
 775                        goto discard;
 776                }
 777
 778                if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
 779                        rcu_read_unlock();
 780                        goto discard;
 781                }
 782
 783                if (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr)) {
 784                        t->dev->stats.rx_dropped++;
 785                        rcu_read_unlock();
 786                        goto discard;
 787                }
 788                secpath_reset(skb);
 789                skb->mac_header = skb->network_header;
 790                skb_reset_network_header(skb);
 791                skb->protocol = htons(protocol);
 792                skb->pkt_type = PACKET_HOST;
 793                memset(skb->cb, 0, sizeof(struct inet6_skb_parm));
 794
 795                tstats = this_cpu_ptr(t->dev->tstats);
 796                tstats->rx_packets++;
 797                tstats->rx_bytes += skb->len;
 798
 799                __skb_tunnel_rx(skb, t->dev);
 800
 801                dscp_ecn_decapsulate(t, ipv6h, skb);
 802
 803                netif_rx(skb);
 804
 805                rcu_read_unlock();
 806                return 0;
 807        }
 808        rcu_read_unlock();
 809        return 1;
 810
 811discard:
 812        kfree_skb(skb);
 813        return 0;
 814}
 815
 816static int ip4ip6_rcv(struct sk_buff *skb)
 817{
 818        return ip6_tnl_rcv(skb, ETH_P_IP, IPPROTO_IPIP,
 819                           ip4ip6_dscp_ecn_decapsulate);
 820}
 821
 822static int ip6ip6_rcv(struct sk_buff *skb)
 823{
 824        return ip6_tnl_rcv(skb, ETH_P_IPV6, IPPROTO_IPV6,
 825                           ip6ip6_dscp_ecn_decapsulate);
 826}
 827
 828struct ipv6_tel_txoption {
 829        struct ipv6_txoptions ops;
 830        __u8 dst_opt[8];
 831};
 832
 833static void init_tel_txopt(struct ipv6_tel_txoption *opt, __u8 encap_limit)
 834{
 835        memset(opt, 0, sizeof(struct ipv6_tel_txoption));
 836
 837        opt->dst_opt[2] = IPV6_TLV_TNL_ENCAP_LIMIT;
 838        opt->dst_opt[3] = 1;
 839        opt->dst_opt[4] = encap_limit;
 840        opt->dst_opt[5] = IPV6_TLV_PADN;
 841        opt->dst_opt[6] = 1;
 842
 843        opt->ops.dst0opt = (struct ipv6_opt_hdr *) opt->dst_opt;
 844        opt->ops.opt_nflen = 8;
 845}
 846
 847/**
 848 * ip6_tnl_addr_conflict - compare packet addresses to tunnel's own
 849 *   @t: the outgoing tunnel device
 850 *   @hdr: IPv6 header from the incoming packet
 851 *
 852 * Description:
 853 *   Avoid trivial tunneling loop by checking that tunnel exit-point
 854 *   doesn't match source of incoming packet.
 855 *
 856 * Return:
 857 *   1 if conflict,
 858 *   0 else
 859 **/
 860
 861static inline bool
 862ip6_tnl_addr_conflict(const struct ip6_tnl *t, const struct ipv6hdr *hdr)
 863{
 864        return ipv6_addr_equal(&t->parms.raddr, &hdr->saddr);
 865}
 866
 867int ip6_tnl_xmit_ctl(struct ip6_tnl *t)
 868{
 869        struct __ip6_tnl_parm *p = &t->parms;
 870        int ret = 0;
 871        struct net *net = dev_net(t->dev);
 872
 873        if (p->flags & IP6_TNL_F_CAP_XMIT) {
 874                struct net_device *ldev = NULL;
 875
 876                rcu_read_lock();
 877                if (p->link)
 878                        ldev = dev_get_by_index_rcu(net, p->link);
 879
 880                if (unlikely(!ipv6_chk_addr(net, &p->laddr, ldev, 0)))
 881                        pr_warn("%s xmit: Local address not yet configured!\n",
 882                                p->name);
 883                else if (!ipv6_addr_is_multicast(&p->raddr) &&
 884                         unlikely(ipv6_chk_addr(net, &p->raddr, NULL, 0)))
 885                        pr_warn("%s xmit: Routing loop! Remote address found on this node!\n",
 886                                p->name);
 887                else
 888                        ret = 1;
 889                rcu_read_unlock();
 890        }
 891        return ret;
 892}
 893EXPORT_SYMBOL_GPL(ip6_tnl_xmit_ctl);
 894
 895/**
 896 * ip6_tnl_xmit2 - encapsulate packet and send
 897 *   @skb: the outgoing socket buffer
 898 *   @dev: the outgoing tunnel device
 899 *   @dsfield: dscp code for outer header
 900 *   @fl: flow of tunneled packet
 901 *   @encap_limit: encapsulation limit
 902 *   @pmtu: Path MTU is stored if packet is too big
 903 *
 904 * Description:
 905 *   Build new header and do some sanity checks on the packet before sending
 906 *   it.
 907 *
 908 * Return:
 909 *   0 on success
 910 *   -1 fail
 911 *   %-EMSGSIZE message too big. return mtu in this case.
 912 **/
 913
 914static int ip6_tnl_xmit2(struct sk_buff *skb,
 915                         struct net_device *dev,
 916                         __u8 dsfield,
 917                         struct flowi6 *fl6,
 918                         int encap_limit,
 919                         __u32 *pmtu)
 920{
 921        struct net *net = dev_net(dev);
 922        struct ip6_tnl *t = netdev_priv(dev);
 923        struct net_device_stats *stats = &t->dev->stats;
 924        struct ipv6hdr *ipv6h = ipv6_hdr(skb);
 925        struct ipv6_tel_txoption opt;
 926        struct dst_entry *dst = NULL, *ndst = NULL;
 927        struct net_device *tdev;
 928        int mtu;
 929        unsigned int max_headroom = sizeof(struct ipv6hdr);
 930        u8 proto;
 931        int err = -1;
 932        int pkt_len;
 933
 934        if (!fl6->flowi6_mark)
 935                dst = ip6_tnl_dst_check(t);
 936        if (!dst) {
 937                ndst = ip6_route_output(net, NULL, fl6);
 938
 939                if (ndst->error)
 940                        goto tx_err_link_failure;
 941                ndst = xfrm_lookup(net, ndst, flowi6_to_flowi(fl6), NULL, 0);
 942                if (IS_ERR(ndst)) {
 943                        err = PTR_ERR(ndst);
 944                        ndst = NULL;
 945                        goto tx_err_link_failure;
 946                }
 947                dst = ndst;
 948        }
 949
 950        tdev = dst->dev;
 951
 952        if (tdev == dev) {
 953                stats->collisions++;
 954                net_warn_ratelimited("%s: Local routing loop detected!\n",
 955                                     t->parms.name);
 956                goto tx_err_dst_release;
 957        }
 958        mtu = dst_mtu(dst) - sizeof (*ipv6h);
 959        if (encap_limit >= 0) {
 960                max_headroom += 8;
 961                mtu -= 8;
 962        }
 963        if (mtu < IPV6_MIN_MTU)
 964                mtu = IPV6_MIN_MTU;
 965        if (skb_dst(skb))
 966                skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu);
 967        if (skb->len > mtu) {
 968                *pmtu = mtu;
 969                err = -EMSGSIZE;
 970                goto tx_err_dst_release;
 971        }
 972
 973        /*
 974         * Okay, now see if we can stuff it in the buffer as-is.
 975         */
 976        max_headroom += LL_RESERVED_SPACE(tdev);
 977
 978        if (skb_headroom(skb) < max_headroom || skb_shared(skb) ||
 979            (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
 980                struct sk_buff *new_skb;
 981
 982                if (!(new_skb = skb_realloc_headroom(skb, max_headroom)))
 983                        goto tx_err_dst_release;
 984
 985                if (skb->sk)
 986                        skb_set_owner_w(new_skb, skb->sk);
 987                consume_skb(skb);
 988                skb = new_skb;
 989        }
 990        skb_dst_drop(skb);
 991        if (fl6->flowi6_mark) {
 992                skb_dst_set(skb, dst);
 993                ndst = NULL;
 994        } else {
 995                skb_dst_set_noref(skb, dst);
 996        }
 997        skb->transport_header = skb->network_header;
 998
 999        proto = fl6->flowi6_proto;
1000        if (encap_limit >= 0) {
1001                init_tel_txopt(&opt, encap_limit);
1002                ipv6_push_nfrag_opts(skb, &opt.ops, &proto, NULL);
1003        }
1004        skb_push(skb, sizeof(struct ipv6hdr));
1005        skb_reset_network_header(skb);
1006        ipv6h = ipv6_hdr(skb);
1007        *(__be32*)ipv6h = fl6->flowlabel | htonl(0x60000000);
1008        dsfield = INET_ECN_encapsulate(0, dsfield);
1009        ipv6_change_dsfield(ipv6h, ~INET_ECN_MASK, dsfield);
1010        ipv6h->hop_limit = t->parms.hop_limit;
1011        ipv6h->nexthdr = proto;
1012        ipv6h->saddr = fl6->saddr;
1013        ipv6h->daddr = fl6->daddr;
1014        nf_reset(skb);
1015        pkt_len = skb->len;
1016        err = ip6_local_out(skb);
1017
1018        if (net_xmit_eval(err) == 0) {
1019                struct pcpu_tstats *tstats = this_cpu_ptr(t->dev->tstats);
1020
1021                tstats->tx_bytes += pkt_len;
1022                tstats->tx_packets++;
1023        } else {
1024                stats->tx_errors++;
1025                stats->tx_aborted_errors++;
1026        }
1027        if (ndst)
1028                ip6_tnl_dst_store(t, ndst);
1029        return 0;
1030tx_err_link_failure:
1031        stats->tx_carrier_errors++;
1032        dst_link_failure(skb);
1033tx_err_dst_release:
1034        dst_release(ndst);
1035        return err;
1036}
1037
1038static inline int
1039ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
1040{
1041        struct ip6_tnl *t = netdev_priv(dev);
1042        const struct iphdr  *iph = ip_hdr(skb);
1043        int encap_limit = -1;
1044        struct flowi6 fl6;
1045        __u8 dsfield;
1046        __u32 mtu;
1047        int err;
1048
1049        if ((t->parms.proto != IPPROTO_IPIP && t->parms.proto != 0) ||
1050            !ip6_tnl_xmit_ctl(t))
1051                return -1;
1052
1053        if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT))
1054                encap_limit = t->parms.encap_limit;
1055
1056        memcpy(&fl6, &t->fl.u.ip6, sizeof (fl6));
1057        fl6.flowi6_proto = IPPROTO_IPIP;
1058
1059        dsfield = ipv4_get_dsfield(iph);
1060
1061        if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
1062                fl6.flowlabel |= htonl((__u32)iph->tos << IPV6_TCLASS_SHIFT)
1063                                          & IPV6_TCLASS_MASK;
1064        if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
1065                fl6.flowi6_mark = skb->mark;
1066
1067        err = ip6_tnl_xmit2(skb, dev, dsfield, &fl6, encap_limit, &mtu);
1068        if (err != 0) {
1069                /* XXX: send ICMP error even if DF is not set. */
1070                if (err == -EMSGSIZE)
1071                        icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
1072                                  htonl(mtu));
1073                return -1;
1074        }
1075
1076        return 0;
1077}
1078
1079static inline int
1080ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
1081{
1082        struct ip6_tnl *t = netdev_priv(dev);
1083        struct ipv6hdr *ipv6h = ipv6_hdr(skb);
1084        int encap_limit = -1;
1085        __u16 offset;
1086        struct flowi6 fl6;
1087        __u8 dsfield;
1088        __u32 mtu;
1089        int err;
1090
1091        if ((t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) ||
1092            !ip6_tnl_xmit_ctl(t) || ip6_tnl_addr_conflict(t, ipv6h))
1093                return -1;
1094
1095        offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb));
1096        if (offset > 0) {
1097                struct ipv6_tlv_tnl_enc_lim *tel;
1098                tel = (struct ipv6_tlv_tnl_enc_lim *)&skb_network_header(skb)[offset];
1099                if (tel->encap_limit == 0) {
1100                        icmpv6_send(skb, ICMPV6_PARAMPROB,
1101                                    ICMPV6_HDR_FIELD, offset + 2);
1102                        return -1;
1103                }
1104                encap_limit = tel->encap_limit - 1;
1105        } else if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT))
1106                encap_limit = t->parms.encap_limit;
1107
1108        memcpy(&fl6, &t->fl.u.ip6, sizeof (fl6));
1109        fl6.flowi6_proto = IPPROTO_IPV6;
1110
1111        dsfield = ipv6_get_dsfield(ipv6h);
1112        if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
1113                fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK);
1114        if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)
1115                fl6.flowlabel |= (*(__be32 *) ipv6h & IPV6_FLOWLABEL_MASK);
1116        if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
1117                fl6.flowi6_mark = skb->mark;
1118
1119        err = ip6_tnl_xmit2(skb, dev, dsfield, &fl6, encap_limit, &mtu);
1120        if (err != 0) {
1121                if (err == -EMSGSIZE)
1122                        icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
1123                return -1;
1124        }
1125
1126        return 0;
1127}
1128
1129static netdev_tx_t
1130ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
1131{
1132        struct ip6_tnl *t = netdev_priv(dev);
1133        struct net_device_stats *stats = &t->dev->stats;
1134        int ret;
1135
1136        switch (skb->protocol) {
1137        case htons(ETH_P_IP):
1138                ret = ip4ip6_tnl_xmit(skb, dev);
1139                break;
1140        case htons(ETH_P_IPV6):
1141                ret = ip6ip6_tnl_xmit(skb, dev);
1142                break;
1143        default:
1144                goto tx_err;
1145        }
1146
1147        if (ret < 0)
1148                goto tx_err;
1149
1150        return NETDEV_TX_OK;
1151
1152tx_err:
1153        stats->tx_errors++;
1154        stats->tx_dropped++;
1155        kfree_skb(skb);
1156        return NETDEV_TX_OK;
1157}
1158
1159static void ip6_tnl_link_config(struct ip6_tnl *t)
1160{
1161        struct net_device *dev = t->dev;
1162        struct __ip6_tnl_parm *p = &t->parms;
1163        struct flowi6 *fl6 = &t->fl.u.ip6;
1164
1165        memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr));
1166        memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr));
1167
1168        /* Set up flowi template */
1169        fl6->saddr = p->laddr;
1170        fl6->daddr = p->raddr;
1171        fl6->flowi6_oif = p->link;
1172        fl6->flowlabel = 0;
1173
1174        if (!(p->flags&IP6_TNL_F_USE_ORIG_TCLASS))
1175                fl6->flowlabel |= IPV6_TCLASS_MASK & p->flowinfo;
1176        if (!(p->flags&IP6_TNL_F_USE_ORIG_FLOWLABEL))
1177                fl6->flowlabel |= IPV6_FLOWLABEL_MASK & p->flowinfo;
1178
1179        p->flags &= ~(IP6_TNL_F_CAP_XMIT|IP6_TNL_F_CAP_RCV|IP6_TNL_F_CAP_PER_PACKET);
1180        p->flags |= ip6_tnl_get_cap(t, &p->laddr, &p->raddr);
1181
1182        if (p->flags&IP6_TNL_F_CAP_XMIT && p->flags&IP6_TNL_F_CAP_RCV)
1183                dev->flags |= IFF_POINTOPOINT;
1184        else
1185                dev->flags &= ~IFF_POINTOPOINT;
1186
1187        dev->iflink = p->link;
1188
1189        if (p->flags & IP6_TNL_F_CAP_XMIT) {
1190                int strict = (ipv6_addr_type(&p->raddr) &
1191                              (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL));
1192
1193                struct rt6_info *rt = rt6_lookup(dev_net(dev),
1194                                                 &p->raddr, &p->laddr,
1195                                                 p->link, strict);
1196
1197                if (rt == NULL)
1198                        return;
1199
1200                if (rt->dst.dev) {
1201                        dev->hard_header_len = rt->dst.dev->hard_header_len +
1202                                sizeof (struct ipv6hdr);
1203
1204                        dev->mtu = rt->dst.dev->mtu - sizeof (struct ipv6hdr);
1205                        if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT))
1206                                dev->mtu-=8;
1207
1208                        if (dev->mtu < IPV6_MIN_MTU)
1209                                dev->mtu = IPV6_MIN_MTU;
1210                }
1211                dst_release(&rt->dst);
1212        }
1213}
1214
1215/**
1216 * ip6_tnl_change - update the tunnel parameters
1217 *   @t: tunnel to be changed
1218 *   @p: tunnel configuration parameters
1219 *
1220 * Description:
1221 *   ip6_tnl_change() updates the tunnel parameters
1222 **/
1223
1224static int
1225ip6_tnl_change(struct ip6_tnl *t, const struct __ip6_tnl_parm *p)
1226{
1227        t->parms.laddr = p->laddr;
1228        t->parms.raddr = p->raddr;
1229        t->parms.flags = p->flags;
1230        t->parms.hop_limit = p->hop_limit;
1231        t->parms.encap_limit = p->encap_limit;
1232        t->parms.flowinfo = p->flowinfo;
1233        t->parms.link = p->link;
1234        t->parms.proto = p->proto;
1235        ip6_tnl_dst_reset(t);
1236        ip6_tnl_link_config(t);
1237        return 0;
1238}
1239
1240static void
1241ip6_tnl_parm_from_user(struct __ip6_tnl_parm *p, const struct ip6_tnl_parm *u)
1242{
1243        p->laddr = u->laddr;
1244        p->raddr = u->raddr;
1245        p->flags = u->flags;
1246        p->hop_limit = u->hop_limit;
1247        p->encap_limit = u->encap_limit;
1248        p->flowinfo = u->flowinfo;
1249        p->link = u->link;
1250        p->proto = u->proto;
1251        memcpy(p->name, u->name, sizeof(u->name));
1252}
1253
1254static void
1255ip6_tnl_parm_to_user(struct ip6_tnl_parm *u, const struct __ip6_tnl_parm *p)
1256{
1257        u->laddr = p->laddr;
1258        u->raddr = p->raddr;
1259        u->flags = p->flags;
1260        u->hop_limit = p->hop_limit;
1261        u->encap_limit = p->encap_limit;
1262        u->flowinfo = p->flowinfo;
1263        u->link = p->link;
1264        u->proto = p->proto;
1265        memcpy(u->name, p->name, sizeof(u->name));
1266}
1267
1268/**
1269 * ip6_tnl_ioctl - configure ipv6 tunnels from userspace
1270 *   @dev: virtual device associated with tunnel
1271 *   @ifr: parameters passed from userspace
1272 *   @cmd: command to be performed
1273 *
1274 * Description:
1275 *   ip6_tnl_ioctl() is used for managing IPv6 tunnels
1276 *   from userspace.
1277 *
1278 *   The possible commands are the following:
1279 *     %SIOCGETTUNNEL: get tunnel parameters for device
1280 *     %SIOCADDTUNNEL: add tunnel matching given tunnel parameters
1281 *     %SIOCCHGTUNNEL: change tunnel parameters to those given
1282 *     %SIOCDELTUNNEL: delete tunnel
1283 *
1284 *   The fallback device "ip6tnl0", created during module
1285 *   initialization, can be used for creating other tunnel devices.
1286 *
1287 * Return:
1288 *   0 on success,
1289 *   %-EFAULT if unable to copy data to or from userspace,
1290 *   %-EPERM if current process hasn't %CAP_NET_ADMIN set
1291 *   %-EINVAL if passed tunnel parameters are invalid,
1292 *   %-EEXIST if changing a tunnel's parameters would cause a conflict
1293 *   %-ENODEV if attempting to change or delete a nonexisting device
1294 **/
1295
1296static int
1297ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
1298{
1299        int err = 0;
1300        struct ip6_tnl_parm p;
1301        struct __ip6_tnl_parm p1;
1302        struct ip6_tnl *t = NULL;
1303        struct net *net = dev_net(dev);
1304        struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
1305
1306        switch (cmd) {
1307        case SIOCGETTUNNEL:
1308                if (dev == ip6n->fb_tnl_dev) {
1309                        if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p))) {
1310                                err = -EFAULT;
1311                                break;
1312                        }
1313                        ip6_tnl_parm_from_user(&p1, &p);
1314                        t = ip6_tnl_locate(net, &p1, 0);
1315                } else {
1316                        memset(&p, 0, sizeof(p));
1317                }
1318                if (t == NULL)
1319                        t = netdev_priv(dev);
1320                ip6_tnl_parm_to_user(&p, &t->parms);
1321                if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof (p))) {
1322                        err = -EFAULT;
1323                }
1324                break;
1325        case SIOCADDTUNNEL:
1326        case SIOCCHGTUNNEL:
1327                err = -EPERM;
1328                if (!capable(CAP_NET_ADMIN))
1329                        break;
1330                err = -EFAULT;
1331                if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p)))
1332                        break;
1333                err = -EINVAL;
1334                if (p.proto != IPPROTO_IPV6 && p.proto != IPPROTO_IPIP &&
1335                    p.proto != 0)
1336                        break;
1337                ip6_tnl_parm_from_user(&p1, &p);
1338                t = ip6_tnl_locate(net, &p1, cmd == SIOCADDTUNNEL);
1339                if (dev != ip6n->fb_tnl_dev && cmd == SIOCCHGTUNNEL) {
1340                        if (t != NULL) {
1341                                if (t->dev != dev) {
1342                                        err = -EEXIST;
1343                                        break;
1344                                }
1345                        } else
1346                                t = netdev_priv(dev);
1347
1348                        ip6_tnl_unlink(ip6n, t);
1349                        synchronize_net();
1350                        err = ip6_tnl_change(t, &p1);
1351                        ip6_tnl_link(ip6n, t);
1352                        netdev_state_change(dev);
1353                }
1354                if (t) {
1355                        err = 0;
1356                        ip6_tnl_parm_to_user(&p, &t->parms);
1357                        if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
1358                                err = -EFAULT;
1359
1360                } else
1361                        err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
1362                break;
1363        case SIOCDELTUNNEL:
1364                err = -EPERM;
1365                if (!capable(CAP_NET_ADMIN))
1366                        break;
1367
1368                if (dev == ip6n->fb_tnl_dev) {
1369                        err = -EFAULT;
1370                        if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p)))
1371                                break;
1372                        err = -ENOENT;
1373                        ip6_tnl_parm_from_user(&p1, &p);
1374                        t = ip6_tnl_locate(net, &p1, 0);
1375                        if (t == NULL)
1376                                break;
1377                        err = -EPERM;
1378                        if (t->dev == ip6n->fb_tnl_dev)
1379                                break;
1380                        dev = t->dev;
1381                }
1382                err = 0;
1383                unregister_netdevice(dev);
1384                break;
1385        default:
1386                err = -EINVAL;
1387        }
1388        return err;
1389}
1390
1391/**
1392 * ip6_tnl_change_mtu - change mtu manually for tunnel device
1393 *   @dev: virtual device associated with tunnel
1394 *   @new_mtu: the new mtu
1395 *
1396 * Return:
1397 *   0 on success,
1398 *   %-EINVAL if mtu too small
1399 **/
1400
1401static int
1402ip6_tnl_change_mtu(struct net_device *dev, int new_mtu)
1403{
1404        if (new_mtu < IPV6_MIN_MTU) {
1405                return -EINVAL;
1406        }
1407        dev->mtu = new_mtu;
1408        return 0;
1409}
1410
1411
1412static const struct net_device_ops ip6_tnl_netdev_ops = {
1413        .ndo_uninit     = ip6_tnl_dev_uninit,
1414        .ndo_start_xmit = ip6_tnl_xmit,
1415        .ndo_do_ioctl   = ip6_tnl_ioctl,
1416        .ndo_change_mtu = ip6_tnl_change_mtu,
1417        .ndo_get_stats  = ip6_get_stats,
1418};
1419
1420
1421/**
1422 * ip6_tnl_dev_setup - setup virtual tunnel device
1423 *   @dev: virtual device associated with tunnel
1424 *
1425 * Description:
1426 *   Initialize function pointers and device parameters
1427 **/
1428
1429static void ip6_tnl_dev_setup(struct net_device *dev)
1430{
1431        struct ip6_tnl *t;
1432
1433        dev->netdev_ops = &ip6_tnl_netdev_ops;
1434        dev->destructor = ip6_dev_free;
1435
1436        dev->type = ARPHRD_TUNNEL6;
1437        dev->hard_header_len = LL_MAX_HEADER + sizeof (struct ipv6hdr);
1438        dev->mtu = ETH_DATA_LEN - sizeof (struct ipv6hdr);
1439        t = netdev_priv(dev);
1440        if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT))
1441                dev->mtu-=8;
1442        dev->flags |= IFF_NOARP;
1443        dev->addr_len = sizeof(struct in6_addr);
1444        dev->features |= NETIF_F_NETNS_LOCAL;
1445        dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
1446}
1447
1448
1449/**
1450 * ip6_tnl_dev_init_gen - general initializer for all tunnel devices
1451 *   @dev: virtual device associated with tunnel
1452 **/
1453
1454static inline int
1455ip6_tnl_dev_init_gen(struct net_device *dev)
1456{
1457        struct ip6_tnl *t = netdev_priv(dev);
1458
1459        t->dev = dev;
1460        dev->tstats = alloc_percpu(struct pcpu_tstats);
1461        if (!dev->tstats)
1462                return -ENOMEM;
1463        return 0;
1464}
1465
1466/**
1467 * ip6_tnl_dev_init - initializer for all non fallback tunnel devices
1468 *   @dev: virtual device associated with tunnel
1469 **/
1470
1471static int ip6_tnl_dev_init(struct net_device *dev)
1472{
1473        struct ip6_tnl *t = netdev_priv(dev);
1474        int err = ip6_tnl_dev_init_gen(dev);
1475
1476        if (err)
1477                return err;
1478        ip6_tnl_link_config(t);
1479        return 0;
1480}
1481
1482/**
1483 * ip6_fb_tnl_dev_init - initializer for fallback tunnel device
1484 *   @dev: fallback device
1485 *
1486 * Return: 0
1487 **/
1488
1489static int __net_init ip6_fb_tnl_dev_init(struct net_device *dev)
1490{
1491        struct ip6_tnl *t = netdev_priv(dev);
1492        struct net *net = dev_net(dev);
1493        struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
1494        int err = ip6_tnl_dev_init_gen(dev);
1495
1496        if (err)
1497                return err;
1498
1499        t->parms.proto = IPPROTO_IPV6;
1500        dev_hold(dev);
1501
1502        ip6_tnl_link_config(t);
1503
1504        rcu_assign_pointer(ip6n->tnls_wc[0], t);
1505        return 0;
1506}
1507
1508static struct xfrm6_tunnel ip4ip6_handler __read_mostly = {
1509        .handler        = ip4ip6_rcv,
1510        .err_handler    = ip4ip6_err,
1511        .priority       =       1,
1512};
1513
1514static struct xfrm6_tunnel ip6ip6_handler __read_mostly = {
1515        .handler        = ip6ip6_rcv,
1516        .err_handler    = ip6ip6_err,
1517        .priority       =       1,
1518};
1519
1520static void __net_exit ip6_tnl_destroy_tunnels(struct ip6_tnl_net *ip6n)
1521{
1522        int h;
1523        struct ip6_tnl *t;
1524        LIST_HEAD(list);
1525
1526        for (h = 0; h < HASH_SIZE; h++) {
1527                t = rtnl_dereference(ip6n->tnls_r_l[h]);
1528                while (t != NULL) {
1529                        unregister_netdevice_queue(t->dev, &list);
1530                        t = rtnl_dereference(t->next);
1531                }
1532        }
1533
1534        t = rtnl_dereference(ip6n->tnls_wc[0]);
1535        unregister_netdevice_queue(t->dev, &list);
1536        unregister_netdevice_many(&list);
1537}
1538
1539static int __net_init ip6_tnl_init_net(struct net *net)
1540{
1541        struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
1542        struct ip6_tnl *t = NULL;
1543        int err;
1544
1545        ip6n->tnls[0] = ip6n->tnls_wc;
1546        ip6n->tnls[1] = ip6n->tnls_r_l;
1547
1548        err = -ENOMEM;
1549        ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6tnl0",
1550                                      ip6_tnl_dev_setup);
1551
1552        if (!ip6n->fb_tnl_dev)
1553                goto err_alloc_dev;
1554        dev_net_set(ip6n->fb_tnl_dev, net);
1555
1556        err = ip6_fb_tnl_dev_init(ip6n->fb_tnl_dev);
1557        if (err < 0)
1558                goto err_register;
1559
1560        err = register_netdev(ip6n->fb_tnl_dev);
1561        if (err < 0)
1562                goto err_register;
1563
1564        t = netdev_priv(ip6n->fb_tnl_dev);
1565
1566        strcpy(t->parms.name, ip6n->fb_tnl_dev->name);
1567        return 0;
1568
1569err_register:
1570        ip6_dev_free(ip6n->fb_tnl_dev);
1571err_alloc_dev:
1572        return err;
1573}
1574
1575static void __net_exit ip6_tnl_exit_net(struct net *net)
1576{
1577        struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
1578
1579        rtnl_lock();
1580        ip6_tnl_destroy_tunnels(ip6n);
1581        rtnl_unlock();
1582}
1583
1584static struct pernet_operations ip6_tnl_net_ops = {
1585        .init = ip6_tnl_init_net,
1586        .exit = ip6_tnl_exit_net,
1587        .id   = &ip6_tnl_net_id,
1588        .size = sizeof(struct ip6_tnl_net),
1589};
1590
1591/**
1592 * ip6_tunnel_init - register protocol and reserve needed resources
1593 *
1594 * Return: 0 on success
1595 **/
1596
1597static int __init ip6_tunnel_init(void)
1598{
1599        int  err;
1600
1601        err = register_pernet_device(&ip6_tnl_net_ops);
1602        if (err < 0)
1603                goto out_pernet;
1604
1605        err = xfrm6_tunnel_register(&ip4ip6_handler, AF_INET);
1606        if (err < 0) {
1607                pr_err("%s: can't register ip4ip6\n", __func__);
1608                goto out_ip4ip6;
1609        }
1610
1611        err = xfrm6_tunnel_register(&ip6ip6_handler, AF_INET6);
1612        if (err < 0) {
1613                pr_err("%s: can't register ip6ip6\n", __func__);
1614                goto out_ip6ip6;
1615        }
1616
1617        return 0;
1618
1619out_ip6ip6:
1620        xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET);
1621out_ip4ip6:
1622        unregister_pernet_device(&ip6_tnl_net_ops);
1623out_pernet:
1624        return err;
1625}
1626
1627/**
1628 * ip6_tunnel_cleanup - free resources and unregister protocol
1629 **/
1630
1631static void __exit ip6_tunnel_cleanup(void)
1632{
1633        if (xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET))
1634                pr_info("%s: can't deregister ip4ip6\n", __func__);
1635
1636        if (xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6))
1637                pr_info("%s: can't deregister ip6ip6\n", __func__);
1638
1639        unregister_pernet_device(&ip6_tnl_net_ops);
1640}
1641
1642module_init(ip6_tunnel_init);
1643module_exit(ip6_tunnel_cleanup);
1644
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.