LXR linux-bk/net/ipv4/ip

   1/*
   2 *      Linux NET3:     GRE over IP protocol decoder. 
   3 *
   4 *      Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
   5 *
   6 *      This program is free software; you can redistribute it and/or
   7 *      modify it under the terms of the GNU General Public License
   8 *      as published by the Free Software Foundation; either version
   9 *      2 of the License, or (at your option) any later version.
  10 *
  11 */
  12
  13#include <linux/config.h>
  14#include <linux/module.h>
  15#include <linux/types.h>
  16#include <linux/sched.h>
  17#include <linux/kernel.h>
  18#include <asm/uaccess.h>
  19#include <linux/skbuff.h>
  20#include <linux/netdevice.h>
  21#include <linux/in.h>
  22#include <linux/tcp.h>
  23#include <linux/udp.h>
  24#include <linux/if_arp.h>
  25#include <linux/mroute.h>
  26#include <linux/init.h>
  27#include <linux/in6.h>
  28#include <linux/inetdevice.h>
  29#include <linux/igmp.h>
  30#include <linux/netfilter_ipv4.h>
  31
  32#include <net/sock.h>
  33#include <net/ip.h>
  34#include <net/icmp.h>
  35#include <net/protocol.h>
  36#include <net/ipip.h>
  37#include <net/arp.h>
  38#include <net/checksum.h>
  39#include <net/inet_ecn.h>
  40#include <net/xfrm.h>
  41
  42#ifdef CONFIG_IPV6
  43#include <net/ipv6.h>
  44#include <net/ip6_fib.h>
  45#include <net/ip6_route.h>
  46#endif
  47
  48/*
  49   Problems & solutions
  50   --------------------
  51
  52   1. The most important issue is detecting local dead loops.
  53   They would cause complete host lockup in transmit, which
  54   would be "resolved" by stack overflow or, if queueing is enabled,
  55   with infinite looping in net_bh.
  56
  57   We cannot track such dead loops during route installation,
  58   it is infeasible task. The most general solutions would be
  59   to keep skb->encapsulation counter (sort of local ttl),
  60   and silently drop packet when it expires. It is the best
  61   solution, but it supposes maintaing new variable in ALL
  62   skb, even if no tunneling is used.
  63
  64   Current solution: t->recursion lock breaks dead loops. It looks 
  65   like dev->tbusy flag, but I preferred new variable, because
  66   the semantics is different. One day, when hard_start_xmit
  67   will be multithreaded we will have to use skb->encapsulation.
  68
  69
  70
  71   2. Networking dead loops would not kill routers, but would really
  72   kill network. IP hop limit plays role of "t->recursion" in this case,
  73   if we copy it from packet being encapsulated to upper header.
  74   It is very good solution, but it introduces two problems:
  75
  76   - Routing protocols, using packets with ttl=1 (OSPF, RIP2),
  77     do not work over tunnels.
  78   - traceroute does not work. I planned to relay ICMP from tunnel,
  79     so that this problem would be solved and traceroute output
  80     would even more informative. This idea appeared to be wrong:
  81     only Linux complies to rfc1812 now (yes, guys, Linux is the only
  82     true router now :-)), all routers (at least, in neighbourhood of mine)
  83     return only 8 bytes of payload. It is the end.
  84
  85   Hence, if we want that OSPF worked or traceroute said something reasonable,
  86   we should search for another solution.
  87
  88   One of them is to parse packet trying to detect inner encapsulation
  89   made by our node. It is difficult or even impossible, especially,
  90   taking into account fragmentation. TO be short, tt is not solution at all.
  91
  92   Current solution: The solution was UNEXPECTEDLY SIMPLE.
  93   We force DF flag on tunnels with preconfigured hop limit,
  94   that is ALL. :-) Well, it does not remove the problem completely,
  95   but exponential growth of network traffic is changed to linear
  96   (branches, that exceed pmtu are pruned) and tunnel mtu
  97   fastly degrades to value <68, where looping stops.
  98   Yes, it is not good if there exists a router in the loop,
  99   which does not force DF, even when encapsulating packets have DF set.
 100   But it is not our problem! Nobody could accuse us, we made
 101   all that we could make. Even if it is your gated who injected
 102   fatal route to network, even if it were you who configured
 103   fatal static route: you are innocent. :-)
 104
 105
 106
 107   3. Really, ipv4/ipip.c, ipv4/ip_gre.c and ipv6/sit.c contain
 108   practically identical code. It would be good to glue them
 109   together, but it is not very evident, how to make them modular.
 110   sit is integral part of IPv6, ipip and gre are naturally modular.
 111   We could extract common parts (hash table, ioctl etc)
 112   to a separate module (ip_tunnel.c).
 113
 114   Alexey Kuznetsov.
 115 */
 116
 117static int ipgre_tunnel_init(struct net_device *dev);
 118static void ipgre_tunnel_setup(struct net_device *dev);
 119
 120/* Fallback tunnel: no source, no destination, no key, no options */
 121
 122static int ipgre_fb_tunnel_init(struct net_device *dev);
 123
 124static struct net_device *ipgre_fb_tunnel_dev;
 125
 126/* Tunnel hash table */
 127
 128/*
 129   4 hash tables:
 130
 131   3: (remote,local)
 132   2: (remote,*)
 133   1: (*,local)
 134   0: (*,*)
 135
 136   We require exact key match i.e. if a key is present in packet
 137   it will match only tunnel with the same key; if it is not present,
 138   it will match only keyless tunnel.
 139
 140   All keysless packets, if not matched configured keyless tunnels
 141   will match fallback tunnel.
 142 */
 143
 144#define HASH_SIZE  16
 145#define HASH(addr) ((addr^(addr>>4))&0xF)
 146
 147static struct ip_tunnel *tunnels[4][HASH_SIZE];
 148
 149#define tunnels_r_l     (tunnels[3])
 150#define tunnels_r       (tunnels[2])
 151#define tunnels_l       (tunnels[1])
 152#define tunnels_wc      (tunnels[0])
 153
 154static rwlock_t ipgre_lock = RW_LOCK_UNLOCKED;
 155
 156/* Given src, dst and key, find appropriate for input tunnel. */
 157
 158static struct ip_tunnel * ipgre_tunnel_lookup(u32 remote, u32 local, u32 key)
 159{
 160        unsigned h0 = HASH(remote);
 161        unsigned h1 = HASH(key);
 162        struct ip_tunnel *t;
 163
 164        for (t = tunnels_r_l[h0^h1]; t; t = t->next) {
 165                if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) {
 166                        if (t->parms.i_key == key && (t->dev->flags&IFF_UP))
 167                                return t;
 168                }
 169        }
 170        for (t = tunnels_r[h0^h1]; t; t = t->next) {
 171                if (remote == t->parms.iph.daddr) {
 172                        if (t->parms.i_key == key && (t->dev->flags&IFF_UP))
 173                                return t;
 174                }
 175        }
 176        for (t = tunnels_l[h1]; t; t = t->next) {
 177                if (local == t->parms.iph.saddr ||
 178                     (local == t->parms.iph.daddr && MULTICAST(local))) {
 179                        if (t->parms.i_key == key && (t->dev->flags&IFF_UP))
 180                                return t;
 181                }
 182        }
 183        for (t = tunnels_wc[h1]; t; t = t->next) {
 184                if (t->parms.i_key == key && (t->dev->flags&IFF_UP))
 185                        return t;
 186        }
 187
 188        if (ipgre_fb_tunnel_dev->flags&IFF_UP)
 189                return ipgre_fb_tunnel_dev->priv;
 190        return NULL;
 191}
 192
 193static struct ip_tunnel **ipgre_bucket(struct ip_tunnel *t)
 194{
 195        u32 remote = t->parms.iph.daddr;
 196        u32 local = t->parms.iph.saddr;
 197        u32 key = t->parms.i_key;
 198        unsigned h = HASH(key);
 199        int prio = 0;
 200
 201        if (local)
 202                prio |= 1;
 203        if (remote && !MULTICAST(remote)) {
 204                prio |= 2;
 205                h ^= HASH(remote);
 206        }
 207
 208        return &tunnels[prio][h];
 209}
 210
 211static void ipgre_tunnel_link(struct ip_tunnel *t)
 212{
 213        struct ip_tunnel **tp = ipgre_bucket(t);
 214
 215        t->next = *tp;
 216        write_lock_bh(&ipgre_lock);
 217        *tp = t;
 218        write_unlock_bh(&ipgre_lock);
 219}
 220
 221static void ipgre_tunnel_unlink(struct ip_tunnel *t)
 222{
 223        struct ip_tunnel **tp;
 224
 225        for (tp = ipgre_bucket(t); *tp; tp = &(*tp)->next) {
 226                if (t == *tp) {
 227                        write_lock_bh(&ipgre_lock);
 228                        *tp = t->next;
 229                        write_unlock_bh(&ipgre_lock);
 230                        break;
 231                }
 232        }
 233}
 234
 235static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int create)
 236{
 237        u32 remote = parms->iph.daddr;
 238        u32 local = parms->iph.saddr;
 239        u32 key = parms->i_key;
 240        struct ip_tunnel *t, **tp, *nt;
 241        struct net_device *dev;
 242        unsigned h = HASH(key);
 243        int prio = 0;
 244        char name[IFNAMSIZ];
 245
 246        if (local)
 247                prio |= 1;
 248        if (remote && !MULTICAST(remote)) {
 249                prio |= 2;
 250                h ^= HASH(remote);
 251        }
 252        for (tp = &tunnels[prio][h]; (t = *tp) != NULL; tp = &t->next) {
 253                if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) {
 254                        if (key == t->parms.i_key)
 255                                return t;
 256                }
 257        }
 258        if (!create)
 259                return NULL;
 260
 261        if (parms->name[0])
 262                strlcpy(name, parms->name, IFNAMSIZ);
 263        else {
 264                int i;
 265                for (i=1; i<100; i++) {
 266                        sprintf(name, "gre%d", i);
 267                        if (__dev_get_by_name(name) == NULL)
 268                                break;
 269                }
 270                if (i==100)
 271                        goto failed;
 272        }
 273
 274        dev = alloc_netdev(sizeof(*t), name, ipgre_tunnel_setup);
 275        if (!dev)
 276          return NULL;
 277
 278        dev->init = ipgre_tunnel_init;
 279        nt = dev->priv;
 280        nt->parms = *parms;
 281
 282        if (register_netdevice(dev) < 0) {
 283                kfree(dev);
 284                goto failed;
 285        }
 286
 287        nt = dev->priv;
 288        nt->parms = *parms;
 289
 290        dev_hold(dev);
 291        ipgre_tunnel_link(nt);
 292        /* Do not decrement MOD_USE_COUNT here. */
 293        return nt;
 294
 295failed:
 296        return NULL;
 297}
 298
 299static void ipgre_tunnel_uninit(struct net_device *dev)
 300{
 301        ipgre_tunnel_unlink((struct ip_tunnel*)dev->priv);
 302        dev_put(dev);
 303}
 304
 305
 306void ipgre_err(struct sk_buff *skb, u32 info)
 307{
 308#ifndef I_WISH_WORLD_WERE_PERFECT
 309
 310/* It is not :-( All the routers (except for Linux) return only
 311   8 bytes of packet payload. It means, that precise relaying of
 312   ICMP in the real Internet is absolutely infeasible.
 313
 314   Moreover, Cisco "wise men" put GRE key to the third word
 315   in GRE header. It makes impossible maintaining even soft state for keyed
 316   GRE tunnels with enabled checksum. Tell them "thank you".
 317
 318   Well, I wonder, rfc1812 was written by Cisco employee,
 319   what the hell these idiots break standrads established
 320   by themself???
 321 */
 322
 323        struct iphdr *iph = (struct iphdr*)skb->data;
 324        u16          *p = (u16*)(skb->data+(iph->ihl<<2));
 325        int grehlen = (iph->ihl<<2) + 4;
 326        int type = skb->h.icmph->type;
 327        int code = skb->h.icmph->code;
 328        struct ip_tunnel *t;
 329        u16 flags;
 330
 331        flags = p[0];
 332        if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) {
 333                if (flags&(GRE_VERSION|GRE_ROUTING))
 334                        return;
 335                if (flags&GRE_KEY) {
 336                        grehlen += 4;
 337                        if (flags&GRE_CSUM)
 338                                grehlen += 4;
 339                }
 340        }
 341
 342        /* If only 8 bytes returned, keyed message will be dropped here */
 343        if (skb_headlen(skb) < grehlen)
 344                return;
 345
 346        switch (type) {
 347        default:
 348        case ICMP_PARAMETERPROB:
 349                return;
 350
 351        case ICMP_DEST_UNREACH:
 352                switch (code) {
 353                case ICMP_SR_FAILED:
 354                case ICMP_PORT_UNREACH:
 355                        /* Impossible event. */
 356                        return;
 357                case ICMP_FRAG_NEEDED:
 358                        /* Soft state for pmtu is maintained by IP core. */
 359                        return;
 360                default:
 361                        /* All others are translated to HOST_UNREACH.
 362                           rfc2003 contains "deep thoughts" about NET_UNREACH,
 363                           I believe they are just ether pollution. --ANK
 364                         */
 365                        break;
 366                }
 367                break;
 368        case ICMP_TIME_EXCEEDED:
 369                if (code != ICMP_EXC_TTL)
 370                        return;
 371                break;
 372        }
 373
 374        read_lock(&ipgre_lock);
 375        t = ipgre_tunnel_lookup(iph->daddr, iph->saddr, (flags&GRE_KEY) ? *(((u32*)p) + (grehlen>>2) - 1) : 0);
 376        if (t == NULL || t->parms.iph.daddr == 0 || MULTICAST(t->parms.iph.daddr))
 377                goto out;
 378
 379        if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
 380                goto out;
 381
 382        if (jiffies - t->err_time < IPTUNNEL_ERR_TIMEO)
 383                t->err_count++;
 384        else
 385                t->err_count = 1;
 386        t->err_time = jiffies;
 387out:
 388        read_unlock(&ipgre_lock);
 389        return;
 390#else
 391        struct iphdr *iph = (struct iphdr*)dp;
 392        struct iphdr *eiph;
 393        u16          *p = (u16*)(dp+(iph->ihl<<2));
 394        int type = skb->h.icmph->type;
 395        int code = skb->h.icmph->code;
 396        int rel_type = 0;
 397        int rel_code = 0;
 398        int rel_info = 0;
 399        u16 flags;
 400        int grehlen = (iph->ihl<<2) + 4;
 401        struct sk_buff *skb2;
 402        struct flowi fl;
 403        struct rtable *rt;
 404
 405        if (p[1] != htons(ETH_P_IP))
 406                return;
 407
 408        flags = p[0];
 409        if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) {
 410                if (flags&(GRE_VERSION|GRE_ROUTING))
 411                        return;
 412                if (flags&GRE_CSUM)
 413                        grehlen += 4;
 414                if (flags&GRE_KEY)
 415                        grehlen += 4;
 416                if (flags&GRE_SEQ)
 417                        grehlen += 4;
 418        }
 419        if (len < grehlen + sizeof(struct iphdr))
 420                return;
 421        eiph = (struct iphdr*)(dp + grehlen);
 422
 423        switch (type) {
 424        default:
 425                return;
 426        case ICMP_PARAMETERPROB:
 427                if (skb->h.icmph->un.gateway < (iph->ihl<<2))
 428                        return;
 429
 430                /* So... This guy found something strange INSIDE encapsulated
 431                   packet. Well, he is fool, but what can we do ?
 432                 */
 433                rel_type = ICMP_PARAMETERPROB;
 434                rel_info = skb->h.icmph->un.gateway - grehlen;
 435                break;
 436
 437        case ICMP_DEST_UNREACH:
 438                switch (code) {
 439                case ICMP_SR_FAILED:
 440                case ICMP_PORT_UNREACH:
 441                        /* Impossible event. */
 442                        return;
 443                case ICMP_FRAG_NEEDED:
 444                        /* And it is the only really necessary thing :-) */
 445                        rel_info = ntohs(skb->h.icmph->un.frag.mtu);
 446                        if (rel_info < grehlen+68)
 447                                return;
 448                        rel_info -= grehlen;
 449                        /* BSD 4.2 MORE DOES NOT EXIST IN NATURE. */
 450                        if (rel_info > ntohs(eiph->tot_len))
 451                                return;
 452                        break;
 453                default:
 454                        /* All others are translated to HOST_UNREACH.
 455                           rfc2003 contains "deep thoughts" about NET_UNREACH,
 456                           I believe, it is just ether pollution. --ANK
 457                         */
 458                        rel_type = ICMP_DEST_UNREACH;
 459                        rel_code = ICMP_HOST_UNREACH;
 460                        break;
 461                }
 462                break;
 463        case ICMP_TIME_EXCEEDED:
 464                if (code != ICMP_EXC_TTL)
 465                        return;
 466                break;
 467        }
 468
 469        /* Prepare fake skb to feed it to icmp_send */
 470        skb2 = skb_clone(skb, GFP_ATOMIC);
 471        if (skb2 == NULL)
 472                return;
 473        dst_release(skb2->dst);
 474        skb2->dst = NULL;
 475        skb_pull(skb2, skb->data - (u8*)eiph);
 476        skb2->nh.raw = skb2->data;
 477
 478        /* Try to guess incoming interface */
 479        memset(&fl, 0, sizeof(fl));
 480        fl.fl4_dst = eiph->saddr;
 481        fl.fl4_tos = RT_TOS(eiph->tos);
 482        fl.proto = IPPROTO_GRE;
 483        if (ip_route_output_key(&rt, &fl)) {
 484                kfree_skb(skb2);
 485                return;
 486        }
 487        skb2->dev = rt->u.dst.dev;
 488
 489        /* route "incoming" packet */
 490        if (rt->rt_flags&RTCF_LOCAL) {
 491                ip_rt_put(rt);
 492                rt = NULL;
 493                fl.fl4_dst = eiph->daddr;
 494                fl.fl4_src = eiph->saddr;
 495                fl.fl4_tos = eiph->tos;
 496                if (ip_route_output_key(&rt, &fl) ||
 497                    rt->u.dst.dev->type != ARPHRD_IPGRE) {
 498                        ip_rt_put(rt);
 499                        kfree_skb(skb2);
 500                        return;
 501                }
 502        } else {
 503                ip_rt_put(rt);
 504                if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, skb2->dev) ||
 505                    skb2->dst->dev->type != ARPHRD_IPGRE) {
 506                        kfree_skb(skb2);
 507                        return;
 508                }
 509        }
 510
 511        /* change mtu on this route */
 512        if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
 513                if (rel_info > dst_pmtu(skb2->dst)) {
 514                        kfree_skb(skb2);
 515                        return;
 516                }
 517                skb2->dst->ops->update_pmtu(skb2->dst, rel_info);
 518                rel_info = htonl(rel_info);
 519        } else if (type == ICMP_TIME_EXCEEDED) {
 520                struct ip_tunnel *t = (struct ip_tunnel*)skb2->dev->priv;
 521                if (t->parms.iph.ttl) {
 522                        rel_type = ICMP_DEST_UNREACH;
 523                        rel_code = ICMP_HOST_UNREACH;
 524                }
 525        }
 526
 527        icmp_send(skb2, rel_type, rel_code, rel_info);
 528        kfree_skb(skb2);
 529#endif
 530}
 531
 532static inline void ipgre_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb)
 533{
 534        if (INET_ECN_is_ce(iph->tos)) {
 535                if (skb->protocol == htons(ETH_P_IP)) {
 536                        if (INET_ECN_is_not_ce(skb->nh.iph->tos))
 537                                IP_ECN_set_ce(skb->nh.iph);
 538                } else if (skb->protocol == htons(ETH_P_IPV6)) {
 539                        if (INET_ECN_is_not_ce(ip6_get_dsfield(skb->nh.ipv6h)))
 540                                IP6_ECN_set_ce(skb->nh.ipv6h);
 541                }
 542        }
 543}
 544
 545static inline u8
 546ipgre_ecn_encapsulate(u8 tos, struct iphdr *old_iph, struct sk_buff *skb)
 547{
 548        u8 inner = 0;
 549        if (skb->protocol == htons(ETH_P_IP))
 550                inner = old_iph->tos;
 551        else if (skb->protocol == htons(ETH_P_IPV6))
 552                inner = ip6_get_dsfield((struct ipv6hdr*)old_iph);
 553        return INET_ECN_encapsulate(tos, inner);
 554}
 555
 556int ipgre_rcv(struct sk_buff *skb)
 557{
 558        struct iphdr *iph;
 559        u8     *h;
 560        u16    flags;
 561        u16    csum = 0;
 562        u32    key = 0;
 563        u32    seqno = 0;
 564        struct ip_tunnel *tunnel;
 565        int    offset = 4;
 566
 567        if (!pskb_may_pull(skb, 16))
 568                goto drop_nolock;
 569
 570        iph = skb->nh.iph;
 571        h = skb->data;
 572        flags = *(u16*)h;
 573
 574        if (flags&(GRE_CSUM|GRE_KEY|GRE_ROUTING|GRE_SEQ|GRE_VERSION)) {
 575                /* - Version must be 0.
 576                   - We do not support routing headers.
 577                 */
 578                if (flags&(GRE_VERSION|GRE_ROUTING))
 579                        goto drop_nolock;
 580
 581                if (flags&GRE_CSUM) {
 582                        if (skb->ip_summed == CHECKSUM_HW) {
 583                                csum = (u16)csum_fold(skb->csum);
 584                                if (csum)
 585                                        skb->ip_summed = CHECKSUM_NONE;
 586                        }
 587                        if (skb->ip_summed == CHECKSUM_NONE) {
 588                                skb->csum = skb_checksum(skb, 0, skb->len, 0);
 589                                skb->ip_summed = CHECKSUM_HW;
 590                                csum = (u16)csum_fold(skb->csum);
 591                        }
 592                        offset += 4;
 593                }
 594                if (flags&GRE_KEY) {
 595                        key = *(u32*)(h + offset);
 596                        offset += 4;
 597                }
 598                if (flags&GRE_SEQ) {
 599                        seqno = ntohl(*(u32*)(h + offset));
 600                        offset += 4;
 601                }
 602        }
 603
 604        read_lock(&ipgre_lock);
 605        if ((tunnel = ipgre_tunnel_lookup(iph->saddr, iph->daddr, key)) != NULL) {
 606                secpath_reset(skb);
 607
 608                skb->mac.raw = skb->nh.raw;
 609                skb->nh.raw = __pskb_pull(skb, offset);
 610                memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
 611                if (skb->ip_summed == CHECKSUM_HW)
 612                        skb->csum = csum_sub(skb->csum,
 613                                             csum_partial(skb->mac.raw, skb->nh.raw-skb->mac.raw, 0));
 614                skb->protocol = *(u16*)(h + 2);
 615                skb->pkt_type = PACKET_HOST;
 616#ifdef CONFIG_NET_IPGRE_BROADCAST
 617                if (MULTICAST(iph->daddr)) {
 618                        /* Looped back packet, drop it! */
 619                        if (((struct rtable*)skb->dst)->fl.iif == 0)
 620                                goto drop;
 621                        tunnel->stat.multicast++;
 622                        skb->pkt_type = PACKET_BROADCAST;
 623                }
 624#endif
 625
 626                if (((flags&GRE_CSUM) && csum) ||
 627                    (!(flags&GRE_CSUM) && tunnel->parms.i_flags&GRE_CSUM)) {
 628                        tunnel->stat.rx_crc_errors++;
 629                        tunnel->stat.rx_errors++;
 630                        goto drop;
 631                }
 632                if (tunnel->parms.i_flags&GRE_SEQ) {
 633                        if (!(flags&GRE_SEQ) ||
 634                            (tunnel->i_seqno && (s32)(seqno - tunnel->i_seqno) < 0)) {
 635                                tunnel->stat.rx_fifo_errors++;
 636                                tunnel->stat.rx_errors++;
 637                                goto drop;
 638                        }
 639                        tunnel->i_seqno = seqno + 1;
 640                }
 641                tunnel->stat.rx_packets++;
 642                tunnel->stat.rx_bytes += skb->len;
 643                skb->dev = tunnel->dev;
 644                dst_release(skb->dst);
 645                skb->dst = NULL;
 646#ifdef CONFIG_NETFILTER
 647                nf_conntrack_put(skb->nfct);
 648                skb->nfct = NULL;
 649#ifdef CONFIG_NETFILTER_DEBUG
 650                skb->nf_debug = 0;
 651#endif
 652#endif
 653                ipgre_ecn_decapsulate(iph, skb);
 654                netif_rx(skb);
 655                read_unlock(&ipgre_lock);
 656                return(0);
 657        }
 658        icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0);
 659
 660drop:
 661        read_unlock(&ipgre_lock);
 662drop_nolock:
 663        kfree_skb(skb);
 664        return(0);
 665}
 666
 667static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
 668{
 669        struct ip_tunnel *tunnel = (struct ip_tunnel*)dev->priv;
 670        struct net_device_stats *stats = &tunnel->stat;
 671        struct iphdr  *old_iph = skb->nh.iph;
 672        struct iphdr  *tiph;
 673        u8     tos;
 674        u16    df;
 675        struct rtable *rt;                      /* Route to the other host */
 676        struct net_device *tdev;                        /* Device to other host */
 677        struct iphdr  *iph;                     /* Our new IP header */
 678        int    max_headroom;                    /* The extra header space needed */
 679        int    gre_hlen;
 680        u32    dst;
 681        int    mtu;
 682
 683        if (tunnel->recursion++) {
 684                tunnel->stat.collisions++;
 685                goto tx_error;
 686        }
 687
 688        if (dev->hard_header) {
 689                gre_hlen = 0;
 690                tiph = (struct iphdr*)skb->data;
 691        } else {
 692                gre_hlen = tunnel->hlen;
 693                tiph = &tunnel->parms.iph;
 694        }
 695
 696        if ((dst = tiph->daddr) == 0) {
 697                /* NBMA tunnel */
 698
 699                if (skb->dst == NULL) {
 700                        tunnel->stat.tx_fifo_errors++;
 701                        goto tx_error;
 702                }
 703
 704                if (skb->protocol == htons(ETH_P_IP)) {
 705                        rt = (struct rtable*)skb->dst;
 706                        if ((dst = rt->rt_gateway) == 0)
 707                                goto tx_error_icmp;
 708                }
 709#ifdef CONFIG_IPV6
 710                else if (skb->protocol == htons(ETH_P_IPV6)) {
 711                        struct in6_addr *addr6;
 712                        int addr_type;
 713                        struct neighbour *neigh = skb->dst->neighbour;
 714
 715                        if (neigh == NULL)
 716                                goto tx_error;
 717
 718                        addr6 = (struct in6_addr*)&neigh->primary_key;
 719                        addr_type = ipv6_addr_type(addr6);
 720
 721                        if (addr_type == IPV6_ADDR_ANY) {
 722                                addr6 = &skb->nh.ipv6h->daddr;
 723                                addr_type = ipv6_addr_type(addr6);
 724                        }
 725
 726                        if ((addr_type & IPV6_ADDR_COMPATv4) == 0)
 727                                goto tx_error_icmp;
 728
 729                        dst = addr6->s6_addr32[3];
 730                }
 731#endif
 732                else
 733                        goto tx_error;
 734        }
 735
 736        tos = tiph->tos;
 737        if (tos&1) {
 738                if (skb->protocol == htons(ETH_P_IP))
 739                        tos = old_iph->tos;
 740                tos &= ~1;
 741        }
 742
 743        {
 744                struct flowi fl = { .oif = tunnel->parms.link,
 745                                    .nl_u = { .ip4_u =
 746                                              { .daddr = dst,
 747                                                .saddr = tiph->saddr,
 748                                                .tos = RT_TOS(tos) } },
 749                                    .proto = IPPROTO_GRE };
 750                if (ip_route_output_key(&rt, &fl)) {
 751                        tunnel->stat.tx_carrier_errors++;
 752                        goto tx_error;
 753                }
 754        }
 755        tdev = rt->u.dst.dev;
 756
 757        if (tdev == dev) {
 758                ip_rt_put(rt);
 759                tunnel->stat.collisions++;
 760                goto tx_error;
 761        }
 762
 763        df = tiph->frag_off;
 764        if (df)
 765                mtu = dst_pmtu(&rt->u.dst) - tunnel->hlen;
 766        else
 767                mtu = skb->dst ? dst_pmtu(skb->dst) : dev->mtu;
 768
 769        if (skb->dst)
 770                skb->dst->ops->update_pmtu(skb->dst, mtu);
 771
 772        if (skb->protocol == htons(ETH_P_IP)) {
 773                df |= (old_iph->frag_off&htons(IP_DF));
 774
 775                if ((old_iph->frag_off&htons(IP_DF)) &&
 776                    mtu < ntohs(old_iph->tot_len)) {
 777                        icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
 778                        ip_rt_put(rt);
 779                        goto tx_error;
 780                }
 781        }
 782#ifdef CONFIG_IPV6
 783        else if (skb->protocol == htons(ETH_P_IPV6)) {
 784                struct rt6_info *rt6 = (struct rt6_info*)skb->dst;
 785
 786                if (rt6 && mtu < dst_pmtu(skb->dst) && mtu >= IPV6_MIN_MTU) {
 787                        if ((tunnel->parms.iph.daddr && !MULTICAST(tunnel->parms.iph.daddr)) ||
 788                            rt6->rt6i_dst.plen == 128) {
 789                                rt6->rt6i_flags |= RTF_MODIFIED;
 790                                skb->dst->metrics[RTAX_MTU-1] = mtu;
 791                        }
 792                }
 793
 794                if (mtu >= IPV6_MIN_MTU && mtu < skb->len - tunnel->hlen + gre_hlen) {
 795                        icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, dev);
 796                        ip_rt_put(rt);
 797                        goto tx_error;
 798                }
 799        }
 800#endif
 801
 802        if (tunnel->err_count > 0) {
 803                if (jiffies - tunnel->err_time < IPTUNNEL_ERR_TIMEO) {
 804                        tunnel->err_count--;
 805
 806                        dst_link_failure(skb);
 807                } else
 808                        tunnel->err_count = 0;
 809        }
 810
 811        max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen;
 812
 813        if (skb_headroom(skb) < max_headroom || skb_cloned(skb) || skb_shared(skb)) {
 814                struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
 815                if (!new_skb) {
 816                        ip_rt_put(rt);
 817                        stats->tx_dropped++;
 818                        dev_kfree_skb(skb);
 819                        tunnel->recursion--;
 820                        return 0;
 821                }
 822                if (skb->sk)
 823                        skb_set_owner_w(new_skb, skb->sk);
 824                dev_kfree_skb(skb);
 825                skb = new_skb;
 826                old_iph = skb->nh.iph;
 827        }
 828
 829        skb->h.raw = skb->nh.raw;
 830        skb->nh.raw = skb_push(skb, gre_hlen);
 831        memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
 832        dst_release(skb->dst);
 833        skb->dst = &rt->u.dst;
 834
 835        /*
 836         *      Push down and install the IPIP header.
 837         */
 838
 839        iph                     =       skb->nh.iph;
 840        iph->version            =       4;
 841        iph->ihl                =       sizeof(struct iphdr) >> 2;
 842        iph->frag_off           =       df;
 843        iph->protocol           =       IPPROTO_GRE;
 844        iph->tos                =       ipgre_ecn_encapsulate(tos, old_iph, skb);
 845        iph->daddr              =       rt->rt_dst;
 846        iph->saddr              =       rt->rt_src;
 847
 848        if ((iph->ttl = tiph->ttl) == 0) {
 849                if (skb->protocol == htons(ETH_P_IP))
 850                        iph->ttl = old_iph->ttl;
 851#ifdef CONFIG_IPV6
 852                else if (skb->protocol == htons(ETH_P_IPV6))
 853                        iph->ttl = ((struct ipv6hdr*)old_iph)->hop_limit;
 854#endif
 855                else
 856                        iph->ttl = dst_metric(&rt->u.dst, RTAX_HOPLIMIT);
 857        }
 858
 859        ((u16*)(iph+1))[0] = tunnel->parms.o_flags;
 860        ((u16*)(iph+1))[1] = skb->protocol;
 861
 862        if (tunnel->parms.o_flags&(GRE_KEY|GRE_CSUM|GRE_SEQ)) {
 863                u32 *ptr = (u32*)(((u8*)iph) + tunnel->hlen - 4);
 864
 865                if (tunnel->parms.o_flags&GRE_SEQ) {
 866                        ++tunnel->o_seqno;
 867                        *ptr = htonl(tunnel->o_seqno);
 868                        ptr--;
 869                }
 870                if (tunnel->parms.o_flags&GRE_KEY) {
 871                        *ptr = tunnel->parms.o_key;
 872                        ptr--;
 873                }
 874                if (tunnel->parms.o_flags&GRE_CSUM) {
 875                        *ptr = 0;
 876                        *(__u16*)ptr = ip_compute_csum((void*)(iph+1), skb->len - sizeof(struct iphdr));
 877                }
 878        }
 879
 880#ifdef CONFIG_NETFILTER
 881        nf_conntrack_put(skb->nfct);
 882        skb->nfct = NULL;
 883#ifdef CONFIG_NETFILTER_DEBUG
 884        skb->nf_debug = 0;
 885#endif
 886#endif
 887
 888        IPTUNNEL_XMIT();
 889        tunnel->recursion--;
 890        return 0;
 891
 892tx_error_icmp:
 893        dst_link_failure(skb);
 894
 895tx_error:
 896        stats->tx_errors++;
 897        dev_kfree_skb(skb);
 898        tunnel->recursion--;
 899        return 0;
 900}
 901
 902static int
 903ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
 904{
 905        int err = 0;
 906        struct ip_tunnel_parm p;
 907        struct ip_tunnel *t;
 908
 909        switch (cmd) {
 910        case SIOCGETTUNNEL:
 911                t = NULL;
 912                if (dev == ipgre_fb_tunnel_dev) {
 913                        if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
 914                                err = -EFAULT;
 915                                break;
 916                        }
 917                        t = ipgre_tunnel_locate(&p, 0);
 918                }
 919                if (t == NULL)
 920                        t = (struct ip_tunnel*)dev->priv;
 921                memcpy(&p, &t->parms, sizeof(p));
 922                if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
 923                        err = -EFAULT;
 924                break;
 925
 926        case SIOCADDTUNNEL:
 927        case SIOCCHGTUNNEL:
 928                err = -EPERM;
 929                if (!capable(CAP_NET_ADMIN))
 930                        goto done;
 931
 932                err = -EFAULT;
 933                if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
 934                        goto done;
 935
 936                err = -EINVAL;
 937                if (p.iph.version != 4 || p.iph.protocol != IPPROTO_GRE ||
 938                    p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)) ||
 939                    ((p.i_flags|p.o_flags)&(GRE_VERSION|GRE_ROUTING)))
 940                        goto done;
 941                if (p.iph.ttl)
 942                        p.iph.frag_off |= htons(IP_DF);
 943
 944                if (!(p.i_flags&GRE_KEY))
 945                        p.i_key = 0;
 946                if (!(p.o_flags&GRE_KEY))
 947                        p.o_key = 0;
 948
 949                t = ipgre_tunnel_locate(&p, cmd == SIOCADDTUNNEL);
 950
 951                if (dev != ipgre_fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
 952                        if (t != NULL) {
 953                                if (t->dev != dev) {
 954                                        err = -EEXIST;
 955                                        break;
 956                                }
 957                        } else {
 958                                unsigned nflags=0;
 959
 960                                t = (struct ip_tunnel*)dev->priv;
 961
 962                                if (MULTICAST(p.iph.daddr))
 963                                        nflags = IFF_BROADCAST;
 964                                else if (p.iph.daddr)
 965                                        nflags = IFF_POINTOPOINT;
 966
 967                                if ((dev->flags^nflags)&(IFF_POINTOPOINT|IFF_BROADCAST)) {
 968                                        err = -EINVAL;
 969                                        break;
 970                                }
 971                                ipgre_tunnel_unlink(t);
 972                                t->parms.iph.saddr = p.iph.saddr;
 973                                t->parms.iph.daddr = p.iph.daddr;
 974                                t->parms.i_key = p.i_key;
 975                                t->parms.o_key = p.o_key;
 976                                memcpy(dev->dev_addr, &p.iph.saddr, 4);
 977                                memcpy(dev->broadcast, &p.iph.daddr, 4);
 978                                ipgre_tunnel_link(t);
 979                                netdev_state_change(dev);
 980                        }
 981                }
 982
 983                if (t) {
 984                        err = 0;
 985                        if (cmd == SIOCCHGTUNNEL) {
 986                                t->parms.iph.ttl = p.iph.ttl;
 987                                t->parms.iph.tos = p.iph.tos;
 988                                t->parms.iph.frag_off = p.iph.frag_off;
 989                        }
 990                        if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
 991                                err = -EFAULT;
 992                } else
 993                        err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
 994                break;
 995
 996        case SIOCDELTUNNEL:
 997                err = -EPERM;
 998                if (!capable(CAP_NET_ADMIN))
 999                        goto done;
1000

1001                if (dev == ipgre_fb_tunnel_dev) {
1002                        err = -EFAULT;
1003                        if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
1004                                goto done;
1005                        err = -ENOENT;
1006                        if ((t = ipgre_tunnel_locate(&p, 0)) == NULL)
1007                                goto done;
1008                        err = -EPERM;
1009                        if (t == ipgre_fb_tunnel_dev->priv)
1010                                goto done;
1011                        dev = t->dev;
1012                }
1013                err = unregister_netdevice(dev);
1014                break;
1015
1016        default:
1017                err = -EINVAL;
1018        }
1019
1020done:
1021        return err;
1022}
1023
1024static struct net_device_stats *ipgre_tunnel_get_stats(struct net_device *dev)
1025{
1026        return &(((struct ip_tunnel*)dev->priv)->stat);
1027}
1028
1029static int ipgre_tunnel_change_mtu(struct net_device *dev, int new_mtu)
1030{
1031        struct ip_tunnel *tunnel = (struct ip_tunnel*)dev->priv;
1032        if (new_mtu < 68 || new_mtu > 0xFFF8 - tunnel->hlen)
1033                return -EINVAL;
1034        dev->mtu = new_mtu;
1035        return 0;
1036}
1037
1038#ifdef CONFIG_NET_IPGRE_BROADCAST
1039/* Nice toy. Unfortunately, useless in real life :-)
1040   It allows to construct virtual multiprotocol broadcast "LAN"
1041   over the Internet, provided multicast routing is tuned.
1042
1043
1044   I have no idea was this bicycle invented before me,
1045   so that I had to set ARPHRD_IPGRE to a random value.
1046   I have an impression, that Cisco could make something similar,
1047   but this feature is apparently missing in IOS<=11.2(8).
1048   
1049   I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks
1050   with broadcast 224.66.66.66. If you have access to mbone, play with me :-)
1051
1052   ping -t 255 224.66.66.66
1053
1054   If nobody answers, mbone does not work.
1055
1056   ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255
1057   ip addr add 10.66.66.<somewhat>/24 dev Universe
1058   ifconfig Universe up
1059   ifconfig Universe add fe80::<Your_real_addr>/10
1060   ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96
1061   ftp 10.66.66.66
1062   ...
1063   ftp fec0:6666:6666::193.233.7.65
1064   ...
1065
1066 */
1067
1068static int ipgre_header(struct sk_buff *skb, struct net_device *dev, unsigned short type,
1069                        void *daddr, void *saddr, unsigned len)
1070{
1071        struct ip_tunnel *t = (struct ip_tunnel*)dev->priv;
1072        struct iphdr *iph = (struct iphdr *)skb_push(skb, t->hlen);
1073        u16 *p = (u16*)(iph+1);
1074
1075        memcpy(iph, &t->parms.iph, sizeof(struct iphdr));
1076        p[0]            = t->parms.o_flags;
1077        p[1]            = htons(type);
1078
1079        /*
1080         *      Set the source hardware address. 
1081         */
1082         
1083        if (saddr)
1084                memcpy(&iph->saddr, saddr, 4);
1085
1086        if (daddr) {
1087                memcpy(&iph->daddr, daddr, 4);
1088                return t->hlen;
1089        }
1090        if (iph->daddr && !MULTICAST(iph->daddr))
1091                return t->hlen;
1092        
1093        return -t->hlen;
1094}
1095
1096static int ipgre_open(struct net_device *dev)
1097{
1098        struct ip_tunnel *t = (struct ip_tunnel*)dev->priv;
1099
1100        if (MULTICAST(t->parms.iph.daddr)) {
1101                struct flowi fl = { .oif = t->parms.link,
1102                                    .nl_u = { .ip4_u =
1103                                              { .daddr = t->parms.iph.daddr,
1104                                                .saddr = t->parms.iph.saddr,
1105                                                .tos = RT_TOS(t->parms.iph.tos) } },
1106                                    .proto = IPPROTO_GRE };
1107                struct rtable *rt;
1108                if (ip_route_output_key(&rt, &fl))
1109                        return -EADDRNOTAVAIL;
1110                dev = rt->u.dst.dev;
1111                ip_rt_put(rt);
1112                if (__in_dev_get(dev) == NULL)
1113                        return -EADDRNOTAVAIL;
1114                t->mlink = dev->ifindex;
1115                ip_mc_inc_group(__in_dev_get(dev), t->parms.iph.daddr);
1116        }
1117        return 0;
1118}
1119
1120static int ipgre_close(struct net_device *dev)
1121{
1122        struct ip_tunnel *t = (struct ip_tunnel*)dev->priv;
1123        if (MULTICAST(t->parms.iph.daddr) && t->mlink) {
1124                struct in_device *in_dev = inetdev_by_index(t->mlink);
1125                if (in_dev) {
1126                        ip_mc_dec_group(in_dev, t->parms.iph.daddr);
1127                        in_dev_put(in_dev);
1128                }
1129        }
1130        return 0;
1131}
1132
1133#endif
1134
1135static void ipgre_tunnel_setup(struct net_device *dev)
1136{
1137        SET_MODULE_OWNER(dev);
1138        dev->uninit             = ipgre_tunnel_uninit;
1139        dev->destructor         = free_netdev;
1140        dev->hard_start_xmit    = ipgre_tunnel_xmit;
1141        dev->get_stats          = ipgre_tunnel_get_stats;
1142        dev->do_ioctl           = ipgre_tunnel_ioctl;
1143        dev->change_mtu         = ipgre_tunnel_change_mtu;
1144
1145        dev->type               = ARPHRD_IPGRE;
1146        dev->hard_header_len    = LL_MAX_HEADER + sizeof(struct iphdr) + 4;
1147        dev->mtu                = 1500 - sizeof(struct iphdr) - 4;
1148        dev->flags              = IFF_NOARP;
1149        dev->iflink             = 0;
1150        dev->addr_len           = 4;
1151}
1152
1153static int ipgre_tunnel_init(struct net_device *dev)
1154{
1155        struct net_device *tdev = NULL;
1156        struct ip_tunnel *tunnel;
1157        struct iphdr *iph;
1158        int hlen = LL_MAX_HEADER;
1159        int mtu = 1500;
1160        int addend = sizeof(struct iphdr) + 4;
1161
1162        tunnel = (struct ip_tunnel*)dev->priv;
1163        iph = &tunnel->parms.iph;
1164
1165        tunnel->dev = dev;
1166        strcpy(tunnel->parms.name, dev->name);
1167
1168        memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
1169        memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
1170
1171        /* Guess output device to choose reasonable mtu and hard_header_len */
1172
1173        if (iph->daddr) {
1174                struct flowi fl = { .oif = tunnel->parms.link,
1175                                    .nl_u = { .ip4_u =
1176                                              { .daddr = iph->daddr,
1177                                                .saddr = iph->saddr,
1178                                                .tos = RT_TOS(iph->tos) } },
1179                                    .proto = IPPROTO_GRE };
1180                struct rtable *rt;
1181                if (!ip_route_output_key(&rt, &fl)) {
1182                        tdev = rt->u.dst.dev;
1183                        ip_rt_put(rt);
1184                }
1185
1186                dev->flags |= IFF_POINTOPOINT;
1187
1188#ifdef CONFIG_NET_IPGRE_BROADCAST
1189                if (MULTICAST(iph->daddr)) {
1190                        if (!iph->saddr)
1191                                return -EINVAL;
1192                        dev->flags = IFF_BROADCAST;
1193                        dev->hard_header = ipgre_header;
1194                        dev->open = ipgre_open;
1195                        dev->stop = ipgre_close;
1196                }
1197#endif
1198        }
1199
1200        if (!tdev && tunnel->parms.link)
1201                tdev = __dev_get_by_index(tunnel->parms.link);
1202
1203        if (tdev) {
1204                hlen = tdev->hard_header_len;
1205                mtu = tdev->mtu;
1206        }
1207        dev->iflink = tunnel->parms.link;
1208
1209        /* Precalculate GRE options length */
1210        if (tunnel->parms.o_flags&(GRE_CSUM|GRE_KEY|GRE_SEQ)) {
1211                if (tunnel->parms.o_flags&GRE_CSUM)
1212                        addend += 4;
1213                if (tunnel->parms.o_flags&GRE_KEY)
1214                        addend += 4;
1215                if (tunnel->parms.o_flags&GRE_SEQ)
1216                        addend += 4;
1217        }
1218        dev->hard_header_len = hlen + addend;
1219        dev->mtu = mtu - addend;
1220        tunnel->hlen = addend;
1221        return 0;
1222}
1223
1224int __init ipgre_fb_tunnel_init(struct net_device *dev)
1225{
1226        struct ip_tunnel *tunnel = (struct ip_tunnel*)dev->priv;
1227        struct iphdr *iph = &tunnel->parms.iph;
1228
1229        tunnel->dev = dev;
1230        strcpy(tunnel->parms.name, dev->name);
1231
1232        iph->version            = 4;
1233        iph->protocol           = IPPROTO_GRE;
1234        iph->ihl                = 5;
1235        tunnel->hlen            = sizeof(struct iphdr) + 4;
1236
1237        dev_hold(dev);
1238        tunnels_wc[0]           = tunnel;
1239        return 0;
1240}
1241
1242
1243static struct inet_protocol ipgre_protocol = {
1244        .handler        =       ipgre_rcv,
1245        .err_handler    =       ipgre_err,
1246};
1247
1248
1249/*
1250 *      And now the modules code and kernel interface.
1251 */
1252
1253int __init ipgre_init(void)
1254{
1255        int err = -EINVAL;
1256
1257        printk(KERN_INFO "GRE over IPv4 tunneling driver\n");
1258
1259        if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
1260                printk(KERN_INFO "ipgre init: can't add protocol\n");
1261                return -EAGAIN;
1262        }
1263
1264        ipgre_fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0",
1265                                           ipgre_tunnel_setup);
1266        if (!ipgre_fb_tunnel_dev) {
1267                err = -ENOMEM;
1268                goto fail;
1269        }
1270
1271        ipgre_fb_tunnel_dev->init = ipgre_fb_tunnel_init;
1272
1273        if ((err = register_netdev(ipgre_fb_tunnel_dev)))
1274                goto fail;
1275out:
1276        return err;
1277fail:
1278        inet_del_protocol(&ipgre_protocol, IPPROTO_GRE);
1279        kfree(ipgre_fb_tunnel_dev);
1280        goto out;
1281}
1282
1283void ipgre_fini(void)
1284{
1285        if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0)
1286                printk(KERN_INFO "ipgre close: can't remove protocol\n");
1287
1288        unregister_netdev(ipgre_fb_tunnel_dev);
1289}
1290
1291#ifdef MODULE
1292module_init(ipgre_init);
1293#endif
1294module_exit(ipgre_fini);
1295MODULE_LICENSE("GPL");
1296