Version:  2.0.40 2.2.26 2.4.37 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7

Linux/net/ipv4/ipip.c

  1 /*
  2  *      Linux NET3:     IP/IP protocol decoder.
  3  *
  4  *      Authors:
  5  *              Sam Lantinga (slouken@cs.ucdavis.edu)  02/01/95
  6  *
  7  *      Fixes:
  8  *              Alan Cox        :       Merged and made usable non modular (its so tiny its silly as
  9  *                                      a module taking up 2 pages).
 10  *              Alan Cox        :       Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
 11  *                                      to keep ip_forward happy.
 12  *              Alan Cox        :       More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
 13  *              Kai Schulte     :       Fixed #defines for IP_FIREWALL->FIREWALL
 14  *              David Woodhouse :       Perform some basic ICMP handling.
 15  *                                      IPIP Routing without decapsulation.
 16  *              Carlos Picoto   :       GRE over IP support
 17  *              Alexey Kuznetsov:       Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
 18  *                                      I do not want to merge them together.
 19  *
 20  *      This program is free software; you can redistribute it and/or
 21  *      modify it under the terms of the GNU General Public License
 22  *      as published by the Free Software Foundation; either version
 23  *      2 of the License, or (at your option) any later version.
 24  *
 25  */
 26 
 27 /* tunnel.c: an IP tunnel driver
 28 
 29         The purpose of this driver is to provide an IP tunnel through
 30         which you can tunnel network traffic transparently across subnets.
 31 
 32         This was written by looking at Nick Holloway's dummy driver
 33         Thanks for the great code!
 34 
 35                 -Sam Lantinga   (slouken@cs.ucdavis.edu)  02/01/95
 36 
 37         Minor tweaks:
 38                 Cleaned up the code a little and added some pre-1.3.0 tweaks.
 39                 dev->hard_header/hard_header_len changed to use no headers.
 40                 Comments/bracketing tweaked.
 41                 Made the tunnels use dev->name not tunnel: when error reporting.
 42                 Added tx_dropped stat
 43 
 44                 -Alan Cox       (alan@lxorguk.ukuu.org.uk) 21 March 95
 45 
 46         Reworked:
 47                 Changed to tunnel to destination gateway in addition to the
 48                         tunnel's pointopoint address
 49                 Almost completely rewritten
 50                 Note:  There is currently no firewall or ICMP handling done.
 51 
 52                 -Sam Lantinga   (slouken@cs.ucdavis.edu) 02/13/96
 53 
 54 */
 55 
 56 /* Things I wish I had known when writing the tunnel driver:
 57 
 58         When the tunnel_xmit() function is called, the skb contains the
 59         packet to be sent (plus a great deal of extra info), and dev
 60         contains the tunnel device that _we_ are.
 61 
 62         When we are passed a packet, we are expected to fill in the
 63         source address with our source IP address.
 64 
 65         What is the proper way to allocate, copy and free a buffer?
 66         After you allocate it, it is a "0 length" chunk of memory
 67         starting at zero.  If you want to add headers to the buffer
 68         later, you'll have to call "skb_reserve(skb, amount)" with
 69         the amount of memory you want reserved.  Then, you call
 70         "skb_put(skb, amount)" with the amount of space you want in
 71         the buffer.  skb_put() returns a pointer to the top (#0) of
 72         that buffer.  skb->len is set to the amount of space you have
 73         "allocated" with skb_put().  You can then write up to skb->len
 74         bytes to that buffer.  If you need more, you can call skb_put()
 75         again with the additional amount of space you need.  You can
 76         find out how much more space you can allocate by calling
 77         "skb_tailroom(skb)".
 78         Now, to add header space, call "skb_push(skb, header_len)".
 79         This creates space at the beginning of the buffer and returns
 80         a pointer to this new space.  If later you need to strip a
 81         header from a buffer, call "skb_pull(skb, header_len)".
 82         skb_headroom() will return how much space is left at the top
 83         of the buffer (before the main data).  Remember, this headroom
 84         space must be reserved before the skb_put() function is called.
 85         */
 86 
 87 /*
 88    This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
 89 
 90    For comments look at net/ipv4/ip_gre.c --ANK
 91  */
 92 
 93 
 94 #include <linux/capability.h>
 95 #include <linux/module.h>
 96 #include <linux/types.h>
 97 #include <linux/kernel.h>
 98 #include <linux/slab.h>
 99 #include <asm/uaccess.h>
100 #include <linux/skbuff.h>
101 #include <linux/netdevice.h>
102 #include <linux/in.h>
103 #include <linux/tcp.h>
104 #include <linux/udp.h>
105 #include <linux/if_arp.h>
106 #include <linux/init.h>
107 #include <linux/netfilter_ipv4.h>
108 #include <linux/if_ether.h>
109 
110 #include <net/sock.h>
111 #include <net/ip.h>
112 #include <net/icmp.h>
113 #include <net/ip_tunnels.h>
114 #include <net/inet_ecn.h>
115 #include <net/xfrm.h>
116 #include <net/net_namespace.h>
117 #include <net/netns/generic.h>
118 
119 static bool log_ecn_error = true;
120 module_param(log_ecn_error, bool, 0644);
121 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
122 
123 static int ipip_net_id __read_mostly;
124 
125 static int ipip_tunnel_init(struct net_device *dev);
126 static struct rtnl_link_ops ipip_link_ops __read_mostly;
127 
128 static int ipip_err(struct sk_buff *skb, u32 info)
129 {
130 
131 /* All the routers (except for Linux) return only
132    8 bytes of packet payload. It means, that precise relaying of
133    ICMP in the real Internet is absolutely infeasible.
134  */
135         struct net *net = dev_net(skb->dev);
136         struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
137         const struct iphdr *iph = (const struct iphdr *)skb->data;
138         struct ip_tunnel *t;
139         int err;
140         const int type = icmp_hdr(skb)->type;
141         const int code = icmp_hdr(skb)->code;
142 
143         err = -ENOENT;
144         t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
145                              iph->daddr, iph->saddr, 0);
146         if (!t)
147                 goto out;
148 
149         if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
150                 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
151                                  t->parms.link, 0, IPPROTO_IPIP, 0);
152                 err = 0;
153                 goto out;
154         }
155 
156         if (type == ICMP_REDIRECT) {
157                 ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0,
158                               IPPROTO_IPIP, 0);
159                 err = 0;
160                 goto out;
161         }
162 
163         if (t->parms.iph.daddr == 0)
164                 goto out;
165 
166         err = 0;
167         if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
168                 goto out;
169 
170         if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
171                 t->err_count++;
172         else
173                 t->err_count = 1;
174         t->err_time = jiffies;
175 
176 out:
177         return err;
178 }
179 
180 static const struct tnl_ptk_info tpi = {
181         /* no tunnel info required for ipip. */
182         .proto = htons(ETH_P_IP),
183 };
184 
185 static int ipip_rcv(struct sk_buff *skb)
186 {
187         struct net *net = dev_net(skb->dev);
188         struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
189         struct ip_tunnel *tunnel;
190         const struct iphdr *iph;
191 
192         iph = ip_hdr(skb);
193         tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
194                         iph->saddr, iph->daddr, 0);
195         if (tunnel) {
196                 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
197                         goto drop;
198                 if (iptunnel_pull_header(skb, 0, tpi.proto, false))
199                         goto drop;
200                 return ip_tunnel_rcv(tunnel, skb, &tpi, NULL, log_ecn_error);
201         }
202 
203         return -1;
204 
205 drop:
206         kfree_skb(skb);
207         return 0;
208 }
209 
210 /*
211  *      This function assumes it is being called from dev_queue_xmit()
212  *      and that skb is filled properly by that function.
213  */
214 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
215 {
216         struct ip_tunnel *tunnel = netdev_priv(dev);
217         const struct iphdr  *tiph = &tunnel->parms.iph;
218 
219         if (unlikely(skb->protocol != htons(ETH_P_IP)))
220                 goto tx_error;
221 
222         if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP4))
223                 goto tx_error;
224 
225         skb_set_inner_ipproto(skb, IPPROTO_IPIP);
226 
227         ip_tunnel_xmit(skb, dev, tiph, tiph->protocol);
228         return NETDEV_TX_OK;
229 
230 tx_error:
231         kfree_skb(skb);
232 
233         dev->stats.tx_errors++;
234         return NETDEV_TX_OK;
235 }
236 
237 static int
238 ipip_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
239 {
240         int err = 0;
241         struct ip_tunnel_parm p;
242 
243         if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
244                 return -EFAULT;
245 
246         if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
247                 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
248                     p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
249                         return -EINVAL;
250         }
251 
252         p.i_key = p.o_key = 0;
253         p.i_flags = p.o_flags = 0;
254         err = ip_tunnel_ioctl(dev, &p, cmd);
255         if (err)
256                 return err;
257 
258         if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
259                 return -EFAULT;
260 
261         return 0;
262 }
263 
264 static const struct net_device_ops ipip_netdev_ops = {
265         .ndo_init       = ipip_tunnel_init,
266         .ndo_uninit     = ip_tunnel_uninit,
267         .ndo_start_xmit = ipip_tunnel_xmit,
268         .ndo_do_ioctl   = ipip_tunnel_ioctl,
269         .ndo_change_mtu = ip_tunnel_change_mtu,
270         .ndo_get_stats64 = ip_tunnel_get_stats64,
271         .ndo_get_iflink = ip_tunnel_get_iflink,
272 };
273 
274 #define IPIP_FEATURES (NETIF_F_SG |             \
275                        NETIF_F_FRAGLIST |       \
276                        NETIF_F_HIGHDMA |        \
277                        NETIF_F_GSO_SOFTWARE |   \
278                        NETIF_F_HW_CSUM)
279 
280 static void ipip_tunnel_setup(struct net_device *dev)
281 {
282         dev->netdev_ops         = &ipip_netdev_ops;
283 
284         dev->type               = ARPHRD_TUNNEL;
285         dev->flags              = IFF_NOARP;
286         dev->addr_len           = 4;
287         dev->features           |= NETIF_F_LLTX;
288         netif_keep_dst(dev);
289 
290         dev->features           |= IPIP_FEATURES;
291         dev->hw_features        |= IPIP_FEATURES;
292         ip_tunnel_setup(dev, ipip_net_id);
293 }
294 
295 static int ipip_tunnel_init(struct net_device *dev)
296 {
297         struct ip_tunnel *tunnel = netdev_priv(dev);
298 
299         memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
300         memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
301 
302         tunnel->tun_hlen = 0;
303         tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
304         tunnel->parms.iph.protocol = IPPROTO_IPIP;
305         return ip_tunnel_init(dev);
306 }
307 
308 static void ipip_netlink_parms(struct nlattr *data[],
309                                struct ip_tunnel_parm *parms)
310 {
311         memset(parms, 0, sizeof(*parms));
312 
313         parms->iph.version = 4;
314         parms->iph.protocol = IPPROTO_IPIP;
315         parms->iph.ihl = 5;
316 
317         if (!data)
318                 return;
319 
320         if (data[IFLA_IPTUN_LINK])
321                 parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]);
322 
323         if (data[IFLA_IPTUN_LOCAL])
324                 parms->iph.saddr = nla_get_in_addr(data[IFLA_IPTUN_LOCAL]);
325 
326         if (data[IFLA_IPTUN_REMOTE])
327                 parms->iph.daddr = nla_get_in_addr(data[IFLA_IPTUN_REMOTE]);
328 
329         if (data[IFLA_IPTUN_TTL]) {
330                 parms->iph.ttl = nla_get_u8(data[IFLA_IPTUN_TTL]);
331                 if (parms->iph.ttl)
332                         parms->iph.frag_off = htons(IP_DF);
333         }
334 
335         if (data[IFLA_IPTUN_TOS])
336                 parms->iph.tos = nla_get_u8(data[IFLA_IPTUN_TOS]);
337 
338         if (!data[IFLA_IPTUN_PMTUDISC] || nla_get_u8(data[IFLA_IPTUN_PMTUDISC]))
339                 parms->iph.frag_off = htons(IP_DF);
340 }
341 
342 /* This function returns true when ENCAP attributes are present in the nl msg */
343 static bool ipip_netlink_encap_parms(struct nlattr *data[],
344                                      struct ip_tunnel_encap *ipencap)
345 {
346         bool ret = false;
347 
348         memset(ipencap, 0, sizeof(*ipencap));
349 
350         if (!data)
351                 return ret;
352 
353         if (data[IFLA_IPTUN_ENCAP_TYPE]) {
354                 ret = true;
355                 ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]);
356         }
357 
358         if (data[IFLA_IPTUN_ENCAP_FLAGS]) {
359                 ret = true;
360                 ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]);
361         }
362 
363         if (data[IFLA_IPTUN_ENCAP_SPORT]) {
364                 ret = true;
365                 ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]);
366         }
367 
368         if (data[IFLA_IPTUN_ENCAP_DPORT]) {
369                 ret = true;
370                 ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]);
371         }
372 
373         return ret;
374 }
375 
376 static int ipip_newlink(struct net *src_net, struct net_device *dev,
377                         struct nlattr *tb[], struct nlattr *data[])
378 {
379         struct ip_tunnel_parm p;
380         struct ip_tunnel_encap ipencap;
381 
382         if (ipip_netlink_encap_parms(data, &ipencap)) {
383                 struct ip_tunnel *t = netdev_priv(dev);
384                 int err = ip_tunnel_encap_setup(t, &ipencap);
385 
386                 if (err < 0)
387                         return err;
388         }
389 
390         ipip_netlink_parms(data, &p);
391         return ip_tunnel_newlink(dev, tb, &p);
392 }
393 
394 static int ipip_changelink(struct net_device *dev, struct nlattr *tb[],
395                            struct nlattr *data[])
396 {
397         struct ip_tunnel_parm p;
398         struct ip_tunnel_encap ipencap;
399 
400         if (ipip_netlink_encap_parms(data, &ipencap)) {
401                 struct ip_tunnel *t = netdev_priv(dev);
402                 int err = ip_tunnel_encap_setup(t, &ipencap);
403 
404                 if (err < 0)
405                         return err;
406         }
407 
408         ipip_netlink_parms(data, &p);
409 
410         if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
411             (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
412                 return -EINVAL;
413 
414         return ip_tunnel_changelink(dev, tb, &p);
415 }
416 
417 static size_t ipip_get_size(const struct net_device *dev)
418 {
419         return
420                 /* IFLA_IPTUN_LINK */
421                 nla_total_size(4) +
422                 /* IFLA_IPTUN_LOCAL */
423                 nla_total_size(4) +
424                 /* IFLA_IPTUN_REMOTE */
425                 nla_total_size(4) +
426                 /* IFLA_IPTUN_TTL */
427                 nla_total_size(1) +
428                 /* IFLA_IPTUN_TOS */
429                 nla_total_size(1) +
430                 /* IFLA_IPTUN_PMTUDISC */
431                 nla_total_size(1) +
432                 /* IFLA_IPTUN_ENCAP_TYPE */
433                 nla_total_size(2) +
434                 /* IFLA_IPTUN_ENCAP_FLAGS */
435                 nla_total_size(2) +
436                 /* IFLA_IPTUN_ENCAP_SPORT */
437                 nla_total_size(2) +
438                 /* IFLA_IPTUN_ENCAP_DPORT */
439                 nla_total_size(2) +
440                 0;
441 }
442 
443 static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev)
444 {
445         struct ip_tunnel *tunnel = netdev_priv(dev);
446         struct ip_tunnel_parm *parm = &tunnel->parms;
447 
448         if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
449             nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
450             nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
451             nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
452             nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
453             nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
454                        !!(parm->iph.frag_off & htons(IP_DF))))
455                 goto nla_put_failure;
456 
457         if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
458                         tunnel->encap.type) ||
459             nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
460                          tunnel->encap.sport) ||
461             nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
462                          tunnel->encap.dport) ||
463             nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
464                         tunnel->encap.flags))
465                 goto nla_put_failure;
466 
467         return 0;
468 
469 nla_put_failure:
470         return -EMSGSIZE;
471 }
472 
473 static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
474         [IFLA_IPTUN_LINK]               = { .type = NLA_U32 },
475         [IFLA_IPTUN_LOCAL]              = { .type = NLA_U32 },
476         [IFLA_IPTUN_REMOTE]             = { .type = NLA_U32 },
477         [IFLA_IPTUN_TTL]                = { .type = NLA_U8 },
478         [IFLA_IPTUN_TOS]                = { .type = NLA_U8 },
479         [IFLA_IPTUN_PMTUDISC]           = { .type = NLA_U8 },
480         [IFLA_IPTUN_ENCAP_TYPE]         = { .type = NLA_U16 },
481         [IFLA_IPTUN_ENCAP_FLAGS]        = { .type = NLA_U16 },
482         [IFLA_IPTUN_ENCAP_SPORT]        = { .type = NLA_U16 },
483         [IFLA_IPTUN_ENCAP_DPORT]        = { .type = NLA_U16 },
484 };
485 
486 static struct rtnl_link_ops ipip_link_ops __read_mostly = {
487         .kind           = "ipip",
488         .maxtype        = IFLA_IPTUN_MAX,
489         .policy         = ipip_policy,
490         .priv_size      = sizeof(struct ip_tunnel),
491         .setup          = ipip_tunnel_setup,
492         .newlink        = ipip_newlink,
493         .changelink     = ipip_changelink,
494         .dellink        = ip_tunnel_dellink,
495         .get_size       = ipip_get_size,
496         .fill_info      = ipip_fill_info,
497         .get_link_net   = ip_tunnel_get_link_net,
498 };
499 
500 static struct xfrm_tunnel ipip_handler __read_mostly = {
501         .handler        =       ipip_rcv,
502         .err_handler    =       ipip_err,
503         .priority       =       1,
504 };
505 
506 static int __net_init ipip_init_net(struct net *net)
507 {
508         return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
509 }
510 
511 static void __net_exit ipip_exit_net(struct net *net)
512 {
513         struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
514         ip_tunnel_delete_net(itn, &ipip_link_ops);
515 }
516 
517 static struct pernet_operations ipip_net_ops = {
518         .init = ipip_init_net,
519         .exit = ipip_exit_net,
520         .id   = &ipip_net_id,
521         .size = sizeof(struct ip_tunnel_net),
522 };
523 
524 static int __init ipip_init(void)
525 {
526         int err;
527 
528         pr_info("ipip: IPv4 over IPv4 tunneling driver\n");
529 
530         err = register_pernet_device(&ipip_net_ops);
531         if (err < 0)
532                 return err;
533         err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
534         if (err < 0) {
535                 pr_info("%s: can't register tunnel\n", __func__);
536                 goto xfrm_tunnel_failed;
537         }
538         err = rtnl_link_register(&ipip_link_ops);
539         if (err < 0)
540                 goto rtnl_link_failed;
541 
542 out:
543         return err;
544 
545 rtnl_link_failed:
546         xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
547 xfrm_tunnel_failed:
548         unregister_pernet_device(&ipip_net_ops);
549         goto out;
550 }
551 
552 static void __exit ipip_fini(void)
553 {
554         rtnl_link_unregister(&ipip_link_ops);
555         if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
556                 pr_info("%s: can't deregister tunnel\n", __func__);
557 
558         unregister_pernet_device(&ipip_net_ops);
559 }
560 
561 module_init(ipip_init);
562 module_exit(ipip_fini);
563 MODULE_LICENSE("GPL");
564 MODULE_ALIAS_RTNL_LINK("ipip");
565 MODULE_ALIAS_NETDEV("tunl0");
566 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us