Version:  2.0.40 2.2.26 2.4.37 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 4.0 4.1 4.2 4.3 4.4

Linux/net/ipv4/ipip.c

  1 /*
  2  *      Linux NET3:     IP/IP protocol decoder.
  3  *
  4  *      Authors:
  5  *              Sam Lantinga (slouken@cs.ucdavis.edu)  02/01/95
  6  *
  7  *      Fixes:
  8  *              Alan Cox        :       Merged and made usable non modular (its so tiny its silly as
  9  *                                      a module taking up 2 pages).
 10  *              Alan Cox        :       Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
 11  *                                      to keep ip_forward happy.
 12  *              Alan Cox        :       More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
 13  *              Kai Schulte     :       Fixed #defines for IP_FIREWALL->FIREWALL
 14  *              David Woodhouse :       Perform some basic ICMP handling.
 15  *                                      IPIP Routing without decapsulation.
 16  *              Carlos Picoto   :       GRE over IP support
 17  *              Alexey Kuznetsov:       Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
 18  *                                      I do not want to merge them together.
 19  *
 20  *      This program is free software; you can redistribute it and/or
 21  *      modify it under the terms of the GNU General Public License
 22  *      as published by the Free Software Foundation; either version
 23  *      2 of the License, or (at your option) any later version.
 24  *
 25  */
 26 
 27 /* tunnel.c: an IP tunnel driver
 28 
 29         The purpose of this driver is to provide an IP tunnel through
 30         which you can tunnel network traffic transparently across subnets.
 31 
 32         This was written by looking at Nick Holloway's dummy driver
 33         Thanks for the great code!
 34 
 35                 -Sam Lantinga   (slouken@cs.ucdavis.edu)  02/01/95
 36 
 37         Minor tweaks:
 38                 Cleaned up the code a little and added some pre-1.3.0 tweaks.
 39                 dev->hard_header/hard_header_len changed to use no headers.
 40                 Comments/bracketing tweaked.
 41                 Made the tunnels use dev->name not tunnel: when error reporting.
 42                 Added tx_dropped stat
 43 
 44                 -Alan Cox       (alan@lxorguk.ukuu.org.uk) 21 March 95
 45 
 46         Reworked:
 47                 Changed to tunnel to destination gateway in addition to the
 48                         tunnel's pointopoint address
 49                 Almost completely rewritten
 50                 Note:  There is currently no firewall or ICMP handling done.
 51 
 52                 -Sam Lantinga   (slouken@cs.ucdavis.edu) 02/13/96
 53 
 54 */
 55 
 56 /* Things I wish I had known when writing the tunnel driver:
 57 
 58         When the tunnel_xmit() function is called, the skb contains the
 59         packet to be sent (plus a great deal of extra info), and dev
 60         contains the tunnel device that _we_ are.
 61 
 62         When we are passed a packet, we are expected to fill in the
 63         source address with our source IP address.
 64 
 65         What is the proper way to allocate, copy and free a buffer?
 66         After you allocate it, it is a "0 length" chunk of memory
 67         starting at zero.  If you want to add headers to the buffer
 68         later, you'll have to call "skb_reserve(skb, amount)" with
 69         the amount of memory you want reserved.  Then, you call
 70         "skb_put(skb, amount)" with the amount of space you want in
 71         the buffer.  skb_put() returns a pointer to the top (#0) of
 72         that buffer.  skb->len is set to the amount of space you have
 73         "allocated" with skb_put().  You can then write up to skb->len
 74         bytes to that buffer.  If you need more, you can call skb_put()
 75         again with the additional amount of space you need.  You can
 76         find out how much more space you can allocate by calling
 77         "skb_tailroom(skb)".
 78         Now, to add header space, call "skb_push(skb, header_len)".
 79         This creates space at the beginning of the buffer and returns
 80         a pointer to this new space.  If later you need to strip a
 81         header from a buffer, call "skb_pull(skb, header_len)".
 82         skb_headroom() will return how much space is left at the top
 83         of the buffer (before the main data).  Remember, this headroom
 84         space must be reserved before the skb_put() function is called.
 85         */
 86 
 87 /*
 88    This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
 89 
 90    For comments look at net/ipv4/ip_gre.c --ANK
 91  */
 92 
 93 
 94 #include <linux/capability.h>
 95 #include <linux/module.h>
 96 #include <linux/types.h>
 97 #include <linux/kernel.h>
 98 #include <linux/slab.h>
 99 #include <asm/uaccess.h>
100 #include <linux/skbuff.h>
101 #include <linux/netdevice.h>
102 #include <linux/in.h>
103 #include <linux/tcp.h>
104 #include <linux/udp.h>
105 #include <linux/if_arp.h>
106 #include <linux/mroute.h>
107 #include <linux/init.h>
108 #include <linux/netfilter_ipv4.h>
109 #include <linux/if_ether.h>
110 
111 #include <net/sock.h>
112 #include <net/ip.h>
113 #include <net/icmp.h>
114 #include <net/ip_tunnels.h>
115 #include <net/inet_ecn.h>
116 #include <net/xfrm.h>
117 #include <net/net_namespace.h>
118 #include <net/netns/generic.h>
119 
120 static bool log_ecn_error = true;
121 module_param(log_ecn_error, bool, 0644);
122 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
123 
124 static int ipip_net_id __read_mostly;
125 
126 static int ipip_tunnel_init(struct net_device *dev);
127 static struct rtnl_link_ops ipip_link_ops __read_mostly;
128 
129 static int ipip_err(struct sk_buff *skb, u32 info)
130 {
131 
132 /* All the routers (except for Linux) return only
133    8 bytes of packet payload. It means, that precise relaying of
134    ICMP in the real Internet is absolutely infeasible.
135  */
136         struct net *net = dev_net(skb->dev);
137         struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
138         const struct iphdr *iph = (const struct iphdr *)skb->data;
139         struct ip_tunnel *t;
140         int err;
141         const int type = icmp_hdr(skb)->type;
142         const int code = icmp_hdr(skb)->code;
143 
144         err = -ENOENT;
145         t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
146                              iph->daddr, iph->saddr, 0);
147         if (!t)
148                 goto out;
149 
150         if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
151                 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
152                                  t->parms.link, 0, IPPROTO_IPIP, 0);
153                 err = 0;
154                 goto out;
155         }
156 
157         if (type == ICMP_REDIRECT) {
158                 ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0,
159                               IPPROTO_IPIP, 0);
160                 err = 0;
161                 goto out;
162         }
163 
164         if (t->parms.iph.daddr == 0)
165                 goto out;
166 
167         err = 0;
168         if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
169                 goto out;
170 
171         if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
172                 t->err_count++;
173         else
174                 t->err_count = 1;
175         t->err_time = jiffies;
176 
177 out:
178         return err;
179 }
180 
181 static const struct tnl_ptk_info tpi = {
182         /* no tunnel info required for ipip. */
183         .proto = htons(ETH_P_IP),
184 };
185 
186 static int ipip_rcv(struct sk_buff *skb)
187 {
188         struct net *net = dev_net(skb->dev);
189         struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
190         struct ip_tunnel *tunnel;
191         const struct iphdr *iph;
192 
193         iph = ip_hdr(skb);
194         tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
195                         iph->saddr, iph->daddr, 0);
196         if (tunnel) {
197                 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
198                         goto drop;
199                 if (iptunnel_pull_header(skb, 0, tpi.proto))
200                         goto drop;
201                 return ip_tunnel_rcv(tunnel, skb, &tpi, NULL, log_ecn_error);
202         }
203 
204         return -1;
205 
206 drop:
207         kfree_skb(skb);
208         return 0;
209 }
210 
211 /*
212  *      This function assumes it is being called from dev_queue_xmit()
213  *      and that skb is filled properly by that function.
214  */
215 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
216 {
217         struct ip_tunnel *tunnel = netdev_priv(dev);
218         const struct iphdr  *tiph = &tunnel->parms.iph;
219 
220         if (unlikely(skb->protocol != htons(ETH_P_IP)))
221                 goto tx_error;
222 
223         skb = iptunnel_handle_offloads(skb, false, SKB_GSO_IPIP);
224         if (IS_ERR(skb))
225                 goto out;
226 
227         skb_set_inner_ipproto(skb, IPPROTO_IPIP);
228 
229         ip_tunnel_xmit(skb, dev, tiph, tiph->protocol);
230         return NETDEV_TX_OK;
231 
232 tx_error:
233         kfree_skb(skb);
234 out:
235         dev->stats.tx_errors++;
236         return NETDEV_TX_OK;
237 }
238 
239 static int
240 ipip_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
241 {
242         int err = 0;
243         struct ip_tunnel_parm p;
244 
245         if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
246                 return -EFAULT;
247 
248         if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
249                 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
250                     p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
251                         return -EINVAL;
252         }
253 
254         p.i_key = p.o_key = 0;
255         p.i_flags = p.o_flags = 0;
256         err = ip_tunnel_ioctl(dev, &p, cmd);
257         if (err)
258                 return err;
259 
260         if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
261                 return -EFAULT;
262 
263         return 0;
264 }
265 
266 static const struct net_device_ops ipip_netdev_ops = {
267         .ndo_init       = ipip_tunnel_init,
268         .ndo_uninit     = ip_tunnel_uninit,
269         .ndo_start_xmit = ipip_tunnel_xmit,
270         .ndo_do_ioctl   = ipip_tunnel_ioctl,
271         .ndo_change_mtu = ip_tunnel_change_mtu,
272         .ndo_get_stats64 = ip_tunnel_get_stats64,
273         .ndo_get_iflink = ip_tunnel_get_iflink,
274 };
275 
276 #define IPIP_FEATURES (NETIF_F_SG |             \
277                        NETIF_F_FRAGLIST |       \
278                        NETIF_F_HIGHDMA |        \
279                        NETIF_F_GSO_SOFTWARE |   \
280                        NETIF_F_HW_CSUM)
281 
282 static void ipip_tunnel_setup(struct net_device *dev)
283 {
284         dev->netdev_ops         = &ipip_netdev_ops;
285 
286         dev->type               = ARPHRD_TUNNEL;
287         dev->flags              = IFF_NOARP;
288         dev->addr_len           = 4;
289         dev->features           |= NETIF_F_LLTX;
290         netif_keep_dst(dev);
291 
292         dev->features           |= IPIP_FEATURES;
293         dev->hw_features        |= IPIP_FEATURES;
294         ip_tunnel_setup(dev, ipip_net_id);
295 }
296 
297 static int ipip_tunnel_init(struct net_device *dev)
298 {
299         struct ip_tunnel *tunnel = netdev_priv(dev);
300 
301         memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
302         memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
303 
304         tunnel->tun_hlen = 0;
305         tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
306         tunnel->parms.iph.protocol = IPPROTO_IPIP;
307         return ip_tunnel_init(dev);
308 }
309 
310 static void ipip_netlink_parms(struct nlattr *data[],
311                                struct ip_tunnel_parm *parms)
312 {
313         memset(parms, 0, sizeof(*parms));
314 
315         parms->iph.version = 4;
316         parms->iph.protocol = IPPROTO_IPIP;
317         parms->iph.ihl = 5;
318 
319         if (!data)
320                 return;
321 
322         if (data[IFLA_IPTUN_LINK])
323                 parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]);
324 
325         if (data[IFLA_IPTUN_LOCAL])
326                 parms->iph.saddr = nla_get_in_addr(data[IFLA_IPTUN_LOCAL]);
327 
328         if (data[IFLA_IPTUN_REMOTE])
329                 parms->iph.daddr = nla_get_in_addr(data[IFLA_IPTUN_REMOTE]);
330 
331         if (data[IFLA_IPTUN_TTL]) {
332                 parms->iph.ttl = nla_get_u8(data[IFLA_IPTUN_TTL]);
333                 if (parms->iph.ttl)
334                         parms->iph.frag_off = htons(IP_DF);
335         }
336 
337         if (data[IFLA_IPTUN_TOS])
338                 parms->iph.tos = nla_get_u8(data[IFLA_IPTUN_TOS]);
339 
340         if (!data[IFLA_IPTUN_PMTUDISC] || nla_get_u8(data[IFLA_IPTUN_PMTUDISC]))
341                 parms->iph.frag_off = htons(IP_DF);
342 }
343 
344 /* This function returns true when ENCAP attributes are present in the nl msg */
345 static bool ipip_netlink_encap_parms(struct nlattr *data[],
346                                      struct ip_tunnel_encap *ipencap)
347 {
348         bool ret = false;
349 
350         memset(ipencap, 0, sizeof(*ipencap));
351 
352         if (!data)
353                 return ret;
354 
355         if (data[IFLA_IPTUN_ENCAP_TYPE]) {
356                 ret = true;
357                 ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]);
358         }
359 
360         if (data[IFLA_IPTUN_ENCAP_FLAGS]) {
361                 ret = true;
362                 ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]);
363         }
364 
365         if (data[IFLA_IPTUN_ENCAP_SPORT]) {
366                 ret = true;
367                 ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]);
368         }
369 
370         if (data[IFLA_IPTUN_ENCAP_DPORT]) {
371                 ret = true;
372                 ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]);
373         }
374 
375         return ret;
376 }
377 
378 static int ipip_newlink(struct net *src_net, struct net_device *dev,
379                         struct nlattr *tb[], struct nlattr *data[])
380 {
381         struct ip_tunnel_parm p;
382         struct ip_tunnel_encap ipencap;
383 
384         if (ipip_netlink_encap_parms(data, &ipencap)) {
385                 struct ip_tunnel *t = netdev_priv(dev);
386                 int err = ip_tunnel_encap_setup(t, &ipencap);
387 
388                 if (err < 0)
389                         return err;
390         }
391 
392         ipip_netlink_parms(data, &p);
393         return ip_tunnel_newlink(dev, tb, &p);
394 }
395 
396 static int ipip_changelink(struct net_device *dev, struct nlattr *tb[],
397                            struct nlattr *data[])
398 {
399         struct ip_tunnel_parm p;
400         struct ip_tunnel_encap ipencap;
401 
402         if (ipip_netlink_encap_parms(data, &ipencap)) {
403                 struct ip_tunnel *t = netdev_priv(dev);
404                 int err = ip_tunnel_encap_setup(t, &ipencap);
405 
406                 if (err < 0)
407                         return err;
408         }
409 
410         ipip_netlink_parms(data, &p);
411 
412         if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
413             (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
414                 return -EINVAL;
415 
416         return ip_tunnel_changelink(dev, tb, &p);
417 }
418 
419 static size_t ipip_get_size(const struct net_device *dev)
420 {
421         return
422                 /* IFLA_IPTUN_LINK */
423                 nla_total_size(4) +
424                 /* IFLA_IPTUN_LOCAL */
425                 nla_total_size(4) +
426                 /* IFLA_IPTUN_REMOTE */
427                 nla_total_size(4) +
428                 /* IFLA_IPTUN_TTL */
429                 nla_total_size(1) +
430                 /* IFLA_IPTUN_TOS */
431                 nla_total_size(1) +
432                 /* IFLA_IPTUN_PMTUDISC */
433                 nla_total_size(1) +
434                 /* IFLA_IPTUN_ENCAP_TYPE */
435                 nla_total_size(2) +
436                 /* IFLA_IPTUN_ENCAP_FLAGS */
437                 nla_total_size(2) +
438                 /* IFLA_IPTUN_ENCAP_SPORT */
439                 nla_total_size(2) +
440                 /* IFLA_IPTUN_ENCAP_DPORT */
441                 nla_total_size(2) +
442                 0;
443 }
444 
445 static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev)
446 {
447         struct ip_tunnel *tunnel = netdev_priv(dev);
448         struct ip_tunnel_parm *parm = &tunnel->parms;
449 
450         if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
451             nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
452             nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
453             nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
454             nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
455             nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
456                        !!(parm->iph.frag_off & htons(IP_DF))))
457                 goto nla_put_failure;
458 
459         if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
460                         tunnel->encap.type) ||
461             nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
462                          tunnel->encap.sport) ||
463             nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
464                          tunnel->encap.dport) ||
465             nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
466                         tunnel->encap.flags))
467                 goto nla_put_failure;
468 
469         return 0;
470 
471 nla_put_failure:
472         return -EMSGSIZE;
473 }
474 
475 static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
476         [IFLA_IPTUN_LINK]               = { .type = NLA_U32 },
477         [IFLA_IPTUN_LOCAL]              = { .type = NLA_U32 },
478         [IFLA_IPTUN_REMOTE]             = { .type = NLA_U32 },
479         [IFLA_IPTUN_TTL]                = { .type = NLA_U8 },
480         [IFLA_IPTUN_TOS]                = { .type = NLA_U8 },
481         [IFLA_IPTUN_PMTUDISC]           = { .type = NLA_U8 },
482         [IFLA_IPTUN_ENCAP_TYPE]         = { .type = NLA_U16 },
483         [IFLA_IPTUN_ENCAP_FLAGS]        = { .type = NLA_U16 },
484         [IFLA_IPTUN_ENCAP_SPORT]        = { .type = NLA_U16 },
485         [IFLA_IPTUN_ENCAP_DPORT]        = { .type = NLA_U16 },
486 };
487 
488 static struct rtnl_link_ops ipip_link_ops __read_mostly = {
489         .kind           = "ipip",
490         .maxtype        = IFLA_IPTUN_MAX,
491         .policy         = ipip_policy,
492         .priv_size      = sizeof(struct ip_tunnel),
493         .setup          = ipip_tunnel_setup,
494         .newlink        = ipip_newlink,
495         .changelink     = ipip_changelink,
496         .dellink        = ip_tunnel_dellink,
497         .get_size       = ipip_get_size,
498         .fill_info      = ipip_fill_info,
499         .get_link_net   = ip_tunnel_get_link_net,
500 };
501 
502 static struct xfrm_tunnel ipip_handler __read_mostly = {
503         .handler        =       ipip_rcv,
504         .err_handler    =       ipip_err,
505         .priority       =       1,
506 };
507 
508 static int __net_init ipip_init_net(struct net *net)
509 {
510         return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
511 }
512 
513 static void __net_exit ipip_exit_net(struct net *net)
514 {
515         struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
516         ip_tunnel_delete_net(itn, &ipip_link_ops);
517 }
518 
519 static struct pernet_operations ipip_net_ops = {
520         .init = ipip_init_net,
521         .exit = ipip_exit_net,
522         .id   = &ipip_net_id,
523         .size = sizeof(struct ip_tunnel_net),
524 };
525 
526 static int __init ipip_init(void)
527 {
528         int err;
529 
530         pr_info("ipip: IPv4 over IPv4 tunneling driver\n");
531 
532         err = register_pernet_device(&ipip_net_ops);
533         if (err < 0)
534                 return err;
535         err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
536         if (err < 0) {
537                 pr_info("%s: can't register tunnel\n", __func__);
538                 goto xfrm_tunnel_failed;
539         }
540         err = rtnl_link_register(&ipip_link_ops);
541         if (err < 0)
542                 goto rtnl_link_failed;
543 
544 out:
545         return err;
546 
547 rtnl_link_failed:
548         xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
549 xfrm_tunnel_failed:
550         unregister_pernet_device(&ipip_net_ops);
551         goto out;
552 }
553 
554 static void __exit ipip_fini(void)
555 {
556         rtnl_link_unregister(&ipip_link_ops);
557         if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
558                 pr_info("%s: can't deregister tunnel\n", __func__);
559 
560         unregister_pernet_device(&ipip_net_ops);
561 }
562 
563 module_init(ipip_init);
564 module_exit(ipip_fini);
565 MODULE_LICENSE("GPL");
566 MODULE_ALIAS_RTNL_LINK("ipip");
567 MODULE_ALIAS_NETDEV("tunl0");
568 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us