Version:  2.0.40 2.2.26 2.4.37 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 4.0 4.1 4.2

Linux/net/ipv4/ipip.c

  1 /*
  2  *      Linux NET3:     IP/IP protocol decoder.
  3  *
  4  *      Authors:
  5  *              Sam Lantinga (slouken@cs.ucdavis.edu)  02/01/95
  6  *
  7  *      Fixes:
  8  *              Alan Cox        :       Merged and made usable non modular (its so tiny its silly as
  9  *                                      a module taking up 2 pages).
 10  *              Alan Cox        :       Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
 11  *                                      to keep ip_forward happy.
 12  *              Alan Cox        :       More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
 13  *              Kai Schulte     :       Fixed #defines for IP_FIREWALL->FIREWALL
 14  *              David Woodhouse :       Perform some basic ICMP handling.
 15  *                                      IPIP Routing without decapsulation.
 16  *              Carlos Picoto   :       GRE over IP support
 17  *              Alexey Kuznetsov:       Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
 18  *                                      I do not want to merge them together.
 19  *
 20  *      This program is free software; you can redistribute it and/or
 21  *      modify it under the terms of the GNU General Public License
 22  *      as published by the Free Software Foundation; either version
 23  *      2 of the License, or (at your option) any later version.
 24  *
 25  */
 26 
 27 /* tunnel.c: an IP tunnel driver
 28 
 29         The purpose of this driver is to provide an IP tunnel through
 30         which you can tunnel network traffic transparently across subnets.
 31 
 32         This was written by looking at Nick Holloway's dummy driver
 33         Thanks for the great code!
 34 
 35                 -Sam Lantinga   (slouken@cs.ucdavis.edu)  02/01/95
 36 
 37         Minor tweaks:
 38                 Cleaned up the code a little and added some pre-1.3.0 tweaks.
 39                 dev->hard_header/hard_header_len changed to use no headers.
 40                 Comments/bracketing tweaked.
 41                 Made the tunnels use dev->name not tunnel: when error reporting.
 42                 Added tx_dropped stat
 43 
 44                 -Alan Cox       (alan@lxorguk.ukuu.org.uk) 21 March 95
 45 
 46         Reworked:
 47                 Changed to tunnel to destination gateway in addition to the
 48                         tunnel's pointopoint address
 49                 Almost completely rewritten
 50                 Note:  There is currently no firewall or ICMP handling done.
 51 
 52                 -Sam Lantinga   (slouken@cs.ucdavis.edu) 02/13/96
 53 
 54 */
 55 
 56 /* Things I wish I had known when writing the tunnel driver:
 57 
 58         When the tunnel_xmit() function is called, the skb contains the
 59         packet to be sent (plus a great deal of extra info), and dev
 60         contains the tunnel device that _we_ are.
 61 
 62         When we are passed a packet, we are expected to fill in the
 63         source address with our source IP address.
 64 
 65         What is the proper way to allocate, copy and free a buffer?
 66         After you allocate it, it is a "0 length" chunk of memory
 67         starting at zero.  If you want to add headers to the buffer
 68         later, you'll have to call "skb_reserve(skb, amount)" with
 69         the amount of memory you want reserved.  Then, you call
 70         "skb_put(skb, amount)" with the amount of space you want in
 71         the buffer.  skb_put() returns a pointer to the top (#0) of
 72         that buffer.  skb->len is set to the amount of space you have
 73         "allocated" with skb_put().  You can then write up to skb->len
 74         bytes to that buffer.  If you need more, you can call skb_put()
 75         again with the additional amount of space you need.  You can
 76         find out how much more space you can allocate by calling
 77         "skb_tailroom(skb)".
 78         Now, to add header space, call "skb_push(skb, header_len)".
 79         This creates space at the beginning of the buffer and returns
 80         a pointer to this new space.  If later you need to strip a
 81         header from a buffer, call "skb_pull(skb, header_len)".
 82         skb_headroom() will return how much space is left at the top
 83         of the buffer (before the main data).  Remember, this headroom
 84         space must be reserved before the skb_put() function is called.
 85         */
 86 
 87 /*
 88    This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
 89 
 90    For comments look at net/ipv4/ip_gre.c --ANK
 91  */
 92 
 93 
 94 #include <linux/capability.h>
 95 #include <linux/module.h>
 96 #include <linux/types.h>
 97 #include <linux/kernel.h>
 98 #include <linux/slab.h>
 99 #include <asm/uaccess.h>
100 #include <linux/skbuff.h>
101 #include <linux/netdevice.h>
102 #include <linux/in.h>
103 #include <linux/tcp.h>
104 #include <linux/udp.h>
105 #include <linux/if_arp.h>
106 #include <linux/mroute.h>
107 #include <linux/init.h>
108 #include <linux/netfilter_ipv4.h>
109 #include <linux/if_ether.h>
110 
111 #include <net/sock.h>
112 #include <net/ip.h>
113 #include <net/icmp.h>
114 #include <net/ip_tunnels.h>
115 #include <net/inet_ecn.h>
116 #include <net/xfrm.h>
117 #include <net/net_namespace.h>
118 #include <net/netns/generic.h>
119 
120 static bool log_ecn_error = true;
121 module_param(log_ecn_error, bool, 0644);
122 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
123 
124 static int ipip_net_id __read_mostly;
125 
126 static int ipip_tunnel_init(struct net_device *dev);
127 static struct rtnl_link_ops ipip_link_ops __read_mostly;
128 
129 static int ipip_err(struct sk_buff *skb, u32 info)
130 {
131 
132 /* All the routers (except for Linux) return only
133    8 bytes of packet payload. It means, that precise relaying of
134    ICMP in the real Internet is absolutely infeasible.
135  */
136         struct net *net = dev_net(skb->dev);
137         struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
138         const struct iphdr *iph = (const struct iphdr *)skb->data;
139         struct ip_tunnel *t;
140         int err;
141         const int type = icmp_hdr(skb)->type;
142         const int code = icmp_hdr(skb)->code;
143 
144         err = -ENOENT;
145         t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
146                              iph->daddr, iph->saddr, 0);
147         if (!t)
148                 goto out;
149 
150         if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
151                 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
152                                  t->parms.link, 0, IPPROTO_IPIP, 0);
153                 err = 0;
154                 goto out;
155         }
156 
157         if (type == ICMP_REDIRECT) {
158                 ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0,
159                               IPPROTO_IPIP, 0);
160                 err = 0;
161                 goto out;
162         }
163 
164         if (t->parms.iph.daddr == 0)
165                 goto out;
166 
167         err = 0;
168         if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
169                 goto out;
170 
171         if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
172                 t->err_count++;
173         else
174                 t->err_count = 1;
175         t->err_time = jiffies;
176 
177 out:
178         return err;
179 }
180 
181 static const struct tnl_ptk_info tpi = {
182         /* no tunnel info required for ipip. */
183         .proto = htons(ETH_P_IP),
184 };
185 
186 static int ipip_rcv(struct sk_buff *skb)
187 {
188         struct net *net = dev_net(skb->dev);
189         struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
190         struct ip_tunnel *tunnel;
191         const struct iphdr *iph;
192 
193         iph = ip_hdr(skb);
194         tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
195                         iph->saddr, iph->daddr, 0);
196         if (tunnel) {
197                 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
198                         goto drop;
199                 if (iptunnel_pull_header(skb, 0, tpi.proto))
200                         goto drop;
201                 return ip_tunnel_rcv(tunnel, skb, &tpi, log_ecn_error);
202         }
203 
204         return -1;
205 
206 drop:
207         kfree_skb(skb);
208         return 0;
209 }
210 
211 /*
212  *      This function assumes it is being called from dev_queue_xmit()
213  *      and that skb is filled properly by that function.
214  */
215 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
216 {
217         struct ip_tunnel *tunnel = netdev_priv(dev);
218         const struct iphdr  *tiph = &tunnel->parms.iph;
219 
220         if (unlikely(skb->protocol != htons(ETH_P_IP)))
221                 goto tx_error;
222 
223         skb = iptunnel_handle_offloads(skb, false, SKB_GSO_IPIP);
224         if (IS_ERR(skb))
225                 goto out;
226 
227         skb_set_inner_ipproto(skb, IPPROTO_IPIP);
228 
229         ip_tunnel_xmit(skb, dev, tiph, tiph->protocol);
230         return NETDEV_TX_OK;
231 
232 tx_error:
233         kfree_skb(skb);
234 out:
235         dev->stats.tx_errors++;
236         return NETDEV_TX_OK;
237 }
238 
239 static int
240 ipip_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
241 {
242         int err = 0;
243         struct ip_tunnel_parm p;
244 
245         if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
246                 return -EFAULT;
247 
248         if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
249                 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
250                     p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
251                         return -EINVAL;
252         }
253 
254         p.i_key = p.o_key = 0;
255         p.i_flags = p.o_flags = 0;
256         if (p.iph.ttl)
257                 p.iph.frag_off |= htons(IP_DF);
258 
259         err = ip_tunnel_ioctl(dev, &p, cmd);
260         if (err)
261                 return err;
262 
263         if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
264                 return -EFAULT;
265 
266         return 0;
267 }
268 
269 static const struct net_device_ops ipip_netdev_ops = {
270         .ndo_init       = ipip_tunnel_init,
271         .ndo_uninit     = ip_tunnel_uninit,
272         .ndo_start_xmit = ipip_tunnel_xmit,
273         .ndo_do_ioctl   = ipip_tunnel_ioctl,
274         .ndo_change_mtu = ip_tunnel_change_mtu,
275         .ndo_get_stats64 = ip_tunnel_get_stats64,
276         .ndo_get_iflink = ip_tunnel_get_iflink,
277 };
278 
279 #define IPIP_FEATURES (NETIF_F_SG |             \
280                        NETIF_F_FRAGLIST |       \
281                        NETIF_F_HIGHDMA |        \
282                        NETIF_F_GSO_SOFTWARE |   \
283                        NETIF_F_HW_CSUM)
284 
285 static void ipip_tunnel_setup(struct net_device *dev)
286 {
287         dev->netdev_ops         = &ipip_netdev_ops;
288 
289         dev->type               = ARPHRD_TUNNEL;
290         dev->flags              = IFF_NOARP;
291         dev->addr_len           = 4;
292         dev->features           |= NETIF_F_LLTX;
293         netif_keep_dst(dev);
294 
295         dev->features           |= IPIP_FEATURES;
296         dev->hw_features        |= IPIP_FEATURES;
297         ip_tunnel_setup(dev, ipip_net_id);
298 }
299 
300 static int ipip_tunnel_init(struct net_device *dev)
301 {
302         struct ip_tunnel *tunnel = netdev_priv(dev);
303 
304         memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
305         memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
306 
307         tunnel->tun_hlen = 0;
308         tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
309         tunnel->parms.iph.protocol = IPPROTO_IPIP;
310         return ip_tunnel_init(dev);
311 }
312 
313 static void ipip_netlink_parms(struct nlattr *data[],
314                                struct ip_tunnel_parm *parms)
315 {
316         memset(parms, 0, sizeof(*parms));
317 
318         parms->iph.version = 4;
319         parms->iph.protocol = IPPROTO_IPIP;
320         parms->iph.ihl = 5;
321 
322         if (!data)
323                 return;
324 
325         if (data[IFLA_IPTUN_LINK])
326                 parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]);
327 
328         if (data[IFLA_IPTUN_LOCAL])
329                 parms->iph.saddr = nla_get_in_addr(data[IFLA_IPTUN_LOCAL]);
330 
331         if (data[IFLA_IPTUN_REMOTE])
332                 parms->iph.daddr = nla_get_in_addr(data[IFLA_IPTUN_REMOTE]);
333 
334         if (data[IFLA_IPTUN_TTL]) {
335                 parms->iph.ttl = nla_get_u8(data[IFLA_IPTUN_TTL]);
336                 if (parms->iph.ttl)
337                         parms->iph.frag_off = htons(IP_DF);
338         }
339 
340         if (data[IFLA_IPTUN_TOS])
341                 parms->iph.tos = nla_get_u8(data[IFLA_IPTUN_TOS]);
342 
343         if (!data[IFLA_IPTUN_PMTUDISC] || nla_get_u8(data[IFLA_IPTUN_PMTUDISC]))
344                 parms->iph.frag_off = htons(IP_DF);
345 }
346 
347 /* This function returns true when ENCAP attributes are present in the nl msg */
348 static bool ipip_netlink_encap_parms(struct nlattr *data[],
349                                      struct ip_tunnel_encap *ipencap)
350 {
351         bool ret = false;
352 
353         memset(ipencap, 0, sizeof(*ipencap));
354 
355         if (!data)
356                 return ret;
357 
358         if (data[IFLA_IPTUN_ENCAP_TYPE]) {
359                 ret = true;
360                 ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]);
361         }
362 
363         if (data[IFLA_IPTUN_ENCAP_FLAGS]) {
364                 ret = true;
365                 ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]);
366         }
367 
368         if (data[IFLA_IPTUN_ENCAP_SPORT]) {
369                 ret = true;
370                 ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]);
371         }
372 
373         if (data[IFLA_IPTUN_ENCAP_DPORT]) {
374                 ret = true;
375                 ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]);
376         }
377 
378         return ret;
379 }
380 
381 static int ipip_newlink(struct net *src_net, struct net_device *dev,
382                         struct nlattr *tb[], struct nlattr *data[])
383 {
384         struct ip_tunnel_parm p;
385         struct ip_tunnel_encap ipencap;
386 
387         if (ipip_netlink_encap_parms(data, &ipencap)) {
388                 struct ip_tunnel *t = netdev_priv(dev);
389                 int err = ip_tunnel_encap_setup(t, &ipencap);
390 
391                 if (err < 0)
392                         return err;
393         }
394 
395         ipip_netlink_parms(data, &p);
396         return ip_tunnel_newlink(dev, tb, &p);
397 }
398 
399 static int ipip_changelink(struct net_device *dev, struct nlattr *tb[],
400                            struct nlattr *data[])
401 {
402         struct ip_tunnel_parm p;
403         struct ip_tunnel_encap ipencap;
404 
405         if (ipip_netlink_encap_parms(data, &ipencap)) {
406                 struct ip_tunnel *t = netdev_priv(dev);
407                 int err = ip_tunnel_encap_setup(t, &ipencap);
408 
409                 if (err < 0)
410                         return err;
411         }
412 
413         ipip_netlink_parms(data, &p);
414 
415         if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
416             (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
417                 return -EINVAL;
418 
419         return ip_tunnel_changelink(dev, tb, &p);
420 }
421 
422 static size_t ipip_get_size(const struct net_device *dev)
423 {
424         return
425                 /* IFLA_IPTUN_LINK */
426                 nla_total_size(4) +
427                 /* IFLA_IPTUN_LOCAL */
428                 nla_total_size(4) +
429                 /* IFLA_IPTUN_REMOTE */
430                 nla_total_size(4) +
431                 /* IFLA_IPTUN_TTL */
432                 nla_total_size(1) +
433                 /* IFLA_IPTUN_TOS */
434                 nla_total_size(1) +
435                 /* IFLA_IPTUN_PMTUDISC */
436                 nla_total_size(1) +
437                 /* IFLA_IPTUN_ENCAP_TYPE */
438                 nla_total_size(2) +
439                 /* IFLA_IPTUN_ENCAP_FLAGS */
440                 nla_total_size(2) +
441                 /* IFLA_IPTUN_ENCAP_SPORT */
442                 nla_total_size(2) +
443                 /* IFLA_IPTUN_ENCAP_DPORT */
444                 nla_total_size(2) +
445                 0;
446 }
447 
448 static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev)
449 {
450         struct ip_tunnel *tunnel = netdev_priv(dev);
451         struct ip_tunnel_parm *parm = &tunnel->parms;
452 
453         if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
454             nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
455             nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
456             nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
457             nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
458             nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
459                        !!(parm->iph.frag_off & htons(IP_DF))))
460                 goto nla_put_failure;
461 
462         if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
463                         tunnel->encap.type) ||
464             nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
465                          tunnel->encap.sport) ||
466             nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
467                          tunnel->encap.dport) ||
468             nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
469                         tunnel->encap.flags))
470                 goto nla_put_failure;
471 
472         return 0;
473 
474 nla_put_failure:
475         return -EMSGSIZE;
476 }
477 
478 static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
479         [IFLA_IPTUN_LINK]               = { .type = NLA_U32 },
480         [IFLA_IPTUN_LOCAL]              = { .type = NLA_U32 },
481         [IFLA_IPTUN_REMOTE]             = { .type = NLA_U32 },
482         [IFLA_IPTUN_TTL]                = { .type = NLA_U8 },
483         [IFLA_IPTUN_TOS]                = { .type = NLA_U8 },
484         [IFLA_IPTUN_PMTUDISC]           = { .type = NLA_U8 },
485         [IFLA_IPTUN_ENCAP_TYPE]         = { .type = NLA_U16 },
486         [IFLA_IPTUN_ENCAP_FLAGS]        = { .type = NLA_U16 },
487         [IFLA_IPTUN_ENCAP_SPORT]        = { .type = NLA_U16 },
488         [IFLA_IPTUN_ENCAP_DPORT]        = { .type = NLA_U16 },
489 };
490 
491 static struct rtnl_link_ops ipip_link_ops __read_mostly = {
492         .kind           = "ipip",
493         .maxtype        = IFLA_IPTUN_MAX,
494         .policy         = ipip_policy,
495         .priv_size      = sizeof(struct ip_tunnel),
496         .setup          = ipip_tunnel_setup,
497         .newlink        = ipip_newlink,
498         .changelink     = ipip_changelink,
499         .dellink        = ip_tunnel_dellink,
500         .get_size       = ipip_get_size,
501         .fill_info      = ipip_fill_info,
502         .get_link_net   = ip_tunnel_get_link_net,
503 };
504 
505 static struct xfrm_tunnel ipip_handler __read_mostly = {
506         .handler        =       ipip_rcv,
507         .err_handler    =       ipip_err,
508         .priority       =       1,
509 };
510 
511 static int __net_init ipip_init_net(struct net *net)
512 {
513         return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
514 }
515 
516 static void __net_exit ipip_exit_net(struct net *net)
517 {
518         struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
519         ip_tunnel_delete_net(itn, &ipip_link_ops);
520 }
521 
522 static struct pernet_operations ipip_net_ops = {
523         .init = ipip_init_net,
524         .exit = ipip_exit_net,
525         .id   = &ipip_net_id,
526         .size = sizeof(struct ip_tunnel_net),
527 };
528 
529 static int __init ipip_init(void)
530 {
531         int err;
532 
533         pr_info("ipip: IPv4 over IPv4 tunneling driver\n");
534 
535         err = register_pernet_device(&ipip_net_ops);
536         if (err < 0)
537                 return err;
538         err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
539         if (err < 0) {
540                 pr_info("%s: can't register tunnel\n", __func__);
541                 goto xfrm_tunnel_failed;
542         }
543         err = rtnl_link_register(&ipip_link_ops);
544         if (err < 0)
545                 goto rtnl_link_failed;
546 
547 out:
548         return err;
549 
550 rtnl_link_failed:
551         xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
552 xfrm_tunnel_failed:
553         unregister_pernet_device(&ipip_net_ops);
554         goto out;
555 }
556 
557 static void __exit ipip_fini(void)
558 {
559         rtnl_link_unregister(&ipip_link_ops);
560         if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
561                 pr_info("%s: can't deregister tunnel\n", __func__);
562 
563         unregister_pernet_device(&ipip_net_ops);
564 }
565 
566 module_init(ipip_init);
567 module_exit(ipip_fini);
568 MODULE_LICENSE("GPL");
569 MODULE_ALIAS_RTNL_LINK("ipip");
570 MODULE_ALIAS_NETDEV("tunl0");
571 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us