Version:  2.0.40 2.2.26 2.4.37 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18

Linux/net/ipv4/ipip.c

  1 /*
  2  *      Linux NET3:     IP/IP protocol decoder.
  3  *
  4  *      Authors:
  5  *              Sam Lantinga (slouken@cs.ucdavis.edu)  02/01/95
  6  *
  7  *      Fixes:
  8  *              Alan Cox        :       Merged and made usable non modular (its so tiny its silly as
  9  *                                      a module taking up 2 pages).
 10  *              Alan Cox        :       Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
 11  *                                      to keep ip_forward happy.
 12  *              Alan Cox        :       More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
 13  *              Kai Schulte     :       Fixed #defines for IP_FIREWALL->FIREWALL
 14  *              David Woodhouse :       Perform some basic ICMP handling.
 15  *                                      IPIP Routing without decapsulation.
 16  *              Carlos Picoto   :       GRE over IP support
 17  *              Alexey Kuznetsov:       Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
 18  *                                      I do not want to merge them together.
 19  *
 20  *      This program is free software; you can redistribute it and/or
 21  *      modify it under the terms of the GNU General Public License
 22  *      as published by the Free Software Foundation; either version
 23  *      2 of the License, or (at your option) any later version.
 24  *
 25  */
 26 
 27 /* tunnel.c: an IP tunnel driver
 28 
 29         The purpose of this driver is to provide an IP tunnel through
 30         which you can tunnel network traffic transparently across subnets.
 31 
 32         This was written by looking at Nick Holloway's dummy driver
 33         Thanks for the great code!
 34 
 35                 -Sam Lantinga   (slouken@cs.ucdavis.edu)  02/01/95
 36 
 37         Minor tweaks:
 38                 Cleaned up the code a little and added some pre-1.3.0 tweaks.
 39                 dev->hard_header/hard_header_len changed to use no headers.
 40                 Comments/bracketing tweaked.
 41                 Made the tunnels use dev->name not tunnel: when error reporting.
 42                 Added tx_dropped stat
 43 
 44                 -Alan Cox       (alan@lxorguk.ukuu.org.uk) 21 March 95
 45 
 46         Reworked:
 47                 Changed to tunnel to destination gateway in addition to the
 48                         tunnel's pointopoint address
 49                 Almost completely rewritten
 50                 Note:  There is currently no firewall or ICMP handling done.
 51 
 52                 -Sam Lantinga   (slouken@cs.ucdavis.edu) 02/13/96
 53 
 54 */
 55 
 56 /* Things I wish I had known when writing the tunnel driver:
 57 
 58         When the tunnel_xmit() function is called, the skb contains the
 59         packet to be sent (plus a great deal of extra info), and dev
 60         contains the tunnel device that _we_ are.
 61 
 62         When we are passed a packet, we are expected to fill in the
 63         source address with our source IP address.
 64 
 65         What is the proper way to allocate, copy and free a buffer?
 66         After you allocate it, it is a "0 length" chunk of memory
 67         starting at zero.  If you want to add headers to the buffer
 68         later, you'll have to call "skb_reserve(skb, amount)" with
 69         the amount of memory you want reserved.  Then, you call
 70         "skb_put(skb, amount)" with the amount of space you want in
 71         the buffer.  skb_put() returns a pointer to the top (#0) of
 72         that buffer.  skb->len is set to the amount of space you have
 73         "allocated" with skb_put().  You can then write up to skb->len
 74         bytes to that buffer.  If you need more, you can call skb_put()
 75         again with the additional amount of space you need.  You can
 76         find out how much more space you can allocate by calling
 77         "skb_tailroom(skb)".
 78         Now, to add header space, call "skb_push(skb, header_len)".
 79         This creates space at the beginning of the buffer and returns
 80         a pointer to this new space.  If later you need to strip a
 81         header from a buffer, call "skb_pull(skb, header_len)".
 82         skb_headroom() will return how much space is left at the top
 83         of the buffer (before the main data).  Remember, this headroom
 84         space must be reserved before the skb_put() function is called.
 85         */
 86 
 87 /*
 88    This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
 89 
 90    For comments look at net/ipv4/ip_gre.c --ANK
 91  */
 92 
 93 
 94 #include <linux/capability.h>
 95 #include <linux/module.h>
 96 #include <linux/types.h>
 97 #include <linux/kernel.h>
 98 #include <linux/slab.h>
 99 #include <asm/uaccess.h>
100 #include <linux/skbuff.h>
101 #include <linux/netdevice.h>
102 #include <linux/in.h>
103 #include <linux/tcp.h>
104 #include <linux/udp.h>
105 #include <linux/if_arp.h>
106 #include <linux/mroute.h>
107 #include <linux/init.h>
108 #include <linux/netfilter_ipv4.h>
109 #include <linux/if_ether.h>
110 
111 #include <net/sock.h>
112 #include <net/ip.h>
113 #include <net/icmp.h>
114 #include <net/ip_tunnels.h>
115 #include <net/inet_ecn.h>
116 #include <net/xfrm.h>
117 #include <net/net_namespace.h>
118 #include <net/netns/generic.h>
119 
120 static bool log_ecn_error = true;
121 module_param(log_ecn_error, bool, 0644);
122 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
123 
124 static int ipip_net_id __read_mostly;
125 
126 static int ipip_tunnel_init(struct net_device *dev);
127 static struct rtnl_link_ops ipip_link_ops __read_mostly;
128 
129 static int ipip_err(struct sk_buff *skb, u32 info)
130 {
131 
132 /* All the routers (except for Linux) return only
133    8 bytes of packet payload. It means, that precise relaying of
134    ICMP in the real Internet is absolutely infeasible.
135  */
136         struct net *net = dev_net(skb->dev);
137         struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
138         const struct iphdr *iph = (const struct iphdr *)skb->data;
139         struct ip_tunnel *t;
140         int err;
141         const int type = icmp_hdr(skb)->type;
142         const int code = icmp_hdr(skb)->code;
143 
144         err = -ENOENT;
145         t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
146                              iph->daddr, iph->saddr, 0);
147         if (t == NULL)
148                 goto out;
149 
150         if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
151                 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
152                                  t->parms.link, 0, IPPROTO_IPIP, 0);
153                 err = 0;
154                 goto out;
155         }
156 
157         if (type == ICMP_REDIRECT) {
158                 ipv4_redirect(skb, dev_net(skb->dev), t->parms.link, 0,
159                               IPPROTO_IPIP, 0);
160                 err = 0;
161                 goto out;
162         }
163 
164         if (t->parms.iph.daddr == 0)
165                 goto out;
166 
167         err = 0;
168         if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
169                 goto out;
170 
171         if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
172                 t->err_count++;
173         else
174                 t->err_count = 1;
175         t->err_time = jiffies;
176 
177 out:
178         return err;
179 }
180 
181 static const struct tnl_ptk_info tpi = {
182         /* no tunnel info required for ipip. */
183         .proto = htons(ETH_P_IP),
184 };
185 
186 static int ipip_rcv(struct sk_buff *skb)
187 {
188         struct net *net = dev_net(skb->dev);
189         struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
190         struct ip_tunnel *tunnel;
191         const struct iphdr *iph;
192 
193         iph = ip_hdr(skb);
194         tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
195                         iph->saddr, iph->daddr, 0);
196         if (tunnel) {
197                 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
198                         goto drop;
199                 if (iptunnel_pull_header(skb, 0, tpi.proto))
200                         goto drop;
201                 return ip_tunnel_rcv(tunnel, skb, &tpi, log_ecn_error);
202         }
203 
204         return -1;
205 
206 drop:
207         kfree_skb(skb);
208         return 0;
209 }
210 
211 /*
212  *      This function assumes it is being called from dev_queue_xmit()
213  *      and that skb is filled properly by that function.
214  */
215 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
216 {
217         struct ip_tunnel *tunnel = netdev_priv(dev);
218         const struct iphdr  *tiph = &tunnel->parms.iph;
219 
220         if (unlikely(skb->protocol != htons(ETH_P_IP)))
221                 goto tx_error;
222 
223         skb = iptunnel_handle_offloads(skb, false, SKB_GSO_IPIP);
224         if (IS_ERR(skb))
225                 goto out;
226 
227         skb_set_inner_ipproto(skb, IPPROTO_IPIP);
228 
229         ip_tunnel_xmit(skb, dev, tiph, tiph->protocol);
230         return NETDEV_TX_OK;
231 
232 tx_error:
233         kfree_skb(skb);
234 out:
235         dev->stats.tx_errors++;
236         return NETDEV_TX_OK;
237 }
238 
239 static int
240 ipip_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
241 {
242         int err = 0;
243         struct ip_tunnel_parm p;
244 
245         if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
246                 return -EFAULT;
247 
248         if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
249                 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
250                     p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
251                         return -EINVAL;
252         }
253 
254         p.i_key = p.o_key = p.i_flags = p.o_flags = 0;
255         if (p.iph.ttl)
256                 p.iph.frag_off |= htons(IP_DF);
257 
258         err = ip_tunnel_ioctl(dev, &p, cmd);
259         if (err)
260                 return err;
261 
262         if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
263                 return -EFAULT;
264 
265         return 0;
266 }
267 
268 static const struct net_device_ops ipip_netdev_ops = {
269         .ndo_init       = ipip_tunnel_init,
270         .ndo_uninit     = ip_tunnel_uninit,
271         .ndo_start_xmit = ipip_tunnel_xmit,
272         .ndo_do_ioctl   = ipip_tunnel_ioctl,
273         .ndo_change_mtu = ip_tunnel_change_mtu,
274         .ndo_get_stats64 = ip_tunnel_get_stats64,
275 };
276 
277 #define IPIP_FEATURES (NETIF_F_SG |             \
278                        NETIF_F_FRAGLIST |       \
279                        NETIF_F_HIGHDMA |        \
280                        NETIF_F_GSO_SOFTWARE |   \
281                        NETIF_F_HW_CSUM)
282 
283 static void ipip_tunnel_setup(struct net_device *dev)
284 {
285         dev->netdev_ops         = &ipip_netdev_ops;
286 
287         dev->type               = ARPHRD_TUNNEL;
288         dev->flags              = IFF_NOARP;
289         dev->iflink             = 0;
290         dev->addr_len           = 4;
291         dev->features           |= NETIF_F_LLTX;
292         netif_keep_dst(dev);
293 
294         dev->features           |= IPIP_FEATURES;
295         dev->hw_features        |= IPIP_FEATURES;
296         ip_tunnel_setup(dev, ipip_net_id);
297 }
298 
299 static int ipip_tunnel_init(struct net_device *dev)
300 {
301         struct ip_tunnel *tunnel = netdev_priv(dev);
302 
303         memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
304         memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
305 
306         tunnel->tun_hlen = 0;
307         tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
308         tunnel->parms.iph.protocol = IPPROTO_IPIP;
309         return ip_tunnel_init(dev);
310 }
311 
312 static void ipip_netlink_parms(struct nlattr *data[],
313                                struct ip_tunnel_parm *parms)
314 {
315         memset(parms, 0, sizeof(*parms));
316 
317         parms->iph.version = 4;
318         parms->iph.protocol = IPPROTO_IPIP;
319         parms->iph.ihl = 5;
320 
321         if (!data)
322                 return;
323 
324         if (data[IFLA_IPTUN_LINK])
325                 parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]);
326 
327         if (data[IFLA_IPTUN_LOCAL])
328                 parms->iph.saddr = nla_get_be32(data[IFLA_IPTUN_LOCAL]);
329 
330         if (data[IFLA_IPTUN_REMOTE])
331                 parms->iph.daddr = nla_get_be32(data[IFLA_IPTUN_REMOTE]);
332 
333         if (data[IFLA_IPTUN_TTL]) {
334                 parms->iph.ttl = nla_get_u8(data[IFLA_IPTUN_TTL]);
335                 if (parms->iph.ttl)
336                         parms->iph.frag_off = htons(IP_DF);
337         }
338 
339         if (data[IFLA_IPTUN_TOS])
340                 parms->iph.tos = nla_get_u8(data[IFLA_IPTUN_TOS]);
341 
342         if (!data[IFLA_IPTUN_PMTUDISC] || nla_get_u8(data[IFLA_IPTUN_PMTUDISC]))
343                 parms->iph.frag_off = htons(IP_DF);
344 }
345 
346 /* This function returns true when ENCAP attributes are present in the nl msg */
347 static bool ipip_netlink_encap_parms(struct nlattr *data[],
348                                      struct ip_tunnel_encap *ipencap)
349 {
350         bool ret = false;
351 
352         memset(ipencap, 0, sizeof(*ipencap));
353 
354         if (!data)
355                 return ret;
356 
357         if (data[IFLA_IPTUN_ENCAP_TYPE]) {
358                 ret = true;
359                 ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]);
360         }
361 
362         if (data[IFLA_IPTUN_ENCAP_FLAGS]) {
363                 ret = true;
364                 ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]);
365         }
366 
367         if (data[IFLA_IPTUN_ENCAP_SPORT]) {
368                 ret = true;
369                 ipencap->sport = nla_get_u16(data[IFLA_IPTUN_ENCAP_SPORT]);
370         }
371 
372         if (data[IFLA_IPTUN_ENCAP_DPORT]) {
373                 ret = true;
374                 ipencap->dport = nla_get_u16(data[IFLA_IPTUN_ENCAP_DPORT]);
375         }
376 
377         return ret;
378 }
379 
380 static int ipip_newlink(struct net *src_net, struct net_device *dev,
381                         struct nlattr *tb[], struct nlattr *data[])
382 {
383         struct ip_tunnel_parm p;
384         struct ip_tunnel_encap ipencap;
385 
386         if (ipip_netlink_encap_parms(data, &ipencap)) {
387                 struct ip_tunnel *t = netdev_priv(dev);
388                 int err = ip_tunnel_encap_setup(t, &ipencap);
389 
390                 if (err < 0)
391                         return err;
392         }
393 
394         ipip_netlink_parms(data, &p);
395         return ip_tunnel_newlink(dev, tb, &p);
396 }
397 
398 static int ipip_changelink(struct net_device *dev, struct nlattr *tb[],
399                            struct nlattr *data[])
400 {
401         struct ip_tunnel_parm p;
402         struct ip_tunnel_encap ipencap;
403 
404         if (ipip_netlink_encap_parms(data, &ipencap)) {
405                 struct ip_tunnel *t = netdev_priv(dev);
406                 int err = ip_tunnel_encap_setup(t, &ipencap);
407 
408                 if (err < 0)
409                         return err;
410         }
411 
412         ipip_netlink_parms(data, &p);
413 
414         if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
415             (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
416                 return -EINVAL;
417 
418         return ip_tunnel_changelink(dev, tb, &p);
419 }
420 
421 static size_t ipip_get_size(const struct net_device *dev)
422 {
423         return
424                 /* IFLA_IPTUN_LINK */
425                 nla_total_size(4) +
426                 /* IFLA_IPTUN_LOCAL */
427                 nla_total_size(4) +
428                 /* IFLA_IPTUN_REMOTE */
429                 nla_total_size(4) +
430                 /* IFLA_IPTUN_TTL */
431                 nla_total_size(1) +
432                 /* IFLA_IPTUN_TOS */
433                 nla_total_size(1) +
434                 /* IFLA_IPTUN_PMTUDISC */
435                 nla_total_size(1) +
436                 /* IFLA_IPTUN_ENCAP_TYPE */
437                 nla_total_size(2) +
438                 /* IFLA_IPTUN_ENCAP_FLAGS */
439                 nla_total_size(2) +
440                 /* IFLA_IPTUN_ENCAP_SPORT */
441                 nla_total_size(2) +
442                 /* IFLA_IPTUN_ENCAP_DPORT */
443                 nla_total_size(2) +
444                 0;
445 }
446 
447 static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev)
448 {
449         struct ip_tunnel *tunnel = netdev_priv(dev);
450         struct ip_tunnel_parm *parm = &tunnel->parms;
451 
452         if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
453             nla_put_be32(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
454             nla_put_be32(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
455             nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
456             nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
457             nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
458                        !!(parm->iph.frag_off & htons(IP_DF))))
459                 goto nla_put_failure;
460 
461         if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
462                         tunnel->encap.type) ||
463             nla_put_u16(skb, IFLA_IPTUN_ENCAP_SPORT,
464                         tunnel->encap.sport) ||
465             nla_put_u16(skb, IFLA_IPTUN_ENCAP_DPORT,
466                         tunnel->encap.dport) ||
467             nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
468                         tunnel->encap.dport))
469                 goto nla_put_failure;
470 
471         return 0;
472 
473 nla_put_failure:
474         return -EMSGSIZE;
475 }
476 
477 static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
478         [IFLA_IPTUN_LINK]               = { .type = NLA_U32 },
479         [IFLA_IPTUN_LOCAL]              = { .type = NLA_U32 },
480         [IFLA_IPTUN_REMOTE]             = { .type = NLA_U32 },
481         [IFLA_IPTUN_TTL]                = { .type = NLA_U8 },
482         [IFLA_IPTUN_TOS]                = { .type = NLA_U8 },
483         [IFLA_IPTUN_PMTUDISC]           = { .type = NLA_U8 },
484         [IFLA_IPTUN_ENCAP_TYPE]         = { .type = NLA_U16 },
485         [IFLA_IPTUN_ENCAP_FLAGS]        = { .type = NLA_U16 },
486         [IFLA_IPTUN_ENCAP_SPORT]        = { .type = NLA_U16 },
487         [IFLA_IPTUN_ENCAP_DPORT]        = { .type = NLA_U16 },
488 };
489 
490 static struct rtnl_link_ops ipip_link_ops __read_mostly = {
491         .kind           = "ipip",
492         .maxtype        = IFLA_IPTUN_MAX,
493         .policy         = ipip_policy,
494         .priv_size      = sizeof(struct ip_tunnel),
495         .setup          = ipip_tunnel_setup,
496         .newlink        = ipip_newlink,
497         .changelink     = ipip_changelink,
498         .dellink        = ip_tunnel_dellink,
499         .get_size       = ipip_get_size,
500         .fill_info      = ipip_fill_info,
501 };
502 
503 static struct xfrm_tunnel ipip_handler __read_mostly = {
504         .handler        =       ipip_rcv,
505         .err_handler    =       ipip_err,
506         .priority       =       1,
507 };
508 
509 static int __net_init ipip_init_net(struct net *net)
510 {
511         return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
512 }
513 
514 static void __net_exit ipip_exit_net(struct net *net)
515 {
516         struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
517         ip_tunnel_delete_net(itn, &ipip_link_ops);
518 }
519 
520 static struct pernet_operations ipip_net_ops = {
521         .init = ipip_init_net,
522         .exit = ipip_exit_net,
523         .id   = &ipip_net_id,
524         .size = sizeof(struct ip_tunnel_net),
525 };
526 
527 static int __init ipip_init(void)
528 {
529         int err;
530 
531         pr_info("ipip: IPv4 over IPv4 tunneling driver\n");
532 
533         err = register_pernet_device(&ipip_net_ops);
534         if (err < 0)
535                 return err;
536         err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
537         if (err < 0) {
538                 pr_info("%s: can't register tunnel\n", __func__);
539                 goto xfrm_tunnel_failed;
540         }
541         err = rtnl_link_register(&ipip_link_ops);
542         if (err < 0)
543                 goto rtnl_link_failed;
544 
545 out:
546         return err;
547 
548 rtnl_link_failed:
549         xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
550 xfrm_tunnel_failed:
551         unregister_pernet_device(&ipip_net_ops);
552         goto out;
553 }
554 
555 static void __exit ipip_fini(void)
556 {
557         rtnl_link_unregister(&ipip_link_ops);
558         if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
559                 pr_info("%s: can't deregister tunnel\n", __func__);
560 
561         unregister_pernet_device(&ipip_net_ops);
562 }
563 
564 module_init(ipip_init);
565 module_exit(ipip_fini);
566 MODULE_LICENSE("GPL");
567 MODULE_ALIAS_RTNL_LINK("ipip");
568 MODULE_ALIAS_NETDEV("tunl0");
569 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us