net/ipv4/ipip.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /*
0003  *  Linux NET3: IP/IP protocol decoder.
0004  *
0005  *  Authors:
0006  *      Sam Lantinga (slouken@cs.ucdavis.edu)  02/01/95
0007  *
0008  *  Fixes:
0009  *      Alan Cox    :   Merged and made usable non modular (its so tiny its silly as
0010  *                  a module taking up 2 pages).
0011  *      Alan Cox    :   Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
0012  *                  to keep ip_forward happy.
0013  *      Alan Cox    :   More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
0014  *      Kai Schulte :   Fixed #defines for IP_FIREWALL->FIREWALL
0015  *              David Woodhouse :       Perform some basic ICMP handling.
0016  *                                      IPIP Routing without decapsulation.
0017  *              Carlos Picoto   :       GRE over IP support
0018  *      Alexey Kuznetsov:   Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
0019  *                  I do not want to merge them together.
0020  */
0021
0022 /* tunnel.c: an IP tunnel driver
0023
0024     The purpose of this driver is to provide an IP tunnel through
0025     which you can tunnel network traffic transparently across subnets.
0026
0027     This was written by looking at Nick Holloway's dummy driver
0028     Thanks for the great code!
0029
0030         -Sam Lantinga   (slouken@cs.ucdavis.edu)  02/01/95
0031
0032     Minor tweaks:
0033         Cleaned up the code a little and added some pre-1.3.0 tweaks.
0034         dev->hard_header/hard_header_len changed to use no headers.
0035         Comments/bracketing tweaked.
0036         Made the tunnels use dev->name not tunnel: when error reporting.
0037         Added tx_dropped stat
0038
0039         -Alan Cox   (alan@lxorguk.ukuu.org.uk) 21 March 95
0040
0041     Reworked:
0042         Changed to tunnel to destination gateway in addition to the
0043             tunnel's pointopoint address
0044         Almost completely rewritten
0045         Note:  There is currently no firewall or ICMP handling done.
0046
0047         -Sam Lantinga   (slouken@cs.ucdavis.edu) 02/13/96
0048
0049 */
0050
0051 /* Things I wish I had known when writing the tunnel driver:
0052
0053     When the tunnel_xmit() function is called, the skb contains the
0054     packet to be sent (plus a great deal of extra info), and dev
0055     contains the tunnel device that _we_ are.
0056
0057     When we are passed a packet, we are expected to fill in the
0058     source address with our source IP address.
0059
0060     What is the proper way to allocate, copy and free a buffer?
0061     After you allocate it, it is a "0 length" chunk of memory
0062     starting at zero.  If you want to add headers to the buffer
0063     later, you'll have to call "skb_reserve(skb, amount)" with
0064     the amount of memory you want reserved.  Then, you call
0065     "skb_put(skb, amount)" with the amount of space you want in
0066     the buffer.  skb_put() returns a pointer to the top (#0) of
0067     that buffer.  skb->len is set to the amount of space you have
0068     "allocated" with skb_put().  You can then write up to skb->len
0069     bytes to that buffer.  If you need more, you can call skb_put()
0070     again with the additional amount of space you need.  You can
0071     find out how much more space you can allocate by calling
0072     "skb_tailroom(skb)".
0073     Now, to add header space, call "skb_push(skb, header_len)".
0074     This creates space at the beginning of the buffer and returns
0075     a pointer to this new space.  If later you need to strip a
0076     header from a buffer, call "skb_pull(skb, header_len)".
0077     skb_headroom() will return how much space is left at the top
0078     of the buffer (before the main data).  Remember, this headroom
0079     space must be reserved before the skb_put() function is called.
0080     */
0081
0082 /*
0083    This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
0084
0085    For comments look at net/ipv4/ip_gre.c --ANK
0086  */
0087
0088
0089 #include <linux/capability.h>
0090 #include <linux/module.h>
0091 #include <linux/types.h>
0092 #include <linux/kernel.h>
0093 #include <linux/slab.h>
0094 #include <linux/uaccess.h>
0095 #include <linux/skbuff.h>
0096 #include <linux/netdevice.h>
0097 #include <linux/in.h>
0098 #include <linux/tcp.h>
0099 #include <linux/udp.h>
0100 #include <linux/if_arp.h>
0101 #include <linux/init.h>
0102 #include <linux/netfilter_ipv4.h>
0103 #include <linux/if_ether.h>
0104
0105 #include <net/sock.h>
0106 #include <net/ip.h>
0107 #include <net/icmp.h>
0108 #include <net/ip_tunnels.h>
0109 #include <net/inet_ecn.h>
0110 #include <net/xfrm.h>
0111 #include <net/net_namespace.h>
0112 #include <net/netns/generic.h>
0113 #include <net/dst_metadata.h>
0114
0115 static bool log_ecn_error = true;
0116 module_param(log_ecn_error, bool, 0644);
0117 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
0118
0119 static unsigned int ipip_net_id __read_mostly;
0120
0121 static int ipip_tunnel_init(struct net_device *dev);
0122 static struct rtnl_link_ops ipip_link_ops __read_mostly;
0123
0124 static int ipip_err(struct sk_buff *skb, u32 info)
0125 {
0126     /* All the routers (except for Linux) return only
0127      * 8 bytes of packet payload. It means, that precise relaying of
0128      * ICMP in the real Internet is absolutely infeasible.
0129      */
0130     struct net *net = dev_net(skb->dev);
0131     struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
0132     const struct iphdr *iph = (const struct iphdr *)skb->data;
0133     const int type = icmp_hdr(skb)->type;
0134     const int code = icmp_hdr(skb)->code;
0135     struct ip_tunnel *t;
0136     int err = 0;
0137
0138     t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
0139                  iph->daddr, iph->saddr, 0);
0140     if (!t) {
0141         err = -ENOENT;
0142         goto out;
0143     }
0144
0145     switch (type) {
0146     case ICMP_DEST_UNREACH:
0147         switch (code) {
0148         case ICMP_SR_FAILED:
0149             /* Impossible event. */
0150             goto out;
0151         default:
0152             /* All others are translated to HOST_UNREACH.
0153              * rfc2003 contains "deep thoughts" about NET_UNREACH,
0154              * I believe they are just ether pollution. --ANK
0155              */
0156             break;
0157         }
0158         break;
0159
0160     case ICMP_TIME_EXCEEDED:
0161         if (code != ICMP_EXC_TTL)
0162             goto out;
0163         break;
0164
0165     case ICMP_REDIRECT:
0166         break;
0167
0168     default:
0169         goto out;
0170     }
0171
0172     if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
0173         ipv4_update_pmtu(skb, net, info, t->parms.link, iph->protocol);
0174         goto out;
0175     }
0176
0177     if (type == ICMP_REDIRECT) {
0178         ipv4_redirect(skb, net, t->parms.link, iph->protocol);
0179         goto out;
0180     }
0181
0182     if (t->parms.iph.daddr == 0) {
0183         err = -ENOENT;
0184         goto out;
0185     }
0186
0187     if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
0188         goto out;
0189
0190     if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
0191         t->err_count++;
0192     else
0193         t->err_count = 1;
0194     t->err_time = jiffies;
0195
0196 out:
0197     return err;
0198 }
0199
0200 static const struct tnl_ptk_info ipip_tpi = {
0201     /* no tunnel info required for ipip. */
0202     .proto = htons(ETH_P_IP),
0203 };
0204
0205 #if IS_ENABLED(CONFIG_MPLS)
0206 static const struct tnl_ptk_info mplsip_tpi = {
0207     /* no tunnel info required for mplsip. */
0208     .proto = htons(ETH_P_MPLS_UC),
0209 };
0210 #endif
0211
0212 static int ipip_tunnel_rcv(struct sk_buff *skb, u8 ipproto)
0213 {
0214     struct net *net = dev_net(skb->dev);
0215     struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
0216     struct metadata_dst *tun_dst = NULL;
0217     struct ip_tunnel *tunnel;
0218     const struct iphdr *iph;
0219
0220     iph = ip_hdr(skb);
0221     tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
0222             iph->saddr, iph->daddr, 0);
0223     if (tunnel) {
0224         const struct tnl_ptk_info *tpi;
0225
0226         if (tunnel->parms.iph.protocol != ipproto &&
0227             tunnel->parms.iph.protocol != 0)
0228             goto drop;
0229
0230         if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
0231             goto drop;
0232 #if IS_ENABLED(CONFIG_MPLS)
0233         if (ipproto == IPPROTO_MPLS)
0234             tpi = &mplsip_tpi;
0235         else
0236 #endif
0237             tpi = &ipip_tpi;
0238         if (iptunnel_pull_header(skb, 0, tpi->proto, false))
0239             goto drop;
0240         if (tunnel->collect_md) {
0241             tun_dst = ip_tun_rx_dst(skb, 0, 0, 0);
0242             if (!tun_dst)
0243                 return 0;
0244         }
0245         skb_reset_mac_header(skb);
0246
0247         return ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
0248     }
0249
0250     return -1;
0251
0252 drop:
0253     kfree_skb(skb);
0254     return 0;
0255 }
0256
0257 static int ipip_rcv(struct sk_buff *skb)
0258 {
0259     return ipip_tunnel_rcv(skb, IPPROTO_IPIP);
0260 }
0261
0262 #if IS_ENABLED(CONFIG_MPLS)
0263 static int mplsip_rcv(struct sk_buff *skb)
0264 {
0265     return ipip_tunnel_rcv(skb, IPPROTO_MPLS);
0266 }
0267 #endif
0268
0269 /*
0270  *  This function assumes it is being called from dev_queue_xmit()
0271  *  and that skb is filled properly by that function.
0272  */
0273 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb,
0274                     struct net_device *dev)
0275 {
0276     struct ip_tunnel *tunnel = netdev_priv(dev);
0277     const struct iphdr  *tiph = &tunnel->parms.iph;
0278     u8 ipproto;
0279
0280     if (!pskb_inet_may_pull(skb))
0281         goto tx_error;
0282
0283     switch (skb->protocol) {
0284     case htons(ETH_P_IP):
0285         ipproto = IPPROTO_IPIP;
0286         break;
0287 #if IS_ENABLED(CONFIG_MPLS)
0288     case htons(ETH_P_MPLS_UC):
0289         ipproto = IPPROTO_MPLS;
0290         break;
0291 #endif
0292     default:
0293         goto tx_error;
0294     }
0295
0296     if (tiph->protocol != ipproto && tiph->protocol != 0)
0297         goto tx_error;
0298
0299     if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP4))
0300         goto tx_error;
0301
0302     skb_set_inner_ipproto(skb, ipproto);
0303
0304     if (tunnel->collect_md)
0305         ip_md_tunnel_xmit(skb, dev, ipproto, 0);
0306     else
0307         ip_tunnel_xmit(skb, dev, tiph, ipproto);
0308     return NETDEV_TX_OK;
0309
0310 tx_error:
0311     kfree_skb(skb);
0312
0313     dev->stats.tx_errors++;
0314     return NETDEV_TX_OK;
0315 }
0316
0317 static bool ipip_tunnel_ioctl_verify_protocol(u8 ipproto)
0318 {
0319     switch (ipproto) {
0320     case 0:
0321     case IPPROTO_IPIP:
0322 #if IS_ENABLED(CONFIG_MPLS)
0323     case IPPROTO_MPLS:
0324 #endif
0325         return true;
0326     }
0327
0328     return false;
0329 }
0330
0331 static int
0332 ipip_tunnel_ctl(struct net_device *dev, struct ip_tunnel_parm *p, int cmd)
0333 {
0334     if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
0335         if (p->iph.version != 4 ||
0336             !ipip_tunnel_ioctl_verify_protocol(p->iph.protocol) ||
0337             p->iph.ihl != 5 || (p->iph.frag_off & htons(~IP_DF)))
0338             return -EINVAL;
0339     }
0340
0341     p->i_key = p->o_key = 0;
0342     p->i_flags = p->o_flags = 0;
0343     return ip_tunnel_ctl(dev, p, cmd);
0344 }
0345
0346 static const struct net_device_ops ipip_netdev_ops = {
0347     .ndo_init       = ipip_tunnel_init,
0348     .ndo_uninit     = ip_tunnel_uninit,
0349     .ndo_start_xmit = ipip_tunnel_xmit,
0350     .ndo_siocdevprivate = ip_tunnel_siocdevprivate,
0351     .ndo_change_mtu = ip_tunnel_change_mtu,
0352     .ndo_get_stats64 = dev_get_tstats64,
0353     .ndo_get_iflink = ip_tunnel_get_iflink,
0354     .ndo_tunnel_ctl = ipip_tunnel_ctl,
0355 };
0356
0357 #define IPIP_FEATURES (NETIF_F_SG |     \
0358                NETIF_F_FRAGLIST |   \
0359                NETIF_F_HIGHDMA |    \
0360                NETIF_F_GSO_SOFTWARE |   \
0361                NETIF_F_HW_CSUM)
0362
0363 static void ipip_tunnel_setup(struct net_device *dev)
0364 {
0365     dev->netdev_ops     = &ipip_netdev_ops;
0366     dev->header_ops     = &ip_tunnel_header_ops;
0367
0368     dev->type       = ARPHRD_TUNNEL;
0369     dev->flags      = IFF_NOARP;
0370     dev->addr_len       = 4;
0371     dev->features       |= NETIF_F_LLTX;
0372     netif_keep_dst(dev);
0373
0374     dev->features       |= IPIP_FEATURES;
0375     dev->hw_features    |= IPIP_FEATURES;
0376     ip_tunnel_setup(dev, ipip_net_id);
0377 }
0378
0379 static int ipip_tunnel_init(struct net_device *dev)
0380 {
0381     struct ip_tunnel *tunnel = netdev_priv(dev);
0382
0383     __dev_addr_set(dev, &tunnel->parms.iph.saddr, 4);
0384     memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
0385
0386     tunnel->tun_hlen = 0;
0387     tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
0388     return ip_tunnel_init(dev);
0389 }
0390
0391 static int ipip_tunnel_validate(struct nlattr *tb[], struct nlattr *data[],
0392                 struct netlink_ext_ack *extack)
0393 {
0394     u8 proto;
0395
0396     if (!data || !data[IFLA_IPTUN_PROTO])
0397         return 0;
0398
0399     proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
0400     if (proto != IPPROTO_IPIP && proto != IPPROTO_MPLS && proto != 0)
0401         return -EINVAL;
0402
0403     return 0;
0404 }
0405
0406 static void ipip_netlink_parms(struct nlattr *data[],
0407                    struct ip_tunnel_parm *parms, bool *collect_md,
0408                    __u32 *fwmark)
0409 {
0410     memset(parms, 0, sizeof(*parms));
0411
0412     parms->iph.version = 4;
0413     parms->iph.protocol = IPPROTO_IPIP;
0414     parms->iph.ihl = 5;
0415     *collect_md = false;
0416
0417     if (!data)
0418         return;
0419
0420     if (data[IFLA_IPTUN_LINK])
0421         parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]);
0422
0423     if (data[IFLA_IPTUN_LOCAL])
0424         parms->iph.saddr = nla_get_in_addr(data[IFLA_IPTUN_LOCAL]);
0425
0426     if (data[IFLA_IPTUN_REMOTE])
0427         parms->iph.daddr = nla_get_in_addr(data[IFLA_IPTUN_REMOTE]);
0428
0429     if (data[IFLA_IPTUN_TTL]) {
0430         parms->iph.ttl = nla_get_u8(data[IFLA_IPTUN_TTL]);
0431         if (parms->iph.ttl)
0432             parms->iph.frag_off = htons(IP_DF);
0433     }
0434
0435     if (data[IFLA_IPTUN_TOS])
0436         parms->iph.tos = nla_get_u8(data[IFLA_IPTUN_TOS]);
0437
0438     if (data[IFLA_IPTUN_PROTO])
0439         parms->iph.protocol = nla_get_u8(data[IFLA_IPTUN_PROTO]);
0440
0441     if (!data[IFLA_IPTUN_PMTUDISC] || nla_get_u8(data[IFLA_IPTUN_PMTUDISC]))
0442         parms->iph.frag_off = htons(IP_DF);
0443
0444     if (data[IFLA_IPTUN_COLLECT_METADATA])
0445         *collect_md = true;
0446
0447     if (data[IFLA_IPTUN_FWMARK])
0448         *fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]);
0449 }
0450
0451 /* This function returns true when ENCAP attributes are present in the nl msg */
0452 static bool ipip_netlink_encap_parms(struct nlattr *data[],
0453                      struct ip_tunnel_encap *ipencap)
0454 {
0455     bool ret = false;
0456
0457     memset(ipencap, 0, sizeof(*ipencap));
0458
0459     if (!data)
0460         return ret;
0461
0462     if (data[IFLA_IPTUN_ENCAP_TYPE]) {
0463         ret = true;
0464         ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]);
0465     }
0466
0467     if (data[IFLA_IPTUN_ENCAP_FLAGS]) {
0468         ret = true;
0469         ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]);
0470     }
0471
0472     if (data[IFLA_IPTUN_ENCAP_SPORT]) {
0473         ret = true;
0474         ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]);
0475     }
0476
0477     if (data[IFLA_IPTUN_ENCAP_DPORT]) {
0478         ret = true;
0479         ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]);
0480     }
0481
0482     return ret;
0483 }
0484
0485 static int ipip_newlink(struct net *src_net, struct net_device *dev,
0486             struct nlattr *tb[], struct nlattr *data[],
0487             struct netlink_ext_ack *extack)
0488 {
0489     struct ip_tunnel *t = netdev_priv(dev);
0490     struct ip_tunnel_parm p;
0491     struct ip_tunnel_encap ipencap;
0492     __u32 fwmark = 0;
0493
0494     if (ipip_netlink_encap_parms(data, &ipencap)) {
0495         int err = ip_tunnel_encap_setup(t, &ipencap);
0496
0497         if (err < 0)
0498             return err;
0499     }
0500
0501     ipip_netlink_parms(data, &p, &t->collect_md, &fwmark);
0502     return ip_tunnel_newlink(dev, tb, &p, fwmark);
0503 }
0504
0505 static int ipip_changelink(struct net_device *dev, struct nlattr *tb[],
0506                struct nlattr *data[],
0507                struct netlink_ext_ack *extack)
0508 {
0509     struct ip_tunnel *t = netdev_priv(dev);
0510     struct ip_tunnel_parm p;
0511     struct ip_tunnel_encap ipencap;
0512     bool collect_md;
0513     __u32 fwmark = t->fwmark;
0514
0515     if (ipip_netlink_encap_parms(data, &ipencap)) {
0516         int err = ip_tunnel_encap_setup(t, &ipencap);
0517
0518         if (err < 0)
0519             return err;
0520     }
0521
0522     ipip_netlink_parms(data, &p, &collect_md, &fwmark);
0523     if (collect_md)
0524         return -EINVAL;
0525
0526     if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
0527         (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
0528         return -EINVAL;
0529
0530     return ip_tunnel_changelink(dev, tb, &p, fwmark);
0531 }
0532
0533 static size_t ipip_get_size(const struct net_device *dev)
0534 {
0535     return
0536         /* IFLA_IPTUN_LINK */
0537         nla_total_size(4) +
0538         /* IFLA_IPTUN_LOCAL */
0539         nla_total_size(4) +
0540         /* IFLA_IPTUN_REMOTE */
0541         nla_total_size(4) +
0542         /* IFLA_IPTUN_TTL */
0543         nla_total_size(1) +
0544         /* IFLA_IPTUN_TOS */
0545         nla_total_size(1) +
0546         /* IFLA_IPTUN_PROTO */
0547         nla_total_size(1) +
0548         /* IFLA_IPTUN_PMTUDISC */
0549         nla_total_size(1) +
0550         /* IFLA_IPTUN_ENCAP_TYPE */
0551         nla_total_size(2) +
0552         /* IFLA_IPTUN_ENCAP_FLAGS */
0553         nla_total_size(2) +
0554         /* IFLA_IPTUN_ENCAP_SPORT */
0555         nla_total_size(2) +
0556         /* IFLA_IPTUN_ENCAP_DPORT */
0557         nla_total_size(2) +
0558         /* IFLA_IPTUN_COLLECT_METADATA */
0559         nla_total_size(0) +
0560         /* IFLA_IPTUN_FWMARK */
0561         nla_total_size(4) +
0562         0;
0563 }
0564
0565 static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev)
0566 {
0567     struct ip_tunnel *tunnel = netdev_priv(dev);
0568     struct ip_tunnel_parm *parm = &tunnel->parms;
0569
0570     if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
0571         nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
0572         nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
0573         nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
0574         nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
0575         nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->iph.protocol) ||
0576         nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
0577                !!(parm->iph.frag_off & htons(IP_DF))) ||
0578         nla_put_u32(skb, IFLA_IPTUN_FWMARK, tunnel->fwmark))
0579         goto nla_put_failure;
0580
0581     if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
0582             tunnel->encap.type) ||
0583         nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
0584              tunnel->encap.sport) ||
0585         nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
0586              tunnel->encap.dport) ||
0587         nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
0588             tunnel->encap.flags))
0589         goto nla_put_failure;
0590
0591     if (tunnel->collect_md)
0592         if (nla_put_flag(skb, IFLA_IPTUN_COLLECT_METADATA))
0593             goto nla_put_failure;
0594     return 0;
0595
0596 nla_put_failure:
0597     return -EMSGSIZE;
0598 }
0599
0600 static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
0601     [IFLA_IPTUN_LINK]       = { .type = NLA_U32 },
0602     [IFLA_IPTUN_LOCAL]      = { .type = NLA_U32 },
0603     [IFLA_IPTUN_REMOTE]     = { .type = NLA_U32 },
0604     [IFLA_IPTUN_TTL]        = { .type = NLA_U8 },
0605     [IFLA_IPTUN_TOS]        = { .type = NLA_U8 },
0606     [IFLA_IPTUN_PROTO]      = { .type = NLA_U8 },
0607     [IFLA_IPTUN_PMTUDISC]       = { .type = NLA_U8 },
0608     [IFLA_IPTUN_ENCAP_TYPE]     = { .type = NLA_U16 },
0609     [IFLA_IPTUN_ENCAP_FLAGS]    = { .type = NLA_U16 },
0610     [IFLA_IPTUN_ENCAP_SPORT]    = { .type = NLA_U16 },
0611     [IFLA_IPTUN_ENCAP_DPORT]    = { .type = NLA_U16 },
0612     [IFLA_IPTUN_COLLECT_METADATA]   = { .type = NLA_FLAG },
0613     [IFLA_IPTUN_FWMARK]     = { .type = NLA_U32 },
0614 };
0615
0616 static struct rtnl_link_ops ipip_link_ops __read_mostly = {
0617     .kind       = "ipip",
0618     .maxtype    = IFLA_IPTUN_MAX,
0619     .policy     = ipip_policy,
0620     .priv_size  = sizeof(struct ip_tunnel),
0621     .setup      = ipip_tunnel_setup,
0622     .validate   = ipip_tunnel_validate,
0623     .newlink    = ipip_newlink,
0624     .changelink = ipip_changelink,
0625     .dellink    = ip_tunnel_dellink,
0626     .get_size   = ipip_get_size,
0627     .fill_info  = ipip_fill_info,
0628     .get_link_net   = ip_tunnel_get_link_net,
0629 };
0630
0631 static struct xfrm_tunnel ipip_handler __read_mostly = {
0632     .handler    =   ipip_rcv,
0633     .err_handler    =   ipip_err,
0634     .priority   =   1,
0635 };
0636
0637 #if IS_ENABLED(CONFIG_MPLS)
0638 static struct xfrm_tunnel mplsip_handler __read_mostly = {
0639     .handler    =   mplsip_rcv,
0640     .err_handler    =   ipip_err,
0641     .priority   =   1,
0642 };
0643 #endif
0644
0645 static int __net_init ipip_init_net(struct net *net)
0646 {
0647     return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
0648 }
0649
0650 static void __net_exit ipip_exit_batch_net(struct list_head *list_net)
0651 {
0652     ip_tunnel_delete_nets(list_net, ipip_net_id, &ipip_link_ops);
0653 }
0654
0655 static struct pernet_operations ipip_net_ops = {
0656     .init = ipip_init_net,
0657     .exit_batch = ipip_exit_batch_net,
0658     .id   = &ipip_net_id,
0659     .size = sizeof(struct ip_tunnel_net),
0660 };
0661
0662 static int __init ipip_init(void)
0663 {
0664     int err;
0665
0666     pr_info("ipip: IPv4 and MPLS over IPv4 tunneling driver\n");
0667
0668     err = register_pernet_device(&ipip_net_ops);
0669     if (err < 0)
0670         return err;
0671     err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
0672     if (err < 0) {
0673         pr_info("%s: can't register tunnel\n", __func__);
0674         goto xfrm_tunnel_ipip_failed;
0675     }
0676 #if IS_ENABLED(CONFIG_MPLS)
0677     err = xfrm4_tunnel_register(&mplsip_handler, AF_MPLS);
0678     if (err < 0) {
0679         pr_info("%s: can't register tunnel\n", __func__);
0680         goto xfrm_tunnel_mplsip_failed;
0681     }
0682 #endif
0683     err = rtnl_link_register(&ipip_link_ops);
0684     if (err < 0)
0685         goto rtnl_link_failed;
0686
0687 out:
0688     return err;
0689
0690 rtnl_link_failed:
0691 #if IS_ENABLED(CONFIG_MPLS)
0692     xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS);
0693 xfrm_tunnel_mplsip_failed:
0694
0695 #endif
0696     xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
0697 xfrm_tunnel_ipip_failed:
0698     unregister_pernet_device(&ipip_net_ops);
0699     goto out;
0700 }
0701
0702 static void __exit ipip_fini(void)
0703 {
0704     rtnl_link_unregister(&ipip_link_ops);
0705     if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
0706         pr_info("%s: can't deregister tunnel\n", __func__);
0707 #if IS_ENABLED(CONFIG_MPLS)
0708     if (xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS))
0709         pr_info("%s: can't deregister tunnel\n", __func__);
0710 #endif
0711     unregister_pernet_device(&ipip_net_ops);
0712 }
0713
0714 module_init(ipip_init);
0715 module_exit(ipip_fini);
0716 MODULE_LICENSE("GPL");
0717 MODULE_ALIAS_RTNL_LINK("ipip");
0718 MODULE_ALIAS_NETDEV("tunl0");