0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011
0012
0013
0014
0015
0016 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
0017
0018 #include <linux/module.h>
0019 #include <linux/capability.h>
0020 #include <linux/errno.h>
0021 #include <linux/types.h>
0022 #include <linux/sockios.h>
0023 #include <linux/icmp.h>
0024 #include <linux/if.h>
0025 #include <linux/in.h>
0026 #include <linux/ip.h>
0027 #include <linux/net.h>
0028 #include <linux/in6.h>
0029 #include <linux/netdevice.h>
0030 #include <linux/if_arp.h>
0031 #include <linux/icmpv6.h>
0032 #include <linux/init.h>
0033 #include <linux/route.h>
0034 #include <linux/rtnetlink.h>
0035 #include <linux/netfilter_ipv6.h>
0036 #include <linux/slab.h>
0037 #include <linux/hash.h>
0038 #include <linux/etherdevice.h>
0039
0040 #include <linux/uaccess.h>
0041 #include <linux/atomic.h>
0042
0043 #include <net/icmp.h>
0044 #include <net/ip.h>
0045 #include <net/ip_tunnels.h>
0046 #include <net/ipv6.h>
0047 #include <net/ip6_route.h>
0048 #include <net/addrconf.h>
0049 #include <net/ip6_tunnel.h>
0050 #include <net/xfrm.h>
0051 #include <net/dsfield.h>
0052 #include <net/inet_ecn.h>
0053 #include <net/net_namespace.h>
0054 #include <net/netns/generic.h>
0055 #include <net/dst_metadata.h>
0056
0057 MODULE_AUTHOR("Ville Nuorvala");
0058 MODULE_DESCRIPTION("IPv6 tunneling device");
0059 MODULE_LICENSE("GPL");
0060 MODULE_ALIAS_RTNL_LINK("ip6tnl");
0061 MODULE_ALIAS_NETDEV("ip6tnl0");
0062
0063 #define IP6_TUNNEL_HASH_SIZE_SHIFT 5
0064 #define IP6_TUNNEL_HASH_SIZE (1 << IP6_TUNNEL_HASH_SIZE_SHIFT)
0065
0066 static bool log_ecn_error = true;
0067 module_param(log_ecn_error, bool, 0644);
0068 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
0069
0070 static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
0071 {
0072 u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2);
0073
0074 return hash_32(hash, IP6_TUNNEL_HASH_SIZE_SHIFT);
0075 }
0076
0077 static int ip6_tnl_dev_init(struct net_device *dev);
0078 static void ip6_tnl_dev_setup(struct net_device *dev);
0079 static struct rtnl_link_ops ip6_link_ops __read_mostly;
0080
0081 static unsigned int ip6_tnl_net_id __read_mostly;
0082 struct ip6_tnl_net {
0083
0084 struct net_device *fb_tnl_dev;
0085
0086 struct ip6_tnl __rcu *tnls_r_l[IP6_TUNNEL_HASH_SIZE];
0087 struct ip6_tnl __rcu *tnls_wc[1];
0088 struct ip6_tnl __rcu **tnls[2];
0089 struct ip6_tnl __rcu *collect_md_tun;
0090 };
0091
0092 static inline int ip6_tnl_mpls_supported(void)
0093 {
0094 return IS_ENABLED(CONFIG_MPLS);
0095 }
0096
0097 #define for_each_ip6_tunnel_rcu(start) \
0098 for (t = rcu_dereference(start); t; t = rcu_dereference(t->next))
0099
0100
0101
0102
0103
0104
0105
0106
0107
0108
0109
0110
0111
0112
0113 static struct ip6_tnl *
0114 ip6_tnl_lookup(struct net *net, int link,
0115 const struct in6_addr *remote, const struct in6_addr *local)
0116 {
0117 unsigned int hash = HASH(remote, local);
0118 struct ip6_tnl *t, *cand = NULL;
0119 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
0120 struct in6_addr any;
0121
0122 for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
0123 if (!ipv6_addr_equal(local, &t->parms.laddr) ||
0124 !ipv6_addr_equal(remote, &t->parms.raddr) ||
0125 !(t->dev->flags & IFF_UP))
0126 continue;
0127
0128 if (link == t->parms.link)
0129 return t;
0130 else
0131 cand = t;
0132 }
0133
0134 memset(&any, 0, sizeof(any));
0135 hash = HASH(&any, local);
0136 for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
0137 if (!ipv6_addr_equal(local, &t->parms.laddr) ||
0138 !ipv6_addr_any(&t->parms.raddr) ||
0139 !(t->dev->flags & IFF_UP))
0140 continue;
0141
0142 if (link == t->parms.link)
0143 return t;
0144 else if (!cand)
0145 cand = t;
0146 }
0147
0148 hash = HASH(remote, &any);
0149 for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
0150 if (!ipv6_addr_equal(remote, &t->parms.raddr) ||
0151 !ipv6_addr_any(&t->parms.laddr) ||
0152 !(t->dev->flags & IFF_UP))
0153 continue;
0154
0155 if (link == t->parms.link)
0156 return t;
0157 else if (!cand)
0158 cand = t;
0159 }
0160
0161 if (cand)
0162 return cand;
0163
0164 t = rcu_dereference(ip6n->collect_md_tun);
0165 if (t && t->dev->flags & IFF_UP)
0166 return t;
0167
0168 t = rcu_dereference(ip6n->tnls_wc[0]);
0169 if (t && (t->dev->flags & IFF_UP))
0170 return t;
0171
0172 return NULL;
0173 }
0174
0175
0176
0177
0178
0179
0180
0181
0182
0183
0184
0185
0186
0187 static struct ip6_tnl __rcu **
0188 ip6_tnl_bucket(struct ip6_tnl_net *ip6n, const struct __ip6_tnl_parm *p)
0189 {
0190 const struct in6_addr *remote = &p->raddr;
0191 const struct in6_addr *local = &p->laddr;
0192 unsigned int h = 0;
0193 int prio = 0;
0194
0195 if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) {
0196 prio = 1;
0197 h = HASH(remote, local);
0198 }
0199 return &ip6n->tnls[prio][h];
0200 }
0201
0202
0203
0204
0205
0206
0207
0208 static void
0209 ip6_tnl_link(struct ip6_tnl_net *ip6n, struct ip6_tnl *t)
0210 {
0211 struct ip6_tnl __rcu **tp = ip6_tnl_bucket(ip6n, &t->parms);
0212
0213 if (t->parms.collect_md)
0214 rcu_assign_pointer(ip6n->collect_md_tun, t);
0215 rcu_assign_pointer(t->next , rtnl_dereference(*tp));
0216 rcu_assign_pointer(*tp, t);
0217 }
0218
0219
0220
0221
0222
0223
0224
0225 static void
0226 ip6_tnl_unlink(struct ip6_tnl_net *ip6n, struct ip6_tnl *t)
0227 {
0228 struct ip6_tnl __rcu **tp;
0229 struct ip6_tnl *iter;
0230
0231 if (t->parms.collect_md)
0232 rcu_assign_pointer(ip6n->collect_md_tun, NULL);
0233
0234 for (tp = ip6_tnl_bucket(ip6n, &t->parms);
0235 (iter = rtnl_dereference(*tp)) != NULL;
0236 tp = &iter->next) {
0237 if (t == iter) {
0238 rcu_assign_pointer(*tp, t->next);
0239 break;
0240 }
0241 }
0242 }
0243
0244 static void ip6_dev_free(struct net_device *dev)
0245 {
0246 struct ip6_tnl *t = netdev_priv(dev);
0247
0248 gro_cells_destroy(&t->gro_cells);
0249 dst_cache_destroy(&t->dst_cache);
0250 free_percpu(dev->tstats);
0251 }
0252
0253 static int ip6_tnl_create2(struct net_device *dev)
0254 {
0255 struct ip6_tnl *t = netdev_priv(dev);
0256 struct net *net = dev_net(dev);
0257 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
0258 int err;
0259
0260 dev->rtnl_link_ops = &ip6_link_ops;
0261 err = register_netdevice(dev);
0262 if (err < 0)
0263 goto out;
0264
0265 strcpy(t->parms.name, dev->name);
0266
0267 ip6_tnl_link(ip6n, t);
0268 return 0;
0269
0270 out:
0271 return err;
0272 }
0273
0274
0275
0276
0277
0278
0279
0280
0281
0282
0283
0284
0285
0286 static struct ip6_tnl *ip6_tnl_create(struct net *net, struct __ip6_tnl_parm *p)
0287 {
0288 struct net_device *dev;
0289 struct ip6_tnl *t;
0290 char name[IFNAMSIZ];
0291 int err = -E2BIG;
0292
0293 if (p->name[0]) {
0294 if (!dev_valid_name(p->name))
0295 goto failed;
0296 strlcpy(name, p->name, IFNAMSIZ);
0297 } else {
0298 sprintf(name, "ip6tnl%%d");
0299 }
0300 err = -ENOMEM;
0301 dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN,
0302 ip6_tnl_dev_setup);
0303 if (!dev)
0304 goto failed;
0305
0306 dev_net_set(dev, net);
0307
0308 t = netdev_priv(dev);
0309 t->parms = *p;
0310 t->net = dev_net(dev);
0311 err = ip6_tnl_create2(dev);
0312 if (err < 0)
0313 goto failed_free;
0314
0315 return t;
0316
0317 failed_free:
0318 free_netdev(dev);
0319 failed:
0320 return ERR_PTR(err);
0321 }
0322
0323
0324
0325
0326
0327
0328
0329
0330
0331
0332
0333
0334
0335
0336
0337
0338 static struct ip6_tnl *ip6_tnl_locate(struct net *net,
0339 struct __ip6_tnl_parm *p, int create)
0340 {
0341 const struct in6_addr *remote = &p->raddr;
0342 const struct in6_addr *local = &p->laddr;
0343 struct ip6_tnl __rcu **tp;
0344 struct ip6_tnl *t;
0345 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
0346
0347 for (tp = ip6_tnl_bucket(ip6n, p);
0348 (t = rtnl_dereference(*tp)) != NULL;
0349 tp = &t->next) {
0350 if (ipv6_addr_equal(local, &t->parms.laddr) &&
0351 ipv6_addr_equal(remote, &t->parms.raddr) &&
0352 p->link == t->parms.link) {
0353 if (create)
0354 return ERR_PTR(-EEXIST);
0355
0356 return t;
0357 }
0358 }
0359 if (!create)
0360 return ERR_PTR(-ENODEV);
0361 return ip6_tnl_create(net, p);
0362 }
0363
0364
0365
0366
0367
0368
0369
0370
0371
0372 static void
0373 ip6_tnl_dev_uninit(struct net_device *dev)
0374 {
0375 struct ip6_tnl *t = netdev_priv(dev);
0376 struct net *net = t->net;
0377 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
0378
0379 if (dev == ip6n->fb_tnl_dev)
0380 RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL);
0381 else
0382 ip6_tnl_unlink(ip6n, t);
0383 dst_cache_reset(&t->dst_cache);
0384 netdev_put(dev, &t->dev_tracker);
0385 }
0386
0387
0388
0389
0390
0391
0392
0393
0394
0395
0396
0397 __u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw)
0398 {
0399 const struct ipv6hdr *ipv6h = (const struct ipv6hdr *)raw;
0400 unsigned int nhoff = raw - skb->data;
0401 unsigned int off = nhoff + sizeof(*ipv6h);
0402 u8 next, nexthdr = ipv6h->nexthdr;
0403
0404 while (ipv6_ext_hdr(nexthdr) && nexthdr != NEXTHDR_NONE) {
0405 struct ipv6_opt_hdr *hdr;
0406 u16 optlen;
0407
0408 if (!pskb_may_pull(skb, off + sizeof(*hdr)))
0409 break;
0410
0411 hdr = (struct ipv6_opt_hdr *)(skb->data + off);
0412 if (nexthdr == NEXTHDR_FRAGMENT) {
0413 struct frag_hdr *frag_hdr = (struct frag_hdr *) hdr;
0414 if (frag_hdr->frag_off)
0415 break;
0416 optlen = 8;
0417 } else if (nexthdr == NEXTHDR_AUTH) {
0418 optlen = ipv6_authlen(hdr);
0419 } else {
0420 optlen = ipv6_optlen(hdr);
0421 }
0422
0423
0424
0425 next = hdr->nexthdr;
0426 if (nexthdr == NEXTHDR_DEST) {
0427 u16 i = 2;
0428
0429
0430 if (!pskb_may_pull(skb, off + optlen))
0431 break;
0432
0433 while (1) {
0434 struct ipv6_tlv_tnl_enc_lim *tel;
0435
0436
0437 if (i + sizeof(*tel) > optlen)
0438 break;
0439
0440 tel = (struct ipv6_tlv_tnl_enc_lim *)(skb->data + off + i);
0441
0442 if (tel->type == IPV6_TLV_TNL_ENCAP_LIMIT &&
0443 tel->length == 1)
0444 return i + off - nhoff;
0445
0446 if (tel->type)
0447 i += tel->length + 2;
0448 else
0449 i++;
0450 }
0451 }
0452 nexthdr = next;
0453 off += optlen;
0454 }
0455 return 0;
0456 }
0457 EXPORT_SYMBOL(ip6_tnl_parse_tlv_enc_lim);
0458
0459
0460
0461
0462 static int
0463 ip6_tnl_err(struct sk_buff *skb, __u8 ipproto, struct inet6_skb_parm *opt,
0464 u8 *type, u8 *code, int *msg, __u32 *info, int offset)
0465 {
0466 const struct ipv6hdr *ipv6h = (const struct ipv6hdr *)skb->data;
0467 struct net *net = dev_net(skb->dev);
0468 u8 rel_type = ICMPV6_DEST_UNREACH;
0469 u8 rel_code = ICMPV6_ADDR_UNREACH;
0470 __u32 rel_info = 0;
0471 struct ip6_tnl *t;
0472 int err = -ENOENT;
0473 int rel_msg = 0;
0474 u8 tproto;
0475 __u16 len;
0476
0477
0478
0479
0480
0481 rcu_read_lock();
0482 t = ip6_tnl_lookup(dev_net(skb->dev), skb->dev->ifindex, &ipv6h->daddr, &ipv6h->saddr);
0483 if (!t)
0484 goto out;
0485
0486 tproto = READ_ONCE(t->parms.proto);
0487 if (tproto != ipproto && tproto != 0)
0488 goto out;
0489
0490 err = 0;
0491
0492 switch (*type) {
0493 case ICMPV6_DEST_UNREACH:
0494 net_dbg_ratelimited("%s: Path to destination invalid or inactive!\n",
0495 t->parms.name);
0496 rel_msg = 1;
0497 break;
0498 case ICMPV6_TIME_EXCEED:
0499 if ((*code) == ICMPV6_EXC_HOPLIMIT) {
0500 net_dbg_ratelimited("%s: Too small hop limit or routing loop in tunnel!\n",
0501 t->parms.name);
0502 rel_msg = 1;
0503 }
0504 break;
0505 case ICMPV6_PARAMPROB: {
0506 struct ipv6_tlv_tnl_enc_lim *tel;
0507 __u32 teli;
0508
0509 teli = 0;
0510 if ((*code) == ICMPV6_HDR_FIELD)
0511 teli = ip6_tnl_parse_tlv_enc_lim(skb, skb->data);
0512
0513 if (teli && teli == *info - 2) {
0514 tel = (struct ipv6_tlv_tnl_enc_lim *) &skb->data[teli];
0515 if (tel->encap_limit == 0) {
0516 net_dbg_ratelimited("%s: Too small encapsulation limit or routing loop in tunnel!\n",
0517 t->parms.name);
0518 rel_msg = 1;
0519 }
0520 } else {
0521 net_dbg_ratelimited("%s: Recipient unable to parse tunneled packet!\n",
0522 t->parms.name);
0523 }
0524 break;
0525 }
0526 case ICMPV6_PKT_TOOBIG: {
0527 __u32 mtu;
0528
0529 ip6_update_pmtu(skb, net, htonl(*info), 0, 0,
0530 sock_net_uid(net, NULL));
0531 mtu = *info - offset;
0532 if (mtu < IPV6_MIN_MTU)
0533 mtu = IPV6_MIN_MTU;
0534 len = sizeof(*ipv6h) + ntohs(ipv6h->payload_len);
0535 if (len > mtu) {
0536 rel_type = ICMPV6_PKT_TOOBIG;
0537 rel_code = 0;
0538 rel_info = mtu;
0539 rel_msg = 1;
0540 }
0541 break;
0542 }
0543 case NDISC_REDIRECT:
0544 ip6_redirect(skb, net, skb->dev->ifindex, 0,
0545 sock_net_uid(net, NULL));
0546 break;
0547 }
0548
0549 *type = rel_type;
0550 *code = rel_code;
0551 *info = rel_info;
0552 *msg = rel_msg;
0553
0554 out:
0555 rcu_read_unlock();
0556 return err;
0557 }
0558
0559 static int
0560 ip4ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
0561 u8 type, u8 code, int offset, __be32 info)
0562 {
0563 __u32 rel_info = ntohl(info);
0564 const struct iphdr *eiph;
0565 struct sk_buff *skb2;
0566 int err, rel_msg = 0;
0567 u8 rel_type = type;
0568 u8 rel_code = code;
0569 struct rtable *rt;
0570 struct flowi4 fl4;
0571
0572 err = ip6_tnl_err(skb, IPPROTO_IPIP, opt, &rel_type, &rel_code,
0573 &rel_msg, &rel_info, offset);
0574 if (err < 0)
0575 return err;
0576
0577 if (rel_msg == 0)
0578 return 0;
0579
0580 switch (rel_type) {
0581 case ICMPV6_DEST_UNREACH:
0582 if (rel_code != ICMPV6_ADDR_UNREACH)
0583 return 0;
0584 rel_type = ICMP_DEST_UNREACH;
0585 rel_code = ICMP_HOST_UNREACH;
0586 break;
0587 case ICMPV6_PKT_TOOBIG:
0588 if (rel_code != 0)
0589 return 0;
0590 rel_type = ICMP_DEST_UNREACH;
0591 rel_code = ICMP_FRAG_NEEDED;
0592 break;
0593 default:
0594 return 0;
0595 }
0596
0597 if (!pskb_may_pull(skb, offset + sizeof(struct iphdr)))
0598 return 0;
0599
0600 skb2 = skb_clone(skb, GFP_ATOMIC);
0601 if (!skb2)
0602 return 0;
0603
0604 skb_dst_drop(skb2);
0605
0606 skb_pull(skb2, offset);
0607 skb_reset_network_header(skb2);
0608 eiph = ip_hdr(skb2);
0609
0610
0611 rt = ip_route_output_ports(dev_net(skb->dev), &fl4, NULL, eiph->saddr,
0612 0, 0, 0, IPPROTO_IPIP, RT_TOS(eiph->tos), 0);
0613 if (IS_ERR(rt))
0614 goto out;
0615
0616 skb2->dev = rt->dst.dev;
0617 ip_rt_put(rt);
0618
0619
0620 if (rt->rt_flags & RTCF_LOCAL) {
0621 rt = ip_route_output_ports(dev_net(skb->dev), &fl4, NULL,
0622 eiph->daddr, eiph->saddr, 0, 0,
0623 IPPROTO_IPIP, RT_TOS(eiph->tos), 0);
0624 if (IS_ERR(rt) || rt->dst.dev->type != ARPHRD_TUNNEL6) {
0625 if (!IS_ERR(rt))
0626 ip_rt_put(rt);
0627 goto out;
0628 }
0629 skb_dst_set(skb2, &rt->dst);
0630 } else {
0631 if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos,
0632 skb2->dev) ||
0633 skb_dst(skb2)->dev->type != ARPHRD_TUNNEL6)
0634 goto out;
0635 }
0636
0637
0638 if (rel_type == ICMP_DEST_UNREACH && rel_code == ICMP_FRAG_NEEDED) {
0639 if (rel_info > dst_mtu(skb_dst(skb2)))
0640 goto out;
0641
0642 skb_dst_update_pmtu_no_confirm(skb2, rel_info);
0643 }
0644
0645 icmp_send(skb2, rel_type, rel_code, htonl(rel_info));
0646
0647 out:
0648 kfree_skb(skb2);
0649 return 0;
0650 }
0651
0652 static int
0653 ip6ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
0654 u8 type, u8 code, int offset, __be32 info)
0655 {
0656 __u32 rel_info = ntohl(info);
0657 int err, rel_msg = 0;
0658 u8 rel_type = type;
0659 u8 rel_code = code;
0660
0661 err = ip6_tnl_err(skb, IPPROTO_IPV6, opt, &rel_type, &rel_code,
0662 &rel_msg, &rel_info, offset);
0663 if (err < 0)
0664 return err;
0665
0666 if (rel_msg && pskb_may_pull(skb, offset + sizeof(struct ipv6hdr))) {
0667 struct rt6_info *rt;
0668 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
0669
0670 if (!skb2)
0671 return 0;
0672
0673 skb_dst_drop(skb2);
0674 skb_pull(skb2, offset);
0675 skb_reset_network_header(skb2);
0676
0677
0678 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr,
0679 NULL, 0, skb2, 0);
0680
0681 if (rt && rt->dst.dev)
0682 skb2->dev = rt->dst.dev;
0683
0684 icmpv6_send(skb2, rel_type, rel_code, rel_info);
0685
0686 ip6_rt_put(rt);
0687
0688 kfree_skb(skb2);
0689 }
0690
0691 return 0;
0692 }
0693
0694 static int
0695 mplsip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
0696 u8 type, u8 code, int offset, __be32 info)
0697 {
0698 __u32 rel_info = ntohl(info);
0699 int err, rel_msg = 0;
0700 u8 rel_type = type;
0701 u8 rel_code = code;
0702
0703 err = ip6_tnl_err(skb, IPPROTO_MPLS, opt, &rel_type, &rel_code,
0704 &rel_msg, &rel_info, offset);
0705 return err;
0706 }
0707
0708 static int ip4ip6_dscp_ecn_decapsulate(const struct ip6_tnl *t,
0709 const struct ipv6hdr *ipv6h,
0710 struct sk_buff *skb)
0711 {
0712 __u8 dsfield = ipv6_get_dsfield(ipv6h) & ~INET_ECN_MASK;
0713
0714 if (t->parms.flags & IP6_TNL_F_RCV_DSCP_COPY)
0715 ipv4_change_dsfield(ip_hdr(skb), INET_ECN_MASK, dsfield);
0716
0717 return IP6_ECN_decapsulate(ipv6h, skb);
0718 }
0719
0720 static int ip6ip6_dscp_ecn_decapsulate(const struct ip6_tnl *t,
0721 const struct ipv6hdr *ipv6h,
0722 struct sk_buff *skb)
0723 {
0724 if (t->parms.flags & IP6_TNL_F_RCV_DSCP_COPY)
0725 ipv6_copy_dscp(ipv6_get_dsfield(ipv6h), ipv6_hdr(skb));
0726
0727 return IP6_ECN_decapsulate(ipv6h, skb);
0728 }
0729
0730 static inline int mplsip6_dscp_ecn_decapsulate(const struct ip6_tnl *t,
0731 const struct ipv6hdr *ipv6h,
0732 struct sk_buff *skb)
0733 {
0734
0735 return 0;
0736 }
0737
0738 __u32 ip6_tnl_get_cap(struct ip6_tnl *t,
0739 const struct in6_addr *laddr,
0740 const struct in6_addr *raddr)
0741 {
0742 struct __ip6_tnl_parm *p = &t->parms;
0743 int ltype = ipv6_addr_type(laddr);
0744 int rtype = ipv6_addr_type(raddr);
0745 __u32 flags = 0;
0746
0747 if (ltype == IPV6_ADDR_ANY || rtype == IPV6_ADDR_ANY) {
0748 flags = IP6_TNL_F_CAP_PER_PACKET;
0749 } else if (ltype & (IPV6_ADDR_UNICAST|IPV6_ADDR_MULTICAST) &&
0750 rtype & (IPV6_ADDR_UNICAST|IPV6_ADDR_MULTICAST) &&
0751 !((ltype|rtype) & IPV6_ADDR_LOOPBACK) &&
0752 (!((ltype|rtype) & IPV6_ADDR_LINKLOCAL) || p->link)) {
0753 if (ltype&IPV6_ADDR_UNICAST)
0754 flags |= IP6_TNL_F_CAP_XMIT;
0755 if (rtype&IPV6_ADDR_UNICAST)
0756 flags |= IP6_TNL_F_CAP_RCV;
0757 }
0758 return flags;
0759 }
0760 EXPORT_SYMBOL(ip6_tnl_get_cap);
0761
0762
0763 int ip6_tnl_rcv_ctl(struct ip6_tnl *t,
0764 const struct in6_addr *laddr,
0765 const struct in6_addr *raddr)
0766 {
0767 struct __ip6_tnl_parm *p = &t->parms;
0768 int ret = 0;
0769 struct net *net = t->net;
0770
0771 if ((p->flags & IP6_TNL_F_CAP_RCV) ||
0772 ((p->flags & IP6_TNL_F_CAP_PER_PACKET) &&
0773 (ip6_tnl_get_cap(t, laddr, raddr) & IP6_TNL_F_CAP_RCV))) {
0774 struct net_device *ldev = NULL;
0775
0776 if (p->link)
0777 ldev = dev_get_by_index_rcu(net, p->link);
0778
0779 if ((ipv6_addr_is_multicast(laddr) ||
0780 likely(ipv6_chk_addr_and_flags(net, laddr, ldev, false,
0781 0, IFA_F_TENTATIVE))) &&
0782 ((p->flags & IP6_TNL_F_ALLOW_LOCAL_REMOTE) ||
0783 likely(!ipv6_chk_addr_and_flags(net, raddr, ldev, true,
0784 0, IFA_F_TENTATIVE))))
0785 ret = 1;
0786 }
0787 return ret;
0788 }
0789 EXPORT_SYMBOL_GPL(ip6_tnl_rcv_ctl);
0790
0791 static int __ip6_tnl_rcv(struct ip6_tnl *tunnel, struct sk_buff *skb,
0792 const struct tnl_ptk_info *tpi,
0793 struct metadata_dst *tun_dst,
0794 int (*dscp_ecn_decapsulate)(const struct ip6_tnl *t,
0795 const struct ipv6hdr *ipv6h,
0796 struct sk_buff *skb),
0797 bool log_ecn_err)
0798 {
0799 const struct ipv6hdr *ipv6h = ipv6_hdr(skb);
0800 int err;
0801
0802 if ((!(tpi->flags & TUNNEL_CSUM) &&
0803 (tunnel->parms.i_flags & TUNNEL_CSUM)) ||
0804 ((tpi->flags & TUNNEL_CSUM) &&
0805 !(tunnel->parms.i_flags & TUNNEL_CSUM))) {
0806 tunnel->dev->stats.rx_crc_errors++;
0807 tunnel->dev->stats.rx_errors++;
0808 goto drop;
0809 }
0810
0811 if (tunnel->parms.i_flags & TUNNEL_SEQ) {
0812 if (!(tpi->flags & TUNNEL_SEQ) ||
0813 (tunnel->i_seqno &&
0814 (s32)(ntohl(tpi->seq) - tunnel->i_seqno) < 0)) {
0815 tunnel->dev->stats.rx_fifo_errors++;
0816 tunnel->dev->stats.rx_errors++;
0817 goto drop;
0818 }
0819 tunnel->i_seqno = ntohl(tpi->seq) + 1;
0820 }
0821
0822 skb->protocol = tpi->proto;
0823
0824
0825 if (tunnel->dev->type == ARPHRD_ETHER) {
0826 if (!pskb_may_pull(skb, ETH_HLEN)) {
0827 tunnel->dev->stats.rx_length_errors++;
0828 tunnel->dev->stats.rx_errors++;
0829 goto drop;
0830 }
0831
0832 ipv6h = ipv6_hdr(skb);
0833 skb->protocol = eth_type_trans(skb, tunnel->dev);
0834 skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
0835 } else {
0836 skb->dev = tunnel->dev;
0837 skb_reset_mac_header(skb);
0838 }
0839
0840 skb_reset_network_header(skb);
0841 memset(skb->cb, 0, sizeof(struct inet6_skb_parm));
0842
0843 __skb_tunnel_rx(skb, tunnel->dev, tunnel->net);
0844
0845 err = dscp_ecn_decapsulate(tunnel, ipv6h, skb);
0846 if (unlikely(err)) {
0847 if (log_ecn_err)
0848 net_info_ratelimited("non-ECT from %pI6 with DS=%#x\n",
0849 &ipv6h->saddr,
0850 ipv6_get_dsfield(ipv6h));
0851 if (err > 1) {
0852 ++tunnel->dev->stats.rx_frame_errors;
0853 ++tunnel->dev->stats.rx_errors;
0854 goto drop;
0855 }
0856 }
0857
0858 dev_sw_netstats_rx_add(tunnel->dev, skb->len);
0859
0860 skb_scrub_packet(skb, !net_eq(tunnel->net, dev_net(tunnel->dev)));
0861
0862 if (tun_dst)
0863 skb_dst_set(skb, (struct dst_entry *)tun_dst);
0864
0865 gro_cells_receive(&tunnel->gro_cells, skb);
0866 return 0;
0867
0868 drop:
0869 if (tun_dst)
0870 dst_release((struct dst_entry *)tun_dst);
0871 kfree_skb(skb);
0872 return 0;
0873 }
0874
0875 int ip6_tnl_rcv(struct ip6_tnl *t, struct sk_buff *skb,
0876 const struct tnl_ptk_info *tpi,
0877 struct metadata_dst *tun_dst,
0878 bool log_ecn_err)
0879 {
0880 int (*dscp_ecn_decapsulate)(const struct ip6_tnl *t,
0881 const struct ipv6hdr *ipv6h,
0882 struct sk_buff *skb);
0883
0884 dscp_ecn_decapsulate = ip6ip6_dscp_ecn_decapsulate;
0885 if (tpi->proto == htons(ETH_P_IP))
0886 dscp_ecn_decapsulate = ip4ip6_dscp_ecn_decapsulate;
0887
0888 return __ip6_tnl_rcv(t, skb, tpi, tun_dst, dscp_ecn_decapsulate,
0889 log_ecn_err);
0890 }
0891 EXPORT_SYMBOL(ip6_tnl_rcv);
0892
0893 static const struct tnl_ptk_info tpi_v6 = {
0894
0895 .proto = htons(ETH_P_IPV6),
0896 };
0897
0898 static const struct tnl_ptk_info tpi_v4 = {
0899
0900 .proto = htons(ETH_P_IP),
0901 };
0902
0903 static const struct tnl_ptk_info tpi_mpls = {
0904
0905 .proto = htons(ETH_P_MPLS_UC),
0906 };
0907
0908 static int ipxip6_rcv(struct sk_buff *skb, u8 ipproto,
0909 const struct tnl_ptk_info *tpi,
0910 int (*dscp_ecn_decapsulate)(const struct ip6_tnl *t,
0911 const struct ipv6hdr *ipv6h,
0912 struct sk_buff *skb))
0913 {
0914 struct ip6_tnl *t;
0915 const struct ipv6hdr *ipv6h = ipv6_hdr(skb);
0916 struct metadata_dst *tun_dst = NULL;
0917 int ret = -1;
0918
0919 rcu_read_lock();
0920 t = ip6_tnl_lookup(dev_net(skb->dev), skb->dev->ifindex, &ipv6h->saddr, &ipv6h->daddr);
0921
0922 if (t) {
0923 u8 tproto = READ_ONCE(t->parms.proto);
0924
0925 if (tproto != ipproto && tproto != 0)
0926 goto drop;
0927 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
0928 goto drop;
0929 ipv6h = ipv6_hdr(skb);
0930 if (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr))
0931 goto drop;
0932 if (iptunnel_pull_header(skb, 0, tpi->proto, false))
0933 goto drop;
0934 if (t->parms.collect_md) {
0935 tun_dst = ipv6_tun_rx_dst(skb, 0, 0, 0);
0936 if (!tun_dst)
0937 goto drop;
0938 }
0939 ret = __ip6_tnl_rcv(t, skb, tpi, tun_dst, dscp_ecn_decapsulate,
0940 log_ecn_error);
0941 }
0942
0943 rcu_read_unlock();
0944
0945 return ret;
0946
0947 drop:
0948 rcu_read_unlock();
0949 kfree_skb(skb);
0950 return 0;
0951 }
0952
0953 static int ip4ip6_rcv(struct sk_buff *skb)
0954 {
0955 return ipxip6_rcv(skb, IPPROTO_IPIP, &tpi_v4,
0956 ip4ip6_dscp_ecn_decapsulate);
0957 }
0958
0959 static int ip6ip6_rcv(struct sk_buff *skb)
0960 {
0961 return ipxip6_rcv(skb, IPPROTO_IPV6, &tpi_v6,
0962 ip6ip6_dscp_ecn_decapsulate);
0963 }
0964
0965 static int mplsip6_rcv(struct sk_buff *skb)
0966 {
0967 return ipxip6_rcv(skb, IPPROTO_MPLS, &tpi_mpls,
0968 mplsip6_dscp_ecn_decapsulate);
0969 }
0970
0971 struct ipv6_tel_txoption {
0972 struct ipv6_txoptions ops;
0973 __u8 dst_opt[8];
0974 };
0975
0976 static void init_tel_txopt(struct ipv6_tel_txoption *opt, __u8 encap_limit)
0977 {
0978 memset(opt, 0, sizeof(struct ipv6_tel_txoption));
0979
0980 opt->dst_opt[2] = IPV6_TLV_TNL_ENCAP_LIMIT;
0981 opt->dst_opt[3] = 1;
0982 opt->dst_opt[4] = encap_limit;
0983 opt->dst_opt[5] = IPV6_TLV_PADN;
0984 opt->dst_opt[6] = 1;
0985
0986 opt->ops.dst1opt = (struct ipv6_opt_hdr *) opt->dst_opt;
0987 opt->ops.opt_nflen = 8;
0988 }
0989
0990
0991
0992
0993
0994
0995
0996
0997
0998
0999
1000
1001
1002
1003
1004 static inline bool
1005 ip6_tnl_addr_conflict(const struct ip6_tnl *t, const struct ipv6hdr *hdr)
1006 {
1007 return ipv6_addr_equal(&t->parms.raddr, &hdr->saddr);
1008 }
1009
1010 int ip6_tnl_xmit_ctl(struct ip6_tnl *t,
1011 const struct in6_addr *laddr,
1012 const struct in6_addr *raddr)
1013 {
1014 struct __ip6_tnl_parm *p = &t->parms;
1015 int ret = 0;
1016 struct net *net = t->net;
1017
1018 if (t->parms.collect_md)
1019 return 1;
1020
1021 if ((p->flags & IP6_TNL_F_CAP_XMIT) ||
1022 ((p->flags & IP6_TNL_F_CAP_PER_PACKET) &&
1023 (ip6_tnl_get_cap(t, laddr, raddr) & IP6_TNL_F_CAP_XMIT))) {
1024 struct net_device *ldev = NULL;
1025
1026 rcu_read_lock();
1027 if (p->link)
1028 ldev = dev_get_by_index_rcu(net, p->link);
1029
1030 if (unlikely(!ipv6_chk_addr_and_flags(net, laddr, ldev, false,
1031 0, IFA_F_TENTATIVE)))
1032 pr_warn_ratelimited("%s xmit: Local address not yet configured!\n",
1033 p->name);
1034 else if (!(p->flags & IP6_TNL_F_ALLOW_LOCAL_REMOTE) &&
1035 !ipv6_addr_is_multicast(raddr) &&
1036 unlikely(ipv6_chk_addr_and_flags(net, raddr, ldev,
1037 true, 0, IFA_F_TENTATIVE)))
1038 pr_warn_ratelimited("%s xmit: Routing loop! Remote address found on this node!\n",
1039 p->name);
1040 else
1041 ret = 1;
1042 rcu_read_unlock();
1043 }
1044 return ret;
1045 }
1046 EXPORT_SYMBOL_GPL(ip6_tnl_xmit_ctl);
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068 int ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev, __u8 dsfield,
1069 struct flowi6 *fl6, int encap_limit, __u32 *pmtu,
1070 __u8 proto)
1071 {
1072 struct ip6_tnl *t = netdev_priv(dev);
1073 struct net *net = t->net;
1074 struct net_device_stats *stats = &t->dev->stats;
1075 struct ipv6hdr *ipv6h;
1076 struct ipv6_tel_txoption opt;
1077 struct dst_entry *dst = NULL, *ndst = NULL;
1078 struct net_device *tdev;
1079 int mtu;
1080 unsigned int eth_hlen = t->dev->type == ARPHRD_ETHER ? ETH_HLEN : 0;
1081 unsigned int psh_hlen = sizeof(struct ipv6hdr) + t->encap_hlen;
1082 unsigned int max_headroom = psh_hlen;
1083 __be16 payload_protocol;
1084 bool use_cache = false;
1085 u8 hop_limit;
1086 int err = -1;
1087
1088 payload_protocol = skb_protocol(skb, true);
1089
1090 if (t->parms.collect_md) {
1091 hop_limit = skb_tunnel_info(skb)->key.ttl;
1092 goto route_lookup;
1093 } else {
1094 hop_limit = t->parms.hop_limit;
1095 }
1096
1097
1098 if (ipv6_addr_any(&t->parms.raddr)) {
1099 if (payload_protocol == htons(ETH_P_IPV6)) {
1100 struct in6_addr *addr6;
1101 struct neighbour *neigh;
1102 int addr_type;
1103
1104 if (!skb_dst(skb))
1105 goto tx_err_link_failure;
1106
1107 neigh = dst_neigh_lookup(skb_dst(skb),
1108 &ipv6_hdr(skb)->daddr);
1109 if (!neigh)
1110 goto tx_err_link_failure;
1111
1112 addr6 = (struct in6_addr *)&neigh->primary_key;
1113 addr_type = ipv6_addr_type(addr6);
1114
1115 if (addr_type == IPV6_ADDR_ANY)
1116 addr6 = &ipv6_hdr(skb)->daddr;
1117
1118 memcpy(&fl6->daddr, addr6, sizeof(fl6->daddr));
1119 neigh_release(neigh);
1120 } else if (payload_protocol == htons(ETH_P_IP)) {
1121 const struct rtable *rt = skb_rtable(skb);
1122
1123 if (!rt)
1124 goto tx_err_link_failure;
1125
1126 if (rt->rt_gw_family == AF_INET6)
1127 memcpy(&fl6->daddr, &rt->rt_gw6, sizeof(fl6->daddr));
1128 }
1129 } else if (t->parms.proto != 0 && !(t->parms.flags &
1130 (IP6_TNL_F_USE_ORIG_TCLASS |
1131 IP6_TNL_F_USE_ORIG_FWMARK))) {
1132
1133
1134
1135 use_cache = true;
1136 }
1137
1138 if (use_cache)
1139 dst = dst_cache_get(&t->dst_cache);
1140
1141 if (!ip6_tnl_xmit_ctl(t, &fl6->saddr, &fl6->daddr))
1142 goto tx_err_link_failure;
1143
1144 if (!dst) {
1145 route_lookup:
1146
1147 fl6->flowlabel = ip6_make_flowinfo(dsfield, fl6->flowlabel);
1148
1149 dst = ip6_route_output(net, NULL, fl6);
1150
1151 if (dst->error)
1152 goto tx_err_link_failure;
1153 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), NULL, 0);
1154 if (IS_ERR(dst)) {
1155 err = PTR_ERR(dst);
1156 dst = NULL;
1157 goto tx_err_link_failure;
1158 }
1159 if (t->parms.collect_md && ipv6_addr_any(&fl6->saddr) &&
1160 ipv6_dev_get_saddr(net, ip6_dst_idev(dst)->dev,
1161 &fl6->daddr, 0, &fl6->saddr))
1162 goto tx_err_link_failure;
1163 ndst = dst;
1164 }
1165
1166 tdev = dst->dev;
1167
1168 if (tdev == dev) {
1169 stats->collisions++;
1170 net_warn_ratelimited("%s: Local routing loop detected!\n",
1171 t->parms.name);
1172 goto tx_err_dst_release;
1173 }
1174 mtu = dst_mtu(dst) - eth_hlen - psh_hlen - t->tun_hlen;
1175 if (encap_limit >= 0) {
1176 max_headroom += 8;
1177 mtu -= 8;
1178 }
1179 mtu = max(mtu, skb->protocol == htons(ETH_P_IPV6) ?
1180 IPV6_MIN_MTU : IPV4_MIN_MTU);
1181
1182 skb_dst_update_pmtu_no_confirm(skb, mtu);
1183 if (skb->len - t->tun_hlen - eth_hlen > mtu && !skb_is_gso(skb)) {
1184 *pmtu = mtu;
1185 err = -EMSGSIZE;
1186 goto tx_err_dst_release;
1187 }
1188
1189 if (t->err_count > 0) {
1190 if (time_before(jiffies,
1191 t->err_time + IP6TUNNEL_ERR_TIMEO)) {
1192 t->err_count--;
1193
1194 dst_link_failure(skb);
1195 } else {
1196 t->err_count = 0;
1197 }
1198 }
1199
1200 skb_scrub_packet(skb, !net_eq(t->net, dev_net(dev)));
1201
1202
1203
1204
1205 max_headroom += LL_RESERVED_SPACE(tdev);
1206
1207 if (skb_headroom(skb) < max_headroom || skb_shared(skb) ||
1208 (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
1209 struct sk_buff *new_skb;
1210
1211 new_skb = skb_realloc_headroom(skb, max_headroom);
1212 if (!new_skb)
1213 goto tx_err_dst_release;
1214
1215 if (skb->sk)
1216 skb_set_owner_w(new_skb, skb->sk);
1217 consume_skb(skb);
1218 skb = new_skb;
1219 }
1220
1221 if (t->parms.collect_md) {
1222 if (t->encap.type != TUNNEL_ENCAP_NONE)
1223 goto tx_err_dst_release;
1224 } else {
1225 if (use_cache && ndst)
1226 dst_cache_set_ip6(&t->dst_cache, ndst, &fl6->saddr);
1227 }
1228 skb_dst_set(skb, dst);
1229
1230 if (hop_limit == 0) {
1231 if (payload_protocol == htons(ETH_P_IP))
1232 hop_limit = ip_hdr(skb)->ttl;
1233 else if (payload_protocol == htons(ETH_P_IPV6))
1234 hop_limit = ipv6_hdr(skb)->hop_limit;
1235 else
1236 hop_limit = ip6_dst_hoplimit(dst);
1237 }
1238
1239
1240
1241
1242 max_headroom = LL_RESERVED_SPACE(dst->dev) + sizeof(struct ipv6hdr)
1243 + dst->header_len + t->hlen;
1244 if (max_headroom > dev->needed_headroom)
1245 dev->needed_headroom = max_headroom;
1246
1247 err = ip6_tnl_encap(skb, t, &proto, fl6);
1248 if (err)
1249 return err;
1250
1251 if (encap_limit >= 0) {
1252 init_tel_txopt(&opt, encap_limit);
1253 ipv6_push_frag_opts(skb, &opt.ops, &proto);
1254 }
1255
1256 skb_push(skb, sizeof(struct ipv6hdr));
1257 skb_reset_network_header(skb);
1258 ipv6h = ipv6_hdr(skb);
1259 ip6_flow_hdr(ipv6h, dsfield,
1260 ip6_make_flowlabel(net, skb, fl6->flowlabel, true, fl6));
1261 ipv6h->hop_limit = hop_limit;
1262 ipv6h->nexthdr = proto;
1263 ipv6h->saddr = fl6->saddr;
1264 ipv6h->daddr = fl6->daddr;
1265 ip6tunnel_xmit(NULL, skb, dev);
1266 return 0;
1267 tx_err_link_failure:
1268 stats->tx_carrier_errors++;
1269 dst_link_failure(skb);
1270 tx_err_dst_release:
1271 dst_release(dst);
1272 return err;
1273 }
1274 EXPORT_SYMBOL(ip6_tnl_xmit);
1275
1276 static inline int
1277 ipxip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev,
1278 u8 protocol)
1279 {
1280 struct ip6_tnl *t = netdev_priv(dev);
1281 struct ipv6hdr *ipv6h;
1282 const struct iphdr *iph;
1283 int encap_limit = -1;
1284 __u16 offset;
1285 struct flowi6 fl6;
1286 __u8 dsfield, orig_dsfield;
1287 __u32 mtu;
1288 u8 tproto;
1289 int err;
1290
1291 tproto = READ_ONCE(t->parms.proto);
1292 if (tproto != protocol && tproto != 0)
1293 return -1;
1294
1295 if (t->parms.collect_md) {
1296 struct ip_tunnel_info *tun_info;
1297 const struct ip_tunnel_key *key;
1298
1299 tun_info = skb_tunnel_info(skb);
1300 if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
1301 ip_tunnel_info_af(tun_info) != AF_INET6))
1302 return -1;
1303 key = &tun_info->key;
1304 memset(&fl6, 0, sizeof(fl6));
1305 fl6.flowi6_proto = protocol;
1306 fl6.saddr = key->u.ipv6.src;
1307 fl6.daddr = key->u.ipv6.dst;
1308 fl6.flowlabel = key->label;
1309 dsfield = key->tos;
1310 switch (protocol) {
1311 case IPPROTO_IPIP:
1312 iph = ip_hdr(skb);
1313 orig_dsfield = ipv4_get_dsfield(iph);
1314 break;
1315 case IPPROTO_IPV6:
1316 ipv6h = ipv6_hdr(skb);
1317 orig_dsfield = ipv6_get_dsfield(ipv6h);
1318 break;
1319 default:
1320 orig_dsfield = dsfield;
1321 break;
1322 }
1323 } else {
1324 if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT))
1325 encap_limit = t->parms.encap_limit;
1326 if (protocol == IPPROTO_IPV6) {
1327 offset = ip6_tnl_parse_tlv_enc_lim(skb,
1328 skb_network_header(skb));
1329
1330
1331
1332 if (offset > 0) {
1333 struct ipv6_tlv_tnl_enc_lim *tel;
1334
1335 tel = (void *)&skb_network_header(skb)[offset];
1336 if (tel->encap_limit == 0) {
1337 icmpv6_ndo_send(skb, ICMPV6_PARAMPROB,
1338 ICMPV6_HDR_FIELD, offset + 2);
1339 return -1;
1340 }
1341 encap_limit = tel->encap_limit - 1;
1342 }
1343 }
1344
1345 memcpy(&fl6, &t->fl.u.ip6, sizeof(fl6));
1346 fl6.flowi6_proto = protocol;
1347
1348 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
1349 fl6.flowi6_mark = skb->mark;
1350 else
1351 fl6.flowi6_mark = t->parms.fwmark;
1352 switch (protocol) {
1353 case IPPROTO_IPIP:
1354 iph = ip_hdr(skb);
1355 orig_dsfield = ipv4_get_dsfield(iph);
1356 if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
1357 dsfield = orig_dsfield;
1358 else
1359 dsfield = ip6_tclass(t->parms.flowinfo);
1360 break;
1361 case IPPROTO_IPV6:
1362 ipv6h = ipv6_hdr(skb);
1363 orig_dsfield = ipv6_get_dsfield(ipv6h);
1364 if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
1365 dsfield = orig_dsfield;
1366 else
1367 dsfield = ip6_tclass(t->parms.flowinfo);
1368 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)
1369 fl6.flowlabel |= ip6_flowlabel(ipv6h);
1370 break;
1371 default:
1372 orig_dsfield = dsfield = ip6_tclass(t->parms.flowinfo);
1373 break;
1374 }
1375 }
1376
1377 fl6.flowi6_uid = sock_net_uid(dev_net(dev), NULL);
1378 dsfield = INET_ECN_encapsulate(dsfield, orig_dsfield);
1379
1380 if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6))
1381 return -1;
1382
1383 skb_set_inner_ipproto(skb, protocol);
1384
1385 err = ip6_tnl_xmit(skb, dev, dsfield, &fl6, encap_limit, &mtu,
1386 protocol);
1387 if (err != 0) {
1388
1389 if (err == -EMSGSIZE)
1390 switch (protocol) {
1391 case IPPROTO_IPIP:
1392 icmp_ndo_send(skb, ICMP_DEST_UNREACH,
1393 ICMP_FRAG_NEEDED, htonl(mtu));
1394 break;
1395 case IPPROTO_IPV6:
1396 icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
1397 break;
1398 default:
1399 break;
1400 }
1401 return -1;
1402 }
1403
1404 return 0;
1405 }
1406
1407 static netdev_tx_t
1408 ip6_tnl_start_xmit(struct sk_buff *skb, struct net_device *dev)
1409 {
1410 struct ip6_tnl *t = netdev_priv(dev);
1411 struct net_device_stats *stats = &t->dev->stats;
1412 u8 ipproto;
1413 int ret;
1414
1415 if (!pskb_inet_may_pull(skb))
1416 goto tx_err;
1417
1418 switch (skb->protocol) {
1419 case htons(ETH_P_IP):
1420 ipproto = IPPROTO_IPIP;
1421 break;
1422 case htons(ETH_P_IPV6):
1423 if (ip6_tnl_addr_conflict(t, ipv6_hdr(skb)))
1424 goto tx_err;
1425 ipproto = IPPROTO_IPV6;
1426 break;
1427 case htons(ETH_P_MPLS_UC):
1428 ipproto = IPPROTO_MPLS;
1429 break;
1430 default:
1431 goto tx_err;
1432 }
1433
1434 ret = ipxip6_tnl_xmit(skb, dev, ipproto);
1435 if (ret < 0)
1436 goto tx_err;
1437
1438 return NETDEV_TX_OK;
1439
1440 tx_err:
1441 stats->tx_errors++;
1442 stats->tx_dropped++;
1443 kfree_skb(skb);
1444 return NETDEV_TX_OK;
1445 }
1446
1447 static void ip6_tnl_link_config(struct ip6_tnl *t)
1448 {
1449 struct net_device *dev = t->dev;
1450 struct net_device *tdev = NULL;
1451 struct __ip6_tnl_parm *p = &t->parms;
1452 struct flowi6 *fl6 = &t->fl.u.ip6;
1453 unsigned int mtu;
1454 int t_hlen;
1455
1456 __dev_addr_set(dev, &p->laddr, sizeof(struct in6_addr));
1457 memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr));
1458
1459
1460 fl6->saddr = p->laddr;
1461 fl6->daddr = p->raddr;
1462 fl6->flowi6_oif = p->link;
1463 fl6->flowlabel = 0;
1464
1465 if (!(p->flags&IP6_TNL_F_USE_ORIG_TCLASS))
1466 fl6->flowlabel |= IPV6_TCLASS_MASK & p->flowinfo;
1467 if (!(p->flags&IP6_TNL_F_USE_ORIG_FLOWLABEL))
1468 fl6->flowlabel |= IPV6_FLOWLABEL_MASK & p->flowinfo;
1469
1470 p->flags &= ~(IP6_TNL_F_CAP_XMIT|IP6_TNL_F_CAP_RCV|IP6_TNL_F_CAP_PER_PACKET);
1471 p->flags |= ip6_tnl_get_cap(t, &p->laddr, &p->raddr);
1472
1473 if (p->flags&IP6_TNL_F_CAP_XMIT && p->flags&IP6_TNL_F_CAP_RCV)
1474 dev->flags |= IFF_POINTOPOINT;
1475 else
1476 dev->flags &= ~IFF_POINTOPOINT;
1477
1478 t->tun_hlen = 0;
1479 t->hlen = t->encap_hlen + t->tun_hlen;
1480 t_hlen = t->hlen + sizeof(struct ipv6hdr);
1481
1482 if (p->flags & IP6_TNL_F_CAP_XMIT) {
1483 int strict = (ipv6_addr_type(&p->raddr) &
1484 (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL));
1485
1486 struct rt6_info *rt = rt6_lookup(t->net,
1487 &p->raddr, &p->laddr,
1488 p->link, NULL, strict);
1489 if (rt) {
1490 tdev = rt->dst.dev;
1491 ip6_rt_put(rt);
1492 }
1493
1494 if (!tdev && p->link)
1495 tdev = __dev_get_by_index(t->net, p->link);
1496
1497 if (tdev) {
1498 dev->hard_header_len = tdev->hard_header_len + t_hlen;
1499 mtu = min_t(unsigned int, tdev->mtu, IP6_MAX_MTU);
1500
1501 dev->mtu = mtu - t_hlen;
1502 if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT))
1503 dev->mtu -= 8;
1504
1505 if (dev->mtu < IPV6_MIN_MTU)
1506 dev->mtu = IPV6_MIN_MTU;
1507 }
1508 }
1509 }
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520 static void
1521 ip6_tnl_change(struct ip6_tnl *t, const struct __ip6_tnl_parm *p)
1522 {
1523 t->parms.laddr = p->laddr;
1524 t->parms.raddr = p->raddr;
1525 t->parms.flags = p->flags;
1526 t->parms.hop_limit = p->hop_limit;
1527 t->parms.encap_limit = p->encap_limit;
1528 t->parms.flowinfo = p->flowinfo;
1529 t->parms.link = p->link;
1530 t->parms.proto = p->proto;
1531 t->parms.fwmark = p->fwmark;
1532 dst_cache_reset(&t->dst_cache);
1533 ip6_tnl_link_config(t);
1534 }
1535
1536 static void ip6_tnl_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p)
1537 {
1538 struct net *net = t->net;
1539 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
1540
1541 ip6_tnl_unlink(ip6n, t);
1542 synchronize_net();
1543 ip6_tnl_change(t, p);
1544 ip6_tnl_link(ip6n, t);
1545 netdev_state_change(t->dev);
1546 }
1547
1548 static void ip6_tnl0_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p)
1549 {
1550
1551 t->parms.proto = p->proto;
1552 netdev_state_change(t->dev);
1553 }
1554
1555 static void
1556 ip6_tnl_parm_from_user(struct __ip6_tnl_parm *p, const struct ip6_tnl_parm *u)
1557 {
1558 p->laddr = u->laddr;
1559 p->raddr = u->raddr;
1560 p->flags = u->flags;
1561 p->hop_limit = u->hop_limit;
1562 p->encap_limit = u->encap_limit;
1563 p->flowinfo = u->flowinfo;
1564 p->link = u->link;
1565 p->proto = u->proto;
1566 memcpy(p->name, u->name, sizeof(u->name));
1567 }
1568
1569 static void
1570 ip6_tnl_parm_to_user(struct ip6_tnl_parm *u, const struct __ip6_tnl_parm *p)
1571 {
1572 u->laddr = p->laddr;
1573 u->raddr = p->raddr;
1574 u->flags = p->flags;
1575 u->hop_limit = p->hop_limit;
1576 u->encap_limit = p->encap_limit;
1577 u->flowinfo = p->flowinfo;
1578 u->link = p->link;
1579 u->proto = p->proto;
1580 memcpy(u->name, p->name, sizeof(u->name));
1581 }
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612 static int
1613 ip6_tnl_siocdevprivate(struct net_device *dev, struct ifreq *ifr,
1614 void __user *data, int cmd)
1615 {
1616 int err = 0;
1617 struct ip6_tnl_parm p;
1618 struct __ip6_tnl_parm p1;
1619 struct ip6_tnl *t = netdev_priv(dev);
1620 struct net *net = t->net;
1621 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
1622
1623 memset(&p1, 0, sizeof(p1));
1624
1625 switch (cmd) {
1626 case SIOCGETTUNNEL:
1627 if (dev == ip6n->fb_tnl_dev) {
1628 if (copy_from_user(&p, data, sizeof(p))) {
1629 err = -EFAULT;
1630 break;
1631 }
1632 ip6_tnl_parm_from_user(&p1, &p);
1633 t = ip6_tnl_locate(net, &p1, 0);
1634 if (IS_ERR(t))
1635 t = netdev_priv(dev);
1636 } else {
1637 memset(&p, 0, sizeof(p));
1638 }
1639 ip6_tnl_parm_to_user(&p, &t->parms);
1640 if (copy_to_user(data, &p, sizeof(p)))
1641 err = -EFAULT;
1642 break;
1643 case SIOCADDTUNNEL:
1644 case SIOCCHGTUNNEL:
1645 err = -EPERM;
1646 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1647 break;
1648 err = -EFAULT;
1649 if (copy_from_user(&p, data, sizeof(p)))
1650 break;
1651 err = -EINVAL;
1652 if (p.proto != IPPROTO_IPV6 && p.proto != IPPROTO_IPIP &&
1653 p.proto != 0)
1654 break;
1655 ip6_tnl_parm_from_user(&p1, &p);
1656 t = ip6_tnl_locate(net, &p1, cmd == SIOCADDTUNNEL);
1657 if (cmd == SIOCCHGTUNNEL) {
1658 if (!IS_ERR(t)) {
1659 if (t->dev != dev) {
1660 err = -EEXIST;
1661 break;
1662 }
1663 } else
1664 t = netdev_priv(dev);
1665 if (dev == ip6n->fb_tnl_dev)
1666 ip6_tnl0_update(t, &p1);
1667 else
1668 ip6_tnl_update(t, &p1);
1669 }
1670 if (!IS_ERR(t)) {
1671 err = 0;
1672 ip6_tnl_parm_to_user(&p, &t->parms);
1673 if (copy_to_user(data, &p, sizeof(p)))
1674 err = -EFAULT;
1675
1676 } else {
1677 err = PTR_ERR(t);
1678 }
1679 break;
1680 case SIOCDELTUNNEL:
1681 err = -EPERM;
1682 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1683 break;
1684
1685 if (dev == ip6n->fb_tnl_dev) {
1686 err = -EFAULT;
1687 if (copy_from_user(&p, data, sizeof(p)))
1688 break;
1689 err = -ENOENT;
1690 ip6_tnl_parm_from_user(&p1, &p);
1691 t = ip6_tnl_locate(net, &p1, 0);
1692 if (IS_ERR(t))
1693 break;
1694 err = -EPERM;
1695 if (t->dev == ip6n->fb_tnl_dev)
1696 break;
1697 dev = t->dev;
1698 }
1699 err = 0;
1700 unregister_netdevice(dev);
1701 break;
1702 default:
1703 err = -EINVAL;
1704 }
1705 return err;
1706 }
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718 int ip6_tnl_change_mtu(struct net_device *dev, int new_mtu)
1719 {
1720 struct ip6_tnl *tnl = netdev_priv(dev);
1721
1722 if (tnl->parms.proto == IPPROTO_IPV6) {
1723 if (new_mtu < IPV6_MIN_MTU)
1724 return -EINVAL;
1725 } else {
1726 if (new_mtu < ETH_MIN_MTU)
1727 return -EINVAL;
1728 }
1729 if (tnl->parms.proto == IPPROTO_IPV6 || tnl->parms.proto == 0) {
1730 if (new_mtu > IP6_MAX_MTU - dev->hard_header_len)
1731 return -EINVAL;
1732 } else {
1733 if (new_mtu > IP_MAX_MTU - dev->hard_header_len)
1734 return -EINVAL;
1735 }
1736 dev->mtu = new_mtu;
1737 return 0;
1738 }
1739 EXPORT_SYMBOL(ip6_tnl_change_mtu);
1740
1741 int ip6_tnl_get_iflink(const struct net_device *dev)
1742 {
1743 struct ip6_tnl *t = netdev_priv(dev);
1744
1745 return t->parms.link;
1746 }
1747 EXPORT_SYMBOL(ip6_tnl_get_iflink);
1748
1749 int ip6_tnl_encap_add_ops(const struct ip6_tnl_encap_ops *ops,
1750 unsigned int num)
1751 {
1752 if (num >= MAX_IPTUN_ENCAP_OPS)
1753 return -ERANGE;
1754
1755 return !cmpxchg((const struct ip6_tnl_encap_ops **)
1756 &ip6tun_encaps[num],
1757 NULL, ops) ? 0 : -1;
1758 }
1759 EXPORT_SYMBOL(ip6_tnl_encap_add_ops);
1760
1761 int ip6_tnl_encap_del_ops(const struct ip6_tnl_encap_ops *ops,
1762 unsigned int num)
1763 {
1764 int ret;
1765
1766 if (num >= MAX_IPTUN_ENCAP_OPS)
1767 return -ERANGE;
1768
1769 ret = (cmpxchg((const struct ip6_tnl_encap_ops **)
1770 &ip6tun_encaps[num],
1771 ops, NULL) == ops) ? 0 : -1;
1772
1773 synchronize_net();
1774
1775 return ret;
1776 }
1777 EXPORT_SYMBOL(ip6_tnl_encap_del_ops);
1778
1779 int ip6_tnl_encap_setup(struct ip6_tnl *t,
1780 struct ip_tunnel_encap *ipencap)
1781 {
1782 int hlen;
1783
1784 memset(&t->encap, 0, sizeof(t->encap));
1785
1786 hlen = ip6_encap_hlen(ipencap);
1787 if (hlen < 0)
1788 return hlen;
1789
1790 t->encap.type = ipencap->type;
1791 t->encap.sport = ipencap->sport;
1792 t->encap.dport = ipencap->dport;
1793 t->encap.flags = ipencap->flags;
1794
1795 t->encap_hlen = hlen;
1796 t->hlen = t->encap_hlen + t->tun_hlen;
1797
1798 return 0;
1799 }
1800 EXPORT_SYMBOL_GPL(ip6_tnl_encap_setup);
1801
1802 static const struct net_device_ops ip6_tnl_netdev_ops = {
1803 .ndo_init = ip6_tnl_dev_init,
1804 .ndo_uninit = ip6_tnl_dev_uninit,
1805 .ndo_start_xmit = ip6_tnl_start_xmit,
1806 .ndo_siocdevprivate = ip6_tnl_siocdevprivate,
1807 .ndo_change_mtu = ip6_tnl_change_mtu,
1808 .ndo_get_stats64 = dev_get_tstats64,
1809 .ndo_get_iflink = ip6_tnl_get_iflink,
1810 };
1811
1812 #define IPXIPX_FEATURES (NETIF_F_SG | \
1813 NETIF_F_FRAGLIST | \
1814 NETIF_F_HIGHDMA | \
1815 NETIF_F_GSO_SOFTWARE | \
1816 NETIF_F_HW_CSUM)
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826 static void ip6_tnl_dev_setup(struct net_device *dev)
1827 {
1828 dev->netdev_ops = &ip6_tnl_netdev_ops;
1829 dev->header_ops = &ip_tunnel_header_ops;
1830 dev->needs_free_netdev = true;
1831 dev->priv_destructor = ip6_dev_free;
1832
1833 dev->type = ARPHRD_TUNNEL6;
1834 dev->flags |= IFF_NOARP;
1835 dev->addr_len = sizeof(struct in6_addr);
1836 dev->features |= NETIF_F_LLTX;
1837 netif_keep_dst(dev);
1838
1839 dev->features |= IPXIPX_FEATURES;
1840 dev->hw_features |= IPXIPX_FEATURES;
1841
1842
1843 dev->addr_assign_type = NET_ADDR_RANDOM;
1844 eth_random_addr(dev->perm_addr);
1845 }
1846
1847
1848
1849
1850
1851
1852
1853 static inline int
1854 ip6_tnl_dev_init_gen(struct net_device *dev)
1855 {
1856 struct ip6_tnl *t = netdev_priv(dev);
1857 int ret;
1858 int t_hlen;
1859
1860 t->dev = dev;
1861 t->net = dev_net(dev);
1862 dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
1863 if (!dev->tstats)
1864 return -ENOMEM;
1865
1866 ret = dst_cache_init(&t->dst_cache, GFP_KERNEL);
1867 if (ret)
1868 goto free_stats;
1869
1870 ret = gro_cells_init(&t->gro_cells, dev);
1871 if (ret)
1872 goto destroy_dst;
1873
1874 t->tun_hlen = 0;
1875 t->hlen = t->encap_hlen + t->tun_hlen;
1876 t_hlen = t->hlen + sizeof(struct ipv6hdr);
1877
1878 dev->type = ARPHRD_TUNNEL6;
1879 dev->hard_header_len = LL_MAX_HEADER + t_hlen;
1880 dev->mtu = ETH_DATA_LEN - t_hlen;
1881 if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT))
1882 dev->mtu -= 8;
1883 dev->min_mtu = ETH_MIN_MTU;
1884 dev->max_mtu = IP6_MAX_MTU - dev->hard_header_len;
1885
1886 netdev_hold(dev, &t->dev_tracker, GFP_KERNEL);
1887 return 0;
1888
1889 destroy_dst:
1890 dst_cache_destroy(&t->dst_cache);
1891 free_stats:
1892 free_percpu(dev->tstats);
1893 dev->tstats = NULL;
1894
1895 return ret;
1896 }
1897
1898
1899
1900
1901
1902
1903 static int ip6_tnl_dev_init(struct net_device *dev)
1904 {
1905 struct ip6_tnl *t = netdev_priv(dev);
1906 int err = ip6_tnl_dev_init_gen(dev);
1907
1908 if (err)
1909 return err;
1910 ip6_tnl_link_config(t);
1911 if (t->parms.collect_md)
1912 netif_keep_dst(dev);
1913 return 0;
1914 }
1915
1916
1917
1918
1919
1920
1921
1922
1923 static int __net_init ip6_fb_tnl_dev_init(struct net_device *dev)
1924 {
1925 struct ip6_tnl *t = netdev_priv(dev);
1926 struct net *net = dev_net(dev);
1927 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
1928
1929 t->parms.proto = IPPROTO_IPV6;
1930
1931 rcu_assign_pointer(ip6n->tnls_wc[0], t);
1932 return 0;
1933 }
1934
1935 static int ip6_tnl_validate(struct nlattr *tb[], struct nlattr *data[],
1936 struct netlink_ext_ack *extack)
1937 {
1938 u8 proto;
1939
1940 if (!data || !data[IFLA_IPTUN_PROTO])
1941 return 0;
1942
1943 proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
1944 if (proto != IPPROTO_IPV6 &&
1945 proto != IPPROTO_IPIP &&
1946 proto != 0)
1947 return -EINVAL;
1948
1949 return 0;
1950 }
1951
1952 static void ip6_tnl_netlink_parms(struct nlattr *data[],
1953 struct __ip6_tnl_parm *parms)
1954 {
1955 memset(parms, 0, sizeof(*parms));
1956
1957 if (!data)
1958 return;
1959
1960 if (data[IFLA_IPTUN_LINK])
1961 parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]);
1962
1963 if (data[IFLA_IPTUN_LOCAL])
1964 parms->laddr = nla_get_in6_addr(data[IFLA_IPTUN_LOCAL]);
1965
1966 if (data[IFLA_IPTUN_REMOTE])
1967 parms->raddr = nla_get_in6_addr(data[IFLA_IPTUN_REMOTE]);
1968
1969 if (data[IFLA_IPTUN_TTL])
1970 parms->hop_limit = nla_get_u8(data[IFLA_IPTUN_TTL]);
1971
1972 if (data[IFLA_IPTUN_ENCAP_LIMIT])
1973 parms->encap_limit = nla_get_u8(data[IFLA_IPTUN_ENCAP_LIMIT]);
1974
1975 if (data[IFLA_IPTUN_FLOWINFO])
1976 parms->flowinfo = nla_get_be32(data[IFLA_IPTUN_FLOWINFO]);
1977
1978 if (data[IFLA_IPTUN_FLAGS])
1979 parms->flags = nla_get_u32(data[IFLA_IPTUN_FLAGS]);
1980
1981 if (data[IFLA_IPTUN_PROTO])
1982 parms->proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
1983
1984 if (data[IFLA_IPTUN_COLLECT_METADATA])
1985 parms->collect_md = true;
1986
1987 if (data[IFLA_IPTUN_FWMARK])
1988 parms->fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]);
1989 }
1990
1991 static bool ip6_tnl_netlink_encap_parms(struct nlattr *data[],
1992 struct ip_tunnel_encap *ipencap)
1993 {
1994 bool ret = false;
1995
1996 memset(ipencap, 0, sizeof(*ipencap));
1997
1998 if (!data)
1999 return ret;
2000
2001 if (data[IFLA_IPTUN_ENCAP_TYPE]) {
2002 ret = true;
2003 ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]);
2004 }
2005
2006 if (data[IFLA_IPTUN_ENCAP_FLAGS]) {
2007 ret = true;
2008 ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]);
2009 }
2010
2011 if (data[IFLA_IPTUN_ENCAP_SPORT]) {
2012 ret = true;
2013 ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]);
2014 }
2015
2016 if (data[IFLA_IPTUN_ENCAP_DPORT]) {
2017 ret = true;
2018 ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]);
2019 }
2020
2021 return ret;
2022 }
2023
2024 static int ip6_tnl_newlink(struct net *src_net, struct net_device *dev,
2025 struct nlattr *tb[], struct nlattr *data[],
2026 struct netlink_ext_ack *extack)
2027 {
2028 struct net *net = dev_net(dev);
2029 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
2030 struct ip_tunnel_encap ipencap;
2031 struct ip6_tnl *nt, *t;
2032 int err;
2033
2034 nt = netdev_priv(dev);
2035
2036 if (ip6_tnl_netlink_encap_parms(data, &ipencap)) {
2037 err = ip6_tnl_encap_setup(nt, &ipencap);
2038 if (err < 0)
2039 return err;
2040 }
2041
2042 ip6_tnl_netlink_parms(data, &nt->parms);
2043
2044 if (nt->parms.collect_md) {
2045 if (rtnl_dereference(ip6n->collect_md_tun))
2046 return -EEXIST;
2047 } else {
2048 t = ip6_tnl_locate(net, &nt->parms, 0);
2049 if (!IS_ERR(t))
2050 return -EEXIST;
2051 }
2052
2053 err = ip6_tnl_create2(dev);
2054 if (!err && tb[IFLA_MTU])
2055 ip6_tnl_change_mtu(dev, nla_get_u32(tb[IFLA_MTU]));
2056
2057 return err;
2058 }
2059
2060 static int ip6_tnl_changelink(struct net_device *dev, struct nlattr *tb[],
2061 struct nlattr *data[],
2062 struct netlink_ext_ack *extack)
2063 {
2064 struct ip6_tnl *t = netdev_priv(dev);
2065 struct __ip6_tnl_parm p;
2066 struct net *net = t->net;
2067 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
2068 struct ip_tunnel_encap ipencap;
2069
2070 if (dev == ip6n->fb_tnl_dev)
2071 return -EINVAL;
2072
2073 if (ip6_tnl_netlink_encap_parms(data, &ipencap)) {
2074 int err = ip6_tnl_encap_setup(t, &ipencap);
2075
2076 if (err < 0)
2077 return err;
2078 }
2079 ip6_tnl_netlink_parms(data, &p);
2080 if (p.collect_md)
2081 return -EINVAL;
2082
2083 t = ip6_tnl_locate(net, &p, 0);
2084 if (!IS_ERR(t)) {
2085 if (t->dev != dev)
2086 return -EEXIST;
2087 } else
2088 t = netdev_priv(dev);
2089
2090 ip6_tnl_update(t, &p);
2091 return 0;
2092 }
2093
2094 static void ip6_tnl_dellink(struct net_device *dev, struct list_head *head)
2095 {
2096 struct net *net = dev_net(dev);
2097 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
2098
2099 if (dev != ip6n->fb_tnl_dev)
2100 unregister_netdevice_queue(dev, head);
2101 }
2102
2103 static size_t ip6_tnl_get_size(const struct net_device *dev)
2104 {
2105 return
2106
2107 nla_total_size(4) +
2108
2109 nla_total_size(sizeof(struct in6_addr)) +
2110
2111 nla_total_size(sizeof(struct in6_addr)) +
2112
2113 nla_total_size(1) +
2114
2115 nla_total_size(1) +
2116
2117 nla_total_size(4) +
2118
2119 nla_total_size(4) +
2120
2121 nla_total_size(1) +
2122
2123 nla_total_size(2) +
2124
2125 nla_total_size(2) +
2126
2127 nla_total_size(2) +
2128
2129 nla_total_size(2) +
2130
2131 nla_total_size(0) +
2132
2133 nla_total_size(4) +
2134 0;
2135 }
2136
2137 static int ip6_tnl_fill_info(struct sk_buff *skb, const struct net_device *dev)
2138 {
2139 struct ip6_tnl *tunnel = netdev_priv(dev);
2140 struct __ip6_tnl_parm *parm = &tunnel->parms;
2141
2142 if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
2143 nla_put_in6_addr(skb, IFLA_IPTUN_LOCAL, &parm->laddr) ||
2144 nla_put_in6_addr(skb, IFLA_IPTUN_REMOTE, &parm->raddr) ||
2145 nla_put_u8(skb, IFLA_IPTUN_TTL, parm->hop_limit) ||
2146 nla_put_u8(skb, IFLA_IPTUN_ENCAP_LIMIT, parm->encap_limit) ||
2147 nla_put_be32(skb, IFLA_IPTUN_FLOWINFO, parm->flowinfo) ||
2148 nla_put_u32(skb, IFLA_IPTUN_FLAGS, parm->flags) ||
2149 nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->proto) ||
2150 nla_put_u32(skb, IFLA_IPTUN_FWMARK, parm->fwmark))
2151 goto nla_put_failure;
2152
2153 if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE, tunnel->encap.type) ||
2154 nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT, tunnel->encap.sport) ||
2155 nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT, tunnel->encap.dport) ||
2156 nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS, tunnel->encap.flags))
2157 goto nla_put_failure;
2158
2159 if (parm->collect_md)
2160 if (nla_put_flag(skb, IFLA_IPTUN_COLLECT_METADATA))
2161 goto nla_put_failure;
2162
2163 return 0;
2164
2165 nla_put_failure:
2166 return -EMSGSIZE;
2167 }
2168
2169 struct net *ip6_tnl_get_link_net(const struct net_device *dev)
2170 {
2171 struct ip6_tnl *tunnel = netdev_priv(dev);
2172
2173 return tunnel->net;
2174 }
2175 EXPORT_SYMBOL(ip6_tnl_get_link_net);
2176
2177 static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {
2178 [IFLA_IPTUN_LINK] = { .type = NLA_U32 },
2179 [IFLA_IPTUN_LOCAL] = { .len = sizeof(struct in6_addr) },
2180 [IFLA_IPTUN_REMOTE] = { .len = sizeof(struct in6_addr) },
2181 [IFLA_IPTUN_TTL] = { .type = NLA_U8 },
2182 [IFLA_IPTUN_ENCAP_LIMIT] = { .type = NLA_U8 },
2183 [IFLA_IPTUN_FLOWINFO] = { .type = NLA_U32 },
2184 [IFLA_IPTUN_FLAGS] = { .type = NLA_U32 },
2185 [IFLA_IPTUN_PROTO] = { .type = NLA_U8 },
2186 [IFLA_IPTUN_ENCAP_TYPE] = { .type = NLA_U16 },
2187 [IFLA_IPTUN_ENCAP_FLAGS] = { .type = NLA_U16 },
2188 [IFLA_IPTUN_ENCAP_SPORT] = { .type = NLA_U16 },
2189 [IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 },
2190 [IFLA_IPTUN_COLLECT_METADATA] = { .type = NLA_FLAG },
2191 [IFLA_IPTUN_FWMARK] = { .type = NLA_U32 },
2192 };
2193
2194 static struct rtnl_link_ops ip6_link_ops __read_mostly = {
2195 .kind = "ip6tnl",
2196 .maxtype = IFLA_IPTUN_MAX,
2197 .policy = ip6_tnl_policy,
2198 .priv_size = sizeof(struct ip6_tnl),
2199 .setup = ip6_tnl_dev_setup,
2200 .validate = ip6_tnl_validate,
2201 .newlink = ip6_tnl_newlink,
2202 .changelink = ip6_tnl_changelink,
2203 .dellink = ip6_tnl_dellink,
2204 .get_size = ip6_tnl_get_size,
2205 .fill_info = ip6_tnl_fill_info,
2206 .get_link_net = ip6_tnl_get_link_net,
2207 };
2208
2209 static struct xfrm6_tunnel ip4ip6_handler __read_mostly = {
2210 .handler = ip4ip6_rcv,
2211 .err_handler = ip4ip6_err,
2212 .priority = 1,
2213 };
2214
2215 static struct xfrm6_tunnel ip6ip6_handler __read_mostly = {
2216 .handler = ip6ip6_rcv,
2217 .err_handler = ip6ip6_err,
2218 .priority = 1,
2219 };
2220
2221 static struct xfrm6_tunnel mplsip6_handler __read_mostly = {
2222 .handler = mplsip6_rcv,
2223 .err_handler = mplsip6_err,
2224 .priority = 1,
2225 };
2226
2227 static void __net_exit ip6_tnl_destroy_tunnels(struct net *net, struct list_head *list)
2228 {
2229 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
2230 struct net_device *dev, *aux;
2231 int h;
2232 struct ip6_tnl *t;
2233
2234 for_each_netdev_safe(net, dev, aux)
2235 if (dev->rtnl_link_ops == &ip6_link_ops)
2236 unregister_netdevice_queue(dev, list);
2237
2238 for (h = 0; h < IP6_TUNNEL_HASH_SIZE; h++) {
2239 t = rtnl_dereference(ip6n->tnls_r_l[h]);
2240 while (t) {
2241
2242
2243
2244 if (!net_eq(dev_net(t->dev), net))
2245 unregister_netdevice_queue(t->dev, list);
2246 t = rtnl_dereference(t->next);
2247 }
2248 }
2249
2250 t = rtnl_dereference(ip6n->tnls_wc[0]);
2251 while (t) {
2252
2253
2254
2255 if (!net_eq(dev_net(t->dev), net))
2256 unregister_netdevice_queue(t->dev, list);
2257 t = rtnl_dereference(t->next);
2258 }
2259 }
2260
2261 static int __net_init ip6_tnl_init_net(struct net *net)
2262 {
2263 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
2264 struct ip6_tnl *t = NULL;
2265 int err;
2266
2267 ip6n->tnls[0] = ip6n->tnls_wc;
2268 ip6n->tnls[1] = ip6n->tnls_r_l;
2269
2270 if (!net_has_fallback_tunnels(net))
2271 return 0;
2272 err = -ENOMEM;
2273 ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6tnl0",
2274 NET_NAME_UNKNOWN, ip6_tnl_dev_setup);
2275
2276 if (!ip6n->fb_tnl_dev)
2277 goto err_alloc_dev;
2278 dev_net_set(ip6n->fb_tnl_dev, net);
2279 ip6n->fb_tnl_dev->rtnl_link_ops = &ip6_link_ops;
2280
2281
2282
2283 ip6n->fb_tnl_dev->features |= NETIF_F_NETNS_LOCAL;
2284
2285 err = ip6_fb_tnl_dev_init(ip6n->fb_tnl_dev);
2286 if (err < 0)
2287 goto err_register;
2288
2289 err = register_netdev(ip6n->fb_tnl_dev);
2290 if (err < 0)
2291 goto err_register;
2292
2293 t = netdev_priv(ip6n->fb_tnl_dev);
2294
2295 strcpy(t->parms.name, ip6n->fb_tnl_dev->name);
2296 return 0;
2297
2298 err_register:
2299 free_netdev(ip6n->fb_tnl_dev);
2300 err_alloc_dev:
2301 return err;
2302 }
2303
2304 static void __net_exit ip6_tnl_exit_batch_net(struct list_head *net_list)
2305 {
2306 struct net *net;
2307 LIST_HEAD(list);
2308
2309 rtnl_lock();
2310 list_for_each_entry(net, net_list, exit_list)
2311 ip6_tnl_destroy_tunnels(net, &list);
2312 unregister_netdevice_many(&list);
2313 rtnl_unlock();
2314 }
2315
2316 static struct pernet_operations ip6_tnl_net_ops = {
2317 .init = ip6_tnl_init_net,
2318 .exit_batch = ip6_tnl_exit_batch_net,
2319 .id = &ip6_tnl_net_id,
2320 .size = sizeof(struct ip6_tnl_net),
2321 };
2322
2323
2324
2325
2326
2327
2328
2329 static int __init ip6_tunnel_init(void)
2330 {
2331 int err;
2332
2333 if (!ipv6_mod_enabled())
2334 return -EOPNOTSUPP;
2335
2336 err = register_pernet_device(&ip6_tnl_net_ops);
2337 if (err < 0)
2338 goto out_pernet;
2339
2340 err = xfrm6_tunnel_register(&ip4ip6_handler, AF_INET);
2341 if (err < 0) {
2342 pr_err("%s: can't register ip4ip6\n", __func__);
2343 goto out_ip4ip6;
2344 }
2345
2346 err = xfrm6_tunnel_register(&ip6ip6_handler, AF_INET6);
2347 if (err < 0) {
2348 pr_err("%s: can't register ip6ip6\n", __func__);
2349 goto out_ip6ip6;
2350 }
2351
2352 if (ip6_tnl_mpls_supported()) {
2353 err = xfrm6_tunnel_register(&mplsip6_handler, AF_MPLS);
2354 if (err < 0) {
2355 pr_err("%s: can't register mplsip6\n", __func__);
2356 goto out_mplsip6;
2357 }
2358 }
2359
2360 err = rtnl_link_register(&ip6_link_ops);
2361 if (err < 0)
2362 goto rtnl_link_failed;
2363
2364 return 0;
2365
2366 rtnl_link_failed:
2367 if (ip6_tnl_mpls_supported())
2368 xfrm6_tunnel_deregister(&mplsip6_handler, AF_MPLS);
2369 out_mplsip6:
2370 xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6);
2371 out_ip6ip6:
2372 xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET);
2373 out_ip4ip6:
2374 unregister_pernet_device(&ip6_tnl_net_ops);
2375 out_pernet:
2376 return err;
2377 }
2378
2379
2380
2381
2382
2383 static void __exit ip6_tunnel_cleanup(void)
2384 {
2385 rtnl_link_unregister(&ip6_link_ops);
2386 if (xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET))
2387 pr_info("%s: can't deregister ip4ip6\n", __func__);
2388
2389 if (xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6))
2390 pr_info("%s: can't deregister ip6ip6\n", __func__);
2391
2392 if (ip6_tnl_mpls_supported() &&
2393 xfrm6_tunnel_deregister(&mplsip6_handler, AF_MPLS))
2394 pr_info("%s: can't deregister mplsip6\n", __func__);
2395 unregister_pernet_device(&ip6_tnl_net_ops);
2396 }
2397
2398 module_init(ip6_tunnel_init);
2399 module_exit(ip6_tunnel_cleanup);
