2 * Linux NET3: GRE over IP protocol decoder.
4 * Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
13 #include <linux/capability.h>
14 #include <linux/module.h>
15 #include <linux/types.h>
16 #include <linux/sched.h>
17 #include <linux/kernel.h>
18 #include <asm/uaccess.h>
19 #include <linux/skbuff.h>
20 #include <linux/netdevice.h>
22 #include <linux/tcp.h>
23 #include <linux/udp.h>
24 #include <linux/if_arp.h>
25 #include <linux/mroute.h>
26 #include <linux/init.h>
27 #include <linux/in6.h>
28 #include <linux/inetdevice.h>
29 #include <linux/igmp.h>
30 #include <linux/netfilter_ipv4.h>
31 #include <linux/if_ether.h>
36 #include <net/protocol.h>
39 #include <net/checksum.h>
40 #include <net/dsfield.h>
41 #include <net/inet_ecn.h>
46 #include <net/ip6_fib.h>
47 #include <net/ip6_route.h>
54 1. The most important issue is detecting local dead loops.
55 They would cause complete host lockup in transmit, which
56 would be "resolved" by stack overflow or, if queueing is enabled,
57 with infinite looping in net_bh.
59 We cannot track such dead loops during route installation,
60 it is infeasible task. The most general solutions would be
61 to keep skb->encapsulation counter (sort of local ttl),
62 and silently drop packet when it expires. It is the best
63 solution, but it supposes maintaing new variable in ALL
64 skb, even if no tunneling is used.
66 Current solution: t->recursion lock breaks dead loops. It looks
67 like dev->tbusy flag, but I preferred new variable, because
68 the semantics is different. One day, when hard_start_xmit
69 will be multithreaded we will have to use skb->encapsulation.
73 2. Networking dead loops would not kill routers, but would really
74 kill network. IP hop limit plays role of "t->recursion" in this case,
75 if we copy it from packet being encapsulated to upper header.
76 It is very good solution, but it introduces two problems:
78 - Routing protocols, using packets with ttl=1 (OSPF, RIP2),
79 do not work over tunnels.
80 - traceroute does not work. I planned to relay ICMP from tunnel,
81 so that this problem would be solved and traceroute output
82 would even more informative. This idea appeared to be wrong:
83 only Linux complies to rfc1812 now (yes, guys, Linux is the only
84 true router now :-)), all routers (at least, in neighbourhood of mine)
85 return only 8 bytes of payload. It is the end.
87 Hence, if we want that OSPF worked or traceroute said something reasonable,
88 we should search for another solution.
90 One of them is to parse packet trying to detect inner encapsulation
91 made by our node. It is difficult or even impossible, especially,
92 taking into account fragmentation. TO be short, tt is not solution at all.
94 Current solution: The solution was UNEXPECTEDLY SIMPLE.
95 We force DF flag on tunnels with preconfigured hop limit,
96 that is ALL. :-) Well, it does not remove the problem completely,
97 but exponential growth of network traffic is changed to linear
98 (branches, that exceed pmtu are pruned) and tunnel mtu
99 fastly degrades to value <68, where looping stops.
100 Yes, it is not good if there exists a router in the loop,
101 which does not force DF, even when encapsulating packets have DF set.
102 But it is not our problem! Nobody could accuse us, we made
103 all that we could make. Even if it is your gated who injected
104 fatal route to network, even if it were you who configured
105 fatal static route: you are innocent. :-)
109 3. Really, ipv4/ipip.c, ipv4/ip_gre.c and ipv6/sit.c contain
110 practically identical code. It would be good to glue them
111 together, but it is not very evident, how to make them modular.
112 sit is integral part of IPv6, ipip and gre are naturally modular.
113 We could extract common parts (hash table, ioctl etc)
114 to a separate module (ip_tunnel.c).
119 static int ipgre_tunnel_init(struct net_device *dev);
120 static void ipgre_tunnel_setup(struct net_device *dev);
122 /* Fallback tunnel: no source, no destination, no key, no options */
124 static int ipgre_fb_tunnel_init(struct net_device *dev);
126 static struct net_device *ipgre_fb_tunnel_dev;
128 /* Tunnel hash table */
138 We require exact key match i.e. if a key is present in packet
139 it will match only tunnel with the same key; if it is not present,
140 it will match only keyless tunnel.
142 All keysless packets, if not matched configured keyless tunnels
143 will match fallback tunnel.
147 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
149 static struct ip_tunnel *tunnels[4][HASH_SIZE];
151 #define tunnels_r_l (tunnels[3])
152 #define tunnels_r (tunnels[2])
153 #define tunnels_l (tunnels[1])
154 #define tunnels_wc (tunnels[0])
156 static DEFINE_RWLOCK(ipgre_lock);
158 /* Given src, dst and key, find appropriate for input tunnel. */
160 static struct ip_tunnel * ipgre_tunnel_lookup(__be32 remote, __be32 local, __be32 key)
162 unsigned h0 = HASH(remote);
163 unsigned h1 = HASH(key);
166 for (t = tunnels_r_l[h0^h1]; t; t = t->next) {
167 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) {
168 if (t->parms.i_key == key && (t->dev->flags&IFF_UP))
172 for (t = tunnels_r[h0^h1]; t; t = t->next) {
173 if (remote == t->parms.iph.daddr) {
174 if (t->parms.i_key == key && (t->dev->flags&IFF_UP))
178 for (t = tunnels_l[h1]; t; t = t->next) {
179 if (local == t->parms.iph.saddr ||
180 (local == t->parms.iph.daddr && MULTICAST(local))) {
181 if (t->parms.i_key == key && (t->dev->flags&IFF_UP))
185 for (t = tunnels_wc[h1]; t; t = t->next) {
186 if (t->parms.i_key == key && (t->dev->flags&IFF_UP))
190 if (ipgre_fb_tunnel_dev->flags&IFF_UP)
191 return netdev_priv(ipgre_fb_tunnel_dev);
195 static struct ip_tunnel **ipgre_bucket(struct ip_tunnel *t)
197 __be32 remote = t->parms.iph.daddr;
198 __be32 local = t->parms.iph.saddr;
199 __be32 key = t->parms.i_key;
200 unsigned h = HASH(key);
205 if (remote && !MULTICAST(remote)) {
210 return &tunnels[prio][h];
213 static void ipgre_tunnel_link(struct ip_tunnel *t)
215 struct ip_tunnel **tp = ipgre_bucket(t);
218 write_lock_bh(&ipgre_lock);
220 write_unlock_bh(&ipgre_lock);
223 static void ipgre_tunnel_unlink(struct ip_tunnel *t)
225 struct ip_tunnel **tp;
227 for (tp = ipgre_bucket(t); *tp; tp = &(*tp)->next) {
229 write_lock_bh(&ipgre_lock);
231 write_unlock_bh(&ipgre_lock);
237 static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int create)
239 __be32 remote = parms->iph.daddr;
240 __be32 local = parms->iph.saddr;
241 __be32 key = parms->i_key;
242 struct ip_tunnel *t, **tp, *nt;
243 struct net_device *dev;
244 unsigned h = HASH(key);
250 if (remote && !MULTICAST(remote)) {
254 for (tp = &tunnels[prio][h]; (t = *tp) != NULL; tp = &t->next) {
255 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) {
256 if (key == t->parms.i_key)
264 strlcpy(name, parms->name, IFNAMSIZ);
267 for (i=1; i<100; i++) {
268 sprintf(name, "gre%d", i);
269 if (__dev_get_by_name(name) == NULL)
276 dev = alloc_netdev(sizeof(*t), name, ipgre_tunnel_setup);
280 dev->init = ipgre_tunnel_init;
281 nt = netdev_priv(dev);
284 if (register_netdevice(dev) < 0) {
290 ipgre_tunnel_link(nt);
297 static void ipgre_tunnel_uninit(struct net_device *dev)
299 ipgre_tunnel_unlink(netdev_priv(dev));
304 static void ipgre_err(struct sk_buff *skb, u32 info)
306 #ifndef I_WISH_WORLD_WERE_PERFECT
308 /* It is not :-( All the routers (except for Linux) return only
309 8 bytes of packet payload. It means, that precise relaying of
310 ICMP in the real Internet is absolutely infeasible.
312 Moreover, Cisco "wise men" put GRE key to the third word
313 in GRE header. It makes impossible maintaining even soft state for keyed
314 GRE tunnels with enabled checksum. Tell them "thank you".
316 Well, I wonder, rfc1812 was written by Cisco employee,
317 what the hell these idiots break standrads established
321 struct iphdr *iph = (struct iphdr*)skb->data;
322 __be16 *p = (__be16*)(skb->data+(iph->ihl<<2));
323 int grehlen = (iph->ihl<<2) + 4;
324 int type = skb->h.icmph->type;
325 int code = skb->h.icmph->code;
330 if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) {
331 if (flags&(GRE_VERSION|GRE_ROUTING))
340 /* If only 8 bytes returned, keyed message will be dropped here */
341 if (skb_headlen(skb) < grehlen)
346 case ICMP_PARAMETERPROB:
349 case ICMP_DEST_UNREACH:
352 case ICMP_PORT_UNREACH:
353 /* Impossible event. */
355 case ICMP_FRAG_NEEDED:
356 /* Soft state for pmtu is maintained by IP core. */
359 /* All others are translated to HOST_UNREACH.
360 rfc2003 contains "deep thoughts" about NET_UNREACH,
361 I believe they are just ether pollution. --ANK
366 case ICMP_TIME_EXCEEDED:
367 if (code != ICMP_EXC_TTL)
372 read_lock(&ipgre_lock);
373 t = ipgre_tunnel_lookup(iph->daddr, iph->saddr, (flags&GRE_KEY) ? *(((__be32*)p) + (grehlen>>2) - 1) : 0);
374 if (t == NULL || t->parms.iph.daddr == 0 || MULTICAST(t->parms.iph.daddr))
377 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
380 if (jiffies - t->err_time < IPTUNNEL_ERR_TIMEO)
384 t->err_time = jiffies;
386 read_unlock(&ipgre_lock);
389 struct iphdr *iph = (struct iphdr*)dp;
391 __be16 *p = (__be16*)(dp+(iph->ihl<<2));
392 int type = skb->h.icmph->type;
393 int code = skb->h.icmph->code;
399 int grehlen = (iph->ihl<<2) + 4;
400 struct sk_buff *skb2;
404 if (p[1] != htons(ETH_P_IP))
408 if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) {
409 if (flags&(GRE_VERSION|GRE_ROUTING))
418 if (len < grehlen + sizeof(struct iphdr))
420 eiph = (struct iphdr*)(dp + grehlen);
425 case ICMP_PARAMETERPROB:
426 n = ntohl(skb->h.icmph->un.gateway) >> 24;
427 if (n < (iph->ihl<<2))
430 /* So... This guy found something strange INSIDE encapsulated
431 packet. Well, he is fool, but what can we do ?
433 rel_type = ICMP_PARAMETERPROB;
435 rel_info = htonl(n << 24);
438 case ICMP_DEST_UNREACH:
441 case ICMP_PORT_UNREACH:
442 /* Impossible event. */
444 case ICMP_FRAG_NEEDED:
445 /* And it is the only really necessary thing :-) */
446 n = ntohs(skb->h.icmph->un.frag.mtu);
450 /* BSD 4.2 MORE DOES NOT EXIST IN NATURE. */
451 if (n > ntohs(eiph->tot_len))
456 /* All others are translated to HOST_UNREACH.
457 rfc2003 contains "deep thoughts" about NET_UNREACH,
458 I believe, it is just ether pollution. --ANK
460 rel_type = ICMP_DEST_UNREACH;
461 rel_code = ICMP_HOST_UNREACH;
465 case ICMP_TIME_EXCEEDED:
466 if (code != ICMP_EXC_TTL)
471 /* Prepare fake skb to feed it to icmp_send */
472 skb2 = skb_clone(skb, GFP_ATOMIC);
475 dst_release(skb2->dst);
477 skb_pull(skb2, skb->data - (u8*)eiph);
478 skb2->nh.raw = skb2->data;
480 /* Try to guess incoming interface */
481 memset(&fl, 0, sizeof(fl));
482 fl.fl4_dst = eiph->saddr;
483 fl.fl4_tos = RT_TOS(eiph->tos);
484 fl.proto = IPPROTO_GRE;
485 if (ip_route_output_key(&rt, &fl)) {
489 skb2->dev = rt->u.dst.dev;
491 /* route "incoming" packet */
492 if (rt->rt_flags&RTCF_LOCAL) {
495 fl.fl4_dst = eiph->daddr;
496 fl.fl4_src = eiph->saddr;
497 fl.fl4_tos = eiph->tos;
498 if (ip_route_output_key(&rt, &fl) ||
499 rt->u.dst.dev->type != ARPHRD_IPGRE) {
506 if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, skb2->dev) ||
507 skb2->dst->dev->type != ARPHRD_IPGRE) {
513 /* change mtu on this route */
514 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
515 if (n > dst_mtu(skb2->dst)) {
519 skb2->dst->ops->update_pmtu(skb2->dst, n);
520 } else if (type == ICMP_TIME_EXCEEDED) {
521 struct ip_tunnel *t = netdev_priv(skb2->dev);
522 if (t->parms.iph.ttl) {
523 rel_type = ICMP_DEST_UNREACH;
524 rel_code = ICMP_HOST_UNREACH;
528 icmp_send(skb2, rel_type, rel_code, rel_info);
533 static inline void ipgre_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb)
535 if (INET_ECN_is_ce(iph->tos)) {
536 if (skb->protocol == htons(ETH_P_IP)) {
537 IP_ECN_set_ce(skb->nh.iph);
538 } else if (skb->protocol == htons(ETH_P_IPV6)) {
539 IP6_ECN_set_ce(skb->nh.ipv6h);
545 ipgre_ecn_encapsulate(u8 tos, struct iphdr *old_iph, struct sk_buff *skb)
548 if (skb->protocol == htons(ETH_P_IP))
549 inner = old_iph->tos;
550 else if (skb->protocol == htons(ETH_P_IPV6))
551 inner = ipv6_get_dsfield((struct ipv6hdr *)old_iph);
552 return INET_ECN_encapsulate(tos, inner);
555 static int ipgre_rcv(struct sk_buff *skb)
563 struct ip_tunnel *tunnel;
566 if (!pskb_may_pull(skb, 16))
573 if (flags&(GRE_CSUM|GRE_KEY|GRE_ROUTING|GRE_SEQ|GRE_VERSION)) {
574 /* - Version must be 0.
575 - We do not support routing headers.
577 if (flags&(GRE_VERSION|GRE_ROUTING))
580 if (flags&GRE_CSUM) {
581 switch (skb->ip_summed) {
582 case CHECKSUM_COMPLETE:
583 csum = csum_fold(skb->csum);
589 csum = __skb_checksum_complete(skb);
590 skb->ip_summed = CHECKSUM_COMPLETE;
595 key = *(__be32*)(h + offset);
599 seqno = ntohl(*(__be32*)(h + offset));
604 read_lock(&ipgre_lock);
605 if ((tunnel = ipgre_tunnel_lookup(iph->saddr, iph->daddr, key)) != NULL) {
608 skb->protocol = *(__be16*)(h + 2);
609 /* WCCP version 1 and 2 protocol decoding.
610 * - Change protocol to IP
611 * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header
614 skb->protocol == htons(ETH_P_WCCP)) {
615 skb->protocol = htons(ETH_P_IP);
616 if ((*(h + offset) & 0xF0) != 0x40)
620 skb->mac.raw = skb->nh.raw;
621 skb->nh.raw = __pskb_pull(skb, offset);
622 skb_postpull_rcsum(skb, skb->h.raw, offset);
623 skb->pkt_type = PACKET_HOST;
624 #ifdef CONFIG_NET_IPGRE_BROADCAST
625 if (MULTICAST(iph->daddr)) {
626 /* Looped back packet, drop it! */
627 if (((struct rtable*)skb->dst)->fl.iif == 0)
629 tunnel->stat.multicast++;
630 skb->pkt_type = PACKET_BROADCAST;
634 if (((flags&GRE_CSUM) && csum) ||
635 (!(flags&GRE_CSUM) && tunnel->parms.i_flags&GRE_CSUM)) {
636 tunnel->stat.rx_crc_errors++;
637 tunnel->stat.rx_errors++;
640 if (tunnel->parms.i_flags&GRE_SEQ) {
641 if (!(flags&GRE_SEQ) ||
642 (tunnel->i_seqno && (s32)(seqno - tunnel->i_seqno) < 0)) {
643 tunnel->stat.rx_fifo_errors++;
644 tunnel->stat.rx_errors++;
647 tunnel->i_seqno = seqno + 1;
649 tunnel->stat.rx_packets++;
650 tunnel->stat.rx_bytes += skb->len;
651 skb->dev = tunnel->dev;
652 dst_release(skb->dst);
655 ipgre_ecn_decapsulate(iph, skb);
657 read_unlock(&ipgre_lock);
660 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
663 read_unlock(&ipgre_lock);
669 static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
671 struct ip_tunnel *tunnel = netdev_priv(dev);
672 struct net_device_stats *stats = &tunnel->stat;
673 struct iphdr *old_iph = skb->nh.iph;
677 struct rtable *rt; /* Route to the other host */
678 struct net_device *tdev; /* Device to other host */
679 struct iphdr *iph; /* Our new IP header */
680 int max_headroom; /* The extra header space needed */
685 if (tunnel->recursion++) {
686 tunnel->stat.collisions++;
690 if (dev->hard_header) {
692 tiph = (struct iphdr*)skb->data;
694 gre_hlen = tunnel->hlen;
695 tiph = &tunnel->parms.iph;
698 if ((dst = tiph->daddr) == 0) {
701 if (skb->dst == NULL) {
702 tunnel->stat.tx_fifo_errors++;
706 if (skb->protocol == htons(ETH_P_IP)) {
707 rt = (struct rtable*)skb->dst;
708 if ((dst = rt->rt_gateway) == 0)
712 else if (skb->protocol == htons(ETH_P_IPV6)) {
713 struct in6_addr *addr6;
715 struct neighbour *neigh = skb->dst->neighbour;
720 addr6 = (struct in6_addr*)&neigh->primary_key;
721 addr_type = ipv6_addr_type(addr6);
723 if (addr_type == IPV6_ADDR_ANY) {
724 addr6 = &skb->nh.ipv6h->daddr;
725 addr_type = ipv6_addr_type(addr6);
728 if ((addr_type & IPV6_ADDR_COMPATv4) == 0)
731 dst = addr6->s6_addr32[3];
740 if (skb->protocol == htons(ETH_P_IP))
746 struct flowi fl = { .oif = tunnel->parms.link,
749 .saddr = tiph->saddr,
750 .tos = RT_TOS(tos) } },
751 .proto = IPPROTO_GRE };
752 if (ip_route_output_key(&rt, &fl)) {
753 tunnel->stat.tx_carrier_errors++;
757 tdev = rt->u.dst.dev;
761 tunnel->stat.collisions++;
767 mtu = dst_mtu(&rt->u.dst) - tunnel->hlen;
769 mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu;
772 skb->dst->ops->update_pmtu(skb->dst, mtu);
774 if (skb->protocol == htons(ETH_P_IP)) {
775 df |= (old_iph->frag_off&htons(IP_DF));
777 if ((old_iph->frag_off&htons(IP_DF)) &&
778 mtu < ntohs(old_iph->tot_len)) {
779 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
785 else if (skb->protocol == htons(ETH_P_IPV6)) {
786 struct rt6_info *rt6 = (struct rt6_info*)skb->dst;
788 if (rt6 && mtu < dst_mtu(skb->dst) && mtu >= IPV6_MIN_MTU) {
789 if ((tunnel->parms.iph.daddr && !MULTICAST(tunnel->parms.iph.daddr)) ||
790 rt6->rt6i_dst.plen == 128) {
791 rt6->rt6i_flags |= RTF_MODIFIED;
792 skb->dst->metrics[RTAX_MTU-1] = mtu;
796 if (mtu >= IPV6_MIN_MTU && mtu < skb->len - tunnel->hlen + gre_hlen) {
797 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, dev);
804 if (tunnel->err_count > 0) {
805 if (jiffies - tunnel->err_time < IPTUNNEL_ERR_TIMEO) {
808 dst_link_failure(skb);
810 tunnel->err_count = 0;
813 max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen;
815 if (skb_headroom(skb) < max_headroom || skb_cloned(skb) || skb_shared(skb)) {
816 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
825 skb_set_owner_w(new_skb, skb->sk);
828 old_iph = skb->nh.iph;
831 skb->h.raw = skb->nh.raw;
832 skb->nh.raw = skb_push(skb, gre_hlen);
833 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
834 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
836 dst_release(skb->dst);
837 skb->dst = &rt->u.dst;
840 * Push down and install the IPIP header.
845 iph->ihl = sizeof(struct iphdr) >> 2;
847 iph->protocol = IPPROTO_GRE;
848 iph->tos = ipgre_ecn_encapsulate(tos, old_iph, skb);
849 iph->daddr = rt->rt_dst;
850 iph->saddr = rt->rt_src;
852 if ((iph->ttl = tiph->ttl) == 0) {
853 if (skb->protocol == htons(ETH_P_IP))
854 iph->ttl = old_iph->ttl;
856 else if (skb->protocol == htons(ETH_P_IPV6))
857 iph->ttl = ((struct ipv6hdr*)old_iph)->hop_limit;
860 iph->ttl = dst_metric(&rt->u.dst, RTAX_HOPLIMIT);
863 ((__be16*)(iph+1))[0] = tunnel->parms.o_flags;
864 ((__be16*)(iph+1))[1] = skb->protocol;
866 if (tunnel->parms.o_flags&(GRE_KEY|GRE_CSUM|GRE_SEQ)) {
867 __be32 *ptr = (__be32*)(((u8*)iph) + tunnel->hlen - 4);
869 if (tunnel->parms.o_flags&GRE_SEQ) {
871 *ptr = htonl(tunnel->o_seqno);
874 if (tunnel->parms.o_flags&GRE_KEY) {
875 *ptr = tunnel->parms.o_key;
878 if (tunnel->parms.o_flags&GRE_CSUM) {
880 *(__sum16*)ptr = ip_compute_csum((void*)(iph+1), skb->len - sizeof(struct iphdr));
891 dst_link_failure(skb);
901 ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
904 struct ip_tunnel_parm p;
910 if (dev == ipgre_fb_tunnel_dev) {
911 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
915 t = ipgre_tunnel_locate(&p, 0);
918 t = netdev_priv(dev);
919 memcpy(&p, &t->parms, sizeof(p));
920 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
927 if (!capable(CAP_NET_ADMIN))
931 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
935 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_GRE ||
936 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)) ||
937 ((p.i_flags|p.o_flags)&(GRE_VERSION|GRE_ROUTING)))
940 p.iph.frag_off |= htons(IP_DF);
942 if (!(p.i_flags&GRE_KEY))
944 if (!(p.o_flags&GRE_KEY))
947 t = ipgre_tunnel_locate(&p, cmd == SIOCADDTUNNEL);
949 if (dev != ipgre_fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
958 t = netdev_priv(dev);
960 if (MULTICAST(p.iph.daddr))
961 nflags = IFF_BROADCAST;
962 else if (p.iph.daddr)
963 nflags = IFF_POINTOPOINT;
965 if ((dev->flags^nflags)&(IFF_POINTOPOINT|IFF_BROADCAST)) {
969 ipgre_tunnel_unlink(t);
970 t->parms.iph.saddr = p.iph.saddr;
971 t->parms.iph.daddr = p.iph.daddr;
972 t->parms.i_key = p.i_key;
973 t->parms.o_key = p.o_key;
974 memcpy(dev->dev_addr, &p.iph.saddr, 4);
975 memcpy(dev->broadcast, &p.iph.daddr, 4);
976 ipgre_tunnel_link(t);
977 netdev_state_change(dev);
983 if (cmd == SIOCCHGTUNNEL) {
984 t->parms.iph.ttl = p.iph.ttl;
985 t->parms.iph.tos = p.iph.tos;
986 t->parms.iph.frag_off = p.iph.frag_off;
988 if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
991 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
996 if (!capable(CAP_NET_ADMIN))
999 if (dev == ipgre_fb_tunnel_dev) {
1001 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
1004 if ((t = ipgre_tunnel_locate(&p, 0)) == NULL)
1007 if (t == netdev_priv(ipgre_fb_tunnel_dev))
1011 unregister_netdevice(dev);
1023 static struct net_device_stats *ipgre_tunnel_get_stats(struct net_device *dev)
1025 return &(((struct ip_tunnel*)netdev_priv(dev))->stat);
1028 static int ipgre_tunnel_change_mtu(struct net_device *dev, int new_mtu)
1030 struct ip_tunnel *tunnel = netdev_priv(dev);
1031 if (new_mtu < 68 || new_mtu > 0xFFF8 - tunnel->hlen)
1037 #ifdef CONFIG_NET_IPGRE_BROADCAST
1038 /* Nice toy. Unfortunately, useless in real life :-)
1039 It allows to construct virtual multiprotocol broadcast "LAN"
1040 over the Internet, provided multicast routing is tuned.
1043 I have no idea was this bicycle invented before me,
1044 so that I had to set ARPHRD_IPGRE to a random value.
1045 I have an impression, that Cisco could make something similar,
1046 but this feature is apparently missing in IOS<=11.2(8).
1048 I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks
1049 with broadcast 224.66.66.66. If you have access to mbone, play with me :-)
1051 ping -t 255 224.66.66.66
1053 If nobody answers, mbone does not work.
1055 ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255
1056 ip addr add 10.66.66.<somewhat>/24 dev Universe
1057 ifconfig Universe up
1058 ifconfig Universe add fe80::<Your_real_addr>/10
1059 ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96
1062 ftp fec0:6666:6666::193.233.7.65
1067 static int ipgre_header(struct sk_buff *skb, struct net_device *dev, unsigned short type,
1068 void *daddr, void *saddr, unsigned len)
1070 struct ip_tunnel *t = netdev_priv(dev);
1071 struct iphdr *iph = (struct iphdr *)skb_push(skb, t->hlen);
1072 __be16 *p = (__be16*)(iph+1);
1074 memcpy(iph, &t->parms.iph, sizeof(struct iphdr));
1075 p[0] = t->parms.o_flags;
1079 * Set the source hardware address.
1083 memcpy(&iph->saddr, saddr, 4);
1086 memcpy(&iph->daddr, daddr, 4);
1089 if (iph->daddr && !MULTICAST(iph->daddr))
1095 static int ipgre_open(struct net_device *dev)
1097 struct ip_tunnel *t = netdev_priv(dev);
1099 if (MULTICAST(t->parms.iph.daddr)) {
1100 struct flowi fl = { .oif = t->parms.link,
1102 { .daddr = t->parms.iph.daddr,
1103 .saddr = t->parms.iph.saddr,
1104 .tos = RT_TOS(t->parms.iph.tos) } },
1105 .proto = IPPROTO_GRE };
1107 if (ip_route_output_key(&rt, &fl))
1108 return -EADDRNOTAVAIL;
1109 dev = rt->u.dst.dev;
1111 if (__in_dev_get_rtnl(dev) == NULL)
1112 return -EADDRNOTAVAIL;
1113 t->mlink = dev->ifindex;
1114 ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr);
1119 static int ipgre_close(struct net_device *dev)
1121 struct ip_tunnel *t = netdev_priv(dev);
1122 if (MULTICAST(t->parms.iph.daddr) && t->mlink) {
1123 struct in_device *in_dev = inetdev_by_index(t->mlink);
1125 ip_mc_dec_group(in_dev, t->parms.iph.daddr);
1134 static void ipgre_tunnel_setup(struct net_device *dev)
1136 SET_MODULE_OWNER(dev);
1137 dev->uninit = ipgre_tunnel_uninit;
1138 dev->destructor = free_netdev;
1139 dev->hard_start_xmit = ipgre_tunnel_xmit;
1140 dev->get_stats = ipgre_tunnel_get_stats;
1141 dev->do_ioctl = ipgre_tunnel_ioctl;
1142 dev->change_mtu = ipgre_tunnel_change_mtu;
1144 dev->type = ARPHRD_IPGRE;
1145 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr) + 4;
1146 dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr) - 4;
1147 dev->flags = IFF_NOARP;
1152 static int ipgre_tunnel_init(struct net_device *dev)
1154 struct net_device *tdev = NULL;
1155 struct ip_tunnel *tunnel;
1157 int hlen = LL_MAX_HEADER;
1158 int mtu = ETH_DATA_LEN;
1159 int addend = sizeof(struct iphdr) + 4;
1161 tunnel = netdev_priv(dev);
1162 iph = &tunnel->parms.iph;
1165 strcpy(tunnel->parms.name, dev->name);
1167 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
1168 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
1170 /* Guess output device to choose reasonable mtu and hard_header_len */
1173 struct flowi fl = { .oif = tunnel->parms.link,
1175 { .daddr = iph->daddr,
1176 .saddr = iph->saddr,
1177 .tos = RT_TOS(iph->tos) } },
1178 .proto = IPPROTO_GRE };
1180 if (!ip_route_output_key(&rt, &fl)) {
1181 tdev = rt->u.dst.dev;
1185 dev->flags |= IFF_POINTOPOINT;
1187 #ifdef CONFIG_NET_IPGRE_BROADCAST
1188 if (MULTICAST(iph->daddr)) {
1191 dev->flags = IFF_BROADCAST;
1192 dev->hard_header = ipgre_header;
1193 dev->open = ipgre_open;
1194 dev->stop = ipgre_close;
1199 if (!tdev && tunnel->parms.link)
1200 tdev = __dev_get_by_index(tunnel->parms.link);
1203 hlen = tdev->hard_header_len;
1206 dev->iflink = tunnel->parms.link;
1208 /* Precalculate GRE options length */
1209 if (tunnel->parms.o_flags&(GRE_CSUM|GRE_KEY|GRE_SEQ)) {
1210 if (tunnel->parms.o_flags&GRE_CSUM)
1212 if (tunnel->parms.o_flags&GRE_KEY)
1214 if (tunnel->parms.o_flags&GRE_SEQ)
1217 dev->hard_header_len = hlen + addend;
1218 dev->mtu = mtu - addend;
1219 tunnel->hlen = addend;
1223 static int __init ipgre_fb_tunnel_init(struct net_device *dev)
1225 struct ip_tunnel *tunnel = netdev_priv(dev);
1226 struct iphdr *iph = &tunnel->parms.iph;
1229 strcpy(tunnel->parms.name, dev->name);
1232 iph->protocol = IPPROTO_GRE;
1234 tunnel->hlen = sizeof(struct iphdr) + 4;
1237 tunnels_wc[0] = tunnel;
1242 static struct net_protocol ipgre_protocol = {
1243 .handler = ipgre_rcv,
1244 .err_handler = ipgre_err,
1249 * And now the modules code and kernel interface.
1252 static int __init ipgre_init(void)
1256 printk(KERN_INFO "GRE over IPv4 tunneling driver\n");
1258 if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
1259 printk(KERN_INFO "ipgre init: can't add protocol\n");
1263 ipgre_fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0",
1264 ipgre_tunnel_setup);
1265 if (!ipgre_fb_tunnel_dev) {
1270 ipgre_fb_tunnel_dev->init = ipgre_fb_tunnel_init;
1272 if ((err = register_netdev(ipgre_fb_tunnel_dev)))
1277 free_netdev(ipgre_fb_tunnel_dev);
1279 inet_del_protocol(&ipgre_protocol, IPPROTO_GRE);
1283 static void __exit ipgre_destroy_tunnels(void)
1287 for (prio = 0; prio < 4; prio++) {
1289 for (h = 0; h < HASH_SIZE; h++) {
1290 struct ip_tunnel *t;
1291 while ((t = tunnels[prio][h]) != NULL)
1292 unregister_netdevice(t->dev);
1297 static void __exit ipgre_fini(void)
1299 if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0)
1300 printk(KERN_INFO "ipgre close: can't remove protocol\n");
1303 ipgre_destroy_tunnels();
1307 module_init(ipgre_init);
1308 module_exit(ipgre_fini);
1309 MODULE_LICENSE("GPL");
git.samba.org / sfrench / cifs-2.6.git / blob