2 * Copyright (c) 2013 Nicira, Inc.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of version 2 of the GNU General Public
6 * License as published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
21 #include <linux/capability.h>
22 #include <linux/module.h>
23 #include <linux/types.h>
24 #include <linux/kernel.h>
25 #include <linux/slab.h>
26 #include <linux/uaccess.h>
27 #include <linux/skbuff.h>
28 #include <linux/netdevice.h>
30 #include <linux/tcp.h>
31 #include <linux/udp.h>
32 #include <linux/if_arp.h>
33 #include <linux/init.h>
34 #include <linux/in6.h>
35 #include <linux/inetdevice.h>
36 #include <linux/igmp.h>
37 #include <linux/netfilter_ipv4.h>
38 #include <linux/etherdevice.h>
39 #include <linux/if_ether.h>
40 #include <linux/if_vlan.h>
41 #include <linux/rculist.h>
42 #include <linux/err.h>
47 #include <net/protocol.h>
48 #include <net/ip_tunnels.h>
50 #include <net/checksum.h>
51 #include <net/dsfield.h>
52 #include <net/inet_ecn.h>
54 #include <net/net_namespace.h>
55 #include <net/netns/generic.h>
56 #include <net/rtnetlink.h>
58 #include <net/dst_metadata.h>
60 #if IS_ENABLED(CONFIG_IPV6)
62 #include <net/ip6_fib.h>
63 #include <net/ip6_route.h>
66 static unsigned int ip_tunnel_hash(__be32 key, __be32 remote)
68 return hash_32((__force u32)key ^ (__force u32)remote,
72 static bool ip_tunnel_key_match(const struct ip_tunnel_parm *p,
73 __be16 flags, __be32 key)
75 if (p->i_flags & TUNNEL_KEY) {
76 if (flags & TUNNEL_KEY)
77 return key == p->i_key;
79 /* key expected, none present */
82 return !(flags & TUNNEL_KEY);
85 /* Fallback tunnel: no source, no destination, no key, no options
88 We require exact key match i.e. if a key is present in packet
89 it will match only tunnel with the same key; if it is not present,
90 it will match only keyless tunnel.
92 All keysless packets, if not matched configured keyless tunnels
93 will match fallback tunnel.
94 Given src, dst and key, find appropriate for input tunnel.
96 struct ip_tunnel *ip_tunnel_lookup(struct ip_tunnel_net *itn,
97 int link, __be16 flags,
98 __be32 remote, __be32 local,
102 struct ip_tunnel *t, *cand = NULL;
103 struct hlist_head *head;
105 hash = ip_tunnel_hash(key, remote);
106 head = &itn->tunnels[hash];
108 hlist_for_each_entry_rcu(t, head, hash_node) {
109 if (local != t->parms.iph.saddr ||
110 remote != t->parms.iph.daddr ||
111 !(t->dev->flags & IFF_UP))
114 if (!ip_tunnel_key_match(&t->parms, flags, key))
117 if (t->parms.link == link)
123 hlist_for_each_entry_rcu(t, head, hash_node) {
124 if (remote != t->parms.iph.daddr ||
125 t->parms.iph.saddr != 0 ||
126 !(t->dev->flags & IFF_UP))
129 if (!ip_tunnel_key_match(&t->parms, flags, key))
132 if (t->parms.link == link)
138 hash = ip_tunnel_hash(key, 0);
139 head = &itn->tunnels[hash];
141 hlist_for_each_entry_rcu(t, head, hash_node) {
142 if ((local != t->parms.iph.saddr || t->parms.iph.daddr != 0) &&
143 (local != t->parms.iph.daddr || !ipv4_is_multicast(local)))
146 if (!(t->dev->flags & IFF_UP))
149 if (!ip_tunnel_key_match(&t->parms, flags, key))
152 if (t->parms.link == link)
158 if (flags & TUNNEL_NO_KEY)
159 goto skip_key_lookup;
161 hlist_for_each_entry_rcu(t, head, hash_node) {
162 if (t->parms.i_key != key ||
163 t->parms.iph.saddr != 0 ||
164 t->parms.iph.daddr != 0 ||
165 !(t->dev->flags & IFF_UP))
168 if (t->parms.link == link)
178 t = rcu_dereference(itn->collect_md_tun);
179 if (t && t->dev->flags & IFF_UP)
182 if (itn->fb_tunnel_dev && itn->fb_tunnel_dev->flags & IFF_UP)
183 return netdev_priv(itn->fb_tunnel_dev);
187 EXPORT_SYMBOL_GPL(ip_tunnel_lookup);
189 static struct hlist_head *ip_bucket(struct ip_tunnel_net *itn,
190 struct ip_tunnel_parm *parms)
194 __be32 i_key = parms->i_key;
196 if (parms->iph.daddr && !ipv4_is_multicast(parms->iph.daddr))
197 remote = parms->iph.daddr;
201 if (!(parms->i_flags & TUNNEL_KEY) && (parms->i_flags & VTI_ISVTI))
204 h = ip_tunnel_hash(i_key, remote);
205 return &itn->tunnels[h];
208 static void ip_tunnel_add(struct ip_tunnel_net *itn, struct ip_tunnel *t)
210 struct hlist_head *head = ip_bucket(itn, &t->parms);
213 rcu_assign_pointer(itn->collect_md_tun, t);
214 hlist_add_head_rcu(&t->hash_node, head);
217 static void ip_tunnel_del(struct ip_tunnel_net *itn, struct ip_tunnel *t)
220 rcu_assign_pointer(itn->collect_md_tun, NULL);
221 hlist_del_init_rcu(&t->hash_node);
224 static struct ip_tunnel *ip_tunnel_find(struct ip_tunnel_net *itn,
225 struct ip_tunnel_parm *parms,
228 __be32 remote = parms->iph.daddr;
229 __be32 local = parms->iph.saddr;
230 __be32 key = parms->i_key;
231 __be16 flags = parms->i_flags;
232 int link = parms->link;
233 struct ip_tunnel *t = NULL;
234 struct hlist_head *head = ip_bucket(itn, parms);
236 hlist_for_each_entry_rcu(t, head, hash_node) {
237 if (local == t->parms.iph.saddr &&
238 remote == t->parms.iph.daddr &&
239 link == t->parms.link &&
240 type == t->dev->type &&
241 ip_tunnel_key_match(&t->parms, flags, key))
247 static struct net_device *__ip_tunnel_create(struct net *net,
248 const struct rtnl_link_ops *ops,
249 struct ip_tunnel_parm *parms)
252 struct ip_tunnel *tunnel;
253 struct net_device *dev;
257 strlcpy(name, parms->name, IFNAMSIZ);
259 if (strlen(ops->kind) > (IFNAMSIZ - 3)) {
263 strlcpy(name, ops->kind, IFNAMSIZ);
264 strncat(name, "%d", 2);
268 dev = alloc_netdev(ops->priv_size, name, NET_NAME_UNKNOWN, ops->setup);
273 dev_net_set(dev, net);
275 dev->rtnl_link_ops = ops;
277 tunnel = netdev_priv(dev);
278 tunnel->parms = *parms;
281 err = register_netdevice(dev);
293 static inline void init_tunnel_flow(struct flowi4 *fl4,
295 __be32 daddr, __be32 saddr,
296 __be32 key, __u8 tos, int oif,
299 memset(fl4, 0, sizeof(*fl4));
300 fl4->flowi4_oif = oif;
303 fl4->flowi4_tos = tos;
304 fl4->flowi4_proto = proto;
305 fl4->fl4_gre_key = key;
306 fl4->flowi4_mark = mark;
309 static int ip_tunnel_bind_dev(struct net_device *dev)
311 struct net_device *tdev = NULL;
312 struct ip_tunnel *tunnel = netdev_priv(dev);
313 const struct iphdr *iph;
314 int hlen = LL_MAX_HEADER;
315 int mtu = ETH_DATA_LEN;
316 int t_hlen = tunnel->hlen + sizeof(struct iphdr);
318 iph = &tunnel->parms.iph;
320 /* Guess output device to choose reasonable mtu and needed_headroom */
325 init_tunnel_flow(&fl4, iph->protocol, iph->daddr,
326 iph->saddr, tunnel->parms.o_key,
327 RT_TOS(iph->tos), tunnel->parms.link,
329 rt = ip_route_output_key(tunnel->net, &fl4);
335 if (dev->type != ARPHRD_ETHER)
336 dev->flags |= IFF_POINTOPOINT;
338 dst_cache_reset(&tunnel->dst_cache);
341 if (!tdev && tunnel->parms.link)
342 tdev = __dev_get_by_index(tunnel->net, tunnel->parms.link);
345 hlen = tdev->hard_header_len + tdev->needed_headroom;
349 dev->needed_headroom = t_hlen + hlen;
350 mtu -= (dev->hard_header_len + t_hlen);
352 if (mtu < IPV4_MIN_MTU)
358 static struct ip_tunnel *ip_tunnel_create(struct net *net,
359 struct ip_tunnel_net *itn,
360 struct ip_tunnel_parm *parms)
362 struct ip_tunnel *nt;
363 struct net_device *dev;
366 BUG_ON(!itn->fb_tunnel_dev);
367 dev = __ip_tunnel_create(net, itn->fb_tunnel_dev->rtnl_link_ops, parms);
369 return ERR_CAST(dev);
371 dev->mtu = ip_tunnel_bind_dev(dev);
373 nt = netdev_priv(dev);
374 t_hlen = nt->hlen + sizeof(struct iphdr);
375 dev->min_mtu = ETH_MIN_MTU;
376 dev->max_mtu = 0xFFF8 - dev->hard_header_len - t_hlen;
377 ip_tunnel_add(itn, nt);
381 int ip_tunnel_rcv(struct ip_tunnel *tunnel, struct sk_buff *skb,
382 const struct tnl_ptk_info *tpi, struct metadata_dst *tun_dst,
385 struct pcpu_sw_netstats *tstats;
386 const struct iphdr *iph = ip_hdr(skb);
389 #ifdef CONFIG_NET_IPGRE_BROADCAST
390 if (ipv4_is_multicast(iph->daddr)) {
391 tunnel->dev->stats.multicast++;
392 skb->pkt_type = PACKET_BROADCAST;
396 if ((!(tpi->flags&TUNNEL_CSUM) && (tunnel->parms.i_flags&TUNNEL_CSUM)) ||
397 ((tpi->flags&TUNNEL_CSUM) && !(tunnel->parms.i_flags&TUNNEL_CSUM))) {
398 tunnel->dev->stats.rx_crc_errors++;
399 tunnel->dev->stats.rx_errors++;
403 if (tunnel->parms.i_flags&TUNNEL_SEQ) {
404 if (!(tpi->flags&TUNNEL_SEQ) ||
405 (tunnel->i_seqno && (s32)(ntohl(tpi->seq) - tunnel->i_seqno) < 0)) {
406 tunnel->dev->stats.rx_fifo_errors++;
407 tunnel->dev->stats.rx_errors++;
410 tunnel->i_seqno = ntohl(tpi->seq) + 1;
413 skb_reset_network_header(skb);
415 err = IP_ECN_decapsulate(iph, skb);
418 net_info_ratelimited("non-ECT from %pI4 with TOS=%#x\n",
419 &iph->saddr, iph->tos);
421 ++tunnel->dev->stats.rx_frame_errors;
422 ++tunnel->dev->stats.rx_errors;
427 tstats = this_cpu_ptr(tunnel->dev->tstats);
428 u64_stats_update_begin(&tstats->syncp);
429 tstats->rx_packets++;
430 tstats->rx_bytes += skb->len;
431 u64_stats_update_end(&tstats->syncp);
433 skb_scrub_packet(skb, !net_eq(tunnel->net, dev_net(tunnel->dev)));
435 if (tunnel->dev->type == ARPHRD_ETHER) {
436 skb->protocol = eth_type_trans(skb, tunnel->dev);
437 skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
439 skb->dev = tunnel->dev;
443 skb_dst_set(skb, (struct dst_entry *)tun_dst);
445 gro_cells_receive(&tunnel->gro_cells, skb);
450 dst_release((struct dst_entry *)tun_dst);
454 EXPORT_SYMBOL_GPL(ip_tunnel_rcv);
456 int ip_tunnel_encap_add_ops(const struct ip_tunnel_encap_ops *ops,
459 if (num >= MAX_IPTUN_ENCAP_OPS)
462 return !cmpxchg((const struct ip_tunnel_encap_ops **)
466 EXPORT_SYMBOL(ip_tunnel_encap_add_ops);
468 int ip_tunnel_encap_del_ops(const struct ip_tunnel_encap_ops *ops,
473 if (num >= MAX_IPTUN_ENCAP_OPS)
476 ret = (cmpxchg((const struct ip_tunnel_encap_ops **)
478 ops, NULL) == ops) ? 0 : -1;
484 EXPORT_SYMBOL(ip_tunnel_encap_del_ops);
486 int ip_tunnel_encap_setup(struct ip_tunnel *t,
487 struct ip_tunnel_encap *ipencap)
491 memset(&t->encap, 0, sizeof(t->encap));
493 hlen = ip_encap_hlen(ipencap);
497 t->encap.type = ipencap->type;
498 t->encap.sport = ipencap->sport;
499 t->encap.dport = ipencap->dport;
500 t->encap.flags = ipencap->flags;
502 t->encap_hlen = hlen;
503 t->hlen = t->encap_hlen + t->tun_hlen;
507 EXPORT_SYMBOL_GPL(ip_tunnel_encap_setup);
509 static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb,
510 struct rtable *rt, __be16 df,
511 const struct iphdr *inner_iph)
513 struct ip_tunnel *tunnel = netdev_priv(dev);
514 int pkt_size = skb->len - tunnel->hlen - dev->hard_header_len;
518 mtu = dst_mtu(&rt->dst) - dev->hard_header_len
519 - sizeof(struct iphdr) - tunnel->hlen;
521 mtu = skb_dst(skb) ? dst_mtu(skb_dst(skb)) : dev->mtu;
524 skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu);
526 if (skb->protocol == htons(ETH_P_IP)) {
527 if (!skb_is_gso(skb) &&
528 (inner_iph->frag_off & htons(IP_DF)) &&
530 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
531 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
535 #if IS_ENABLED(CONFIG_IPV6)
536 else if (skb->protocol == htons(ETH_P_IPV6)) {
537 struct rt6_info *rt6 = (struct rt6_info *)skb_dst(skb);
539 if (rt6 && mtu < dst_mtu(skb_dst(skb)) &&
540 mtu >= IPV6_MIN_MTU) {
541 if ((tunnel->parms.iph.daddr &&
542 !ipv4_is_multicast(tunnel->parms.iph.daddr)) ||
543 rt6->rt6i_dst.plen == 128) {
544 rt6->rt6i_flags |= RTF_MODIFIED;
545 dst_metric_set(skb_dst(skb), RTAX_MTU, mtu);
549 if (!skb_is_gso(skb) && mtu >= IPV6_MIN_MTU &&
551 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
559 void ip_md_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, u8 proto)
561 struct ip_tunnel *tunnel = netdev_priv(dev);
562 u32 headroom = sizeof(struct iphdr);
563 struct ip_tunnel_info *tun_info;
564 const struct ip_tunnel_key *key;
565 const struct iphdr *inner_iph;
571 tun_info = skb_tunnel_info(skb);
572 if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
573 ip_tunnel_info_af(tun_info) != AF_INET))
575 key = &tun_info->key;
576 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
577 inner_iph = (const struct iphdr *)skb_inner_network_header(skb);
580 if (skb->protocol == htons(ETH_P_IP))
581 tos = inner_iph->tos;
582 else if (skb->protocol == htons(ETH_P_IPV6))
583 tos = ipv6_get_dsfield((const struct ipv6hdr *)inner_iph);
585 init_tunnel_flow(&fl4, proto, key->u.ipv4.dst, key->u.ipv4.src, 0,
586 RT_TOS(tos), tunnel->parms.link, tunnel->fwmark);
587 if (tunnel->encap.type != TUNNEL_ENCAP_NONE)
589 rt = ip_route_output_key(tunnel->net, &fl4);
591 dev->stats.tx_carrier_errors++;
594 if (rt->dst.dev == dev) {
596 dev->stats.collisions++;
599 tos = ip_tunnel_ecn_encap(tos, inner_iph, skb);
602 if (skb->protocol == htons(ETH_P_IP))
603 ttl = inner_iph->ttl;
604 else if (skb->protocol == htons(ETH_P_IPV6))
605 ttl = ((const struct ipv6hdr *)inner_iph)->hop_limit;
607 ttl = ip4_dst_hoplimit(&rt->dst);
609 if (key->tun_flags & TUNNEL_DONT_FRAGMENT)
611 else if (skb->protocol == htons(ETH_P_IP))
612 df = inner_iph->frag_off & htons(IP_DF);
613 headroom += LL_RESERVED_SPACE(rt->dst.dev) + rt->dst.header_len;
614 if (headroom > dev->needed_headroom)
615 dev->needed_headroom = headroom;
617 if (skb_cow_head(skb, dev->needed_headroom)) {
621 iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, proto, tos, ttl,
622 df, !net_eq(tunnel->net, dev_net(dev)));
625 dev->stats.tx_errors++;
628 dev->stats.tx_dropped++;
632 EXPORT_SYMBOL_GPL(ip_md_tunnel_xmit);
634 void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
635 const struct iphdr *tnl_params, u8 protocol)
637 struct ip_tunnel *tunnel = netdev_priv(dev);
638 const struct iphdr *inner_iph;
642 struct rtable *rt; /* Route to the other host */
643 unsigned int max_headroom; /* The extra header space needed */
647 inner_iph = (const struct iphdr *)skb_inner_network_header(skb);
648 connected = (tunnel->parms.iph.daddr != 0);
650 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
652 dst = tnl_params->daddr;
657 dev->stats.tx_fifo_errors++;
661 if (skb->protocol == htons(ETH_P_IP)) {
662 rt = skb_rtable(skb);
663 dst = rt_nexthop(rt, inner_iph->daddr);
665 #if IS_ENABLED(CONFIG_IPV6)
666 else if (skb->protocol == htons(ETH_P_IPV6)) {
667 const struct in6_addr *addr6;
668 struct neighbour *neigh;
669 bool do_tx_error_icmp;
672 neigh = dst_neigh_lookup(skb_dst(skb),
673 &ipv6_hdr(skb)->daddr);
677 addr6 = (const struct in6_addr *)&neigh->primary_key;
678 addr_type = ipv6_addr_type(addr6);
680 if (addr_type == IPV6_ADDR_ANY) {
681 addr6 = &ipv6_hdr(skb)->daddr;
682 addr_type = ipv6_addr_type(addr6);
685 if ((addr_type & IPV6_ADDR_COMPATv4) == 0)
686 do_tx_error_icmp = true;
688 do_tx_error_icmp = false;
689 dst = addr6->s6_addr32[3];
691 neigh_release(neigh);
692 if (do_tx_error_icmp)
702 tos = tnl_params->tos;
705 if (skb->protocol == htons(ETH_P_IP)) {
706 tos = inner_iph->tos;
708 } else if (skb->protocol == htons(ETH_P_IPV6)) {
709 tos = ipv6_get_dsfield((const struct ipv6hdr *)inner_iph);
714 init_tunnel_flow(&fl4, protocol, dst, tnl_params->saddr,
715 tunnel->parms.o_key, RT_TOS(tos), tunnel->parms.link,
718 if (ip_tunnel_encap(skb, tunnel, &protocol, &fl4) < 0)
721 rt = connected ? dst_cache_get_ip4(&tunnel->dst_cache, &fl4.saddr) :
725 rt = ip_route_output_key(tunnel->net, &fl4);
728 dev->stats.tx_carrier_errors++;
732 dst_cache_set_ip4(&tunnel->dst_cache, &rt->dst,
736 if (rt->dst.dev == dev) {
738 dev->stats.collisions++;
742 if (tnl_update_pmtu(dev, skb, rt, tnl_params->frag_off, inner_iph)) {
747 if (tunnel->err_count > 0) {
748 if (time_before(jiffies,
749 tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
752 dst_link_failure(skb);
754 tunnel->err_count = 0;
757 tos = ip_tunnel_ecn_encap(tos, inner_iph, skb);
758 ttl = tnl_params->ttl;
760 if (skb->protocol == htons(ETH_P_IP))
761 ttl = inner_iph->ttl;
762 #if IS_ENABLED(CONFIG_IPV6)
763 else if (skb->protocol == htons(ETH_P_IPV6))
764 ttl = ((const struct ipv6hdr *)inner_iph)->hop_limit;
767 ttl = ip4_dst_hoplimit(&rt->dst);
770 df = tnl_params->frag_off;
771 if (skb->protocol == htons(ETH_P_IP) && !tunnel->ignore_df)
772 df |= (inner_iph->frag_off&htons(IP_DF));
774 max_headroom = LL_RESERVED_SPACE(rt->dst.dev) + sizeof(struct iphdr)
775 + rt->dst.header_len + ip_encap_hlen(&tunnel->encap);
776 if (max_headroom > dev->needed_headroom)
777 dev->needed_headroom = max_headroom;
779 if (skb_cow_head(skb, dev->needed_headroom)) {
781 dev->stats.tx_dropped++;
786 iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, protocol, tos, ttl,
787 df, !net_eq(tunnel->net, dev_net(dev)));
790 #if IS_ENABLED(CONFIG_IPV6)
792 dst_link_failure(skb);
795 dev->stats.tx_errors++;
798 EXPORT_SYMBOL_GPL(ip_tunnel_xmit);
800 static void ip_tunnel_update(struct ip_tunnel_net *itn,
802 struct net_device *dev,
803 struct ip_tunnel_parm *p,
807 ip_tunnel_del(itn, t);
808 t->parms.iph.saddr = p->iph.saddr;
809 t->parms.iph.daddr = p->iph.daddr;
810 t->parms.i_key = p->i_key;
811 t->parms.o_key = p->o_key;
812 if (dev->type != ARPHRD_ETHER) {
813 memcpy(dev->dev_addr, &p->iph.saddr, 4);
814 memcpy(dev->broadcast, &p->iph.daddr, 4);
816 ip_tunnel_add(itn, t);
818 t->parms.iph.ttl = p->iph.ttl;
819 t->parms.iph.tos = p->iph.tos;
820 t->parms.iph.frag_off = p->iph.frag_off;
822 if (t->parms.link != p->link || t->fwmark != fwmark) {
825 t->parms.link = p->link;
827 mtu = ip_tunnel_bind_dev(dev);
831 dst_cache_reset(&t->dst_cache);
832 netdev_state_change(dev);
835 int ip_tunnel_ioctl(struct net_device *dev, struct ip_tunnel_parm *p, int cmd)
838 struct ip_tunnel *t = netdev_priv(dev);
839 struct net *net = t->net;
840 struct ip_tunnel_net *itn = net_generic(net, t->ip_tnl_net_id);
842 BUG_ON(!itn->fb_tunnel_dev);
845 if (dev == itn->fb_tunnel_dev) {
846 t = ip_tunnel_find(itn, p, itn->fb_tunnel_dev->type);
848 t = netdev_priv(dev);
850 memcpy(p, &t->parms, sizeof(*p));
856 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
859 p->iph.frag_off |= htons(IP_DF);
860 if (!(p->i_flags & VTI_ISVTI)) {
861 if (!(p->i_flags & TUNNEL_KEY))
863 if (!(p->o_flags & TUNNEL_KEY))
867 t = ip_tunnel_find(itn, p, itn->fb_tunnel_dev->type);
869 if (cmd == SIOCADDTUNNEL) {
871 t = ip_tunnel_create(net, itn, p);
872 err = PTR_ERR_OR_ZERO(t);
879 if (dev != itn->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
886 unsigned int nflags = 0;
888 if (ipv4_is_multicast(p->iph.daddr))
889 nflags = IFF_BROADCAST;
890 else if (p->iph.daddr)
891 nflags = IFF_POINTOPOINT;
893 if ((dev->flags^nflags)&(IFF_POINTOPOINT|IFF_BROADCAST)) {
898 t = netdev_priv(dev);
904 ip_tunnel_update(itn, t, dev, p, true, 0);
912 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
915 if (dev == itn->fb_tunnel_dev) {
917 t = ip_tunnel_find(itn, p, itn->fb_tunnel_dev->type);
921 if (t == netdev_priv(itn->fb_tunnel_dev))
925 unregister_netdevice(dev);
936 EXPORT_SYMBOL_GPL(ip_tunnel_ioctl);
938 int __ip_tunnel_change_mtu(struct net_device *dev, int new_mtu, bool strict)
940 struct ip_tunnel *tunnel = netdev_priv(dev);
941 int t_hlen = tunnel->hlen + sizeof(struct iphdr);
942 int max_mtu = 0xFFF8 - dev->hard_header_len - t_hlen;
944 if (new_mtu < ETH_MIN_MTU)
947 if (new_mtu > max_mtu) {
957 EXPORT_SYMBOL_GPL(__ip_tunnel_change_mtu);
959 int ip_tunnel_change_mtu(struct net_device *dev, int new_mtu)
961 return __ip_tunnel_change_mtu(dev, new_mtu, true);
963 EXPORT_SYMBOL_GPL(ip_tunnel_change_mtu);
965 static void ip_tunnel_dev_free(struct net_device *dev)
967 struct ip_tunnel *tunnel = netdev_priv(dev);
969 gro_cells_destroy(&tunnel->gro_cells);
970 dst_cache_destroy(&tunnel->dst_cache);
971 free_percpu(dev->tstats);
974 void ip_tunnel_dellink(struct net_device *dev, struct list_head *head)
976 struct ip_tunnel *tunnel = netdev_priv(dev);
977 struct ip_tunnel_net *itn;
979 itn = net_generic(tunnel->net, tunnel->ip_tnl_net_id);
981 if (itn->fb_tunnel_dev != dev) {
982 ip_tunnel_del(itn, netdev_priv(dev));
983 unregister_netdevice_queue(dev, head);
986 EXPORT_SYMBOL_GPL(ip_tunnel_dellink);
988 struct net *ip_tunnel_get_link_net(const struct net_device *dev)
990 struct ip_tunnel *tunnel = netdev_priv(dev);
994 EXPORT_SYMBOL(ip_tunnel_get_link_net);
996 int ip_tunnel_get_iflink(const struct net_device *dev)
998 struct ip_tunnel *tunnel = netdev_priv(dev);
1000 return tunnel->parms.link;
1002 EXPORT_SYMBOL(ip_tunnel_get_iflink);
1004 int ip_tunnel_init_net(struct net *net, unsigned int ip_tnl_net_id,
1005 struct rtnl_link_ops *ops, char *devname)
1007 struct ip_tunnel_net *itn = net_generic(net, ip_tnl_net_id);
1008 struct ip_tunnel_parm parms;
1011 for (i = 0; i < IP_TNL_HASH_SIZE; i++)
1012 INIT_HLIST_HEAD(&itn->tunnels[i]);
1015 itn->fb_tunnel_dev = NULL;
1019 memset(&parms, 0, sizeof(parms));
1021 strlcpy(parms.name, devname, IFNAMSIZ);
1024 itn->fb_tunnel_dev = __ip_tunnel_create(net, ops, &parms);
1025 /* FB netdevice is special: we have one, and only one per netns.
1026 * Allowing to move it to another netns is clearly unsafe.
1028 if (!IS_ERR(itn->fb_tunnel_dev)) {
1029 itn->fb_tunnel_dev->features |= NETIF_F_NETNS_LOCAL;
1030 itn->fb_tunnel_dev->mtu = ip_tunnel_bind_dev(itn->fb_tunnel_dev);
1031 ip_tunnel_add(itn, netdev_priv(itn->fb_tunnel_dev));
1035 return PTR_ERR_OR_ZERO(itn->fb_tunnel_dev);
1037 EXPORT_SYMBOL_GPL(ip_tunnel_init_net);
1039 static void ip_tunnel_destroy(struct ip_tunnel_net *itn, struct list_head *head,
1040 struct rtnl_link_ops *ops)
1042 struct net *net = dev_net(itn->fb_tunnel_dev);
1043 struct net_device *dev, *aux;
1046 for_each_netdev_safe(net, dev, aux)
1047 if (dev->rtnl_link_ops == ops)
1048 unregister_netdevice_queue(dev, head);
1050 for (h = 0; h < IP_TNL_HASH_SIZE; h++) {
1051 struct ip_tunnel *t;
1052 struct hlist_node *n;
1053 struct hlist_head *thead = &itn->tunnels[h];
1055 hlist_for_each_entry_safe(t, n, thead, hash_node)
1056 /* If dev is in the same netns, it has already
1057 * been added to the list by the previous loop.
1059 if (!net_eq(dev_net(t->dev), net))
1060 unregister_netdevice_queue(t->dev, head);
1064 void ip_tunnel_delete_nets(struct list_head *net_list, unsigned int id,
1065 struct rtnl_link_ops *ops)
1067 struct ip_tunnel_net *itn;
1072 list_for_each_entry(net, net_list, exit_list) {
1073 itn = net_generic(net, id);
1074 ip_tunnel_destroy(itn, &list, ops);
1076 unregister_netdevice_many(&list);
1079 EXPORT_SYMBOL_GPL(ip_tunnel_delete_nets);
1081 int ip_tunnel_newlink(struct net_device *dev, struct nlattr *tb[],
1082 struct ip_tunnel_parm *p, __u32 fwmark)
1084 struct ip_tunnel *nt;
1085 struct net *net = dev_net(dev);
1086 struct ip_tunnel_net *itn;
1090 nt = netdev_priv(dev);
1091 itn = net_generic(net, nt->ip_tnl_net_id);
1093 if (nt->collect_md) {
1094 if (rtnl_dereference(itn->collect_md_tun))
1097 if (ip_tunnel_find(itn, p, dev->type))
1103 nt->fwmark = fwmark;
1104 err = register_netdevice(dev);
1108 if (dev->type == ARPHRD_ETHER && !tb[IFLA_ADDRESS])
1109 eth_hw_addr_random(dev);
1111 mtu = ip_tunnel_bind_dev(dev);
1115 ip_tunnel_add(itn, nt);
1119 EXPORT_SYMBOL_GPL(ip_tunnel_newlink);
1121 int ip_tunnel_changelink(struct net_device *dev, struct nlattr *tb[],
1122 struct ip_tunnel_parm *p, __u32 fwmark)
1124 struct ip_tunnel *t;
1125 struct ip_tunnel *tunnel = netdev_priv(dev);
1126 struct net *net = tunnel->net;
1127 struct ip_tunnel_net *itn = net_generic(net, tunnel->ip_tnl_net_id);
1129 if (dev == itn->fb_tunnel_dev)
1132 t = ip_tunnel_find(itn, p, dev->type);
1140 if (dev->type != ARPHRD_ETHER) {
1141 unsigned int nflags = 0;
1143 if (ipv4_is_multicast(p->iph.daddr))
1144 nflags = IFF_BROADCAST;
1145 else if (p->iph.daddr)
1146 nflags = IFF_POINTOPOINT;
1148 if ((dev->flags ^ nflags) &
1149 (IFF_POINTOPOINT | IFF_BROADCAST))
1154 ip_tunnel_update(itn, t, dev, p, !tb[IFLA_MTU], fwmark);
1157 EXPORT_SYMBOL_GPL(ip_tunnel_changelink);
1159 int ip_tunnel_init(struct net_device *dev)
1161 struct ip_tunnel *tunnel = netdev_priv(dev);
1162 struct iphdr *iph = &tunnel->parms.iph;
1165 dev->needs_free_netdev = true;
1166 dev->priv_destructor = ip_tunnel_dev_free;
1167 dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
1171 err = dst_cache_init(&tunnel->dst_cache, GFP_KERNEL);
1173 free_percpu(dev->tstats);
1177 err = gro_cells_init(&tunnel->gro_cells, dev);
1179 dst_cache_destroy(&tunnel->dst_cache);
1180 free_percpu(dev->tstats);
1185 tunnel->net = dev_net(dev);
1186 strcpy(tunnel->parms.name, dev->name);
1190 if (tunnel->collect_md) {
1191 dev->features |= NETIF_F_NETNS_LOCAL;
1192 netif_keep_dst(dev);
1196 EXPORT_SYMBOL_GPL(ip_tunnel_init);
1198 void ip_tunnel_uninit(struct net_device *dev)
1200 struct ip_tunnel *tunnel = netdev_priv(dev);
1201 struct net *net = tunnel->net;
1202 struct ip_tunnel_net *itn;
1204 itn = net_generic(net, tunnel->ip_tnl_net_id);
1205 /* fb_tunnel_dev will be unregisted in net-exit call. */
1206 if (itn->fb_tunnel_dev != dev)
1207 ip_tunnel_del(itn, netdev_priv(dev));
1209 dst_cache_reset(&tunnel->dst_cache);
1211 EXPORT_SYMBOL_GPL(ip_tunnel_uninit);
1213 /* Do least required initialization, rest of init is done in tunnel_init call */
1214 void ip_tunnel_setup(struct net_device *dev, unsigned int net_id)
1216 struct ip_tunnel *tunnel = netdev_priv(dev);
1217 tunnel->ip_tnl_net_id = net_id;
1219 EXPORT_SYMBOL_GPL(ip_tunnel_setup);
1221 MODULE_LICENSE("GPL");
git.samba.org / sfrench / cifs-2.6.git / blob