2 * Copyright (c) 2013 Nicira, Inc.
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of version 2 of the GNU General Public
6 * License as published by the Free Software Foundation.
8 * This program is distributed in the hope that it will be useful, but
9 * WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11 * General Public License for more details.
13 * You should have received a copy of the GNU General Public License
14 * along with this program; if not, write to the Free Software
15 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
21 #include <linux/capability.h>
22 #include <linux/module.h>
23 #include <linux/types.h>
24 #include <linux/kernel.h>
25 #include <linux/slab.h>
26 #include <linux/uaccess.h>
27 #include <linux/skbuff.h>
28 #include <linux/netdevice.h>
30 #include <linux/tcp.h>
31 #include <linux/udp.h>
32 #include <linux/if_arp.h>
33 #include <linux/init.h>
34 #include <linux/in6.h>
35 #include <linux/inetdevice.h>
36 #include <linux/igmp.h>
37 #include <linux/netfilter_ipv4.h>
38 #include <linux/etherdevice.h>
39 #include <linux/if_ether.h>
40 #include <linux/if_vlan.h>
41 #include <linux/rculist.h>
42 #include <linux/err.h>
47 #include <net/protocol.h>
48 #include <net/ip_tunnels.h>
50 #include <net/checksum.h>
51 #include <net/dsfield.h>
52 #include <net/inet_ecn.h>
54 #include <net/net_namespace.h>
55 #include <net/netns/generic.h>
56 #include <net/rtnetlink.h>
58 #include <net/dst_metadata.h>
60 #if IS_ENABLED(CONFIG_IPV6)
62 #include <net/ip6_fib.h>
63 #include <net/ip6_route.h>
66 static unsigned int ip_tunnel_hash(__be32 key, __be32 remote)
68 return hash_32((__force u32)key ^ (__force u32)remote,
72 static bool ip_tunnel_key_match(const struct ip_tunnel_parm *p,
73 __be16 flags, __be32 key)
75 if (p->i_flags & TUNNEL_KEY) {
76 if (flags & TUNNEL_KEY)
77 return key == p->i_key;
79 /* key expected, none present */
82 return !(flags & TUNNEL_KEY);
85 /* Fallback tunnel: no source, no destination, no key, no options
88 We require exact key match i.e. if a key is present in packet
89 it will match only tunnel with the same key; if it is not present,
90 it will match only keyless tunnel.
92 All keysless packets, if not matched configured keyless tunnels
93 will match fallback tunnel.
94 Given src, dst and key, find appropriate for input tunnel.
96 struct ip_tunnel *ip_tunnel_lookup(struct ip_tunnel_net *itn,
97 int link, __be16 flags,
98 __be32 remote, __be32 local,
102 struct ip_tunnel *t, *cand = NULL;
103 struct hlist_head *head;
105 hash = ip_tunnel_hash(key, remote);
106 head = &itn->tunnels[hash];
108 hlist_for_each_entry_rcu(t, head, hash_node) {
109 if (local != t->parms.iph.saddr ||
110 remote != t->parms.iph.daddr ||
111 !(t->dev->flags & IFF_UP))
114 if (!ip_tunnel_key_match(&t->parms, flags, key))
117 if (t->parms.link == link)
123 hlist_for_each_entry_rcu(t, head, hash_node) {
124 if (remote != t->parms.iph.daddr ||
125 t->parms.iph.saddr != 0 ||
126 !(t->dev->flags & IFF_UP))
129 if (!ip_tunnel_key_match(&t->parms, flags, key))
132 if (t->parms.link == link)
138 hash = ip_tunnel_hash(key, 0);
139 head = &itn->tunnels[hash];
141 hlist_for_each_entry_rcu(t, head, hash_node) {
142 if ((local != t->parms.iph.saddr || t->parms.iph.daddr != 0) &&
143 (local != t->parms.iph.daddr || !ipv4_is_multicast(local)))
146 if (!(t->dev->flags & IFF_UP))
149 if (!ip_tunnel_key_match(&t->parms, flags, key))
152 if (t->parms.link == link)
158 if (flags & TUNNEL_NO_KEY)
159 goto skip_key_lookup;
161 hlist_for_each_entry_rcu(t, head, hash_node) {
162 if (t->parms.i_key != key ||
163 t->parms.iph.saddr != 0 ||
164 t->parms.iph.daddr != 0 ||
165 !(t->dev->flags & IFF_UP))
168 if (t->parms.link == link)
178 t = rcu_dereference(itn->collect_md_tun);
179 if (t && t->dev->flags & IFF_UP)
182 if (itn->fb_tunnel_dev && itn->fb_tunnel_dev->flags & IFF_UP)
183 return netdev_priv(itn->fb_tunnel_dev);
187 EXPORT_SYMBOL_GPL(ip_tunnel_lookup);
189 static struct hlist_head *ip_bucket(struct ip_tunnel_net *itn,
190 struct ip_tunnel_parm *parms)
194 __be32 i_key = parms->i_key;
196 if (parms->iph.daddr && !ipv4_is_multicast(parms->iph.daddr))
197 remote = parms->iph.daddr;
201 if (!(parms->i_flags & TUNNEL_KEY) && (parms->i_flags & VTI_ISVTI))
204 h = ip_tunnel_hash(i_key, remote);
205 return &itn->tunnels[h];
208 static void ip_tunnel_add(struct ip_tunnel_net *itn, struct ip_tunnel *t)
210 struct hlist_head *head = ip_bucket(itn, &t->parms);
213 rcu_assign_pointer(itn->collect_md_tun, t);
214 hlist_add_head_rcu(&t->hash_node, head);
217 static void ip_tunnel_del(struct ip_tunnel_net *itn, struct ip_tunnel *t)
220 rcu_assign_pointer(itn->collect_md_tun, NULL);
221 hlist_del_init_rcu(&t->hash_node);
224 static struct ip_tunnel *ip_tunnel_find(struct ip_tunnel_net *itn,
225 struct ip_tunnel_parm *parms,
228 __be32 remote = parms->iph.daddr;
229 __be32 local = parms->iph.saddr;
230 __be32 key = parms->i_key;
231 __be16 flags = parms->i_flags;
232 int link = parms->link;
233 struct ip_tunnel *t = NULL;
234 struct hlist_head *head = ip_bucket(itn, parms);
236 hlist_for_each_entry_rcu(t, head, hash_node) {
237 if (local == t->parms.iph.saddr &&
238 remote == t->parms.iph.daddr &&
239 link == t->parms.link &&
240 type == t->dev->type &&
241 ip_tunnel_key_match(&t->parms, flags, key))
247 static struct net_device *__ip_tunnel_create(struct net *net,
248 const struct rtnl_link_ops *ops,
249 struct ip_tunnel_parm *parms)
252 struct ip_tunnel *tunnel;
253 struct net_device *dev;
257 strlcpy(name, parms->name, IFNAMSIZ);
259 if (strlen(ops->kind) > (IFNAMSIZ - 3)) {
263 strlcpy(name, ops->kind, IFNAMSIZ);
264 strncat(name, "%d", 2);
268 dev = alloc_netdev(ops->priv_size, name, NET_NAME_UNKNOWN, ops->setup);
273 dev_net_set(dev, net);
275 dev->rtnl_link_ops = ops;
277 tunnel = netdev_priv(dev);
278 tunnel->parms = *parms;
281 err = register_netdevice(dev);
293 static inline void init_tunnel_flow(struct flowi4 *fl4,
295 __be32 daddr, __be32 saddr,
296 __be32 key, __u8 tos, int oif,
299 memset(fl4, 0, sizeof(*fl4));
300 fl4->flowi4_oif = oif;
303 fl4->flowi4_tos = tos;
304 fl4->flowi4_proto = proto;
305 fl4->fl4_gre_key = key;
306 fl4->flowi4_mark = mark;
309 static int ip_tunnel_bind_dev(struct net_device *dev)
311 struct net_device *tdev = NULL;
312 struct ip_tunnel *tunnel = netdev_priv(dev);
313 const struct iphdr *iph;
314 int hlen = LL_MAX_HEADER;
315 int mtu = ETH_DATA_LEN;
316 int t_hlen = tunnel->hlen + sizeof(struct iphdr);
318 iph = &tunnel->parms.iph;
320 /* Guess output device to choose reasonable mtu and needed_headroom */
325 init_tunnel_flow(&fl4, iph->protocol, iph->daddr,
326 iph->saddr, tunnel->parms.o_key,
327 RT_TOS(iph->tos), tunnel->parms.link,
329 rt = ip_route_output_key(tunnel->net, &fl4);
335 if (dev->type != ARPHRD_ETHER)
336 dev->flags |= IFF_POINTOPOINT;
338 dst_cache_reset(&tunnel->dst_cache);
341 if (!tdev && tunnel->parms.link)
342 tdev = __dev_get_by_index(tunnel->net, tunnel->parms.link);
345 hlen = tdev->hard_header_len + tdev->needed_headroom;
349 dev->needed_headroom = t_hlen + hlen;
350 mtu -= (dev->hard_header_len + t_hlen);
352 if (mtu < IPV4_MIN_MTU)
358 static struct ip_tunnel *ip_tunnel_create(struct net *net,
359 struct ip_tunnel_net *itn,
360 struct ip_tunnel_parm *parms)
362 struct ip_tunnel *nt;
363 struct net_device *dev;
366 BUG_ON(!itn->fb_tunnel_dev);
367 dev = __ip_tunnel_create(net, itn->fb_tunnel_dev->rtnl_link_ops, parms);
369 return ERR_CAST(dev);
371 dev->mtu = ip_tunnel_bind_dev(dev);
373 nt = netdev_priv(dev);
374 t_hlen = nt->hlen + sizeof(struct iphdr);
375 dev->min_mtu = ETH_MIN_MTU;
376 dev->max_mtu = 0xFFF8 - dev->hard_header_len - t_hlen;
377 ip_tunnel_add(itn, nt);
381 int ip_tunnel_rcv(struct ip_tunnel *tunnel, struct sk_buff *skb,
382 const struct tnl_ptk_info *tpi, struct metadata_dst *tun_dst,
385 struct pcpu_sw_netstats *tstats;
386 const struct iphdr *iph = ip_hdr(skb);
389 #ifdef CONFIG_NET_IPGRE_BROADCAST
390 if (ipv4_is_multicast(iph->daddr)) {
391 tunnel->dev->stats.multicast++;
392 skb->pkt_type = PACKET_BROADCAST;
396 if ((!(tpi->flags&TUNNEL_CSUM) && (tunnel->parms.i_flags&TUNNEL_CSUM)) ||
397 ((tpi->flags&TUNNEL_CSUM) && !(tunnel->parms.i_flags&TUNNEL_CSUM))) {
398 tunnel->dev->stats.rx_crc_errors++;
399 tunnel->dev->stats.rx_errors++;
403 if (tunnel->parms.i_flags&TUNNEL_SEQ) {
404 if (!(tpi->flags&TUNNEL_SEQ) ||
405 (tunnel->i_seqno && (s32)(ntohl(tpi->seq) - tunnel->i_seqno) < 0)) {
406 tunnel->dev->stats.rx_fifo_errors++;
407 tunnel->dev->stats.rx_errors++;
410 tunnel->i_seqno = ntohl(tpi->seq) + 1;
413 skb_reset_network_header(skb);
415 err = IP_ECN_decapsulate(iph, skb);
418 net_info_ratelimited("non-ECT from %pI4 with TOS=%#x\n",
419 &iph->saddr, iph->tos);
421 ++tunnel->dev->stats.rx_frame_errors;
422 ++tunnel->dev->stats.rx_errors;
427 tstats = this_cpu_ptr(tunnel->dev->tstats);
428 u64_stats_update_begin(&tstats->syncp);
429 tstats->rx_packets++;
430 tstats->rx_bytes += skb->len;
431 u64_stats_update_end(&tstats->syncp);
433 skb_scrub_packet(skb, !net_eq(tunnel->net, dev_net(tunnel->dev)));
435 if (tunnel->dev->type == ARPHRD_ETHER) {
436 skb->protocol = eth_type_trans(skb, tunnel->dev);
437 skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
439 skb->dev = tunnel->dev;
443 skb_dst_set(skb, (struct dst_entry *)tun_dst);
445 gro_cells_receive(&tunnel->gro_cells, skb);
450 dst_release((struct dst_entry *)tun_dst);
454 EXPORT_SYMBOL_GPL(ip_tunnel_rcv);
456 int ip_tunnel_encap_add_ops(const struct ip_tunnel_encap_ops *ops,
459 if (num >= MAX_IPTUN_ENCAP_OPS)
462 return !cmpxchg((const struct ip_tunnel_encap_ops **)
466 EXPORT_SYMBOL(ip_tunnel_encap_add_ops);
468 int ip_tunnel_encap_del_ops(const struct ip_tunnel_encap_ops *ops,
473 if (num >= MAX_IPTUN_ENCAP_OPS)
476 ret = (cmpxchg((const struct ip_tunnel_encap_ops **)
478 ops, NULL) == ops) ? 0 : -1;
484 EXPORT_SYMBOL(ip_tunnel_encap_del_ops);
486 int ip_tunnel_encap_setup(struct ip_tunnel *t,
487 struct ip_tunnel_encap *ipencap)
491 memset(&t->encap, 0, sizeof(t->encap));
493 hlen = ip_encap_hlen(ipencap);
497 t->encap.type = ipencap->type;
498 t->encap.sport = ipencap->sport;
499 t->encap.dport = ipencap->dport;
500 t->encap.flags = ipencap->flags;
502 t->encap_hlen = hlen;
503 t->hlen = t->encap_hlen + t->tun_hlen;
507 EXPORT_SYMBOL_GPL(ip_tunnel_encap_setup);
509 static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb,
510 struct rtable *rt, __be16 df,
511 const struct iphdr *inner_iph)
513 struct ip_tunnel *tunnel = netdev_priv(dev);
514 int pkt_size = skb->len - tunnel->hlen - dev->hard_header_len;
518 mtu = dst_mtu(&rt->dst) - dev->hard_header_len
519 - sizeof(struct iphdr) - tunnel->hlen;
521 mtu = skb_dst(skb) ? dst_mtu(skb_dst(skb)) : dev->mtu;
523 skb_dst_update_pmtu(skb, mtu);
525 if (skb->protocol == htons(ETH_P_IP)) {
526 if (!skb_is_gso(skb) &&
527 (inner_iph->frag_off & htons(IP_DF)) &&
529 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
530 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
534 #if IS_ENABLED(CONFIG_IPV6)
535 else if (skb->protocol == htons(ETH_P_IPV6)) {
536 struct rt6_info *rt6 = (struct rt6_info *)skb_dst(skb);
538 if (rt6 && mtu < dst_mtu(skb_dst(skb)) &&
539 mtu >= IPV6_MIN_MTU) {
540 if ((tunnel->parms.iph.daddr &&
541 !ipv4_is_multicast(tunnel->parms.iph.daddr)) ||
542 rt6->rt6i_dst.plen == 128) {
543 rt6->rt6i_flags |= RTF_MODIFIED;
544 dst_metric_set(skb_dst(skb), RTAX_MTU, mtu);
548 if (!skb_is_gso(skb) && mtu >= IPV6_MIN_MTU &&
550 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
558 void ip_md_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, u8 proto)
560 struct ip_tunnel *tunnel = netdev_priv(dev);
561 u32 headroom = sizeof(struct iphdr);
562 struct ip_tunnel_info *tun_info;
563 const struct ip_tunnel_key *key;
564 const struct iphdr *inner_iph;
570 tun_info = skb_tunnel_info(skb);
571 if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
572 ip_tunnel_info_af(tun_info) != AF_INET))
574 key = &tun_info->key;
575 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
576 inner_iph = (const struct iphdr *)skb_inner_network_header(skb);
579 if (skb->protocol == htons(ETH_P_IP))
580 tos = inner_iph->tos;
581 else if (skb->protocol == htons(ETH_P_IPV6))
582 tos = ipv6_get_dsfield((const struct ipv6hdr *)inner_iph);
584 init_tunnel_flow(&fl4, proto, key->u.ipv4.dst, key->u.ipv4.src, 0,
585 RT_TOS(tos), tunnel->parms.link, tunnel->fwmark);
586 if (tunnel->encap.type != TUNNEL_ENCAP_NONE)
588 rt = ip_route_output_key(tunnel->net, &fl4);
590 dev->stats.tx_carrier_errors++;
593 if (rt->dst.dev == dev) {
595 dev->stats.collisions++;
598 tos = ip_tunnel_ecn_encap(tos, inner_iph, skb);
601 if (skb->protocol == htons(ETH_P_IP))
602 ttl = inner_iph->ttl;
603 else if (skb->protocol == htons(ETH_P_IPV6))
604 ttl = ((const struct ipv6hdr *)inner_iph)->hop_limit;
606 ttl = ip4_dst_hoplimit(&rt->dst);
608 if (key->tun_flags & TUNNEL_DONT_FRAGMENT)
610 else if (skb->protocol == htons(ETH_P_IP))
611 df = inner_iph->frag_off & htons(IP_DF);
612 headroom += LL_RESERVED_SPACE(rt->dst.dev) + rt->dst.header_len;
613 if (headroom > dev->needed_headroom)
614 dev->needed_headroom = headroom;
616 if (skb_cow_head(skb, dev->needed_headroom)) {
620 iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, proto, tos, ttl,
621 df, !net_eq(tunnel->net, dev_net(dev)));
624 dev->stats.tx_errors++;
627 dev->stats.tx_dropped++;
631 EXPORT_SYMBOL_GPL(ip_md_tunnel_xmit);
633 void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
634 const struct iphdr *tnl_params, u8 protocol)
636 struct ip_tunnel *tunnel = netdev_priv(dev);
637 const struct iphdr *inner_iph;
641 struct rtable *rt; /* Route to the other host */
642 unsigned int max_headroom; /* The extra header space needed */
646 inner_iph = (const struct iphdr *)skb_inner_network_header(skb);
647 connected = (tunnel->parms.iph.daddr != 0);
649 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
651 dst = tnl_params->daddr;
656 dev->stats.tx_fifo_errors++;
660 if (skb->protocol == htons(ETH_P_IP)) {
661 rt = skb_rtable(skb);
662 dst = rt_nexthop(rt, inner_iph->daddr);
664 #if IS_ENABLED(CONFIG_IPV6)
665 else if (skb->protocol == htons(ETH_P_IPV6)) {
666 const struct in6_addr *addr6;
667 struct neighbour *neigh;
668 bool do_tx_error_icmp;
671 neigh = dst_neigh_lookup(skb_dst(skb),
672 &ipv6_hdr(skb)->daddr);
676 addr6 = (const struct in6_addr *)&neigh->primary_key;
677 addr_type = ipv6_addr_type(addr6);
679 if (addr_type == IPV6_ADDR_ANY) {
680 addr6 = &ipv6_hdr(skb)->daddr;
681 addr_type = ipv6_addr_type(addr6);
684 if ((addr_type & IPV6_ADDR_COMPATv4) == 0)
685 do_tx_error_icmp = true;
687 do_tx_error_icmp = false;
688 dst = addr6->s6_addr32[3];
690 neigh_release(neigh);
691 if (do_tx_error_icmp)
701 tos = tnl_params->tos;
704 if (skb->protocol == htons(ETH_P_IP)) {
705 tos = inner_iph->tos;
707 } else if (skb->protocol == htons(ETH_P_IPV6)) {
708 tos = ipv6_get_dsfield((const struct ipv6hdr *)inner_iph);
713 if (tunnel->fwmark) {
714 init_tunnel_flow(&fl4, protocol, dst, tnl_params->saddr,
715 tunnel->parms.o_key, RT_TOS(tos), tunnel->parms.link,
719 init_tunnel_flow(&fl4, protocol, dst, tnl_params->saddr,
720 tunnel->parms.o_key, RT_TOS(tos), tunnel->parms.link,
724 if (ip_tunnel_encap(skb, tunnel, &protocol, &fl4) < 0)
727 rt = connected ? dst_cache_get_ip4(&tunnel->dst_cache, &fl4.saddr) :
731 rt = ip_route_output_key(tunnel->net, &fl4);
734 dev->stats.tx_carrier_errors++;
738 dst_cache_set_ip4(&tunnel->dst_cache, &rt->dst,
742 if (rt->dst.dev == dev) {
744 dev->stats.collisions++;
748 if (tnl_update_pmtu(dev, skb, rt, tnl_params->frag_off, inner_iph)) {
753 if (tunnel->err_count > 0) {
754 if (time_before(jiffies,
755 tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
758 dst_link_failure(skb);
760 tunnel->err_count = 0;
763 tos = ip_tunnel_ecn_encap(tos, inner_iph, skb);
764 ttl = tnl_params->ttl;
766 if (skb->protocol == htons(ETH_P_IP))
767 ttl = inner_iph->ttl;
768 #if IS_ENABLED(CONFIG_IPV6)
769 else if (skb->protocol == htons(ETH_P_IPV6))
770 ttl = ((const struct ipv6hdr *)inner_iph)->hop_limit;
773 ttl = ip4_dst_hoplimit(&rt->dst);
776 df = tnl_params->frag_off;
777 if (skb->protocol == htons(ETH_P_IP) && !tunnel->ignore_df)
778 df |= (inner_iph->frag_off&htons(IP_DF));
780 max_headroom = LL_RESERVED_SPACE(rt->dst.dev) + sizeof(struct iphdr)
781 + rt->dst.header_len + ip_encap_hlen(&tunnel->encap);
782 if (max_headroom > dev->needed_headroom)
783 dev->needed_headroom = max_headroom;
785 if (skb_cow_head(skb, dev->needed_headroom)) {
787 dev->stats.tx_dropped++;
792 iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, protocol, tos, ttl,
793 df, !net_eq(tunnel->net, dev_net(dev)));
796 #if IS_ENABLED(CONFIG_IPV6)
798 dst_link_failure(skb);
801 dev->stats.tx_errors++;
804 EXPORT_SYMBOL_GPL(ip_tunnel_xmit);
806 static void ip_tunnel_update(struct ip_tunnel_net *itn,
808 struct net_device *dev,
809 struct ip_tunnel_parm *p,
813 ip_tunnel_del(itn, t);
814 t->parms.iph.saddr = p->iph.saddr;
815 t->parms.iph.daddr = p->iph.daddr;
816 t->parms.i_key = p->i_key;
817 t->parms.o_key = p->o_key;
818 if (dev->type != ARPHRD_ETHER) {
819 memcpy(dev->dev_addr, &p->iph.saddr, 4);
820 memcpy(dev->broadcast, &p->iph.daddr, 4);
822 ip_tunnel_add(itn, t);
824 t->parms.iph.ttl = p->iph.ttl;
825 t->parms.iph.tos = p->iph.tos;
826 t->parms.iph.frag_off = p->iph.frag_off;
828 if (t->parms.link != p->link || t->fwmark != fwmark) {
831 t->parms.link = p->link;
833 mtu = ip_tunnel_bind_dev(dev);
837 dst_cache_reset(&t->dst_cache);
838 netdev_state_change(dev);
841 int ip_tunnel_ioctl(struct net_device *dev, struct ip_tunnel_parm *p, int cmd)
844 struct ip_tunnel *t = netdev_priv(dev);
845 struct net *net = t->net;
846 struct ip_tunnel_net *itn = net_generic(net, t->ip_tnl_net_id);
848 BUG_ON(!itn->fb_tunnel_dev);
851 if (dev == itn->fb_tunnel_dev) {
852 t = ip_tunnel_find(itn, p, itn->fb_tunnel_dev->type);
854 t = netdev_priv(dev);
856 memcpy(p, &t->parms, sizeof(*p));
862 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
865 p->iph.frag_off |= htons(IP_DF);
866 if (!(p->i_flags & VTI_ISVTI)) {
867 if (!(p->i_flags & TUNNEL_KEY))
869 if (!(p->o_flags & TUNNEL_KEY))
873 t = ip_tunnel_find(itn, p, itn->fb_tunnel_dev->type);
875 if (cmd == SIOCADDTUNNEL) {
877 t = ip_tunnel_create(net, itn, p);
878 err = PTR_ERR_OR_ZERO(t);
885 if (dev != itn->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
892 unsigned int nflags = 0;
894 if (ipv4_is_multicast(p->iph.daddr))
895 nflags = IFF_BROADCAST;
896 else if (p->iph.daddr)
897 nflags = IFF_POINTOPOINT;
899 if ((dev->flags^nflags)&(IFF_POINTOPOINT|IFF_BROADCAST)) {
904 t = netdev_priv(dev);
910 ip_tunnel_update(itn, t, dev, p, true, 0);
918 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
921 if (dev == itn->fb_tunnel_dev) {
923 t = ip_tunnel_find(itn, p, itn->fb_tunnel_dev->type);
927 if (t == netdev_priv(itn->fb_tunnel_dev))
931 unregister_netdevice(dev);
942 EXPORT_SYMBOL_GPL(ip_tunnel_ioctl);
944 int __ip_tunnel_change_mtu(struct net_device *dev, int new_mtu, bool strict)
946 struct ip_tunnel *tunnel = netdev_priv(dev);
947 int t_hlen = tunnel->hlen + sizeof(struct iphdr);
948 int max_mtu = 0xFFF8 - dev->hard_header_len - t_hlen;
950 if (new_mtu < ETH_MIN_MTU)
953 if (new_mtu > max_mtu) {
963 EXPORT_SYMBOL_GPL(__ip_tunnel_change_mtu);
965 int ip_tunnel_change_mtu(struct net_device *dev, int new_mtu)
967 return __ip_tunnel_change_mtu(dev, new_mtu, true);
969 EXPORT_SYMBOL_GPL(ip_tunnel_change_mtu);
971 static void ip_tunnel_dev_free(struct net_device *dev)
973 struct ip_tunnel *tunnel = netdev_priv(dev);
975 gro_cells_destroy(&tunnel->gro_cells);
976 dst_cache_destroy(&tunnel->dst_cache);
977 free_percpu(dev->tstats);
980 void ip_tunnel_dellink(struct net_device *dev, struct list_head *head)
982 struct ip_tunnel *tunnel = netdev_priv(dev);
983 struct ip_tunnel_net *itn;
985 itn = net_generic(tunnel->net, tunnel->ip_tnl_net_id);
987 if (itn->fb_tunnel_dev != dev) {
988 ip_tunnel_del(itn, netdev_priv(dev));
989 unregister_netdevice_queue(dev, head);
992 EXPORT_SYMBOL_GPL(ip_tunnel_dellink);
994 struct net *ip_tunnel_get_link_net(const struct net_device *dev)
996 struct ip_tunnel *tunnel = netdev_priv(dev);
1000 EXPORT_SYMBOL(ip_tunnel_get_link_net);
1002 int ip_tunnel_get_iflink(const struct net_device *dev)
1004 struct ip_tunnel *tunnel = netdev_priv(dev);
1006 return tunnel->parms.link;
1008 EXPORT_SYMBOL(ip_tunnel_get_iflink);
1010 int ip_tunnel_init_net(struct net *net, unsigned int ip_tnl_net_id,
1011 struct rtnl_link_ops *ops, char *devname)
1013 struct ip_tunnel_net *itn = net_generic(net, ip_tnl_net_id);
1014 struct ip_tunnel_parm parms;
1017 for (i = 0; i < IP_TNL_HASH_SIZE; i++)
1018 INIT_HLIST_HEAD(&itn->tunnels[i]);
1021 itn->fb_tunnel_dev = NULL;
1025 memset(&parms, 0, sizeof(parms));
1027 strlcpy(parms.name, devname, IFNAMSIZ);
1030 itn->fb_tunnel_dev = __ip_tunnel_create(net, ops, &parms);
1031 /* FB netdevice is special: we have one, and only one per netns.
1032 * Allowing to move it to another netns is clearly unsafe.
1034 if (!IS_ERR(itn->fb_tunnel_dev)) {
1035 itn->fb_tunnel_dev->features |= NETIF_F_NETNS_LOCAL;
1036 itn->fb_tunnel_dev->mtu = ip_tunnel_bind_dev(itn->fb_tunnel_dev);
1037 ip_tunnel_add(itn, netdev_priv(itn->fb_tunnel_dev));
1041 return PTR_ERR_OR_ZERO(itn->fb_tunnel_dev);
1043 EXPORT_SYMBOL_GPL(ip_tunnel_init_net);
1045 static void ip_tunnel_destroy(struct ip_tunnel_net *itn, struct list_head *head,
1046 struct rtnl_link_ops *ops)
1048 struct net *net = dev_net(itn->fb_tunnel_dev);
1049 struct net_device *dev, *aux;
1052 for_each_netdev_safe(net, dev, aux)
1053 if (dev->rtnl_link_ops == ops)
1054 unregister_netdevice_queue(dev, head);
1056 for (h = 0; h < IP_TNL_HASH_SIZE; h++) {
1057 struct ip_tunnel *t;
1058 struct hlist_node *n;
1059 struct hlist_head *thead = &itn->tunnels[h];
1061 hlist_for_each_entry_safe(t, n, thead, hash_node)
1062 /* If dev is in the same netns, it has already
1063 * been added to the list by the previous loop.
1065 if (!net_eq(dev_net(t->dev), net))
1066 unregister_netdevice_queue(t->dev, head);
1070 void ip_tunnel_delete_nets(struct list_head *net_list, unsigned int id,
1071 struct rtnl_link_ops *ops)
1073 struct ip_tunnel_net *itn;
1078 list_for_each_entry(net, net_list, exit_list) {
1079 itn = net_generic(net, id);
1080 ip_tunnel_destroy(itn, &list, ops);
1082 unregister_netdevice_many(&list);
1085 EXPORT_SYMBOL_GPL(ip_tunnel_delete_nets);
1087 int ip_tunnel_newlink(struct net_device *dev, struct nlattr *tb[],
1088 struct ip_tunnel_parm *p, __u32 fwmark)
1090 struct ip_tunnel *nt;
1091 struct net *net = dev_net(dev);
1092 struct ip_tunnel_net *itn;
1096 nt = netdev_priv(dev);
1097 itn = net_generic(net, nt->ip_tnl_net_id);
1099 if (nt->collect_md) {
1100 if (rtnl_dereference(itn->collect_md_tun))
1103 if (ip_tunnel_find(itn, p, dev->type))
1109 nt->fwmark = fwmark;
1110 err = register_netdevice(dev);
1114 if (dev->type == ARPHRD_ETHER && !tb[IFLA_ADDRESS])
1115 eth_hw_addr_random(dev);
1117 mtu = ip_tunnel_bind_dev(dev);
1121 ip_tunnel_add(itn, nt);
1125 EXPORT_SYMBOL_GPL(ip_tunnel_newlink);
1127 int ip_tunnel_changelink(struct net_device *dev, struct nlattr *tb[],
1128 struct ip_tunnel_parm *p, __u32 fwmark)
1130 struct ip_tunnel *t;
1131 struct ip_tunnel *tunnel = netdev_priv(dev);
1132 struct net *net = tunnel->net;
1133 struct ip_tunnel_net *itn = net_generic(net, tunnel->ip_tnl_net_id);
1135 if (dev == itn->fb_tunnel_dev)
1138 t = ip_tunnel_find(itn, p, dev->type);
1146 if (dev->type != ARPHRD_ETHER) {
1147 unsigned int nflags = 0;
1149 if (ipv4_is_multicast(p->iph.daddr))
1150 nflags = IFF_BROADCAST;
1151 else if (p->iph.daddr)
1152 nflags = IFF_POINTOPOINT;
1154 if ((dev->flags ^ nflags) &
1155 (IFF_POINTOPOINT | IFF_BROADCAST))
1160 ip_tunnel_update(itn, t, dev, p, !tb[IFLA_MTU], fwmark);
1163 EXPORT_SYMBOL_GPL(ip_tunnel_changelink);
1165 int ip_tunnel_init(struct net_device *dev)
1167 struct ip_tunnel *tunnel = netdev_priv(dev);
1168 struct iphdr *iph = &tunnel->parms.iph;
1171 dev->needs_free_netdev = true;
1172 dev->priv_destructor = ip_tunnel_dev_free;
1173 dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
1177 err = dst_cache_init(&tunnel->dst_cache, GFP_KERNEL);
1179 free_percpu(dev->tstats);
1183 err = gro_cells_init(&tunnel->gro_cells, dev);
1185 dst_cache_destroy(&tunnel->dst_cache);
1186 free_percpu(dev->tstats);
1191 tunnel->net = dev_net(dev);
1192 strcpy(tunnel->parms.name, dev->name);
1196 if (tunnel->collect_md) {
1197 dev->features |= NETIF_F_NETNS_LOCAL;
1198 netif_keep_dst(dev);
1202 EXPORT_SYMBOL_GPL(ip_tunnel_init);
1204 void ip_tunnel_uninit(struct net_device *dev)
1206 struct ip_tunnel *tunnel = netdev_priv(dev);
1207 struct net *net = tunnel->net;
1208 struct ip_tunnel_net *itn;
1210 itn = net_generic(net, tunnel->ip_tnl_net_id);
1211 /* fb_tunnel_dev will be unregisted in net-exit call. */
1212 if (itn->fb_tunnel_dev != dev)
1213 ip_tunnel_del(itn, netdev_priv(dev));
1215 dst_cache_reset(&tunnel->dst_cache);
1217 EXPORT_SYMBOL_GPL(ip_tunnel_uninit);
1219 /* Do least required initialization, rest of init is done in tunnel_init call */
1220 void ip_tunnel_setup(struct net_device *dev, unsigned int net_id)
1222 struct ip_tunnel *tunnel = netdev_priv(dev);
1223 tunnel->ip_tnl_net_id = net_id;
1225 EXPORT_SYMBOL_GPL(ip_tunnel_setup);
1227 MODULE_LICENSE("GPL");
git.samba.org / sfrench / cifs-2.6.git / blob