2 * Linux NET3: IP/IP protocol decoder.
4 * Version: $Id: ipip.c,v 1.50 2001/10/02 02:22:36 davem Exp $
7 * Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
10 * Alan Cox : Merged and made usable non modular (its so tiny its silly as
11 * a module taking up 2 pages).
12 * Alan Cox : Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
13 * to keep ip_forward happy.
14 * Alan Cox : More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
15 * Kai Schulte : Fixed #defines for IP_FIREWALL->FIREWALL
16 * David Woodhouse : Perform some basic ICMP handling.
17 * IPIP Routing without decapsulation.
18 * Carlos Picoto : GRE over IP support
19 * Alexey Kuznetsov: Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
20 * I do not want to merge them together.
22 * This program is free software; you can redistribute it and/or
23 * modify it under the terms of the GNU General Public License
24 * as published by the Free Software Foundation; either version
25 * 2 of the License, or (at your option) any later version.
29 /* tunnel.c: an IP tunnel driver
31 The purpose of this driver is to provide an IP tunnel through
32 which you can tunnel network traffic transparently across subnets.
34 This was written by looking at Nick Holloway's dummy driver
35 Thanks for the great code!
37 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
40 Cleaned up the code a little and added some pre-1.3.0 tweaks.
41 dev->hard_header/hard_header_len changed to use no headers.
42 Comments/bracketing tweaked.
43 Made the tunnels use dev->name not tunnel: when error reporting.
46 -Alan Cox (Alan.Cox@linux.org) 21 March 95
49 Changed to tunnel to destination gateway in addition to the
50 tunnel's pointopoint address
51 Almost completely rewritten
52 Note: There is currently no firewall or ICMP handling done.
54 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/13/96
58 /* Things I wish I had known when writing the tunnel driver:
60 When the tunnel_xmit() function is called, the skb contains the
61 packet to be sent (plus a great deal of extra info), and dev
62 contains the tunnel device that _we_ are.
64 When we are passed a packet, we are expected to fill in the
65 source address with our source IP address.
67 What is the proper way to allocate, copy and free a buffer?
68 After you allocate it, it is a "0 length" chunk of memory
69 starting at zero. If you want to add headers to the buffer
70 later, you'll have to call "skb_reserve(skb, amount)" with
71 the amount of memory you want reserved. Then, you call
72 "skb_put(skb, amount)" with the amount of space you want in
73 the buffer. skb_put() returns a pointer to the top (#0) of
74 that buffer. skb->len is set to the amount of space you have
75 "allocated" with skb_put(). You can then write up to skb->len
76 bytes to that buffer. If you need more, you can call skb_put()
77 again with the additional amount of space you need. You can
78 find out how much more space you can allocate by calling
80 Now, to add header space, call "skb_push(skb, header_len)".
81 This creates space at the beginning of the buffer and returns
82 a pointer to this new space. If later you need to strip a
83 header from a buffer, call "skb_pull(skb, header_len)".
84 skb_headroom() will return how much space is left at the top
85 of the buffer (before the main data). Remember, this headroom
86 space must be reserved before the skb_put() function is called.
90 This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
92 For comments look at net/ipv4/ip_gre.c --ANK
96 #include <linux/capability.h>
97 #include <linux/module.h>
98 #include <linux/types.h>
99 #include <linux/kernel.h>
100 #include <asm/uaccess.h>
101 #include <linux/skbuff.h>
102 #include <linux/netdevice.h>
103 #include <linux/in.h>
104 #include <linux/tcp.h>
105 #include <linux/udp.h>
106 #include <linux/if_arp.h>
107 #include <linux/mroute.h>
108 #include <linux/init.h>
109 #include <linux/netfilter_ipv4.h>
110 #include <linux/if_ether.h>
112 #include <net/sock.h>
114 #include <net/icmp.h>
115 #include <net/ipip.h>
116 #include <net/inet_ecn.h>
117 #include <net/xfrm.h>
120 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
122 static int ipip_fb_tunnel_init(struct net_device *dev);
123 static int ipip_tunnel_init(struct net_device *dev);
124 static void ipip_tunnel_setup(struct net_device *dev);
126 static struct net_device *ipip_fb_tunnel_dev;
128 static struct ip_tunnel *tunnels_r_l[HASH_SIZE];
129 static struct ip_tunnel *tunnels_r[HASH_SIZE];
130 static struct ip_tunnel *tunnels_l[HASH_SIZE];
131 static struct ip_tunnel *tunnels_wc[1];
132 static struct ip_tunnel **tunnels[4] = { tunnels_wc, tunnels_l, tunnels_r, tunnels_r_l };
134 static DEFINE_RWLOCK(ipip_lock);
136 static struct ip_tunnel * ipip_tunnel_lookup(__be32 remote, __be32 local)
138 unsigned h0 = HASH(remote);
139 unsigned h1 = HASH(local);
142 for (t = tunnels_r_l[h0^h1]; t; t = t->next) {
143 if (local == t->parms.iph.saddr &&
144 remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
147 for (t = tunnels_r[h0]; t; t = t->next) {
148 if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
151 for (t = tunnels_l[h1]; t; t = t->next) {
152 if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP))
155 if ((t = tunnels_wc[0]) != NULL && (t->dev->flags&IFF_UP))
160 static struct ip_tunnel **__ipip_bucket(struct ip_tunnel_parm *parms)
162 __be32 remote = parms->iph.daddr;
163 __be32 local = parms->iph.saddr;
175 return &tunnels[prio][h];
178 static inline struct ip_tunnel **ipip_bucket(struct ip_tunnel *t)
180 return __ipip_bucket(&t->parms);
183 static void ipip_tunnel_unlink(struct ip_tunnel *t)
185 struct ip_tunnel **tp;
187 for (tp = ipip_bucket(t); *tp; tp = &(*tp)->next) {
189 write_lock_bh(&ipip_lock);
191 write_unlock_bh(&ipip_lock);
197 static void ipip_tunnel_link(struct ip_tunnel *t)
199 struct ip_tunnel **tp = ipip_bucket(t);
202 write_lock_bh(&ipip_lock);
204 write_unlock_bh(&ipip_lock);
207 static struct ip_tunnel * ipip_tunnel_locate(struct ip_tunnel_parm *parms, int create)
209 __be32 remote = parms->iph.daddr;
210 __be32 local = parms->iph.saddr;
211 struct ip_tunnel *t, **tp, *nt;
212 struct net_device *dev;
215 for (tp = __ipip_bucket(parms); (t = *tp) != NULL; tp = &t->next) {
216 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr)
223 strlcpy(name, parms->name, IFNAMSIZ);
226 for (i=1; i<100; i++) {
227 sprintf(name, "tunl%d", i);
228 if (__dev_get_by_name(&init_net, name) == NULL)
235 dev = alloc_netdev(sizeof(*t), name, ipip_tunnel_setup);
239 nt = netdev_priv(dev);
240 dev->init = ipip_tunnel_init;
243 if (register_netdevice(dev) < 0) {
249 ipip_tunnel_link(nt);
256 static void ipip_tunnel_uninit(struct net_device *dev)
258 if (dev == ipip_fb_tunnel_dev) {
259 write_lock_bh(&ipip_lock);
260 tunnels_wc[0] = NULL;
261 write_unlock_bh(&ipip_lock);
263 ipip_tunnel_unlink(netdev_priv(dev));
267 static int ipip_err(struct sk_buff *skb, u32 info)
269 #ifndef I_WISH_WORLD_WERE_PERFECT
271 /* It is not :-( All the routers (except for Linux) return only
272 8 bytes of packet payload. It means, that precise relaying of
273 ICMP in the real Internet is absolutely infeasible.
275 struct iphdr *iph = (struct iphdr*)skb->data;
276 const int type = icmp_hdr(skb)->type;
277 const int code = icmp_hdr(skb)->code;
283 case ICMP_PARAMETERPROB:
286 case ICMP_DEST_UNREACH:
289 case ICMP_PORT_UNREACH:
290 /* Impossible event. */
292 case ICMP_FRAG_NEEDED:
293 /* Soft state for pmtu is maintained by IP core. */
296 /* All others are translated to HOST_UNREACH.
297 rfc2003 contains "deep thoughts" about NET_UNREACH,
298 I believe they are just ether pollution. --ANK
303 case ICMP_TIME_EXCEEDED:
304 if (code != ICMP_EXC_TTL)
311 read_lock(&ipip_lock);
312 t = ipip_tunnel_lookup(iph->daddr, iph->saddr);
313 if (t == NULL || t->parms.iph.daddr == 0)
317 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
320 if (jiffies - t->err_time < IPTUNNEL_ERR_TIMEO)
324 t->err_time = jiffies;
326 read_unlock(&ipip_lock);
329 struct iphdr *iph = (struct iphdr*)dp;
330 int hlen = iph->ihl<<2;
332 const int type = icmp_hdr(skb)->type;
333 const int code = icmp_hdr(skb)->code;
338 struct sk_buff *skb2;
342 if (len < hlen + sizeof(struct iphdr))
344 eiph = (struct iphdr*)(dp + hlen);
349 case ICMP_PARAMETERPROB:
350 n = ntohl(icmp_hdr(skb)->un.gateway) >> 24;
354 /* So... This guy found something strange INSIDE encapsulated
355 packet. Well, he is fool, but what can we do ?
357 rel_type = ICMP_PARAMETERPROB;
358 rel_info = htonl((n - hlen) << 24);
361 case ICMP_DEST_UNREACH:
364 case ICMP_PORT_UNREACH:
365 /* Impossible event. */
367 case ICMP_FRAG_NEEDED:
368 /* And it is the only really necessary thing :-) */
369 n = ntohs(icmp_hdr(skb)->un.frag.mtu);
373 /* BSD 4.2 MORE DOES NOT EXIST IN NATURE. */
374 if (n > ntohs(eiph->tot_len))
379 /* All others are translated to HOST_UNREACH.
380 rfc2003 contains "deep thoughts" about NET_UNREACH,
381 I believe, it is just ether pollution. --ANK
383 rel_type = ICMP_DEST_UNREACH;
384 rel_code = ICMP_HOST_UNREACH;
388 case ICMP_TIME_EXCEEDED:
389 if (code != ICMP_EXC_TTL)
394 /* Prepare fake skb to feed it to icmp_send */
395 skb2 = skb_clone(skb, GFP_ATOMIC);
398 dst_release(skb2->dst);
400 skb_pull(skb2, skb->data - (u8*)eiph);
401 skb_reset_network_header(skb2);
403 /* Try to guess incoming interface */
404 memset(&fl, 0, sizeof(fl));
405 fl.fl4_daddr = eiph->saddr;
406 fl.fl4_tos = RT_TOS(eiph->tos);
407 fl.proto = IPPROTO_IPIP;
408 if (ip_route_output_key(&init_net, &rt, &key)) {
412 skb2->dev = rt->u.dst.dev;
414 /* route "incoming" packet */
415 if (rt->rt_flags&RTCF_LOCAL) {
418 fl.fl4_daddr = eiph->daddr;
419 fl.fl4_src = eiph->saddr;
420 fl.fl4_tos = eiph->tos;
421 if (ip_route_output_key(&init_net, &rt, &fl) ||
422 rt->u.dst.dev->type != ARPHRD_TUNNEL) {
429 if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, skb2->dev) ||
430 skb2->dst->dev->type != ARPHRD_TUNNEL) {
436 /* change mtu on this route */
437 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
438 if (n > dst_mtu(skb2->dst)) {
442 skb2->dst->ops->update_pmtu(skb2->dst, n);
443 } else if (type == ICMP_TIME_EXCEEDED) {
444 struct ip_tunnel *t = netdev_priv(skb2->dev);
445 if (t->parms.iph.ttl) {
446 rel_type = ICMP_DEST_UNREACH;
447 rel_code = ICMP_HOST_UNREACH;
451 icmp_send(skb2, rel_type, rel_code, rel_info);
457 static inline void ipip_ecn_decapsulate(const struct iphdr *outer_iph,
460 struct iphdr *inner_iph = ip_hdr(skb);
462 if (INET_ECN_is_ce(outer_iph->tos))
463 IP_ECN_set_ce(inner_iph);
466 static int ipip_rcv(struct sk_buff *skb)
468 struct ip_tunnel *tunnel;
469 const struct iphdr *iph = ip_hdr(skb);
471 read_lock(&ipip_lock);
472 if ((tunnel = ipip_tunnel_lookup(iph->saddr, iph->daddr)) != NULL) {
473 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
474 read_unlock(&ipip_lock);
481 skb->mac_header = skb->network_header;
482 skb_reset_network_header(skb);
483 skb->protocol = htons(ETH_P_IP);
484 skb->pkt_type = PACKET_HOST;
486 tunnel->stat.rx_packets++;
487 tunnel->stat.rx_bytes += skb->len;
488 skb->dev = tunnel->dev;
489 dst_release(skb->dst);
492 ipip_ecn_decapsulate(iph, skb);
494 read_unlock(&ipip_lock);
497 read_unlock(&ipip_lock);
503 * This function assumes it is being called from dev_queue_xmit()
504 * and that skb is filled properly by that function.
507 static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
509 struct ip_tunnel *tunnel = netdev_priv(dev);
510 struct net_device_stats *stats = &tunnel->stat;
511 struct iphdr *tiph = &tunnel->parms.iph;
512 u8 tos = tunnel->parms.iph.tos;
513 __be16 df = tiph->frag_off;
514 struct rtable *rt; /* Route to the other host */
515 struct net_device *tdev; /* Device to other host */
516 struct iphdr *old_iph = ip_hdr(skb);
517 struct iphdr *iph; /* Our new IP header */
518 unsigned int max_headroom; /* The extra header space needed */
519 __be32 dst = tiph->daddr;
522 if (tunnel->recursion++) {
523 tunnel->stat.collisions++;
527 if (skb->protocol != htons(ETH_P_IP))
535 if ((rt = (struct rtable*)skb->dst) == NULL) {
536 tunnel->stat.tx_fifo_errors++;
539 if ((dst = rt->rt_gateway) == 0)
544 struct flowi fl = { .oif = tunnel->parms.link,
547 .saddr = tiph->saddr,
548 .tos = RT_TOS(tos) } },
549 .proto = IPPROTO_IPIP };
550 if (ip_route_output_key(&init_net, &rt, &fl)) {
551 tunnel->stat.tx_carrier_errors++;
555 tdev = rt->u.dst.dev;
559 tunnel->stat.collisions++;
564 mtu = dst_mtu(&rt->u.dst) - sizeof(struct iphdr);
566 mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu;
569 tunnel->stat.collisions++;
574 skb->dst->ops->update_pmtu(skb->dst, mtu);
576 df |= (old_iph->frag_off&htons(IP_DF));
578 if ((old_iph->frag_off&htons(IP_DF)) && mtu < ntohs(old_iph->tot_len)) {
579 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
584 if (tunnel->err_count > 0) {
585 if (jiffies - tunnel->err_time < IPTUNNEL_ERR_TIMEO) {
587 dst_link_failure(skb);
589 tunnel->err_count = 0;
593 * Okay, now see if we can stuff it in the buffer as-is.
595 max_headroom = (LL_RESERVED_SPACE(tdev)+sizeof(struct iphdr));
597 if (skb_headroom(skb) < max_headroom || skb_shared(skb) ||
598 (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
599 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
608 skb_set_owner_w(new_skb, skb->sk);
611 old_iph = ip_hdr(skb);
614 skb->transport_header = skb->network_header;
615 skb_push(skb, sizeof(struct iphdr));
616 skb_reset_network_header(skb);
617 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
618 IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
620 dst_release(skb->dst);
621 skb->dst = &rt->u.dst;
624 * Push down and install the IPIP header.
629 iph->ihl = sizeof(struct iphdr)>>2;
631 iph->protocol = IPPROTO_IPIP;
632 iph->tos = INET_ECN_encapsulate(tos, old_iph->tos);
633 iph->daddr = rt->rt_dst;
634 iph->saddr = rt->rt_src;
636 if ((iph->ttl = tiph->ttl) == 0)
637 iph->ttl = old_iph->ttl;
646 dst_link_failure(skb);
654 static void ipip_tunnel_bind_dev(struct net_device *dev)
656 struct net_device *tdev = NULL;
657 struct ip_tunnel *tunnel;
660 tunnel = netdev_priv(dev);
661 iph = &tunnel->parms.iph;
664 struct flowi fl = { .oif = tunnel->parms.link,
666 { .daddr = iph->daddr,
668 .tos = RT_TOS(iph->tos) } },
669 .proto = IPPROTO_IPIP };
671 if (!ip_route_output_key(&init_net, &rt, &fl)) {
672 tdev = rt->u.dst.dev;
675 dev->flags |= IFF_POINTOPOINT;
678 if (!tdev && tunnel->parms.link)
679 tdev = __dev_get_by_index(&init_net, tunnel->parms.link);
682 dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr);
683 dev->mtu = tdev->mtu - sizeof(struct iphdr);
685 dev->iflink = tunnel->parms.link;
689 ipip_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
692 struct ip_tunnel_parm p;
698 if (dev == ipip_fb_tunnel_dev) {
699 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
703 t = ipip_tunnel_locate(&p, 0);
706 t = netdev_priv(dev);
707 memcpy(&p, &t->parms, sizeof(p));
708 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
715 if (!capable(CAP_NET_ADMIN))
719 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
723 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
724 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
727 p.iph.frag_off |= htons(IP_DF);
729 t = ipip_tunnel_locate(&p, cmd == SIOCADDTUNNEL);
731 if (dev != ipip_fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
738 if (((dev->flags&IFF_POINTOPOINT) && !p.iph.daddr) ||
739 (!(dev->flags&IFF_POINTOPOINT) && p.iph.daddr)) {
743 t = netdev_priv(dev);
744 ipip_tunnel_unlink(t);
745 t->parms.iph.saddr = p.iph.saddr;
746 t->parms.iph.daddr = p.iph.daddr;
747 memcpy(dev->dev_addr, &p.iph.saddr, 4);
748 memcpy(dev->broadcast, &p.iph.daddr, 4);
750 netdev_state_change(dev);
756 if (cmd == SIOCCHGTUNNEL) {
757 t->parms.iph.ttl = p.iph.ttl;
758 t->parms.iph.tos = p.iph.tos;
759 t->parms.iph.frag_off = p.iph.frag_off;
760 if (t->parms.link != p.link) {
761 t->parms.link = p.link;
762 ipip_tunnel_bind_dev(dev);
763 netdev_state_change(dev);
766 if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
769 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
774 if (!capable(CAP_NET_ADMIN))
777 if (dev == ipip_fb_tunnel_dev) {
779 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
782 if ((t = ipip_tunnel_locate(&p, 0)) == NULL)
785 if (t->dev == ipip_fb_tunnel_dev)
789 unregister_netdevice(dev);
801 static struct net_device_stats *ipip_tunnel_get_stats(struct net_device *dev)
803 return &(((struct ip_tunnel*)netdev_priv(dev))->stat);
806 static int ipip_tunnel_change_mtu(struct net_device *dev, int new_mtu)
808 if (new_mtu < 68 || new_mtu > 0xFFF8 - sizeof(struct iphdr))
814 static void ipip_tunnel_setup(struct net_device *dev)
816 dev->uninit = ipip_tunnel_uninit;
817 dev->hard_start_xmit = ipip_tunnel_xmit;
818 dev->get_stats = ipip_tunnel_get_stats;
819 dev->do_ioctl = ipip_tunnel_ioctl;
820 dev->change_mtu = ipip_tunnel_change_mtu;
821 dev->destructor = free_netdev;
823 dev->type = ARPHRD_TUNNEL;
824 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr);
825 dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr);
826 dev->flags = IFF_NOARP;
831 static int ipip_tunnel_init(struct net_device *dev)
833 struct ip_tunnel *tunnel;
835 tunnel = netdev_priv(dev);
838 strcpy(tunnel->parms.name, dev->name);
840 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
841 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
843 ipip_tunnel_bind_dev(dev);
848 static int __init ipip_fb_tunnel_init(struct net_device *dev)
850 struct ip_tunnel *tunnel = netdev_priv(dev);
851 struct iphdr *iph = &tunnel->parms.iph;
854 strcpy(tunnel->parms.name, dev->name);
857 iph->protocol = IPPROTO_IPIP;
861 tunnels_wc[0] = tunnel;
865 static struct xfrm_tunnel ipip_handler = {
867 .err_handler = ipip_err,
871 static char banner[] __initdata =
872 KERN_INFO "IPv4 over IPv4 tunneling driver\n";
874 static int __init ipip_init(void)
880 if (xfrm4_tunnel_register(&ipip_handler, AF_INET)) {
881 printk(KERN_INFO "ipip init: can't register tunnel\n");
885 ipip_fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel),
888 if (!ipip_fb_tunnel_dev) {
893 ipip_fb_tunnel_dev->init = ipip_fb_tunnel_init;
895 if ((err = register_netdev(ipip_fb_tunnel_dev)))
900 free_netdev(ipip_fb_tunnel_dev);
902 xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
906 static void __exit ipip_destroy_tunnels(void)
910 for (prio = 1; prio < 4; prio++) {
912 for (h = 0; h < HASH_SIZE; h++) {
914 while ((t = tunnels[prio][h]) != NULL)
915 unregister_netdevice(t->dev);
920 static void __exit ipip_fini(void)
922 if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
923 printk(KERN_INFO "ipip close: can't deregister tunnel\n");
926 ipip_destroy_tunnels();
927 unregister_netdevice(ipip_fb_tunnel_dev);
931 module_init(ipip_init);
932 module_exit(ipip_fini);
933 MODULE_LICENSE("GPL");
git.samba.org / sfrench / cifs-2.6.git / blob