• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	Linux NET3:	IP/IP protocol decoder.
4  *
5  *	Authors:
6  *		Sam Lantinga (slouken@cs.ucdavis.edu)  02/01/95
7  *
8  *	Fixes:
9  *		Alan Cox	:	Merged and made usable non modular (its so tiny its silly as
10  *					a module taking up 2 pages).
11  *		Alan Cox	: 	Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
12  *					to keep ip_forward happy.
13  *		Alan Cox	:	More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
14  *		Kai Schulte	:	Fixed #defines for IP_FIREWALL->FIREWALL
15  *              David Woodhouse :       Perform some basic ICMP handling.
16  *                                      IPIP Routing without decapsulation.
17  *              Carlos Picoto   :       GRE over IP support
18  *		Alexey Kuznetsov:	Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
19  *					I do not want to merge them together.
20  */
21 
22 /* tunnel.c: an IP tunnel driver
23 
24 	The purpose of this driver is to provide an IP tunnel through
25 	which you can tunnel network traffic transparently across subnets.
26 
27 	This was written by looking at Nick Holloway's dummy driver
28 	Thanks for the great code!
29 
30 		-Sam Lantinga	(slouken@cs.ucdavis.edu)  02/01/95
31 
32 	Minor tweaks:
33 		Cleaned up the code a little and added some pre-1.3.0 tweaks.
34 		dev->hard_header/hard_header_len changed to use no headers.
35 		Comments/bracketing tweaked.
36 		Made the tunnels use dev->name not tunnel: when error reporting.
37 		Added tx_dropped stat
38 
39 		-Alan Cox	(alan@lxorguk.ukuu.org.uk) 21 March 95
40 
41 	Reworked:
42 		Changed to tunnel to destination gateway in addition to the
43 			tunnel's pointopoint address
44 		Almost completely rewritten
45 		Note:  There is currently no firewall or ICMP handling done.
46 
47 		-Sam Lantinga	(slouken@cs.ucdavis.edu) 02/13/96
48 
49 */
50 
51 /* Things I wish I had known when writing the tunnel driver:
52 
53 	When the tunnel_xmit() function is called, the skb contains the
54 	packet to be sent (plus a great deal of extra info), and dev
55 	contains the tunnel device that _we_ are.
56 
57 	When we are passed a packet, we are expected to fill in the
58 	source address with our source IP address.
59 
60 	What is the proper way to allocate, copy and free a buffer?
61 	After you allocate it, it is a "0 length" chunk of memory
62 	starting at zero.  If you want to add headers to the buffer
63 	later, you'll have to call "skb_reserve(skb, amount)" with
64 	the amount of memory you want reserved.  Then, you call
65 	"skb_put(skb, amount)" with the amount of space you want in
66 	the buffer.  skb_put() returns a pointer to the top (#0) of
67 	that buffer.  skb->len is set to the amount of space you have
68 	"allocated" with skb_put().  You can then write up to skb->len
69 	bytes to that buffer.  If you need more, you can call skb_put()
70 	again with the additional amount of space you need.  You can
71 	find out how much more space you can allocate by calling
72 	"skb_tailroom(skb)".
73 	Now, to add header space, call "skb_push(skb, header_len)".
74 	This creates space at the beginning of the buffer and returns
75 	a pointer to this new space.  If later you need to strip a
76 	header from a buffer, call "skb_pull(skb, header_len)".
77 	skb_headroom() will return how much space is left at the top
78 	of the buffer (before the main data).  Remember, this headroom
79 	space must be reserved before the skb_put() function is called.
80 	*/
81 
82 /*
83    This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
84 
85    For comments look at net/ipv4/ip_gre.c --ANK
86  */
87 
88 
89 #include <linux/capability.h>
90 #include <linux/module.h>
91 #include <linux/types.h>
92 #include <linux/kernel.h>
93 #include <linux/slab.h>
94 #include <linux/uaccess.h>
95 #include <linux/skbuff.h>
96 #include <linux/netdevice.h>
97 #include <linux/in.h>
98 #include <linux/tcp.h>
99 #include <linux/udp.h>
100 #include <linux/if_arp.h>
101 #include <linux/init.h>
102 #include <linux/netfilter_ipv4.h>
103 #include <linux/if_ether.h>
104 
105 #include <net/sock.h>
106 #include <net/ip.h>
107 #include <net/icmp.h>
108 #include <net/ip_tunnels.h>
109 #include <net/inet_ecn.h>
110 #include <net/xfrm.h>
111 #include <net/net_namespace.h>
112 #include <net/netns/generic.h>
113 #include <net/dst_metadata.h>
114 
115 static bool log_ecn_error = true;
116 module_param(log_ecn_error, bool, 0644);
117 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
118 
119 static unsigned int ipip_net_id __read_mostly;
120 
121 static int ipip_tunnel_init(struct net_device *dev);
122 static struct rtnl_link_ops ipip_link_ops __read_mostly;
123 
ipip_err(struct sk_buff * skb,u32 info)124 static int ipip_err(struct sk_buff *skb, u32 info)
125 {
126 	/* All the routers (except for Linux) return only
127 	 * 8 bytes of packet payload. It means, that precise relaying of
128 	 * ICMP in the real Internet is absolutely infeasible.
129 	 */
130 	struct net *net = dev_net(skb->dev);
131 	struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
132 	const struct iphdr *iph = (const struct iphdr *)skb->data;
133 	const int type = icmp_hdr(skb)->type;
134 	const int code = icmp_hdr(skb)->code;
135 	struct ip_tunnel *t;
136 	int err = 0;
137 
138 	t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
139 			     iph->daddr, iph->saddr, 0);
140 	if (!t) {
141 		err = -ENOENT;
142 		goto out;
143 	}
144 
145 	switch (type) {
146 	case ICMP_DEST_UNREACH:
147 		switch (code) {
148 		case ICMP_SR_FAILED:
149 			/* Impossible event. */
150 			goto out;
151 		default:
152 			/* All others are translated to HOST_UNREACH.
153 			 * rfc2003 contains "deep thoughts" about NET_UNREACH,
154 			 * I believe they are just ether pollution. --ANK
155 			 */
156 			break;
157 		}
158 		break;
159 
160 	case ICMP_TIME_EXCEEDED:
161 		if (code != ICMP_EXC_TTL)
162 			goto out;
163 		break;
164 
165 	case ICMP_REDIRECT:
166 		break;
167 
168 	default:
169 		goto out;
170 	}
171 
172 	if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
173 		ipv4_update_pmtu(skb, net, info, t->parms.link, iph->protocol);
174 		goto out;
175 	}
176 
177 	if (type == ICMP_REDIRECT) {
178 		ipv4_redirect(skb, net, t->parms.link, iph->protocol);
179 		goto out;
180 	}
181 
182 	if (t->parms.iph.daddr == 0) {
183 		err = -ENOENT;
184 		goto out;
185 	}
186 
187 	if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
188 		goto out;
189 
190 	if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
191 		t->err_count++;
192 	else
193 		t->err_count = 1;
194 	t->err_time = jiffies;
195 
196 out:
197 	return err;
198 }
199 
200 static const struct tnl_ptk_info ipip_tpi = {
201 	/* no tunnel info required for ipip. */
202 	.proto = htons(ETH_P_IP),
203 };
204 
205 #if IS_ENABLED(CONFIG_MPLS)
206 static const struct tnl_ptk_info mplsip_tpi = {
207 	/* no tunnel info required for mplsip. */
208 	.proto = htons(ETH_P_MPLS_UC),
209 };
210 #endif
211 
ipip_tunnel_rcv(struct sk_buff * skb,u8 ipproto)212 static int ipip_tunnel_rcv(struct sk_buff *skb, u8 ipproto)
213 {
214 	struct net *net = dev_net(skb->dev);
215 	struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
216 	struct metadata_dst *tun_dst = NULL;
217 	struct ip_tunnel *tunnel;
218 	const struct iphdr *iph;
219 
220 	iph = ip_hdr(skb);
221 	tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
222 			iph->saddr, iph->daddr, 0);
223 	if (tunnel) {
224 		const struct tnl_ptk_info *tpi;
225 
226 		if (tunnel->parms.iph.protocol != ipproto &&
227 		    tunnel->parms.iph.protocol != 0)
228 			goto drop;
229 
230 		if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
231 			goto drop;
232 #if IS_ENABLED(CONFIG_MPLS)
233 		if (ipproto == IPPROTO_MPLS)
234 			tpi = &mplsip_tpi;
235 		else
236 #endif
237 			tpi = &ipip_tpi;
238 		if (iptunnel_pull_header(skb, 0, tpi->proto, false))
239 			goto drop;
240 		if (tunnel->collect_md) {
241 			tun_dst = ip_tun_rx_dst(skb, 0, 0, 0);
242 			if (!tun_dst)
243 				return 0;
244 		}
245 		return ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
246 	}
247 
248 	return -1;
249 
250 drop:
251 	kfree_skb(skb);
252 	return 0;
253 }
254 
ipip_rcv(struct sk_buff * skb)255 static int ipip_rcv(struct sk_buff *skb)
256 {
257 	return ipip_tunnel_rcv(skb, IPPROTO_IPIP);
258 }
259 
260 #if IS_ENABLED(CONFIG_MPLS)
mplsip_rcv(struct sk_buff * skb)261 static int mplsip_rcv(struct sk_buff *skb)
262 {
263 	return ipip_tunnel_rcv(skb, IPPROTO_MPLS);
264 }
265 #endif
266 
267 /*
268  *	This function assumes it is being called from dev_queue_xmit()
269  *	and that skb is filled properly by that function.
270  */
ipip_tunnel_xmit(struct sk_buff * skb,struct net_device * dev)271 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb,
272 				    struct net_device *dev)
273 {
274 	struct ip_tunnel *tunnel = netdev_priv(dev);
275 	const struct iphdr  *tiph = &tunnel->parms.iph;
276 	u8 ipproto;
277 
278 	if (!pskb_inet_may_pull(skb))
279 		goto tx_error;
280 
281 	switch (skb->protocol) {
282 	case htons(ETH_P_IP):
283 		ipproto = IPPROTO_IPIP;
284 		break;
285 #if IS_ENABLED(CONFIG_MPLS)
286 	case htons(ETH_P_MPLS_UC):
287 		ipproto = IPPROTO_MPLS;
288 		break;
289 #endif
290 	default:
291 		goto tx_error;
292 	}
293 
294 	if (tiph->protocol != ipproto && tiph->protocol != 0)
295 		goto tx_error;
296 
297 	if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP4))
298 		goto tx_error;
299 
300 	skb_set_inner_ipproto(skb, ipproto);
301 
302 	if (tunnel->collect_md)
303 		ip_md_tunnel_xmit(skb, dev, ipproto, 0);
304 	else
305 		ip_tunnel_xmit(skb, dev, tiph, ipproto);
306 	return NETDEV_TX_OK;
307 
308 tx_error:
309 	kfree_skb(skb);
310 
311 	dev->stats.tx_errors++;
312 	return NETDEV_TX_OK;
313 }
314 
ipip_tunnel_ioctl_verify_protocol(u8 ipproto)315 static bool ipip_tunnel_ioctl_verify_protocol(u8 ipproto)
316 {
317 	switch (ipproto) {
318 	case 0:
319 	case IPPROTO_IPIP:
320 #if IS_ENABLED(CONFIG_MPLS)
321 	case IPPROTO_MPLS:
322 #endif
323 		return true;
324 	}
325 
326 	return false;
327 }
328 
329 static int
ipip_tunnel_ioctl(struct net_device * dev,struct ifreq * ifr,int cmd)330 ipip_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
331 {
332 	int err = 0;
333 	struct ip_tunnel_parm p;
334 
335 	if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
336 		return -EFAULT;
337 
338 	if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
339 		if (p.iph.version != 4 ||
340 		    !ipip_tunnel_ioctl_verify_protocol(p.iph.protocol) ||
341 		    p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
342 			return -EINVAL;
343 	}
344 
345 	p.i_key = p.o_key = 0;
346 	p.i_flags = p.o_flags = 0;
347 	err = ip_tunnel_ioctl(dev, &p, cmd);
348 	if (err)
349 		return err;
350 
351 	if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
352 		return -EFAULT;
353 
354 	return 0;
355 }
356 
357 static const struct net_device_ops ipip_netdev_ops = {
358 	.ndo_init       = ipip_tunnel_init,
359 	.ndo_uninit     = ip_tunnel_uninit,
360 	.ndo_start_xmit	= ipip_tunnel_xmit,
361 	.ndo_do_ioctl	= ipip_tunnel_ioctl,
362 	.ndo_change_mtu = ip_tunnel_change_mtu,
363 	.ndo_get_stats64 = ip_tunnel_get_stats64,
364 	.ndo_get_iflink = ip_tunnel_get_iflink,
365 };
366 
367 #define IPIP_FEATURES (NETIF_F_SG |		\
368 		       NETIF_F_FRAGLIST |	\
369 		       NETIF_F_HIGHDMA |	\
370 		       NETIF_F_GSO_SOFTWARE |	\
371 		       NETIF_F_HW_CSUM)
372 
ipip_tunnel_setup(struct net_device * dev)373 static void ipip_tunnel_setup(struct net_device *dev)
374 {
375 	dev->netdev_ops		= &ipip_netdev_ops;
376 
377 	dev->type		= ARPHRD_TUNNEL;
378 	dev->flags		= IFF_NOARP;
379 	dev->addr_len		= 4;
380 	dev->features		|= NETIF_F_LLTX;
381 	netif_keep_dst(dev);
382 
383 	dev->features		|= IPIP_FEATURES;
384 	dev->hw_features	|= IPIP_FEATURES;
385 	ip_tunnel_setup(dev, ipip_net_id);
386 }
387 
ipip_tunnel_init(struct net_device * dev)388 static int ipip_tunnel_init(struct net_device *dev)
389 {
390 	struct ip_tunnel *tunnel = netdev_priv(dev);
391 
392 	memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
393 	memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
394 
395 	tunnel->tun_hlen = 0;
396 	tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
397 	return ip_tunnel_init(dev);
398 }
399 
ipip_tunnel_validate(struct nlattr * tb[],struct nlattr * data[],struct netlink_ext_ack * extack)400 static int ipip_tunnel_validate(struct nlattr *tb[], struct nlattr *data[],
401 				struct netlink_ext_ack *extack)
402 {
403 	u8 proto;
404 
405 	if (!data || !data[IFLA_IPTUN_PROTO])
406 		return 0;
407 
408 	proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
409 	if (proto != IPPROTO_IPIP && proto != IPPROTO_MPLS && proto != 0)
410 		return -EINVAL;
411 
412 	return 0;
413 }
414 
ipip_netlink_parms(struct nlattr * data[],struct ip_tunnel_parm * parms,bool * collect_md,__u32 * fwmark)415 static void ipip_netlink_parms(struct nlattr *data[],
416 			       struct ip_tunnel_parm *parms, bool *collect_md,
417 			       __u32 *fwmark)
418 {
419 	memset(parms, 0, sizeof(*parms));
420 
421 	parms->iph.version = 4;
422 	parms->iph.protocol = IPPROTO_IPIP;
423 	parms->iph.ihl = 5;
424 	*collect_md = false;
425 
426 	if (!data)
427 		return;
428 
429 	if (data[IFLA_IPTUN_LINK])
430 		parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]);
431 
432 	if (data[IFLA_IPTUN_LOCAL])
433 		parms->iph.saddr = nla_get_in_addr(data[IFLA_IPTUN_LOCAL]);
434 
435 	if (data[IFLA_IPTUN_REMOTE])
436 		parms->iph.daddr = nla_get_in_addr(data[IFLA_IPTUN_REMOTE]);
437 
438 	if (data[IFLA_IPTUN_TTL]) {
439 		parms->iph.ttl = nla_get_u8(data[IFLA_IPTUN_TTL]);
440 		if (parms->iph.ttl)
441 			parms->iph.frag_off = htons(IP_DF);
442 	}
443 
444 	if (data[IFLA_IPTUN_TOS])
445 		parms->iph.tos = nla_get_u8(data[IFLA_IPTUN_TOS]);
446 
447 	if (data[IFLA_IPTUN_PROTO])
448 		parms->iph.protocol = nla_get_u8(data[IFLA_IPTUN_PROTO]);
449 
450 	if (!data[IFLA_IPTUN_PMTUDISC] || nla_get_u8(data[IFLA_IPTUN_PMTUDISC]))
451 		parms->iph.frag_off = htons(IP_DF);
452 
453 	if (data[IFLA_IPTUN_COLLECT_METADATA])
454 		*collect_md = true;
455 
456 	if (data[IFLA_IPTUN_FWMARK])
457 		*fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]);
458 }
459 
460 /* This function returns true when ENCAP attributes are present in the nl msg */
ipip_netlink_encap_parms(struct nlattr * data[],struct ip_tunnel_encap * ipencap)461 static bool ipip_netlink_encap_parms(struct nlattr *data[],
462 				     struct ip_tunnel_encap *ipencap)
463 {
464 	bool ret = false;
465 
466 	memset(ipencap, 0, sizeof(*ipencap));
467 
468 	if (!data)
469 		return ret;
470 
471 	if (data[IFLA_IPTUN_ENCAP_TYPE]) {
472 		ret = true;
473 		ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]);
474 	}
475 
476 	if (data[IFLA_IPTUN_ENCAP_FLAGS]) {
477 		ret = true;
478 		ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]);
479 	}
480 
481 	if (data[IFLA_IPTUN_ENCAP_SPORT]) {
482 		ret = true;
483 		ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]);
484 	}
485 
486 	if (data[IFLA_IPTUN_ENCAP_DPORT]) {
487 		ret = true;
488 		ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]);
489 	}
490 
491 	return ret;
492 }
493 
ipip_newlink(struct net * src_net,struct net_device * dev,struct nlattr * tb[],struct nlattr * data[],struct netlink_ext_ack * extack)494 static int ipip_newlink(struct net *src_net, struct net_device *dev,
495 			struct nlattr *tb[], struct nlattr *data[],
496 			struct netlink_ext_ack *extack)
497 {
498 	struct ip_tunnel *t = netdev_priv(dev);
499 	struct ip_tunnel_parm p;
500 	struct ip_tunnel_encap ipencap;
501 	__u32 fwmark = 0;
502 
503 	if (ipip_netlink_encap_parms(data, &ipencap)) {
504 		int err = ip_tunnel_encap_setup(t, &ipencap);
505 
506 		if (err < 0)
507 			return err;
508 	}
509 
510 	ipip_netlink_parms(data, &p, &t->collect_md, &fwmark);
511 	return ip_tunnel_newlink(dev, tb, &p, fwmark);
512 }
513 
ipip_changelink(struct net_device * dev,struct nlattr * tb[],struct nlattr * data[],struct netlink_ext_ack * extack)514 static int ipip_changelink(struct net_device *dev, struct nlattr *tb[],
515 			   struct nlattr *data[],
516 			   struct netlink_ext_ack *extack)
517 {
518 	struct ip_tunnel *t = netdev_priv(dev);
519 	struct ip_tunnel_parm p;
520 	struct ip_tunnel_encap ipencap;
521 	bool collect_md;
522 	__u32 fwmark = t->fwmark;
523 
524 	if (ipip_netlink_encap_parms(data, &ipencap)) {
525 		int err = ip_tunnel_encap_setup(t, &ipencap);
526 
527 		if (err < 0)
528 			return err;
529 	}
530 
531 	ipip_netlink_parms(data, &p, &collect_md, &fwmark);
532 	if (collect_md)
533 		return -EINVAL;
534 
535 	if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
536 	    (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
537 		return -EINVAL;
538 
539 	return ip_tunnel_changelink(dev, tb, &p, fwmark);
540 }
541 
ipip_get_size(const struct net_device * dev)542 static size_t ipip_get_size(const struct net_device *dev)
543 {
544 	return
545 		/* IFLA_IPTUN_LINK */
546 		nla_total_size(4) +
547 		/* IFLA_IPTUN_LOCAL */
548 		nla_total_size(4) +
549 		/* IFLA_IPTUN_REMOTE */
550 		nla_total_size(4) +
551 		/* IFLA_IPTUN_TTL */
552 		nla_total_size(1) +
553 		/* IFLA_IPTUN_TOS */
554 		nla_total_size(1) +
555 		/* IFLA_IPTUN_PROTO */
556 		nla_total_size(1) +
557 		/* IFLA_IPTUN_PMTUDISC */
558 		nla_total_size(1) +
559 		/* IFLA_IPTUN_ENCAP_TYPE */
560 		nla_total_size(2) +
561 		/* IFLA_IPTUN_ENCAP_FLAGS */
562 		nla_total_size(2) +
563 		/* IFLA_IPTUN_ENCAP_SPORT */
564 		nla_total_size(2) +
565 		/* IFLA_IPTUN_ENCAP_DPORT */
566 		nla_total_size(2) +
567 		/* IFLA_IPTUN_COLLECT_METADATA */
568 		nla_total_size(0) +
569 		/* IFLA_IPTUN_FWMARK */
570 		nla_total_size(4) +
571 		0;
572 }
573 
ipip_fill_info(struct sk_buff * skb,const struct net_device * dev)574 static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev)
575 {
576 	struct ip_tunnel *tunnel = netdev_priv(dev);
577 	struct ip_tunnel_parm *parm = &tunnel->parms;
578 
579 	if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
580 	    nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
581 	    nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
582 	    nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
583 	    nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
584 	    nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->iph.protocol) ||
585 	    nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
586 		       !!(parm->iph.frag_off & htons(IP_DF))) ||
587 	    nla_put_u32(skb, IFLA_IPTUN_FWMARK, tunnel->fwmark))
588 		goto nla_put_failure;
589 
590 	if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
591 			tunnel->encap.type) ||
592 	    nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
593 			 tunnel->encap.sport) ||
594 	    nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
595 			 tunnel->encap.dport) ||
596 	    nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
597 			tunnel->encap.flags))
598 		goto nla_put_failure;
599 
600 	if (tunnel->collect_md)
601 		if (nla_put_flag(skb, IFLA_IPTUN_COLLECT_METADATA))
602 			goto nla_put_failure;
603 	return 0;
604 
605 nla_put_failure:
606 	return -EMSGSIZE;
607 }
608 
609 static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
610 	[IFLA_IPTUN_LINK]		= { .type = NLA_U32 },
611 	[IFLA_IPTUN_LOCAL]		= { .type = NLA_U32 },
612 	[IFLA_IPTUN_REMOTE]		= { .type = NLA_U32 },
613 	[IFLA_IPTUN_TTL]		= { .type = NLA_U8 },
614 	[IFLA_IPTUN_TOS]		= { .type = NLA_U8 },
615 	[IFLA_IPTUN_PROTO]		= { .type = NLA_U8 },
616 	[IFLA_IPTUN_PMTUDISC]		= { .type = NLA_U8 },
617 	[IFLA_IPTUN_ENCAP_TYPE]		= { .type = NLA_U16 },
618 	[IFLA_IPTUN_ENCAP_FLAGS]	= { .type = NLA_U16 },
619 	[IFLA_IPTUN_ENCAP_SPORT]	= { .type = NLA_U16 },
620 	[IFLA_IPTUN_ENCAP_DPORT]	= { .type = NLA_U16 },
621 	[IFLA_IPTUN_COLLECT_METADATA]	= { .type = NLA_FLAG },
622 	[IFLA_IPTUN_FWMARK]		= { .type = NLA_U32 },
623 };
624 
625 static struct rtnl_link_ops ipip_link_ops __read_mostly = {
626 	.kind		= "ipip",
627 	.maxtype	= IFLA_IPTUN_MAX,
628 	.policy		= ipip_policy,
629 	.priv_size	= sizeof(struct ip_tunnel),
630 	.setup		= ipip_tunnel_setup,
631 	.validate	= ipip_tunnel_validate,
632 	.newlink	= ipip_newlink,
633 	.changelink	= ipip_changelink,
634 	.dellink	= ip_tunnel_dellink,
635 	.get_size	= ipip_get_size,
636 	.fill_info	= ipip_fill_info,
637 	.get_link_net	= ip_tunnel_get_link_net,
638 };
639 
640 static struct xfrm_tunnel ipip_handler __read_mostly = {
641 	.handler	=	ipip_rcv,
642 	.err_handler	=	ipip_err,
643 	.priority	=	1,
644 };
645 
646 #if IS_ENABLED(CONFIG_MPLS)
647 static struct xfrm_tunnel mplsip_handler __read_mostly = {
648 	.handler	=	mplsip_rcv,
649 	.err_handler	=	ipip_err,
650 	.priority	=	1,
651 };
652 #endif
653 
ipip_init_net(struct net * net)654 static int __net_init ipip_init_net(struct net *net)
655 {
656 	return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
657 }
658 
ipip_exit_batch_net(struct list_head * list_net)659 static void __net_exit ipip_exit_batch_net(struct list_head *list_net)
660 {
661 	ip_tunnel_delete_nets(list_net, ipip_net_id, &ipip_link_ops);
662 }
663 
664 static struct pernet_operations ipip_net_ops = {
665 	.init = ipip_init_net,
666 	.exit_batch = ipip_exit_batch_net,
667 	.id   = &ipip_net_id,
668 	.size = sizeof(struct ip_tunnel_net),
669 };
670 
ipip_init(void)671 static int __init ipip_init(void)
672 {
673 	int err;
674 
675 	pr_info("ipip: IPv4 and MPLS over IPv4 tunneling driver\n");
676 
677 	err = register_pernet_device(&ipip_net_ops);
678 	if (err < 0)
679 		return err;
680 	err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
681 	if (err < 0) {
682 		pr_info("%s: can't register tunnel\n", __func__);
683 		goto xfrm_tunnel_ipip_failed;
684 	}
685 #if IS_ENABLED(CONFIG_MPLS)
686 	err = xfrm4_tunnel_register(&mplsip_handler, AF_MPLS);
687 	if (err < 0) {
688 		pr_info("%s: can't register tunnel\n", __func__);
689 		goto xfrm_tunnel_mplsip_failed;
690 	}
691 #endif
692 	err = rtnl_link_register(&ipip_link_ops);
693 	if (err < 0)
694 		goto rtnl_link_failed;
695 
696 out:
697 	return err;
698 
699 rtnl_link_failed:
700 #if IS_ENABLED(CONFIG_MPLS)
701 	xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS);
702 xfrm_tunnel_mplsip_failed:
703 
704 #endif
705 	xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
706 xfrm_tunnel_ipip_failed:
707 	unregister_pernet_device(&ipip_net_ops);
708 	goto out;
709 }
710 
ipip_fini(void)711 static void __exit ipip_fini(void)
712 {
713 	rtnl_link_unregister(&ipip_link_ops);
714 	if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
715 		pr_info("%s: can't deregister tunnel\n", __func__);
716 #if IS_ENABLED(CONFIG_MPLS)
717 	if (xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS))
718 		pr_info("%s: can't deregister tunnel\n", __func__);
719 #endif
720 	unregister_pernet_device(&ipip_net_ops);
721 }
722 
723 module_init(ipip_init);
724 module_exit(ipip_fini);
725 MODULE_LICENSE("GPL");
726 MODULE_ALIAS_RTNL_LINK("ipip");
727 MODULE_ALIAS_NETDEV("tunl0");
728