1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18#include <linux/module.h>
19#include <linux/capability.h>
20#include <linux/errno.h>
21#include <linux/types.h>
22#include <linux/sockios.h>
23#include <linux/icmp.h>
24#include <linux/if.h>
25#include <linux/in.h>
26#include <linux/ip.h>
27#include <linux/net.h>
28#include <linux/in6.h>
29#include <linux/netdevice.h>
30#include <linux/if_arp.h>
31#include <linux/icmpv6.h>
32#include <linux/init.h>
33#include <linux/route.h>
34#include <linux/rtnetlink.h>
35#include <linux/netfilter_ipv6.h>
36#include <linux/slab.h>
37#include <linux/hash.h>
38
39#include <linux/uaccess.h>
40#include <linux/atomic.h>
41
42#include <net/icmp.h>
43#include <net/ip.h>
44#include <net/ip_tunnels.h>
45#include <net/ipv6.h>
46#include <net/ip6_route.h>
47#include <net/addrconf.h>
48#include <net/ip6_tunnel.h>
49#include <net/xfrm.h>
50#include <net/net_namespace.h>
51#include <net/netns/generic.h>
52#include <linux/etherdevice.h>
53
54#define IP6_VTI_HASH_SIZE_SHIFT 5
55#define IP6_VTI_HASH_SIZE (1 << IP6_VTI_HASH_SIZE_SHIFT)
56
57static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
58{
59 u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2);
60
61 return hash_32(hash, IP6_VTI_HASH_SIZE_SHIFT);
62}
63
64static int vti6_dev_init(struct net_device *dev);
65static void vti6_dev_setup(struct net_device *dev);
66static struct rtnl_link_ops vti6_link_ops __read_mostly;
67
68static unsigned int vti6_net_id __read_mostly;
69struct vti6_net {
70
71 struct net_device *fb_tnl_dev;
72
73 struct ip6_tnl __rcu *tnls_r_l[IP6_VTI_HASH_SIZE];
74 struct ip6_tnl __rcu *tnls_wc[1];
75 struct ip6_tnl __rcu **tnls[2];
76};
77
78#define for_each_vti6_tunnel_rcu(start) \
79 for (t = rcu_dereference(start); t; t = rcu_dereference(t->next))
80
81
82
83
84
85
86
87
88
89
90
91
92static struct ip6_tnl *
93vti6_tnl_lookup(struct net *net, const struct in6_addr *remote,
94 const struct in6_addr *local)
95{
96 unsigned int hash = HASH(remote, local);
97 struct ip6_tnl *t;
98 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
99 struct in6_addr any;
100
101 for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
102 if (ipv6_addr_equal(local, &t->parms.laddr) &&
103 ipv6_addr_equal(remote, &t->parms.raddr) &&
104 (t->dev->flags & IFF_UP))
105 return t;
106 }
107
108 memset(&any, 0, sizeof(any));
109 hash = HASH(&any, local);
110 for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
111 if (ipv6_addr_equal(local, &t->parms.laddr) &&
112 (t->dev->flags & IFF_UP))
113 return t;
114 }
115
116 hash = HASH(remote, &any);
117 for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
118 if (ipv6_addr_equal(remote, &t->parms.raddr) &&
119 (t->dev->flags & IFF_UP))
120 return t;
121 }
122
123 t = rcu_dereference(ip6n->tnls_wc[0]);
124 if (t && (t->dev->flags & IFF_UP))
125 return t;
126
127 return NULL;
128}
129
130
131
132
133
134
135
136
137
138
139
140static struct ip6_tnl __rcu **
141vti6_tnl_bucket(struct vti6_net *ip6n, const struct __ip6_tnl_parm *p)
142{
143 const struct in6_addr *remote = &p->raddr;
144 const struct in6_addr *local = &p->laddr;
145 unsigned int h = 0;
146 int prio = 0;
147
148 if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) {
149 prio = 1;
150 h = HASH(remote, local);
151 }
152 return &ip6n->tnls[prio][h];
153}
154
155static void
156vti6_tnl_link(struct vti6_net *ip6n, struct ip6_tnl *t)
157{
158 struct ip6_tnl __rcu **tp = vti6_tnl_bucket(ip6n, &t->parms);
159
160 rcu_assign_pointer(t->next , rtnl_dereference(*tp));
161 rcu_assign_pointer(*tp, t);
162}
163
164static void
165vti6_tnl_unlink(struct vti6_net *ip6n, struct ip6_tnl *t)
166{
167 struct ip6_tnl __rcu **tp;
168 struct ip6_tnl *iter;
169
170 for (tp = vti6_tnl_bucket(ip6n, &t->parms);
171 (iter = rtnl_dereference(*tp)) != NULL;
172 tp = &iter->next) {
173 if (t == iter) {
174 rcu_assign_pointer(*tp, t->next);
175 break;
176 }
177 }
178}
179
180static void vti6_dev_free(struct net_device *dev)
181{
182 free_percpu(dev->tstats);
183}
184
185static int vti6_tnl_create2(struct net_device *dev)
186{
187 struct ip6_tnl *t = netdev_priv(dev);
188 struct net *net = dev_net(dev);
189 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
190 int err;
191
192 dev->rtnl_link_ops = &vti6_link_ops;
193 err = register_netdevice(dev);
194 if (err < 0)
195 goto out;
196
197 strcpy(t->parms.name, dev->name);
198
199 dev_hold(dev);
200 vti6_tnl_link(ip6n, t);
201
202 return 0;
203
204out:
205 return err;
206}
207
208static struct ip6_tnl *vti6_tnl_create(struct net *net, struct __ip6_tnl_parm *p)
209{
210 struct net_device *dev;
211 struct ip6_tnl *t;
212 char name[IFNAMSIZ];
213 int err;
214
215 if (p->name[0]) {
216 if (!dev_valid_name(p->name))
217 goto failed;
218 strlcpy(name, p->name, IFNAMSIZ);
219 } else {
220 sprintf(name, "ip6_vti%%d");
221 }
222
223 dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, vti6_dev_setup);
224 if (!dev)
225 goto failed;
226
227 dev_net_set(dev, net);
228
229 t = netdev_priv(dev);
230 t->parms = *p;
231 t->net = dev_net(dev);
232
233 err = vti6_tnl_create2(dev);
234 if (err < 0)
235 goto failed_free;
236
237 return t;
238
239failed_free:
240 free_netdev(dev);
241failed:
242 return NULL;
243}
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259static struct ip6_tnl *vti6_locate(struct net *net, struct __ip6_tnl_parm *p,
260 int create)
261{
262 const struct in6_addr *remote = &p->raddr;
263 const struct in6_addr *local = &p->laddr;
264 struct ip6_tnl __rcu **tp;
265 struct ip6_tnl *t;
266 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
267
268 for (tp = vti6_tnl_bucket(ip6n, p);
269 (t = rtnl_dereference(*tp)) != NULL;
270 tp = &t->next) {
271 if (ipv6_addr_equal(local, &t->parms.laddr) &&
272 ipv6_addr_equal(remote, &t->parms.raddr)) {
273 if (create)
274 return NULL;
275
276 return t;
277 }
278 }
279 if (!create)
280 return NULL;
281 return vti6_tnl_create(net, p);
282}
283
284
285
286
287
288
289
290
291static void vti6_dev_uninit(struct net_device *dev)
292{
293 struct ip6_tnl *t = netdev_priv(dev);
294 struct vti6_net *ip6n = net_generic(t->net, vti6_net_id);
295
296 if (dev == ip6n->fb_tnl_dev)
297 RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL);
298 else
299 vti6_tnl_unlink(ip6n, t);
300 dev_put(dev);
301}
302
303static int vti6_rcv(struct sk_buff *skb)
304{
305 struct ip6_tnl *t;
306 const struct ipv6hdr *ipv6h = ipv6_hdr(skb);
307
308 rcu_read_lock();
309 t = vti6_tnl_lookup(dev_net(skb->dev), &ipv6h->saddr, &ipv6h->daddr);
310 if (t) {
311 if (t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) {
312 rcu_read_unlock();
313 goto discard;
314 }
315
316 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
317 rcu_read_unlock();
318 return 0;
319 }
320
321 if (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr)) {
322 t->dev->stats.rx_dropped++;
323 rcu_read_unlock();
324 goto discard;
325 }
326
327 rcu_read_unlock();
328
329 return xfrm6_rcv_tnl(skb, t);
330 }
331 rcu_read_unlock();
332 return -EINVAL;
333discard:
334 kfree_skb(skb);
335 return 0;
336}
337
338static int vti6_rcv_cb(struct sk_buff *skb, int err)
339{
340 unsigned short family;
341 struct net_device *dev;
342 struct pcpu_sw_netstats *tstats;
343 struct xfrm_state *x;
344 struct xfrm_mode *inner_mode;
345 struct ip6_tnl *t = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6;
346 u32 orig_mark = skb->mark;
347 int ret;
348
349 if (!t)
350 return 1;
351
352 dev = t->dev;
353
354 if (err) {
355 dev->stats.rx_errors++;
356 dev->stats.rx_dropped++;
357
358 return 0;
359 }
360
361 x = xfrm_input_state(skb);
362
363 inner_mode = x->inner_mode;
364
365 if (x->sel.family == AF_UNSPEC) {
366 inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
367 if (inner_mode == NULL) {
368 XFRM_INC_STATS(dev_net(skb->dev),
369 LINUX_MIB_XFRMINSTATEMODEERROR);
370 return -EINVAL;
371 }
372 }
373
374 family = inner_mode->afinfo->family;
375
376 skb->mark = be32_to_cpu(t->parms.i_key);
377 ret = xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family);
378 skb->mark = orig_mark;
379
380 if (!ret)
381 return -EPERM;
382
383 skb_scrub_packet(skb, !net_eq(t->net, dev_net(skb->dev)));
384 skb->dev = dev;
385
386 tstats = this_cpu_ptr(dev->tstats);
387 u64_stats_update_begin(&tstats->syncp);
388 tstats->rx_packets++;
389 tstats->rx_bytes += skb->len;
390 u64_stats_update_end(&tstats->syncp);
391
392 return 0;
393}
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408static inline bool
409vti6_addr_conflict(const struct ip6_tnl *t, const struct ipv6hdr *hdr)
410{
411 return ipv6_addr_equal(&t->parms.raddr, &hdr->saddr);
412}
413
414static bool vti6_state_check(const struct xfrm_state *x,
415 const struct in6_addr *dst,
416 const struct in6_addr *src)
417{
418 xfrm_address_t *daddr = (xfrm_address_t *)dst;
419 xfrm_address_t *saddr = (xfrm_address_t *)src;
420
421
422
423
424 if (!x || x->props.mode != XFRM_MODE_TUNNEL ||
425 x->props.family != AF_INET6)
426 return false;
427
428 if (ipv6_addr_any(dst))
429 return xfrm_addr_equal(saddr, &x->props.saddr, AF_INET6);
430
431 if (!xfrm_state_addr_check(x, daddr, saddr, AF_INET6))
432 return false;
433
434 return true;
435}
436
437
438
439
440
441
442
443static int
444vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
445{
446 struct ip6_tnl *t = netdev_priv(dev);
447 struct net_device_stats *stats = &t->dev->stats;
448 struct dst_entry *dst = skb_dst(skb);
449 struct net_device *tdev;
450 struct xfrm_state *x;
451 int pkt_len = skb->len;
452 int err = -1;
453 int mtu;
454
455 if (!dst)
456 goto tx_err_link_failure;
457
458 dst_hold(dst);
459 dst = xfrm_lookup(t->net, dst, fl, NULL, 0);
460 if (IS_ERR(dst)) {
461 err = PTR_ERR(dst);
462 dst = NULL;
463 goto tx_err_link_failure;
464 }
465
466 x = dst->xfrm;
467 if (!vti6_state_check(x, &t->parms.raddr, &t->parms.laddr))
468 goto tx_err_link_failure;
469
470 if (!ip6_tnl_xmit_ctl(t, (const struct in6_addr *)&x->props.saddr,
471 (const struct in6_addr *)&x->id.daddr))
472 goto tx_err_link_failure;
473
474 tdev = dst->dev;
475
476 if (tdev == dev) {
477 stats->collisions++;
478 net_warn_ratelimited("%s: Local routing loop detected!\n",
479 t->parms.name);
480 goto tx_err_dst_release;
481 }
482
483 skb_scrub_packet(skb, !net_eq(t->net, dev_net(dev)));
484 skb_dst_set(skb, dst);
485 skb->dev = skb_dst(skb)->dev;
486
487 mtu = dst_mtu(dst);
488 if (!skb->ignore_df && skb->len > mtu) {
489 skb_dst_update_pmtu(skb, mtu);
490
491 if (skb->protocol == htons(ETH_P_IPV6)) {
492 if (mtu < IPV6_MIN_MTU)
493 mtu = IPV6_MIN_MTU;
494
495 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
496 } else {
497 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
498 htonl(mtu));
499 }
500
501 return -EMSGSIZE;
502 }
503
504 err = dst_output(t->net, skb->sk, skb);
505 if (net_xmit_eval(err) == 0) {
506 struct pcpu_sw_netstats *tstats = this_cpu_ptr(dev->tstats);
507
508 u64_stats_update_begin(&tstats->syncp);
509 tstats->tx_bytes += pkt_len;
510 tstats->tx_packets++;
511 u64_stats_update_end(&tstats->syncp);
512 } else {
513 stats->tx_errors++;
514 stats->tx_aborted_errors++;
515 }
516
517 return 0;
518tx_err_link_failure:
519 stats->tx_carrier_errors++;
520 dst_link_failure(skb);
521tx_err_dst_release:
522 dst_release(dst);
523 return err;
524}
525
526static netdev_tx_t
527vti6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
528{
529 struct ip6_tnl *t = netdev_priv(dev);
530 struct net_device_stats *stats = &t->dev->stats;
531 struct ipv6hdr *ipv6h;
532 struct flowi fl;
533 int ret;
534
535 memset(&fl, 0, sizeof(fl));
536
537 switch (skb->protocol) {
538 case htons(ETH_P_IPV6):
539 ipv6h = ipv6_hdr(skb);
540
541 if ((t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) ||
542 vti6_addr_conflict(t, ipv6h))
543 goto tx_err;
544
545 xfrm_decode_session(skb, &fl, AF_INET6);
546 memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
547 break;
548 case htons(ETH_P_IP):
549 xfrm_decode_session(skb, &fl, AF_INET);
550 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
551 break;
552 default:
553 goto tx_err;
554 }
555
556
557 fl.flowi_mark = be32_to_cpu(t->parms.o_key);
558
559 ret = vti6_xmit(skb, dev, &fl);
560 if (ret < 0)
561 goto tx_err;
562
563 return NETDEV_TX_OK;
564
565tx_err:
566 stats->tx_errors++;
567 stats->tx_dropped++;
568 kfree_skb(skb);
569 return NETDEV_TX_OK;
570}
571
572static int vti6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
573 u8 type, u8 code, int offset, __be32 info)
574{
575 __be32 spi;
576 __u32 mark;
577 struct xfrm_state *x;
578 struct ip6_tnl *t;
579 struct ip_esp_hdr *esph;
580 struct ip_auth_hdr *ah;
581 struct ip_comp_hdr *ipch;
582 struct net *net = dev_net(skb->dev);
583 const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
584 int protocol = iph->nexthdr;
585
586 t = vti6_tnl_lookup(dev_net(skb->dev), &iph->daddr, &iph->saddr);
587 if (!t)
588 return -1;
589
590 mark = be32_to_cpu(t->parms.o_key);
591
592 switch (protocol) {
593 case IPPROTO_ESP:
594 esph = (struct ip_esp_hdr *)(skb->data + offset);
595 spi = esph->spi;
596 break;
597 case IPPROTO_AH:
598 ah = (struct ip_auth_hdr *)(skb->data + offset);
599 spi = ah->spi;
600 break;
601 case IPPROTO_COMP:
602 ipch = (struct ip_comp_hdr *)(skb->data + offset);
603 spi = htonl(ntohs(ipch->cpi));
604 break;
605 default:
606 return 0;
607 }
608
609 if (type != ICMPV6_PKT_TOOBIG &&
610 type != NDISC_REDIRECT)
611 return 0;
612
613 x = xfrm_state_lookup(net, mark, (const xfrm_address_t *)&iph->daddr,
614 spi, protocol, AF_INET6);
615 if (!x)
616 return 0;
617
618 if (type == NDISC_REDIRECT)
619 ip6_redirect(skb, net, skb->dev->ifindex, 0,
620 sock_net_uid(net, NULL));
621 else
622 ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
623 xfrm_state_put(x);
624
625 return 0;
626}
627
628static void vti6_link_config(struct ip6_tnl *t, bool keep_mtu)
629{
630 struct net_device *dev = t->dev;
631 struct __ip6_tnl_parm *p = &t->parms;
632 struct net_device *tdev = NULL;
633 int mtu;
634
635 memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr));
636 memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr));
637
638 p->flags &= ~(IP6_TNL_F_CAP_XMIT | IP6_TNL_F_CAP_RCV |
639 IP6_TNL_F_CAP_PER_PACKET);
640 p->flags |= ip6_tnl_get_cap(t, &p->laddr, &p->raddr);
641
642 if (p->flags & IP6_TNL_F_CAP_XMIT && p->flags & IP6_TNL_F_CAP_RCV)
643 dev->flags |= IFF_POINTOPOINT;
644 else
645 dev->flags &= ~IFF_POINTOPOINT;
646
647 if (keep_mtu && dev->mtu) {
648 dev->mtu = clamp(dev->mtu, dev->min_mtu, dev->max_mtu);
649 return;
650 }
651
652 if (p->flags & IP6_TNL_F_CAP_XMIT) {
653 int strict = (ipv6_addr_type(&p->raddr) &
654 (IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL));
655 struct rt6_info *rt = rt6_lookup(t->net,
656 &p->raddr, &p->laddr,
657 p->link, NULL, strict);
658
659 if (rt)
660 tdev = rt->dst.dev;
661 ip6_rt_put(rt);
662 }
663
664 if (!tdev && p->link)
665 tdev = __dev_get_by_index(t->net, p->link);
666
667 if (tdev)
668 mtu = tdev->mtu - sizeof(struct ipv6hdr);
669 else
670 mtu = ETH_DATA_LEN - LL_MAX_HEADER - sizeof(struct ipv6hdr);
671
672 dev->mtu = max_t(int, mtu, IPV4_MIN_MTU);
673}
674
675
676
677
678
679
680
681
682
683
684static int
685vti6_tnl_change(struct ip6_tnl *t, const struct __ip6_tnl_parm *p,
686 bool keep_mtu)
687{
688 t->parms.laddr = p->laddr;
689 t->parms.raddr = p->raddr;
690 t->parms.link = p->link;
691 t->parms.i_key = p->i_key;
692 t->parms.o_key = p->o_key;
693 t->parms.proto = p->proto;
694 t->parms.fwmark = p->fwmark;
695 dst_cache_reset(&t->dst_cache);
696 vti6_link_config(t, keep_mtu);
697 return 0;
698}
699
700static int vti6_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p,
701 bool keep_mtu)
702{
703 struct net *net = dev_net(t->dev);
704 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
705 int err;
706
707 vti6_tnl_unlink(ip6n, t);
708 synchronize_net();
709 err = vti6_tnl_change(t, p, keep_mtu);
710 vti6_tnl_link(ip6n, t);
711 netdev_state_change(t->dev);
712 return err;
713}
714
715static void
716vti6_parm_from_user(struct __ip6_tnl_parm *p, const struct ip6_tnl_parm2 *u)
717{
718 p->laddr = u->laddr;
719 p->raddr = u->raddr;
720 p->link = u->link;
721 p->i_key = u->i_key;
722 p->o_key = u->o_key;
723 p->proto = u->proto;
724
725 memcpy(p->name, u->name, sizeof(u->name));
726}
727
728static void
729vti6_parm_to_user(struct ip6_tnl_parm2 *u, const struct __ip6_tnl_parm *p)
730{
731 u->laddr = p->laddr;
732 u->raddr = p->raddr;
733 u->link = p->link;
734 u->i_key = p->i_key;
735 u->o_key = p->o_key;
736 if (u->i_key)
737 u->i_flags |= GRE_KEY;
738 if (u->o_key)
739 u->o_flags |= GRE_KEY;
740 u->proto = p->proto;
741
742 memcpy(u->name, p->name, sizeof(u->name));
743}
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772static int
773vti6_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
774{
775 int err = 0;
776 struct ip6_tnl_parm2 p;
777 struct __ip6_tnl_parm p1;
778 struct ip6_tnl *t = NULL;
779 struct net *net = dev_net(dev);
780 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
781
782 switch (cmd) {
783 case SIOCGETTUNNEL:
784 if (dev == ip6n->fb_tnl_dev) {
785 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
786 err = -EFAULT;
787 break;
788 }
789 vti6_parm_from_user(&p1, &p);
790 t = vti6_locate(net, &p1, 0);
791 } else {
792 memset(&p, 0, sizeof(p));
793 }
794 if (!t)
795 t = netdev_priv(dev);
796 vti6_parm_to_user(&p, &t->parms);
797 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
798 err = -EFAULT;
799 break;
800 case SIOCADDTUNNEL:
801 case SIOCCHGTUNNEL:
802 err = -EPERM;
803 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
804 break;
805 err = -EFAULT;
806 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
807 break;
808 err = -EINVAL;
809 if (p.proto != IPPROTO_IPV6 && p.proto != 0)
810 break;
811 vti6_parm_from_user(&p1, &p);
812 t = vti6_locate(net, &p1, cmd == SIOCADDTUNNEL);
813 if (dev != ip6n->fb_tnl_dev && cmd == SIOCCHGTUNNEL) {
814 if (t) {
815 if (t->dev != dev) {
816 err = -EEXIST;
817 break;
818 }
819 } else
820 t = netdev_priv(dev);
821
822 err = vti6_update(t, &p1, false);
823 }
824 if (t) {
825 err = 0;
826 vti6_parm_to_user(&p, &t->parms);
827 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
828 err = -EFAULT;
829
830 } else
831 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
832 break;
833 case SIOCDELTUNNEL:
834 err = -EPERM;
835 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
836 break;
837
838 if (dev == ip6n->fb_tnl_dev) {
839 err = -EFAULT;
840 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
841 break;
842 err = -ENOENT;
843 vti6_parm_from_user(&p1, &p);
844 t = vti6_locate(net, &p1, 0);
845 if (!t)
846 break;
847 err = -EPERM;
848 if (t->dev == ip6n->fb_tnl_dev)
849 break;
850 dev = t->dev;
851 }
852 err = 0;
853 unregister_netdevice(dev);
854 break;
855 default:
856 err = -EINVAL;
857 }
858 return err;
859}
860
861static const struct net_device_ops vti6_netdev_ops = {
862 .ndo_init = vti6_dev_init,
863 .ndo_uninit = vti6_dev_uninit,
864 .ndo_start_xmit = vti6_tnl_xmit,
865 .ndo_do_ioctl = vti6_ioctl,
866 .ndo_get_stats64 = ip_tunnel_get_stats64,
867 .ndo_get_iflink = ip6_tnl_get_iflink,
868};
869
870
871
872
873
874
875
876
877static void vti6_dev_setup(struct net_device *dev)
878{
879 dev->netdev_ops = &vti6_netdev_ops;
880 dev->needs_free_netdev = true;
881 dev->priv_destructor = vti6_dev_free;
882
883 dev->type = ARPHRD_TUNNEL6;
884 dev->min_mtu = IPV4_MIN_MTU;
885 dev->max_mtu = IP_MAX_MTU - sizeof(struct ipv6hdr);
886 dev->flags |= IFF_NOARP;
887 dev->addr_len = sizeof(struct in6_addr);
888 netif_keep_dst(dev);
889
890 dev->addr_assign_type = NET_ADDR_RANDOM;
891 eth_random_addr(dev->perm_addr);
892}
893
894
895
896
897
898static inline int vti6_dev_init_gen(struct net_device *dev)
899{
900 struct ip6_tnl *t = netdev_priv(dev);
901
902 t->dev = dev;
903 t->net = dev_net(dev);
904 dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
905 if (!dev->tstats)
906 return -ENOMEM;
907 return 0;
908}
909
910
911
912
913
914static int vti6_dev_init(struct net_device *dev)
915{
916 struct ip6_tnl *t = netdev_priv(dev);
917 int err = vti6_dev_init_gen(dev);
918
919 if (err)
920 return err;
921 vti6_link_config(t, true);
922 return 0;
923}
924
925
926
927
928
929
930
931static int __net_init vti6_fb_tnl_dev_init(struct net_device *dev)
932{
933 struct ip6_tnl *t = netdev_priv(dev);
934 struct net *net = dev_net(dev);
935 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
936
937 t->parms.proto = IPPROTO_IPV6;
938 dev_hold(dev);
939
940 rcu_assign_pointer(ip6n->tnls_wc[0], t);
941 return 0;
942}
943
944static int vti6_validate(struct nlattr *tb[], struct nlattr *data[],
945 struct netlink_ext_ack *extack)
946{
947 return 0;
948}
949
950static void vti6_netlink_parms(struct nlattr *data[],
951 struct __ip6_tnl_parm *parms)
952{
953 memset(parms, 0, sizeof(*parms));
954
955 if (!data)
956 return;
957
958 if (data[IFLA_VTI_LINK])
959 parms->link = nla_get_u32(data[IFLA_VTI_LINK]);
960
961 if (data[IFLA_VTI_LOCAL])
962 parms->laddr = nla_get_in6_addr(data[IFLA_VTI_LOCAL]);
963
964 if (data[IFLA_VTI_REMOTE])
965 parms->raddr = nla_get_in6_addr(data[IFLA_VTI_REMOTE]);
966
967 if (data[IFLA_VTI_IKEY])
968 parms->i_key = nla_get_be32(data[IFLA_VTI_IKEY]);
969
970 if (data[IFLA_VTI_OKEY])
971 parms->o_key = nla_get_be32(data[IFLA_VTI_OKEY]);
972
973 if (data[IFLA_VTI_FWMARK])
974 parms->fwmark = nla_get_u32(data[IFLA_VTI_FWMARK]);
975}
976
977static int vti6_newlink(struct net *src_net, struct net_device *dev,
978 struct nlattr *tb[], struct nlattr *data[],
979 struct netlink_ext_ack *extack)
980{
981 struct net *net = dev_net(dev);
982 struct ip6_tnl *nt;
983
984 nt = netdev_priv(dev);
985 vti6_netlink_parms(data, &nt->parms);
986
987 nt->parms.proto = IPPROTO_IPV6;
988
989 if (vti6_locate(net, &nt->parms, 0))
990 return -EEXIST;
991
992 return vti6_tnl_create2(dev);
993}
994
995static void vti6_dellink(struct net_device *dev, struct list_head *head)
996{
997 struct net *net = dev_net(dev);
998 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
999
1000 if (dev != ip6n->fb_tnl_dev)
1001 unregister_netdevice_queue(dev, head);
1002}
1003
1004static int vti6_changelink(struct net_device *dev, struct nlattr *tb[],
1005 struct nlattr *data[],
1006 struct netlink_ext_ack *extack)
1007{
1008 struct ip6_tnl *t;
1009 struct __ip6_tnl_parm p;
1010 struct net *net = dev_net(dev);
1011 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
1012
1013 if (dev == ip6n->fb_tnl_dev)
1014 return -EINVAL;
1015
1016 vti6_netlink_parms(data, &p);
1017
1018 t = vti6_locate(net, &p, 0);
1019
1020 if (t) {
1021 if (t->dev != dev)
1022 return -EEXIST;
1023 } else
1024 t = netdev_priv(dev);
1025
1026 return vti6_update(t, &p, tb && tb[IFLA_MTU]);
1027}
1028
1029static size_t vti6_get_size(const struct net_device *dev)
1030{
1031 return
1032
1033 nla_total_size(4) +
1034
1035 nla_total_size(sizeof(struct in6_addr)) +
1036
1037 nla_total_size(sizeof(struct in6_addr)) +
1038
1039 nla_total_size(4) +
1040
1041 nla_total_size(4) +
1042
1043 nla_total_size(4) +
1044 0;
1045}
1046
1047static int vti6_fill_info(struct sk_buff *skb, const struct net_device *dev)
1048{
1049 struct ip6_tnl *tunnel = netdev_priv(dev);
1050 struct __ip6_tnl_parm *parm = &tunnel->parms;
1051
1052 if (nla_put_u32(skb, IFLA_VTI_LINK, parm->link) ||
1053 nla_put_in6_addr(skb, IFLA_VTI_LOCAL, &parm->laddr) ||
1054 nla_put_in6_addr(skb, IFLA_VTI_REMOTE, &parm->raddr) ||
1055 nla_put_be32(skb, IFLA_VTI_IKEY, parm->i_key) ||
1056 nla_put_be32(skb, IFLA_VTI_OKEY, parm->o_key) ||
1057 nla_put_u32(skb, IFLA_VTI_FWMARK, parm->fwmark))
1058 goto nla_put_failure;
1059 return 0;
1060
1061nla_put_failure:
1062 return -EMSGSIZE;
1063}
1064
1065static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = {
1066 [IFLA_VTI_LINK] = { .type = NLA_U32 },
1067 [IFLA_VTI_LOCAL] = { .len = sizeof(struct in6_addr) },
1068 [IFLA_VTI_REMOTE] = { .len = sizeof(struct in6_addr) },
1069 [IFLA_VTI_IKEY] = { .type = NLA_U32 },
1070 [IFLA_VTI_OKEY] = { .type = NLA_U32 },
1071 [IFLA_VTI_FWMARK] = { .type = NLA_U32 },
1072};
1073
1074static struct rtnl_link_ops vti6_link_ops __read_mostly = {
1075 .kind = "vti6",
1076 .maxtype = IFLA_VTI_MAX,
1077 .policy = vti6_policy,
1078 .priv_size = sizeof(struct ip6_tnl),
1079 .setup = vti6_dev_setup,
1080 .validate = vti6_validate,
1081 .newlink = vti6_newlink,
1082 .dellink = vti6_dellink,
1083 .changelink = vti6_changelink,
1084 .get_size = vti6_get_size,
1085 .fill_info = vti6_fill_info,
1086 .get_link_net = ip6_tnl_get_link_net,
1087};
1088
1089static void __net_exit vti6_destroy_tunnels(struct vti6_net *ip6n,
1090 struct list_head *list)
1091{
1092 int h;
1093 struct ip6_tnl *t;
1094
1095 for (h = 0; h < IP6_VTI_HASH_SIZE; h++) {
1096 t = rtnl_dereference(ip6n->tnls_r_l[h]);
1097 while (t) {
1098 unregister_netdevice_queue(t->dev, list);
1099 t = rtnl_dereference(t->next);
1100 }
1101 }
1102
1103 t = rtnl_dereference(ip6n->tnls_wc[0]);
1104 unregister_netdevice_queue(t->dev, list);
1105}
1106
1107static int __net_init vti6_init_net(struct net *net)
1108{
1109 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
1110 struct ip6_tnl *t = NULL;
1111 int err;
1112
1113 ip6n->tnls[0] = ip6n->tnls_wc;
1114 ip6n->tnls[1] = ip6n->tnls_r_l;
1115
1116 err = -ENOMEM;
1117 ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6_vti0",
1118 NET_NAME_UNKNOWN, vti6_dev_setup);
1119
1120 if (!ip6n->fb_tnl_dev)
1121 goto err_alloc_dev;
1122 dev_net_set(ip6n->fb_tnl_dev, net);
1123 ip6n->fb_tnl_dev->rtnl_link_ops = &vti6_link_ops;
1124
1125 err = vti6_fb_tnl_dev_init(ip6n->fb_tnl_dev);
1126 if (err < 0)
1127 goto err_register;
1128
1129 err = register_netdev(ip6n->fb_tnl_dev);
1130 if (err < 0)
1131 goto err_register;
1132
1133 t = netdev_priv(ip6n->fb_tnl_dev);
1134
1135 strcpy(t->parms.name, ip6n->fb_tnl_dev->name);
1136 return 0;
1137
1138err_register:
1139 free_netdev(ip6n->fb_tnl_dev);
1140err_alloc_dev:
1141 return err;
1142}
1143
1144static void __net_exit vti6_exit_batch_net(struct list_head *net_list)
1145{
1146 struct vti6_net *ip6n;
1147 struct net *net;
1148 LIST_HEAD(list);
1149
1150 rtnl_lock();
1151 list_for_each_entry(net, net_list, exit_list) {
1152 ip6n = net_generic(net, vti6_net_id);
1153 vti6_destroy_tunnels(ip6n, &list);
1154 }
1155 unregister_netdevice_many(&list);
1156 rtnl_unlock();
1157}
1158
1159static struct pernet_operations vti6_net_ops = {
1160 .init = vti6_init_net,
1161 .exit_batch = vti6_exit_batch_net,
1162 .id = &vti6_net_id,
1163 .size = sizeof(struct vti6_net),
1164};
1165
1166static struct xfrm6_protocol vti_esp6_protocol __read_mostly = {
1167 .handler = vti6_rcv,
1168 .cb_handler = vti6_rcv_cb,
1169 .err_handler = vti6_err,
1170 .priority = 100,
1171};
1172
1173static struct xfrm6_protocol vti_ah6_protocol __read_mostly = {
1174 .handler = vti6_rcv,
1175 .cb_handler = vti6_rcv_cb,
1176 .err_handler = vti6_err,
1177 .priority = 100,
1178};
1179
1180static struct xfrm6_protocol vti_ipcomp6_protocol __read_mostly = {
1181 .handler = vti6_rcv,
1182 .cb_handler = vti6_rcv_cb,
1183 .err_handler = vti6_err,
1184 .priority = 100,
1185};
1186
1187
1188
1189
1190
1191
1192static int __init vti6_tunnel_init(void)
1193{
1194 const char *msg;
1195 int err;
1196
1197 msg = "tunnel device";
1198 err = register_pernet_device(&vti6_net_ops);
1199 if (err < 0)
1200 goto pernet_dev_failed;
1201
1202 msg = "tunnel protocols";
1203 err = xfrm6_protocol_register(&vti_esp6_protocol, IPPROTO_ESP);
1204 if (err < 0)
1205 goto xfrm_proto_esp_failed;
1206 err = xfrm6_protocol_register(&vti_ah6_protocol, IPPROTO_AH);
1207 if (err < 0)
1208 goto xfrm_proto_ah_failed;
1209 err = xfrm6_protocol_register(&vti_ipcomp6_protocol, IPPROTO_COMP);
1210 if (err < 0)
1211 goto xfrm_proto_comp_failed;
1212
1213 msg = "netlink interface";
1214 err = rtnl_link_register(&vti6_link_ops);
1215 if (err < 0)
1216 goto rtnl_link_failed;
1217
1218 return 0;
1219
1220rtnl_link_failed:
1221 xfrm6_protocol_deregister(&vti_ipcomp6_protocol, IPPROTO_COMP);
1222xfrm_proto_comp_failed:
1223 xfrm6_protocol_deregister(&vti_ah6_protocol, IPPROTO_AH);
1224xfrm_proto_ah_failed:
1225 xfrm6_protocol_deregister(&vti_esp6_protocol, IPPROTO_ESP);
1226xfrm_proto_esp_failed:
1227 unregister_pernet_device(&vti6_net_ops);
1228pernet_dev_failed:
1229 pr_err("vti6 init: failed to register %s\n", msg);
1230 return err;
1231}
1232
1233
1234
1235
1236static void __exit vti6_tunnel_cleanup(void)
1237{
1238 rtnl_link_unregister(&vti6_link_ops);
1239 xfrm6_protocol_deregister(&vti_ipcomp6_protocol, IPPROTO_COMP);
1240 xfrm6_protocol_deregister(&vti_ah6_protocol, IPPROTO_AH);
1241 xfrm6_protocol_deregister(&vti_esp6_protocol, IPPROTO_ESP);
1242 unregister_pernet_device(&vti6_net_ops);
1243}
1244
1245module_init(vti6_tunnel_init);
1246module_exit(vti6_tunnel_cleanup);
1247MODULE_LICENSE("GPL");
1248MODULE_ALIAS_RTNL_LINK("vti6");
1249MODULE_ALIAS_NETDEV("ip6_vti0");
1250MODULE_AUTHOR("Steffen Klassert");
1251MODULE_DESCRIPTION("IPv6 virtual tunnel interface");
1252
