1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18#include <linux/module.h>
19#include <linux/capability.h>
20#include <linux/errno.h>
21#include <linux/types.h>
22#include <linux/sockios.h>
23#include <linux/icmp.h>
24#include <linux/if.h>
25#include <linux/in.h>
26#include <linux/ip.h>
27#include <linux/net.h>
28#include <linux/in6.h>
29#include <linux/netdevice.h>
30#include <linux/if_arp.h>
31#include <linux/icmpv6.h>
32#include <linux/init.h>
33#include <linux/route.h>
34#include <linux/rtnetlink.h>
35#include <linux/netfilter_ipv6.h>
36#include <linux/slab.h>
37#include <linux/hash.h>
38
39#include <linux/uaccess.h>
40#include <linux/atomic.h>
41
42#include <net/icmp.h>
43#include <net/ip.h>
44#include <net/ip_tunnels.h>
45#include <net/ipv6.h>
46#include <net/ip6_route.h>
47#include <net/addrconf.h>
48#include <net/ip6_tunnel.h>
49#include <net/xfrm.h>
50#include <net/net_namespace.h>
51#include <net/netns/generic.h>
52
53#define HASH_SIZE_SHIFT 5
54#define HASH_SIZE (1 << HASH_SIZE_SHIFT)
55
56static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
57{
58 u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2);
59
60 return hash_32(hash, HASH_SIZE_SHIFT);
61}
62
63static int vti6_dev_init(struct net_device *dev);
64static void vti6_dev_setup(struct net_device *dev);
65static struct rtnl_link_ops vti6_link_ops __read_mostly;
66
67static int vti6_net_id __read_mostly;
68struct vti6_net {
69
70 struct net_device *fb_tnl_dev;
71
72 struct ip6_tnl __rcu *tnls_r_l[HASH_SIZE];
73 struct ip6_tnl __rcu *tnls_wc[1];
74 struct ip6_tnl __rcu **tnls[2];
75};
76
77#define for_each_vti6_tunnel_rcu(start) \
78 for (t = rcu_dereference(start); t; t = rcu_dereference(t->next))
79
80
81
82
83
84
85
86
87
88
89
90
91static struct ip6_tnl *
92vti6_tnl_lookup(struct net *net, const struct in6_addr *remote,
93 const struct in6_addr *local)
94{
95 unsigned int hash = HASH(remote, local);
96 struct ip6_tnl *t;
97 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
98 struct in6_addr any;
99
100 for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
101 if (ipv6_addr_equal(local, &t->parms.laddr) &&
102 ipv6_addr_equal(remote, &t->parms.raddr) &&
103 (t->dev->flags & IFF_UP))
104 return t;
105 }
106
107 memset(&any, 0, sizeof(any));
108 hash = HASH(&any, local);
109 for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
110 if (ipv6_addr_equal(local, &t->parms.laddr) &&
111 (t->dev->flags & IFF_UP))
112 return t;
113 }
114
115 hash = HASH(remote, &any);
116 for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
117 if (ipv6_addr_equal(remote, &t->parms.raddr) &&
118 (t->dev->flags & IFF_UP))
119 return t;
120 }
121
122 t = rcu_dereference(ip6n->tnls_wc[0]);
123 if (t && (t->dev->flags & IFF_UP))
124 return t;
125
126 return NULL;
127}
128
129
130
131
132
133
134
135
136
137
138
139static struct ip6_tnl __rcu **
140vti6_tnl_bucket(struct vti6_net *ip6n, const struct __ip6_tnl_parm *p)
141{
142 const struct in6_addr *remote = &p->raddr;
143 const struct in6_addr *local = &p->laddr;
144 unsigned int h = 0;
145 int prio = 0;
146
147 if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) {
148 prio = 1;
149 h = HASH(remote, local);
150 }
151 return &ip6n->tnls[prio][h];
152}
153
154static void
155vti6_tnl_link(struct vti6_net *ip6n, struct ip6_tnl *t)
156{
157 struct ip6_tnl __rcu **tp = vti6_tnl_bucket(ip6n, &t->parms);
158
159 rcu_assign_pointer(t->next , rtnl_dereference(*tp));
160 rcu_assign_pointer(*tp, t);
161}
162
163static void
164vti6_tnl_unlink(struct vti6_net *ip6n, struct ip6_tnl *t)
165{
166 struct ip6_tnl __rcu **tp;
167 struct ip6_tnl *iter;
168
169 for (tp = vti6_tnl_bucket(ip6n, &t->parms);
170 (iter = rtnl_dereference(*tp)) != NULL;
171 tp = &iter->next) {
172 if (t == iter) {
173 rcu_assign_pointer(*tp, t->next);
174 break;
175 }
176 }
177}
178
179static void vti6_dev_free(struct net_device *dev)
180{
181 free_percpu(dev->tstats);
182 free_netdev(dev);
183}
184
185static int vti6_tnl_create2(struct net_device *dev)
186{
187 struct ip6_tnl *t = netdev_priv(dev);
188 struct net *net = dev_net(dev);
189 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
190 int err;
191
192 err = register_netdevice(dev);
193 if (err < 0)
194 goto out;
195
196 strcpy(t->parms.name, dev->name);
197 dev->rtnl_link_ops = &vti6_link_ops;
198
199 dev_hold(dev);
200 vti6_tnl_link(ip6n, t);
201
202 return 0;
203
204out:
205 return err;
206}
207
208static struct ip6_tnl *vti6_tnl_create(struct net *net, struct __ip6_tnl_parm *p)
209{
210 struct net_device *dev;
211 struct ip6_tnl *t;
212 char name[IFNAMSIZ];
213 int err;
214
215 if (p->name[0])
216 strlcpy(name, p->name, IFNAMSIZ);
217 else
218 sprintf(name, "ip6_vti%%d");
219
220 dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, vti6_dev_setup);
221 if (!dev)
222 goto failed;
223
224 dev_net_set(dev, net);
225
226 t = netdev_priv(dev);
227 t->parms = *p;
228 t->net = dev_net(dev);
229
230 err = vti6_tnl_create2(dev);
231 if (err < 0)
232 goto failed_free;
233
234 return t;
235
236failed_free:
237 vti6_dev_free(dev);
238failed:
239 return NULL;
240}
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256static struct ip6_tnl *vti6_locate(struct net *net, struct __ip6_tnl_parm *p,
257 int create)
258{
259 const struct in6_addr *remote = &p->raddr;
260 const struct in6_addr *local = &p->laddr;
261 struct ip6_tnl __rcu **tp;
262 struct ip6_tnl *t;
263 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
264
265 for (tp = vti6_tnl_bucket(ip6n, p);
266 (t = rtnl_dereference(*tp)) != NULL;
267 tp = &t->next) {
268 if (ipv6_addr_equal(local, &t->parms.laddr) &&
269 ipv6_addr_equal(remote, &t->parms.raddr)) {
270 if (create)
271 return NULL;
272
273 return t;
274 }
275 }
276 if (!create)
277 return NULL;
278 return vti6_tnl_create(net, p);
279}
280
281
282
283
284
285
286
287
288static void vti6_dev_uninit(struct net_device *dev)
289{
290 struct ip6_tnl *t = netdev_priv(dev);
291 struct vti6_net *ip6n = net_generic(t->net, vti6_net_id);
292
293 if (dev == ip6n->fb_tnl_dev)
294 RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL);
295 else
296 vti6_tnl_unlink(ip6n, t);
297 dev_put(dev);
298}
299
300static int vti6_rcv(struct sk_buff *skb)
301{
302 struct ip6_tnl *t;
303 const struct ipv6hdr *ipv6h = ipv6_hdr(skb);
304
305 rcu_read_lock();
306 t = vti6_tnl_lookup(dev_net(skb->dev), &ipv6h->saddr, &ipv6h->daddr);
307 if (t) {
308 if (t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) {
309 rcu_read_unlock();
310 goto discard;
311 }
312
313 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
314 rcu_read_unlock();
315 return 0;
316 }
317
318 if (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr)) {
319 t->dev->stats.rx_dropped++;
320 rcu_read_unlock();
321 goto discard;
322 }
323
324 XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = t;
325
326 rcu_read_unlock();
327
328 return xfrm6_rcv(skb);
329 }
330 rcu_read_unlock();
331 return -EINVAL;
332discard:
333 kfree_skb(skb);
334 return 0;
335}
336
337static int vti6_rcv_cb(struct sk_buff *skb, int err)
338{
339 unsigned short family;
340 struct net_device *dev;
341 struct pcpu_sw_netstats *tstats;
342 struct xfrm_state *x;
343 struct ip6_tnl *t = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6;
344 u32 orig_mark = skb->mark;
345 int ret;
346
347 if (!t)
348 return 1;
349
350 dev = t->dev;
351
352 if (err) {
353 dev->stats.rx_errors++;
354 dev->stats.rx_dropped++;
355
356 return 0;
357 }
358
359 x = xfrm_input_state(skb);
360 family = x->inner_mode->afinfo->family;
361
362 skb->mark = be32_to_cpu(t->parms.i_key);
363 ret = xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family);
364 skb->mark = orig_mark;
365
366 if (!ret)
367 return -EPERM;
368
369 skb_scrub_packet(skb, !net_eq(t->net, dev_net(skb->dev)));
370 skb->dev = dev;
371
372 tstats = this_cpu_ptr(dev->tstats);
373 u64_stats_update_begin(&tstats->syncp);
374 tstats->rx_packets++;
375 tstats->rx_bytes += skb->len;
376 u64_stats_update_end(&tstats->syncp);
377
378 return 0;
379}
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394static inline bool
395vti6_addr_conflict(const struct ip6_tnl *t, const struct ipv6hdr *hdr)
396{
397 return ipv6_addr_equal(&t->parms.raddr, &hdr->saddr);
398}
399
400static bool vti6_state_check(const struct xfrm_state *x,
401 const struct in6_addr *dst,
402 const struct in6_addr *src)
403{
404 xfrm_address_t *daddr = (xfrm_address_t *)dst;
405 xfrm_address_t *saddr = (xfrm_address_t *)src;
406
407
408
409
410 if (!x || x->props.mode != XFRM_MODE_TUNNEL ||
411 x->props.family != AF_INET6)
412 return false;
413
414 if (ipv6_addr_any(dst))
415 return xfrm_addr_equal(saddr, &x->props.saddr, AF_INET6);
416
417 if (!xfrm_state_addr_check(x, daddr, saddr, AF_INET6))
418 return false;
419
420 return true;
421}
422
423
424
425
426
427
428
429static int
430vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
431{
432 struct ip6_tnl *t = netdev_priv(dev);
433 struct net_device_stats *stats = &t->dev->stats;
434 struct dst_entry *dst = skb_dst(skb);
435 struct net_device *tdev;
436 struct xfrm_state *x;
437 int err = -1;
438 int mtu;
439
440 if (!dst)
441 goto tx_err_link_failure;
442
443 dst_hold(dst);
444 dst = xfrm_lookup(t->net, dst, fl, NULL, 0);
445 if (IS_ERR(dst)) {
446 err = PTR_ERR(dst);
447 dst = NULL;
448 goto tx_err_link_failure;
449 }
450
451 x = dst->xfrm;
452 if (!vti6_state_check(x, &t->parms.raddr, &t->parms.laddr))
453 goto tx_err_link_failure;
454
455 if (!ip6_tnl_xmit_ctl(t, (const struct in6_addr *)&x->props.saddr,
456 (const struct in6_addr *)&x->id.daddr))
457 goto tx_err_link_failure;
458
459 tdev = dst->dev;
460
461 if (tdev == dev) {
462 stats->collisions++;
463 net_warn_ratelimited("%s: Local routing loop detected!\n",
464 t->parms.name);
465 goto tx_err_dst_release;
466 }
467
468 skb_scrub_packet(skb, !net_eq(t->net, dev_net(dev)));
469 skb_dst_set(skb, dst);
470 skb->dev = skb_dst(skb)->dev;
471
472 mtu = dst_mtu(dst);
473 if (!skb->ignore_df && skb->len > mtu) {
474 skb_dst(skb)->ops->update_pmtu(dst, NULL, skb, mtu);
475
476 if (skb->protocol == htons(ETH_P_IPV6))
477 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
478 else
479 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
480 htonl(mtu));
481
482 return -EMSGSIZE;
483 }
484
485 err = dst_output(skb);
486 if (net_xmit_eval(err) == 0) {
487 struct pcpu_sw_netstats *tstats = this_cpu_ptr(dev->tstats);
488
489 u64_stats_update_begin(&tstats->syncp);
490 tstats->tx_bytes += skb->len;
491 tstats->tx_packets++;
492 u64_stats_update_end(&tstats->syncp);
493 } else {
494 stats->tx_errors++;
495 stats->tx_aborted_errors++;
496 }
497
498 return 0;
499tx_err_link_failure:
500 stats->tx_carrier_errors++;
501 dst_link_failure(skb);
502tx_err_dst_release:
503 dst_release(dst);
504 return err;
505}
506
507static netdev_tx_t
508vti6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
509{
510 struct ip6_tnl *t = netdev_priv(dev);
511 struct net_device_stats *stats = &t->dev->stats;
512 struct ipv6hdr *ipv6h;
513 struct flowi fl;
514 int ret;
515
516 memset(&fl, 0, sizeof(fl));
517
518 switch (skb->protocol) {
519 case htons(ETH_P_IPV6):
520 ipv6h = ipv6_hdr(skb);
521
522 if ((t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) ||
523 vti6_addr_conflict(t, ipv6h))
524 goto tx_err;
525
526 xfrm_decode_session(skb, &fl, AF_INET6);
527 memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
528 break;
529 case htons(ETH_P_IP):
530 xfrm_decode_session(skb, &fl, AF_INET);
531 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
532 break;
533 default:
534 goto tx_err;
535 }
536
537
538 fl.flowi_mark = be32_to_cpu(t->parms.o_key);
539
540 ret = vti6_xmit(skb, dev, &fl);
541 if (ret < 0)
542 goto tx_err;
543
544 return NETDEV_TX_OK;
545
546tx_err:
547 stats->tx_errors++;
548 stats->tx_dropped++;
549 kfree_skb(skb);
550 return NETDEV_TX_OK;
551}
552
553static int vti6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
554 u8 type, u8 code, int offset, __be32 info)
555{
556 __be32 spi;
557 __u32 mark;
558 struct xfrm_state *x;
559 struct ip6_tnl *t;
560 struct ip_esp_hdr *esph;
561 struct ip_auth_hdr *ah;
562 struct ip_comp_hdr *ipch;
563 struct net *net = dev_net(skb->dev);
564 const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
565 int protocol = iph->nexthdr;
566
567 t = vti6_tnl_lookup(dev_net(skb->dev), &iph->daddr, &iph->saddr);
568 if (!t)
569 return -1;
570
571 mark = be32_to_cpu(t->parms.o_key);
572
573 switch (protocol) {
574 case IPPROTO_ESP:
575 esph = (struct ip_esp_hdr *)(skb->data + offset);
576 spi = esph->spi;
577 break;
578 case IPPROTO_AH:
579 ah = (struct ip_auth_hdr *)(skb->data + offset);
580 spi = ah->spi;
581 break;
582 case IPPROTO_COMP:
583 ipch = (struct ip_comp_hdr *)(skb->data + offset);
584 spi = htonl(ntohs(ipch->cpi));
585 break;
586 default:
587 return 0;
588 }
589
590 if (type != ICMPV6_PKT_TOOBIG &&
591 type != NDISC_REDIRECT)
592 return 0;
593
594 x = xfrm_state_lookup(net, mark, (const xfrm_address_t *)&iph->daddr,
595 spi, protocol, AF_INET6);
596 if (!x)
597 return 0;
598
599 if (type == NDISC_REDIRECT)
600 ip6_redirect(skb, net, skb->dev->ifindex, 0);
601 else
602 ip6_update_pmtu(skb, net, info, 0, 0);
603 xfrm_state_put(x);
604
605 return 0;
606}
607
608static void vti6_link_config(struct ip6_tnl *t)
609{
610 struct net_device *dev = t->dev;
611 struct __ip6_tnl_parm *p = &t->parms;
612
613 memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr));
614 memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr));
615
616 p->flags &= ~(IP6_TNL_F_CAP_XMIT | IP6_TNL_F_CAP_RCV |
617 IP6_TNL_F_CAP_PER_PACKET);
618 p->flags |= ip6_tnl_get_cap(t, &p->laddr, &p->raddr);
619
620 if (p->flags & IP6_TNL_F_CAP_XMIT && p->flags & IP6_TNL_F_CAP_RCV)
621 dev->flags |= IFF_POINTOPOINT;
622 else
623 dev->flags &= ~IFF_POINTOPOINT;
624}
625
626
627
628
629
630
631
632
633
634static int
635vti6_tnl_change(struct ip6_tnl *t, const struct __ip6_tnl_parm *p)
636{
637 t->parms.laddr = p->laddr;
638 t->parms.raddr = p->raddr;
639 t->parms.link = p->link;
640 t->parms.i_key = p->i_key;
641 t->parms.o_key = p->o_key;
642 t->parms.proto = p->proto;
643 ip6_tnl_dst_reset(t);
644 vti6_link_config(t);
645 return 0;
646}
647
648static int vti6_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p)
649{
650 struct net *net = dev_net(t->dev);
651 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
652 int err;
653
654 vti6_tnl_unlink(ip6n, t);
655 synchronize_net();
656 err = vti6_tnl_change(t, p);
657 vti6_tnl_link(ip6n, t);
658 netdev_state_change(t->dev);
659 return err;
660}
661
662static void
663vti6_parm_from_user(struct __ip6_tnl_parm *p, const struct ip6_tnl_parm2 *u)
664{
665 p->laddr = u->laddr;
666 p->raddr = u->raddr;
667 p->link = u->link;
668 p->i_key = u->i_key;
669 p->o_key = u->o_key;
670 p->proto = u->proto;
671
672 memcpy(p->name, u->name, sizeof(u->name));
673}
674
675static void
676vti6_parm_to_user(struct ip6_tnl_parm2 *u, const struct __ip6_tnl_parm *p)
677{
678 u->laddr = p->laddr;
679 u->raddr = p->raddr;
680 u->link = p->link;
681 u->i_key = p->i_key;
682 u->o_key = p->o_key;
683 u->proto = p->proto;
684
685 memcpy(u->name, p->name, sizeof(u->name));
686}
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715static int
716vti6_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
717{
718 int err = 0;
719 struct ip6_tnl_parm2 p;
720 struct __ip6_tnl_parm p1;
721 struct ip6_tnl *t = NULL;
722 struct net *net = dev_net(dev);
723 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
724
725 switch (cmd) {
726 case SIOCGETTUNNEL:
727 if (dev == ip6n->fb_tnl_dev) {
728 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
729 err = -EFAULT;
730 break;
731 }
732 vti6_parm_from_user(&p1, &p);
733 t = vti6_locate(net, &p1, 0);
734 } else {
735 memset(&p, 0, sizeof(p));
736 }
737 if (!t)
738 t = netdev_priv(dev);
739 vti6_parm_to_user(&p, &t->parms);
740 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
741 err = -EFAULT;
742 break;
743 case SIOCADDTUNNEL:
744 case SIOCCHGTUNNEL:
745 err = -EPERM;
746 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
747 break;
748 err = -EFAULT;
749 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
750 break;
751 err = -EINVAL;
752 if (p.proto != IPPROTO_IPV6 && p.proto != 0)
753 break;
754 vti6_parm_from_user(&p1, &p);
755 t = vti6_locate(net, &p1, cmd == SIOCADDTUNNEL);
756 if (dev != ip6n->fb_tnl_dev && cmd == SIOCCHGTUNNEL) {
757 if (t) {
758 if (t->dev != dev) {
759 err = -EEXIST;
760 break;
761 }
762 } else
763 t = netdev_priv(dev);
764
765 err = vti6_update(t, &p1);
766 }
767 if (t) {
768 err = 0;
769 vti6_parm_to_user(&p, &t->parms);
770 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
771 err = -EFAULT;
772
773 } else
774 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
775 break;
776 case SIOCDELTUNNEL:
777 err = -EPERM;
778 if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
779 break;
780
781 if (dev == ip6n->fb_tnl_dev) {
782 err = -EFAULT;
783 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
784 break;
785 err = -ENOENT;
786 vti6_parm_from_user(&p1, &p);
787 t = vti6_locate(net, &p1, 0);
788 if (!t)
789 break;
790 err = -EPERM;
791 if (t->dev == ip6n->fb_tnl_dev)
792 break;
793 dev = t->dev;
794 }
795 err = 0;
796 unregister_netdevice(dev);
797 break;
798 default:
799 err = -EINVAL;
800 }
801 return err;
802}
803
804
805
806
807
808
809
810
811
812
813static int vti6_change_mtu(struct net_device *dev, int new_mtu)
814{
815 if (new_mtu < IPV6_MIN_MTU)
816 return -EINVAL;
817
818 dev->mtu = new_mtu;
819 return 0;
820}
821
822static const struct net_device_ops vti6_netdev_ops = {
823 .ndo_init = vti6_dev_init,
824 .ndo_uninit = vti6_dev_uninit,
825 .ndo_start_xmit = vti6_tnl_xmit,
826 .ndo_do_ioctl = vti6_ioctl,
827 .ndo_change_mtu = vti6_change_mtu,
828 .ndo_get_stats64 = ip_tunnel_get_stats64,
829 .ndo_get_iflink = ip6_tnl_get_iflink,
830};
831
832
833
834
835
836
837
838
839static void vti6_dev_setup(struct net_device *dev)
840{
841 dev->netdev_ops = &vti6_netdev_ops;
842 dev->destructor = vti6_dev_free;
843
844 dev->type = ARPHRD_TUNNEL6;
845 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct ipv6hdr);
846 dev->mtu = ETH_DATA_LEN;
847 dev->flags |= IFF_NOARP;
848 dev->addr_len = sizeof(struct in6_addr);
849 netif_keep_dst(dev);
850}
851
852
853
854
855
856static inline int vti6_dev_init_gen(struct net_device *dev)
857{
858 struct ip6_tnl *t = netdev_priv(dev);
859
860 t->dev = dev;
861 t->net = dev_net(dev);
862 dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
863 if (!dev->tstats)
864 return -ENOMEM;
865 return 0;
866}
867
868
869
870
871
872static int vti6_dev_init(struct net_device *dev)
873{
874 struct ip6_tnl *t = netdev_priv(dev);
875 int err = vti6_dev_init_gen(dev);
876
877 if (err)
878 return err;
879 vti6_link_config(t);
880 return 0;
881}
882
883
884
885
886
887
888
889static int __net_init vti6_fb_tnl_dev_init(struct net_device *dev)
890{
891 struct ip6_tnl *t = netdev_priv(dev);
892 struct net *net = dev_net(dev);
893 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
894
895 t->parms.proto = IPPROTO_IPV6;
896 dev_hold(dev);
897
898 rcu_assign_pointer(ip6n->tnls_wc[0], t);
899 return 0;
900}
901
902static int vti6_validate(struct nlattr *tb[], struct nlattr *data[])
903{
904 return 0;
905}
906
907static void vti6_netlink_parms(struct nlattr *data[],
908 struct __ip6_tnl_parm *parms)
909{
910 memset(parms, 0, sizeof(*parms));
911
912 if (!data)
913 return;
914
915 if (data[IFLA_VTI_LINK])
916 parms->link = nla_get_u32(data[IFLA_VTI_LINK]);
917
918 if (data[IFLA_VTI_LOCAL])
919 parms->laddr = nla_get_in6_addr(data[IFLA_VTI_LOCAL]);
920
921 if (data[IFLA_VTI_REMOTE])
922 parms->raddr = nla_get_in6_addr(data[IFLA_VTI_REMOTE]);
923
924 if (data[IFLA_VTI_IKEY])
925 parms->i_key = nla_get_be32(data[IFLA_VTI_IKEY]);
926
927 if (data[IFLA_VTI_OKEY])
928 parms->o_key = nla_get_be32(data[IFLA_VTI_OKEY]);
929}
930
931static int vti6_newlink(struct net *src_net, struct net_device *dev,
932 struct nlattr *tb[], struct nlattr *data[])
933{
934 struct net *net = dev_net(dev);
935 struct ip6_tnl *nt;
936
937 nt = netdev_priv(dev);
938 vti6_netlink_parms(data, &nt->parms);
939
940 nt->parms.proto = IPPROTO_IPV6;
941
942 if (vti6_locate(net, &nt->parms, 0))
943 return -EEXIST;
944
945 return vti6_tnl_create2(dev);
946}
947
948static void vti6_dellink(struct net_device *dev, struct list_head *head)
949{
950 struct net *net = dev_net(dev);
951 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
952
953 if (dev != ip6n->fb_tnl_dev)
954 unregister_netdevice_queue(dev, head);
955}
956
957static int vti6_changelink(struct net_device *dev, struct nlattr *tb[],
958 struct nlattr *data[])
959{
960 struct ip6_tnl *t;
961 struct __ip6_tnl_parm p;
962 struct net *net = dev_net(dev);
963 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
964
965 if (dev == ip6n->fb_tnl_dev)
966 return -EINVAL;
967
968 vti6_netlink_parms(data, &p);
969
970 t = vti6_locate(net, &p, 0);
971
972 if (t) {
973 if (t->dev != dev)
974 return -EEXIST;
975 } else
976 t = netdev_priv(dev);
977
978 return vti6_update(t, &p);
979}
980
981static size_t vti6_get_size(const struct net_device *dev)
982{
983 return
984
985 nla_total_size(4) +
986
987 nla_total_size(sizeof(struct in6_addr)) +
988
989 nla_total_size(sizeof(struct in6_addr)) +
990
991 nla_total_size(4) +
992
993 nla_total_size(4) +
994 0;
995}
996
997static int vti6_fill_info(struct sk_buff *skb, const struct net_device *dev)
998{
999 struct ip6_tnl *tunnel = netdev_priv(dev);
1000 struct __ip6_tnl_parm *parm = &tunnel->parms;
1001
1002 if (nla_put_u32(skb, IFLA_VTI_LINK, parm->link) ||
1003 nla_put_in6_addr(skb, IFLA_VTI_LOCAL, &parm->laddr) ||
1004 nla_put_in6_addr(skb, IFLA_VTI_REMOTE, &parm->raddr) ||
1005 nla_put_be32(skb, IFLA_VTI_IKEY, parm->i_key) ||
1006 nla_put_be32(skb, IFLA_VTI_OKEY, parm->o_key))
1007 goto nla_put_failure;
1008 return 0;
1009
1010nla_put_failure:
1011 return -EMSGSIZE;
1012}
1013
1014static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = {
1015 [IFLA_VTI_LINK] = { .type = NLA_U32 },
1016 [IFLA_VTI_LOCAL] = { .len = sizeof(struct in6_addr) },
1017 [IFLA_VTI_REMOTE] = { .len = sizeof(struct in6_addr) },
1018 [IFLA_VTI_IKEY] = { .type = NLA_U32 },
1019 [IFLA_VTI_OKEY] = { .type = NLA_U32 },
1020};
1021
1022static struct rtnl_link_ops vti6_link_ops __read_mostly = {
1023 .kind = "vti6",
1024 .maxtype = IFLA_VTI_MAX,
1025 .policy = vti6_policy,
1026 .priv_size = sizeof(struct ip6_tnl),
1027 .setup = vti6_dev_setup,
1028 .validate = vti6_validate,
1029 .newlink = vti6_newlink,
1030 .dellink = vti6_dellink,
1031 .changelink = vti6_changelink,
1032 .get_size = vti6_get_size,
1033 .fill_info = vti6_fill_info,
1034 .get_link_net = ip6_tnl_get_link_net,
1035};
1036
1037static void __net_exit vti6_destroy_tunnels(struct vti6_net *ip6n)
1038{
1039 int h;
1040 struct ip6_tnl *t;
1041 LIST_HEAD(list);
1042
1043 for (h = 0; h < HASH_SIZE; h++) {
1044 t = rtnl_dereference(ip6n->tnls_r_l[h]);
1045 while (t) {
1046 unregister_netdevice_queue(t->dev, &list);
1047 t = rtnl_dereference(t->next);
1048 }
1049 }
1050
1051 t = rtnl_dereference(ip6n->tnls_wc[0]);
1052 unregister_netdevice_queue(t->dev, &list);
1053 unregister_netdevice_many(&list);
1054}
1055
1056static int __net_init vti6_init_net(struct net *net)
1057{
1058 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
1059 struct ip6_tnl *t = NULL;
1060 int err;
1061
1062 ip6n->tnls[0] = ip6n->tnls_wc;
1063 ip6n->tnls[1] = ip6n->tnls_r_l;
1064
1065 err = -ENOMEM;
1066 ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6_vti0",
1067 NET_NAME_UNKNOWN, vti6_dev_setup);
1068
1069 if (!ip6n->fb_tnl_dev)
1070 goto err_alloc_dev;
1071 dev_net_set(ip6n->fb_tnl_dev, net);
1072 ip6n->fb_tnl_dev->rtnl_link_ops = &vti6_link_ops;
1073
1074 err = vti6_fb_tnl_dev_init(ip6n->fb_tnl_dev);
1075 if (err < 0)
1076 goto err_register;
1077
1078 err = register_netdev(ip6n->fb_tnl_dev);
1079 if (err < 0)
1080 goto err_register;
1081
1082 t = netdev_priv(ip6n->fb_tnl_dev);
1083
1084 strcpy(t->parms.name, ip6n->fb_tnl_dev->name);
1085 return 0;
1086
1087err_register:
1088 vti6_dev_free(ip6n->fb_tnl_dev);
1089err_alloc_dev:
1090 return err;
1091}
1092
1093static void __net_exit vti6_exit_net(struct net *net)
1094{
1095 struct vti6_net *ip6n = net_generic(net, vti6_net_id);
1096
1097 rtnl_lock();
1098 vti6_destroy_tunnels(ip6n);
1099 rtnl_unlock();
1100}
1101
1102static struct pernet_operations vti6_net_ops = {
1103 .init = vti6_init_net,
1104 .exit = vti6_exit_net,
1105 .id = &vti6_net_id,
1106 .size = sizeof(struct vti6_net),
1107};
1108
1109static struct xfrm6_protocol vti_esp6_protocol __read_mostly = {
1110 .handler = vti6_rcv,
1111 .cb_handler = vti6_rcv_cb,
1112 .err_handler = vti6_err,
1113 .priority = 100,
1114};
1115
1116static struct xfrm6_protocol vti_ah6_protocol __read_mostly = {
1117 .handler = vti6_rcv,
1118 .cb_handler = vti6_rcv_cb,
1119 .err_handler = vti6_err,
1120 .priority = 100,
1121};
1122
1123static struct xfrm6_protocol vti_ipcomp6_protocol __read_mostly = {
1124 .handler = vti6_rcv,
1125 .cb_handler = vti6_rcv_cb,
1126 .err_handler = vti6_err,
1127 .priority = 100,
1128};
1129
1130
1131
1132
1133
1134
1135static int __init vti6_tunnel_init(void)
1136{
1137 const char *msg;
1138 int err;
1139
1140 msg = "tunnel device";
1141 err = register_pernet_device(&vti6_net_ops);
1142 if (err < 0)
1143 goto pernet_dev_failed;
1144
1145 msg = "tunnel protocols";
1146 err = xfrm6_protocol_register(&vti_esp6_protocol, IPPROTO_ESP);
1147 if (err < 0)
1148 goto xfrm_proto_esp_failed;
1149 err = xfrm6_protocol_register(&vti_ah6_protocol, IPPROTO_AH);
1150 if (err < 0)
1151 goto xfrm_proto_ah_failed;
1152 err = xfrm6_protocol_register(&vti_ipcomp6_protocol, IPPROTO_COMP);
1153 if (err < 0)
1154 goto xfrm_proto_comp_failed;
1155
1156 msg = "netlink interface";
1157 err = rtnl_link_register(&vti6_link_ops);
1158 if (err < 0)
1159 goto rtnl_link_failed;
1160
1161 return 0;
1162
1163rtnl_link_failed:
1164 xfrm6_protocol_deregister(&vti_ipcomp6_protocol, IPPROTO_COMP);
1165xfrm_proto_comp_failed:
1166 xfrm6_protocol_deregister(&vti_ah6_protocol, IPPROTO_AH);
1167xfrm_proto_ah_failed:
1168 xfrm6_protocol_deregister(&vti_esp6_protocol, IPPROTO_ESP);
1169xfrm_proto_esp_failed:
1170 unregister_pernet_device(&vti6_net_ops);
1171pernet_dev_failed:
1172 pr_err("vti6 init: failed to register %s\n", msg);
1173 return err;
1174}
1175
1176
1177
1178
1179static void __exit vti6_tunnel_cleanup(void)
1180{
1181 rtnl_link_unregister(&vti6_link_ops);
1182 xfrm6_protocol_deregister(&vti_ipcomp6_protocol, IPPROTO_COMP);
1183 xfrm6_protocol_deregister(&vti_ah6_protocol, IPPROTO_AH);
1184 xfrm6_protocol_deregister(&vti_esp6_protocol, IPPROTO_ESP);
1185 unregister_pernet_device(&vti6_net_ops);
1186}
1187
1188module_init(vti6_tunnel_init);
1189module_exit(vti6_tunnel_cleanup);
1190MODULE_LICENSE("GPL");
1191MODULE_ALIAS_RTNL_LINK("vti6");
1192MODULE_ALIAS_NETDEV("ip6_vti0");
1193MODULE_AUTHOR("Steffen Klassert");
1194MODULE_DESCRIPTION("IPv6 virtual tunnel interface");
1195
