linux/net/ipv6/ip6_vti.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/*
   3 *      IPv6 virtual tunneling interface
   4 *
   5 *      Copyright (C) 2013 secunet Security Networks AG
   6 *
   7 *      Author:
   8 *      Steffen Klassert <steffen.klassert@secunet.com>
   9 *
  10 *      Based on:
  11 *      net/ipv6/ip6_tunnel.c
  12 */
  13
  14#include <linux/module.h>
  15#include <linux/capability.h>
  16#include <linux/errno.h>
  17#include <linux/types.h>
  18#include <linux/sockios.h>
  19#include <linux/icmp.h>
  20#include <linux/if.h>
  21#include <linux/in.h>
  22#include <linux/ip.h>
  23#include <linux/net.h>
  24#include <linux/in6.h>
  25#include <linux/netdevice.h>
  26#include <linux/if_arp.h>
  27#include <linux/icmpv6.h>
  28#include <linux/init.h>
  29#include <linux/route.h>
  30#include <linux/rtnetlink.h>
  31#include <linux/netfilter_ipv6.h>
  32#include <linux/slab.h>
  33#include <linux/hash.h>
  34
  35#include <linux/uaccess.h>
  36#include <linux/atomic.h>
  37
  38#include <net/icmp.h>
  39#include <net/ip.h>
  40#include <net/ip_tunnels.h>
  41#include <net/ipv6.h>
  42#include <net/ip6_route.h>
  43#include <net/addrconf.h>
  44#include <net/ip6_tunnel.h>
  45#include <net/xfrm.h>
  46#include <net/net_namespace.h>
  47#include <net/netns/generic.h>
  48#include <linux/etherdevice.h>
  49
  50#define IP6_VTI_HASH_SIZE_SHIFT  5
  51#define IP6_VTI_HASH_SIZE (1 << IP6_VTI_HASH_SIZE_SHIFT)
  52
  53static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
  54{
  55        u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2);
  56
  57        return hash_32(hash, IP6_VTI_HASH_SIZE_SHIFT);
  58}
  59
  60static int vti6_dev_init(struct net_device *dev);
  61static void vti6_dev_setup(struct net_device *dev);
  62static struct rtnl_link_ops vti6_link_ops __read_mostly;
  63
  64static unsigned int vti6_net_id __read_mostly;
  65struct vti6_net {
  66        /* the vti6 tunnel fallback device */
  67        struct net_device *fb_tnl_dev;
  68        /* lists for storing tunnels in use */
  69        struct ip6_tnl __rcu *tnls_r_l[IP6_VTI_HASH_SIZE];
  70        struct ip6_tnl __rcu *tnls_wc[1];
  71        struct ip6_tnl __rcu **tnls[2];
  72};
  73
  74#define for_each_vti6_tunnel_rcu(start) \
  75        for (t = rcu_dereference(start); t; t = rcu_dereference(t->next))
  76
  77/**
  78 * vti6_tnl_lookup - fetch tunnel matching the end-point addresses
  79 *   @net: network namespace
  80 *   @remote: the address of the tunnel exit-point
  81 *   @local: the address of the tunnel entry-point
  82 *
  83 * Return:
  84 *   tunnel matching given end-points if found,
  85 *   else fallback tunnel if its device is up,
  86 *   else %NULL
  87 **/
  88static struct ip6_tnl *
  89vti6_tnl_lookup(struct net *net, const struct in6_addr *remote,
  90                const struct in6_addr *local)
  91{
  92        unsigned int hash = HASH(remote, local);
  93        struct ip6_tnl *t;
  94        struct vti6_net *ip6n = net_generic(net, vti6_net_id);
  95        struct in6_addr any;
  96
  97        for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
  98                if (ipv6_addr_equal(local, &t->parms.laddr) &&
  99                    ipv6_addr_equal(remote, &t->parms.raddr) &&
 100                    (t->dev->flags & IFF_UP))
 101                        return t;
 102        }
 103
 104        memset(&any, 0, sizeof(any));
 105        hash = HASH(&any, local);
 106        for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
 107                if (ipv6_addr_equal(local, &t->parms.laddr) &&
 108                    (t->dev->flags & IFF_UP))
 109                        return t;
 110        }
 111
 112        hash = HASH(remote, &any);
 113        for_each_vti6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
 114                if (ipv6_addr_equal(remote, &t->parms.raddr) &&
 115                    (t->dev->flags & IFF_UP))
 116                        return t;
 117        }
 118
 119        t = rcu_dereference(ip6n->tnls_wc[0]);
 120        if (t && (t->dev->flags & IFF_UP))
 121                return t;
 122
 123        return NULL;
 124}
 125
 126/**
 127 * vti6_tnl_bucket - get head of list matching given tunnel parameters
 128 *   @p: parameters containing tunnel end-points
 129 *
 130 * Description:
 131 *   vti6_tnl_bucket() returns the head of the list matching the
 132 *   &struct in6_addr entries laddr and raddr in @p.
 133 *
 134 * Return: head of IPv6 tunnel list
 135 **/
 136static struct ip6_tnl __rcu **
 137vti6_tnl_bucket(struct vti6_net *ip6n, const struct __ip6_tnl_parm *p)
 138{
 139        const struct in6_addr *remote = &p->raddr;
 140        const struct in6_addr *local = &p->laddr;
 141        unsigned int h = 0;
 142        int prio = 0;
 143
 144        if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) {
 145                prio = 1;
 146                h = HASH(remote, local);
 147        }
 148        return &ip6n->tnls[prio][h];
 149}
 150
 151static void
 152vti6_tnl_link(struct vti6_net *ip6n, struct ip6_tnl *t)
 153{
 154        struct ip6_tnl __rcu **tp = vti6_tnl_bucket(ip6n, &t->parms);
 155
 156        rcu_assign_pointer(t->next , rtnl_dereference(*tp));
 157        rcu_assign_pointer(*tp, t);
 158}
 159
 160static void
 161vti6_tnl_unlink(struct vti6_net *ip6n, struct ip6_tnl *t)
 162{
 163        struct ip6_tnl __rcu **tp;
 164        struct ip6_tnl *iter;
 165
 166        for (tp = vti6_tnl_bucket(ip6n, &t->parms);
 167             (iter = rtnl_dereference(*tp)) != NULL;
 168             tp = &iter->next) {
 169                if (t == iter) {
 170                        rcu_assign_pointer(*tp, t->next);
 171                        break;
 172                }
 173        }
 174}
 175
 176static void vti6_dev_free(struct net_device *dev)
 177{
 178        free_percpu(dev->tstats);
 179}
 180
 181static int vti6_tnl_create2(struct net_device *dev)
 182{
 183        struct ip6_tnl *t = netdev_priv(dev);
 184        struct net *net = dev_net(dev);
 185        struct vti6_net *ip6n = net_generic(net, vti6_net_id);
 186        int err;
 187
 188        dev->rtnl_link_ops = &vti6_link_ops;
 189        err = register_netdevice(dev);
 190        if (err < 0)
 191                goto out;
 192
 193        strcpy(t->parms.name, dev->name);
 194
 195        dev_hold(dev);
 196        vti6_tnl_link(ip6n, t);
 197
 198        return 0;
 199
 200out:
 201        return err;
 202}
 203
 204static struct ip6_tnl *vti6_tnl_create(struct net *net, struct __ip6_tnl_parm *p)
 205{
 206        struct net_device *dev;
 207        struct ip6_tnl *t;
 208        char name[IFNAMSIZ];
 209        int err;
 210
 211        if (p->name[0]) {
 212                if (!dev_valid_name(p->name))
 213                        goto failed;
 214                strlcpy(name, p->name, IFNAMSIZ);
 215        } else {
 216                sprintf(name, "ip6_vti%%d");
 217        }
 218
 219        dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, vti6_dev_setup);
 220        if (!dev)
 221                goto failed;
 222
 223        dev_net_set(dev, net);
 224
 225        t = netdev_priv(dev);
 226        t->parms = *p;
 227        t->net = dev_net(dev);
 228
 229        err = vti6_tnl_create2(dev);
 230        if (err < 0)
 231                goto failed_free;
 232
 233        return t;
 234
 235failed_free:
 236        free_netdev(dev);
 237failed:
 238        return NULL;
 239}
 240
 241/**
 242 * vti6_locate - find or create tunnel matching given parameters
 243 *   @net: network namespace
 244 *   @p: tunnel parameters
 245 *   @create: != 0 if allowed to create new tunnel if no match found
 246 *
 247 * Description:
 248 *   vti6_locate() first tries to locate an existing tunnel
 249 *   based on @parms. If this is unsuccessful, but @create is set a new
 250 *   tunnel device is created and registered for use.
 251 *
 252 * Return:
 253 *   matching tunnel or NULL
 254 **/
 255static struct ip6_tnl *vti6_locate(struct net *net, struct __ip6_tnl_parm *p,
 256                                   int create)
 257{
 258        const struct in6_addr *remote = &p->raddr;
 259        const struct in6_addr *local = &p->laddr;
 260        struct ip6_tnl __rcu **tp;
 261        struct ip6_tnl *t;
 262        struct vti6_net *ip6n = net_generic(net, vti6_net_id);
 263
 264        for (tp = vti6_tnl_bucket(ip6n, p);
 265             (t = rtnl_dereference(*tp)) != NULL;
 266             tp = &t->next) {
 267                if (ipv6_addr_equal(local, &t->parms.laddr) &&
 268                    ipv6_addr_equal(remote, &t->parms.raddr)) {
 269                        if (create)
 270                                return NULL;
 271
 272                        return t;
 273                }
 274        }
 275        if (!create)
 276                return NULL;
 277        return vti6_tnl_create(net, p);
 278}
 279
 280/**
 281 * vti6_dev_uninit - tunnel device uninitializer
 282 *   @dev: the device to be destroyed
 283 *
 284 * Description:
 285 *   vti6_dev_uninit() removes tunnel from its list
 286 **/
 287static void vti6_dev_uninit(struct net_device *dev)
 288{
 289        struct ip6_tnl *t = netdev_priv(dev);
 290        struct vti6_net *ip6n = net_generic(t->net, vti6_net_id);
 291
 292        if (dev == ip6n->fb_tnl_dev)
 293                RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL);
 294        else
 295                vti6_tnl_unlink(ip6n, t);
 296        dev_put(dev);
 297}
 298
 299static int vti6_input_proto(struct sk_buff *skb, int nexthdr, __be32 spi,
 300                            int encap_type)
 301{
 302        struct ip6_tnl *t;
 303        const struct ipv6hdr *ipv6h = ipv6_hdr(skb);
 304
 305        rcu_read_lock();
 306        t = vti6_tnl_lookup(dev_net(skb->dev), &ipv6h->saddr, &ipv6h->daddr);
 307        if (t) {
 308                if (t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) {
 309                        rcu_read_unlock();
 310                        goto discard;
 311                }
 312
 313                if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
 314                        rcu_read_unlock();
 315                        goto discard;
 316                }
 317
 318                ipv6h = ipv6_hdr(skb);
 319                if (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr)) {
 320                        t->dev->stats.rx_dropped++;
 321                        rcu_read_unlock();
 322                        goto discard;
 323                }
 324
 325                rcu_read_unlock();
 326
 327                XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = t;
 328                XFRM_SPI_SKB_CB(skb)->family = AF_INET6;
 329                XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct ipv6hdr, daddr);
 330                return xfrm_input(skb, nexthdr, spi, encap_type);
 331        }
 332        rcu_read_unlock();
 333        return -EINVAL;
 334discard:
 335        kfree_skb(skb);
 336        return 0;
 337}
 338
 339static int vti6_rcv(struct sk_buff *skb)
 340{
 341        int nexthdr = skb_network_header(skb)[IP6CB(skb)->nhoff];
 342
 343        return vti6_input_proto(skb, nexthdr, 0, 0);
 344}
 345
 346static int vti6_rcv_cb(struct sk_buff *skb, int err)
 347{
 348        unsigned short family;
 349        struct net_device *dev;
 350        struct pcpu_sw_netstats *tstats;
 351        struct xfrm_state *x;
 352        const struct xfrm_mode *inner_mode;
 353        struct ip6_tnl *t = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6;
 354        u32 orig_mark = skb->mark;
 355        int ret;
 356
 357        if (!t)
 358                return 1;
 359
 360        dev = t->dev;
 361
 362        if (err) {
 363                dev->stats.rx_errors++;
 364                dev->stats.rx_dropped++;
 365
 366                return 0;
 367        }
 368
 369        x = xfrm_input_state(skb);
 370
 371        inner_mode = &x->inner_mode;
 372
 373        if (x->sel.family == AF_UNSPEC) {
 374                inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
 375                if (inner_mode == NULL) {
 376                        XFRM_INC_STATS(dev_net(skb->dev),
 377                                       LINUX_MIB_XFRMINSTATEMODEERROR);
 378                        return -EINVAL;
 379                }
 380        }
 381
 382        family = inner_mode->family;
 383
 384        skb->mark = be32_to_cpu(t->parms.i_key);
 385        ret = xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family);
 386        skb->mark = orig_mark;
 387
 388        if (!ret)
 389                return -EPERM;
 390
 391        skb_scrub_packet(skb, !net_eq(t->net, dev_net(skb->dev)));
 392        skb->dev = dev;
 393
 394        tstats = this_cpu_ptr(dev->tstats);
 395        u64_stats_update_begin(&tstats->syncp);
 396        tstats->rx_packets++;
 397        tstats->rx_bytes += skb->len;
 398        u64_stats_update_end(&tstats->syncp);
 399
 400        return 0;
 401}
 402
 403/**
 404 * vti6_addr_conflict - compare packet addresses to tunnel's own
 405 *   @t: the outgoing tunnel device
 406 *   @hdr: IPv6 header from the incoming packet
 407 *
 408 * Description:
 409 *   Avoid trivial tunneling loop by checking that tunnel exit-point
 410 *   doesn't match source of incoming packet.
 411 *
 412 * Return:
 413 *   1 if conflict,
 414 *   0 else
 415 **/
 416static inline bool
 417vti6_addr_conflict(const struct ip6_tnl *t, const struct ipv6hdr *hdr)
 418{
 419        return ipv6_addr_equal(&t->parms.raddr, &hdr->saddr);
 420}
 421
 422static bool vti6_state_check(const struct xfrm_state *x,
 423                             const struct in6_addr *dst,
 424                             const struct in6_addr *src)
 425{
 426        xfrm_address_t *daddr = (xfrm_address_t *)dst;
 427        xfrm_address_t *saddr = (xfrm_address_t *)src;
 428
 429        /* if there is no transform then this tunnel is not functional.
 430         * Or if the xfrm is not mode tunnel.
 431         */
 432        if (!x || x->props.mode != XFRM_MODE_TUNNEL ||
 433            x->props.family != AF_INET6)
 434                return false;
 435
 436        if (ipv6_addr_any(dst))
 437                return xfrm_addr_equal(saddr, &x->props.saddr, AF_INET6);
 438
 439        if (!xfrm_state_addr_check(x, daddr, saddr, AF_INET6))
 440                return false;
 441
 442        return true;
 443}
 444
 445/**
 446 * vti6_xmit - send a packet
 447 *   @skb: the outgoing socket buffer
 448 *   @dev: the outgoing tunnel device
 449 *   @fl: the flow informations for the xfrm_lookup
 450 **/
 451static int
 452vti6_xmit(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
 453{
 454        struct ip6_tnl *t = netdev_priv(dev);
 455        struct net_device_stats *stats = &t->dev->stats;
 456        struct dst_entry *dst = skb_dst(skb);
 457        struct net_device *tdev;
 458        struct xfrm_state *x;
 459        int pkt_len = skb->len;
 460        int err = -1;
 461        int mtu;
 462
 463        if (!dst) {
 464                switch (skb->protocol) {
 465                case htons(ETH_P_IP): {
 466                        struct rtable *rt;
 467
 468                        fl->u.ip4.flowi4_oif = dev->ifindex;
 469                        fl->u.ip4.flowi4_flags |= FLOWI_FLAG_ANYSRC;
 470                        rt = __ip_route_output_key(dev_net(dev), &fl->u.ip4);
 471                        if (IS_ERR(rt))
 472                                goto tx_err_link_failure;
 473                        dst = &rt->dst;
 474                        skb_dst_set(skb, dst);
 475                        break;
 476                }
 477                case htons(ETH_P_IPV6):
 478                        fl->u.ip6.flowi6_oif = dev->ifindex;
 479                        fl->u.ip6.flowi6_flags |= FLOWI_FLAG_ANYSRC;
 480                        dst = ip6_route_output(dev_net(dev), NULL, &fl->u.ip6);
 481                        if (dst->error) {
 482                                dst_release(dst);
 483                                dst = NULL;
 484                                goto tx_err_link_failure;
 485                        }
 486                        skb_dst_set(skb, dst);
 487                        break;
 488                default:
 489                        goto tx_err_link_failure;
 490                }
 491        }
 492
 493        dst_hold(dst);
 494        dst = xfrm_lookup(t->net, dst, fl, NULL, 0);
 495        if (IS_ERR(dst)) {
 496                err = PTR_ERR(dst);
 497                dst = NULL;
 498                goto tx_err_link_failure;
 499        }
 500
 501        x = dst->xfrm;
 502        if (!vti6_state_check(x, &t->parms.raddr, &t->parms.laddr))
 503                goto tx_err_link_failure;
 504
 505        if (!ip6_tnl_xmit_ctl(t, (const struct in6_addr *)&x->props.saddr,
 506                              (const struct in6_addr *)&x->id.daddr))
 507                goto tx_err_link_failure;
 508
 509        tdev = dst->dev;
 510
 511        if (tdev == dev) {
 512                stats->collisions++;
 513                net_warn_ratelimited("%s: Local routing loop detected!\n",
 514                                     t->parms.name);
 515                goto tx_err_dst_release;
 516        }
 517
 518        mtu = dst_mtu(dst);
 519        if (skb->len > mtu) {
 520                skb_dst_update_pmtu_no_confirm(skb, mtu);
 521
 522                if (skb->protocol == htons(ETH_P_IPV6)) {
 523                        if (mtu < IPV6_MIN_MTU)
 524                                mtu = IPV6_MIN_MTU;
 525
 526                        icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
 527                } else {
 528                        icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
 529                                  htonl(mtu));
 530                }
 531
 532                err = -EMSGSIZE;
 533                goto tx_err_dst_release;
 534        }
 535
 536        skb_scrub_packet(skb, !net_eq(t->net, dev_net(dev)));
 537        skb_dst_set(skb, dst);
 538        skb->dev = skb_dst(skb)->dev;
 539
 540        err = dst_output(t->net, skb->sk, skb);
 541        if (net_xmit_eval(err) == 0)
 542                err = pkt_len;
 543        iptunnel_xmit_stats(dev, err);
 544
 545        return 0;
 546tx_err_link_failure:
 547        stats->tx_carrier_errors++;
 548        dst_link_failure(skb);
 549tx_err_dst_release:
 550        dst_release(dst);
 551        return err;
 552}
 553
 554static netdev_tx_t
 555vti6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
 556{
 557        struct ip6_tnl *t = netdev_priv(dev);
 558        struct net_device_stats *stats = &t->dev->stats;
 559        struct flowi fl;
 560        int ret;
 561
 562        if (!pskb_inet_may_pull(skb))
 563                goto tx_err;
 564
 565        memset(&fl, 0, sizeof(fl));
 566
 567        switch (skb->protocol) {
 568        case htons(ETH_P_IPV6):
 569                if ((t->parms.proto != IPPROTO_IPV6 && t->parms.proto != 0) ||
 570                    vti6_addr_conflict(t, ipv6_hdr(skb)))
 571                        goto tx_err;
 572
 573                xfrm_decode_session(skb, &fl, AF_INET6);
 574                memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
 575                break;
 576        case htons(ETH_P_IP):
 577                xfrm_decode_session(skb, &fl, AF_INET);
 578                memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
 579                break;
 580        default:
 581                goto tx_err;
 582        }
 583
 584        /* override mark with tunnel output key */
 585        fl.flowi_mark = be32_to_cpu(t->parms.o_key);
 586
 587        ret = vti6_xmit(skb, dev, &fl);
 588        if (ret < 0)
 589                goto tx_err;
 590
 591        return NETDEV_TX_OK;
 592
 593tx_err:
 594        stats->tx_errors++;
 595        stats->tx_dropped++;
 596        kfree_skb(skb);
 597        return NETDEV_TX_OK;
 598}
 599
 600static int vti6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
 601                    u8 type, u8 code, int offset, __be32 info)
 602{
 603        __be32 spi;
 604        __u32 mark;
 605        struct xfrm_state *x;
 606        struct ip6_tnl *t;
 607        struct ip_esp_hdr *esph;
 608        struct ip_auth_hdr *ah;
 609        struct ip_comp_hdr *ipch;
 610        struct net *net = dev_net(skb->dev);
 611        const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
 612        int protocol = iph->nexthdr;
 613
 614        t = vti6_tnl_lookup(dev_net(skb->dev), &iph->daddr, &iph->saddr);
 615        if (!t)
 616                return -1;
 617
 618        mark = be32_to_cpu(t->parms.o_key);
 619
 620        switch (protocol) {
 621        case IPPROTO_ESP:
 622                esph = (struct ip_esp_hdr *)(skb->data + offset);
 623                spi = esph->spi;
 624                break;
 625        case IPPROTO_AH:
 626                ah = (struct ip_auth_hdr *)(skb->data + offset);
 627                spi = ah->spi;
 628                break;
 629        case IPPROTO_COMP:
 630                ipch = (struct ip_comp_hdr *)(skb->data + offset);
 631                spi = htonl(ntohs(ipch->cpi));
 632                break;
 633        default:
 634                return 0;
 635        }
 636
 637        if (type != ICMPV6_PKT_TOOBIG &&
 638            type != NDISC_REDIRECT)
 639                return 0;
 640
 641        x = xfrm_state_lookup(net, mark, (const xfrm_address_t *)&iph->daddr,
 642                              spi, protocol, AF_INET6);
 643        if (!x)
 644                return 0;
 645
 646        if (type == NDISC_REDIRECT)
 647                ip6_redirect(skb, net, skb->dev->ifindex, 0,
 648                             sock_net_uid(net, NULL));
 649        else
 650                ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
 651        xfrm_state_put(x);
 652
 653        return 0;
 654}
 655
 656static void vti6_link_config(struct ip6_tnl *t, bool keep_mtu)
 657{
 658        struct net_device *dev = t->dev;
 659        struct __ip6_tnl_parm *p = &t->parms;
 660        struct net_device *tdev = NULL;
 661        int mtu;
 662
 663        memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr));
 664        memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr));
 665
 666        p->flags &= ~(IP6_TNL_F_CAP_XMIT | IP6_TNL_F_CAP_RCV |
 667                      IP6_TNL_F_CAP_PER_PACKET);
 668        p->flags |= ip6_tnl_get_cap(t, &p->laddr, &p->raddr);
 669
 670        if (p->flags & IP6_TNL_F_CAP_XMIT && p->flags & IP6_TNL_F_CAP_RCV)
 671                dev->flags |= IFF_POINTOPOINT;
 672        else
 673                dev->flags &= ~IFF_POINTOPOINT;
 674
 675        if (keep_mtu && dev->mtu) {
 676                dev->mtu = clamp(dev->mtu, dev->min_mtu, dev->max_mtu);
 677                return;
 678        }
 679
 680        if (p->flags & IP6_TNL_F_CAP_XMIT) {
 681                int strict = (ipv6_addr_type(&p->raddr) &
 682                              (IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL));
 683                struct rt6_info *rt = rt6_lookup(t->net,
 684                                                 &p->raddr, &p->laddr,
 685                                                 p->link, NULL, strict);
 686
 687                if (rt)
 688                        tdev = rt->dst.dev;
 689                ip6_rt_put(rt);
 690        }
 691
 692        if (!tdev && p->link)
 693                tdev = __dev_get_by_index(t->net, p->link);
 694
 695        if (tdev)
 696                mtu = tdev->mtu - sizeof(struct ipv6hdr);
 697        else
 698                mtu = ETH_DATA_LEN - LL_MAX_HEADER - sizeof(struct ipv6hdr);
 699
 700        dev->mtu = max_t(int, mtu, IPV4_MIN_MTU);
 701}
 702
 703/**
 704 * vti6_tnl_change - update the tunnel parameters
 705 *   @t: tunnel to be changed
 706 *   @p: tunnel configuration parameters
 707 *   @keep_mtu: MTU was set from userspace, don't re-compute it
 708 *
 709 * Description:
 710 *   vti6_tnl_change() updates the tunnel parameters
 711 **/
 712static int
 713vti6_tnl_change(struct ip6_tnl *t, const struct __ip6_tnl_parm *p,
 714                bool keep_mtu)
 715{
 716        t->parms.laddr = p->laddr;
 717        t->parms.raddr = p->raddr;
 718        t->parms.link = p->link;
 719        t->parms.i_key = p->i_key;
 720        t->parms.o_key = p->o_key;
 721        t->parms.proto = p->proto;
 722        t->parms.fwmark = p->fwmark;
 723        dst_cache_reset(&t->dst_cache);
 724        vti6_link_config(t, keep_mtu);
 725        return 0;
 726}
 727
 728static int vti6_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p,
 729                       bool keep_mtu)
 730{
 731        struct net *net = dev_net(t->dev);
 732        struct vti6_net *ip6n = net_generic(net, vti6_net_id);
 733        int err;
 734
 735        vti6_tnl_unlink(ip6n, t);
 736        synchronize_net();
 737        err = vti6_tnl_change(t, p, keep_mtu);
 738        vti6_tnl_link(ip6n, t);
 739        netdev_state_change(t->dev);
 740        return err;
 741}
 742
 743static void
 744vti6_parm_from_user(struct __ip6_tnl_parm *p, const struct ip6_tnl_parm2 *u)
 745{
 746        p->laddr = u->laddr;
 747        p->raddr = u->raddr;
 748        p->link = u->link;
 749        p->i_key = u->i_key;
 750        p->o_key = u->o_key;
 751        p->proto = u->proto;
 752
 753        memcpy(p->name, u->name, sizeof(u->name));
 754}
 755
 756static void
 757vti6_parm_to_user(struct ip6_tnl_parm2 *u, const struct __ip6_tnl_parm *p)
 758{
 759        u->laddr = p->laddr;
 760        u->raddr = p->raddr;
 761        u->link = p->link;
 762        u->i_key = p->i_key;
 763        u->o_key = p->o_key;
 764        if (u->i_key)
 765                u->i_flags |= GRE_KEY;
 766        if (u->o_key)
 767                u->o_flags |= GRE_KEY;
 768        u->proto = p->proto;
 769
 770        memcpy(u->name, p->name, sizeof(u->name));
 771}
 772
 773/**
 774 * vti6_ioctl - configure vti6 tunnels from userspace
 775 *   @dev: virtual device associated with tunnel
 776 *   @ifr: parameters passed from userspace
 777 *   @cmd: command to be performed
 778 *
 779 * Description:
 780 *   vti6_ioctl() is used for managing vti6 tunnels
 781 *   from userspace.
 782 *
 783 *   The possible commands are the following:
 784 *     %SIOCGETTUNNEL: get tunnel parameters for device
 785 *     %SIOCADDTUNNEL: add tunnel matching given tunnel parameters
 786 *     %SIOCCHGTUNNEL: change tunnel parameters to those given
 787 *     %SIOCDELTUNNEL: delete tunnel
 788 *
 789 *   The fallback device "ip6_vti0", created during module
 790 *   initialization, can be used for creating other tunnel devices.
 791 *
 792 * Return:
 793 *   0 on success,
 794 *   %-EFAULT if unable to copy data to or from userspace,
 795 *   %-EPERM if current process hasn't %CAP_NET_ADMIN set
 796 *   %-EINVAL if passed tunnel parameters are invalid,
 797 *   %-EEXIST if changing a tunnel's parameters would cause a conflict
 798 *   %-ENODEV if attempting to change or delete a nonexisting device
 799 **/
 800static int
 801vti6_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
 802{
 803        int err = 0;
 804        struct ip6_tnl_parm2 p;
 805        struct __ip6_tnl_parm p1;
 806        struct ip6_tnl *t = NULL;
 807        struct net *net = dev_net(dev);
 808        struct vti6_net *ip6n = net_generic(net, vti6_net_id);
 809
 810        switch (cmd) {
 811        case SIOCGETTUNNEL:
 812                if (dev == ip6n->fb_tnl_dev) {
 813                        if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
 814                                err = -EFAULT;
 815                                break;
 816                        }
 817                        vti6_parm_from_user(&p1, &p);
 818                        t = vti6_locate(net, &p1, 0);
 819                } else {
 820                        memset(&p, 0, sizeof(p));
 821                }
 822                if (!t)
 823                        t = netdev_priv(dev);
 824                vti6_parm_to_user(&p, &t->parms);
 825                if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
 826                        err = -EFAULT;
 827                break;
 828        case SIOCADDTUNNEL:
 829        case SIOCCHGTUNNEL:
 830                err = -EPERM;
 831                if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
 832                        break;
 833                err = -EFAULT;
 834                if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
 835                        break;
 836                err = -EINVAL;
 837                if (p.proto != IPPROTO_IPV6  && p.proto != 0)
 838                        break;
 839                vti6_parm_from_user(&p1, &p);
 840                t = vti6_locate(net, &p1, cmd == SIOCADDTUNNEL);
 841                if (dev != ip6n->fb_tnl_dev && cmd == SIOCCHGTUNNEL) {
 842                        if (t) {
 843                                if (t->dev != dev) {
 844                                        err = -EEXIST;
 845                                        break;
 846                                }
 847                        } else
 848                                t = netdev_priv(dev);
 849
 850                        err = vti6_update(t, &p1, false);
 851                }
 852                if (t) {
 853                        err = 0;
 854                        vti6_parm_to_user(&p, &t->parms);
 855                        if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
 856                                err = -EFAULT;
 857
 858                } else
 859                        err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
 860                break;
 861        case SIOCDELTUNNEL:
 862                err = -EPERM;
 863                if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
 864                        break;
 865
 866                if (dev == ip6n->fb_tnl_dev) {
 867                        err = -EFAULT;
 868                        if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
 869                                break;
 870                        err = -ENOENT;
 871                        vti6_parm_from_user(&p1, &p);
 872                        t = vti6_locate(net, &p1, 0);
 873                        if (!t)
 874                                break;
 875                        err = -EPERM;
 876                        if (t->dev == ip6n->fb_tnl_dev)
 877                                break;
 878                        dev = t->dev;
 879                }
 880                err = 0;
 881                unregister_netdevice(dev);
 882                break;
 883        default:
 884                err = -EINVAL;
 885        }
 886        return err;
 887}
 888
 889static const struct net_device_ops vti6_netdev_ops = {
 890        .ndo_init       = vti6_dev_init,
 891        .ndo_uninit     = vti6_dev_uninit,
 892        .ndo_start_xmit = vti6_tnl_xmit,
 893        .ndo_do_ioctl   = vti6_ioctl,
 894        .ndo_get_stats64 = ip_tunnel_get_stats64,
 895        .ndo_get_iflink = ip6_tnl_get_iflink,
 896};
 897
 898/**
 899 * vti6_dev_setup - setup virtual tunnel device
 900 *   @dev: virtual device associated with tunnel
 901 *
 902 * Description:
 903 *   Initialize function pointers and device parameters
 904 **/
 905static void vti6_dev_setup(struct net_device *dev)
 906{
 907        dev->netdev_ops = &vti6_netdev_ops;
 908        dev->header_ops = &ip_tunnel_header_ops;
 909        dev->needs_free_netdev = true;
 910        dev->priv_destructor = vti6_dev_free;
 911
 912        dev->type = ARPHRD_TUNNEL6;
 913        dev->min_mtu = IPV4_MIN_MTU;
 914        dev->max_mtu = IP_MAX_MTU - sizeof(struct ipv6hdr);
 915        dev->flags |= IFF_NOARP;
 916        dev->addr_len = sizeof(struct in6_addr);
 917        netif_keep_dst(dev);
 918        /* This perm addr will be used as interface identifier by IPv6 */
 919        dev->addr_assign_type = NET_ADDR_RANDOM;
 920        eth_random_addr(dev->perm_addr);
 921}
 922
 923/**
 924 * vti6_dev_init_gen - general initializer for all tunnel devices
 925 *   @dev: virtual device associated with tunnel
 926 **/
 927static inline int vti6_dev_init_gen(struct net_device *dev)
 928{
 929        struct ip6_tnl *t = netdev_priv(dev);
 930
 931        t->dev = dev;
 932        t->net = dev_net(dev);
 933        dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
 934        if (!dev->tstats)
 935                return -ENOMEM;
 936        return 0;
 937}
 938
 939/**
 940 * vti6_dev_init - initializer for all non fallback tunnel devices
 941 *   @dev: virtual device associated with tunnel
 942 **/
 943static int vti6_dev_init(struct net_device *dev)
 944{
 945        struct ip6_tnl *t = netdev_priv(dev);
 946        int err = vti6_dev_init_gen(dev);
 947
 948        if (err)
 949                return err;
 950        vti6_link_config(t, true);
 951        return 0;
 952}
 953
 954/**
 955 * vti6_fb_tnl_dev_init - initializer for fallback tunnel device
 956 *   @dev: fallback device
 957 *
 958 * Return: 0
 959 **/
 960static int __net_init vti6_fb_tnl_dev_init(struct net_device *dev)
 961{
 962        struct ip6_tnl *t = netdev_priv(dev);
 963        struct net *net = dev_net(dev);
 964        struct vti6_net *ip6n = net_generic(net, vti6_net_id);
 965
 966        t->parms.proto = IPPROTO_IPV6;
 967        dev_hold(dev);
 968
 969        rcu_assign_pointer(ip6n->tnls_wc[0], t);
 970        return 0;
 971}
 972
 973static int vti6_validate(struct nlattr *tb[], struct nlattr *data[],
 974                         struct netlink_ext_ack *extack)
 975{
 976        return 0;
 977}
 978
 979static void vti6_netlink_parms(struct nlattr *data[],
 980                               struct __ip6_tnl_parm *parms)
 981{
 982        memset(parms, 0, sizeof(*parms));
 983
 984        if (!data)
 985                return;
 986
 987        if (data[IFLA_VTI_LINK])
 988                parms->link = nla_get_u32(data[IFLA_VTI_LINK]);
 989
 990        if (data[IFLA_VTI_LOCAL])
 991                parms->laddr = nla_get_in6_addr(data[IFLA_VTI_LOCAL]);
 992
 993        if (data[IFLA_VTI_REMOTE])
 994                parms->raddr = nla_get_in6_addr(data[IFLA_VTI_REMOTE]);
 995
 996        if (data[IFLA_VTI_IKEY])
 997                parms->i_key = nla_get_be32(data[IFLA_VTI_IKEY]);
 998
 999        if (data[IFLA_VTI_OKEY])
1000                parms->o_key = nla_get_be32(data[IFLA_VTI_OKEY]);
1001
1002        if (data[IFLA_VTI_FWMARK])
1003                parms->fwmark = nla_get_u32(data[IFLA_VTI_FWMARK]);
1004}
1005
1006static int vti6_newlink(struct net *src_net, struct net_device *dev,
1007                        struct nlattr *tb[], struct nlattr *data[],
1008                        struct netlink_ext_ack *extack)
1009{
1010        struct net *net = dev_net(dev);
1011        struct ip6_tnl *nt;
1012
1013        nt = netdev_priv(dev);
1014        vti6_netlink_parms(data, &nt->parms);
1015
1016        nt->parms.proto = IPPROTO_IPV6;
1017
1018        if (vti6_locate(net, &nt->parms, 0))
1019                return -EEXIST;
1020
1021        return vti6_tnl_create2(dev);
1022}
1023
1024static void vti6_dellink(struct net_device *dev, struct list_head *head)
1025{
1026        struct net *net = dev_net(dev);
1027        struct vti6_net *ip6n = net_generic(net, vti6_net_id);
1028
1029        if (dev != ip6n->fb_tnl_dev)
1030                unregister_netdevice_queue(dev, head);
1031}
1032
1033static int vti6_changelink(struct net_device *dev, struct nlattr *tb[],
1034                           struct nlattr *data[],
1035                           struct netlink_ext_ack *extack)
1036{
1037        struct ip6_tnl *t;
1038        struct __ip6_tnl_parm p;
1039        struct net *net = dev_net(dev);
1040        struct vti6_net *ip6n = net_generic(net, vti6_net_id);
1041
1042        if (dev == ip6n->fb_tnl_dev)
1043                return -EINVAL;
1044
1045        vti6_netlink_parms(data, &p);
1046
1047        t = vti6_locate(net, &p, 0);
1048
1049        if (t) {
1050                if (t->dev != dev)
1051                        return -EEXIST;
1052        } else
1053                t = netdev_priv(dev);
1054
1055        return vti6_update(t, &p, tb && tb[IFLA_MTU]);
1056}
1057
1058static size_t vti6_get_size(const struct net_device *dev)
1059{
1060        return
1061                /* IFLA_VTI_LINK */
1062                nla_total_size(4) +
1063                /* IFLA_VTI_LOCAL */
1064                nla_total_size(sizeof(struct in6_addr)) +
1065                /* IFLA_VTI_REMOTE */
1066                nla_total_size(sizeof(struct in6_addr)) +
1067                /* IFLA_VTI_IKEY */
1068                nla_total_size(4) +
1069                /* IFLA_VTI_OKEY */
1070                nla_total_size(4) +
1071                /* IFLA_VTI_FWMARK */
1072                nla_total_size(4) +
1073                0;
1074}
1075
1076static int vti6_fill_info(struct sk_buff *skb, const struct net_device *dev)
1077{
1078        struct ip6_tnl *tunnel = netdev_priv(dev);
1079        struct __ip6_tnl_parm *parm = &tunnel->parms;
1080
1081        if (nla_put_u32(skb, IFLA_VTI_LINK, parm->link) ||
1082            nla_put_in6_addr(skb, IFLA_VTI_LOCAL, &parm->laddr) ||
1083            nla_put_in6_addr(skb, IFLA_VTI_REMOTE, &parm->raddr) ||
1084            nla_put_be32(skb, IFLA_VTI_IKEY, parm->i_key) ||
1085            nla_put_be32(skb, IFLA_VTI_OKEY, parm->o_key) ||
1086            nla_put_u32(skb, IFLA_VTI_FWMARK, parm->fwmark))
1087                goto nla_put_failure;
1088        return 0;
1089
1090nla_put_failure:
1091        return -EMSGSIZE;
1092}
1093
1094static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = {
1095        [IFLA_VTI_LINK]         = { .type = NLA_U32 },
1096        [IFLA_VTI_LOCAL]        = { .len = sizeof(struct in6_addr) },
1097        [IFLA_VTI_REMOTE]       = { .len = sizeof(struct in6_addr) },
1098        [IFLA_VTI_IKEY]         = { .type = NLA_U32 },
1099        [IFLA_VTI_OKEY]         = { .type = NLA_U32 },
1100        [IFLA_VTI_FWMARK]       = { .type = NLA_U32 },
1101};
1102
1103static struct rtnl_link_ops vti6_link_ops __read_mostly = {
1104        .kind           = "vti6",
1105        .maxtype        = IFLA_VTI_MAX,
1106        .policy         = vti6_policy,
1107        .priv_size      = sizeof(struct ip6_tnl),
1108        .setup          = vti6_dev_setup,
1109        .validate       = vti6_validate,
1110        .newlink        = vti6_newlink,
1111        .dellink        = vti6_dellink,
1112        .changelink     = vti6_changelink,
1113        .get_size       = vti6_get_size,
1114        .fill_info      = vti6_fill_info,
1115        .get_link_net   = ip6_tnl_get_link_net,
1116};
1117
1118static void __net_exit vti6_destroy_tunnels(struct vti6_net *ip6n,
1119                                            struct list_head *list)
1120{
1121        int h;
1122        struct ip6_tnl *t;
1123
1124        for (h = 0; h < IP6_VTI_HASH_SIZE; h++) {
1125                t = rtnl_dereference(ip6n->tnls_r_l[h]);
1126                while (t) {
1127                        unregister_netdevice_queue(t->dev, list);
1128                        t = rtnl_dereference(t->next);
1129                }
1130        }
1131
1132        t = rtnl_dereference(ip6n->tnls_wc[0]);
1133        if (t)
1134                unregister_netdevice_queue(t->dev, list);
1135}
1136
1137static int __net_init vti6_init_net(struct net *net)
1138{
1139        struct vti6_net *ip6n = net_generic(net, vti6_net_id);
1140        struct ip6_tnl *t = NULL;
1141        int err;
1142
1143        ip6n->tnls[0] = ip6n->tnls_wc;
1144        ip6n->tnls[1] = ip6n->tnls_r_l;
1145
1146        if (!net_has_fallback_tunnels(net))
1147                return 0;
1148        err = -ENOMEM;
1149        ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6_vti0",
1150                                        NET_NAME_UNKNOWN, vti6_dev_setup);
1151
1152        if (!ip6n->fb_tnl_dev)
1153                goto err_alloc_dev;
1154        dev_net_set(ip6n->fb_tnl_dev, net);
1155        ip6n->fb_tnl_dev->rtnl_link_ops = &vti6_link_ops;
1156
1157        err = vti6_fb_tnl_dev_init(ip6n->fb_tnl_dev);
1158        if (err < 0)
1159                goto err_register;
1160
1161        err = register_netdev(ip6n->fb_tnl_dev);
1162        if (err < 0)
1163                goto err_register;
1164
1165        t = netdev_priv(ip6n->fb_tnl_dev);
1166
1167        strcpy(t->parms.name, ip6n->fb_tnl_dev->name);
1168        return 0;
1169
1170err_register:
1171        free_netdev(ip6n->fb_tnl_dev);
1172err_alloc_dev:
1173        return err;
1174}
1175
1176static void __net_exit vti6_exit_batch_net(struct list_head *net_list)
1177{
1178        struct vti6_net *ip6n;
1179        struct net *net;
1180        LIST_HEAD(list);
1181
1182        rtnl_lock();
1183        list_for_each_entry(net, net_list, exit_list) {
1184                ip6n = net_generic(net, vti6_net_id);
1185                vti6_destroy_tunnels(ip6n, &list);
1186        }
1187        unregister_netdevice_many(&list);
1188        rtnl_unlock();
1189}
1190
1191static struct pernet_operations vti6_net_ops = {
1192        .init = vti6_init_net,
1193        .exit_batch = vti6_exit_batch_net,
1194        .id   = &vti6_net_id,
1195        .size = sizeof(struct vti6_net),
1196};
1197
1198static struct xfrm6_protocol vti_esp6_protocol __read_mostly = {
1199        .handler        =       vti6_rcv,
1200        .input_handler  =       vti6_input_proto,
1201        .cb_handler     =       vti6_rcv_cb,
1202        .err_handler    =       vti6_err,
1203        .priority       =       100,
1204};
1205
1206static struct xfrm6_protocol vti_ah6_protocol __read_mostly = {
1207        .handler        =       vti6_rcv,
1208        .input_handler  =       vti6_input_proto,
1209        .cb_handler     =       vti6_rcv_cb,
1210        .err_handler    =       vti6_err,
1211        .priority       =       100,
1212};
1213
1214static struct xfrm6_protocol vti_ipcomp6_protocol __read_mostly = {
1215        .handler        =       vti6_rcv,
1216        .input_handler  =       vti6_input_proto,
1217        .cb_handler     =       vti6_rcv_cb,
1218        .err_handler    =       vti6_err,
1219        .priority       =       100,
1220};
1221
1222/**
1223 * vti6_tunnel_init - register protocol and reserve needed resources
1224 *
1225 * Return: 0 on success
1226 **/
1227static int __init vti6_tunnel_init(void)
1228{
1229        const char *msg;
1230        int err;
1231
1232        msg = "tunnel device";
1233        err = register_pernet_device(&vti6_net_ops);
1234        if (err < 0)
1235                goto pernet_dev_failed;
1236
1237        msg = "tunnel protocols";
1238        err = xfrm6_protocol_register(&vti_esp6_protocol, IPPROTO_ESP);
1239        if (err < 0)
1240                goto xfrm_proto_esp_failed;
1241        err = xfrm6_protocol_register(&vti_ah6_protocol, IPPROTO_AH);
1242        if (err < 0)
1243                goto xfrm_proto_ah_failed;
1244        err = xfrm6_protocol_register(&vti_ipcomp6_protocol, IPPROTO_COMP);
1245        if (err < 0)
1246                goto xfrm_proto_comp_failed;
1247
1248        msg = "netlink interface";
1249        err = rtnl_link_register(&vti6_link_ops);
1250        if (err < 0)
1251                goto rtnl_link_failed;
1252
1253        return 0;
1254
1255rtnl_link_failed:
1256        xfrm6_protocol_deregister(&vti_ipcomp6_protocol, IPPROTO_COMP);
1257xfrm_proto_comp_failed:
1258        xfrm6_protocol_deregister(&vti_ah6_protocol, IPPROTO_AH);
1259xfrm_proto_ah_failed:
1260        xfrm6_protocol_deregister(&vti_esp6_protocol, IPPROTO_ESP);
1261xfrm_proto_esp_failed:
1262        unregister_pernet_device(&vti6_net_ops);
1263pernet_dev_failed:
1264        pr_err("vti6 init: failed to register %s\n", msg);
1265        return err;
1266}
1267
1268/**
1269 * vti6_tunnel_cleanup - free resources and unregister protocol
1270 **/
1271static void __exit vti6_tunnel_cleanup(void)
1272{
1273        rtnl_link_unregister(&vti6_link_ops);
1274        xfrm6_protocol_deregister(&vti_ipcomp6_protocol, IPPROTO_COMP);
1275        xfrm6_protocol_deregister(&vti_ah6_protocol, IPPROTO_AH);
1276        xfrm6_protocol_deregister(&vti_esp6_protocol, IPPROTO_ESP);
1277        unregister_pernet_device(&vti6_net_ops);
1278}
1279
1280module_init(vti6_tunnel_init);
1281module_exit(vti6_tunnel_cleanup);
1282MODULE_LICENSE("GPL");
1283MODULE_ALIAS_RTNL_LINK("vti6");
1284MODULE_ALIAS_NETDEV("ip6_vti0");
1285MODULE_AUTHOR("Steffen Klassert");
1286MODULE_DESCRIPTION("IPv6 virtual tunnel interface");
1287