Merge branch 'fix/misc' into for-linus
[linux-2.6] / net / ipv4 / ip_gre.c
1 /*
2  *      Linux NET3:     GRE over IP protocol decoder.
3  *
4  *      Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
5  *
6  *      This program is free software; you can redistribute it and/or
7  *      modify it under the terms of the GNU General Public License
8  *      as published by the Free Software Foundation; either version
9  *      2 of the License, or (at your option) any later version.
10  *
11  */
12
13 #include <linux/capability.h>
14 #include <linux/module.h>
15 #include <linux/types.h>
16 #include <linux/kernel.h>
17 #include <asm/uaccess.h>
18 #include <linux/skbuff.h>
19 #include <linux/netdevice.h>
20 #include <linux/in.h>
21 #include <linux/tcp.h>
22 #include <linux/udp.h>
23 #include <linux/if_arp.h>
24 #include <linux/mroute.h>
25 #include <linux/init.h>
26 #include <linux/in6.h>
27 #include <linux/inetdevice.h>
28 #include <linux/igmp.h>
29 #include <linux/netfilter_ipv4.h>
30 #include <linux/etherdevice.h>
31 #include <linux/if_ether.h>
32
33 #include <net/sock.h>
34 #include <net/ip.h>
35 #include <net/icmp.h>
36 #include <net/protocol.h>
37 #include <net/ipip.h>
38 #include <net/arp.h>
39 #include <net/checksum.h>
40 #include <net/dsfield.h>
41 #include <net/inet_ecn.h>
42 #include <net/xfrm.h>
43 #include <net/net_namespace.h>
44 #include <net/netns/generic.h>
45 #include <net/rtnetlink.h>
46
47 #ifdef CONFIG_IPV6
48 #include <net/ipv6.h>
49 #include <net/ip6_fib.h>
50 #include <net/ip6_route.h>
51 #endif
52
53 /*
54    Problems & solutions
55    --------------------
56
57    1. The most important issue is detecting local dead loops.
58    They would cause complete host lockup in transmit, which
59    would be "resolved" by stack overflow or, if queueing is enabled,
60    with infinite looping in net_bh.
61
62    We cannot track such dead loops during route installation,
63    it is infeasible task. The most general solutions would be
64    to keep skb->encapsulation counter (sort of local ttl),
65    and silently drop packet when it expires. It is the best
66    solution, but it supposes maintaing new variable in ALL
67    skb, even if no tunneling is used.
68
69    Current solution: t->recursion lock breaks dead loops. It looks
70    like dev->tbusy flag, but I preferred new variable, because
71    the semantics is different. One day, when hard_start_xmit
72    will be multithreaded we will have to use skb->encapsulation.
73
74
75
76    2. Networking dead loops would not kill routers, but would really
77    kill network. IP hop limit plays role of "t->recursion" in this case,
78    if we copy it from packet being encapsulated to upper header.
79    It is very good solution, but it introduces two problems:
80
81    - Routing protocols, using packets with ttl=1 (OSPF, RIP2),
82      do not work over tunnels.
83    - traceroute does not work. I planned to relay ICMP from tunnel,
84      so that this problem would be solved and traceroute output
85      would even more informative. This idea appeared to be wrong:
86      only Linux complies to rfc1812 now (yes, guys, Linux is the only
87      true router now :-)), all routers (at least, in neighbourhood of mine)
88      return only 8 bytes of payload. It is the end.
89
90    Hence, if we want that OSPF worked or traceroute said something reasonable,
91    we should search for another solution.
92
93    One of them is to parse packet trying to detect inner encapsulation
94    made by our node. It is difficult or even impossible, especially,
95    taking into account fragmentation. TO be short, tt is not solution at all.
96
97    Current solution: The solution was UNEXPECTEDLY SIMPLE.
98    We force DF flag on tunnels with preconfigured hop limit,
99    that is ALL. :-) Well, it does not remove the problem completely,
100    but exponential growth of network traffic is changed to linear
101    (branches, that exceed pmtu are pruned) and tunnel mtu
102    fastly degrades to value <68, where looping stops.
103    Yes, it is not good if there exists a router in the loop,
104    which does not force DF, even when encapsulating packets have DF set.
105    But it is not our problem! Nobody could accuse us, we made
106    all that we could make. Even if it is your gated who injected
107    fatal route to network, even if it were you who configured
108    fatal static route: you are innocent. :-)
109
110
111
112    3. Really, ipv4/ipip.c, ipv4/ip_gre.c and ipv6/sit.c contain
113    practically identical code. It would be good to glue them
114    together, but it is not very evident, how to make them modular.
115    sit is integral part of IPv6, ipip and gre are naturally modular.
116    We could extract common parts (hash table, ioctl etc)
117    to a separate module (ip_tunnel.c).
118
119    Alexey Kuznetsov.
120  */
121
122 static struct rtnl_link_ops ipgre_link_ops __read_mostly;
123 static int ipgre_tunnel_init(struct net_device *dev);
124 static void ipgre_tunnel_setup(struct net_device *dev);
125 static int ipgre_tunnel_bind_dev(struct net_device *dev);
126
127 /* Fallback tunnel: no source, no destination, no key, no options */
128
129 #define HASH_SIZE  16
130
131 static int ipgre_net_id;
132 struct ipgre_net {
133         struct ip_tunnel *tunnels[4][HASH_SIZE];
134
135         struct net_device *fb_tunnel_dev;
136 };
137
138 /* Tunnel hash table */
139
140 /*
141    4 hash tables:
142
143    3: (remote,local)
144    2: (remote,*)
145    1: (*,local)
146    0: (*,*)
147
148    We require exact key match i.e. if a key is present in packet
149    it will match only tunnel with the same key; if it is not present,
150    it will match only keyless tunnel.
151
152    All keysless packets, if not matched configured keyless tunnels
153    will match fallback tunnel.
154  */
155
156 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
157
158 #define tunnels_r_l     tunnels[3]
159 #define tunnels_r       tunnels[2]
160 #define tunnels_l       tunnels[1]
161 #define tunnels_wc      tunnels[0]
162
163 static DEFINE_RWLOCK(ipgre_lock);
164
165 /* Given src, dst and key, find appropriate for input tunnel. */
166
167 static struct ip_tunnel * ipgre_tunnel_lookup(struct net_device *dev,
168                                               __be32 remote, __be32 local,
169                                               __be32 key, __be16 gre_proto)
170 {
171         struct net *net = dev_net(dev);
172         int link = dev->ifindex;
173         unsigned h0 = HASH(remote);
174         unsigned h1 = HASH(key);
175         struct ip_tunnel *t, *cand = NULL;
176         struct ipgre_net *ign = net_generic(net, ipgre_net_id);
177         int dev_type = (gre_proto == htons(ETH_P_TEB)) ?
178                        ARPHRD_ETHER : ARPHRD_IPGRE;
179         int score, cand_score = 4;
180
181         for (t = ign->tunnels_r_l[h0^h1]; t; t = t->next) {
182                 if (local != t->parms.iph.saddr ||
183                     remote != t->parms.iph.daddr ||
184                     key != t->parms.i_key ||
185                     !(t->dev->flags & IFF_UP))
186                         continue;
187
188                 if (t->dev->type != ARPHRD_IPGRE &&
189                     t->dev->type != dev_type)
190                         continue;
191
192                 score = 0;
193                 if (t->parms.link != link)
194                         score |= 1;
195                 if (t->dev->type != dev_type)
196                         score |= 2;
197                 if (score == 0)
198                         return t;
199
200                 if (score < cand_score) {
201                         cand = t;
202                         cand_score = score;
203                 }
204         }
205
206         for (t = ign->tunnels_r[h0^h1]; t; t = t->next) {
207                 if (remote != t->parms.iph.daddr ||
208                     key != t->parms.i_key ||
209                     !(t->dev->flags & IFF_UP))
210                         continue;
211
212                 if (t->dev->type != ARPHRD_IPGRE &&
213                     t->dev->type != dev_type)
214                         continue;
215
216                 score = 0;
217                 if (t->parms.link != link)
218                         score |= 1;
219                 if (t->dev->type != dev_type)
220                         score |= 2;
221                 if (score == 0)
222                         return t;
223
224                 if (score < cand_score) {
225                         cand = t;
226                         cand_score = score;
227                 }
228         }
229
230         for (t = ign->tunnels_l[h1]; t; t = t->next) {
231                 if ((local != t->parms.iph.saddr &&
232                      (local != t->parms.iph.daddr ||
233                       !ipv4_is_multicast(local))) ||
234                     key != t->parms.i_key ||
235                     !(t->dev->flags & IFF_UP))
236                         continue;
237
238                 if (t->dev->type != ARPHRD_IPGRE &&
239                     t->dev->type != dev_type)
240                         continue;
241
242                 score = 0;
243                 if (t->parms.link != link)
244                         score |= 1;
245                 if (t->dev->type != dev_type)
246                         score |= 2;
247                 if (score == 0)
248                         return t;
249
250                 if (score < cand_score) {
251                         cand = t;
252                         cand_score = score;
253                 }
254         }
255
256         for (t = ign->tunnels_wc[h1]; t; t = t->next) {
257                 if (t->parms.i_key != key ||
258                     !(t->dev->flags & IFF_UP))
259                         continue;
260
261                 if (t->dev->type != ARPHRD_IPGRE &&
262                     t->dev->type != dev_type)
263                         continue;
264
265                 score = 0;
266                 if (t->parms.link != link)
267                         score |= 1;
268                 if (t->dev->type != dev_type)
269                         score |= 2;
270                 if (score == 0)
271                         return t;
272
273                 if (score < cand_score) {
274                         cand = t;
275                         cand_score = score;
276                 }
277         }
278
279         if (cand != NULL)
280                 return cand;
281
282         if (ign->fb_tunnel_dev->flags & IFF_UP)
283                 return netdev_priv(ign->fb_tunnel_dev);
284
285         return NULL;
286 }
287
288 static struct ip_tunnel **__ipgre_bucket(struct ipgre_net *ign,
289                 struct ip_tunnel_parm *parms)
290 {
291         __be32 remote = parms->iph.daddr;
292         __be32 local = parms->iph.saddr;
293         __be32 key = parms->i_key;
294         unsigned h = HASH(key);
295         int prio = 0;
296
297         if (local)
298                 prio |= 1;
299         if (remote && !ipv4_is_multicast(remote)) {
300                 prio |= 2;
301                 h ^= HASH(remote);
302         }
303
304         return &ign->tunnels[prio][h];
305 }
306
307 static inline struct ip_tunnel **ipgre_bucket(struct ipgre_net *ign,
308                 struct ip_tunnel *t)
309 {
310         return __ipgre_bucket(ign, &t->parms);
311 }
312
313 static void ipgre_tunnel_link(struct ipgre_net *ign, struct ip_tunnel *t)
314 {
315         struct ip_tunnel **tp = ipgre_bucket(ign, t);
316
317         t->next = *tp;
318         write_lock_bh(&ipgre_lock);
319         *tp = t;
320         write_unlock_bh(&ipgre_lock);
321 }
322
323 static void ipgre_tunnel_unlink(struct ipgre_net *ign, struct ip_tunnel *t)
324 {
325         struct ip_tunnel **tp;
326
327         for (tp = ipgre_bucket(ign, t); *tp; tp = &(*tp)->next) {
328                 if (t == *tp) {
329                         write_lock_bh(&ipgre_lock);
330                         *tp = t->next;
331                         write_unlock_bh(&ipgre_lock);
332                         break;
333                 }
334         }
335 }
336
337 static struct ip_tunnel *ipgre_tunnel_find(struct net *net,
338                                            struct ip_tunnel_parm *parms,
339                                            int type)
340 {
341         __be32 remote = parms->iph.daddr;
342         __be32 local = parms->iph.saddr;
343         __be32 key = parms->i_key;
344         int link = parms->link;
345         struct ip_tunnel *t, **tp;
346         struct ipgre_net *ign = net_generic(net, ipgre_net_id);
347
348         for (tp = __ipgre_bucket(ign, parms); (t = *tp) != NULL; tp = &t->next)
349                 if (local == t->parms.iph.saddr &&
350                     remote == t->parms.iph.daddr &&
351                     key == t->parms.i_key &&
352                     link == t->parms.link &&
353                     type == t->dev->type)
354                         break;
355
356         return t;
357 }
358
359 static struct ip_tunnel * ipgre_tunnel_locate(struct net *net,
360                 struct ip_tunnel_parm *parms, int create)
361 {
362         struct ip_tunnel *t, *nt;
363         struct net_device *dev;
364         char name[IFNAMSIZ];
365         struct ipgre_net *ign = net_generic(net, ipgre_net_id);
366
367         t = ipgre_tunnel_find(net, parms, ARPHRD_IPGRE);
368         if (t || !create)
369                 return t;
370
371         if (parms->name[0])
372                 strlcpy(name, parms->name, IFNAMSIZ);
373         else
374                 sprintf(name, "gre%%d");
375
376         dev = alloc_netdev(sizeof(*t), name, ipgre_tunnel_setup);
377         if (!dev)
378           return NULL;
379
380         dev_net_set(dev, net);
381
382         if (strchr(name, '%')) {
383                 if (dev_alloc_name(dev, name) < 0)
384                         goto failed_free;
385         }
386
387         nt = netdev_priv(dev);
388         nt->parms = *parms;
389         dev->rtnl_link_ops = &ipgre_link_ops;
390
391         dev->mtu = ipgre_tunnel_bind_dev(dev);
392
393         if (register_netdevice(dev) < 0)
394                 goto failed_free;
395
396         dev_hold(dev);
397         ipgre_tunnel_link(ign, nt);
398         return nt;
399
400 failed_free:
401         free_netdev(dev);
402         return NULL;
403 }
404
405 static void ipgre_tunnel_uninit(struct net_device *dev)
406 {
407         struct net *net = dev_net(dev);
408         struct ipgre_net *ign = net_generic(net, ipgre_net_id);
409
410         ipgre_tunnel_unlink(ign, netdev_priv(dev));
411         dev_put(dev);
412 }
413
414
415 static void ipgre_err(struct sk_buff *skb, u32 info)
416 {
417
418 /* All the routers (except for Linux) return only
419    8 bytes of packet payload. It means, that precise relaying of
420    ICMP in the real Internet is absolutely infeasible.
421
422    Moreover, Cisco "wise men" put GRE key to the third word
423    in GRE header. It makes impossible maintaining even soft state for keyed
424    GRE tunnels with enabled checksum. Tell them "thank you".
425
426    Well, I wonder, rfc1812 was written by Cisco employee,
427    what the hell these idiots break standrads established
428    by themself???
429  */
430
431         struct iphdr *iph = (struct iphdr *)skb->data;
432         __be16       *p = (__be16*)(skb->data+(iph->ihl<<2));
433         int grehlen = (iph->ihl<<2) + 4;
434         const int type = icmp_hdr(skb)->type;
435         const int code = icmp_hdr(skb)->code;
436         struct ip_tunnel *t;
437         __be16 flags;
438
439         flags = p[0];
440         if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) {
441                 if (flags&(GRE_VERSION|GRE_ROUTING))
442                         return;
443                 if (flags&GRE_KEY) {
444                         grehlen += 4;
445                         if (flags&GRE_CSUM)
446                                 grehlen += 4;
447                 }
448         }
449
450         /* If only 8 bytes returned, keyed message will be dropped here */
451         if (skb_headlen(skb) < grehlen)
452                 return;
453
454         switch (type) {
455         default:
456         case ICMP_PARAMETERPROB:
457                 return;
458
459         case ICMP_DEST_UNREACH:
460                 switch (code) {
461                 case ICMP_SR_FAILED:
462                 case ICMP_PORT_UNREACH:
463                         /* Impossible event. */
464                         return;
465                 case ICMP_FRAG_NEEDED:
466                         /* Soft state for pmtu is maintained by IP core. */
467                         return;
468                 default:
469                         /* All others are translated to HOST_UNREACH.
470                            rfc2003 contains "deep thoughts" about NET_UNREACH,
471                            I believe they are just ether pollution. --ANK
472                          */
473                         break;
474                 }
475                 break;
476         case ICMP_TIME_EXCEEDED:
477                 if (code != ICMP_EXC_TTL)
478                         return;
479                 break;
480         }
481
482         read_lock(&ipgre_lock);
483         t = ipgre_tunnel_lookup(skb->dev, iph->daddr, iph->saddr,
484                                 flags & GRE_KEY ?
485                                 *(((__be32 *)p) + (grehlen / 4) - 1) : 0,
486                                 p[1]);
487         if (t == NULL || t->parms.iph.daddr == 0 ||
488             ipv4_is_multicast(t->parms.iph.daddr))
489                 goto out;
490
491         if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
492                 goto out;
493
494         if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
495                 t->err_count++;
496         else
497                 t->err_count = 1;
498         t->err_time = jiffies;
499 out:
500         read_unlock(&ipgre_lock);
501         return;
502 }
503
504 static inline void ipgre_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb)
505 {
506         if (INET_ECN_is_ce(iph->tos)) {
507                 if (skb->protocol == htons(ETH_P_IP)) {
508                         IP_ECN_set_ce(ip_hdr(skb));
509                 } else if (skb->protocol == htons(ETH_P_IPV6)) {
510                         IP6_ECN_set_ce(ipv6_hdr(skb));
511                 }
512         }
513 }
514
515 static inline u8
516 ipgre_ecn_encapsulate(u8 tos, struct iphdr *old_iph, struct sk_buff *skb)
517 {
518         u8 inner = 0;
519         if (skb->protocol == htons(ETH_P_IP))
520                 inner = old_iph->tos;
521         else if (skb->protocol == htons(ETH_P_IPV6))
522                 inner = ipv6_get_dsfield((struct ipv6hdr *)old_iph);
523         return INET_ECN_encapsulate(tos, inner);
524 }
525
526 static int ipgre_rcv(struct sk_buff *skb)
527 {
528         struct iphdr *iph;
529         u8     *h;
530         __be16    flags;
531         __sum16   csum = 0;
532         __be32 key = 0;
533         u32    seqno = 0;
534         struct ip_tunnel *tunnel;
535         int    offset = 4;
536         __be16 gre_proto;
537         unsigned int len;
538
539         if (!pskb_may_pull(skb, 16))
540                 goto drop_nolock;
541
542         iph = ip_hdr(skb);
543         h = skb->data;
544         flags = *(__be16*)h;
545
546         if (flags&(GRE_CSUM|GRE_KEY|GRE_ROUTING|GRE_SEQ|GRE_VERSION)) {
547                 /* - Version must be 0.
548                    - We do not support routing headers.
549                  */
550                 if (flags&(GRE_VERSION|GRE_ROUTING))
551                         goto drop_nolock;
552
553                 if (flags&GRE_CSUM) {
554                         switch (skb->ip_summed) {
555                         case CHECKSUM_COMPLETE:
556                                 csum = csum_fold(skb->csum);
557                                 if (!csum)
558                                         break;
559                                 /* fall through */
560                         case CHECKSUM_NONE:
561                                 skb->csum = 0;
562                                 csum = __skb_checksum_complete(skb);
563                                 skb->ip_summed = CHECKSUM_COMPLETE;
564                         }
565                         offset += 4;
566                 }
567                 if (flags&GRE_KEY) {
568                         key = *(__be32*)(h + offset);
569                         offset += 4;
570                 }
571                 if (flags&GRE_SEQ) {
572                         seqno = ntohl(*(__be32*)(h + offset));
573                         offset += 4;
574                 }
575         }
576
577         gre_proto = *(__be16 *)(h + 2);
578
579         read_lock(&ipgre_lock);
580         if ((tunnel = ipgre_tunnel_lookup(skb->dev,
581                                           iph->saddr, iph->daddr, key,
582                                           gre_proto))) {
583                 struct net_device_stats *stats = &tunnel->dev->stats;
584
585                 secpath_reset(skb);
586
587                 skb->protocol = gre_proto;
588                 /* WCCP version 1 and 2 protocol decoding.
589                  * - Change protocol to IP
590                  * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header
591                  */
592                 if (flags == 0 && gre_proto == htons(ETH_P_WCCP)) {
593                         skb->protocol = htons(ETH_P_IP);
594                         if ((*(h + offset) & 0xF0) != 0x40)
595                                 offset += 4;
596                 }
597
598                 skb->mac_header = skb->network_header;
599                 __pskb_pull(skb, offset);
600                 skb_postpull_rcsum(skb, skb_transport_header(skb), offset);
601                 skb->pkt_type = PACKET_HOST;
602 #ifdef CONFIG_NET_IPGRE_BROADCAST
603                 if (ipv4_is_multicast(iph->daddr)) {
604                         /* Looped back packet, drop it! */
605                         if (skb->rtable->fl.iif == 0)
606                                 goto drop;
607                         stats->multicast++;
608                         skb->pkt_type = PACKET_BROADCAST;
609                 }
610 #endif
611
612                 if (((flags&GRE_CSUM) && csum) ||
613                     (!(flags&GRE_CSUM) && tunnel->parms.i_flags&GRE_CSUM)) {
614                         stats->rx_crc_errors++;
615                         stats->rx_errors++;
616                         goto drop;
617                 }
618                 if (tunnel->parms.i_flags&GRE_SEQ) {
619                         if (!(flags&GRE_SEQ) ||
620                             (tunnel->i_seqno && (s32)(seqno - tunnel->i_seqno) < 0)) {
621                                 stats->rx_fifo_errors++;
622                                 stats->rx_errors++;
623                                 goto drop;
624                         }
625                         tunnel->i_seqno = seqno + 1;
626                 }
627
628                 len = skb->len;
629
630                 /* Warning: All skb pointers will be invalidated! */
631                 if (tunnel->dev->type == ARPHRD_ETHER) {
632                         if (!pskb_may_pull(skb, ETH_HLEN)) {
633                                 stats->rx_length_errors++;
634                                 stats->rx_errors++;
635                                 goto drop;
636                         }
637
638                         iph = ip_hdr(skb);
639                         skb->protocol = eth_type_trans(skb, tunnel->dev);
640                         skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
641                 }
642
643                 stats->rx_packets++;
644                 stats->rx_bytes += len;
645                 skb->dev = tunnel->dev;
646                 dst_release(skb->dst);
647                 skb->dst = NULL;
648                 nf_reset(skb);
649
650                 skb_reset_network_header(skb);
651                 ipgre_ecn_decapsulate(iph, skb);
652
653                 netif_rx(skb);
654                 read_unlock(&ipgre_lock);
655                 return(0);
656         }
657         icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
658
659 drop:
660         read_unlock(&ipgre_lock);
661 drop_nolock:
662         kfree_skb(skb);
663         return(0);
664 }
665
666 static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
667 {
668         struct ip_tunnel *tunnel = netdev_priv(dev);
669         struct net_device_stats *stats = &tunnel->dev->stats;
670         struct iphdr  *old_iph = ip_hdr(skb);
671         struct iphdr  *tiph;
672         u8     tos;
673         __be16 df;
674         struct rtable *rt;                      /* Route to the other host */
675         struct net_device *tdev;                        /* Device to other host */
676         struct iphdr  *iph;                     /* Our new IP header */
677         unsigned int max_headroom;              /* The extra header space needed */
678         int    gre_hlen;
679         __be32 dst;
680         int    mtu;
681
682         if (tunnel->recursion++) {
683                 stats->collisions++;
684                 goto tx_error;
685         }
686
687         if (dev->type == ARPHRD_ETHER)
688                 IPCB(skb)->flags = 0;
689
690         if (dev->header_ops && dev->type == ARPHRD_IPGRE) {
691                 gre_hlen = 0;
692                 tiph = (struct iphdr *)skb->data;
693         } else {
694                 gre_hlen = tunnel->hlen;
695                 tiph = &tunnel->parms.iph;
696         }
697
698         if ((dst = tiph->daddr) == 0) {
699                 /* NBMA tunnel */
700
701                 if (skb->dst == NULL) {
702                         stats->tx_fifo_errors++;
703                         goto tx_error;
704                 }
705
706                 if (skb->protocol == htons(ETH_P_IP)) {
707                         rt = skb->rtable;
708                         if ((dst = rt->rt_gateway) == 0)
709                                 goto tx_error_icmp;
710                 }
711 #ifdef CONFIG_IPV6
712                 else if (skb->protocol == htons(ETH_P_IPV6)) {
713                         struct in6_addr *addr6;
714                         int addr_type;
715                         struct neighbour *neigh = skb->dst->neighbour;
716
717                         if (neigh == NULL)
718                                 goto tx_error;
719
720                         addr6 = (struct in6_addr *)&neigh->primary_key;
721                         addr_type = ipv6_addr_type(addr6);
722
723                         if (addr_type == IPV6_ADDR_ANY) {
724                                 addr6 = &ipv6_hdr(skb)->daddr;
725                                 addr_type = ipv6_addr_type(addr6);
726                         }
727
728                         if ((addr_type & IPV6_ADDR_COMPATv4) == 0)
729                                 goto tx_error_icmp;
730
731                         dst = addr6->s6_addr32[3];
732                 }
733 #endif
734                 else
735                         goto tx_error;
736         }
737
738         tos = tiph->tos;
739         if (tos&1) {
740                 if (skb->protocol == htons(ETH_P_IP))
741                         tos = old_iph->tos;
742                 tos &= ~1;
743         }
744
745         {
746                 struct flowi fl = { .oif = tunnel->parms.link,
747                                     .nl_u = { .ip4_u =
748                                               { .daddr = dst,
749                                                 .saddr = tiph->saddr,
750                                                 .tos = RT_TOS(tos) } },
751                                     .proto = IPPROTO_GRE };
752                 if (ip_route_output_key(dev_net(dev), &rt, &fl)) {
753                         stats->tx_carrier_errors++;
754                         goto tx_error;
755                 }
756         }
757         tdev = rt->u.dst.dev;
758
759         if (tdev == dev) {
760                 ip_rt_put(rt);
761                 stats->collisions++;
762                 goto tx_error;
763         }
764
765         df = tiph->frag_off;
766         if (df)
767                 mtu = dst_mtu(&rt->u.dst) - dev->hard_header_len - tunnel->hlen;
768         else
769                 mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu;
770
771         if (skb->dst)
772                 skb->dst->ops->update_pmtu(skb->dst, mtu);
773
774         if (skb->protocol == htons(ETH_P_IP)) {
775                 df |= (old_iph->frag_off&htons(IP_DF));
776
777                 if ((old_iph->frag_off&htons(IP_DF)) &&
778                     mtu < ntohs(old_iph->tot_len)) {
779                         icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
780                         ip_rt_put(rt);
781                         goto tx_error;
782                 }
783         }
784 #ifdef CONFIG_IPV6
785         else if (skb->protocol == htons(ETH_P_IPV6)) {
786                 struct rt6_info *rt6 = (struct rt6_info *)skb->dst;
787
788                 if (rt6 && mtu < dst_mtu(skb->dst) && mtu >= IPV6_MIN_MTU) {
789                         if ((tunnel->parms.iph.daddr &&
790                              !ipv4_is_multicast(tunnel->parms.iph.daddr)) ||
791                             rt6->rt6i_dst.plen == 128) {
792                                 rt6->rt6i_flags |= RTF_MODIFIED;
793                                 skb->dst->metrics[RTAX_MTU-1] = mtu;
794                         }
795                 }
796
797                 if (mtu >= IPV6_MIN_MTU && mtu < skb->len - tunnel->hlen + gre_hlen) {
798                         icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, dev);
799                         ip_rt_put(rt);
800                         goto tx_error;
801                 }
802         }
803 #endif
804
805         if (tunnel->err_count > 0) {
806                 if (time_before(jiffies,
807                                 tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
808                         tunnel->err_count--;
809
810                         dst_link_failure(skb);
811                 } else
812                         tunnel->err_count = 0;
813         }
814
815         max_headroom = LL_RESERVED_SPACE(tdev) + gre_hlen;
816
817         if (skb_headroom(skb) < max_headroom || skb_shared(skb)||
818             (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
819                 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
820                 if (!new_skb) {
821                         ip_rt_put(rt);
822                         stats->tx_dropped++;
823                         dev_kfree_skb(skb);
824                         tunnel->recursion--;
825                         return 0;
826                 }
827                 if (skb->sk)
828                         skb_set_owner_w(new_skb, skb->sk);
829                 dev_kfree_skb(skb);
830                 skb = new_skb;
831                 old_iph = ip_hdr(skb);
832         }
833
834         skb_reset_transport_header(skb);
835         skb_push(skb, gre_hlen);
836         skb_reset_network_header(skb);
837         memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
838         IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
839                               IPSKB_REROUTED);
840         dst_release(skb->dst);
841         skb->dst = &rt->u.dst;
842
843         /*
844          *      Push down and install the IPIP header.
845          */
846
847         iph                     =       ip_hdr(skb);
848         iph->version            =       4;
849         iph->ihl                =       sizeof(struct iphdr) >> 2;
850         iph->frag_off           =       df;
851         iph->protocol           =       IPPROTO_GRE;
852         iph->tos                =       ipgre_ecn_encapsulate(tos, old_iph, skb);
853         iph->daddr              =       rt->rt_dst;
854         iph->saddr              =       rt->rt_src;
855
856         if ((iph->ttl = tiph->ttl) == 0) {
857                 if (skb->protocol == htons(ETH_P_IP))
858                         iph->ttl = old_iph->ttl;
859 #ifdef CONFIG_IPV6
860                 else if (skb->protocol == htons(ETH_P_IPV6))
861                         iph->ttl = ((struct ipv6hdr *)old_iph)->hop_limit;
862 #endif
863                 else
864                         iph->ttl = dst_metric(&rt->u.dst, RTAX_HOPLIMIT);
865         }
866
867         ((__be16 *)(iph + 1))[0] = tunnel->parms.o_flags;
868         ((__be16 *)(iph + 1))[1] = (dev->type == ARPHRD_ETHER) ?
869                                    htons(ETH_P_TEB) : skb->protocol;
870
871         if (tunnel->parms.o_flags&(GRE_KEY|GRE_CSUM|GRE_SEQ)) {
872                 __be32 *ptr = (__be32*)(((u8*)iph) + tunnel->hlen - 4);
873
874                 if (tunnel->parms.o_flags&GRE_SEQ) {
875                         ++tunnel->o_seqno;
876                         *ptr = htonl(tunnel->o_seqno);
877                         ptr--;
878                 }
879                 if (tunnel->parms.o_flags&GRE_KEY) {
880                         *ptr = tunnel->parms.o_key;
881                         ptr--;
882                 }
883                 if (tunnel->parms.o_flags&GRE_CSUM) {
884                         *ptr = 0;
885                         *(__sum16*)ptr = ip_compute_csum((void*)(iph+1), skb->len - sizeof(struct iphdr));
886                 }
887         }
888
889         nf_reset(skb);
890
891         IPTUNNEL_XMIT();
892         tunnel->recursion--;
893         return 0;
894
895 tx_error_icmp:
896         dst_link_failure(skb);
897
898 tx_error:
899         stats->tx_errors++;
900         dev_kfree_skb(skb);
901         tunnel->recursion--;
902         return 0;
903 }
904
905 static int ipgre_tunnel_bind_dev(struct net_device *dev)
906 {
907         struct net_device *tdev = NULL;
908         struct ip_tunnel *tunnel;
909         struct iphdr *iph;
910         int hlen = LL_MAX_HEADER;
911         int mtu = ETH_DATA_LEN;
912         int addend = sizeof(struct iphdr) + 4;
913
914         tunnel = netdev_priv(dev);
915         iph = &tunnel->parms.iph;
916
917         /* Guess output device to choose reasonable mtu and needed_headroom */
918
919         if (iph->daddr) {
920                 struct flowi fl = { .oif = tunnel->parms.link,
921                                     .nl_u = { .ip4_u =
922                                               { .daddr = iph->daddr,
923                                                 .saddr = iph->saddr,
924                                                 .tos = RT_TOS(iph->tos) } },
925                                     .proto = IPPROTO_GRE };
926                 struct rtable *rt;
927                 if (!ip_route_output_key(dev_net(dev), &rt, &fl)) {
928                         tdev = rt->u.dst.dev;
929                         ip_rt_put(rt);
930                 }
931
932                 if (dev->type != ARPHRD_ETHER)
933                         dev->flags |= IFF_POINTOPOINT;
934         }
935
936         if (!tdev && tunnel->parms.link)
937                 tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link);
938
939         if (tdev) {
940                 hlen = tdev->hard_header_len + tdev->needed_headroom;
941                 mtu = tdev->mtu;
942         }
943         dev->iflink = tunnel->parms.link;
944
945         /* Precalculate GRE options length */
946         if (tunnel->parms.o_flags&(GRE_CSUM|GRE_KEY|GRE_SEQ)) {
947                 if (tunnel->parms.o_flags&GRE_CSUM)
948                         addend += 4;
949                 if (tunnel->parms.o_flags&GRE_KEY)
950                         addend += 4;
951                 if (tunnel->parms.o_flags&GRE_SEQ)
952                         addend += 4;
953         }
954         dev->needed_headroom = addend + hlen;
955         mtu -= dev->hard_header_len - addend;
956
957         if (mtu < 68)
958                 mtu = 68;
959
960         tunnel->hlen = addend;
961
962         return mtu;
963 }
964
965 static int
966 ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
967 {
968         int err = 0;
969         struct ip_tunnel_parm p;
970         struct ip_tunnel *t;
971         struct net *net = dev_net(dev);
972         struct ipgre_net *ign = net_generic(net, ipgre_net_id);
973
974         switch (cmd) {
975         case SIOCGETTUNNEL:
976                 t = NULL;
977                 if (dev == ign->fb_tunnel_dev) {
978                         if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
979                                 err = -EFAULT;
980                                 break;
981                         }
982                         t = ipgre_tunnel_locate(net, &p, 0);
983                 }
984                 if (t == NULL)
985                         t = netdev_priv(dev);
986                 memcpy(&p, &t->parms, sizeof(p));
987                 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
988                         err = -EFAULT;
989                 break;
990
991         case SIOCADDTUNNEL:
992         case SIOCCHGTUNNEL:
993                 err = -EPERM;
994                 if (!capable(CAP_NET_ADMIN))
995                         goto done;
996
997                 err = -EFAULT;
998                 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
999                         goto done;
1000
1001                 err = -EINVAL;
1002                 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_GRE ||
1003                     p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)) ||
1004                     ((p.i_flags|p.o_flags)&(GRE_VERSION|GRE_ROUTING)))
1005                         goto done;
1006                 if (p.iph.ttl)
1007                         p.iph.frag_off |= htons(IP_DF);
1008
1009                 if (!(p.i_flags&GRE_KEY))
1010                         p.i_key = 0;
1011                 if (!(p.o_flags&GRE_KEY))
1012                         p.o_key = 0;
1013
1014                 t = ipgre_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL);
1015
1016                 if (dev != ign->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
1017                         if (t != NULL) {
1018                                 if (t->dev != dev) {
1019                                         err = -EEXIST;
1020                                         break;
1021                                 }
1022                         } else {
1023                                 unsigned nflags = 0;
1024
1025                                 t = netdev_priv(dev);
1026
1027                                 if (ipv4_is_multicast(p.iph.daddr))
1028                                         nflags = IFF_BROADCAST;
1029                                 else if (p.iph.daddr)
1030                                         nflags = IFF_POINTOPOINT;
1031
1032                                 if ((dev->flags^nflags)&(IFF_POINTOPOINT|IFF_BROADCAST)) {
1033                                         err = -EINVAL;
1034                                         break;
1035                                 }
1036                                 ipgre_tunnel_unlink(ign, t);
1037                                 t->parms.iph.saddr = p.iph.saddr;
1038                                 t->parms.iph.daddr = p.iph.daddr;
1039                                 t->parms.i_key = p.i_key;
1040                                 t->parms.o_key = p.o_key;
1041                                 memcpy(dev->dev_addr, &p.iph.saddr, 4);
1042                                 memcpy(dev->broadcast, &p.iph.daddr, 4);
1043                                 ipgre_tunnel_link(ign, t);
1044                                 netdev_state_change(dev);
1045                         }
1046                 }
1047
1048                 if (t) {
1049                         err = 0;
1050                         if (cmd == SIOCCHGTUNNEL) {
1051                                 t->parms.iph.ttl = p.iph.ttl;
1052                                 t->parms.iph.tos = p.iph.tos;
1053                                 t->parms.iph.frag_off = p.iph.frag_off;
1054                                 if (t->parms.link != p.link) {
1055                                         t->parms.link = p.link;
1056                                         dev->mtu = ipgre_tunnel_bind_dev(dev);
1057                                         netdev_state_change(dev);
1058                                 }
1059                         }
1060                         if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
1061                                 err = -EFAULT;
1062                 } else
1063                         err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
1064                 break;
1065
1066         case SIOCDELTUNNEL:
1067                 err = -EPERM;
1068                 if (!capable(CAP_NET_ADMIN))
1069                         goto done;
1070
1071                 if (dev == ign->fb_tunnel_dev) {
1072                         err = -EFAULT;
1073                         if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
1074                                 goto done;
1075                         err = -ENOENT;
1076                         if ((t = ipgre_tunnel_locate(net, &p, 0)) == NULL)
1077                                 goto done;
1078                         err = -EPERM;
1079                         if (t == netdev_priv(ign->fb_tunnel_dev))
1080                                 goto done;
1081                         dev = t->dev;
1082                 }
1083                 unregister_netdevice(dev);
1084                 err = 0;
1085                 break;
1086
1087         default:
1088                 err = -EINVAL;
1089         }
1090
1091 done:
1092         return err;
1093 }
1094
1095 static int ipgre_tunnel_change_mtu(struct net_device *dev, int new_mtu)
1096 {
1097         struct ip_tunnel *tunnel = netdev_priv(dev);
1098         if (new_mtu < 68 ||
1099             new_mtu > 0xFFF8 - dev->hard_header_len - tunnel->hlen)
1100                 return -EINVAL;
1101         dev->mtu = new_mtu;
1102         return 0;
1103 }
1104
1105 /* Nice toy. Unfortunately, useless in real life :-)
1106    It allows to construct virtual multiprotocol broadcast "LAN"
1107    over the Internet, provided multicast routing is tuned.
1108
1109
1110    I have no idea was this bicycle invented before me,
1111    so that I had to set ARPHRD_IPGRE to a random value.
1112    I have an impression, that Cisco could make something similar,
1113    but this feature is apparently missing in IOS<=11.2(8).
1114
1115    I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks
1116    with broadcast 224.66.66.66. If you have access to mbone, play with me :-)
1117
1118    ping -t 255 224.66.66.66
1119
1120    If nobody answers, mbone does not work.
1121
1122    ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255
1123    ip addr add 10.66.66.<somewhat>/24 dev Universe
1124    ifconfig Universe up
1125    ifconfig Universe add fe80::<Your_real_addr>/10
1126    ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96
1127    ftp 10.66.66.66
1128    ...
1129    ftp fec0:6666:6666::193.233.7.65
1130    ...
1131
1132  */
1133
1134 static int ipgre_header(struct sk_buff *skb, struct net_device *dev,
1135                         unsigned short type,
1136                         const void *daddr, const void *saddr, unsigned len)
1137 {
1138         struct ip_tunnel *t = netdev_priv(dev);
1139         struct iphdr *iph = (struct iphdr *)skb_push(skb, t->hlen);
1140         __be16 *p = (__be16*)(iph+1);
1141
1142         memcpy(iph, &t->parms.iph, sizeof(struct iphdr));
1143         p[0]            = t->parms.o_flags;
1144         p[1]            = htons(type);
1145
1146         /*
1147          *      Set the source hardware address.
1148          */
1149
1150         if (saddr)
1151                 memcpy(&iph->saddr, saddr, 4);
1152
1153         if (daddr) {
1154                 memcpy(&iph->daddr, daddr, 4);
1155                 return t->hlen;
1156         }
1157         if (iph->daddr && !ipv4_is_multicast(iph->daddr))
1158                 return t->hlen;
1159
1160         return -t->hlen;
1161 }
1162
1163 static int ipgre_header_parse(const struct sk_buff *skb, unsigned char *haddr)
1164 {
1165         struct iphdr *iph = (struct iphdr *) skb_mac_header(skb);
1166         memcpy(haddr, &iph->saddr, 4);
1167         return 4;
1168 }
1169
1170 static const struct header_ops ipgre_header_ops = {
1171         .create = ipgre_header,
1172         .parse  = ipgre_header_parse,
1173 };
1174
1175 #ifdef CONFIG_NET_IPGRE_BROADCAST
1176 static int ipgre_open(struct net_device *dev)
1177 {
1178         struct ip_tunnel *t = netdev_priv(dev);
1179
1180         if (ipv4_is_multicast(t->parms.iph.daddr)) {
1181                 struct flowi fl = { .oif = t->parms.link,
1182                                     .nl_u = { .ip4_u =
1183                                               { .daddr = t->parms.iph.daddr,
1184                                                 .saddr = t->parms.iph.saddr,
1185                                                 .tos = RT_TOS(t->parms.iph.tos) } },
1186                                     .proto = IPPROTO_GRE };
1187                 struct rtable *rt;
1188                 if (ip_route_output_key(dev_net(dev), &rt, &fl))
1189                         return -EADDRNOTAVAIL;
1190                 dev = rt->u.dst.dev;
1191                 ip_rt_put(rt);
1192                 if (__in_dev_get_rtnl(dev) == NULL)
1193                         return -EADDRNOTAVAIL;
1194                 t->mlink = dev->ifindex;
1195                 ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr);
1196         }
1197         return 0;
1198 }
1199
1200 static int ipgre_close(struct net_device *dev)
1201 {
1202         struct ip_tunnel *t = netdev_priv(dev);
1203
1204         if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) {
1205                 struct in_device *in_dev;
1206                 in_dev = inetdev_by_index(dev_net(dev), t->mlink);
1207                 if (in_dev) {
1208                         ip_mc_dec_group(in_dev, t->parms.iph.daddr);
1209                         in_dev_put(in_dev);
1210                 }
1211         }
1212         return 0;
1213 }
1214
1215 #endif
1216
1217 static const struct net_device_ops ipgre_netdev_ops = {
1218         .ndo_init               = ipgre_tunnel_init,
1219         .ndo_uninit             = ipgre_tunnel_uninit,
1220 #ifdef CONFIG_NET_IPGRE_BROADCAST
1221         .ndo_open               = ipgre_open,
1222         .ndo_stop               = ipgre_close,
1223 #endif
1224         .ndo_start_xmit         = ipgre_tunnel_xmit,
1225         .ndo_do_ioctl           = ipgre_tunnel_ioctl,
1226         .ndo_change_mtu         = ipgre_tunnel_change_mtu,
1227 };
1228
1229 static void ipgre_tunnel_setup(struct net_device *dev)
1230 {
1231         dev->netdev_ops         = &ipgre_netdev_ops;
1232         dev->destructor         = free_netdev;
1233
1234         dev->type               = ARPHRD_IPGRE;
1235         dev->needed_headroom    = LL_MAX_HEADER + sizeof(struct iphdr) + 4;
1236         dev->mtu                = ETH_DATA_LEN - sizeof(struct iphdr) - 4;
1237         dev->flags              = IFF_NOARP;
1238         dev->iflink             = 0;
1239         dev->addr_len           = 4;
1240         dev->features           |= NETIF_F_NETNS_LOCAL;
1241 }
1242
1243 static int ipgre_tunnel_init(struct net_device *dev)
1244 {
1245         struct ip_tunnel *tunnel;
1246         struct iphdr *iph;
1247
1248         tunnel = netdev_priv(dev);
1249         iph = &tunnel->parms.iph;
1250
1251         tunnel->dev = dev;
1252         strcpy(tunnel->parms.name, dev->name);
1253
1254         memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
1255         memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
1256
1257         if (iph->daddr) {
1258 #ifdef CONFIG_NET_IPGRE_BROADCAST
1259                 if (ipv4_is_multicast(iph->daddr)) {
1260                         if (!iph->saddr)
1261                                 return -EINVAL;
1262                         dev->flags = IFF_BROADCAST;
1263                         dev->header_ops = &ipgre_header_ops;
1264                 }
1265 #endif
1266         } else
1267                 dev->header_ops = &ipgre_header_ops;
1268
1269         return 0;
1270 }
1271
1272 static void ipgre_fb_tunnel_init(struct net_device *dev)
1273 {
1274         struct ip_tunnel *tunnel = netdev_priv(dev);
1275         struct iphdr *iph = &tunnel->parms.iph;
1276         struct ipgre_net *ign = net_generic(dev_net(dev), ipgre_net_id);
1277
1278         tunnel->dev = dev;
1279         strcpy(tunnel->parms.name, dev->name);
1280
1281         iph->version            = 4;
1282         iph->protocol           = IPPROTO_GRE;
1283         iph->ihl                = 5;
1284         tunnel->hlen            = sizeof(struct iphdr) + 4;
1285
1286         dev_hold(dev);
1287         ign->tunnels_wc[0]      = tunnel;
1288 }
1289
1290
1291 static struct net_protocol ipgre_protocol = {
1292         .handler        =       ipgre_rcv,
1293         .err_handler    =       ipgre_err,
1294         .netns_ok       =       1,
1295 };
1296
1297 static void ipgre_destroy_tunnels(struct ipgre_net *ign)
1298 {
1299         int prio;
1300
1301         for (prio = 0; prio < 4; prio++) {
1302                 int h;
1303                 for (h = 0; h < HASH_SIZE; h++) {
1304                         struct ip_tunnel *t;
1305                         while ((t = ign->tunnels[prio][h]) != NULL)
1306                                 unregister_netdevice(t->dev);
1307                 }
1308         }
1309 }
1310
1311 static int ipgre_init_net(struct net *net)
1312 {
1313         int err;
1314         struct ipgre_net *ign;
1315
1316         err = -ENOMEM;
1317         ign = kzalloc(sizeof(struct ipgre_net), GFP_KERNEL);
1318         if (ign == NULL)
1319                 goto err_alloc;
1320
1321         err = net_assign_generic(net, ipgre_net_id, ign);
1322         if (err < 0)
1323                 goto err_assign;
1324
1325         ign->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0",
1326                                            ipgre_tunnel_setup);
1327         if (!ign->fb_tunnel_dev) {
1328                 err = -ENOMEM;
1329                 goto err_alloc_dev;
1330         }
1331         dev_net_set(ign->fb_tunnel_dev, net);
1332
1333         ipgre_fb_tunnel_init(ign->fb_tunnel_dev);
1334         ign->fb_tunnel_dev->rtnl_link_ops = &ipgre_link_ops;
1335
1336         if ((err = register_netdev(ign->fb_tunnel_dev)))
1337                 goto err_reg_dev;
1338
1339         return 0;
1340
1341 err_reg_dev:
1342         free_netdev(ign->fb_tunnel_dev);
1343 err_alloc_dev:
1344         /* nothing */
1345 err_assign:
1346         kfree(ign);
1347 err_alloc:
1348         return err;
1349 }
1350
1351 static void ipgre_exit_net(struct net *net)
1352 {
1353         struct ipgre_net *ign;
1354
1355         ign = net_generic(net, ipgre_net_id);
1356         rtnl_lock();
1357         ipgre_destroy_tunnels(ign);
1358         rtnl_unlock();
1359         kfree(ign);
1360 }
1361
1362 static struct pernet_operations ipgre_net_ops = {
1363         .init = ipgre_init_net,
1364         .exit = ipgre_exit_net,
1365 };
1366
1367 static int ipgre_tunnel_validate(struct nlattr *tb[], struct nlattr *data[])
1368 {
1369         __be16 flags;
1370
1371         if (!data)
1372                 return 0;
1373
1374         flags = 0;
1375         if (data[IFLA_GRE_IFLAGS])
1376                 flags |= nla_get_be16(data[IFLA_GRE_IFLAGS]);
1377         if (data[IFLA_GRE_OFLAGS])
1378                 flags |= nla_get_be16(data[IFLA_GRE_OFLAGS]);
1379         if (flags & (GRE_VERSION|GRE_ROUTING))
1380                 return -EINVAL;
1381
1382         return 0;
1383 }
1384
1385 static int ipgre_tap_validate(struct nlattr *tb[], struct nlattr *data[])
1386 {
1387         __be32 daddr;
1388
1389         if (tb[IFLA_ADDRESS]) {
1390                 if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN)
1391                         return -EINVAL;
1392                 if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS])))
1393                         return -EADDRNOTAVAIL;
1394         }
1395
1396         if (!data)
1397                 goto out;
1398
1399         if (data[IFLA_GRE_REMOTE]) {
1400                 memcpy(&daddr, nla_data(data[IFLA_GRE_REMOTE]), 4);
1401                 if (!daddr)
1402                         return -EINVAL;
1403         }
1404
1405 out:
1406         return ipgre_tunnel_validate(tb, data);
1407 }
1408
1409 static void ipgre_netlink_parms(struct nlattr *data[],
1410                                 struct ip_tunnel_parm *parms)
1411 {
1412         memset(parms, 0, sizeof(*parms));
1413
1414         parms->iph.protocol = IPPROTO_GRE;
1415
1416         if (!data)
1417                 return;
1418
1419         if (data[IFLA_GRE_LINK])
1420                 parms->link = nla_get_u32(data[IFLA_GRE_LINK]);
1421
1422         if (data[IFLA_GRE_IFLAGS])
1423                 parms->i_flags = nla_get_be16(data[IFLA_GRE_IFLAGS]);
1424
1425         if (data[IFLA_GRE_OFLAGS])
1426                 parms->o_flags = nla_get_be16(data[IFLA_GRE_OFLAGS]);
1427
1428         if (data[IFLA_GRE_IKEY])
1429                 parms->i_key = nla_get_be32(data[IFLA_GRE_IKEY]);
1430
1431         if (data[IFLA_GRE_OKEY])
1432                 parms->o_key = nla_get_be32(data[IFLA_GRE_OKEY]);
1433
1434         if (data[IFLA_GRE_LOCAL])
1435                 parms->iph.saddr = nla_get_be32(data[IFLA_GRE_LOCAL]);
1436
1437         if (data[IFLA_GRE_REMOTE])
1438                 parms->iph.daddr = nla_get_be32(data[IFLA_GRE_REMOTE]);
1439
1440         if (data[IFLA_GRE_TTL])
1441                 parms->iph.ttl = nla_get_u8(data[IFLA_GRE_TTL]);
1442
1443         if (data[IFLA_GRE_TOS])
1444                 parms->iph.tos = nla_get_u8(data[IFLA_GRE_TOS]);
1445
1446         if (!data[IFLA_GRE_PMTUDISC] || nla_get_u8(data[IFLA_GRE_PMTUDISC]))
1447                 parms->iph.frag_off = htons(IP_DF);
1448 }
1449
1450 static int ipgre_tap_init(struct net_device *dev)
1451 {
1452         struct ip_tunnel *tunnel;
1453
1454         tunnel = netdev_priv(dev);
1455
1456         tunnel->dev = dev;
1457         strcpy(tunnel->parms.name, dev->name);
1458
1459         ipgre_tunnel_bind_dev(dev);
1460
1461         return 0;
1462 }
1463
1464 static const struct net_device_ops ipgre_tap_netdev_ops = {
1465         .ndo_init               = ipgre_tap_init,
1466         .ndo_uninit             = ipgre_tunnel_uninit,
1467         .ndo_start_xmit         = ipgre_tunnel_xmit,
1468         .ndo_set_mac_address    = eth_mac_addr,
1469         .ndo_validate_addr      = eth_validate_addr,
1470         .ndo_change_mtu         = ipgre_tunnel_change_mtu,
1471 };
1472
1473 static void ipgre_tap_setup(struct net_device *dev)
1474 {
1475
1476         ether_setup(dev);
1477
1478         dev->netdev_ops         = &ipgre_netdev_ops;
1479         dev->destructor         = free_netdev;
1480
1481         dev->iflink             = 0;
1482         dev->features           |= NETIF_F_NETNS_LOCAL;
1483 }
1484
1485 static int ipgre_newlink(struct net_device *dev, struct nlattr *tb[],
1486                          struct nlattr *data[])
1487 {
1488         struct ip_tunnel *nt;
1489         struct net *net = dev_net(dev);
1490         struct ipgre_net *ign = net_generic(net, ipgre_net_id);
1491         int mtu;
1492         int err;
1493
1494         nt = netdev_priv(dev);
1495         ipgre_netlink_parms(data, &nt->parms);
1496
1497         if (ipgre_tunnel_find(net, &nt->parms, dev->type))
1498                 return -EEXIST;
1499
1500         if (dev->type == ARPHRD_ETHER && !tb[IFLA_ADDRESS])
1501                 random_ether_addr(dev->dev_addr);
1502
1503         mtu = ipgre_tunnel_bind_dev(dev);
1504         if (!tb[IFLA_MTU])
1505                 dev->mtu = mtu;
1506
1507         err = register_netdevice(dev);
1508         if (err)
1509                 goto out;
1510
1511         dev_hold(dev);
1512         ipgre_tunnel_link(ign, nt);
1513
1514 out:
1515         return err;
1516 }
1517
1518 static int ipgre_changelink(struct net_device *dev, struct nlattr *tb[],
1519                             struct nlattr *data[])
1520 {
1521         struct ip_tunnel *t, *nt;
1522         struct net *net = dev_net(dev);
1523         struct ipgre_net *ign = net_generic(net, ipgre_net_id);
1524         struct ip_tunnel_parm p;
1525         int mtu;
1526
1527         if (dev == ign->fb_tunnel_dev)
1528                 return -EINVAL;
1529
1530         nt = netdev_priv(dev);
1531         ipgre_netlink_parms(data, &p);
1532
1533         t = ipgre_tunnel_locate(net, &p, 0);
1534
1535         if (t) {
1536                 if (t->dev != dev)
1537                         return -EEXIST;
1538         } else {
1539                 unsigned nflags = 0;
1540
1541                 t = nt;
1542
1543                 if (ipv4_is_multicast(p.iph.daddr))
1544                         nflags = IFF_BROADCAST;
1545                 else if (p.iph.daddr)
1546                         nflags = IFF_POINTOPOINT;
1547
1548                 if ((dev->flags ^ nflags) &
1549                     (IFF_POINTOPOINT | IFF_BROADCAST))
1550                         return -EINVAL;
1551
1552                 ipgre_tunnel_unlink(ign, t);
1553                 t->parms.iph.saddr = p.iph.saddr;
1554                 t->parms.iph.daddr = p.iph.daddr;
1555                 t->parms.i_key = p.i_key;
1556                 memcpy(dev->dev_addr, &p.iph.saddr, 4);
1557                 memcpy(dev->broadcast, &p.iph.daddr, 4);
1558                 ipgre_tunnel_link(ign, t);
1559                 netdev_state_change(dev);
1560         }
1561
1562         t->parms.o_key = p.o_key;
1563         t->parms.iph.ttl = p.iph.ttl;
1564         t->parms.iph.tos = p.iph.tos;
1565         t->parms.iph.frag_off = p.iph.frag_off;
1566
1567         if (t->parms.link != p.link) {
1568                 t->parms.link = p.link;
1569                 mtu = ipgre_tunnel_bind_dev(dev);
1570                 if (!tb[IFLA_MTU])
1571                         dev->mtu = mtu;
1572                 netdev_state_change(dev);
1573         }
1574
1575         return 0;
1576 }
1577
1578 static size_t ipgre_get_size(const struct net_device *dev)
1579 {
1580         return
1581                 /* IFLA_GRE_LINK */
1582                 nla_total_size(4) +
1583                 /* IFLA_GRE_IFLAGS */
1584                 nla_total_size(2) +
1585                 /* IFLA_GRE_OFLAGS */
1586                 nla_total_size(2) +
1587                 /* IFLA_GRE_IKEY */
1588                 nla_total_size(4) +
1589                 /* IFLA_GRE_OKEY */
1590                 nla_total_size(4) +
1591                 /* IFLA_GRE_LOCAL */
1592                 nla_total_size(4) +
1593                 /* IFLA_GRE_REMOTE */
1594                 nla_total_size(4) +
1595                 /* IFLA_GRE_TTL */
1596                 nla_total_size(1) +
1597                 /* IFLA_GRE_TOS */
1598                 nla_total_size(1) +
1599                 /* IFLA_GRE_PMTUDISC */
1600                 nla_total_size(1) +
1601                 0;
1602 }
1603
1604 static int ipgre_fill_info(struct sk_buff *skb, const struct net_device *dev)
1605 {
1606         struct ip_tunnel *t = netdev_priv(dev);
1607         struct ip_tunnel_parm *p = &t->parms;
1608
1609         NLA_PUT_U32(skb, IFLA_GRE_LINK, p->link);
1610         NLA_PUT_BE16(skb, IFLA_GRE_IFLAGS, p->i_flags);
1611         NLA_PUT_BE16(skb, IFLA_GRE_OFLAGS, p->o_flags);
1612         NLA_PUT_BE32(skb, IFLA_GRE_IKEY, p->i_key);
1613         NLA_PUT_BE32(skb, IFLA_GRE_OKEY, p->o_key);
1614         NLA_PUT_BE32(skb, IFLA_GRE_LOCAL, p->iph.saddr);
1615         NLA_PUT_BE32(skb, IFLA_GRE_REMOTE, p->iph.daddr);
1616         NLA_PUT_U8(skb, IFLA_GRE_TTL, p->iph.ttl);
1617         NLA_PUT_U8(skb, IFLA_GRE_TOS, p->iph.tos);
1618         NLA_PUT_U8(skb, IFLA_GRE_PMTUDISC, !!(p->iph.frag_off & htons(IP_DF)));
1619
1620         return 0;
1621
1622 nla_put_failure:
1623         return -EMSGSIZE;
1624 }
1625
1626 static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
1627         [IFLA_GRE_LINK]         = { .type = NLA_U32 },
1628         [IFLA_GRE_IFLAGS]       = { .type = NLA_U16 },
1629         [IFLA_GRE_OFLAGS]       = { .type = NLA_U16 },
1630         [IFLA_GRE_IKEY]         = { .type = NLA_U32 },
1631         [IFLA_GRE_OKEY]         = { .type = NLA_U32 },
1632         [IFLA_GRE_LOCAL]        = { .len = FIELD_SIZEOF(struct iphdr, saddr) },
1633         [IFLA_GRE_REMOTE]       = { .len = FIELD_SIZEOF(struct iphdr, daddr) },
1634         [IFLA_GRE_TTL]          = { .type = NLA_U8 },
1635         [IFLA_GRE_TOS]          = { .type = NLA_U8 },
1636         [IFLA_GRE_PMTUDISC]     = { .type = NLA_U8 },
1637 };
1638
1639 static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
1640         .kind           = "gre",
1641         .maxtype        = IFLA_GRE_MAX,
1642         .policy         = ipgre_policy,
1643         .priv_size      = sizeof(struct ip_tunnel),
1644         .setup          = ipgre_tunnel_setup,
1645         .validate       = ipgre_tunnel_validate,
1646         .newlink        = ipgre_newlink,
1647         .changelink     = ipgre_changelink,
1648         .get_size       = ipgre_get_size,
1649         .fill_info      = ipgre_fill_info,
1650 };
1651
1652 static struct rtnl_link_ops ipgre_tap_ops __read_mostly = {
1653         .kind           = "gretap",
1654         .maxtype        = IFLA_GRE_MAX,
1655         .policy         = ipgre_policy,
1656         .priv_size      = sizeof(struct ip_tunnel),
1657         .setup          = ipgre_tap_setup,
1658         .validate       = ipgre_tap_validate,
1659         .newlink        = ipgre_newlink,
1660         .changelink     = ipgre_changelink,
1661         .get_size       = ipgre_get_size,
1662         .fill_info      = ipgre_fill_info,
1663 };
1664
1665 /*
1666  *      And now the modules code and kernel interface.
1667  */
1668
1669 static int __init ipgre_init(void)
1670 {
1671         int err;
1672
1673         printk(KERN_INFO "GRE over IPv4 tunneling driver\n");
1674
1675         if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
1676                 printk(KERN_INFO "ipgre init: can't add protocol\n");
1677                 return -EAGAIN;
1678         }
1679
1680         err = register_pernet_gen_device(&ipgre_net_id, &ipgre_net_ops);
1681         if (err < 0)
1682                 goto gen_device_failed;
1683
1684         err = rtnl_link_register(&ipgre_link_ops);
1685         if (err < 0)
1686                 goto rtnl_link_failed;
1687
1688         err = rtnl_link_register(&ipgre_tap_ops);
1689         if (err < 0)
1690                 goto tap_ops_failed;
1691
1692 out:
1693         return err;
1694
1695 tap_ops_failed:
1696         rtnl_link_unregister(&ipgre_link_ops);
1697 rtnl_link_failed:
1698         unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
1699 gen_device_failed:
1700         inet_del_protocol(&ipgre_protocol, IPPROTO_GRE);
1701         goto out;
1702 }
1703
1704 static void __exit ipgre_fini(void)
1705 {
1706         rtnl_link_unregister(&ipgre_tap_ops);
1707         rtnl_link_unregister(&ipgre_link_ops);
1708         unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
1709         if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0)
1710                 printk(KERN_INFO "ipgre close: can't remove protocol\n");
1711 }
1712
1713 module_init(ipgre_init);
1714 module_exit(ipgre_fini);
1715 MODULE_LICENSE("GPL");
1716 MODULE_ALIAS_RTNL_LINK("gre");
1717 MODULE_ALIAS_RTNL_LINK("gretap");