search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'renesas-boards-for-v3.13' of git://git.kernel.org/pub/scm/linux/kernel...
[linux-2.6.git] / net / ipv4 / ip_vti.c
blobe805e7b3030e3dad2f8fd83d140f0bb7f100d69c
1 /*
2 * Linux NET3: IP/IP protocol decoder modified to support
3 * virtual tunnel interface
4 *
5 * Authors:
6 * Saurabh Mohan (saurabh.mohan@vyatta.com) 05/07/2012
7 *
8 * This program is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU General Public License
10 * as published by the Free Software Foundation; either version
11 * 2 of the License, or (at your option) any later version.
12 *
13 */
14
15 /*
16 This version of net/ipv4/ip_vti.c is cloned of net/ipv4/ipip.c
17
18 For comments look at net/ipv4/ip_gre.c --ANK
19 */
20
21
22 #include <linux/capability.h>
23 #include <linux/module.h>
24 #include <linux/types.h>
25 #include <linux/kernel.h>
26 #include <linux/uaccess.h>
27 #include <linux/skbuff.h>
28 #include <linux/netdevice.h>
29 #include <linux/in.h>
30 #include <linux/tcp.h>
31 #include <linux/udp.h>
32 #include <linux/if_arp.h>
33 #include <linux/mroute.h>
34 #include <linux/init.h>
35 #include <linux/netfilter_ipv4.h>
36 #include <linux/if_ether.h>
37
38 #include <net/sock.h>
39 #include <net/ip.h>
40 #include <net/icmp.h>
41 #include <net/ip_tunnels.h>
42 #include <net/inet_ecn.h>
43 #include <net/xfrm.h>
44 #include <net/net_namespace.h>
45 #include <net/netns/generic.h>
46
47 static struct rtnl_link_ops vti_link_ops __read_mostly;
48
49 static int vti_net_id __read_mostly;
50 static int vti_tunnel_init(struct net_device *dev);
51
52 static int vti_err(struct sk_buff *skb, u32 info)
53 {
54
55 /* All the routers (except for Linux) return only
56 * 8 bytes of packet payload. It means, that precise relaying of
57 * ICMP in the real Internet is absolutely infeasible.
58 */
59 struct net *net = dev_net(skb->dev);
60 struct ip_tunnel_net *itn = net_generic(net, vti_net_id);
61 struct iphdr *iph = (struct iphdr *)skb->data;
62 const int type = icmp_hdr(skb)->type;
63 const int code = icmp_hdr(skb)->code;
64 struct ip_tunnel *t;
65 int err;
66
67 switch (type) {
68 default:
69 case ICMP_PARAMETERPROB:
70 return 0;
71
72 case ICMP_DEST_UNREACH:
73 switch (code) {
74 case ICMP_SR_FAILED:
75 case ICMP_PORT_UNREACH:
76 /* Impossible event. */
77 return 0;
78 default:
79 /* All others are translated to HOST_UNREACH. */
80 break;
81 }
82 break;
83 case ICMP_TIME_EXCEEDED:
84 if (code != ICMP_EXC_TTL)
85 return 0;
86 break;
87 }
88
89 err = -ENOENT;
90
91 t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
92 iph->daddr, iph->saddr, 0);
93 if (t == NULL)
94 goto out;
95
96 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
97 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
98 t->parms.link, 0, IPPROTO_IPIP, 0);
99 err = 0;
100 goto out;
101 }
102
103 err = 0;
104 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
105 goto out;
106
107 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
108 t->err_count++;
109 else
110 t->err_count = 1;
111 t->err_time = jiffies;
112 out:
113 return err;
114 }
115
116 /* We dont digest the packet therefore let the packet pass */
117 static int vti_rcv(struct sk_buff *skb)
118 {
119 struct ip_tunnel *tunnel;
120 const struct iphdr *iph = ip_hdr(skb);
121 struct net *net = dev_net(skb->dev);
122 struct ip_tunnel_net *itn = net_generic(net, vti_net_id);
123
124 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
125 iph->saddr, iph->daddr, 0);
126 if (tunnel != NULL) {
127 struct pcpu_tstats *tstats;
128
129 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
130 return -1;
131
132 tstats = this_cpu_ptr(tunnel->dev->tstats);
133 u64_stats_update_begin(&tstats->syncp);
134 tstats->rx_packets++;
135 tstats->rx_bytes += skb->len;
136 u64_stats_update_end(&tstats->syncp);
137
138 skb->mark = 0;
139 secpath_reset(skb);
140 skb->dev = tunnel->dev;
141 return 1;
142 }
143
144 return -1;
145 }
146
147 /* This function assumes it is being called from dev_queue_xmit()
148 * and that skb is filled properly by that function.
149 */
150
151 static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
152 {
153 struct ip_tunnel *tunnel = netdev_priv(dev);
154 struct iphdr *tiph = &tunnel->parms.iph;
155 u8 tos;
156 struct rtable *rt; /* Route to the other host */
157 struct net_device *tdev; /* Device to other host */
158 struct iphdr *old_iph = ip_hdr(skb);
159 __be32 dst = tiph->daddr;
160 struct flowi4 fl4;
161 int err;
162
163 if (skb->protocol != htons(ETH_P_IP))
164 goto tx_error;
165
166 tos = old_iph->tos;
167
168 memset(&fl4, 0, sizeof(fl4));
169 flowi4_init_output(&fl4, tunnel->parms.link,
170 be32_to_cpu(tunnel->parms.i_key), RT_TOS(tos),
171 RT_SCOPE_UNIVERSE,
172 IPPROTO_IPIP, 0,
173 dst, tiph->saddr, 0, 0);
174 rt = ip_route_output_key(dev_net(dev), &fl4);
175 if (IS_ERR(rt)) {
176 dev->stats.tx_carrier_errors++;
177 goto tx_error_icmp;
178 }
179 /* if there is no transform then this tunnel is not functional.
180 * Or if the xfrm is not mode tunnel.
181 */
182 if (!rt->dst.xfrm ||
183 rt->dst.xfrm->props.mode != XFRM_MODE_TUNNEL) {
184 dev->stats.tx_carrier_errors++;
185 goto tx_error_icmp;
186 }
187 tdev = rt->dst.dev;
188
189 if (tdev == dev) {
190 ip_rt_put(rt);
191 dev->stats.collisions++;
192 goto tx_error;
193 }
194
195 if (tunnel->err_count > 0) {
196 if (time_before(jiffies,
197 tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
198 tunnel->err_count--;
199 dst_link_failure(skb);
200 } else
201 tunnel->err_count = 0;
202 }
203
204 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
205 skb_dst_drop(skb);
206 skb_dst_set(skb, &rt->dst);
207 nf_reset(skb);
208 skb->dev = skb_dst(skb)->dev;
209
210 err = dst_output(skb);
211 if (net_xmit_eval(err) == 0)
212 err = skb->len;
213 iptunnel_xmit_stats(err, &dev->stats, dev->tstats);
214 return NETDEV_TX_OK;
215
216 tx_error_icmp:
217 dst_link_failure(skb);
218 tx_error:
219 dev->stats.tx_errors++;
220 dev_kfree_skb(skb);
221 return NETDEV_TX_OK;
222 }
223
224 static int
225 vti_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
226 {
227 int err = 0;
228 struct ip_tunnel_parm p;
229
230 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
231 return -EFAULT;
232
233 if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
234 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
235 p.iph.ihl != 5)
236 return -EINVAL;
237 }
238
239 err = ip_tunnel_ioctl(dev, &p, cmd);
240 if (err)
241 return err;
242
243 if (cmd != SIOCDELTUNNEL) {
244 p.i_flags |= GRE_KEY | VTI_ISVTI;
245 p.o_flags |= GRE_KEY;
246 }
247
248 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
249 return -EFAULT;
250 return 0;
251 }
252
253 static const struct net_device_ops vti_netdev_ops = {
254 .ndo_init = vti_tunnel_init,
255 .ndo_uninit = ip_tunnel_uninit,
256 .ndo_start_xmit = vti_tunnel_xmit,
257 .ndo_do_ioctl = vti_tunnel_ioctl,
258 .ndo_change_mtu = ip_tunnel_change_mtu,
259 .ndo_get_stats64 = ip_tunnel_get_stats64,
260 };
261
262 static void vti_tunnel_setup(struct net_device *dev)
263 {
264 dev->netdev_ops = &vti_netdev_ops;
265 ip_tunnel_setup(dev, vti_net_id);
266 }
267
268 static int vti_tunnel_init(struct net_device *dev)
269 {
270 struct ip_tunnel *tunnel = netdev_priv(dev);
271 struct iphdr *iph = &tunnel->parms.iph;
272
273 memcpy(dev->dev_addr, &iph->saddr, 4);
274 memcpy(dev->broadcast, &iph->daddr, 4);
275
276 dev->type = ARPHRD_TUNNEL;
277 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr);
278 dev->mtu = ETH_DATA_LEN;
279 dev->flags = IFF_NOARP;
280 dev->iflink = 0;
281 dev->addr_len = 4;
282 dev->features |= NETIF_F_NETNS_LOCAL;
283 dev->features |= NETIF_F_LLTX;
284 dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
285
286 return ip_tunnel_init(dev);
287 }
288
289 static void __net_init vti_fb_tunnel_init(struct net_device *dev)
290 {
291 struct ip_tunnel *tunnel = netdev_priv(dev);
292 struct iphdr *iph = &tunnel->parms.iph;
293
294 iph->version = 4;
295 iph->protocol = IPPROTO_IPIP;
296 iph->ihl = 5;
297 }
298
299 static struct xfrm_tunnel vti_handler __read_mostly = {
300 .handler = vti_rcv,
301 .err_handler = vti_err,
302 .priority = 1,
303 };
304
305 static int __net_init vti_init_net(struct net *net)
306 {
307 int err;
308 struct ip_tunnel_net *itn;
309
310 err = ip_tunnel_init_net(net, vti_net_id, &vti_link_ops, "ip_vti0");
311 if (err)
312 return err;
313 itn = net_generic(net, vti_net_id);
314 vti_fb_tunnel_init(itn->fb_tunnel_dev);
315 return 0;
316 }
317
318 static void __net_exit vti_exit_net(struct net *net)
319 {
320 struct ip_tunnel_net *itn = net_generic(net, vti_net_id);
321 ip_tunnel_delete_net(itn, &vti_link_ops);
322 }
323
324 static struct pernet_operations vti_net_ops = {
325 .init = vti_init_net,
326 .exit = vti_exit_net,
327 .id = &vti_net_id,
328 .size = sizeof(struct ip_tunnel_net),
329 };
330
331 static int vti_tunnel_validate(struct nlattr *tb[], struct nlattr *data[])
332 {
333 return 0;
334 }
335
336 static void vti_netlink_parms(struct nlattr *data[],
337 struct ip_tunnel_parm *parms)
338 {
339 memset(parms, 0, sizeof(*parms));
340
341 parms->iph.protocol = IPPROTO_IPIP;
342
343 if (!data)
344 return;
345
346 if (data[IFLA_VTI_LINK])
347 parms->link = nla_get_u32(data[IFLA_VTI_LINK]);
348
349 if (data[IFLA_VTI_IKEY])
350 parms->i_key = nla_get_be32(data[IFLA_VTI_IKEY]);
351
352 if (data[IFLA_VTI_OKEY])
353 parms->o_key = nla_get_be32(data[IFLA_VTI_OKEY]);
354
355 if (data[IFLA_VTI_LOCAL])
356 parms->iph.saddr = nla_get_be32(data[IFLA_VTI_LOCAL]);
357
358 if (data[IFLA_VTI_REMOTE])
359 parms->iph.daddr = nla_get_be32(data[IFLA_VTI_REMOTE]);
360
361 }
362
363 static int vti_newlink(struct net *src_net, struct net_device *dev,
364 struct nlattr *tb[], struct nlattr *data[])
365 {
366 struct ip_tunnel_parm parms;
367
368 vti_netlink_parms(data, &parms);
369 return ip_tunnel_newlink(dev, tb, &parms);
370 }
371
372 static int vti_changelink(struct net_device *dev, struct nlattr *tb[],
373 struct nlattr *data[])
374 {
375 struct ip_tunnel_parm p;
376
377 vti_netlink_parms(data, &p);
378 return ip_tunnel_changelink(dev, tb, &p);
379 }
380
381 static size_t vti_get_size(const struct net_device *dev)
382 {
383 return
384 /* IFLA_VTI_LINK */
385 nla_total_size(4) +
386 /* IFLA_VTI_IKEY */
387 nla_total_size(4) +
388 /* IFLA_VTI_OKEY */
389 nla_total_size(4) +
390 /* IFLA_VTI_LOCAL */
391 nla_total_size(4) +
392 /* IFLA_VTI_REMOTE */
393 nla_total_size(4) +
394 0;
395 }
396
397 static int vti_fill_info(struct sk_buff *skb, const struct net_device *dev)
398 {
399 struct ip_tunnel *t = netdev_priv(dev);
400 struct ip_tunnel_parm *p = &t->parms;
401
402 nla_put_u32(skb, IFLA_VTI_LINK, p->link);
403 nla_put_be32(skb, IFLA_VTI_IKEY, p->i_key);
404 nla_put_be32(skb, IFLA_VTI_OKEY, p->o_key);
405 nla_put_be32(skb, IFLA_VTI_LOCAL, p->iph.saddr);
406 nla_put_be32(skb, IFLA_VTI_REMOTE, p->iph.daddr);
407
408 return 0;
409 }
410
411 static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = {
412 [IFLA_VTI_LINK] = { .type = NLA_U32 },
413 [IFLA_VTI_IKEY] = { .type = NLA_U32 },
414 [IFLA_VTI_OKEY] = { .type = NLA_U32 },
415 [IFLA_VTI_LOCAL] = { .len = FIELD_SIZEOF(struct iphdr, saddr) },
416 [IFLA_VTI_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) },
417 };
418
419 static struct rtnl_link_ops vti_link_ops __read_mostly = {
420 .kind = "vti",
421 .maxtype = IFLA_VTI_MAX,
422 .policy = vti_policy,
423 .priv_size = sizeof(struct ip_tunnel),
424 .setup = vti_tunnel_setup,
425 .validate = vti_tunnel_validate,
426 .newlink = vti_newlink,
427 .changelink = vti_changelink,
428 .get_size = vti_get_size,
429 .fill_info = vti_fill_info,
430 };
431
432 static int __init vti_init(void)
433 {
434 int err;
435
436 pr_info("IPv4 over IPSec tunneling driver\n");
437
438 err = register_pernet_device(&vti_net_ops);
439 if (err < 0)
440 return err;
441 err = xfrm4_mode_tunnel_input_register(&vti_handler);
442 if (err < 0) {
443 unregister_pernet_device(&vti_net_ops);
444 pr_info("vti init: can't register tunnel\n");
445 }
446
447 err = rtnl_link_register(&vti_link_ops);
448 if (err < 0)
449 goto rtnl_link_failed;
450
451 return err;
452
453 rtnl_link_failed:
454 xfrm4_mode_tunnel_input_deregister(&vti_handler);
455 unregister_pernet_device(&vti_net_ops);
456 return err;
457 }
458
459 static void __exit vti_fini(void)
460 {
461 rtnl_link_unregister(&vti_link_ops);
462 if (xfrm4_mode_tunnel_input_deregister(&vti_handler))
463 pr_info("vti close: can't deregister tunnel\n");
464
465 unregister_pernet_device(&vti_net_ops);
466 }
467
468 module_init(vti_init);
469 module_exit(vti_fini);
470 MODULE_LICENSE("GPL");
471 MODULE_ALIAS_RTNL_LINK("vti");
472 MODULE_ALIAS_NETDEV("ip_vti0");
Linus' kernel tree