2 * Linux NET3: GRE over IP protocol decoder.
4 * Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15 #include <linux/capability.h>
16 #include <linux/module.h>
17 #include <linux/types.h>
18 #include <linux/kernel.h>
19 #include <linux/slab.h>
20 #include <asm/uaccess.h>
21 #include <linux/skbuff.h>
22 #include <linux/netdevice.h>
24 #include <linux/tcp.h>
25 #include <linux/udp.h>
26 #include <linux/if_arp.h>
27 #include <linux/if_vlan.h>
28 #include <linux/init.h>
29 #include <linux/in6.h>
30 #include <linux/inetdevice.h>
31 #include <linux/igmp.h>
32 #include <linux/netfilter_ipv4.h>
33 #include <linux/etherdevice.h>
34 #include <linux/if_ether.h>
39 #include <net/protocol.h>
40 #include <net/ip_tunnels.h>
42 #include <net/checksum.h>
43 #include <net/dsfield.h>
44 #include <net/inet_ecn.h>
46 #include <net/net_namespace.h>
47 #include <net/netns/generic.h>
48 #include <net/rtnetlink.h>
50 #include <net/dst_metadata.h>
52 #if IS_ENABLED(CONFIG_IPV6)
54 #include <net/ip6_fib.h>
55 #include <net/ip6_route.h>
62 1. The most important issue is detecting local dead loops.
63 They would cause complete host lockup in transmit, which
64 would be "resolved" by stack overflow or, if queueing is enabled,
65 with infinite looping in net_bh.
67 We cannot track such dead loops during route installation,
68 it is infeasible task. The most general solutions would be
69 to keep skb->encapsulation counter (sort of local ttl),
70 and silently drop packet when it expires. It is a good
71 solution, but it supposes maintaining new variable in ALL
72 skb, even if no tunneling is used.
74 Current solution: xmit_recursion breaks dead loops. This is a percpu
75 counter, since when we enter the first ndo_xmit(), cpu migration is
76 forbidden. We force an exit if this counter reaches RECURSION_LIMIT
78 2. Networking dead loops would not kill routers, but would really
79 kill network. IP hop limit plays role of "t->recursion" in this case,
80 if we copy it from packet being encapsulated to upper header.
81 It is very good solution, but it introduces two problems:
83 - Routing protocols, using packets with ttl=1 (OSPF, RIP2),
84 do not work over tunnels.
85 - traceroute does not work. I planned to relay ICMP from tunnel,
86 so that this problem would be solved and traceroute output
87 would even more informative. This idea appeared to be wrong:
88 only Linux complies to rfc1812 now (yes, guys, Linux is the only
89 true router now :-)), all routers (at least, in neighbourhood of mine)
90 return only 8 bytes of payload. It is the end.
92 Hence, if we want that OSPF worked or traceroute said something reasonable,
93 we should search for another solution.
95 One of them is to parse packet trying to detect inner encapsulation
96 made by our node. It is difficult or even impossible, especially,
97 taking into account fragmentation. TO be short, ttl is not solution at all.
99 Current solution: The solution was UNEXPECTEDLY SIMPLE.
100 We force DF flag on tunnels with preconfigured hop limit,
101 that is ALL. :-) Well, it does not remove the problem completely,
102 but exponential growth of network traffic is changed to linear
103 (branches, that exceed pmtu are pruned) and tunnel mtu
104 rapidly degrades to value <68, where looping stops.
105 Yes, it is not good if there exists a router in the loop,
106 which does not force DF, even when encapsulating packets have DF set.
107 But it is not our problem! Nobody could accuse us, we made
108 all that we could make. Even if it is your gated who injected
109 fatal route to network, even if it were you who configured
110 fatal static route: you are innocent. :-)
115 static bool log_ecn_error = true;
116 module_param(log_ecn_error, bool, 0644);
117 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
119 static struct rtnl_link_ops ipgre_link_ops __read_mostly;
120 static int ipgre_tunnel_init(struct net_device *dev);
122 static int ipgre_net_id __read_mostly;
123 static int gre_tap_net_id __read_mostly;
125 static void ipgre_err(struct sk_buff *skb, u32 info,
126 const struct tnl_ptk_info *tpi)
129 /* All the routers (except for Linux) return only
130 8 bytes of packet payload. It means, that precise relaying of
131 ICMP in the real Internet is absolutely infeasible.
133 Moreover, Cisco "wise men" put GRE key to the third word
134 in GRE header. It makes impossible maintaining even soft
135 state for keyed GRE tunnels with enabled checksum. Tell
138 Well, I wonder, rfc1812 was written by Cisco employee,
139 what the hell these idiots break standards established
142 struct net *net = dev_net(skb->dev);
143 struct ip_tunnel_net *itn;
144 const struct iphdr *iph;
145 const int type = icmp_hdr(skb)->type;
146 const int code = icmp_hdr(skb)->code;
151 case ICMP_PARAMETERPROB:
154 case ICMP_DEST_UNREACH:
157 case ICMP_PORT_UNREACH:
158 /* Impossible event. */
161 /* All others are translated to HOST_UNREACH.
162 rfc2003 contains "deep thoughts" about NET_UNREACH,
163 I believe they are just ether pollution. --ANK
169 case ICMP_TIME_EXCEEDED:
170 if (code != ICMP_EXC_TTL)
178 if (tpi->proto == htons(ETH_P_TEB))
179 itn = net_generic(net, gre_tap_net_id);
181 itn = net_generic(net, ipgre_net_id);
183 iph = (const struct iphdr *)(icmp_hdr(skb) + 1);
184 t = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi->flags,
185 iph->daddr, iph->saddr, tpi->key);
190 if (t->parms.iph.daddr == 0 ||
191 ipv4_is_multicast(t->parms.iph.daddr))
194 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
197 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
201 t->err_time = jiffies;
204 static void gre_err(struct sk_buff *skb, u32 info)
206 /* All the routers (except for Linux) return only
207 * 8 bytes of packet payload. It means, that precise relaying of
208 * ICMP in the real Internet is absolutely infeasible.
210 * Moreover, Cisco "wise men" put GRE key to the third word
211 * in GRE header. It makes impossible maintaining even soft
213 * GRE tunnels with enabled checksum. Tell them "thank you".
215 * Well, I wonder, rfc1812 was written by Cisco employee,
216 * what the hell these idiots break standards established
220 const int type = icmp_hdr(skb)->type;
221 const int code = icmp_hdr(skb)->code;
222 struct tnl_ptk_info tpi;
223 bool csum_err = false;
225 if (gre_parse_header(skb, &tpi, &csum_err) < 0) {
226 if (!csum_err) /* ignore csum errors. */
230 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
231 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
232 skb->dev->ifindex, 0, IPPROTO_GRE, 0);
235 if (type == ICMP_REDIRECT) {
236 ipv4_redirect(skb, dev_net(skb->dev), skb->dev->ifindex, 0,
241 ipgre_err(skb, info, &tpi);
244 static __be64 key_to_tunnel_id(__be32 key)
247 return (__force __be64)((__force u32)key);
249 return (__force __be64)((__force u64)key << 32);
253 /* Returns the least-significant 32 bits of a __be64. */
254 static __be32 tunnel_id_to_key(__be64 x)
257 return (__force __be32)x;
259 return (__force __be32)((__force u64)x >> 32);
263 static int ipgre_rcv(struct sk_buff *skb, const struct tnl_ptk_info *tpi,
266 struct net *net = dev_net(skb->dev);
267 struct metadata_dst *tun_dst = NULL;
268 struct ip_tunnel_net *itn;
269 const struct iphdr *iph;
270 struct ip_tunnel *tunnel;
272 if (tpi->proto == htons(ETH_P_TEB))
273 itn = net_generic(net, gre_tap_net_id);
275 itn = net_generic(net, ipgre_net_id);
278 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi->flags,
279 iph->saddr, iph->daddr, tpi->key);
282 if (iptunnel_pull_header(skb, hdr_len, tpi->proto, false) < 0)
285 skb_pop_mac_header(skb);
286 if (tunnel->collect_md) {
290 flags = tpi->flags & (TUNNEL_CSUM | TUNNEL_KEY);
291 tun_id = key_to_tunnel_id(tpi->key);
292 tun_dst = ip_tun_rx_dst(skb, flags, tun_id, 0);
294 return PACKET_REJECT;
297 ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
300 return PACKET_REJECT;
307 static int gre_rcv(struct sk_buff *skb)
309 struct tnl_ptk_info tpi;
310 bool csum_err = false;
313 #ifdef CONFIG_NET_IPGRE_BROADCAST
314 if (ipv4_is_multicast(ip_hdr(skb)->daddr)) {
315 /* Looped back packet, drop it! */
316 if (rt_is_output_route(skb_rtable(skb)))
321 hdr_len = gre_parse_header(skb, &tpi, &csum_err);
325 if (ipgre_rcv(skb, &tpi, hdr_len) == PACKET_RCVD)
328 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
334 static void __gre_xmit(struct sk_buff *skb, struct net_device *dev,
335 const struct iphdr *tnl_params,
338 struct ip_tunnel *tunnel = netdev_priv(dev);
340 if (tunnel->parms.o_flags & TUNNEL_SEQ)
343 /* Push GRE header. */
344 gre_build_header(skb, tunnel->tun_hlen,
345 tunnel->parms.o_flags, proto, tunnel->parms.o_key,
346 htonl(tunnel->o_seqno));
348 skb_set_inner_protocol(skb, proto);
349 ip_tunnel_xmit(skb, dev, tnl_params, tnl_params->protocol);
352 static int gre_handle_offloads(struct sk_buff *skb, bool csum)
354 return iptunnel_handle_offloads(skb, csum ? SKB_GSO_GRE_CSUM : SKB_GSO_GRE);
357 static struct rtable *gre_get_rt(struct sk_buff *skb,
358 struct net_device *dev,
360 const struct ip_tunnel_key *key)
362 struct net *net = dev_net(dev);
364 memset(fl, 0, sizeof(*fl));
365 fl->daddr = key->u.ipv4.dst;
366 fl->saddr = key->u.ipv4.src;
367 fl->flowi4_tos = RT_TOS(key->tos);
368 fl->flowi4_mark = skb->mark;
369 fl->flowi4_proto = IPPROTO_GRE;
371 return ip_route_output_key(net, fl);
374 static void gre_fb_xmit(struct sk_buff *skb, struct net_device *dev,
377 struct ip_tunnel_info *tun_info;
378 const struct ip_tunnel_key *key;
379 struct rtable *rt = NULL;
387 tun_info = skb_tunnel_info(skb);
388 if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
389 ip_tunnel_info_af(tun_info) != AF_INET))
392 key = &tun_info->key;
393 use_cache = ip_tunnel_dst_cache_usable(skb, tun_info);
395 rt = dst_cache_get_ip4(&tun_info->dst_cache, &fl.saddr);
397 rt = gre_get_rt(skb, dev, &fl, key);
401 dst_cache_set_ip4(&tun_info->dst_cache, &rt->dst,
405 tunnel_hlen = gre_calc_hlen(key->tun_flags);
407 min_headroom = LL_RESERVED_SPACE(rt->dst.dev) + rt->dst.header_len
408 + tunnel_hlen + sizeof(struct iphdr);
409 if (skb_headroom(skb) < min_headroom || skb_header_cloned(skb)) {
410 int head_delta = SKB_DATA_ALIGN(min_headroom -
413 err = pskb_expand_head(skb, max_t(int, head_delta, 0),
419 /* Push Tunnel header. */
420 if (gre_handle_offloads(skb, !!(tun_info->key.tun_flags & TUNNEL_CSUM)))
423 flags = tun_info->key.tun_flags & (TUNNEL_CSUM | TUNNEL_KEY);
424 gre_build_header(skb, tunnel_hlen, flags, proto,
425 tunnel_id_to_key(tun_info->key.tun_id), 0);
427 df = key->tun_flags & TUNNEL_DONT_FRAGMENT ? htons(IP_DF) : 0;
429 iptunnel_xmit(skb->sk, rt, skb, fl.saddr, key->u.ipv4.dst, IPPROTO_GRE,
430 key->tos, key->ttl, df, false);
437 dev->stats.tx_dropped++;
440 static int gre_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
442 struct ip_tunnel_info *info = skb_tunnel_info(skb);
446 if (ip_tunnel_info_af(info) != AF_INET)
449 rt = gre_get_rt(skb, dev, &fl4, &info->key);
454 info->key.u.ipv4.src = fl4.saddr;
458 static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
459 struct net_device *dev)
461 struct ip_tunnel *tunnel = netdev_priv(dev);
462 const struct iphdr *tnl_params;
464 if (tunnel->collect_md) {
465 gre_fb_xmit(skb, dev, skb->protocol);
469 if (dev->header_ops) {
470 /* Need space for new headers */
471 if (skb_cow_head(skb, dev->needed_headroom -
472 (tunnel->hlen + sizeof(struct iphdr))))
475 tnl_params = (const struct iphdr *)skb->data;
477 /* Pull skb since ip_tunnel_xmit() needs skb->data pointing
480 skb_pull(skb, tunnel->hlen + sizeof(struct iphdr));
481 skb_reset_mac_header(skb);
483 if (skb_cow_head(skb, dev->needed_headroom))
486 tnl_params = &tunnel->parms.iph;
489 if (gre_handle_offloads(skb, !!(tunnel->parms.o_flags & TUNNEL_CSUM)))
492 __gre_xmit(skb, dev, tnl_params, skb->protocol);
497 dev->stats.tx_dropped++;
501 static netdev_tx_t gre_tap_xmit(struct sk_buff *skb,
502 struct net_device *dev)
504 struct ip_tunnel *tunnel = netdev_priv(dev);
506 if (tunnel->collect_md) {
507 gre_fb_xmit(skb, dev, htons(ETH_P_TEB));
511 if (gre_handle_offloads(skb, !!(tunnel->parms.o_flags & TUNNEL_CSUM)))
514 if (skb_cow_head(skb, dev->needed_headroom))
517 __gre_xmit(skb, dev, &tunnel->parms.iph, htons(ETH_P_TEB));
522 dev->stats.tx_dropped++;
526 static int ipgre_tunnel_ioctl(struct net_device *dev,
527 struct ifreq *ifr, int cmd)
530 struct ip_tunnel_parm p;
532 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
534 if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
535 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_GRE ||
536 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)) ||
537 ((p.i_flags|p.o_flags)&(GRE_VERSION|GRE_ROUTING)))
540 p.i_flags = gre_flags_to_tnl_flags(p.i_flags);
541 p.o_flags = gre_flags_to_tnl_flags(p.o_flags);
543 err = ip_tunnel_ioctl(dev, &p, cmd);
547 p.i_flags = gre_tnl_flags_to_gre_flags(p.i_flags);
548 p.o_flags = gre_tnl_flags_to_gre_flags(p.o_flags);
550 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
555 /* Nice toy. Unfortunately, useless in real life :-)
556 It allows to construct virtual multiprotocol broadcast "LAN"
557 over the Internet, provided multicast routing is tuned.
560 I have no idea was this bicycle invented before me,
561 so that I had to set ARPHRD_IPGRE to a random value.
562 I have an impression, that Cisco could make something similar,
563 but this feature is apparently missing in IOS<=11.2(8).
565 I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks
566 with broadcast 224.66.66.66. If you have access to mbone, play with me :-)
568 ping -t 255 224.66.66.66
570 If nobody answers, mbone does not work.
572 ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255
573 ip addr add 10.66.66.<somewhat>/24 dev Universe
575 ifconfig Universe add fe80::<Your_real_addr>/10
576 ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96
579 ftp fec0:6666:6666::193.233.7.65
582 static int ipgre_header(struct sk_buff *skb, struct net_device *dev,
584 const void *daddr, const void *saddr, unsigned int len)
586 struct ip_tunnel *t = netdev_priv(dev);
588 struct gre_base_hdr *greh;
590 iph = (struct iphdr *)skb_push(skb, t->hlen + sizeof(*iph));
591 greh = (struct gre_base_hdr *)(iph+1);
592 greh->flags = gre_tnl_flags_to_gre_flags(t->parms.o_flags);
593 greh->protocol = htons(type);
595 memcpy(iph, &t->parms.iph, sizeof(struct iphdr));
597 /* Set the source hardware address. */
599 memcpy(&iph->saddr, saddr, 4);
601 memcpy(&iph->daddr, daddr, 4);
603 return t->hlen + sizeof(*iph);
605 return -(t->hlen + sizeof(*iph));
608 static int ipgre_header_parse(const struct sk_buff *skb, unsigned char *haddr)
610 const struct iphdr *iph = (const struct iphdr *) skb_mac_header(skb);
611 memcpy(haddr, &iph->saddr, 4);
615 static const struct header_ops ipgre_header_ops = {
616 .create = ipgre_header,
617 .parse = ipgre_header_parse,
620 #ifdef CONFIG_NET_IPGRE_BROADCAST
621 static int ipgre_open(struct net_device *dev)
623 struct ip_tunnel *t = netdev_priv(dev);
625 if (ipv4_is_multicast(t->parms.iph.daddr)) {
629 rt = ip_route_output_gre(t->net, &fl4,
633 RT_TOS(t->parms.iph.tos),
636 return -EADDRNOTAVAIL;
639 if (!__in_dev_get_rtnl(dev))
640 return -EADDRNOTAVAIL;
641 t->mlink = dev->ifindex;
642 ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr);
647 static int ipgre_close(struct net_device *dev)
649 struct ip_tunnel *t = netdev_priv(dev);
651 if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) {
652 struct in_device *in_dev;
653 in_dev = inetdev_by_index(t->net, t->mlink);
655 ip_mc_dec_group(in_dev, t->parms.iph.daddr);
661 static const struct net_device_ops ipgre_netdev_ops = {
662 .ndo_init = ipgre_tunnel_init,
663 .ndo_uninit = ip_tunnel_uninit,
664 #ifdef CONFIG_NET_IPGRE_BROADCAST
665 .ndo_open = ipgre_open,
666 .ndo_stop = ipgre_close,
668 .ndo_start_xmit = ipgre_xmit,
669 .ndo_do_ioctl = ipgre_tunnel_ioctl,
670 .ndo_change_mtu = ip_tunnel_change_mtu,
671 .ndo_get_stats64 = ip_tunnel_get_stats64,
672 .ndo_get_iflink = ip_tunnel_get_iflink,
675 #define GRE_FEATURES (NETIF_F_SG | \
680 static void ipgre_tunnel_setup(struct net_device *dev)
682 dev->netdev_ops = &ipgre_netdev_ops;
683 dev->type = ARPHRD_IPGRE;
684 ip_tunnel_setup(dev, ipgre_net_id);
687 static void __gre_tunnel_init(struct net_device *dev)
689 struct ip_tunnel *tunnel;
692 tunnel = netdev_priv(dev);
693 tunnel->tun_hlen = gre_calc_hlen(tunnel->parms.o_flags);
694 tunnel->parms.iph.protocol = IPPROTO_GRE;
696 tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
698 t_hlen = tunnel->hlen + sizeof(struct iphdr);
700 dev->needed_headroom = LL_MAX_HEADER + t_hlen + 4;
701 dev->mtu = ETH_DATA_LEN - t_hlen - 4;
703 dev->features |= GRE_FEATURES;
704 dev->hw_features |= GRE_FEATURES;
706 if (!(tunnel->parms.o_flags & TUNNEL_SEQ)) {
707 /* TCP offload with GRE SEQ is not supported, nor
708 * can we support 2 levels of outer headers requiring
711 if (!(tunnel->parms.o_flags & TUNNEL_CSUM) ||
712 (tunnel->encap.type == TUNNEL_ENCAP_NONE)) {
713 dev->features |= NETIF_F_GSO_SOFTWARE;
714 dev->hw_features |= NETIF_F_GSO_SOFTWARE;
717 /* Can use a lockless transmit, unless we generate
720 dev->features |= NETIF_F_LLTX;
724 static int ipgre_tunnel_init(struct net_device *dev)
726 struct ip_tunnel *tunnel = netdev_priv(dev);
727 struct iphdr *iph = &tunnel->parms.iph;
729 __gre_tunnel_init(dev);
731 memcpy(dev->dev_addr, &iph->saddr, 4);
732 memcpy(dev->broadcast, &iph->daddr, 4);
734 dev->flags = IFF_NOARP;
738 if (iph->daddr && !tunnel->collect_md) {
739 #ifdef CONFIG_NET_IPGRE_BROADCAST
740 if (ipv4_is_multicast(iph->daddr)) {
743 dev->flags = IFF_BROADCAST;
744 dev->header_ops = &ipgre_header_ops;
747 } else if (!tunnel->collect_md) {
748 dev->header_ops = &ipgre_header_ops;
751 return ip_tunnel_init(dev);
754 static const struct gre_protocol ipgre_protocol = {
756 .err_handler = gre_err,
759 static int __net_init ipgre_init_net(struct net *net)
761 return ip_tunnel_init_net(net, ipgre_net_id, &ipgre_link_ops, NULL);
764 static void __net_exit ipgre_exit_net(struct net *net)
766 struct ip_tunnel_net *itn = net_generic(net, ipgre_net_id);
767 ip_tunnel_delete_net(itn, &ipgre_link_ops);
770 static struct pernet_operations ipgre_net_ops = {
771 .init = ipgre_init_net,
772 .exit = ipgre_exit_net,
774 .size = sizeof(struct ip_tunnel_net),
777 static int ipgre_tunnel_validate(struct nlattr *tb[], struct nlattr *data[])
785 if (data[IFLA_GRE_IFLAGS])
786 flags |= nla_get_be16(data[IFLA_GRE_IFLAGS]);
787 if (data[IFLA_GRE_OFLAGS])
788 flags |= nla_get_be16(data[IFLA_GRE_OFLAGS]);
789 if (flags & (GRE_VERSION|GRE_ROUTING))
792 if (data[IFLA_GRE_COLLECT_METADATA] &&
793 data[IFLA_GRE_ENCAP_TYPE] &&
794 nla_get_u16(data[IFLA_GRE_ENCAP_TYPE]) != TUNNEL_ENCAP_NONE)
800 static int ipgre_tap_validate(struct nlattr *tb[], struct nlattr *data[])
804 if (tb[IFLA_ADDRESS]) {
805 if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN)
807 if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS])))
808 return -EADDRNOTAVAIL;
814 if (data[IFLA_GRE_REMOTE]) {
815 memcpy(&daddr, nla_data(data[IFLA_GRE_REMOTE]), 4);
821 return ipgre_tunnel_validate(tb, data);
824 static void ipgre_netlink_parms(struct net_device *dev,
825 struct nlattr *data[],
827 struct ip_tunnel_parm *parms)
829 memset(parms, 0, sizeof(*parms));
831 parms->iph.protocol = IPPROTO_GRE;
836 if (data[IFLA_GRE_LINK])
837 parms->link = nla_get_u32(data[IFLA_GRE_LINK]);
839 if (data[IFLA_GRE_IFLAGS])
840 parms->i_flags = gre_flags_to_tnl_flags(nla_get_be16(data[IFLA_GRE_IFLAGS]));
842 if (data[IFLA_GRE_OFLAGS])
843 parms->o_flags = gre_flags_to_tnl_flags(nla_get_be16(data[IFLA_GRE_OFLAGS]));
845 if (data[IFLA_GRE_IKEY])
846 parms->i_key = nla_get_be32(data[IFLA_GRE_IKEY]);
848 if (data[IFLA_GRE_OKEY])
849 parms->o_key = nla_get_be32(data[IFLA_GRE_OKEY]);
851 if (data[IFLA_GRE_LOCAL])
852 parms->iph.saddr = nla_get_in_addr(data[IFLA_GRE_LOCAL]);
854 if (data[IFLA_GRE_REMOTE])
855 parms->iph.daddr = nla_get_in_addr(data[IFLA_GRE_REMOTE]);
857 if (data[IFLA_GRE_TTL])
858 parms->iph.ttl = nla_get_u8(data[IFLA_GRE_TTL]);
860 if (data[IFLA_GRE_TOS])
861 parms->iph.tos = nla_get_u8(data[IFLA_GRE_TOS]);
863 if (!data[IFLA_GRE_PMTUDISC] || nla_get_u8(data[IFLA_GRE_PMTUDISC]))
864 parms->iph.frag_off = htons(IP_DF);
866 if (data[IFLA_GRE_COLLECT_METADATA]) {
867 struct ip_tunnel *t = netdev_priv(dev);
869 t->collect_md = true;
873 /* This function returns true when ENCAP attributes are present in the nl msg */
874 static bool ipgre_netlink_encap_parms(struct nlattr *data[],
875 struct ip_tunnel_encap *ipencap)
879 memset(ipencap, 0, sizeof(*ipencap));
884 if (data[IFLA_GRE_ENCAP_TYPE]) {
886 ipencap->type = nla_get_u16(data[IFLA_GRE_ENCAP_TYPE]);
889 if (data[IFLA_GRE_ENCAP_FLAGS]) {
891 ipencap->flags = nla_get_u16(data[IFLA_GRE_ENCAP_FLAGS]);
894 if (data[IFLA_GRE_ENCAP_SPORT]) {
896 ipencap->sport = nla_get_be16(data[IFLA_GRE_ENCAP_SPORT]);
899 if (data[IFLA_GRE_ENCAP_DPORT]) {
901 ipencap->dport = nla_get_be16(data[IFLA_GRE_ENCAP_DPORT]);
907 static int gre_tap_init(struct net_device *dev)
909 __gre_tunnel_init(dev);
910 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
912 return ip_tunnel_init(dev);
915 static const struct net_device_ops gre_tap_netdev_ops = {
916 .ndo_init = gre_tap_init,
917 .ndo_uninit = ip_tunnel_uninit,
918 .ndo_start_xmit = gre_tap_xmit,
919 .ndo_set_mac_address = eth_mac_addr,
920 .ndo_validate_addr = eth_validate_addr,
921 .ndo_change_mtu = ip_tunnel_change_mtu,
922 .ndo_get_stats64 = ip_tunnel_get_stats64,
923 .ndo_get_iflink = ip_tunnel_get_iflink,
924 .ndo_fill_metadata_dst = gre_fill_metadata_dst,
927 static void ipgre_tap_setup(struct net_device *dev)
930 dev->netdev_ops = &gre_tap_netdev_ops;
931 dev->priv_flags &= ~IFF_TX_SKB_SHARING;
932 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
933 ip_tunnel_setup(dev, gre_tap_net_id);
936 static int ipgre_newlink(struct net *src_net, struct net_device *dev,
937 struct nlattr *tb[], struct nlattr *data[])
939 struct ip_tunnel_parm p;
940 struct ip_tunnel_encap ipencap;
942 if (ipgre_netlink_encap_parms(data, &ipencap)) {
943 struct ip_tunnel *t = netdev_priv(dev);
944 int err = ip_tunnel_encap_setup(t, &ipencap);
950 ipgre_netlink_parms(dev, data, tb, &p);
951 return ip_tunnel_newlink(dev, tb, &p);
954 static int ipgre_changelink(struct net_device *dev, struct nlattr *tb[],
955 struct nlattr *data[])
957 struct ip_tunnel_parm p;
958 struct ip_tunnel_encap ipencap;
960 if (ipgre_netlink_encap_parms(data, &ipencap)) {
961 struct ip_tunnel *t = netdev_priv(dev);
962 int err = ip_tunnel_encap_setup(t, &ipencap);
968 ipgre_netlink_parms(dev, data, tb, &p);
969 return ip_tunnel_changelink(dev, tb, &p);
972 static size_t ipgre_get_size(const struct net_device *dev)
977 /* IFLA_GRE_IFLAGS */
979 /* IFLA_GRE_OFLAGS */
987 /* IFLA_GRE_REMOTE */
993 /* IFLA_GRE_PMTUDISC */
995 /* IFLA_GRE_ENCAP_TYPE */
997 /* IFLA_GRE_ENCAP_FLAGS */
999 /* IFLA_GRE_ENCAP_SPORT */
1001 /* IFLA_GRE_ENCAP_DPORT */
1003 /* IFLA_GRE_COLLECT_METADATA */
1008 static int ipgre_fill_info(struct sk_buff *skb, const struct net_device *dev)
1010 struct ip_tunnel *t = netdev_priv(dev);
1011 struct ip_tunnel_parm *p = &t->parms;
1013 if (nla_put_u32(skb, IFLA_GRE_LINK, p->link) ||
1014 nla_put_be16(skb, IFLA_GRE_IFLAGS,
1015 gre_tnl_flags_to_gre_flags(p->i_flags)) ||
1016 nla_put_be16(skb, IFLA_GRE_OFLAGS,
1017 gre_tnl_flags_to_gre_flags(p->o_flags)) ||
1018 nla_put_be32(skb, IFLA_GRE_IKEY, p->i_key) ||
1019 nla_put_be32(skb, IFLA_GRE_OKEY, p->o_key) ||
1020 nla_put_in_addr(skb, IFLA_GRE_LOCAL, p->iph.saddr) ||
1021 nla_put_in_addr(skb, IFLA_GRE_REMOTE, p->iph.daddr) ||
1022 nla_put_u8(skb, IFLA_GRE_TTL, p->iph.ttl) ||
1023 nla_put_u8(skb, IFLA_GRE_TOS, p->iph.tos) ||
1024 nla_put_u8(skb, IFLA_GRE_PMTUDISC,
1025 !!(p->iph.frag_off & htons(IP_DF))))
1026 goto nla_put_failure;
1028 if (nla_put_u16(skb, IFLA_GRE_ENCAP_TYPE,
1030 nla_put_be16(skb, IFLA_GRE_ENCAP_SPORT,
1032 nla_put_be16(skb, IFLA_GRE_ENCAP_DPORT,
1034 nla_put_u16(skb, IFLA_GRE_ENCAP_FLAGS,
1036 goto nla_put_failure;
1038 if (t->collect_md) {
1039 if (nla_put_flag(skb, IFLA_GRE_COLLECT_METADATA))
1040 goto nla_put_failure;
1049 static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
1050 [IFLA_GRE_LINK] = { .type = NLA_U32 },
1051 [IFLA_GRE_IFLAGS] = { .type = NLA_U16 },
1052 [IFLA_GRE_OFLAGS] = { .type = NLA_U16 },
1053 [IFLA_GRE_IKEY] = { .type = NLA_U32 },
1054 [IFLA_GRE_OKEY] = { .type = NLA_U32 },
1055 [IFLA_GRE_LOCAL] = { .len = FIELD_SIZEOF(struct iphdr, saddr) },
1056 [IFLA_GRE_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) },
1057 [IFLA_GRE_TTL] = { .type = NLA_U8 },
1058 [IFLA_GRE_TOS] = { .type = NLA_U8 },
1059 [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 },
1060 [IFLA_GRE_ENCAP_TYPE] = { .type = NLA_U16 },
1061 [IFLA_GRE_ENCAP_FLAGS] = { .type = NLA_U16 },
1062 [IFLA_GRE_ENCAP_SPORT] = { .type = NLA_U16 },
1063 [IFLA_GRE_ENCAP_DPORT] = { .type = NLA_U16 },
1064 [IFLA_GRE_COLLECT_METADATA] = { .type = NLA_FLAG },
1067 static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
1069 .maxtype = IFLA_GRE_MAX,
1070 .policy = ipgre_policy,
1071 .priv_size = sizeof(struct ip_tunnel),
1072 .setup = ipgre_tunnel_setup,
1073 .validate = ipgre_tunnel_validate,
1074 .newlink = ipgre_newlink,
1075 .changelink = ipgre_changelink,
1076 .dellink = ip_tunnel_dellink,
1077 .get_size = ipgre_get_size,
1078 .fill_info = ipgre_fill_info,
1079 .get_link_net = ip_tunnel_get_link_net,
1082 static struct rtnl_link_ops ipgre_tap_ops __read_mostly = {
1084 .maxtype = IFLA_GRE_MAX,
1085 .policy = ipgre_policy,
1086 .priv_size = sizeof(struct ip_tunnel),
1087 .setup = ipgre_tap_setup,
1088 .validate = ipgre_tap_validate,
1089 .newlink = ipgre_newlink,
1090 .changelink = ipgre_changelink,
1091 .dellink = ip_tunnel_dellink,
1092 .get_size = ipgre_get_size,
1093 .fill_info = ipgre_fill_info,
1094 .get_link_net = ip_tunnel_get_link_net,
1097 struct net_device *gretap_fb_dev_create(struct net *net, const char *name,
1098 u8 name_assign_type)
1100 struct nlattr *tb[IFLA_MAX + 1];
1101 struct net_device *dev;
1102 struct ip_tunnel *t;
1105 memset(&tb, 0, sizeof(tb));
1107 dev = rtnl_create_link(net, name, name_assign_type,
1108 &ipgre_tap_ops, tb);
1112 /* Configure flow based GRE device. */
1113 t = netdev_priv(dev);
1114 t->collect_md = true;
1116 err = ipgre_newlink(net, dev, tb, NULL);
1120 /* openvswitch users expect packet sizes to be unrestricted,
1121 * so set the largest MTU we can.
1123 err = __ip_tunnel_change_mtu(dev, IP_MAX_MTU, false);
1130 return ERR_PTR(err);
1132 EXPORT_SYMBOL_GPL(gretap_fb_dev_create);
1134 static int __net_init ipgre_tap_init_net(struct net *net)
1136 return ip_tunnel_init_net(net, gre_tap_net_id, &ipgre_tap_ops, "gretap0");
1139 static void __net_exit ipgre_tap_exit_net(struct net *net)
1141 struct ip_tunnel_net *itn = net_generic(net, gre_tap_net_id);
1142 ip_tunnel_delete_net(itn, &ipgre_tap_ops);
1145 static struct pernet_operations ipgre_tap_net_ops = {
1146 .init = ipgre_tap_init_net,
1147 .exit = ipgre_tap_exit_net,
1148 .id = &gre_tap_net_id,
1149 .size = sizeof(struct ip_tunnel_net),
1152 static int __init ipgre_init(void)
1156 pr_info("GRE over IPv4 tunneling driver\n");
1158 err = register_pernet_device(&ipgre_net_ops);
1162 err = register_pernet_device(&ipgre_tap_net_ops);
1164 goto pnet_tap_faied;
1166 err = gre_add_protocol(&ipgre_protocol, GREPROTO_CISCO);
1168 pr_info("%s: can't add protocol\n", __func__);
1169 goto add_proto_failed;
1172 err = rtnl_link_register(&ipgre_link_ops);
1174 goto rtnl_link_failed;
1176 err = rtnl_link_register(&ipgre_tap_ops);
1178 goto tap_ops_failed;
1183 rtnl_link_unregister(&ipgre_link_ops);
1185 gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
1187 unregister_pernet_device(&ipgre_tap_net_ops);
1189 unregister_pernet_device(&ipgre_net_ops);
1193 static void __exit ipgre_fini(void)
1195 rtnl_link_unregister(&ipgre_tap_ops);
1196 rtnl_link_unregister(&ipgre_link_ops);
1197 gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
1198 unregister_pernet_device(&ipgre_tap_net_ops);
1199 unregister_pernet_device(&ipgre_net_ops);
1202 module_init(ipgre_init);
1203 module_exit(ipgre_fini);
1204 MODULE_LICENSE("GPL");
1205 MODULE_ALIAS_RTNL_LINK("gre");
1206 MODULE_ALIAS_RTNL_LINK("gretap");
1207 MODULE_ALIAS_NETDEV("gre0");
1208 MODULE_ALIAS_NETDEV("gretap0");
projects / cascardo / linux.git / blob