/* xfrm4_tunnel.c: Generic IP tunnel transformer. * * Copyright (C) 2003 David S. Miller (davem@redhat.com) */ #include #include #include #include #include int xfrm4_tunnel_check_size(struct sk_buff *skb) { int mtu, ret = 0; struct dst_entry *dst; struct iphdr *iph = skb->nh.iph; if (IPCB(skb)->flags & IPSKB_XFRM_TUNNEL_SIZE) goto out; IPCB(skb)->flags |= IPSKB_XFRM_TUNNEL_SIZE; if (!(iph->frag_off & htons(IP_DF))) goto out; dst = skb->dst; mtu = dst_pmtu(dst) - dst->header_len - dst->trailer_len; if (skb->len > mtu) { icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu)); ret = -EMSGSIZE; } out: return ret; } static int ipip_output(struct sk_buff *skb) { struct dst_entry *dst = skb->dst; struct xfrm_state *x = dst->xfrm; struct iphdr *iph, *top_iph; int tos, err; if ((err = xfrm4_tunnel_check_size(skb)) != 0) goto error_nolock; iph = skb->nh.iph; spin_lock_bh(&x->lock); tos = iph->tos; top_iph = (struct iphdr *) skb_push(skb, x->props.header_len); top_iph->ihl = 5; top_iph->version = 4; top_iph->tos = INET_ECN_encapsulate(tos, iph->tos); top_iph->tot_len = htons(skb->len); top_iph->frag_off = iph->frag_off & ~htons(IP_MF|IP_OFFSET); if (!(iph->frag_off & htons(IP_DF))) __ip_select_ident(top_iph, dst, 0); top_iph->ttl = iph->ttl; top_iph->protocol = IPPROTO_IPIP; top_iph->check = 0; top_iph->saddr = x->props.saddr.a4; top_iph->daddr = x->id.daddr.a4; memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); ip_send_check(top_iph); skb->nh.raw = skb->data; x->curlft.bytes += skb->len; x->curlft.packets++; spin_unlock_bh(&x->lock); if ((skb->dst = dst_pop(dst)) == NULL) { kfree_skb(skb); err = -EHOSTUNREACH; goto error_nolock; } return NET_XMIT_BYPASS; error_nolock: kfree_skb(skb); return err; } static int ipip_xfrm_rcv(struct xfrm_state *x, struct xfrm_decap_state *decap, struct sk_buff *skb) { return 0; } static struct xfrm_tunnel *ipip_handler; static DECLARE_MUTEX(xfrm4_tunnel_sem); int xfrm4_tunnel_register(struct xfrm_tunnel *handler) { int ret; down(&xfrm4_tunnel_sem); ret = 0; if (ipip_handler != NULL) ret = -EINVAL; if (!ret) ipip_handler = handler; up(&xfrm4_tunnel_sem); return ret; } int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler) { int ret; down(&xfrm4_tunnel_sem); ret = 0; if (ipip_handler != handler) ret = -EINVAL; if (!ret) ipip_handler = NULL; up(&xfrm4_tunnel_sem); synchronize_net(); return ret; } static int ipip_rcv(struct sk_buff *skb) { struct xfrm_tunnel *handler = ipip_handler; /* Tunnel devices take precedence. */ if (handler && handler->handler(skb) == 0) return 0; return xfrm4_rcv_encap(skb, 0); } static void ipip_err(struct sk_buff *skb, u32 info) { struct xfrm_tunnel *handler = ipip_handler; u32 arg = info; if (handler) handler->err_handler(skb, &arg); } static int ipip_init_state(struct xfrm_state *x, void *args) { if (!x->props.mode) return -EINVAL; x->props.header_len = sizeof(struct iphdr); return 0; } static void ipip_destroy(struct xfrm_state *x) { } static struct xfrm_type ipip_type = { .description = "IPIP", .owner = THIS_MODULE, .proto = IPPROTO_IPIP, .init_state = ipip_init_state, .destructor = ipip_destroy, .input = ipip_xfrm_rcv, .output = ipip_output }; static struct inet_protocol ipip_protocol = { .handler = ipip_rcv, .err_handler = ipip_err, .no_policy = 1, }; static int __init ipip_init(void) { if (xfrm_register_type(&ipip_type, AF_INET) < 0) { printk(KERN_INFO "ipip init: can't add xfrm type\n"); return -EAGAIN; } if (inet_add_protocol(&ipip_protocol, IPPROTO_IPIP) < 0) { printk(KERN_INFO "ipip init: can't add protocol\n"); xfrm_unregister_type(&ipip_type, AF_INET); return -EAGAIN; } return 0; } static void __exit ipip_fini(void) { if (inet_del_protocol(&ipip_protocol, IPPROTO_IPIP) < 0) printk(KERN_INFO "ipip close: can't remove protocol\n"); if (xfrm_unregister_type(&ipip_type, AF_INET) < 0) printk(KERN_INFO "ipip close: can't remove xfrm type\n"); } module_init(ipip_init); module_exit(ipip_fini); MODULE_LICENSE("GPL");