2 * Linux NET3: IP/IP protocol decoder.
4 * Version: $Id: ipip.c,v 1.50 2001/10/02 02:22:36 davem Exp $
7 * Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
10 * Alan Cox : Merged and made usable non modular (its so tiny its silly as
11 * a module taking up 2 pages).
12 * Alan Cox : Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
13 * to keep ip_forward happy.
14 * Alan Cox : More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
15 * Kai Schulte : Fixed #defines for IP_FIREWALL->FIREWALL
16 * David Woodhouse : Perform some basic ICMP handling.
17 * IPIP Routing without decapsulation.
18 * Carlos Picoto : GRE over IP support
19 * Alexey Kuznetsov: Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
20 * I do not want to merge them together.
22 * This program is free software; you can redistribute it and/or
23 * modify it under the terms of the GNU General Public License
24 * as published by the Free Software Foundation; either version
25 * 2 of the License, or (at your option) any later version.
29 /* tunnel.c: an IP tunnel driver
31 The purpose of this driver is to provide an IP tunnel through
32 which you can tunnel network traffic transparently across subnets.
34 This was written by looking at Nick Holloway's dummy driver
35 Thanks for the great code!
37 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
40 Cleaned up the code a little and added some pre-1.3.0 tweaks.
41 dev->hard_header/hard_header_len changed to use no headers.
42 Comments/bracketing tweaked.
43 Made the tunnels use dev->name not tunnel: when error reporting.
46 -Alan Cox (Alan.Cox@linux.org) 21 March 95
49 Changed to tunnel to destination gateway in addition to the
50 tunnel's pointopoint address
51 Almost completely rewritten
52 Note: There is currently no firewall or ICMP handling done.
54 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/13/96
58 /* Things I wish I had known when writing the tunnel driver:
60 When the tunnel_xmit() function is called, the skb contains the
61 packet to be sent (plus a great deal of extra info), and dev
62 contains the tunnel device that _we_ are.
64 When we are passed a packet, we are expected to fill in the
65 source address with our source IP address.
67 What is the proper way to allocate, copy and free a buffer?
68 After you allocate it, it is a "0 length" chunk of memory
69 starting at zero. If you want to add headers to the buffer
70 later, you'll have to call "skb_reserve(skb, amount)" with
71 the amount of memory you want reserved. Then, you call
72 "skb_put(skb, amount)" with the amount of space you want in
73 the buffer. skb_put() returns a pointer to the top (#0) of
74 that buffer. skb->len is set to the amount of space you have
75 "allocated" with skb_put(). You can then write up to skb->len
76 bytes to that buffer. If you need more, you can call skb_put()
77 again with the additional amount of space you need. You can
78 find out how much more space you can allocate by calling
80 Now, to add header space, call "skb_push(skb, header_len)".
81 This creates space at the beginning of the buffer and returns
82 a pointer to this new space. If later you need to strip a
83 header from a buffer, call "skb_pull(skb, header_len)".
84 skb_headroom() will return how much space is left at the top
85 of the buffer (before the main data). Remember, this headroom
86 space must be reserved before the skb_put() function is called.
90 This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
92 For comments look at net/ipv4/ip_gre.c --ANK
96 #include <linux/config.h>
97 #include <linux/module.h>
98 #include <linux/types.h>
99 #include <linux/sched.h>
100 #include <linux/kernel.h>
101 #include <asm/uaccess.h>
102 #include <linux/skbuff.h>
103 #include <linux/netdevice.h>
104 #include <linux/in.h>
105 #include <linux/tcp.h>
106 #include <linux/udp.h>
107 #include <linux/if_arp.h>
108 #include <linux/mroute.h>
109 #include <linux/init.h>
110 #include <linux/netfilter_ipv4.h>
112 #include <net/sock.h>
114 #include <net/icmp.h>
115 #include <net/protocol.h>
116 #include <net/ipip.h>
117 #include <net/inet_ecn.h>
118 #include <net/xfrm.h>
121 #define HASH(addr) ((addr^(addr>>4))&0xF)
123 static int ipip_fb_tunnel_init(struct net_device *dev);
124 static int ipip_tunnel_init(struct net_device *dev);
125 static void ipip_tunnel_setup(struct net_device *dev);
127 static struct net_device *ipip_fb_tunnel_dev;
129 static struct ip_tunnel *tunnels_r_l[HASH_SIZE];
130 static struct ip_tunnel *tunnels_r[HASH_SIZE];
131 static struct ip_tunnel *tunnels_l[HASH_SIZE];
132 static struct ip_tunnel *tunnels_wc[1];
133 static struct ip_tunnel **tunnels[4] = { tunnels_wc, tunnels_l, tunnels_r, tunnels_r_l };
135 static DEFINE_RWLOCK(ipip_lock);
137 static struct ip_tunnel * ipip_tunnel_lookup(u32 remote, u32 local)
139 unsigned h0 = HASH(remote);
140 unsigned h1 = HASH(local);
143 for (t = tunnels_r_l[h0^h1]; t; t = t->next) {
144 if (local == t->parms.iph.saddr &&
145 remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
148 for (t = tunnels_r[h0]; t; t = t->next) {
149 if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
152 for (t = tunnels_l[h1]; t; t = t->next) {
153 if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP))
156 if ((t = tunnels_wc[0]) != NULL && (t->dev->flags&IFF_UP))
161 static struct ip_tunnel **ipip_bucket(struct ip_tunnel *t)
163 u32 remote = t->parms.iph.daddr;
164 u32 local = t->parms.iph.saddr;
176 return &tunnels[prio][h];
180 static void ipip_tunnel_unlink(struct ip_tunnel *t)
182 struct ip_tunnel **tp;
184 for (tp = ipip_bucket(t); *tp; tp = &(*tp)->next) {
186 write_lock_bh(&ipip_lock);
188 write_unlock_bh(&ipip_lock);
194 static void ipip_tunnel_link(struct ip_tunnel *t)
196 struct ip_tunnel **tp = ipip_bucket(t);
199 write_lock_bh(&ipip_lock);
201 write_unlock_bh(&ipip_lock);
204 static struct ip_tunnel * ipip_tunnel_locate(struct ip_tunnel_parm *parms, int create)
206 u32 remote = parms->iph.daddr;
207 u32 local = parms->iph.saddr;
208 struct ip_tunnel *t, **tp, *nt;
209 struct net_device *dev;
222 for (tp = &tunnels[prio][h]; (t = *tp) != NULL; tp = &t->next) {
223 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr)
230 strlcpy(name, parms->name, IFNAMSIZ);
233 for (i=1; i<100; i++) {
234 sprintf(name, "tunl%d", i);
235 if (__dev_get_by_name(name) == NULL)
242 dev = alloc_netdev(sizeof(*t), name, ipip_tunnel_setup);
247 SET_MODULE_OWNER(dev);
248 dev->init = ipip_tunnel_init;
251 if (register_netdevice(dev) < 0) {
257 ipip_tunnel_link(nt);
258 /* Do not decrement MOD_USE_COUNT here. */
265 static void ipip_tunnel_uninit(struct net_device *dev)
267 if (dev == ipip_fb_tunnel_dev) {
268 write_lock_bh(&ipip_lock);
269 tunnels_wc[0] = NULL;
270 write_unlock_bh(&ipip_lock);
272 ipip_tunnel_unlink((struct ip_tunnel*)dev->priv);
276 static void ipip_err(struct sk_buff *skb, void *__unused)
278 #ifndef I_WISH_WORLD_WERE_PERFECT
280 /* It is not :-( All the routers (except for Linux) return only
281 8 bytes of packet payload. It means, that precise relaying of
282 ICMP in the real Internet is absolutely infeasible.
284 struct iphdr *iph = (struct iphdr*)skb->data;
285 int type = skb->h.icmph->type;
286 int code = skb->h.icmph->code;
291 case ICMP_PARAMETERPROB:
294 case ICMP_DEST_UNREACH:
297 case ICMP_PORT_UNREACH:
298 /* Impossible event. */
300 case ICMP_FRAG_NEEDED:
301 /* Soft state for pmtu is maintained by IP core. */
304 /* All others are translated to HOST_UNREACH.
305 rfc2003 contains "deep thoughts" about NET_UNREACH,
306 I believe they are just ether pollution. --ANK
311 case ICMP_TIME_EXCEEDED:
312 if (code != ICMP_EXC_TTL)
317 read_lock(&ipip_lock);
318 t = ipip_tunnel_lookup(iph->daddr, iph->saddr);
319 if (t == NULL || t->parms.iph.daddr == 0)
321 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
324 if (jiffies - t->err_time < IPTUNNEL_ERR_TIMEO)
328 t->err_time = jiffies;
330 read_unlock(&ipip_lock);
333 struct iphdr *iph = (struct iphdr*)dp;
334 int hlen = iph->ihl<<2;
336 int type = skb->h.icmph->type;
337 int code = skb->h.icmph->code;
341 struct sk_buff *skb2;
345 if (len < hlen + sizeof(struct iphdr))
347 eiph = (struct iphdr*)(dp + hlen);
352 case ICMP_PARAMETERPROB:
353 if (skb->h.icmph->un.gateway < hlen)
356 /* So... This guy found something strange INSIDE encapsulated
357 packet. Well, he is fool, but what can we do ?
359 rel_type = ICMP_PARAMETERPROB;
360 rel_info = skb->h.icmph->un.gateway - hlen;
363 case ICMP_DEST_UNREACH:
366 case ICMP_PORT_UNREACH:
367 /* Impossible event. */
369 case ICMP_FRAG_NEEDED:
370 /* And it is the only really necessary thing :-) */
371 rel_info = ntohs(skb->h.icmph->un.frag.mtu);
372 if (rel_info < hlen+68)
375 /* BSD 4.2 MORE DOES NOT EXIST IN NATURE. */
376 if (rel_info > ntohs(eiph->tot_len))
380 /* All others are translated to HOST_UNREACH.
381 rfc2003 contains "deep thoughts" about NET_UNREACH,
382 I believe, it is just ether pollution. --ANK
384 rel_type = ICMP_DEST_UNREACH;
385 rel_code = ICMP_HOST_UNREACH;
389 case ICMP_TIME_EXCEEDED:
390 if (code != ICMP_EXC_TTL)
395 /* Prepare fake skb to feed it to icmp_send */
396 skb2 = skb_clone(skb, GFP_ATOMIC);
399 dst_release(skb2->dst);
401 skb_pull(skb2, skb->data - (u8*)eiph);
402 skb2->nh.raw = skb2->data;
404 /* Try to guess incoming interface */
405 memset(&fl, 0, sizeof(fl));
406 fl.fl4_daddr = eiph->saddr;
407 fl.fl4_tos = RT_TOS(eiph->tos);
408 fl.proto = IPPROTO_IPIP;
409 if (ip_route_output_key(&rt, &key)) {
413 skb2->dev = rt->u.dst.dev;
415 /* route "incoming" packet */
416 if (rt->rt_flags&RTCF_LOCAL) {
419 fl.fl4_daddr = eiph->daddr;
420 fl.fl4_src = eiph->saddr;
421 fl.fl4_tos = eiph->tos;
422 if (ip_route_output_key(&rt, &fl) ||
423 rt->u.dst.dev->type != ARPHRD_TUNNEL) {
430 if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, skb2->dev) ||
431 skb2->dst->dev->type != ARPHRD_TUNNEL) {
437 /* change mtu on this route */
438 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
439 if (rel_info > dst_mtu(skb2->dst)) {
443 skb2->dst->ops->update_pmtu(skb2->dst, rel_info);
444 rel_info = htonl(rel_info);
445 } else if (type == ICMP_TIME_EXCEEDED) {
446 struct ip_tunnel *t = (struct ip_tunnel*)skb2->dev->priv;
447 if (t->parms.iph.ttl) {
448 rel_type = ICMP_DEST_UNREACH;
449 rel_code = ICMP_HOST_UNREACH;
453 icmp_send(skb2, rel_type, rel_code, rel_info);
459 static inline void ipip_ecn_decapsulate(struct iphdr *outer_iph, struct sk_buff *skb)
461 struct iphdr *inner_iph = skb->nh.iph;
463 if (INET_ECN_is_ce(outer_iph->tos))
464 IP_ECN_set_ce(inner_iph);
467 static int ipip_rcv(struct sk_buff *skb)
470 struct ip_tunnel *tunnel;
472 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
477 read_lock(&ipip_lock);
478 if ((tunnel = ipip_tunnel_lookup(iph->saddr, iph->daddr)) != NULL) {
479 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
480 read_unlock(&ipip_lock);
487 skb->mac.raw = skb->nh.raw;
488 skb->nh.raw = skb->data;
489 memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
490 skb->protocol = htons(ETH_P_IP);
491 skb->pkt_type = PACKET_HOST;
493 tunnel->stat.rx_packets++;
494 tunnel->stat.rx_bytes += skb->len;
495 skb->dev = tunnel->dev;
496 dst_release(skb->dst);
499 ipip_ecn_decapsulate(iph, skb);
501 read_unlock(&ipip_lock);
504 read_unlock(&ipip_lock);
511 * This function assumes it is being called from dev_queue_xmit()
512 * and that skb is filled properly by that function.
515 static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
517 struct ip_tunnel *tunnel = (struct ip_tunnel*)dev->priv;
518 struct net_device_stats *stats = &tunnel->stat;
519 struct iphdr *tiph = &tunnel->parms.iph;
520 u8 tos = tunnel->parms.iph.tos;
521 u16 df = tiph->frag_off;
522 struct rtable *rt; /* Route to the other host */
523 struct net_device *tdev; /* Device to other host */
524 struct iphdr *old_iph = skb->nh.iph;
525 struct iphdr *iph; /* Our new IP header */
526 int max_headroom; /* The extra header space needed */
527 u32 dst = tiph->daddr;
530 if (tunnel->recursion++) {
531 tunnel->stat.collisions++;
535 if (skb->protocol != htons(ETH_P_IP))
543 if ((rt = (struct rtable*)skb->dst) == NULL) {
544 tunnel->stat.tx_fifo_errors++;
547 if ((dst = rt->rt_gateway) == 0)
552 struct flowi fl = { .oif = tunnel->parms.link,
555 .saddr = tiph->saddr,
556 .tos = RT_TOS(tos) } },
557 .proto = IPPROTO_IPIP };
558 if (ip_route_output_key(&rt, &fl)) {
559 tunnel->stat.tx_carrier_errors++;
563 tdev = rt->u.dst.dev;
567 tunnel->stat.collisions++;
572 mtu = dst_mtu(&rt->u.dst) - sizeof(struct iphdr);
574 mtu = skb->dst ? dst_mtu(skb->dst) : dev->mtu;
577 tunnel->stat.collisions++;
582 skb->dst->ops->update_pmtu(skb->dst, mtu);
584 df |= (old_iph->frag_off&htons(IP_DF));
586 if ((old_iph->frag_off&htons(IP_DF)) && mtu < ntohs(old_iph->tot_len)) {
587 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
592 if (tunnel->err_count > 0) {
593 if (jiffies - tunnel->err_time < IPTUNNEL_ERR_TIMEO) {
595 dst_link_failure(skb);
597 tunnel->err_count = 0;
601 * Okay, now see if we can stuff it in the buffer as-is.
603 max_headroom = (LL_RESERVED_SPACE(tdev)+sizeof(struct iphdr));
605 if (skb_headroom(skb) < max_headroom || skb_cloned(skb) || skb_shared(skb)) {
606 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
615 skb_set_owner_w(new_skb, skb->sk);
618 old_iph = skb->nh.iph;
621 skb->h.raw = skb->nh.raw;
622 skb->nh.raw = skb_push(skb, sizeof(struct iphdr));
623 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
624 dst_release(skb->dst);
625 skb->dst = &rt->u.dst;
628 * Push down and install the IPIP header.
633 iph->ihl = sizeof(struct iphdr)>>2;
635 iph->protocol = IPPROTO_IPIP;
636 iph->tos = INET_ECN_encapsulate(tos, old_iph->tos);
637 iph->daddr = rt->rt_dst;
638 iph->saddr = rt->rt_src;
640 if ((iph->ttl = tiph->ttl) == 0)
641 iph->ttl = old_iph->ttl;
650 dst_link_failure(skb);
659 ipip_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
662 struct ip_tunnel_parm p;
668 if (dev == ipip_fb_tunnel_dev) {
669 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
673 t = ipip_tunnel_locate(&p, 0);
676 t = (struct ip_tunnel*)dev->priv;
677 memcpy(&p, &t->parms, sizeof(p));
678 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
685 if (!capable(CAP_NET_ADMIN))
689 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
693 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
694 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
697 p.iph.frag_off |= htons(IP_DF);
699 t = ipip_tunnel_locate(&p, cmd == SIOCADDTUNNEL);
701 if (dev != ipip_fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
708 if (((dev->flags&IFF_POINTOPOINT) && !p.iph.daddr) ||
709 (!(dev->flags&IFF_POINTOPOINT) && p.iph.daddr)) {
713 t = (struct ip_tunnel*)dev->priv;
714 ipip_tunnel_unlink(t);
715 t->parms.iph.saddr = p.iph.saddr;
716 t->parms.iph.daddr = p.iph.daddr;
717 memcpy(dev->dev_addr, &p.iph.saddr, 4);
718 memcpy(dev->broadcast, &p.iph.daddr, 4);
720 netdev_state_change(dev);
726 if (cmd == SIOCCHGTUNNEL) {
727 t->parms.iph.ttl = p.iph.ttl;
728 t->parms.iph.tos = p.iph.tos;
729 t->parms.iph.frag_off = p.iph.frag_off;
731 if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
734 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
739 if (!capable(CAP_NET_ADMIN))
742 if (dev == ipip_fb_tunnel_dev) {
744 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
747 if ((t = ipip_tunnel_locate(&p, 0)) == NULL)
750 if (t->dev == ipip_fb_tunnel_dev)
754 err = unregister_netdevice(dev);
765 static struct net_device_stats *ipip_tunnel_get_stats(struct net_device *dev)
767 return &(((struct ip_tunnel*)dev->priv)->stat);
770 static int ipip_tunnel_change_mtu(struct net_device *dev, int new_mtu)
772 if (new_mtu < 68 || new_mtu > 0xFFF8 - sizeof(struct iphdr))
778 static void ipip_tunnel_setup(struct net_device *dev)
780 SET_MODULE_OWNER(dev);
781 dev->uninit = ipip_tunnel_uninit;
782 dev->hard_start_xmit = ipip_tunnel_xmit;
783 dev->get_stats = ipip_tunnel_get_stats;
784 dev->do_ioctl = ipip_tunnel_ioctl;
785 dev->change_mtu = ipip_tunnel_change_mtu;
786 dev->destructor = free_netdev;
788 dev->type = ARPHRD_TUNNEL;
789 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr);
790 dev->mtu = 1500 - sizeof(struct iphdr);
791 dev->flags = IFF_NOARP;
796 static int ipip_tunnel_init(struct net_device *dev)
798 struct net_device *tdev = NULL;
799 struct ip_tunnel *tunnel;
802 tunnel = (struct ip_tunnel*)dev->priv;
803 iph = &tunnel->parms.iph;
806 strcpy(tunnel->parms.name, dev->name);
808 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
809 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
812 struct flowi fl = { .oif = tunnel->parms.link,
814 { .daddr = iph->daddr,
816 .tos = RT_TOS(iph->tos) } },
817 .proto = IPPROTO_IPIP };
819 if (!ip_route_output_key(&rt, &fl)) {
820 tdev = rt->u.dst.dev;
823 dev->flags |= IFF_POINTOPOINT;
826 if (!tdev && tunnel->parms.link)
827 tdev = __dev_get_by_index(tunnel->parms.link);
830 dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr);
831 dev->mtu = tdev->mtu - sizeof(struct iphdr);
833 dev->iflink = tunnel->parms.link;
838 static int __init ipip_fb_tunnel_init(struct net_device *dev)
840 struct ip_tunnel *tunnel = dev->priv;
841 struct iphdr *iph = &tunnel->parms.iph;
844 strcpy(tunnel->parms.name, dev->name);
847 iph->protocol = IPPROTO_IPIP;
851 tunnels_wc[0] = tunnel;
855 static struct xfrm_tunnel ipip_handler = {
857 .err_handler = ipip_err,
860 static char banner[] __initdata =
861 KERN_INFO "IPv4 over IPv4 tunneling driver\n";
863 static int __init ipip_init(void)
869 if (xfrm4_tunnel_register(&ipip_handler) < 0) {
870 printk(KERN_INFO "ipip init: can't register tunnel\n");
874 ipip_fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel),
877 if (!ipip_fb_tunnel_dev) {
882 ipip_fb_tunnel_dev->init = ipip_fb_tunnel_init;
884 if ((err = register_netdev(ipip_fb_tunnel_dev)))
889 free_netdev(ipip_fb_tunnel_dev);
891 xfrm4_tunnel_deregister(&ipip_handler);
895 static void __exit ipip_fini(void)
897 if (xfrm4_tunnel_deregister(&ipip_handler) < 0)
898 printk(KERN_INFO "ipip close: can't deregister tunnel\n");
900 unregister_netdev(ipip_fb_tunnel_dev);
903 module_init(ipip_init);
904 module_exit(ipip_fini);
905 MODULE_LICENSE("GPL");
git://git.onelab.eu / linux-2.6.git / blob