2 * Linux NET3: IP/IP protocol decoder.
4 * Version: $Id: ipip.c,v 1.50 2001/10/02 02:22:36 davem Exp $
7 * Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
10 * Alan Cox : Merged and made usable non modular (its so tiny its silly as
11 * a module taking up 2 pages).
12 * Alan Cox : Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
13 * to keep ip_forward happy.
14 * Alan Cox : More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
15 * Kai Schulte : Fixed #defines for IP_FIREWALL->FIREWALL
16 * David Woodhouse : Perform some basic ICMP handling.
17 * IPIP Routing without decapsulation.
18 * Carlos Picoto : GRE over IP support
19 * Alexey Kuznetsov: Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
20 * I do not want to merge them together.
22 * This program is free software; you can redistribute it and/or
23 * modify it under the terms of the GNU General Public License
24 * as published by the Free Software Foundation; either version
25 * 2 of the License, or (at your option) any later version.
29 /* tunnel.c: an IP tunnel driver
31 The purpose of this driver is to provide an IP tunnel through
32 which you can tunnel network traffic transparently across subnets.
34 This was written by looking at Nick Holloway's dummy driver
35 Thanks for the great code!
37 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
40 Cleaned up the code a little and added some pre-1.3.0 tweaks.
41 dev->hard_header/hard_header_len changed to use no headers.
42 Comments/bracketing tweaked.
43 Made the tunnels use dev->name not tunnel: when error reporting.
46 -Alan Cox (Alan.Cox@linux.org) 21 March 95
49 Changed to tunnel to destination gateway in addition to the
50 tunnel's pointopoint address
51 Almost completely rewritten
52 Note: There is currently no firewall or ICMP handling done.
54 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/13/96
58 /* Things I wish I had known when writing the tunnel driver:
60 When the tunnel_xmit() function is called, the skb contains the
61 packet to be sent (plus a great deal of extra info), and dev
62 contains the tunnel device that _we_ are.
64 When we are passed a packet, we are expected to fill in the
65 source address with our source IP address.
67 What is the proper way to allocate, copy and free a buffer?
68 After you allocate it, it is a "0 length" chunk of memory
69 starting at zero. If you want to add headers to the buffer
70 later, you'll have to call "skb_reserve(skb, amount)" with
71 the amount of memory you want reserved. Then, you call
72 "skb_put(skb, amount)" with the amount of space you want in
73 the buffer. skb_put() returns a pointer to the top (#0) of
74 that buffer. skb->len is set to the amount of space you have
75 "allocated" with skb_put(). You can then write up to skb->len
76 bytes to that buffer. If you need more, you can call skb_put()
77 again with the additional amount of space you need. You can
78 find out how much more space you can allocate by calling
80 Now, to add header space, call "skb_push(skb, header_len)".
81 This creates space at the beginning of the buffer and returns
82 a pointer to this new space. If later you need to strip a
83 header from a buffer, call "skb_pull(skb, header_len)".
84 skb_headroom() will return how much space is left at the top
85 of the buffer (before the main data). Remember, this headroom
86 space must be reserved before the skb_put() function is called.
90 This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
92 For comments look at net/ipv4/ip_gre.c --ANK
96 #include <linux/config.h>
97 #include <linux/module.h>
98 #include <linux/types.h>
99 #include <linux/sched.h>
100 #include <linux/kernel.h>
101 #include <asm/uaccess.h>
102 #include <linux/skbuff.h>
103 #include <linux/netdevice.h>
104 #include <linux/in.h>
105 #include <linux/tcp.h>
106 #include <linux/udp.h>
107 #include <linux/if_arp.h>
108 #include <linux/mroute.h>
109 #include <linux/init.h>
110 #include <linux/netfilter_ipv4.h>
112 #include <net/sock.h>
114 #include <net/icmp.h>
115 #include <net/protocol.h>
116 #include <net/ipip.h>
117 #include <net/inet_ecn.h>
118 #include <net/xfrm.h>
121 #define HASH(addr) ((addr^(addr>>4))&0xF)
123 static int ipip_fb_tunnel_init(struct net_device *dev);
124 static int ipip_tunnel_init(struct net_device *dev);
125 static void ipip_tunnel_setup(struct net_device *dev);
127 static struct net_device *ipip_fb_tunnel_dev;
129 static struct ip_tunnel *tunnels_r_l[HASH_SIZE];
130 static struct ip_tunnel *tunnels_r[HASH_SIZE];
131 static struct ip_tunnel *tunnels_l[HASH_SIZE];
132 static struct ip_tunnel *tunnels_wc[1];
133 static struct ip_tunnel **tunnels[4] = { tunnels_wc, tunnels_l, tunnels_r, tunnels_r_l };
135 static rwlock_t ipip_lock = RW_LOCK_UNLOCKED;
137 static struct ip_tunnel * ipip_tunnel_lookup(u32 remote, u32 local)
139 unsigned h0 = HASH(remote);
140 unsigned h1 = HASH(local);
143 for (t = tunnels_r_l[h0^h1]; t; t = t->next) {
144 if (local == t->parms.iph.saddr &&
145 remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
148 for (t = tunnels_r[h0]; t; t = t->next) {
149 if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
152 for (t = tunnels_l[h1]; t; t = t->next) {
153 if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP))
156 if ((t = tunnels_wc[0]) != NULL && (t->dev->flags&IFF_UP))
161 static struct ip_tunnel **ipip_bucket(struct ip_tunnel *t)
163 u32 remote = t->parms.iph.daddr;
164 u32 local = t->parms.iph.saddr;
176 return &tunnels[prio][h];
180 static void ipip_tunnel_unlink(struct ip_tunnel *t)
182 struct ip_tunnel **tp;
184 for (tp = ipip_bucket(t); *tp; tp = &(*tp)->next) {
186 write_lock_bh(&ipip_lock);
188 write_unlock_bh(&ipip_lock);
194 static void ipip_tunnel_link(struct ip_tunnel *t)
196 struct ip_tunnel **tp = ipip_bucket(t);
199 write_lock_bh(&ipip_lock);
201 write_unlock_bh(&ipip_lock);
204 static struct ip_tunnel * ipip_tunnel_locate(struct ip_tunnel_parm *parms, int create)
206 u32 remote = parms->iph.daddr;
207 u32 local = parms->iph.saddr;
208 struct ip_tunnel *t, **tp, *nt;
209 struct net_device *dev;
222 for (tp = &tunnels[prio][h]; (t = *tp) != NULL; tp = &t->next) {
223 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr)
230 strlcpy(name, parms->name, IFNAMSIZ);
233 for (i=1; i<100; i++) {
234 sprintf(name, "tunl%d", i);
235 if (__dev_get_by_name(name) == NULL)
242 dev = alloc_netdev(sizeof(*t), name, ipip_tunnel_setup);
247 SET_MODULE_OWNER(dev);
248 dev->init = ipip_tunnel_init;
249 dev->destructor = free_netdev;
252 if (register_netdevice(dev) < 0) {
258 ipip_tunnel_link(nt);
259 /* Do not decrement MOD_USE_COUNT here. */
266 static void ipip_tunnel_uninit(struct net_device *dev)
268 if (dev == ipip_fb_tunnel_dev) {
269 write_lock_bh(&ipip_lock);
270 tunnels_wc[0] = NULL;
271 write_unlock_bh(&ipip_lock);
273 ipip_tunnel_unlink((struct ip_tunnel*)dev->priv);
277 static void ipip_err(struct sk_buff *skb, void *__unused)
279 #ifndef I_WISH_WORLD_WERE_PERFECT
281 /* It is not :-( All the routers (except for Linux) return only
282 8 bytes of packet payload. It means, that precise relaying of
283 ICMP in the real Internet is absolutely infeasible.
285 struct iphdr *iph = (struct iphdr*)skb->data;
286 int type = skb->h.icmph->type;
287 int code = skb->h.icmph->code;
292 case ICMP_PARAMETERPROB:
295 case ICMP_DEST_UNREACH:
298 case ICMP_PORT_UNREACH:
299 /* Impossible event. */
301 case ICMP_FRAG_NEEDED:
302 /* Soft state for pmtu is maintained by IP core. */
305 /* All others are translated to HOST_UNREACH.
306 rfc2003 contains "deep thoughts" about NET_UNREACH,
307 I believe they are just ether pollution. --ANK
312 case ICMP_TIME_EXCEEDED:
313 if (code != ICMP_EXC_TTL)
318 read_lock(&ipip_lock);
319 t = ipip_tunnel_lookup(iph->daddr, iph->saddr);
320 if (t == NULL || t->parms.iph.daddr == 0)
322 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
325 if (jiffies - t->err_time < IPTUNNEL_ERR_TIMEO)
329 t->err_time = jiffies;
331 read_unlock(&ipip_lock);
334 struct iphdr *iph = (struct iphdr*)dp;
335 int hlen = iph->ihl<<2;
337 int type = skb->h.icmph->type;
338 int code = skb->h.icmph->code;
342 struct sk_buff *skb2;
346 if (len < hlen + sizeof(struct iphdr))
348 eiph = (struct iphdr*)(dp + hlen);
353 case ICMP_PARAMETERPROB:
354 if (skb->h.icmph->un.gateway < hlen)
357 /* So... This guy found something strange INSIDE encapsulated
358 packet. Well, he is fool, but what can we do ?
360 rel_type = ICMP_PARAMETERPROB;
361 rel_info = skb->h.icmph->un.gateway - hlen;
364 case ICMP_DEST_UNREACH:
367 case ICMP_PORT_UNREACH:
368 /* Impossible event. */
370 case ICMP_FRAG_NEEDED:
371 /* And it is the only really necessary thing :-) */
372 rel_info = ntohs(skb->h.icmph->un.frag.mtu);
373 if (rel_info < hlen+68)
376 /* BSD 4.2 MORE DOES NOT EXIST IN NATURE. */
377 if (rel_info > ntohs(eiph->tot_len))
381 /* All others are translated to HOST_UNREACH.
382 rfc2003 contains "deep thoughts" about NET_UNREACH,
383 I believe, it is just ether pollution. --ANK
385 rel_type = ICMP_DEST_UNREACH;
386 rel_code = ICMP_HOST_UNREACH;
390 case ICMP_TIME_EXCEEDED:
391 if (code != ICMP_EXC_TTL)
396 /* Prepare fake skb to feed it to icmp_send */
397 skb2 = skb_clone(skb, GFP_ATOMIC);
400 dst_release(skb2->dst);
402 skb_pull(skb2, skb->data - (u8*)eiph);
403 skb2->nh.raw = skb2->data;
405 /* Try to guess incoming interface */
406 memset(&fl, 0, sizeof(fl));
407 fl.fl4_daddr = eiph->saddr;
408 fl.fl4_tos = RT_TOS(eiph->tos);
409 fl.proto = IPPROTO_IPIP;
410 if (ip_route_output_key(&rt, &key)) {
414 skb2->dev = rt->u.dst.dev;
416 /* route "incoming" packet */
417 if (rt->rt_flags&RTCF_LOCAL) {
420 fl.fl4_daddr = eiph->daddr;
421 fl.fl4_src = eiph->saddr;
422 fl.fl4_tos = eiph->tos;
423 if (ip_route_output_key(&rt, &fl) ||
424 rt->u.dst.dev->type != ARPHRD_TUNNEL) {
431 if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, skb2->dev) ||
432 skb2->dst->dev->type != ARPHRD_TUNNEL) {
438 /* change mtu on this route */
439 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
440 if (rel_info > dst_pmtu(skb2->dst)) {
444 skb2->dst->ops->update_pmtu(skb2->dst, rel_info);
445 rel_info = htonl(rel_info);
446 } else if (type == ICMP_TIME_EXCEEDED) {
447 struct ip_tunnel *t = (struct ip_tunnel*)skb2->dev->priv;
448 if (t->parms.iph.ttl) {
449 rel_type = ICMP_DEST_UNREACH;
450 rel_code = ICMP_HOST_UNREACH;
454 icmp_send(skb2, rel_type, rel_code, rel_info);
460 static inline void ipip_ecn_decapsulate(struct iphdr *outer_iph, struct sk_buff *skb)
462 struct iphdr *inner_iph = skb->nh.iph;
464 if (INET_ECN_is_ce(outer_iph->tos) &&
465 INET_ECN_is_not_ce(inner_iph->tos))
466 IP_ECN_set_ce(inner_iph);
469 static int ipip_rcv(struct sk_buff *skb)
472 struct ip_tunnel *tunnel;
474 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
479 read_lock(&ipip_lock);
480 if ((tunnel = ipip_tunnel_lookup(iph->saddr, iph->daddr)) != NULL) {
481 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
482 read_unlock(&ipip_lock);
489 skb->mac.raw = skb->nh.raw;
490 skb->nh.raw = skb->data;
491 memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
492 skb->protocol = htons(ETH_P_IP);
493 skb->pkt_type = PACKET_HOST;
495 tunnel->stat.rx_packets++;
496 tunnel->stat.rx_bytes += skb->len;
497 skb->dev = tunnel->dev;
498 dst_release(skb->dst);
500 #ifdef CONFIG_NETFILTER
501 nf_conntrack_put(skb->nfct);
503 #ifdef CONFIG_NETFILTER_DEBUG
507 ipip_ecn_decapsulate(iph, skb);
509 read_unlock(&ipip_lock);
512 read_unlock(&ipip_lock);
519 * This function assumes it is being called from dev_queue_xmit()
520 * and that skb is filled properly by that function.
523 static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
525 struct ip_tunnel *tunnel = (struct ip_tunnel*)dev->priv;
526 struct net_device_stats *stats = &tunnel->stat;
527 struct iphdr *tiph = &tunnel->parms.iph;
528 u8 tos = tunnel->parms.iph.tos;
529 u16 df = tiph->frag_off;
530 struct rtable *rt; /* Route to the other host */
531 struct net_device *tdev; /* Device to other host */
532 struct iphdr *old_iph = skb->nh.iph;
533 struct iphdr *iph; /* Our new IP header */
534 int max_headroom; /* The extra header space needed */
535 u32 dst = tiph->daddr;
538 if (tunnel->recursion++) {
539 tunnel->stat.collisions++;
543 if (skb->protocol != htons(ETH_P_IP))
551 if ((rt = (struct rtable*)skb->dst) == NULL) {
552 tunnel->stat.tx_fifo_errors++;
555 if ((dst = rt->rt_gateway) == 0)
560 struct flowi fl = { .oif = tunnel->parms.link,
563 .saddr = tiph->saddr,
564 .tos = RT_TOS(tos) } },
565 .proto = IPPROTO_IPIP };
566 if (ip_route_output_key(&rt, &fl)) {
567 tunnel->stat.tx_carrier_errors++;
571 tdev = rt->u.dst.dev;
575 tunnel->stat.collisions++;
580 mtu = dst_pmtu(&rt->u.dst) - sizeof(struct iphdr);
582 mtu = skb->dst ? dst_pmtu(skb->dst) : dev->mtu;
585 tunnel->stat.collisions++;
590 skb->dst->ops->update_pmtu(skb->dst, mtu);
592 df |= (old_iph->frag_off&htons(IP_DF));
594 if ((old_iph->frag_off&htons(IP_DF)) && mtu < ntohs(old_iph->tot_len)) {
595 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
600 if (tunnel->err_count > 0) {
601 if (jiffies - tunnel->err_time < IPTUNNEL_ERR_TIMEO) {
603 dst_link_failure(skb);
605 tunnel->err_count = 0;
609 * Okay, now see if we can stuff it in the buffer as-is.
611 max_headroom = (LL_RESERVED_SPACE(tdev)+sizeof(struct iphdr));
613 if (skb_headroom(skb) < max_headroom || skb_cloned(skb) || skb_shared(skb)) {
614 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
623 skb_set_owner_w(new_skb, skb->sk);
626 old_iph = skb->nh.iph;
629 skb->h.raw = skb->nh.raw;
630 skb->nh.raw = skb_push(skb, sizeof(struct iphdr));
631 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
632 dst_release(skb->dst);
633 skb->dst = &rt->u.dst;
636 * Push down and install the IPIP header.
641 iph->ihl = sizeof(struct iphdr)>>2;
643 iph->protocol = IPPROTO_IPIP;
644 iph->tos = INET_ECN_encapsulate(tos, old_iph->tos);
645 iph->daddr = rt->rt_dst;
646 iph->saddr = rt->rt_src;
648 if ((iph->ttl = tiph->ttl) == 0)
649 iph->ttl = old_iph->ttl;
651 #ifdef CONFIG_NETFILTER
652 nf_conntrack_put(skb->nfct);
654 #ifdef CONFIG_NETFILTER_DEBUG
664 dst_link_failure(skb);
673 ipip_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
676 struct ip_tunnel_parm p;
682 if (dev == ipip_fb_tunnel_dev) {
683 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
687 t = ipip_tunnel_locate(&p, 0);
690 t = (struct ip_tunnel*)dev->priv;
691 memcpy(&p, &t->parms, sizeof(p));
692 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
699 if (!capable(CAP_NET_ADMIN))
703 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
707 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
708 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
711 p.iph.frag_off |= htons(IP_DF);
713 t = ipip_tunnel_locate(&p, cmd == SIOCADDTUNNEL);
715 if (dev != ipip_fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
722 if (((dev->flags&IFF_POINTOPOINT) && !p.iph.daddr) ||
723 (!(dev->flags&IFF_POINTOPOINT) && p.iph.daddr)) {
727 t = (struct ip_tunnel*)dev->priv;
728 ipip_tunnel_unlink(t);
729 t->parms.iph.saddr = p.iph.saddr;
730 t->parms.iph.daddr = p.iph.daddr;
731 memcpy(dev->dev_addr, &p.iph.saddr, 4);
732 memcpy(dev->broadcast, &p.iph.daddr, 4);
734 netdev_state_change(dev);
740 if (cmd == SIOCCHGTUNNEL) {
741 t->parms.iph.ttl = p.iph.ttl;
742 t->parms.iph.tos = p.iph.tos;
743 t->parms.iph.frag_off = p.iph.frag_off;
745 if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
748 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
753 if (!capable(CAP_NET_ADMIN))
756 if (dev == ipip_fb_tunnel_dev) {
758 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
761 if ((t = ipip_tunnel_locate(&p, 0)) == NULL)
764 if (t->dev == ipip_fb_tunnel_dev)
768 err = unregister_netdevice(dev);
779 static struct net_device_stats *ipip_tunnel_get_stats(struct net_device *dev)
781 return &(((struct ip_tunnel*)dev->priv)->stat);
784 static int ipip_tunnel_change_mtu(struct net_device *dev, int new_mtu)
786 if (new_mtu < 68 || new_mtu > 0xFFF8 - sizeof(struct iphdr))
792 static void ipip_tunnel_setup(struct net_device *dev)
794 SET_MODULE_OWNER(dev);
795 dev->uninit = ipip_tunnel_uninit;
796 dev->hard_start_xmit = ipip_tunnel_xmit;
797 dev->get_stats = ipip_tunnel_get_stats;
798 dev->do_ioctl = ipip_tunnel_ioctl;
799 dev->change_mtu = ipip_tunnel_change_mtu;
801 dev->type = ARPHRD_TUNNEL;
802 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr);
803 dev->mtu = 1500 - sizeof(struct iphdr);
804 dev->flags = IFF_NOARP;
809 static int ipip_tunnel_init(struct net_device *dev)
811 struct net_device *tdev = NULL;
812 struct ip_tunnel *tunnel;
815 tunnel = (struct ip_tunnel*)dev->priv;
816 iph = &tunnel->parms.iph;
819 strcpy(tunnel->parms.name, dev->name);
821 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
822 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
825 struct flowi fl = { .oif = tunnel->parms.link,
827 { .daddr = iph->daddr,
829 .tos = RT_TOS(iph->tos) } },
830 .proto = IPPROTO_IPIP };
832 if (!ip_route_output_key(&rt, &fl)) {
833 tdev = rt->u.dst.dev;
836 dev->flags |= IFF_POINTOPOINT;
839 if (!tdev && tunnel->parms.link)
840 tdev = __dev_get_by_index(tunnel->parms.link);
843 dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr);
844 dev->mtu = tdev->mtu - sizeof(struct iphdr);
846 dev->iflink = tunnel->parms.link;
851 static int __init ipip_fb_tunnel_init(struct net_device *dev)
853 struct ip_tunnel *tunnel = dev->priv;
854 struct iphdr *iph = &tunnel->parms.iph;
857 strcpy(tunnel->parms.name, dev->name);
860 iph->protocol = IPPROTO_IPIP;
864 tunnels_wc[0] = tunnel;
868 static struct xfrm_tunnel ipip_handler = {
870 .err_handler = ipip_err,
873 static char banner[] __initdata =
874 KERN_INFO "IPv4 over IPv4 tunneling driver\n";
876 static int __init ipip_init(void)
882 if (xfrm4_tunnel_register(&ipip_handler) < 0) {
883 printk(KERN_INFO "ipip init: can't register tunnel\n");
887 ipip_fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel),
890 if (!ipip_fb_tunnel_dev) {
895 ipip_fb_tunnel_dev->init = ipip_fb_tunnel_init;
897 if ((err = register_netdev(ipip_fb_tunnel_dev)))
902 xfrm4_tunnel_deregister(&ipip_handler);
903 free_netdev(ipip_fb_tunnel_dev);
907 static void __exit ipip_fini(void)
909 if (xfrm4_tunnel_deregister(&ipip_handler) < 0)
910 printk(KERN_INFO "ipip close: can't deregister tunnel\n");
912 unregister_netdev(ipip_fb_tunnel_dev);
915 module_init(ipip_init);
916 module_exit(ipip_fini);
917 MODULE_LICENSE("GPL");
git://git.onelab.eu / linux-2.6.git / blob