2 * Linux NET3: IP/IP protocol decoder.
4 * Version: $Id: ipip.c,v 1.50 2001/10/02 02:22:36 davem Exp $
7 * Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
10 * Alan Cox : Merged and made usable non modular (its so tiny its silly as
11 * a module taking up 2 pages).
12 * Alan Cox : Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
13 * to keep ip_forward happy.
14 * Alan Cox : More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
15 * Kai Schulte : Fixed #defines for IP_FIREWALL->FIREWALL
16 * David Woodhouse : Perform some basic ICMP handling.
17 * IPIP Routing without decapsulation.
18 * Carlos Picoto : GRE over IP support
19 * Alexey Kuznetsov: Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
20 * I do not want to merge them together.
22 * This program is free software; you can redistribute it and/or
23 * modify it under the terms of the GNU General Public License
24 * as published by the Free Software Foundation; either version
25 * 2 of the License, or (at your option) any later version.
29 /* tunnel.c: an IP tunnel driver
31 The purpose of this driver is to provide an IP tunnel through
32 which you can tunnel network traffic transparently across subnets.
34 This was written by looking at Nick Holloway's dummy driver
35 Thanks for the great code!
37 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/01/95
40 Cleaned up the code a little and added some pre-1.3.0 tweaks.
41 dev->hard_header/hard_header_len changed to use no headers.
42 Comments/bracketing tweaked.
43 Made the tunnels use dev->name not tunnel: when error reporting.
46 -Alan Cox (Alan.Cox@linux.org) 21 March 95
49 Changed to tunnel to destination gateway in addition to the
50 tunnel's pointopoint address
51 Almost completely rewritten
52 Note: There is currently no firewall or ICMP handling done.
54 -Sam Lantinga (slouken@cs.ucdavis.edu) 02/13/96
58 /* Things I wish I had known when writing the tunnel driver:
60 When the tunnel_xmit() function is called, the skb contains the
61 packet to be sent (plus a great deal of extra info), and dev
62 contains the tunnel device that _we_ are.
64 When we are passed a packet, we are expected to fill in the
65 source address with our source IP address.
67 What is the proper way to allocate, copy and free a buffer?
68 After you allocate it, it is a "0 length" chunk of memory
69 starting at zero. If you want to add headers to the buffer
70 later, you'll have to call "skb_reserve(skb, amount)" with
71 the amount of memory you want reserved. Then, you call
72 "skb_put(skb, amount)" with the amount of space you want in
73 the buffer. skb_put() returns a pointer to the top (#0) of
74 that buffer. skb->len is set to the amount of space you have
75 "allocated" with skb_put(). You can then write up to skb->len
76 bytes to that buffer. If you need more, you can call skb_put()
77 again with the additional amount of space you need. You can
78 find out how much more space you can allocate by calling
80 Now, to add header space, call "skb_push(skb, header_len)".
81 This creates space at the beginning of the buffer and returns
82 a pointer to this new space. If later you need to strip a
83 header from a buffer, call "skb_pull(skb, header_len)".
84 skb_headroom() will return how much space is left at the top
85 of the buffer (before the main data). Remember, this headroom
86 space must be reserved before the skb_put() function is called.
90 This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
92 For comments look at net/ipv4/ip_gre.c --ANK
96 #include <linux/config.h>
97 #include <linux/module.h>
98 #include <linux/types.h>
99 #include <linux/sched.h>
100 #include <linux/kernel.h>
101 #include <asm/uaccess.h>
102 #include <linux/skbuff.h>
103 #include <linux/netdevice.h>
104 #include <linux/in.h>
105 #include <linux/tcp.h>
106 #include <linux/udp.h>
107 #include <linux/if_arp.h>
108 #include <linux/mroute.h>
109 #include <linux/init.h>
110 #include <linux/netfilter_ipv4.h>
112 #include <net/sock.h>
114 #include <net/icmp.h>
115 #include <net/protocol.h>
116 #include <net/ipip.h>
117 #include <net/inet_ecn.h>
118 #include <net/xfrm.h>
121 #define HASH(addr) ((addr^(addr>>4))&0xF)
123 static int ipip_fb_tunnel_init(struct net_device *dev);
124 static int ipip_tunnel_init(struct net_device *dev);
125 static void ipip_tunnel_setup(struct net_device *dev);
127 static struct net_device *ipip_fb_tunnel_dev;
129 static struct ip_tunnel *tunnels_r_l[HASH_SIZE];
130 static struct ip_tunnel *tunnels_r[HASH_SIZE];
131 static struct ip_tunnel *tunnels_l[HASH_SIZE];
132 static struct ip_tunnel *tunnels_wc[1];
133 static struct ip_tunnel **tunnels[4] = { tunnels_wc, tunnels_l, tunnels_r, tunnels_r_l };
135 static rwlock_t ipip_lock = RW_LOCK_UNLOCKED;
137 static struct ip_tunnel * ipip_tunnel_lookup(u32 remote, u32 local)
139 unsigned h0 = HASH(remote);
140 unsigned h1 = HASH(local);
143 for (t = tunnels_r_l[h0^h1]; t; t = t->next) {
144 if (local == t->parms.iph.saddr &&
145 remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
148 for (t = tunnels_r[h0]; t; t = t->next) {
149 if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
152 for (t = tunnels_l[h1]; t; t = t->next) {
153 if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP))
156 if ((t = tunnels_wc[0]) != NULL && (t->dev->flags&IFF_UP))
161 static struct ip_tunnel **ipip_bucket(struct ip_tunnel *t)
163 u32 remote = t->parms.iph.daddr;
164 u32 local = t->parms.iph.saddr;
176 return &tunnels[prio][h];
180 static void ipip_tunnel_unlink(struct ip_tunnel *t)
182 struct ip_tunnel **tp;
184 for (tp = ipip_bucket(t); *tp; tp = &(*tp)->next) {
186 write_lock_bh(&ipip_lock);
188 write_unlock_bh(&ipip_lock);
194 static void ipip_tunnel_link(struct ip_tunnel *t)
196 struct ip_tunnel **tp = ipip_bucket(t);
199 write_lock_bh(&ipip_lock);
201 write_unlock_bh(&ipip_lock);
204 static struct ip_tunnel * ipip_tunnel_locate(struct ip_tunnel_parm *parms, int create)
206 u32 remote = parms->iph.daddr;
207 u32 local = parms->iph.saddr;
208 struct ip_tunnel *t, **tp, *nt;
209 struct net_device *dev;
222 for (tp = &tunnels[prio][h]; (t = *tp) != NULL; tp = &t->next) {
223 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr)
230 strlcpy(name, parms->name, IFNAMSIZ);
233 for (i=1; i<100; i++) {
234 sprintf(name, "tunl%d", i);
235 if (__dev_get_by_name(name) == NULL)
242 dev = alloc_netdev(sizeof(*t), name, ipip_tunnel_setup);
247 SET_MODULE_OWNER(dev);
248 dev->init = ipip_tunnel_init;
249 dev->destructor = free_netdev;
252 if (register_netdevice(dev) < 0) {
258 ipip_tunnel_link(nt);
259 /* Do not decrement MOD_USE_COUNT here. */
266 static void ipip_tunnel_uninit(struct net_device *dev)
268 if (dev == ipip_fb_tunnel_dev) {
269 write_lock_bh(&ipip_lock);
270 tunnels_wc[0] = NULL;
271 write_unlock_bh(&ipip_lock);
273 ipip_tunnel_unlink((struct ip_tunnel*)dev->priv);
277 static void ipip_err(struct sk_buff *skb, void *__unused)
279 #ifndef I_WISH_WORLD_WERE_PERFECT
281 /* It is not :-( All the routers (except for Linux) return only
282 8 bytes of packet payload. It means, that precise relaying of
283 ICMP in the real Internet is absolutely infeasible.
285 struct iphdr *iph = (struct iphdr*)skb->data;
286 int type = skb->h.icmph->type;
287 int code = skb->h.icmph->code;
292 case ICMP_PARAMETERPROB:
295 case ICMP_DEST_UNREACH:
298 case ICMP_PORT_UNREACH:
299 /* Impossible event. */
301 case ICMP_FRAG_NEEDED:
302 /* Soft state for pmtu is maintained by IP core. */
305 /* All others are translated to HOST_UNREACH.
306 rfc2003 contains "deep thoughts" about NET_UNREACH,
307 I believe they are just ether pollution. --ANK
312 case ICMP_TIME_EXCEEDED:
313 if (code != ICMP_EXC_TTL)
318 read_lock(&ipip_lock);
319 t = ipip_tunnel_lookup(iph->daddr, iph->saddr);
320 if (t == NULL || t->parms.iph.daddr == 0)
322 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
325 if (jiffies - t->err_time < IPTUNNEL_ERR_TIMEO)
329 t->err_time = jiffies;
331 read_unlock(&ipip_lock);
334 struct iphdr *iph = (struct iphdr*)dp;
335 int hlen = iph->ihl<<2;
337 int type = skb->h.icmph->type;
338 int code = skb->h.icmph->code;
342 struct sk_buff *skb2;
346 if (len < hlen + sizeof(struct iphdr))
348 eiph = (struct iphdr*)(dp + hlen);
353 case ICMP_PARAMETERPROB:
354 if (skb->h.icmph->un.gateway < hlen)
357 /* So... This guy found something strange INSIDE encapsulated
358 packet. Well, he is fool, but what can we do ?
360 rel_type = ICMP_PARAMETERPROB;
361 rel_info = skb->h.icmph->un.gateway - hlen;
364 case ICMP_DEST_UNREACH:
367 case ICMP_PORT_UNREACH:
368 /* Impossible event. */
370 case ICMP_FRAG_NEEDED:
371 /* And it is the only really necessary thing :-) */
372 rel_info = ntohs(skb->h.icmph->un.frag.mtu);
373 if (rel_info < hlen+68)
376 /* BSD 4.2 MORE DOES NOT EXIST IN NATURE. */
377 if (rel_info > ntohs(eiph->tot_len))
381 /* All others are translated to HOST_UNREACH.
382 rfc2003 contains "deep thoughts" about NET_UNREACH,
383 I believe, it is just ether pollution. --ANK
385 rel_type = ICMP_DEST_UNREACH;
386 rel_code = ICMP_HOST_UNREACH;
390 case ICMP_TIME_EXCEEDED:
391 if (code != ICMP_EXC_TTL)
396 /* Prepare fake skb to feed it to icmp_send */
397 skb2 = skb_clone(skb, GFP_ATOMIC);
400 dst_release(skb2->dst);
402 skb_pull(skb2, skb->data - (u8*)eiph);
403 skb2->nh.raw = skb2->data;
405 /* Try to guess incoming interface */
406 memset(&fl, 0, sizeof(fl));
407 fl.fl4_daddr = eiph->saddr;
408 fl.fl4_tos = RT_TOS(eiph->tos);
409 fl.proto = IPPROTO_IPIP;
410 if (ip_route_output_key(&rt, &key)) {
414 skb2->dev = rt->u.dst.dev;
416 /* route "incoming" packet */
417 if (rt->rt_flags&RTCF_LOCAL) {
420 fl.fl4_daddr = eiph->daddr;
421 fl.fl4_src = eiph->saddr;
422 fl.fl4_tos = eiph->tos;
423 if (ip_route_output_key(&rt, &fl) ||
424 rt->u.dst.dev->type != ARPHRD_TUNNEL) {
431 if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, skb2->dev) ||
432 skb2->dst->dev->type != ARPHRD_TUNNEL) {
438 /* change mtu on this route */
439 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
440 if (rel_info > dst_pmtu(skb2->dst)) {
444 skb2->dst->ops->update_pmtu(skb2->dst, rel_info);
445 rel_info = htonl(rel_info);
446 } else if (type == ICMP_TIME_EXCEEDED) {
447 struct ip_tunnel *t = (struct ip_tunnel*)skb2->dev->priv;
448 if (t->parms.iph.ttl) {
449 rel_type = ICMP_DEST_UNREACH;
450 rel_code = ICMP_HOST_UNREACH;
454 icmp_send(skb2, rel_type, rel_code, rel_info);
460 static inline void ipip_ecn_decapsulate(struct iphdr *outer_iph, struct sk_buff *skb)
462 struct iphdr *inner_iph = skb->nh.iph;
464 if (INET_ECN_is_ce(outer_iph->tos) &&
465 INET_ECN_is_not_ce(inner_iph->tos))
466 IP_ECN_set_ce(inner_iph);
469 static int ipip_rcv(struct sk_buff *skb)
472 struct ip_tunnel *tunnel;
474 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
479 read_lock(&ipip_lock);
480 if ((tunnel = ipip_tunnel_lookup(iph->saddr, iph->daddr)) != NULL) {
481 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
482 read_unlock(&ipip_lock);
489 skb->mac.raw = skb->nh.raw;
490 skb->nh.raw = skb->data;
491 memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
492 skb->protocol = htons(ETH_P_IP);
493 skb->pkt_type = PACKET_HOST;
495 tunnel->stat.rx_packets++;
496 tunnel->stat.rx_bytes += skb->len;
497 skb->dev = tunnel->dev;
498 dst_release(skb->dst);
501 ipip_ecn_decapsulate(iph, skb);
503 read_unlock(&ipip_lock);
506 read_unlock(&ipip_lock);
513 * This function assumes it is being called from dev_queue_xmit()
514 * and that skb is filled properly by that function.
517 static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
519 struct ip_tunnel *tunnel = (struct ip_tunnel*)dev->priv;
520 struct net_device_stats *stats = &tunnel->stat;
521 struct iphdr *tiph = &tunnel->parms.iph;
522 u8 tos = tunnel->parms.iph.tos;
523 u16 df = tiph->frag_off;
524 struct rtable *rt; /* Route to the other host */
525 struct net_device *tdev; /* Device to other host */
526 struct iphdr *old_iph = skb->nh.iph;
527 struct iphdr *iph; /* Our new IP header */
528 int max_headroom; /* The extra header space needed */
529 u32 dst = tiph->daddr;
532 if (tunnel->recursion++) {
533 tunnel->stat.collisions++;
537 if (skb->protocol != htons(ETH_P_IP))
545 if ((rt = (struct rtable*)skb->dst) == NULL) {
546 tunnel->stat.tx_fifo_errors++;
549 if ((dst = rt->rt_gateway) == 0)
554 struct flowi fl = { .oif = tunnel->parms.link,
557 .saddr = tiph->saddr,
558 .tos = RT_TOS(tos) } },
559 .proto = IPPROTO_IPIP };
560 if (ip_route_output_key(&rt, &fl)) {
561 tunnel->stat.tx_carrier_errors++;
565 tdev = rt->u.dst.dev;
569 tunnel->stat.collisions++;
574 mtu = dst_pmtu(&rt->u.dst) - sizeof(struct iphdr);
576 mtu = skb->dst ? dst_pmtu(skb->dst) : dev->mtu;
579 tunnel->stat.collisions++;
584 skb->dst->ops->update_pmtu(skb->dst, mtu);
586 df |= (old_iph->frag_off&htons(IP_DF));
588 if ((old_iph->frag_off&htons(IP_DF)) && mtu < ntohs(old_iph->tot_len)) {
589 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
594 if (tunnel->err_count > 0) {
595 if (jiffies - tunnel->err_time < IPTUNNEL_ERR_TIMEO) {
597 dst_link_failure(skb);
599 tunnel->err_count = 0;
603 * Okay, now see if we can stuff it in the buffer as-is.
605 max_headroom = (LL_RESERVED_SPACE(tdev)+sizeof(struct iphdr));
607 if (skb_headroom(skb) < max_headroom || skb_cloned(skb) || skb_shared(skb)) {
608 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
617 skb_set_owner_w(new_skb, skb->sk);
620 old_iph = skb->nh.iph;
623 skb->h.raw = skb->nh.raw;
624 skb->nh.raw = skb_push(skb, sizeof(struct iphdr));
625 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
626 dst_release(skb->dst);
627 skb->dst = &rt->u.dst;
630 * Push down and install the IPIP header.
635 iph->ihl = sizeof(struct iphdr)>>2;
637 iph->protocol = IPPROTO_IPIP;
638 iph->tos = INET_ECN_encapsulate(tos, old_iph->tos);
639 iph->daddr = rt->rt_dst;
640 iph->saddr = rt->rt_src;
642 if ((iph->ttl = tiph->ttl) == 0)
643 iph->ttl = old_iph->ttl;
652 dst_link_failure(skb);
661 ipip_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
664 struct ip_tunnel_parm p;
670 if (dev == ipip_fb_tunnel_dev) {
671 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
675 t = ipip_tunnel_locate(&p, 0);
678 t = (struct ip_tunnel*)dev->priv;
679 memcpy(&p, &t->parms, sizeof(p));
680 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
687 if (!capable(CAP_NET_ADMIN))
691 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
695 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
696 p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
699 p.iph.frag_off |= htons(IP_DF);
701 t = ipip_tunnel_locate(&p, cmd == SIOCADDTUNNEL);
703 if (dev != ipip_fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
710 if (((dev->flags&IFF_POINTOPOINT) && !p.iph.daddr) ||
711 (!(dev->flags&IFF_POINTOPOINT) && p.iph.daddr)) {
715 t = (struct ip_tunnel*)dev->priv;
716 ipip_tunnel_unlink(t);
717 t->parms.iph.saddr = p.iph.saddr;
718 t->parms.iph.daddr = p.iph.daddr;
719 memcpy(dev->dev_addr, &p.iph.saddr, 4);
720 memcpy(dev->broadcast, &p.iph.daddr, 4);
722 netdev_state_change(dev);
728 if (cmd == SIOCCHGTUNNEL) {
729 t->parms.iph.ttl = p.iph.ttl;
730 t->parms.iph.tos = p.iph.tos;
731 t->parms.iph.frag_off = p.iph.frag_off;
733 if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
736 err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
741 if (!capable(CAP_NET_ADMIN))
744 if (dev == ipip_fb_tunnel_dev) {
746 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
749 if ((t = ipip_tunnel_locate(&p, 0)) == NULL)
752 if (t->dev == ipip_fb_tunnel_dev)
756 err = unregister_netdevice(dev);
767 static struct net_device_stats *ipip_tunnel_get_stats(struct net_device *dev)
769 return &(((struct ip_tunnel*)dev->priv)->stat);
772 static int ipip_tunnel_change_mtu(struct net_device *dev, int new_mtu)
774 if (new_mtu < 68 || new_mtu > 0xFFF8 - sizeof(struct iphdr))
780 static void ipip_tunnel_setup(struct net_device *dev)
782 SET_MODULE_OWNER(dev);
783 dev->uninit = ipip_tunnel_uninit;
784 dev->hard_start_xmit = ipip_tunnel_xmit;
785 dev->get_stats = ipip_tunnel_get_stats;
786 dev->do_ioctl = ipip_tunnel_ioctl;
787 dev->change_mtu = ipip_tunnel_change_mtu;
789 dev->type = ARPHRD_TUNNEL;
790 dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr);
791 dev->mtu = 1500 - sizeof(struct iphdr);
792 dev->flags = IFF_NOARP;
797 static int ipip_tunnel_init(struct net_device *dev)
799 struct net_device *tdev = NULL;
800 struct ip_tunnel *tunnel;
803 tunnel = (struct ip_tunnel*)dev->priv;
804 iph = &tunnel->parms.iph;
807 strcpy(tunnel->parms.name, dev->name);
809 memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
810 memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
813 struct flowi fl = { .oif = tunnel->parms.link,
815 { .daddr = iph->daddr,
817 .tos = RT_TOS(iph->tos) } },
818 .proto = IPPROTO_IPIP };
820 if (!ip_route_output_key(&rt, &fl)) {
821 tdev = rt->u.dst.dev;
824 dev->flags |= IFF_POINTOPOINT;
827 if (!tdev && tunnel->parms.link)
828 tdev = __dev_get_by_index(tunnel->parms.link);
831 dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr);
832 dev->mtu = tdev->mtu - sizeof(struct iphdr);
834 dev->iflink = tunnel->parms.link;
839 static int __init ipip_fb_tunnel_init(struct net_device *dev)
841 struct ip_tunnel *tunnel = dev->priv;
842 struct iphdr *iph = &tunnel->parms.iph;
845 strcpy(tunnel->parms.name, dev->name);
848 iph->protocol = IPPROTO_IPIP;
852 tunnels_wc[0] = tunnel;
856 static struct xfrm_tunnel ipip_handler = {
858 .err_handler = ipip_err,
861 static char banner[] __initdata =
862 KERN_INFO "IPv4 over IPv4 tunneling driver\n";
864 static int __init ipip_init(void)
870 if (xfrm4_tunnel_register(&ipip_handler) < 0) {
871 printk(KERN_INFO "ipip init: can't register tunnel\n");
875 ipip_fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel),
878 if (!ipip_fb_tunnel_dev) {
883 ipip_fb_tunnel_dev->init = ipip_fb_tunnel_init;
885 if ((err = register_netdev(ipip_fb_tunnel_dev)))
890 xfrm4_tunnel_deregister(&ipip_handler);
891 free_netdev(ipip_fb_tunnel_dev);
895 static void __exit ipip_fini(void)
897 if (xfrm4_tunnel_deregister(&ipip_handler) < 0)
898 printk(KERN_INFO "ipip close: can't deregister tunnel\n");
900 unregister_netdev(ipip_fb_tunnel_dev);
903 module_init(ipip_init);
904 module_exit(ipip_fini);
905 MODULE_LICENSE("GPL");
git://git.onelab.eu / linux-2.6.git / blob