2019-05-27 00:55:01 -06:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2005-04-16 16:20:36 -06:00
|
|
|
/*
|
|
|
|
|
* IPv6 over IPv4 tunnel device - Simple Internet Transition (SIT)
|
|
|
|
|
* Linux INET6 implementation
|
|
|
|
|
*
|
|
|
|
|
* Authors:
|
2007-02-09 07:24:49 -07:00
|
|
|
* Pedro Roque <roque@di.fc.ul.pt>
|
2005-04-16 16:20:36 -06:00
|
|
|
* Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
|
|
|
|
|
*
|
|
|
|
|
* Changes:
|
|
|
|
|
* Roger Venning <r.venning@telstra.com>: 6to4 support
|
|
|
|
|
* Nate Thompson <nate@thebog.net>: 6to4 support
|
2008-03-11 16:35:59 -06:00
|
|
|
* Fred Templin <fred.l.templin@boeing.com>: isatap support
|
2005-04-16 16:20:36 -06:00
|
|
|
*/
|
|
|
|
|
|
2012-05-15 08:11:53 -06:00
|
|
|
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
#include <linux/module.h>
|
2006-01-11 13:17:47 -07:00
|
|
|
#include <linux/capability.h>
|
2005-04-16 16:20:36 -06:00
|
|
|
#include <linux/errno.h>
|
|
|
|
|
#include <linux/types.h>
|
|
|
|
|
#include <linux/socket.h>
|
|
|
|
|
#include <linux/sockios.h>
|
|
|
|
|
#include <linux/net.h>
|
|
|
|
|
#include <linux/in6.h>
|
|
|
|
|
#include <linux/netdevice.h>
|
|
|
|
|
#include <linux/if_arp.h>
|
|
|
|
|
#include <linux/icmp.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 02:04:11 -06:00
|
|
|
#include <linux/slab.h>
|
2016-12-24 12:46:01 -07:00
|
|
|
#include <linux/uaccess.h>
|
2005-04-16 16:20:36 -06:00
|
|
|
#include <linux/init.h>
|
|
|
|
|
#include <linux/netfilter_ipv4.h>
|
2006-01-05 17:35:42 -07:00
|
|
|
#include <linux/if_ether.h>
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
#include <net/sock.h>
|
|
|
|
|
#include <net/snmp.h>
|
|
|
|
|
|
|
|
|
|
#include <net/ipv6.h>
|
|
|
|
|
#include <net/protocol.h>
|
|
|
|
|
#include <net/transp_v6.h>
|
|
|
|
|
#include <net/ip6_fib.h>
|
|
|
|
|
#include <net/ip6_route.h>
|
|
|
|
|
#include <net/ndisc.h>
|
|
|
|
|
#include <net/addrconf.h>
|
|
|
|
|
#include <net/ip.h>
|
|
|
|
|
#include <net/udp.h>
|
|
|
|
|
#include <net/icmp.h>
|
2013-03-25 08:49:35 -06:00
|
|
|
#include <net/ip_tunnels.h>
|
2005-04-16 16:20:36 -06:00
|
|
|
#include <net/inet_ecn.h>
|
|
|
|
|
#include <net/xfrm.h>
|
|
|
|
|
#include <net/dsfield.h>
|
2008-04-16 02:15:17 -06:00
|
|
|
#include <net/net_namespace.h>
|
|
|
|
|
#include <net/netns/generic.h>
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
This version of net/ipv6/sit.c is cloned of net/ipv4/ip_gre.c
|
|
|
|
|
|
|
|
|
|
For comments look at net/ipv4/ip_gre.c --ANK
|
|
|
|
|
*/
|
|
|
|
|
|
2016-08-10 03:03:35 -06:00
|
|
|
#define IP6_SIT_HASH_SIZE 16
|
2006-11-14 21:56:00 -07:00
|
|
|
#define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2012-11-26 20:07:11 -07:00
|
|
|
static bool log_ecn_error = true;
|
|
|
|
|
module_param(log_ecn_error, bool, 0644);
|
|
|
|
|
MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
|
|
|
|
|
|
2010-09-26 18:38:18 -06:00
|
|
|
static int ipip6_tunnel_init(struct net_device *dev);
|
2005-04-16 16:20:36 -06:00
|
|
|
static void ipip6_tunnel_setup(struct net_device *dev);
|
2010-09-26 18:38:18 -06:00
|
|
|
static void ipip6_dev_free(struct net_device *dev);
|
2013-01-29 01:24:25 -07:00
|
|
|
static bool check_6rd(struct ip_tunnel *tunnel, const struct in6_addr *v6dst,
|
|
|
|
|
__be32 *v4dst);
|
2012-11-08 23:10:00 -07:00
|
|
|
static struct rtnl_link_ops sit_link_ops __read_mostly;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
netns: make struct pernet_operations::id unsigned int
Make struct pernet_operations::id unsigned.
There are 2 reasons to do so:
1)
This field is really an index into an zero based array and
thus is unsigned entity. Using negative value is out-of-bound
access by definition.
2)
On x86_64 unsigned 32-bit data which are mixed with pointers
via array indexing or offsets added or subtracted to pointers
are preffered to signed 32-bit data.
"int" being used as an array index needs to be sign-extended
to 64-bit before being used.
void f(long *p, int i)
{
g(p[i]);
}
roughly translates to
movsx rsi, esi
mov rdi, [rsi+...]
call g
MOVSX is 3 byte instruction which isn't necessary if the variable is
unsigned because x86_64 is zero extending by default.
Now, there is net_generic() function which, you guessed it right, uses
"int" as an array index:
static inline void *net_generic(const struct net *net, int id)
{
...
ptr = ng->ptr[id - 1];
...
}
And this function is used a lot, so those sign extensions add up.
Patch snipes ~1730 bytes on allyesconfig kernel (without all junk
messing with code generation):
add/remove: 0/0 grow/shrink: 70/598 up/down: 396/-2126 (-1730)
Unfortunately some functions actually grow bigger.
This is a semmingly random artefact of code generation with register
allocator being used differently. gcc decides that some variable
needs to live in new r8+ registers and every access now requires REX
prefix. Or it is shifted into r12, so [r12+0] addressing mode has to be
used which is longer than [r8]
However, overall balance is in negative direction:
add/remove: 0/0 grow/shrink: 70/598 up/down: 396/-2126 (-1730)
function old new delta
nfsd4_lock 3886 3959 +73
tipc_link_build_proto_msg 1096 1140 +44
mac80211_hwsim_new_radio 2776 2808 +32
tipc_mon_rcv 1032 1058 +26
svcauth_gss_legacy_init 1413 1429 +16
tipc_bcbase_select_primary 379 392 +13
nfsd4_exchange_id 1247 1260 +13
nfsd4_setclientid_confirm 782 793 +11
...
put_client_renew_locked 494 480 -14
ip_set_sockfn_get 730 716 -14
geneve_sock_add 829 813 -16
nfsd4_sequence_done 721 703 -18
nlmclnt_lookup_host 708 686 -22
nfsd4_lockt 1085 1063 -22
nfs_get_client 1077 1050 -27
tcf_bpf_init 1106 1076 -30
nfsd4_encode_fattr 5997 5930 -67
Total: Before=154856051, After=154854321, chg -0.00%
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-16 18:58:21 -07:00
|
|
|
static unsigned int sit_net_id __read_mostly;
|
2008-04-16 02:15:17 -06:00
|
|
|
struct sit_net {
|
2016-08-10 03:03:35 -06:00
|
|
|
struct ip_tunnel __rcu *tunnels_r_l[IP6_SIT_HASH_SIZE];
|
|
|
|
|
struct ip_tunnel __rcu *tunnels_r[IP6_SIT_HASH_SIZE];
|
|
|
|
|
struct ip_tunnel __rcu *tunnels_l[IP6_SIT_HASH_SIZE];
|
2010-09-15 05:35:10 -06:00
|
|
|
struct ip_tunnel __rcu *tunnels_wc[1];
|
|
|
|
|
struct ip_tunnel __rcu **tunnels[4];
|
2008-04-16 02:16:38 -06:00
|
|
|
|
2008-04-16 02:16:18 -06:00
|
|
|
struct net_device *fb_tunnel_dev;
|
2008-04-16 02:15:17 -06:00
|
|
|
};
|
|
|
|
|
|
2009-10-23 11:52:14 -06:00
|
|
|
/*
|
|
|
|
|
* Must be invoked with rcu_read_lock
|
|
|
|
|
*/
|
2012-04-01 01:49:01 -06:00
|
|
|
static struct ip_tunnel *ipip6_tunnel_lookup(struct net *net,
|
2017-10-30 11:07:17 -06:00
|
|
|
struct net_device *dev,
|
|
|
|
|
__be32 remote, __be32 local,
|
|
|
|
|
int sifindex)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2010-09-15 05:35:10 -06:00
|
|
|
unsigned int h0 = HASH(remote);
|
|
|
|
|
unsigned int h1 = HASH(local);
|
2005-04-16 16:20:36 -06:00
|
|
|
struct ip_tunnel *t;
|
2008-04-16 02:16:38 -06:00
|
|
|
struct sit_net *sitn = net_generic(net, sit_net_id);
|
2017-10-30 11:07:17 -06:00
|
|
|
int ifindex = dev ? dev->ifindex : 0;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2012-11-11 14:52:34 -07:00
|
|
|
for_each_ip_tunnel_rcu(t, sitn->tunnels_r_l[h0 ^ h1]) {
|
2005-04-16 16:20:36 -06:00
|
|
|
if (local == t->parms.iph.saddr &&
|
2009-05-19 06:56:49 -06:00
|
|
|
remote == t->parms.iph.daddr &&
|
2017-10-30 11:07:17 -06:00
|
|
|
(!dev || !t->parms.link || ifindex == t->parms.link ||
|
|
|
|
|
sifindex == t->parms.link) &&
|
2009-05-19 06:56:49 -06:00
|
|
|
(t->dev->flags & IFF_UP))
|
2005-04-16 16:20:36 -06:00
|
|
|
return t;
|
|
|
|
|
}
|
2012-11-11 14:52:34 -07:00
|
|
|
for_each_ip_tunnel_rcu(t, sitn->tunnels_r[h0]) {
|
2009-05-19 06:56:49 -06:00
|
|
|
if (remote == t->parms.iph.daddr &&
|
2017-10-30 11:07:17 -06:00
|
|
|
(!dev || !t->parms.link || ifindex == t->parms.link ||
|
|
|
|
|
sifindex == t->parms.link) &&
|
2009-05-19 06:56:49 -06:00
|
|
|
(t->dev->flags & IFF_UP))
|
2005-04-16 16:20:36 -06:00
|
|
|
return t;
|
|
|
|
|
}
|
2012-11-11 14:52:34 -07:00
|
|
|
for_each_ip_tunnel_rcu(t, sitn->tunnels_l[h1]) {
|
2009-05-19 06:56:49 -06:00
|
|
|
if (local == t->parms.iph.saddr &&
|
2017-10-30 11:07:17 -06:00
|
|
|
(!dev || !t->parms.link || ifindex == t->parms.link ||
|
|
|
|
|
sifindex == t->parms.link) &&
|
2009-05-19 06:56:49 -06:00
|
|
|
(t->dev->flags & IFF_UP))
|
2005-04-16 16:20:36 -06:00
|
|
|
return t;
|
|
|
|
|
}
|
2009-10-23 11:52:14 -06:00
|
|
|
t = rcu_dereference(sitn->tunnels_wc[0]);
|
2015-03-29 07:00:05 -06:00
|
|
|
if (t && (t->dev->flags & IFF_UP))
|
2005-04-16 16:20:36 -06:00
|
|
|
return t;
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2010-09-15 05:35:10 -06:00
|
|
|
static struct ip_tunnel __rcu **__ipip6_bucket(struct sit_net *sitn,
|
2008-04-16 02:15:39 -06:00
|
|
|
struct ip_tunnel_parm *parms)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2007-04-24 05:44:47 -06:00
|
|
|
__be32 remote = parms->iph.daddr;
|
|
|
|
|
__be32 local = parms->iph.saddr;
|
2010-09-15 05:35:10 -06:00
|
|
|
unsigned int h = 0;
|
2005-04-16 16:20:36 -06:00
|
|
|
int prio = 0;
|
|
|
|
|
|
|
|
|
|
if (remote) {
|
|
|
|
|
prio |= 2;
|
|
|
|
|
h ^= HASH(remote);
|
|
|
|
|
}
|
|
|
|
|
if (local) {
|
|
|
|
|
prio |= 1;
|
|
|
|
|
h ^= HASH(local);
|
|
|
|
|
}
|
2008-04-16 02:16:38 -06:00
|
|
|
return &sitn->tunnels[prio][h];
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2010-09-15 05:35:10 -06:00
|
|
|
static inline struct ip_tunnel __rcu **ipip6_bucket(struct sit_net *sitn,
|
2008-04-16 02:15:39 -06:00
|
|
|
struct ip_tunnel *t)
|
2007-04-24 05:44:47 -06:00
|
|
|
{
|
2008-04-16 02:15:39 -06:00
|
|
|
return __ipip6_bucket(sitn, &t->parms);
|
2007-04-24 05:44:47 -06:00
|
|
|
}
|
|
|
|
|
|
2008-04-16 02:15:39 -06:00
|
|
|
static void ipip6_tunnel_unlink(struct sit_net *sitn, struct ip_tunnel *t)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2010-09-15 05:35:10 -06:00
|
|
|
struct ip_tunnel __rcu **tp;
|
|
|
|
|
struct ip_tunnel *iter;
|
|
|
|
|
|
|
|
|
|
for (tp = ipip6_bucket(sitn, t);
|
|
|
|
|
(iter = rtnl_dereference(*tp)) != NULL;
|
|
|
|
|
tp = &iter->next) {
|
|
|
|
|
if (t == iter) {
|
2012-01-11 21:41:32 -07:00
|
|
|
rcu_assign_pointer(*tp, t->next);
|
2005-04-16 16:20:36 -06:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2008-04-16 02:15:39 -06:00
|
|
|
static void ipip6_tunnel_link(struct sit_net *sitn, struct ip_tunnel *t)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2010-09-15 05:35:10 -06:00
|
|
|
struct ip_tunnel __rcu **tp = ipip6_bucket(sitn, t);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2012-01-11 21:41:32 -07:00
|
|
|
rcu_assign_pointer(t->next, rtnl_dereference(*tp));
|
|
|
|
|
rcu_assign_pointer(*tp, t);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2009-10-10 21:31:34 -06:00
|
|
|
static void ipip6_tunnel_clone_6rd(struct net_device *dev, struct sit_net *sitn)
|
2009-09-22 17:43:14 -06:00
|
|
|
{
|
|
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
2009-10-10 21:31:34 -06:00
|
|
|
struct ip_tunnel *t = netdev_priv(dev);
|
|
|
|
|
|
net: do not create fallback tunnels for non-default namespaces
fallback tunnels (like tunl0, gre0, gretap0, erspan0, sit0,
ip6tnl0, ip6gre0) are automatically created when the corresponding
module is loaded.
These tunnels are also automatically created when a new network
namespace is created, at a great cost.
In many cases, netns are used for isolation purposes, and these
extra network devices are a waste of resources. We are using
thousands of netns per host, and hit the netns creation/delete
bottleneck a lot. (Many thanks to Kirill for recent work on this)
Add a new sysctl so that we can opt-out from this automatic creation.
Note that these tunnels are still created for the initial namespace,
to be the least intrusive for typical setups.
Tested:
lpk43:~# cat add_del_unshare.sh
for i in `seq 1 40`
do
(for j in `seq 1 100` ; do unshare -n /bin/true >/dev/null ; done) &
done
wait
lpk43:~# echo 0 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh
real 0m37.521s
user 0m0.886s
sys 7m7.084s
lpk43:~# echo 1 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh
real 0m4.761s
user 0m0.851s
sys 1m8.343s
lpk43:~#
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-08 13:51:41 -07:00
|
|
|
if (dev == sitn->fb_tunnel_dev || !sitn->fb_tunnel_dev) {
|
2009-09-22 17:43:14 -06:00
|
|
|
ipv6_addr_set(&t->ip6rd.prefix, htonl(0x20020000), 0, 0, 0);
|
|
|
|
|
t->ip6rd.relay_prefix = 0;
|
|
|
|
|
t->ip6rd.prefixlen = 16;
|
|
|
|
|
t->ip6rd.relay_prefixlen = 0;
|
|
|
|
|
} else {
|
|
|
|
|
struct ip_tunnel *t0 = netdev_priv(sitn->fb_tunnel_dev);
|
|
|
|
|
memcpy(&t->ip6rd, &t0->ip6rd, sizeof(t->ip6rd));
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-13 22:14:07 -07:00
|
|
|
static int ipip6_tunnel_create(struct net_device *dev)
|
|
|
|
|
{
|
|
|
|
|
struct ip_tunnel *t = netdev_priv(dev);
|
|
|
|
|
struct net *net = dev_net(dev);
|
|
|
|
|
struct sit_net *sitn = net_generic(net, sit_net_id);
|
|
|
|
|
int err;
|
|
|
|
|
|
2014-11-03 01:19:29 -07:00
|
|
|
memcpy(dev->dev_addr, &t->parms.iph.saddr, 4);
|
|
|
|
|
memcpy(dev->broadcast, &t->parms.iph.daddr, 4);
|
2012-11-13 22:14:07 -07:00
|
|
|
|
2012-11-14 21:06:41 -07:00
|
|
|
if ((__force u16)t->parms.i_flags & SIT_ISATAP)
|
2012-11-13 22:14:07 -07:00
|
|
|
dev->priv_flags |= IFF_ISATAP;
|
|
|
|
|
|
2016-01-25 06:29:19 -07:00
|
|
|
dev->rtnl_link_ops = &sit_link_ops;
|
|
|
|
|
|
2012-11-13 22:14:07 -07:00
|
|
|
err = register_netdevice(dev);
|
|
|
|
|
if (err < 0)
|
|
|
|
|
goto out;
|
|
|
|
|
|
2014-11-03 01:19:29 -07:00
|
|
|
ipip6_tunnel_clone_6rd(dev, sitn);
|
|
|
|
|
|
2012-11-13 22:14:07 -07:00
|
|
|
dev_hold(dev);
|
|
|
|
|
|
|
|
|
|
ipip6_tunnel_link(sitn, t);
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2010-09-15 05:35:10 -06:00
|
|
|
static struct ip_tunnel *ipip6_tunnel_locate(struct net *net,
|
2008-04-16 02:15:39 -06:00
|
|
|
struct ip_tunnel_parm *parms, int create)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2006-11-14 21:56:00 -07:00
|
|
|
__be32 remote = parms->iph.daddr;
|
|
|
|
|
__be32 local = parms->iph.saddr;
|
2010-09-15 05:35:10 -06:00
|
|
|
struct ip_tunnel *t, *nt;
|
|
|
|
|
struct ip_tunnel __rcu **tp;
|
2005-04-16 16:20:36 -06:00
|
|
|
struct net_device *dev;
|
|
|
|
|
char name[IFNAMSIZ];
|
2008-04-16 02:15:39 -06:00
|
|
|
struct sit_net *sitn = net_generic(net, sit_net_id);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2010-09-15 05:35:10 -06:00
|
|
|
for (tp = __ipip6_bucket(sitn, parms);
|
|
|
|
|
(t = rtnl_dereference(*tp)) != NULL;
|
|
|
|
|
tp = &t->next) {
|
2009-05-19 06:56:48 -06:00
|
|
|
if (local == t->parms.iph.saddr &&
|
2009-05-19 06:56:49 -06:00
|
|
|
remote == t->parms.iph.daddr &&
|
|
|
|
|
parms->link == t->parms.link) {
|
2009-05-19 06:56:48 -06:00
|
|
|
if (create)
|
|
|
|
|
return NULL;
|
|
|
|
|
else
|
|
|
|
|
return t;
|
|
|
|
|
}
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
if (!create)
|
|
|
|
|
goto failed;
|
|
|
|
|
|
2018-04-05 07:39:28 -06:00
|
|
|
if (parms->name[0]) {
|
|
|
|
|
if (!dev_valid_name(parms->name))
|
|
|
|
|
goto failed;
|
2005-04-16 16:20:36 -06:00
|
|
|
strlcpy(name, parms->name, IFNAMSIZ);
|
2018-04-05 07:39:28 -06:00
|
|
|
} else {
|
2010-09-26 18:38:18 -06:00
|
|
|
strcpy(name, "sit%d");
|
2018-04-05 07:39:28 -06:00
|
|
|
}
|
net: set name_assign_type in alloc_netdev()
Extend alloc_netdev{,_mq{,s}}() to take name_assign_type as argument, and convert
all users to pass NET_NAME_UNKNOWN.
Coccinelle patch:
@@
expression sizeof_priv, name, setup, txqs, rxqs, count;
@@
(
-alloc_netdev_mqs(sizeof_priv, name, setup, txqs, rxqs)
+alloc_netdev_mqs(sizeof_priv, name, NET_NAME_UNKNOWN, setup, txqs, rxqs)
|
-alloc_netdev_mq(sizeof_priv, name, setup, count)
+alloc_netdev_mq(sizeof_priv, name, NET_NAME_UNKNOWN, setup, count)
|
-alloc_netdev(sizeof_priv, name, setup)
+alloc_netdev(sizeof_priv, name, NET_NAME_UNKNOWN, setup)
)
v9: move comments here from the wrong commit
Signed-off-by: Tom Gundersen <teg@jklm.no>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-07-14 08:37:24 -06:00
|
|
|
dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN,
|
|
|
|
|
ipip6_tunnel_setup);
|
2015-03-29 07:00:04 -06:00
|
|
|
if (!dev)
|
2005-04-16 16:20:36 -06:00
|
|
|
return NULL;
|
|
|
|
|
|
2008-04-16 02:17:18 -06:00
|
|
|
dev_net_set(dev, net);
|
|
|
|
|
|
2006-01-08 23:05:26 -07:00
|
|
|
nt = netdev_priv(dev);
|
2008-11-20 21:33:56 -07:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
nt->parms = *parms;
|
2012-11-13 22:14:07 -07:00
|
|
|
if (ipip6_tunnel_create(dev) < 0)
|
[INET]: Don't create tunnels with '%' in name.
Four tunnel drivers (ip_gre, ipip, ip6_tunnel and sit) can receive a
pre-defined name for a device from the userspace. Since these drivers
call the register_netdevice() (rtnl_lock, is held), which does _not_
generate the device's name, this name may contain a '%' character.
Not sure how bad is this to have a device with a '%' in its name, but
all the other places either use the register_netdev(), which call the
dev_alloc_name(), or explicitly call the dev_alloc_name() before
registering, i.e. do not allow for such names.
This had to be prior to the commit 34cc7b, but I forgot to number the
patches and this one got lost, sorry.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-27 00:51:04 -07:00
|
|
|
goto failed_free;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
return nt;
|
|
|
|
|
|
[INET]: Don't create tunnels with '%' in name.
Four tunnel drivers (ip_gre, ipip, ip6_tunnel and sit) can receive a
pre-defined name for a device from the userspace. Since these drivers
call the register_netdevice() (rtnl_lock, is held), which does _not_
generate the device's name, this name may contain a '%' character.
Not sure how bad is this to have a device with a '%' in its name, but
all the other places either use the register_netdev(), which call the
dev_alloc_name(), or explicitly call the dev_alloc_name() before
registering, i.e. do not allow for such names.
This had to be prior to the commit 34cc7b, but I forgot to number the
patches and this one got lost, sorry.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-27 00:51:04 -07:00
|
|
|
failed_free:
|
net: Fix inconsistent teardown and release of private netdev state.
Network devices can allocate reasources and private memory using
netdev_ops->ndo_init(). However, the release of these resources
can occur in one of two different places.
Either netdev_ops->ndo_uninit() or netdev->destructor().
The decision of which operation frees the resources depends upon
whether it is necessary for all netdev refs to be released before it
is safe to perform the freeing.
netdev_ops->ndo_uninit() presumably can occur right after the
NETDEV_UNREGISTER notifier completes and the unicast and multicast
address lists are flushed.
netdev->destructor(), on the other hand, does not run until the
netdev references all go away.
Further complicating the situation is that netdev->destructor()
almost universally does also a free_netdev().
This creates a problem for the logic in register_netdevice().
Because all callers of register_netdevice() manage the freeing
of the netdev, and invoke free_netdev(dev) if register_netdevice()
fails.
If netdev_ops->ndo_init() succeeds, but something else fails inside
of register_netdevice(), it does call ndo_ops->ndo_uninit(). But
it is not able to invoke netdev->destructor().
This is because netdev->destructor() will do a free_netdev() and
then the caller of register_netdevice() will do the same.
However, this means that the resources that would normally be released
by netdev->destructor() will not be.
Over the years drivers have added local hacks to deal with this, by
invoking their destructor parts by hand when register_netdevice()
fails.
Many drivers do not try to deal with this, and instead we have leaks.
Let's close this hole by formalizing the distinction between what
private things need to be freed up by netdev->destructor() and whether
the driver needs unregister_netdevice() to perform the free_netdev().
netdev->priv_destructor() performs all actions to free up the private
resources that used to be freed by netdev->destructor(), except for
free_netdev().
netdev->needs_free_netdev is a boolean that indicates whether
free_netdev() should be done at the end of unregister_netdevice().
Now, register_netdevice() can sanely release all resources after
ndo_ops->ndo_init() succeeds, by invoking both ndo_ops->ndo_uninit()
and netdev->priv_destructor().
And at the end of unregister_netdevice(), we invoke
netdev->priv_destructor() and optionally call free_netdev().
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-05-08 10:52:56 -06:00
|
|
|
free_netdev(dev);
|
2005-04-16 16:20:36 -06:00
|
|
|
failed:
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-23 11:51:26 -06:00
|
|
|
#define for_each_prl_rcu(start) \
|
|
|
|
|
for (prl = rcu_dereference(start); \
|
|
|
|
|
prl; \
|
|
|
|
|
prl = rcu_dereference(prl->next))
|
|
|
|
|
|
2008-03-11 16:35:59 -06:00
|
|
|
static struct ip_tunnel_prl_entry *
|
2008-03-22 02:42:57 -06:00
|
|
|
__ipip6_tunnel_locate_prl(struct ip_tunnel *t, __be32 addr)
|
2008-03-11 16:35:59 -06:00
|
|
|
{
|
2009-10-23 11:51:26 -06:00
|
|
|
struct ip_tunnel_prl_entry *prl;
|
2008-03-11 16:35:59 -06:00
|
|
|
|
2009-10-23 11:51:26 -06:00
|
|
|
for_each_prl_rcu(t->prl)
|
|
|
|
|
if (prl->addr == addr)
|
2008-03-11 16:35:59 -06:00
|
|
|
break;
|
2009-10-23 11:51:26 -06:00
|
|
|
return prl;
|
2008-03-11 16:35:59 -06:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2008-06-16 17:48:20 -06:00
|
|
|
static int ipip6_tunnel_get_prl(struct ip_tunnel *t,
|
|
|
|
|
struct ip_tunnel_prl __user *a)
|
2008-03-24 03:28:39 -06:00
|
|
|
{
|
2008-06-16 17:48:20 -06:00
|
|
|
struct ip_tunnel_prl kprl, *kp;
|
2008-03-24 03:28:39 -06:00
|
|
|
struct ip_tunnel_prl_entry *prl;
|
|
|
|
|
unsigned int cmax, c = 0, ca, len;
|
|
|
|
|
int ret = 0;
|
|
|
|
|
|
2008-06-16 17:48:20 -06:00
|
|
|
if (copy_from_user(&kprl, a, sizeof(kprl)))
|
|
|
|
|
return -EFAULT;
|
|
|
|
|
cmax = kprl.datalen / sizeof(kprl);
|
|
|
|
|
if (cmax > 1 && kprl.addr != htonl(INADDR_ANY))
|
2008-03-24 03:28:39 -06:00
|
|
|
cmax = 1;
|
|
|
|
|
|
|
|
|
|
/* For simple GET or for root users,
|
|
|
|
|
* we try harder to allocate.
|
|
|
|
|
*/
|
|
|
|
|
kp = (cmax <= 1 || capable(CAP_NET_ADMIN)) ?
|
2017-06-22 16:29:33 -06:00
|
|
|
kcalloc(cmax, sizeof(*kp), GFP_KERNEL | __GFP_NOWARN) :
|
2008-03-24 03:28:39 -06:00
|
|
|
NULL;
|
|
|
|
|
|
2009-10-23 11:51:26 -06:00
|
|
|
rcu_read_lock();
|
2008-03-24 03:28:39 -06:00
|
|
|
|
|
|
|
|
ca = t->prl_count < cmax ? t->prl_count : cmax;
|
|
|
|
|
|
|
|
|
|
if (!kp) {
|
|
|
|
|
/* We don't try hard to allocate much memory for
|
|
|
|
|
* non-root users.
|
|
|
|
|
* For root users, retry allocating enough memory for
|
|
|
|
|
* the answer.
|
|
|
|
|
*/
|
|
|
|
|
kp = kcalloc(ca, sizeof(*kp), GFP_ATOMIC);
|
|
|
|
|
if (!kp) {
|
|
|
|
|
ret = -ENOMEM;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c = 0;
|
2009-10-23 11:51:26 -06:00
|
|
|
for_each_prl_rcu(t->prl) {
|
2009-09-29 05:27:05 -06:00
|
|
|
if (c >= cmax)
|
2008-03-24 03:28:39 -06:00
|
|
|
break;
|
2008-06-16 17:48:20 -06:00
|
|
|
if (kprl.addr != htonl(INADDR_ANY) && prl->addr != kprl.addr)
|
2008-03-24 03:28:39 -06:00
|
|
|
continue;
|
|
|
|
|
kp[c].addr = prl->addr;
|
|
|
|
|
kp[c].flags = prl->flags;
|
|
|
|
|
c++;
|
2008-06-16 17:48:20 -06:00
|
|
|
if (kprl.addr != htonl(INADDR_ANY))
|
2008-03-24 03:28:39 -06:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
out:
|
2009-10-23 11:51:26 -06:00
|
|
|
rcu_read_unlock();
|
2008-03-24 03:28:39 -06:00
|
|
|
|
|
|
|
|
len = sizeof(*kp) * c;
|
2008-06-16 17:48:20 -06:00
|
|
|
ret = 0;
|
|
|
|
|
if ((len && copy_to_user(a + 1, kp, len)) || put_user(len, &a->datalen))
|
|
|
|
|
ret = -EFAULT;
|
2008-03-24 03:28:39 -06:00
|
|
|
|
|
|
|
|
kfree(kp);
|
|
|
|
|
|
2008-06-16 17:48:20 -06:00
|
|
|
return ret;
|
2008-03-24 03:28:39 -06:00
|
|
|
}
|
|
|
|
|
|
2008-03-11 16:35:59 -06:00
|
|
|
static int
|
|
|
|
|
ipip6_tunnel_add_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a, int chg)
|
|
|
|
|
{
|
|
|
|
|
struct ip_tunnel_prl_entry *p;
|
2008-03-22 02:42:57 -06:00
|
|
|
int err = 0;
|
|
|
|
|
|
2008-03-22 02:50:59 -06:00
|
|
|
if (a->addr == htonl(INADDR_ANY))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2010-06-01 01:26:58 -06:00
|
|
|
ASSERT_RTNL();
|
2008-03-11 16:35:59 -06:00
|
|
|
|
2010-09-15 05:35:10 -06:00
|
|
|
for (p = rtnl_dereference(t->prl); p; p = rtnl_dereference(p->next)) {
|
2008-03-24 03:28:39 -06:00
|
|
|
if (p->addr == a->addr) {
|
2009-10-23 11:51:26 -06:00
|
|
|
if (chg) {
|
|
|
|
|
p->flags = a->flags;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2008-03-22 02:42:57 -06:00
|
|
|
err = -EEXIST;
|
|
|
|
|
goto out;
|
2008-03-11 16:35:59 -06:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2008-03-22 02:42:57 -06:00
|
|
|
if (chg) {
|
|
|
|
|
err = -ENXIO;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2008-03-11 16:35:59 -06:00
|
|
|
|
|
|
|
|
p = kzalloc(sizeof(struct ip_tunnel_prl_entry), GFP_KERNEL);
|
2008-03-22 02:42:57 -06:00
|
|
|
if (!p) {
|
|
|
|
|
err = -ENOBUFS;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2008-03-11 16:35:59 -06:00
|
|
|
|
|
|
|
|
p->next = t->prl;
|
2008-03-24 03:28:39 -06:00
|
|
|
p->addr = a->addr;
|
|
|
|
|
p->flags = a->flags;
|
2009-10-23 11:51:26 -06:00
|
|
|
t->prl_count++;
|
2012-01-11 21:41:32 -07:00
|
|
|
rcu_assign_pointer(t->prl, p);
|
2008-03-22 02:42:57 -06:00
|
|
|
out:
|
|
|
|
|
return err;
|
2008-03-11 16:35:59 -06:00
|
|
|
}
|
|
|
|
|
|
2009-10-23 11:51:26 -06:00
|
|
|
static void prl_list_destroy_rcu(struct rcu_head *head)
|
|
|
|
|
{
|
|
|
|
|
struct ip_tunnel_prl_entry *p, *n;
|
|
|
|
|
|
|
|
|
|
p = container_of(head, struct ip_tunnel_prl_entry, rcu_head);
|
|
|
|
|
do {
|
2011-01-20 00:16:24 -07:00
|
|
|
n = rcu_dereference_protected(p->next, 1);
|
2009-10-23 11:51:26 -06:00
|
|
|
kfree(p);
|
|
|
|
|
p = n;
|
|
|
|
|
} while (p);
|
|
|
|
|
}
|
|
|
|
|
|
2008-03-11 16:35:59 -06:00
|
|
|
static int
|
|
|
|
|
ipip6_tunnel_del_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a)
|
|
|
|
|
{
|
2011-01-20 00:16:24 -07:00
|
|
|
struct ip_tunnel_prl_entry *x;
|
|
|
|
|
struct ip_tunnel_prl_entry __rcu **p;
|
2008-03-22 02:42:57 -06:00
|
|
|
int err = 0;
|
|
|
|
|
|
2010-06-01 01:26:58 -06:00
|
|
|
ASSERT_RTNL();
|
2008-03-11 16:35:59 -06:00
|
|
|
|
2008-03-22 02:50:59 -06:00
|
|
|
if (a && a->addr != htonl(INADDR_ANY)) {
|
2011-01-20 00:16:24 -07:00
|
|
|
for (p = &t->prl;
|
|
|
|
|
(x = rtnl_dereference(*p)) != NULL;
|
|
|
|
|
p = &x->next) {
|
|
|
|
|
if (x->addr == a->addr) {
|
2008-03-11 16:35:59 -06:00
|
|
|
*p = x->next;
|
2011-05-02 01:56:57 -06:00
|
|
|
kfree_rcu(x, rcu_head);
|
2008-03-24 03:28:39 -06:00
|
|
|
t->prl_count--;
|
2008-03-22 02:42:57 -06:00
|
|
|
goto out;
|
2008-03-11 16:35:59 -06:00
|
|
|
}
|
|
|
|
|
}
|
2008-03-22 02:42:57 -06:00
|
|
|
err = -ENXIO;
|
2008-03-11 16:35:59 -06:00
|
|
|
} else {
|
2011-01-20 00:16:24 -07:00
|
|
|
x = rtnl_dereference(t->prl);
|
|
|
|
|
if (x) {
|
2009-10-23 11:51:26 -06:00
|
|
|
t->prl_count = 0;
|
|
|
|
|
call_rcu(&x->rcu_head, prl_list_destroy_rcu);
|
|
|
|
|
t->prl = NULL;
|
2008-03-11 16:35:59 -06:00
|
|
|
}
|
|
|
|
|
}
|
2008-03-22 02:42:57 -06:00
|
|
|
out:
|
2009-05-19 06:56:50 -06:00
|
|
|
return err;
|
2008-03-11 16:35:59 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2011-04-21 22:53:02 -06:00
|
|
|
isatap_chksrc(struct sk_buff *skb, const struct iphdr *iph, struct ip_tunnel *t)
|
2008-03-11 16:35:59 -06:00
|
|
|
{
|
2008-03-22 02:42:57 -06:00
|
|
|
struct ip_tunnel_prl_entry *p;
|
2008-03-11 16:35:59 -06:00
|
|
|
int ok = 1;
|
|
|
|
|
|
2009-10-23 11:51:26 -06:00
|
|
|
rcu_read_lock();
|
2008-03-22 02:42:57 -06:00
|
|
|
p = __ipip6_tunnel_locate_prl(t, iph->saddr);
|
2008-03-11 16:35:59 -06:00
|
|
|
if (p) {
|
2008-03-24 03:28:39 -06:00
|
|
|
if (p->flags & PRL_DEFAULT)
|
2008-03-11 16:35:59 -06:00
|
|
|
skb->ndisc_nodetype = NDISC_NODETYPE_DEFAULT;
|
|
|
|
|
else
|
|
|
|
|
skb->ndisc_nodetype = NDISC_NODETYPE_NODEFAULT;
|
|
|
|
|
} else {
|
2011-04-21 22:53:02 -06:00
|
|
|
const struct in6_addr *addr6 = &ipv6_hdr(skb)->saddr;
|
|
|
|
|
|
2008-03-11 16:35:59 -06:00
|
|
|
if (ipv6_addr_is_isatap(addr6) &&
|
|
|
|
|
(addr6->s6_addr32[3] == iph->saddr) &&
|
2008-03-15 20:54:23 -06:00
|
|
|
ipv6_chk_prefix(addr6, t->dev))
|
2008-03-11 16:35:59 -06:00
|
|
|
skb->ndisc_nodetype = NDISC_NODETYPE_HOST;
|
|
|
|
|
else
|
|
|
|
|
ok = 0;
|
|
|
|
|
}
|
2009-10-23 11:51:26 -06:00
|
|
|
rcu_read_unlock();
|
2008-03-11 16:35:59 -06:00
|
|
|
return ok;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
static void ipip6_tunnel_uninit(struct net_device *dev)
|
|
|
|
|
{
|
2013-06-26 08:11:28 -06:00
|
|
|
struct ip_tunnel *tunnel = netdev_priv(dev);
|
|
|
|
|
struct sit_net *sitn = net_generic(tunnel->net, sit_net_id);
|
2008-04-16 02:15:39 -06:00
|
|
|
|
2008-04-16 02:16:18 -06:00
|
|
|
if (dev == sitn->fb_tunnel_dev) {
|
2011-08-01 10:19:00 -06:00
|
|
|
RCU_INIT_POINTER(sitn->tunnels_wc[0], NULL);
|
2005-04-16 16:20:36 -06:00
|
|
|
} else {
|
2013-06-26 08:11:28 -06:00
|
|
|
ipip6_tunnel_unlink(sitn, tunnel);
|
|
|
|
|
ipip6_tunnel_del_prl(tunnel, NULL);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2016-02-12 07:43:55 -07:00
|
|
|
dst_cache_reset(&tunnel->dst_cache);
|
2010-09-15 05:35:10 -06:00
|
|
|
dev_put(dev);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2007-02-13 13:55:25 -07:00
|
|
|
static int ipip6_err(struct sk_buff *skb, u32 info)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2011-04-21 22:53:02 -06:00
|
|
|
const struct iphdr *iph = (const struct iphdr *)skb->data;
|
2007-03-13 11:43:18 -06:00
|
|
|
const int type = icmp_hdr(skb)->type;
|
|
|
|
|
const int code = icmp_hdr(skb)->code;
|
2016-06-18 22:52:06 -06:00
|
|
|
unsigned int data_len = 0;
|
2005-04-16 16:20:36 -06:00
|
|
|
struct ip_tunnel *t;
|
2017-10-30 11:07:17 -06:00
|
|
|
int sifindex;
|
2007-02-13 13:55:25 -07:00
|
|
|
int err;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
|
default:
|
|
|
|
|
case ICMP_PARAMETERPROB:
|
2007-02-13 13:55:25 -07:00
|
|
|
return 0;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
case ICMP_DEST_UNREACH:
|
|
|
|
|
switch (code) {
|
|
|
|
|
case ICMP_SR_FAILED:
|
|
|
|
|
/* Impossible event. */
|
2007-02-13 13:55:25 -07:00
|
|
|
return 0;
|
2005-04-16 16:20:36 -06:00
|
|
|
default:
|
|
|
|
|
/* All others are translated to HOST_UNREACH.
|
|
|
|
|
rfc2003 contains "deep thoughts" about NET_UNREACH,
|
|
|
|
|
I believe they are just ether pollution. --ANK
|
|
|
|
|
*/
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ICMP_TIME_EXCEEDED:
|
|
|
|
|
if (code != ICMP_EXC_TTL)
|
2007-02-13 13:55:25 -07:00
|
|
|
return 0;
|
2016-06-18 22:52:06 -06:00
|
|
|
data_len = icmp_hdr(skb)->un.reserved[1] * 4; /* RFC 4884 4.1 */
|
2005-04-16 16:20:36 -06:00
|
|
|
break;
|
2012-07-12 01:25:15 -06:00
|
|
|
case ICMP_REDIRECT:
|
|
|
|
|
break;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2007-02-13 13:55:25 -07:00
|
|
|
err = -ENOENT;
|
|
|
|
|
|
2017-10-30 11:07:17 -06:00
|
|
|
sifindex = netif_is_l3_master(skb->dev) ? IPCB(skb)->iif : 0;
|
|
|
|
|
t = ipip6_tunnel_lookup(dev_net(skb->dev), skb->dev,
|
|
|
|
|
iph->daddr, iph->saddr, sifindex);
|
2015-03-29 07:00:04 -06:00
|
|
|
if (!t)
|
2012-06-14 23:21:46 -06:00
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
|
|
|
|
|
ipv4_update_pmtu(skb, dev_net(skb->dev), info,
|
2018-09-25 21:56:26 -06:00
|
|
|
t->parms.link, iph->protocol);
|
2012-06-14 23:21:46 -06:00
|
|
|
err = 0;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2012-07-12 01:25:15 -06:00
|
|
|
if (type == ICMP_REDIRECT) {
|
2018-09-25 21:56:27 -06:00
|
|
|
ipv4_redirect(skb, dev_net(skb->dev), t->parms.link,
|
|
|
|
|
iph->protocol);
|
2012-07-12 01:25:15 -06:00
|
|
|
err = 0;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2012-06-14 23:21:46 -06:00
|
|
|
|
2016-06-18 22:52:04 -06:00
|
|
|
err = 0;
|
2019-02-07 03:36:11 -07:00
|
|
|
if (__in6_dev_get(skb->dev) &&
|
|
|
|
|
!ip6_err_gen_icmpv6_unreach(skb, iph->ihl * 4, type, data_len))
|
2005-04-16 16:20:36 -06:00
|
|
|
goto out;
|
2007-02-13 13:55:25 -07:00
|
|
|
|
2016-06-18 22:52:04 -06:00
|
|
|
if (t->parms.iph.daddr == 0)
|
2013-11-22 08:23:20 -07:00
|
|
|
goto out;
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
|
|
|
|
|
goto out;
|
|
|
|
|
|
2009-02-25 00:37:19 -07:00
|
|
|
if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
|
2005-04-16 16:20:36 -06:00
|
|
|
t->err_count++;
|
|
|
|
|
else
|
|
|
|
|
t->err_count = 1;
|
|
|
|
|
t->err_time = jiffies;
|
|
|
|
|
out:
|
2007-02-13 13:55:25 -07:00
|
|
|
return err;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2013-01-29 01:24:25 -07:00
|
|
|
static inline bool is_spoofed_6rd(struct ip_tunnel *tunnel, const __be32 v4addr,
|
|
|
|
|
const struct in6_addr *v6addr)
|
|
|
|
|
{
|
|
|
|
|
__be32 v4embed = 0;
|
|
|
|
|
if (check_6rd(tunnel, v6addr, &v4embed) && v4addr != v4embed)
|
|
|
|
|
return true;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-23 14:04:19 -06:00
|
|
|
/* Checks if an address matches an address on the tunnel interface.
|
|
|
|
|
* Used to detect the NAT of proto 41 packets and let them pass spoofing test.
|
|
|
|
|
* Long story:
|
|
|
|
|
* This function is called after we considered the packet as spoofed
|
|
|
|
|
* in is_spoofed_6rd.
|
|
|
|
|
* We may have a router that is doing NAT for proto 41 packets
|
|
|
|
|
* for an internal station. Destination a.a.a.a/PREFIX:bbbb:bbbb
|
|
|
|
|
* will be translated to n.n.n.n/PREFIX:bbbb:bbbb. And is_spoofed_6rd
|
|
|
|
|
* function will return true, dropping the packet.
|
|
|
|
|
* But, we can still check if is spoofed against the IP
|
|
|
|
|
* addresses associated with the interface.
|
|
|
|
|
*/
|
|
|
|
|
static bool only_dnatted(const struct ip_tunnel *tunnel,
|
|
|
|
|
const struct in6_addr *v6dst)
|
|
|
|
|
{
|
|
|
|
|
int prefix_len;
|
|
|
|
|
|
|
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
|
|
|
|
prefix_len = tunnel->ip6rd.prefixlen + 32
|
|
|
|
|
- tunnel->ip6rd.relay_prefixlen;
|
|
|
|
|
#else
|
|
|
|
|
prefix_len = 48;
|
|
|
|
|
#endif
|
|
|
|
|
return ipv6_chk_custom_prefix(v6dst, prefix_len, tunnel->dev);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Returns true if a packet is spoofed */
|
|
|
|
|
static bool packet_is_spoofed(struct sk_buff *skb,
|
|
|
|
|
const struct iphdr *iph,
|
|
|
|
|
struct ip_tunnel *tunnel)
|
|
|
|
|
{
|
|
|
|
|
const struct ipv6hdr *ipv6h;
|
|
|
|
|
|
|
|
|
|
if (tunnel->dev->priv_flags & IFF_ISATAP) {
|
|
|
|
|
if (!isatap_chksrc(skb, iph, tunnel))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (tunnel->dev->flags & IFF_POINTOPOINT)
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
ipv6h = ipv6_hdr(skb);
|
|
|
|
|
|
|
|
|
|
if (unlikely(is_spoofed_6rd(tunnel, iph->saddr, &ipv6h->saddr))) {
|
|
|
|
|
net_warn_ratelimited("Src spoofed %pI4/%pI6c -> %pI4/%pI6c\n",
|
|
|
|
|
&iph->saddr, &ipv6h->saddr,
|
|
|
|
|
&iph->daddr, &ipv6h->daddr);
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (likely(!is_spoofed_6rd(tunnel, iph->daddr, &ipv6h->daddr)))
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
if (only_dnatted(tunnel, &ipv6h->daddr))
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
net_warn_ratelimited("Dst spoofed %pI4/%pI6c -> %pI4/%pI6c\n",
|
|
|
|
|
&iph->saddr, &ipv6h->saddr,
|
|
|
|
|
&iph->daddr, &ipv6h->daddr);
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
static int ipip6_rcv(struct sk_buff *skb)
|
|
|
|
|
{
|
2013-01-18 02:18:17 -07:00
|
|
|
const struct iphdr *iph = ip_hdr(skb);
|
2005-04-16 16:20:36 -06:00
|
|
|
struct ip_tunnel *tunnel;
|
2017-10-30 11:07:17 -06:00
|
|
|
int sifindex;
|
2012-11-26 20:07:11 -07:00
|
|
|
int err;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2017-10-30 11:07:17 -06:00
|
|
|
sifindex = netif_is_l3_master(skb->dev) ? IPCB(skb)->iif : 0;
|
2009-05-19 06:56:49 -06:00
|
|
|
tunnel = ipip6_tunnel_lookup(dev_net(skb->dev), skb->dev,
|
2017-10-30 11:07:17 -06:00
|
|
|
iph->saddr, iph->daddr, sifindex);
|
2015-03-29 07:00:05 -06:00
|
|
|
if (tunnel) {
|
2014-01-03 22:57:59 -07:00
|
|
|
struct pcpu_sw_netstats *tstats;
|
2010-09-26 18:38:18 -06:00
|
|
|
|
2013-05-27 17:48:16 -06:00
|
|
|
if (tunnel->parms.iph.protocol != IPPROTO_IPV6 &&
|
|
|
|
|
tunnel->parms.iph.protocol != 0)
|
|
|
|
|
goto out;
|
|
|
|
|
|
2007-04-10 22:21:55 -06:00
|
|
|
skb->mac_header = skb->network_header;
|
2007-04-10 21:45:18 -06:00
|
|
|
skb_reset_network_header(skb);
|
2006-01-07 00:04:01 -07:00
|
|
|
IPCB(skb)->flags = 0;
|
2016-03-19 10:32:02 -06:00
|
|
|
skb->dev = tunnel->dev;
|
2007-11-29 04:11:40 -07:00
|
|
|
|
2013-09-23 14:04:19 -06:00
|
|
|
if (packet_is_spoofed(skb, iph, tunnel)) {
|
|
|
|
|
tunnel->dev->stats.rx_errors++;
|
|
|
|
|
goto out;
|
2012-11-26 20:07:11 -07:00
|
|
|
}
|
|
|
|
|
|
2016-03-19 10:32:02 -06:00
|
|
|
if (iptunnel_pull_header(skb, 0, htons(ETH_P_IPV6),
|
|
|
|
|
!net_eq(tunnel->net, dev_net(tunnel->dev))))
|
|
|
|
|
goto out;
|
2012-11-26 20:07:11 -07:00
|
|
|
|
2019-04-04 08:37:53 -06:00
|
|
|
/* skb can be uncloned in iptunnel_pull_header, so
|
|
|
|
|
* old iph is no longer valid
|
|
|
|
|
*/
|
|
|
|
|
iph = (const struct iphdr *)skb_mac_header(skb);
|
2012-11-26 20:07:11 -07:00
|
|
|
err = IP_ECN_decapsulate(iph, skb);
|
|
|
|
|
if (unlikely(err)) {
|
|
|
|
|
if (log_ecn_error)
|
|
|
|
|
net_info_ratelimited("non-ECT from %pI4 with TOS=%#x\n",
|
|
|
|
|
&iph->saddr, iph->tos);
|
|
|
|
|
if (err > 1) {
|
|
|
|
|
++tunnel->dev->stats.rx_frame_errors;
|
|
|
|
|
++tunnel->dev->stats.rx_errors;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2007-11-29 04:11:40 -07:00
|
|
|
}
|
2010-05-17 23:36:55 -06:00
|
|
|
|
2010-09-26 18:38:18 -06:00
|
|
|
tstats = this_cpu_ptr(tunnel->dev->tstats);
|
2014-01-01 17:49:36 -07:00
|
|
|
u64_stats_update_begin(&tstats->syncp);
|
2010-09-26 18:38:18 -06:00
|
|
|
tstats->rx_packets++;
|
|
|
|
|
tstats->rx_bytes += skb->len;
|
2014-01-01 17:49:36 -07:00
|
|
|
u64_stats_update_end(&tstats->syncp);
|
2010-09-26 18:38:18 -06:00
|
|
|
|
2010-09-30 15:06:55 -06:00
|
|
|
netif_rx(skb);
|
2010-09-19 18:12:11 -06:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2010-11-29 12:32:34 -07:00
|
|
|
/* no tunnel matched, let upstream know, ipsec may handle it */
|
|
|
|
|
return 1;
|
2005-04-16 16:20:36 -06:00
|
|
|
out:
|
2008-05-09 00:40:26 -06:00
|
|
|
kfree_skb(skb);
|
2005-04-16 16:20:36 -06:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-06 23:56:13 -06:00
|
|
|
static const struct tnl_ptk_info ipip_tpi = {
|
2013-05-27 17:48:16 -06:00
|
|
|
/* no tunnel info required for ipip. */
|
|
|
|
|
.proto = htons(ETH_P_IP),
|
|
|
|
|
};
|
|
|
|
|
|
2016-07-06 23:56:13 -06:00
|
|
|
#if IS_ENABLED(CONFIG_MPLS)
|
|
|
|
|
static const struct tnl_ptk_info mplsip_tpi = {
|
|
|
|
|
/* no tunnel info required for mplsip. */
|
|
|
|
|
.proto = htons(ETH_P_MPLS_UC),
|
|
|
|
|
};
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
static int sit_tunnel_rcv(struct sk_buff *skb, u8 ipproto)
|
2013-05-27 17:48:16 -06:00
|
|
|
{
|
2013-06-17 18:50:02 -06:00
|
|
|
const struct iphdr *iph;
|
2013-05-27 17:48:16 -06:00
|
|
|
struct ip_tunnel *tunnel;
|
2017-10-30 11:07:17 -06:00
|
|
|
int sifindex;
|
|
|
|
|
|
|
|
|
|
sifindex = netif_is_l3_master(skb->dev) ? IPCB(skb)->iif : 0;
|
2013-05-27 17:48:16 -06:00
|
|
|
|
2013-06-17 18:50:02 -06:00
|
|
|
iph = ip_hdr(skb);
|
2013-05-27 17:48:16 -06:00
|
|
|
tunnel = ipip6_tunnel_lookup(dev_net(skb->dev), skb->dev,
|
2017-10-30 11:07:17 -06:00
|
|
|
iph->saddr, iph->daddr, sifindex);
|
2015-03-29 07:00:05 -06:00
|
|
|
if (tunnel) {
|
2016-07-06 23:56:13 -06:00
|
|
|
const struct tnl_ptk_info *tpi;
|
|
|
|
|
|
|
|
|
|
if (tunnel->parms.iph.protocol != ipproto &&
|
2013-05-27 17:48:16 -06:00
|
|
|
tunnel->parms.iph.protocol != 0)
|
|
|
|
|
goto drop;
|
|
|
|
|
|
|
|
|
|
if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
|
|
|
|
|
goto drop;
|
2016-07-06 23:56:13 -06:00
|
|
|
#if IS_ENABLED(CONFIG_MPLS)
|
|
|
|
|
if (ipproto == IPPROTO_MPLS)
|
|
|
|
|
tpi = &mplsip_tpi;
|
|
|
|
|
else
|
|
|
|
|
#endif
|
|
|
|
|
tpi = &ipip_tpi;
|
|
|
|
|
if (iptunnel_pull_header(skb, 0, tpi->proto, false))
|
2013-08-28 03:54:50 -06:00
|
|
|
goto drop;
|
2016-07-06 23:56:13 -06:00
|
|
|
return ip_tunnel_rcv(tunnel, skb, tpi, NULL, log_ecn_error);
|
2013-05-27 17:48:16 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
drop:
|
|
|
|
|
kfree_skb(skb);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2016-07-06 23:56:13 -06:00
|
|
|
static int ipip_rcv(struct sk_buff *skb)
|
|
|
|
|
{
|
|
|
|
|
return sit_tunnel_rcv(skb, IPPROTO_IPIP);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#if IS_ENABLED(CONFIG_MPLS)
|
|
|
|
|
static int mplsip_rcv(struct sk_buff *skb)
|
|
|
|
|
{
|
|
|
|
|
return sit_tunnel_rcv(skb, IPPROTO_MPLS);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2009-09-22 17:43:14 -06:00
|
|
|
/*
|
2013-01-29 01:24:25 -07:00
|
|
|
* If the IPv6 address comes from 6rd / 6to4 (RFC 3056) addr space this function
|
|
|
|
|
* stores the embedded IPv4 address in v4dst and returns true.
|
2009-09-22 17:43:14 -06:00
|
|
|
*/
|
2013-01-29 01:24:25 -07:00
|
|
|
static bool check_6rd(struct ip_tunnel *tunnel, const struct in6_addr *v6dst,
|
|
|
|
|
__be32 *v4dst)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2009-09-22 17:43:14 -06:00
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
|
|
|
|
if (ipv6_prefix_equal(v6dst, &tunnel->ip6rd.prefix,
|
|
|
|
|
tunnel->ip6rd.prefixlen)) {
|
2010-09-15 05:35:10 -06:00
|
|
|
unsigned int pbw0, pbi0;
|
2009-09-22 17:43:14 -06:00
|
|
|
int pbi1;
|
|
|
|
|
u32 d;
|
|
|
|
|
|
|
|
|
|
pbw0 = tunnel->ip6rd.prefixlen >> 5;
|
|
|
|
|
pbi0 = tunnel->ip6rd.prefixlen & 0x1f;
|
|
|
|
|
|
2019-03-11 02:29:32 -06:00
|
|
|
d = tunnel->ip6rd.relay_prefixlen < 32 ?
|
|
|
|
|
(ntohl(v6dst->s6_addr32[pbw0]) << pbi0) >>
|
|
|
|
|
tunnel->ip6rd.relay_prefixlen : 0;
|
2009-09-22 17:43:14 -06:00
|
|
|
|
|
|
|
|
pbi1 = pbi0 - tunnel->ip6rd.relay_prefixlen;
|
|
|
|
|
if (pbi1 > 0)
|
2009-10-10 21:44:45 -06:00
|
|
|
d |= ntohl(v6dst->s6_addr32[pbw0 + 1]) >>
|
2009-09-22 17:43:14 -06:00
|
|
|
(32 - pbi1);
|
|
|
|
|
|
2013-01-29 01:24:25 -07:00
|
|
|
*v4dst = tunnel->ip6rd.relay_prefix | htonl(d);
|
|
|
|
|
return true;
|
2009-09-22 17:43:14 -06:00
|
|
|
}
|
|
|
|
|
#else
|
2005-04-16 16:20:36 -06:00
|
|
|
if (v6dst->s6_addr16[0] == htons(0x2002)) {
|
2007-02-09 07:24:49 -07:00
|
|
|
/* 6to4 v6 addr has 16 bits prefix, 32 v4addr, 16 SLA, ... */
|
2013-01-29 01:24:25 -07:00
|
|
|
memcpy(v4dst, &v6dst->s6_addr16[1], 4);
|
|
|
|
|
return true;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2009-09-22 17:43:14 -06:00
|
|
|
#endif
|
2013-01-29 01:24:25 -07:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline __be32 try_6rd(struct ip_tunnel *tunnel,
|
|
|
|
|
const struct in6_addr *v6dst)
|
|
|
|
|
{
|
|
|
|
|
__be32 dst = 0;
|
|
|
|
|
check_6rd(tunnel, v6dst, &dst);
|
2005-04-16 16:20:36 -06:00
|
|
|
return dst;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This function assumes it is being called from dev_queue_xmit()
|
|
|
|
|
* and that skb is filled properly by that function.
|
|
|
|
|
*/
|
|
|
|
|
|
2009-08-31 13:50:41 -06:00
|
|
|
static netdev_tx_t ipip6_tunnel_xmit(struct sk_buff *skb,
|
|
|
|
|
struct net_device *dev)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2006-01-08 23:05:26 -07:00
|
|
|
struct ip_tunnel *tunnel = netdev_priv(dev);
|
2011-04-21 22:53:02 -06:00
|
|
|
const struct iphdr *tiph = &tunnel->parms.iph;
|
|
|
|
|
const struct ipv6hdr *iph6 = ipv6_hdr(skb);
|
2005-04-16 16:20:36 -06:00
|
|
|
u8 tos = tunnel->parms.iph.tos;
|
2009-11-09 01:42:01 -07:00
|
|
|
__be16 df = tiph->frag_off;
|
2014-08-24 14:53:10 -06:00
|
|
|
struct rtable *rt; /* Route to the other host */
|
|
|
|
|
struct net_device *tdev; /* Device to other host */
|
|
|
|
|
unsigned int max_headroom; /* The extra header space needed */
|
2006-11-14 21:56:00 -07:00
|
|
|
__be32 dst = tiph->daddr;
|
2011-05-03 21:25:42 -06:00
|
|
|
struct flowi4 fl4;
|
2005-04-16 16:20:36 -06:00
|
|
|
int mtu;
|
2011-04-21 22:53:02 -06:00
|
|
|
const struct in6_addr *addr6;
|
2005-04-16 16:20:36 -06:00
|
|
|
int addr_type;
|
2013-06-17 18:49:56 -06:00
|
|
|
u8 ttl;
|
2014-09-17 13:25:59 -06:00
|
|
|
u8 protocol = IPPROTO_IPV6;
|
|
|
|
|
int t_hlen = tunnel->hlen + sizeof(struct iphdr);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2011-08-13 08:04:38 -06:00
|
|
|
if (tos == 1)
|
|
|
|
|
tos = ipv6_get_dsfield(iph6);
|
|
|
|
|
|
2007-11-29 04:11:40 -07:00
|
|
|
/* ISATAP (RFC4214) - must come before 6to4 */
|
|
|
|
|
if (dev->priv_flags & IFF_ISATAP) {
|
|
|
|
|
struct neighbour *neigh = NULL;
|
2012-01-26 13:23:21 -07:00
|
|
|
bool do_tx_error = false;
|
2007-11-29 04:11:40 -07:00
|
|
|
|
2009-06-01 23:19:30 -06:00
|
|
|
if (skb_dst(skb))
|
2012-01-26 13:23:21 -07:00
|
|
|
neigh = dst_neigh_lookup(skb_dst(skb), &iph6->daddr);
|
2007-11-29 04:11:40 -07:00
|
|
|
|
2015-03-29 07:00:04 -06:00
|
|
|
if (!neigh) {
|
2013-09-23 14:04:19 -06:00
|
|
|
net_dbg_ratelimited("nexthop == NULL\n");
|
2007-11-29 04:11:40 -07:00
|
|
|
goto tx_error;
|
|
|
|
|
}
|
|
|
|
|
|
2012-04-01 01:49:01 -06:00
|
|
|
addr6 = (const struct in6_addr *)&neigh->primary_key;
|
2007-11-29 04:11:40 -07:00
|
|
|
addr_type = ipv6_addr_type(addr6);
|
|
|
|
|
|
|
|
|
|
if ((addr_type & IPV6_ADDR_UNICAST) &&
|
|
|
|
|
ipv6_addr_is_isatap(addr6))
|
|
|
|
|
dst = addr6->s6_addr32[3];
|
|
|
|
|
else
|
2012-01-26 13:23:21 -07:00
|
|
|
do_tx_error = true;
|
|
|
|
|
|
|
|
|
|
neigh_release(neigh);
|
|
|
|
|
if (do_tx_error)
|
2007-11-29 04:11:40 -07:00
|
|
|
goto tx_error;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
if (!dst)
|
2013-01-29 01:24:25 -07:00
|
|
|
dst = try_6rd(tunnel, &iph6->daddr);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
if (!dst) {
|
|
|
|
|
struct neighbour *neigh = NULL;
|
2012-01-26 13:23:21 -07:00
|
|
|
bool do_tx_error = false;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2009-06-01 23:19:30 -06:00
|
|
|
if (skb_dst(skb))
|
2012-01-26 13:23:21 -07:00
|
|
|
neigh = dst_neigh_lookup(skb_dst(skb), &iph6->daddr);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2015-03-29 07:00:04 -06:00
|
|
|
if (!neigh) {
|
2013-09-23 14:04:19 -06:00
|
|
|
net_dbg_ratelimited("nexthop == NULL\n");
|
2005-04-16 16:20:36 -06:00
|
|
|
goto tx_error;
|
|
|
|
|
}
|
|
|
|
|
|
2012-04-01 01:49:01 -06:00
|
|
|
addr6 = (const struct in6_addr *)&neigh->primary_key;
|
2005-04-16 16:20:36 -06:00
|
|
|
addr_type = ipv6_addr_type(addr6);
|
|
|
|
|
|
|
|
|
|
if (addr_type == IPV6_ADDR_ANY) {
|
2007-04-25 18:54:47 -06:00
|
|
|
addr6 = &ipv6_hdr(skb)->daddr;
|
2005-04-16 16:20:36 -06:00
|
|
|
addr_type = ipv6_addr_type(addr6);
|
|
|
|
|
}
|
|
|
|
|
|
2012-01-26 13:23:21 -07:00
|
|
|
if ((addr_type & IPV6_ADDR_COMPATv4) != 0)
|
|
|
|
|
dst = addr6->s6_addr32[3];
|
|
|
|
|
else
|
|
|
|
|
do_tx_error = true;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2012-01-26 13:23:21 -07:00
|
|
|
neigh_release(neigh);
|
|
|
|
|
if (do_tx_error)
|
|
|
|
|
goto tx_error;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2017-04-19 10:30:54 -06:00
|
|
|
flowi4_init_output(&fl4, tunnel->parms.link, tunnel->fwmark,
|
|
|
|
|
RT_TOS(tos), RT_SCOPE_UNIVERSE, IPPROTO_IPV6,
|
|
|
|
|
0, dst, tiph->saddr, 0, 0,
|
|
|
|
|
sock_net_uid(tunnel->net, NULL));
|
|
|
|
|
|
2019-07-14 07:31:22 -06:00
|
|
|
rt = dst_cache_get_ip4(&tunnel->dst_cache, &fl4.saddr);
|
|
|
|
|
if (!rt) {
|
|
|
|
|
rt = ip_route_output_flow(tunnel->net, &fl4, NULL);
|
|
|
|
|
if (IS_ERR(rt)) {
|
|
|
|
|
dev->stats.tx_carrier_errors++;
|
|
|
|
|
goto tx_error_icmp;
|
|
|
|
|
}
|
|
|
|
|
dst_cache_set_ip4(&tunnel->dst_cache, &rt->dst, fl4.saddr);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2019-07-14 07:31:22 -06:00
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
if (rt->rt_type != RTN_UNICAST) {
|
|
|
|
|
ip_rt_put(rt);
|
2010-09-26 18:38:18 -06:00
|
|
|
dev->stats.tx_carrier_errors++;
|
2005-04-16 16:20:36 -06:00
|
|
|
goto tx_error_icmp;
|
|
|
|
|
}
|
2010-06-11 00:31:35 -06:00
|
|
|
tdev = rt->dst.dev;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
if (tdev == dev) {
|
|
|
|
|
ip_rt_put(rt);
|
2010-09-26 18:38:18 -06:00
|
|
|
dev->stats.collisions++;
|
2005-04-16 16:20:36 -06:00
|
|
|
goto tx_error;
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-18 10:06:10 -06:00
|
|
|
if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP4)) {
|
2014-09-17 13:25:59 -06:00
|
|
|
ip_rt_put(rt);
|
2016-04-14 13:33:37 -06:00
|
|
|
goto tx_error;
|
2014-09-17 13:25:59 -06:00
|
|
|
}
|
|
|
|
|
|
2009-11-09 01:42:01 -07:00
|
|
|
if (df) {
|
2014-09-17 13:25:59 -06:00
|
|
|
mtu = dst_mtu(&rt->dst) - t_hlen;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2009-11-09 01:42:01 -07:00
|
|
|
if (mtu < 68) {
|
2010-09-26 18:38:18 -06:00
|
|
|
dev->stats.collisions++;
|
2009-11-09 01:42:01 -07:00
|
|
|
ip_rt_put(rt);
|
|
|
|
|
goto tx_error;
|
|
|
|
|
}
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2009-11-09 01:42:01 -07:00
|
|
|
if (mtu < IPV6_MIN_MTU) {
|
|
|
|
|
mtu = IPV6_MIN_MTU;
|
|
|
|
|
df = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2018-01-25 11:03:03 -07:00
|
|
|
if (tunnel->parms.iph.daddr)
|
2019-12-21 19:51:15 -07:00
|
|
|
skb_dst_update_pmtu_no_confirm(skb, mtu);
|
2009-11-09 01:42:01 -07:00
|
|
|
|
2013-12-16 07:31:23 -07:00
|
|
|
if (skb->len > mtu && !skb_is_gso(skb)) {
|
2010-02-18 01:25:24 -07:00
|
|
|
icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
|
2009-11-09 01:42:01 -07:00
|
|
|
ip_rt_put(rt);
|
|
|
|
|
goto tx_error;
|
|
|
|
|
}
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (tunnel->err_count > 0) {
|
2009-02-25 00:37:19 -07:00
|
|
|
if (time_before(jiffies,
|
|
|
|
|
tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
|
2005-04-16 16:20:36 -06:00
|
|
|
tunnel->err_count--;
|
|
|
|
|
dst_link_failure(skb);
|
|
|
|
|
} else
|
|
|
|
|
tunnel->err_count = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Okay, now see if we can stuff it in the buffer as-is.
|
|
|
|
|
*/
|
2014-09-17 13:25:59 -06:00
|
|
|
max_headroom = LL_RESERVED_SPACE(tdev) + t_hlen;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2007-07-09 16:33:40 -06:00
|
|
|
if (skb_headroom(skb) < max_headroom || skb_shared(skb) ||
|
|
|
|
|
(skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
|
2005-04-16 16:20:36 -06:00
|
|
|
struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
|
|
|
|
|
if (!new_skb) {
|
|
|
|
|
ip_rt_put(rt);
|
2010-09-26 18:38:18 -06:00
|
|
|
dev->stats.tx_dropped++;
|
2013-11-25 02:21:24 -07:00
|
|
|
kfree_skb(skb);
|
2009-06-23 00:03:08 -06:00
|
|
|
return NETDEV_TX_OK;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
if (skb->sk)
|
|
|
|
|
skb_set_owner_w(new_skb, skb->sk);
|
|
|
|
|
dev_kfree_skb(skb);
|
|
|
|
|
skb = new_skb;
|
2007-04-25 18:54:47 -06:00
|
|
|
iph6 = ipv6_hdr(skb);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2013-06-17 18:49:56 -06:00
|
|
|
ttl = tiph->ttl;
|
|
|
|
|
if (ttl == 0)
|
|
|
|
|
ttl = iph6->hop_limit;
|
|
|
|
|
tos = INET_ECN_encapsulate(tos, ipv6_get_dsfield(iph6));
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2014-09-17 13:25:59 -06:00
|
|
|
if (ip_tunnel_encap(skb, tunnel, &protocol, &fl4) < 0) {
|
2013-12-20 02:20:12 -07:00
|
|
|
ip_rt_put(rt);
|
2014-09-17 13:25:59 -06:00
|
|
|
goto tx_error;
|
2013-12-20 02:20:12 -07:00
|
|
|
}
|
2013-08-18 05:46:52 -06:00
|
|
|
|
2014-09-29 21:22:30 -06:00
|
|
|
skb_set_inner_ipproto(skb, IPPROTO_IPV6);
|
|
|
|
|
|
2015-12-24 15:34:54 -07:00
|
|
|
iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, protocol, tos, ttl,
|
|
|
|
|
df, !net_eq(tunnel->net, dev_net(dev)));
|
2009-06-23 00:03:08 -06:00
|
|
|
return NETDEV_TX_OK;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
tx_error_icmp:
|
|
|
|
|
dst_link_failure(skb);
|
|
|
|
|
tx_error:
|
2013-11-25 02:21:24 -07:00
|
|
|
kfree_skb(skb);
|
2013-10-20 21:47:30 -06:00
|
|
|
dev->stats.tx_errors++;
|
2009-06-23 00:03:08 -06:00
|
|
|
return NETDEV_TX_OK;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2016-07-06 23:56:13 -06:00
|
|
|
static netdev_tx_t sit_tunnel_xmit__(struct sk_buff *skb,
|
|
|
|
|
struct net_device *dev, u8 ipproto)
|
2013-05-27 17:48:16 -06:00
|
|
|
{
|
|
|
|
|
struct ip_tunnel *tunnel = netdev_priv(dev);
|
|
|
|
|
const struct iphdr *tiph = &tunnel->parms.iph;
|
|
|
|
|
|
2016-05-18 10:06:10 -06:00
|
|
|
if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP4))
|
2016-04-14 13:33:37 -06:00
|
|
|
goto tx_error;
|
2013-05-27 17:48:16 -06:00
|
|
|
|
2016-07-06 23:56:13 -06:00
|
|
|
skb_set_inner_ipproto(skb, ipproto);
|
2014-09-29 21:22:30 -06:00
|
|
|
|
2016-07-06 23:56:13 -06:00
|
|
|
ip_tunnel_xmit(skb, dev, tiph, ipproto);
|
2013-05-27 17:48:16 -06:00
|
|
|
return NETDEV_TX_OK;
|
2016-04-14 13:33:37 -06:00
|
|
|
tx_error:
|
|
|
|
|
kfree_skb(skb);
|
2013-10-20 21:47:30 -06:00
|
|
|
dev->stats.tx_errors++;
|
|
|
|
|
return NETDEV_TX_OK;
|
2013-05-27 17:48:16 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static netdev_tx_t sit_tunnel_xmit(struct sk_buff *skb,
|
|
|
|
|
struct net_device *dev)
|
|
|
|
|
{
|
2018-12-30 15:24:36 -07:00
|
|
|
if (!pskb_inet_may_pull(skb))
|
|
|
|
|
goto tx_err;
|
|
|
|
|
|
2013-05-27 17:48:16 -06:00
|
|
|
switch (skb->protocol) {
|
|
|
|
|
case htons(ETH_P_IP):
|
2016-07-06 23:56:13 -06:00
|
|
|
sit_tunnel_xmit__(skb, dev, IPPROTO_IPIP);
|
2013-05-27 17:48:16 -06:00
|
|
|
break;
|
|
|
|
|
case htons(ETH_P_IPV6):
|
|
|
|
|
ipip6_tunnel_xmit(skb, dev);
|
|
|
|
|
break;
|
2016-07-06 23:56:13 -06:00
|
|
|
#if IS_ENABLED(CONFIG_MPLS)
|
|
|
|
|
case htons(ETH_P_MPLS_UC):
|
|
|
|
|
sit_tunnel_xmit__(skb, dev, IPPROTO_MPLS);
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
2013-05-27 17:48:16 -06:00
|
|
|
default:
|
|
|
|
|
goto tx_err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NETDEV_TX_OK;
|
|
|
|
|
|
|
|
|
|
tx_err:
|
|
|
|
|
dev->stats.tx_errors++;
|
2013-11-25 02:21:24 -07:00
|
|
|
kfree_skb(skb);
|
2013-05-27 17:48:16 -06:00
|
|
|
return NETDEV_TX_OK;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2007-12-13 10:47:00 -07:00
|
|
|
static void ipip6_tunnel_bind_dev(struct net_device *dev)
|
|
|
|
|
{
|
|
|
|
|
struct net_device *tdev = NULL;
|
|
|
|
|
struct ip_tunnel *tunnel;
|
2011-04-21 22:53:02 -06:00
|
|
|
const struct iphdr *iph;
|
2011-05-03 21:25:42 -06:00
|
|
|
struct flowi4 fl4;
|
2007-12-13 10:47:00 -07:00
|
|
|
|
|
|
|
|
tunnel = netdev_priv(dev);
|
|
|
|
|
iph = &tunnel->parms.iph;
|
|
|
|
|
|
|
|
|
|
if (iph->daddr) {
|
2013-06-26 08:11:28 -06:00
|
|
|
struct rtable *rt = ip_route_output_ports(tunnel->net, &fl4,
|
|
|
|
|
NULL,
|
2011-03-11 22:00:52 -07:00
|
|
|
iph->daddr, iph->saddr,
|
|
|
|
|
0, 0,
|
|
|
|
|
IPPROTO_IPV6,
|
|
|
|
|
RT_TOS(iph->tos),
|
|
|
|
|
tunnel->parms.link);
|
2011-03-02 15:31:35 -07:00
|
|
|
|
|
|
|
|
if (!IS_ERR(rt)) {
|
2010-06-11 00:31:35 -06:00
|
|
|
tdev = rt->dst.dev;
|
2007-12-13 10:47:00 -07:00
|
|
|
ip_rt_put(rt);
|
|
|
|
|
}
|
|
|
|
|
dev->flags |= IFF_POINTOPOINT;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!tdev && tunnel->parms.link)
|
2013-06-26 08:11:28 -06:00
|
|
|
tdev = __dev_get_by_index(tunnel->net, tunnel->parms.link);
|
2007-12-13 10:47:00 -07:00
|
|
|
|
2019-05-06 13:00:01 -06:00
|
|
|
if (tdev && !netif_is_l3_master(tdev)) {
|
2014-09-17 13:25:59 -06:00
|
|
|
int t_hlen = tunnel->hlen + sizeof(struct iphdr);
|
|
|
|
|
|
|
|
|
|
dev->mtu = tdev->mtu - t_hlen;
|
2007-12-13 10:47:00 -07:00
|
|
|
if (dev->mtu < IPV6_MIN_MTU)
|
|
|
|
|
dev->mtu = IPV6_MIN_MTU;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-19 10:30:54 -06:00
|
|
|
static void ipip6_tunnel_update(struct ip_tunnel *t, struct ip_tunnel_parm *p,
|
|
|
|
|
__u32 fwmark)
|
2012-11-13 22:14:07 -07:00
|
|
|
{
|
2013-06-26 08:11:28 -06:00
|
|
|
struct net *net = t->net;
|
2012-11-13 22:14:07 -07:00
|
|
|
struct sit_net *sitn = net_generic(net, sit_net_id);
|
|
|
|
|
|
|
|
|
|
ipip6_tunnel_unlink(sitn, t);
|
|
|
|
|
synchronize_net();
|
|
|
|
|
t->parms.iph.saddr = p->iph.saddr;
|
|
|
|
|
t->parms.iph.daddr = p->iph.daddr;
|
|
|
|
|
memcpy(t->dev->dev_addr, &p->iph.saddr, 4);
|
|
|
|
|
memcpy(t->dev->broadcast, &p->iph.daddr, 4);
|
|
|
|
|
ipip6_tunnel_link(sitn, t);
|
|
|
|
|
t->parms.iph.ttl = p->iph.ttl;
|
|
|
|
|
t->parms.iph.tos = p->iph.tos;
|
2017-11-29 19:41:14 -07:00
|
|
|
t->parms.iph.frag_off = p->iph.frag_off;
|
2017-04-19 10:30:54 -06:00
|
|
|
if (t->parms.link != p->link || t->fwmark != fwmark) {
|
2012-11-13 22:14:07 -07:00
|
|
|
t->parms.link = p->link;
|
2017-04-19 10:30:54 -06:00
|
|
|
t->fwmark = fwmark;
|
2012-11-13 22:14:07 -07:00
|
|
|
ipip6_tunnel_bind_dev(t->dev);
|
|
|
|
|
}
|
2016-02-12 07:43:55 -07:00
|
|
|
dst_cache_reset(&t->dst_cache);
|
2012-11-13 22:14:07 -07:00
|
|
|
netdev_state_change(t->dev);
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-19 15:41:45 -07:00
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
|
|
|
|
static int ipip6_tunnel_update_6rd(struct ip_tunnel *t,
|
|
|
|
|
struct ip_tunnel_6rd *ip6rd)
|
|
|
|
|
{
|
|
|
|
|
struct in6_addr prefix;
|
|
|
|
|
__be32 relay_prefix;
|
|
|
|
|
|
|
|
|
|
if (ip6rd->relay_prefixlen > 32 ||
|
|
|
|
|
ip6rd->prefixlen + (32 - ip6rd->relay_prefixlen) > 64)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
ipv6_addr_prefix(&prefix, &ip6rd->prefix, ip6rd->prefixlen);
|
|
|
|
|
if (!ipv6_addr_equal(&prefix, &ip6rd->prefix))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
if (ip6rd->relay_prefixlen)
|
|
|
|
|
relay_prefix = ip6rd->relay_prefix &
|
|
|
|
|
htonl(0xffffffffUL <<
|
|
|
|
|
(32 - ip6rd->relay_prefixlen));
|
|
|
|
|
else
|
|
|
|
|
relay_prefix = 0;
|
|
|
|
|
if (relay_prefix != ip6rd->relay_prefix)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
t->ip6rd.prefix = prefix;
|
|
|
|
|
t->ip6rd.relay_prefix = relay_prefix;
|
|
|
|
|
t->ip6rd.prefixlen = ip6rd->prefixlen;
|
|
|
|
|
t->ip6rd.relay_prefixlen = ip6rd->relay_prefixlen;
|
2016-02-12 07:43:55 -07:00
|
|
|
dst_cache_reset(&t->dst_cache);
|
2012-11-19 15:41:45 -07:00
|
|
|
netdev_state_change(t->dev);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2016-08-12 19:54:15 -06:00
|
|
|
static bool ipip6_valid_ip_proto(u8 ipproto)
|
2016-07-06 23:56:13 -06:00
|
|
|
{
|
|
|
|
|
return ipproto == IPPROTO_IPV6 ||
|
|
|
|
|
ipproto == IPPROTO_IPIP ||
|
|
|
|
|
#if IS_ENABLED(CONFIG_MPLS)
|
|
|
|
|
ipproto == IPPROTO_MPLS ||
|
|
|
|
|
#endif
|
|
|
|
|
ipproto == 0;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
static int
|
2014-08-24 14:53:10 -06:00
|
|
|
ipip6_tunnel_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
int err = 0;
|
|
|
|
|
struct ip_tunnel_parm p;
|
2008-03-11 16:35:59 -06:00
|
|
|
struct ip_tunnel_prl prl;
|
2014-04-16 03:19:33 -06:00
|
|
|
struct ip_tunnel *t = netdev_priv(dev);
|
|
|
|
|
struct net *net = t->net;
|
2008-04-16 02:15:39 -06:00
|
|
|
struct sit_net *sitn = net_generic(net, sit_net_id);
|
2009-09-22 17:43:14 -06:00
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
|
|
|
|
struct ip_tunnel_6rd ip6rd;
|
|
|
|
|
#endif
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
switch (cmd) {
|
|
|
|
|
case SIOCGETTUNNEL:
|
2009-09-22 17:43:14 -06:00
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
|
|
|
|
case SIOCGET6RD:
|
|
|
|
|
#endif
|
2008-04-16 02:16:18 -06:00
|
|
|
if (dev == sitn->fb_tunnel_dev) {
|
2005-04-16 16:20:36 -06:00
|
|
|
if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
|
|
|
|
|
err = -EFAULT;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2008-04-16 02:15:39 -06:00
|
|
|
t = ipip6_tunnel_locate(net, &p, 0);
|
2015-03-29 07:00:04 -06:00
|
|
|
if (!t)
|
2014-04-16 03:19:33 -06:00
|
|
|
t = netdev_priv(dev);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2009-09-22 17:43:14 -06:00
|
|
|
|
|
|
|
|
err = -EFAULT;
|
|
|
|
|
if (cmd == SIOCGETTUNNEL) {
|
|
|
|
|
memcpy(&p, &t->parms, sizeof(p));
|
|
|
|
|
if (copy_to_user(ifr->ifr_ifru.ifru_data, &p,
|
|
|
|
|
sizeof(p)))
|
|
|
|
|
goto done;
|
|
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
|
|
|
|
} else {
|
2011-11-20 20:39:03 -07:00
|
|
|
ip6rd.prefix = t->ip6rd.prefix;
|
2009-09-22 17:43:14 -06:00
|
|
|
ip6rd.relay_prefix = t->ip6rd.relay_prefix;
|
|
|
|
|
ip6rd.prefixlen = t->ip6rd.prefixlen;
|
|
|
|
|
ip6rd.relay_prefixlen = t->ip6rd.relay_prefixlen;
|
|
|
|
|
if (copy_to_user(ifr->ifr_ifru.ifru_data, &ip6rd,
|
|
|
|
|
sizeof(ip6rd)))
|
|
|
|
|
goto done;
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
err = 0;
|
2005-04-16 16:20:36 -06:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case SIOCADDTUNNEL:
|
|
|
|
|
case SIOCCHGTUNNEL:
|
|
|
|
|
err = -EPERM;
|
net: Allow userns root to control ipv6
Allow an unpriviled user who has created a user namespace, and then
created a network namespace to effectively use the new network
namespace, by reducing capable(CAP_NET_ADMIN) and
capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.
Settings that merely control a single network device are allowed.
Either the network device is a logical network device where
restrictions make no difference or the network device is hardware NIC
that has been explicity moved from the initial network namespace.
In general policy and network stack state changes are allowed while
resource control is left unchanged.
Allow the SIOCSIFADDR ioctl to add ipv6 addresses.
Allow the SIOCDIFADDR ioctl to delete ipv6 addresses.
Allow the SIOCADDRT ioctl to add ipv6 routes.
Allow the SIOCDELRT ioctl to delete ipv6 routes.
Allow creation of ipv6 raw sockets.
Allow setting the IPV6_JOIN_ANYCAST socket option.
Allow setting the IPV6_FL_A_RENEW parameter of the IPV6_FLOWLABEL_MGR
socket option.
Allow setting the IPV6_TRANSPARENT socket option.
Allow setting the IPV6_HOPOPTS socket option.
Allow setting the IPV6_RTHDRDSTOPTS socket option.
Allow setting the IPV6_DSTOPTS socket option.
Allow setting the IPV6_IPSEC_POLICY socket option.
Allow setting the IPV6_XFRM_POLICY socket option.
Allow sending packets with the IPV6_2292HOPOPTS control message.
Allow sending packets with the IPV6_2292DSTOPTS control message.
Allow sending packets with the IPV6_RTHDRDSTOPTS control message.
Allow setting the multicast routing socket options on non multicast
routing sockets.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL, and SIOCDELTUNNEL ioctls for
setting up, changing and deleting tunnels over ipv6.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL, SIOCDELTUNNEL ioctls for
setting up, changing and deleting ipv6 over ipv4 tunnels.
Allow the SIOCADDPRL, SIOCDELPRL, SIOCCHGPRL ioctls for adding,
deleting, and changing the potential router list for ISATAP tunnels.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-15 20:03:06 -07:00
|
|
|
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
|
2005-04-16 16:20:36 -06:00
|
|
|
goto done;
|
|
|
|
|
|
|
|
|
|
err = -EFAULT;
|
|
|
|
|
if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
|
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
|
|
err = -EINVAL;
|
2016-07-06 23:56:13 -06:00
|
|
|
if (!ipip6_valid_ip_proto(p.iph.protocol))
|
2013-05-27 17:48:16 -06:00
|
|
|
goto done;
|
|
|
|
|
if (p.iph.version != 4 ||
|
2005-04-16 16:20:36 -06:00
|
|
|
p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
|
|
|
|
|
goto done;
|
|
|
|
|
if (p.iph.ttl)
|
|
|
|
|
p.iph.frag_off |= htons(IP_DF);
|
|
|
|
|
|
2008-04-16 02:15:39 -06:00
|
|
|
t = ipip6_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2008-04-16 02:16:18 -06:00
|
|
|
if (dev != sitn->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
|
2015-03-29 07:00:05 -06:00
|
|
|
if (t) {
|
2005-04-16 16:20:36 -06:00
|
|
|
if (t->dev != dev) {
|
|
|
|
|
err = -EEXIST;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if (((dev->flags&IFF_POINTOPOINT) && !p.iph.daddr) ||
|
|
|
|
|
(!(dev->flags&IFF_POINTOPOINT) && p.iph.daddr)) {
|
|
|
|
|
err = -EINVAL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2006-01-08 23:05:26 -07:00
|
|
|
t = netdev_priv(dev);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2012-11-13 22:14:04 -07:00
|
|
|
|
2017-04-19 10:30:54 -06:00
|
|
|
ipip6_tunnel_update(t, &p, t->fwmark);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (t) {
|
|
|
|
|
err = 0;
|
|
|
|
|
if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
|
|
|
|
|
err = -EFAULT;
|
|
|
|
|
} else
|
|
|
|
|
err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case SIOCDELTUNNEL:
|
|
|
|
|
err = -EPERM;
|
net: Allow userns root to control ipv6
Allow an unpriviled user who has created a user namespace, and then
created a network namespace to effectively use the new network
namespace, by reducing capable(CAP_NET_ADMIN) and
capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.
Settings that merely control a single network device are allowed.
Either the network device is a logical network device where
restrictions make no difference or the network device is hardware NIC
that has been explicity moved from the initial network namespace.
In general policy and network stack state changes are allowed while
resource control is left unchanged.
Allow the SIOCSIFADDR ioctl to add ipv6 addresses.
Allow the SIOCDIFADDR ioctl to delete ipv6 addresses.
Allow the SIOCADDRT ioctl to add ipv6 routes.
Allow the SIOCDELRT ioctl to delete ipv6 routes.
Allow creation of ipv6 raw sockets.
Allow setting the IPV6_JOIN_ANYCAST socket option.
Allow setting the IPV6_FL_A_RENEW parameter of the IPV6_FLOWLABEL_MGR
socket option.
Allow setting the IPV6_TRANSPARENT socket option.
Allow setting the IPV6_HOPOPTS socket option.
Allow setting the IPV6_RTHDRDSTOPTS socket option.
Allow setting the IPV6_DSTOPTS socket option.
Allow setting the IPV6_IPSEC_POLICY socket option.
Allow setting the IPV6_XFRM_POLICY socket option.
Allow sending packets with the IPV6_2292HOPOPTS control message.
Allow sending packets with the IPV6_2292DSTOPTS control message.
Allow sending packets with the IPV6_RTHDRDSTOPTS control message.
Allow setting the multicast routing socket options on non multicast
routing sockets.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL, and SIOCDELTUNNEL ioctls for
setting up, changing and deleting tunnels over ipv6.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL, SIOCDELTUNNEL ioctls for
setting up, changing and deleting ipv6 over ipv4 tunnels.
Allow the SIOCADDPRL, SIOCDELPRL, SIOCCHGPRL ioctls for adding,
deleting, and changing the potential router list for ISATAP tunnels.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-15 20:03:06 -07:00
|
|
|
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
|
2005-04-16 16:20:36 -06:00
|
|
|
goto done;
|
|
|
|
|
|
2008-04-16 02:16:18 -06:00
|
|
|
if (dev == sitn->fb_tunnel_dev) {
|
2005-04-16 16:20:36 -06:00
|
|
|
err = -EFAULT;
|
|
|
|
|
if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
|
|
|
|
|
goto done;
|
|
|
|
|
err = -ENOENT;
|
2014-11-23 14:28:43 -07:00
|
|
|
t = ipip6_tunnel_locate(net, &p, 0);
|
2015-03-29 07:00:04 -06:00
|
|
|
if (!t)
|
2005-04-16 16:20:36 -06:00
|
|
|
goto done;
|
|
|
|
|
err = -EPERM;
|
2008-04-16 02:16:18 -06:00
|
|
|
if (t == netdev_priv(sitn->fb_tunnel_dev))
|
2005-04-16 16:20:36 -06:00
|
|
|
goto done;
|
|
|
|
|
dev = t->dev;
|
|
|
|
|
}
|
2007-02-07 01:09:58 -07:00
|
|
|
unregister_netdevice(dev);
|
|
|
|
|
err = 0;
|
2005-04-16 16:20:36 -06:00
|
|
|
break;
|
|
|
|
|
|
2008-03-24 03:28:39 -06:00
|
|
|
case SIOCGETPRL:
|
2008-06-16 17:48:20 -06:00
|
|
|
err = -EINVAL;
|
|
|
|
|
if (dev == sitn->fb_tunnel_dev)
|
|
|
|
|
goto done;
|
|
|
|
|
err = ipip6_tunnel_get_prl(t, ifr->ifr_ifru.ifru_data);
|
|
|
|
|
break;
|
|
|
|
|
|
2008-03-11 16:35:59 -06:00
|
|
|
case SIOCADDPRL:
|
|
|
|
|
case SIOCDELPRL:
|
|
|
|
|
case SIOCCHGPRL:
|
|
|
|
|
err = -EPERM;
|
net: Allow userns root to control ipv6
Allow an unpriviled user who has created a user namespace, and then
created a network namespace to effectively use the new network
namespace, by reducing capable(CAP_NET_ADMIN) and
capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.
Settings that merely control a single network device are allowed.
Either the network device is a logical network device where
restrictions make no difference or the network device is hardware NIC
that has been explicity moved from the initial network namespace.
In general policy and network stack state changes are allowed while
resource control is left unchanged.
Allow the SIOCSIFADDR ioctl to add ipv6 addresses.
Allow the SIOCDIFADDR ioctl to delete ipv6 addresses.
Allow the SIOCADDRT ioctl to add ipv6 routes.
Allow the SIOCDELRT ioctl to delete ipv6 routes.
Allow creation of ipv6 raw sockets.
Allow setting the IPV6_JOIN_ANYCAST socket option.
Allow setting the IPV6_FL_A_RENEW parameter of the IPV6_FLOWLABEL_MGR
socket option.
Allow setting the IPV6_TRANSPARENT socket option.
Allow setting the IPV6_HOPOPTS socket option.
Allow setting the IPV6_RTHDRDSTOPTS socket option.
Allow setting the IPV6_DSTOPTS socket option.
Allow setting the IPV6_IPSEC_POLICY socket option.
Allow setting the IPV6_XFRM_POLICY socket option.
Allow sending packets with the IPV6_2292HOPOPTS control message.
Allow sending packets with the IPV6_2292DSTOPTS control message.
Allow sending packets with the IPV6_RTHDRDSTOPTS control message.
Allow setting the multicast routing socket options on non multicast
routing sockets.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL, and SIOCDELTUNNEL ioctls for
setting up, changing and deleting tunnels over ipv6.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL, SIOCDELTUNNEL ioctls for
setting up, changing and deleting ipv6 over ipv4 tunnels.
Allow the SIOCADDPRL, SIOCDELPRL, SIOCCHGPRL ioctls for adding,
deleting, and changing the potential router list for ISATAP tunnels.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-15 20:03:06 -07:00
|
|
|
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
|
2008-03-11 16:35:59 -06:00
|
|
|
goto done;
|
|
|
|
|
err = -EINVAL;
|
2008-04-16 02:16:18 -06:00
|
|
|
if (dev == sitn->fb_tunnel_dev)
|
2008-03-11 16:35:59 -06:00
|
|
|
goto done;
|
|
|
|
|
err = -EFAULT;
|
|
|
|
|
if (copy_from_user(&prl, ifr->ifr_ifru.ifru_data, sizeof(prl)))
|
|
|
|
|
goto done;
|
|
|
|
|
|
2008-03-24 03:28:39 -06:00
|
|
|
switch (cmd) {
|
|
|
|
|
case SIOCDELPRL:
|
2008-03-11 16:35:59 -06:00
|
|
|
err = ipip6_tunnel_del_prl(t, &prl);
|
2008-03-24 03:28:39 -06:00
|
|
|
break;
|
|
|
|
|
case SIOCADDPRL:
|
|
|
|
|
case SIOCCHGPRL:
|
2008-03-11 16:35:59 -06:00
|
|
|
err = ipip6_tunnel_add_prl(t, &prl, cmd == SIOCCHGPRL);
|
2008-03-24 03:28:39 -06:00
|
|
|
break;
|
|
|
|
|
}
|
2016-02-12 07:43:55 -07:00
|
|
|
dst_cache_reset(&t->dst_cache);
|
2008-06-16 17:48:20 -06:00
|
|
|
netdev_state_change(dev);
|
2008-03-11 16:35:59 -06:00
|
|
|
break;
|
|
|
|
|
|
2009-09-22 17:43:14 -06:00
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
|
|
|
|
case SIOCADD6RD:
|
|
|
|
|
case SIOCCHG6RD:
|
|
|
|
|
case SIOCDEL6RD:
|
|
|
|
|
err = -EPERM;
|
net: Allow userns root to control ipv6
Allow an unpriviled user who has created a user namespace, and then
created a network namespace to effectively use the new network
namespace, by reducing capable(CAP_NET_ADMIN) and
capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.
Settings that merely control a single network device are allowed.
Either the network device is a logical network device where
restrictions make no difference or the network device is hardware NIC
that has been explicity moved from the initial network namespace.
In general policy and network stack state changes are allowed while
resource control is left unchanged.
Allow the SIOCSIFADDR ioctl to add ipv6 addresses.
Allow the SIOCDIFADDR ioctl to delete ipv6 addresses.
Allow the SIOCADDRT ioctl to add ipv6 routes.
Allow the SIOCDELRT ioctl to delete ipv6 routes.
Allow creation of ipv6 raw sockets.
Allow setting the IPV6_JOIN_ANYCAST socket option.
Allow setting the IPV6_FL_A_RENEW parameter of the IPV6_FLOWLABEL_MGR
socket option.
Allow setting the IPV6_TRANSPARENT socket option.
Allow setting the IPV6_HOPOPTS socket option.
Allow setting the IPV6_RTHDRDSTOPTS socket option.
Allow setting the IPV6_DSTOPTS socket option.
Allow setting the IPV6_IPSEC_POLICY socket option.
Allow setting the IPV6_XFRM_POLICY socket option.
Allow sending packets with the IPV6_2292HOPOPTS control message.
Allow sending packets with the IPV6_2292DSTOPTS control message.
Allow sending packets with the IPV6_RTHDRDSTOPTS control message.
Allow setting the multicast routing socket options on non multicast
routing sockets.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL, and SIOCDELTUNNEL ioctls for
setting up, changing and deleting tunnels over ipv6.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL, SIOCDELTUNNEL ioctls for
setting up, changing and deleting ipv6 over ipv4 tunnels.
Allow the SIOCADDPRL, SIOCDELPRL, SIOCCHGPRL ioctls for adding,
deleting, and changing the potential router list for ISATAP tunnels.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-15 20:03:06 -07:00
|
|
|
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
|
2009-09-22 17:43:14 -06:00
|
|
|
goto done;
|
|
|
|
|
|
|
|
|
|
err = -EFAULT;
|
|
|
|
|
if (copy_from_user(&ip6rd, ifr->ifr_ifru.ifru_data,
|
|
|
|
|
sizeof(ip6rd)))
|
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
|
|
if (cmd != SIOCDEL6RD) {
|
2012-11-19 15:41:45 -07:00
|
|
|
err = ipip6_tunnel_update_6rd(t, &ip6rd);
|
|
|
|
|
if (err < 0)
|
2009-09-22 17:43:14 -06:00
|
|
|
goto done;
|
|
|
|
|
} else
|
2009-10-10 21:31:34 -06:00
|
|
|
ipip6_tunnel_clone_6rd(dev, sitn);
|
2009-09-22 17:43:14 -06:00
|
|
|
|
|
|
|
|
err = 0;
|
|
|
|
|
break;
|
|
|
|
|
#endif
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
default:
|
|
|
|
|
err = -EINVAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
done:
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2008-11-20 21:33:56 -07:00
|
|
|
static const struct net_device_ops ipip6_netdev_ops = {
|
2014-11-03 01:19:29 -07:00
|
|
|
.ndo_init = ipip6_tunnel_init,
|
2008-11-20 21:33:56 -07:00
|
|
|
.ndo_uninit = ipip6_tunnel_uninit,
|
2013-05-27 17:48:16 -06:00
|
|
|
.ndo_start_xmit = sit_tunnel_xmit,
|
2008-11-20 21:33:56 -07:00
|
|
|
.ndo_do_ioctl = ipip6_tunnel_ioctl,
|
2013-03-25 08:50:00 -06:00
|
|
|
.ndo_get_stats64 = ip_tunnel_get_stats64,
|
2015-04-02 09:07:02 -06:00
|
|
|
.ndo_get_iflink = ip_tunnel_get_iflink,
|
2008-11-20 21:33:56 -07:00
|
|
|
};
|
|
|
|
|
|
2010-09-26 18:38:18 -06:00
|
|
|
static void ipip6_dev_free(struct net_device *dev)
|
|
|
|
|
{
|
2014-02-20 02:19:31 -07:00
|
|
|
struct ip_tunnel *tunnel = netdev_priv(dev);
|
|
|
|
|
|
2016-02-12 07:43:55 -07:00
|
|
|
dst_cache_destroy(&tunnel->dst_cache);
|
2010-09-26 18:38:18 -06:00
|
|
|
free_percpu(dev->tstats);
|
|
|
|
|
}
|
|
|
|
|
|
2013-10-20 21:47:30 -06:00
|
|
|
#define SIT_FEATURES (NETIF_F_SG | \
|
|
|
|
|
NETIF_F_FRAGLIST | \
|
|
|
|
|
NETIF_F_HIGHDMA | \
|
|
|
|
|
NETIF_F_GSO_SOFTWARE | \
|
|
|
|
|
NETIF_F_HW_CSUM)
|
|
|
|
|
|
2005-04-16 16:20:36 -06:00
|
|
|
static void ipip6_tunnel_setup(struct net_device *dev)
|
|
|
|
|
{
|
2014-09-17 13:25:59 -06:00
|
|
|
struct ip_tunnel *tunnel = netdev_priv(dev);
|
|
|
|
|
int t_hlen = tunnel->hlen + sizeof(struct iphdr);
|
|
|
|
|
|
2008-11-20 21:33:56 -07:00
|
|
|
dev->netdev_ops = &ipip6_netdev_ops;
|
net: Fix inconsistent teardown and release of private netdev state.
Network devices can allocate reasources and private memory using
netdev_ops->ndo_init(). However, the release of these resources
can occur in one of two different places.
Either netdev_ops->ndo_uninit() or netdev->destructor().
The decision of which operation frees the resources depends upon
whether it is necessary for all netdev refs to be released before it
is safe to perform the freeing.
netdev_ops->ndo_uninit() presumably can occur right after the
NETDEV_UNREGISTER notifier completes and the unicast and multicast
address lists are flushed.
netdev->destructor(), on the other hand, does not run until the
netdev references all go away.
Further complicating the situation is that netdev->destructor()
almost universally does also a free_netdev().
This creates a problem for the logic in register_netdevice().
Because all callers of register_netdevice() manage the freeing
of the netdev, and invoke free_netdev(dev) if register_netdevice()
fails.
If netdev_ops->ndo_init() succeeds, but something else fails inside
of register_netdevice(), it does call ndo_ops->ndo_uninit(). But
it is not able to invoke netdev->destructor().
This is because netdev->destructor() will do a free_netdev() and
then the caller of register_netdevice() will do the same.
However, this means that the resources that would normally be released
by netdev->destructor() will not be.
Over the years drivers have added local hacks to deal with this, by
invoking their destructor parts by hand when register_netdevice()
fails.
Many drivers do not try to deal with this, and instead we have leaks.
Let's close this hole by formalizing the distinction between what
private things need to be freed up by netdev->destructor() and whether
the driver needs unregister_netdevice() to perform the free_netdev().
netdev->priv_destructor() performs all actions to free up the private
resources that used to be freed by netdev->destructor(), except for
free_netdev().
netdev->needs_free_netdev is a boolean that indicates whether
free_netdev() should be done at the end of unregister_netdevice().
Now, register_netdevice() can sanely release all resources after
ndo_ops->ndo_init() succeeds, by invoking both ndo_ops->ndo_uninit()
and netdev->priv_destructor().
And at the end of unregister_netdevice(), we invoke
netdev->priv_destructor() and optionally call free_netdev().
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-05-08 10:52:56 -06:00
|
|
|
dev->needs_free_netdev = true;
|
|
|
|
|
dev->priv_destructor = ipip6_dev_free;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
dev->type = ARPHRD_SIT;
|
2014-09-17 13:25:59 -06:00
|
|
|
dev->mtu = ETH_DATA_LEN - t_hlen;
|
2016-10-20 11:55:24 -06:00
|
|
|
dev->min_mtu = IPV6_MIN_MTU;
|
2018-05-31 02:59:33 -06:00
|
|
|
dev->max_mtu = IP6_MAX_MTU - t_hlen;
|
2005-04-16 16:20:36 -06:00
|
|
|
dev->flags = IFF_NOARP;
|
2014-10-05 19:38:35 -06:00
|
|
|
netif_keep_dst(dev);
|
2005-04-16 16:20:36 -06:00
|
|
|
dev->addr_len = 4;
|
2010-09-27 20:53:41 -06:00
|
|
|
dev->features |= NETIF_F_LLTX;
|
2013-10-20 21:47:30 -06:00
|
|
|
dev->features |= SIT_FEATURES;
|
|
|
|
|
dev->hw_features |= SIT_FEATURES;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2010-09-26 18:38:18 -06:00
|
|
|
static int ipip6_tunnel_init(struct net_device *dev)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2008-11-20 21:33:56 -07:00
|
|
|
struct ip_tunnel *tunnel = netdev_priv(dev);
|
2016-02-12 07:43:55 -07:00
|
|
|
int err;
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
tunnel->dev = dev;
|
2013-06-26 08:11:28 -06:00
|
|
|
tunnel->net = dev_net(dev);
|
2014-11-03 01:19:29 -07:00
|
|
|
strcpy(tunnel->parms.name, dev->name);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2007-12-13 10:47:00 -07:00
|
|
|
ipip6_tunnel_bind_dev(dev);
|
2014-02-13 12:46:28 -07:00
|
|
|
dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
|
2010-09-26 18:38:18 -06:00
|
|
|
if (!dev->tstats)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2016-02-12 07:43:55 -07:00
|
|
|
err = dst_cache_init(&tunnel->dst_cache, GFP_KERNEL);
|
|
|
|
|
if (err) {
|
2014-02-20 02:19:31 -07:00
|
|
|
free_percpu(dev->tstats);
|
2017-02-08 11:02:13 -07:00
|
|
|
dev->tstats = NULL;
|
2016-02-12 07:43:55 -07:00
|
|
|
return err;
|
2014-02-20 02:19:31 -07:00
|
|
|
}
|
|
|
|
|
|
2010-09-26 18:38:18 -06:00
|
|
|
return 0;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2015-11-02 18:08:19 -07:00
|
|
|
static void __net_init ipip6_fb_tunnel_init(struct net_device *dev)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2006-01-08 23:05:26 -07:00
|
|
|
struct ip_tunnel *tunnel = netdev_priv(dev);
|
2005-04-16 16:20:36 -06:00
|
|
|
struct iphdr *iph = &tunnel->parms.iph;
|
2008-04-16 02:16:38 -06:00
|
|
|
struct net *net = dev_net(dev);
|
|
|
|
|
struct sit_net *sitn = net_generic(net, sit_net_id);
|
2005-04-16 16:20:36 -06:00
|
|
|
|
|
|
|
|
iph->version = 4;
|
|
|
|
|
iph->protocol = IPPROTO_IPV6;
|
|
|
|
|
iph->ihl = 5;
|
|
|
|
|
iph->ttl = 64;
|
|
|
|
|
|
|
|
|
|
dev_hold(dev);
|
2012-01-11 21:41:32 -07:00
|
|
|
rcu_assign_pointer(sitn->tunnels_wc[0], tunnel);
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2017-06-25 15:56:01 -06:00
|
|
|
static int ipip6_validate(struct nlattr *tb[], struct nlattr *data[],
|
|
|
|
|
struct netlink_ext_ack *extack)
|
2013-05-27 17:48:16 -06:00
|
|
|
{
|
|
|
|
|
u8 proto;
|
|
|
|
|
|
2013-06-19 04:03:13 -06:00
|
|
|
if (!data || !data[IFLA_IPTUN_PROTO])
|
2013-05-27 17:48:16 -06:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
|
2016-07-06 23:56:13 -06:00
|
|
|
if (!ipip6_valid_ip_proto(proto))
|
2013-05-27 17:48:16 -06:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-13 22:14:07 -07:00
|
|
|
static void ipip6_netlink_parms(struct nlattr *data[],
|
2017-04-19 10:30:54 -06:00
|
|
|
struct ip_tunnel_parm *parms,
|
|
|
|
|
__u32 *fwmark)
|
2012-11-13 22:14:07 -07:00
|
|
|
{
|
|
|
|
|
memset(parms, 0, sizeof(*parms));
|
|
|
|
|
|
|
|
|
|
parms->iph.version = 4;
|
|
|
|
|
parms->iph.protocol = IPPROTO_IPV6;
|
|
|
|
|
parms->iph.ihl = 5;
|
|
|
|
|
parms->iph.ttl = 64;
|
|
|
|
|
|
|
|
|
|
if (!data)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_LINK])
|
|
|
|
|
parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]);
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_LOCAL])
|
2012-11-14 21:06:41 -07:00
|
|
|
parms->iph.saddr = nla_get_be32(data[IFLA_IPTUN_LOCAL]);
|
2012-11-13 22:14:07 -07:00
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_REMOTE])
|
2012-11-14 21:06:41 -07:00
|
|
|
parms->iph.daddr = nla_get_be32(data[IFLA_IPTUN_REMOTE]);
|
2012-11-13 22:14:07 -07:00
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_TTL]) {
|
|
|
|
|
parms->iph.ttl = nla_get_u8(data[IFLA_IPTUN_TTL]);
|
|
|
|
|
if (parms->iph.ttl)
|
|
|
|
|
parms->iph.frag_off = htons(IP_DF);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_TOS])
|
|
|
|
|
parms->iph.tos = nla_get_u8(data[IFLA_IPTUN_TOS]);
|
|
|
|
|
|
|
|
|
|
if (!data[IFLA_IPTUN_PMTUDISC] || nla_get_u8(data[IFLA_IPTUN_PMTUDISC]))
|
|
|
|
|
parms->iph.frag_off = htons(IP_DF);
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_FLAGS])
|
2012-11-14 21:06:41 -07:00
|
|
|
parms->i_flags = nla_get_be16(data[IFLA_IPTUN_FLAGS]);
|
2013-05-27 17:48:16 -06:00
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_PROTO])
|
|
|
|
|
parms->iph.protocol = nla_get_u8(data[IFLA_IPTUN_PROTO]);
|
|
|
|
|
|
2017-04-19 10:30:54 -06:00
|
|
|
if (data[IFLA_IPTUN_FWMARK])
|
|
|
|
|
*fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]);
|
2012-11-13 22:14:07 -07:00
|
|
|
}
|
|
|
|
|
|
2014-09-17 13:25:59 -06:00
|
|
|
/* This function returns true when ENCAP attributes are present in the nl msg */
|
|
|
|
|
static bool ipip6_netlink_encap_parms(struct nlattr *data[],
|
|
|
|
|
struct ip_tunnel_encap *ipencap)
|
|
|
|
|
{
|
|
|
|
|
bool ret = false;
|
|
|
|
|
|
|
|
|
|
memset(ipencap, 0, sizeof(*ipencap));
|
|
|
|
|
|
|
|
|
|
if (!data)
|
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_ENCAP_TYPE]) {
|
|
|
|
|
ret = true;
|
|
|
|
|
ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_ENCAP_FLAGS]) {
|
|
|
|
|
ret = true;
|
|
|
|
|
ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_ENCAP_SPORT]) {
|
|
|
|
|
ret = true;
|
2015-02-04 16:12:04 -07:00
|
|
|
ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]);
|
2014-09-17 13:25:59 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_ENCAP_DPORT]) {
|
|
|
|
|
ret = true;
|
2015-02-04 16:12:04 -07:00
|
|
|
ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]);
|
2014-09-17 13:25:59 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-19 15:41:45 -07:00
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
|
|
|
|
/* This function returns true when 6RD attributes are present in the nl msg */
|
|
|
|
|
static bool ipip6_netlink_6rd_parms(struct nlattr *data[],
|
|
|
|
|
struct ip_tunnel_6rd *ip6rd)
|
|
|
|
|
{
|
|
|
|
|
bool ret = false;
|
|
|
|
|
memset(ip6rd, 0, sizeof(*ip6rd));
|
|
|
|
|
|
|
|
|
|
if (!data)
|
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_6RD_PREFIX]) {
|
|
|
|
|
ret = true;
|
2015-03-29 08:59:26 -06:00
|
|
|
ip6rd->prefix = nla_get_in6_addr(data[IFLA_IPTUN_6RD_PREFIX]);
|
2012-11-19 15:41:45 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_6RD_RELAY_PREFIX]) {
|
|
|
|
|
ret = true;
|
|
|
|
|
ip6rd->relay_prefix =
|
|
|
|
|
nla_get_be32(data[IFLA_IPTUN_6RD_RELAY_PREFIX]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_6RD_PREFIXLEN]) {
|
|
|
|
|
ret = true;
|
|
|
|
|
ip6rd->prefixlen = nla_get_u16(data[IFLA_IPTUN_6RD_PREFIXLEN]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_6RD_RELAY_PREFIXLEN]) {
|
|
|
|
|
ret = true;
|
|
|
|
|
ip6rd->relay_prefixlen =
|
|
|
|
|
nla_get_u16(data[IFLA_IPTUN_6RD_RELAY_PREFIXLEN]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2012-11-13 22:14:07 -07:00
|
|
|
static int ipip6_newlink(struct net *src_net, struct net_device *dev,
|
2017-06-25 15:55:59 -06:00
|
|
|
struct nlattr *tb[], struct nlattr *data[],
|
|
|
|
|
struct netlink_ext_ack *extack)
|
2012-11-13 22:14:07 -07:00
|
|
|
{
|
|
|
|
|
struct net *net = dev_net(dev);
|
|
|
|
|
struct ip_tunnel *nt;
|
2014-09-17 13:25:59 -06:00
|
|
|
struct ip_tunnel_encap ipencap;
|
2012-11-19 15:41:45 -07:00
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
|
|
|
|
struct ip_tunnel_6rd ip6rd;
|
|
|
|
|
#endif
|
|
|
|
|
int err;
|
2012-11-13 22:14:07 -07:00
|
|
|
|
|
|
|
|
nt = netdev_priv(dev);
|
2014-09-17 13:25:59 -06:00
|
|
|
|
|
|
|
|
if (ipip6_netlink_encap_parms(data, &ipencap)) {
|
|
|
|
|
err = ip_tunnel_encap_setup(nt, &ipencap);
|
|
|
|
|
if (err < 0)
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-19 10:30:54 -06:00
|
|
|
ipip6_netlink_parms(data, &nt->parms, &nt->fwmark);
|
2012-11-13 22:14:07 -07:00
|
|
|
|
|
|
|
|
if (ipip6_tunnel_locate(net, &nt->parms, 0))
|
|
|
|
|
return -EEXIST;
|
|
|
|
|
|
2012-11-19 15:41:45 -07:00
|
|
|
err = ipip6_tunnel_create(dev);
|
|
|
|
|
if (err < 0)
|
|
|
|
|
return err;
|
|
|
|
|
|
2018-02-27 04:19:41 -07:00
|
|
|
if (tb[IFLA_MTU]) {
|
|
|
|
|
u32 mtu = nla_get_u32(tb[IFLA_MTU]);
|
|
|
|
|
|
2018-05-31 02:59:33 -06:00
|
|
|
if (mtu >= IPV6_MIN_MTU &&
|
|
|
|
|
mtu <= IP6_MAX_MTU - dev->hard_header_len)
|
2018-02-27 04:19:41 -07:00
|
|
|
dev->mtu = mtu;
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-19 15:41:45 -07:00
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
2021-01-13 18:29:47 -07:00
|
|
|
if (ipip6_netlink_6rd_parms(data, &ip6rd)) {
|
2012-11-19 15:41:45 -07:00
|
|
|
err = ipip6_tunnel_update_6rd(nt, &ip6rd);
|
2021-01-13 18:29:47 -07:00
|
|
|
if (err < 0)
|
|
|
|
|
unregister_netdevice_queue(dev, NULL);
|
|
|
|
|
}
|
2012-11-19 15:41:45 -07:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
return err;
|
2012-11-13 22:14:07 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int ipip6_changelink(struct net_device *dev, struct nlattr *tb[],
|
2017-06-25 15:56:00 -06:00
|
|
|
struct nlattr *data[],
|
|
|
|
|
struct netlink_ext_ack *extack)
|
2012-11-13 22:14:07 -07:00
|
|
|
{
|
2013-07-03 09:00:34 -06:00
|
|
|
struct ip_tunnel *t = netdev_priv(dev);
|
2012-11-13 22:14:07 -07:00
|
|
|
struct ip_tunnel_parm p;
|
2014-09-17 13:25:59 -06:00
|
|
|
struct ip_tunnel_encap ipencap;
|
2013-07-03 09:00:34 -06:00
|
|
|
struct net *net = t->net;
|
2012-11-13 22:14:07 -07:00
|
|
|
struct sit_net *sitn = net_generic(net, sit_net_id);
|
2012-11-19 15:41:45 -07:00
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
|
|
|
|
struct ip_tunnel_6rd ip6rd;
|
|
|
|
|
#endif
|
2017-04-19 10:30:54 -06:00
|
|
|
__u32 fwmark = t->fwmark;
|
2014-09-17 13:25:59 -06:00
|
|
|
int err;
|
2012-11-13 22:14:07 -07:00
|
|
|
|
|
|
|
|
if (dev == sitn->fb_tunnel_dev)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2014-09-17 13:25:59 -06:00
|
|
|
if (ipip6_netlink_encap_parms(data, &ipencap)) {
|
|
|
|
|
err = ip_tunnel_encap_setup(t, &ipencap);
|
|
|
|
|
if (err < 0)
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-19 10:30:54 -06:00
|
|
|
ipip6_netlink_parms(data, &p, &fwmark);
|
2012-11-13 22:14:07 -07:00
|
|
|
|
|
|
|
|
if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
|
|
|
|
|
(!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
t = ipip6_tunnel_locate(net, &p, 0);
|
|
|
|
|
|
|
|
|
|
if (t) {
|
|
|
|
|
if (t->dev != dev)
|
|
|
|
|
return -EEXIST;
|
|
|
|
|
} else
|
|
|
|
|
t = netdev_priv(dev);
|
|
|
|
|
|
2017-04-19 10:30:54 -06:00
|
|
|
ipip6_tunnel_update(t, &p, fwmark);
|
2012-11-19 15:41:45 -07:00
|
|
|
|
|
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
|
|
|
|
if (ipip6_netlink_6rd_parms(data, &ip6rd))
|
|
|
|
|
return ipip6_tunnel_update_6rd(t, &ip6rd);
|
|
|
|
|
#endif
|
|
|
|
|
|
2012-11-13 22:14:07 -07:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-13 22:14:06 -07:00
|
|
|
static size_t ipip6_get_size(const struct net_device *dev)
|
2012-11-08 23:10:00 -07:00
|
|
|
{
|
|
|
|
|
return
|
|
|
|
|
/* IFLA_IPTUN_LINK */
|
|
|
|
|
nla_total_size(4) +
|
|
|
|
|
/* IFLA_IPTUN_LOCAL */
|
|
|
|
|
nla_total_size(4) +
|
|
|
|
|
/* IFLA_IPTUN_REMOTE */
|
|
|
|
|
nla_total_size(4) +
|
|
|
|
|
/* IFLA_IPTUN_TTL */
|
|
|
|
|
nla_total_size(1) +
|
|
|
|
|
/* IFLA_IPTUN_TOS */
|
|
|
|
|
nla_total_size(1) +
|
2012-11-13 22:14:05 -07:00
|
|
|
/* IFLA_IPTUN_PMTUDISC */
|
|
|
|
|
nla_total_size(1) +
|
|
|
|
|
/* IFLA_IPTUN_FLAGS */
|
|
|
|
|
nla_total_size(2) +
|
2013-05-27 17:48:16 -06:00
|
|
|
/* IFLA_IPTUN_PROTO */
|
|
|
|
|
nla_total_size(1) +
|
2012-11-19 15:41:45 -07:00
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
|
|
|
|
/* IFLA_IPTUN_6RD_PREFIX */
|
|
|
|
|
nla_total_size(sizeof(struct in6_addr)) +
|
|
|
|
|
/* IFLA_IPTUN_6RD_RELAY_PREFIX */
|
|
|
|
|
nla_total_size(4) +
|
|
|
|
|
/* IFLA_IPTUN_6RD_PREFIXLEN */
|
|
|
|
|
nla_total_size(2) +
|
|
|
|
|
/* IFLA_IPTUN_6RD_RELAY_PREFIXLEN */
|
|
|
|
|
nla_total_size(2) +
|
|
|
|
|
#endif
|
2014-09-17 13:25:59 -06:00
|
|
|
/* IFLA_IPTUN_ENCAP_TYPE */
|
|
|
|
|
nla_total_size(2) +
|
|
|
|
|
/* IFLA_IPTUN_ENCAP_FLAGS */
|
|
|
|
|
nla_total_size(2) +
|
|
|
|
|
/* IFLA_IPTUN_ENCAP_SPORT */
|
|
|
|
|
nla_total_size(2) +
|
|
|
|
|
/* IFLA_IPTUN_ENCAP_DPORT */
|
|
|
|
|
nla_total_size(2) +
|
2017-04-19 10:30:54 -06:00
|
|
|
/* IFLA_IPTUN_FWMARK */
|
|
|
|
|
nla_total_size(4) +
|
2012-11-08 23:10:00 -07:00
|
|
|
0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-13 22:14:06 -07:00
|
|
|
static int ipip6_fill_info(struct sk_buff *skb, const struct net_device *dev)
|
2012-11-08 23:10:00 -07:00
|
|
|
{
|
|
|
|
|
struct ip_tunnel *tunnel = netdev_priv(dev);
|
|
|
|
|
struct ip_tunnel_parm *parm = &tunnel->parms;
|
|
|
|
|
|
|
|
|
|
if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
|
2015-03-29 08:59:25 -06:00
|
|
|
nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
|
|
|
|
|
nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
|
2012-11-08 23:10:00 -07:00
|
|
|
nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
|
2012-11-13 22:14:05 -07:00
|
|
|
nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
|
|
|
|
|
nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
|
|
|
|
|
!!(parm->iph.frag_off & htons(IP_DF))) ||
|
2013-05-27 17:48:16 -06:00
|
|
|
nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->iph.protocol) ||
|
2017-04-19 10:30:54 -06:00
|
|
|
nla_put_be16(skb, IFLA_IPTUN_FLAGS, parm->i_flags) ||
|
|
|
|
|
nla_put_u32(skb, IFLA_IPTUN_FWMARK, tunnel->fwmark))
|
2012-11-08 23:10:00 -07:00
|
|
|
goto nla_put_failure;
|
2012-11-19 15:41:45 -07:00
|
|
|
|
|
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
2015-03-29 08:59:25 -06:00
|
|
|
if (nla_put_in6_addr(skb, IFLA_IPTUN_6RD_PREFIX,
|
|
|
|
|
&tunnel->ip6rd.prefix) ||
|
|
|
|
|
nla_put_in_addr(skb, IFLA_IPTUN_6RD_RELAY_PREFIX,
|
|
|
|
|
tunnel->ip6rd.relay_prefix) ||
|
2012-11-19 15:41:45 -07:00
|
|
|
nla_put_u16(skb, IFLA_IPTUN_6RD_PREFIXLEN,
|
|
|
|
|
tunnel->ip6rd.prefixlen) ||
|
|
|
|
|
nla_put_u16(skb, IFLA_IPTUN_6RD_RELAY_PREFIXLEN,
|
|
|
|
|
tunnel->ip6rd.relay_prefixlen))
|
|
|
|
|
goto nla_put_failure;
|
|
|
|
|
#endif
|
|
|
|
|
|
2014-09-17 13:25:59 -06:00
|
|
|
if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
|
|
|
|
|
tunnel->encap.type) ||
|
2015-02-04 16:12:04 -07:00
|
|
|
nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
|
2014-09-17 13:25:59 -06:00
|
|
|
tunnel->encap.sport) ||
|
2015-02-04 16:12:04 -07:00
|
|
|
nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
|
2014-09-17 13:25:59 -06:00
|
|
|
tunnel->encap.dport) ||
|
|
|
|
|
nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
|
2014-11-05 17:49:38 -07:00
|
|
|
tunnel->encap.flags))
|
2014-09-17 13:25:59 -06:00
|
|
|
goto nla_put_failure;
|
|
|
|
|
|
2012-11-08 23:10:00 -07:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
nla_put_failure:
|
|
|
|
|
return -EMSGSIZE;
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-13 22:14:07 -07:00
|
|
|
static const struct nla_policy ipip6_policy[IFLA_IPTUN_MAX + 1] = {
|
|
|
|
|
[IFLA_IPTUN_LINK] = { .type = NLA_U32 },
|
|
|
|
|
[IFLA_IPTUN_LOCAL] = { .type = NLA_U32 },
|
|
|
|
|
[IFLA_IPTUN_REMOTE] = { .type = NLA_U32 },
|
|
|
|
|
[IFLA_IPTUN_TTL] = { .type = NLA_U8 },
|
|
|
|
|
[IFLA_IPTUN_TOS] = { .type = NLA_U8 },
|
|
|
|
|
[IFLA_IPTUN_PMTUDISC] = { .type = NLA_U8 },
|
|
|
|
|
[IFLA_IPTUN_FLAGS] = { .type = NLA_U16 },
|
2013-05-27 17:48:16 -06:00
|
|
|
[IFLA_IPTUN_PROTO] = { .type = NLA_U8 },
|
2012-11-19 15:41:45 -07:00
|
|
|
#ifdef CONFIG_IPV6_SIT_6RD
|
|
|
|
|
[IFLA_IPTUN_6RD_PREFIX] = { .len = sizeof(struct in6_addr) },
|
|
|
|
|
[IFLA_IPTUN_6RD_RELAY_PREFIX] = { .type = NLA_U32 },
|
|
|
|
|
[IFLA_IPTUN_6RD_PREFIXLEN] = { .type = NLA_U16 },
|
|
|
|
|
[IFLA_IPTUN_6RD_RELAY_PREFIXLEN] = { .type = NLA_U16 },
|
|
|
|
|
#endif
|
2014-09-17 13:25:59 -06:00
|
|
|
[IFLA_IPTUN_ENCAP_TYPE] = { .type = NLA_U16 },
|
|
|
|
|
[IFLA_IPTUN_ENCAP_FLAGS] = { .type = NLA_U16 },
|
|
|
|
|
[IFLA_IPTUN_ENCAP_SPORT] = { .type = NLA_U16 },
|
|
|
|
|
[IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 },
|
2017-04-19 10:30:54 -06:00
|
|
|
[IFLA_IPTUN_FWMARK] = { .type = NLA_U32 },
|
2012-11-13 22:14:07 -07:00
|
|
|
};
|
|
|
|
|
|
2013-11-13 19:27:38 -07:00
|
|
|
static void ipip6_dellink(struct net_device *dev, struct list_head *head)
|
|
|
|
|
{
|
|
|
|
|
struct net *net = dev_net(dev);
|
|
|
|
|
struct sit_net *sitn = net_generic(net, sit_net_id);
|
|
|
|
|
|
|
|
|
|
if (dev != sitn->fb_tunnel_dev)
|
|
|
|
|
unregister_netdevice_queue(dev, head);
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-08 23:10:00 -07:00
|
|
|
static struct rtnl_link_ops sit_link_ops __read_mostly = {
|
|
|
|
|
.kind = "sit",
|
|
|
|
|
.maxtype = IFLA_IPTUN_MAX,
|
2012-11-13 22:14:07 -07:00
|
|
|
.policy = ipip6_policy,
|
2012-11-08 23:10:00 -07:00
|
|
|
.priv_size = sizeof(struct ip_tunnel),
|
2012-11-13 22:14:07 -07:00
|
|
|
.setup = ipip6_tunnel_setup,
|
2013-05-27 17:48:16 -06:00
|
|
|
.validate = ipip6_validate,
|
2012-11-13 22:14:07 -07:00
|
|
|
.newlink = ipip6_newlink,
|
|
|
|
|
.changelink = ipip6_changelink,
|
2012-11-13 22:14:06 -07:00
|
|
|
.get_size = ipip6_get_size,
|
|
|
|
|
.fill_info = ipip6_fill_info,
|
2013-11-13 19:27:38 -07:00
|
|
|
.dellink = ipip6_dellink,
|
2015-01-15 07:11:17 -07:00
|
|
|
.get_link_net = ip_tunnel_get_link_net,
|
2012-11-08 23:10:00 -07:00
|
|
|
};
|
|
|
|
|
|
2010-08-30 01:04:14 -06:00
|
|
|
static struct xfrm_tunnel sit_handler __read_mostly = {
|
2005-04-16 16:20:36 -06:00
|
|
|
.handler = ipip6_rcv,
|
|
|
|
|
.err_handler = ipip6_err,
|
2007-02-13 13:55:25 -07:00
|
|
|
.priority = 1,
|
2005-04-16 16:20:36 -06:00
|
|
|
};
|
|
|
|
|
|
2013-05-27 17:48:16 -06:00
|
|
|
static struct xfrm_tunnel ipip_handler __read_mostly = {
|
|
|
|
|
.handler = ipip_rcv,
|
|
|
|
|
.err_handler = ipip6_err,
|
|
|
|
|
.priority = 2,
|
|
|
|
|
};
|
|
|
|
|
|
2016-07-06 23:56:13 -06:00
|
|
|
#if IS_ENABLED(CONFIG_MPLS)
|
|
|
|
|
static struct xfrm_tunnel mplsip_handler __read_mostly = {
|
|
|
|
|
.handler = mplsip_rcv,
|
|
|
|
|
.err_handler = ipip6_err,
|
|
|
|
|
.priority = 2,
|
|
|
|
|
};
|
|
|
|
|
#endif
|
|
|
|
|
|
2013-11-13 19:27:38 -07:00
|
|
|
static void __net_exit sit_destroy_tunnels(struct net *net,
|
|
|
|
|
struct list_head *head)
|
2005-07-30 18:46:44 -06:00
|
|
|
{
|
2013-11-13 19:27:38 -07:00
|
|
|
struct sit_net *sitn = net_generic(net, sit_net_id);
|
2013-06-26 08:11:28 -06:00
|
|
|
struct net_device *dev, *aux;
|
2005-07-30 18:46:44 -06:00
|
|
|
int prio;
|
|
|
|
|
|
2013-06-26 08:11:28 -06:00
|
|
|
for_each_netdev_safe(net, dev, aux)
|
|
|
|
|
if (dev->rtnl_link_ops == &sit_link_ops)
|
|
|
|
|
unregister_netdevice_queue(dev, head);
|
|
|
|
|
|
2005-07-30 18:46:44 -06:00
|
|
|
for (prio = 1; prio < 4; prio++) {
|
|
|
|
|
int h;
|
2016-08-10 03:03:35 -06:00
|
|
|
for (h = 0; h < IP6_SIT_HASH_SIZE; h++) {
|
2011-01-20 00:16:24 -07:00
|
|
|
struct ip_tunnel *t;
|
2009-10-27 22:37:43 -06:00
|
|
|
|
2011-01-20 00:16:24 -07:00
|
|
|
t = rtnl_dereference(sitn->tunnels[prio][h]);
|
2015-03-29 07:00:05 -06:00
|
|
|
while (t) {
|
2013-06-26 08:11:28 -06:00
|
|
|
/* If dev is in the same netns, it has already
|
|
|
|
|
* been added to the list by the previous loop.
|
|
|
|
|
*/
|
2013-08-13 09:51:10 -06:00
|
|
|
if (!net_eq(dev_net(t->dev), net))
|
2013-06-26 08:11:28 -06:00
|
|
|
unregister_netdevice_queue(t->dev,
|
|
|
|
|
head);
|
2011-01-20 00:16:24 -07:00
|
|
|
t = rtnl_dereference(t->next);
|
2009-10-27 22:37:43 -06:00
|
|
|
}
|
2005-07-30 18:46:44 -06:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2010-01-16 20:35:32 -07:00
|
|
|
static int __net_init sit_init_net(struct net *net)
|
2008-04-16 02:15:17 -06:00
|
|
|
{
|
2009-11-29 08:46:16 -07:00
|
|
|
struct sit_net *sitn = net_generic(net, sit_net_id);
|
2011-12-07 17:46:21 -07:00
|
|
|
struct ip_tunnel *t;
|
2008-04-16 02:15:17 -06:00
|
|
|
int err;
|
|
|
|
|
|
2008-04-16 02:16:38 -06:00
|
|
|
sitn->tunnels[0] = sitn->tunnels_wc;
|
|
|
|
|
sitn->tunnels[1] = sitn->tunnels_l;
|
|
|
|
|
sitn->tunnels[2] = sitn->tunnels_r;
|
|
|
|
|
sitn->tunnels[3] = sitn->tunnels_r_l;
|
|
|
|
|
|
net: do not create fallback tunnels for non-default namespaces
fallback tunnels (like tunl0, gre0, gretap0, erspan0, sit0,
ip6tnl0, ip6gre0) are automatically created when the corresponding
module is loaded.
These tunnels are also automatically created when a new network
namespace is created, at a great cost.
In many cases, netns are used for isolation purposes, and these
extra network devices are a waste of resources. We are using
thousands of netns per host, and hit the netns creation/delete
bottleneck a lot. (Many thanks to Kirill for recent work on this)
Add a new sysctl so that we can opt-out from this automatic creation.
Note that these tunnels are still created for the initial namespace,
to be the least intrusive for typical setups.
Tested:
lpk43:~# cat add_del_unshare.sh
for i in `seq 1 40`
do
(for j in `seq 1 100` ; do unshare -n /bin/true >/dev/null ; done) &
done
wait
lpk43:~# echo 0 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh
real 0m37.521s
user 0m0.886s
sys 7m7.084s
lpk43:~# echo 1 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh
real 0m4.761s
user 0m0.851s
sys 1m8.343s
lpk43:~#
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-08 13:51:41 -07:00
|
|
|
if (!net_has_fallback_tunnels(net))
|
|
|
|
|
return 0;
|
|
|
|
|
|
2008-04-16 02:16:18 -06:00
|
|
|
sitn->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "sit0",
|
net: set name_assign_type in alloc_netdev()
Extend alloc_netdev{,_mq{,s}}() to take name_assign_type as argument, and convert
all users to pass NET_NAME_UNKNOWN.
Coccinelle patch:
@@
expression sizeof_priv, name, setup, txqs, rxqs, count;
@@
(
-alloc_netdev_mqs(sizeof_priv, name, setup, txqs, rxqs)
+alloc_netdev_mqs(sizeof_priv, name, NET_NAME_UNKNOWN, setup, txqs, rxqs)
|
-alloc_netdev_mq(sizeof_priv, name, setup, count)
+alloc_netdev_mq(sizeof_priv, name, NET_NAME_UNKNOWN, setup, count)
|
-alloc_netdev(sizeof_priv, name, setup)
+alloc_netdev(sizeof_priv, name, NET_NAME_UNKNOWN, setup)
)
v9: move comments here from the wrong commit
Signed-off-by: Tom Gundersen <teg@jklm.no>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-07-14 08:37:24 -06:00
|
|
|
NET_NAME_UNKNOWN,
|
2008-04-16 02:16:18 -06:00
|
|
|
ipip6_tunnel_setup);
|
|
|
|
|
if (!sitn->fb_tunnel_dev) {
|
|
|
|
|
err = -ENOMEM;
|
|
|
|
|
goto err_alloc_dev;
|
|
|
|
|
}
|
2008-11-23 18:26:26 -07:00
|
|
|
dev_net_set(sitn->fb_tunnel_dev, net);
|
2013-10-01 10:04:59 -06:00
|
|
|
sitn->fb_tunnel_dev->rtnl_link_ops = &sit_link_ops;
|
2013-06-26 08:11:28 -06:00
|
|
|
/* FB netdevice is special: we have one, and only one per netns.
|
|
|
|
|
* Allowing to move it to another netns is clearly unsafe.
|
|
|
|
|
*/
|
|
|
|
|
sitn->fb_tunnel_dev->features |= NETIF_F_NETNS_LOCAL;
|
2008-04-16 02:16:18 -06:00
|
|
|
|
2014-11-23 14:28:43 -07:00
|
|
|
err = register_netdev(sitn->fb_tunnel_dev);
|
|
|
|
|
if (err)
|
2008-04-16 02:16:18 -06:00
|
|
|
goto err_reg_dev;
|
|
|
|
|
|
2015-11-02 18:08:19 -07:00
|
|
|
ipip6_tunnel_clone_6rd(sitn->fb_tunnel_dev, sitn);
|
|
|
|
|
ipip6_fb_tunnel_init(sitn->fb_tunnel_dev);
|
|
|
|
|
|
2011-12-07 17:46:21 -07:00
|
|
|
t = netdev_priv(sitn->fb_tunnel_dev);
|
|
|
|
|
|
|
|
|
|
strcpy(t->parms.name, sitn->fb_tunnel_dev->name);
|
2008-04-16 02:15:17 -06:00
|
|
|
return 0;
|
|
|
|
|
|
2008-04-16 02:16:18 -06:00
|
|
|
err_reg_dev:
|
2010-09-27 20:17:58 -06:00
|
|
|
ipip6_dev_free(sitn->fb_tunnel_dev);
|
2019-03-01 08:06:40 -07:00
|
|
|
free_netdev(sitn->fb_tunnel_dev);
|
2008-04-16 02:16:18 -06:00
|
|
|
err_alloc_dev:
|
2008-04-16 02:15:17 -06:00
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-19 17:27:08 -06:00
|
|
|
static void __net_exit sit_exit_batch_net(struct list_head *net_list)
|
2008-04-16 02:15:17 -06:00
|
|
|
{
|
2009-10-27 22:37:43 -06:00
|
|
|
LIST_HEAD(list);
|
2017-09-19 17:27:08 -06:00
|
|
|
struct net *net;
|
2008-04-16 02:15:17 -06:00
|
|
|
|
2008-04-16 02:16:18 -06:00
|
|
|
rtnl_lock();
|
2017-09-19 17:27:08 -06:00
|
|
|
list_for_each_entry(net, net_list, exit_list)
|
|
|
|
|
sit_destroy_tunnels(net, &list);
|
|
|
|
|
|
2009-10-27 22:37:43 -06:00
|
|
|
unregister_netdevice_many(&list);
|
2008-04-16 02:16:18 -06:00
|
|
|
rtnl_unlock();
|
2008-04-16 02:15:17 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct pernet_operations sit_net_ops = {
|
|
|
|
|
.init = sit_init_net,
|
2017-09-19 17:27:08 -06:00
|
|
|
.exit_batch = sit_exit_batch_net,
|
2009-11-29 08:46:16 -07:00
|
|
|
.id = &sit_net_id,
|
|
|
|
|
.size = sizeof(struct sit_net),
|
2008-04-16 02:15:17 -06:00
|
|
|
};
|
|
|
|
|
|
2006-11-20 17:56:48 -07:00
|
|
|
static void __exit sit_cleanup(void)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
2012-11-08 23:10:00 -07:00
|
|
|
rtnl_link_unregister(&sit_link_ops);
|
2007-02-13 13:55:25 -07:00
|
|
|
xfrm4_tunnel_deregister(&sit_handler, AF_INET6);
|
2013-05-27 17:48:16 -06:00
|
|
|
xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
|
2016-07-06 23:56:13 -06:00
|
|
|
#if IS_ENABLED(CONFIG_MPLS)
|
|
|
|
|
xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS);
|
|
|
|
|
#endif
|
2005-07-30 18:46:44 -06:00
|
|
|
|
2009-11-29 08:46:16 -07:00
|
|
|
unregister_pernet_device(&sit_net_ops);
|
2009-10-23 11:51:26 -06:00
|
|
|
rcu_barrier(); /* Wait for completion of call_rcu()'s */
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
|
|
|
|
|
2006-11-20 17:56:48 -07:00
|
|
|
static int __init sit_init(void)
|
2005-04-16 16:20:36 -06:00
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2016-07-06 23:56:13 -06:00
|
|
|
pr_info("IPv6, IPv4 and MPLS over IPv4 tunneling driver\n");
|
2005-04-16 16:20:36 -06:00
|
|
|
|
2009-11-29 08:46:16 -07:00
|
|
|
err = register_pernet_device(&sit_net_ops);
|
2008-04-16 02:15:17 -06:00
|
|
|
if (err < 0)
|
2010-02-16 02:05:04 -07:00
|
|
|
return err;
|
|
|
|
|
err = xfrm4_tunnel_register(&sit_handler, AF_INET6);
|
|
|
|
|
if (err < 0) {
|
2013-05-27 17:48:16 -06:00
|
|
|
pr_info("%s: can't register ip6ip4\n", __func__);
|
2012-11-08 23:10:00 -07:00
|
|
|
goto xfrm_tunnel_failed;
|
2010-02-16 02:05:04 -07:00
|
|
|
}
|
2013-05-27 17:48:16 -06:00
|
|
|
err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
|
|
|
|
|
if (err < 0) {
|
|
|
|
|
pr_info("%s: can't register ip4ip4\n", __func__);
|
|
|
|
|
goto xfrm_tunnel4_failed;
|
|
|
|
|
}
|
2016-07-06 23:56:13 -06:00
|
|
|
#if IS_ENABLED(CONFIG_MPLS)
|
|
|
|
|
err = xfrm4_tunnel_register(&mplsip_handler, AF_MPLS);
|
|
|
|
|
if (err < 0) {
|
|
|
|
|
pr_info("%s: can't register mplsip\n", __func__);
|
|
|
|
|
goto xfrm_tunnel_mpls_failed;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2012-11-08 23:10:00 -07:00
|
|
|
err = rtnl_link_register(&sit_link_ops);
|
|
|
|
|
if (err < 0)
|
|
|
|
|
goto rtnl_link_failed;
|
|
|
|
|
|
|
|
|
|
out:
|
2005-04-16 16:20:36 -06:00
|
|
|
return err;
|
2012-11-08 23:10:00 -07:00
|
|
|
|
|
|
|
|
rtnl_link_failed:
|
2016-07-06 23:56:13 -06:00
|
|
|
#if IS_ENABLED(CONFIG_MPLS)
|
|
|
|
|
xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS);
|
|
|
|
|
xfrm_tunnel_mpls_failed:
|
|
|
|
|
#endif
|
2013-05-27 17:48:16 -06:00
|
|
|
xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
|
|
|
|
|
xfrm_tunnel4_failed:
|
2012-11-08 23:10:00 -07:00
|
|
|
xfrm4_tunnel_deregister(&sit_handler, AF_INET6);
|
|
|
|
|
xfrm_tunnel_failed:
|
|
|
|
|
unregister_pernet_device(&sit_net_ops);
|
|
|
|
|
goto out;
|
2005-04-16 16:20:36 -06:00
|
|
|
}
|
2006-10-10 15:47:44 -06:00
|
|
|
|
|
|
|
|
module_init(sit_init);
|
|
|
|
|
module_exit(sit_cleanup);
|
2006-10-13 16:05:53 -06:00
|
|
|
MODULE_LICENSE("GPL");
|
2014-05-15 15:21:30 -06:00
|
|
|
MODULE_ALIAS_RTNL_LINK("sit");
|
2011-03-01 14:33:13 -07:00
|
|
|
MODULE_ALIAS_NETDEV("sit0");
|