1
/*
2
 *	Linux NET3:	IP/IP protocol decoder.
3
 *
4
 *	Authors:
5
 *		Sam Lantinga ([email protected])  02/01/95
6
 *
7
 *	Fixes:
8
 *		Alan Cox	:	Merged and made usable non modular (its so tiny its silly as
9
 *					a module taking up 2 pages).
10
 *		Alan Cox	: 	Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
11
 *					to keep ip_forward happy.
12
 *		Alan Cox	:	More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
13
 *		Kai Schulte	:	Fixed #defines for IP_FIREWALL->FIREWALL
14
 *              David Woodhouse :       Perform some basic ICMP handling.
15
 *                                      IPIP Routing without decapsulation.
16
 *              Carlos Picoto   :       GRE over IP support
17
 *		Alexey Kuznetsov:	Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
18
 *					I do not want to merge them together.
19
 *
20
 *	This program is free software; you can redistribute it and/or
21
 *	modify it under the terms of the GNU General Public License
22
 *	as published by the Free Software Foundation; either version
23
 *	2 of the License, or (at your option) any later version.
24
 *
25
 */
26

27
/* tunnel.c: an IP tunnel driver
28

29
	The purpose of this driver is to provide an IP tunnel through
30
	which you can tunnel network traffic transparently across subnets.
31

32
	This was written by looking at Nick Holloway's dummy driver
33
	Thanks for the great code!
34

35
		-Sam Lantinga	([email protected])  02/01/95
36

37
	Minor tweaks:
38
		Cleaned up the code a little and added some pre-1.3.0 tweaks.
39
		dev->hard_header/hard_header_len changed to use no headers.
40
		Comments/bracketing tweaked.
41
		Made the tunnels use dev->name not tunnel: when error reporting.
42
		Added tx_dropped stat
43

44
		-Alan Cox	([email protected]) 21 March 95
45

46
	Reworked:
47
		Changed to tunnel to destination gateway in addition to the
48
			tunnel's pointopoint address
49
		Almost completely rewritten
50
		Note:  There is currently no firewall or ICMP handling done.
51

52
		-Sam Lantinga	([email protected]) 02/13/96
53

54
*/
55

56
/* Things I wish I had known when writing the tunnel driver:
57

58
	When the tunnel_xmit() function is called, the skb contains the
59
	packet to be sent (plus a great deal of extra info), and dev
60
	contains the tunnel device that _we_ are.
61

62
	When we are passed a packet, we are expected to fill in the
63
	source address with our source IP address.
64

65
	What is the proper way to allocate, copy and free a buffer?
66
	After you allocate it, it is a "0 length" chunk of memory
67
	starting at zero.  If you want to add headers to the buffer
68
	later, you'll have to call "skb_reserve(skb, amount)" with
69
	the amount of memory you want reserved.  Then, you call
70
	"skb_put(skb, amount)" with the amount of space you want in
71
	the buffer.  skb_put() returns a pointer to the top (#0) of
72
	that buffer.  skb->len is set to the amount of space you have
73
	"allocated" with skb_put().  You can then write up to skb->len
74
	bytes to that buffer.  If you need more, you can call skb_put()
75
	again with the additional amount of space you need.  You can
76
	find out how much more space you can allocate by calling
77
	"skb_tailroom(skb)".
78
	Now, to add header space, call "skb_push(skb, header_len)".
79
	This creates space at the beginning of the buffer and returns
80
	a pointer to this new space.  If later you need to strip a
81
	header from a buffer, call "skb_pull(skb, header_len)".
82
	skb_headroom() will return how much space is left at the top
83
	of the buffer (before the main data).  Remember, this headroom
84
	space must be reserved before the skb_put() function is called.
85
	*/
86

87
/*
88
   This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
89

90
   For comments look at net/ipv4/ip_gre.c --ANK
91
 */
92

93

94
#include <linux/capability.h>
95
#include <linux/module.h>
96
#include <linux/types.h>
97
#include <linux/kernel.h>
98
#include <linux/slab.h>
99
#include <asm/uaccess.h>
100
#include <linux/skbuff.h>
101
#include <linux/netdevice.h>
102
#include <linux/in.h>
103
#include <linux/tcp.h>
104
#include <linux/udp.h>
105
#include <linux/if_arp.h>
106
#include <linux/mroute.h>
107
#include <linux/init.h>
108
#include <linux/netfilter_ipv4.h>
109
#include <linux/if_ether.h>
110

111
#include <net/sock.h>
112
#include <net/ip.h>
113
#include <net/icmp.h>
114
#include <net/ipip.h>
115
#include <net/inet_ecn.h>
116
#include <net/xfrm.h>
117
#include <net/net_namespace.h>
118
#include <net/netns/generic.h>
119

120
#define HASH_SIZE  16
121
#define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
122

123
static int ipip_net_id __read_mostly;
124
struct ipip_net {
125
	struct ip_tunnel __rcu *tunnels_r_l[HASH_SIZE];
126
	struct ip_tunnel __rcu *tunnels_r[HASH_SIZE];
127
	struct ip_tunnel __rcu *tunnels_l[HASH_SIZE];
128
	struct ip_tunnel __rcu *tunnels_wc[1];
129
	struct ip_tunnel __rcu **tunnels[4];
130

131
	struct net_device *fb_tunnel_dev;
132
};
133

134
static int ipip_tunnel_init(struct net_device *dev);
135
static void ipip_tunnel_setup(struct net_device *dev);
136
static void ipip_dev_free(struct net_device *dev);
137

138
/*
139
 * Locking : hash tables are protected by RCU and RTNL
140
 */
141

142
#define for_each_ip_tunnel_rcu(start) \
143
	for (t = rcu_dereference(start); t; t = rcu_dereference(t->next))
144

145
/* often modified stats are per cpu, other are shared (netdev->stats) */
146
struct pcpu_tstats {
147
	unsigned long	rx_packets;
148
	unsigned long	rx_bytes;
149
	unsigned long	tx_packets;
150
	unsigned long	tx_bytes;
151
};
152

153
static struct net_device_stats *ipip_get_stats(struct net_device *dev)
154
{
155
	struct pcpu_tstats sum = { 0 };
156
	int i;
157

158
	for_each_possible_cpu(i) {
159
		const struct pcpu_tstats *tstats = per_cpu_ptr(dev->tstats, i);
160

161
		sum.rx_packets += tstats->rx_packets;
162
		sum.rx_bytes   += tstats->rx_bytes;
163
		sum.tx_packets += tstats->tx_packets;
164
		sum.tx_bytes   += tstats->tx_bytes;
165
	}
166
	dev->stats.rx_packets = sum.rx_packets;
167
	dev->stats.rx_bytes   = sum.rx_bytes;
168
	dev->stats.tx_packets = sum.tx_packets;
169
	dev->stats.tx_bytes   = sum.tx_bytes;
170
	return &dev->stats;
171
}
172

173
static struct ip_tunnel * ipip_tunnel_lookup(struct net *net,
174
		__be32 remote, __be32 local)
175
{
176
	unsigned int h0 = HASH(remote);
177
	unsigned int h1 = HASH(local);
178
	struct ip_tunnel *t;
179
	struct ipip_net *ipn = net_generic(net, ipip_net_id);
180

181
	for_each_ip_tunnel_rcu(ipn->tunnels_r_l[h0 ^ h1])
182
		if (local == t->parms.iph.saddr &&
183
		    remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
184
			return t;
185

186
	for_each_ip_tunnel_rcu(ipn->tunnels_r[h0])
187
		if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
188
			return t;
189

190
	for_each_ip_tunnel_rcu(ipn->tunnels_l[h1])
191
		if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP))
192
			return t;
193

194
	t = rcu_dereference(ipn->tunnels_wc[0]);
195
	if (t && (t->dev->flags&IFF_UP))
196
		return t;
197
	return NULL;
198
}
199

200
static struct ip_tunnel __rcu **__ipip_bucket(struct ipip_net *ipn,
201
		struct ip_tunnel_parm *parms)
202
{
203
	__be32 remote = parms->iph.daddr;
204
	__be32 local = parms->iph.saddr;
205
	unsigned int h = 0;
206
	int prio = 0;
207

208
	if (remote) {
209
		prio |= 2;
210
		h ^= HASH(remote);
211
	}
212
	if (local) {
213
		prio |= 1;
214
		h ^= HASH(local);
215
	}
216
	return &ipn->tunnels[prio][h];
217
}
218

219
static inline struct ip_tunnel __rcu **ipip_bucket(struct ipip_net *ipn,
220
		struct ip_tunnel *t)
221
{
222
	return __ipip_bucket(ipn, &t->parms);
223
}
224

225
static void ipip_tunnel_unlink(struct ipip_net *ipn, struct ip_tunnel *t)
226
{
227
	struct ip_tunnel __rcu **tp;
228
	struct ip_tunnel *iter;
229

230
	for (tp = ipip_bucket(ipn, t);
231
	     (iter = rtnl_dereference(*tp)) != NULL;
232
	     tp = &iter->next) {
233
		if (t == iter) {
234
			rcu_assign_pointer(*tp, t->next);
235
			break;
236
		}
237
	}
238
}
239

240
static void ipip_tunnel_link(struct ipip_net *ipn, struct ip_tunnel *t)
241
{
242
	struct ip_tunnel __rcu **tp = ipip_bucket(ipn, t);
243

244
	rcu_assign_pointer(t->next, rtnl_dereference(*tp));
245
	rcu_assign_pointer(*tp, t);
246
}
247

248
static struct ip_tunnel * ipip_tunnel_locate(struct net *net,
249
		struct ip_tunnel_parm *parms, int create)
250
{
251
	__be32 remote = parms->iph.daddr;
252
	__be32 local = parms->iph.saddr;
253
	struct ip_tunnel *t, *nt;
254
	struct ip_tunnel __rcu **tp;
255
	struct net_device *dev;
256
	char name[IFNAMSIZ];
257
	struct ipip_net *ipn = net_generic(net, ipip_net_id);
258

259
	for (tp = __ipip_bucket(ipn, parms);
260
		 (t = rtnl_dereference(*tp)) != NULL;
261
		 tp = &t->next) {
262
		if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr)
263
			return t;
264
	}
265
	if (!create)
266
		return NULL;
267

268
	if (parms->name[0])
269
		strlcpy(name, parms->name, IFNAMSIZ);
270
	else
271
		strcpy(name, "tunl%d");
272

273
	dev = alloc_netdev(sizeof(*t), name, ipip_tunnel_setup);
274
	if (dev == NULL)
275
		return NULL;
276

277
	dev_net_set(dev, net);
278

279
	nt = netdev_priv(dev);
280
	nt->parms = *parms;
281

282
	if (ipip_tunnel_init(dev) < 0)
283
		goto failed_free;
284

285
	if (register_netdevice(dev) < 0)
286
		goto failed_free;
287

288
	dev_hold(dev);
289
	ipip_tunnel_link(ipn, nt);
290
	return nt;
291

292
failed_free:
293
	ipip_dev_free(dev);
294
	return NULL;
295
}
296

297
/* called with RTNL */
298
static void ipip_tunnel_uninit(struct net_device *dev)
299
{
300
	struct net *net = dev_net(dev);
301
	struct ipip_net *ipn = net_generic(net, ipip_net_id);
302

303
	if (dev == ipn->fb_tunnel_dev)
304
		rcu_assign_pointer(ipn->tunnels_wc[0], NULL);
305
	else
306
		ipip_tunnel_unlink(ipn, netdev_priv(dev));
307
	dev_put(dev);
308
}
309

310
static int ipip_err(struct sk_buff *skb, u32 info)
311
{
312

313
/* All the routers (except for Linux) return only
314
   8 bytes of packet payload. It means, that precise relaying of
315
   ICMP in the real Internet is absolutely infeasible.
316
 */
317
	const struct iphdr *iph = (const struct iphdr *)skb->data;
318
	const int type = icmp_hdr(skb)->type;
319
	const int code = icmp_hdr(skb)->code;
320
	struct ip_tunnel *t;
321
	int err;
322

323
	switch (type) {
324
	default:
325
	case ICMP_PARAMETERPROB:
326
		return 0;
327

328
	case ICMP_DEST_UNREACH:
329
		switch (code) {
330
		case ICMP_SR_FAILED:
331
		case ICMP_PORT_UNREACH:
332
			/* Impossible event. */
333
			return 0;
334
		case ICMP_FRAG_NEEDED:
335
			/* Soft state for pmtu is maintained by IP core. */
336
			return 0;
337
		default:
338
			/* All others are translated to HOST_UNREACH.
339
			   rfc2003 contains "deep thoughts" about NET_UNREACH,
340
			   I believe they are just ether pollution. --ANK
341
			 */
342
			break;
343
		}
344
		break;
345
	case ICMP_TIME_EXCEEDED:
346
		if (code != ICMP_EXC_TTL)
347
			return 0;
348
		break;
349
	}
350

351
	err = -ENOENT;
352

353
	rcu_read_lock();
354
	t = ipip_tunnel_lookup(dev_net(skb->dev), iph->daddr, iph->saddr);
355
	if (t == NULL || t->parms.iph.daddr == 0)
356
		goto out;
357

358
	err = 0;
359
	if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
360
		goto out;
361

362
	if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
363
		t->err_count++;
364
	else
365
		t->err_count = 1;
366
	t->err_time = jiffies;
367
out:
368
	rcu_read_unlock();
369
	return err;
370
}
371

372
static inline void ipip_ecn_decapsulate(const struct iphdr *outer_iph,
373
					struct sk_buff *skb)
374
{
375
	struct iphdr *inner_iph = ip_hdr(skb);
376

377
	if (INET_ECN_is_ce(outer_iph->tos))
378
		IP_ECN_set_ce(inner_iph);
379
}
380

381
static int ipip_rcv(struct sk_buff *skb)
382
{
383
	struct ip_tunnel *tunnel;
384
	const struct iphdr *iph = ip_hdr(skb);
385

386
	rcu_read_lock();
387
	tunnel = ipip_tunnel_lookup(dev_net(skb->dev), iph->saddr, iph->daddr);
388
	if (tunnel != NULL) {
389
		struct pcpu_tstats *tstats;
390

391
		if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
392
			rcu_read_unlock();
393
			kfree_skb(skb);
394
			return 0;
395
		}
396

397
		secpath_reset(skb);
398

399
		skb->mac_header = skb->network_header;
400
		skb_reset_network_header(skb);
401
		skb->protocol = htons(ETH_P_IP);
402
		skb->pkt_type = PACKET_HOST;
403

404
		tstats = this_cpu_ptr(tunnel->dev->tstats);
405
		tstats->rx_packets++;
406
		tstats->rx_bytes += skb->len;
407

408
		__skb_tunnel_rx(skb, tunnel->dev);
409

410
		ipip_ecn_decapsulate(iph, skb);
411

412
		netif_rx(skb);
413

414
		rcu_read_unlock();
415
		return 0;
416
	}
417
	rcu_read_unlock();
418

419
	return -1;
420
}
421

422
/*
423
 *	This function assumes it is being called from dev_queue_xmit()
424
 *	and that skb is filled properly by that function.
425
 */
426

427
static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
428
{
429
	struct ip_tunnel *tunnel = netdev_priv(dev);
430
	struct pcpu_tstats *tstats;
431
	const struct iphdr  *tiph = &tunnel->parms.iph;
432
	u8     tos = tunnel->parms.iph.tos;
433
	__be16 df = tiph->frag_off;
434
	struct rtable *rt;     			/* Route to the other host */
435
	struct net_device *tdev;		/* Device to other host */
436
	const struct iphdr  *old_iph = ip_hdr(skb);
437
	struct iphdr  *iph;			/* Our new IP header */
438
	unsigned int max_headroom;		/* The extra header space needed */
439
	__be32 dst = tiph->daddr;
440
	struct flowi4 fl4;
441
	int    mtu;
442

443
	if (skb->protocol != htons(ETH_P_IP))
444
		goto tx_error;
445

446
	if (tos & 1)
447
		tos = old_iph->tos;
448

449
	if (!dst) {
450
		/* NBMA tunnel */
451
		if ((rt = skb_rtable(skb)) == NULL) {
452
			dev->stats.tx_fifo_errors++;
453
			goto tx_error;
454
		}
455
		if ((dst = rt->rt_gateway) == 0)
456
			goto tx_error_icmp;
457
	}
458

459
	rt = ip_route_output_ports(dev_net(dev), &fl4, NULL,
460
				   dst, tiph->saddr,
461
				   0, 0,
462
				   IPPROTO_IPIP, RT_TOS(tos),
463
				   tunnel->parms.link);
464
	if (IS_ERR(rt)) {
465
		dev->stats.tx_carrier_errors++;
466
		goto tx_error_icmp;
467
	}
468
	tdev = rt->dst.dev;
469

470
	if (tdev == dev) {
471
		ip_rt_put(rt);
472
		dev->stats.collisions++;
473
		goto tx_error;
474
	}
475

476
	df |= old_iph->frag_off & htons(IP_DF);
477

478
	if (df) {
479
		mtu = dst_mtu(&rt->dst) - sizeof(struct iphdr);
480

481
		if (mtu < 68) {
482
			dev->stats.collisions++;
483
			ip_rt_put(rt);
484
			goto tx_error;
485
		}
486

487
		if (skb_dst(skb))
488
			skb_dst(skb)->ops->update_pmtu(skb_dst(skb), mtu);
489

490
		if ((old_iph->frag_off & htons(IP_DF)) &&
491
		    mtu < ntohs(old_iph->tot_len)) {
492
			icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
493
				  htonl(mtu));
494
			ip_rt_put(rt);
495
			goto tx_error;
496
		}
497
	}
498

499
	if (tunnel->err_count > 0) {
500
		if (time_before(jiffies,
501
				tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
502
			tunnel->err_count--;
503
			dst_link_failure(skb);
504
		} else
505
			tunnel->err_count = 0;
506
	}
507

508
	/*
509
	 * Okay, now see if we can stuff it in the buffer as-is.
510
	 */
511
	max_headroom = (LL_RESERVED_SPACE(tdev)+sizeof(struct iphdr));
512

513
	if (skb_headroom(skb) < max_headroom || skb_shared(skb) ||
514
	    (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
515
		struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
516
		if (!new_skb) {
517
			ip_rt_put(rt);
518
			dev->stats.tx_dropped++;
519
			dev_kfree_skb(skb);
520
			return NETDEV_TX_OK;
521
		}
522
		if (skb->sk)
523
			skb_set_owner_w(new_skb, skb->sk);
524
		dev_kfree_skb(skb);
525
		skb = new_skb;
526
		old_iph = ip_hdr(skb);
527
	}
528

529
	skb->transport_header = skb->network_header;
530
	skb_push(skb, sizeof(struct iphdr));
531
	skb_reset_network_header(skb);
532
	memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
533
	IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
534
			      IPSKB_REROUTED);
535
	skb_dst_drop(skb);
536
	skb_dst_set(skb, &rt->dst);
537

538
	/*
539
	 *	Push down and install the IPIP header.
540
	 */
541

542
	iph 			=	ip_hdr(skb);
543
	iph->version		=	4;
544
	iph->ihl		=	sizeof(struct iphdr)>>2;
545
	iph->frag_off		=	df;
546
	iph->protocol		=	IPPROTO_IPIP;
547
	iph->tos		=	INET_ECN_encapsulate(tos, old_iph->tos);
548
	iph->daddr		=	fl4.daddr;
549
	iph->saddr		=	fl4.saddr;
550

551
	if ((iph->ttl = tiph->ttl) == 0)
552
		iph->ttl	=	old_iph->ttl;
553

554
	nf_reset(skb);
555
	tstats = this_cpu_ptr(dev->tstats);
556
	__IPTUNNEL_XMIT(tstats, &dev->stats);
557
	return NETDEV_TX_OK;
558

559
tx_error_icmp:
560
	dst_link_failure(skb);
561
tx_error:
562
	dev->stats.tx_errors++;
563
	dev_kfree_skb(skb);
564
	return NETDEV_TX_OK;
565
}
566

567
static void ipip_tunnel_bind_dev(struct net_device *dev)
568
{
569
	struct net_device *tdev = NULL;
570
	struct ip_tunnel *tunnel;
571
	const struct iphdr *iph;
572

573
	tunnel = netdev_priv(dev);
574
	iph = &tunnel->parms.iph;
575

576
	if (iph->daddr) {
577
		struct rtable *rt;
578
		struct flowi4 fl4;
579

580
		rt = ip_route_output_ports(dev_net(dev), &fl4, NULL,
581
					   iph->daddr, iph->saddr,
582
					   0, 0,
583
					   IPPROTO_IPIP,
584
					   RT_TOS(iph->tos),
585
					   tunnel->parms.link);
586
		if (!IS_ERR(rt)) {
587
			tdev = rt->dst.dev;
588
			ip_rt_put(rt);
589
		}
590
		dev->flags |= IFF_POINTOPOINT;
591
	}
592

593
	if (!tdev && tunnel->parms.link)
594
		tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link);
595

596
	if (tdev) {
597
		dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr);
598
		dev->mtu = tdev->mtu - sizeof(struct iphdr);
599
	}
600
	dev->iflink = tunnel->parms.link;
601
}
602

603
static int
604
ipip_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
605
{
606
	int err = 0;
607
	struct ip_tunnel_parm p;
608
	struct ip_tunnel *t;
609
	struct net *net = dev_net(dev);
610
	struct ipip_net *ipn = net_generic(net, ipip_net_id);
611

612
	switch (cmd) {
613
	case SIOCGETTUNNEL:
614
		t = NULL;
615
		if (dev == ipn->fb_tunnel_dev) {
616
			if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
617
				err = -EFAULT;
618
				break;
619
			}
620
			t = ipip_tunnel_locate(net, &p, 0);
621
		}
622
		if (t == NULL)
623
			t = netdev_priv(dev);
624
		memcpy(&p, &t->parms, sizeof(p));
625
		if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
626
			err = -EFAULT;
627
		break;
628

629
	case SIOCADDTUNNEL:
630
	case SIOCCHGTUNNEL:
631
		err = -EPERM;
632
		if (!capable(CAP_NET_ADMIN))
633
			goto done;
634

635
		err = -EFAULT;
636
		if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
637
			goto done;
638

639
		err = -EINVAL;
640
		if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
641
		    p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
642
			goto done;
643
		if (p.iph.ttl)
644
			p.iph.frag_off |= htons(IP_DF);
645

646
		t = ipip_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL);
647

648
		if (dev != ipn->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
649
			if (t != NULL) {
650
				if (t->dev != dev) {
651
					err = -EEXIST;
652
					break;
653
				}
654
			} else {
655
				if (((dev->flags&IFF_POINTOPOINT) && !p.iph.daddr) ||
656
				    (!(dev->flags&IFF_POINTOPOINT) && p.iph.daddr)) {
657
					err = -EINVAL;
658
					break;
659
				}
660
				t = netdev_priv(dev);
661
				ipip_tunnel_unlink(ipn, t);
662
				synchronize_net();
663
				t->parms.iph.saddr = p.iph.saddr;
664
				t->parms.iph.daddr = p.iph.daddr;
665
				memcpy(dev->dev_addr, &p.iph.saddr, 4);
666
				memcpy(dev->broadcast, &p.iph.daddr, 4);
667
				ipip_tunnel_link(ipn, t);
668
				netdev_state_change(dev);
669
			}
670
		}
671

672
		if (t) {
673
			err = 0;
674
			if (cmd == SIOCCHGTUNNEL) {
675
				t->parms.iph.ttl = p.iph.ttl;
676
				t->parms.iph.tos = p.iph.tos;
677
				t->parms.iph.frag_off = p.iph.frag_off;
678
				if (t->parms.link != p.link) {
679
					t->parms.link = p.link;
680
					ipip_tunnel_bind_dev(dev);
681
					netdev_state_change(dev);
682
				}
683
			}
684
			if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
685
				err = -EFAULT;
686
		} else
687
			err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
688
		break;
689

690
	case SIOCDELTUNNEL:
691
		err = -EPERM;
692
		if (!capable(CAP_NET_ADMIN))
693
			goto done;
694

695
		if (dev == ipn->fb_tunnel_dev) {
696
			err = -EFAULT;
697
			if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
698
				goto done;
699
			err = -ENOENT;
700
			if ((t = ipip_tunnel_locate(net, &p, 0)) == NULL)
701
				goto done;
702
			err = -EPERM;
703
			if (t->dev == ipn->fb_tunnel_dev)
704
				goto done;
705
			dev = t->dev;
706
		}
707
		unregister_netdevice(dev);
708
		err = 0;
709
		break;
710

711
	default:
712
		err = -EINVAL;
713
	}
714

715
done:
716
	return err;
717
}
718

719
static int ipip_tunnel_change_mtu(struct net_device *dev, int new_mtu)
720
{
721
	if (new_mtu < 68 || new_mtu > 0xFFF8 - sizeof(struct iphdr))
722
		return -EINVAL;
723
	dev->mtu = new_mtu;
724
	return 0;
725
}
726

727
static const struct net_device_ops ipip_netdev_ops = {
728
	.ndo_uninit	= ipip_tunnel_uninit,
729
	.ndo_start_xmit	= ipip_tunnel_xmit,
730
	.ndo_do_ioctl	= ipip_tunnel_ioctl,
731
	.ndo_change_mtu	= ipip_tunnel_change_mtu,
732
	.ndo_get_stats  = ipip_get_stats,
733
};
734

735
static void ipip_dev_free(struct net_device *dev)
736
{
737
	free_percpu(dev->tstats);
738
	free_netdev(dev);
739
}
740

741
static void ipip_tunnel_setup(struct net_device *dev)
742
{
743
	dev->netdev_ops		= &ipip_netdev_ops;
744
	dev->destructor		= ipip_dev_free;
745

746
	dev->type		= ARPHRD_TUNNEL;
747
	dev->hard_header_len 	= LL_MAX_HEADER + sizeof(struct iphdr);
748
	dev->mtu		= ETH_DATA_LEN - sizeof(struct iphdr);
749
	dev->flags		= IFF_NOARP;
750
	dev->iflink		= 0;
751
	dev->addr_len		= 4;
752
	dev->features		|= NETIF_F_NETNS_LOCAL;
753
	dev->features		|= NETIF_F_LLTX;
754
	dev->priv_flags		&= ~IFF_XMIT_DST_RELEASE;
755
}
756

757
static int ipip_tunnel_init(struct net_device *dev)
758
{
759
	struct ip_tunnel *tunnel = netdev_priv(dev);
760

761
	tunnel->dev = dev;
762
	strcpy(tunnel->parms.name, dev->name);
763

764
	memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
765
	memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
766

767
	ipip_tunnel_bind_dev(dev);
768

769
	dev->tstats = alloc_percpu(struct pcpu_tstats);
770
	if (!dev->tstats)
771
		return -ENOMEM;
772

773
	return 0;
774
}
775

776
static int __net_init ipip_fb_tunnel_init(struct net_device *dev)
777
{
778
	struct ip_tunnel *tunnel = netdev_priv(dev);
779
	struct iphdr *iph = &tunnel->parms.iph;
780
	struct ipip_net *ipn = net_generic(dev_net(dev), ipip_net_id);
781

782
	tunnel->dev = dev;
783
	strcpy(tunnel->parms.name, dev->name);
784

785
	iph->version		= 4;
786
	iph->protocol		= IPPROTO_IPIP;
787
	iph->ihl		= 5;
788

789
	dev->tstats = alloc_percpu(struct pcpu_tstats);
790
	if (!dev->tstats)
791
		return -ENOMEM;
792

793
	dev_hold(dev);
794
	rcu_assign_pointer(ipn->tunnels_wc[0], tunnel);
795
	return 0;
796
}
797

798
static struct xfrm_tunnel ipip_handler __read_mostly = {
799
	.handler	=	ipip_rcv,
800
	.err_handler	=	ipip_err,
801
	.priority	=	1,
802
};
803

804
static const char banner[] __initconst =
805
	KERN_INFO "IPv4 over IPv4 tunneling driver\n";
806

807
static void ipip_destroy_tunnels(struct ipip_net *ipn, struct list_head *head)
808
{
809
	int prio;
810

811
	for (prio = 1; prio < 4; prio++) {
812
		int h;
813
		for (h = 0; h < HASH_SIZE; h++) {
814
			struct ip_tunnel *t;
815

816
			t = rtnl_dereference(ipn->tunnels[prio][h]);
817
			while (t != NULL) {
818
				unregister_netdevice_queue(t->dev, head);
819
				t = rtnl_dereference(t->next);
820
			}
821
		}
822
	}
823
}
824

825
static int __net_init ipip_init_net(struct net *net)
826
{
827
	struct ipip_net *ipn = net_generic(net, ipip_net_id);
828
	int err;
829

830
	ipn->tunnels[0] = ipn->tunnels_wc;
831
	ipn->tunnels[1] = ipn->tunnels_l;
832
	ipn->tunnels[2] = ipn->tunnels_r;
833
	ipn->tunnels[3] = ipn->tunnels_r_l;
834

835
	ipn->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel),
836
					   "tunl0",
837
					   ipip_tunnel_setup);
838
	if (!ipn->fb_tunnel_dev) {
839
		err = -ENOMEM;
840
		goto err_alloc_dev;
841
	}
842
	dev_net_set(ipn->fb_tunnel_dev, net);
843

844
	err = ipip_fb_tunnel_init(ipn->fb_tunnel_dev);
845
	if (err)
846
		goto err_reg_dev;
847

848
	if ((err = register_netdev(ipn->fb_tunnel_dev)))
849
		goto err_reg_dev;
850

851
	return 0;
852

853
err_reg_dev:
854
	ipip_dev_free(ipn->fb_tunnel_dev);
855
err_alloc_dev:
856
	/* nothing */
857
	return err;
858
}
859

860
static void __net_exit ipip_exit_net(struct net *net)
861
{
862
	struct ipip_net *ipn = net_generic(net, ipip_net_id);
863
	LIST_HEAD(list);
864

865
	rtnl_lock();
866
	ipip_destroy_tunnels(ipn, &list);
867
	unregister_netdevice_queue(ipn->fb_tunnel_dev, &list);
868
	unregister_netdevice_many(&list);
869
	rtnl_unlock();
870
}
871

872
static struct pernet_operations ipip_net_ops = {
873
	.init = ipip_init_net,
874
	.exit = ipip_exit_net,
875
	.id   = &ipip_net_id,
876
	.size = sizeof(struct ipip_net),
877
};
878

879
static int __init ipip_init(void)
880
{
881
	int err;
882

883
	printk(banner);
884

885
	err = register_pernet_device(&ipip_net_ops);
886
	if (err < 0)
887
		return err;
888
	err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
889
	if (err < 0) {
890
		unregister_pernet_device(&ipip_net_ops);
891
		printk(KERN_INFO "ipip init: can't register tunnel\n");
892
	}
893
	return err;
894
}
895

896
static void __exit ipip_fini(void)
897
{
898
	if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
899
		printk(KERN_INFO "ipip close: can't deregister tunnel\n");
900

901
	unregister_pernet_device(&ipip_net_ops);
902
}
903

904
module_init(ipip_init);
905
module_exit(ipip_fini);
906
MODULE_LICENSE("GPL");
907
MODULE_ALIAS_NETDEV("tunl0");
908

909