1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	Linux NET3:	IP/IP protocol decoder.
4  *
5  *	Authors:
6  *		Sam Lantinga (slouken@cs.ucdavis.edu)  02/01/95
7  *
8  *	Fixes:
9  *		Alan Cox	:	Merged and made usable non modular (its so tiny its silly as
10  *					a module taking up 2 pages).
11  *		Alan Cox	: 	Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
12  *					to keep ip_forward happy.
13  *		Alan Cox	:	More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
14  *		Kai Schulte	:	Fixed #defines for IP_FIREWALL->FIREWALL
15  *              David Woodhouse :       Perform some basic ICMP handling.
16  *                                      IPIP Routing without decapsulation.
17  *              Carlos Picoto   :       GRE over IP support
18  *		Alexey Kuznetsov:	Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
19  *					I do not want to merge them together.
20  */
21 
22 /* tunnel.c: an IP tunnel driver
23 
24 	The purpose of this driver is to provide an IP tunnel through
25 	which you can tunnel network traffic transparently across subnets.
26 
27 	This was written by looking at Nick Holloway's dummy driver
28 	Thanks for the great code!
29 
30 		-Sam Lantinga	(slouken@cs.ucdavis.edu)  02/01/95
31 
32 	Minor tweaks:
33 		Cleaned up the code a little and added some pre-1.3.0 tweaks.
34 		dev->hard_header/hard_header_len changed to use no headers.
35 		Comments/bracketing tweaked.
36 		Made the tunnels use dev->name not tunnel: when error reporting.
37 		Added tx_dropped stat
38 
39 		-Alan Cox	(alan@lxorguk.ukuu.org.uk) 21 March 95
40 
41 	Reworked:
42 		Changed to tunnel to destination gateway in addition to the
43 			tunnel's pointopoint address
44 		Almost completely rewritten
45 		Note:  There is currently no firewall or ICMP handling done.
46 
47 		-Sam Lantinga	(slouken@cs.ucdavis.edu) 02/13/96
48 
49 */
50 
51 /* Things I wish I had known when writing the tunnel driver:
52 
53 	When the tunnel_xmit() function is called, the skb contains the
54 	packet to be sent (plus a great deal of extra info), and dev
55 	contains the tunnel device that _we_ are.
56 
57 	When we are passed a packet, we are expected to fill in the
58 	source address with our source IP address.
59 
60 	What is the proper way to allocate, copy and free a buffer?
61 	After you allocate it, it is a "0 length" chunk of memory
62 	starting at zero.  If you want to add headers to the buffer
63 	later, you'll have to call "skb_reserve(skb, amount)" with
64 	the amount of memory you want reserved.  Then, you call
65 	"skb_put(skb, amount)" with the amount of space you want in
66 	the buffer.  skb_put() returns a pointer to the top (#0) of
67 	that buffer.  skb->len is set to the amount of space you have
68 	"allocated" with skb_put().  You can then write up to skb->len
69 	bytes to that buffer.  If you need more, you can call skb_put()
70 	again with the additional amount of space you need.  You can
71 	find out how much more space you can allocate by calling
72 	"skb_tailroom(skb)".
73 	Now, to add header space, call "skb_push(skb, header_len)".
74 	This creates space at the beginning of the buffer and returns
75 	a pointer to this new space.  If later you need to strip a
76 	header from a buffer, call "skb_pull(skb, header_len)".
77 	skb_headroom() will return how much space is left at the top
78 	of the buffer (before the main data).  Remember, this headroom
79 	space must be reserved before the skb_put() function is called.
80 	*/
81 
82 /*
83    This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
84 
85    For comments look at net/ipv4/ip_gre.c --ANK
86  */
87 
88 
89 #include <linux/capability.h>
90 #include <linux/module.h>
91 #include <linux/types.h>
92 #include <linux/kernel.h>
93 #include <linux/slab.h>
94 #include <linux/uaccess.h>
95 #include <linux/skbuff.h>
96 #include <linux/netdevice.h>
97 #include <linux/in.h>
98 #include <linux/tcp.h>
99 #include <linux/udp.h>
100 #include <linux/if_arp.h>
101 #include <linux/init.h>
102 #include <linux/netfilter_ipv4.h>
103 #include <linux/if_ether.h>
104 
105 #include <net/sock.h>
106 #include <net/ip.h>
107 #include <net/icmp.h>
108 #include <net/ip_tunnels.h>
109 #include <net/inet_ecn.h>
110 #include <net/xfrm.h>
111 #include <net/net_namespace.h>
112 #include <net/netns/generic.h>
113 #include <net/dst_metadata.h>
114 
115 static bool log_ecn_error = true;
116 module_param(log_ecn_error, bool, 0644);
117 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
118 
119 static unsigned int ipip_net_id __read_mostly;
120 
121 static int ipip_tunnel_init(struct net_device *dev);
122 static struct rtnl_link_ops ipip_link_ops __read_mostly;
123 
ipip_err(struct sk_buff * skb,u32 info)124 static int ipip_err(struct sk_buff *skb, u32 info)
125 {
126 	/* All the routers (except for Linux) return only
127 	 * 8 bytes of packet payload. It means, that precise relaying of
128 	 * ICMP in the real Internet is absolutely infeasible.
129 	 */
130 	struct net *net = dev_net(skb->dev);
131 	struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
132 	const struct iphdr *iph = (const struct iphdr *)skb->data;
133 	const int type = icmp_hdr(skb)->type;
134 	const int code = icmp_hdr(skb)->code;
135 	struct ip_tunnel *t;
136 	int err = 0;
137 
138 	t = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
139 			     iph->daddr, iph->saddr, 0);
140 	if (!t) {
141 		err = -ENOENT;
142 		goto out;
143 	}
144 
145 	switch (type) {
146 	case ICMP_DEST_UNREACH:
147 		switch (code) {
148 		case ICMP_SR_FAILED:
149 			/* Impossible event. */
150 			goto out;
151 		default:
152 			/* All others are translated to HOST_UNREACH.
153 			 * rfc2003 contains "deep thoughts" about NET_UNREACH,
154 			 * I believe they are just ether pollution. --ANK
155 			 */
156 			break;
157 		}
158 		break;
159 
160 	case ICMP_TIME_EXCEEDED:
161 		if (code != ICMP_EXC_TTL)
162 			goto out;
163 		break;
164 
165 	case ICMP_REDIRECT:
166 		break;
167 
168 	default:
169 		goto out;
170 	}
171 
172 	if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
173 		ipv4_update_pmtu(skb, net, info, t->parms.link, iph->protocol);
174 		goto out;
175 	}
176 
177 	if (type == ICMP_REDIRECT) {
178 		ipv4_redirect(skb, net, t->parms.link, iph->protocol);
179 		goto out;
180 	}
181 
182 	if (t->parms.iph.daddr == 0) {
183 		err = -ENOENT;
184 		goto out;
185 	}
186 
187 	if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
188 		goto out;
189 
190 	if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
191 		t->err_count++;
192 	else
193 		t->err_count = 1;
194 	t->err_time = jiffies;
195 
196 out:
197 	return err;
198 }
199 
200 static const struct tnl_ptk_info ipip_tpi = {
201 	/* no tunnel info required for ipip. */
202 	.proto = htons(ETH_P_IP),
203 };
204 
205 #if IS_ENABLED(CONFIG_MPLS)
206 static const struct tnl_ptk_info mplsip_tpi = {
207 	/* no tunnel info required for mplsip. */
208 	.proto = htons(ETH_P_MPLS_UC),
209 };
210 #endif
211 
ipip_tunnel_rcv(struct sk_buff * skb,u8 ipproto)212 static int ipip_tunnel_rcv(struct sk_buff *skb, u8 ipproto)
213 {
214 	struct net *net = dev_net(skb->dev);
215 	struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
216 	struct metadata_dst *tun_dst = NULL;
217 	struct ip_tunnel *tunnel;
218 	const struct iphdr *iph;
219 
220 	iph = ip_hdr(skb);
221 	tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
222 			iph->saddr, iph->daddr, 0);
223 	if (tunnel) {
224 		const struct tnl_ptk_info *tpi;
225 
226 		if (tunnel->parms.iph.protocol != ipproto &&
227 		    tunnel->parms.iph.protocol != 0)
228 			goto drop;
229 
230 		if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
231 			goto drop;
232 #if IS_ENABLED(CONFIG_MPLS)
233 		if (ipproto == IPPROTO_MPLS)
234 			tpi = &mplsip_tpi;
235 		else
236 #endif
237 			tpi = &ipip_tpi;
238 		if (iptunnel_pull_header(skb, 0, tpi->proto, false))
239 			goto drop;
240 		if (tunnel->collect_md) {
241 			tun_dst = ip_tun_rx_dst(skb, 0, 0, 0);
242 			if (!tun_dst)
243 				return 0;
244 		}
245 		return ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
246 	}
247 
248 	return -1;
249 
250 drop:
251 	kfree_skb(skb);
252 	return 0;
253 }
254 
ipip_rcv(struct sk_buff * skb)255 static int ipip_rcv(struct sk_buff *skb)
256 {
257 	return ipip_tunnel_rcv(skb, IPPROTO_IPIP);
258 }
259 
260 #if IS_ENABLED(CONFIG_MPLS)
mplsip_rcv(struct sk_buff * skb)261 static int mplsip_rcv(struct sk_buff *skb)
262 {
263 	return ipip_tunnel_rcv(skb, IPPROTO_MPLS);
264 }
265 #endif
266 
267 /*
268  *	This function assumes it is being called from dev_queue_xmit()
269  *	and that skb is filled properly by that function.
270  */
ipip_tunnel_xmit(struct sk_buff * skb,struct net_device * dev)271 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb,
272 				    struct net_device *dev)
273 {
274 	struct ip_tunnel *tunnel = netdev_priv(dev);
275 	const struct iphdr  *tiph = &tunnel->parms.iph;
276 	u8 ipproto;
277 
278 	if (!pskb_inet_may_pull(skb))
279 		goto tx_error;
280 
281 	switch (skb->protocol) {
282 	case htons(ETH_P_IP):
283 		ipproto = IPPROTO_IPIP;
284 		break;
285 #if IS_ENABLED(CONFIG_MPLS)
286 	case htons(ETH_P_MPLS_UC):
287 		ipproto = IPPROTO_MPLS;
288 		break;
289 #endif
290 	default:
291 		goto tx_error;
292 	}
293 
294 	if (tiph->protocol != ipproto && tiph->protocol != 0)
295 		goto tx_error;
296 
297 	if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP4))
298 		goto tx_error;
299 
300 	skb_set_inner_ipproto(skb, ipproto);
301 
302 	if (tunnel->collect_md)
303 		ip_md_tunnel_xmit(skb, dev, ipproto, 0);
304 	else
305 		ip_tunnel_xmit(skb, dev, tiph, ipproto);
306 	return NETDEV_TX_OK;
307 
308 tx_error:
309 	kfree_skb(skb);
310 
311 	dev->stats.tx_errors++;
312 	return NETDEV_TX_OK;
313 }
314 
ipip_tunnel_ioctl_verify_protocol(u8 ipproto)315 static bool ipip_tunnel_ioctl_verify_protocol(u8 ipproto)
316 {
317 	switch (ipproto) {
318 	case 0:
319 	case IPPROTO_IPIP:
320 #if IS_ENABLED(CONFIG_MPLS)
321 	case IPPROTO_MPLS:
322 #endif
323 		return true;
324 	}
325 
326 	return false;
327 }
328 
329 static int
ipip_tunnel_ctl(struct net_device * dev,struct ip_tunnel_parm * p,int cmd)330 ipip_tunnel_ctl(struct net_device *dev, struct ip_tunnel_parm *p, int cmd)
331 {
332 	if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
333 		if (p->iph.version != 4 ||
334 		    !ipip_tunnel_ioctl_verify_protocol(p->iph.protocol) ||
335 		    p->iph.ihl != 5 || (p->iph.frag_off & htons(~IP_DF)))
336 			return -EINVAL;
337 	}
338 
339 	p->i_key = p->o_key = 0;
340 	p->i_flags = p->o_flags = 0;
341 	return ip_tunnel_ctl(dev, p, cmd);
342 }
343 
344 static const struct net_device_ops ipip_netdev_ops = {
345 	.ndo_init       = ipip_tunnel_init,
346 	.ndo_uninit     = ip_tunnel_uninit,
347 	.ndo_start_xmit	= ipip_tunnel_xmit,
348 	.ndo_do_ioctl	= ip_tunnel_ioctl,
349 	.ndo_change_mtu = ip_tunnel_change_mtu,
350 	.ndo_get_stats64 = ip_tunnel_get_stats64,
351 	.ndo_get_iflink = ip_tunnel_get_iflink,
352 	.ndo_tunnel_ctl	= ipip_tunnel_ctl,
353 };
354 
355 #define IPIP_FEATURES (NETIF_F_SG |		\
356 		       NETIF_F_FRAGLIST |	\
357 		       NETIF_F_HIGHDMA |	\
358 		       NETIF_F_GSO_SOFTWARE |	\
359 		       NETIF_F_HW_CSUM)
360 
ipip_tunnel_setup(struct net_device * dev)361 static void ipip_tunnel_setup(struct net_device *dev)
362 {
363 	dev->netdev_ops		= &ipip_netdev_ops;
364 	dev->header_ops		= &ip_tunnel_header_ops;
365 
366 	dev->type		= ARPHRD_TUNNEL;
367 	dev->flags		= IFF_NOARP;
368 	dev->addr_len		= 4;
369 	dev->features		|= NETIF_F_LLTX;
370 	netif_keep_dst(dev);
371 
372 	dev->features		|= IPIP_FEATURES;
373 	dev->hw_features	|= IPIP_FEATURES;
374 	ip_tunnel_setup(dev, ipip_net_id);
375 }
376 
ipip_tunnel_init(struct net_device * dev)377 static int ipip_tunnel_init(struct net_device *dev)
378 {
379 	struct ip_tunnel *tunnel = netdev_priv(dev);
380 
381 	memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
382 	memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
383 
384 	tunnel->tun_hlen = 0;
385 	tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
386 	return ip_tunnel_init(dev);
387 }
388 
ipip_tunnel_validate(struct nlattr * tb[],struct nlattr * data[],struct netlink_ext_ack * extack)389 static int ipip_tunnel_validate(struct nlattr *tb[], struct nlattr *data[],
390 				struct netlink_ext_ack *extack)
391 {
392 	u8 proto;
393 
394 	if (!data || !data[IFLA_IPTUN_PROTO])
395 		return 0;
396 
397 	proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
398 	if (proto != IPPROTO_IPIP && proto != IPPROTO_MPLS && proto != 0)
399 		return -EINVAL;
400 
401 	return 0;
402 }
403 
ipip_netlink_parms(struct nlattr * data[],struct ip_tunnel_parm * parms,bool * collect_md,__u32 * fwmark)404 static void ipip_netlink_parms(struct nlattr *data[],
405 			       struct ip_tunnel_parm *parms, bool *collect_md,
406 			       __u32 *fwmark)
407 {
408 	memset(parms, 0, sizeof(*parms));
409 
410 	parms->iph.version = 4;
411 	parms->iph.protocol = IPPROTO_IPIP;
412 	parms->iph.ihl = 5;
413 	*collect_md = false;
414 
415 	if (!data)
416 		return;
417 
418 	if (data[IFLA_IPTUN_LINK])
419 		parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]);
420 
421 	if (data[IFLA_IPTUN_LOCAL])
422 		parms->iph.saddr = nla_get_in_addr(data[IFLA_IPTUN_LOCAL]);
423 
424 	if (data[IFLA_IPTUN_REMOTE])
425 		parms->iph.daddr = nla_get_in_addr(data[IFLA_IPTUN_REMOTE]);
426 
427 	if (data[IFLA_IPTUN_TTL]) {
428 		parms->iph.ttl = nla_get_u8(data[IFLA_IPTUN_TTL]);
429 		if (parms->iph.ttl)
430 			parms->iph.frag_off = htons(IP_DF);
431 	}
432 
433 	if (data[IFLA_IPTUN_TOS])
434 		parms->iph.tos = nla_get_u8(data[IFLA_IPTUN_TOS]);
435 
436 	if (data[IFLA_IPTUN_PROTO])
437 		parms->iph.protocol = nla_get_u8(data[IFLA_IPTUN_PROTO]);
438 
439 	if (!data[IFLA_IPTUN_PMTUDISC] || nla_get_u8(data[IFLA_IPTUN_PMTUDISC]))
440 		parms->iph.frag_off = htons(IP_DF);
441 
442 	if (data[IFLA_IPTUN_COLLECT_METADATA])
443 		*collect_md = true;
444 
445 	if (data[IFLA_IPTUN_FWMARK])
446 		*fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]);
447 }
448 
449 /* This function returns true when ENCAP attributes are present in the nl msg */
ipip_netlink_encap_parms(struct nlattr * data[],struct ip_tunnel_encap * ipencap)450 static bool ipip_netlink_encap_parms(struct nlattr *data[],
451 				     struct ip_tunnel_encap *ipencap)
452 {
453 	bool ret = false;
454 
455 	memset(ipencap, 0, sizeof(*ipencap));
456 
457 	if (!data)
458 		return ret;
459 
460 	if (data[IFLA_IPTUN_ENCAP_TYPE]) {
461 		ret = true;
462 		ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]);
463 	}
464 
465 	if (data[IFLA_IPTUN_ENCAP_FLAGS]) {
466 		ret = true;
467 		ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]);
468 	}
469 
470 	if (data[IFLA_IPTUN_ENCAP_SPORT]) {
471 		ret = true;
472 		ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]);
473 	}
474 
475 	if (data[IFLA_IPTUN_ENCAP_DPORT]) {
476 		ret = true;
477 		ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]);
478 	}
479 
480 	return ret;
481 }
482 
ipip_newlink(struct net * src_net,struct net_device * dev,struct nlattr * tb[],struct nlattr * data[],struct netlink_ext_ack * extack)483 static int ipip_newlink(struct net *src_net, struct net_device *dev,
484 			struct nlattr *tb[], struct nlattr *data[],
485 			struct netlink_ext_ack *extack)
486 {
487 	struct ip_tunnel *t = netdev_priv(dev);
488 	struct ip_tunnel_parm p;
489 	struct ip_tunnel_encap ipencap;
490 	__u32 fwmark = 0;
491 
492 	if (ipip_netlink_encap_parms(data, &ipencap)) {
493 		int err = ip_tunnel_encap_setup(t, &ipencap);
494 
495 		if (err < 0)
496 			return err;
497 	}
498 
499 	ipip_netlink_parms(data, &p, &t->collect_md, &fwmark);
500 	return ip_tunnel_newlink(dev, tb, &p, fwmark);
501 }
502 
ipip_changelink(struct net_device * dev,struct nlattr * tb[],struct nlattr * data[],struct netlink_ext_ack * extack)503 static int ipip_changelink(struct net_device *dev, struct nlattr *tb[],
504 			   struct nlattr *data[],
505 			   struct netlink_ext_ack *extack)
506 {
507 	struct ip_tunnel *t = netdev_priv(dev);
508 	struct ip_tunnel_parm p;
509 	struct ip_tunnel_encap ipencap;
510 	bool collect_md;
511 	__u32 fwmark = t->fwmark;
512 
513 	if (ipip_netlink_encap_parms(data, &ipencap)) {
514 		int err = ip_tunnel_encap_setup(t, &ipencap);
515 
516 		if (err < 0)
517 			return err;
518 	}
519 
520 	ipip_netlink_parms(data, &p, &collect_md, &fwmark);
521 	if (collect_md)
522 		return -EINVAL;
523 
524 	if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
525 	    (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
526 		return -EINVAL;
527 
528 	return ip_tunnel_changelink(dev, tb, &p, fwmark);
529 }
530 
ipip_get_size(const struct net_device * dev)531 static size_t ipip_get_size(const struct net_device *dev)
532 {
533 	return
534 		/* IFLA_IPTUN_LINK */
535 		nla_total_size(4) +
536 		/* IFLA_IPTUN_LOCAL */
537 		nla_total_size(4) +
538 		/* IFLA_IPTUN_REMOTE */
539 		nla_total_size(4) +
540 		/* IFLA_IPTUN_TTL */
541 		nla_total_size(1) +
542 		/* IFLA_IPTUN_TOS */
543 		nla_total_size(1) +
544 		/* IFLA_IPTUN_PROTO */
545 		nla_total_size(1) +
546 		/* IFLA_IPTUN_PMTUDISC */
547 		nla_total_size(1) +
548 		/* IFLA_IPTUN_ENCAP_TYPE */
549 		nla_total_size(2) +
550 		/* IFLA_IPTUN_ENCAP_FLAGS */
551 		nla_total_size(2) +
552 		/* IFLA_IPTUN_ENCAP_SPORT */
553 		nla_total_size(2) +
554 		/* IFLA_IPTUN_ENCAP_DPORT */
555 		nla_total_size(2) +
556 		/* IFLA_IPTUN_COLLECT_METADATA */
557 		nla_total_size(0) +
558 		/* IFLA_IPTUN_FWMARK */
559 		nla_total_size(4) +
560 		0;
561 }
562 
ipip_fill_info(struct sk_buff * skb,const struct net_device * dev)563 static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev)
564 {
565 	struct ip_tunnel *tunnel = netdev_priv(dev);
566 	struct ip_tunnel_parm *parm = &tunnel->parms;
567 
568 	if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
569 	    nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
570 	    nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
571 	    nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
572 	    nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
573 	    nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->iph.protocol) ||
574 	    nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
575 		       !!(parm->iph.frag_off & htons(IP_DF))) ||
576 	    nla_put_u32(skb, IFLA_IPTUN_FWMARK, tunnel->fwmark))
577 		goto nla_put_failure;
578 
579 	if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
580 			tunnel->encap.type) ||
581 	    nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
582 			 tunnel->encap.sport) ||
583 	    nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
584 			 tunnel->encap.dport) ||
585 	    nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
586 			tunnel->encap.flags))
587 		goto nla_put_failure;
588 
589 	if (tunnel->collect_md)
590 		if (nla_put_flag(skb, IFLA_IPTUN_COLLECT_METADATA))
591 			goto nla_put_failure;
592 	return 0;
593 
594 nla_put_failure:
595 	return -EMSGSIZE;
596 }
597 
598 static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
599 	[IFLA_IPTUN_LINK]		= { .type = NLA_U32 },
600 	[IFLA_IPTUN_LOCAL]		= { .type = NLA_U32 },
601 	[IFLA_IPTUN_REMOTE]		= { .type = NLA_U32 },
602 	[IFLA_IPTUN_TTL]		= { .type = NLA_U8 },
603 	[IFLA_IPTUN_TOS]		= { .type = NLA_U8 },
604 	[IFLA_IPTUN_PROTO]		= { .type = NLA_U8 },
605 	[IFLA_IPTUN_PMTUDISC]		= { .type = NLA_U8 },
606 	[IFLA_IPTUN_ENCAP_TYPE]		= { .type = NLA_U16 },
607 	[IFLA_IPTUN_ENCAP_FLAGS]	= { .type = NLA_U16 },
608 	[IFLA_IPTUN_ENCAP_SPORT]	= { .type = NLA_U16 },
609 	[IFLA_IPTUN_ENCAP_DPORT]	= { .type = NLA_U16 },
610 	[IFLA_IPTUN_COLLECT_METADATA]	= { .type = NLA_FLAG },
611 	[IFLA_IPTUN_FWMARK]		= { .type = NLA_U32 },
612 };
613 
614 static struct rtnl_link_ops ipip_link_ops __read_mostly = {
615 	.kind		= "ipip",
616 	.maxtype	= IFLA_IPTUN_MAX,
617 	.policy		= ipip_policy,
618 	.priv_size	= sizeof(struct ip_tunnel),
619 	.setup		= ipip_tunnel_setup,
620 	.validate	= ipip_tunnel_validate,
621 	.newlink	= ipip_newlink,
622 	.changelink	= ipip_changelink,
623 	.dellink	= ip_tunnel_dellink,
624 	.get_size	= ipip_get_size,
625 	.fill_info	= ipip_fill_info,
626 	.get_link_net	= ip_tunnel_get_link_net,
627 };
628 
629 static struct xfrm_tunnel ipip_handler __read_mostly = {
630 	.handler	=	ipip_rcv,
631 	.err_handler	=	ipip_err,
632 	.priority	=	1,
633 };
634 
635 #if IS_ENABLED(CONFIG_MPLS)
636 static struct xfrm_tunnel mplsip_handler __read_mostly = {
637 	.handler	=	mplsip_rcv,
638 	.err_handler	=	ipip_err,
639 	.priority	=	1,
640 };
641 #endif
642 
ipip_init_net(struct net * net)643 static int __net_init ipip_init_net(struct net *net)
644 {
645 	return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
646 }
647 
ipip_exit_batch_net(struct list_head * list_net)648 static void __net_exit ipip_exit_batch_net(struct list_head *list_net)
649 {
650 	ip_tunnel_delete_nets(list_net, ipip_net_id, &ipip_link_ops);
651 }
652 
653 static struct pernet_operations ipip_net_ops = {
654 	.init = ipip_init_net,
655 	.exit_batch = ipip_exit_batch_net,
656 	.id   = &ipip_net_id,
657 	.size = sizeof(struct ip_tunnel_net),
658 };
659 
ipip_init(void)660 static int __init ipip_init(void)
661 {
662 	int err;
663 
664 	pr_info("ipip: IPv4 and MPLS over IPv4 tunneling driver\n");
665 
666 	err = register_pernet_device(&ipip_net_ops);
667 	if (err < 0)
668 		return err;
669 	err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
670 	if (err < 0) {
671 		pr_info("%s: can't register tunnel\n", __func__);
672 		goto xfrm_tunnel_ipip_failed;
673 	}
674 #if IS_ENABLED(CONFIG_MPLS)
675 	err = xfrm4_tunnel_register(&mplsip_handler, AF_MPLS);
676 	if (err < 0) {
677 		pr_info("%s: can't register tunnel\n", __func__);
678 		goto xfrm_tunnel_mplsip_failed;
679 	}
680 #endif
681 	err = rtnl_link_register(&ipip_link_ops);
682 	if (err < 0)
683 		goto rtnl_link_failed;
684 
685 out:
686 	return err;
687 
688 rtnl_link_failed:
689 #if IS_ENABLED(CONFIG_MPLS)
690 	xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS);
691 xfrm_tunnel_mplsip_failed:
692 
693 #endif
694 	xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
695 xfrm_tunnel_ipip_failed:
696 	unregister_pernet_device(&ipip_net_ops);
697 	goto out;
698 }
699 
ipip_fini(void)700 static void __exit ipip_fini(void)
701 {
702 	rtnl_link_unregister(&ipip_link_ops);
703 	if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
704 		pr_info("%s: can't deregister tunnel\n", __func__);
705 #if IS_ENABLED(CONFIG_MPLS)
706 	if (xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS))
707 		pr_info("%s: can't deregister tunnel\n", __func__);
708 #endif
709 	unregister_pernet_device(&ipip_net_ops);
710 }
711 
712 module_init(ipip_init);
713 module_exit(ipip_fini);
714 MODULE_LICENSE("GPL");
715 MODULE_ALIAS_RTNL_LINK("ipip");
716 MODULE_ALIAS_NETDEV("tunl0");
717