Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
sit.c
Go to the documentation of this file.
1 /*
2  * IPv6 over IPv4 tunnel device - Simple Internet Transition (SIT)
3  * Linux INET6 implementation
4  *
5  * Authors:
6  * Pedro Roque <[email protected]>
7  * Alexey Kuznetsov <[email protected]>
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License
11  * as published by the Free Software Foundation; either version
12  * 2 of the License, or (at your option) any later version.
13  *
14  * Changes:
15  * Roger Venning <[email protected]>: 6to4 support
16  * Nate Thompson <[email protected]>: 6to4 support
17  * Fred Templin <[email protected]>: isatap support
18  */
19 
20 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
21 
22 #include <linux/module.h>
23 #include <linux/capability.h>
24 #include <linux/errno.h>
25 #include <linux/types.h>
26 #include <linux/socket.h>
27 #include <linux/sockios.h>
28 #include <linux/net.h>
29 #include <linux/in6.h>
30 #include <linux/netdevice.h>
31 #include <linux/if_arp.h>
32 #include <linux/icmp.h>
33 #include <linux/slab.h>
34 #include <asm/uaccess.h>
35 #include <linux/init.h>
36 #include <linux/netfilter_ipv4.h>
37 #include <linux/if_ether.h>
38 
39 #include <net/sock.h>
40 #include <net/snmp.h>
41 
42 #include <net/ipv6.h>
43 #include <net/protocol.h>
44 #include <net/transp_v6.h>
45 #include <net/ip6_fib.h>
46 #include <net/ip6_route.h>
47 #include <net/ndisc.h>
48 #include <net/addrconf.h>
49 #include <net/ip.h>
50 #include <net/udp.h>
51 #include <net/icmp.h>
52 #include <net/ipip.h>
53 #include <net/inet_ecn.h>
54 #include <net/xfrm.h>
55 #include <net/dsfield.h>
56 #include <net/net_namespace.h>
57 #include <net/netns/generic.h>
58 
59 /*
60  This version of net/ipv6/sit.c is cloned of net/ipv4/ip_gre.c
61 
62  For comments look at net/ipv4/ip_gre.c --ANK
63  */
64 
65 #define HASH_SIZE 16
66 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
67 
68 static int ipip6_tunnel_init(struct net_device *dev);
69 static void ipip6_tunnel_setup(struct net_device *dev);
70 static void ipip6_dev_free(struct net_device *dev);
71 
72 static int sit_net_id __read_mostly;
73 struct sit_net {
74  struct ip_tunnel __rcu *tunnels_r_l[HASH_SIZE];
75  struct ip_tunnel __rcu *tunnels_r[HASH_SIZE];
76  struct ip_tunnel __rcu *tunnels_l[HASH_SIZE];
77  struct ip_tunnel __rcu *tunnels_wc[1];
78  struct ip_tunnel __rcu **tunnels[4];
79 
80  struct net_device *fb_tunnel_dev;
81 };
82 
83 /*
84  * Locking : hash tables are protected by RCU and RTNL
85  */
86 
87 #define for_each_ip_tunnel_rcu(start) \
88  for (t = rcu_dereference(start); t; t = rcu_dereference(t->next))
89 
90 /* often modified stats are per cpu, other are shared (netdev->stats) */
91 struct pcpu_tstats {
92  u64 rx_packets;
93  u64 rx_bytes;
94  u64 tx_packets;
95  u64 tx_bytes;
96  struct u64_stats_sync syncp;
97 };
98 
99 static struct rtnl_link_stats64 *ipip6_get_stats64(struct net_device *dev,
100  struct rtnl_link_stats64 *tot)
101 {
102  int i;
103 
104  for_each_possible_cpu(i) {
105  const struct pcpu_tstats *tstats = per_cpu_ptr(dev->tstats, i);
106  u64 rx_packets, rx_bytes, tx_packets, tx_bytes;
107  unsigned int start;
108 
109  do {
110  start = u64_stats_fetch_begin_bh(&tstats->syncp);
111  rx_packets = tstats->rx_packets;
112  tx_packets = tstats->tx_packets;
113  rx_bytes = tstats->rx_bytes;
114  tx_bytes = tstats->tx_bytes;
115  } while (u64_stats_fetch_retry_bh(&tstats->syncp, start));
116 
117  tot->rx_packets += rx_packets;
118  tot->tx_packets += tx_packets;
119  tot->rx_bytes += rx_bytes;
120  tot->tx_bytes += tx_bytes;
121  }
122 
123  tot->rx_errors = dev->stats.rx_errors;
124  tot->tx_fifo_errors = dev->stats.tx_fifo_errors;
125  tot->tx_carrier_errors = dev->stats.tx_carrier_errors;
126  tot->tx_dropped = dev->stats.tx_dropped;
127  tot->tx_aborted_errors = dev->stats.tx_aborted_errors;
128  tot->tx_errors = dev->stats.tx_errors;
129 
130  return tot;
131 }
132 
133 /*
134  * Must be invoked with rcu_read_lock
135  */
136 static struct ip_tunnel *ipip6_tunnel_lookup(struct net *net,
137  struct net_device *dev, __be32 remote, __be32 local)
138 {
139  unsigned int h0 = HASH(remote);
140  unsigned int h1 = HASH(local);
141  struct ip_tunnel *t;
142  struct sit_net *sitn = net_generic(net, sit_net_id);
143 
144  for_each_ip_tunnel_rcu(sitn->tunnels_r_l[h0 ^ h1]) {
145  if (local == t->parms.iph.saddr &&
146  remote == t->parms.iph.daddr &&
147  (!dev || !t->parms.link || dev->iflink == t->parms.link) &&
148  (t->dev->flags & IFF_UP))
149  return t;
150  }
151  for_each_ip_tunnel_rcu(sitn->tunnels_r[h0]) {
152  if (remote == t->parms.iph.daddr &&
153  (!dev || !t->parms.link || dev->iflink == t->parms.link) &&
154  (t->dev->flags & IFF_UP))
155  return t;
156  }
157  for_each_ip_tunnel_rcu(sitn->tunnels_l[h1]) {
158  if (local == t->parms.iph.saddr &&
159  (!dev || !t->parms.link || dev->iflink == t->parms.link) &&
160  (t->dev->flags & IFF_UP))
161  return t;
162  }
163  t = rcu_dereference(sitn->tunnels_wc[0]);
164  if ((t != NULL) && (t->dev->flags & IFF_UP))
165  return t;
166  return NULL;
167 }
168 
169 static struct ip_tunnel __rcu **__ipip6_bucket(struct sit_net *sitn,
170  struct ip_tunnel_parm *parms)
171 {
172  __be32 remote = parms->iph.daddr;
173  __be32 local = parms->iph.saddr;
174  unsigned int h = 0;
175  int prio = 0;
176 
177  if (remote) {
178  prio |= 2;
179  h ^= HASH(remote);
180  }
181  if (local) {
182  prio |= 1;
183  h ^= HASH(local);
184  }
185  return &sitn->tunnels[prio][h];
186 }
187 
188 static inline struct ip_tunnel __rcu **ipip6_bucket(struct sit_net *sitn,
189  struct ip_tunnel *t)
190 {
191  return __ipip6_bucket(sitn, &t->parms);
192 }
193 
194 static void ipip6_tunnel_unlink(struct sit_net *sitn, struct ip_tunnel *t)
195 {
196  struct ip_tunnel __rcu **tp;
197  struct ip_tunnel *iter;
198 
199  for (tp = ipip6_bucket(sitn, t);
200  (iter = rtnl_dereference(*tp)) != NULL;
201  tp = &iter->next) {
202  if (t == iter) {
203  rcu_assign_pointer(*tp, t->next);
204  break;
205  }
206  }
207 }
208 
209 static void ipip6_tunnel_link(struct sit_net *sitn, struct ip_tunnel *t)
210 {
211  struct ip_tunnel __rcu **tp = ipip6_bucket(sitn, t);
212 
213  rcu_assign_pointer(t->next, rtnl_dereference(*tp));
214  rcu_assign_pointer(*tp, t);
215 }
216 
217 static void ipip6_tunnel_clone_6rd(struct net_device *dev, struct sit_net *sitn)
218 {
219 #ifdef CONFIG_IPV6_SIT_6RD
220  struct ip_tunnel *t = netdev_priv(dev);
221 
222  if (t->dev == sitn->fb_tunnel_dev) {
223  ipv6_addr_set(&t->ip6rd.prefix, htonl(0x20020000), 0, 0, 0);
224  t->ip6rd.relay_prefix = 0;
225  t->ip6rd.prefixlen = 16;
226  t->ip6rd.relay_prefixlen = 0;
227  } else {
228  struct ip_tunnel *t0 = netdev_priv(sitn->fb_tunnel_dev);
229  memcpy(&t->ip6rd, &t0->ip6rd, sizeof(t->ip6rd));
230  }
231 #endif
232 }
233 
234 static struct ip_tunnel *ipip6_tunnel_locate(struct net *net,
235  struct ip_tunnel_parm *parms, int create)
236 {
237  __be32 remote = parms->iph.daddr;
238  __be32 local = parms->iph.saddr;
239  struct ip_tunnel *t, *nt;
240  struct ip_tunnel __rcu **tp;
241  struct net_device *dev;
242  char name[IFNAMSIZ];
243  struct sit_net *sitn = net_generic(net, sit_net_id);
244 
245  for (tp = __ipip6_bucket(sitn, parms);
246  (t = rtnl_dereference(*tp)) != NULL;
247  tp = &t->next) {
248  if (local == t->parms.iph.saddr &&
249  remote == t->parms.iph.daddr &&
250  parms->link == t->parms.link) {
251  if (create)
252  return NULL;
253  else
254  return t;
255  }
256  }
257  if (!create)
258  goto failed;
259 
260  if (parms->name[0])
261  strlcpy(name, parms->name, IFNAMSIZ);
262  else
263  strcpy(name, "sit%d");
264 
265  dev = alloc_netdev(sizeof(*t), name, ipip6_tunnel_setup);
266  if (dev == NULL)
267  return NULL;
268 
269  dev_net_set(dev, net);
270 
271  nt = netdev_priv(dev);
272 
273  nt->parms = *parms;
274  if (ipip6_tunnel_init(dev) < 0)
275  goto failed_free;
276  ipip6_tunnel_clone_6rd(dev, sitn);
277 
278  if (parms->i_flags & SIT_ISATAP)
279  dev->priv_flags |= IFF_ISATAP;
280 
281  if (register_netdevice(dev) < 0)
282  goto failed_free;
283 
284  strcpy(nt->parms.name, dev->name);
285 
286  dev_hold(dev);
287 
288  ipip6_tunnel_link(sitn, nt);
289  return nt;
290 
291 failed_free:
292  ipip6_dev_free(dev);
293 failed:
294  return NULL;
295 }
296 
297 #define for_each_prl_rcu(start) \
298  for (prl = rcu_dereference(start); \
299  prl; \
300  prl = rcu_dereference(prl->next))
301 
302 static struct ip_tunnel_prl_entry *
303 __ipip6_tunnel_locate_prl(struct ip_tunnel *t, __be32 addr)
304 {
305  struct ip_tunnel_prl_entry *prl;
306 
307  for_each_prl_rcu(t->prl)
308  if (prl->addr == addr)
309  break;
310  return prl;
311 
312 }
313 
314 static int ipip6_tunnel_get_prl(struct ip_tunnel *t,
315  struct ip_tunnel_prl __user *a)
316 {
317  struct ip_tunnel_prl kprl, *kp;
318  struct ip_tunnel_prl_entry *prl;
319  unsigned int cmax, c = 0, ca, len;
320  int ret = 0;
321 
322  if (copy_from_user(&kprl, a, sizeof(kprl)))
323  return -EFAULT;
324  cmax = kprl.datalen / sizeof(kprl);
325  if (cmax > 1 && kprl.addr != htonl(INADDR_ANY))
326  cmax = 1;
327 
328  /* For simple GET or for root users,
329  * we try harder to allocate.
330  */
331  kp = (cmax <= 1 || capable(CAP_NET_ADMIN)) ?
332  kcalloc(cmax, sizeof(*kp), GFP_KERNEL) :
333  NULL;
334 
335  rcu_read_lock();
336 
337  ca = t->prl_count < cmax ? t->prl_count : cmax;
338 
339  if (!kp) {
340  /* We don't try hard to allocate much memory for
341  * non-root users.
342  * For root users, retry allocating enough memory for
343  * the answer.
344  */
345  kp = kcalloc(ca, sizeof(*kp), GFP_ATOMIC);
346  if (!kp) {
347  ret = -ENOMEM;
348  goto out;
349  }
350  }
351 
352  c = 0;
353  for_each_prl_rcu(t->prl) {
354  if (c >= cmax)
355  break;
356  if (kprl.addr != htonl(INADDR_ANY) && prl->addr != kprl.addr)
357  continue;
358  kp[c].addr = prl->addr;
359  kp[c].flags = prl->flags;
360  c++;
361  if (kprl.addr != htonl(INADDR_ANY))
362  break;
363  }
364 out:
365  rcu_read_unlock();
366 
367  len = sizeof(*kp) * c;
368  ret = 0;
369  if ((len && copy_to_user(a + 1, kp, len)) || put_user(len, &a->datalen))
370  ret = -EFAULT;
371 
372  kfree(kp);
373 
374  return ret;
375 }
376 
377 static int
378 ipip6_tunnel_add_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a, int chg)
379 {
380  struct ip_tunnel_prl_entry *p;
381  int err = 0;
382 
383  if (a->addr == htonl(INADDR_ANY))
384  return -EINVAL;
385 
386  ASSERT_RTNL();
387 
388  for (p = rtnl_dereference(t->prl); p; p = rtnl_dereference(p->next)) {
389  if (p->addr == a->addr) {
390  if (chg) {
391  p->flags = a->flags;
392  goto out;
393  }
394  err = -EEXIST;
395  goto out;
396  }
397  }
398 
399  if (chg) {
400  err = -ENXIO;
401  goto out;
402  }
403 
404  p = kzalloc(sizeof(struct ip_tunnel_prl_entry), GFP_KERNEL);
405  if (!p) {
406  err = -ENOBUFS;
407  goto out;
408  }
409 
410  p->next = t->prl;
411  p->addr = a->addr;
412  p->flags = a->flags;
413  t->prl_count++;
414  rcu_assign_pointer(t->prl, p);
415 out:
416  return err;
417 }
418 
419 static void prl_list_destroy_rcu(struct rcu_head *head)
420 {
421  struct ip_tunnel_prl_entry *p, *n;
422 
423  p = container_of(head, struct ip_tunnel_prl_entry, rcu_head);
424  do {
425  n = rcu_dereference_protected(p->next, 1);
426  kfree(p);
427  p = n;
428  } while (p);
429 }
430 
431 static int
432 ipip6_tunnel_del_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a)
433 {
434  struct ip_tunnel_prl_entry *x;
435  struct ip_tunnel_prl_entry __rcu **p;
436  int err = 0;
437 
438  ASSERT_RTNL();
439 
440  if (a && a->addr != htonl(INADDR_ANY)) {
441  for (p = &t->prl;
442  (x = rtnl_dereference(*p)) != NULL;
443  p = &x->next) {
444  if (x->addr == a->addr) {
445  *p = x->next;
446  kfree_rcu(x, rcu_head);
447  t->prl_count--;
448  goto out;
449  }
450  }
451  err = -ENXIO;
452  } else {
453  x = rtnl_dereference(t->prl);
454  if (x) {
455  t->prl_count = 0;
456  call_rcu(&x->rcu_head, prl_list_destroy_rcu);
457  t->prl = NULL;
458  }
459  }
460 out:
461  return err;
462 }
463 
464 static int
465 isatap_chksrc(struct sk_buff *skb, const struct iphdr *iph, struct ip_tunnel *t)
466 {
467  struct ip_tunnel_prl_entry *p;
468  int ok = 1;
469 
470  rcu_read_lock();
471  p = __ipip6_tunnel_locate_prl(t, iph->saddr);
472  if (p) {
473  if (p->flags & PRL_DEFAULT)
474  skb->ndisc_nodetype = NDISC_NODETYPE_DEFAULT;
475  else
476  skb->ndisc_nodetype = NDISC_NODETYPE_NODEFAULT;
477  } else {
478  const struct in6_addr *addr6 = &ipv6_hdr(skb)->saddr;
479 
480  if (ipv6_addr_is_isatap(addr6) &&
481  (addr6->s6_addr32[3] == iph->saddr) &&
482  ipv6_chk_prefix(addr6, t->dev))
483  skb->ndisc_nodetype = NDISC_NODETYPE_HOST;
484  else
485  ok = 0;
486  }
487  rcu_read_unlock();
488  return ok;
489 }
490 
491 static void ipip6_tunnel_uninit(struct net_device *dev)
492 {
493  struct net *net = dev_net(dev);
494  struct sit_net *sitn = net_generic(net, sit_net_id);
495 
496  if (dev == sitn->fb_tunnel_dev) {
497  RCU_INIT_POINTER(sitn->tunnels_wc[0], NULL);
498  } else {
499  ipip6_tunnel_unlink(sitn, netdev_priv(dev));
500  ipip6_tunnel_del_prl(netdev_priv(dev), NULL);
501  }
502  dev_put(dev);
503 }
504 
505 
506 static int ipip6_err(struct sk_buff *skb, u32 info)
507 {
508 
509 /* All the routers (except for Linux) return only
510  8 bytes of packet payload. It means, that precise relaying of
511  ICMP in the real Internet is absolutely infeasible.
512  */
513  const struct iphdr *iph = (const struct iphdr *)skb->data;
514  const int type = icmp_hdr(skb)->type;
515  const int code = icmp_hdr(skb)->code;
516  struct ip_tunnel *t;
517  int err;
518 
519  switch (type) {
520  default:
521  case ICMP_PARAMETERPROB:
522  return 0;
523 
524  case ICMP_DEST_UNREACH:
525  switch (code) {
526  case ICMP_SR_FAILED:
527  case ICMP_PORT_UNREACH:
528  /* Impossible event. */
529  return 0;
530  default:
531  /* All others are translated to HOST_UNREACH.
532  rfc2003 contains "deep thoughts" about NET_UNREACH,
533  I believe they are just ether pollution. --ANK
534  */
535  break;
536  }
537  break;
538  case ICMP_TIME_EXCEEDED:
539  if (code != ICMP_EXC_TTL)
540  return 0;
541  break;
542  case ICMP_REDIRECT:
543  break;
544  }
545 
546  err = -ENOENT;
547 
548  t = ipip6_tunnel_lookup(dev_net(skb->dev),
549  skb->dev,
550  iph->daddr,
551  iph->saddr);
552  if (t == NULL)
553  goto out;
554 
555  if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
556  ipv4_update_pmtu(skb, dev_net(skb->dev), info,
557  t->dev->ifindex, 0, IPPROTO_IPV6, 0);
558  err = 0;
559  goto out;
560  }
561  if (type == ICMP_REDIRECT) {
562  ipv4_redirect(skb, dev_net(skb->dev), t->dev->ifindex, 0,
563  IPPROTO_IPV6, 0);
564  err = 0;
565  goto out;
566  }
567 
568  if (t->parms.iph.daddr == 0)
569  goto out;
570 
571  err = 0;
572  if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
573  goto out;
574 
575  if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
576  t->err_count++;
577  else
578  t->err_count = 1;
579  t->err_time = jiffies;
580 out:
581  return err;
582 }
583 
584 static inline void ipip6_ecn_decapsulate(const struct iphdr *iph, struct sk_buff *skb)
585 {
586  if (INET_ECN_is_ce(iph->tos))
587  IP6_ECN_set_ce(ipv6_hdr(skb));
588 }
589 
590 static int ipip6_rcv(struct sk_buff *skb)
591 {
592  const struct iphdr *iph;
593  struct ip_tunnel *tunnel;
594 
595  if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
596  goto out;
597 
598  iph = ip_hdr(skb);
599 
600  tunnel = ipip6_tunnel_lookup(dev_net(skb->dev), skb->dev,
601  iph->saddr, iph->daddr);
602  if (tunnel != NULL) {
603  struct pcpu_tstats *tstats;
604 
605  secpath_reset(skb);
606  skb->mac_header = skb->network_header;
607  skb_reset_network_header(skb);
608  IPCB(skb)->flags = 0;
609  skb->protocol = htons(ETH_P_IPV6);
610  skb->pkt_type = PACKET_HOST;
611 
612  if ((tunnel->dev->priv_flags & IFF_ISATAP) &&
613  !isatap_chksrc(skb, iph, tunnel)) {
614  tunnel->dev->stats.rx_errors++;
615  kfree_skb(skb);
616  return 0;
617  }
618 
619  tstats = this_cpu_ptr(tunnel->dev->tstats);
620  tstats->rx_packets++;
621  tstats->rx_bytes += skb->len;
622 
623  __skb_tunnel_rx(skb, tunnel->dev);
624 
625  ipip6_ecn_decapsulate(iph, skb);
626 
627  netif_rx(skb);
628 
629  return 0;
630  }
631 
632  /* no tunnel matched, let upstream know, ipsec may handle it */
633  return 1;
634 out:
635  kfree_skb(skb);
636  return 0;
637 }
638 
639 /*
640  * Returns the embedded IPv4 address if the IPv6 address
641  * comes from 6rd / 6to4 (RFC 3056) addr space.
642  */
643 static inline
644 __be32 try_6rd(const struct in6_addr *v6dst, struct ip_tunnel *tunnel)
645 {
646  __be32 dst = 0;
647 
648 #ifdef CONFIG_IPV6_SIT_6RD
649  if (ipv6_prefix_equal(v6dst, &tunnel->ip6rd.prefix,
650  tunnel->ip6rd.prefixlen)) {
651  unsigned int pbw0, pbi0;
652  int pbi1;
653  u32 d;
654 
655  pbw0 = tunnel->ip6rd.prefixlen >> 5;
656  pbi0 = tunnel->ip6rd.prefixlen & 0x1f;
657 
658  d = (ntohl(v6dst->s6_addr32[pbw0]) << pbi0) >>
659  tunnel->ip6rd.relay_prefixlen;
660 
661  pbi1 = pbi0 - tunnel->ip6rd.relay_prefixlen;
662  if (pbi1 > 0)
663  d |= ntohl(v6dst->s6_addr32[pbw0 + 1]) >>
664  (32 - pbi1);
665 
666  dst = tunnel->ip6rd.relay_prefix | htonl(d);
667  }
668 #else
669  if (v6dst->s6_addr16[0] == htons(0x2002)) {
670  /* 6to4 v6 addr has 16 bits prefix, 32 v4addr, 16 SLA, ... */
671  memcpy(&dst, &v6dst->s6_addr16[1], 4);
672  }
673 #endif
674  return dst;
675 }
676 
677 /*
678  * This function assumes it is being called from dev_queue_xmit()
679  * and that skb is filled properly by that function.
680  */
681 
682 static netdev_tx_t ipip6_tunnel_xmit(struct sk_buff *skb,
683  struct net_device *dev)
684 {
685  struct ip_tunnel *tunnel = netdev_priv(dev);
686  struct pcpu_tstats *tstats;
687  const struct iphdr *tiph = &tunnel->parms.iph;
688  const struct ipv6hdr *iph6 = ipv6_hdr(skb);
689  u8 tos = tunnel->parms.iph.tos;
690  __be16 df = tiph->frag_off;
691  struct rtable *rt; /* Route to the other host */
692  struct net_device *tdev; /* Device to other host */
693  struct iphdr *iph; /* Our new IP header */
694  unsigned int max_headroom; /* The extra header space needed */
695  __be32 dst = tiph->daddr;
696  struct flowi4 fl4;
697  int mtu;
698  const struct in6_addr *addr6;
699  int addr_type;
700 
701  if (skb->protocol != htons(ETH_P_IPV6))
702  goto tx_error;
703 
704  if (tos == 1)
705  tos = ipv6_get_dsfield(iph6);
706 
707  /* ISATAP (RFC4214) - must come before 6to4 */
708  if (dev->priv_flags & IFF_ISATAP) {
709  struct neighbour *neigh = NULL;
710  bool do_tx_error = false;
711 
712  if (skb_dst(skb))
713  neigh = dst_neigh_lookup(skb_dst(skb), &iph6->daddr);
714 
715  if (neigh == NULL) {
716  net_dbg_ratelimited("sit: nexthop == NULL\n");
717  goto tx_error;
718  }
719 
720  addr6 = (const struct in6_addr *)&neigh->primary_key;
721  addr_type = ipv6_addr_type(addr6);
722 
723  if ((addr_type & IPV6_ADDR_UNICAST) &&
724  ipv6_addr_is_isatap(addr6))
725  dst = addr6->s6_addr32[3];
726  else
727  do_tx_error = true;
728 
729  neigh_release(neigh);
730  if (do_tx_error)
731  goto tx_error;
732  }
733 
734  if (!dst)
735  dst = try_6rd(&iph6->daddr, tunnel);
736 
737  if (!dst) {
738  struct neighbour *neigh = NULL;
739  bool do_tx_error = false;
740 
741  if (skb_dst(skb))
742  neigh = dst_neigh_lookup(skb_dst(skb), &iph6->daddr);
743 
744  if (neigh == NULL) {
745  net_dbg_ratelimited("sit: nexthop == NULL\n");
746  goto tx_error;
747  }
748 
749  addr6 = (const struct in6_addr *)&neigh->primary_key;
750  addr_type = ipv6_addr_type(addr6);
751 
752  if (addr_type == IPV6_ADDR_ANY) {
753  addr6 = &ipv6_hdr(skb)->daddr;
754  addr_type = ipv6_addr_type(addr6);
755  }
756 
757  if ((addr_type & IPV6_ADDR_COMPATv4) != 0)
758  dst = addr6->s6_addr32[3];
759  else
760  do_tx_error = true;
761 
762  neigh_release(neigh);
763  if (do_tx_error)
764  goto tx_error;
765  }
766 
767  rt = ip_route_output_ports(dev_net(dev), &fl4, NULL,
768  dst, tiph->saddr,
769  0, 0,
770  IPPROTO_IPV6, RT_TOS(tos),
771  tunnel->parms.link);
772  if (IS_ERR(rt)) {
773  dev->stats.tx_carrier_errors++;
774  goto tx_error_icmp;
775  }
776  if (rt->rt_type != RTN_UNICAST) {
777  ip_rt_put(rt);
778  dev->stats.tx_carrier_errors++;
779  goto tx_error_icmp;
780  }
781  tdev = rt->dst.dev;
782 
783  if (tdev == dev) {
784  ip_rt_put(rt);
785  dev->stats.collisions++;
786  goto tx_error;
787  }
788 
789  if (df) {
790  mtu = dst_mtu(&rt->dst) - sizeof(struct iphdr);
791 
792  if (mtu < 68) {
793  dev->stats.collisions++;
794  ip_rt_put(rt);
795  goto tx_error;
796  }
797 
798  if (mtu < IPV6_MIN_MTU) {
799  mtu = IPV6_MIN_MTU;
800  df = 0;
801  }
802 
803  if (tunnel->parms.iph.daddr && skb_dst(skb))
804  skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu);
805 
806  if (skb->len > mtu) {
807  icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
808  ip_rt_put(rt);
809  goto tx_error;
810  }
811  }
812 
813  if (tunnel->err_count > 0) {
814  if (time_before(jiffies,
815  tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
816  tunnel->err_count--;
817  dst_link_failure(skb);
818  } else
819  tunnel->err_count = 0;
820  }
821 
822  /*
823  * Okay, now see if we can stuff it in the buffer as-is.
824  */
825  max_headroom = LL_RESERVED_SPACE(tdev)+sizeof(struct iphdr);
826 
827  if (skb_headroom(skb) < max_headroom || skb_shared(skb) ||
828  (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
829  struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
830  if (!new_skb) {
831  ip_rt_put(rt);
832  dev->stats.tx_dropped++;
833  dev_kfree_skb(skb);
834  return NETDEV_TX_OK;
835  }
836  if (skb->sk)
837  skb_set_owner_w(new_skb, skb->sk);
838  dev_kfree_skb(skb);
839  skb = new_skb;
840  iph6 = ipv6_hdr(skb);
841  }
842 
843  skb->transport_header = skb->network_header;
844  skb_push(skb, sizeof(struct iphdr));
845  skb_reset_network_header(skb);
846  memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
847  IPCB(skb)->flags = 0;
848  skb_dst_drop(skb);
849  skb_dst_set(skb, &rt->dst);
850 
851  /*
852  * Push down and install the IPIP header.
853  */
854 
855  iph = ip_hdr(skb);
856  iph->version = 4;
857  iph->ihl = sizeof(struct iphdr)>>2;
858  iph->frag_off = df;
859  iph->protocol = IPPROTO_IPV6;
860  iph->tos = INET_ECN_encapsulate(tos, ipv6_get_dsfield(iph6));
861  iph->daddr = fl4.daddr;
862  iph->saddr = fl4.saddr;
863 
864  if ((iph->ttl = tiph->ttl) == 0)
865  iph->ttl = iph6->hop_limit;
866 
867  nf_reset(skb);
868  tstats = this_cpu_ptr(dev->tstats);
869  __IPTUNNEL_XMIT(tstats, &dev->stats);
870  return NETDEV_TX_OK;
871 
872 tx_error_icmp:
873  dst_link_failure(skb);
874 tx_error:
875  dev->stats.tx_errors++;
876  dev_kfree_skb(skb);
877  return NETDEV_TX_OK;
878 }
879 
880 static void ipip6_tunnel_bind_dev(struct net_device *dev)
881 {
882  struct net_device *tdev = NULL;
883  struct ip_tunnel *tunnel;
884  const struct iphdr *iph;
885  struct flowi4 fl4;
886 
887  tunnel = netdev_priv(dev);
888  iph = &tunnel->parms.iph;
889 
890  if (iph->daddr) {
891  struct rtable *rt = ip_route_output_ports(dev_net(dev), &fl4, NULL,
892  iph->daddr, iph->saddr,
893  0, 0,
894  IPPROTO_IPV6,
895  RT_TOS(iph->tos),
896  tunnel->parms.link);
897 
898  if (!IS_ERR(rt)) {
899  tdev = rt->dst.dev;
900  ip_rt_put(rt);
901  }
902  dev->flags |= IFF_POINTOPOINT;
903  }
904 
905  if (!tdev && tunnel->parms.link)
906  tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link);
907 
908  if (tdev) {
909  dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr);
910  dev->mtu = tdev->mtu - sizeof(struct iphdr);
911  if (dev->mtu < IPV6_MIN_MTU)
912  dev->mtu = IPV6_MIN_MTU;
913  }
914  dev->iflink = tunnel->parms.link;
915 }
916 
917 static int
918 ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
919 {
920  int err = 0;
921  struct ip_tunnel_parm p;
922  struct ip_tunnel_prl prl;
923  struct ip_tunnel *t;
924  struct net *net = dev_net(dev);
925  struct sit_net *sitn = net_generic(net, sit_net_id);
926 #ifdef CONFIG_IPV6_SIT_6RD
927  struct ip_tunnel_6rd ip6rd;
928 #endif
929 
930  switch (cmd) {
931  case SIOCGETTUNNEL:
932 #ifdef CONFIG_IPV6_SIT_6RD
933  case SIOCGET6RD:
934 #endif
935  t = NULL;
936  if (dev == sitn->fb_tunnel_dev) {
937  if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
938  err = -EFAULT;
939  break;
940  }
941  t = ipip6_tunnel_locate(net, &p, 0);
942  }
943  if (t == NULL)
944  t = netdev_priv(dev);
945 
946  err = -EFAULT;
947  if (cmd == SIOCGETTUNNEL) {
948  memcpy(&p, &t->parms, sizeof(p));
949  if (copy_to_user(ifr->ifr_ifru.ifru_data, &p,
950  sizeof(p)))
951  goto done;
952 #ifdef CONFIG_IPV6_SIT_6RD
953  } else {
954  ip6rd.prefix = t->ip6rd.prefix;
955  ip6rd.relay_prefix = t->ip6rd.relay_prefix;
956  ip6rd.prefixlen = t->ip6rd.prefixlen;
957  ip6rd.relay_prefixlen = t->ip6rd.relay_prefixlen;
958  if (copy_to_user(ifr->ifr_ifru.ifru_data, &ip6rd,
959  sizeof(ip6rd)))
960  goto done;
961 #endif
962  }
963  err = 0;
964  break;
965 
966  case SIOCADDTUNNEL:
967  case SIOCCHGTUNNEL:
968  err = -EPERM;
969  if (!capable(CAP_NET_ADMIN))
970  goto done;
971 
972  err = -EFAULT;
973  if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
974  goto done;
975 
976  err = -EINVAL;
977  if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPV6 ||
978  p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
979  goto done;
980  if (p.iph.ttl)
981  p.iph.frag_off |= htons(IP_DF);
982 
983  t = ipip6_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL);
984 
985  if (dev != sitn->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
986  if (t != NULL) {
987  if (t->dev != dev) {
988  err = -EEXIST;
989  break;
990  }
991  } else {
992  if (((dev->flags&IFF_POINTOPOINT) && !p.iph.daddr) ||
993  (!(dev->flags&IFF_POINTOPOINT) && p.iph.daddr)) {
994  err = -EINVAL;
995  break;
996  }
997  t = netdev_priv(dev);
998  ipip6_tunnel_unlink(sitn, t);
999  synchronize_net();
1000  t->parms.iph.saddr = p.iph.saddr;
1001  t->parms.iph.daddr = p.iph.daddr;
1002  memcpy(dev->dev_addr, &p.iph.saddr, 4);
1003  memcpy(dev->broadcast, &p.iph.daddr, 4);
1004  ipip6_tunnel_link(sitn, t);
1005  netdev_state_change(dev);
1006  }
1007  }
1008 
1009  if (t) {
1010  err = 0;
1011  if (cmd == SIOCCHGTUNNEL) {
1012  t->parms.iph.ttl = p.iph.ttl;
1013  t->parms.iph.tos = p.iph.tos;
1014  if (t->parms.link != p.link) {
1015  t->parms.link = p.link;
1016  ipip6_tunnel_bind_dev(dev);
1017  netdev_state_change(dev);
1018  }
1019  }
1020  if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
1021  err = -EFAULT;
1022  } else
1023  err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
1024  break;
1025 
1026  case SIOCDELTUNNEL:
1027  err = -EPERM;
1028  if (!capable(CAP_NET_ADMIN))
1029  goto done;
1030 
1031  if (dev == sitn->fb_tunnel_dev) {
1032  err = -EFAULT;
1033  if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
1034  goto done;
1035  err = -ENOENT;
1036  if ((t = ipip6_tunnel_locate(net, &p, 0)) == NULL)
1037  goto done;
1038  err = -EPERM;
1039  if (t == netdev_priv(sitn->fb_tunnel_dev))
1040  goto done;
1041  dev = t->dev;
1042  }
1043  unregister_netdevice(dev);
1044  err = 0;
1045  break;
1046 
1047  case SIOCGETPRL:
1048  err = -EINVAL;
1049  if (dev == sitn->fb_tunnel_dev)
1050  goto done;
1051  err = -ENOENT;
1052  if (!(t = netdev_priv(dev)))
1053  goto done;
1054  err = ipip6_tunnel_get_prl(t, ifr->ifr_ifru.ifru_data);
1055  break;
1056 
1057  case SIOCADDPRL:
1058  case SIOCDELPRL:
1059  case SIOCCHGPRL:
1060  err = -EPERM;
1061  if (!capable(CAP_NET_ADMIN))
1062  goto done;
1063  err = -EINVAL;
1064  if (dev == sitn->fb_tunnel_dev)
1065  goto done;
1066  err = -EFAULT;
1067  if (copy_from_user(&prl, ifr->ifr_ifru.ifru_data, sizeof(prl)))
1068  goto done;
1069  err = -ENOENT;
1070  if (!(t = netdev_priv(dev)))
1071  goto done;
1072 
1073  switch (cmd) {
1074  case SIOCDELPRL:
1075  err = ipip6_tunnel_del_prl(t, &prl);
1076  break;
1077  case SIOCADDPRL:
1078  case SIOCCHGPRL:
1079  err = ipip6_tunnel_add_prl(t, &prl, cmd == SIOCCHGPRL);
1080  break;
1081  }
1082  netdev_state_change(dev);
1083  break;
1084 
1085 #ifdef CONFIG_IPV6_SIT_6RD
1086  case SIOCADD6RD:
1087  case SIOCCHG6RD:
1088  case SIOCDEL6RD:
1089  err = -EPERM;
1090  if (!capable(CAP_NET_ADMIN))
1091  goto done;
1092 
1093  err = -EFAULT;
1094  if (copy_from_user(&ip6rd, ifr->ifr_ifru.ifru_data,
1095  sizeof(ip6rd)))
1096  goto done;
1097 
1098  t = netdev_priv(dev);
1099 
1100  if (cmd != SIOCDEL6RD) {
1101  struct in6_addr prefix;
1102  __be32 relay_prefix;
1103 
1104  err = -EINVAL;
1105  if (ip6rd.relay_prefixlen > 32 ||
1106  ip6rd.prefixlen + (32 - ip6rd.relay_prefixlen) > 64)
1107  goto done;
1108 
1109  ipv6_addr_prefix(&prefix, &ip6rd.prefix,
1110  ip6rd.prefixlen);
1111  if (!ipv6_addr_equal(&prefix, &ip6rd.prefix))
1112  goto done;
1113  if (ip6rd.relay_prefixlen)
1114  relay_prefix = ip6rd.relay_prefix &
1115  htonl(0xffffffffUL <<
1116  (32 - ip6rd.relay_prefixlen));
1117  else
1118  relay_prefix = 0;
1119  if (relay_prefix != ip6rd.relay_prefix)
1120  goto done;
1121 
1122  t->ip6rd.prefix = prefix;
1123  t->ip6rd.relay_prefix = relay_prefix;
1124  t->ip6rd.prefixlen = ip6rd.prefixlen;
1125  t->ip6rd.relay_prefixlen = ip6rd.relay_prefixlen;
1126  } else
1127  ipip6_tunnel_clone_6rd(dev, sitn);
1128 
1129  err = 0;
1130  break;
1131 #endif
1132 
1133  default:
1134  err = -EINVAL;
1135  }
1136 
1137 done:
1138  return err;
1139 }
1140 
1141 static int ipip6_tunnel_change_mtu(struct net_device *dev, int new_mtu)
1142 {
1143  if (new_mtu < IPV6_MIN_MTU || new_mtu > 0xFFF8 - sizeof(struct iphdr))
1144  return -EINVAL;
1145  dev->mtu = new_mtu;
1146  return 0;
1147 }
1148 
1149 static const struct net_device_ops ipip6_netdev_ops = {
1150  .ndo_uninit = ipip6_tunnel_uninit,
1151  .ndo_start_xmit = ipip6_tunnel_xmit,
1152  .ndo_do_ioctl = ipip6_tunnel_ioctl,
1153  .ndo_change_mtu = ipip6_tunnel_change_mtu,
1154  .ndo_get_stats64= ipip6_get_stats64,
1155 };
1156 
1157 static void ipip6_dev_free(struct net_device *dev)
1158 {
1159  free_percpu(dev->tstats);
1160  free_netdev(dev);
1161 }
1162 
1163 static void ipip6_tunnel_setup(struct net_device *dev)
1164 {
1165  dev->netdev_ops = &ipip6_netdev_ops;
1166  dev->destructor = ipip6_dev_free;
1167 
1168  dev->type = ARPHRD_SIT;
1169  dev->hard_header_len = LL_MAX_HEADER + sizeof(struct iphdr);
1170  dev->mtu = ETH_DATA_LEN - sizeof(struct iphdr);
1171  dev->flags = IFF_NOARP;
1172  dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
1173  dev->iflink = 0;
1174  dev->addr_len = 4;
1175  dev->features |= NETIF_F_NETNS_LOCAL;
1176  dev->features |= NETIF_F_LLTX;
1177 }
1178 
1179 static int ipip6_tunnel_init(struct net_device *dev)
1180 {
1181  struct ip_tunnel *tunnel = netdev_priv(dev);
1182 
1183  tunnel->dev = dev;
1184 
1185  memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
1186  memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
1187 
1188  ipip6_tunnel_bind_dev(dev);
1189  dev->tstats = alloc_percpu(struct pcpu_tstats);
1190  if (!dev->tstats)
1191  return -ENOMEM;
1192 
1193  return 0;
1194 }
1195 
1196 static int __net_init ipip6_fb_tunnel_init(struct net_device *dev)
1197 {
1198  struct ip_tunnel *tunnel = netdev_priv(dev);
1199  struct iphdr *iph = &tunnel->parms.iph;
1200  struct net *net = dev_net(dev);
1201  struct sit_net *sitn = net_generic(net, sit_net_id);
1202 
1203  tunnel->dev = dev;
1204  strcpy(tunnel->parms.name, dev->name);
1205 
1206  iph->version = 4;
1207  iph->protocol = IPPROTO_IPV6;
1208  iph->ihl = 5;
1209  iph->ttl = 64;
1210 
1211  dev->tstats = alloc_percpu(struct pcpu_tstats);
1212  if (!dev->tstats)
1213  return -ENOMEM;
1214  dev_hold(dev);
1215  rcu_assign_pointer(sitn->tunnels_wc[0], tunnel);
1216  return 0;
1217 }
1218 
1219 static struct xfrm_tunnel sit_handler __read_mostly = {
1220  .handler = ipip6_rcv,
1221  .err_handler = ipip6_err,
1222  .priority = 1,
1223 };
1224 
1225 static void __net_exit sit_destroy_tunnels(struct sit_net *sitn, struct list_head *head)
1226 {
1227  int prio;
1228 
1229  for (prio = 1; prio < 4; prio++) {
1230  int h;
1231  for (h = 0; h < HASH_SIZE; h++) {
1232  struct ip_tunnel *t;
1233 
1234  t = rtnl_dereference(sitn->tunnels[prio][h]);
1235  while (t != NULL) {
1236  unregister_netdevice_queue(t->dev, head);
1237  t = rtnl_dereference(t->next);
1238  }
1239  }
1240  }
1241 }
1242 
1243 static int __net_init sit_init_net(struct net *net)
1244 {
1245  struct sit_net *sitn = net_generic(net, sit_net_id);
1246  struct ip_tunnel *t;
1247  int err;
1248 
1249  sitn->tunnels[0] = sitn->tunnels_wc;
1250  sitn->tunnels[1] = sitn->tunnels_l;
1251  sitn->tunnels[2] = sitn->tunnels_r;
1252  sitn->tunnels[3] = sitn->tunnels_r_l;
1253 
1254  sitn->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "sit0",
1255  ipip6_tunnel_setup);
1256  if (!sitn->fb_tunnel_dev) {
1257  err = -ENOMEM;
1258  goto err_alloc_dev;
1259  }
1260  dev_net_set(sitn->fb_tunnel_dev, net);
1261 
1262  err = ipip6_fb_tunnel_init(sitn->fb_tunnel_dev);
1263  if (err)
1264  goto err_dev_free;
1265 
1266  ipip6_tunnel_clone_6rd(sitn->fb_tunnel_dev, sitn);
1267 
1268  if ((err = register_netdev(sitn->fb_tunnel_dev)))
1269  goto err_reg_dev;
1270 
1271  t = netdev_priv(sitn->fb_tunnel_dev);
1272 
1273  strcpy(t->parms.name, sitn->fb_tunnel_dev->name);
1274  return 0;
1275 
1276 err_reg_dev:
1277  dev_put(sitn->fb_tunnel_dev);
1278 err_dev_free:
1279  ipip6_dev_free(sitn->fb_tunnel_dev);
1280 err_alloc_dev:
1281  return err;
1282 }
1283 
1284 static void __net_exit sit_exit_net(struct net *net)
1285 {
1286  struct sit_net *sitn = net_generic(net, sit_net_id);
1287  LIST_HEAD(list);
1288 
1289  rtnl_lock();
1290  sit_destroy_tunnels(sitn, &list);
1291  unregister_netdevice_queue(sitn->fb_tunnel_dev, &list);
1292  unregister_netdevice_many(&list);
1293  rtnl_unlock();
1294 }
1295 
1296 static struct pernet_operations sit_net_ops = {
1297  .init = sit_init_net,
1298  .exit = sit_exit_net,
1299  .id = &sit_net_id,
1300  .size = sizeof(struct sit_net),
1301 };
1302 
1303 static void __exit sit_cleanup(void)
1304 {
1305  xfrm4_tunnel_deregister(&sit_handler, AF_INET6);
1306 
1307  unregister_pernet_device(&sit_net_ops);
1308  rcu_barrier(); /* Wait for completion of call_rcu()'s */
1309 }
1310 
1311 static int __init sit_init(void)
1312 {
1313  int err;
1314 
1315  pr_info("IPv6 over IPv4 tunneling driver\n");
1316 
1317  err = register_pernet_device(&sit_net_ops);
1318  if (err < 0)
1319  return err;
1320  err = xfrm4_tunnel_register(&sit_handler, AF_INET6);
1321  if (err < 0) {
1322  unregister_pernet_device(&sit_net_ops);
1323  pr_info("%s: can't add protocol\n", __func__);
1324  }
1325  return err;
1326 }
1327 
1328 module_init(sit_init);
1329 module_exit(sit_cleanup);
1330 MODULE_LICENSE("GPL");
1331 MODULE_ALIAS_NETDEV("sit0");
Generated on Thu Jan 10 2013 14:59:28 for Linux Kernel by   doxygen 1.8.2