1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Linux NET3: GRE over IP protocol decoder.
5 * Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10 #include <linux/capability.h>
11 #include <linux/module.h>
12 #include <linux/types.h>
13 #include <linux/kernel.h>
14 #include <linux/slab.h>
15 #include <linux/uaccess.h>
16 #include <linux/skbuff.h>
17 #include <linux/netdevice.h>
19 #include <linux/tcp.h>
20 #include <linux/udp.h>
21 #include <linux/if_arp.h>
22 #include <linux/if_vlan.h>
23 #include <linux/init.h>
24 #include <linux/in6.h>
25 #include <linux/inetdevice.h>
26 #include <linux/igmp.h>
27 #include <linux/netfilter_ipv4.h>
28 #include <linux/etherdevice.h>
29 #include <linux/if_ether.h>
34 #include <net/protocol.h>
35 #include <net/ip_tunnels.h>
37 #include <net/checksum.h>
38 #include <net/dsfield.h>
39 #include <net/inet_ecn.h>
41 #include <net/net_namespace.h>
42 #include <net/netns/generic.h>
43 #include <net/rtnetlink.h>
45 #include <net/dst_metadata.h>
46 #include <net/erspan.h>
47 #include <net/inet_dscp.h>
53 1. The most important issue is detecting local dead loops.
54 They would cause complete host lockup in transmit, which
55 would be "resolved" by stack overflow or, if queueing is enabled,
56 with infinite looping in net_bh.
58 We cannot track such dead loops during route installation,
59 it is infeasible task. The most general solutions would be
60 to keep skb->encapsulation counter (sort of local ttl),
61 and silently drop packet when it expires. It is a good
62 solution, but it supposes maintaining new variable in ALL
63 skb, even if no tunneling is used.
65 Current solution: xmit_recursion breaks dead loops. This is a percpu
66 counter, since when we enter the first ndo_xmit(), cpu migration is
67 forbidden. We force an exit if this counter reaches RECURSION_LIMIT
69 2. Networking dead loops would not kill routers, but would really
70 kill network. IP hop limit plays role of "t->recursion" in this case,
71 if we copy it from packet being encapsulated to upper header.
72 It is very good solution, but it introduces two problems:
74 - Routing protocols, using packets with ttl=1 (OSPF, RIP2),
75 do not work over tunnels.
76 - traceroute does not work. I planned to relay ICMP from tunnel,
77 so that this problem would be solved and traceroute output
78 would even more informative. This idea appeared to be wrong:
79 only Linux complies to rfc1812 now (yes, guys, Linux is the only
80 true router now :-)), all routers (at least, in neighbourhood of mine)
81 return only 8 bytes of payload. It is the end.
83 Hence, if we want that OSPF worked or traceroute said something reasonable,
84 we should search for another solution.
86 One of them is to parse packet trying to detect inner encapsulation
87 made by our node. It is difficult or even impossible, especially,
88 taking into account fragmentation. TO be short, ttl is not solution at all.
90 Current solution: The solution was UNEXPECTEDLY SIMPLE.
91 We force DF flag on tunnels with preconfigured hop limit,
92 that is ALL. :-) Well, it does not remove the problem completely,
93 but exponential growth of network traffic is changed to linear
94 (branches, that exceed pmtu are pruned) and tunnel mtu
95 rapidly degrades to value <68, where looping stops.
96 Yes, it is not good if there exists a router in the loop,
97 which does not force DF, even when encapsulating packets have DF set.
98 But it is not our problem! Nobody could accuse us, we made
99 all that we could make. Even if it is your gated who injected
100 fatal route to network, even if it were you who configured
101 fatal static route: you are innocent. :-)
106 static bool log_ecn_error = true;
107 module_param(log_ecn_error, bool, 0644);
108 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
110 static struct rtnl_link_ops ipgre_link_ops __read_mostly;
111 static const struct header_ops ipgre_header_ops;
113 static int ipgre_tunnel_init(struct net_device *dev);
114 static void erspan_build_header(struct sk_buff *skb,
116 bool truncate, bool is_ipv4);
118 static unsigned int ipgre_net_id __read_mostly;
119 static unsigned int gre_tap_net_id __read_mostly;
120 static unsigned int erspan_net_id __read_mostly;
122 static int ipgre_err(struct sk_buff *skb, u32 info,
123 const struct tnl_ptk_info *tpi)
126 /* All the routers (except for Linux) return only
127 8 bytes of packet payload. It means, that precise relaying of
128 ICMP in the real Internet is absolutely infeasible.
130 Moreover, Cisco "wise men" put GRE key to the third word
131 in GRE header. It makes impossible maintaining even soft
132 state for keyed GRE tunnels with enabled checksum. Tell
135 Well, I wonder, rfc1812 was written by Cisco employee,
136 what the hell these idiots break standards established
139 struct net *net = dev_net(skb->dev);
140 struct ip_tunnel_net *itn;
141 const struct iphdr *iph;
142 const int type = icmp_hdr(skb)->type;
143 const int code = icmp_hdr(skb)->code;
146 if (tpi->proto == htons(ETH_P_TEB))
147 itn = net_generic(net, gre_tap_net_id);
148 else if (tpi->proto == htons(ETH_P_ERSPAN) ||
149 tpi->proto == htons(ETH_P_ERSPAN2))
150 itn = net_generic(net, erspan_net_id);
152 itn = net_generic(net, ipgre_net_id);
154 iph = (const struct iphdr *)(icmp_hdr(skb) + 1);
155 t = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi->flags,
156 iph->daddr, iph->saddr, tpi->key);
163 case ICMP_PARAMETERPROB:
166 case ICMP_DEST_UNREACH:
169 case ICMP_PORT_UNREACH:
170 /* Impossible event. */
173 /* All others are translated to HOST_UNREACH.
174 rfc2003 contains "deep thoughts" about NET_UNREACH,
175 I believe they are just ether pollution. --ANK
181 case ICMP_TIME_EXCEEDED:
182 if (code != ICMP_EXC_TTL)
190 #if IS_ENABLED(CONFIG_IPV6)
191 if (tpi->proto == htons(ETH_P_IPV6)) {
192 unsigned int data_len = 0;
194 if (type == ICMP_TIME_EXCEEDED)
195 data_len = icmp_hdr(skb)->un.reserved[1] * 4; /* RFC 4884 4.1 */
197 if (!ip6_err_gen_icmpv6_unreach(skb, iph->ihl * 4 + tpi->hdr_len,
203 if (t->parms.iph.daddr == 0 ||
204 ipv4_is_multicast(t->parms.iph.daddr))
207 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
210 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
214 t->err_time = jiffies;
219 static void gre_err(struct sk_buff *skb, u32 info)
221 /* All the routers (except for Linux) return only
222 * 8 bytes of packet payload. It means, that precise relaying of
223 * ICMP in the real Internet is absolutely infeasible.
225 * Moreover, Cisco "wise men" put GRE key to the third word
226 * in GRE header. It makes impossible maintaining even soft
228 * GRE tunnels with enabled checksum. Tell them "thank you".
230 * Well, I wonder, rfc1812 was written by Cisco employee,
231 * what the hell these idiots break standards established
235 const struct iphdr *iph = (struct iphdr *)skb->data;
236 const int type = icmp_hdr(skb)->type;
237 const int code = icmp_hdr(skb)->code;
238 struct tnl_ptk_info tpi;
240 if (gre_parse_header(skb, &tpi, NULL, htons(ETH_P_IP),
244 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
245 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
246 skb->dev->ifindex, IPPROTO_GRE);
249 if (type == ICMP_REDIRECT) {
250 ipv4_redirect(skb, dev_net(skb->dev), skb->dev->ifindex,
255 ipgre_err(skb, info, &tpi);
258 static bool is_erspan_type1(int gre_hdr_len)
260 /* Both ERSPAN type I (version 0) and type II (version 1) use
261 * protocol 0x88BE, but the type I has only 4-byte GRE header,
262 * while type II has 8-byte.
264 return gre_hdr_len == 4;
267 static int erspan_rcv(struct sk_buff *skb, struct tnl_ptk_info *tpi,
270 struct net *net = dev_net(skb->dev);
271 struct metadata_dst *tun_dst = NULL;
272 struct erspan_base_hdr *ershdr;
273 IP_TUNNEL_DECLARE_FLAGS(flags);
274 struct ip_tunnel_net *itn;
275 struct ip_tunnel *tunnel;
276 const struct iphdr *iph;
277 struct erspan_md2 *md2;
281 ip_tunnel_flags_copy(flags, tpi->flags);
283 itn = net_generic(net, erspan_net_id);
285 if (is_erspan_type1(gre_hdr_len)) {
287 __set_bit(IP_TUNNEL_NO_KEY_BIT, flags);
288 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, flags,
289 iph->saddr, iph->daddr, 0);
291 if (unlikely(!pskb_may_pull(skb,
292 gre_hdr_len + sizeof(*ershdr))))
293 return PACKET_REJECT;
295 ershdr = (struct erspan_base_hdr *)(skb->data + gre_hdr_len);
298 __set_bit(IP_TUNNEL_KEY_BIT, flags);
299 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, flags,
300 iph->saddr, iph->daddr, tpi->key);
304 if (is_erspan_type1(gre_hdr_len))
307 len = gre_hdr_len + erspan_hdr_len(ver);
309 if (unlikely(!pskb_may_pull(skb, len)))
310 return PACKET_REJECT;
312 if (__iptunnel_pull_header(skb,
318 if (tunnel->collect_md) {
319 struct erspan_metadata *pkt_md, *md;
320 struct ip_tunnel_info *info;
324 __set_bit(IP_TUNNEL_KEY_BIT, tpi->flags);
325 ip_tunnel_flags_copy(flags, tpi->flags);
326 tun_id = key32_to_tunnel_id(tpi->key);
328 tun_dst = ip_tun_rx_dst(skb, flags,
329 tun_id, sizeof(*md));
331 return PACKET_REJECT;
333 /* skb can be uncloned in __iptunnel_pull_header, so
334 * old pkt_md is no longer valid and we need to reset
337 gh = skb_network_header(skb) +
338 skb_network_header_len(skb);
339 pkt_md = (struct erspan_metadata *)(gh + gre_hdr_len +
341 md = ip_tunnel_info_opts(&tun_dst->u.tun_info);
344 memcpy(md2, pkt_md, ver == 1 ? ERSPAN_V1_MDSIZE :
347 info = &tun_dst->u.tun_info;
348 __set_bit(IP_TUNNEL_ERSPAN_OPT_BIT,
349 info->key.tun_flags);
350 info->options_len = sizeof(*md);
353 skb_reset_mac_header(skb);
354 ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
357 return PACKET_REJECT;
364 static int __ipgre_rcv(struct sk_buff *skb, const struct tnl_ptk_info *tpi,
365 struct ip_tunnel_net *itn, int hdr_len, bool raw_proto)
367 struct metadata_dst *tun_dst = NULL;
368 const struct iphdr *iph;
369 struct ip_tunnel *tunnel;
372 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi->flags,
373 iph->saddr, iph->daddr, tpi->key);
376 const struct iphdr *tnl_params;
378 if (__iptunnel_pull_header(skb, hdr_len, tpi->proto,
379 raw_proto, false) < 0)
382 /* Special case for ipgre_header_parse(), which expects the
383 * mac_header to point to the outer IP header.
385 if (tunnel->dev->header_ops == &ipgre_header_ops)
386 skb_pop_mac_header(skb);
388 skb_reset_mac_header(skb);
390 tnl_params = &tunnel->parms.iph;
391 if (tunnel->collect_md || tnl_params->daddr == 0) {
392 IP_TUNNEL_DECLARE_FLAGS(flags) = { };
395 __set_bit(IP_TUNNEL_CSUM_BIT, flags);
396 __set_bit(IP_TUNNEL_KEY_BIT, flags);
397 ip_tunnel_flags_and(flags, tpi->flags, flags);
399 tun_id = key32_to_tunnel_id(tpi->key);
400 tun_dst = ip_tun_rx_dst(skb, flags, tun_id, 0);
402 return PACKET_REJECT;
405 ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
415 static int ipgre_rcv(struct sk_buff *skb, const struct tnl_ptk_info *tpi,
418 struct net *net = dev_net(skb->dev);
419 struct ip_tunnel_net *itn;
422 if (tpi->proto == htons(ETH_P_TEB))
423 itn = net_generic(net, gre_tap_net_id);
425 itn = net_generic(net, ipgre_net_id);
427 res = __ipgre_rcv(skb, tpi, itn, hdr_len, false);
428 if (res == PACKET_NEXT && tpi->proto == htons(ETH_P_TEB)) {
429 /* ipgre tunnels in collect metadata mode should receive
430 * also ETH_P_TEB traffic.
432 itn = net_generic(net, ipgre_net_id);
433 res = __ipgre_rcv(skb, tpi, itn, hdr_len, true);
438 static int gre_rcv(struct sk_buff *skb)
440 struct tnl_ptk_info tpi;
441 bool csum_err = false;
444 #ifdef CONFIG_NET_IPGRE_BROADCAST
445 if (ipv4_is_multicast(ip_hdr(skb)->daddr)) {
446 /* Looped back packet, drop it! */
447 if (rt_is_output_route(skb_rtable(skb)))
452 hdr_len = gre_parse_header(skb, &tpi, &csum_err, htons(ETH_P_IP), 0);
456 if (unlikely(tpi.proto == htons(ETH_P_ERSPAN) ||
457 tpi.proto == htons(ETH_P_ERSPAN2))) {
458 if (erspan_rcv(skb, &tpi, hdr_len) == PACKET_RCVD)
463 if (ipgre_rcv(skb, &tpi, hdr_len) == PACKET_RCVD)
467 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
473 static void __gre_xmit(struct sk_buff *skb, struct net_device *dev,
474 const struct iphdr *tnl_params,
477 struct ip_tunnel *tunnel = netdev_priv(dev);
478 IP_TUNNEL_DECLARE_FLAGS(flags);
480 ip_tunnel_flags_copy(flags, tunnel->parms.o_flags);
482 /* Push GRE header. */
483 gre_build_header(skb, tunnel->tun_hlen,
484 flags, proto, tunnel->parms.o_key,
485 test_bit(IP_TUNNEL_SEQ_BIT, flags) ?
486 htonl(atomic_fetch_inc(&tunnel->o_seqno)) : 0);
488 ip_tunnel_xmit(skb, dev, tnl_params, tnl_params->protocol);
491 static int gre_handle_offloads(struct sk_buff *skb, bool csum)
493 return iptunnel_handle_offloads(skb, csum ? SKB_GSO_GRE_CSUM : SKB_GSO_GRE);
496 static void gre_fb_xmit(struct sk_buff *skb, struct net_device *dev,
499 struct ip_tunnel *tunnel = netdev_priv(dev);
500 IP_TUNNEL_DECLARE_FLAGS(flags) = { };
501 struct ip_tunnel_info *tun_info;
502 const struct ip_tunnel_key *key;
505 tun_info = skb_tunnel_info(skb);
506 if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
507 ip_tunnel_info_af(tun_info) != AF_INET))
510 key = &tun_info->key;
511 tunnel_hlen = gre_calc_hlen(key->tun_flags);
513 if (skb_cow_head(skb, dev->needed_headroom))
516 /* Push Tunnel header. */
517 if (gre_handle_offloads(skb, test_bit(IP_TUNNEL_CSUM_BIT,
518 tunnel->parms.o_flags)))
521 __set_bit(IP_TUNNEL_CSUM_BIT, flags);
522 __set_bit(IP_TUNNEL_KEY_BIT, flags);
523 __set_bit(IP_TUNNEL_SEQ_BIT, flags);
524 ip_tunnel_flags_and(flags, tun_info->key.tun_flags, flags);
526 gre_build_header(skb, tunnel_hlen, flags, proto,
527 tunnel_id_to_key32(tun_info->key.tun_id),
528 test_bit(IP_TUNNEL_SEQ_BIT, flags) ?
529 htonl(atomic_fetch_inc(&tunnel->o_seqno)) : 0);
531 ip_md_tunnel_xmit(skb, dev, IPPROTO_GRE, tunnel_hlen);
537 DEV_STATS_INC(dev, tx_dropped);
540 static void erspan_fb_xmit(struct sk_buff *skb, struct net_device *dev)
542 struct ip_tunnel *tunnel = netdev_priv(dev);
543 IP_TUNNEL_DECLARE_FLAGS(flags) = { };
544 struct ip_tunnel_info *tun_info;
545 const struct ip_tunnel_key *key;
546 struct erspan_metadata *md;
547 bool truncate = false;
553 tun_info = skb_tunnel_info(skb);
554 if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
555 ip_tunnel_info_af(tun_info) != AF_INET))
558 key = &tun_info->key;
559 if (!test_bit(IP_TUNNEL_ERSPAN_OPT_BIT, tun_info->key.tun_flags))
561 if (tun_info->options_len < sizeof(*md))
563 md = ip_tunnel_info_opts(tun_info);
565 /* ERSPAN has fixed 8 byte GRE header */
566 version = md->version;
567 tunnel_hlen = 8 + erspan_hdr_len(version);
569 if (skb_cow_head(skb, dev->needed_headroom))
572 if (gre_handle_offloads(skb, false))
575 if (skb->len > dev->mtu + dev->hard_header_len) {
576 if (pskb_trim(skb, dev->mtu + dev->hard_header_len))
581 nhoff = skb_network_offset(skb);
582 if (skb->protocol == htons(ETH_P_IP) &&
583 (ntohs(ip_hdr(skb)->tot_len) > skb->len - nhoff))
586 if (skb->protocol == htons(ETH_P_IPV6)) {
589 if (skb_transport_header_was_set(skb))
590 thoff = skb_transport_offset(skb);
592 thoff = nhoff + sizeof(struct ipv6hdr);
593 if (ntohs(ipv6_hdr(skb)->payload_len) > skb->len - thoff)
598 erspan_build_header(skb, ntohl(tunnel_id_to_key32(key->tun_id)),
599 ntohl(md->u.index), truncate, true);
600 proto = htons(ETH_P_ERSPAN);
601 } else if (version == 2) {
602 erspan_build_header_v2(skb,
603 ntohl(tunnel_id_to_key32(key->tun_id)),
605 get_hwid(&md->u.md2),
607 proto = htons(ETH_P_ERSPAN2);
612 __set_bit(IP_TUNNEL_SEQ_BIT, flags);
613 gre_build_header(skb, 8, flags, proto, 0,
614 htonl(atomic_fetch_inc(&tunnel->o_seqno)));
616 ip_md_tunnel_xmit(skb, dev, IPPROTO_GRE, tunnel_hlen);
622 DEV_STATS_INC(dev, tx_dropped);
625 static int gre_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
627 struct ip_tunnel_info *info = skb_tunnel_info(skb);
628 const struct ip_tunnel_key *key;
632 if (ip_tunnel_info_af(info) != AF_INET)
636 ip_tunnel_init_flow(&fl4, IPPROTO_GRE, key->u.ipv4.dst, key->u.ipv4.src,
637 tunnel_id_to_key32(key->tun_id),
638 key->tos & ~INET_ECN_MASK, dev_net(dev), 0,
639 skb->mark, skb_get_hash(skb), key->flow_flags);
640 rt = ip_route_output_key(dev_net(dev), &fl4);
645 info->key.u.ipv4.src = fl4.saddr;
649 static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
650 struct net_device *dev)
652 struct ip_tunnel *tunnel = netdev_priv(dev);
653 const struct iphdr *tnl_params;
655 if (!pskb_inet_may_pull(skb))
658 if (tunnel->collect_md) {
659 gre_fb_xmit(skb, dev, skb->protocol);
663 if (dev->header_ops) {
664 int pull_len = tunnel->hlen + sizeof(struct iphdr);
666 if (skb_cow_head(skb, 0))
669 if (!pskb_may_pull(skb, pull_len))
672 tnl_params = (const struct iphdr *)skb->data;
674 /* ip_tunnel_xmit() needs skb->data pointing to gre header. */
675 skb_pull(skb, pull_len);
676 skb_reset_mac_header(skb);
678 if (skb->ip_summed == CHECKSUM_PARTIAL &&
679 skb_checksum_start(skb) < skb->data)
682 if (skb_cow_head(skb, dev->needed_headroom))
685 tnl_params = &tunnel->parms.iph;
688 if (gre_handle_offloads(skb, test_bit(IP_TUNNEL_CSUM_BIT,
689 tunnel->parms.o_flags)))
692 __gre_xmit(skb, dev, tnl_params, skb->protocol);
697 DEV_STATS_INC(dev, tx_dropped);
701 static netdev_tx_t erspan_xmit(struct sk_buff *skb,
702 struct net_device *dev)
704 struct ip_tunnel *tunnel = netdev_priv(dev);
705 bool truncate = false;
708 if (!pskb_inet_may_pull(skb))
711 if (tunnel->collect_md) {
712 erspan_fb_xmit(skb, dev);
716 if (gre_handle_offloads(skb, false))
719 if (skb_cow_head(skb, dev->needed_headroom))
722 if (skb->len > dev->mtu + dev->hard_header_len) {
723 if (pskb_trim(skb, dev->mtu + dev->hard_header_len))
728 /* Push ERSPAN header */
729 if (tunnel->erspan_ver == 0) {
730 proto = htons(ETH_P_ERSPAN);
731 __clear_bit(IP_TUNNEL_SEQ_BIT, tunnel->parms.o_flags);
732 } else if (tunnel->erspan_ver == 1) {
733 erspan_build_header(skb, ntohl(tunnel->parms.o_key),
736 proto = htons(ETH_P_ERSPAN);
737 } else if (tunnel->erspan_ver == 2) {
738 erspan_build_header_v2(skb, ntohl(tunnel->parms.o_key),
739 tunnel->dir, tunnel->hwid,
741 proto = htons(ETH_P_ERSPAN2);
746 __clear_bit(IP_TUNNEL_KEY_BIT, tunnel->parms.o_flags);
747 __gre_xmit(skb, dev, &tunnel->parms.iph, proto);
752 DEV_STATS_INC(dev, tx_dropped);
756 static netdev_tx_t gre_tap_xmit(struct sk_buff *skb,
757 struct net_device *dev)
759 struct ip_tunnel *tunnel = netdev_priv(dev);
761 if (!pskb_inet_may_pull(skb))
764 if (tunnel->collect_md) {
765 gre_fb_xmit(skb, dev, htons(ETH_P_TEB));
769 if (gre_handle_offloads(skb, test_bit(IP_TUNNEL_CSUM_BIT,
770 tunnel->parms.o_flags)))
773 if (skb_cow_head(skb, dev->needed_headroom))
776 __gre_xmit(skb, dev, &tunnel->parms.iph, htons(ETH_P_TEB));
781 DEV_STATS_INC(dev, tx_dropped);
785 static void ipgre_link_update(struct net_device *dev, bool set_mtu)
787 struct ip_tunnel *tunnel = netdev_priv(dev);
790 len = tunnel->tun_hlen;
791 tunnel->tun_hlen = gre_calc_hlen(tunnel->parms.o_flags);
792 len = tunnel->tun_hlen - len;
793 tunnel->hlen = tunnel->hlen + len;
796 dev->hard_header_len += len;
798 dev->needed_headroom += len;
801 WRITE_ONCE(dev->mtu, max_t(int, dev->mtu - len, 68));
803 if (test_bit(IP_TUNNEL_SEQ_BIT, tunnel->parms.o_flags) ||
804 (test_bit(IP_TUNNEL_CSUM_BIT, tunnel->parms.o_flags) &&
805 tunnel->encap.type != TUNNEL_ENCAP_NONE)) {
806 dev->features &= ~NETIF_F_GSO_SOFTWARE;
807 dev->hw_features &= ~NETIF_F_GSO_SOFTWARE;
809 dev->features |= NETIF_F_GSO_SOFTWARE;
810 dev->hw_features |= NETIF_F_GSO_SOFTWARE;
814 static int ipgre_tunnel_ctl(struct net_device *dev,
815 struct ip_tunnel_parm_kern *p,
818 __be16 i_flags, o_flags;
821 if (!ip_tunnel_flags_is_be16_compat(p->i_flags) ||
822 !ip_tunnel_flags_is_be16_compat(p->o_flags))
825 i_flags = ip_tunnel_flags_to_be16(p->i_flags);
826 o_flags = ip_tunnel_flags_to_be16(p->o_flags);
828 if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
829 if (p->iph.version != 4 || p->iph.protocol != IPPROTO_GRE ||
830 p->iph.ihl != 5 || (p->iph.frag_off & htons(~IP_DF)) ||
831 ((i_flags | o_flags) & (GRE_VERSION | GRE_ROUTING)))
835 gre_flags_to_tnl_flags(p->i_flags, i_flags);
836 gre_flags_to_tnl_flags(p->o_flags, o_flags);
838 err = ip_tunnel_ctl(dev, p, cmd);
842 if (cmd == SIOCCHGTUNNEL) {
843 struct ip_tunnel *t = netdev_priv(dev);
845 ip_tunnel_flags_copy(t->parms.i_flags, p->i_flags);
846 ip_tunnel_flags_copy(t->parms.o_flags, p->o_flags);
848 if (strcmp(dev->rtnl_link_ops->kind, "erspan"))
849 ipgre_link_update(dev, true);
852 i_flags = gre_tnl_flags_to_gre_flags(p->i_flags);
853 ip_tunnel_flags_from_be16(p->i_flags, i_flags);
854 o_flags = gre_tnl_flags_to_gre_flags(p->o_flags);
855 ip_tunnel_flags_from_be16(p->o_flags, o_flags);
860 /* Nice toy. Unfortunately, useless in real life :-)
861 It allows to construct virtual multiprotocol broadcast "LAN"
862 over the Internet, provided multicast routing is tuned.
865 I have no idea was this bicycle invented before me,
866 so that I had to set ARPHRD_IPGRE to a random value.
867 I have an impression, that Cisco could make something similar,
868 but this feature is apparently missing in IOS<=11.2(8).
870 I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks
871 with broadcast 224.66.66.66. If you have access to mbone, play with me :-)
873 ping -t 255 224.66.66.66
875 If nobody answers, mbone does not work.
877 ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255
878 ip addr add 10.66.66.<somewhat>/24 dev Universe
880 ifconfig Universe add fe80::<Your_real_addr>/10
881 ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96
884 ftp fec0:6666:6666::193.233.7.65
887 static int ipgre_header(struct sk_buff *skb, struct net_device *dev,
889 const void *daddr, const void *saddr, unsigned int len)
891 struct ip_tunnel *t = netdev_priv(dev);
893 struct gre_base_hdr *greh;
895 iph = skb_push(skb, t->hlen + sizeof(*iph));
896 greh = (struct gre_base_hdr *)(iph+1);
897 greh->flags = gre_tnl_flags_to_gre_flags(t->parms.o_flags);
898 greh->protocol = htons(type);
900 memcpy(iph, &t->parms.iph, sizeof(struct iphdr));
902 /* Set the source hardware address. */
904 memcpy(&iph->saddr, saddr, 4);
906 memcpy(&iph->daddr, daddr, 4);
908 return t->hlen + sizeof(*iph);
910 return -(t->hlen + sizeof(*iph));
913 static int ipgre_header_parse(const struct sk_buff *skb, unsigned char *haddr)
915 const struct iphdr *iph = (const struct iphdr *) skb_mac_header(skb);
916 memcpy(haddr, &iph->saddr, 4);
920 static const struct header_ops ipgre_header_ops = {
921 .create = ipgre_header,
922 .parse = ipgre_header_parse,
925 #ifdef CONFIG_NET_IPGRE_BROADCAST
926 static int ipgre_open(struct net_device *dev)
928 struct ip_tunnel *t = netdev_priv(dev);
930 if (ipv4_is_multicast(t->parms.iph.daddr)) {
931 struct flowi4 fl4 = {
932 .flowi4_oif = t->parms.link,
933 .flowi4_tos = inet_dscp_to_dsfield(ip4h_dscp(&t->parms.iph)),
934 .flowi4_scope = RT_SCOPE_UNIVERSE,
935 .flowi4_proto = IPPROTO_GRE,
936 .saddr = t->parms.iph.saddr,
937 .daddr = t->parms.iph.daddr,
938 .fl4_gre_key = t->parms.o_key,
942 rt = ip_route_output_key(t->net, &fl4);
944 return -EADDRNOTAVAIL;
947 if (!__in_dev_get_rtnl(dev))
948 return -EADDRNOTAVAIL;
949 t->mlink = dev->ifindex;
950 ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr);
955 static int ipgre_close(struct net_device *dev)
957 struct ip_tunnel *t = netdev_priv(dev);
959 if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) {
960 struct in_device *in_dev;
961 in_dev = inetdev_by_index(t->net, t->mlink);
963 ip_mc_dec_group(in_dev, t->parms.iph.daddr);
969 static const struct net_device_ops ipgre_netdev_ops = {
970 .ndo_init = ipgre_tunnel_init,
971 .ndo_uninit = ip_tunnel_uninit,
972 #ifdef CONFIG_NET_IPGRE_BROADCAST
973 .ndo_open = ipgre_open,
974 .ndo_stop = ipgre_close,
976 .ndo_start_xmit = ipgre_xmit,
977 .ndo_siocdevprivate = ip_tunnel_siocdevprivate,
978 .ndo_change_mtu = ip_tunnel_change_mtu,
979 .ndo_get_stats64 = dev_get_tstats64,
980 .ndo_get_iflink = ip_tunnel_get_iflink,
981 .ndo_tunnel_ctl = ipgre_tunnel_ctl,
984 #define GRE_FEATURES (NETIF_F_SG | \
989 static void ipgre_tunnel_setup(struct net_device *dev)
991 dev->netdev_ops = &ipgre_netdev_ops;
992 dev->type = ARPHRD_IPGRE;
993 ip_tunnel_setup(dev, ipgre_net_id);
996 static void __gre_tunnel_init(struct net_device *dev)
998 struct ip_tunnel *tunnel;
1000 tunnel = netdev_priv(dev);
1001 tunnel->tun_hlen = gre_calc_hlen(tunnel->parms.o_flags);
1002 tunnel->parms.iph.protocol = IPPROTO_GRE;
1004 tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
1005 dev->needed_headroom = tunnel->hlen + sizeof(tunnel->parms.iph);
1007 dev->features |= GRE_FEATURES;
1008 dev->hw_features |= GRE_FEATURES;
1010 /* TCP offload with GRE SEQ is not supported, nor can we support 2
1011 * levels of outer headers requiring an update.
1013 if (test_bit(IP_TUNNEL_SEQ_BIT, tunnel->parms.o_flags))
1015 if (test_bit(IP_TUNNEL_CSUM_BIT, tunnel->parms.o_flags) &&
1016 tunnel->encap.type != TUNNEL_ENCAP_NONE)
1019 dev->features |= NETIF_F_GSO_SOFTWARE;
1020 dev->hw_features |= NETIF_F_GSO_SOFTWARE;
1025 static int ipgre_tunnel_init(struct net_device *dev)
1027 struct ip_tunnel *tunnel = netdev_priv(dev);
1028 struct iphdr *iph = &tunnel->parms.iph;
1030 __gre_tunnel_init(dev);
1032 __dev_addr_set(dev, &iph->saddr, 4);
1033 memcpy(dev->broadcast, &iph->daddr, 4);
1035 dev->flags = IFF_NOARP;
1036 netif_keep_dst(dev);
1039 if (iph->daddr && !tunnel->collect_md) {
1040 #ifdef CONFIG_NET_IPGRE_BROADCAST
1041 if (ipv4_is_multicast(iph->daddr)) {
1044 dev->flags = IFF_BROADCAST;
1045 dev->header_ops = &ipgre_header_ops;
1046 dev->hard_header_len = tunnel->hlen + sizeof(*iph);
1047 dev->needed_headroom = 0;
1050 } else if (!tunnel->collect_md) {
1051 dev->header_ops = &ipgre_header_ops;
1052 dev->hard_header_len = tunnel->hlen + sizeof(*iph);
1053 dev->needed_headroom = 0;
1056 return ip_tunnel_init(dev);
1059 static const struct gre_protocol ipgre_protocol = {
1061 .err_handler = gre_err,
1064 static int __net_init ipgre_init_net(struct net *net)
1066 return ip_tunnel_init_net(net, ipgre_net_id, &ipgre_link_ops, NULL);
1069 static void __net_exit ipgre_exit_rtnl(struct net *net,
1070 struct list_head *dev_to_kill)
1072 ip_tunnel_delete_net(net, ipgre_net_id, &ipgre_link_ops, dev_to_kill);
1075 static struct pernet_operations ipgre_net_ops = {
1076 .init = ipgre_init_net,
1077 .exit_rtnl = ipgre_exit_rtnl,
1078 .id = &ipgre_net_id,
1079 .size = sizeof(struct ip_tunnel_net),
1082 static int ipgre_tunnel_validate(struct nlattr *tb[], struct nlattr *data[],
1083 struct netlink_ext_ack *extack)
1091 if (data[IFLA_GRE_IFLAGS])
1092 flags |= nla_get_be16(data[IFLA_GRE_IFLAGS]);
1093 if (data[IFLA_GRE_OFLAGS])
1094 flags |= nla_get_be16(data[IFLA_GRE_OFLAGS]);
1095 if (flags & (GRE_VERSION|GRE_ROUTING))
1098 if (data[IFLA_GRE_COLLECT_METADATA] &&
1099 data[IFLA_GRE_ENCAP_TYPE] &&
1100 nla_get_u16(data[IFLA_GRE_ENCAP_TYPE]) != TUNNEL_ENCAP_NONE)
1106 static int ipgre_tap_validate(struct nlattr *tb[], struct nlattr *data[],
1107 struct netlink_ext_ack *extack)
1111 if (tb[IFLA_ADDRESS]) {
1112 if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN)
1114 if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS])))
1115 return -EADDRNOTAVAIL;
1121 if (data[IFLA_GRE_REMOTE]) {
1122 memcpy(&daddr, nla_data(data[IFLA_GRE_REMOTE]), 4);
1128 return ipgre_tunnel_validate(tb, data, extack);
1131 static int erspan_validate(struct nlattr *tb[], struct nlattr *data[],
1132 struct netlink_ext_ack *extack)
1140 ret = ipgre_tap_validate(tb, data, extack);
1144 if (data[IFLA_GRE_ERSPAN_VER] &&
1145 nla_get_u8(data[IFLA_GRE_ERSPAN_VER]) == 0)
1148 /* ERSPAN type II/III should only have GRE sequence and key flag */
1149 if (data[IFLA_GRE_OFLAGS])
1150 flags |= nla_get_be16(data[IFLA_GRE_OFLAGS]);
1151 if (data[IFLA_GRE_IFLAGS])
1152 flags |= nla_get_be16(data[IFLA_GRE_IFLAGS]);
1153 if (!data[IFLA_GRE_COLLECT_METADATA] &&
1154 flags != (GRE_SEQ | GRE_KEY))
1157 /* ERSPAN Session ID only has 10-bit. Since we reuse
1158 * 32-bit key field as ID, check it's range.
1160 if (data[IFLA_GRE_IKEY] &&
1161 (ntohl(nla_get_be32(data[IFLA_GRE_IKEY])) & ~ID_MASK))
1164 if (data[IFLA_GRE_OKEY] &&
1165 (ntohl(nla_get_be32(data[IFLA_GRE_OKEY])) & ~ID_MASK))
1171 static int ipgre_netlink_parms(struct net_device *dev,
1172 struct nlattr *data[],
1173 struct nlattr *tb[],
1174 struct ip_tunnel_parm_kern *parms,
1177 struct ip_tunnel *t = netdev_priv(dev);
1179 memset(parms, 0, sizeof(*parms));
1181 parms->iph.protocol = IPPROTO_GRE;
1186 if (data[IFLA_GRE_LINK])
1187 parms->link = nla_get_u32(data[IFLA_GRE_LINK]);
1189 if (data[IFLA_GRE_IFLAGS])
1190 gre_flags_to_tnl_flags(parms->i_flags,
1191 nla_get_be16(data[IFLA_GRE_IFLAGS]));
1193 if (data[IFLA_GRE_OFLAGS])
1194 gre_flags_to_tnl_flags(parms->o_flags,
1195 nla_get_be16(data[IFLA_GRE_OFLAGS]));
1197 if (data[IFLA_GRE_IKEY])
1198 parms->i_key = nla_get_be32(data[IFLA_GRE_IKEY]);
1200 if (data[IFLA_GRE_OKEY])
1201 parms->o_key = nla_get_be32(data[IFLA_GRE_OKEY]);
1203 if (data[IFLA_GRE_LOCAL])
1204 parms->iph.saddr = nla_get_in_addr(data[IFLA_GRE_LOCAL]);
1206 if (data[IFLA_GRE_REMOTE])
1207 parms->iph.daddr = nla_get_in_addr(data[IFLA_GRE_REMOTE]);
1209 if (data[IFLA_GRE_TTL])
1210 parms->iph.ttl = nla_get_u8(data[IFLA_GRE_TTL]);
1212 if (data[IFLA_GRE_TOS])
1213 parms->iph.tos = nla_get_u8(data[IFLA_GRE_TOS]);
1215 if (!data[IFLA_GRE_PMTUDISC] || nla_get_u8(data[IFLA_GRE_PMTUDISC])) {
1218 parms->iph.frag_off = htons(IP_DF);
1221 if (data[IFLA_GRE_COLLECT_METADATA]) {
1222 t->collect_md = true;
1223 if (dev->type == ARPHRD_IPGRE)
1224 dev->type = ARPHRD_NONE;
1227 if (data[IFLA_GRE_IGNORE_DF]) {
1228 if (nla_get_u8(data[IFLA_GRE_IGNORE_DF])
1229 && (parms->iph.frag_off & htons(IP_DF)))
1231 t->ignore_df = !!nla_get_u8(data[IFLA_GRE_IGNORE_DF]);
1234 if (data[IFLA_GRE_FWMARK])
1235 *fwmark = nla_get_u32(data[IFLA_GRE_FWMARK]);
1240 static int erspan_netlink_parms(struct net_device *dev,
1241 struct nlattr *data[],
1242 struct nlattr *tb[],
1243 struct ip_tunnel_parm_kern *parms,
1246 struct ip_tunnel *t = netdev_priv(dev);
1249 err = ipgre_netlink_parms(dev, data, tb, parms, fwmark);
1255 if (data[IFLA_GRE_ERSPAN_VER]) {
1256 t->erspan_ver = nla_get_u8(data[IFLA_GRE_ERSPAN_VER]);
1258 if (t->erspan_ver > 2)
1262 if (t->erspan_ver == 1) {
1263 if (data[IFLA_GRE_ERSPAN_INDEX]) {
1264 t->index = nla_get_u32(data[IFLA_GRE_ERSPAN_INDEX]);
1265 if (t->index & ~INDEX_MASK)
1268 } else if (t->erspan_ver == 2) {
1269 if (data[IFLA_GRE_ERSPAN_DIR]) {
1270 t->dir = nla_get_u8(data[IFLA_GRE_ERSPAN_DIR]);
1271 if (t->dir & ~(DIR_MASK >> DIR_OFFSET))
1274 if (data[IFLA_GRE_ERSPAN_HWID]) {
1275 t->hwid = nla_get_u16(data[IFLA_GRE_ERSPAN_HWID]);
1276 if (t->hwid & ~(HWID_MASK >> HWID_OFFSET))
1284 /* This function returns true when ENCAP attributes are present in the nl msg */
1285 static bool ipgre_netlink_encap_parms(struct nlattr *data[],
1286 struct ip_tunnel_encap *ipencap)
1290 memset(ipencap, 0, sizeof(*ipencap));
1295 if (data[IFLA_GRE_ENCAP_TYPE]) {
1297 ipencap->type = nla_get_u16(data[IFLA_GRE_ENCAP_TYPE]);
1300 if (data[IFLA_GRE_ENCAP_FLAGS]) {
1302 ipencap->flags = nla_get_u16(data[IFLA_GRE_ENCAP_FLAGS]);
1305 if (data[IFLA_GRE_ENCAP_SPORT]) {
1307 ipencap->sport = nla_get_be16(data[IFLA_GRE_ENCAP_SPORT]);
1310 if (data[IFLA_GRE_ENCAP_DPORT]) {
1312 ipencap->dport = nla_get_be16(data[IFLA_GRE_ENCAP_DPORT]);
1318 static int gre_tap_init(struct net_device *dev)
1320 __gre_tunnel_init(dev);
1321 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1322 netif_keep_dst(dev);
1324 return ip_tunnel_init(dev);
1327 static const struct net_device_ops gre_tap_netdev_ops = {
1328 .ndo_init = gre_tap_init,
1329 .ndo_uninit = ip_tunnel_uninit,
1330 .ndo_start_xmit = gre_tap_xmit,
1331 .ndo_set_mac_address = eth_mac_addr,
1332 .ndo_validate_addr = eth_validate_addr,
1333 .ndo_change_mtu = ip_tunnel_change_mtu,
1334 .ndo_get_stats64 = dev_get_tstats64,
1335 .ndo_get_iflink = ip_tunnel_get_iflink,
1336 .ndo_fill_metadata_dst = gre_fill_metadata_dst,
1339 static int erspan_tunnel_init(struct net_device *dev)
1341 struct ip_tunnel *tunnel = netdev_priv(dev);
1343 if (tunnel->erspan_ver == 0)
1344 tunnel->tun_hlen = 4; /* 4-byte GRE hdr. */
1346 tunnel->tun_hlen = 8; /* 8-byte GRE hdr. */
1348 tunnel->parms.iph.protocol = IPPROTO_GRE;
1349 tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen +
1350 erspan_hdr_len(tunnel->erspan_ver);
1352 dev->features |= GRE_FEATURES;
1353 dev->hw_features |= GRE_FEATURES;
1354 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1355 netif_keep_dst(dev);
1357 return ip_tunnel_init(dev);
1360 static const struct net_device_ops erspan_netdev_ops = {
1361 .ndo_init = erspan_tunnel_init,
1362 .ndo_uninit = ip_tunnel_uninit,
1363 .ndo_start_xmit = erspan_xmit,
1364 .ndo_set_mac_address = eth_mac_addr,
1365 .ndo_validate_addr = eth_validate_addr,
1366 .ndo_change_mtu = ip_tunnel_change_mtu,
1367 .ndo_get_stats64 = dev_get_tstats64,
1368 .ndo_get_iflink = ip_tunnel_get_iflink,
1369 .ndo_fill_metadata_dst = gre_fill_metadata_dst,
1372 static void ipgre_tap_setup(struct net_device *dev)
1376 dev->netdev_ops = &gre_tap_netdev_ops;
1377 dev->priv_flags &= ~IFF_TX_SKB_SHARING;
1378 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1379 ip_tunnel_setup(dev, gre_tap_net_id);
1383 ipgre_newlink_encap_setup(struct net_device *dev, struct nlattr *data[])
1385 struct ip_tunnel_encap ipencap;
1387 if (ipgre_netlink_encap_parms(data, &ipencap)) {
1388 struct ip_tunnel *t = netdev_priv(dev);
1389 int err = ip_tunnel_encap_setup(t, &ipencap);
1398 static int ipgre_newlink(struct net_device *dev,
1399 struct rtnl_newlink_params *params,
1400 struct netlink_ext_ack *extack)
1402 struct nlattr **data = params->data;
1403 struct nlattr **tb = params->tb;
1404 struct ip_tunnel_parm_kern p;
1408 err = ipgre_newlink_encap_setup(dev, data);
1412 err = ipgre_netlink_parms(dev, data, tb, &p, &fwmark);
1415 return ip_tunnel_newlink(params->link_net ? : dev_net(dev), dev, tb, &p,
1419 static int erspan_newlink(struct net_device *dev,
1420 struct rtnl_newlink_params *params,
1421 struct netlink_ext_ack *extack)
1423 struct nlattr **data = params->data;
1424 struct nlattr **tb = params->tb;
1425 struct ip_tunnel_parm_kern p;
1429 err = ipgre_newlink_encap_setup(dev, data);
1433 err = erspan_netlink_parms(dev, data, tb, &p, &fwmark);
1436 return ip_tunnel_newlink(params->link_net ? : dev_net(dev), dev, tb, &p,
1440 static int ipgre_changelink(struct net_device *dev, struct nlattr *tb[],
1441 struct nlattr *data[],
1442 struct netlink_ext_ack *extack)
1444 struct ip_tunnel *t = netdev_priv(dev);
1445 struct ip_tunnel_parm_kern p;
1446 __u32 fwmark = t->fwmark;
1449 err = ipgre_newlink_encap_setup(dev, data);
1453 err = ipgre_netlink_parms(dev, data, tb, &p, &fwmark);
1457 err = ip_tunnel_changelink(dev, tb, &p, fwmark);
1461 ip_tunnel_flags_copy(t->parms.i_flags, p.i_flags);
1462 ip_tunnel_flags_copy(t->parms.o_flags, p.o_flags);
1464 ipgre_link_update(dev, !tb[IFLA_MTU]);
1469 static int erspan_changelink(struct net_device *dev, struct nlattr *tb[],
1470 struct nlattr *data[],
1471 struct netlink_ext_ack *extack)
1473 struct ip_tunnel *t = netdev_priv(dev);
1474 struct ip_tunnel_parm_kern p;
1475 __u32 fwmark = t->fwmark;
1478 err = ipgre_newlink_encap_setup(dev, data);
1482 err = erspan_netlink_parms(dev, data, tb, &p, &fwmark);
1486 err = ip_tunnel_changelink(dev, tb, &p, fwmark);
1490 ip_tunnel_flags_copy(t->parms.i_flags, p.i_flags);
1491 ip_tunnel_flags_copy(t->parms.o_flags, p.o_flags);
1496 static size_t ipgre_get_size(const struct net_device *dev)
1501 /* IFLA_GRE_IFLAGS */
1503 /* IFLA_GRE_OFLAGS */
1509 /* IFLA_GRE_LOCAL */
1511 /* IFLA_GRE_REMOTE */
1517 /* IFLA_GRE_PMTUDISC */
1519 /* IFLA_GRE_ENCAP_TYPE */
1521 /* IFLA_GRE_ENCAP_FLAGS */
1523 /* IFLA_GRE_ENCAP_SPORT */
1525 /* IFLA_GRE_ENCAP_DPORT */
1527 /* IFLA_GRE_COLLECT_METADATA */
1529 /* IFLA_GRE_IGNORE_DF */
1531 /* IFLA_GRE_FWMARK */
1533 /* IFLA_GRE_ERSPAN_INDEX */
1535 /* IFLA_GRE_ERSPAN_VER */
1537 /* IFLA_GRE_ERSPAN_DIR */
1539 /* IFLA_GRE_ERSPAN_HWID */
1544 static int ipgre_fill_info(struct sk_buff *skb, const struct net_device *dev)
1546 struct ip_tunnel *t = netdev_priv(dev);
1547 struct ip_tunnel_parm_kern *p = &t->parms;
1548 IP_TUNNEL_DECLARE_FLAGS(o_flags);
1550 ip_tunnel_flags_copy(o_flags, p->o_flags);
1552 if (nla_put_u32(skb, IFLA_GRE_LINK, p->link) ||
1553 nla_put_be16(skb, IFLA_GRE_IFLAGS,
1554 gre_tnl_flags_to_gre_flags(p->i_flags)) ||
1555 nla_put_be16(skb, IFLA_GRE_OFLAGS,
1556 gre_tnl_flags_to_gre_flags(o_flags)) ||
1557 nla_put_be32(skb, IFLA_GRE_IKEY, p->i_key) ||
1558 nla_put_be32(skb, IFLA_GRE_OKEY, p->o_key) ||
1559 nla_put_in_addr(skb, IFLA_GRE_LOCAL, p->iph.saddr) ||
1560 nla_put_in_addr(skb, IFLA_GRE_REMOTE, p->iph.daddr) ||
1561 nla_put_u8(skb, IFLA_GRE_TTL, p->iph.ttl) ||
1562 nla_put_u8(skb, IFLA_GRE_TOS, p->iph.tos) ||
1563 nla_put_u8(skb, IFLA_GRE_PMTUDISC,
1564 !!(p->iph.frag_off & htons(IP_DF))) ||
1565 nla_put_u32(skb, IFLA_GRE_FWMARK, t->fwmark))
1566 goto nla_put_failure;
1568 if (nla_put_u16(skb, IFLA_GRE_ENCAP_TYPE,
1570 nla_put_be16(skb, IFLA_GRE_ENCAP_SPORT,
1572 nla_put_be16(skb, IFLA_GRE_ENCAP_DPORT,
1574 nla_put_u16(skb, IFLA_GRE_ENCAP_FLAGS,
1576 goto nla_put_failure;
1578 if (nla_put_u8(skb, IFLA_GRE_IGNORE_DF, t->ignore_df))
1579 goto nla_put_failure;
1581 if (t->collect_md) {
1582 if (nla_put_flag(skb, IFLA_GRE_COLLECT_METADATA))
1583 goto nla_put_failure;
1592 static int erspan_fill_info(struct sk_buff *skb, const struct net_device *dev)
1594 struct ip_tunnel *t = netdev_priv(dev);
1596 if (t->erspan_ver <= 2) {
1597 if (t->erspan_ver != 0 && !t->collect_md)
1598 __set_bit(IP_TUNNEL_KEY_BIT, t->parms.o_flags);
1600 if (nla_put_u8(skb, IFLA_GRE_ERSPAN_VER, t->erspan_ver))
1601 goto nla_put_failure;
1603 if (t->erspan_ver == 1) {
1604 if (nla_put_u32(skb, IFLA_GRE_ERSPAN_INDEX, t->index))
1605 goto nla_put_failure;
1606 } else if (t->erspan_ver == 2) {
1607 if (nla_put_u8(skb, IFLA_GRE_ERSPAN_DIR, t->dir))
1608 goto nla_put_failure;
1609 if (nla_put_u16(skb, IFLA_GRE_ERSPAN_HWID, t->hwid))
1610 goto nla_put_failure;
1614 return ipgre_fill_info(skb, dev);
1620 static void erspan_setup(struct net_device *dev)
1622 struct ip_tunnel *t = netdev_priv(dev);
1626 dev->netdev_ops = &erspan_netdev_ops;
1627 dev->priv_flags &= ~IFF_TX_SKB_SHARING;
1628 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1629 ip_tunnel_setup(dev, erspan_net_id);
1633 static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
1634 [IFLA_GRE_LINK] = { .type = NLA_U32 },
1635 [IFLA_GRE_IFLAGS] = { .type = NLA_U16 },
1636 [IFLA_GRE_OFLAGS] = { .type = NLA_U16 },
1637 [IFLA_GRE_IKEY] = { .type = NLA_U32 },
1638 [IFLA_GRE_OKEY] = { .type = NLA_U32 },
1639 [IFLA_GRE_LOCAL] = { .len = sizeof_field(struct iphdr, saddr) },
1640 [IFLA_GRE_REMOTE] = { .len = sizeof_field(struct iphdr, daddr) },
1641 [IFLA_GRE_TTL] = { .type = NLA_U8 },
1642 [IFLA_GRE_TOS] = { .type = NLA_U8 },
1643 [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 },
1644 [IFLA_GRE_ENCAP_TYPE] = { .type = NLA_U16 },
1645 [IFLA_GRE_ENCAP_FLAGS] = { .type = NLA_U16 },
1646 [IFLA_GRE_ENCAP_SPORT] = { .type = NLA_U16 },
1647 [IFLA_GRE_ENCAP_DPORT] = { .type = NLA_U16 },
1648 [IFLA_GRE_COLLECT_METADATA] = { .type = NLA_FLAG },
1649 [IFLA_GRE_IGNORE_DF] = { .type = NLA_U8 },
1650 [IFLA_GRE_FWMARK] = { .type = NLA_U32 },
1651 [IFLA_GRE_ERSPAN_INDEX] = { .type = NLA_U32 },
1652 [IFLA_GRE_ERSPAN_VER] = { .type = NLA_U8 },
1653 [IFLA_GRE_ERSPAN_DIR] = { .type = NLA_U8 },
1654 [IFLA_GRE_ERSPAN_HWID] = { .type = NLA_U16 },
1657 static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
1659 .maxtype = IFLA_GRE_MAX,
1660 .policy = ipgre_policy,
1661 .priv_size = sizeof(struct ip_tunnel),
1662 .setup = ipgre_tunnel_setup,
1663 .validate = ipgre_tunnel_validate,
1664 .newlink = ipgre_newlink,
1665 .changelink = ipgre_changelink,
1666 .dellink = ip_tunnel_dellink,
1667 .get_size = ipgre_get_size,
1668 .fill_info = ipgre_fill_info,
1669 .get_link_net = ip_tunnel_get_link_net,
1672 static struct rtnl_link_ops ipgre_tap_ops __read_mostly = {
1674 .maxtype = IFLA_GRE_MAX,
1675 .policy = ipgre_policy,
1676 .priv_size = sizeof(struct ip_tunnel),
1677 .setup = ipgre_tap_setup,
1678 .validate = ipgre_tap_validate,
1679 .newlink = ipgre_newlink,
1680 .changelink = ipgre_changelink,
1681 .dellink = ip_tunnel_dellink,
1682 .get_size = ipgre_get_size,
1683 .fill_info = ipgre_fill_info,
1684 .get_link_net = ip_tunnel_get_link_net,
1687 static struct rtnl_link_ops erspan_link_ops __read_mostly = {
1689 .maxtype = IFLA_GRE_MAX,
1690 .policy = ipgre_policy,
1691 .priv_size = sizeof(struct ip_tunnel),
1692 .setup = erspan_setup,
1693 .validate = erspan_validate,
1694 .newlink = erspan_newlink,
1695 .changelink = erspan_changelink,
1696 .dellink = ip_tunnel_dellink,
1697 .get_size = ipgre_get_size,
1698 .fill_info = erspan_fill_info,
1699 .get_link_net = ip_tunnel_get_link_net,
1702 struct net_device *gretap_fb_dev_create(struct net *net, const char *name,
1703 u8 name_assign_type)
1705 struct rtnl_newlink_params params = { .src_net = net };
1706 struct nlattr *tb[IFLA_MAX + 1];
1707 struct net_device *dev;
1708 LIST_HEAD(list_kill);
1709 struct ip_tunnel *t;
1712 memset(&tb, 0, sizeof(tb));
1715 dev = rtnl_create_link(net, name, name_assign_type,
1716 &ipgre_tap_ops, tb, NULL);
1720 /* Configure flow based GRE device. */
1721 t = netdev_priv(dev);
1722 t->collect_md = true;
1724 err = ipgre_newlink(dev, ¶ms, NULL);
1727 return ERR_PTR(err);
1730 /* openvswitch users expect packet sizes to be unrestricted,
1731 * so set the largest MTU we can.
1733 err = __ip_tunnel_change_mtu(dev, IP_MAX_MTU, false);
1737 err = rtnl_configure_link(dev, NULL, 0, NULL);
1743 ip_tunnel_dellink(dev, &list_kill);
1744 unregister_netdevice_many(&list_kill);
1745 return ERR_PTR(err);
1747 EXPORT_SYMBOL_GPL(gretap_fb_dev_create);
1749 static int __net_init ipgre_tap_init_net(struct net *net)
1751 return ip_tunnel_init_net(net, gre_tap_net_id, &ipgre_tap_ops, "gretap0");
1754 static void __net_exit ipgre_tap_exit_rtnl(struct net *net,
1755 struct list_head *dev_to_kill)
1757 ip_tunnel_delete_net(net, gre_tap_net_id, &ipgre_tap_ops, dev_to_kill);
1760 static struct pernet_operations ipgre_tap_net_ops = {
1761 .init = ipgre_tap_init_net,
1762 .exit_rtnl = ipgre_tap_exit_rtnl,
1763 .id = &gre_tap_net_id,
1764 .size = sizeof(struct ip_tunnel_net),
1767 static int __net_init erspan_init_net(struct net *net)
1769 return ip_tunnel_init_net(net, erspan_net_id,
1770 &erspan_link_ops, "erspan0");
1773 static void __net_exit erspan_exit_rtnl(struct net *net,
1774 struct list_head *dev_to_kill)
1776 ip_tunnel_delete_net(net, erspan_net_id, &erspan_link_ops, dev_to_kill);
1779 static struct pernet_operations erspan_net_ops = {
1780 .init = erspan_init_net,
1781 .exit_rtnl = erspan_exit_rtnl,
1782 .id = &erspan_net_id,
1783 .size = sizeof(struct ip_tunnel_net),
1786 static int __init ipgre_init(void)
1790 pr_info("GRE over IPv4 tunneling driver\n");
1792 err = register_pernet_device(&ipgre_net_ops);
1796 err = register_pernet_device(&ipgre_tap_net_ops);
1798 goto pnet_tap_failed;
1800 err = register_pernet_device(&erspan_net_ops);
1802 goto pnet_erspan_failed;
1804 err = gre_add_protocol(&ipgre_protocol, GREPROTO_CISCO);
1806 pr_info("%s: can't add protocol\n", __func__);
1807 goto add_proto_failed;
1810 err = rtnl_link_register(&ipgre_link_ops);
1812 goto rtnl_link_failed;
1814 err = rtnl_link_register(&ipgre_tap_ops);
1816 goto tap_ops_failed;
1818 err = rtnl_link_register(&erspan_link_ops);
1820 goto erspan_link_failed;
1825 rtnl_link_unregister(&ipgre_tap_ops);
1827 rtnl_link_unregister(&ipgre_link_ops);
1829 gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
1831 unregister_pernet_device(&erspan_net_ops);
1833 unregister_pernet_device(&ipgre_tap_net_ops);
1835 unregister_pernet_device(&ipgre_net_ops);
1839 static void __exit ipgre_fini(void)
1841 rtnl_link_unregister(&ipgre_tap_ops);
1842 rtnl_link_unregister(&ipgre_link_ops);
1843 rtnl_link_unregister(&erspan_link_ops);
1844 gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
1845 unregister_pernet_device(&ipgre_tap_net_ops);
1846 unregister_pernet_device(&ipgre_net_ops);
1847 unregister_pernet_device(&erspan_net_ops);
1850 module_init(ipgre_init);
1851 module_exit(ipgre_fini);
1852 MODULE_DESCRIPTION("IPv4 GRE tunnels over IP library");
1853 MODULE_LICENSE("GPL");
1854 MODULE_ALIAS_RTNL_LINK("gre");
1855 MODULE_ALIAS_RTNL_LINK("gretap");
1856 MODULE_ALIAS_RTNL_LINK("erspan");
1857 MODULE_ALIAS_NETDEV("gre0");
1858 MODULE_ALIAS_NETDEV("gretap0");
1859 MODULE_ALIAS_NETDEV("erspan0");
projects / linux-2.6-block.git / blob