1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Linux NET3: GRE over IP protocol decoder.
5 * Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10 #include <linux/capability.h>
11 #include <linux/module.h>
12 #include <linux/types.h>
13 #include <linux/kernel.h>
14 #include <linux/slab.h>
15 #include <linux/uaccess.h>
16 #include <linux/skbuff.h>
17 #include <linux/netdevice.h>
19 #include <linux/tcp.h>
20 #include <linux/udp.h>
21 #include <linux/if_arp.h>
22 #include <linux/if_vlan.h>
23 #include <linux/init.h>
24 #include <linux/in6.h>
25 #include <linux/inetdevice.h>
26 #include <linux/igmp.h>
27 #include <linux/netfilter_ipv4.h>
28 #include <linux/etherdevice.h>
29 #include <linux/if_ether.h>
34 #include <net/protocol.h>
35 #include <net/ip_tunnels.h>
37 #include <net/checksum.h>
38 #include <net/dsfield.h>
39 #include <net/inet_ecn.h>
41 #include <net/net_namespace.h>
42 #include <net/netns/generic.h>
43 #include <net/rtnetlink.h>
45 #include <net/dst_metadata.h>
46 #include <net/erspan.h>
52 1. The most important issue is detecting local dead loops.
53 They would cause complete host lockup in transmit, which
54 would be "resolved" by stack overflow or, if queueing is enabled,
55 with infinite looping in net_bh.
57 We cannot track such dead loops during route installation,
58 it is infeasible task. The most general solutions would be
59 to keep skb->encapsulation counter (sort of local ttl),
60 and silently drop packet when it expires. It is a good
61 solution, but it supposes maintaining new variable in ALL
62 skb, even if no tunneling is used.
64 Current solution: xmit_recursion breaks dead loops. This is a percpu
65 counter, since when we enter the first ndo_xmit(), cpu migration is
66 forbidden. We force an exit if this counter reaches RECURSION_LIMIT
68 2. Networking dead loops would not kill routers, but would really
69 kill network. IP hop limit plays role of "t->recursion" in this case,
70 if we copy it from packet being encapsulated to upper header.
71 It is very good solution, but it introduces two problems:
73 - Routing protocols, using packets with ttl=1 (OSPF, RIP2),
74 do not work over tunnels.
75 - traceroute does not work. I planned to relay ICMP from tunnel,
76 so that this problem would be solved and traceroute output
77 would even more informative. This idea appeared to be wrong:
78 only Linux complies to rfc1812 now (yes, guys, Linux is the only
79 true router now :-)), all routers (at least, in neighbourhood of mine)
80 return only 8 bytes of payload. It is the end.
82 Hence, if we want that OSPF worked or traceroute said something reasonable,
83 we should search for another solution.
85 One of them is to parse packet trying to detect inner encapsulation
86 made by our node. It is difficult or even impossible, especially,
87 taking into account fragmentation. TO be short, ttl is not solution at all.
89 Current solution: The solution was UNEXPECTEDLY SIMPLE.
90 We force DF flag on tunnels with preconfigured hop limit,
91 that is ALL. :-) Well, it does not remove the problem completely,
92 but exponential growth of network traffic is changed to linear
93 (branches, that exceed pmtu are pruned) and tunnel mtu
94 rapidly degrades to value <68, where looping stops.
95 Yes, it is not good if there exists a router in the loop,
96 which does not force DF, even when encapsulating packets have DF set.
97 But it is not our problem! Nobody could accuse us, we made
98 all that we could make. Even if it is your gated who injected
99 fatal route to network, even if it were you who configured
100 fatal static route: you are innocent. :-)
105 static bool log_ecn_error = true;
106 module_param(log_ecn_error, bool, 0644);
107 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
109 static struct rtnl_link_ops ipgre_link_ops __read_mostly;
110 static const struct header_ops ipgre_header_ops;
112 static int ipgre_tunnel_init(struct net_device *dev);
113 static void erspan_build_header(struct sk_buff *skb,
115 bool truncate, bool is_ipv4);
117 static unsigned int ipgre_net_id __read_mostly;
118 static unsigned int gre_tap_net_id __read_mostly;
119 static unsigned int erspan_net_id __read_mostly;
121 static int ipgre_err(struct sk_buff *skb, u32 info,
122 const struct tnl_ptk_info *tpi)
125 /* All the routers (except for Linux) return only
126 8 bytes of packet payload. It means, that precise relaying of
127 ICMP in the real Internet is absolutely infeasible.
129 Moreover, Cisco "wise men" put GRE key to the third word
130 in GRE header. It makes impossible maintaining even soft
131 state for keyed GRE tunnels with enabled checksum. Tell
134 Well, I wonder, rfc1812 was written by Cisco employee,
135 what the hell these idiots break standards established
138 struct net *net = dev_net(skb->dev);
139 struct ip_tunnel_net *itn;
140 const struct iphdr *iph;
141 const int type = icmp_hdr(skb)->type;
142 const int code = icmp_hdr(skb)->code;
143 unsigned int data_len = 0;
146 if (tpi->proto == htons(ETH_P_TEB))
147 itn = net_generic(net, gre_tap_net_id);
148 else if (tpi->proto == htons(ETH_P_ERSPAN) ||
149 tpi->proto == htons(ETH_P_ERSPAN2))
150 itn = net_generic(net, erspan_net_id);
152 itn = net_generic(net, ipgre_net_id);
154 iph = (const struct iphdr *)(icmp_hdr(skb) + 1);
155 t = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi->flags,
156 iph->daddr, iph->saddr, tpi->key);
163 case ICMP_PARAMETERPROB:
166 case ICMP_DEST_UNREACH:
169 case ICMP_PORT_UNREACH:
170 /* Impossible event. */
173 /* All others are translated to HOST_UNREACH.
174 rfc2003 contains "deep thoughts" about NET_UNREACH,
175 I believe they are just ether pollution. --ANK
181 case ICMP_TIME_EXCEEDED:
182 if (code != ICMP_EXC_TTL)
184 data_len = icmp_hdr(skb)->un.reserved[1] * 4; /* RFC 4884 4.1 */
191 #if IS_ENABLED(CONFIG_IPV6)
192 if (tpi->proto == htons(ETH_P_IPV6) &&
193 !ip6_err_gen_icmpv6_unreach(skb, iph->ihl * 4 + tpi->hdr_len,
198 if (t->parms.iph.daddr == 0 ||
199 ipv4_is_multicast(t->parms.iph.daddr))
202 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
205 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
209 t->err_time = jiffies;
214 static void gre_err(struct sk_buff *skb, u32 info)
216 /* All the routers (except for Linux) return only
217 * 8 bytes of packet payload. It means, that precise relaying of
218 * ICMP in the real Internet is absolutely infeasible.
220 * Moreover, Cisco "wise men" put GRE key to the third word
221 * in GRE header. It makes impossible maintaining even soft
223 * GRE tunnels with enabled checksum. Tell them "thank you".
225 * Well, I wonder, rfc1812 was written by Cisco employee,
226 * what the hell these idiots break standards established
230 const struct iphdr *iph = (struct iphdr *)skb->data;
231 const int type = icmp_hdr(skb)->type;
232 const int code = icmp_hdr(skb)->code;
233 struct tnl_ptk_info tpi;
235 if (gre_parse_header(skb, &tpi, NULL, htons(ETH_P_IP),
239 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
240 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
241 skb->dev->ifindex, IPPROTO_GRE);
244 if (type == ICMP_REDIRECT) {
245 ipv4_redirect(skb, dev_net(skb->dev), skb->dev->ifindex,
250 ipgre_err(skb, info, &tpi);
253 static bool is_erspan_type1(int gre_hdr_len)
255 /* Both ERSPAN type I (version 0) and type II (version 1) use
256 * protocol 0x88BE, but the type I has only 4-byte GRE header,
257 * while type II has 8-byte.
259 return gre_hdr_len == 4;
262 static int erspan_rcv(struct sk_buff *skb, struct tnl_ptk_info *tpi,
265 struct net *net = dev_net(skb->dev);
266 struct metadata_dst *tun_dst = NULL;
267 struct erspan_base_hdr *ershdr;
268 struct ip_tunnel_net *itn;
269 struct ip_tunnel *tunnel;
270 const struct iphdr *iph;
271 struct erspan_md2 *md2;
275 itn = net_generic(net, erspan_net_id);
277 if (is_erspan_type1(gre_hdr_len)) {
279 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex,
280 tpi->flags | TUNNEL_NO_KEY,
281 iph->saddr, iph->daddr, 0);
283 ershdr = (struct erspan_base_hdr *)(skb->data + gre_hdr_len);
285 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex,
286 tpi->flags | TUNNEL_KEY,
287 iph->saddr, iph->daddr, tpi->key);
291 if (is_erspan_type1(gre_hdr_len))
294 len = gre_hdr_len + erspan_hdr_len(ver);
296 if (unlikely(!pskb_may_pull(skb, len)))
297 return PACKET_REJECT;
299 if (__iptunnel_pull_header(skb,
305 if (tunnel->collect_md) {
306 struct erspan_metadata *pkt_md, *md;
307 struct ip_tunnel_info *info;
312 tpi->flags |= TUNNEL_KEY;
314 tun_id = key32_to_tunnel_id(tpi->key);
316 tun_dst = ip_tun_rx_dst(skb, flags,
317 tun_id, sizeof(*md));
319 return PACKET_REJECT;
321 /* skb can be uncloned in __iptunnel_pull_header, so
322 * old pkt_md is no longer valid and we need to reset
325 gh = skb_network_header(skb) +
326 skb_network_header_len(skb);
327 pkt_md = (struct erspan_metadata *)(gh + gre_hdr_len +
329 md = ip_tunnel_info_opts(&tun_dst->u.tun_info);
332 memcpy(md2, pkt_md, ver == 1 ? ERSPAN_V1_MDSIZE :
335 info = &tun_dst->u.tun_info;
336 info->key.tun_flags |= TUNNEL_ERSPAN_OPT;
337 info->options_len = sizeof(*md);
340 skb_reset_mac_header(skb);
341 ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
344 return PACKET_REJECT;
351 static int __ipgre_rcv(struct sk_buff *skb, const struct tnl_ptk_info *tpi,
352 struct ip_tunnel_net *itn, int hdr_len, bool raw_proto)
354 struct metadata_dst *tun_dst = NULL;
355 const struct iphdr *iph;
356 struct ip_tunnel *tunnel;
359 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi->flags,
360 iph->saddr, iph->daddr, tpi->key);
363 const struct iphdr *tnl_params;
365 if (__iptunnel_pull_header(skb, hdr_len, tpi->proto,
366 raw_proto, false) < 0)
369 /* Special case for ipgre_header_parse(), which expects the
370 * mac_header to point to the outer IP header.
372 if (tunnel->dev->header_ops == &ipgre_header_ops)
373 skb_pop_mac_header(skb);
375 skb_reset_mac_header(skb);
377 tnl_params = &tunnel->parms.iph;
378 if (tunnel->collect_md || tnl_params->daddr == 0) {
382 flags = tpi->flags & (TUNNEL_CSUM | TUNNEL_KEY);
383 tun_id = key32_to_tunnel_id(tpi->key);
384 tun_dst = ip_tun_rx_dst(skb, flags, tun_id, 0);
386 return PACKET_REJECT;
389 ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
399 static int ipgre_rcv(struct sk_buff *skb, const struct tnl_ptk_info *tpi,
402 struct net *net = dev_net(skb->dev);
403 struct ip_tunnel_net *itn;
406 if (tpi->proto == htons(ETH_P_TEB))
407 itn = net_generic(net, gre_tap_net_id);
409 itn = net_generic(net, ipgre_net_id);
411 res = __ipgre_rcv(skb, tpi, itn, hdr_len, false);
412 if (res == PACKET_NEXT && tpi->proto == htons(ETH_P_TEB)) {
413 /* ipgre tunnels in collect metadata mode should receive
414 * also ETH_P_TEB traffic.
416 itn = net_generic(net, ipgre_net_id);
417 res = __ipgre_rcv(skb, tpi, itn, hdr_len, true);
422 static int gre_rcv(struct sk_buff *skb)
424 struct tnl_ptk_info tpi;
425 bool csum_err = false;
428 #ifdef CONFIG_NET_IPGRE_BROADCAST
429 if (ipv4_is_multicast(ip_hdr(skb)->daddr)) {
430 /* Looped back packet, drop it! */
431 if (rt_is_output_route(skb_rtable(skb)))
436 hdr_len = gre_parse_header(skb, &tpi, &csum_err, htons(ETH_P_IP), 0);
440 if (unlikely(tpi.proto == htons(ETH_P_ERSPAN) ||
441 tpi.proto == htons(ETH_P_ERSPAN2))) {
442 if (erspan_rcv(skb, &tpi, hdr_len) == PACKET_RCVD)
447 if (ipgre_rcv(skb, &tpi, hdr_len) == PACKET_RCVD)
451 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
457 static void __gre_xmit(struct sk_buff *skb, struct net_device *dev,
458 const struct iphdr *tnl_params,
461 struct ip_tunnel *tunnel = netdev_priv(dev);
462 __be16 flags = tunnel->parms.o_flags;
464 /* Push GRE header. */
465 gre_build_header(skb, tunnel->tun_hlen,
466 flags, proto, tunnel->parms.o_key,
467 (flags & TUNNEL_SEQ) ? htonl(atomic_fetch_inc(&tunnel->o_seqno)) : 0);
469 ip_tunnel_xmit(skb, dev, tnl_params, tnl_params->protocol);
472 static int gre_handle_offloads(struct sk_buff *skb, bool csum)
474 return iptunnel_handle_offloads(skb, csum ? SKB_GSO_GRE_CSUM : SKB_GSO_GRE);
477 static void gre_fb_xmit(struct sk_buff *skb, struct net_device *dev,
480 struct ip_tunnel *tunnel = netdev_priv(dev);
481 struct ip_tunnel_info *tun_info;
482 const struct ip_tunnel_key *key;
486 tun_info = skb_tunnel_info(skb);
487 if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
488 ip_tunnel_info_af(tun_info) != AF_INET))
491 key = &tun_info->key;
492 tunnel_hlen = gre_calc_hlen(key->tun_flags);
494 if (skb_cow_head(skb, dev->needed_headroom))
497 /* Push Tunnel header. */
498 if (gre_handle_offloads(skb, !!(tun_info->key.tun_flags & TUNNEL_CSUM)))
501 flags = tun_info->key.tun_flags &
502 (TUNNEL_CSUM | TUNNEL_KEY | TUNNEL_SEQ);
503 gre_build_header(skb, tunnel_hlen, flags, proto,
504 tunnel_id_to_key32(tun_info->key.tun_id),
505 (flags & TUNNEL_SEQ) ? htonl(atomic_fetch_inc(&tunnel->o_seqno)) : 0);
507 ip_md_tunnel_xmit(skb, dev, IPPROTO_GRE, tunnel_hlen);
513 dev->stats.tx_dropped++;
516 static void erspan_fb_xmit(struct sk_buff *skb, struct net_device *dev)
518 struct ip_tunnel *tunnel = netdev_priv(dev);
519 struct ip_tunnel_info *tun_info;
520 const struct ip_tunnel_key *key;
521 struct erspan_metadata *md;
522 bool truncate = false;
528 tun_info = skb_tunnel_info(skb);
529 if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
530 ip_tunnel_info_af(tun_info) != AF_INET))
533 key = &tun_info->key;
534 if (!(tun_info->key.tun_flags & TUNNEL_ERSPAN_OPT))
536 if (tun_info->options_len < sizeof(*md))
538 md = ip_tunnel_info_opts(tun_info);
540 /* ERSPAN has fixed 8 byte GRE header */
541 version = md->version;
542 tunnel_hlen = 8 + erspan_hdr_len(version);
544 if (skb_cow_head(skb, dev->needed_headroom))
547 if (gre_handle_offloads(skb, false))
550 if (skb->len > dev->mtu + dev->hard_header_len) {
551 pskb_trim(skb, dev->mtu + dev->hard_header_len);
555 nhoff = skb_network_offset(skb);
556 if (skb->protocol == htons(ETH_P_IP) &&
557 (ntohs(ip_hdr(skb)->tot_len) > skb->len - nhoff))
560 if (skb->protocol == htons(ETH_P_IPV6)) {
563 if (skb_transport_header_was_set(skb))
564 thoff = skb_transport_offset(skb);
566 thoff = nhoff + sizeof(struct ipv6hdr);
567 if (ntohs(ipv6_hdr(skb)->payload_len) > skb->len - thoff)
572 erspan_build_header(skb, ntohl(tunnel_id_to_key32(key->tun_id)),
573 ntohl(md->u.index), truncate, true);
574 proto = htons(ETH_P_ERSPAN);
575 } else if (version == 2) {
576 erspan_build_header_v2(skb,
577 ntohl(tunnel_id_to_key32(key->tun_id)),
579 get_hwid(&md->u.md2),
581 proto = htons(ETH_P_ERSPAN2);
586 gre_build_header(skb, 8, TUNNEL_SEQ,
587 proto, 0, htonl(atomic_fetch_inc(&tunnel->o_seqno)));
589 ip_md_tunnel_xmit(skb, dev, IPPROTO_GRE, tunnel_hlen);
595 dev->stats.tx_dropped++;
598 static int gre_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
600 struct ip_tunnel_info *info = skb_tunnel_info(skb);
601 const struct ip_tunnel_key *key;
605 if (ip_tunnel_info_af(info) != AF_INET)
609 ip_tunnel_init_flow(&fl4, IPPROTO_GRE, key->u.ipv4.dst, key->u.ipv4.src,
610 tunnel_id_to_key32(key->tun_id),
611 key->tos & ~INET_ECN_MASK, 0, skb->mark,
613 rt = ip_route_output_key(dev_net(dev), &fl4);
618 info->key.u.ipv4.src = fl4.saddr;
622 static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
623 struct net_device *dev)
625 struct ip_tunnel *tunnel = netdev_priv(dev);
626 const struct iphdr *tnl_params;
628 if (!pskb_inet_may_pull(skb))
631 if (tunnel->collect_md) {
632 gre_fb_xmit(skb, dev, skb->protocol);
636 if (dev->header_ops) {
637 if (skb_cow_head(skb, 0))
640 tnl_params = (const struct iphdr *)skb->data;
642 /* Pull skb since ip_tunnel_xmit() needs skb->data pointing
645 skb_pull(skb, tunnel->hlen + sizeof(struct iphdr));
646 skb_reset_mac_header(skb);
648 if (skb->ip_summed == CHECKSUM_PARTIAL &&
649 skb_checksum_start(skb) < skb->data)
652 if (skb_cow_head(skb, dev->needed_headroom))
655 tnl_params = &tunnel->parms.iph;
658 if (gre_handle_offloads(skb, !!(tunnel->parms.o_flags & TUNNEL_CSUM)))
661 __gre_xmit(skb, dev, tnl_params, skb->protocol);
666 dev->stats.tx_dropped++;
670 static netdev_tx_t erspan_xmit(struct sk_buff *skb,
671 struct net_device *dev)
673 struct ip_tunnel *tunnel = netdev_priv(dev);
674 bool truncate = false;
677 if (!pskb_inet_may_pull(skb))
680 if (tunnel->collect_md) {
681 erspan_fb_xmit(skb, dev);
685 if (gre_handle_offloads(skb, false))
688 if (skb_cow_head(skb, dev->needed_headroom))
691 if (skb->len > dev->mtu + dev->hard_header_len) {
692 pskb_trim(skb, dev->mtu + dev->hard_header_len);
696 /* Push ERSPAN header */
697 if (tunnel->erspan_ver == 0) {
698 proto = htons(ETH_P_ERSPAN);
699 tunnel->parms.o_flags &= ~TUNNEL_SEQ;
700 } else if (tunnel->erspan_ver == 1) {
701 erspan_build_header(skb, ntohl(tunnel->parms.o_key),
704 proto = htons(ETH_P_ERSPAN);
705 } else if (tunnel->erspan_ver == 2) {
706 erspan_build_header_v2(skb, ntohl(tunnel->parms.o_key),
707 tunnel->dir, tunnel->hwid,
709 proto = htons(ETH_P_ERSPAN2);
714 tunnel->parms.o_flags &= ~TUNNEL_KEY;
715 __gre_xmit(skb, dev, &tunnel->parms.iph, proto);
720 dev->stats.tx_dropped++;
724 static netdev_tx_t gre_tap_xmit(struct sk_buff *skb,
725 struct net_device *dev)
727 struct ip_tunnel *tunnel = netdev_priv(dev);
729 if (!pskb_inet_may_pull(skb))
732 if (tunnel->collect_md) {
733 gre_fb_xmit(skb, dev, htons(ETH_P_TEB));
737 if (gre_handle_offloads(skb, !!(tunnel->parms.o_flags & TUNNEL_CSUM)))
740 if (skb_cow_head(skb, dev->needed_headroom))
743 __gre_xmit(skb, dev, &tunnel->parms.iph, htons(ETH_P_TEB));
748 dev->stats.tx_dropped++;
752 static void ipgre_link_update(struct net_device *dev, bool set_mtu)
754 struct ip_tunnel *tunnel = netdev_priv(dev);
757 len = tunnel->tun_hlen;
758 tunnel->tun_hlen = gre_calc_hlen(tunnel->parms.o_flags);
759 len = tunnel->tun_hlen - len;
760 tunnel->hlen = tunnel->hlen + len;
763 dev->hard_header_len += len;
765 dev->needed_headroom += len;
768 dev->mtu = max_t(int, dev->mtu - len, 68);
770 if (!(tunnel->parms.o_flags & TUNNEL_SEQ)) {
771 if (!(tunnel->parms.o_flags & TUNNEL_CSUM) ||
772 tunnel->encap.type == TUNNEL_ENCAP_NONE) {
773 dev->features |= NETIF_F_GSO_SOFTWARE;
774 dev->hw_features |= NETIF_F_GSO_SOFTWARE;
776 dev->features &= ~NETIF_F_GSO_SOFTWARE;
777 dev->hw_features &= ~NETIF_F_GSO_SOFTWARE;
779 dev->features |= NETIF_F_LLTX;
781 dev->hw_features &= ~NETIF_F_GSO_SOFTWARE;
782 dev->features &= ~(NETIF_F_LLTX | NETIF_F_GSO_SOFTWARE);
786 static int ipgre_tunnel_ctl(struct net_device *dev, struct ip_tunnel_parm *p,
791 if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
792 if (p->iph.version != 4 || p->iph.protocol != IPPROTO_GRE ||
793 p->iph.ihl != 5 || (p->iph.frag_off & htons(~IP_DF)) ||
794 ((p->i_flags | p->o_flags) & (GRE_VERSION | GRE_ROUTING)))
798 p->i_flags = gre_flags_to_tnl_flags(p->i_flags);
799 p->o_flags = gre_flags_to_tnl_flags(p->o_flags);
801 err = ip_tunnel_ctl(dev, p, cmd);
805 if (cmd == SIOCCHGTUNNEL) {
806 struct ip_tunnel *t = netdev_priv(dev);
808 t->parms.i_flags = p->i_flags;
809 t->parms.o_flags = p->o_flags;
811 if (strcmp(dev->rtnl_link_ops->kind, "erspan"))
812 ipgre_link_update(dev, true);
815 p->i_flags = gre_tnl_flags_to_gre_flags(p->i_flags);
816 p->o_flags = gre_tnl_flags_to_gre_flags(p->o_flags);
820 /* Nice toy. Unfortunately, useless in real life :-)
821 It allows to construct virtual multiprotocol broadcast "LAN"
822 over the Internet, provided multicast routing is tuned.
825 I have no idea was this bicycle invented before me,
826 so that I had to set ARPHRD_IPGRE to a random value.
827 I have an impression, that Cisco could make something similar,
828 but this feature is apparently missing in IOS<=11.2(8).
830 I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks
831 with broadcast 224.66.66.66. If you have access to mbone, play with me :-)
833 ping -t 255 224.66.66.66
835 If nobody answers, mbone does not work.
837 ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255
838 ip addr add 10.66.66.<somewhat>/24 dev Universe
840 ifconfig Universe add fe80::<Your_real_addr>/10
841 ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96
844 ftp fec0:6666:6666::193.233.7.65
847 static int ipgre_header(struct sk_buff *skb, struct net_device *dev,
849 const void *daddr, const void *saddr, unsigned int len)
851 struct ip_tunnel *t = netdev_priv(dev);
853 struct gre_base_hdr *greh;
855 iph = skb_push(skb, t->hlen + sizeof(*iph));
856 greh = (struct gre_base_hdr *)(iph+1);
857 greh->flags = gre_tnl_flags_to_gre_flags(t->parms.o_flags);
858 greh->protocol = htons(type);
860 memcpy(iph, &t->parms.iph, sizeof(struct iphdr));
862 /* Set the source hardware address. */
864 memcpy(&iph->saddr, saddr, 4);
866 memcpy(&iph->daddr, daddr, 4);
868 return t->hlen + sizeof(*iph);
870 return -(t->hlen + sizeof(*iph));
873 static int ipgre_header_parse(const struct sk_buff *skb, unsigned char *haddr)
875 const struct iphdr *iph = (const struct iphdr *) skb_mac_header(skb);
876 memcpy(haddr, &iph->saddr, 4);
880 static const struct header_ops ipgre_header_ops = {
881 .create = ipgre_header,
882 .parse = ipgre_header_parse,
885 #ifdef CONFIG_NET_IPGRE_BROADCAST
886 static int ipgre_open(struct net_device *dev)
888 struct ip_tunnel *t = netdev_priv(dev);
890 if (ipv4_is_multicast(t->parms.iph.daddr)) {
894 rt = ip_route_output_gre(t->net, &fl4,
898 RT_TOS(t->parms.iph.tos),
901 return -EADDRNOTAVAIL;
904 if (!__in_dev_get_rtnl(dev))
905 return -EADDRNOTAVAIL;
906 t->mlink = dev->ifindex;
907 ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr);
912 static int ipgre_close(struct net_device *dev)
914 struct ip_tunnel *t = netdev_priv(dev);
916 if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) {
917 struct in_device *in_dev;
918 in_dev = inetdev_by_index(t->net, t->mlink);
920 ip_mc_dec_group(in_dev, t->parms.iph.daddr);
926 static const struct net_device_ops ipgre_netdev_ops = {
927 .ndo_init = ipgre_tunnel_init,
928 .ndo_uninit = ip_tunnel_uninit,
929 #ifdef CONFIG_NET_IPGRE_BROADCAST
930 .ndo_open = ipgre_open,
931 .ndo_stop = ipgre_close,
933 .ndo_start_xmit = ipgre_xmit,
934 .ndo_siocdevprivate = ip_tunnel_siocdevprivate,
935 .ndo_change_mtu = ip_tunnel_change_mtu,
936 .ndo_get_stats64 = dev_get_tstats64,
937 .ndo_get_iflink = ip_tunnel_get_iflink,
938 .ndo_tunnel_ctl = ipgre_tunnel_ctl,
941 #define GRE_FEATURES (NETIF_F_SG | \
946 static void ipgre_tunnel_setup(struct net_device *dev)
948 dev->netdev_ops = &ipgre_netdev_ops;
949 dev->type = ARPHRD_IPGRE;
950 ip_tunnel_setup(dev, ipgre_net_id);
953 static void __gre_tunnel_init(struct net_device *dev)
955 struct ip_tunnel *tunnel;
957 tunnel = netdev_priv(dev);
958 tunnel->tun_hlen = gre_calc_hlen(tunnel->parms.o_flags);
959 tunnel->parms.iph.protocol = IPPROTO_GRE;
961 tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
962 dev->needed_headroom = tunnel->hlen + sizeof(tunnel->parms.iph);
964 dev->features |= GRE_FEATURES;
965 dev->hw_features |= GRE_FEATURES;
967 if (!(tunnel->parms.o_flags & TUNNEL_SEQ)) {
968 /* TCP offload with GRE SEQ is not supported, nor
969 * can we support 2 levels of outer headers requiring
972 if (!(tunnel->parms.o_flags & TUNNEL_CSUM) ||
973 (tunnel->encap.type == TUNNEL_ENCAP_NONE)) {
974 dev->features |= NETIF_F_GSO_SOFTWARE;
975 dev->hw_features |= NETIF_F_GSO_SOFTWARE;
978 /* Can use a lockless transmit, unless we generate
981 dev->features |= NETIF_F_LLTX;
985 static int ipgre_tunnel_init(struct net_device *dev)
987 struct ip_tunnel *tunnel = netdev_priv(dev);
988 struct iphdr *iph = &tunnel->parms.iph;
990 __gre_tunnel_init(dev);
992 memcpy(dev->dev_addr, &iph->saddr, 4);
993 memcpy(dev->broadcast, &iph->daddr, 4);
995 dev->flags = IFF_NOARP;
999 if (iph->daddr && !tunnel->collect_md) {
1000 #ifdef CONFIG_NET_IPGRE_BROADCAST
1001 if (ipv4_is_multicast(iph->daddr)) {
1004 dev->flags = IFF_BROADCAST;
1005 dev->header_ops = &ipgre_header_ops;
1006 dev->hard_header_len = tunnel->hlen + sizeof(*iph);
1007 dev->needed_headroom = 0;
1010 } else if (!tunnel->collect_md) {
1011 dev->header_ops = &ipgre_header_ops;
1012 dev->hard_header_len = tunnel->hlen + sizeof(*iph);
1013 dev->needed_headroom = 0;
1016 return ip_tunnel_init(dev);
1019 static const struct gre_protocol ipgre_protocol = {
1021 .err_handler = gre_err,
1024 static int __net_init ipgre_init_net(struct net *net)
1026 return ip_tunnel_init_net(net, ipgre_net_id, &ipgre_link_ops, NULL);
1029 static void __net_exit ipgre_exit_batch_net(struct list_head *list_net)
1031 ip_tunnel_delete_nets(list_net, ipgre_net_id, &ipgre_link_ops);
1034 static struct pernet_operations ipgre_net_ops = {
1035 .init = ipgre_init_net,
1036 .exit_batch = ipgre_exit_batch_net,
1037 .id = &ipgre_net_id,
1038 .size = sizeof(struct ip_tunnel_net),
1041 static int ipgre_tunnel_validate(struct nlattr *tb[], struct nlattr *data[],
1042 struct netlink_ext_ack *extack)
1050 if (data[IFLA_GRE_IFLAGS])
1051 flags |= nla_get_be16(data[IFLA_GRE_IFLAGS]);
1052 if (data[IFLA_GRE_OFLAGS])
1053 flags |= nla_get_be16(data[IFLA_GRE_OFLAGS]);
1054 if (flags & (GRE_VERSION|GRE_ROUTING))
1057 if (data[IFLA_GRE_COLLECT_METADATA] &&
1058 data[IFLA_GRE_ENCAP_TYPE] &&
1059 nla_get_u16(data[IFLA_GRE_ENCAP_TYPE]) != TUNNEL_ENCAP_NONE)
1065 static int ipgre_tap_validate(struct nlattr *tb[], struct nlattr *data[],
1066 struct netlink_ext_ack *extack)
1070 if (tb[IFLA_ADDRESS]) {
1071 if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN)
1073 if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS])))
1074 return -EADDRNOTAVAIL;
1080 if (data[IFLA_GRE_REMOTE]) {
1081 memcpy(&daddr, nla_data(data[IFLA_GRE_REMOTE]), 4);
1087 return ipgre_tunnel_validate(tb, data, extack);
1090 static int erspan_validate(struct nlattr *tb[], struct nlattr *data[],
1091 struct netlink_ext_ack *extack)
1099 ret = ipgre_tap_validate(tb, data, extack);
1103 if (data[IFLA_GRE_ERSPAN_VER] &&
1104 nla_get_u8(data[IFLA_GRE_ERSPAN_VER]) == 0)
1107 /* ERSPAN type II/III should only have GRE sequence and key flag */
1108 if (data[IFLA_GRE_OFLAGS])
1109 flags |= nla_get_be16(data[IFLA_GRE_OFLAGS]);
1110 if (data[IFLA_GRE_IFLAGS])
1111 flags |= nla_get_be16(data[IFLA_GRE_IFLAGS]);
1112 if (!data[IFLA_GRE_COLLECT_METADATA] &&
1113 flags != (GRE_SEQ | GRE_KEY))
1116 /* ERSPAN Session ID only has 10-bit. Since we reuse
1117 * 32-bit key field as ID, check it's range.
1119 if (data[IFLA_GRE_IKEY] &&
1120 (ntohl(nla_get_be32(data[IFLA_GRE_IKEY])) & ~ID_MASK))
1123 if (data[IFLA_GRE_OKEY] &&
1124 (ntohl(nla_get_be32(data[IFLA_GRE_OKEY])) & ~ID_MASK))
1130 static int ipgre_netlink_parms(struct net_device *dev,
1131 struct nlattr *data[],
1132 struct nlattr *tb[],
1133 struct ip_tunnel_parm *parms,
1136 struct ip_tunnel *t = netdev_priv(dev);
1138 memset(parms, 0, sizeof(*parms));
1140 parms->iph.protocol = IPPROTO_GRE;
1145 if (data[IFLA_GRE_LINK])
1146 parms->link = nla_get_u32(data[IFLA_GRE_LINK]);
1148 if (data[IFLA_GRE_IFLAGS])
1149 parms->i_flags = gre_flags_to_tnl_flags(nla_get_be16(data[IFLA_GRE_IFLAGS]));
1151 if (data[IFLA_GRE_OFLAGS])
1152 parms->o_flags = gre_flags_to_tnl_flags(nla_get_be16(data[IFLA_GRE_OFLAGS]));
1154 if (data[IFLA_GRE_IKEY])
1155 parms->i_key = nla_get_be32(data[IFLA_GRE_IKEY]);
1157 if (data[IFLA_GRE_OKEY])
1158 parms->o_key = nla_get_be32(data[IFLA_GRE_OKEY]);
1160 if (data[IFLA_GRE_LOCAL])
1161 parms->iph.saddr = nla_get_in_addr(data[IFLA_GRE_LOCAL]);
1163 if (data[IFLA_GRE_REMOTE])
1164 parms->iph.daddr = nla_get_in_addr(data[IFLA_GRE_REMOTE]);
1166 if (data[IFLA_GRE_TTL])
1167 parms->iph.ttl = nla_get_u8(data[IFLA_GRE_TTL]);
1169 if (data[IFLA_GRE_TOS])
1170 parms->iph.tos = nla_get_u8(data[IFLA_GRE_TOS]);
1172 if (!data[IFLA_GRE_PMTUDISC] || nla_get_u8(data[IFLA_GRE_PMTUDISC])) {
1175 parms->iph.frag_off = htons(IP_DF);
1178 if (data[IFLA_GRE_COLLECT_METADATA]) {
1179 t->collect_md = true;
1180 if (dev->type == ARPHRD_IPGRE)
1181 dev->type = ARPHRD_NONE;
1184 if (data[IFLA_GRE_IGNORE_DF]) {
1185 if (nla_get_u8(data[IFLA_GRE_IGNORE_DF])
1186 && (parms->iph.frag_off & htons(IP_DF)))
1188 t->ignore_df = !!nla_get_u8(data[IFLA_GRE_IGNORE_DF]);
1191 if (data[IFLA_GRE_FWMARK])
1192 *fwmark = nla_get_u32(data[IFLA_GRE_FWMARK]);
1197 static int erspan_netlink_parms(struct net_device *dev,
1198 struct nlattr *data[],
1199 struct nlattr *tb[],
1200 struct ip_tunnel_parm *parms,
1203 struct ip_tunnel *t = netdev_priv(dev);
1206 err = ipgre_netlink_parms(dev, data, tb, parms, fwmark);
1212 if (data[IFLA_GRE_ERSPAN_VER]) {
1213 t->erspan_ver = nla_get_u8(data[IFLA_GRE_ERSPAN_VER]);
1215 if (t->erspan_ver > 2)
1219 if (t->erspan_ver == 1) {
1220 if (data[IFLA_GRE_ERSPAN_INDEX]) {
1221 t->index = nla_get_u32(data[IFLA_GRE_ERSPAN_INDEX]);
1222 if (t->index & ~INDEX_MASK)
1225 } else if (t->erspan_ver == 2) {
1226 if (data[IFLA_GRE_ERSPAN_DIR]) {
1227 t->dir = nla_get_u8(data[IFLA_GRE_ERSPAN_DIR]);
1228 if (t->dir & ~(DIR_MASK >> DIR_OFFSET))
1231 if (data[IFLA_GRE_ERSPAN_HWID]) {
1232 t->hwid = nla_get_u16(data[IFLA_GRE_ERSPAN_HWID]);
1233 if (t->hwid & ~(HWID_MASK >> HWID_OFFSET))
1241 /* This function returns true when ENCAP attributes are present in the nl msg */
1242 static bool ipgre_netlink_encap_parms(struct nlattr *data[],
1243 struct ip_tunnel_encap *ipencap)
1247 memset(ipencap, 0, sizeof(*ipencap));
1252 if (data[IFLA_GRE_ENCAP_TYPE]) {
1254 ipencap->type = nla_get_u16(data[IFLA_GRE_ENCAP_TYPE]);
1257 if (data[IFLA_GRE_ENCAP_FLAGS]) {
1259 ipencap->flags = nla_get_u16(data[IFLA_GRE_ENCAP_FLAGS]);
1262 if (data[IFLA_GRE_ENCAP_SPORT]) {
1264 ipencap->sport = nla_get_be16(data[IFLA_GRE_ENCAP_SPORT]);
1267 if (data[IFLA_GRE_ENCAP_DPORT]) {
1269 ipencap->dport = nla_get_be16(data[IFLA_GRE_ENCAP_DPORT]);
1275 static int gre_tap_init(struct net_device *dev)
1277 __gre_tunnel_init(dev);
1278 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1279 netif_keep_dst(dev);
1281 return ip_tunnel_init(dev);
1284 static const struct net_device_ops gre_tap_netdev_ops = {
1285 .ndo_init = gre_tap_init,
1286 .ndo_uninit = ip_tunnel_uninit,
1287 .ndo_start_xmit = gre_tap_xmit,
1288 .ndo_set_mac_address = eth_mac_addr,
1289 .ndo_validate_addr = eth_validate_addr,
1290 .ndo_change_mtu = ip_tunnel_change_mtu,
1291 .ndo_get_stats64 = dev_get_tstats64,
1292 .ndo_get_iflink = ip_tunnel_get_iflink,
1293 .ndo_fill_metadata_dst = gre_fill_metadata_dst,
1296 static int erspan_tunnel_init(struct net_device *dev)
1298 struct ip_tunnel *tunnel = netdev_priv(dev);
1300 if (tunnel->erspan_ver == 0)
1301 tunnel->tun_hlen = 4; /* 4-byte GRE hdr. */
1303 tunnel->tun_hlen = 8; /* 8-byte GRE hdr. */
1305 tunnel->parms.iph.protocol = IPPROTO_GRE;
1306 tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen +
1307 erspan_hdr_len(tunnel->erspan_ver);
1309 dev->features |= GRE_FEATURES;
1310 dev->hw_features |= GRE_FEATURES;
1311 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1312 netif_keep_dst(dev);
1314 return ip_tunnel_init(dev);
1317 static const struct net_device_ops erspan_netdev_ops = {
1318 .ndo_init = erspan_tunnel_init,
1319 .ndo_uninit = ip_tunnel_uninit,
1320 .ndo_start_xmit = erspan_xmit,
1321 .ndo_set_mac_address = eth_mac_addr,
1322 .ndo_validate_addr = eth_validate_addr,
1323 .ndo_change_mtu = ip_tunnel_change_mtu,
1324 .ndo_get_stats64 = dev_get_tstats64,
1325 .ndo_get_iflink = ip_tunnel_get_iflink,
1326 .ndo_fill_metadata_dst = gre_fill_metadata_dst,
1329 static void ipgre_tap_setup(struct net_device *dev)
1333 dev->netdev_ops = &gre_tap_netdev_ops;
1334 dev->priv_flags &= ~IFF_TX_SKB_SHARING;
1335 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1336 ip_tunnel_setup(dev, gre_tap_net_id);
1340 ipgre_newlink_encap_setup(struct net_device *dev, struct nlattr *data[])
1342 struct ip_tunnel_encap ipencap;
1344 if (ipgre_netlink_encap_parms(data, &ipencap)) {
1345 struct ip_tunnel *t = netdev_priv(dev);
1346 int err = ip_tunnel_encap_setup(t, &ipencap);
1355 static int ipgre_newlink(struct net *src_net, struct net_device *dev,
1356 struct nlattr *tb[], struct nlattr *data[],
1357 struct netlink_ext_ack *extack)
1359 struct ip_tunnel_parm p;
1363 err = ipgre_newlink_encap_setup(dev, data);
1367 err = ipgre_netlink_parms(dev, data, tb, &p, &fwmark);
1370 return ip_tunnel_newlink(dev, tb, &p, fwmark);
1373 static int erspan_newlink(struct net *src_net, struct net_device *dev,
1374 struct nlattr *tb[], struct nlattr *data[],
1375 struct netlink_ext_ack *extack)
1377 struct ip_tunnel_parm p;
1381 err = ipgre_newlink_encap_setup(dev, data);
1385 err = erspan_netlink_parms(dev, data, tb, &p, &fwmark);
1388 return ip_tunnel_newlink(dev, tb, &p, fwmark);
1391 static int ipgre_changelink(struct net_device *dev, struct nlattr *tb[],
1392 struct nlattr *data[],
1393 struct netlink_ext_ack *extack)
1395 struct ip_tunnel *t = netdev_priv(dev);
1396 __u32 fwmark = t->fwmark;
1397 struct ip_tunnel_parm p;
1400 err = ipgre_newlink_encap_setup(dev, data);
1404 err = ipgre_netlink_parms(dev, data, tb, &p, &fwmark);
1408 err = ip_tunnel_changelink(dev, tb, &p, fwmark);
1412 t->parms.i_flags = p.i_flags;
1413 t->parms.o_flags = p.o_flags;
1415 ipgre_link_update(dev, !tb[IFLA_MTU]);
1420 static int erspan_changelink(struct net_device *dev, struct nlattr *tb[],
1421 struct nlattr *data[],
1422 struct netlink_ext_ack *extack)
1424 struct ip_tunnel *t = netdev_priv(dev);
1425 __u32 fwmark = t->fwmark;
1426 struct ip_tunnel_parm p;
1429 err = ipgre_newlink_encap_setup(dev, data);
1433 err = erspan_netlink_parms(dev, data, tb, &p, &fwmark);
1437 err = ip_tunnel_changelink(dev, tb, &p, fwmark);
1441 t->parms.i_flags = p.i_flags;
1442 t->parms.o_flags = p.o_flags;
1447 static size_t ipgre_get_size(const struct net_device *dev)
1452 /* IFLA_GRE_IFLAGS */
1454 /* IFLA_GRE_OFLAGS */
1460 /* IFLA_GRE_LOCAL */
1462 /* IFLA_GRE_REMOTE */
1468 /* IFLA_GRE_PMTUDISC */
1470 /* IFLA_GRE_ENCAP_TYPE */
1472 /* IFLA_GRE_ENCAP_FLAGS */
1474 /* IFLA_GRE_ENCAP_SPORT */
1476 /* IFLA_GRE_ENCAP_DPORT */
1478 /* IFLA_GRE_COLLECT_METADATA */
1480 /* IFLA_GRE_IGNORE_DF */
1482 /* IFLA_GRE_FWMARK */
1484 /* IFLA_GRE_ERSPAN_INDEX */
1486 /* IFLA_GRE_ERSPAN_VER */
1488 /* IFLA_GRE_ERSPAN_DIR */
1490 /* IFLA_GRE_ERSPAN_HWID */
1495 static int ipgre_fill_info(struct sk_buff *skb, const struct net_device *dev)
1497 struct ip_tunnel *t = netdev_priv(dev);
1498 struct ip_tunnel_parm *p = &t->parms;
1499 __be16 o_flags = p->o_flags;
1501 if (nla_put_u32(skb, IFLA_GRE_LINK, p->link) ||
1502 nla_put_be16(skb, IFLA_GRE_IFLAGS,
1503 gre_tnl_flags_to_gre_flags(p->i_flags)) ||
1504 nla_put_be16(skb, IFLA_GRE_OFLAGS,
1505 gre_tnl_flags_to_gre_flags(o_flags)) ||
1506 nla_put_be32(skb, IFLA_GRE_IKEY, p->i_key) ||
1507 nla_put_be32(skb, IFLA_GRE_OKEY, p->o_key) ||
1508 nla_put_in_addr(skb, IFLA_GRE_LOCAL, p->iph.saddr) ||
1509 nla_put_in_addr(skb, IFLA_GRE_REMOTE, p->iph.daddr) ||
1510 nla_put_u8(skb, IFLA_GRE_TTL, p->iph.ttl) ||
1511 nla_put_u8(skb, IFLA_GRE_TOS, p->iph.tos) ||
1512 nla_put_u8(skb, IFLA_GRE_PMTUDISC,
1513 !!(p->iph.frag_off & htons(IP_DF))) ||
1514 nla_put_u32(skb, IFLA_GRE_FWMARK, t->fwmark))
1515 goto nla_put_failure;
1517 if (nla_put_u16(skb, IFLA_GRE_ENCAP_TYPE,
1519 nla_put_be16(skb, IFLA_GRE_ENCAP_SPORT,
1521 nla_put_be16(skb, IFLA_GRE_ENCAP_DPORT,
1523 nla_put_u16(skb, IFLA_GRE_ENCAP_FLAGS,
1525 goto nla_put_failure;
1527 if (nla_put_u8(skb, IFLA_GRE_IGNORE_DF, t->ignore_df))
1528 goto nla_put_failure;
1530 if (t->collect_md) {
1531 if (nla_put_flag(skb, IFLA_GRE_COLLECT_METADATA))
1532 goto nla_put_failure;
1541 static int erspan_fill_info(struct sk_buff *skb, const struct net_device *dev)
1543 struct ip_tunnel *t = netdev_priv(dev);
1545 if (t->erspan_ver <= 2) {
1546 if (t->erspan_ver != 0 && !t->collect_md)
1547 t->parms.o_flags |= TUNNEL_KEY;
1549 if (nla_put_u8(skb, IFLA_GRE_ERSPAN_VER, t->erspan_ver))
1550 goto nla_put_failure;
1552 if (t->erspan_ver == 1) {
1553 if (nla_put_u32(skb, IFLA_GRE_ERSPAN_INDEX, t->index))
1554 goto nla_put_failure;
1555 } else if (t->erspan_ver == 2) {
1556 if (nla_put_u8(skb, IFLA_GRE_ERSPAN_DIR, t->dir))
1557 goto nla_put_failure;
1558 if (nla_put_u16(skb, IFLA_GRE_ERSPAN_HWID, t->hwid))
1559 goto nla_put_failure;
1563 return ipgre_fill_info(skb, dev);
1569 static void erspan_setup(struct net_device *dev)
1571 struct ip_tunnel *t = netdev_priv(dev);
1575 dev->netdev_ops = &erspan_netdev_ops;
1576 dev->priv_flags &= ~IFF_TX_SKB_SHARING;
1577 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1578 ip_tunnel_setup(dev, erspan_net_id);
1582 static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
1583 [IFLA_GRE_LINK] = { .type = NLA_U32 },
1584 [IFLA_GRE_IFLAGS] = { .type = NLA_U16 },
1585 [IFLA_GRE_OFLAGS] = { .type = NLA_U16 },
1586 [IFLA_GRE_IKEY] = { .type = NLA_U32 },
1587 [IFLA_GRE_OKEY] = { .type = NLA_U32 },
1588 [IFLA_GRE_LOCAL] = { .len = sizeof_field(struct iphdr, saddr) },
1589 [IFLA_GRE_REMOTE] = { .len = sizeof_field(struct iphdr, daddr) },
1590 [IFLA_GRE_TTL] = { .type = NLA_U8 },
1591 [IFLA_GRE_TOS] = { .type = NLA_U8 },
1592 [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 },
1593 [IFLA_GRE_ENCAP_TYPE] = { .type = NLA_U16 },
1594 [IFLA_GRE_ENCAP_FLAGS] = { .type = NLA_U16 },
1595 [IFLA_GRE_ENCAP_SPORT] = { .type = NLA_U16 },
1596 [IFLA_GRE_ENCAP_DPORT] = { .type = NLA_U16 },
1597 [IFLA_GRE_COLLECT_METADATA] = { .type = NLA_FLAG },
1598 [IFLA_GRE_IGNORE_DF] = { .type = NLA_U8 },
1599 [IFLA_GRE_FWMARK] = { .type = NLA_U32 },
1600 [IFLA_GRE_ERSPAN_INDEX] = { .type = NLA_U32 },
1601 [IFLA_GRE_ERSPAN_VER] = { .type = NLA_U8 },
1602 [IFLA_GRE_ERSPAN_DIR] = { .type = NLA_U8 },
1603 [IFLA_GRE_ERSPAN_HWID] = { .type = NLA_U16 },
1606 static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
1608 .maxtype = IFLA_GRE_MAX,
1609 .policy = ipgre_policy,
1610 .priv_size = sizeof(struct ip_tunnel),
1611 .setup = ipgre_tunnel_setup,
1612 .validate = ipgre_tunnel_validate,
1613 .newlink = ipgre_newlink,
1614 .changelink = ipgre_changelink,
1615 .dellink = ip_tunnel_dellink,
1616 .get_size = ipgre_get_size,
1617 .fill_info = ipgre_fill_info,
1618 .get_link_net = ip_tunnel_get_link_net,
1621 static struct rtnl_link_ops ipgre_tap_ops __read_mostly = {
1623 .maxtype = IFLA_GRE_MAX,
1624 .policy = ipgre_policy,
1625 .priv_size = sizeof(struct ip_tunnel),
1626 .setup = ipgre_tap_setup,
1627 .validate = ipgre_tap_validate,
1628 .newlink = ipgre_newlink,
1629 .changelink = ipgre_changelink,
1630 .dellink = ip_tunnel_dellink,
1631 .get_size = ipgre_get_size,
1632 .fill_info = ipgre_fill_info,
1633 .get_link_net = ip_tunnel_get_link_net,
1636 static struct rtnl_link_ops erspan_link_ops __read_mostly = {
1638 .maxtype = IFLA_GRE_MAX,
1639 .policy = ipgre_policy,
1640 .priv_size = sizeof(struct ip_tunnel),
1641 .setup = erspan_setup,
1642 .validate = erspan_validate,
1643 .newlink = erspan_newlink,
1644 .changelink = erspan_changelink,
1645 .dellink = ip_tunnel_dellink,
1646 .get_size = ipgre_get_size,
1647 .fill_info = erspan_fill_info,
1648 .get_link_net = ip_tunnel_get_link_net,
1651 struct net_device *gretap_fb_dev_create(struct net *net, const char *name,
1652 u8 name_assign_type)
1654 struct nlattr *tb[IFLA_MAX + 1];
1655 struct net_device *dev;
1656 LIST_HEAD(list_kill);
1657 struct ip_tunnel *t;
1660 memset(&tb, 0, sizeof(tb));
1662 dev = rtnl_create_link(net, name, name_assign_type,
1663 &ipgre_tap_ops, tb, NULL);
1667 /* Configure flow based GRE device. */
1668 t = netdev_priv(dev);
1669 t->collect_md = true;
1671 err = ipgre_newlink(net, dev, tb, NULL, NULL);
1674 return ERR_PTR(err);
1677 /* openvswitch users expect packet sizes to be unrestricted,
1678 * so set the largest MTU we can.
1680 err = __ip_tunnel_change_mtu(dev, IP_MAX_MTU, false);
1684 err = rtnl_configure_link(dev, NULL);
1690 ip_tunnel_dellink(dev, &list_kill);
1691 unregister_netdevice_many(&list_kill);
1692 return ERR_PTR(err);
1694 EXPORT_SYMBOL_GPL(gretap_fb_dev_create);
1696 static int __net_init ipgre_tap_init_net(struct net *net)
1698 return ip_tunnel_init_net(net, gre_tap_net_id, &ipgre_tap_ops, "gretap0");
1701 static void __net_exit ipgre_tap_exit_batch_net(struct list_head *list_net)
1703 ip_tunnel_delete_nets(list_net, gre_tap_net_id, &ipgre_tap_ops);
1706 static struct pernet_operations ipgre_tap_net_ops = {
1707 .init = ipgre_tap_init_net,
1708 .exit_batch = ipgre_tap_exit_batch_net,
1709 .id = &gre_tap_net_id,
1710 .size = sizeof(struct ip_tunnel_net),
1713 static int __net_init erspan_init_net(struct net *net)
1715 return ip_tunnel_init_net(net, erspan_net_id,
1716 &erspan_link_ops, "erspan0");
1719 static void __net_exit erspan_exit_batch_net(struct list_head *net_list)
1721 ip_tunnel_delete_nets(net_list, erspan_net_id, &erspan_link_ops);
1724 static struct pernet_operations erspan_net_ops = {
1725 .init = erspan_init_net,
1726 .exit_batch = erspan_exit_batch_net,
1727 .id = &erspan_net_id,
1728 .size = sizeof(struct ip_tunnel_net),
1731 static int __init ipgre_init(void)
1735 pr_info("GRE over IPv4 tunneling driver\n");
1737 err = register_pernet_device(&ipgre_net_ops);
1741 err = register_pernet_device(&ipgre_tap_net_ops);
1743 goto pnet_tap_failed;
1745 err = register_pernet_device(&erspan_net_ops);
1747 goto pnet_erspan_failed;
1749 err = gre_add_protocol(&ipgre_protocol, GREPROTO_CISCO);
1751 pr_info("%s: can't add protocol\n", __func__);
1752 goto add_proto_failed;
1755 err = rtnl_link_register(&ipgre_link_ops);
1757 goto rtnl_link_failed;
1759 err = rtnl_link_register(&ipgre_tap_ops);
1761 goto tap_ops_failed;
1763 err = rtnl_link_register(&erspan_link_ops);
1765 goto erspan_link_failed;
1770 rtnl_link_unregister(&ipgre_tap_ops);
1772 rtnl_link_unregister(&ipgre_link_ops);
1774 gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
1776 unregister_pernet_device(&erspan_net_ops);
1778 unregister_pernet_device(&ipgre_tap_net_ops);
1780 unregister_pernet_device(&ipgre_net_ops);
1784 static void __exit ipgre_fini(void)
1786 rtnl_link_unregister(&ipgre_tap_ops);
1787 rtnl_link_unregister(&ipgre_link_ops);
1788 rtnl_link_unregister(&erspan_link_ops);
1789 gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
1790 unregister_pernet_device(&ipgre_tap_net_ops);
1791 unregister_pernet_device(&ipgre_net_ops);
1792 unregister_pernet_device(&erspan_net_ops);
1795 module_init(ipgre_init);
1796 module_exit(ipgre_fini);
1797 MODULE_LICENSE("GPL");
1798 MODULE_ALIAS_RTNL_LINK("gre");
1799 MODULE_ALIAS_RTNL_LINK("gretap");
1800 MODULE_ALIAS_RTNL_LINK("erspan");
1801 MODULE_ALIAS_NETDEV("gre0");
1802 MODULE_ALIAS_NETDEV("gretap0");
1803 MODULE_ALIAS_NETDEV("erspan0");
projects / releases.git / blob