1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Linux NET3: GRE over IP protocol decoder.
5 * Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10 #include <linux/capability.h>
11 #include <linux/module.h>
12 #include <linux/types.h>
13 #include <linux/kernel.h>
14 #include <linux/slab.h>
15 #include <linux/uaccess.h>
16 #include <linux/skbuff.h>
17 #include <linux/netdevice.h>
19 #include <linux/tcp.h>
20 #include <linux/udp.h>
21 #include <linux/if_arp.h>
22 #include <linux/if_vlan.h>
23 #include <linux/init.h>
24 #include <linux/in6.h>
25 #include <linux/inetdevice.h>
26 #include <linux/igmp.h>
27 #include <linux/netfilter_ipv4.h>
28 #include <linux/etherdevice.h>
29 #include <linux/if_ether.h>
34 #include <net/protocol.h>
35 #include <net/ip_tunnels.h>
37 #include <net/checksum.h>
38 #include <net/dsfield.h>
39 #include <net/inet_ecn.h>
41 #include <net/net_namespace.h>
42 #include <net/netns/generic.h>
43 #include <net/rtnetlink.h>
45 #include <net/dst_metadata.h>
46 #include <net/erspan.h>
52 1. The most important issue is detecting local dead loops.
53 They would cause complete host lockup in transmit, which
54 would be "resolved" by stack overflow or, if queueing is enabled,
55 with infinite looping in net_bh.
57 We cannot track such dead loops during route installation,
58 it is infeasible task. The most general solutions would be
59 to keep skb->encapsulation counter (sort of local ttl),
60 and silently drop packet when it expires. It is a good
61 solution, but it supposes maintaining new variable in ALL
62 skb, even if no tunneling is used.
64 Current solution: xmit_recursion breaks dead loops. This is a percpu
65 counter, since when we enter the first ndo_xmit(), cpu migration is
66 forbidden. We force an exit if this counter reaches RECURSION_LIMIT
68 2. Networking dead loops would not kill routers, but would really
69 kill network. IP hop limit plays role of "t->recursion" in this case,
70 if we copy it from packet being encapsulated to upper header.
71 It is very good solution, but it introduces two problems:
73 - Routing protocols, using packets with ttl=1 (OSPF, RIP2),
74 do not work over tunnels.
75 - traceroute does not work. I planned to relay ICMP from tunnel,
76 so that this problem would be solved and traceroute output
77 would even more informative. This idea appeared to be wrong:
78 only Linux complies to rfc1812 now (yes, guys, Linux is the only
79 true router now :-)), all routers (at least, in neighbourhood of mine)
80 return only 8 bytes of payload. It is the end.
82 Hence, if we want that OSPF worked or traceroute said something reasonable,
83 we should search for another solution.
85 One of them is to parse packet trying to detect inner encapsulation
86 made by our node. It is difficult or even impossible, especially,
87 taking into account fragmentation. TO be short, ttl is not solution at all.
89 Current solution: The solution was UNEXPECTEDLY SIMPLE.
90 We force DF flag on tunnels with preconfigured hop limit,
91 that is ALL. :-) Well, it does not remove the problem completely,
92 but exponential growth of network traffic is changed to linear
93 (branches, that exceed pmtu are pruned) and tunnel mtu
94 rapidly degrades to value <68, where looping stops.
95 Yes, it is not good if there exists a router in the loop,
96 which does not force DF, even when encapsulating packets have DF set.
97 But it is not our problem! Nobody could accuse us, we made
98 all that we could make. Even if it is your gated who injected
99 fatal route to network, even if it were you who configured
100 fatal static route: you are innocent. :-)
105 static bool log_ecn_error = true;
106 module_param(log_ecn_error, bool, 0644);
107 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
109 static struct rtnl_link_ops ipgre_link_ops __read_mostly;
110 static const struct header_ops ipgre_header_ops;
112 static int ipgre_tunnel_init(struct net_device *dev);
113 static void erspan_build_header(struct sk_buff *skb,
115 bool truncate, bool is_ipv4);
117 static unsigned int ipgre_net_id __read_mostly;
118 static unsigned int gre_tap_net_id __read_mostly;
119 static unsigned int erspan_net_id __read_mostly;
121 static int ipgre_err(struct sk_buff *skb, u32 info,
122 const struct tnl_ptk_info *tpi)
125 /* All the routers (except for Linux) return only
126 8 bytes of packet payload. It means, that precise relaying of
127 ICMP in the real Internet is absolutely infeasible.
129 Moreover, Cisco "wise men" put GRE key to the third word
130 in GRE header. It makes impossible maintaining even soft
131 state for keyed GRE tunnels with enabled checksum. Tell
134 Well, I wonder, rfc1812 was written by Cisco employee,
135 what the hell these idiots break standards established
138 struct net *net = dev_net(skb->dev);
139 struct ip_tunnel_net *itn;
140 const struct iphdr *iph;
141 const int type = icmp_hdr(skb)->type;
142 const int code = icmp_hdr(skb)->code;
143 unsigned int data_len = 0;
146 if (tpi->proto == htons(ETH_P_TEB))
147 itn = net_generic(net, gre_tap_net_id);
148 else if (tpi->proto == htons(ETH_P_ERSPAN) ||
149 tpi->proto == htons(ETH_P_ERSPAN2))
150 itn = net_generic(net, erspan_net_id);
152 itn = net_generic(net, ipgre_net_id);
154 iph = (const struct iphdr *)(icmp_hdr(skb) + 1);
155 t = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi->flags,
156 iph->daddr, iph->saddr, tpi->key);
163 case ICMP_PARAMETERPROB:
166 case ICMP_DEST_UNREACH:
169 case ICMP_PORT_UNREACH:
170 /* Impossible event. */
173 /* All others are translated to HOST_UNREACH.
174 rfc2003 contains "deep thoughts" about NET_UNREACH,
175 I believe they are just ether pollution. --ANK
181 case ICMP_TIME_EXCEEDED:
182 if (code != ICMP_EXC_TTL)
184 data_len = icmp_hdr(skb)->un.reserved[1] * 4; /* RFC 4884 4.1 */
191 #if IS_ENABLED(CONFIG_IPV6)
192 if (tpi->proto == htons(ETH_P_IPV6) &&
193 !ip6_err_gen_icmpv6_unreach(skb, iph->ihl * 4 + tpi->hdr_len,
198 if (t->parms.iph.daddr == 0 ||
199 ipv4_is_multicast(t->parms.iph.daddr))
202 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
205 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
209 t->err_time = jiffies;
214 static void gre_err(struct sk_buff *skb, u32 info)
216 /* All the routers (except for Linux) return only
217 * 8 bytes of packet payload. It means, that precise relaying of
218 * ICMP in the real Internet is absolutely infeasible.
220 * Moreover, Cisco "wise men" put GRE key to the third word
221 * in GRE header. It makes impossible maintaining even soft
223 * GRE tunnels with enabled checksum. Tell them "thank you".
225 * Well, I wonder, rfc1812 was written by Cisco employee,
226 * what the hell these idiots break standards established
230 const struct iphdr *iph = (struct iphdr *)skb->data;
231 const int type = icmp_hdr(skb)->type;
232 const int code = icmp_hdr(skb)->code;
233 struct tnl_ptk_info tpi;
235 if (gre_parse_header(skb, &tpi, NULL, htons(ETH_P_IP),
239 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
240 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
241 skb->dev->ifindex, IPPROTO_GRE);
244 if (type == ICMP_REDIRECT) {
245 ipv4_redirect(skb, dev_net(skb->dev), skb->dev->ifindex,
250 ipgre_err(skb, info, &tpi);
253 static bool is_erspan_type1(int gre_hdr_len)
255 /* Both ERSPAN type I (version 0) and type II (version 1) use
256 * protocol 0x88BE, but the type I has only 4-byte GRE header,
257 * while type II has 8-byte.
259 return gre_hdr_len == 4;
262 static int erspan_rcv(struct sk_buff *skb, struct tnl_ptk_info *tpi,
265 struct net *net = dev_net(skb->dev);
266 struct metadata_dst *tun_dst = NULL;
267 struct erspan_base_hdr *ershdr;
268 struct ip_tunnel_net *itn;
269 struct ip_tunnel *tunnel;
270 const struct iphdr *iph;
271 struct erspan_md2 *md2;
275 itn = net_generic(net, erspan_net_id);
277 if (is_erspan_type1(gre_hdr_len)) {
279 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex,
280 tpi->flags | TUNNEL_NO_KEY,
281 iph->saddr, iph->daddr, 0);
283 if (unlikely(!pskb_may_pull(skb,
284 gre_hdr_len + sizeof(*ershdr))))
285 return PACKET_REJECT;
287 ershdr = (struct erspan_base_hdr *)(skb->data + gre_hdr_len);
290 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex,
291 tpi->flags | TUNNEL_KEY,
292 iph->saddr, iph->daddr, tpi->key);
296 if (is_erspan_type1(gre_hdr_len))
299 len = gre_hdr_len + erspan_hdr_len(ver);
301 if (unlikely(!pskb_may_pull(skb, len)))
302 return PACKET_REJECT;
304 if (__iptunnel_pull_header(skb,
310 if (tunnel->collect_md) {
311 struct erspan_metadata *pkt_md, *md;
312 struct ip_tunnel_info *info;
317 tpi->flags |= TUNNEL_KEY;
319 tun_id = key32_to_tunnel_id(tpi->key);
321 tun_dst = ip_tun_rx_dst(skb, flags,
322 tun_id, sizeof(*md));
324 return PACKET_REJECT;
326 /* skb can be uncloned in __iptunnel_pull_header, so
327 * old pkt_md is no longer valid and we need to reset
330 gh = skb_network_header(skb) +
331 skb_network_header_len(skb);
332 pkt_md = (struct erspan_metadata *)(gh + gre_hdr_len +
334 md = ip_tunnel_info_opts(&tun_dst->u.tun_info);
337 memcpy(md2, pkt_md, ver == 1 ? ERSPAN_V1_MDSIZE :
340 info = &tun_dst->u.tun_info;
341 info->key.tun_flags |= TUNNEL_ERSPAN_OPT;
342 info->options_len = sizeof(*md);
345 skb_reset_mac_header(skb);
346 ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
349 return PACKET_REJECT;
356 static int __ipgre_rcv(struct sk_buff *skb, const struct tnl_ptk_info *tpi,
357 struct ip_tunnel_net *itn, int hdr_len, bool raw_proto)
359 struct metadata_dst *tun_dst = NULL;
360 const struct iphdr *iph;
361 struct ip_tunnel *tunnel;
364 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi->flags,
365 iph->saddr, iph->daddr, tpi->key);
368 const struct iphdr *tnl_params;
370 if (__iptunnel_pull_header(skb, hdr_len, tpi->proto,
371 raw_proto, false) < 0)
374 /* Special case for ipgre_header_parse(), which expects the
375 * mac_header to point to the outer IP header.
377 if (tunnel->dev->header_ops == &ipgre_header_ops)
378 skb_pop_mac_header(skb);
380 skb_reset_mac_header(skb);
382 tnl_params = &tunnel->parms.iph;
383 if (tunnel->collect_md || tnl_params->daddr == 0) {
387 flags = tpi->flags & (TUNNEL_CSUM | TUNNEL_KEY);
388 tun_id = key32_to_tunnel_id(tpi->key);
389 tun_dst = ip_tun_rx_dst(skb, flags, tun_id, 0);
391 return PACKET_REJECT;
394 ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
404 static int ipgre_rcv(struct sk_buff *skb, const struct tnl_ptk_info *tpi,
407 struct net *net = dev_net(skb->dev);
408 struct ip_tunnel_net *itn;
411 if (tpi->proto == htons(ETH_P_TEB))
412 itn = net_generic(net, gre_tap_net_id);
414 itn = net_generic(net, ipgre_net_id);
416 res = __ipgre_rcv(skb, tpi, itn, hdr_len, false);
417 if (res == PACKET_NEXT && tpi->proto == htons(ETH_P_TEB)) {
418 /* ipgre tunnels in collect metadata mode should receive
419 * also ETH_P_TEB traffic.
421 itn = net_generic(net, ipgre_net_id);
422 res = __ipgre_rcv(skb, tpi, itn, hdr_len, true);
427 static int gre_rcv(struct sk_buff *skb)
429 struct tnl_ptk_info tpi;
430 bool csum_err = false;
433 #ifdef CONFIG_NET_IPGRE_BROADCAST
434 if (ipv4_is_multicast(ip_hdr(skb)->daddr)) {
435 /* Looped back packet, drop it! */
436 if (rt_is_output_route(skb_rtable(skb)))
441 hdr_len = gre_parse_header(skb, &tpi, &csum_err, htons(ETH_P_IP), 0);
445 if (unlikely(tpi.proto == htons(ETH_P_ERSPAN) ||
446 tpi.proto == htons(ETH_P_ERSPAN2))) {
447 if (erspan_rcv(skb, &tpi, hdr_len) == PACKET_RCVD)
452 if (ipgre_rcv(skb, &tpi, hdr_len) == PACKET_RCVD)
456 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
462 static void __gre_xmit(struct sk_buff *skb, struct net_device *dev,
463 const struct iphdr *tnl_params,
466 struct ip_tunnel *tunnel = netdev_priv(dev);
467 __be16 flags = tunnel->parms.o_flags;
469 /* Push GRE header. */
470 gre_build_header(skb, tunnel->tun_hlen,
471 flags, proto, tunnel->parms.o_key,
472 (flags & TUNNEL_SEQ) ? htonl(atomic_fetch_inc(&tunnel->o_seqno)) : 0);
474 ip_tunnel_xmit(skb, dev, tnl_params, tnl_params->protocol);
477 static int gre_handle_offloads(struct sk_buff *skb, bool csum)
479 return iptunnel_handle_offloads(skb, csum ? SKB_GSO_GRE_CSUM : SKB_GSO_GRE);
482 static void gre_fb_xmit(struct sk_buff *skb, struct net_device *dev,
485 struct ip_tunnel *tunnel = netdev_priv(dev);
486 struct ip_tunnel_info *tun_info;
487 const struct ip_tunnel_key *key;
491 tun_info = skb_tunnel_info(skb);
492 if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
493 ip_tunnel_info_af(tun_info) != AF_INET))
496 key = &tun_info->key;
497 tunnel_hlen = gre_calc_hlen(key->tun_flags);
499 if (skb_cow_head(skb, dev->needed_headroom))
502 /* Push Tunnel header. */
503 if (gre_handle_offloads(skb, !!(tun_info->key.tun_flags & TUNNEL_CSUM)))
506 flags = tun_info->key.tun_flags &
507 (TUNNEL_CSUM | TUNNEL_KEY | TUNNEL_SEQ);
508 gre_build_header(skb, tunnel_hlen, flags, proto,
509 tunnel_id_to_key32(tun_info->key.tun_id),
510 (flags & TUNNEL_SEQ) ? htonl(atomic_fetch_inc(&tunnel->o_seqno)) : 0);
512 ip_md_tunnel_xmit(skb, dev, IPPROTO_GRE, tunnel_hlen);
518 dev->stats.tx_dropped++;
521 static void erspan_fb_xmit(struct sk_buff *skb, struct net_device *dev)
523 struct ip_tunnel *tunnel = netdev_priv(dev);
524 struct ip_tunnel_info *tun_info;
525 const struct ip_tunnel_key *key;
526 struct erspan_metadata *md;
527 bool truncate = false;
533 tun_info = skb_tunnel_info(skb);
534 if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
535 ip_tunnel_info_af(tun_info) != AF_INET))
538 key = &tun_info->key;
539 if (!(tun_info->key.tun_flags & TUNNEL_ERSPAN_OPT))
541 if (tun_info->options_len < sizeof(*md))
543 md = ip_tunnel_info_opts(tun_info);
545 /* ERSPAN has fixed 8 byte GRE header */
546 version = md->version;
547 tunnel_hlen = 8 + erspan_hdr_len(version);
549 if (skb_cow_head(skb, dev->needed_headroom))
552 if (gre_handle_offloads(skb, false))
555 if (skb->len > dev->mtu + dev->hard_header_len) {
556 pskb_trim(skb, dev->mtu + dev->hard_header_len);
560 nhoff = skb_network_offset(skb);
561 if (skb->protocol == htons(ETH_P_IP) &&
562 (ntohs(ip_hdr(skb)->tot_len) > skb->len - nhoff))
565 if (skb->protocol == htons(ETH_P_IPV6)) {
568 if (skb_transport_header_was_set(skb))
569 thoff = skb_transport_offset(skb);
571 thoff = nhoff + sizeof(struct ipv6hdr);
572 if (ntohs(ipv6_hdr(skb)->payload_len) > skb->len - thoff)
577 erspan_build_header(skb, ntohl(tunnel_id_to_key32(key->tun_id)),
578 ntohl(md->u.index), truncate, true);
579 proto = htons(ETH_P_ERSPAN);
580 } else if (version == 2) {
581 erspan_build_header_v2(skb,
582 ntohl(tunnel_id_to_key32(key->tun_id)),
584 get_hwid(&md->u.md2),
586 proto = htons(ETH_P_ERSPAN2);
591 gre_build_header(skb, 8, TUNNEL_SEQ,
592 proto, 0, htonl(atomic_fetch_inc(&tunnel->o_seqno)));
594 ip_md_tunnel_xmit(skb, dev, IPPROTO_GRE, tunnel_hlen);
600 dev->stats.tx_dropped++;
603 static int gre_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
605 struct ip_tunnel_info *info = skb_tunnel_info(skb);
606 const struct ip_tunnel_key *key;
610 if (ip_tunnel_info_af(info) != AF_INET)
614 ip_tunnel_init_flow(&fl4, IPPROTO_GRE, key->u.ipv4.dst, key->u.ipv4.src,
615 tunnel_id_to_key32(key->tun_id),
616 key->tos & ~INET_ECN_MASK, dev_net(dev), 0,
617 skb->mark, skb_get_hash(skb), key->flow_flags);
618 rt = ip_route_output_key(dev_net(dev), &fl4);
623 info->key.u.ipv4.src = fl4.saddr;
627 static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
628 struct net_device *dev)
630 struct ip_tunnel *tunnel = netdev_priv(dev);
631 const struct iphdr *tnl_params;
633 if (!pskb_inet_may_pull(skb))
636 if (tunnel->collect_md) {
637 gre_fb_xmit(skb, dev, skb->protocol);
641 if (dev->header_ops) {
642 int pull_len = tunnel->hlen + sizeof(struct iphdr);
644 if (skb_cow_head(skb, 0))
647 tnl_params = (const struct iphdr *)skb->data;
649 if (!pskb_network_may_pull(skb, pull_len))
652 /* ip_tunnel_xmit() needs skb->data pointing to gre header. */
653 skb_pull(skb, pull_len);
654 skb_reset_mac_header(skb);
656 if (skb->ip_summed == CHECKSUM_PARTIAL &&
657 skb_checksum_start(skb) < skb->data)
660 if (skb_cow_head(skb, dev->needed_headroom))
663 tnl_params = &tunnel->parms.iph;
666 if (gre_handle_offloads(skb, !!(tunnel->parms.o_flags & TUNNEL_CSUM)))
669 __gre_xmit(skb, dev, tnl_params, skb->protocol);
674 dev->stats.tx_dropped++;
678 static netdev_tx_t erspan_xmit(struct sk_buff *skb,
679 struct net_device *dev)
681 struct ip_tunnel *tunnel = netdev_priv(dev);
682 bool truncate = false;
685 if (!pskb_inet_may_pull(skb))
688 if (tunnel->collect_md) {
689 erspan_fb_xmit(skb, dev);
693 if (gre_handle_offloads(skb, false))
696 if (skb_cow_head(skb, dev->needed_headroom))
699 if (skb->len > dev->mtu + dev->hard_header_len) {
700 pskb_trim(skb, dev->mtu + dev->hard_header_len);
704 /* Push ERSPAN header */
705 if (tunnel->erspan_ver == 0) {
706 proto = htons(ETH_P_ERSPAN);
707 tunnel->parms.o_flags &= ~TUNNEL_SEQ;
708 } else if (tunnel->erspan_ver == 1) {
709 erspan_build_header(skb, ntohl(tunnel->parms.o_key),
712 proto = htons(ETH_P_ERSPAN);
713 } else if (tunnel->erspan_ver == 2) {
714 erspan_build_header_v2(skb, ntohl(tunnel->parms.o_key),
715 tunnel->dir, tunnel->hwid,
717 proto = htons(ETH_P_ERSPAN2);
722 tunnel->parms.o_flags &= ~TUNNEL_KEY;
723 __gre_xmit(skb, dev, &tunnel->parms.iph, proto);
728 dev->stats.tx_dropped++;
732 static netdev_tx_t gre_tap_xmit(struct sk_buff *skb,
733 struct net_device *dev)
735 struct ip_tunnel *tunnel = netdev_priv(dev);
737 if (!pskb_inet_may_pull(skb))
740 if (tunnel->collect_md) {
741 gre_fb_xmit(skb, dev, htons(ETH_P_TEB));
745 if (gre_handle_offloads(skb, !!(tunnel->parms.o_flags & TUNNEL_CSUM)))
748 if (skb_cow_head(skb, dev->needed_headroom))
751 __gre_xmit(skb, dev, &tunnel->parms.iph, htons(ETH_P_TEB));
756 dev->stats.tx_dropped++;
760 static void ipgre_link_update(struct net_device *dev, bool set_mtu)
762 struct ip_tunnel *tunnel = netdev_priv(dev);
766 len = tunnel->tun_hlen;
767 tunnel->tun_hlen = gre_calc_hlen(tunnel->parms.o_flags);
768 len = tunnel->tun_hlen - len;
769 tunnel->hlen = tunnel->hlen + len;
772 dev->hard_header_len += len;
774 dev->needed_headroom += len;
777 dev->mtu = max_t(int, dev->mtu - len, 68);
779 flags = tunnel->parms.o_flags;
781 if (flags & TUNNEL_SEQ ||
782 (flags & TUNNEL_CSUM && tunnel->encap.type != TUNNEL_ENCAP_NONE)) {
783 dev->features &= ~NETIF_F_GSO_SOFTWARE;
784 dev->hw_features &= ~NETIF_F_GSO_SOFTWARE;
786 dev->features |= NETIF_F_GSO_SOFTWARE;
787 dev->hw_features |= NETIF_F_GSO_SOFTWARE;
791 static int ipgre_tunnel_ctl(struct net_device *dev, struct ip_tunnel_parm *p,
796 if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
797 if (p->iph.version != 4 || p->iph.protocol != IPPROTO_GRE ||
798 p->iph.ihl != 5 || (p->iph.frag_off & htons(~IP_DF)) ||
799 ((p->i_flags | p->o_flags) & (GRE_VERSION | GRE_ROUTING)))
803 p->i_flags = gre_flags_to_tnl_flags(p->i_flags);
804 p->o_flags = gre_flags_to_tnl_flags(p->o_flags);
806 err = ip_tunnel_ctl(dev, p, cmd);
810 if (cmd == SIOCCHGTUNNEL) {
811 struct ip_tunnel *t = netdev_priv(dev);
813 t->parms.i_flags = p->i_flags;
814 t->parms.o_flags = p->o_flags;
816 if (strcmp(dev->rtnl_link_ops->kind, "erspan"))
817 ipgre_link_update(dev, true);
820 p->i_flags = gre_tnl_flags_to_gre_flags(p->i_flags);
821 p->o_flags = gre_tnl_flags_to_gre_flags(p->o_flags);
825 /* Nice toy. Unfortunately, useless in real life :-)
826 It allows to construct virtual multiprotocol broadcast "LAN"
827 over the Internet, provided multicast routing is tuned.
830 I have no idea was this bicycle invented before me,
831 so that I had to set ARPHRD_IPGRE to a random value.
832 I have an impression, that Cisco could make something similar,
833 but this feature is apparently missing in IOS<=11.2(8).
835 I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks
836 with broadcast 224.66.66.66. If you have access to mbone, play with me :-)
838 ping -t 255 224.66.66.66
840 If nobody answers, mbone does not work.
842 ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255
843 ip addr add 10.66.66.<somewhat>/24 dev Universe
845 ifconfig Universe add fe80::<Your_real_addr>/10
846 ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96
849 ftp fec0:6666:6666::193.233.7.65
852 static int ipgre_header(struct sk_buff *skb, struct net_device *dev,
854 const void *daddr, const void *saddr, unsigned int len)
856 struct ip_tunnel *t = netdev_priv(dev);
858 struct gre_base_hdr *greh;
860 iph = skb_push(skb, t->hlen + sizeof(*iph));
861 greh = (struct gre_base_hdr *)(iph+1);
862 greh->flags = gre_tnl_flags_to_gre_flags(t->parms.o_flags);
863 greh->protocol = htons(type);
865 memcpy(iph, &t->parms.iph, sizeof(struct iphdr));
867 /* Set the source hardware address. */
869 memcpy(&iph->saddr, saddr, 4);
871 memcpy(&iph->daddr, daddr, 4);
873 return t->hlen + sizeof(*iph);
875 return -(t->hlen + sizeof(*iph));
878 static int ipgre_header_parse(const struct sk_buff *skb, unsigned char *haddr)
880 const struct iphdr *iph = (const struct iphdr *) skb_mac_header(skb);
881 memcpy(haddr, &iph->saddr, 4);
885 static const struct header_ops ipgre_header_ops = {
886 .create = ipgre_header,
887 .parse = ipgre_header_parse,
890 #ifdef CONFIG_NET_IPGRE_BROADCAST
891 static int ipgre_open(struct net_device *dev)
893 struct ip_tunnel *t = netdev_priv(dev);
895 if (ipv4_is_multicast(t->parms.iph.daddr)) {
899 rt = ip_route_output_gre(t->net, &fl4,
903 RT_TOS(t->parms.iph.tos),
906 return -EADDRNOTAVAIL;
909 if (!__in_dev_get_rtnl(dev))
910 return -EADDRNOTAVAIL;
911 t->mlink = dev->ifindex;
912 ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr);
917 static int ipgre_close(struct net_device *dev)
919 struct ip_tunnel *t = netdev_priv(dev);
921 if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) {
922 struct in_device *in_dev;
923 in_dev = inetdev_by_index(t->net, t->mlink);
925 ip_mc_dec_group(in_dev, t->parms.iph.daddr);
931 static const struct net_device_ops ipgre_netdev_ops = {
932 .ndo_init = ipgre_tunnel_init,
933 .ndo_uninit = ip_tunnel_uninit,
934 #ifdef CONFIG_NET_IPGRE_BROADCAST
935 .ndo_open = ipgre_open,
936 .ndo_stop = ipgre_close,
938 .ndo_start_xmit = ipgre_xmit,
939 .ndo_siocdevprivate = ip_tunnel_siocdevprivate,
940 .ndo_change_mtu = ip_tunnel_change_mtu,
941 .ndo_get_stats64 = dev_get_tstats64,
942 .ndo_get_iflink = ip_tunnel_get_iflink,
943 .ndo_tunnel_ctl = ipgre_tunnel_ctl,
946 #define GRE_FEATURES (NETIF_F_SG | \
951 static void ipgre_tunnel_setup(struct net_device *dev)
953 dev->netdev_ops = &ipgre_netdev_ops;
954 dev->type = ARPHRD_IPGRE;
955 ip_tunnel_setup(dev, ipgre_net_id);
958 static void __gre_tunnel_init(struct net_device *dev)
960 struct ip_tunnel *tunnel;
963 tunnel = netdev_priv(dev);
964 tunnel->tun_hlen = gre_calc_hlen(tunnel->parms.o_flags);
965 tunnel->parms.iph.protocol = IPPROTO_GRE;
967 tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
968 dev->needed_headroom = tunnel->hlen + sizeof(tunnel->parms.iph);
970 dev->features |= GRE_FEATURES | NETIF_F_LLTX;
971 dev->hw_features |= GRE_FEATURES;
973 flags = tunnel->parms.o_flags;
975 /* TCP offload with GRE SEQ is not supported, nor can we support 2
976 * levels of outer headers requiring an update.
978 if (flags & TUNNEL_SEQ)
980 if (flags & TUNNEL_CSUM && tunnel->encap.type != TUNNEL_ENCAP_NONE)
983 dev->features |= NETIF_F_GSO_SOFTWARE;
984 dev->hw_features |= NETIF_F_GSO_SOFTWARE;
987 static int ipgre_tunnel_init(struct net_device *dev)
989 struct ip_tunnel *tunnel = netdev_priv(dev);
990 struct iphdr *iph = &tunnel->parms.iph;
992 __gre_tunnel_init(dev);
994 __dev_addr_set(dev, &iph->saddr, 4);
995 memcpy(dev->broadcast, &iph->daddr, 4);
997 dev->flags = IFF_NOARP;
1001 if (iph->daddr && !tunnel->collect_md) {
1002 #ifdef CONFIG_NET_IPGRE_BROADCAST
1003 if (ipv4_is_multicast(iph->daddr)) {
1006 dev->flags = IFF_BROADCAST;
1007 dev->header_ops = &ipgre_header_ops;
1008 dev->hard_header_len = tunnel->hlen + sizeof(*iph);
1009 dev->needed_headroom = 0;
1012 } else if (!tunnel->collect_md) {
1013 dev->header_ops = &ipgre_header_ops;
1014 dev->hard_header_len = tunnel->hlen + sizeof(*iph);
1015 dev->needed_headroom = 0;
1018 return ip_tunnel_init(dev);
1021 static const struct gre_protocol ipgre_protocol = {
1023 .err_handler = gre_err,
1026 static int __net_init ipgre_init_net(struct net *net)
1028 return ip_tunnel_init_net(net, ipgre_net_id, &ipgre_link_ops, NULL);
1031 static void __net_exit ipgre_exit_batch_net(struct list_head *list_net)
1033 ip_tunnel_delete_nets(list_net, ipgre_net_id, &ipgre_link_ops);
1036 static struct pernet_operations ipgre_net_ops = {
1037 .init = ipgre_init_net,
1038 .exit_batch = ipgre_exit_batch_net,
1039 .id = &ipgre_net_id,
1040 .size = sizeof(struct ip_tunnel_net),
1043 static int ipgre_tunnel_validate(struct nlattr *tb[], struct nlattr *data[],
1044 struct netlink_ext_ack *extack)
1052 if (data[IFLA_GRE_IFLAGS])
1053 flags |= nla_get_be16(data[IFLA_GRE_IFLAGS]);
1054 if (data[IFLA_GRE_OFLAGS])
1055 flags |= nla_get_be16(data[IFLA_GRE_OFLAGS]);
1056 if (flags & (GRE_VERSION|GRE_ROUTING))
1059 if (data[IFLA_GRE_COLLECT_METADATA] &&
1060 data[IFLA_GRE_ENCAP_TYPE] &&
1061 nla_get_u16(data[IFLA_GRE_ENCAP_TYPE]) != TUNNEL_ENCAP_NONE)
1067 static int ipgre_tap_validate(struct nlattr *tb[], struct nlattr *data[],
1068 struct netlink_ext_ack *extack)
1072 if (tb[IFLA_ADDRESS]) {
1073 if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN)
1075 if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS])))
1076 return -EADDRNOTAVAIL;
1082 if (data[IFLA_GRE_REMOTE]) {
1083 memcpy(&daddr, nla_data(data[IFLA_GRE_REMOTE]), 4);
1089 return ipgre_tunnel_validate(tb, data, extack);
1092 static int erspan_validate(struct nlattr *tb[], struct nlattr *data[],
1093 struct netlink_ext_ack *extack)
1101 ret = ipgre_tap_validate(tb, data, extack);
1105 if (data[IFLA_GRE_ERSPAN_VER] &&
1106 nla_get_u8(data[IFLA_GRE_ERSPAN_VER]) == 0)
1109 /* ERSPAN type II/III should only have GRE sequence and key flag */
1110 if (data[IFLA_GRE_OFLAGS])
1111 flags |= nla_get_be16(data[IFLA_GRE_OFLAGS]);
1112 if (data[IFLA_GRE_IFLAGS])
1113 flags |= nla_get_be16(data[IFLA_GRE_IFLAGS]);
1114 if (!data[IFLA_GRE_COLLECT_METADATA] &&
1115 flags != (GRE_SEQ | GRE_KEY))
1118 /* ERSPAN Session ID only has 10-bit. Since we reuse
1119 * 32-bit key field as ID, check it's range.
1121 if (data[IFLA_GRE_IKEY] &&
1122 (ntohl(nla_get_be32(data[IFLA_GRE_IKEY])) & ~ID_MASK))
1125 if (data[IFLA_GRE_OKEY] &&
1126 (ntohl(nla_get_be32(data[IFLA_GRE_OKEY])) & ~ID_MASK))
1132 static int ipgre_netlink_parms(struct net_device *dev,
1133 struct nlattr *data[],
1134 struct nlattr *tb[],
1135 struct ip_tunnel_parm *parms,
1138 struct ip_tunnel *t = netdev_priv(dev);
1140 memset(parms, 0, sizeof(*parms));
1142 parms->iph.protocol = IPPROTO_GRE;
1147 if (data[IFLA_GRE_LINK])
1148 parms->link = nla_get_u32(data[IFLA_GRE_LINK]);
1150 if (data[IFLA_GRE_IFLAGS])
1151 parms->i_flags = gre_flags_to_tnl_flags(nla_get_be16(data[IFLA_GRE_IFLAGS]));
1153 if (data[IFLA_GRE_OFLAGS])
1154 parms->o_flags = gre_flags_to_tnl_flags(nla_get_be16(data[IFLA_GRE_OFLAGS]));
1156 if (data[IFLA_GRE_IKEY])
1157 parms->i_key = nla_get_be32(data[IFLA_GRE_IKEY]);
1159 if (data[IFLA_GRE_OKEY])
1160 parms->o_key = nla_get_be32(data[IFLA_GRE_OKEY]);
1162 if (data[IFLA_GRE_LOCAL])
1163 parms->iph.saddr = nla_get_in_addr(data[IFLA_GRE_LOCAL]);
1165 if (data[IFLA_GRE_REMOTE])
1166 parms->iph.daddr = nla_get_in_addr(data[IFLA_GRE_REMOTE]);
1168 if (data[IFLA_GRE_TTL])
1169 parms->iph.ttl = nla_get_u8(data[IFLA_GRE_TTL]);
1171 if (data[IFLA_GRE_TOS])
1172 parms->iph.tos = nla_get_u8(data[IFLA_GRE_TOS]);
1174 if (!data[IFLA_GRE_PMTUDISC] || nla_get_u8(data[IFLA_GRE_PMTUDISC])) {
1177 parms->iph.frag_off = htons(IP_DF);
1180 if (data[IFLA_GRE_COLLECT_METADATA]) {
1181 t->collect_md = true;
1182 if (dev->type == ARPHRD_IPGRE)
1183 dev->type = ARPHRD_NONE;
1186 if (data[IFLA_GRE_IGNORE_DF]) {
1187 if (nla_get_u8(data[IFLA_GRE_IGNORE_DF])
1188 && (parms->iph.frag_off & htons(IP_DF)))
1190 t->ignore_df = !!nla_get_u8(data[IFLA_GRE_IGNORE_DF]);
1193 if (data[IFLA_GRE_FWMARK])
1194 *fwmark = nla_get_u32(data[IFLA_GRE_FWMARK]);
1199 static int erspan_netlink_parms(struct net_device *dev,
1200 struct nlattr *data[],
1201 struct nlattr *tb[],
1202 struct ip_tunnel_parm *parms,
1205 struct ip_tunnel *t = netdev_priv(dev);
1208 err = ipgre_netlink_parms(dev, data, tb, parms, fwmark);
1214 if (data[IFLA_GRE_ERSPAN_VER]) {
1215 t->erspan_ver = nla_get_u8(data[IFLA_GRE_ERSPAN_VER]);
1217 if (t->erspan_ver > 2)
1221 if (t->erspan_ver == 1) {
1222 if (data[IFLA_GRE_ERSPAN_INDEX]) {
1223 t->index = nla_get_u32(data[IFLA_GRE_ERSPAN_INDEX]);
1224 if (t->index & ~INDEX_MASK)
1227 } else if (t->erspan_ver == 2) {
1228 if (data[IFLA_GRE_ERSPAN_DIR]) {
1229 t->dir = nla_get_u8(data[IFLA_GRE_ERSPAN_DIR]);
1230 if (t->dir & ~(DIR_MASK >> DIR_OFFSET))
1233 if (data[IFLA_GRE_ERSPAN_HWID]) {
1234 t->hwid = nla_get_u16(data[IFLA_GRE_ERSPAN_HWID]);
1235 if (t->hwid & ~(HWID_MASK >> HWID_OFFSET))
1243 /* This function returns true when ENCAP attributes are present in the nl msg */
1244 static bool ipgre_netlink_encap_parms(struct nlattr *data[],
1245 struct ip_tunnel_encap *ipencap)
1249 memset(ipencap, 0, sizeof(*ipencap));
1254 if (data[IFLA_GRE_ENCAP_TYPE]) {
1256 ipencap->type = nla_get_u16(data[IFLA_GRE_ENCAP_TYPE]);
1259 if (data[IFLA_GRE_ENCAP_FLAGS]) {
1261 ipencap->flags = nla_get_u16(data[IFLA_GRE_ENCAP_FLAGS]);
1264 if (data[IFLA_GRE_ENCAP_SPORT]) {
1266 ipencap->sport = nla_get_be16(data[IFLA_GRE_ENCAP_SPORT]);
1269 if (data[IFLA_GRE_ENCAP_DPORT]) {
1271 ipencap->dport = nla_get_be16(data[IFLA_GRE_ENCAP_DPORT]);
1277 static int gre_tap_init(struct net_device *dev)
1279 __gre_tunnel_init(dev);
1280 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1281 netif_keep_dst(dev);
1283 return ip_tunnel_init(dev);
1286 static const struct net_device_ops gre_tap_netdev_ops = {
1287 .ndo_init = gre_tap_init,
1288 .ndo_uninit = ip_tunnel_uninit,
1289 .ndo_start_xmit = gre_tap_xmit,
1290 .ndo_set_mac_address = eth_mac_addr,
1291 .ndo_validate_addr = eth_validate_addr,
1292 .ndo_change_mtu = ip_tunnel_change_mtu,
1293 .ndo_get_stats64 = dev_get_tstats64,
1294 .ndo_get_iflink = ip_tunnel_get_iflink,
1295 .ndo_fill_metadata_dst = gre_fill_metadata_dst,
1298 static int erspan_tunnel_init(struct net_device *dev)
1300 struct ip_tunnel *tunnel = netdev_priv(dev);
1302 if (tunnel->erspan_ver == 0)
1303 tunnel->tun_hlen = 4; /* 4-byte GRE hdr. */
1305 tunnel->tun_hlen = 8; /* 8-byte GRE hdr. */
1307 tunnel->parms.iph.protocol = IPPROTO_GRE;
1308 tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen +
1309 erspan_hdr_len(tunnel->erspan_ver);
1311 dev->features |= GRE_FEATURES;
1312 dev->hw_features |= GRE_FEATURES;
1313 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1314 netif_keep_dst(dev);
1316 return ip_tunnel_init(dev);
1319 static const struct net_device_ops erspan_netdev_ops = {
1320 .ndo_init = erspan_tunnel_init,
1321 .ndo_uninit = ip_tunnel_uninit,
1322 .ndo_start_xmit = erspan_xmit,
1323 .ndo_set_mac_address = eth_mac_addr,
1324 .ndo_validate_addr = eth_validate_addr,
1325 .ndo_change_mtu = ip_tunnel_change_mtu,
1326 .ndo_get_stats64 = dev_get_tstats64,
1327 .ndo_get_iflink = ip_tunnel_get_iflink,
1328 .ndo_fill_metadata_dst = gre_fill_metadata_dst,
1331 static void ipgre_tap_setup(struct net_device *dev)
1335 dev->netdev_ops = &gre_tap_netdev_ops;
1336 dev->priv_flags &= ~IFF_TX_SKB_SHARING;
1337 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1338 ip_tunnel_setup(dev, gre_tap_net_id);
1342 ipgre_newlink_encap_setup(struct net_device *dev, struct nlattr *data[])
1344 struct ip_tunnel_encap ipencap;
1346 if (ipgre_netlink_encap_parms(data, &ipencap)) {
1347 struct ip_tunnel *t = netdev_priv(dev);
1348 int err = ip_tunnel_encap_setup(t, &ipencap);
1357 static int ipgre_newlink(struct net *src_net, struct net_device *dev,
1358 struct nlattr *tb[], struct nlattr *data[],
1359 struct netlink_ext_ack *extack)
1361 struct ip_tunnel_parm p;
1365 err = ipgre_newlink_encap_setup(dev, data);
1369 err = ipgre_netlink_parms(dev, data, tb, &p, &fwmark);
1372 return ip_tunnel_newlink(dev, tb, &p, fwmark);
1375 static int erspan_newlink(struct net *src_net, struct net_device *dev,
1376 struct nlattr *tb[], struct nlattr *data[],
1377 struct netlink_ext_ack *extack)
1379 struct ip_tunnel_parm p;
1383 err = ipgre_newlink_encap_setup(dev, data);
1387 err = erspan_netlink_parms(dev, data, tb, &p, &fwmark);
1390 return ip_tunnel_newlink(dev, tb, &p, fwmark);
1393 static int ipgre_changelink(struct net_device *dev, struct nlattr *tb[],
1394 struct nlattr *data[],
1395 struct netlink_ext_ack *extack)
1397 struct ip_tunnel *t = netdev_priv(dev);
1398 __u32 fwmark = t->fwmark;
1399 struct ip_tunnel_parm p;
1402 err = ipgre_newlink_encap_setup(dev, data);
1406 err = ipgre_netlink_parms(dev, data, tb, &p, &fwmark);
1410 err = ip_tunnel_changelink(dev, tb, &p, fwmark);
1414 t->parms.i_flags = p.i_flags;
1415 t->parms.o_flags = p.o_flags;
1417 ipgre_link_update(dev, !tb[IFLA_MTU]);
1422 static int erspan_changelink(struct net_device *dev, struct nlattr *tb[],
1423 struct nlattr *data[],
1424 struct netlink_ext_ack *extack)
1426 struct ip_tunnel *t = netdev_priv(dev);
1427 __u32 fwmark = t->fwmark;
1428 struct ip_tunnel_parm p;
1431 err = ipgre_newlink_encap_setup(dev, data);
1435 err = erspan_netlink_parms(dev, data, tb, &p, &fwmark);
1439 err = ip_tunnel_changelink(dev, tb, &p, fwmark);
1443 t->parms.i_flags = p.i_flags;
1444 t->parms.o_flags = p.o_flags;
1449 static size_t ipgre_get_size(const struct net_device *dev)
1454 /* IFLA_GRE_IFLAGS */
1456 /* IFLA_GRE_OFLAGS */
1462 /* IFLA_GRE_LOCAL */
1464 /* IFLA_GRE_REMOTE */
1470 /* IFLA_GRE_PMTUDISC */
1472 /* IFLA_GRE_ENCAP_TYPE */
1474 /* IFLA_GRE_ENCAP_FLAGS */
1476 /* IFLA_GRE_ENCAP_SPORT */
1478 /* IFLA_GRE_ENCAP_DPORT */
1480 /* IFLA_GRE_COLLECT_METADATA */
1482 /* IFLA_GRE_IGNORE_DF */
1484 /* IFLA_GRE_FWMARK */
1486 /* IFLA_GRE_ERSPAN_INDEX */
1488 /* IFLA_GRE_ERSPAN_VER */
1490 /* IFLA_GRE_ERSPAN_DIR */
1492 /* IFLA_GRE_ERSPAN_HWID */
1497 static int ipgre_fill_info(struct sk_buff *skb, const struct net_device *dev)
1499 struct ip_tunnel *t = netdev_priv(dev);
1500 struct ip_tunnel_parm *p = &t->parms;
1501 __be16 o_flags = p->o_flags;
1503 if (nla_put_u32(skb, IFLA_GRE_LINK, p->link) ||
1504 nla_put_be16(skb, IFLA_GRE_IFLAGS,
1505 gre_tnl_flags_to_gre_flags(p->i_flags)) ||
1506 nla_put_be16(skb, IFLA_GRE_OFLAGS,
1507 gre_tnl_flags_to_gre_flags(o_flags)) ||
1508 nla_put_be32(skb, IFLA_GRE_IKEY, p->i_key) ||
1509 nla_put_be32(skb, IFLA_GRE_OKEY, p->o_key) ||
1510 nla_put_in_addr(skb, IFLA_GRE_LOCAL, p->iph.saddr) ||
1511 nla_put_in_addr(skb, IFLA_GRE_REMOTE, p->iph.daddr) ||
1512 nla_put_u8(skb, IFLA_GRE_TTL, p->iph.ttl) ||
1513 nla_put_u8(skb, IFLA_GRE_TOS, p->iph.tos) ||
1514 nla_put_u8(skb, IFLA_GRE_PMTUDISC,
1515 !!(p->iph.frag_off & htons(IP_DF))) ||
1516 nla_put_u32(skb, IFLA_GRE_FWMARK, t->fwmark))
1517 goto nla_put_failure;
1519 if (nla_put_u16(skb, IFLA_GRE_ENCAP_TYPE,
1521 nla_put_be16(skb, IFLA_GRE_ENCAP_SPORT,
1523 nla_put_be16(skb, IFLA_GRE_ENCAP_DPORT,
1525 nla_put_u16(skb, IFLA_GRE_ENCAP_FLAGS,
1527 goto nla_put_failure;
1529 if (nla_put_u8(skb, IFLA_GRE_IGNORE_DF, t->ignore_df))
1530 goto nla_put_failure;
1532 if (t->collect_md) {
1533 if (nla_put_flag(skb, IFLA_GRE_COLLECT_METADATA))
1534 goto nla_put_failure;
1543 static int erspan_fill_info(struct sk_buff *skb, const struct net_device *dev)
1545 struct ip_tunnel *t = netdev_priv(dev);
1547 if (t->erspan_ver <= 2) {
1548 if (t->erspan_ver != 0 && !t->collect_md)
1549 t->parms.o_flags |= TUNNEL_KEY;
1551 if (nla_put_u8(skb, IFLA_GRE_ERSPAN_VER, t->erspan_ver))
1552 goto nla_put_failure;
1554 if (t->erspan_ver == 1) {
1555 if (nla_put_u32(skb, IFLA_GRE_ERSPAN_INDEX, t->index))
1556 goto nla_put_failure;
1557 } else if (t->erspan_ver == 2) {
1558 if (nla_put_u8(skb, IFLA_GRE_ERSPAN_DIR, t->dir))
1559 goto nla_put_failure;
1560 if (nla_put_u16(skb, IFLA_GRE_ERSPAN_HWID, t->hwid))
1561 goto nla_put_failure;
1565 return ipgre_fill_info(skb, dev);
1571 static void erspan_setup(struct net_device *dev)
1573 struct ip_tunnel *t = netdev_priv(dev);
1577 dev->netdev_ops = &erspan_netdev_ops;
1578 dev->priv_flags &= ~IFF_TX_SKB_SHARING;
1579 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1580 ip_tunnel_setup(dev, erspan_net_id);
1584 static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
1585 [IFLA_GRE_LINK] = { .type = NLA_U32 },
1586 [IFLA_GRE_IFLAGS] = { .type = NLA_U16 },
1587 [IFLA_GRE_OFLAGS] = { .type = NLA_U16 },
1588 [IFLA_GRE_IKEY] = { .type = NLA_U32 },
1589 [IFLA_GRE_OKEY] = { .type = NLA_U32 },
1590 [IFLA_GRE_LOCAL] = { .len = sizeof_field(struct iphdr, saddr) },
1591 [IFLA_GRE_REMOTE] = { .len = sizeof_field(struct iphdr, daddr) },
1592 [IFLA_GRE_TTL] = { .type = NLA_U8 },
1593 [IFLA_GRE_TOS] = { .type = NLA_U8 },
1594 [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 },
1595 [IFLA_GRE_ENCAP_TYPE] = { .type = NLA_U16 },
1596 [IFLA_GRE_ENCAP_FLAGS] = { .type = NLA_U16 },
1597 [IFLA_GRE_ENCAP_SPORT] = { .type = NLA_U16 },
1598 [IFLA_GRE_ENCAP_DPORT] = { .type = NLA_U16 },
1599 [IFLA_GRE_COLLECT_METADATA] = { .type = NLA_FLAG },
1600 [IFLA_GRE_IGNORE_DF] = { .type = NLA_U8 },
1601 [IFLA_GRE_FWMARK] = { .type = NLA_U32 },
1602 [IFLA_GRE_ERSPAN_INDEX] = { .type = NLA_U32 },
1603 [IFLA_GRE_ERSPAN_VER] = { .type = NLA_U8 },
1604 [IFLA_GRE_ERSPAN_DIR] = { .type = NLA_U8 },
1605 [IFLA_GRE_ERSPAN_HWID] = { .type = NLA_U16 },
1608 static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
1610 .maxtype = IFLA_GRE_MAX,
1611 .policy = ipgre_policy,
1612 .priv_size = sizeof(struct ip_tunnel),
1613 .setup = ipgre_tunnel_setup,
1614 .validate = ipgre_tunnel_validate,
1615 .newlink = ipgre_newlink,
1616 .changelink = ipgre_changelink,
1617 .dellink = ip_tunnel_dellink,
1618 .get_size = ipgre_get_size,
1619 .fill_info = ipgre_fill_info,
1620 .get_link_net = ip_tunnel_get_link_net,
1623 static struct rtnl_link_ops ipgre_tap_ops __read_mostly = {
1625 .maxtype = IFLA_GRE_MAX,
1626 .policy = ipgre_policy,
1627 .priv_size = sizeof(struct ip_tunnel),
1628 .setup = ipgre_tap_setup,
1629 .validate = ipgre_tap_validate,
1630 .newlink = ipgre_newlink,
1631 .changelink = ipgre_changelink,
1632 .dellink = ip_tunnel_dellink,
1633 .get_size = ipgre_get_size,
1634 .fill_info = ipgre_fill_info,
1635 .get_link_net = ip_tunnel_get_link_net,
1638 static struct rtnl_link_ops erspan_link_ops __read_mostly = {
1640 .maxtype = IFLA_GRE_MAX,
1641 .policy = ipgre_policy,
1642 .priv_size = sizeof(struct ip_tunnel),
1643 .setup = erspan_setup,
1644 .validate = erspan_validate,
1645 .newlink = erspan_newlink,
1646 .changelink = erspan_changelink,
1647 .dellink = ip_tunnel_dellink,
1648 .get_size = ipgre_get_size,
1649 .fill_info = erspan_fill_info,
1650 .get_link_net = ip_tunnel_get_link_net,
1653 struct net_device *gretap_fb_dev_create(struct net *net, const char *name,
1654 u8 name_assign_type)
1656 struct nlattr *tb[IFLA_MAX + 1];
1657 struct net_device *dev;
1658 LIST_HEAD(list_kill);
1659 struct ip_tunnel *t;
1662 memset(&tb, 0, sizeof(tb));
1664 dev = rtnl_create_link(net, name, name_assign_type,
1665 &ipgre_tap_ops, tb, NULL);
1669 /* Configure flow based GRE device. */
1670 t = netdev_priv(dev);
1671 t->collect_md = true;
1673 err = ipgre_newlink(net, dev, tb, NULL, NULL);
1676 return ERR_PTR(err);
1679 /* openvswitch users expect packet sizes to be unrestricted,
1680 * so set the largest MTU we can.
1682 err = __ip_tunnel_change_mtu(dev, IP_MAX_MTU, false);
1686 err = rtnl_configure_link(dev, NULL);
1692 ip_tunnel_dellink(dev, &list_kill);
1693 unregister_netdevice_many(&list_kill);
1694 return ERR_PTR(err);
1696 EXPORT_SYMBOL_GPL(gretap_fb_dev_create);
1698 static int __net_init ipgre_tap_init_net(struct net *net)
1700 return ip_tunnel_init_net(net, gre_tap_net_id, &ipgre_tap_ops, "gretap0");
1703 static void __net_exit ipgre_tap_exit_batch_net(struct list_head *list_net)
1705 ip_tunnel_delete_nets(list_net, gre_tap_net_id, &ipgre_tap_ops);
1708 static struct pernet_operations ipgre_tap_net_ops = {
1709 .init = ipgre_tap_init_net,
1710 .exit_batch = ipgre_tap_exit_batch_net,
1711 .id = &gre_tap_net_id,
1712 .size = sizeof(struct ip_tunnel_net),
1715 static int __net_init erspan_init_net(struct net *net)
1717 return ip_tunnel_init_net(net, erspan_net_id,
1718 &erspan_link_ops, "erspan0");
1721 static void __net_exit erspan_exit_batch_net(struct list_head *net_list)
1723 ip_tunnel_delete_nets(net_list, erspan_net_id, &erspan_link_ops);
1726 static struct pernet_operations erspan_net_ops = {
1727 .init = erspan_init_net,
1728 .exit_batch = erspan_exit_batch_net,
1729 .id = &erspan_net_id,
1730 .size = sizeof(struct ip_tunnel_net),
1733 static int __init ipgre_init(void)
1737 pr_info("GRE over IPv4 tunneling driver\n");
1739 err = register_pernet_device(&ipgre_net_ops);
1743 err = register_pernet_device(&ipgre_tap_net_ops);
1745 goto pnet_tap_failed;
1747 err = register_pernet_device(&erspan_net_ops);
1749 goto pnet_erspan_failed;
1751 err = gre_add_protocol(&ipgre_protocol, GREPROTO_CISCO);
1753 pr_info("%s: can't add protocol\n", __func__);
1754 goto add_proto_failed;
1757 err = rtnl_link_register(&ipgre_link_ops);
1759 goto rtnl_link_failed;
1761 err = rtnl_link_register(&ipgre_tap_ops);
1763 goto tap_ops_failed;
1765 err = rtnl_link_register(&erspan_link_ops);
1767 goto erspan_link_failed;
1772 rtnl_link_unregister(&ipgre_tap_ops);
1774 rtnl_link_unregister(&ipgre_link_ops);
1776 gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
1778 unregister_pernet_device(&erspan_net_ops);
1780 unregister_pernet_device(&ipgre_tap_net_ops);
1782 unregister_pernet_device(&ipgre_net_ops);
1786 static void __exit ipgre_fini(void)
1788 rtnl_link_unregister(&ipgre_tap_ops);
1789 rtnl_link_unregister(&ipgre_link_ops);
1790 rtnl_link_unregister(&erspan_link_ops);
1791 gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
1792 unregister_pernet_device(&ipgre_tap_net_ops);
1793 unregister_pernet_device(&ipgre_net_ops);
1794 unregister_pernet_device(&erspan_net_ops);
1797 module_init(ipgre_init);
1798 module_exit(ipgre_fini);
1799 MODULE_LICENSE("GPL");
1800 MODULE_ALIAS_RTNL_LINK("gre");
1801 MODULE_ALIAS_RTNL_LINK("gretap");
1802 MODULE_ALIAS_RTNL_LINK("erspan");
1803 MODULE_ALIAS_NETDEV("gre0");
1804 MODULE_ALIAS_NETDEV("gretap0");
1805 MODULE_ALIAS_NETDEV("erspan0");
projects / releases.git / blob