2 * Linux NET3: GRE over IP protocol decoder.
4 * Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
13 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15 #include <linux/capability.h>
16 #include <linux/module.h>
17 #include <linux/types.h>
18 #include <linux/kernel.h>
19 #include <linux/slab.h>
20 #include <linux/uaccess.h>
21 #include <linux/skbuff.h>
22 #include <linux/netdevice.h>
24 #include <linux/tcp.h>
25 #include <linux/udp.h>
26 #include <linux/if_arp.h>
27 #include <linux/if_vlan.h>
28 #include <linux/init.h>
29 #include <linux/in6.h>
30 #include <linux/inetdevice.h>
31 #include <linux/igmp.h>
32 #include <linux/netfilter_ipv4.h>
33 #include <linux/etherdevice.h>
34 #include <linux/if_ether.h>
39 #include <net/protocol.h>
40 #include <net/ip_tunnels.h>
42 #include <net/checksum.h>
43 #include <net/dsfield.h>
44 #include <net/inet_ecn.h>
46 #include <net/net_namespace.h>
47 #include <net/netns/generic.h>
48 #include <net/rtnetlink.h>
50 #include <net/dst_metadata.h>
51 #include <net/erspan.h>
57 1. The most important issue is detecting local dead loops.
58 They would cause complete host lockup in transmit, which
59 would be "resolved" by stack overflow or, if queueing is enabled,
60 with infinite looping in net_bh.
62 We cannot track such dead loops during route installation,
63 it is infeasible task. The most general solutions would be
64 to keep skb->encapsulation counter (sort of local ttl),
65 and silently drop packet when it expires. It is a good
66 solution, but it supposes maintaining new variable in ALL
67 skb, even if no tunneling is used.
69 Current solution: xmit_recursion breaks dead loops. This is a percpu
70 counter, since when we enter the first ndo_xmit(), cpu migration is
71 forbidden. We force an exit if this counter reaches RECURSION_LIMIT
73 2. Networking dead loops would not kill routers, but would really
74 kill network. IP hop limit plays role of "t->recursion" in this case,
75 if we copy it from packet being encapsulated to upper header.
76 It is very good solution, but it introduces two problems:
78 - Routing protocols, using packets with ttl=1 (OSPF, RIP2),
79 do not work over tunnels.
80 - traceroute does not work. I planned to relay ICMP from tunnel,
81 so that this problem would be solved and traceroute output
82 would even more informative. This idea appeared to be wrong:
83 only Linux complies to rfc1812 now (yes, guys, Linux is the only
84 true router now :-)), all routers (at least, in neighbourhood of mine)
85 return only 8 bytes of payload. It is the end.
87 Hence, if we want that OSPF worked or traceroute said something reasonable,
88 we should search for another solution.
90 One of them is to parse packet trying to detect inner encapsulation
91 made by our node. It is difficult or even impossible, especially,
92 taking into account fragmentation. TO be short, ttl is not solution at all.
94 Current solution: The solution was UNEXPECTEDLY SIMPLE.
95 We force DF flag on tunnels with preconfigured hop limit,
96 that is ALL. :-) Well, it does not remove the problem completely,
97 but exponential growth of network traffic is changed to linear
98 (branches, that exceed pmtu are pruned) and tunnel mtu
99 rapidly degrades to value <68, where looping stops.
100 Yes, it is not good if there exists a router in the loop,
101 which does not force DF, even when encapsulating packets have DF set.
102 But it is not our problem! Nobody could accuse us, we made
103 all that we could make. Even if it is your gated who injected
104 fatal route to network, even if it were you who configured
105 fatal static route: you are innocent. :-)
110 static bool log_ecn_error = true;
111 module_param(log_ecn_error, bool, 0644);
112 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
114 static struct rtnl_link_ops ipgre_link_ops __read_mostly;
115 static int ipgre_tunnel_init(struct net_device *dev);
116 static void erspan_build_header(struct sk_buff *skb,
118 bool truncate, bool is_ipv4);
120 static unsigned int ipgre_net_id __read_mostly;
121 static unsigned int gre_tap_net_id __read_mostly;
122 static unsigned int erspan_net_id __read_mostly;
124 static void ipgre_err(struct sk_buff *skb, u32 info,
125 const struct tnl_ptk_info *tpi)
128 /* All the routers (except for Linux) return only
129 8 bytes of packet payload. It means, that precise relaying of
130 ICMP in the real Internet is absolutely infeasible.
132 Moreover, Cisco "wise men" put GRE key to the third word
133 in GRE header. It makes impossible maintaining even soft
134 state for keyed GRE tunnels with enabled checksum. Tell
137 Well, I wonder, rfc1812 was written by Cisco employee,
138 what the hell these idiots break standards established
141 struct net *net = dev_net(skb->dev);
142 struct ip_tunnel_net *itn;
143 const struct iphdr *iph;
144 const int type = icmp_hdr(skb)->type;
145 const int code = icmp_hdr(skb)->code;
146 unsigned int data_len = 0;
151 case ICMP_PARAMETERPROB:
154 case ICMP_DEST_UNREACH:
157 case ICMP_PORT_UNREACH:
158 /* Impossible event. */
161 /* All others are translated to HOST_UNREACH.
162 rfc2003 contains "deep thoughts" about NET_UNREACH,
163 I believe they are just ether pollution. --ANK
169 case ICMP_TIME_EXCEEDED:
170 if (code != ICMP_EXC_TTL)
172 data_len = icmp_hdr(skb)->un.reserved[1] * 4; /* RFC 4884 4.1 */
179 if (tpi->proto == htons(ETH_P_TEB))
180 itn = net_generic(net, gre_tap_net_id);
181 else if (tpi->proto == htons(ETH_P_ERSPAN) ||
182 tpi->proto == htons(ETH_P_ERSPAN2))
183 itn = net_generic(net, erspan_net_id);
185 itn = net_generic(net, ipgre_net_id);
187 iph = (const struct iphdr *)(icmp_hdr(skb) + 1);
188 t = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi->flags,
189 iph->daddr, iph->saddr, tpi->key);
194 #if IS_ENABLED(CONFIG_IPV6)
195 if (tpi->proto == htons(ETH_P_IPV6) &&
196 !ip6_err_gen_icmpv6_unreach(skb, iph->ihl * 4 + tpi->hdr_len,
201 if (t->parms.iph.daddr == 0 ||
202 ipv4_is_multicast(t->parms.iph.daddr))
205 if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
208 if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
212 t->err_time = jiffies;
215 static void gre_err(struct sk_buff *skb, u32 info)
217 /* All the routers (except for Linux) return only
218 * 8 bytes of packet payload. It means, that precise relaying of
219 * ICMP in the real Internet is absolutely infeasible.
221 * Moreover, Cisco "wise men" put GRE key to the third word
222 * in GRE header. It makes impossible maintaining even soft
224 * GRE tunnels with enabled checksum. Tell them "thank you".
226 * Well, I wonder, rfc1812 was written by Cisco employee,
227 * what the hell these idiots break standards established
231 const struct iphdr *iph = (struct iphdr *)skb->data;
232 const int type = icmp_hdr(skb)->type;
233 const int code = icmp_hdr(skb)->code;
234 struct tnl_ptk_info tpi;
236 if (gre_parse_header(skb, &tpi, NULL, htons(ETH_P_IP),
240 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
241 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
242 skb->dev->ifindex, IPPROTO_GRE);
245 if (type == ICMP_REDIRECT) {
246 ipv4_redirect(skb, dev_net(skb->dev), skb->dev->ifindex,
251 ipgre_err(skb, info, &tpi);
254 static int erspan_rcv(struct sk_buff *skb, struct tnl_ptk_info *tpi,
257 struct net *net = dev_net(skb->dev);
258 struct metadata_dst *tun_dst = NULL;
259 struct erspan_base_hdr *ershdr;
260 struct erspan_metadata *pkt_md;
261 struct ip_tunnel_net *itn;
262 struct ip_tunnel *tunnel;
263 const struct iphdr *iph;
264 struct erspan_md2 *md2;
268 itn = net_generic(net, erspan_net_id);
269 len = gre_hdr_len + sizeof(*ershdr);
271 /* Check based hdr len */
272 if (unlikely(!pskb_may_pull(skb, len)))
273 return PACKET_REJECT;
276 ershdr = (struct erspan_base_hdr *)(skb->data + gre_hdr_len);
279 /* The original GRE header does not have key field,
280 * Use ERSPAN 10-bit session ID as key.
282 tpi->key = cpu_to_be32(get_session_id(ershdr));
283 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex,
284 tpi->flags | TUNNEL_KEY,
285 iph->saddr, iph->daddr, tpi->key);
288 len = gre_hdr_len + erspan_hdr_len(ver);
289 if (unlikely(!pskb_may_pull(skb, len)))
290 return PACKET_REJECT;
292 ershdr = (struct erspan_base_hdr *)(skb->data + gre_hdr_len);
293 pkt_md = (struct erspan_metadata *)(ershdr + 1);
295 if (__iptunnel_pull_header(skb,
301 if (tunnel->collect_md) {
302 struct ip_tunnel_info *info;
303 struct erspan_metadata *md;
307 tpi->flags |= TUNNEL_KEY;
309 tun_id = key32_to_tunnel_id(tpi->key);
311 tun_dst = ip_tun_rx_dst(skb, flags,
312 tun_id, sizeof(*md));
314 return PACKET_REJECT;
316 md = ip_tunnel_info_opts(&tun_dst->u.tun_info);
319 memcpy(md2, pkt_md, ver == 1 ? ERSPAN_V1_MDSIZE :
322 info = &tun_dst->u.tun_info;
323 info->key.tun_flags |= TUNNEL_ERSPAN_OPT;
324 info->options_len = sizeof(*md);
327 skb_reset_mac_header(skb);
328 ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
331 return PACKET_REJECT;
338 static int __ipgre_rcv(struct sk_buff *skb, const struct tnl_ptk_info *tpi,
339 struct ip_tunnel_net *itn, int hdr_len, bool raw_proto)
341 struct metadata_dst *tun_dst = NULL;
342 const struct iphdr *iph;
343 struct ip_tunnel *tunnel;
346 tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, tpi->flags,
347 iph->saddr, iph->daddr, tpi->key);
350 if (__iptunnel_pull_header(skb, hdr_len, tpi->proto,
351 raw_proto, false) < 0)
354 if (tunnel->dev->type != ARPHRD_NONE)
355 skb_pop_mac_header(skb);
357 skb_reset_mac_header(skb);
358 if (tunnel->collect_md) {
362 flags = tpi->flags & (TUNNEL_CSUM | TUNNEL_KEY);
363 tun_id = key32_to_tunnel_id(tpi->key);
364 tun_dst = ip_tun_rx_dst(skb, flags, tun_id, 0);
366 return PACKET_REJECT;
369 ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
379 static int ipgre_rcv(struct sk_buff *skb, const struct tnl_ptk_info *tpi,
382 struct net *net = dev_net(skb->dev);
383 struct ip_tunnel_net *itn;
386 if (tpi->proto == htons(ETH_P_TEB))
387 itn = net_generic(net, gre_tap_net_id);
389 itn = net_generic(net, ipgre_net_id);
391 res = __ipgre_rcv(skb, tpi, itn, hdr_len, false);
392 if (res == PACKET_NEXT && tpi->proto == htons(ETH_P_TEB)) {
393 /* ipgre tunnels in collect metadata mode should receive
394 * also ETH_P_TEB traffic.
396 itn = net_generic(net, ipgre_net_id);
397 res = __ipgre_rcv(skb, tpi, itn, hdr_len, true);
402 static int gre_rcv(struct sk_buff *skb)
404 struct tnl_ptk_info tpi;
405 bool csum_err = false;
408 #ifdef CONFIG_NET_IPGRE_BROADCAST
409 if (ipv4_is_multicast(ip_hdr(skb)->daddr)) {
410 /* Looped back packet, drop it! */
411 if (rt_is_output_route(skb_rtable(skb)))
416 hdr_len = gre_parse_header(skb, &tpi, &csum_err, htons(ETH_P_IP), 0);
420 if (unlikely(tpi.proto == htons(ETH_P_ERSPAN) ||
421 tpi.proto == htons(ETH_P_ERSPAN2))) {
422 if (erspan_rcv(skb, &tpi, hdr_len) == PACKET_RCVD)
427 if (ipgre_rcv(skb, &tpi, hdr_len) == PACKET_RCVD)
431 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
437 static void __gre_xmit(struct sk_buff *skb, struct net_device *dev,
438 const struct iphdr *tnl_params,
441 struct ip_tunnel *tunnel = netdev_priv(dev);
443 if (tunnel->parms.o_flags & TUNNEL_SEQ)
446 /* Push GRE header. */
447 gre_build_header(skb, tunnel->tun_hlen,
448 tunnel->parms.o_flags, proto, tunnel->parms.o_key,
449 htonl(tunnel->o_seqno));
451 ip_tunnel_xmit(skb, dev, tnl_params, tnl_params->protocol);
454 static int gre_handle_offloads(struct sk_buff *skb, bool csum)
456 return iptunnel_handle_offloads(skb, csum ? SKB_GSO_GRE_CSUM : SKB_GSO_GRE);
459 static struct rtable *gre_get_rt(struct sk_buff *skb,
460 struct net_device *dev,
462 const struct ip_tunnel_key *key)
464 struct net *net = dev_net(dev);
466 memset(fl, 0, sizeof(*fl));
467 fl->daddr = key->u.ipv4.dst;
468 fl->saddr = key->u.ipv4.src;
469 fl->flowi4_tos = RT_TOS(key->tos);
470 fl->flowi4_mark = skb->mark;
471 fl->flowi4_proto = IPPROTO_GRE;
473 return ip_route_output_key(net, fl);
476 static struct rtable *prepare_fb_xmit(struct sk_buff *skb,
477 struct net_device *dev,
481 struct ip_tunnel_info *tun_info;
482 const struct ip_tunnel_key *key;
483 struct rtable *rt = NULL;
488 tun_info = skb_tunnel_info(skb);
489 key = &tun_info->key;
490 use_cache = ip_tunnel_dst_cache_usable(skb, tun_info);
493 rt = dst_cache_get_ip4(&tun_info->dst_cache, &fl->saddr);
495 rt = gre_get_rt(skb, dev, fl, key);
499 dst_cache_set_ip4(&tun_info->dst_cache, &rt->dst,
503 min_headroom = LL_RESERVED_SPACE(rt->dst.dev) + rt->dst.header_len
504 + tunnel_hlen + sizeof(struct iphdr);
505 if (skb_headroom(skb) < min_headroom || skb_header_cloned(skb)) {
506 int head_delta = SKB_DATA_ALIGN(min_headroom -
509 err = pskb_expand_head(skb, max_t(int, head_delta, 0),
520 dev->stats.tx_dropped++;
524 static void gre_fb_xmit(struct sk_buff *skb, struct net_device *dev,
527 struct ip_tunnel *tunnel = netdev_priv(dev);
528 struct ip_tunnel_info *tun_info;
529 const struct ip_tunnel_key *key;
530 struct rtable *rt = NULL;
535 tun_info = skb_tunnel_info(skb);
536 if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
537 ip_tunnel_info_af(tun_info) != AF_INET))
540 key = &tun_info->key;
541 tunnel_hlen = gre_calc_hlen(key->tun_flags);
543 rt = prepare_fb_xmit(skb, dev, &fl, tunnel_hlen);
547 /* Push Tunnel header. */
548 if (gre_handle_offloads(skb, !!(tun_info->key.tun_flags & TUNNEL_CSUM)))
551 flags = tun_info->key.tun_flags &
552 (TUNNEL_CSUM | TUNNEL_KEY | TUNNEL_SEQ);
553 gre_build_header(skb, tunnel_hlen, flags, proto,
554 tunnel_id_to_key32(tun_info->key.tun_id),
555 (flags & TUNNEL_SEQ) ? htonl(tunnel->o_seqno++) : 0);
557 df = key->tun_flags & TUNNEL_DONT_FRAGMENT ? htons(IP_DF) : 0;
559 iptunnel_xmit(skb->sk, rt, skb, fl.saddr, key->u.ipv4.dst, IPPROTO_GRE,
560 key->tos, key->ttl, df, false);
567 dev->stats.tx_dropped++;
570 static void erspan_fb_xmit(struct sk_buff *skb, struct net_device *dev,
573 struct ip_tunnel *tunnel = netdev_priv(dev);
574 struct ip_tunnel_info *tun_info;
575 const struct ip_tunnel_key *key;
576 struct erspan_metadata *md;
577 struct rtable *rt = NULL;
578 bool truncate = false;
586 tun_info = skb_tunnel_info(skb);
587 if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
588 ip_tunnel_info_af(tun_info) != AF_INET))
591 key = &tun_info->key;
592 if (!(tun_info->key.tun_flags & TUNNEL_ERSPAN_OPT))
594 md = ip_tunnel_info_opts(tun_info);
598 /* ERSPAN has fixed 8 byte GRE header */
599 version = md->version;
600 tunnel_hlen = 8 + erspan_hdr_len(version);
602 rt = prepare_fb_xmit(skb, dev, &fl, tunnel_hlen);
606 if (gre_handle_offloads(skb, false))
609 if (skb->len > dev->mtu + dev->hard_header_len) {
610 pskb_trim(skb, dev->mtu + dev->hard_header_len);
614 nhoff = skb_network_header(skb) - skb_mac_header(skb);
615 if (skb->protocol == htons(ETH_P_IP) &&
616 (ntohs(ip_hdr(skb)->tot_len) > skb->len - nhoff))
619 thoff = skb_transport_header(skb) - skb_mac_header(skb);
620 if (skb->protocol == htons(ETH_P_IPV6) &&
621 (ntohs(ipv6_hdr(skb)->payload_len) > skb->len - thoff))
625 erspan_build_header(skb, ntohl(tunnel_id_to_key32(key->tun_id)),
626 ntohl(md->u.index), truncate, true);
627 } else if (version == 2) {
628 erspan_build_header_v2(skb,
629 ntohl(tunnel_id_to_key32(key->tun_id)),
631 get_hwid(&md->u.md2),
637 gre_build_header(skb, 8, TUNNEL_SEQ,
638 htons(ETH_P_ERSPAN), 0, htonl(tunnel->o_seqno++));
640 df = key->tun_flags & TUNNEL_DONT_FRAGMENT ? htons(IP_DF) : 0;
642 iptunnel_xmit(skb->sk, rt, skb, fl.saddr, key->u.ipv4.dst, IPPROTO_GRE,
643 key->tos, key->ttl, df, false);
650 dev->stats.tx_dropped++;
653 static int gre_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
655 struct ip_tunnel_info *info = skb_tunnel_info(skb);
659 if (ip_tunnel_info_af(info) != AF_INET)
662 rt = gre_get_rt(skb, dev, &fl4, &info->key);
667 info->key.u.ipv4.src = fl4.saddr;
671 static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
672 struct net_device *dev)
674 struct ip_tunnel *tunnel = netdev_priv(dev);
675 const struct iphdr *tnl_params;
677 if (tunnel->collect_md) {
678 gre_fb_xmit(skb, dev, skb->protocol);
682 if (dev->header_ops) {
683 /* Need space for new headers */
684 if (skb_cow_head(skb, dev->needed_headroom -
685 (tunnel->hlen + sizeof(struct iphdr))))
688 tnl_params = (const struct iphdr *)skb->data;
690 /* Pull skb since ip_tunnel_xmit() needs skb->data pointing
693 skb_pull(skb, tunnel->hlen + sizeof(struct iphdr));
694 skb_reset_mac_header(skb);
696 if (skb_cow_head(skb, dev->needed_headroom))
699 tnl_params = &tunnel->parms.iph;
702 if (gre_handle_offloads(skb, !!(tunnel->parms.o_flags & TUNNEL_CSUM)))
705 __gre_xmit(skb, dev, tnl_params, skb->protocol);
710 dev->stats.tx_dropped++;
714 static netdev_tx_t erspan_xmit(struct sk_buff *skb,
715 struct net_device *dev)
717 struct ip_tunnel *tunnel = netdev_priv(dev);
718 bool truncate = false;
720 if (tunnel->collect_md) {
721 erspan_fb_xmit(skb, dev, skb->protocol);
725 if (gre_handle_offloads(skb, false))
728 if (skb_cow_head(skb, dev->needed_headroom))
731 if (skb->len > dev->mtu + dev->hard_header_len) {
732 pskb_trim(skb, dev->mtu + dev->hard_header_len);
736 /* Push ERSPAN header */
737 if (tunnel->erspan_ver == 1)
738 erspan_build_header(skb, ntohl(tunnel->parms.o_key),
741 else if (tunnel->erspan_ver == 2)
742 erspan_build_header_v2(skb, ntohl(tunnel->parms.o_key),
743 tunnel->dir, tunnel->hwid,
748 tunnel->parms.o_flags &= ~TUNNEL_KEY;
749 __gre_xmit(skb, dev, &tunnel->parms.iph, htons(ETH_P_ERSPAN));
754 dev->stats.tx_dropped++;
758 static netdev_tx_t gre_tap_xmit(struct sk_buff *skb,
759 struct net_device *dev)
761 struct ip_tunnel *tunnel = netdev_priv(dev);
763 if (tunnel->collect_md) {
764 gre_fb_xmit(skb, dev, htons(ETH_P_TEB));
768 if (gre_handle_offloads(skb, !!(tunnel->parms.o_flags & TUNNEL_CSUM)))
771 if (skb_cow_head(skb, dev->needed_headroom))
774 __gre_xmit(skb, dev, &tunnel->parms.iph, htons(ETH_P_TEB));
779 dev->stats.tx_dropped++;
783 static void ipgre_link_update(struct net_device *dev, bool set_mtu)
785 struct ip_tunnel *tunnel = netdev_priv(dev);
788 len = tunnel->tun_hlen;
789 tunnel->tun_hlen = gre_calc_hlen(tunnel->parms.o_flags);
790 len = tunnel->tun_hlen - len;
791 tunnel->hlen = tunnel->hlen + len;
793 dev->needed_headroom = dev->needed_headroom + len;
795 dev->mtu = max_t(int, dev->mtu - len, 68);
797 if (!(tunnel->parms.o_flags & TUNNEL_SEQ)) {
798 if (!(tunnel->parms.o_flags & TUNNEL_CSUM) ||
799 tunnel->encap.type == TUNNEL_ENCAP_NONE) {
800 dev->features |= NETIF_F_GSO_SOFTWARE;
801 dev->hw_features |= NETIF_F_GSO_SOFTWARE;
803 dev->features &= ~NETIF_F_GSO_SOFTWARE;
804 dev->hw_features &= ~NETIF_F_GSO_SOFTWARE;
806 dev->features |= NETIF_F_LLTX;
808 dev->hw_features &= ~NETIF_F_GSO_SOFTWARE;
809 dev->features &= ~(NETIF_F_LLTX | NETIF_F_GSO_SOFTWARE);
813 static int ipgre_tunnel_ioctl(struct net_device *dev,
814 struct ifreq *ifr, int cmd)
816 struct ip_tunnel_parm p;
819 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
822 if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
823 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_GRE ||
824 p.iph.ihl != 5 || (p.iph.frag_off & htons(~IP_DF)) ||
825 ((p.i_flags | p.o_flags) & (GRE_VERSION | GRE_ROUTING)))
829 p.i_flags = gre_flags_to_tnl_flags(p.i_flags);
830 p.o_flags = gre_flags_to_tnl_flags(p.o_flags);
832 err = ip_tunnel_ioctl(dev, &p, cmd);
836 if (cmd == SIOCCHGTUNNEL) {
837 struct ip_tunnel *t = netdev_priv(dev);
839 t->parms.i_flags = p.i_flags;
840 t->parms.o_flags = p.o_flags;
842 if (strcmp(dev->rtnl_link_ops->kind, "erspan"))
843 ipgre_link_update(dev, true);
846 p.i_flags = gre_tnl_flags_to_gre_flags(p.i_flags);
847 p.o_flags = gre_tnl_flags_to_gre_flags(p.o_flags);
849 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
855 /* Nice toy. Unfortunately, useless in real life :-)
856 It allows to construct virtual multiprotocol broadcast "LAN"
857 over the Internet, provided multicast routing is tuned.
860 I have no idea was this bicycle invented before me,
861 so that I had to set ARPHRD_IPGRE to a random value.
862 I have an impression, that Cisco could make something similar,
863 but this feature is apparently missing in IOS<=11.2(8).
865 I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks
866 with broadcast 224.66.66.66. If you have access to mbone, play with me :-)
868 ping -t 255 224.66.66.66
870 If nobody answers, mbone does not work.
872 ip tunnel add Universe mode gre remote 224.66.66.66 local <Your_real_addr> ttl 255
873 ip addr add 10.66.66.<somewhat>/24 dev Universe
875 ifconfig Universe add fe80::<Your_real_addr>/10
876 ifconfig Universe add fec0:6666:6666::<Your_real_addr>/96
879 ftp fec0:6666:6666::193.233.7.65
882 static int ipgre_header(struct sk_buff *skb, struct net_device *dev,
884 const void *daddr, const void *saddr, unsigned int len)
886 struct ip_tunnel *t = netdev_priv(dev);
888 struct gre_base_hdr *greh;
890 iph = skb_push(skb, t->hlen + sizeof(*iph));
891 greh = (struct gre_base_hdr *)(iph+1);
892 greh->flags = gre_tnl_flags_to_gre_flags(t->parms.o_flags);
893 greh->protocol = htons(type);
895 memcpy(iph, &t->parms.iph, sizeof(struct iphdr));
897 /* Set the source hardware address. */
899 memcpy(&iph->saddr, saddr, 4);
901 memcpy(&iph->daddr, daddr, 4);
903 return t->hlen + sizeof(*iph);
905 return -(t->hlen + sizeof(*iph));
908 static int ipgre_header_parse(const struct sk_buff *skb, unsigned char *haddr)
910 const struct iphdr *iph = (const struct iphdr *) skb_mac_header(skb);
911 memcpy(haddr, &iph->saddr, 4);
915 static const struct header_ops ipgre_header_ops = {
916 .create = ipgre_header,
917 .parse = ipgre_header_parse,
920 #ifdef CONFIG_NET_IPGRE_BROADCAST
921 static int ipgre_open(struct net_device *dev)
923 struct ip_tunnel *t = netdev_priv(dev);
925 if (ipv4_is_multicast(t->parms.iph.daddr)) {
929 rt = ip_route_output_gre(t->net, &fl4,
933 RT_TOS(t->parms.iph.tos),
936 return -EADDRNOTAVAIL;
939 if (!__in_dev_get_rtnl(dev))
940 return -EADDRNOTAVAIL;
941 t->mlink = dev->ifindex;
942 ip_mc_inc_group(__in_dev_get_rtnl(dev), t->parms.iph.daddr);
947 static int ipgre_close(struct net_device *dev)
949 struct ip_tunnel *t = netdev_priv(dev);
951 if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) {
952 struct in_device *in_dev;
953 in_dev = inetdev_by_index(t->net, t->mlink);
955 ip_mc_dec_group(in_dev, t->parms.iph.daddr);
961 static const struct net_device_ops ipgre_netdev_ops = {
962 .ndo_init = ipgre_tunnel_init,
963 .ndo_uninit = ip_tunnel_uninit,
964 #ifdef CONFIG_NET_IPGRE_BROADCAST
965 .ndo_open = ipgre_open,
966 .ndo_stop = ipgre_close,
968 .ndo_start_xmit = ipgre_xmit,
969 .ndo_do_ioctl = ipgre_tunnel_ioctl,
970 .ndo_change_mtu = ip_tunnel_change_mtu,
971 .ndo_get_stats64 = ip_tunnel_get_stats64,
972 .ndo_get_iflink = ip_tunnel_get_iflink,
975 #define GRE_FEATURES (NETIF_F_SG | \
980 static void ipgre_tunnel_setup(struct net_device *dev)
982 dev->netdev_ops = &ipgre_netdev_ops;
983 dev->type = ARPHRD_IPGRE;
984 ip_tunnel_setup(dev, ipgre_net_id);
987 static void __gre_tunnel_init(struct net_device *dev)
989 struct ip_tunnel *tunnel;
991 tunnel = netdev_priv(dev);
992 tunnel->tun_hlen = gre_calc_hlen(tunnel->parms.o_flags);
993 tunnel->parms.iph.protocol = IPPROTO_GRE;
995 tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
997 dev->features |= GRE_FEATURES;
998 dev->hw_features |= GRE_FEATURES;
1000 if (!(tunnel->parms.o_flags & TUNNEL_SEQ)) {
1001 /* TCP offload with GRE SEQ is not supported, nor
1002 * can we support 2 levels of outer headers requiring
1005 if (!(tunnel->parms.o_flags & TUNNEL_CSUM) ||
1006 (tunnel->encap.type == TUNNEL_ENCAP_NONE)) {
1007 dev->features |= NETIF_F_GSO_SOFTWARE;
1008 dev->hw_features |= NETIF_F_GSO_SOFTWARE;
1011 /* Can use a lockless transmit, unless we generate
1014 dev->features |= NETIF_F_LLTX;
1018 static int ipgre_tunnel_init(struct net_device *dev)
1020 struct ip_tunnel *tunnel = netdev_priv(dev);
1021 struct iphdr *iph = &tunnel->parms.iph;
1023 __gre_tunnel_init(dev);
1025 memcpy(dev->dev_addr, &iph->saddr, 4);
1026 memcpy(dev->broadcast, &iph->daddr, 4);
1028 dev->flags = IFF_NOARP;
1029 netif_keep_dst(dev);
1032 if (iph->daddr && !tunnel->collect_md) {
1033 #ifdef CONFIG_NET_IPGRE_BROADCAST
1034 if (ipv4_is_multicast(iph->daddr)) {
1037 dev->flags = IFF_BROADCAST;
1038 dev->header_ops = &ipgre_header_ops;
1041 } else if (!tunnel->collect_md) {
1042 dev->header_ops = &ipgre_header_ops;
1045 return ip_tunnel_init(dev);
1048 static const struct gre_protocol ipgre_protocol = {
1050 .err_handler = gre_err,
1053 static int __net_init ipgre_init_net(struct net *net)
1055 return ip_tunnel_init_net(net, ipgre_net_id, &ipgre_link_ops, NULL);
1058 static void __net_exit ipgre_exit_batch_net(struct list_head *list_net)
1060 ip_tunnel_delete_nets(list_net, ipgre_net_id, &ipgre_link_ops);
1063 static struct pernet_operations ipgre_net_ops = {
1064 .init = ipgre_init_net,
1065 .exit_batch = ipgre_exit_batch_net,
1066 .id = &ipgre_net_id,
1067 .size = sizeof(struct ip_tunnel_net),
1070 static int ipgre_tunnel_validate(struct nlattr *tb[], struct nlattr *data[],
1071 struct netlink_ext_ack *extack)
1079 if (data[IFLA_GRE_IFLAGS])
1080 flags |= nla_get_be16(data[IFLA_GRE_IFLAGS]);
1081 if (data[IFLA_GRE_OFLAGS])
1082 flags |= nla_get_be16(data[IFLA_GRE_OFLAGS]);
1083 if (flags & (GRE_VERSION|GRE_ROUTING))
1086 if (data[IFLA_GRE_COLLECT_METADATA] &&
1087 data[IFLA_GRE_ENCAP_TYPE] &&
1088 nla_get_u16(data[IFLA_GRE_ENCAP_TYPE]) != TUNNEL_ENCAP_NONE)
1094 static int ipgre_tap_validate(struct nlattr *tb[], struct nlattr *data[],
1095 struct netlink_ext_ack *extack)
1099 if (tb[IFLA_ADDRESS]) {
1100 if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN)
1102 if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS])))
1103 return -EADDRNOTAVAIL;
1109 if (data[IFLA_GRE_REMOTE]) {
1110 memcpy(&daddr, nla_data(data[IFLA_GRE_REMOTE]), 4);
1116 return ipgre_tunnel_validate(tb, data, extack);
1119 static int erspan_validate(struct nlattr *tb[], struct nlattr *data[],
1120 struct netlink_ext_ack *extack)
1128 ret = ipgre_tap_validate(tb, data, extack);
1132 /* ERSPAN should only have GRE sequence and key flag */
1133 if (data[IFLA_GRE_OFLAGS])
1134 flags |= nla_get_be16(data[IFLA_GRE_OFLAGS]);
1135 if (data[IFLA_GRE_IFLAGS])
1136 flags |= nla_get_be16(data[IFLA_GRE_IFLAGS]);
1137 if (!data[IFLA_GRE_COLLECT_METADATA] &&
1138 flags != (GRE_SEQ | GRE_KEY))
1141 /* ERSPAN Session ID only has 10-bit. Since we reuse
1142 * 32-bit key field as ID, check it's range.
1144 if (data[IFLA_GRE_IKEY] &&
1145 (ntohl(nla_get_be32(data[IFLA_GRE_IKEY])) & ~ID_MASK))
1148 if (data[IFLA_GRE_OKEY] &&
1149 (ntohl(nla_get_be32(data[IFLA_GRE_OKEY])) & ~ID_MASK))
1155 static int ipgre_netlink_parms(struct net_device *dev,
1156 struct nlattr *data[],
1157 struct nlattr *tb[],
1158 struct ip_tunnel_parm *parms,
1161 struct ip_tunnel *t = netdev_priv(dev);
1163 memset(parms, 0, sizeof(*parms));
1165 parms->iph.protocol = IPPROTO_GRE;
1170 if (data[IFLA_GRE_LINK])
1171 parms->link = nla_get_u32(data[IFLA_GRE_LINK]);
1173 if (data[IFLA_GRE_IFLAGS])
1174 parms->i_flags = gre_flags_to_tnl_flags(nla_get_be16(data[IFLA_GRE_IFLAGS]));
1176 if (data[IFLA_GRE_OFLAGS])
1177 parms->o_flags = gre_flags_to_tnl_flags(nla_get_be16(data[IFLA_GRE_OFLAGS]));
1179 if (data[IFLA_GRE_IKEY])
1180 parms->i_key = nla_get_be32(data[IFLA_GRE_IKEY]);
1182 if (data[IFLA_GRE_OKEY])
1183 parms->o_key = nla_get_be32(data[IFLA_GRE_OKEY]);
1185 if (data[IFLA_GRE_LOCAL])
1186 parms->iph.saddr = nla_get_in_addr(data[IFLA_GRE_LOCAL]);
1188 if (data[IFLA_GRE_REMOTE])
1189 parms->iph.daddr = nla_get_in_addr(data[IFLA_GRE_REMOTE]);
1191 if (data[IFLA_GRE_TTL])
1192 parms->iph.ttl = nla_get_u8(data[IFLA_GRE_TTL]);
1194 if (data[IFLA_GRE_TOS])
1195 parms->iph.tos = nla_get_u8(data[IFLA_GRE_TOS]);
1197 if (!data[IFLA_GRE_PMTUDISC] || nla_get_u8(data[IFLA_GRE_PMTUDISC])) {
1200 parms->iph.frag_off = htons(IP_DF);
1203 if (data[IFLA_GRE_COLLECT_METADATA]) {
1204 t->collect_md = true;
1205 if (dev->type == ARPHRD_IPGRE)
1206 dev->type = ARPHRD_NONE;
1209 if (data[IFLA_GRE_IGNORE_DF]) {
1210 if (nla_get_u8(data[IFLA_GRE_IGNORE_DF])
1211 && (parms->iph.frag_off & htons(IP_DF)))
1213 t->ignore_df = !!nla_get_u8(data[IFLA_GRE_IGNORE_DF]);
1216 if (data[IFLA_GRE_FWMARK])
1217 *fwmark = nla_get_u32(data[IFLA_GRE_FWMARK]);
1219 if (data[IFLA_GRE_ERSPAN_VER]) {
1220 t->erspan_ver = nla_get_u8(data[IFLA_GRE_ERSPAN_VER]);
1222 if (t->erspan_ver != 1 && t->erspan_ver != 2)
1226 if (t->erspan_ver == 1) {
1227 if (data[IFLA_GRE_ERSPAN_INDEX]) {
1228 t->index = nla_get_u32(data[IFLA_GRE_ERSPAN_INDEX]);
1229 if (t->index & ~INDEX_MASK)
1232 } else if (t->erspan_ver == 2) {
1233 if (data[IFLA_GRE_ERSPAN_DIR]) {
1234 t->dir = nla_get_u8(data[IFLA_GRE_ERSPAN_DIR]);
1235 if (t->dir & ~(DIR_MASK >> DIR_OFFSET))
1238 if (data[IFLA_GRE_ERSPAN_HWID]) {
1239 t->hwid = nla_get_u16(data[IFLA_GRE_ERSPAN_HWID]);
1240 if (t->hwid & ~(HWID_MASK >> HWID_OFFSET))
1248 /* This function returns true when ENCAP attributes are present in the nl msg */
1249 static bool ipgre_netlink_encap_parms(struct nlattr *data[],
1250 struct ip_tunnel_encap *ipencap)
1254 memset(ipencap, 0, sizeof(*ipencap));
1259 if (data[IFLA_GRE_ENCAP_TYPE]) {
1261 ipencap->type = nla_get_u16(data[IFLA_GRE_ENCAP_TYPE]);
1264 if (data[IFLA_GRE_ENCAP_FLAGS]) {
1266 ipencap->flags = nla_get_u16(data[IFLA_GRE_ENCAP_FLAGS]);
1269 if (data[IFLA_GRE_ENCAP_SPORT]) {
1271 ipencap->sport = nla_get_be16(data[IFLA_GRE_ENCAP_SPORT]);
1274 if (data[IFLA_GRE_ENCAP_DPORT]) {
1276 ipencap->dport = nla_get_be16(data[IFLA_GRE_ENCAP_DPORT]);
1282 static int gre_tap_init(struct net_device *dev)
1284 __gre_tunnel_init(dev);
1285 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1286 netif_keep_dst(dev);
1288 return ip_tunnel_init(dev);
1291 static const struct net_device_ops gre_tap_netdev_ops = {
1292 .ndo_init = gre_tap_init,
1293 .ndo_uninit = ip_tunnel_uninit,
1294 .ndo_start_xmit = gre_tap_xmit,
1295 .ndo_set_mac_address = eth_mac_addr,
1296 .ndo_validate_addr = eth_validate_addr,
1297 .ndo_change_mtu = ip_tunnel_change_mtu,
1298 .ndo_get_stats64 = ip_tunnel_get_stats64,
1299 .ndo_get_iflink = ip_tunnel_get_iflink,
1300 .ndo_fill_metadata_dst = gre_fill_metadata_dst,
1303 static int erspan_tunnel_init(struct net_device *dev)
1305 struct ip_tunnel *tunnel = netdev_priv(dev);
1307 tunnel->tun_hlen = 8;
1308 tunnel->parms.iph.protocol = IPPROTO_GRE;
1309 tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen +
1310 erspan_hdr_len(tunnel->erspan_ver);
1312 dev->features |= GRE_FEATURES;
1313 dev->hw_features |= GRE_FEATURES;
1314 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1315 netif_keep_dst(dev);
1317 return ip_tunnel_init(dev);
1320 static const struct net_device_ops erspan_netdev_ops = {
1321 .ndo_init = erspan_tunnel_init,
1322 .ndo_uninit = ip_tunnel_uninit,
1323 .ndo_start_xmit = erspan_xmit,
1324 .ndo_set_mac_address = eth_mac_addr,
1325 .ndo_validate_addr = eth_validate_addr,
1326 .ndo_change_mtu = ip_tunnel_change_mtu,
1327 .ndo_get_stats64 = ip_tunnel_get_stats64,
1328 .ndo_get_iflink = ip_tunnel_get_iflink,
1329 .ndo_fill_metadata_dst = gre_fill_metadata_dst,
1332 static void ipgre_tap_setup(struct net_device *dev)
1336 dev->netdev_ops = &gre_tap_netdev_ops;
1337 dev->priv_flags &= ~IFF_TX_SKB_SHARING;
1338 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1339 ip_tunnel_setup(dev, gre_tap_net_id);
1342 bool is_gretap_dev(const struct net_device *dev)
1344 return dev->netdev_ops == &gre_tap_netdev_ops;
1346 EXPORT_SYMBOL_GPL(is_gretap_dev);
1348 static int ipgre_newlink(struct net *src_net, struct net_device *dev,
1349 struct nlattr *tb[], struct nlattr *data[],
1350 struct netlink_ext_ack *extack)
1352 struct ip_tunnel_parm p;
1353 struct ip_tunnel_encap ipencap;
1357 if (ipgre_netlink_encap_parms(data, &ipencap)) {
1358 struct ip_tunnel *t = netdev_priv(dev);
1359 err = ip_tunnel_encap_setup(t, &ipencap);
1365 err = ipgre_netlink_parms(dev, data, tb, &p, &fwmark);
1368 return ip_tunnel_newlink(dev, tb, &p, fwmark);
1371 static int ipgre_changelink(struct net_device *dev, struct nlattr *tb[],
1372 struct nlattr *data[],
1373 struct netlink_ext_ack *extack)
1375 struct ip_tunnel *t = netdev_priv(dev);
1376 struct ip_tunnel_encap ipencap;
1377 __u32 fwmark = t->fwmark;
1378 struct ip_tunnel_parm p;
1381 if (ipgre_netlink_encap_parms(data, &ipencap)) {
1382 err = ip_tunnel_encap_setup(t, &ipencap);
1388 err = ipgre_netlink_parms(dev, data, tb, &p, &fwmark);
1392 err = ip_tunnel_changelink(dev, tb, &p, fwmark);
1396 t->parms.i_flags = p.i_flags;
1397 t->parms.o_flags = p.o_flags;
1399 if (strcmp(dev->rtnl_link_ops->kind, "erspan"))
1400 ipgre_link_update(dev, !tb[IFLA_MTU]);
1405 static size_t ipgre_get_size(const struct net_device *dev)
1410 /* IFLA_GRE_IFLAGS */
1412 /* IFLA_GRE_OFLAGS */
1418 /* IFLA_GRE_LOCAL */
1420 /* IFLA_GRE_REMOTE */
1426 /* IFLA_GRE_PMTUDISC */
1428 /* IFLA_GRE_ENCAP_TYPE */
1430 /* IFLA_GRE_ENCAP_FLAGS */
1432 /* IFLA_GRE_ENCAP_SPORT */
1434 /* IFLA_GRE_ENCAP_DPORT */
1436 /* IFLA_GRE_COLLECT_METADATA */
1438 /* IFLA_GRE_IGNORE_DF */
1440 /* IFLA_GRE_FWMARK */
1442 /* IFLA_GRE_ERSPAN_INDEX */
1444 /* IFLA_GRE_ERSPAN_VER */
1446 /* IFLA_GRE_ERSPAN_DIR */
1448 /* IFLA_GRE_ERSPAN_HWID */
1453 static int ipgre_fill_info(struct sk_buff *skb, const struct net_device *dev)
1455 struct ip_tunnel *t = netdev_priv(dev);
1456 struct ip_tunnel_parm *p = &t->parms;
1458 if (nla_put_u32(skb, IFLA_GRE_LINK, p->link) ||
1459 nla_put_be16(skb, IFLA_GRE_IFLAGS,
1460 gre_tnl_flags_to_gre_flags(p->i_flags)) ||
1461 nla_put_be16(skb, IFLA_GRE_OFLAGS,
1462 gre_tnl_flags_to_gre_flags(p->o_flags)) ||
1463 nla_put_be32(skb, IFLA_GRE_IKEY, p->i_key) ||
1464 nla_put_be32(skb, IFLA_GRE_OKEY, p->o_key) ||
1465 nla_put_in_addr(skb, IFLA_GRE_LOCAL, p->iph.saddr) ||
1466 nla_put_in_addr(skb, IFLA_GRE_REMOTE, p->iph.daddr) ||
1467 nla_put_u8(skb, IFLA_GRE_TTL, p->iph.ttl) ||
1468 nla_put_u8(skb, IFLA_GRE_TOS, p->iph.tos) ||
1469 nla_put_u8(skb, IFLA_GRE_PMTUDISC,
1470 !!(p->iph.frag_off & htons(IP_DF))) ||
1471 nla_put_u32(skb, IFLA_GRE_FWMARK, t->fwmark))
1472 goto nla_put_failure;
1474 if (nla_put_u16(skb, IFLA_GRE_ENCAP_TYPE,
1476 nla_put_be16(skb, IFLA_GRE_ENCAP_SPORT,
1478 nla_put_be16(skb, IFLA_GRE_ENCAP_DPORT,
1480 nla_put_u16(skb, IFLA_GRE_ENCAP_FLAGS,
1482 goto nla_put_failure;
1484 if (nla_put_u8(skb, IFLA_GRE_IGNORE_DF, t->ignore_df))
1485 goto nla_put_failure;
1487 if (t->collect_md) {
1488 if (nla_put_flag(skb, IFLA_GRE_COLLECT_METADATA))
1489 goto nla_put_failure;
1492 if (nla_put_u8(skb, IFLA_GRE_ERSPAN_VER, t->erspan_ver))
1493 goto nla_put_failure;
1495 if (t->erspan_ver == 1) {
1496 if (nla_put_u32(skb, IFLA_GRE_ERSPAN_INDEX, t->index))
1497 goto nla_put_failure;
1498 } else if (t->erspan_ver == 2) {
1499 if (nla_put_u8(skb, IFLA_GRE_ERSPAN_DIR, t->dir))
1500 goto nla_put_failure;
1501 if (nla_put_u16(skb, IFLA_GRE_ERSPAN_HWID, t->hwid))
1502 goto nla_put_failure;
1511 static void erspan_setup(struct net_device *dev)
1513 struct ip_tunnel *t = netdev_priv(dev);
1516 dev->netdev_ops = &erspan_netdev_ops;
1517 dev->priv_flags &= ~IFF_TX_SKB_SHARING;
1518 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1519 ip_tunnel_setup(dev, erspan_net_id);
1523 static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
1524 [IFLA_GRE_LINK] = { .type = NLA_U32 },
1525 [IFLA_GRE_IFLAGS] = { .type = NLA_U16 },
1526 [IFLA_GRE_OFLAGS] = { .type = NLA_U16 },
1527 [IFLA_GRE_IKEY] = { .type = NLA_U32 },
1528 [IFLA_GRE_OKEY] = { .type = NLA_U32 },
1529 [IFLA_GRE_LOCAL] = { .len = FIELD_SIZEOF(struct iphdr, saddr) },
1530 [IFLA_GRE_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) },
1531 [IFLA_GRE_TTL] = { .type = NLA_U8 },
1532 [IFLA_GRE_TOS] = { .type = NLA_U8 },
1533 [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 },
1534 [IFLA_GRE_ENCAP_TYPE] = { .type = NLA_U16 },
1535 [IFLA_GRE_ENCAP_FLAGS] = { .type = NLA_U16 },
1536 [IFLA_GRE_ENCAP_SPORT] = { .type = NLA_U16 },
1537 [IFLA_GRE_ENCAP_DPORT] = { .type = NLA_U16 },
1538 [IFLA_GRE_COLLECT_METADATA] = { .type = NLA_FLAG },
1539 [IFLA_GRE_IGNORE_DF] = { .type = NLA_U8 },
1540 [IFLA_GRE_FWMARK] = { .type = NLA_U32 },
1541 [IFLA_GRE_ERSPAN_INDEX] = { .type = NLA_U32 },
1542 [IFLA_GRE_ERSPAN_VER] = { .type = NLA_U8 },
1543 [IFLA_GRE_ERSPAN_DIR] = { .type = NLA_U8 },
1544 [IFLA_GRE_ERSPAN_HWID] = { .type = NLA_U16 },
1547 static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
1549 .maxtype = IFLA_GRE_MAX,
1550 .policy = ipgre_policy,
1551 .priv_size = sizeof(struct ip_tunnel),
1552 .setup = ipgre_tunnel_setup,
1553 .validate = ipgre_tunnel_validate,
1554 .newlink = ipgre_newlink,
1555 .changelink = ipgre_changelink,
1556 .dellink = ip_tunnel_dellink,
1557 .get_size = ipgre_get_size,
1558 .fill_info = ipgre_fill_info,
1559 .get_link_net = ip_tunnel_get_link_net,
1562 static struct rtnl_link_ops ipgre_tap_ops __read_mostly = {
1564 .maxtype = IFLA_GRE_MAX,
1565 .policy = ipgre_policy,
1566 .priv_size = sizeof(struct ip_tunnel),
1567 .setup = ipgre_tap_setup,
1568 .validate = ipgre_tap_validate,
1569 .newlink = ipgre_newlink,
1570 .changelink = ipgre_changelink,
1571 .dellink = ip_tunnel_dellink,
1572 .get_size = ipgre_get_size,
1573 .fill_info = ipgre_fill_info,
1574 .get_link_net = ip_tunnel_get_link_net,
1577 static struct rtnl_link_ops erspan_link_ops __read_mostly = {
1579 .maxtype = IFLA_GRE_MAX,
1580 .policy = ipgre_policy,
1581 .priv_size = sizeof(struct ip_tunnel),
1582 .setup = erspan_setup,
1583 .validate = erspan_validate,
1584 .newlink = ipgre_newlink,
1585 .changelink = ipgre_changelink,
1586 .dellink = ip_tunnel_dellink,
1587 .get_size = ipgre_get_size,
1588 .fill_info = ipgre_fill_info,
1589 .get_link_net = ip_tunnel_get_link_net,
1592 struct net_device *gretap_fb_dev_create(struct net *net, const char *name,
1593 u8 name_assign_type)
1595 struct nlattr *tb[IFLA_MAX + 1];
1596 struct net_device *dev;
1597 LIST_HEAD(list_kill);
1598 struct ip_tunnel *t;
1601 memset(&tb, 0, sizeof(tb));
1603 dev = rtnl_create_link(net, name, name_assign_type,
1604 &ipgre_tap_ops, tb);
1608 /* Configure flow based GRE device. */
1609 t = netdev_priv(dev);
1610 t->collect_md = true;
1612 err = ipgre_newlink(net, dev, tb, NULL, NULL);
1615 return ERR_PTR(err);
1618 /* openvswitch users expect packet sizes to be unrestricted,
1619 * so set the largest MTU we can.
1621 err = __ip_tunnel_change_mtu(dev, IP_MAX_MTU, false);
1625 err = rtnl_configure_link(dev, NULL);
1631 ip_tunnel_dellink(dev, &list_kill);
1632 unregister_netdevice_many(&list_kill);
1633 return ERR_PTR(err);
1635 EXPORT_SYMBOL_GPL(gretap_fb_dev_create);
1637 static int __net_init ipgre_tap_init_net(struct net *net)
1639 return ip_tunnel_init_net(net, gre_tap_net_id, &ipgre_tap_ops, "gretap0");
1642 static void __net_exit ipgre_tap_exit_batch_net(struct list_head *list_net)
1644 ip_tunnel_delete_nets(list_net, gre_tap_net_id, &ipgre_tap_ops);
1647 static struct pernet_operations ipgre_tap_net_ops = {
1648 .init = ipgre_tap_init_net,
1649 .exit_batch = ipgre_tap_exit_batch_net,
1650 .id = &gre_tap_net_id,
1651 .size = sizeof(struct ip_tunnel_net),
1654 static int __net_init erspan_init_net(struct net *net)
1656 return ip_tunnel_init_net(net, erspan_net_id,
1657 &erspan_link_ops, "erspan0");
1660 static void __net_exit erspan_exit_batch_net(struct list_head *net_list)
1662 ip_tunnel_delete_nets(net_list, erspan_net_id, &erspan_link_ops);
1665 static struct pernet_operations erspan_net_ops = {
1666 .init = erspan_init_net,
1667 .exit_batch = erspan_exit_batch_net,
1668 .id = &erspan_net_id,
1669 .size = sizeof(struct ip_tunnel_net),
1672 static int __init ipgre_init(void)
1676 pr_info("GRE over IPv4 tunneling driver\n");
1678 err = register_pernet_device(&ipgre_net_ops);
1682 err = register_pernet_device(&ipgre_tap_net_ops);
1684 goto pnet_tap_failed;
1686 err = register_pernet_device(&erspan_net_ops);
1688 goto pnet_erspan_failed;
1690 err = gre_add_protocol(&ipgre_protocol, GREPROTO_CISCO);
1692 pr_info("%s: can't add protocol\n", __func__);
1693 goto add_proto_failed;
1696 err = rtnl_link_register(&ipgre_link_ops);
1698 goto rtnl_link_failed;
1700 err = rtnl_link_register(&ipgre_tap_ops);
1702 goto tap_ops_failed;
1704 err = rtnl_link_register(&erspan_link_ops);
1706 goto erspan_link_failed;
1711 rtnl_link_unregister(&ipgre_tap_ops);
1713 rtnl_link_unregister(&ipgre_link_ops);
1715 gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
1717 unregister_pernet_device(&erspan_net_ops);
1719 unregister_pernet_device(&ipgre_tap_net_ops);
1721 unregister_pernet_device(&ipgre_net_ops);
1725 static void __exit ipgre_fini(void)
1727 rtnl_link_unregister(&ipgre_tap_ops);
1728 rtnl_link_unregister(&ipgre_link_ops);
1729 rtnl_link_unregister(&erspan_link_ops);
1730 gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
1731 unregister_pernet_device(&ipgre_tap_net_ops);
1732 unregister_pernet_device(&ipgre_net_ops);
1733 unregister_pernet_device(&erspan_net_ops);
1736 module_init(ipgre_init);
1737 module_exit(ipgre_fini);
1738 MODULE_LICENSE("GPL");
1739 MODULE_ALIAS_RTNL_LINK("gre");
1740 MODULE_ALIAS_RTNL_LINK("gretap");
1741 MODULE_ALIAS_RTNL_LINK("erspan");
1742 MODULE_ALIAS_NETDEV("gre0");
1743 MODULE_ALIAS_NETDEV("gretap0");
1744 MODULE_ALIAS_NETDEV("erspan0");
projects / linux.git / blob