1 // SPDX-License-Identifier: GPL-2.0-or-later
13    For comments look at net/ipv4/ip_gre.c --ANK
52 	struct net *net = dev_net(skb->dev);  in vti_input()
58 	tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, flags,  in vti_input()
59 				  iph->saddr, iph->daddr, 0);  in vti_input()
64 		XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = tunnel;  in vti_input()
67 			skb->dev = tunnel->dev;  in vti_input()
72 	return -EINVAL;  in vti_input()
86 	XFRM_SPI_SKB_CB(skb)->family = AF_INET;  in vti_rcv()
87 	XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);  in vti_rcv()
89 	return vti_input(skb, ip_hdr(skb)->protocol, spi, 0, update_skb_dev);  in vti_rcv()
103 	struct ip_tunnel *tunnel = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4;  in vti_rcv_cb()
104 	u32 orig_mark = skb->mark;  in vti_rcv_cb()
110 	dev = tunnel->dev;  in vti_rcv_cb()
121 	inner_mode = &x->inner_mode;  in vti_rcv_cb()
123 	if (x->sel.family == AF_UNSPEC) {  in vti_rcv_cb()
124 		inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);  in vti_rcv_cb()
126 			XFRM_INC_STATS(dev_net(skb->dev),  in vti_rcv_cb()
128 			return -EINVAL;  in vti_rcv_cb()
132 	family = inner_mode->family;  in vti_rcv_cb()
134 	skb->mark = be32_to_cpu(tunnel->parms.i_key);  in vti_rcv_cb()
136 	skb->mark = orig_mark;  in vti_rcv_cb()
139 		return -EPERM;  in vti_rcv_cb()
141 	skb_scrub_packet(skb, !net_eq(tunnel->net, dev_net(skb->dev)));  in vti_rcv_cb()
142 	skb->dev = dev;  in vti_rcv_cb()
143 	dev_sw_netstats_rx_add(dev, skb->len);  in vti_rcv_cb()
156 	if (!x || x->props.mode != XFRM_MODE_TUNNEL ||  in vti_state_check()
157 	    x->props.family != AF_INET)  in vti_state_check()
161 		return xfrm_addr_equal(saddr, &x->props.saddr, AF_INET);  in vti_state_check()
173 	struct ip_tunnel_parm_kern *parms = &tunnel->parms;  in vti_xmit()
176 	int pkt_len = skb->len;  in vti_xmit()
181 		switch (skb->protocol) {  in vti_xmit()
185 			fl->u.ip4.flowi4_oif = dev->ifindex;  in vti_xmit()
186 			fl->u.ip4.flowi4_flags |= FLOWI_FLAG_ANYSRC;  in vti_xmit()
187 			rt = __ip_route_output_key(dev_net(dev), &fl->u.ip4);  in vti_xmit()
192 			dst = &rt->dst;  in vti_xmit()
198 			fl->u.ip6.flowi6_oif = dev->ifindex;  in vti_xmit()
199 			fl->u.ip6.flowi6_flags |= FLOWI_FLAG_ANYSRC;  in vti_xmit()
200 			dst = ip6_route_output(dev_net(dev), NULL, &fl->u.ip6);  in vti_xmit()
201 			if (dst->error) {  in vti_xmit()
217 	dst = xfrm_lookup_route(tunnel->net, dst, fl, NULL, 0);  in vti_xmit()
223 	if (dst->flags & DST_XFRM_QUEUE)  in vti_xmit()
226 	if (!vti_state_check(dst->xfrm, parms->iph.daddr, parms->iph.saddr)) {  in vti_xmit()
232 	tdev = dst->dev;  in vti_xmit()
241 	if (skb->len > mtu) {  in vti_xmit()
243 		if (skb->protocol == htons(ETH_P_IP)) {  in vti_xmit()
244 			if (!(ip_hdr(skb)->frag_off & htons(IP_DF)))  in vti_xmit()
260 	skb_scrub_packet(skb, !net_eq(tunnel->net, dev_net(dev)));  in vti_xmit()
262 	skb->dev = skb_dst(skb)->dev;  in vti_xmit()
264 	err = dst_output(tunnel->net, skb->sk, skb);  in vti_xmit()
291 	switch (skb->protocol) {  in vti_tunnel_xmit()
305 	fl.flowi_mark = be32_to_cpu(tunnel->parms.o_key);  in vti_tunnel_xmit()
324 	struct net *net = dev_net(skb->dev);  in vti4_err()
325 	const struct iphdr *iph = (const struct iphdr *)skb->data;  in vti4_err()
326 	int protocol = iph->protocol;  in vti4_err()
332 	tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, flags,  in vti4_err()
333 				  iph->daddr, iph->saddr, 0);  in vti4_err()
335 		return -1;  in vti4_err()
337 	mark = be32_to_cpu(tunnel->parms.o_key);  in vti4_err()
341 		esph = (struct ip_esp_hdr *)(skb->data+(iph->ihl<<2));  in vti4_err()
342 		spi = esph->spi;  in vti4_err()
345 		ah = (struct ip_auth_hdr *)(skb->data+(iph->ihl<<2));  in vti4_err()
346 		spi = ah->spi;  in vti4_err()
349 		ipch = (struct ip_comp_hdr *)(skb->data+(iph->ihl<<2));  in vti4_err()
350 		spi = htonl(ntohs(ipch->cpi));  in vti4_err()
356 	switch (icmp_hdr(skb)->type) {  in vti4_err()
358 		if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)  in vti4_err()
367 	x = xfrm_state_lookup(net, mark, (const xfrm_address_t *)&iph->daddr,  in vti4_err()
372 	if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)  in vti4_err()
388 		if (p->iph.version != 4 || p->iph.protocol != IPPROTO_IPIP ||  in vti_tunnel_ctl()
389 		    p->iph.ihl != 5)  in vti_tunnel_ctl()
390 			return -EINVAL;  in vti_tunnel_ctl()
393 	if (!ip_tunnel_flags_is_be16_compat(p->i_flags) ||  in vti_tunnel_ctl()
394 	    !ip_tunnel_flags_is_be16_compat(p->o_flags))  in vti_tunnel_ctl()
395 		return -EOVERFLOW;  in vti_tunnel_ctl()
397 	if (!(ip_tunnel_flags_to_be16(p->i_flags) & GRE_KEY))  in vti_tunnel_ctl()
398 		p->i_key = 0;  in vti_tunnel_ctl()
399 	if (!(ip_tunnel_flags_to_be16(p->o_flags) & GRE_KEY))  in vti_tunnel_ctl()
400 		p->o_key = 0;  in vti_tunnel_ctl()
403 	ip_tunnel_flags_copy(p->i_flags, flags);  in vti_tunnel_ctl()
411 		ip_tunnel_flags_or(p->i_flags, p->i_flags, flags);  in vti_tunnel_ctl()
412 		ip_tunnel_flags_or(p->o_flags, p->o_flags, flags);  in vti_tunnel_ctl()
430 	dev->netdev_ops		= &vti_netdev_ops;  in vti_tunnel_setup()
431 	dev->header_ops		= &ip_tunnel_header_ops;  in vti_tunnel_setup()
432 	dev->type		= ARPHRD_TUNNEL;  in vti_tunnel_setup()
439 	struct iphdr *iph = &tunnel->parms.iph;  in vti_tunnel_init()
441 	__dev_addr_set(dev, &iph->saddr, 4);  in vti_tunnel_init()
442 	memcpy(dev->broadcast, &iph->daddr, 4);  in vti_tunnel_init()
444 	dev->flags		= IFF_NOARP;  in vti_tunnel_init()
445 	dev->addr_len		= 4;  in vti_tunnel_init()
446 	dev->lltx		= true;  in vti_tunnel_init()
455 	struct iphdr *iph = &tunnel->parms.iph;  in vti_fb_tunnel_init()
457 	iph->version		= 4;  in vti_fb_tunnel_init()
458 	iph->protocol		= IPPROTO_IPIP;  in vti_fb_tunnel_init()
459 	iph->ihl		= 5;  in vti_fb_tunnel_init()
489 	XFRM_SPI_SKB_CB(skb)->family = AF_INET;  in vti_rcv_tunnel()
490 	XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);  in vti_rcv_tunnel()
492 	return vti_input(skb, IPPROTO_IPIP, ip_hdr(skb)->saddr, 0, false);  in vti_rcv_tunnel()
521 	if (itn->fb_tunnel_dev)  in vti_init_net()
522 		vti_fb_tunnel_init(itn->fb_tunnel_dev);  in vti_init_net()
552 	parms->iph.protocol = IPPROTO_IPIP;  in vti_netlink_parms()
557 	__set_bit(IP_TUNNEL_VTI_BIT, parms->i_flags);  in vti_netlink_parms()
560 		parms->link = nla_get_u32(data[IFLA_VTI_LINK]);  in vti_netlink_parms()
563 		parms->i_key = nla_get_be32(data[IFLA_VTI_IKEY]);  in vti_netlink_parms()
566 		parms->o_key = nla_get_be32(data[IFLA_VTI_OKEY]);  in vti_netlink_parms()
569 		parms->iph.saddr = nla_get_in_addr(data[IFLA_VTI_LOCAL]);  in vti_netlink_parms()
572 		parms->iph.daddr = nla_get_in_addr(data[IFLA_VTI_REMOTE]);  in vti_netlink_parms()
595 	__u32 fwmark = t->fwmark;  in vti_changelink()
622 	struct ip_tunnel_parm_kern *p = &t->parms;  in vti_fill_info()
624 	if (nla_put_u32(skb, IFLA_VTI_LINK, p->link) ||  in vti_fill_info()
625 	    nla_put_be32(skb, IFLA_VTI_IKEY, p->i_key) ||  in vti_fill_info()
626 	    nla_put_be32(skb, IFLA_VTI_OKEY, p->o_key) ||  in vti_fill_info()
627 	    nla_put_in_addr(skb, IFLA_VTI_LOCAL, p->iph.saddr) ||  in vti_fill_info()
628 	    nla_put_in_addr(skb, IFLA_VTI_REMOTE, p->iph.daddr) ||  in vti_fill_info()
629 	    nla_put_u32(skb, IFLA_VTI_FWMARK, t->fwmark))  in vti_fill_info()
630 		return -EMSGSIZE;  in vti_fill_info()
739 MODULE_DESCRIPTION("Virtual (secure) IP tunneling library");