1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	Linux NET3:	IP/IP protocol decoder.
4  *
5  *	Authors:
6  *		Sam Lantinga (slouken@cs.ucdavis.edu)  02/01/95
7  *
8  *	Fixes:
9  *		Alan Cox	:	Merged and made usable non modular (its so tiny its silly as
10  *					a module taking up 2 pages).
11  *		Alan Cox	: 	Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
12  *					to keep ip_forward happy.
13  *		Alan Cox	:	More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
14  *		Kai Schulte	:	Fixed #defines for IP_FIREWALL->FIREWALL
15  *              David Woodhouse :       Perform some basic ICMP handling.
16  *                                      IPIP Routing without decapsulation.
17  *              Carlos Picoto   :       GRE over IP support
18  *		Alexey Kuznetsov:	Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
19  *					I do not want to merge them together.
20  */
21 
22 /* tunnel.c: an IP tunnel driver
23 
24 	The purpose of this driver is to provide an IP tunnel through
25 	which you can tunnel network traffic transparently across subnets.
26 
27 	This was written by looking at Nick Holloway's dummy driver
28 	Thanks for the great code!
29 
30 		-Sam Lantinga	(slouken@cs.ucdavis.edu)  02/01/95
31 
32 	Minor tweaks:
33 		Cleaned up the code a little and added some pre-1.3.0 tweaks.
34 		dev->hard_header/hard_header_len changed to use no headers.
35 		Comments/bracketing tweaked.
36 		Made the tunnels use dev->name not tunnel: when error reporting.
37 		Added tx_dropped stat
38 
39 		-Alan Cox	(alan@lxorguk.ukuu.org.uk) 21 March 95
40 
41 	Reworked:
42 		Changed to tunnel to destination gateway in addition to the
43 			tunnel's pointopoint address
44 		Almost completely rewritten
45 		Note:  There is currently no firewall or ICMP handling done.
46 
47 		-Sam Lantinga	(slouken@cs.ucdavis.edu) 02/13/96
48 
49 */
50 
51 /* Things I wish I had known when writing the tunnel driver:
52 
53 	When the tunnel_xmit() function is called, the skb contains the
54 	packet to be sent (plus a great deal of extra info), and dev
55 	contains the tunnel device that _we_ are.
56 
57 	When we are passed a packet, we are expected to fill in the
58 	source address with our source IP address.
59 
60 	What is the proper way to allocate, copy and free a buffer?
61 	After you allocate it, it is a "0 length" chunk of memory
62 	starting at zero.  If you want to add headers to the buffer
63 	later, you'll have to call "skb_reserve(skb, amount)" with
64 	the amount of memory you want reserved.  Then, you call
65 	"skb_put(skb, amount)" with the amount of space you want in
66 	the buffer.  skb_put() returns a pointer to the top (#0) of
67 	that buffer.  skb->len is set to the amount of space you have
68 	"allocated" with skb_put().  You can then write up to skb->len
69 	bytes to that buffer.  If you need more, you can call skb_put()
70 	again with the additional amount of space you need.  You can
71 	find out how much more space you can allocate by calling
72 	"skb_tailroom(skb)".
73 	Now, to add header space, call "skb_push(skb, header_len)".
74 	This creates space at the beginning of the buffer and returns
75 	a pointer to this new space.  If later you need to strip a
76 	header from a buffer, call "skb_pull(skb, header_len)".
77 	skb_headroom() will return how much space is left at the top
78 	of the buffer (before the main data).  Remember, this headroom
79 	space must be reserved before the skb_put() function is called.
80 	*/
81 
82 /*
83    This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
84 
85    For comments look at net/ipv4/ip_gre.c --ANK
86  */
87 
88 
89 #include <linux/capability.h>
90 #include <linux/module.h>
91 #include <linux/types.h>
92 #include <linux/kernel.h>
93 #include <linux/slab.h>
94 #include <linux/uaccess.h>
95 #include <linux/skbuff.h>
96 #include <linux/netdevice.h>
97 #include <linux/in.h>
98 #include <linux/tcp.h>
99 #include <linux/udp.h>
100 #include <linux/if_arp.h>
101 #include <linux/init.h>
102 #include <linux/netfilter_ipv4.h>
103 #include <linux/if_ether.h>
104 
105 #include <net/sock.h>
106 #include <net/ip.h>
107 #include <net/icmp.h>
108 #include <net/ip_tunnels.h>
109 #include <net/inet_ecn.h>
110 #include <net/xfrm.h>
111 #include <net/net_namespace.h>
112 #include <net/netns/generic.h>
113 #include <net/dst_metadata.h>
114 
115 static bool log_ecn_error = true;
116 module_param(log_ecn_error, bool, 0644);
117 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
118 
119 static unsigned int ipip_net_id __read_mostly;
120 
121 static int ipip_tunnel_init(struct net_device *dev);
122 static struct rtnl_link_ops ipip_link_ops __read_mostly;
123 
ipip_err(struct sk_buff * skb,u32 info)124 static int ipip_err(struct sk_buff *skb, u32 info)
125 {
126 	/* All the routers (except for Linux) return only
127 	 * 8 bytes of packet payload. It means, that precise relaying of
128 	 * ICMP in the real Internet is absolutely infeasible.
129 	 */
130 	struct net *net = dev_net(skb->dev);
131 	struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
132 	const struct iphdr *iph = (const struct iphdr *)skb->data;
133 	IP_TUNNEL_DECLARE_FLAGS(flags) = { };
134 	const int type = icmp_hdr(skb)->type;
135 	const int code = icmp_hdr(skb)->code;
136 	struct ip_tunnel *t;
137 	int err = 0;
138 
139 	__set_bit(IP_TUNNEL_NO_KEY_BIT, flags);
140 
141 	t = ip_tunnel_lookup(itn, skb->dev->ifindex, flags, iph->daddr,
142 			     iph->saddr, 0);
143 	if (!t) {
144 		err = -ENOENT;
145 		goto out;
146 	}
147 
148 	switch (type) {
149 	case ICMP_DEST_UNREACH:
150 		switch (code) {
151 		case ICMP_SR_FAILED:
152 			/* Impossible event. */
153 			goto out;
154 		default:
155 			/* All others are translated to HOST_UNREACH.
156 			 * rfc2003 contains "deep thoughts" about NET_UNREACH,
157 			 * I believe they are just ether pollution. --ANK
158 			 */
159 			break;
160 		}
161 		break;
162 
163 	case ICMP_TIME_EXCEEDED:
164 		if (code != ICMP_EXC_TTL)
165 			goto out;
166 		break;
167 
168 	case ICMP_REDIRECT:
169 		break;
170 
171 	default:
172 		goto out;
173 	}
174 
175 	if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
176 		ipv4_update_pmtu(skb, net, info, t->parms.link, iph->protocol);
177 		goto out;
178 	}
179 
180 	if (type == ICMP_REDIRECT) {
181 		ipv4_redirect(skb, net, t->parms.link, iph->protocol);
182 		goto out;
183 	}
184 
185 	if (t->parms.iph.daddr == 0) {
186 		err = -ENOENT;
187 		goto out;
188 	}
189 
190 	if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
191 		goto out;
192 
193 	if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
194 		t->err_count++;
195 	else
196 		t->err_count = 1;
197 	t->err_time = jiffies;
198 
199 out:
200 	return err;
201 }
202 
203 static const struct tnl_ptk_info ipip_tpi = {
204 	/* no tunnel info required for ipip. */
205 	.proto = htons(ETH_P_IP),
206 };
207 
208 #if IS_ENABLED(CONFIG_MPLS)
209 static const struct tnl_ptk_info mplsip_tpi = {
210 	/* no tunnel info required for mplsip. */
211 	.proto = htons(ETH_P_MPLS_UC),
212 };
213 #endif
214 
ipip_tunnel_rcv(struct sk_buff * skb,u8 ipproto)215 static int ipip_tunnel_rcv(struct sk_buff *skb, u8 ipproto)
216 {
217 	struct net *net = dev_net(skb->dev);
218 	struct ip_tunnel_net *itn = net_generic(net, ipip_net_id);
219 	IP_TUNNEL_DECLARE_FLAGS(flags) = { };
220 	struct metadata_dst *tun_dst = NULL;
221 	struct ip_tunnel *tunnel;
222 	const struct iphdr *iph;
223 
224 	__set_bit(IP_TUNNEL_NO_KEY_BIT, flags);
225 
226 	iph = ip_hdr(skb);
227 	tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, flags, iph->saddr,
228 				  iph->daddr, 0);
229 	if (tunnel) {
230 		const struct tnl_ptk_info *tpi;
231 
232 		if (tunnel->parms.iph.protocol != ipproto &&
233 		    tunnel->parms.iph.protocol != 0)
234 			goto drop;
235 
236 		if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
237 			goto drop;
238 #if IS_ENABLED(CONFIG_MPLS)
239 		if (ipproto == IPPROTO_MPLS)
240 			tpi = &mplsip_tpi;
241 		else
242 #endif
243 			tpi = &ipip_tpi;
244 		if (iptunnel_pull_header(skb, 0, tpi->proto, false))
245 			goto drop;
246 		if (tunnel->collect_md) {
247 			ip_tunnel_flags_zero(flags);
248 
249 			tun_dst = ip_tun_rx_dst(skb, flags, 0, 0);
250 			if (!tun_dst)
251 				return 0;
252 			ip_tunnel_md_udp_encap(skb, &tun_dst->u.tun_info);
253 		}
254 		skb_reset_mac_header(skb);
255 
256 		return ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
257 	}
258 
259 	return -1;
260 
261 drop:
262 	kfree_skb(skb);
263 	return 0;
264 }
265 
ipip_rcv(struct sk_buff * skb)266 static int ipip_rcv(struct sk_buff *skb)
267 {
268 	return ipip_tunnel_rcv(skb, IPPROTO_IPIP);
269 }
270 
271 #if IS_ENABLED(CONFIG_MPLS)
mplsip_rcv(struct sk_buff * skb)272 static int mplsip_rcv(struct sk_buff *skb)
273 {
274 	return ipip_tunnel_rcv(skb, IPPROTO_MPLS);
275 }
276 #endif
277 
278 /*
279  *	This function assumes it is being called from dev_queue_xmit()
280  *	and that skb is filled properly by that function.
281  */
ipip_tunnel_xmit(struct sk_buff * skb,struct net_device * dev)282 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb,
283 				    struct net_device *dev)
284 {
285 	struct ip_tunnel *tunnel = netdev_priv(dev);
286 	const struct iphdr  *tiph = &tunnel->parms.iph;
287 	u8 ipproto;
288 
289 	if (!pskb_inet_may_pull(skb))
290 		goto tx_error;
291 
292 	switch (skb->protocol) {
293 	case htons(ETH_P_IP):
294 		ipproto = IPPROTO_IPIP;
295 		break;
296 #if IS_ENABLED(CONFIG_MPLS)
297 	case htons(ETH_P_MPLS_UC):
298 		ipproto = IPPROTO_MPLS;
299 		break;
300 #endif
301 	default:
302 		goto tx_error;
303 	}
304 
305 	if (tiph->protocol != ipproto && tiph->protocol != 0)
306 		goto tx_error;
307 
308 	if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP4))
309 		goto tx_error;
310 
311 	skb_set_inner_ipproto(skb, ipproto);
312 
313 	if (tunnel->collect_md)
314 		ip_md_tunnel_xmit(skb, dev, ipproto, 0);
315 	else
316 		ip_tunnel_xmit(skb, dev, tiph, ipproto);
317 	return NETDEV_TX_OK;
318 
319 tx_error:
320 	kfree_skb(skb);
321 
322 	DEV_STATS_INC(dev, tx_errors);
323 	return NETDEV_TX_OK;
324 }
325 
ipip_tunnel_ioctl_verify_protocol(u8 ipproto)326 static bool ipip_tunnel_ioctl_verify_protocol(u8 ipproto)
327 {
328 	switch (ipproto) {
329 	case 0:
330 	case IPPROTO_IPIP:
331 #if IS_ENABLED(CONFIG_MPLS)
332 	case IPPROTO_MPLS:
333 #endif
334 		return true;
335 	}
336 
337 	return false;
338 }
339 
340 static int
ipip_tunnel_ctl(struct net_device * dev,struct ip_tunnel_parm_kern * p,int cmd)341 ipip_tunnel_ctl(struct net_device *dev, struct ip_tunnel_parm_kern *p, int cmd)
342 {
343 	if (cmd == SIOCADDTUNNEL || cmd == SIOCCHGTUNNEL) {
344 		if (p->iph.version != 4 ||
345 		    !ipip_tunnel_ioctl_verify_protocol(p->iph.protocol) ||
346 		    p->iph.ihl != 5 || (p->iph.frag_off & htons(~IP_DF)))
347 			return -EINVAL;
348 	}
349 
350 	p->i_key = p->o_key = 0;
351 	ip_tunnel_flags_zero(p->i_flags);
352 	ip_tunnel_flags_zero(p->o_flags);
353 	return ip_tunnel_ctl(dev, p, cmd);
354 }
355 
356 static const struct net_device_ops ipip_netdev_ops = {
357 	.ndo_init       = ipip_tunnel_init,
358 	.ndo_uninit     = ip_tunnel_uninit,
359 	.ndo_start_xmit	= ipip_tunnel_xmit,
360 	.ndo_siocdevprivate = ip_tunnel_siocdevprivate,
361 	.ndo_change_mtu = ip_tunnel_change_mtu,
362 	.ndo_get_stats64 = dev_get_tstats64,
363 	.ndo_get_iflink = ip_tunnel_get_iflink,
364 	.ndo_tunnel_ctl	= ipip_tunnel_ctl,
365 };
366 
367 #define IPIP_FEATURES (NETIF_F_SG |		\
368 		       NETIF_F_FRAGLIST |	\
369 		       NETIF_F_HIGHDMA |	\
370 		       NETIF_F_GSO_SOFTWARE |	\
371 		       NETIF_F_HW_CSUM)
372 
ipip_tunnel_setup(struct net_device * dev)373 static void ipip_tunnel_setup(struct net_device *dev)
374 {
375 	dev->netdev_ops		= &ipip_netdev_ops;
376 	dev->header_ops		= &ip_tunnel_header_ops;
377 
378 	dev->type		= ARPHRD_TUNNEL;
379 	dev->flags		= IFF_NOARP;
380 	dev->addr_len		= 4;
381 	dev->lltx		= true;
382 	netif_keep_dst(dev);
383 
384 	dev->features		|= IPIP_FEATURES;
385 	dev->hw_features	|= IPIP_FEATURES;
386 	ip_tunnel_setup(dev, ipip_net_id);
387 }
388 
ipip_tunnel_init(struct net_device * dev)389 static int ipip_tunnel_init(struct net_device *dev)
390 {
391 	struct ip_tunnel *tunnel = netdev_priv(dev);
392 
393 	__dev_addr_set(dev, &tunnel->parms.iph.saddr, 4);
394 	memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
395 
396 	tunnel->tun_hlen = 0;
397 	tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
398 	return ip_tunnel_init(dev);
399 }
400 
ipip_tunnel_validate(struct nlattr * tb[],struct nlattr * data[],struct netlink_ext_ack * extack)401 static int ipip_tunnel_validate(struct nlattr *tb[], struct nlattr *data[],
402 				struct netlink_ext_ack *extack)
403 {
404 	u8 proto;
405 
406 	if (!data || !data[IFLA_IPTUN_PROTO])
407 		return 0;
408 
409 	proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
410 	if (proto != IPPROTO_IPIP && proto != IPPROTO_MPLS && proto != 0)
411 		return -EINVAL;
412 
413 	return 0;
414 }
415 
ipip_netlink_parms(struct nlattr * data[],struct ip_tunnel_parm_kern * parms,bool * collect_md,__u32 * fwmark)416 static void ipip_netlink_parms(struct nlattr *data[],
417 			       struct ip_tunnel_parm_kern *parms,
418 			       bool *collect_md, __u32 *fwmark)
419 {
420 	memset(parms, 0, sizeof(*parms));
421 
422 	parms->iph.version = 4;
423 	parms->iph.protocol = IPPROTO_IPIP;
424 	parms->iph.ihl = 5;
425 	*collect_md = false;
426 
427 	if (!data)
428 		return;
429 
430 	ip_tunnel_netlink_parms(data, parms);
431 
432 	if (data[IFLA_IPTUN_COLLECT_METADATA])
433 		*collect_md = true;
434 
435 	if (data[IFLA_IPTUN_FWMARK])
436 		*fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]);
437 }
438 
ipip_newlink(struct net * src_net,struct net_device * dev,struct nlattr * tb[],struct nlattr * data[],struct netlink_ext_ack * extack)439 static int ipip_newlink(struct net *src_net, struct net_device *dev,
440 			struct nlattr *tb[], struct nlattr *data[],
441 			struct netlink_ext_ack *extack)
442 {
443 	struct ip_tunnel *t = netdev_priv(dev);
444 	struct ip_tunnel_encap ipencap;
445 	struct ip_tunnel_parm_kern p;
446 	__u32 fwmark = 0;
447 
448 	if (ip_tunnel_netlink_encap_parms(data, &ipencap)) {
449 		int err = ip_tunnel_encap_setup(t, &ipencap);
450 
451 		if (err < 0)
452 			return err;
453 	}
454 
455 	ipip_netlink_parms(data, &p, &t->collect_md, &fwmark);
456 	return ip_tunnel_newlink(dev, tb, &p, fwmark);
457 }
458 
ipip_changelink(struct net_device * dev,struct nlattr * tb[],struct nlattr * data[],struct netlink_ext_ack * extack)459 static int ipip_changelink(struct net_device *dev, struct nlattr *tb[],
460 			   struct nlattr *data[],
461 			   struct netlink_ext_ack *extack)
462 {
463 	struct ip_tunnel *t = netdev_priv(dev);
464 	struct ip_tunnel_encap ipencap;
465 	struct ip_tunnel_parm_kern p;
466 	bool collect_md;
467 	__u32 fwmark = t->fwmark;
468 
469 	if (ip_tunnel_netlink_encap_parms(data, &ipencap)) {
470 		int err = ip_tunnel_encap_setup(t, &ipencap);
471 
472 		if (err < 0)
473 			return err;
474 	}
475 
476 	ipip_netlink_parms(data, &p, &collect_md, &fwmark);
477 	if (collect_md)
478 		return -EINVAL;
479 
480 	if (((dev->flags & IFF_POINTOPOINT) && !p.iph.daddr) ||
481 	    (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
482 		return -EINVAL;
483 
484 	return ip_tunnel_changelink(dev, tb, &p, fwmark);
485 }
486 
ipip_get_size(const struct net_device * dev)487 static size_t ipip_get_size(const struct net_device *dev)
488 {
489 	return
490 		/* IFLA_IPTUN_LINK */
491 		nla_total_size(4) +
492 		/* IFLA_IPTUN_LOCAL */
493 		nla_total_size(4) +
494 		/* IFLA_IPTUN_REMOTE */
495 		nla_total_size(4) +
496 		/* IFLA_IPTUN_TTL */
497 		nla_total_size(1) +
498 		/* IFLA_IPTUN_TOS */
499 		nla_total_size(1) +
500 		/* IFLA_IPTUN_PROTO */
501 		nla_total_size(1) +
502 		/* IFLA_IPTUN_PMTUDISC */
503 		nla_total_size(1) +
504 		/* IFLA_IPTUN_ENCAP_TYPE */
505 		nla_total_size(2) +
506 		/* IFLA_IPTUN_ENCAP_FLAGS */
507 		nla_total_size(2) +
508 		/* IFLA_IPTUN_ENCAP_SPORT */
509 		nla_total_size(2) +
510 		/* IFLA_IPTUN_ENCAP_DPORT */
511 		nla_total_size(2) +
512 		/* IFLA_IPTUN_COLLECT_METADATA */
513 		nla_total_size(0) +
514 		/* IFLA_IPTUN_FWMARK */
515 		nla_total_size(4) +
516 		0;
517 }
518 
ipip_fill_info(struct sk_buff * skb,const struct net_device * dev)519 static int ipip_fill_info(struct sk_buff *skb, const struct net_device *dev)
520 {
521 	struct ip_tunnel *tunnel = netdev_priv(dev);
522 	struct ip_tunnel_parm_kern *parm = &tunnel->parms;
523 
524 	if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
525 	    nla_put_in_addr(skb, IFLA_IPTUN_LOCAL, parm->iph.saddr) ||
526 	    nla_put_in_addr(skb, IFLA_IPTUN_REMOTE, parm->iph.daddr) ||
527 	    nla_put_u8(skb, IFLA_IPTUN_TTL, parm->iph.ttl) ||
528 	    nla_put_u8(skb, IFLA_IPTUN_TOS, parm->iph.tos) ||
529 	    nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->iph.protocol) ||
530 	    nla_put_u8(skb, IFLA_IPTUN_PMTUDISC,
531 		       !!(parm->iph.frag_off & htons(IP_DF))) ||
532 	    nla_put_u32(skb, IFLA_IPTUN_FWMARK, tunnel->fwmark))
533 		goto nla_put_failure;
534 
535 	if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE,
536 			tunnel->encap.type) ||
537 	    nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT,
538 			 tunnel->encap.sport) ||
539 	    nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT,
540 			 tunnel->encap.dport) ||
541 	    nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS,
542 			tunnel->encap.flags))
543 		goto nla_put_failure;
544 
545 	if (tunnel->collect_md)
546 		if (nla_put_flag(skb, IFLA_IPTUN_COLLECT_METADATA))
547 			goto nla_put_failure;
548 	return 0;
549 
550 nla_put_failure:
551 	return -EMSGSIZE;
552 }
553 
554 static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
555 	[IFLA_IPTUN_LINK]		= { .type = NLA_U32 },
556 	[IFLA_IPTUN_LOCAL]		= { .type = NLA_U32 },
557 	[IFLA_IPTUN_REMOTE]		= { .type = NLA_U32 },
558 	[IFLA_IPTUN_TTL]		= { .type = NLA_U8 },
559 	[IFLA_IPTUN_TOS]		= { .type = NLA_U8 },
560 	[IFLA_IPTUN_PROTO]		= { .type = NLA_U8 },
561 	[IFLA_IPTUN_PMTUDISC]		= { .type = NLA_U8 },
562 	[IFLA_IPTUN_ENCAP_TYPE]		= { .type = NLA_U16 },
563 	[IFLA_IPTUN_ENCAP_FLAGS]	= { .type = NLA_U16 },
564 	[IFLA_IPTUN_ENCAP_SPORT]	= { .type = NLA_U16 },
565 	[IFLA_IPTUN_ENCAP_DPORT]	= { .type = NLA_U16 },
566 	[IFLA_IPTUN_COLLECT_METADATA]	= { .type = NLA_FLAG },
567 	[IFLA_IPTUN_FWMARK]		= { .type = NLA_U32 },
568 };
569 
570 static struct rtnl_link_ops ipip_link_ops __read_mostly = {
571 	.kind		= "ipip",
572 	.maxtype	= IFLA_IPTUN_MAX,
573 	.policy		= ipip_policy,
574 	.priv_size	= sizeof(struct ip_tunnel),
575 	.setup		= ipip_tunnel_setup,
576 	.validate	= ipip_tunnel_validate,
577 	.newlink	= ipip_newlink,
578 	.changelink	= ipip_changelink,
579 	.dellink	= ip_tunnel_dellink,
580 	.get_size	= ipip_get_size,
581 	.fill_info	= ipip_fill_info,
582 	.get_link_net	= ip_tunnel_get_link_net,
583 };
584 
585 static struct xfrm_tunnel ipip_handler __read_mostly = {
586 	.handler	=	ipip_rcv,
587 	.err_handler	=	ipip_err,
588 	.priority	=	1,
589 };
590 
591 #if IS_ENABLED(CONFIG_MPLS)
592 static struct xfrm_tunnel mplsip_handler __read_mostly = {
593 	.handler	=	mplsip_rcv,
594 	.err_handler	=	ipip_err,
595 	.priority	=	1,
596 };
597 #endif
598 
ipip_init_net(struct net * net)599 static int __net_init ipip_init_net(struct net *net)
600 {
601 	return ip_tunnel_init_net(net, ipip_net_id, &ipip_link_ops, "tunl0");
602 }
603 
ipip_exit_batch_rtnl(struct list_head * list_net,struct list_head * dev_to_kill)604 static void __net_exit ipip_exit_batch_rtnl(struct list_head *list_net,
605 					    struct list_head *dev_to_kill)
606 {
607 	ip_tunnel_delete_nets(list_net, ipip_net_id, &ipip_link_ops,
608 			      dev_to_kill);
609 }
610 
611 static struct pernet_operations ipip_net_ops = {
612 	.init = ipip_init_net,
613 	.exit_batch_rtnl = ipip_exit_batch_rtnl,
614 	.id   = &ipip_net_id,
615 	.size = sizeof(struct ip_tunnel_net),
616 };
617 
ipip_init(void)618 static int __init ipip_init(void)
619 {
620 	int err;
621 
622 	pr_info("ipip: IPv4 and MPLS over IPv4 tunneling driver\n");
623 
624 	err = register_pernet_device(&ipip_net_ops);
625 	if (err < 0)
626 		return err;
627 	err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
628 	if (err < 0) {
629 		pr_info("%s: can't register tunnel\n", __func__);
630 		goto xfrm_tunnel_ipip_failed;
631 	}
632 #if IS_ENABLED(CONFIG_MPLS)
633 	err = xfrm4_tunnel_register(&mplsip_handler, AF_MPLS);
634 	if (err < 0) {
635 		pr_info("%s: can't register tunnel\n", __func__);
636 		goto xfrm_tunnel_mplsip_failed;
637 	}
638 #endif
639 	err = rtnl_link_register(&ipip_link_ops);
640 	if (err < 0)
641 		goto rtnl_link_failed;
642 
643 out:
644 	return err;
645 
646 rtnl_link_failed:
647 #if IS_ENABLED(CONFIG_MPLS)
648 	xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS);
649 xfrm_tunnel_mplsip_failed:
650 
651 #endif
652 	xfrm4_tunnel_deregister(&ipip_handler, AF_INET);
653 xfrm_tunnel_ipip_failed:
654 	unregister_pernet_device(&ipip_net_ops);
655 	goto out;
656 }
657 
ipip_fini(void)658 static void __exit ipip_fini(void)
659 {
660 	rtnl_link_unregister(&ipip_link_ops);
661 	if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
662 		pr_info("%s: can't deregister tunnel\n", __func__);
663 #if IS_ENABLED(CONFIG_MPLS)
664 	if (xfrm4_tunnel_deregister(&mplsip_handler, AF_MPLS))
665 		pr_info("%s: can't deregister tunnel\n", __func__);
666 #endif
667 	unregister_pernet_device(&ipip_net_ops);
668 }
669 
670 module_init(ipip_init);
671 module_exit(ipip_fini);
672 MODULE_DESCRIPTION("IP/IP protocol decoder library");
673 MODULE_LICENSE("GPL");
674 MODULE_ALIAS_RTNL_LINK("ipip");
675 MODULE_ALIAS_NETDEV("tunl0");
676