2019-05-27 15:55:01 +09:00
|
|
|
// SPDX-License-Identifier: GPL-2.0-or-later
|
2005-04-17 07:20:36 +09:00
|
|
|
/*
|
2007-02-15 00:43:16 +09:00
|
|
|
* IPv6 tunneling device
|
2005-04-17 07:20:36 +09:00
|
|
|
* Linux INET6 implementation
|
|
|
|
|
*
|
|
|
|
|
* Authors:
|
2007-02-09 23:24:49 +09:00
|
|
|
* Ville Nuorvala <vnuorval@tcs.hut.fi>
|
2007-02-15 00:43:16 +09:00
|
|
|
* Yasuyuki Kozakai <kozakai@linux-ipv6.org>
|
2005-04-17 07:20:36 +09:00
|
|
|
*
|
|
|
|
|
* Based on:
|
2007-02-15 00:43:16 +09:00
|
|
|
* linux/net/ipv6/sit.c and linux/net/ipv4/ipip.c
|
2005-04-17 07:20:36 +09:00
|
|
|
*
|
|
|
|
|
* RFC 2473
|
|
|
|
|
*/
|
|
|
|
|
|
2012-05-15 23:11:53 +09:00
|
|
|
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
|
|
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
#include <linux/module.h>
|
2006-01-12 05:17:47 +09:00
|
|
|
#include <linux/capability.h>
|
2005-04-17 07:20:36 +09:00
|
|
|
#include <linux/errno.h>
|
|
|
|
|
#include <linux/types.h>
|
|
|
|
|
#include <linux/sockios.h>
|
2007-02-15 00:43:16 +09:00
|
|
|
#include <linux/icmp.h>
|
2005-04-17 07:20:36 +09:00
|
|
|
#include <linux/if.h>
|
|
|
|
|
#include <linux/in.h>
|
|
|
|
|
#include <linux/ip.h>
|
|
|
|
|
#include <linux/net.h>
|
|
|
|
|
#include <linux/in6.h>
|
|
|
|
|
#include <linux/netdevice.h>
|
|
|
|
|
#include <linux/if_arp.h>
|
|
|
|
|
#include <linux/icmpv6.h>
|
|
|
|
|
#include <linux/init.h>
|
|
|
|
|
#include <linux/route.h>
|
|
|
|
|
#include <linux/rtnetlink.h>
|
|
|
|
|
#include <linux/netfilter_ipv6.h>
|
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
2010-03-24 17:04:11 +09:00
|
|
|
#include <linux/slab.h>
|
2012-07-18 17:11:12 +09:00
|
|
|
#include <linux/hash.h>
|
2013-08-20 19:16:06 +09:00
|
|
|
#include <linux/etherdevice.h>
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2016-12-25 04:46:01 +09:00
|
|
|
#include <linux/uaccess.h>
|
2011-07-27 08:09:06 +09:00
|
|
|
#include <linux/atomic.h>
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2007-02-15 00:43:16 +09:00
|
|
|
#include <net/icmp.h>
|
2005-04-17 07:20:36 +09:00
|
|
|
#include <net/ip.h>
|
2013-03-25 23:49:35 +09:00
|
|
|
#include <net/ip_tunnels.h>
|
2005-04-17 07:20:36 +09:00
|
|
|
#include <net/ipv6.h>
|
|
|
|
|
#include <net/ip6_route.h>
|
|
|
|
|
#include <net/addrconf.h>
|
|
|
|
|
#include <net/ip6_tunnel.h>
|
|
|
|
|
#include <net/xfrm.h>
|
|
|
|
|
#include <net/dsfield.h>
|
|
|
|
|
#include <net/inet_ecn.h>
|
2008-04-16 17:22:02 +09:00
|
|
|
#include <net/net_namespace.h>
|
|
|
|
|
#include <net/netns/generic.h>
|
2016-09-16 05:00:30 +09:00
|
|
|
#include <net/dst_metadata.h>
|
2005-04-17 07:20:36 +09:00
|
|
|
|
|
|
|
|
MODULE_AUTHOR("Ville Nuorvala");
|
2007-02-15 00:43:16 +09:00
|
|
|
MODULE_DESCRIPTION("IPv6 tunneling device");
|
2005-04-17 07:20:36 +09:00
|
|
|
MODULE_LICENSE("GPL");
|
2014-05-16 06:21:30 +09:00
|
|
|
MODULE_ALIAS_RTNL_LINK("ip6tnl");
|
2011-03-10 20:43:19 +09:00
|
|
|
MODULE_ALIAS_NETDEV("ip6tnl0");
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2016-08-10 18:03:35 +09:00
|
|
|
#define IP6_TUNNEL_HASH_SIZE_SHIFT 5
|
|
|
|
|
#define IP6_TUNNEL_HASH_SIZE (1 << IP6_TUNNEL_HASH_SIZE_SHIFT)
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2012-11-27 12:07:11 +09:00
|
|
|
static bool log_ecn_error = true;
|
|
|
|
|
module_param(log_ecn_error, bool, 0644);
|
|
|
|
|
MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
|
|
|
|
|
|
2012-07-18 17:11:12 +09:00
|
|
|
static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
|
|
|
|
|
{
|
|
|
|
|
u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2);
|
|
|
|
|
|
2016-08-10 18:03:35 +09:00
|
|
|
return hash_32(hash, IP6_TUNNEL_HASH_SIZE_SHIFT);
|
2012-07-18 17:11:12 +09:00
|
|
|
}
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2010-09-28 12:23:34 +09:00
|
|
|
static int ip6_tnl_dev_init(struct net_device *dev);
|
2007-02-10 00:30:33 +09:00
|
|
|
static void ip6_tnl_dev_setup(struct net_device *dev);
|
2012-11-09 15:10:01 +09:00
|
|
|
static struct rtnl_link_ops ip6_link_ops __read_mostly;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
netns: make struct pernet_operations::id unsigned int
Make struct pernet_operations::id unsigned.
There are 2 reasons to do so:
1)
This field is really an index into an zero based array and
thus is unsigned entity. Using negative value is out-of-bound
access by definition.
2)
On x86_64 unsigned 32-bit data which are mixed with pointers
via array indexing or offsets added or subtracted to pointers
are preffered to signed 32-bit data.
"int" being used as an array index needs to be sign-extended
to 64-bit before being used.
void f(long *p, int i)
{
g(p[i]);
}
roughly translates to
movsx rsi, esi
mov rdi, [rsi+...]
call g
MOVSX is 3 byte instruction which isn't necessary if the variable is
unsigned because x86_64 is zero extending by default.
Now, there is net_generic() function which, you guessed it right, uses
"int" as an array index:
static inline void *net_generic(const struct net *net, int id)
{
...
ptr = ng->ptr[id - 1];
...
}
And this function is used a lot, so those sign extensions add up.
Patch snipes ~1730 bytes on allyesconfig kernel (without all junk
messing with code generation):
add/remove: 0/0 grow/shrink: 70/598 up/down: 396/-2126 (-1730)
Unfortunately some functions actually grow bigger.
This is a semmingly random artefact of code generation with register
allocator being used differently. gcc decides that some variable
needs to live in new r8+ registers and every access now requires REX
prefix. Or it is shifted into r12, so [r12+0] addressing mode has to be
used which is longer than [r8]
However, overall balance is in negative direction:
add/remove: 0/0 grow/shrink: 70/598 up/down: 396/-2126 (-1730)
function old new delta
nfsd4_lock 3886 3959 +73
tipc_link_build_proto_msg 1096 1140 +44
mac80211_hwsim_new_radio 2776 2808 +32
tipc_mon_rcv 1032 1058 +26
svcauth_gss_legacy_init 1413 1429 +16
tipc_bcbase_select_primary 379 392 +13
nfsd4_exchange_id 1247 1260 +13
nfsd4_setclientid_confirm 782 793 +11
...
put_client_renew_locked 494 480 -14
ip_set_sockfn_get 730 716 -14
geneve_sock_add 829 813 -16
nfsd4_sequence_done 721 703 -18
nlmclnt_lookup_host 708 686 -22
nfsd4_lockt 1085 1063 -22
nfs_get_client 1077 1050 -27
tcf_bpf_init 1106 1076 -30
nfsd4_encode_fattr 5997 5930 -67
Total: Before=154856051, After=154854321, chg -0.00%
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-11-17 10:58:21 +09:00
|
|
|
static unsigned int ip6_tnl_net_id __read_mostly;
|
2008-04-16 17:22:02 +09:00
|
|
|
struct ip6_tnl_net {
|
2008-04-16 17:23:02 +09:00
|
|
|
/* the IPv6 tunnel fallback device */
|
|
|
|
|
struct net_device *fb_tnl_dev;
|
2008-04-16 17:23:22 +09:00
|
|
|
/* lists for storing tunnels in use */
|
2016-08-10 18:03:35 +09:00
|
|
|
struct ip6_tnl __rcu *tnls_r_l[IP6_TUNNEL_HASH_SIZE];
|
2010-09-16 05:25:34 +09:00
|
|
|
struct ip6_tnl __rcu *tnls_wc[1];
|
|
|
|
|
struct ip6_tnl __rcu **tnls[2];
|
2016-09-16 05:00:30 +09:00
|
|
|
struct ip6_tnl __rcu *collect_md_tun;
|
2008-04-16 17:22:02 +09:00
|
|
|
};
|
|
|
|
|
|
2010-09-28 12:23:34 +09:00
|
|
|
static struct net_device_stats *ip6_get_stats(struct net_device *dev)
|
|
|
|
|
{
|
2014-01-07 07:37:45 +09:00
|
|
|
struct pcpu_sw_netstats tmp, sum = { 0 };
|
2010-09-28 12:23:34 +09:00
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
for_each_possible_cpu(i) {
|
2014-01-02 14:20:12 +09:00
|
|
|
unsigned int start;
|
2014-01-04 14:57:59 +09:00
|
|
|
const struct pcpu_sw_netstats *tstats =
|
|
|
|
|
per_cpu_ptr(dev->tstats, i);
|
2010-09-28 12:23:34 +09:00
|
|
|
|
2014-01-02 14:20:12 +09:00
|
|
|
do {
|
2014-03-14 13:26:42 +09:00
|
|
|
start = u64_stats_fetch_begin_irq(&tstats->syncp);
|
2014-01-02 14:20:12 +09:00
|
|
|
tmp.rx_packets = tstats->rx_packets;
|
|
|
|
|
tmp.rx_bytes = tstats->rx_bytes;
|
|
|
|
|
tmp.tx_packets = tstats->tx_packets;
|
|
|
|
|
tmp.tx_bytes = tstats->tx_bytes;
|
2014-03-14 13:26:42 +09:00
|
|
|
} while (u64_stats_fetch_retry_irq(&tstats->syncp, start));
|
2014-01-02 14:20:12 +09:00
|
|
|
|
|
|
|
|
sum.rx_packets += tmp.rx_packets;
|
|
|
|
|
sum.rx_bytes += tmp.rx_bytes;
|
|
|
|
|
sum.tx_packets += tmp.tx_packets;
|
|
|
|
|
sum.tx_bytes += tmp.tx_bytes;
|
2010-09-28 12:23:34 +09:00
|
|
|
}
|
|
|
|
|
dev->stats.rx_packets = sum.rx_packets;
|
|
|
|
|
dev->stats.rx_bytes = sum.rx_bytes;
|
|
|
|
|
dev->stats.tx_packets = sum.tx_packets;
|
|
|
|
|
dev->stats.tx_bytes = sum.tx_bytes;
|
|
|
|
|
return &dev->stats;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
/**
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_lookup - fetch tunnel matching the end-point addresses
|
2007-02-09 23:24:49 +09:00
|
|
|
* @remote: the address of the tunnel exit-point
|
|
|
|
|
* @local: the address of the tunnel entry-point
|
2005-04-17 07:20:36 +09:00
|
|
|
*
|
2007-02-09 23:24:49 +09:00
|
|
|
* Return:
|
2005-04-17 07:20:36 +09:00
|
|
|
* tunnel matching given end-points if found,
|
2007-02-09 23:24:49 +09:00
|
|
|
* else fallback tunnel if its device is up,
|
2005-04-17 07:20:36 +09:00
|
|
|
* else %NULL
|
|
|
|
|
**/
|
|
|
|
|
|
2009-10-23 15:34:34 +09:00
|
|
|
#define for_each_ip6_tunnel_rcu(start) \
|
|
|
|
|
for (t = rcu_dereference(start); t; t = rcu_dereference(t->next))
|
|
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
static struct ip6_tnl *
|
2011-04-22 13:53:02 +09:00
|
|
|
ip6_tnl_lookup(struct net *net, const struct in6_addr *remote, const struct in6_addr *local)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2012-07-18 17:11:12 +09:00
|
|
|
unsigned int hash = HASH(remote, local);
|
2005-04-17 07:20:36 +09:00
|
|
|
struct ip6_tnl *t;
|
2008-04-16 17:23:22 +09:00
|
|
|
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
|
2014-11-05 16:03:50 +09:00
|
|
|
struct in6_addr any;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2012-07-18 17:11:12 +09:00
|
|
|
for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
|
2005-04-17 07:20:36 +09:00
|
|
|
if (ipv6_addr_equal(local, &t->parms.laddr) &&
|
|
|
|
|
ipv6_addr_equal(remote, &t->parms.raddr) &&
|
|
|
|
|
(t->dev->flags & IFF_UP))
|
|
|
|
|
return t;
|
|
|
|
|
}
|
2014-11-05 16:03:50 +09:00
|
|
|
|
|
|
|
|
memset(&any, 0, sizeof(any));
|
|
|
|
|
hash = HASH(&any, local);
|
|
|
|
|
for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
|
|
|
|
|
if (ipv6_addr_equal(local, &t->parms.laddr) &&
|
2016-10-12 04:47:20 +09:00
|
|
|
ipv6_addr_any(&t->parms.raddr) &&
|
2014-11-05 16:03:50 +09:00
|
|
|
(t->dev->flags & IFF_UP))
|
|
|
|
|
return t;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
hash = HASH(remote, &any);
|
|
|
|
|
for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
|
|
|
|
|
if (ipv6_addr_equal(remote, &t->parms.raddr) &&
|
2016-10-12 04:47:20 +09:00
|
|
|
ipv6_addr_any(&t->parms.laddr) &&
|
2014-11-05 16:03:50 +09:00
|
|
|
(t->dev->flags & IFF_UP))
|
|
|
|
|
return t;
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-16 05:00:30 +09:00
|
|
|
t = rcu_dereference(ip6n->collect_md_tun);
|
2017-09-12 18:47:57 +09:00
|
|
|
if (t && t->dev->flags & IFF_UP)
|
2016-09-16 05:00:30 +09:00
|
|
|
return t;
|
|
|
|
|
|
2009-10-23 15:34:34 +09:00
|
|
|
t = rcu_dereference(ip6n->tnls_wc[0]);
|
|
|
|
|
if (t && (t->dev->flags & IFF_UP))
|
2005-04-17 07:20:36 +09:00
|
|
|
return t;
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_bucket - get head of list matching given tunnel parameters
|
2007-02-09 23:24:49 +09:00
|
|
|
* @p: parameters containing tunnel end-points
|
2005-04-17 07:20:36 +09:00
|
|
|
*
|
|
|
|
|
* Description:
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_bucket() returns the head of the list matching the
|
2005-04-17 07:20:36 +09:00
|
|
|
* &struct in6_addr entries laddr and raddr in @p.
|
|
|
|
|
*
|
2007-02-09 23:24:49 +09:00
|
|
|
* Return: head of IPv6 tunnel list
|
2005-04-17 07:20:36 +09:00
|
|
|
**/
|
|
|
|
|
|
2010-09-16 05:25:34 +09:00
|
|
|
static struct ip6_tnl __rcu **
|
2012-08-10 09:51:50 +09:00
|
|
|
ip6_tnl_bucket(struct ip6_tnl_net *ip6n, const struct __ip6_tnl_parm *p)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2011-04-22 13:53:02 +09:00
|
|
|
const struct in6_addr *remote = &p->raddr;
|
|
|
|
|
const struct in6_addr *local = &p->laddr;
|
2012-04-15 14:58:06 +09:00
|
|
|
unsigned int h = 0;
|
2005-04-17 07:20:36 +09:00
|
|
|
int prio = 0;
|
|
|
|
|
|
|
|
|
|
if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) {
|
|
|
|
|
prio = 1;
|
2012-07-18 17:11:12 +09:00
|
|
|
h = HASH(remote, local);
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
2008-04-16 17:23:22 +09:00
|
|
|
return &ip6n->tnls[prio][h];
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_link - add tunnel to hash table
|
2005-04-17 07:20:36 +09:00
|
|
|
* @t: tunnel to be added
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
|
|
static void
|
2008-04-16 17:22:23 +09:00
|
|
|
ip6_tnl_link(struct ip6_tnl_net *ip6n, struct ip6_tnl *t)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2010-09-16 05:25:34 +09:00
|
|
|
struct ip6_tnl __rcu **tp = ip6_tnl_bucket(ip6n, &t->parms);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2016-09-16 05:00:30 +09:00
|
|
|
if (t->parms.collect_md)
|
|
|
|
|
rcu_assign_pointer(ip6n->collect_md_tun, t);
|
2012-01-12 13:41:32 +09:00
|
|
|
rcu_assign_pointer(t->next , rtnl_dereference(*tp));
|
|
|
|
|
rcu_assign_pointer(*tp, t);
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_unlink - remove tunnel from hash table
|
2005-04-17 07:20:36 +09:00
|
|
|
* @t: tunnel to be removed
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
|
|
static void
|
2008-04-16 17:22:23 +09:00
|
|
|
ip6_tnl_unlink(struct ip6_tnl_net *ip6n, struct ip6_tnl *t)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2010-09-16 05:25:34 +09:00
|
|
|
struct ip6_tnl __rcu **tp;
|
|
|
|
|
struct ip6_tnl *iter;
|
|
|
|
|
|
2016-09-16 05:00:30 +09:00
|
|
|
if (t->parms.collect_md)
|
|
|
|
|
rcu_assign_pointer(ip6n->collect_md_tun, NULL);
|
|
|
|
|
|
2010-09-16 05:25:34 +09:00
|
|
|
for (tp = ip6_tnl_bucket(ip6n, &t->parms);
|
|
|
|
|
(iter = rtnl_dereference(*tp)) != NULL;
|
|
|
|
|
tp = &iter->next) {
|
|
|
|
|
if (t == iter) {
|
2012-01-12 13:41:32 +09:00
|
|
|
rcu_assign_pointer(*tp, t->next);
|
2005-04-17 07:20:36 +09:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2010-09-28 12:23:34 +09:00
|
|
|
static void ip6_dev_free(struct net_device *dev)
|
|
|
|
|
{
|
2015-09-16 06:30:07 +09:00
|
|
|
struct ip6_tnl *t = netdev_priv(dev);
|
|
|
|
|
|
2016-04-30 09:12:15 +09:00
|
|
|
gro_cells_destroy(&t->gro_cells);
|
2016-02-12 23:43:54 +09:00
|
|
|
dst_cache_destroy(&t->dst_cache);
|
2010-09-28 12:23:34 +09:00
|
|
|
free_percpu(dev->tstats);
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-14 14:14:00 +09:00
|
|
|
static int ip6_tnl_create2(struct net_device *dev)
|
|
|
|
|
{
|
|
|
|
|
struct ip6_tnl *t = netdev_priv(dev);
|
|
|
|
|
struct net *net = dev_net(dev);
|
|
|
|
|
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
|
|
|
|
|
int err;
|
|
|
|
|
|
|
|
|
|
t = netdev_priv(dev);
|
|
|
|
|
|
2016-04-02 05:17:50 +09:00
|
|
|
dev->rtnl_link_ops = &ip6_link_ops;
|
2012-11-14 14:14:00 +09:00
|
|
|
err = register_netdevice(dev);
|
|
|
|
|
if (err < 0)
|
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
|
|
strcpy(t->parms.name, dev->name);
|
|
|
|
|
|
|
|
|
|
ip6_tnl_link(ip6n, t);
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
/**
|
2012-07-10 19:55:09 +09:00
|
|
|
* ip6_tnl_create - create a new tunnel
|
2005-04-17 07:20:36 +09:00
|
|
|
* @p: tunnel parameters
|
|
|
|
|
* @pt: pointer to new tunnel
|
|
|
|
|
*
|
|
|
|
|
* Description:
|
|
|
|
|
* Create tunnel matching given parameters.
|
2007-02-09 23:24:49 +09:00
|
|
|
*
|
|
|
|
|
* Return:
|
2015-03-16 23:56:05 +09:00
|
|
|
* created tunnel or error pointer
|
2005-04-17 07:20:36 +09:00
|
|
|
**/
|
|
|
|
|
|
2012-08-10 09:51:50 +09:00
|
|
|
static struct ip6_tnl *ip6_tnl_create(struct net *net, struct __ip6_tnl_parm *p)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
|
|
|
|
struct net_device *dev;
|
|
|
|
|
struct ip6_tnl *t;
|
|
|
|
|
char name[IFNAMSIZ];
|
2018-04-05 22:39:30 +09:00
|
|
|
int err = -E2BIG;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2018-04-05 22:39:30 +09:00
|
|
|
if (p->name[0]) {
|
|
|
|
|
if (!dev_valid_name(p->name))
|
|
|
|
|
goto failed;
|
2005-04-17 07:20:36 +09:00
|
|
|
strlcpy(name, p->name, IFNAMSIZ);
|
2018-04-05 22:39:30 +09:00
|
|
|
} else {
|
2008-02-24 13:19:20 +09:00
|
|
|
sprintf(name, "ip6tnl%%d");
|
2018-04-05 22:39:30 +09:00
|
|
|
}
|
|
|
|
|
err = -ENOMEM;
|
net: set name_assign_type in alloc_netdev()
Extend alloc_netdev{,_mq{,s}}() to take name_assign_type as argument, and convert
all users to pass NET_NAME_UNKNOWN.
Coccinelle patch:
@@
expression sizeof_priv, name, setup, txqs, rxqs, count;
@@
(
-alloc_netdev_mqs(sizeof_priv, name, setup, txqs, rxqs)
+alloc_netdev_mqs(sizeof_priv, name, NET_NAME_UNKNOWN, setup, txqs, rxqs)
|
-alloc_netdev_mq(sizeof_priv, name, setup, count)
+alloc_netdev_mq(sizeof_priv, name, NET_NAME_UNKNOWN, setup, count)
|
-alloc_netdev(sizeof_priv, name, setup)
+alloc_netdev(sizeof_priv, name, NET_NAME_UNKNOWN, setup)
)
v9: move comments here from the wrong commit
Signed-off-by: Tom Gundersen <teg@jklm.no>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-07-14 23:37:24 +09:00
|
|
|
dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN,
|
|
|
|
|
ip6_tnl_dev_setup);
|
2015-03-29 22:00:04 +09:00
|
|
|
if (!dev)
|
2006-11-25 10:05:41 +09:00
|
|
|
goto failed;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2008-04-16 17:24:13 +09:00
|
|
|
dev_net_set(dev, net);
|
|
|
|
|
|
2006-01-09 15:05:26 +09:00
|
|
|
t = netdev_priv(dev);
|
2005-04-17 07:20:36 +09:00
|
|
|
t->parms = *p;
|
2013-08-14 00:51:12 +09:00
|
|
|
t->net = dev_net(dev);
|
2012-11-14 14:14:00 +09:00
|
|
|
err = ip6_tnl_create2(dev);
|
2010-09-28 12:23:34 +09:00
|
|
|
if (err < 0)
|
|
|
|
|
goto failed_free;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2006-11-25 10:05:41 +09:00
|
|
|
return t;
|
[INET]: Don't create tunnels with '%' in name.
Four tunnel drivers (ip_gre, ipip, ip6_tunnel and sit) can receive a
pre-defined name for a device from the userspace. Since these drivers
call the register_netdevice() (rtnl_lock, is held), which does _not_
generate the device's name, this name may contain a '%' character.
Not sure how bad is this to have a device with a '%' in its name, but
all the other places either use the register_netdev(), which call the
dev_alloc_name(), or explicitly call the dev_alloc_name() before
registering, i.e. do not allow for such names.
This had to be prior to the commit 34cc7b, but I forgot to number the
patches and this one got lost, sorry.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2008-02-27 16:51:04 +09:00
|
|
|
|
|
|
|
|
failed_free:
|
net: Fix inconsistent teardown and release of private netdev state.
Network devices can allocate reasources and private memory using
netdev_ops->ndo_init(). However, the release of these resources
can occur in one of two different places.
Either netdev_ops->ndo_uninit() or netdev->destructor().
The decision of which operation frees the resources depends upon
whether it is necessary for all netdev refs to be released before it
is safe to perform the freeing.
netdev_ops->ndo_uninit() presumably can occur right after the
NETDEV_UNREGISTER notifier completes and the unicast and multicast
address lists are flushed.
netdev->destructor(), on the other hand, does not run until the
netdev references all go away.
Further complicating the situation is that netdev->destructor()
almost universally does also a free_netdev().
This creates a problem for the logic in register_netdevice().
Because all callers of register_netdevice() manage the freeing
of the netdev, and invoke free_netdev(dev) if register_netdevice()
fails.
If netdev_ops->ndo_init() succeeds, but something else fails inside
of register_netdevice(), it does call ndo_ops->ndo_uninit(). But
it is not able to invoke netdev->destructor().
This is because netdev->destructor() will do a free_netdev() and
then the caller of register_netdevice() will do the same.
However, this means that the resources that would normally be released
by netdev->destructor() will not be.
Over the years drivers have added local hacks to deal with this, by
invoking their destructor parts by hand when register_netdevice()
fails.
Many drivers do not try to deal with this, and instead we have leaks.
Let's close this hole by formalizing the distinction between what
private things need to be freed up by netdev->destructor() and whether
the driver needs unregister_netdevice() to perform the free_netdev().
netdev->priv_destructor() performs all actions to free up the private
resources that used to be freed by netdev->destructor(), except for
free_netdev().
netdev->needs_free_netdev is a boolean that indicates whether
free_netdev() should be done at the end of unregister_netdevice().
Now, register_netdevice() can sanely release all resources after
ndo_ops->ndo_init() succeeds, by invoking both ndo_ops->ndo_uninit()
and netdev->priv_destructor().
And at the end of unregister_netdevice(), we invoke
netdev->priv_destructor() and optionally call free_netdev().
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-05-09 01:52:56 +09:00
|
|
|
free_netdev(dev);
|
2006-11-25 10:05:41 +09:00
|
|
|
failed:
|
2015-03-16 23:56:05 +09:00
|
|
|
return ERR_PTR(err);
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_locate - find or create tunnel matching given parameters
|
2007-02-09 23:24:49 +09:00
|
|
|
* @p: tunnel parameters
|
2005-04-17 07:20:36 +09:00
|
|
|
* @create: != 0 if allowed to create new tunnel if no match found
|
|
|
|
|
*
|
|
|
|
|
* Description:
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_locate() first tries to locate an existing tunnel
|
2005-04-17 07:20:36 +09:00
|
|
|
* based on @parms. If this is unsuccessful, but @create is set a new
|
|
|
|
|
* tunnel device is created and registered for use.
|
|
|
|
|
*
|
|
|
|
|
* Return:
|
2015-03-16 23:56:05 +09:00
|
|
|
* matching tunnel or error pointer
|
2005-04-17 07:20:36 +09:00
|
|
|
**/
|
|
|
|
|
|
2008-04-16 17:22:23 +09:00
|
|
|
static struct ip6_tnl *ip6_tnl_locate(struct net *net,
|
2012-08-10 09:51:50 +09:00
|
|
|
struct __ip6_tnl_parm *p, int create)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2011-04-22 13:53:02 +09:00
|
|
|
const struct in6_addr *remote = &p->raddr;
|
|
|
|
|
const struct in6_addr *local = &p->laddr;
|
2010-09-16 05:25:34 +09:00
|
|
|
struct ip6_tnl __rcu **tp;
|
2005-04-17 07:20:36 +09:00
|
|
|
struct ip6_tnl *t;
|
2008-04-16 17:22:23 +09:00
|
|
|
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2010-09-16 05:25:34 +09:00
|
|
|
for (tp = ip6_tnl_bucket(ip6n, p);
|
|
|
|
|
(t = rtnl_dereference(*tp)) != NULL;
|
|
|
|
|
tp = &t->next) {
|
2005-04-17 07:20:36 +09:00
|
|
|
if (ipv6_addr_equal(local, &t->parms.laddr) &&
|
2014-09-22 17:07:24 +09:00
|
|
|
ipv6_addr_equal(remote, &t->parms.raddr)) {
|
|
|
|
|
if (create)
|
2015-03-16 23:56:05 +09:00
|
|
|
return ERR_PTR(-EEXIST);
|
2014-09-22 17:07:24 +09:00
|
|
|
|
2006-11-25 10:05:41 +09:00
|
|
|
return t;
|
2014-09-22 17:07:24 +09:00
|
|
|
}
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
if (!create)
|
2015-03-16 23:56:05 +09:00
|
|
|
return ERR_PTR(-ENODEV);
|
2008-04-16 17:22:23 +09:00
|
|
|
return ip6_tnl_create(net, p);
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_dev_uninit - tunnel device uninitializer
|
2005-04-17 07:20:36 +09:00
|
|
|
* @dev: the device to be destroyed
|
2007-02-09 23:24:49 +09:00
|
|
|
*
|
2005-04-17 07:20:36 +09:00
|
|
|
* Description:
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_dev_uninit() removes tunnel from its list
|
2005-04-17 07:20:36 +09:00
|
|
|
**/
|
|
|
|
|
|
|
|
|
|
static void
|
2007-02-10 00:30:33 +09:00
|
|
|
ip6_tnl_dev_uninit(struct net_device *dev)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2006-01-09 15:05:26 +09:00
|
|
|
struct ip6_tnl *t = netdev_priv(dev);
|
2013-08-14 00:51:12 +09:00
|
|
|
struct net *net = t->net;
|
2008-04-16 17:22:23 +09:00
|
|
|
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2010-09-16 05:25:34 +09:00
|
|
|
if (dev == ip6n->fb_tnl_dev)
|
2011-08-02 01:19:00 +09:00
|
|
|
RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL);
|
2010-09-16 05:25:34 +09:00
|
|
|
else
|
2008-04-16 17:22:23 +09:00
|
|
|
ip6_tnl_unlink(ip6n, t);
|
2016-02-12 23:43:54 +09:00
|
|
|
dst_cache_reset(&t->dst_cache);
|
2005-04-17 07:20:36 +09:00
|
|
|
dev_put(dev);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* parse_tvl_tnl_enc_lim - handle encapsulation limit option
|
|
|
|
|
* @skb: received socket buffer
|
|
|
|
|
*
|
2007-02-09 23:24:49 +09:00
|
|
|
* Return:
|
|
|
|
|
* 0 if none was found,
|
2005-04-17 07:20:36 +09:00
|
|
|
* else index to encapsulation limit
|
|
|
|
|
**/
|
|
|
|
|
|
2012-08-10 09:51:50 +09:00
|
|
|
__u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2017-01-24 09:43:06 +09:00
|
|
|
const struct ipv6hdr *ipv6h = (const struct ipv6hdr *)raw;
|
|
|
|
|
unsigned int nhoff = raw - skb->data;
|
|
|
|
|
unsigned int off = nhoff + sizeof(*ipv6h);
|
|
|
|
|
u8 next, nexthdr = ipv6h->nexthdr;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
|
|
|
|
while (ipv6_ext_hdr(nexthdr) && nexthdr != NEXTHDR_NONE) {
|
|
|
|
|
struct ipv6_opt_hdr *hdr;
|
2017-01-24 09:43:06 +09:00
|
|
|
u16 optlen;
|
|
|
|
|
|
|
|
|
|
if (!pskb_may_pull(skb, off + sizeof(*hdr)))
|
2005-04-17 07:20:36 +09:00
|
|
|
break;
|
|
|
|
|
|
2017-01-24 09:43:06 +09:00
|
|
|
hdr = (struct ipv6_opt_hdr *)(skb->data + off);
|
2005-04-17 07:20:36 +09:00
|
|
|
if (nexthdr == NEXTHDR_FRAGMENT) {
|
|
|
|
|
struct frag_hdr *frag_hdr = (struct frag_hdr *) hdr;
|
|
|
|
|
if (frag_hdr->frag_off)
|
|
|
|
|
break;
|
|
|
|
|
optlen = 8;
|
|
|
|
|
} else if (nexthdr == NEXTHDR_AUTH) {
|
2019-07-10 22:14:10 +09:00
|
|
|
optlen = ipv6_authlen(hdr);
|
2005-04-17 07:20:36 +09:00
|
|
|
} else {
|
|
|
|
|
optlen = ipv6_optlen(hdr);
|
|
|
|
|
}
|
2017-01-24 09:43:06 +09:00
|
|
|
/* cache hdr->nexthdr, since pskb_may_pull() might
|
|
|
|
|
* invalidate hdr
|
|
|
|
|
*/
|
|
|
|
|
next = hdr->nexthdr;
|
2005-04-17 07:20:36 +09:00
|
|
|
if (nexthdr == NEXTHDR_DEST) {
|
2017-01-24 09:43:06 +09:00
|
|
|
u16 i = 2;
|
|
|
|
|
|
|
|
|
|
/* Remember : hdr is no longer valid at this point. */
|
|
|
|
|
if (!pskb_may_pull(skb, off + optlen))
|
|
|
|
|
break;
|
|
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
while (1) {
|
|
|
|
|
struct ipv6_tlv_tnl_enc_lim *tel;
|
|
|
|
|
|
|
|
|
|
/* No more room for encapsulation limit */
|
2017-01-24 09:43:06 +09:00
|
|
|
if (i + sizeof(*tel) > optlen)
|
2005-04-17 07:20:36 +09:00
|
|
|
break;
|
|
|
|
|
|
2017-02-01 17:46:32 +09:00
|
|
|
tel = (struct ipv6_tlv_tnl_enc_lim *)(skb->data + off + i);
|
2005-04-17 07:20:36 +09:00
|
|
|
/* return index of option if found and valid */
|
|
|
|
|
if (tel->type == IPV6_TLV_TNL_ENCAP_LIMIT &&
|
|
|
|
|
tel->length == 1)
|
2017-01-24 09:43:06 +09:00
|
|
|
return i + off - nhoff;
|
2005-04-17 07:20:36 +09:00
|
|
|
/* else jump to next option */
|
|
|
|
|
if (tel->type)
|
|
|
|
|
i += tel->length + 2;
|
|
|
|
|
else
|
|
|
|
|
i++;
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-01-24 09:43:06 +09:00
|
|
|
nexthdr = next;
|
2005-04-17 07:20:36 +09:00
|
|
|
off += optlen;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2012-08-10 09:51:50 +09:00
|
|
|
EXPORT_SYMBOL(ip6_tnl_parse_tlv_enc_lim);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
|
|
|
|
/**
|
2006-10-31 23:11:25 +09:00
|
|
|
* ip6_tnl_err - tunnel error handler
|
2005-04-17 07:20:36 +09:00
|
|
|
*
|
|
|
|
|
* Description:
|
2006-10-31 23:11:25 +09:00
|
|
|
* ip6_tnl_err() should handle errors in the tunnel according
|
2005-04-17 07:20:36 +09:00
|
|
|
* to the specifications in RFC 2473.
|
|
|
|
|
**/
|
|
|
|
|
|
2006-03-28 18:12:13 +09:00
|
|
|
static int
|
2006-11-30 14:43:28 +09:00
|
|
|
ip6_tnl_err(struct sk_buff *skb, __u8 ipproto, struct inet6_skb_parm *opt,
|
2009-06-23 20:31:07 +09:00
|
|
|
u8 *type, u8 *code, int *msg, __u32 *info, int offset)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2017-11-11 20:06:51 +09:00
|
|
|
const struct ipv6hdr *ipv6h = (const struct ipv6hdr *)skb->data;
|
|
|
|
|
struct net *net = dev_net(skb->dev);
|
2009-06-23 20:31:07 +09:00
|
|
|
u8 rel_type = ICMPV6_DEST_UNREACH;
|
|
|
|
|
u8 rel_code = ICMPV6_ADDR_UNREACH;
|
2005-04-17 07:20:36 +09:00
|
|
|
__u32 rel_info = 0;
|
2017-11-11 20:06:51 +09:00
|
|
|
struct ip6_tnl *t;
|
2006-03-28 18:12:13 +09:00
|
|
|
int err = -ENOENT;
|
2017-11-11 20:06:51 +09:00
|
|
|
int rel_msg = 0;
|
|
|
|
|
u8 tproto;
|
|
|
|
|
__u16 len;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2007-02-09 23:24:49 +09:00
|
|
|
/* If the packet doesn't contain the original IPv6 header we are
|
|
|
|
|
in trouble since we might need the source address for further
|
2005-04-17 07:20:36 +09:00
|
|
|
processing of the error. */
|
|
|
|
|
|
2009-10-23 15:34:34 +09:00
|
|
|
rcu_read_lock();
|
2014-11-24 06:28:43 +09:00
|
|
|
t = ip6_tnl_lookup(dev_net(skb->dev), &ipv6h->daddr, &ipv6h->saddr);
|
2015-03-29 22:00:04 +09:00
|
|
|
if (!t)
|
2005-04-17 07:20:36 +09:00
|
|
|
goto out;
|
|
|
|
|
|
locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE()
Please do not apply this to mainline directly, instead please re-run the
coccinelle script shown below and apply its output.
For several reasons, it is desirable to use {READ,WRITE}_ONCE() in
preference to ACCESS_ONCE(), and new code is expected to use one of the
former. So far, there's been no reason to change most existing uses of
ACCESS_ONCE(), as these aren't harmful, and changing them results in
churn.
However, for some features, the read/write distinction is critical to
correct operation. To distinguish these cases, separate read/write
accessors must be used. This patch migrates (most) remaining
ACCESS_ONCE() instances to {READ,WRITE}_ONCE(), using the following
coccinelle script:
----
// Convert trivial ACCESS_ONCE() uses to equivalent READ_ONCE() and
// WRITE_ONCE()
// $ make coccicheck COCCI=/home/mark/once.cocci SPFLAGS="--include-headers" MODE=patch
virtual patch
@ depends on patch @
expression E1, E2;
@@
- ACCESS_ONCE(E1) = E2
+ WRITE_ONCE(E1, E2)
@ depends on patch @
expression E;
@@
- ACCESS_ONCE(E)
+ READ_ONCE(E)
----
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: davem@davemloft.net
Cc: linux-arch@vger.kernel.org
Cc: mpe@ellerman.id.au
Cc: shuah@kernel.org
Cc: snitzer@redhat.com
Cc: thor.thayer@linux.intel.com
Cc: tj@kernel.org
Cc: viro@zeniv.linux.org.uk
Cc: will.deacon@arm.com
Link: http://lkml.kernel.org/r/1508792849-3115-19-git-send-email-paulmck@linux.vnet.ibm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-10-24 06:07:29 +09:00
|
|
|
tproto = READ_ONCE(t->parms.proto);
|
2014-10-29 16:54:52 +09:00
|
|
|
if (tproto != ipproto && tproto != 0)
|
2006-11-30 14:43:28 +09:00
|
|
|
goto out;
|
|
|
|
|
|
2006-03-28 18:12:13 +09:00
|
|
|
err = 0;
|
|
|
|
|
|
2006-10-31 23:11:25 +09:00
|
|
|
switch (*type) {
|
2005-04-17 07:20:36 +09:00
|
|
|
struct ipv6_tlv_tnl_enc_lim *tel;
|
2017-11-11 20:06:52 +09:00
|
|
|
__u32 mtu, teli;
|
2005-04-17 07:20:36 +09:00
|
|
|
case ICMPV6_DEST_UNREACH:
|
2015-09-25 08:01:47 +09:00
|
|
|
net_dbg_ratelimited("%s: Path to destination invalid or inactive!\n",
|
|
|
|
|
t->parms.name);
|
2005-04-17 07:20:36 +09:00
|
|
|
rel_msg = 1;
|
|
|
|
|
break;
|
|
|
|
|
case ICMPV6_TIME_EXCEED:
|
2006-10-31 23:11:25 +09:00
|
|
|
if ((*code) == ICMPV6_EXC_HOPLIMIT) {
|
2015-09-25 08:01:47 +09:00
|
|
|
net_dbg_ratelimited("%s: Too small hop limit or routing loop in tunnel!\n",
|
|
|
|
|
t->parms.name);
|
2005-04-17 07:20:36 +09:00
|
|
|
rel_msg = 1;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ICMPV6_PARAMPROB:
|
2006-11-25 10:08:58 +09:00
|
|
|
teli = 0;
|
2006-10-31 23:11:25 +09:00
|
|
|
if ((*code) == ICMPV6_HDR_FIELD)
|
2012-08-10 09:51:50 +09:00
|
|
|
teli = ip6_tnl_parse_tlv_enc_lim(skb, skb->data);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2007-07-27 01:33:29 +09:00
|
|
|
if (teli && teli == *info - 2) {
|
2005-04-17 07:20:36 +09:00
|
|
|
tel = (struct ipv6_tlv_tnl_enc_lim *) &skb->data[teli];
|
|
|
|
|
if (tel->encap_limit == 0) {
|
2015-09-25 08:01:47 +09:00
|
|
|
net_dbg_ratelimited("%s: Too small encapsulation limit or routing loop in tunnel!\n",
|
|
|
|
|
t->parms.name);
|
2005-04-17 07:20:36 +09:00
|
|
|
rel_msg = 1;
|
|
|
|
|
}
|
2012-05-14 06:56:26 +09:00
|
|
|
} else {
|
2015-09-25 08:01:47 +09:00
|
|
|
net_dbg_ratelimited("%s: Recipient unable to parse tunneled packet!\n",
|
|
|
|
|
t->parms.name);
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ICMPV6_PKT_TOOBIG:
|
2017-11-11 20:06:52 +09:00
|
|
|
ip6_update_pmtu(skb, net, htonl(*info), 0, 0,
|
|
|
|
|
sock_net_uid(net, NULL));
|
2007-07-27 01:33:29 +09:00
|
|
|
mtu = *info - offset;
|
2005-04-17 07:20:36 +09:00
|
|
|
if (mtu < IPV6_MIN_MTU)
|
|
|
|
|
mtu = IPV6_MIN_MTU;
|
2014-11-24 06:28:43 +09:00
|
|
|
len = sizeof(*ipv6h) + ntohs(ipv6h->payload_len);
|
|
|
|
|
if (len > mtu) {
|
2005-04-17 07:20:36 +09:00
|
|
|
rel_type = ICMPV6_PKT_TOOBIG;
|
|
|
|
|
rel_code = 0;
|
|
|
|
|
rel_info = mtu;
|
|
|
|
|
rel_msg = 1;
|
|
|
|
|
}
|
|
|
|
|
break;
|
2017-11-11 20:06:51 +09:00
|
|
|
case NDISC_REDIRECT:
|
|
|
|
|
ip6_redirect(skb, net, skb->dev->ifindex, 0,
|
|
|
|
|
sock_net_uid(net, NULL));
|
|
|
|
|
break;
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
2006-10-31 23:11:25 +09:00
|
|
|
|
|
|
|
|
*type = rel_type;
|
|
|
|
|
*code = rel_code;
|
|
|
|
|
*info = rel_info;
|
|
|
|
|
*msg = rel_msg;
|
|
|
|
|
|
|
|
|
|
out:
|
2009-10-23 15:34:34 +09:00
|
|
|
rcu_read_unlock();
|
2006-10-31 23:11:25 +09:00
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2007-02-15 00:43:16 +09:00
|
|
|
static int
|
|
|
|
|
ip4ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
|
2009-06-23 20:31:07 +09:00
|
|
|
u8 type, u8 code, int offset, __be32 info)
|
2007-02-15 00:43:16 +09:00
|
|
|
{
|
2007-07-27 01:33:29 +09:00
|
|
|
__u32 rel_info = ntohl(info);
|
2011-04-22 13:53:02 +09:00
|
|
|
const struct iphdr *eiph;
|
2017-11-11 20:06:53 +09:00
|
|
|
struct sk_buff *skb2;
|
|
|
|
|
int err, rel_msg = 0;
|
|
|
|
|
u8 rel_type = type;
|
|
|
|
|
u8 rel_code = code;
|
2007-02-15 00:43:16 +09:00
|
|
|
struct rtable *rt;
|
2011-05-04 12:25:42 +09:00
|
|
|
struct flowi4 fl4;
|
2007-02-15 00:43:16 +09:00
|
|
|
|
2006-11-30 14:43:28 +09:00
|
|
|
err = ip6_tnl_err(skb, IPPROTO_IPIP, opt, &rel_type, &rel_code,
|
|
|
|
|
&rel_msg, &rel_info, offset);
|
2007-02-15 00:43:16 +09:00
|
|
|
if (err < 0)
|
|
|
|
|
return err;
|
|
|
|
|
|
|
|
|
|
if (rel_msg == 0)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
switch (rel_type) {
|
|
|
|
|
case ICMPV6_DEST_UNREACH:
|
|
|
|
|
if (rel_code != ICMPV6_ADDR_UNREACH)
|
|
|
|
|
return 0;
|
|
|
|
|
rel_type = ICMP_DEST_UNREACH;
|
|
|
|
|
rel_code = ICMP_HOST_UNREACH;
|
|
|
|
|
break;
|
|
|
|
|
case ICMPV6_PKT_TOOBIG:
|
|
|
|
|
if (rel_code != 0)
|
|
|
|
|
return 0;
|
|
|
|
|
rel_type = ICMP_DEST_UNREACH;
|
|
|
|
|
rel_code = ICMP_FRAG_NEEDED;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!pskb_may_pull(skb, offset + sizeof(struct iphdr)))
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
skb2 = skb_clone(skb, GFP_ATOMIC);
|
|
|
|
|
if (!skb2)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2009-06-02 14:19:30 +09:00
|
|
|
skb_dst_drop(skb2);
|
|
|
|
|
|
2007-02-15 00:43:16 +09:00
|
|
|
skb_pull(skb2, offset);
|
2007-04-11 12:45:18 +09:00
|
|
|
skb_reset_network_header(skb2);
|
2007-04-21 14:47:35 +09:00
|
|
|
eiph = ip_hdr(skb2);
|
2007-02-15 00:43:16 +09:00
|
|
|
|
|
|
|
|
/* Try to guess incoming interface */
|
2017-11-11 20:06:53 +09:00
|
|
|
rt = ip_route_output_ports(dev_net(skb->dev), &fl4, NULL, eiph->saddr,
|
|
|
|
|
0, 0, 0, IPPROTO_IPIP, RT_TOS(eiph->tos), 0);
|
2011-03-03 07:31:35 +09:00
|
|
|
if (IS_ERR(rt))
|
2007-02-15 00:43:16 +09:00
|
|
|
goto out;
|
|
|
|
|
|
2010-06-11 15:31:35 +09:00
|
|
|
skb2->dev = rt->dst.dev;
|
2017-11-11 20:06:53 +09:00
|
|
|
ip_rt_put(rt);
|
2007-02-15 00:43:16 +09:00
|
|
|
|
|
|
|
|
/* route "incoming" packet */
|
|
|
|
|
if (rt->rt_flags & RTCF_LOCAL) {
|
2011-05-04 12:25:42 +09:00
|
|
|
rt = ip_route_output_ports(dev_net(skb->dev), &fl4, NULL,
|
2017-11-11 20:06:53 +09:00
|
|
|
eiph->daddr, eiph->saddr, 0, 0,
|
|
|
|
|
IPPROTO_IPIP, RT_TOS(eiph->tos), 0);
|
2019-04-01 09:04:42 +09:00
|
|
|
if (IS_ERR(rt) || rt->dst.dev->type != ARPHRD_TUNNEL6) {
|
2011-03-03 07:31:35 +09:00
|
|
|
if (!IS_ERR(rt))
|
|
|
|
|
ip_rt_put(rt);
|
2007-02-15 00:43:16 +09:00
|
|
|
goto out;
|
|
|
|
|
}
|
2011-03-03 07:31:35 +09:00
|
|
|
skb_dst_set(skb2, &rt->dst);
|
2007-02-15 00:43:16 +09:00
|
|
|
} else {
|
|
|
|
|
if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos,
|
|
|
|
|
skb2->dev) ||
|
2019-04-01 09:04:42 +09:00
|
|
|
skb_dst(skb2)->dev->type != ARPHRD_TUNNEL6)
|
2007-02-15 00:43:16 +09:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* change mtu on this route */
|
|
|
|
|
if (rel_type == ICMP_DEST_UNREACH && rel_code == ICMP_FRAG_NEEDED) {
|
2009-06-02 14:19:30 +09:00
|
|
|
if (rel_info > dst_mtu(skb_dst(skb2)))
|
2007-02-15 00:43:16 +09:00
|
|
|
goto out;
|
|
|
|
|
|
2019-12-22 11:51:13 +09:00
|
|
|
skb_dst_update_pmtu_no_confirm(skb2, rel_info);
|
2007-02-15 00:43:16 +09:00
|
|
|
}
|
|
|
|
|
|
2007-07-27 01:33:29 +09:00
|
|
|
icmp_send(skb2, rel_type, rel_code, htonl(rel_info));
|
2007-02-15 00:43:16 +09:00
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
kfree_skb(skb2);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2006-10-31 23:11:25 +09:00
|
|
|
static int
|
|
|
|
|
ip6ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
|
2009-06-23 20:31:07 +09:00
|
|
|
u8 type, u8 code, int offset, __be32 info)
|
2006-10-31 23:11:25 +09:00
|
|
|
{
|
2017-11-11 20:06:53 +09:00
|
|
|
__u32 rel_info = ntohl(info);
|
|
|
|
|
int err, rel_msg = 0;
|
2009-06-23 20:31:07 +09:00
|
|
|
u8 rel_type = type;
|
|
|
|
|
u8 rel_code = code;
|
2006-10-31 23:11:25 +09:00
|
|
|
|
2006-11-30 14:43:28 +09:00
|
|
|
err = ip6_tnl_err(skb, IPPROTO_IPV6, opt, &rel_type, &rel_code,
|
|
|
|
|
&rel_msg, &rel_info, offset);
|
2006-10-31 23:11:25 +09:00
|
|
|
if (err < 0)
|
|
|
|
|
return err;
|
|
|
|
|
|
|
|
|
|
if (rel_msg && pskb_may_pull(skb, offset + sizeof(struct ipv6hdr))) {
|
2005-04-17 07:20:36 +09:00
|
|
|
struct rt6_info *rt;
|
|
|
|
|
struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
|
2006-11-25 10:06:53 +09:00
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
if (!skb2)
|
2006-10-31 23:11:25 +09:00
|
|
|
return 0;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2009-06-02 14:19:30 +09:00
|
|
|
skb_dst_drop(skb2);
|
2005-04-17 07:20:36 +09:00
|
|
|
skb_pull(skb2, offset);
|
2007-04-11 12:45:18 +09:00
|
|
|
skb_reset_network_header(skb2);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
|
|
|
|
/* Try to guess incoming interface */
|
2008-04-16 17:23:44 +09:00
|
|
|
rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr,
|
2018-03-03 01:32:17 +09:00
|
|
|
NULL, 0, skb2, 0);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2011-12-29 10:19:20 +09:00
|
|
|
if (rt && rt->dst.dev)
|
|
|
|
|
skb2->dev = rt->dst.dev;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2010-02-18 17:25:24 +09:00
|
|
|
icmpv6_send(skb2, rel_type, rel_code, rel_info);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2012-10-29 09:13:19 +09:00
|
|
|
ip6_rt_put(rt);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
|
|
|
|
kfree_skb(skb2);
|
|
|
|
|
}
|
2006-10-31 23:11:25 +09:00
|
|
|
|
|
|
|
|
return 0;
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
|
2012-11-27 12:07:11 +09:00
|
|
|
static int ip4ip6_dscp_ecn_decapsulate(const struct ip6_tnl *t,
|
|
|
|
|
const struct ipv6hdr *ipv6h,
|
|
|
|
|
struct sk_buff *skb)
|
2007-02-15 00:43:16 +09:00
|
|
|
{
|
|
|
|
|
__u8 dsfield = ipv6_get_dsfield(ipv6h) & ~INET_ECN_MASK;
|
|
|
|
|
|
|
|
|
|
if (t->parms.flags & IP6_TNL_F_RCV_DSCP_COPY)
|
2007-04-21 14:47:35 +09:00
|
|
|
ipv4_change_dsfield(ip_hdr(skb), INET_ECN_MASK, dsfield);
|
2007-02-15 00:43:16 +09:00
|
|
|
|
2012-11-27 12:07:11 +09:00
|
|
|
return IP6_ECN_decapsulate(ipv6h, skb);
|
2007-02-15 00:43:16 +09:00
|
|
|
}
|
|
|
|
|
|
2012-11-27 12:07:11 +09:00
|
|
|
static int ip6ip6_dscp_ecn_decapsulate(const struct ip6_tnl *t,
|
|
|
|
|
const struct ipv6hdr *ipv6h,
|
|
|
|
|
struct sk_buff *skb)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2006-11-03 09:39:14 +09:00
|
|
|
if (t->parms.flags & IP6_TNL_F_RCV_DSCP_COPY)
|
2007-11-14 14:40:13 +09:00
|
|
|
ipv6_copy_dscp(ipv6_get_dsfield(ipv6h), ipv6_hdr(skb));
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2012-11-27 12:07:11 +09:00
|
|
|
return IP6_ECN_decapsulate(ipv6h, skb);
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
2006-11-03 09:39:14 +09:00
|
|
|
|
2012-08-10 09:51:50 +09:00
|
|
|
__u32 ip6_tnl_get_cap(struct ip6_tnl *t,
|
2012-06-29 03:15:52 +09:00
|
|
|
const struct in6_addr *laddr,
|
|
|
|
|
const struct in6_addr *raddr)
|
|
|
|
|
{
|
2012-08-10 09:51:50 +09:00
|
|
|
struct __ip6_tnl_parm *p = &t->parms;
|
2012-06-29 03:15:52 +09:00
|
|
|
int ltype = ipv6_addr_type(laddr);
|
|
|
|
|
int rtype = ipv6_addr_type(raddr);
|
|
|
|
|
__u32 flags = 0;
|
|
|
|
|
|
|
|
|
|
if (ltype == IPV6_ADDR_ANY || rtype == IPV6_ADDR_ANY) {
|
|
|
|
|
flags = IP6_TNL_F_CAP_PER_PACKET;
|
|
|
|
|
} else if (ltype & (IPV6_ADDR_UNICAST|IPV6_ADDR_MULTICAST) &&
|
|
|
|
|
rtype & (IPV6_ADDR_UNICAST|IPV6_ADDR_MULTICAST) &&
|
|
|
|
|
!((ltype|rtype) & IPV6_ADDR_LOOPBACK) &&
|
|
|
|
|
(!((ltype|rtype) & IPV6_ADDR_LINKLOCAL) || p->link)) {
|
|
|
|
|
if (ltype&IPV6_ADDR_UNICAST)
|
|
|
|
|
flags |= IP6_TNL_F_CAP_XMIT;
|
|
|
|
|
if (rtype&IPV6_ADDR_UNICAST)
|
|
|
|
|
flags |= IP6_TNL_F_CAP_RCV;
|
|
|
|
|
}
|
|
|
|
|
return flags;
|
|
|
|
|
}
|
2012-08-10 09:51:50 +09:00
|
|
|
EXPORT_SYMBOL(ip6_tnl_get_cap);
|
2012-06-29 03:15:52 +09:00
|
|
|
|
2009-11-02 19:21:37 +09:00
|
|
|
/* called with rcu_read_lock() */
|
2012-08-10 09:51:50 +09:00
|
|
|
int ip6_tnl_rcv_ctl(struct ip6_tnl *t,
|
2012-06-29 03:15:52 +09:00
|
|
|
const struct in6_addr *laddr,
|
|
|
|
|
const struct in6_addr *raddr)
|
2006-11-25 10:06:27 +09:00
|
|
|
{
|
2012-08-10 09:51:50 +09:00
|
|
|
struct __ip6_tnl_parm *p = &t->parms;
|
2006-11-25 10:06:27 +09:00
|
|
|
int ret = 0;
|
2013-08-14 00:51:12 +09:00
|
|
|
struct net *net = t->net;
|
2006-11-25 10:06:27 +09:00
|
|
|
|
2012-06-29 03:15:52 +09:00
|
|
|
if ((p->flags & IP6_TNL_F_CAP_RCV) ||
|
|
|
|
|
((p->flags & IP6_TNL_F_CAP_PER_PACKET) &&
|
|
|
|
|
(ip6_tnl_get_cap(t, laddr, raddr) & IP6_TNL_F_CAP_RCV))) {
|
2007-02-09 23:24:49 +09:00
|
|
|
struct net_device *ldev = NULL;
|
2006-11-25 10:06:27 +09:00
|
|
|
|
|
|
|
|
if (p->link)
|
2009-11-02 19:21:37 +09:00
|
|
|
ldev = dev_get_by_index_rcu(net, p->link);
|
2006-11-25 10:06:27 +09:00
|
|
|
|
2012-06-29 03:15:52 +09:00
|
|
|
if ((ipv6_addr_is_multicast(laddr) ||
|
2018-03-14 00:29:37 +09:00
|
|
|
likely(ipv6_chk_addr_and_flags(net, laddr, ldev, false,
|
|
|
|
|
0, IFA_F_TENTATIVE))) &&
|
2017-10-21 06:25:15 +09:00
|
|
|
((p->flags & IP6_TNL_F_ALLOW_LOCAL_REMOTE) ||
|
2018-03-14 00:29:37 +09:00
|
|
|
likely(!ipv6_chk_addr_and_flags(net, raddr, ldev, true,
|
|
|
|
|
0, IFA_F_TENTATIVE))))
|
2006-11-25 10:06:27 +09:00
|
|
|
ret = 1;
|
|
|
|
|
}
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
2012-08-10 09:51:50 +09:00
|
|
|
EXPORT_SYMBOL_GPL(ip6_tnl_rcv_ctl);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2016-04-30 09:12:15 +09:00
|
|
|
static int __ip6_tnl_rcv(struct ip6_tnl *tunnel, struct sk_buff *skb,
|
|
|
|
|
const struct tnl_ptk_info *tpi,
|
|
|
|
|
struct metadata_dst *tun_dst,
|
|
|
|
|
int (*dscp_ecn_decapsulate)(const struct ip6_tnl *t,
|
|
|
|
|
const struct ipv6hdr *ipv6h,
|
|
|
|
|
struct sk_buff *skb),
|
|
|
|
|
bool log_ecn_err)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2016-04-30 09:12:15 +09:00
|
|
|
struct pcpu_sw_netstats *tstats;
|
2011-04-22 13:53:02 +09:00
|
|
|
const struct ipv6hdr *ipv6h = ipv6_hdr(skb);
|
2012-11-27 12:07:11 +09:00
|
|
|
int err;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2016-04-30 09:12:15 +09:00
|
|
|
if ((!(tpi->flags & TUNNEL_CSUM) &&
|
|
|
|
|
(tunnel->parms.i_flags & TUNNEL_CSUM)) ||
|
|
|
|
|
((tpi->flags & TUNNEL_CSUM) &&
|
|
|
|
|
!(tunnel->parms.i_flags & TUNNEL_CSUM))) {
|
|
|
|
|
tunnel->dev->stats.rx_crc_errors++;
|
|
|
|
|
tunnel->dev->stats.rx_errors++;
|
|
|
|
|
goto drop;
|
|
|
|
|
}
|
2010-09-28 12:23:34 +09:00
|
|
|
|
2016-04-30 09:12:15 +09:00
|
|
|
if (tunnel->parms.i_flags & TUNNEL_SEQ) {
|
|
|
|
|
if (!(tpi->flags & TUNNEL_SEQ) ||
|
|
|
|
|
(tunnel->i_seqno &&
|
|
|
|
|
(s32)(ntohl(tpi->seq) - tunnel->i_seqno) < 0)) {
|
|
|
|
|
tunnel->dev->stats.rx_fifo_errors++;
|
|
|
|
|
tunnel->dev->stats.rx_errors++;
|
|
|
|
|
goto drop;
|
2006-11-30 14:43:28 +09:00
|
|
|
}
|
2016-04-30 09:12:15 +09:00
|
|
|
tunnel->i_seqno = ntohl(tpi->seq) + 1;
|
|
|
|
|
}
|
2006-11-30 14:43:28 +09:00
|
|
|
|
2016-04-30 09:12:15 +09:00
|
|
|
skb->protocol = tpi->proto;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2016-04-30 09:12:15 +09:00
|
|
|
/* Warning: All skb pointers will be invalidated! */
|
|
|
|
|
if (tunnel->dev->type == ARPHRD_ETHER) {
|
|
|
|
|
if (!pskb_may_pull(skb, ETH_HLEN)) {
|
|
|
|
|
tunnel->dev->stats.rx_length_errors++;
|
|
|
|
|
tunnel->dev->stats.rx_errors++;
|
|
|
|
|
goto drop;
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
2016-04-30 09:12:15 +09:00
|
|
|
|
|
|
|
|
ipv6h = ipv6_hdr(skb);
|
|
|
|
|
skb->protocol = eth_type_trans(skb, tunnel->dev);
|
|
|
|
|
skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
|
|
|
|
|
} else {
|
|
|
|
|
skb->dev = tunnel->dev;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
skb_reset_network_header(skb);
|
|
|
|
|
memset(skb->cb, 0, sizeof(struct inet6_skb_parm));
|
|
|
|
|
|
|
|
|
|
__skb_tunnel_rx(skb, tunnel->dev, tunnel->net);
|
|
|
|
|
|
|
|
|
|
err = dscp_ecn_decapsulate(tunnel, ipv6h, skb);
|
|
|
|
|
if (unlikely(err)) {
|
|
|
|
|
if (log_ecn_err)
|
|
|
|
|
net_info_ratelimited("non-ECT from %pI6 with DS=%#x\n",
|
|
|
|
|
&ipv6h->saddr,
|
|
|
|
|
ipv6_get_dsfield(ipv6h));
|
|
|
|
|
if (err > 1) {
|
|
|
|
|
++tunnel->dev->stats.rx_frame_errors;
|
|
|
|
|
++tunnel->dev->stats.rx_errors;
|
|
|
|
|
goto drop;
|
2012-11-27 12:07:11 +09:00
|
|
|
}
|
2016-04-30 09:12:15 +09:00
|
|
|
}
|
2012-11-27 12:07:11 +09:00
|
|
|
|
2016-04-30 09:12:15 +09:00
|
|
|
tstats = this_cpu_ptr(tunnel->dev->tstats);
|
|
|
|
|
u64_stats_update_begin(&tstats->syncp);
|
|
|
|
|
tstats->rx_packets++;
|
|
|
|
|
tstats->rx_bytes += skb->len;
|
|
|
|
|
u64_stats_update_end(&tstats->syncp);
|
2010-09-28 12:23:34 +09:00
|
|
|
|
2016-04-30 09:12:15 +09:00
|
|
|
skb_scrub_packet(skb, !net_eq(tunnel->net, dev_net(tunnel->dev)));
|
2010-09-20 09:12:11 +09:00
|
|
|
|
2016-09-16 05:00:30 +09:00
|
|
|
if (tun_dst)
|
|
|
|
|
skb_dst_set(skb, (struct dst_entry *)tun_dst);
|
|
|
|
|
|
2016-04-30 09:12:15 +09:00
|
|
|
gro_cells_receive(&tunnel->gro_cells, skb);
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
drop:
|
2017-06-15 11:29:30 +09:00
|
|
|
if (tun_dst)
|
|
|
|
|
dst_release((struct dst_entry *)tun_dst);
|
2016-04-30 09:12:15 +09:00
|
|
|
kfree_skb(skb);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int ip6_tnl_rcv(struct ip6_tnl *t, struct sk_buff *skb,
|
|
|
|
|
const struct tnl_ptk_info *tpi,
|
|
|
|
|
struct metadata_dst *tun_dst,
|
|
|
|
|
bool log_ecn_err)
|
|
|
|
|
{
|
2020-08-19 10:53:58 +09:00
|
|
|
int (*dscp_ecn_decapsulate)(const struct ip6_tnl *t,
|
|
|
|
|
const struct ipv6hdr *ipv6h,
|
|
|
|
|
struct sk_buff *skb);
|
|
|
|
|
|
|
|
|
|
dscp_ecn_decapsulate = ip6ip6_dscp_ecn_decapsulate;
|
|
|
|
|
if (tpi->proto == htons(ETH_P_IP))
|
|
|
|
|
dscp_ecn_decapsulate = ip4ip6_dscp_ecn_decapsulate;
|
|
|
|
|
|
|
|
|
|
return __ip6_tnl_rcv(t, skb, tpi, tun_dst, dscp_ecn_decapsulate,
|
2016-04-30 09:12:15 +09:00
|
|
|
log_ecn_err);
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL(ip6_tnl_rcv);
|
|
|
|
|
|
|
|
|
|
static const struct tnl_ptk_info tpi_v6 = {
|
|
|
|
|
/* no tunnel info required for ipxip6. */
|
|
|
|
|
.proto = htons(ETH_P_IPV6),
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static const struct tnl_ptk_info tpi_v4 = {
|
|
|
|
|
/* no tunnel info required for ipxip6. */
|
|
|
|
|
.proto = htons(ETH_P_IP),
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int ipxip6_rcv(struct sk_buff *skb, u8 ipproto,
|
|
|
|
|
const struct tnl_ptk_info *tpi,
|
|
|
|
|
int (*dscp_ecn_decapsulate)(const struct ip6_tnl *t,
|
|
|
|
|
const struct ipv6hdr *ipv6h,
|
|
|
|
|
struct sk_buff *skb))
|
|
|
|
|
{
|
|
|
|
|
struct ip6_tnl *t;
|
|
|
|
|
const struct ipv6hdr *ipv6h = ipv6_hdr(skb);
|
2016-09-16 05:00:30 +09:00
|
|
|
struct metadata_dst *tun_dst = NULL;
|
2016-04-30 09:12:15 +09:00
|
|
|
int ret = -1;
|
|
|
|
|
|
|
|
|
|
rcu_read_lock();
|
|
|
|
|
t = ip6_tnl_lookup(dev_net(skb->dev), &ipv6h->saddr, &ipv6h->daddr);
|
|
|
|
|
|
|
|
|
|
if (t) {
|
locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE()
Please do not apply this to mainline directly, instead please re-run the
coccinelle script shown below and apply its output.
For several reasons, it is desirable to use {READ,WRITE}_ONCE() in
preference to ACCESS_ONCE(), and new code is expected to use one of the
former. So far, there's been no reason to change most existing uses of
ACCESS_ONCE(), as these aren't harmful, and changing them results in
churn.
However, for some features, the read/write distinction is critical to
correct operation. To distinguish these cases, separate read/write
accessors must be used. This patch migrates (most) remaining
ACCESS_ONCE() instances to {READ,WRITE}_ONCE(), using the following
coccinelle script:
----
// Convert trivial ACCESS_ONCE() uses to equivalent READ_ONCE() and
// WRITE_ONCE()
// $ make coccicheck COCCI=/home/mark/once.cocci SPFLAGS="--include-headers" MODE=patch
virtual patch
@ depends on patch @
expression E1, E2;
@@
- ACCESS_ONCE(E1) = E2
+ WRITE_ONCE(E1, E2)
@ depends on patch @
expression E;
@@
- ACCESS_ONCE(E)
+ READ_ONCE(E)
----
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: davem@davemloft.net
Cc: linux-arch@vger.kernel.org
Cc: mpe@ellerman.id.au
Cc: shuah@kernel.org
Cc: snitzer@redhat.com
Cc: thor.thayer@linux.intel.com
Cc: tj@kernel.org
Cc: viro@zeniv.linux.org.uk
Cc: will.deacon@arm.com
Link: http://lkml.kernel.org/r/1508792849-3115-19-git-send-email-paulmck@linux.vnet.ibm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-10-24 06:07:29 +09:00
|
|
|
u8 tproto = READ_ONCE(t->parms.proto);
|
2016-04-30 09:12:15 +09:00
|
|
|
|
|
|
|
|
if (tproto != ipproto && tproto != 0)
|
|
|
|
|
goto drop;
|
|
|
|
|
if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
|
|
|
|
|
goto drop;
|
2018-12-22 00:47:51 +09:00
|
|
|
ipv6h = ipv6_hdr(skb);
|
2016-04-30 09:12:15 +09:00
|
|
|
if (!ip6_tnl_rcv_ctl(t, &ipv6h->daddr, &ipv6h->saddr))
|
|
|
|
|
goto drop;
|
|
|
|
|
if (iptunnel_pull_header(skb, 0, tpi->proto, false))
|
|
|
|
|
goto drop;
|
2016-09-16 05:00:30 +09:00
|
|
|
if (t->parms.collect_md) {
|
|
|
|
|
tun_dst = ipv6_tun_rx_dst(skb, 0, 0, 0);
|
|
|
|
|
if (!tun_dst)
|
2017-12-07 10:15:43 +09:00
|
|
|
goto drop;
|
2016-09-16 05:00:30 +09:00
|
|
|
}
|
|
|
|
|
ret = __ip6_tnl_rcv(t, skb, tpi, tun_dst, dscp_ecn_decapsulate,
|
2016-04-30 09:12:15 +09:00
|
|
|
log_ecn_error);
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
2016-04-30 09:12:15 +09:00
|
|
|
|
2009-10-23 15:34:34 +09:00
|
|
|
rcu_read_unlock();
|
2006-04-05 05:50:45 +09:00
|
|
|
|
2016-04-30 09:12:15 +09:00
|
|
|
return ret;
|
|
|
|
|
|
|
|
|
|
drop:
|
|
|
|
|
rcu_read_unlock();
|
2006-04-05 05:50:45 +09:00
|
|
|
kfree_skb(skb);
|
|
|
|
|
return 0;
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
|
2007-02-15 00:43:16 +09:00
|
|
|
static int ip4ip6_rcv(struct sk_buff *skb)
|
|
|
|
|
{
|
2016-05-10 23:08:17 +09:00
|
|
|
return ipxip6_rcv(skb, IPPROTO_IPIP, &tpi_v4,
|
2016-04-30 09:12:15 +09:00
|
|
|
ip4ip6_dscp_ecn_decapsulate);
|
2007-02-15 00:43:16 +09:00
|
|
|
}
|
|
|
|
|
|
2006-11-03 09:39:14 +09:00
|
|
|
static int ip6ip6_rcv(struct sk_buff *skb)
|
|
|
|
|
{
|
2016-04-30 09:12:15 +09:00
|
|
|
return ipxip6_rcv(skb, IPPROTO_IPV6, &tpi_v6,
|
|
|
|
|
ip6ip6_dscp_ecn_decapsulate);
|
2006-11-03 09:39:14 +09:00
|
|
|
}
|
|
|
|
|
|
2006-11-25 10:08:32 +09:00
|
|
|
struct ipv6_tel_txoption {
|
|
|
|
|
struct ipv6_txoptions ops;
|
|
|
|
|
__u8 dst_opt[8];
|
|
|
|
|
};
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2006-11-25 10:08:32 +09:00
|
|
|
static void init_tel_txopt(struct ipv6_tel_txoption *opt, __u8 encap_limit)
|
|
|
|
|
{
|
|
|
|
|
memset(opt, 0, sizeof(struct ipv6_tel_txoption));
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2006-11-25 10:08:32 +09:00
|
|
|
opt->dst_opt[2] = IPV6_TLV_TNL_ENCAP_LIMIT;
|
|
|
|
|
opt->dst_opt[3] = 1;
|
|
|
|
|
opt->dst_opt[4] = encap_limit;
|
|
|
|
|
opt->dst_opt[5] = IPV6_TLV_PADN;
|
|
|
|
|
opt->dst_opt[6] = 1;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2017-04-27 03:37:45 +09:00
|
|
|
opt->ops.dst1opt = (struct ipv6_opt_hdr *) opt->dst_opt;
|
2006-11-25 10:08:32 +09:00
|
|
|
opt->ops.opt_nflen = 8;
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_addr_conflict - compare packet addresses to tunnel's own
|
2005-04-17 07:20:36 +09:00
|
|
|
* @t: the outgoing tunnel device
|
2007-02-09 23:24:49 +09:00
|
|
|
* @hdr: IPv6 header from the incoming packet
|
2005-04-17 07:20:36 +09:00
|
|
|
*
|
|
|
|
|
* Description:
|
2007-02-09 23:24:49 +09:00
|
|
|
* Avoid trivial tunneling loop by checking that tunnel exit-point
|
2005-04-17 07:20:36 +09:00
|
|
|
* doesn't match source of incoming packet.
|
|
|
|
|
*
|
2007-02-09 23:24:49 +09:00
|
|
|
* Return:
|
2005-04-17 07:20:36 +09:00
|
|
|
* 1 if conflict,
|
|
|
|
|
* 0 else
|
|
|
|
|
**/
|
|
|
|
|
|
2012-05-18 15:14:11 +09:00
|
|
|
static inline bool
|
2011-04-22 13:53:02 +09:00
|
|
|
ip6_tnl_addr_conflict(const struct ip6_tnl *t, const struct ipv6hdr *hdr)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
|
|
|
|
return ipv6_addr_equal(&t->parms.raddr, &hdr->saddr);
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-05 16:02:48 +09:00
|
|
|
int ip6_tnl_xmit_ctl(struct ip6_tnl *t,
|
|
|
|
|
const struct in6_addr *laddr,
|
|
|
|
|
const struct in6_addr *raddr)
|
2006-11-25 10:06:27 +09:00
|
|
|
{
|
2012-08-10 09:51:50 +09:00
|
|
|
struct __ip6_tnl_parm *p = &t->parms;
|
2006-11-25 10:06:27 +09:00
|
|
|
int ret = 0;
|
2013-08-14 00:51:12 +09:00
|
|
|
struct net *net = t->net;
|
2006-11-25 10:06:27 +09:00
|
|
|
|
2017-12-02 08:26:08 +09:00
|
|
|
if (t->parms.collect_md)
|
|
|
|
|
return 1;
|
|
|
|
|
|
2014-11-05 16:02:48 +09:00
|
|
|
if ((p->flags & IP6_TNL_F_CAP_XMIT) ||
|
|
|
|
|
((p->flags & IP6_TNL_F_CAP_PER_PACKET) &&
|
|
|
|
|
(ip6_tnl_get_cap(t, laddr, raddr) & IP6_TNL_F_CAP_XMIT))) {
|
2006-11-25 10:06:27 +09:00
|
|
|
struct net_device *ldev = NULL;
|
|
|
|
|
|
2009-11-02 19:21:37 +09:00
|
|
|
rcu_read_lock();
|
2006-11-25 10:06:27 +09:00
|
|
|
if (p->link)
|
2009-11-02 19:21:37 +09:00
|
|
|
ldev = dev_get_by_index_rcu(net, p->link);
|
2006-11-25 10:06:27 +09:00
|
|
|
|
2018-03-14 00:29:37 +09:00
|
|
|
if (unlikely(!ipv6_chk_addr_and_flags(net, laddr, ldev, false,
|
|
|
|
|
0, IFA_F_TENTATIVE)))
|
2012-05-15 23:11:53 +09:00
|
|
|
pr_warn("%s xmit: Local address not yet configured!\n",
|
|
|
|
|
p->name);
|
2017-10-21 06:25:15 +09:00
|
|
|
else if (!(p->flags & IP6_TNL_F_ALLOW_LOCAL_REMOTE) &&
|
|
|
|
|
!ipv6_addr_is_multicast(raddr) &&
|
2018-03-14 00:29:37 +09:00
|
|
|
unlikely(ipv6_chk_addr_and_flags(net, raddr, ldev,
|
|
|
|
|
true, 0, IFA_F_TENTATIVE)))
|
2012-05-15 23:11:53 +09:00
|
|
|
pr_warn("%s xmit: Routing loop! Remote address found on this node!\n",
|
|
|
|
|
p->name);
|
2006-11-25 10:06:27 +09:00
|
|
|
else
|
|
|
|
|
ret = 1;
|
2009-11-02 19:21:37 +09:00
|
|
|
rcu_read_unlock();
|
2006-11-25 10:06:27 +09:00
|
|
|
}
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
2012-08-10 09:51:50 +09:00
|
|
|
EXPORT_SYMBOL_GPL(ip6_tnl_xmit_ctl);
|
|
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
/**
|
2016-04-30 09:12:18 +09:00
|
|
|
* ip6_tnl_xmit - encapsulate packet and send
|
2005-04-17 07:20:36 +09:00
|
|
|
* @skb: the outgoing socket buffer
|
2007-02-09 23:24:49 +09:00
|
|
|
* @dev: the outgoing tunnel device
|
2006-11-05 22:56:45 +09:00
|
|
|
* @dsfield: dscp code for outer header
|
2016-04-30 09:12:18 +09:00
|
|
|
* @fl6: flow of tunneled packet
|
2006-11-05 22:56:45 +09:00
|
|
|
* @encap_limit: encapsulation limit
|
|
|
|
|
* @pmtu: Path MTU is stored if packet is too big
|
2016-04-30 09:12:18 +09:00
|
|
|
* @proto: next header value
|
2005-04-17 07:20:36 +09:00
|
|
|
*
|
|
|
|
|
* Description:
|
|
|
|
|
* Build new header and do some sanity checks on the packet before sending
|
|
|
|
|
* it.
|
|
|
|
|
*
|
2007-02-09 23:24:49 +09:00
|
|
|
* Return:
|
2007-02-15 00:43:16 +09:00
|
|
|
* 0 on success
|
2006-11-05 22:56:45 +09:00
|
|
|
* -1 fail
|
|
|
|
|
* %-EMSGSIZE message too big. return mtu in this case.
|
2005-04-17 07:20:36 +09:00
|
|
|
**/
|
|
|
|
|
|
2016-04-30 09:12:18 +09:00
|
|
|
int ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev, __u8 dsfield,
|
|
|
|
|
struct flowi6 *fl6, int encap_limit, __u32 *pmtu,
|
|
|
|
|
__u8 proto)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2006-01-09 15:05:26 +09:00
|
|
|
struct ip6_tnl *t = netdev_priv(dev);
|
2013-08-14 00:51:12 +09:00
|
|
|
struct net *net = t->net;
|
2008-05-22 06:17:05 +09:00
|
|
|
struct net_device_stats *stats = &t->dev->stats;
|
2017-04-26 06:37:15 +09:00
|
|
|
struct ipv6hdr *ipv6h;
|
2006-11-25 10:08:32 +09:00
|
|
|
struct ipv6_tel_txoption opt;
|
2011-09-21 03:50:00 +09:00
|
|
|
struct dst_entry *dst = NULL, *ndst = NULL;
|
2005-04-17 07:20:36 +09:00
|
|
|
struct net_device *tdev;
|
|
|
|
|
int mtu;
|
2017-09-28 14:24:07 +09:00
|
|
|
unsigned int eth_hlen = t->dev->type == ARPHRD_ETHER ? ETH_HLEN : 0;
|
2016-05-19 01:06:17 +09:00
|
|
|
unsigned int psh_hlen = sizeof(struct ipv6hdr) + t->encap_hlen;
|
|
|
|
|
unsigned int max_headroom = psh_hlen;
|
2016-11-17 00:26:46 +09:00
|
|
|
bool use_cache = false;
|
2016-09-16 05:00:30 +09:00
|
|
|
u8 hop_limit;
|
2006-11-05 22:56:45 +09:00
|
|
|
int err = -1;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2016-09-16 05:00:30 +09:00
|
|
|
if (t->parms.collect_md) {
|
|
|
|
|
hop_limit = skb_tunnel_info(skb)->key.ttl;
|
|
|
|
|
goto route_lookup;
|
|
|
|
|
} else {
|
|
|
|
|
hop_limit = t->parms.hop_limit;
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-05 16:03:50 +09:00
|
|
|
/* NBMA tunnel */
|
|
|
|
|
if (ipv6_addr_any(&t->parms.raddr)) {
|
2017-04-26 06:37:15 +09:00
|
|
|
if (skb->protocol == htons(ETH_P_IPV6)) {
|
|
|
|
|
struct in6_addr *addr6;
|
|
|
|
|
struct neighbour *neigh;
|
|
|
|
|
int addr_type;
|
2014-11-05 16:03:50 +09:00
|
|
|
|
2017-04-26 06:37:15 +09:00
|
|
|
if (!skb_dst(skb))
|
|
|
|
|
goto tx_err_link_failure;
|
2014-11-05 16:03:50 +09:00
|
|
|
|
2017-04-26 06:37:15 +09:00
|
|
|
neigh = dst_neigh_lookup(skb_dst(skb),
|
|
|
|
|
&ipv6_hdr(skb)->daddr);
|
|
|
|
|
if (!neigh)
|
|
|
|
|
goto tx_err_link_failure;
|
2014-11-05 16:03:50 +09:00
|
|
|
|
2017-04-26 06:37:15 +09:00
|
|
|
addr6 = (struct in6_addr *)&neigh->primary_key;
|
|
|
|
|
addr_type = ipv6_addr_type(addr6);
|
2014-11-05 16:03:50 +09:00
|
|
|
|
2017-04-26 06:37:15 +09:00
|
|
|
if (addr_type == IPV6_ADDR_ANY)
|
|
|
|
|
addr6 = &ipv6_hdr(skb)->daddr;
|
2014-11-05 16:03:50 +09:00
|
|
|
|
2017-04-26 06:37:15 +09:00
|
|
|
memcpy(&fl6->daddr, addr6, sizeof(fl6->daddr));
|
|
|
|
|
neigh_release(neigh);
|
|
|
|
|
}
|
2017-12-25 11:43:49 +09:00
|
|
|
} else if (t->parms.proto != 0 && !(t->parms.flags &
|
|
|
|
|
(IP6_TNL_F_USE_ORIG_TCLASS |
|
|
|
|
|
IP6_TNL_F_USE_ORIG_FWMARK))) {
|
|
|
|
|
/* enable the cache only if neither the outer protocol nor the
|
|
|
|
|
* routing decision depends on the current inner header value
|
2016-11-17 00:26:46 +09:00
|
|
|
*/
|
|
|
|
|
use_cache = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (use_cache)
|
2016-02-12 23:43:54 +09:00
|
|
|
dst = dst_cache_get(&t->dst_cache);
|
2014-11-05 16:02:48 +09:00
|
|
|
|
|
|
|
|
if (!ip6_tnl_xmit_ctl(t, &fl6->saddr, &fl6->daddr))
|
|
|
|
|
goto tx_err_link_failure;
|
|
|
|
|
|
2011-07-28 13:32:25 +09:00
|
|
|
if (!dst) {
|
2016-09-16 05:00:30 +09:00
|
|
|
route_lookup:
|
2017-06-01 14:36:01 +09:00
|
|
|
/* add dsfield to flowlabel for route lookup */
|
|
|
|
|
fl6->flowlabel = ip6_make_flowinfo(dsfield, fl6->flowlabel);
|
|
|
|
|
|
2015-09-16 06:30:07 +09:00
|
|
|
dst = ip6_route_output(net, NULL, fl6);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2015-09-16 06:30:07 +09:00
|
|
|
if (dst->error)
|
2005-09-09 06:27:47 +09:00
|
|
|
goto tx_err_link_failure;
|
2015-09-16 06:30:07 +09:00
|
|
|
dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), NULL, 0);
|
|
|
|
|
if (IS_ERR(dst)) {
|
|
|
|
|
err = PTR_ERR(dst);
|
|
|
|
|
dst = NULL;
|
2011-03-03 06:27:41 +09:00
|
|
|
goto tx_err_link_failure;
|
|
|
|
|
}
|
2018-08-06 21:00:59 +09:00
|
|
|
if (t->parms.collect_md && ipv6_addr_any(&fl6->saddr) &&
|
2016-09-16 05:00:30 +09:00
|
|
|
ipv6_dev_get_saddr(net, ip6_dst_idev(dst)->dev,
|
|
|
|
|
&fl6->daddr, 0, &fl6->saddr))
|
|
|
|
|
goto tx_err_link_failure;
|
2015-09-16 06:30:07 +09:00
|
|
|
ndst = dst;
|
2005-09-09 06:27:47 +09:00
|
|
|
}
|
2005-04-17 07:20:36 +09:00
|
|
|
|
|
|
|
|
tdev = dst->dev;
|
|
|
|
|
|
|
|
|
|
if (tdev == dev) {
|
|
|
|
|
stats->collisions++;
|
2012-05-14 06:56:26 +09:00
|
|
|
net_warn_ratelimited("%s: Local routing loop detected!\n",
|
|
|
|
|
t->parms.name);
|
2005-04-17 07:20:36 +09:00
|
|
|
goto tx_err_dst_release;
|
|
|
|
|
}
|
2017-09-28 14:24:07 +09:00
|
|
|
mtu = dst_mtu(dst) - eth_hlen - psh_hlen - t->tun_hlen;
|
2006-11-25 10:08:32 +09:00
|
|
|
if (encap_limit >= 0) {
|
2005-04-17 07:20:36 +09:00
|
|
|
max_headroom += 8;
|
|
|
|
|
mtu -= 8;
|
|
|
|
|
}
|
2018-08-05 23:46:07 +09:00
|
|
|
mtu = max(mtu, skb->protocol == htons(ETH_P_IPV6) ?
|
|
|
|
|
IPV6_MIN_MTU : IPV4_MIN_MTU);
|
2017-12-18 15:26:21 +09:00
|
|
|
|
2019-12-22 11:51:13 +09:00
|
|
|
skb_dst_update_pmtu_no_confirm(skb, mtu);
|
2017-09-28 14:24:07 +09:00
|
|
|
if (skb->len - t->tun_hlen - eth_hlen > mtu && !skb_is_gso(skb)) {
|
2006-11-05 22:56:45 +09:00
|
|
|
*pmtu = mtu;
|
|
|
|
|
err = -EMSGSIZE;
|
2005-04-17 07:20:36 +09:00
|
|
|
goto tx_err_dst_release;
|
|
|
|
|
}
|
|
|
|
|
|
2016-04-30 09:12:18 +09:00
|
|
|
if (t->err_count > 0) {
|
|
|
|
|
if (time_before(jiffies,
|
|
|
|
|
t->err_time + IP6TUNNEL_ERR_TIMEO)) {
|
|
|
|
|
t->err_count--;
|
|
|
|
|
|
|
|
|
|
dst_link_failure(skb);
|
|
|
|
|
} else {
|
|
|
|
|
t->err_count = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-02 22:34:57 +09:00
|
|
|
skb_scrub_packet(skb, !net_eq(t->net, dev_net(dev)));
|
2013-08-14 00:51:12 +09:00
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
/*
|
|
|
|
|
* Okay, now see if we can stuff it in the buffer as-is.
|
|
|
|
|
*/
|
|
|
|
|
max_headroom += LL_RESERVED_SPACE(tdev);
|
2007-02-09 23:24:49 +09:00
|
|
|
|
2007-07-10 07:33:40 +09:00
|
|
|
if (skb_headroom(skb) < max_headroom || skb_shared(skb) ||
|
|
|
|
|
(skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
|
2005-04-17 07:20:36 +09:00
|
|
|
struct sk_buff *new_skb;
|
2007-02-09 23:24:49 +09:00
|
|
|
|
2014-11-24 06:28:43 +09:00
|
|
|
new_skb = skb_realloc_headroom(skb, max_headroom);
|
|
|
|
|
if (!new_skb)
|
2005-04-17 07:20:36 +09:00
|
|
|
goto tx_err_dst_release;
|
|
|
|
|
|
|
|
|
|
if (skb->sk)
|
|
|
|
|
skb_set_owner_w(new_skb, skb->sk);
|
2012-04-19 11:24:17 +09:00
|
|
|
consume_skb(skb);
|
2005-04-17 07:20:36 +09:00
|
|
|
skb = new_skb;
|
|
|
|
|
}
|
2015-09-16 06:30:07 +09:00
|
|
|
|
2016-09-16 05:00:30 +09:00
|
|
|
if (t->parms.collect_md) {
|
|
|
|
|
if (t->encap.type != TUNNEL_ENCAP_NONE)
|
|
|
|
|
goto tx_err_dst_release;
|
|
|
|
|
} else {
|
2016-11-17 00:26:46 +09:00
|
|
|
if (use_cache && ndst)
|
2016-09-16 05:00:30 +09:00
|
|
|
dst_cache_set_ip6(&t->dst_cache, ndst, &fl6->saddr);
|
|
|
|
|
}
|
2015-09-16 06:30:07 +09:00
|
|
|
skb_dst_set(skb, dst);
|
|
|
|
|
|
2018-08-31 17:52:01 +09:00
|
|
|
if (hop_limit == 0) {
|
|
|
|
|
if (skb->protocol == htons(ETH_P_IP))
|
|
|
|
|
hop_limit = ip_hdr(skb)->ttl;
|
|
|
|
|
else if (skb->protocol == htons(ETH_P_IPV6))
|
|
|
|
|
hop_limit = ipv6_hdr(skb)->hop_limit;
|
|
|
|
|
else
|
|
|
|
|
hop_limit = ip6_dst_hoplimit(dst);
|
|
|
|
|
}
|
2013-08-18 20:46:52 +09:00
|
|
|
|
2016-05-19 01:06:17 +09:00
|
|
|
/* Calculate max headroom for all the headers and adjust
|
|
|
|
|
* needed_headroom if necessary.
|
|
|
|
|
*/
|
2016-04-30 09:12:18 +09:00
|
|
|
max_headroom = LL_RESERVED_SPACE(dst->dev) + sizeof(struct ipv6hdr)
|
2016-05-19 01:06:17 +09:00
|
|
|
+ dst->header_len + t->hlen;
|
2016-04-30 09:12:18 +09:00
|
|
|
if (max_headroom > dev->needed_headroom)
|
|
|
|
|
dev->needed_headroom = max_headroom;
|
|
|
|
|
|
2016-05-19 01:06:17 +09:00
|
|
|
err = ip6_tnl_encap(skb, t, &proto, fl6);
|
|
|
|
|
if (err)
|
|
|
|
|
return err;
|
|
|
|
|
|
ip6_tunnel: Fix encapsulation layout
Commit 058214a4d1df ("ip6_tun: Add infrastructure for doing
encapsulation") added the ip6_tnl_encap() call in ip6_tnl_xmit(), before
the call to ipv6_push_frag_opts() to append the IPv6 Tunnel Encapsulation
Limit option (option 4, RFC 2473, par. 5.1) to the outer IPv6 header.
As long as the option didn't actually end up in generated packets, this
wasn't an issue. Then commit 89a23c8b528b ("ip6_tunnel: Fix missing tunnel
encapsulation limit option") fixed sending of this option, and the
resulting layout, e.g. for FoU, is:
.-------------------.------------.----------.-------------------.----- - -
| Outer IPv6 Header | UDP header | Option 4 | Inner IPv6 Header | Payload
'-------------------'------------'----------'-------------------'----- - -
Needless to say, FoU and GUE (at least) won't work over IPv6. The option
is appended by default, and I couldn't find a way to disable it with the
current iproute2.
Turn this into a more reasonable:
.-------------------.----------.------------.-------------------.----- - -
| Outer IPv6 Header | Option 4 | UDP header | Inner IPv6 Header | Payload
'-------------------'----------'------------'-------------------'----- - -
With this, and with 84dad55951b0 ("udp6: fix encap return code for
resubmitting"), FoU and GUE work again over IPv6.
Fixes: 058214a4d1df ("ip6_tun: Add infrastructure for doing encapsulation")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-10-19 04:25:07 +09:00
|
|
|
if (encap_limit >= 0) {
|
|
|
|
|
init_tel_txopt(&opt, encap_limit);
|
|
|
|
|
ipv6_push_frag_opts(skb, &opt.ops, &proto);
|
|
|
|
|
}
|
|
|
|
|
|
2007-04-11 12:46:21 +09:00
|
|
|
skb_push(skb, sizeof(struct ipv6hdr));
|
|
|
|
|
skb_reset_network_header(skb);
|
2007-04-26 09:54:47 +09:00
|
|
|
ipv6h = ipv6_hdr(skb);
|
2017-05-26 05:35:18 +09:00
|
|
|
ip6_flow_hdr(ipv6h, dsfield,
|
2015-08-01 08:52:12 +09:00
|
|
|
ip6_make_flowlabel(net, skb, fl6->flowlabel, true, fl6));
|
2016-09-16 05:00:30 +09:00
|
|
|
ipv6h->hop_limit = hop_limit;
|
2005-04-17 07:20:36 +09:00
|
|
|
ipv6h->nexthdr = proto;
|
2011-11-21 12:39:03 +09:00
|
|
|
ipv6h->saddr = fl6->saddr;
|
|
|
|
|
ipv6h->daddr = fl6->daddr;
|
2015-04-06 11:19:09 +09:00
|
|
|
ip6tunnel_xmit(NULL, skb, dev);
|
2005-04-17 07:20:36 +09:00
|
|
|
return 0;
|
|
|
|
|
tx_err_link_failure:
|
|
|
|
|
stats->tx_carrier_errors++;
|
|
|
|
|
dst_link_failure(skb);
|
|
|
|
|
tx_err_dst_release:
|
2015-09-16 06:30:07 +09:00
|
|
|
dst_release(dst);
|
2006-11-05 22:56:45 +09:00
|
|
|
return err;
|
|
|
|
|
}
|
2016-04-30 09:12:18 +09:00
|
|
|
EXPORT_SYMBOL(ip6_tnl_xmit);
|
2006-11-05 22:56:45 +09:00
|
|
|
|
2007-02-15 00:43:16 +09:00
|
|
|
static inline int
|
|
|
|
|
ip4ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
|
|
|
|
|
{
|
|
|
|
|
struct ip6_tnl *t = netdev_priv(dev);
|
2018-09-19 22:02:07 +09:00
|
|
|
const struct iphdr *iph;
|
2007-02-15 00:43:16 +09:00
|
|
|
int encap_limit = -1;
|
2011-03-13 06:22:43 +09:00
|
|
|
struct flowi6 fl6;
|
2007-02-15 00:43:16 +09:00
|
|
|
__u8 dsfield;
|
|
|
|
|
__u32 mtu;
|
2014-10-29 16:54:52 +09:00
|
|
|
u8 tproto;
|
2007-02-15 00:43:16 +09:00
|
|
|
int err;
|
|
|
|
|
|
2018-09-19 22:02:07 +09:00
|
|
|
iph = ip_hdr(skb);
|
2016-02-22 08:58:05 +09:00
|
|
|
memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
|
|
|
|
|
|
locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE()
Please do not apply this to mainline directly, instead please re-run the
coccinelle script shown below and apply its output.
For several reasons, it is desirable to use {READ,WRITE}_ONCE() in
preference to ACCESS_ONCE(), and new code is expected to use one of the
former. So far, there's been no reason to change most existing uses of
ACCESS_ONCE(), as these aren't harmful, and changing them results in
churn.
However, for some features, the read/write distinction is critical to
correct operation. To distinguish these cases, separate read/write
accessors must be used. This patch migrates (most) remaining
ACCESS_ONCE() instances to {READ,WRITE}_ONCE(), using the following
coccinelle script:
----
// Convert trivial ACCESS_ONCE() uses to equivalent READ_ONCE() and
// WRITE_ONCE()
// $ make coccicheck COCCI=/home/mark/once.cocci SPFLAGS="--include-headers" MODE=patch
virtual patch
@ depends on patch @
expression E1, E2;
@@
- ACCESS_ONCE(E1) = E2
+ WRITE_ONCE(E1, E2)
@ depends on patch @
expression E;
@@
- ACCESS_ONCE(E)
+ READ_ONCE(E)
----
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: davem@davemloft.net
Cc: linux-arch@vger.kernel.org
Cc: mpe@ellerman.id.au
Cc: shuah@kernel.org
Cc: snitzer@redhat.com
Cc: thor.thayer@linux.intel.com
Cc: tj@kernel.org
Cc: viro@zeniv.linux.org.uk
Cc: will.deacon@arm.com
Link: http://lkml.kernel.org/r/1508792849-3115-19-git-send-email-paulmck@linux.vnet.ibm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-10-24 06:07:29 +09:00
|
|
|
tproto = READ_ONCE(t->parms.proto);
|
2014-11-05 16:02:48 +09:00
|
|
|
if (tproto != IPPROTO_IPIP && tproto != 0)
|
2007-02-15 00:43:16 +09:00
|
|
|
return -1;
|
|
|
|
|
|
2016-09-16 05:00:30 +09:00
|
|
|
if (t->parms.collect_md) {
|
|
|
|
|
struct ip_tunnel_info *tun_info;
|
|
|
|
|
const struct ip_tunnel_key *key;
|
2007-02-15 00:43:16 +09:00
|
|
|
|
2016-09-16 05:00:30 +09:00
|
|
|
tun_info = skb_tunnel_info(skb);
|
|
|
|
|
if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
|
|
|
|
|
ip_tunnel_info_af(tun_info) != AF_INET6))
|
|
|
|
|
return -1;
|
|
|
|
|
key = &tun_info->key;
|
|
|
|
|
memset(&fl6, 0, sizeof(fl6));
|
|
|
|
|
fl6.flowi6_proto = IPPROTO_IPIP;
|
2018-08-06 21:00:59 +09:00
|
|
|
fl6.saddr = key->u.ipv6.src;
|
2016-09-16 05:00:30 +09:00
|
|
|
fl6.daddr = key->u.ipv6.dst;
|
|
|
|
|
fl6.flowlabel = key->label;
|
2017-06-17 12:38:05 +09:00
|
|
|
dsfield = key->tos;
|
2016-09-16 05:00:30 +09:00
|
|
|
} else {
|
|
|
|
|
if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT))
|
|
|
|
|
encap_limit = t->parms.encap_limit;
|
2007-02-15 00:43:16 +09:00
|
|
|
|
2016-09-16 05:00:30 +09:00
|
|
|
memcpy(&fl6, &t->fl.u.ip6, sizeof(fl6));
|
|
|
|
|
fl6.flowi6_proto = IPPROTO_IPIP;
|
|
|
|
|
|
|
|
|
|
if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
|
2017-05-26 05:35:18 +09:00
|
|
|
dsfield = ipv4_get_dsfield(iph);
|
|
|
|
|
else
|
|
|
|
|
dsfield = ip6_tclass(t->parms.flowinfo);
|
2016-09-16 05:00:30 +09:00
|
|
|
if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
|
|
|
|
|
fl6.flowi6_mark = skb->mark;
|
2017-04-20 01:30:53 +09:00
|
|
|
else
|
|
|
|
|
fl6.flowi6_mark = t->parms.fwmark;
|
2016-09-16 05:00:30 +09:00
|
|
|
}
|
2007-02-15 00:43:16 +09:00
|
|
|
|
2016-11-04 02:23:43 +09:00
|
|
|
fl6.flowi6_uid = sock_net_uid(dev_net(dev), NULL);
|
2019-07-26 01:40:17 +09:00
|
|
|
dsfield = INET_ECN_encapsulate(dsfield, ipv4_get_dsfield(iph));
|
2016-11-04 02:23:43 +09:00
|
|
|
|
2016-05-19 01:06:23 +09:00
|
|
|
if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6))
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
skb_set_inner_ipproto(skb, IPPROTO_IPIP);
|
|
|
|
|
|
2016-04-30 09:12:18 +09:00
|
|
|
err = ip6_tnl_xmit(skb, dev, dsfield, &fl6, encap_limit, &mtu,
|
|
|
|
|
IPPROTO_IPIP);
|
2007-02-15 00:43:16 +09:00
|
|
|
if (err != 0) {
|
|
|
|
|
/* XXX: send ICMP error even if DF is not set. */
|
|
|
|
|
if (err == -EMSGSIZE)
|
|
|
|
|
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
|
|
|
|
|
htonl(mtu));
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2006-11-05 22:56:45 +09:00
|
|
|
static inline int
|
|
|
|
|
ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
|
|
|
|
|
{
|
|
|
|
|
struct ip6_tnl *t = netdev_priv(dev);
|
2018-09-19 22:02:07 +09:00
|
|
|
struct ipv6hdr *ipv6h;
|
2006-11-05 22:56:45 +09:00
|
|
|
int encap_limit = -1;
|
|
|
|
|
__u16 offset;
|
2011-03-13 06:22:43 +09:00
|
|
|
struct flowi6 fl6;
|
2006-11-05 22:56:45 +09:00
|
|
|
__u8 dsfield;
|
|
|
|
|
__u32 mtu;
|
2014-10-29 16:54:52 +09:00
|
|
|
u8 tproto;
|
2006-11-05 22:56:45 +09:00
|
|
|
int err;
|
|
|
|
|
|
2018-09-19 22:02:07 +09:00
|
|
|
ipv6h = ipv6_hdr(skb);
|
locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE()
Please do not apply this to mainline directly, instead please re-run the
coccinelle script shown below and apply its output.
For several reasons, it is desirable to use {READ,WRITE}_ONCE() in
preference to ACCESS_ONCE(), and new code is expected to use one of the
former. So far, there's been no reason to change most existing uses of
ACCESS_ONCE(), as these aren't harmful, and changing them results in
churn.
However, for some features, the read/write distinction is critical to
correct operation. To distinguish these cases, separate read/write
accessors must be used. This patch migrates (most) remaining
ACCESS_ONCE() instances to {READ,WRITE}_ONCE(), using the following
coccinelle script:
----
// Convert trivial ACCESS_ONCE() uses to equivalent READ_ONCE() and
// WRITE_ONCE()
// $ make coccicheck COCCI=/home/mark/once.cocci SPFLAGS="--include-headers" MODE=patch
virtual patch
@ depends on patch @
expression E1, E2;
@@
- ACCESS_ONCE(E1) = E2
+ WRITE_ONCE(E1, E2)
@ depends on patch @
expression E;
@@
- ACCESS_ONCE(E)
+ READ_ONCE(E)
----
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: davem@davemloft.net
Cc: linux-arch@vger.kernel.org
Cc: mpe@ellerman.id.au
Cc: shuah@kernel.org
Cc: snitzer@redhat.com
Cc: thor.thayer@linux.intel.com
Cc: tj@kernel.org
Cc: viro@zeniv.linux.org.uk
Cc: will.deacon@arm.com
Link: http://lkml.kernel.org/r/1508792849-3115-19-git-send-email-paulmck@linux.vnet.ibm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-10-24 06:07:29 +09:00
|
|
|
tproto = READ_ONCE(t->parms.proto);
|
2014-10-29 16:54:52 +09:00
|
|
|
if ((tproto != IPPROTO_IPV6 && tproto != 0) ||
|
2014-11-05 16:02:48 +09:00
|
|
|
ip6_tnl_addr_conflict(t, ipv6h))
|
2006-11-05 22:56:45 +09:00
|
|
|
return -1;
|
|
|
|
|
|
2016-09-16 05:00:30 +09:00
|
|
|
if (t->parms.collect_md) {
|
|
|
|
|
struct ip_tunnel_info *tun_info;
|
|
|
|
|
const struct ip_tunnel_key *key;
|
|
|
|
|
|
|
|
|
|
tun_info = skb_tunnel_info(skb);
|
|
|
|
|
if (unlikely(!tun_info || !(tun_info->mode & IP_TUNNEL_INFO_TX) ||
|
|
|
|
|
ip_tunnel_info_af(tun_info) != AF_INET6))
|
2006-11-05 22:56:45 +09:00
|
|
|
return -1;
|
2016-09-16 05:00:30 +09:00
|
|
|
key = &tun_info->key;
|
|
|
|
|
memset(&fl6, 0, sizeof(fl6));
|
|
|
|
|
fl6.flowi6_proto = IPPROTO_IPV6;
|
2018-08-06 21:00:59 +09:00
|
|
|
fl6.saddr = key->u.ipv6.src;
|
2016-09-16 05:00:30 +09:00
|
|
|
fl6.daddr = key->u.ipv6.dst;
|
|
|
|
|
fl6.flowlabel = key->label;
|
2017-06-17 12:38:05 +09:00
|
|
|
dsfield = key->tos;
|
2016-09-16 05:00:30 +09:00
|
|
|
} else {
|
|
|
|
|
offset = ip6_tnl_parse_tlv_enc_lim(skb, skb_network_header(skb));
|
2017-01-24 09:43:05 +09:00
|
|
|
/* ip6_tnl_parse_tlv_enc_lim() might have reallocated skb->head */
|
|
|
|
|
ipv6h = ipv6_hdr(skb);
|
2016-09-16 05:00:30 +09:00
|
|
|
if (offset > 0) {
|
|
|
|
|
struct ipv6_tlv_tnl_enc_lim *tel;
|
|
|
|
|
|
|
|
|
|
tel = (void *)&skb_network_header(skb)[offset];
|
|
|
|
|
if (tel->encap_limit == 0) {
|
|
|
|
|
icmpv6_send(skb, ICMPV6_PARAMPROB,
|
|
|
|
|
ICMPV6_HDR_FIELD, offset + 2);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
encap_limit = tel->encap_limit - 1;
|
|
|
|
|
} else if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) {
|
|
|
|
|
encap_limit = t->parms.encap_limit;
|
2006-11-05 22:56:45 +09:00
|
|
|
}
|
|
|
|
|
|
2016-09-16 05:00:30 +09:00
|
|
|
memcpy(&fl6, &t->fl.u.ip6, sizeof(fl6));
|
|
|
|
|
fl6.flowi6_proto = IPPROTO_IPV6;
|
2006-11-05 22:56:45 +09:00
|
|
|
|
2016-09-16 05:00:30 +09:00
|
|
|
if (t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS)
|
2017-05-26 05:35:18 +09:00
|
|
|
dsfield = ipv6_get_dsfield(ipv6h);
|
|
|
|
|
else
|
|
|
|
|
dsfield = ip6_tclass(t->parms.flowinfo);
|
2016-09-16 05:00:30 +09:00
|
|
|
if (t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL)
|
|
|
|
|
fl6.flowlabel |= ip6_flowlabel(ipv6h);
|
|
|
|
|
if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
|
|
|
|
|
fl6.flowi6_mark = skb->mark;
|
2017-04-20 01:30:53 +09:00
|
|
|
else
|
|
|
|
|
fl6.flowi6_mark = t->parms.fwmark;
|
2016-09-16 05:00:30 +09:00
|
|
|
}
|
2006-11-05 22:56:45 +09:00
|
|
|
|
2016-11-04 02:23:43 +09:00
|
|
|
fl6.flowi6_uid = sock_net_uid(dev_net(dev), NULL);
|
2019-07-26 01:40:17 +09:00
|
|
|
dsfield = INET_ECN_encapsulate(dsfield, ipv6_get_dsfield(ipv6h));
|
2016-11-04 02:23:43 +09:00
|
|
|
|
2016-05-19 01:06:22 +09:00
|
|
|
if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6))
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
skb_set_inner_ipproto(skb, IPPROTO_IPV6);
|
|
|
|
|
|
2016-04-30 09:12:18 +09:00
|
|
|
err = ip6_tnl_xmit(skb, dev, dsfield, &fl6, encap_limit, &mtu,
|
|
|
|
|
IPPROTO_IPV6);
|
2006-11-05 22:56:45 +09:00
|
|
|
if (err != 0) {
|
|
|
|
|
if (err == -EMSGSIZE)
|
2010-02-18 17:25:24 +09:00
|
|
|
icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
|
2006-11-05 22:56:45 +09:00
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2009-09-01 04:50:41 +09:00
|
|
|
static netdev_tx_t
|
2016-04-30 09:12:18 +09:00
|
|
|
ip6_tnl_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
2006-11-05 22:56:45 +09:00
|
|
|
{
|
|
|
|
|
struct ip6_tnl *t = netdev_priv(dev);
|
2008-05-22 06:17:05 +09:00
|
|
|
struct net_device_stats *stats = &t->dev->stats;
|
2006-11-05 22:56:45 +09:00
|
|
|
int ret;
|
|
|
|
|
|
2018-12-31 07:24:36 +09:00
|
|
|
if (!pskb_inet_may_pull(skb))
|
|
|
|
|
goto tx_err;
|
|
|
|
|
|
2006-11-05 22:56:45 +09:00
|
|
|
switch (skb->protocol) {
|
2008-09-21 14:20:49 +09:00
|
|
|
case htons(ETH_P_IP):
|
2007-02-15 00:43:16 +09:00
|
|
|
ret = ip4ip6_tnl_xmit(skb, dev);
|
|
|
|
|
break;
|
2008-09-21 14:20:49 +09:00
|
|
|
case htons(ETH_P_IPV6):
|
2006-11-05 22:56:45 +09:00
|
|
|
ret = ip6ip6_tnl_xmit(skb, dev);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
goto tx_err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ret < 0)
|
|
|
|
|
goto tx_err;
|
|
|
|
|
|
2009-06-23 15:03:08 +09:00
|
|
|
return NETDEV_TX_OK;
|
2006-11-05 22:56:45 +09:00
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
tx_err:
|
|
|
|
|
stats->tx_errors++;
|
|
|
|
|
stats->tx_dropped++;
|
|
|
|
|
kfree_skb(skb);
|
2009-06-23 15:03:08 +09:00
|
|
|
return NETDEV_TX_OK;
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
|
2007-02-10 00:30:33 +09:00
|
|
|
static void ip6_tnl_link_config(struct ip6_tnl *t)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
|
|
|
|
struct net_device *dev = t->dev;
|
2012-08-10 09:51:50 +09:00
|
|
|
struct __ip6_tnl_parm *p = &t->parms;
|
2011-03-13 06:22:43 +09:00
|
|
|
struct flowi6 *fl6 = &t->fl.u.ip6;
|
2016-05-19 01:06:17 +09:00
|
|
|
int t_hlen;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2009-05-12 08:37:15 +09:00
|
|
|
memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr));
|
|
|
|
|
memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr));
|
2005-04-17 07:20:36 +09:00
|
|
|
|
|
|
|
|
/* Set up flowi template */
|
2011-11-21 12:39:03 +09:00
|
|
|
fl6->saddr = p->laddr;
|
|
|
|
|
fl6->daddr = p->raddr;
|
2011-03-13 06:22:43 +09:00
|
|
|
fl6->flowi6_oif = p->link;
|
|
|
|
|
fl6->flowlabel = 0;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
|
|
|
|
if (!(p->flags&IP6_TNL_F_USE_ORIG_TCLASS))
|
2011-03-13 06:22:43 +09:00
|
|
|
fl6->flowlabel |= IPV6_TCLASS_MASK & p->flowinfo;
|
2005-04-17 07:20:36 +09:00
|
|
|
if (!(p->flags&IP6_TNL_F_USE_ORIG_FLOWLABEL))
|
2011-03-13 06:22:43 +09:00
|
|
|
fl6->flowlabel |= IPV6_FLOWLABEL_MASK & p->flowinfo;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2012-06-29 03:15:52 +09:00
|
|
|
p->flags &= ~(IP6_TNL_F_CAP_XMIT|IP6_TNL_F_CAP_RCV|IP6_TNL_F_CAP_PER_PACKET);
|
|
|
|
|
p->flags |= ip6_tnl_get_cap(t, &p->laddr, &p->raddr);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
|
|
|
|
if (p->flags&IP6_TNL_F_CAP_XMIT && p->flags&IP6_TNL_F_CAP_RCV)
|
|
|
|
|
dev->flags |= IFF_POINTOPOINT;
|
|
|
|
|
else
|
|
|
|
|
dev->flags &= ~IFF_POINTOPOINT;
|
|
|
|
|
|
2016-05-19 01:06:17 +09:00
|
|
|
t->tun_hlen = 0;
|
|
|
|
|
t->hlen = t->encap_hlen + t->tun_hlen;
|
|
|
|
|
t_hlen = t->hlen + sizeof(struct ipv6hdr);
|
|
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
if (p->flags & IP6_TNL_F_CAP_XMIT) {
|
2006-11-25 10:06:53 +09:00
|
|
|
int strict = (ipv6_addr_type(&p->raddr) &
|
|
|
|
|
(IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL));
|
|
|
|
|
|
2013-08-14 00:51:12 +09:00
|
|
|
struct rt6_info *rt = rt6_lookup(t->net,
|
2008-04-16 17:23:44 +09:00
|
|
|
&p->raddr, &p->laddr,
|
2018-03-03 01:32:17 +09:00
|
|
|
p->link, NULL, strict);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2015-03-29 22:00:04 +09:00
|
|
|
if (!rt)
|
2005-04-17 07:20:36 +09:00
|
|
|
return;
|
|
|
|
|
|
2011-12-29 10:19:20 +09:00
|
|
|
if (rt->dst.dev) {
|
|
|
|
|
dev->hard_header_len = rt->dst.dev->hard_header_len +
|
2016-05-19 01:06:17 +09:00
|
|
|
t_hlen;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2016-05-19 01:06:17 +09:00
|
|
|
dev->mtu = rt->dst.dev->mtu - t_hlen;
|
2010-11-24 14:47:18 +09:00
|
|
|
if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT))
|
2014-08-25 05:53:10 +09:00
|
|
|
dev->mtu -= 8;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
|
|
|
|
if (dev->mtu < IPV6_MIN_MTU)
|
|
|
|
|
dev->mtu = IPV6_MIN_MTU;
|
|
|
|
|
}
|
2012-10-29 09:13:19 +09:00
|
|
|
ip6_rt_put(rt);
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_change - update the tunnel parameters
|
2005-04-17 07:20:36 +09:00
|
|
|
* @t: tunnel to be changed
|
|
|
|
|
* @p: tunnel configuration parameters
|
|
|
|
|
*
|
|
|
|
|
* Description:
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_change() updates the tunnel parameters
|
2005-04-17 07:20:36 +09:00
|
|
|
**/
|
|
|
|
|
|
|
|
|
|
static int
|
2012-08-10 09:51:50 +09:00
|
|
|
ip6_tnl_change(struct ip6_tnl *t, const struct __ip6_tnl_parm *p)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2011-11-21 12:39:03 +09:00
|
|
|
t->parms.laddr = p->laddr;
|
|
|
|
|
t->parms.raddr = p->raddr;
|
2005-04-17 07:20:36 +09:00
|
|
|
t->parms.flags = p->flags;
|
|
|
|
|
t->parms.hop_limit = p->hop_limit;
|
|
|
|
|
t->parms.encap_limit = p->encap_limit;
|
|
|
|
|
t->parms.flowinfo = p->flowinfo;
|
2005-06-09 06:54:38 +09:00
|
|
|
t->parms.link = p->link;
|
2006-11-30 14:43:28 +09:00
|
|
|
t->parms.proto = p->proto;
|
2017-04-20 01:30:53 +09:00
|
|
|
t->parms.fwmark = p->fwmark;
|
2016-02-12 23:43:54 +09:00
|
|
|
dst_cache_reset(&t->dst_cache);
|
2007-02-10 00:30:33 +09:00
|
|
|
ip6_tnl_link_config(t);
|
2005-04-17 07:20:36 +09:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-14 14:14:00 +09:00
|
|
|
static int ip6_tnl_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p)
|
|
|
|
|
{
|
2013-08-14 00:51:12 +09:00
|
|
|
struct net *net = t->net;
|
2012-11-14 14:14:00 +09:00
|
|
|
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
|
|
|
|
|
int err;
|
|
|
|
|
|
|
|
|
|
ip6_tnl_unlink(ip6n, t);
|
|
|
|
|
synchronize_net();
|
|
|
|
|
err = ip6_tnl_change(t, p);
|
|
|
|
|
ip6_tnl_link(ip6n, t);
|
|
|
|
|
netdev_state_change(t->dev);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2014-10-29 16:54:52 +09:00
|
|
|
static int ip6_tnl0_update(struct ip6_tnl *t, struct __ip6_tnl_parm *p)
|
|
|
|
|
{
|
|
|
|
|
/* for default tnl0 device allow to change only the proto */
|
|
|
|
|
t->parms.proto = p->proto;
|
|
|
|
|
netdev_state_change(t->dev);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-10 09:51:50 +09:00
|
|
|
static void
|
|
|
|
|
ip6_tnl_parm_from_user(struct __ip6_tnl_parm *p, const struct ip6_tnl_parm *u)
|
|
|
|
|
{
|
|
|
|
|
p->laddr = u->laddr;
|
|
|
|
|
p->raddr = u->raddr;
|
|
|
|
|
p->flags = u->flags;
|
|
|
|
|
p->hop_limit = u->hop_limit;
|
|
|
|
|
p->encap_limit = u->encap_limit;
|
|
|
|
|
p->flowinfo = u->flowinfo;
|
|
|
|
|
p->link = u->link;
|
|
|
|
|
p->proto = u->proto;
|
|
|
|
|
memcpy(p->name, u->name, sizeof(u->name));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
ip6_tnl_parm_to_user(struct ip6_tnl_parm *u, const struct __ip6_tnl_parm *p)
|
|
|
|
|
{
|
|
|
|
|
u->laddr = p->laddr;
|
|
|
|
|
u->raddr = p->raddr;
|
|
|
|
|
u->flags = p->flags;
|
|
|
|
|
u->hop_limit = p->hop_limit;
|
|
|
|
|
u->encap_limit = p->encap_limit;
|
|
|
|
|
u->flowinfo = p->flowinfo;
|
|
|
|
|
u->link = p->link;
|
|
|
|
|
u->proto = p->proto;
|
|
|
|
|
memcpy(u->name, p->name, sizeof(u->name));
|
|
|
|
|
}
|
|
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
/**
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_ioctl - configure ipv6 tunnels from userspace
|
2005-04-17 07:20:36 +09:00
|
|
|
* @dev: virtual device associated with tunnel
|
|
|
|
|
* @ifr: parameters passed from userspace
|
|
|
|
|
* @cmd: command to be performed
|
|
|
|
|
*
|
|
|
|
|
* Description:
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_ioctl() is used for managing IPv6 tunnels
|
2007-02-09 23:24:49 +09:00
|
|
|
* from userspace.
|
2005-04-17 07:20:36 +09:00
|
|
|
*
|
|
|
|
|
* The possible commands are the following:
|
|
|
|
|
* %SIOCGETTUNNEL: get tunnel parameters for device
|
|
|
|
|
* %SIOCADDTUNNEL: add tunnel matching given tunnel parameters
|
|
|
|
|
* %SIOCCHGTUNNEL: change tunnel parameters to those given
|
|
|
|
|
* %SIOCDELTUNNEL: delete tunnel
|
|
|
|
|
*
|
2007-02-09 23:24:49 +09:00
|
|
|
* The fallback device "ip6tnl0", created during module
|
2005-04-17 07:20:36 +09:00
|
|
|
* initialization, can be used for creating other tunnel devices.
|
|
|
|
|
*
|
|
|
|
|
* Return:
|
|
|
|
|
* 0 on success,
|
|
|
|
|
* %-EFAULT if unable to copy data to or from userspace,
|
|
|
|
|
* %-EPERM if current process hasn't %CAP_NET_ADMIN set
|
|
|
|
|
* %-EINVAL if passed tunnel parameters are invalid,
|
|
|
|
|
* %-EEXIST if changing a tunnel's parameters would cause a conflict
|
|
|
|
|
* %-ENODEV if attempting to change or delete a nonexisting device
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
|
|
static int
|
2007-02-10 00:30:33 +09:00
|
|
|
ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
|
|
|
|
int err = 0;
|
|
|
|
|
struct ip6_tnl_parm p;
|
2012-08-10 09:51:50 +09:00
|
|
|
struct __ip6_tnl_parm p1;
|
2014-04-16 18:19:34 +09:00
|
|
|
struct ip6_tnl *t = netdev_priv(dev);
|
|
|
|
|
struct net *net = t->net;
|
2008-04-16 17:22:23 +09:00
|
|
|
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2016-04-30 09:12:15 +09:00
|
|
|
memset(&p1, 0, sizeof(p1));
|
|
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
switch (cmd) {
|
|
|
|
|
case SIOCGETTUNNEL:
|
2008-04-16 17:23:02 +09:00
|
|
|
if (dev == ip6n->fb_tnl_dev) {
|
2014-08-25 05:53:10 +09:00
|
|
|
if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
|
2005-04-17 07:20:36 +09:00
|
|
|
err = -EFAULT;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2012-08-10 09:51:50 +09:00
|
|
|
ip6_tnl_parm_from_user(&p1, &p);
|
|
|
|
|
t = ip6_tnl_locate(net, &p1, 0);
|
2015-03-16 23:56:05 +09:00
|
|
|
if (IS_ERR(t))
|
2014-04-16 18:19:34 +09:00
|
|
|
t = netdev_priv(dev);
|
2012-08-16 12:14:04 +09:00
|
|
|
} else {
|
|
|
|
|
memset(&p, 0, sizeof(p));
|
2006-11-25 10:05:41 +09:00
|
|
|
}
|
2012-08-10 09:51:50 +09:00
|
|
|
ip6_tnl_parm_to_user(&p, &t->parms);
|
2014-08-25 05:53:10 +09:00
|
|
|
if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) {
|
2005-04-17 07:20:36 +09:00
|
|
|
err = -EFAULT;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case SIOCADDTUNNEL:
|
|
|
|
|
case SIOCCHGTUNNEL:
|
|
|
|
|
err = -EPERM;
|
net: Allow userns root to control ipv6
Allow an unpriviled user who has created a user namespace, and then
created a network namespace to effectively use the new network
namespace, by reducing capable(CAP_NET_ADMIN) and
capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.
Settings that merely control a single network device are allowed.
Either the network device is a logical network device where
restrictions make no difference or the network device is hardware NIC
that has been explicity moved from the initial network namespace.
In general policy and network stack state changes are allowed while
resource control is left unchanged.
Allow the SIOCSIFADDR ioctl to add ipv6 addresses.
Allow the SIOCDIFADDR ioctl to delete ipv6 addresses.
Allow the SIOCADDRT ioctl to add ipv6 routes.
Allow the SIOCDELRT ioctl to delete ipv6 routes.
Allow creation of ipv6 raw sockets.
Allow setting the IPV6_JOIN_ANYCAST socket option.
Allow setting the IPV6_FL_A_RENEW parameter of the IPV6_FLOWLABEL_MGR
socket option.
Allow setting the IPV6_TRANSPARENT socket option.
Allow setting the IPV6_HOPOPTS socket option.
Allow setting the IPV6_RTHDRDSTOPTS socket option.
Allow setting the IPV6_DSTOPTS socket option.
Allow setting the IPV6_IPSEC_POLICY socket option.
Allow setting the IPV6_XFRM_POLICY socket option.
Allow sending packets with the IPV6_2292HOPOPTS control message.
Allow sending packets with the IPV6_2292DSTOPTS control message.
Allow sending packets with the IPV6_RTHDRDSTOPTS control message.
Allow setting the multicast routing socket options on non multicast
routing sockets.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL, and SIOCDELTUNNEL ioctls for
setting up, changing and deleting tunnels over ipv6.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL, SIOCDELTUNNEL ioctls for
setting up, changing and deleting ipv6 over ipv4 tunnels.
Allow the SIOCADDPRL, SIOCDELPRL, SIOCCHGPRL ioctls for adding,
deleting, and changing the potential router list for ISATAP tunnels.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-16 12:03:06 +09:00
|
|
|
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
|
2005-04-17 07:20:36 +09:00
|
|
|
break;
|
2006-11-25 10:05:41 +09:00
|
|
|
err = -EFAULT;
|
2014-08-25 05:53:10 +09:00
|
|
|
if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
|
2005-04-17 07:20:36 +09:00
|
|
|
break;
|
2006-11-25 10:05:41 +09:00
|
|
|
err = -EINVAL;
|
2006-11-30 14:43:28 +09:00
|
|
|
if (p.proto != IPPROTO_IPV6 && p.proto != IPPROTO_IPIP &&
|
|
|
|
|
p.proto != 0)
|
2005-04-17 07:20:36 +09:00
|
|
|
break;
|
2012-08-10 09:51:50 +09:00
|
|
|
ip6_tnl_parm_from_user(&p1, &p);
|
|
|
|
|
t = ip6_tnl_locate(net, &p1, cmd == SIOCADDTUNNEL);
|
2014-10-29 16:54:52 +09:00
|
|
|
if (cmd == SIOCCHGTUNNEL) {
|
2015-03-16 23:56:05 +09:00
|
|
|
if (!IS_ERR(t)) {
|
2006-11-25 10:05:41 +09:00
|
|
|
if (t->dev != dev) {
|
|
|
|
|
err = -EEXIST;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} else
|
|
|
|
|
t = netdev_priv(dev);
|
2014-10-29 16:54:52 +09:00
|
|
|
if (dev == ip6n->fb_tnl_dev)
|
|
|
|
|
err = ip6_tnl0_update(t, &p1);
|
|
|
|
|
else
|
|
|
|
|
err = ip6_tnl_update(t, &p1);
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
2015-03-16 23:56:05 +09:00
|
|
|
if (!IS_ERR(t)) {
|
2005-04-17 07:20:36 +09:00
|
|
|
err = 0;
|
2012-08-10 09:51:50 +09:00
|
|
|
ip6_tnl_parm_to_user(&p, &t->parms);
|
|
|
|
|
if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
|
2006-11-25 10:05:41 +09:00
|
|
|
err = -EFAULT;
|
|
|
|
|
|
2015-03-16 23:56:05 +09:00
|
|
|
} else {
|
|
|
|
|
err = PTR_ERR(t);
|
|
|
|
|
}
|
2005-04-17 07:20:36 +09:00
|
|
|
break;
|
|
|
|
|
case SIOCDELTUNNEL:
|
|
|
|
|
err = -EPERM;
|
net: Allow userns root to control ipv6
Allow an unpriviled user who has created a user namespace, and then
created a network namespace to effectively use the new network
namespace, by reducing capable(CAP_NET_ADMIN) and
capable(CAP_NET_RAW) calls to be ns_capable(net->user_ns,
CAP_NET_ADMIN), or capable(net->user_ns, CAP_NET_RAW) calls.
Settings that merely control a single network device are allowed.
Either the network device is a logical network device where
restrictions make no difference or the network device is hardware NIC
that has been explicity moved from the initial network namespace.
In general policy and network stack state changes are allowed while
resource control is left unchanged.
Allow the SIOCSIFADDR ioctl to add ipv6 addresses.
Allow the SIOCDIFADDR ioctl to delete ipv6 addresses.
Allow the SIOCADDRT ioctl to add ipv6 routes.
Allow the SIOCDELRT ioctl to delete ipv6 routes.
Allow creation of ipv6 raw sockets.
Allow setting the IPV6_JOIN_ANYCAST socket option.
Allow setting the IPV6_FL_A_RENEW parameter of the IPV6_FLOWLABEL_MGR
socket option.
Allow setting the IPV6_TRANSPARENT socket option.
Allow setting the IPV6_HOPOPTS socket option.
Allow setting the IPV6_RTHDRDSTOPTS socket option.
Allow setting the IPV6_DSTOPTS socket option.
Allow setting the IPV6_IPSEC_POLICY socket option.
Allow setting the IPV6_XFRM_POLICY socket option.
Allow sending packets with the IPV6_2292HOPOPTS control message.
Allow sending packets with the IPV6_2292DSTOPTS control message.
Allow sending packets with the IPV6_RTHDRDSTOPTS control message.
Allow setting the multicast routing socket options on non multicast
routing sockets.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL, and SIOCDELTUNNEL ioctls for
setting up, changing and deleting tunnels over ipv6.
Allow the SIOCADDTUNNEL, SIOCCHGTUNNEL, SIOCDELTUNNEL ioctls for
setting up, changing and deleting ipv6 over ipv4 tunnels.
Allow the SIOCADDPRL, SIOCDELPRL, SIOCCHGPRL ioctls for adding,
deleting, and changing the potential router list for ISATAP tunnels.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-11-16 12:03:06 +09:00
|
|
|
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
|
2005-04-17 07:20:36 +09:00
|
|
|
break;
|
|
|
|
|
|
2008-04-16 17:23:02 +09:00
|
|
|
if (dev == ip6n->fb_tnl_dev) {
|
2006-11-25 10:05:41 +09:00
|
|
|
err = -EFAULT;
|
2014-08-25 05:53:10 +09:00
|
|
|
if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
|
2005-04-17 07:20:36 +09:00
|
|
|
break;
|
2006-11-25 10:05:41 +09:00
|
|
|
err = -ENOENT;
|
2012-08-10 09:51:50 +09:00
|
|
|
ip6_tnl_parm_from_user(&p1, &p);
|
|
|
|
|
t = ip6_tnl_locate(net, &p1, 0);
|
2015-03-16 23:56:05 +09:00
|
|
|
if (IS_ERR(t))
|
2005-04-17 07:20:36 +09:00
|
|
|
break;
|
2006-11-25 10:05:41 +09:00
|
|
|
err = -EPERM;
|
2008-04-16 17:23:02 +09:00
|
|
|
if (t->dev == ip6n->fb_tnl_dev)
|
2005-04-17 07:20:36 +09:00
|
|
|
break;
|
2006-11-25 10:05:41 +09:00
|
|
|
dev = t->dev;
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
2007-02-07 17:09:58 +09:00
|
|
|
err = 0;
|
|
|
|
|
unregister_netdevice(dev);
|
2005-04-17 07:20:36 +09:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
err = -EINVAL;
|
|
|
|
|
}
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_change_mtu - change mtu manually for tunnel device
|
2005-04-17 07:20:36 +09:00
|
|
|
* @dev: virtual device associated with tunnel
|
|
|
|
|
* @new_mtu: the new mtu
|
|
|
|
|
*
|
|
|
|
|
* Return:
|
|
|
|
|
* 0 on success,
|
|
|
|
|
* %-EINVAL if mtu too small
|
|
|
|
|
**/
|
|
|
|
|
|
2016-04-30 09:12:20 +09:00
|
|
|
int ip6_tnl_change_mtu(struct net_device *dev, int new_mtu)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2013-10-03 22:49:26 +09:00
|
|
|
struct ip6_tnl *tnl = netdev_priv(dev);
|
|
|
|
|
|
2017-12-25 15:45:12 +09:00
|
|
|
if (tnl->parms.proto == IPPROTO_IPV6) {
|
|
|
|
|
if (new_mtu < IPV6_MIN_MTU)
|
2013-10-03 22:49:26 +09:00
|
|
|
return -EINVAL;
|
|
|
|
|
} else {
|
2017-12-25 15:45:12 +09:00
|
|
|
if (new_mtu < ETH_MIN_MTU)
|
2013-10-03 22:49:26 +09:00
|
|
|
return -EINVAL;
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
2018-05-31 17:59:33 +09:00
|
|
|
if (tnl->parms.proto == IPPROTO_IPV6 || tnl->parms.proto == 0) {
|
|
|
|
|
if (new_mtu > IP6_MAX_MTU - dev->hard_header_len)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
} else {
|
|
|
|
|
if (new_mtu > IP_MAX_MTU - dev->hard_header_len)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
2005-04-17 07:20:36 +09:00
|
|
|
dev->mtu = new_mtu;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-04-30 09:12:20 +09:00
|
|
|
EXPORT_SYMBOL(ip6_tnl_change_mtu);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2015-04-03 00:07:01 +09:00
|
|
|
int ip6_tnl_get_iflink(const struct net_device *dev)
|
|
|
|
|
{
|
|
|
|
|
struct ip6_tnl *t = netdev_priv(dev);
|
|
|
|
|
|
|
|
|
|
return t->parms.link;
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL(ip6_tnl_get_iflink);
|
2008-11-21 13:33:56 +09:00
|
|
|
|
2016-05-19 01:06:17 +09:00
|
|
|
int ip6_tnl_encap_add_ops(const struct ip6_tnl_encap_ops *ops,
|
|
|
|
|
unsigned int num)
|
|
|
|
|
{
|
|
|
|
|
if (num >= MAX_IPTUN_ENCAP_OPS)
|
|
|
|
|
return -ERANGE;
|
|
|
|
|
|
|
|
|
|
return !cmpxchg((const struct ip6_tnl_encap_ops **)
|
|
|
|
|
&ip6tun_encaps[num],
|
|
|
|
|
NULL, ops) ? 0 : -1;
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL(ip6_tnl_encap_add_ops);
|
|
|
|
|
|
|
|
|
|
int ip6_tnl_encap_del_ops(const struct ip6_tnl_encap_ops *ops,
|
|
|
|
|
unsigned int num)
|
|
|
|
|
{
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
if (num >= MAX_IPTUN_ENCAP_OPS)
|
|
|
|
|
return -ERANGE;
|
|
|
|
|
|
|
|
|
|
ret = (cmpxchg((const struct ip6_tnl_encap_ops **)
|
|
|
|
|
&ip6tun_encaps[num],
|
|
|
|
|
ops, NULL) == ops) ? 0 : -1;
|
|
|
|
|
|
|
|
|
|
synchronize_net();
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL(ip6_tnl_encap_del_ops);
|
|
|
|
|
|
|
|
|
|
int ip6_tnl_encap_setup(struct ip6_tnl *t,
|
|
|
|
|
struct ip_tunnel_encap *ipencap)
|
|
|
|
|
{
|
|
|
|
|
int hlen;
|
|
|
|
|
|
|
|
|
|
memset(&t->encap, 0, sizeof(t->encap));
|
|
|
|
|
|
|
|
|
|
hlen = ip6_encap_hlen(ipencap);
|
|
|
|
|
if (hlen < 0)
|
|
|
|
|
return hlen;
|
|
|
|
|
|
|
|
|
|
t->encap.type = ipencap->type;
|
|
|
|
|
t->encap.sport = ipencap->sport;
|
|
|
|
|
t->encap.dport = ipencap->dport;
|
|
|
|
|
t->encap.flags = ipencap->flags;
|
|
|
|
|
|
|
|
|
|
t->encap_hlen = hlen;
|
|
|
|
|
t->hlen = t->encap_hlen + t->tun_hlen;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL_GPL(ip6_tnl_encap_setup);
|
|
|
|
|
|
2008-11-21 13:33:56 +09:00
|
|
|
static const struct net_device_ops ip6_tnl_netdev_ops = {
|
2014-11-03 17:19:27 +09:00
|
|
|
.ndo_init = ip6_tnl_dev_init,
|
2010-09-28 12:23:34 +09:00
|
|
|
.ndo_uninit = ip6_tnl_dev_uninit,
|
2016-04-30 09:12:18 +09:00
|
|
|
.ndo_start_xmit = ip6_tnl_start_xmit,
|
2010-09-28 12:23:34 +09:00
|
|
|
.ndo_do_ioctl = ip6_tnl_ioctl,
|
2008-11-21 13:33:56 +09:00
|
|
|
.ndo_change_mtu = ip6_tnl_change_mtu,
|
2010-09-28 12:23:34 +09:00
|
|
|
.ndo_get_stats = ip6_get_stats,
|
2015-04-03 00:07:01 +09:00
|
|
|
.ndo_get_iflink = ip6_tnl_get_iflink,
|
2008-11-21 13:33:56 +09:00
|
|
|
};
|
|
|
|
|
|
2016-05-19 01:06:21 +09:00
|
|
|
#define IPXIPX_FEATURES (NETIF_F_SG | \
|
|
|
|
|
NETIF_F_FRAGLIST | \
|
|
|
|
|
NETIF_F_HIGHDMA | \
|
|
|
|
|
NETIF_F_GSO_SOFTWARE | \
|
|
|
|
|
NETIF_F_HW_CSUM)
|
2010-09-28 12:23:34 +09:00
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
/**
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_dev_setup - setup virtual tunnel device
|
2005-04-17 07:20:36 +09:00
|
|
|
* @dev: virtual device associated with tunnel
|
|
|
|
|
*
|
|
|
|
|
* Description:
|
|
|
|
|
* Initialize function pointers and device parameters
|
|
|
|
|
**/
|
|
|
|
|
|
2007-02-10 00:30:33 +09:00
|
|
|
static void ip6_tnl_dev_setup(struct net_device *dev)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2008-11-21 13:33:56 +09:00
|
|
|
dev->netdev_ops = &ip6_tnl_netdev_ops;
|
net: Fix inconsistent teardown and release of private netdev state.
Network devices can allocate reasources and private memory using
netdev_ops->ndo_init(). However, the release of these resources
can occur in one of two different places.
Either netdev_ops->ndo_uninit() or netdev->destructor().
The decision of which operation frees the resources depends upon
whether it is necessary for all netdev refs to be released before it
is safe to perform the freeing.
netdev_ops->ndo_uninit() presumably can occur right after the
NETDEV_UNREGISTER notifier completes and the unicast and multicast
address lists are flushed.
netdev->destructor(), on the other hand, does not run until the
netdev references all go away.
Further complicating the situation is that netdev->destructor()
almost universally does also a free_netdev().
This creates a problem for the logic in register_netdevice().
Because all callers of register_netdevice() manage the freeing
of the netdev, and invoke free_netdev(dev) if register_netdevice()
fails.
If netdev_ops->ndo_init() succeeds, but something else fails inside
of register_netdevice(), it does call ndo_ops->ndo_uninit(). But
it is not able to invoke netdev->destructor().
This is because netdev->destructor() will do a free_netdev() and
then the caller of register_netdevice() will do the same.
However, this means that the resources that would normally be released
by netdev->destructor() will not be.
Over the years drivers have added local hacks to deal with this, by
invoking their destructor parts by hand when register_netdevice()
fails.
Many drivers do not try to deal with this, and instead we have leaks.
Let's close this hole by formalizing the distinction between what
private things need to be freed up by netdev->destructor() and whether
the driver needs unregister_netdevice() to perform the free_netdev().
netdev->priv_destructor() performs all actions to free up the private
resources that used to be freed by netdev->destructor(), except for
free_netdev().
netdev->needs_free_netdev is a boolean that indicates whether
free_netdev() should be done at the end of unregister_netdevice().
Now, register_netdevice() can sanely release all resources after
ndo_ops->ndo_init() succeeds, by invoking both ndo_ops->ndo_uninit()
and netdev->priv_destructor().
And at the end of unregister_netdevice(), we invoke
netdev->priv_destructor() and optionally call free_netdev().
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-05-09 01:52:56 +09:00
|
|
|
dev->needs_free_netdev = true;
|
|
|
|
|
dev->priv_destructor = ip6_dev_free;
|
2005-04-17 07:20:36 +09:00
|
|
|
|
|
|
|
|
dev->type = ARPHRD_TUNNEL6;
|
|
|
|
|
dev->flags |= IFF_NOARP;
|
|
|
|
|
dev->addr_len = sizeof(struct in6_addr);
|
2016-05-19 01:06:17 +09:00
|
|
|
dev->features |= NETIF_F_LLTX;
|
2014-10-06 10:38:35 +09:00
|
|
|
netif_keep_dst(dev);
|
2016-05-19 01:06:21 +09:00
|
|
|
|
|
|
|
|
dev->features |= IPXIPX_FEATURES;
|
|
|
|
|
dev->hw_features |= IPXIPX_FEATURES;
|
|
|
|
|
|
2013-08-20 19:16:06 +09:00
|
|
|
/* This perm addr will be used as interface identifier by IPv6 */
|
|
|
|
|
dev->addr_assign_type = NET_ADDR_RANDOM;
|
|
|
|
|
eth_random_addr(dev->perm_addr);
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_dev_init_gen - general initializer for all tunnel devices
|
2005-04-17 07:20:36 +09:00
|
|
|
* @dev: virtual device associated with tunnel
|
|
|
|
|
**/
|
|
|
|
|
|
2010-09-28 12:23:34 +09:00
|
|
|
static inline int
|
2007-02-10 00:30:33 +09:00
|
|
|
ip6_tnl_dev_init_gen(struct net_device *dev)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2006-01-09 15:05:26 +09:00
|
|
|
struct ip6_tnl *t = netdev_priv(dev);
|
2015-09-16 06:30:07 +09:00
|
|
|
int ret;
|
2016-05-19 01:06:17 +09:00
|
|
|
int t_hlen;
|
2010-09-28 12:23:34 +09:00
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
t->dev = dev;
|
2013-08-14 00:51:12 +09:00
|
|
|
t->net = dev_net(dev);
|
2014-02-14 04:46:28 +09:00
|
|
|
dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
|
2010-09-28 12:23:34 +09:00
|
|
|
if (!dev->tstats)
|
|
|
|
|
return -ENOMEM;
|
2015-09-16 06:30:07 +09:00
|
|
|
|
2016-02-12 23:43:54 +09:00
|
|
|
ret = dst_cache_init(&t->dst_cache, GFP_KERNEL);
|
2016-04-30 09:12:15 +09:00
|
|
|
if (ret)
|
|
|
|
|
goto free_stats;
|
|
|
|
|
|
|
|
|
|
ret = gro_cells_init(&t->gro_cells, dev);
|
|
|
|
|
if (ret)
|
|
|
|
|
goto destroy_dst;
|
2015-09-16 06:30:07 +09:00
|
|
|
|
2016-04-30 09:12:20 +09:00
|
|
|
t->tun_hlen = 0;
|
2016-05-19 01:06:17 +09:00
|
|
|
t->hlen = t->encap_hlen + t->tun_hlen;
|
|
|
|
|
t_hlen = t->hlen + sizeof(struct ipv6hdr);
|
|
|
|
|
|
|
|
|
|
dev->type = ARPHRD_TUNNEL6;
|
|
|
|
|
dev->hard_header_len = LL_MAX_HEADER + t_hlen;
|
|
|
|
|
dev->mtu = ETH_DATA_LEN - t_hlen;
|
|
|
|
|
if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT))
|
|
|
|
|
dev->mtu -= 8;
|
2016-10-21 02:55:24 +09:00
|
|
|
dev->min_mtu = ETH_MIN_MTU;
|
2018-05-31 17:59:33 +09:00
|
|
|
dev->max_mtu = IP6_MAX_MTU - dev->hard_header_len;
|
2016-04-30 09:12:20 +09:00
|
|
|
|
2021-03-30 15:45:51 +09:00
|
|
|
dev_hold(dev);
|
2010-09-28 12:23:34 +09:00
|
|
|
return 0;
|
2016-04-30 09:12:15 +09:00
|
|
|
|
|
|
|
|
destroy_dst:
|
|
|
|
|
dst_cache_destroy(&t->dst_cache);
|
|
|
|
|
free_stats:
|
|
|
|
|
free_percpu(dev->tstats);
|
|
|
|
|
dev->tstats = NULL;
|
|
|
|
|
|
|
|
|
|
return ret;
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_tnl_dev_init - initializer for all non fallback tunnel devices
|
2005-04-17 07:20:36 +09:00
|
|
|
* @dev: virtual device associated with tunnel
|
|
|
|
|
**/
|
|
|
|
|
|
2010-09-28 12:23:34 +09:00
|
|
|
static int ip6_tnl_dev_init(struct net_device *dev)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2006-01-09 15:05:26 +09:00
|
|
|
struct ip6_tnl *t = netdev_priv(dev);
|
2010-09-28 12:23:34 +09:00
|
|
|
int err = ip6_tnl_dev_init_gen(dev);
|
|
|
|
|
|
|
|
|
|
if (err)
|
|
|
|
|
return err;
|
2007-02-10 00:30:33 +09:00
|
|
|
ip6_tnl_link_config(t);
|
2020-01-22 05:49:54 +09:00
|
|
|
if (t->parms.collect_md)
|
2016-09-16 05:00:30 +09:00
|
|
|
netif_keep_dst(dev);
|
2010-09-28 12:23:34 +09:00
|
|
|
return 0;
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2007-02-10 00:30:33 +09:00
|
|
|
* ip6_fb_tnl_dev_init - initializer for fallback tunnel device
|
2005-04-17 07:20:36 +09:00
|
|
|
* @dev: fallback device
|
|
|
|
|
*
|
|
|
|
|
* Return: 0
|
|
|
|
|
**/
|
|
|
|
|
|
2010-09-28 12:23:34 +09:00
|
|
|
static int __net_init ip6_fb_tnl_dev_init(struct net_device *dev)
|
2005-04-17 07:20:36 +09:00
|
|
|
{
|
2006-01-09 15:05:26 +09:00
|
|
|
struct ip6_tnl *t = netdev_priv(dev);
|
2008-04-16 17:23:22 +09:00
|
|
|
struct net *net = dev_net(dev);
|
|
|
|
|
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
|
|
|
|
|
|
2006-11-30 14:43:28 +09:00
|
|
|
t->parms.proto = IPPROTO_IPV6;
|
2012-06-29 03:15:52 +09:00
|
|
|
|
2012-01-12 13:41:32 +09:00
|
|
|
rcu_assign_pointer(ip6n->tnls_wc[0], t);
|
2010-09-28 12:23:34 +09:00
|
|
|
return 0;
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
|
2017-06-26 06:56:01 +09:00
|
|
|
static int ip6_tnl_validate(struct nlattr *tb[], struct nlattr *data[],
|
|
|
|
|
struct netlink_ext_ack *extack)
|
2012-11-14 14:14:00 +09:00
|
|
|
{
|
|
|
|
|
u8 proto;
|
|
|
|
|
|
2014-05-10 03:41:32 +09:00
|
|
|
if (!data || !data[IFLA_IPTUN_PROTO])
|
2012-11-14 14:14:00 +09:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
|
|
|
|
|
if (proto != IPPROTO_IPV6 &&
|
|
|
|
|
proto != IPPROTO_IPIP &&
|
|
|
|
|
proto != 0)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void ip6_tnl_netlink_parms(struct nlattr *data[],
|
|
|
|
|
struct __ip6_tnl_parm *parms)
|
|
|
|
|
{
|
|
|
|
|
memset(parms, 0, sizeof(*parms));
|
|
|
|
|
|
|
|
|
|
if (!data)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_LINK])
|
|
|
|
|
parms->link = nla_get_u32(data[IFLA_IPTUN_LINK]);
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_LOCAL])
|
2015-03-29 23:59:26 +09:00
|
|
|
parms->laddr = nla_get_in6_addr(data[IFLA_IPTUN_LOCAL]);
|
2012-11-14 14:14:00 +09:00
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_REMOTE])
|
2015-03-29 23:59:26 +09:00
|
|
|
parms->raddr = nla_get_in6_addr(data[IFLA_IPTUN_REMOTE]);
|
2012-11-14 14:14:00 +09:00
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_TTL])
|
|
|
|
|
parms->hop_limit = nla_get_u8(data[IFLA_IPTUN_TTL]);
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_ENCAP_LIMIT])
|
|
|
|
|
parms->encap_limit = nla_get_u8(data[IFLA_IPTUN_ENCAP_LIMIT]);
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_FLOWINFO])
|
2012-11-15 13:06:42 +09:00
|
|
|
parms->flowinfo = nla_get_be32(data[IFLA_IPTUN_FLOWINFO]);
|
2012-11-14 14:14:00 +09:00
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_FLAGS])
|
|
|
|
|
parms->flags = nla_get_u32(data[IFLA_IPTUN_FLAGS]);
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_PROTO])
|
|
|
|
|
parms->proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
|
2016-09-16 05:00:30 +09:00
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_COLLECT_METADATA])
|
|
|
|
|
parms->collect_md = true;
|
2017-04-20 01:30:53 +09:00
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_FWMARK])
|
|
|
|
|
parms->fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]);
|
2012-11-14 14:14:00 +09:00
|
|
|
}
|
|
|
|
|
|
2016-05-19 01:06:20 +09:00
|
|
|
static bool ip6_tnl_netlink_encap_parms(struct nlattr *data[],
|
|
|
|
|
struct ip_tunnel_encap *ipencap)
|
|
|
|
|
{
|
|
|
|
|
bool ret = false;
|
|
|
|
|
|
|
|
|
|
memset(ipencap, 0, sizeof(*ipencap));
|
|
|
|
|
|
|
|
|
|
if (!data)
|
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_ENCAP_TYPE]) {
|
|
|
|
|
ret = true;
|
|
|
|
|
ipencap->type = nla_get_u16(data[IFLA_IPTUN_ENCAP_TYPE]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_ENCAP_FLAGS]) {
|
|
|
|
|
ret = true;
|
|
|
|
|
ipencap->flags = nla_get_u16(data[IFLA_IPTUN_ENCAP_FLAGS]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_ENCAP_SPORT]) {
|
|
|
|
|
ret = true;
|
|
|
|
|
ipencap->sport = nla_get_be16(data[IFLA_IPTUN_ENCAP_SPORT]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (data[IFLA_IPTUN_ENCAP_DPORT]) {
|
|
|
|
|
ret = true;
|
|
|
|
|
ipencap->dport = nla_get_be16(data[IFLA_IPTUN_ENCAP_DPORT]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-14 14:14:00 +09:00
|
|
|
static int ip6_tnl_newlink(struct net *src_net, struct net_device *dev,
|
2017-06-26 06:55:59 +09:00
|
|
|
struct nlattr *tb[], struct nlattr *data[],
|
|
|
|
|
struct netlink_ext_ack *extack)
|
2012-11-14 14:14:00 +09:00
|
|
|
{
|
|
|
|
|
struct net *net = dev_net(dev);
|
2016-09-16 05:00:30 +09:00
|
|
|
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
|
2016-05-19 01:06:20 +09:00
|
|
|
struct ip_tunnel_encap ipencap;
|
2018-02-27 20:19:40 +09:00
|
|
|
struct ip6_tnl *nt, *t;
|
|
|
|
|
int err;
|
2012-11-14 14:14:00 +09:00
|
|
|
|
|
|
|
|
nt = netdev_priv(dev);
|
2016-05-19 01:06:20 +09:00
|
|
|
|
|
|
|
|
if (ip6_tnl_netlink_encap_parms(data, &ipencap)) {
|
2018-02-27 20:19:40 +09:00
|
|
|
err = ip6_tnl_encap_setup(nt, &ipencap);
|
2016-05-19 01:06:20 +09:00
|
|
|
if (err < 0)
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-14 14:14:00 +09:00
|
|
|
ip6_tnl_netlink_parms(data, &nt->parms);
|
|
|
|
|
|
2016-09-16 05:00:30 +09:00
|
|
|
if (nt->parms.collect_md) {
|
|
|
|
|
if (rtnl_dereference(ip6n->collect_md_tun))
|
|
|
|
|
return -EEXIST;
|
|
|
|
|
} else {
|
|
|
|
|
t = ip6_tnl_locate(net, &nt->parms, 0);
|
|
|
|
|
if (!IS_ERR(t))
|
|
|
|
|
return -EEXIST;
|
|
|
|
|
}
|
2012-11-14 14:14:00 +09:00
|
|
|
|
2018-02-27 20:19:40 +09:00
|
|
|
err = ip6_tnl_create2(dev);
|
|
|
|
|
if (!err && tb[IFLA_MTU])
|
|
|
|
|
ip6_tnl_change_mtu(dev, nla_get_u32(tb[IFLA_MTU]));
|
|
|
|
|
|
|
|
|
|
return err;
|
2012-11-14 14:14:00 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int ip6_tnl_changelink(struct net_device *dev, struct nlattr *tb[],
|
2017-06-26 06:56:00 +09:00
|
|
|
struct nlattr *data[],
|
|
|
|
|
struct netlink_ext_ack *extack)
|
2012-11-14 14:14:00 +09:00
|
|
|
{
|
2013-08-14 00:51:12 +09:00
|
|
|
struct ip6_tnl *t = netdev_priv(dev);
|
2012-11-14 14:14:00 +09:00
|
|
|
struct __ip6_tnl_parm p;
|
2013-08-14 00:51:12 +09:00
|
|
|
struct net *net = t->net;
|
2012-11-14 14:14:00 +09:00
|
|
|
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
|
2016-05-19 01:06:20 +09:00
|
|
|
struct ip_tunnel_encap ipencap;
|
2012-11-14 14:14:00 +09:00
|
|
|
|
|
|
|
|
if (dev == ip6n->fb_tnl_dev)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
2016-05-19 01:06:20 +09:00
|
|
|
if (ip6_tnl_netlink_encap_parms(data, &ipencap)) {
|
|
|
|
|
int err = ip6_tnl_encap_setup(t, &ipencap);
|
|
|
|
|
|
|
|
|
|
if (err < 0)
|
|
|
|
|
return err;
|
|
|
|
|
}
|
2012-11-14 14:14:00 +09:00
|
|
|
ip6_tnl_netlink_parms(data, &p);
|
2016-09-16 05:00:30 +09:00
|
|
|
if (p.collect_md)
|
|
|
|
|
return -EINVAL;
|
2012-11-14 14:14:00 +09:00
|
|
|
|
|
|
|
|
t = ip6_tnl_locate(net, &p, 0);
|
2015-03-16 23:56:05 +09:00
|
|
|
if (!IS_ERR(t)) {
|
2012-11-14 14:14:00 +09:00
|
|
|
if (t->dev != dev)
|
|
|
|
|
return -EEXIST;
|
|
|
|
|
} else
|
|
|
|
|
t = netdev_priv(dev);
|
|
|
|
|
|
|
|
|
|
return ip6_tnl_update(t, &p);
|
|
|
|
|
}
|
|
|
|
|
|
2013-11-14 23:47:03 +09:00
|
|
|
static void ip6_tnl_dellink(struct net_device *dev, struct list_head *head)
|
|
|
|
|
{
|
|
|
|
|
struct net *net = dev_net(dev);
|
|
|
|
|
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
|
|
|
|
|
|
|
|
|
|
if (dev != ip6n->fb_tnl_dev)
|
|
|
|
|
unregister_netdevice_queue(dev, head);
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-14 14:13:59 +09:00
|
|
|
static size_t ip6_tnl_get_size(const struct net_device *dev)
|
2012-11-09 15:10:01 +09:00
|
|
|
{
|
|
|
|
|
return
|
|
|
|
|
/* IFLA_IPTUN_LINK */
|
|
|
|
|
nla_total_size(4) +
|
|
|
|
|
/* IFLA_IPTUN_LOCAL */
|
|
|
|
|
nla_total_size(sizeof(struct in6_addr)) +
|
|
|
|
|
/* IFLA_IPTUN_REMOTE */
|
|
|
|
|
nla_total_size(sizeof(struct in6_addr)) +
|
|
|
|
|
/* IFLA_IPTUN_TTL */
|
|
|
|
|
nla_total_size(1) +
|
|
|
|
|
/* IFLA_IPTUN_ENCAP_LIMIT */
|
|
|
|
|
nla_total_size(1) +
|
|
|
|
|
/* IFLA_IPTUN_FLOWINFO */
|
|
|
|
|
nla_total_size(4) +
|
|
|
|
|
/* IFLA_IPTUN_FLAGS */
|
|
|
|
|
nla_total_size(4) +
|
2012-11-14 14:13:58 +09:00
|
|
|
/* IFLA_IPTUN_PROTO */
|
|
|
|
|
nla_total_size(1) +
|
2016-05-19 01:06:20 +09:00
|
|
|
/* IFLA_IPTUN_ENCAP_TYPE */
|
|
|
|
|
nla_total_size(2) +
|
|
|
|
|
/* IFLA_IPTUN_ENCAP_FLAGS */
|
|
|
|
|
nla_total_size(2) +
|
|
|
|
|
/* IFLA_IPTUN_ENCAP_SPORT */
|
|
|
|
|
nla_total_size(2) +
|
|
|
|
|
/* IFLA_IPTUN_ENCAP_DPORT */
|
|
|
|
|
nla_total_size(2) +
|
2016-09-16 05:00:30 +09:00
|
|
|
/* IFLA_IPTUN_COLLECT_METADATA */
|
|
|
|
|
nla_total_size(0) +
|
2017-04-20 01:30:53 +09:00
|
|
|
/* IFLA_IPTUN_FWMARK */
|
|
|
|
|
nla_total_size(4) +
|
2012-11-09 15:10:01 +09:00
|
|
|
0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-11-14 14:13:59 +09:00
|
|
|
static int ip6_tnl_fill_info(struct sk_buff *skb, const struct net_device *dev)
|
2012-11-09 15:10:01 +09:00
|
|
|
{
|
|
|
|
|
struct ip6_tnl *tunnel = netdev_priv(dev);
|
|
|
|
|
struct __ip6_tnl_parm *parm = &tunnel->parms;
|
|
|
|
|
|
|
|
|
|
if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
|
2015-03-29 23:59:25 +09:00
|
|
|
nla_put_in6_addr(skb, IFLA_IPTUN_LOCAL, &parm->laddr) ||
|
|
|
|
|
nla_put_in6_addr(skb, IFLA_IPTUN_REMOTE, &parm->raddr) ||
|
2012-11-09 15:10:01 +09:00
|
|
|
nla_put_u8(skb, IFLA_IPTUN_TTL, parm->hop_limit) ||
|
|
|
|
|
nla_put_u8(skb, IFLA_IPTUN_ENCAP_LIMIT, parm->encap_limit) ||
|
|
|
|
|
nla_put_be32(skb, IFLA_IPTUN_FLOWINFO, parm->flowinfo) ||
|
2012-11-14 14:13:58 +09:00
|
|
|
nla_put_u32(skb, IFLA_IPTUN_FLAGS, parm->flags) ||
|
2017-04-20 01:30:53 +09:00
|
|
|
nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->proto) ||
|
|
|
|
|
nla_put_u32(skb, IFLA_IPTUN_FWMARK, parm->fwmark))
|
2012-11-09 15:10:01 +09:00
|
|
|
goto nla_put_failure;
|
2016-05-19 01:06:20 +09:00
|
|
|
|
2016-09-16 05:00:30 +09:00
|
|
|
if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE, tunnel->encap.type) ||
|
|
|
|
|
nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT, tunnel->encap.sport) ||
|
|
|
|
|
nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT, tunnel->encap.dport) ||
|
|
|
|
|
nla_put_u16(skb, IFLA_IPTUN_ENCAP_FLAGS, tunnel->encap.flags))
|
2016-05-19 01:06:20 +09:00
|
|
|
goto nla_put_failure;
|
|
|
|
|
|
2016-09-16 05:00:30 +09:00
|
|
|
if (parm->collect_md)
|
|
|
|
|
if (nla_put_flag(skb, IFLA_IPTUN_COLLECT_METADATA))
|
|
|
|
|
goto nla_put_failure;
|
2017-04-20 01:30:53 +09:00
|
|
|
|
2012-11-09 15:10:01 +09:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
nla_put_failure:
|
|
|
|
|
return -EMSGSIZE;
|
|
|
|
|
}
|
|
|
|
|
|
2015-01-15 23:11:17 +09:00
|
|
|
struct net *ip6_tnl_get_link_net(const struct net_device *dev)
|
|
|
|
|
{
|
|
|
|
|
struct ip6_tnl *tunnel = netdev_priv(dev);
|
|
|
|
|
|
|
|
|
|
return tunnel->net;
|
|
|
|
|
}
|
|
|
|
|
EXPORT_SYMBOL(ip6_tnl_get_link_net);
|
|
|
|
|
|
2012-11-14 14:14:00 +09:00
|
|
|
static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {
|
|
|
|
|
[IFLA_IPTUN_LINK] = { .type = NLA_U32 },
|
|
|
|
|
[IFLA_IPTUN_LOCAL] = { .len = sizeof(struct in6_addr) },
|
|
|
|
|
[IFLA_IPTUN_REMOTE] = { .len = sizeof(struct in6_addr) },
|
|
|
|
|
[IFLA_IPTUN_TTL] = { .type = NLA_U8 },
|
|
|
|
|
[IFLA_IPTUN_ENCAP_LIMIT] = { .type = NLA_U8 },
|
|
|
|
|
[IFLA_IPTUN_FLOWINFO] = { .type = NLA_U32 },
|
|
|
|
|
[IFLA_IPTUN_FLAGS] = { .type = NLA_U32 },
|
|
|
|
|
[IFLA_IPTUN_PROTO] = { .type = NLA_U8 },
|
2016-05-19 01:06:20 +09:00
|
|
|
[IFLA_IPTUN_ENCAP_TYPE] = { .type = NLA_U16 },
|
|
|
|
|
[IFLA_IPTUN_ENCAP_FLAGS] = { .type = NLA_U16 },
|
|
|
|
|
[IFLA_IPTUN_ENCAP_SPORT] = { .type = NLA_U16 },
|
|
|
|
|
[IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 },
|
2016-09-16 05:00:30 +09:00
|
|
|
[IFLA_IPTUN_COLLECT_METADATA] = { .type = NLA_FLAG },
|
2017-04-20 01:30:53 +09:00
|
|
|
[IFLA_IPTUN_FWMARK] = { .type = NLA_U32 },
|
2012-11-14 14:14:00 +09:00
|
|
|
};
|
|
|
|
|
|
2012-11-09 15:10:01 +09:00
|
|
|
static struct rtnl_link_ops ip6_link_ops __read_mostly = {
|
|
|
|
|
.kind = "ip6tnl",
|
|
|
|
|
.maxtype = IFLA_IPTUN_MAX,
|
2012-11-14 14:14:00 +09:00
|
|
|
.policy = ip6_tnl_policy,
|
2012-11-09 15:10:01 +09:00
|
|
|
.priv_size = sizeof(struct ip6_tnl),
|
2012-11-14 14:14:00 +09:00
|
|
|
.setup = ip6_tnl_dev_setup,
|
|
|
|
|
.validate = ip6_tnl_validate,
|
|
|
|
|
.newlink = ip6_tnl_newlink,
|
|
|
|
|
.changelink = ip6_tnl_changelink,
|
2013-11-14 23:47:03 +09:00
|
|
|
.dellink = ip6_tnl_dellink,
|
2012-11-14 14:13:59 +09:00
|
|
|
.get_size = ip6_tnl_get_size,
|
|
|
|
|
.fill_info = ip6_tnl_fill_info,
|
2015-01-15 23:11:17 +09:00
|
|
|
.get_link_net = ip6_tnl_get_link_net,
|
2012-11-09 15:10:01 +09:00
|
|
|
};
|
|
|
|
|
|
2010-08-30 19:27:10 +09:00
|
|
|
static struct xfrm6_tunnel ip4ip6_handler __read_mostly = {
|
2007-02-15 00:43:16 +09:00
|
|
|
.handler = ip4ip6_rcv,
|
|
|
|
|
.err_handler = ip4ip6_err,
|
|
|
|
|
.priority = 1,
|
|
|
|
|
};
|
|
|
|
|
|
2010-08-30 19:27:10 +09:00
|
|
|
static struct xfrm6_tunnel ip6ip6_handler __read_mostly = {
|
2005-07-20 06:03:34 +09:00
|
|
|
.handler = ip6ip6_rcv,
|
|
|
|
|
.err_handler = ip6ip6_err,
|
2006-03-28 18:12:13 +09:00
|
|
|
.priority = 1,
|
2005-04-17 07:20:36 +09:00
|
|
|
};
|
|
|
|
|
|
2017-09-20 08:27:08 +09:00
|
|
|
static void __net_exit ip6_tnl_destroy_tunnels(struct net *net, struct list_head *list)
|
2008-04-16 17:23:22 +09:00
|
|
|
{
|
2013-11-14 23:47:03 +09:00
|
|
|
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
|
2013-08-14 00:51:12 +09:00
|
|
|
struct net_device *dev, *aux;
|
2008-04-16 17:23:22 +09:00
|
|
|
int h;
|
|
|
|
|
struct ip6_tnl *t;
|
|
|
|
|
|
2013-08-14 00:51:12 +09:00
|
|
|
for_each_netdev_safe(net, dev, aux)
|
|
|
|
|
if (dev->rtnl_link_ops == &ip6_link_ops)
|
2017-09-20 08:27:08 +09:00
|
|
|
unregister_netdevice_queue(dev, list);
|
2013-08-14 00:51:12 +09:00
|
|
|
|
2016-08-10 18:03:35 +09:00
|
|
|
for (h = 0; h < IP6_TUNNEL_HASH_SIZE; h++) {
|
2010-09-16 05:25:34 +09:00
|
|
|
t = rtnl_dereference(ip6n->tnls_r_l[h]);
|
2015-03-29 22:00:05 +09:00
|
|
|
while (t) {
|
2013-08-14 00:51:12 +09:00
|
|
|
/* If dev is in the same netns, it has already
|
|
|
|
|
* been added to the list by the previous loop.
|
|
|
|
|
*/
|
|
|
|
|
if (!net_eq(dev_net(t->dev), net))
|
2017-09-20 08:27:08 +09:00
|
|
|
unregister_netdevice_queue(t->dev, list);
|
2010-09-16 05:25:34 +09:00
|
|
|
t = rtnl_dereference(t->next);
|
2009-10-28 14:16:51 +09:00
|
|
|
}
|
2008-04-16 17:23:22 +09:00
|
|
|
}
|
2021-04-13 02:41:17 +09:00
|
|
|
|
|
|
|
|
t = rtnl_dereference(ip6n->tnls_wc[0]);
|
|
|
|
|
while (t) {
|
|
|
|
|
/* If dev is in the same netns, it has already
|
|
|
|
|
* been added to the list by the previous loop.
|
|
|
|
|
*/
|
|
|
|
|
if (!net_eq(dev_net(t->dev), net))
|
|
|
|
|
unregister_netdevice_queue(t->dev, list);
|
|
|
|
|
t = rtnl_dereference(t->next);
|
|
|
|
|
}
|
2008-04-16 17:23:22 +09:00
|
|
|
}
|
|
|
|
|
|
2010-01-17 12:35:32 +09:00
|
|
|
static int __net_init ip6_tnl_init_net(struct net *net)
|
2008-04-16 17:22:02 +09:00
|
|
|
{
|
2009-11-30 00:46:15 +09:00
|
|
|
struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
|
2011-11-11 00:10:23 +09:00
|
|
|
struct ip6_tnl *t = NULL;
|
2008-04-16 17:22:02 +09:00
|
|
|
int err;
|
|
|
|
|
|
2008-04-16 17:23:22 +09:00
|
|
|
ip6n->tnls[0] = ip6n->tnls_wc;
|
|
|
|
|
ip6n->tnls[1] = ip6n->tnls_r_l;
|
|
|
|
|
|
net: do not create fallback tunnels for non-default namespaces
fallback tunnels (like tunl0, gre0, gretap0, erspan0, sit0,
ip6tnl0, ip6gre0) are automatically created when the corresponding
module is loaded.
These tunnels are also automatically created when a new network
namespace is created, at a great cost.
In many cases, netns are used for isolation purposes, and these
extra network devices are a waste of resources. We are using
thousands of netns per host, and hit the netns creation/delete
bottleneck a lot. (Many thanks to Kirill for recent work on this)
Add a new sysctl so that we can opt-out from this automatic creation.
Note that these tunnels are still created for the initial namespace,
to be the least intrusive for typical setups.
Tested:
lpk43:~# cat add_del_unshare.sh
for i in `seq 1 40`
do
(for j in `seq 1 100` ; do unshare -n /bin/true >/dev/null ; done) &
done
wait
lpk43:~# echo 0 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh
real 0m37.521s
user 0m0.886s
sys 7m7.084s
lpk43:~# echo 1 >/proc/sys/net/core/fb_tunnels_only_for_init_net
lpk43:~# time ./add_del_unshare.sh
real 0m4.761s
user 0m0.851s
sys 1m8.343s
lpk43:~#
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-09 05:51:41 +09:00
|
|
|
if (!net_has_fallback_tunnels(net))
|
|
|
|
|
return 0;
|
2008-04-16 17:23:02 +09:00
|
|
|
err = -ENOMEM;
|
|
|
|
|
ip6n->fb_tnl_dev = alloc_netdev(sizeof(struct ip6_tnl), "ip6tnl0",
|
net: set name_assign_type in alloc_netdev()
Extend alloc_netdev{,_mq{,s}}() to take name_assign_type as argument, and convert
all users to pass NET_NAME_UNKNOWN.
Coccinelle patch:
@@
expression sizeof_priv, name, setup, txqs, rxqs, count;
@@
(
-alloc_netdev_mqs(sizeof_priv, name, setup, txqs, rxqs)
+alloc_netdev_mqs(sizeof_priv, name, NET_NAME_UNKNOWN, setup, txqs, rxqs)
|
-alloc_netdev_mq(sizeof_priv, name, setup, count)
+alloc_netdev_mq(sizeof_priv, name, NET_NAME_UNKNOWN, setup, count)
|
-alloc_netdev(sizeof_priv, name, setup)
+alloc_netdev(sizeof_priv, name, NET_NAME_UNKNOWN, setup)
)
v9: move comments here from the wrong commit
Signed-off-by: Tom Gundersen <teg@jklm.no>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-07-14 23:37:24 +09:00
|
|
|
NET_NAME_UNKNOWN, ip6_tnl_dev_setup);
|
2008-04-16 17:23:02 +09:00
|
|
|
|
|
|
|
|
if (!ip6n->fb_tnl_dev)
|
|
|
|
|
goto err_alloc_dev;
|
2008-11-24 10:26:26 +09:00
|
|
|
dev_net_set(ip6n->fb_tnl_dev, net);
|
2013-10-02 01:05:00 +09:00
|
|
|
ip6n->fb_tnl_dev->rtnl_link_ops = &ip6_link_ops;
|
2013-08-14 00:51:12 +09:00
|
|
|
/* FB netdevice is special: we have one, and only one per netns.
|
|
|
|
|
* Allowing to move it to another netns is clearly unsafe.
|
|
|
|
|
*/
|
|
|
|
|
ip6n->fb_tnl_dev->features |= NETIF_F_NETNS_LOCAL;
|
2008-04-16 17:23:02 +09:00
|
|
|
|
2010-09-28 12:23:34 +09:00
|
|
|
err = ip6_fb_tnl_dev_init(ip6n->fb_tnl_dev);
|
|
|
|
|
if (err < 0)
|
|
|
|
|
goto err_register;
|
2008-04-16 17:23:02 +09:00
|
|
|
|
|
|
|
|
err = register_netdev(ip6n->fb_tnl_dev);
|
|
|
|
|
if (err < 0)
|
|
|
|
|
goto err_register;
|
2011-11-11 00:10:23 +09:00
|
|
|
|
|
|
|
|
t = netdev_priv(ip6n->fb_tnl_dev);
|
|
|
|
|
|
|
|
|
|
strcpy(t->parms.name, ip6n->fb_tnl_dev->name);
|
2008-04-16 17:22:02 +09:00
|
|
|
return 0;
|
|
|
|
|
|
2008-04-16 17:23:02 +09:00
|
|
|
err_register:
|
net: Fix inconsistent teardown and release of private netdev state.
Network devices can allocate reasources and private memory using
netdev_ops->ndo_init(). However, the release of these resources
can occur in one of two different places.
Either netdev_ops->ndo_uninit() or netdev->destructor().
The decision of which operation frees the resources depends upon
whether it is necessary for all netdev refs to be released before it
is safe to perform the freeing.
netdev_ops->ndo_uninit() presumably can occur right after the
NETDEV_UNREGISTER notifier completes and the unicast and multicast
address lists are flushed.
netdev->destructor(), on the other hand, does not run until the
netdev references all go away.
Further complicating the situation is that netdev->destructor()
almost universally does also a free_netdev().
This creates a problem for the logic in register_netdevice().
Because all callers of register_netdevice() manage the freeing
of the netdev, and invoke free_netdev(dev) if register_netdevice()
fails.
If netdev_ops->ndo_init() succeeds, but something else fails inside
of register_netdevice(), it does call ndo_ops->ndo_uninit(). But
it is not able to invoke netdev->destructor().
This is because netdev->destructor() will do a free_netdev() and
then the caller of register_netdevice() will do the same.
However, this means that the resources that would normally be released
by netdev->destructor() will not be.
Over the years drivers have added local hacks to deal with this, by
invoking their destructor parts by hand when register_netdevice()
fails.
Many drivers do not try to deal with this, and instead we have leaks.
Let's close this hole by formalizing the distinction between what
private things need to be freed up by netdev->destructor() and whether
the driver needs unregister_netdevice() to perform the free_netdev().
netdev->priv_destructor() performs all actions to free up the private
resources that used to be freed by netdev->destructor(), except for
free_netdev().
netdev->needs_free_netdev is a boolean that indicates whether
free_netdev() should be done at the end of unregister_netdevice().
Now, register_netdevice() can sanely release all resources after
ndo_ops->ndo_init() succeeds, by invoking both ndo_ops->ndo_uninit()
and netdev->priv_destructor().
And at the end of unregister_netdevice(), we invoke
netdev->priv_destructor() and optionally call free_netdev().
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-05-09 01:52:56 +09:00
|
|
|
free_netdev(ip6n->fb_tnl_dev);
|
2008-04-16 17:23:02 +09:00
|
|
|
err_alloc_dev:
|
2008-04-16 17:22:02 +09:00
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-20 08:27:08 +09:00
|
|
|
static void __net_exit ip6_tnl_exit_batch_net(struct list_head *net_list)
|
2008-04-16 17:22:02 +09:00
|
|
|
{
|
2017-09-20 08:27:08 +09:00
|
|
|
struct net *net;
|
|
|
|
|
LIST_HEAD(list);
|
|
|
|
|
|
2008-04-16 17:23:22 +09:00
|
|
|
rtnl_lock();
|
2017-09-20 08:27:08 +09:00
|
|
|
list_for_each_entry(net, net_list, exit_list)
|
|
|
|
|
ip6_tnl_destroy_tunnels(net, &list);
|
|
|
|
|
unregister_netdevice_many(&list);
|
2008-04-16 17:23:22 +09:00
|
|
|
rtnl_unlock();
|
2008-04-16 17:22:02 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct pernet_operations ip6_tnl_net_ops = {
|
|
|
|
|
.init = ip6_tnl_init_net,
|
2017-09-20 08:27:08 +09:00
|
|
|
.exit_batch = ip6_tnl_exit_batch_net,
|
2009-11-30 00:46:15 +09:00
|
|
|
.id = &ip6_tnl_net_id,
|
|
|
|
|
.size = sizeof(struct ip6_tnl_net),
|
2008-04-16 17:22:02 +09:00
|
|
|
};
|
|
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
/**
|
|
|
|
|
* ip6_tunnel_init - register protocol and reserve needed resources
|
|
|
|
|
*
|
|
|
|
|
* Return: 0 on success
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
|
|
static int __init ip6_tunnel_init(void)
|
|
|
|
|
{
|
|
|
|
|
int err;
|
|
|
|
|
|
2017-09-15 16:58:33 +09:00
|
|
|
if (!ipv6_mod_enabled())
|
|
|
|
|
return -EOPNOTSUPP;
|
|
|
|
|
|
2010-02-16 18:05:04 +09:00
|
|
|
err = register_pernet_device(&ip6_tnl_net_ops);
|
|
|
|
|
if (err < 0)
|
|
|
|
|
goto out_pernet;
|
|
|
|
|
|
|
|
|
|
err = xfrm6_tunnel_register(&ip4ip6_handler, AF_INET);
|
|
|
|
|
if (err < 0) {
|
2012-05-15 23:11:53 +09:00
|
|
|
pr_err("%s: can't register ip4ip6\n", __func__);
|
2010-02-16 18:05:04 +09:00
|
|
|
goto out_ip4ip6;
|
2007-02-15 00:43:16 +09:00
|
|
|
}
|
|
|
|
|
|
2010-02-16 18:05:04 +09:00
|
|
|
err = xfrm6_tunnel_register(&ip6ip6_handler, AF_INET6);
|
|
|
|
|
if (err < 0) {
|
2012-05-15 23:11:53 +09:00
|
|
|
pr_err("%s: can't register ip6ip6\n", __func__);
|
2010-02-16 18:05:04 +09:00
|
|
|
goto out_ip6ip6;
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
2012-11-09 15:10:01 +09:00
|
|
|
err = rtnl_link_register(&ip6_link_ops);
|
|
|
|
|
if (err < 0)
|
|
|
|
|
goto rtnl_link_failed;
|
2008-04-16 17:22:02 +09:00
|
|
|
|
2005-04-17 07:20:36 +09:00
|
|
|
return 0;
|
2010-02-16 18:05:04 +09:00
|
|
|
|
2012-11-09 15:10:01 +09:00
|
|
|
rtnl_link_failed:
|
|
|
|
|
xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6);
|
2010-02-16 18:05:04 +09:00
|
|
|
out_ip6ip6:
|
2007-02-15 00:43:16 +09:00
|
|
|
xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET);
|
2010-02-16 18:05:04 +09:00
|
|
|
out_ip4ip6:
|
|
|
|
|
unregister_pernet_device(&ip6_tnl_net_ops);
|
|
|
|
|
out_pernet:
|
2005-04-17 07:20:36 +09:00
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* ip6_tunnel_cleanup - free resources and unregister protocol
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
|
|
static void __exit ip6_tunnel_cleanup(void)
|
|
|
|
|
{
|
2012-11-09 15:10:01 +09:00
|
|
|
rtnl_link_unregister(&ip6_link_ops);
|
2007-02-15 00:43:16 +09:00
|
|
|
if (xfrm6_tunnel_deregister(&ip4ip6_handler, AF_INET))
|
2012-05-15 23:11:53 +09:00
|
|
|
pr_info("%s: can't deregister ip4ip6\n", __func__);
|
2007-02-15 00:43:16 +09:00
|
|
|
|
2007-02-14 05:55:55 +09:00
|
|
|
if (xfrm6_tunnel_deregister(&ip6ip6_handler, AF_INET6))
|
2012-05-15 23:11:53 +09:00
|
|
|
pr_info("%s: can't deregister ip6ip6\n", __func__);
|
2005-04-17 07:20:36 +09:00
|
|
|
|
2009-11-30 00:46:15 +09:00
|
|
|
unregister_pernet_device(&ip6_tnl_net_ops);
|
2005-04-17 07:20:36 +09:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
module_init(ip6_tunnel_init);
|
|
|
|
|
module_exit(ip6_tunnel_cleanup);
|