Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
[linux-2.6.git] / net / ipv4 / ipip.c
1 /*
2  *      Linux NET3:     IP/IP protocol decoder.
3  *
4  *      Authors:
5  *              Sam Lantinga (slouken@cs.ucdavis.edu)  02/01/95
6  *
7  *      Fixes:
8  *              Alan Cox        :       Merged and made usable non modular (its so tiny its silly as
9  *                                      a module taking up 2 pages).
10  *              Alan Cox        :       Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
11  *                                      to keep ip_forward happy.
12  *              Alan Cox        :       More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
13  *              Kai Schulte     :       Fixed #defines for IP_FIREWALL->FIREWALL
14  *              David Woodhouse :       Perform some basic ICMP handling.
15  *                                      IPIP Routing without decapsulation.
16  *              Carlos Picoto   :       GRE over IP support
17  *              Alexey Kuznetsov:       Reworked. Really, now it is truncated version of ipv4/ip_gre.c.
18  *                                      I do not want to merge them together.
19  *
20  *      This program is free software; you can redistribute it and/or
21  *      modify it under the terms of the GNU General Public License
22  *      as published by the Free Software Foundation; either version
23  *      2 of the License, or (at your option) any later version.
24  *
25  */
26
27 /* tunnel.c: an IP tunnel driver
28
29         The purpose of this driver is to provide an IP tunnel through
30         which you can tunnel network traffic transparently across subnets.
31
32         This was written by looking at Nick Holloway's dummy driver
33         Thanks for the great code!
34
35                 -Sam Lantinga   (slouken@cs.ucdavis.edu)  02/01/95
36
37         Minor tweaks:
38                 Cleaned up the code a little and added some pre-1.3.0 tweaks.
39                 dev->hard_header/hard_header_len changed to use no headers.
40                 Comments/bracketing tweaked.
41                 Made the tunnels use dev->name not tunnel: when error reporting.
42                 Added tx_dropped stat
43
44                 -Alan Cox       (alan@lxorguk.ukuu.org.uk) 21 March 95
45
46         Reworked:
47                 Changed to tunnel to destination gateway in addition to the
48                         tunnel's pointopoint address
49                 Almost completely rewritten
50                 Note:  There is currently no firewall or ICMP handling done.
51
52                 -Sam Lantinga   (slouken@cs.ucdavis.edu) 02/13/96
53
54 */
55
56 /* Things I wish I had known when writing the tunnel driver:
57
58         When the tunnel_xmit() function is called, the skb contains the
59         packet to be sent (plus a great deal of extra info), and dev
60         contains the tunnel device that _we_ are.
61
62         When we are passed a packet, we are expected to fill in the
63         source address with our source IP address.
64
65         What is the proper way to allocate, copy and free a buffer?
66         After you allocate it, it is a "0 length" chunk of memory
67         starting at zero.  If you want to add headers to the buffer
68         later, you'll have to call "skb_reserve(skb, amount)" with
69         the amount of memory you want reserved.  Then, you call
70         "skb_put(skb, amount)" with the amount of space you want in
71         the buffer.  skb_put() returns a pointer to the top (#0) of
72         that buffer.  skb->len is set to the amount of space you have
73         "allocated" with skb_put().  You can then write up to skb->len
74         bytes to that buffer.  If you need more, you can call skb_put()
75         again with the additional amount of space you need.  You can
76         find out how much more space you can allocate by calling
77         "skb_tailroom(skb)".
78         Now, to add header space, call "skb_push(skb, header_len)".
79         This creates space at the beginning of the buffer and returns
80         a pointer to this new space.  If later you need to strip a
81         header from a buffer, call "skb_pull(skb, header_len)".
82         skb_headroom() will return how much space is left at the top
83         of the buffer (before the main data).  Remember, this headroom
84         space must be reserved before the skb_put() function is called.
85         */
86
87 /*
88    This version of net/ipv4/ipip.c is cloned of net/ipv4/ip_gre.c
89
90    For comments look at net/ipv4/ip_gre.c --ANK
91  */
92
93
94 #include <linux/capability.h>
95 #include <linux/module.h>
96 #include <linux/types.h>
97 #include <linux/kernel.h>
98 #include <linux/slab.h>
99 #include <asm/uaccess.h>
100 #include <linux/skbuff.h>
101 #include <linux/netdevice.h>
102 #include <linux/in.h>
103 #include <linux/tcp.h>
104 #include <linux/udp.h>
105 #include <linux/if_arp.h>
106 #include <linux/mroute.h>
107 #include <linux/init.h>
108 #include <linux/netfilter_ipv4.h>
109 #include <linux/if_ether.h>
110
111 #include <net/sock.h>
112 #include <net/ip.h>
113 #include <net/icmp.h>
114 #include <net/ipip.h>
115 #include <net/inet_ecn.h>
116 #include <net/xfrm.h>
117 #include <net/net_namespace.h>
118 #include <net/netns/generic.h>
119
120 #define HASH_SIZE  16
121 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
122
123 static int ipip_net_id __read_mostly;
124 struct ipip_net {
125         struct ip_tunnel __rcu *tunnels_r_l[HASH_SIZE];
126         struct ip_tunnel __rcu *tunnels_r[HASH_SIZE];
127         struct ip_tunnel __rcu *tunnels_l[HASH_SIZE];
128         struct ip_tunnel __rcu *tunnels_wc[1];
129         struct ip_tunnel __rcu **tunnels[4];
130
131         struct net_device *fb_tunnel_dev;
132 };
133
134 static int ipip_tunnel_init(struct net_device *dev);
135 static void ipip_tunnel_setup(struct net_device *dev);
136 static void ipip_dev_free(struct net_device *dev);
137
138 /*
139  * Locking : hash tables are protected by RCU and RTNL
140  */
141
142 #define for_each_ip_tunnel_rcu(start) \
143         for (t = rcu_dereference(start); t; t = rcu_dereference(t->next))
144
145 /* often modified stats are per cpu, other are shared (netdev->stats) */
146 struct pcpu_tstats {
147         unsigned long   rx_packets;
148         unsigned long   rx_bytes;
149         unsigned long   tx_packets;
150         unsigned long   tx_bytes;
151 };
152
153 static struct net_device_stats *ipip_get_stats(struct net_device *dev)
154 {
155         struct pcpu_tstats sum = { 0 };
156         int i;
157
158         for_each_possible_cpu(i) {
159                 const struct pcpu_tstats *tstats = per_cpu_ptr(dev->tstats, i);
160
161                 sum.rx_packets += tstats->rx_packets;
162                 sum.rx_bytes   += tstats->rx_bytes;
163                 sum.tx_packets += tstats->tx_packets;
164                 sum.tx_bytes   += tstats->tx_bytes;
165         }
166         dev->stats.rx_packets = sum.rx_packets;
167         dev->stats.rx_bytes   = sum.rx_bytes;
168         dev->stats.tx_packets = sum.tx_packets;
169         dev->stats.tx_bytes   = sum.tx_bytes;
170         return &dev->stats;
171 }
172
173 static struct ip_tunnel * ipip_tunnel_lookup(struct net *net,
174                 __be32 remote, __be32 local)
175 {
176         unsigned int h0 = HASH(remote);
177         unsigned int h1 = HASH(local);
178         struct ip_tunnel *t;
179         struct ipip_net *ipn = net_generic(net, ipip_net_id);
180
181         for_each_ip_tunnel_rcu(ipn->tunnels_r_l[h0 ^ h1])
182                 if (local == t->parms.iph.saddr &&
183                     remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
184                         return t;
185
186         for_each_ip_tunnel_rcu(ipn->tunnels_r[h0])
187                 if (remote == t->parms.iph.daddr && (t->dev->flags&IFF_UP))
188                         return t;
189
190         for_each_ip_tunnel_rcu(ipn->tunnels_l[h1])
191                 if (local == t->parms.iph.saddr && (t->dev->flags&IFF_UP))
192                         return t;
193
194         t = rcu_dereference(ipn->tunnels_wc[0]);
195         if (t && (t->dev->flags&IFF_UP))
196                 return t;
197         return NULL;
198 }
199
200 static struct ip_tunnel __rcu **__ipip_bucket(struct ipip_net *ipn,
201                 struct ip_tunnel_parm *parms)
202 {
203         __be32 remote = parms->iph.daddr;
204         __be32 local = parms->iph.saddr;
205         unsigned int h = 0;
206         int prio = 0;
207
208         if (remote) {
209                 prio |= 2;
210                 h ^= HASH(remote);
211         }
212         if (local) {
213                 prio |= 1;
214                 h ^= HASH(local);
215         }
216         return &ipn->tunnels[prio][h];
217 }
218
219 static inline struct ip_tunnel __rcu **ipip_bucket(struct ipip_net *ipn,
220                 struct ip_tunnel *t)
221 {
222         return __ipip_bucket(ipn, &t->parms);
223 }
224
225 static void ipip_tunnel_unlink(struct ipip_net *ipn, struct ip_tunnel *t)
226 {
227         struct ip_tunnel __rcu **tp;
228         struct ip_tunnel *iter;
229
230         for (tp = ipip_bucket(ipn, t);
231              (iter = rtnl_dereference(*tp)) != NULL;
232              tp = &iter->next) {
233                 if (t == iter) {
234                         rcu_assign_pointer(*tp, t->next);
235                         break;
236                 }
237         }
238 }
239
240 static void ipip_tunnel_link(struct ipip_net *ipn, struct ip_tunnel *t)
241 {
242         struct ip_tunnel __rcu **tp = ipip_bucket(ipn, t);
243
244         rcu_assign_pointer(t->next, rtnl_dereference(*tp));
245         rcu_assign_pointer(*tp, t);
246 }
247
248 static struct ip_tunnel * ipip_tunnel_locate(struct net *net,
249                 struct ip_tunnel_parm *parms, int create)
250 {
251         __be32 remote = parms->iph.daddr;
252         __be32 local = parms->iph.saddr;
253         struct ip_tunnel *t, *nt;
254         struct ip_tunnel __rcu **tp;
255         struct net_device *dev;
256         char name[IFNAMSIZ];
257         struct ipip_net *ipn = net_generic(net, ipip_net_id);
258
259         for (tp = __ipip_bucket(ipn, parms);
260                  (t = rtnl_dereference(*tp)) != NULL;
261                  tp = &t->next) {
262                 if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr)
263                         return t;
264         }
265         if (!create)
266                 return NULL;
267
268         if (parms->name[0])
269                 strlcpy(name, parms->name, IFNAMSIZ);
270         else
271                 strcpy(name, "tunl%d");
272
273         dev = alloc_netdev(sizeof(*t), name, ipip_tunnel_setup);
274         if (dev == NULL)
275                 return NULL;
276
277         dev_net_set(dev, net);
278
279         nt = netdev_priv(dev);
280         nt->parms = *parms;
281
282         if (ipip_tunnel_init(dev) < 0)
283                 goto failed_free;
284
285         if (register_netdevice(dev) < 0)
286                 goto failed_free;
287
288         dev_hold(dev);
289         ipip_tunnel_link(ipn, nt);
290         return nt;
291
292 failed_free:
293         ipip_dev_free(dev);
294         return NULL;
295 }
296
297 /* called with RTNL */
298 static void ipip_tunnel_uninit(struct net_device *dev)
299 {
300         struct net *net = dev_net(dev);
301         struct ipip_net *ipn = net_generic(net, ipip_net_id);
302
303         if (dev == ipn->fb_tunnel_dev)
304                 rcu_assign_pointer(ipn->tunnels_wc[0], NULL);
305         else
306                 ipip_tunnel_unlink(ipn, netdev_priv(dev));
307         dev_put(dev);
308 }
309
310 static int ipip_err(struct sk_buff *skb, u32 info)
311 {
312
313 /* All the routers (except for Linux) return only
314    8 bytes of packet payload. It means, that precise relaying of
315    ICMP in the real Internet is absolutely infeasible.
316  */
317         const struct iphdr *iph = (const struct iphdr *)skb->data;
318         const int type = icmp_hdr(skb)->type;
319         const int code = icmp_hdr(skb)->code;
320         struct ip_tunnel *t;
321         int err;
322
323         switch (type) {
324         default:
325         case ICMP_PARAMETERPROB:
326                 return 0;
327
328         case ICMP_DEST_UNREACH:
329                 switch (code) {
330                 case ICMP_SR_FAILED:
331                 case ICMP_PORT_UNREACH:
332                         /* Impossible event. */
333                         return 0;
334                 case ICMP_FRAG_NEEDED:
335                         /* Soft state for pmtu is maintained by IP core. */
336                         return 0;
337                 default:
338                         /* All others are translated to HOST_UNREACH.
339                            rfc2003 contains "deep thoughts" about NET_UNREACH,
340                            I believe they are just ether pollution. --ANK
341                          */
342                         break;
343                 }
344                 break;
345         case ICMP_TIME_EXCEEDED:
346                 if (code != ICMP_EXC_TTL)
347                         return 0;
348                 break;
349         }
350
351         err = -ENOENT;
352
353         rcu_read_lock();
354         t = ipip_tunnel_lookup(dev_net(skb->dev), iph->daddr, iph->saddr);
355         if (t == NULL || t->parms.iph.daddr == 0)
356                 goto out;
357
358         err = 0;
359         if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
360                 goto out;
361
362         if (time_before(jiffies, t->err_time + IPTUNNEL_ERR_TIMEO))
363                 t->err_count++;
364         else
365                 t->err_count = 1;
366         t->err_time = jiffies;
367 out:
368         rcu_read_unlock();
369         return err;
370 }
371
372 static inline void ipip_ecn_decapsulate(const struct iphdr *outer_iph,
373                                         struct sk_buff *skb)
374 {
375         struct iphdr *inner_iph = ip_hdr(skb);
376
377         if (INET_ECN_is_ce(outer_iph->tos))
378                 IP_ECN_set_ce(inner_iph);
379 }
380
381 static int ipip_rcv(struct sk_buff *skb)
382 {
383         struct ip_tunnel *tunnel;
384         const struct iphdr *iph = ip_hdr(skb);
385
386         rcu_read_lock();
387         tunnel = ipip_tunnel_lookup(dev_net(skb->dev), iph->saddr, iph->daddr);
388         if (tunnel != NULL) {
389                 struct pcpu_tstats *tstats;
390
391                 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
392                         rcu_read_unlock();
393                         kfree_skb(skb);
394                         return 0;
395                 }
396
397                 secpath_reset(skb);
398
399                 skb->mac_header = skb->network_header;
400                 skb_reset_network_header(skb);
401                 skb->protocol = htons(ETH_P_IP);
402                 skb->pkt_type = PACKET_HOST;
403
404                 tstats = this_cpu_ptr(tunnel->dev->tstats);
405                 tstats->rx_packets++;
406                 tstats->rx_bytes += skb->len;
407
408                 __skb_tunnel_rx(skb, tunnel->dev);
409
410                 ipip_ecn_decapsulate(iph, skb);
411
412                 netif_rx(skb);
413
414                 rcu_read_unlock();
415                 return 0;
416         }
417         rcu_read_unlock();
418
419         return -1;
420 }
421
422 /*
423  *      This function assumes it is being called from dev_queue_xmit()
424  *      and that skb is filled properly by that function.
425  */
426
427 static netdev_tx_t ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
428 {
429         struct ip_tunnel *tunnel = netdev_priv(dev);
430         struct pcpu_tstats *tstats;
431         const struct iphdr  *tiph = &tunnel->parms.iph;
432         u8     tos = tunnel->parms.iph.tos;
433         __be16 df = tiph->frag_off;
434         struct rtable *rt;                      /* Route to the other host */
435         struct net_device *tdev;                /* Device to other host */
436         const struct iphdr  *old_iph = ip_hdr(skb);
437         struct iphdr  *iph;                     /* Our new IP header */
438         unsigned int max_headroom;              /* The extra header space needed */
439         __be32 dst = tiph->daddr;
440         struct flowi4 fl4;
441         int    mtu;
442
443         if (skb->protocol != htons(ETH_P_IP))
444                 goto tx_error;
445
446         if (tos & 1)
447                 tos = old_iph->tos;
448
449         if (!dst) {
450                 /* NBMA tunnel */
451                 if ((rt = skb_rtable(skb)) == NULL) {
452                         dev->stats.tx_fifo_errors++;
453                         goto tx_error;
454                 }
455                 if ((dst = rt->rt_gateway) == 0)
456                         goto tx_error_icmp;
457         }
458
459         rt = ip_route_output_ports(dev_net(dev), &fl4, NULL,
460                                    dst, tiph->saddr,
461                                    0, 0,
462                                    IPPROTO_IPIP, RT_TOS(tos),
463                                    tunnel->parms.link);
464         if (IS_ERR(rt)) {
465                 dev->stats.tx_carrier_errors++;
466                 goto tx_error_icmp;
467         }
468         tdev = rt->dst.dev;
469
470         if (tdev == dev) {
471                 ip_rt_put(rt);
472                 dev->stats.collisions++;
473                 goto tx_error;
474         }
475
476         df |= old_iph->frag_off & htons(IP_DF);
477
478         if (df) {
479                 mtu = dst_mtu(&rt->dst) - sizeof(struct iphdr);
480
481                 if (mtu < 68) {
482                         dev->stats.collisions++;
483                         ip_rt_put(rt);
484                         goto tx_error;
485                 }
486
487                 if (skb_dst(skb))
488                         skb_dst(skb)->ops->update_pmtu(skb_dst(skb), mtu);
489
490                 if ((old_iph->frag_off & htons(IP_DF)) &&
491                     mtu < ntohs(old_iph->tot_len)) {
492                         icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
493                                   htonl(mtu));
494                         ip_rt_put(rt);
495                         goto tx_error;
496                 }
497         }
498
499         if (tunnel->err_count > 0) {
500                 if (time_before(jiffies,
501                                 tunnel->err_time + IPTUNNEL_ERR_TIMEO)) {
502                         tunnel->err_count--;
503                         dst_link_failure(skb);
504                 } else
505                         tunnel->err_count = 0;
506         }
507
508         /*
509          * Okay, now see if we can stuff it in the buffer as-is.
510          */
511         max_headroom = (LL_RESERVED_SPACE(tdev)+sizeof(struct iphdr));
512
513         if (skb_headroom(skb) < max_headroom || skb_shared(skb) ||
514             (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
515                 struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
516                 if (!new_skb) {
517                         ip_rt_put(rt);
518                         dev->stats.tx_dropped++;
519                         dev_kfree_skb(skb);
520                         return NETDEV_TX_OK;
521                 }
522                 if (skb->sk)
523                         skb_set_owner_w(new_skb, skb->sk);
524                 dev_kfree_skb(skb);
525                 skb = new_skb;
526                 old_iph = ip_hdr(skb);
527         }
528
529         skb->transport_header = skb->network_header;
530         skb_push(skb, sizeof(struct iphdr));
531         skb_reset_network_header(skb);
532         memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
533         IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
534                               IPSKB_REROUTED);
535         skb_dst_drop(skb);
536         skb_dst_set(skb, &rt->dst);
537
538         /*
539          *      Push down and install the IPIP header.
540          */
541
542         iph                     =       ip_hdr(skb);
543         iph->version            =       4;
544         iph->ihl                =       sizeof(struct iphdr)>>2;
545         iph->frag_off           =       df;
546         iph->protocol           =       IPPROTO_IPIP;
547         iph->tos                =       INET_ECN_encapsulate(tos, old_iph->tos);
548         iph->daddr              =       fl4.daddr;
549         iph->saddr              =       fl4.saddr;
550
551         if ((iph->ttl = tiph->ttl) == 0)
552                 iph->ttl        =       old_iph->ttl;
553
554         nf_reset(skb);
555         tstats = this_cpu_ptr(dev->tstats);
556         __IPTUNNEL_XMIT(tstats, &dev->stats);
557         return NETDEV_TX_OK;
558
559 tx_error_icmp:
560         dst_link_failure(skb);
561 tx_error:
562         dev->stats.tx_errors++;
563         dev_kfree_skb(skb);
564         return NETDEV_TX_OK;
565 }
566
567 static void ipip_tunnel_bind_dev(struct net_device *dev)
568 {
569         struct net_device *tdev = NULL;
570         struct ip_tunnel *tunnel;
571         const struct iphdr *iph;
572
573         tunnel = netdev_priv(dev);
574         iph = &tunnel->parms.iph;
575
576         if (iph->daddr) {
577                 struct rtable *rt;
578                 struct flowi4 fl4;
579
580                 rt = ip_route_output_ports(dev_net(dev), &fl4, NULL,
581                                            iph->daddr, iph->saddr,
582                                            0, 0,
583                                            IPPROTO_IPIP,
584                                            RT_TOS(iph->tos),
585                                            tunnel->parms.link);
586                 if (!IS_ERR(rt)) {
587                         tdev = rt->dst.dev;
588                         ip_rt_put(rt);
589                 }
590                 dev->flags |= IFF_POINTOPOINT;
591         }
592
593         if (!tdev && tunnel->parms.link)
594                 tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link);
595
596         if (tdev) {
597                 dev->hard_header_len = tdev->hard_header_len + sizeof(struct iphdr);
598                 dev->mtu = tdev->mtu - sizeof(struct iphdr);
599         }
600         dev->iflink = tunnel->parms.link;
601 }
602
603 static int
604 ipip_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
605 {
606         int err = 0;
607         struct ip_tunnel_parm p;
608         struct ip_tunnel *t;
609         struct net *net = dev_net(dev);
610         struct ipip_net *ipn = net_generic(net, ipip_net_id);
611
612         switch (cmd) {
613         case SIOCGETTUNNEL:
614                 t = NULL;
615                 if (dev == ipn->fb_tunnel_dev) {
616                         if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
617                                 err = -EFAULT;
618                                 break;
619                         }
620                         t = ipip_tunnel_locate(net, &p, 0);
621                 }
622                 if (t == NULL)
623                         t = netdev_priv(dev);
624                 memcpy(&p, &t->parms, sizeof(p));
625                 if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p)))
626                         err = -EFAULT;
627                 break;
628
629         case SIOCADDTUNNEL:
630         case SIOCCHGTUNNEL:
631                 err = -EPERM;
632                 if (!capable(CAP_NET_ADMIN))
633                         goto done;
634
635                 err = -EFAULT;
636                 if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
637                         goto done;
638
639                 err = -EINVAL;
640                 if (p.iph.version != 4 || p.iph.protocol != IPPROTO_IPIP ||
641                     p.iph.ihl != 5 || (p.iph.frag_off&htons(~IP_DF)))
642                         goto done;
643                 if (p.iph.ttl)
644                         p.iph.frag_off |= htons(IP_DF);
645
646                 t = ipip_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL);
647
648                 if (dev != ipn->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
649                         if (t != NULL) {
650                                 if (t->dev != dev) {
651                                         err = -EEXIST;
652                                         break;
653                                 }
654                         } else {
655                                 if (((dev->flags&IFF_POINTOPOINT) && !p.iph.daddr) ||
656                                     (!(dev->flags&IFF_POINTOPOINT) && p.iph.daddr)) {
657                                         err = -EINVAL;
658                                         break;
659                                 }
660                                 t = netdev_priv(dev);
661                                 ipip_tunnel_unlink(ipn, t);
662                                 synchronize_net();
663                                 t->parms.iph.saddr = p.iph.saddr;
664                                 t->parms.iph.daddr = p.iph.daddr;
665                                 memcpy(dev->dev_addr, &p.iph.saddr, 4);
666                                 memcpy(dev->broadcast, &p.iph.daddr, 4);
667                                 ipip_tunnel_link(ipn, t);
668                                 netdev_state_change(dev);
669                         }
670                 }
671
672                 if (t) {
673                         err = 0;
674                         if (cmd == SIOCCHGTUNNEL) {
675                                 t->parms.iph.ttl = p.iph.ttl;
676                                 t->parms.iph.tos = p.iph.tos;
677                                 t->parms.iph.frag_off = p.iph.frag_off;
678                                 if (t->parms.link != p.link) {
679                                         t->parms.link = p.link;
680                                         ipip_tunnel_bind_dev(dev);
681                                         netdev_state_change(dev);
682                                 }
683                         }
684                         if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof(p)))
685                                 err = -EFAULT;
686                 } else
687                         err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
688                 break;
689
690         case SIOCDELTUNNEL:
691                 err = -EPERM;
692                 if (!capable(CAP_NET_ADMIN))
693                         goto done;
694
695                 if (dev == ipn->fb_tunnel_dev) {
696                         err = -EFAULT;
697                         if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
698                                 goto done;
699                         err = -ENOENT;
700                         if ((t = ipip_tunnel_locate(net, &p, 0)) == NULL)
701                                 goto done;
702                         err = -EPERM;
703                         if (t->dev == ipn->fb_tunnel_dev)
704                                 goto done;
705                         dev = t->dev;
706                 }
707                 unregister_netdevice(dev);
708                 err = 0;
709                 break;
710
711         default:
712                 err = -EINVAL;
713         }
714
715 done:
716         return err;
717 }
718
719 static int ipip_tunnel_change_mtu(struct net_device *dev, int new_mtu)
720 {
721         if (new_mtu < 68 || new_mtu > 0xFFF8 - sizeof(struct iphdr))
722                 return -EINVAL;
723         dev->mtu = new_mtu;
724         return 0;
725 }
726
727 static const struct net_device_ops ipip_netdev_ops = {
728         .ndo_uninit     = ipip_tunnel_uninit,
729         .ndo_start_xmit = ipip_tunnel_xmit,
730         .ndo_do_ioctl   = ipip_tunnel_ioctl,
731         .ndo_change_mtu = ipip_tunnel_change_mtu,
732         .ndo_get_stats  = ipip_get_stats,
733 };
734
735 static void ipip_dev_free(struct net_device *dev)
736 {
737         free_percpu(dev->tstats);
738         free_netdev(dev);
739 }
740
741 static void ipip_tunnel_setup(struct net_device *dev)
742 {
743         dev->netdev_ops         = &ipip_netdev_ops;
744         dev->destructor         = ipip_dev_free;
745
746         dev->type               = ARPHRD_TUNNEL;
747         dev->hard_header_len    = LL_MAX_HEADER + sizeof(struct iphdr);
748         dev->mtu                = ETH_DATA_LEN - sizeof(struct iphdr);
749         dev->flags              = IFF_NOARP;
750         dev->iflink             = 0;
751         dev->addr_len           = 4;
752         dev->features           |= NETIF_F_NETNS_LOCAL;
753         dev->features           |= NETIF_F_LLTX;
754         dev->priv_flags         &= ~IFF_XMIT_DST_RELEASE;
755 }
756
757 static int ipip_tunnel_init(struct net_device *dev)
758 {
759         struct ip_tunnel *tunnel = netdev_priv(dev);
760
761         tunnel->dev = dev;
762         strcpy(tunnel->parms.name, dev->name);
763
764         memcpy(dev->dev_addr, &tunnel->parms.iph.saddr, 4);
765         memcpy(dev->broadcast, &tunnel->parms.iph.daddr, 4);
766
767         ipip_tunnel_bind_dev(dev);
768
769         dev->tstats = alloc_percpu(struct pcpu_tstats);
770         if (!dev->tstats)
771                 return -ENOMEM;
772
773         return 0;
774 }
775
776 static int __net_init ipip_fb_tunnel_init(struct net_device *dev)
777 {
778         struct ip_tunnel *tunnel = netdev_priv(dev);
779         struct iphdr *iph = &tunnel->parms.iph;
780         struct ipip_net *ipn = net_generic(dev_net(dev), ipip_net_id);
781
782         tunnel->dev = dev;
783         strcpy(tunnel->parms.name, dev->name);
784
785         iph->version            = 4;
786         iph->protocol           = IPPROTO_IPIP;
787         iph->ihl                = 5;
788
789         dev->tstats = alloc_percpu(struct pcpu_tstats);
790         if (!dev->tstats)
791                 return -ENOMEM;
792
793         dev_hold(dev);
794         rcu_assign_pointer(ipn->tunnels_wc[0], tunnel);
795         return 0;
796 }
797
798 static struct xfrm_tunnel ipip_handler __read_mostly = {
799         .handler        =       ipip_rcv,
800         .err_handler    =       ipip_err,
801         .priority       =       1,
802 };
803
804 static const char banner[] __initconst =
805         KERN_INFO "IPv4 over IPv4 tunneling driver\n";
806
807 static void ipip_destroy_tunnels(struct ipip_net *ipn, struct list_head *head)
808 {
809         int prio;
810
811         for (prio = 1; prio < 4; prio++) {
812                 int h;
813                 for (h = 0; h < HASH_SIZE; h++) {
814                         struct ip_tunnel *t;
815
816                         t = rtnl_dereference(ipn->tunnels[prio][h]);
817                         while (t != NULL) {
818                                 unregister_netdevice_queue(t->dev, head);
819                                 t = rtnl_dereference(t->next);
820                         }
821                 }
822         }
823 }
824
825 static int __net_init ipip_init_net(struct net *net)
826 {
827         struct ipip_net *ipn = net_generic(net, ipip_net_id);
828         int err;
829
830         ipn->tunnels[0] = ipn->tunnels_wc;
831         ipn->tunnels[1] = ipn->tunnels_l;
832         ipn->tunnels[2] = ipn->tunnels_r;
833         ipn->tunnels[3] = ipn->tunnels_r_l;
834
835         ipn->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel),
836                                            "tunl0",
837                                            ipip_tunnel_setup);
838         if (!ipn->fb_tunnel_dev) {
839                 err = -ENOMEM;
840                 goto err_alloc_dev;
841         }
842         dev_net_set(ipn->fb_tunnel_dev, net);
843
844         err = ipip_fb_tunnel_init(ipn->fb_tunnel_dev);
845         if (err)
846                 goto err_reg_dev;
847
848         if ((err = register_netdev(ipn->fb_tunnel_dev)))
849                 goto err_reg_dev;
850
851         return 0;
852
853 err_reg_dev:
854         ipip_dev_free(ipn->fb_tunnel_dev);
855 err_alloc_dev:
856         /* nothing */
857         return err;
858 }
859
860 static void __net_exit ipip_exit_net(struct net *net)
861 {
862         struct ipip_net *ipn = net_generic(net, ipip_net_id);
863         LIST_HEAD(list);
864
865         rtnl_lock();
866         ipip_destroy_tunnels(ipn, &list);
867         unregister_netdevice_queue(ipn->fb_tunnel_dev, &list);
868         unregister_netdevice_many(&list);
869         rtnl_unlock();
870 }
871
872 static struct pernet_operations ipip_net_ops = {
873         .init = ipip_init_net,
874         .exit = ipip_exit_net,
875         .id   = &ipip_net_id,
876         .size = sizeof(struct ipip_net),
877 };
878
879 static int __init ipip_init(void)
880 {
881         int err;
882
883         printk(banner);
884
885         err = register_pernet_device(&ipip_net_ops);
886         if (err < 0)
887                 return err;
888         err = xfrm4_tunnel_register(&ipip_handler, AF_INET);
889         if (err < 0) {
890                 unregister_pernet_device(&ipip_net_ops);
891                 printk(KERN_INFO "ipip init: can't register tunnel\n");
892         }
893         return err;
894 }
895
896 static void __exit ipip_fini(void)
897 {
898         if (xfrm4_tunnel_deregister(&ipip_handler, AF_INET))
899                 printk(KERN_INFO "ipip close: can't deregister tunnel\n");
900
901         unregister_pernet_device(&ipip_net_ops);
902 }
903
904 module_init(ipip_init);
905 module_exit(ipip_fini);
906 MODULE_LICENSE("GPL");
907 MODULE_ALIAS_NETDEV("tunl0");