Loading...
1/*
2 * GRE over IPv4 demultiplexer driver
3 *
4 * Authors: Dmitry Kozlov (xeb@mail.ru)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15#include <linux/module.h>
16#include <linux/if.h>
17#include <linux/icmp.h>
18#include <linux/kernel.h>
19#include <linux/kmod.h>
20#include <linux/skbuff.h>
21#include <linux/in.h>
22#include <linux/ip.h>
23#include <linux/netdevice.h>
24#include <linux/if_tunnel.h>
25#include <linux/spinlock.h>
26#include <net/protocol.h>
27#include <net/gre.h>
28
29#include <net/icmp.h>
30#include <net/route.h>
31#include <net/xfrm.h>
32
33static const struct gre_protocol __rcu *gre_proto[GREPROTO_MAX] __read_mostly;
34static struct gre_cisco_protocol __rcu *gre_cisco_proto_list[GRE_IP_PROTO_MAX];
35
36int gre_add_protocol(const struct gre_protocol *proto, u8 version)
37{
38 if (version >= GREPROTO_MAX)
39 return -EINVAL;
40
41 return (cmpxchg((const struct gre_protocol **)&gre_proto[version], NULL, proto) == NULL) ?
42 0 : -EBUSY;
43}
44EXPORT_SYMBOL_GPL(gre_add_protocol);
45
46int gre_del_protocol(const struct gre_protocol *proto, u8 version)
47{
48 int ret;
49
50 if (version >= GREPROTO_MAX)
51 return -EINVAL;
52
53 ret = (cmpxchg((const struct gre_protocol **)&gre_proto[version], proto, NULL) == proto) ?
54 0 : -EBUSY;
55
56 if (ret)
57 return ret;
58
59 synchronize_rcu();
60 return 0;
61}
62EXPORT_SYMBOL_GPL(gre_del_protocol);
63
64void gre_build_header(struct sk_buff *skb, const struct tnl_ptk_info *tpi,
65 int hdr_len)
66{
67 struct gre_base_hdr *greh;
68
69 skb_push(skb, hdr_len);
70
71 greh = (struct gre_base_hdr *)skb->data;
72 greh->flags = tnl_flags_to_gre_flags(tpi->flags);
73 greh->protocol = tpi->proto;
74
75 if (tpi->flags&(TUNNEL_KEY|TUNNEL_CSUM|TUNNEL_SEQ)) {
76 __be32 *ptr = (__be32 *)(((u8 *)greh) + hdr_len - 4);
77
78 if (tpi->flags&TUNNEL_SEQ) {
79 *ptr = tpi->seq;
80 ptr--;
81 }
82 if (tpi->flags&TUNNEL_KEY) {
83 *ptr = tpi->key;
84 ptr--;
85 }
86 if (tpi->flags&TUNNEL_CSUM &&
87 !(skb_shinfo(skb)->gso_type & SKB_GSO_GRE)) {
88 *ptr = 0;
89 *(__sum16 *)ptr = csum_fold(skb_checksum(skb, 0,
90 skb->len, 0));
91 }
92 }
93}
94EXPORT_SYMBOL_GPL(gre_build_header);
95
96static __sum16 check_checksum(struct sk_buff *skb)
97{
98 __sum16 csum = 0;
99
100 switch (skb->ip_summed) {
101 case CHECKSUM_COMPLETE:
102 csum = csum_fold(skb->csum);
103
104 if (!csum)
105 break;
106 /* Fall through. */
107
108 case CHECKSUM_NONE:
109 skb->csum = 0;
110 csum = __skb_checksum_complete(skb);
111 skb->ip_summed = CHECKSUM_COMPLETE;
112 break;
113 }
114
115 return csum;
116}
117
118static int parse_gre_header(struct sk_buff *skb, struct tnl_ptk_info *tpi,
119 bool *csum_err)
120{
121 unsigned int ip_hlen = ip_hdrlen(skb);
122 const struct gre_base_hdr *greh;
123 __be32 *options;
124 int hdr_len;
125
126 if (unlikely(!pskb_may_pull(skb, sizeof(struct gre_base_hdr))))
127 return -EINVAL;
128
129 greh = (struct gre_base_hdr *)(skb_network_header(skb) + ip_hlen);
130 if (unlikely(greh->flags & (GRE_VERSION | GRE_ROUTING)))
131 return -EINVAL;
132
133 tpi->flags = gre_flags_to_tnl_flags(greh->flags);
134 hdr_len = ip_gre_calc_hlen(tpi->flags);
135
136 if (!pskb_may_pull(skb, hdr_len))
137 return -EINVAL;
138
139 greh = (struct gre_base_hdr *)(skb_network_header(skb) + ip_hlen);
140 tpi->proto = greh->protocol;
141
142 options = (__be32 *)(greh + 1);
143 if (greh->flags & GRE_CSUM) {
144 if (check_checksum(skb)) {
145 *csum_err = true;
146 return -EINVAL;
147 }
148 options++;
149 }
150
151 if (greh->flags & GRE_KEY) {
152 tpi->key = *options;
153 options++;
154 } else
155 tpi->key = 0;
156
157 if (unlikely(greh->flags & GRE_SEQ)) {
158 tpi->seq = *options;
159 options++;
160 } else
161 tpi->seq = 0;
162
163 /* WCCP version 1 and 2 protocol decoding.
164 * - Change protocol to IP
165 * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header
166 */
167 if (greh->flags == 0 && tpi->proto == htons(ETH_P_WCCP)) {
168 tpi->proto = htons(ETH_P_IP);
169 if ((*(u8 *)options & 0xF0) != 0x40) {
170 hdr_len += 4;
171 if (!pskb_may_pull(skb, hdr_len))
172 return -EINVAL;
173 }
174 }
175
176 return iptunnel_pull_header(skb, hdr_len, tpi->proto);
177}
178
179static int gre_cisco_rcv(struct sk_buff *skb)
180{
181 struct tnl_ptk_info tpi;
182 int i;
183 bool csum_err = false;
184
185#ifdef CONFIG_NET_IPGRE_BROADCAST
186 if (ipv4_is_multicast(ip_hdr(skb)->daddr)) {
187 /* Looped back packet, drop it! */
188 if (rt_is_output_route(skb_rtable(skb)))
189 goto drop;
190 }
191#endif
192
193 if (parse_gre_header(skb, &tpi, &csum_err) < 0)
194 goto drop;
195
196 rcu_read_lock();
197 for (i = 0; i < GRE_IP_PROTO_MAX; i++) {
198 struct gre_cisco_protocol *proto;
199 int ret;
200
201 proto = rcu_dereference(gre_cisco_proto_list[i]);
202 if (!proto)
203 continue;
204 ret = proto->handler(skb, &tpi);
205 if (ret == PACKET_RCVD) {
206 rcu_read_unlock();
207 return 0;
208 }
209 }
210 rcu_read_unlock();
211
212 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
213drop:
214 kfree_skb(skb);
215 return 0;
216}
217
218static void gre_cisco_err(struct sk_buff *skb, u32 info)
219{
220 /* All the routers (except for Linux) return only
221 * 8 bytes of packet payload. It means, that precise relaying of
222 * ICMP in the real Internet is absolutely infeasible.
223 *
224 * Moreover, Cisco "wise men" put GRE key to the third word
225 * in GRE header. It makes impossible maintaining even soft
226 * state for keyed
227 * GRE tunnels with enabled checksum. Tell them "thank you".
228 *
229 * Well, I wonder, rfc1812 was written by Cisco employee,
230 * what the hell these idiots break standards established
231 * by themselves???
232 */
233
234 const int type = icmp_hdr(skb)->type;
235 const int code = icmp_hdr(skb)->code;
236 struct tnl_ptk_info tpi;
237 bool csum_err = false;
238 int i;
239
240 if (parse_gre_header(skb, &tpi, &csum_err)) {
241 if (!csum_err) /* ignore csum errors. */
242 return;
243 }
244
245 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
246 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
247 skb->dev->ifindex, 0, IPPROTO_GRE, 0);
248 return;
249 }
250 if (type == ICMP_REDIRECT) {
251 ipv4_redirect(skb, dev_net(skb->dev), skb->dev->ifindex, 0,
252 IPPROTO_GRE, 0);
253 return;
254 }
255
256 rcu_read_lock();
257 for (i = 0; i < GRE_IP_PROTO_MAX; i++) {
258 struct gre_cisco_protocol *proto;
259
260 proto = rcu_dereference(gre_cisco_proto_list[i]);
261 if (!proto)
262 continue;
263
264 if (proto->err_handler(skb, info, &tpi) == PACKET_RCVD)
265 goto out;
266
267 }
268out:
269 rcu_read_unlock();
270}
271
272static int gre_rcv(struct sk_buff *skb)
273{
274 const struct gre_protocol *proto;
275 u8 ver;
276 int ret;
277
278 if (!pskb_may_pull(skb, 12))
279 goto drop;
280
281 ver = skb->data[1]&0x7f;
282 if (ver >= GREPROTO_MAX)
283 goto drop;
284
285 rcu_read_lock();
286 proto = rcu_dereference(gre_proto[ver]);
287 if (!proto || !proto->handler)
288 goto drop_unlock;
289 ret = proto->handler(skb);
290 rcu_read_unlock();
291 return ret;
292
293drop_unlock:
294 rcu_read_unlock();
295drop:
296 kfree_skb(skb);
297 return NET_RX_DROP;
298}
299
300static void gre_err(struct sk_buff *skb, u32 info)
301{
302 const struct gre_protocol *proto;
303 const struct iphdr *iph = (const struct iphdr *)skb->data;
304 u8 ver = skb->data[(iph->ihl<<2) + 1]&0x7f;
305
306 if (ver >= GREPROTO_MAX)
307 return;
308
309 rcu_read_lock();
310 proto = rcu_dereference(gre_proto[ver]);
311 if (proto && proto->err_handler)
312 proto->err_handler(skb, info);
313 rcu_read_unlock();
314}
315
316static const struct net_protocol net_gre_protocol = {
317 .handler = gre_rcv,
318 .err_handler = gre_err,
319 .netns_ok = 1,
320};
321
322static const struct gre_protocol ipgre_protocol = {
323 .handler = gre_cisco_rcv,
324 .err_handler = gre_cisco_err,
325};
326
327int gre_cisco_register(struct gre_cisco_protocol *newp)
328{
329 struct gre_cisco_protocol **proto = (struct gre_cisco_protocol **)
330 &gre_cisco_proto_list[newp->priority];
331
332 return (cmpxchg(proto, NULL, newp) == NULL) ? 0 : -EBUSY;
333}
334EXPORT_SYMBOL_GPL(gre_cisco_register);
335
336int gre_cisco_unregister(struct gre_cisco_protocol *del_proto)
337{
338 struct gre_cisco_protocol **proto = (struct gre_cisco_protocol **)
339 &gre_cisco_proto_list[del_proto->priority];
340 int ret;
341
342 ret = (cmpxchg(proto, del_proto, NULL) == del_proto) ? 0 : -EINVAL;
343
344 if (ret)
345 return ret;
346
347 synchronize_net();
348 return 0;
349}
350EXPORT_SYMBOL_GPL(gre_cisco_unregister);
351
352static int __init gre_init(void)
353{
354 pr_info("GRE over IPv4 demultiplexor driver\n");
355
356 if (inet_add_protocol(&net_gre_protocol, IPPROTO_GRE) < 0) {
357 pr_err("can't add protocol\n");
358 goto err;
359 }
360
361 if (gre_add_protocol(&ipgre_protocol, GREPROTO_CISCO) < 0) {
362 pr_info("%s: can't add ipgre handler\n", __func__);
363 goto err_gre;
364 }
365
366 return 0;
367err_gre:
368 inet_del_protocol(&net_gre_protocol, IPPROTO_GRE);
369err:
370 return -EAGAIN;
371}
372
373static void __exit gre_exit(void)
374{
375 gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
376 inet_del_protocol(&net_gre_protocol, IPPROTO_GRE);
377}
378
379module_init(gre_init);
380module_exit(gre_exit);
381
382MODULE_DESCRIPTION("GRE over IPv4 demultiplexer driver");
383MODULE_AUTHOR("D. Kozlov (xeb@mail.ru)");
384MODULE_LICENSE("GPL");
1/*
2 * GRE over IPv4 demultiplexer driver
3 *
4 * Authors: Dmitry Kozlov (xeb@mail.ru)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15#include <linux/module.h>
16#include <linux/if.h>
17#include <linux/icmp.h>
18#include <linux/kernel.h>
19#include <linux/kmod.h>
20#include <linux/skbuff.h>
21#include <linux/in.h>
22#include <linux/ip.h>
23#include <linux/netdevice.h>
24#include <linux/if_tunnel.h>
25#include <linux/spinlock.h>
26#include <net/protocol.h>
27#include <net/gre.h>
28
29#include <net/icmp.h>
30#include <net/route.h>
31#include <net/xfrm.h>
32
33static const struct gre_protocol __rcu *gre_proto[GREPROTO_MAX] __read_mostly;
34
35int gre_add_protocol(const struct gre_protocol *proto, u8 version)
36{
37 if (version >= GREPROTO_MAX)
38 return -EINVAL;
39
40 return (cmpxchg((const struct gre_protocol **)&gre_proto[version], NULL, proto) == NULL) ?
41 0 : -EBUSY;
42}
43EXPORT_SYMBOL_GPL(gre_add_protocol);
44
45int gre_del_protocol(const struct gre_protocol *proto, u8 version)
46{
47 int ret;
48
49 if (version >= GREPROTO_MAX)
50 return -EINVAL;
51
52 ret = (cmpxchg((const struct gre_protocol **)&gre_proto[version], proto, NULL) == proto) ?
53 0 : -EBUSY;
54
55 if (ret)
56 return ret;
57
58 synchronize_rcu();
59 return 0;
60}
61EXPORT_SYMBOL_GPL(gre_del_protocol);
62
63/* Fills in tpi and returns header length to be pulled. */
64int gre_parse_header(struct sk_buff *skb, struct tnl_ptk_info *tpi,
65 bool *csum_err, __be16 proto, int nhs)
66{
67 const struct gre_base_hdr *greh;
68 __be32 *options;
69 int hdr_len;
70
71 if (unlikely(!pskb_may_pull(skb, nhs + sizeof(struct gre_base_hdr))))
72 return -EINVAL;
73
74 greh = (struct gre_base_hdr *)(skb->data + nhs);
75 if (unlikely(greh->flags & (GRE_VERSION | GRE_ROUTING)))
76 return -EINVAL;
77
78 tpi->flags = gre_flags_to_tnl_flags(greh->flags);
79 hdr_len = gre_calc_hlen(tpi->flags);
80
81 if (!pskb_may_pull(skb, nhs + hdr_len))
82 return -EINVAL;
83
84 greh = (struct gre_base_hdr *)(skb->data + nhs);
85 tpi->proto = greh->protocol;
86
87 options = (__be32 *)(greh + 1);
88 if (greh->flags & GRE_CSUM) {
89 if (skb_checksum_simple_validate(skb)) {
90 *csum_err = true;
91 return -EINVAL;
92 }
93
94 skb_checksum_try_convert(skb, IPPROTO_GRE, 0,
95 null_compute_pseudo);
96 options++;
97 }
98
99 if (greh->flags & GRE_KEY) {
100 tpi->key = *options;
101 options++;
102 } else {
103 tpi->key = 0;
104 }
105 if (unlikely(greh->flags & GRE_SEQ)) {
106 tpi->seq = *options;
107 options++;
108 } else {
109 tpi->seq = 0;
110 }
111 /* WCCP version 1 and 2 protocol decoding.
112 * - Change protocol to IPv4/IPv6
113 * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header
114 */
115 if (greh->flags == 0 && tpi->proto == htons(ETH_P_WCCP)) {
116 tpi->proto = proto;
117 if ((*(u8 *)options & 0xF0) != 0x40)
118 hdr_len += 4;
119 }
120 tpi->hdr_len = hdr_len;
121 return hdr_len;
122}
123EXPORT_SYMBOL(gre_parse_header);
124
125static int gre_rcv(struct sk_buff *skb)
126{
127 const struct gre_protocol *proto;
128 u8 ver;
129 int ret;
130
131 if (!pskb_may_pull(skb, 12))
132 goto drop;
133
134 ver = skb->data[1]&0x7f;
135 if (ver >= GREPROTO_MAX)
136 goto drop;
137
138 rcu_read_lock();
139 proto = rcu_dereference(gre_proto[ver]);
140 if (!proto || !proto->handler)
141 goto drop_unlock;
142 ret = proto->handler(skb);
143 rcu_read_unlock();
144 return ret;
145
146drop_unlock:
147 rcu_read_unlock();
148drop:
149 kfree_skb(skb);
150 return NET_RX_DROP;
151}
152
153static void gre_err(struct sk_buff *skb, u32 info)
154{
155 const struct gre_protocol *proto;
156 const struct iphdr *iph = (const struct iphdr *)skb->data;
157 u8 ver = skb->data[(iph->ihl<<2) + 1]&0x7f;
158
159 if (ver >= GREPROTO_MAX)
160 return;
161
162 rcu_read_lock();
163 proto = rcu_dereference(gre_proto[ver]);
164 if (proto && proto->err_handler)
165 proto->err_handler(skb, info);
166 rcu_read_unlock();
167}
168
169static const struct net_protocol net_gre_protocol = {
170 .handler = gre_rcv,
171 .err_handler = gre_err,
172 .netns_ok = 1,
173};
174
175static int __init gre_init(void)
176{
177 pr_info("GRE over IPv4 demultiplexor driver\n");
178
179 if (inet_add_protocol(&net_gre_protocol, IPPROTO_GRE) < 0) {
180 pr_err("can't add protocol\n");
181 return -EAGAIN;
182 }
183 return 0;
184}
185
186static void __exit gre_exit(void)
187{
188 inet_del_protocol(&net_gre_protocol, IPPROTO_GRE);
189}
190
191module_init(gre_init);
192module_exit(gre_exit);
193
194MODULE_DESCRIPTION("GRE over IPv4 demultiplexer driver");
195MODULE_AUTHOR("D. Kozlov (xeb@mail.ru)");
196MODULE_LICENSE("GPL");