Loading...
1/*
2 * GRE over IPv4 demultiplexer driver
3 *
4 * Authors: Dmitry Kozlov (xeb@mail.ru)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 */
12
13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
14
15#include <linux/module.h>
16#include <linux/if.h>
17#include <linux/icmp.h>
18#include <linux/kernel.h>
19#include <linux/kmod.h>
20#include <linux/skbuff.h>
21#include <linux/in.h>
22#include <linux/ip.h>
23#include <linux/netdevice.h>
24#include <linux/if_tunnel.h>
25#include <linux/spinlock.h>
26#include <net/protocol.h>
27#include <net/gre.h>
28
29#include <net/icmp.h>
30#include <net/route.h>
31#include <net/xfrm.h>
32
33static const struct gre_protocol __rcu *gre_proto[GREPROTO_MAX] __read_mostly;
34static struct gre_cisco_protocol __rcu *gre_cisco_proto_list[GRE_IP_PROTO_MAX];
35
36int gre_add_protocol(const struct gre_protocol *proto, u8 version)
37{
38 if (version >= GREPROTO_MAX)
39 return -EINVAL;
40
41 return (cmpxchg((const struct gre_protocol **)&gre_proto[version], NULL, proto) == NULL) ?
42 0 : -EBUSY;
43}
44EXPORT_SYMBOL_GPL(gre_add_protocol);
45
46int gre_del_protocol(const struct gre_protocol *proto, u8 version)
47{
48 int ret;
49
50 if (version >= GREPROTO_MAX)
51 return -EINVAL;
52
53 ret = (cmpxchg((const struct gre_protocol **)&gre_proto[version], proto, NULL) == proto) ?
54 0 : -EBUSY;
55
56 if (ret)
57 return ret;
58
59 synchronize_rcu();
60 return 0;
61}
62EXPORT_SYMBOL_GPL(gre_del_protocol);
63
64void gre_build_header(struct sk_buff *skb, const struct tnl_ptk_info *tpi,
65 int hdr_len)
66{
67 struct gre_base_hdr *greh;
68
69 skb_push(skb, hdr_len);
70
71 greh = (struct gre_base_hdr *)skb->data;
72 greh->flags = tnl_flags_to_gre_flags(tpi->flags);
73 greh->protocol = tpi->proto;
74
75 if (tpi->flags&(TUNNEL_KEY|TUNNEL_CSUM|TUNNEL_SEQ)) {
76 __be32 *ptr = (__be32 *)(((u8 *)greh) + hdr_len - 4);
77
78 if (tpi->flags&TUNNEL_SEQ) {
79 *ptr = tpi->seq;
80 ptr--;
81 }
82 if (tpi->flags&TUNNEL_KEY) {
83 *ptr = tpi->key;
84 ptr--;
85 }
86 if (tpi->flags&TUNNEL_CSUM &&
87 !(skb_shinfo(skb)->gso_type & SKB_GSO_GRE)) {
88 *ptr = 0;
89 *(__sum16 *)ptr = csum_fold(skb_checksum(skb, 0,
90 skb->len, 0));
91 }
92 }
93}
94EXPORT_SYMBOL_GPL(gre_build_header);
95
96static __sum16 check_checksum(struct sk_buff *skb)
97{
98 __sum16 csum = 0;
99
100 switch (skb->ip_summed) {
101 case CHECKSUM_COMPLETE:
102 csum = csum_fold(skb->csum);
103
104 if (!csum)
105 break;
106 /* Fall through. */
107
108 case CHECKSUM_NONE:
109 skb->csum = 0;
110 csum = __skb_checksum_complete(skb);
111 skb->ip_summed = CHECKSUM_COMPLETE;
112 break;
113 }
114
115 return csum;
116}
117
118static int parse_gre_header(struct sk_buff *skb, struct tnl_ptk_info *tpi,
119 bool *csum_err)
120{
121 unsigned int ip_hlen = ip_hdrlen(skb);
122 const struct gre_base_hdr *greh;
123 __be32 *options;
124 int hdr_len;
125
126 if (unlikely(!pskb_may_pull(skb, sizeof(struct gre_base_hdr))))
127 return -EINVAL;
128
129 greh = (struct gre_base_hdr *)(skb_network_header(skb) + ip_hlen);
130 if (unlikely(greh->flags & (GRE_VERSION | GRE_ROUTING)))
131 return -EINVAL;
132
133 tpi->flags = gre_flags_to_tnl_flags(greh->flags);
134 hdr_len = ip_gre_calc_hlen(tpi->flags);
135
136 if (!pskb_may_pull(skb, hdr_len))
137 return -EINVAL;
138
139 greh = (struct gre_base_hdr *)(skb_network_header(skb) + ip_hlen);
140 tpi->proto = greh->protocol;
141
142 options = (__be32 *)(greh + 1);
143 if (greh->flags & GRE_CSUM) {
144 if (check_checksum(skb)) {
145 *csum_err = true;
146 return -EINVAL;
147 }
148 options++;
149 }
150
151 if (greh->flags & GRE_KEY) {
152 tpi->key = *options;
153 options++;
154 } else
155 tpi->key = 0;
156
157 if (unlikely(greh->flags & GRE_SEQ)) {
158 tpi->seq = *options;
159 options++;
160 } else
161 tpi->seq = 0;
162
163 /* WCCP version 1 and 2 protocol decoding.
164 * - Change protocol to IP
165 * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header
166 */
167 if (greh->flags == 0 && tpi->proto == htons(ETH_P_WCCP)) {
168 tpi->proto = htons(ETH_P_IP);
169 if ((*(u8 *)options & 0xF0) != 0x40) {
170 hdr_len += 4;
171 if (!pskb_may_pull(skb, hdr_len))
172 return -EINVAL;
173 }
174 }
175
176 return iptunnel_pull_header(skb, hdr_len, tpi->proto);
177}
178
179static int gre_cisco_rcv(struct sk_buff *skb)
180{
181 struct tnl_ptk_info tpi;
182 int i;
183 bool csum_err = false;
184
185#ifdef CONFIG_NET_IPGRE_BROADCAST
186 if (ipv4_is_multicast(ip_hdr(skb)->daddr)) {
187 /* Looped back packet, drop it! */
188 if (rt_is_output_route(skb_rtable(skb)))
189 goto drop;
190 }
191#endif
192
193 if (parse_gre_header(skb, &tpi, &csum_err) < 0)
194 goto drop;
195
196 rcu_read_lock();
197 for (i = 0; i < GRE_IP_PROTO_MAX; i++) {
198 struct gre_cisco_protocol *proto;
199 int ret;
200
201 proto = rcu_dereference(gre_cisco_proto_list[i]);
202 if (!proto)
203 continue;
204 ret = proto->handler(skb, &tpi);
205 if (ret == PACKET_RCVD) {
206 rcu_read_unlock();
207 return 0;
208 }
209 }
210 rcu_read_unlock();
211
212 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
213drop:
214 kfree_skb(skb);
215 return 0;
216}
217
218static void gre_cisco_err(struct sk_buff *skb, u32 info)
219{
220 /* All the routers (except for Linux) return only
221 * 8 bytes of packet payload. It means, that precise relaying of
222 * ICMP in the real Internet is absolutely infeasible.
223 *
224 * Moreover, Cisco "wise men" put GRE key to the third word
225 * in GRE header. It makes impossible maintaining even soft
226 * state for keyed
227 * GRE tunnels with enabled checksum. Tell them "thank you".
228 *
229 * Well, I wonder, rfc1812 was written by Cisco employee,
230 * what the hell these idiots break standards established
231 * by themselves???
232 */
233
234 const int type = icmp_hdr(skb)->type;
235 const int code = icmp_hdr(skb)->code;
236 struct tnl_ptk_info tpi;
237 bool csum_err = false;
238 int i;
239
240 if (parse_gre_header(skb, &tpi, &csum_err)) {
241 if (!csum_err) /* ignore csum errors. */
242 return;
243 }
244
245 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) {
246 ipv4_update_pmtu(skb, dev_net(skb->dev), info,
247 skb->dev->ifindex, 0, IPPROTO_GRE, 0);
248 return;
249 }
250 if (type == ICMP_REDIRECT) {
251 ipv4_redirect(skb, dev_net(skb->dev), skb->dev->ifindex, 0,
252 IPPROTO_GRE, 0);
253 return;
254 }
255
256 rcu_read_lock();
257 for (i = 0; i < GRE_IP_PROTO_MAX; i++) {
258 struct gre_cisco_protocol *proto;
259
260 proto = rcu_dereference(gre_cisco_proto_list[i]);
261 if (!proto)
262 continue;
263
264 if (proto->err_handler(skb, info, &tpi) == PACKET_RCVD)
265 goto out;
266
267 }
268out:
269 rcu_read_unlock();
270}
271
272static int gre_rcv(struct sk_buff *skb)
273{
274 const struct gre_protocol *proto;
275 u8 ver;
276 int ret;
277
278 if (!pskb_may_pull(skb, 12))
279 goto drop;
280
281 ver = skb->data[1]&0x7f;
282 if (ver >= GREPROTO_MAX)
283 goto drop;
284
285 rcu_read_lock();
286 proto = rcu_dereference(gre_proto[ver]);
287 if (!proto || !proto->handler)
288 goto drop_unlock;
289 ret = proto->handler(skb);
290 rcu_read_unlock();
291 return ret;
292
293drop_unlock:
294 rcu_read_unlock();
295drop:
296 kfree_skb(skb);
297 return NET_RX_DROP;
298}
299
300static void gre_err(struct sk_buff *skb, u32 info)
301{
302 const struct gre_protocol *proto;
303 const struct iphdr *iph = (const struct iphdr *)skb->data;
304 u8 ver = skb->data[(iph->ihl<<2) + 1]&0x7f;
305
306 if (ver >= GREPROTO_MAX)
307 return;
308
309 rcu_read_lock();
310 proto = rcu_dereference(gre_proto[ver]);
311 if (proto && proto->err_handler)
312 proto->err_handler(skb, info);
313 rcu_read_unlock();
314}
315
316static const struct net_protocol net_gre_protocol = {
317 .handler = gre_rcv,
318 .err_handler = gre_err,
319 .netns_ok = 1,
320};
321
322static const struct gre_protocol ipgre_protocol = {
323 .handler = gre_cisco_rcv,
324 .err_handler = gre_cisco_err,
325};
326
327int gre_cisco_register(struct gre_cisco_protocol *newp)
328{
329 struct gre_cisco_protocol **proto = (struct gre_cisco_protocol **)
330 &gre_cisco_proto_list[newp->priority];
331
332 return (cmpxchg(proto, NULL, newp) == NULL) ? 0 : -EBUSY;
333}
334EXPORT_SYMBOL_GPL(gre_cisco_register);
335
336int gre_cisco_unregister(struct gre_cisco_protocol *del_proto)
337{
338 struct gre_cisco_protocol **proto = (struct gre_cisco_protocol **)
339 &gre_cisco_proto_list[del_proto->priority];
340 int ret;
341
342 ret = (cmpxchg(proto, del_proto, NULL) == del_proto) ? 0 : -EINVAL;
343
344 if (ret)
345 return ret;
346
347 synchronize_net();
348 return 0;
349}
350EXPORT_SYMBOL_GPL(gre_cisco_unregister);
351
352static int __init gre_init(void)
353{
354 pr_info("GRE over IPv4 demultiplexor driver\n");
355
356 if (inet_add_protocol(&net_gre_protocol, IPPROTO_GRE) < 0) {
357 pr_err("can't add protocol\n");
358 goto err;
359 }
360
361 if (gre_add_protocol(&ipgre_protocol, GREPROTO_CISCO) < 0) {
362 pr_info("%s: can't add ipgre handler\n", __func__);
363 goto err_gre;
364 }
365
366 return 0;
367err_gre:
368 inet_del_protocol(&net_gre_protocol, IPPROTO_GRE);
369err:
370 return -EAGAIN;
371}
372
373static void __exit gre_exit(void)
374{
375 gre_del_protocol(&ipgre_protocol, GREPROTO_CISCO);
376 inet_del_protocol(&net_gre_protocol, IPPROTO_GRE);
377}
378
379module_init(gre_init);
380module_exit(gre_exit);
381
382MODULE_DESCRIPTION("GRE over IPv4 demultiplexer driver");
383MODULE_AUTHOR("D. Kozlov (xeb@mail.ru)");
384MODULE_LICENSE("GPL");
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * GRE over IPv4 demultiplexer driver
4 *
5 * Authors: Dmitry Kozlov (xeb@mail.ru)
6 */
7
8#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9
10#include <linux/module.h>
11#include <linux/if.h>
12#include <linux/icmp.h>
13#include <linux/kernel.h>
14#include <linux/kmod.h>
15#include <linux/skbuff.h>
16#include <linux/in.h>
17#include <linux/ip.h>
18#include <linux/netdevice.h>
19#include <linux/if_tunnel.h>
20#include <linux/spinlock.h>
21#include <net/protocol.h>
22#include <net/gre.h>
23#include <net/erspan.h>
24
25#include <net/icmp.h>
26#include <net/route.h>
27#include <net/xfrm.h>
28
29static const struct gre_protocol __rcu *gre_proto[GREPROTO_MAX] __read_mostly;
30
31int gre_add_protocol(const struct gre_protocol *proto, u8 version)
32{
33 if (version >= GREPROTO_MAX)
34 return -EINVAL;
35
36 return (cmpxchg((const struct gre_protocol **)&gre_proto[version], NULL, proto) == NULL) ?
37 0 : -EBUSY;
38}
39EXPORT_SYMBOL_GPL(gre_add_protocol);
40
41int gre_del_protocol(const struct gre_protocol *proto, u8 version)
42{
43 int ret;
44
45 if (version >= GREPROTO_MAX)
46 return -EINVAL;
47
48 ret = (cmpxchg((const struct gre_protocol **)&gre_proto[version], proto, NULL) == proto) ?
49 0 : -EBUSY;
50
51 if (ret)
52 return ret;
53
54 synchronize_rcu();
55 return 0;
56}
57EXPORT_SYMBOL_GPL(gre_del_protocol);
58
59/* Fills in tpi and returns header length to be pulled.
60 * Note that caller must use pskb_may_pull() before pulling GRE header.
61 */
62int gre_parse_header(struct sk_buff *skb, struct tnl_ptk_info *tpi,
63 bool *csum_err, __be16 proto, int nhs)
64{
65 const struct gre_base_hdr *greh;
66 __be32 *options;
67 int hdr_len;
68
69 if (unlikely(!pskb_may_pull(skb, nhs + sizeof(struct gre_base_hdr))))
70 return -EINVAL;
71
72 greh = (struct gre_base_hdr *)(skb->data + nhs);
73 if (unlikely(greh->flags & (GRE_VERSION | GRE_ROUTING)))
74 return -EINVAL;
75
76 gre_flags_to_tnl_flags(tpi->flags, greh->flags);
77 hdr_len = gre_calc_hlen(tpi->flags);
78
79 if (!pskb_may_pull(skb, nhs + hdr_len))
80 return -EINVAL;
81
82 greh = (struct gre_base_hdr *)(skb->data + nhs);
83 tpi->proto = greh->protocol;
84
85 options = (__be32 *)(greh + 1);
86 if (greh->flags & GRE_CSUM) {
87 if (!skb_checksum_simple_validate(skb)) {
88 skb_checksum_try_convert(skb, IPPROTO_GRE,
89 null_compute_pseudo);
90 } else if (csum_err) {
91 *csum_err = true;
92 return -EINVAL;
93 }
94
95 options++;
96 }
97
98 if (greh->flags & GRE_KEY) {
99 tpi->key = *options;
100 options++;
101 } else {
102 tpi->key = 0;
103 }
104 if (unlikely(greh->flags & GRE_SEQ)) {
105 tpi->seq = *options;
106 options++;
107 } else {
108 tpi->seq = 0;
109 }
110 /* WCCP version 1 and 2 protocol decoding.
111 * - Change protocol to IPv4/IPv6
112 * - When dealing with WCCPv2, Skip extra 4 bytes in GRE header
113 */
114 if (greh->flags == 0 && tpi->proto == htons(ETH_P_WCCP)) {
115 u8 _val, *val;
116
117 val = skb_header_pointer(skb, nhs + hdr_len,
118 sizeof(_val), &_val);
119 if (!val)
120 return -EINVAL;
121 tpi->proto = proto;
122 if ((*val & 0xF0) != 0x40)
123 hdr_len += 4;
124 }
125 tpi->hdr_len = hdr_len;
126
127 /* ERSPAN ver 1 and 2 protocol sets GRE key field
128 * to 0 and sets the configured key in the
129 * inner erspan header field
130 */
131 if ((greh->protocol == htons(ETH_P_ERSPAN) && hdr_len != 4) ||
132 greh->protocol == htons(ETH_P_ERSPAN2)) {
133 struct erspan_base_hdr *ershdr;
134
135 if (!pskb_may_pull(skb, nhs + hdr_len + sizeof(*ershdr)))
136 return -EINVAL;
137
138 ershdr = (struct erspan_base_hdr *)(skb->data + nhs + hdr_len);
139 tpi->key = cpu_to_be32(get_session_id(ershdr));
140 }
141
142 return hdr_len;
143}
144EXPORT_SYMBOL(gre_parse_header);
145
146static int gre_rcv(struct sk_buff *skb)
147{
148 const struct gre_protocol *proto;
149 u8 ver;
150 int ret;
151
152 if (!pskb_may_pull(skb, 12))
153 goto drop;
154
155 ver = skb->data[1]&0x7f;
156 if (ver >= GREPROTO_MAX)
157 goto drop;
158
159 rcu_read_lock();
160 proto = rcu_dereference(gre_proto[ver]);
161 if (!proto || !proto->handler)
162 goto drop_unlock;
163 ret = proto->handler(skb);
164 rcu_read_unlock();
165 return ret;
166
167drop_unlock:
168 rcu_read_unlock();
169drop:
170 kfree_skb(skb);
171 return NET_RX_DROP;
172}
173
174static int gre_err(struct sk_buff *skb, u32 info)
175{
176 const struct gre_protocol *proto;
177 const struct iphdr *iph = (const struct iphdr *)skb->data;
178 u8 ver = skb->data[(iph->ihl<<2) + 1]&0x7f;
179 int err = 0;
180
181 if (ver >= GREPROTO_MAX)
182 return -EINVAL;
183
184 rcu_read_lock();
185 proto = rcu_dereference(gre_proto[ver]);
186 if (proto && proto->err_handler)
187 proto->err_handler(skb, info);
188 else
189 err = -EPROTONOSUPPORT;
190 rcu_read_unlock();
191
192 return err;
193}
194
195static const struct net_protocol net_gre_protocol = {
196 .handler = gre_rcv,
197 .err_handler = gre_err,
198};
199
200static int __init gre_init(void)
201{
202 pr_info("GRE over IPv4 demultiplexor driver\n");
203
204 if (inet_add_protocol(&net_gre_protocol, IPPROTO_GRE) < 0) {
205 pr_err("can't add protocol\n");
206 return -EAGAIN;
207 }
208 return 0;
209}
210
211static void __exit gre_exit(void)
212{
213 inet_del_protocol(&net_gre_protocol, IPPROTO_GRE);
214}
215
216module_init(gre_init);
217module_exit(gre_exit);
218
219MODULE_DESCRIPTION("GRE over IPv4 demultiplexer driver");
220MODULE_AUTHOR("D. Kozlov <xeb@mail.ru>");
221MODULE_LICENSE("GPL");