summaryrefslogtreecommitdiffstats
path: root/net/ipv4/ip_gre.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv4/ip_gre.c')
-rw-r--r--net/ipv4/ip_gre.c228
1 files changed, 146 insertions, 82 deletions
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index e7821ba..2ada033 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -39,6 +39,8 @@
#include <net/dsfield.h>
#include <net/inet_ecn.h>
#include <net/xfrm.h>
+#include <net/net_namespace.h>
+#include <net/netns/generic.h>
#ifdef CONFIG_IPV6
#include <net/ipv6.h>
@@ -122,7 +124,14 @@ static void ipgre_tunnel_setup(struct net_device *dev);
static int ipgre_fb_tunnel_init(struct net_device *dev);
-static struct net_device *ipgre_fb_tunnel_dev;
+#define HASH_SIZE 16
+
+static int ipgre_net_id;
+struct ipgre_net {
+ struct ip_tunnel *tunnels[4][HASH_SIZE];
+
+ struct net_device *fb_tunnel_dev;
+};
/* Tunnel hash table */
@@ -142,39 +151,38 @@ static struct net_device *ipgre_fb_tunnel_dev;
will match fallback tunnel.
*/
-#define HASH_SIZE 16
#define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF)
-static struct ip_tunnel *tunnels[4][HASH_SIZE];
-
-#define tunnels_r_l (tunnels[3])
-#define tunnels_r (tunnels[2])
-#define tunnels_l (tunnels[1])
-#define tunnels_wc (tunnels[0])
+#define tunnels_r_l tunnels[3]
+#define tunnels_r tunnels[2]
+#define tunnels_l tunnels[1]
+#define tunnels_wc tunnels[0]
static DEFINE_RWLOCK(ipgre_lock);
/* Given src, dst and key, find appropriate for input tunnel. */
-static struct ip_tunnel * ipgre_tunnel_lookup(__be32 remote, __be32 local, __be32 key)
+static struct ip_tunnel * ipgre_tunnel_lookup(struct net *net,
+ __be32 remote, __be32 local, __be32 key)
{
unsigned h0 = HASH(remote);
unsigned h1 = HASH(key);
struct ip_tunnel *t;
+ struct ipgre_net *ign = net_generic(net, ipgre_net_id);
- for (t = tunnels_r_l[h0^h1]; t; t = t->next) {
+ for (t = ign->tunnels_r_l[h0^h1]; t; t = t->next) {
if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) {
if (t->parms.i_key == key && (t->dev->flags&IFF_UP))
return t;
}
}
- for (t = tunnels_r[h0^h1]; t; t = t->next) {
+ for (t = ign->tunnels_r[h0^h1]; t; t = t->next) {
if (remote == t->parms.iph.daddr) {
if (t->parms.i_key == key && (t->dev->flags&IFF_UP))
return t;
}
}
- for (t = tunnels_l[h1]; t; t = t->next) {
+ for (t = ign->tunnels_l[h1]; t; t = t->next) {
if (local == t->parms.iph.saddr ||
(local == t->parms.iph.daddr &&
ipv4_is_multicast(local))) {
@@ -182,17 +190,18 @@ static struct ip_tunnel * ipgre_tunnel_lookup(__be32 remote, __be32 local, __be3
return t;
}
}
- for (t = tunnels_wc[h1]; t; t = t->next) {
+ for (t = ign->tunnels_wc[h1]; t; t = t->next) {
if (t->parms.i_key == key && (t->dev->flags&IFF_UP))
return t;
}
- if (ipgre_fb_tunnel_dev->flags&IFF_UP)
- return netdev_priv(ipgre_fb_tunnel_dev);
+ if (ign->fb_tunnel_dev->flags&IFF_UP)
+ return netdev_priv(ign->fb_tunnel_dev);
return NULL;
}
-static struct ip_tunnel **__ipgre_bucket(struct ip_tunnel_parm *parms)
+static struct ip_tunnel **__ipgre_bucket(struct ipgre_net *ign,
+ struct ip_tunnel_parm *parms)
{
__be32 remote = parms->iph.daddr;
__be32 local = parms->iph.saddr;
@@ -207,17 +216,18 @@ static struct ip_tunnel **__ipgre_bucket(struct ip_tunnel_parm *parms)
h ^= HASH(remote);
}
- return &tunnels[prio][h];
+ return &ign->tunnels[prio][h];
}
-static inline struct ip_tunnel **ipgre_bucket(struct ip_tunnel *t)
+static inline struct ip_tunnel **ipgre_bucket(struct ipgre_net *ign,
+ struct ip_tunnel *t)
{
- return __ipgre_bucket(&t->parms);
+ return __ipgre_bucket(ign, &t->parms);
}
-static void ipgre_tunnel_link(struct ip_tunnel *t)
+static void ipgre_tunnel_link(struct ipgre_net *ign, struct ip_tunnel *t)
{
- struct ip_tunnel **tp = ipgre_bucket(t);
+ struct ip_tunnel **tp = ipgre_bucket(ign, t);
t->next = *tp;
write_lock_bh(&ipgre_lock);
@@ -225,11 +235,11 @@ static void ipgre_tunnel_link(struct ip_tunnel *t)
write_unlock_bh(&ipgre_lock);
}
-static void ipgre_tunnel_unlink(struct ip_tunnel *t)
+static void ipgre_tunnel_unlink(struct ipgre_net *ign, struct ip_tunnel *t)
{
struct ip_tunnel **tp;
- for (tp = ipgre_bucket(t); *tp; tp = &(*tp)->next) {
+ for (tp = ipgre_bucket(ign, t); *tp; tp = &(*tp)->next) {
if (t == *tp) {
write_lock_bh(&ipgre_lock);
*tp = t->next;
@@ -239,7 +249,8 @@ static void ipgre_tunnel_unlink(struct ip_tunnel *t)
}
}
-static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int create)
+static struct ip_tunnel * ipgre_tunnel_locate(struct net *net,
+ struct ip_tunnel_parm *parms, int create)
{
__be32 remote = parms->iph.daddr;
__be32 local = parms->iph.saddr;
@@ -247,8 +258,9 @@ static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int
struct ip_tunnel *t, **tp, *nt;
struct net_device *dev;
char name[IFNAMSIZ];
+ struct ipgre_net *ign = net_generic(net, ipgre_net_id);
- for (tp = __ipgre_bucket(parms); (t = *tp) != NULL; tp = &t->next) {
+ for (tp = __ipgre_bucket(ign, parms); (t = *tp) != NULL; tp = &t->next) {
if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) {
if (key == t->parms.i_key)
return t;
@@ -266,6 +278,8 @@ static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int
if (!dev)
return NULL;
+ dev_net_set(dev, net);
+
if (strchr(name, '%')) {
if (dev_alloc_name(dev, name) < 0)
goto failed_free;
@@ -279,7 +293,7 @@ static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int
goto failed_free;
dev_hold(dev);
- ipgre_tunnel_link(nt);
+ ipgre_tunnel_link(ign, nt);
return nt;
failed_free:
@@ -289,7 +303,10 @@ failed_free:
static void ipgre_tunnel_uninit(struct net_device *dev)
{
- ipgre_tunnel_unlink(netdev_priv(dev));
+ struct net *net = dev_net(dev);
+ struct ipgre_net *ign = net_generic(net, ipgre_net_id);
+
+ ipgre_tunnel_unlink(ign, netdev_priv(dev));
dev_put(dev);
}
@@ -363,7 +380,9 @@ static void ipgre_err(struct sk_buff *skb, u32 info)
}
read_lock(&ipgre_lock);
- t = ipgre_tunnel_lookup(iph->daddr, iph->saddr, (flags&GRE_KEY) ? *(((__be32*)p) + (grehlen>>2) - 1) : 0);
+ t = ipgre_tunnel_lookup(dev_net(skb->dev), iph->daddr, iph->saddr,
+ (flags&GRE_KEY) ?
+ *(((__be32*)p) + (grehlen>>2) - 1) : 0);
if (t == NULL || t->parms.iph.daddr == 0 ||
ipv4_is_multicast(t->parms.iph.daddr))
goto out;
@@ -476,7 +495,7 @@ out:
fl.fl4_dst = eiph->saddr;
fl.fl4_tos = RT_TOS(eiph->tos);
fl.proto = IPPROTO_GRE;
- if (ip_route_output_key(&init_net, &rt, &fl)) {
+ if (ip_route_output_key(dev_net(skb->dev), &rt, &fl)) {
kfree_skb(skb2);
return;
}
@@ -489,7 +508,7 @@ out:
fl.fl4_dst = eiph->daddr;
fl.fl4_src = eiph->saddr;
fl.fl4_tos = eiph->tos;
- if (ip_route_output_key(&init_net, &rt, &fl) ||
+ if (ip_route_output_key(dev_net(skb->dev), &rt, &fl) ||
rt->u.dst.dev->type != ARPHRD_IPGRE) {
ip_rt_put(rt);
kfree_skb(skb2);
@@ -596,7 +615,8 @@ static int ipgre_rcv(struct sk_buff *skb)
}
read_lock(&ipgre_lock);
- if ((tunnel = ipgre_tunnel_lookup(iph->saddr, iph->daddr, key)) != NULL) {
+ if ((tunnel = ipgre_tunnel_lookup(dev_net(skb->dev),
+ iph->saddr, iph->daddr, key)) != NULL) {
secpath_reset(skb);
skb->protocol = *(__be16*)(h + 2);
@@ -619,7 +639,7 @@ static int ipgre_rcv(struct sk_buff *skb)
#ifdef CONFIG_NET_IPGRE_BROADCAST
if (ipv4_is_multicast(iph->daddr)) {
/* Looped back packet, drop it! */
- if (((struct rtable*)skb->dst)->fl.iif == 0)
+ if (skb->rtable->fl.iif == 0)
goto drop;
tunnel->stat.multicast++;
skb->pkt_type = PACKET_BROADCAST;
@@ -699,7 +719,7 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
}
if (skb->protocol == htons(ETH_P_IP)) {
- rt = (struct rtable*)skb->dst;
+ rt = skb->rtable;
if ((dst = rt->rt_gateway) == 0)
goto tx_error_icmp;
}
@@ -744,7 +764,7 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
.saddr = tiph->saddr,
.tos = RT_TOS(tos) } },
.proto = IPPROTO_GRE };
- if (ip_route_output_key(&init_net, &rt, &fl)) {
+ if (ip_route_output_key(dev_net(dev), &rt, &fl)) {
tunnel->stat.tx_carrier_errors++;
goto tx_error;
}
@@ -917,7 +937,7 @@ static void ipgre_tunnel_bind_dev(struct net_device *dev)
.tos = RT_TOS(iph->tos) } },
.proto = IPPROTO_GRE };
struct rtable *rt;
- if (!ip_route_output_key(&init_net, &rt, &fl)) {
+ if (!ip_route_output_key(dev_net(dev), &rt, &fl)) {
tdev = rt->u.dst.dev;
ip_rt_put(rt);
}
@@ -925,7 +945,7 @@ static void ipgre_tunnel_bind_dev(struct net_device *dev)
}
if (!tdev && tunnel->parms.link)
- tdev = __dev_get_by_index(&init_net, tunnel->parms.link);
+ tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link);
if (tdev) {
hlen = tdev->hard_header_len;
@@ -954,16 +974,18 @@ ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
int err = 0;
struct ip_tunnel_parm p;
struct ip_tunnel *t;
+ struct net *net = dev_net(dev);
+ struct ipgre_net *ign = net_generic(net, ipgre_net_id);
switch (cmd) {
case SIOCGETTUNNEL:
t = NULL;
- if (dev == ipgre_fb_tunnel_dev) {
+ if (dev == ign->fb_tunnel_dev) {
if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) {
err = -EFAULT;
break;
}
- t = ipgre_tunnel_locate(&p, 0);
+ t = ipgre_tunnel_locate(net, &p, 0);
}
if (t == NULL)
t = netdev_priv(dev);
@@ -995,9 +1017,9 @@ ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
if (!(p.o_flags&GRE_KEY))
p.o_key = 0;
- t = ipgre_tunnel_locate(&p, cmd == SIOCADDTUNNEL);
+ t = ipgre_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL);
- if (dev != ipgre_fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
+ if (dev != ign->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) {
if (t != NULL) {
if (t->dev != dev) {
err = -EEXIST;
@@ -1017,14 +1039,14 @@ ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
err = -EINVAL;
break;
}
- ipgre_tunnel_unlink(t);
+ ipgre_tunnel_unlink(ign, t);
t->parms.iph.saddr = p.iph.saddr;
t->parms.iph.daddr = p.iph.daddr;
t->parms.i_key = p.i_key;
t->parms.o_key = p.o_key;
memcpy(dev->dev_addr, &p.iph.saddr, 4);
memcpy(dev->broadcast, &p.iph.daddr, 4);
- ipgre_tunnel_link(t);
+ ipgre_tunnel_link(ign, t);
netdev_state_change(dev);
}
}
@@ -1052,15 +1074,15 @@ ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
if (!capable(CAP_NET_ADMIN))
goto done;
- if (dev == ipgre_fb_tunnel_dev) {
+ if (dev == ign->fb_tunnel_dev) {
err = -EFAULT;
if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p)))
goto done;
err = -ENOENT;
- if ((t = ipgre_tunnel_locate(&p, 0)) == NULL)
+ if ((t = ipgre_tunnel_locate(net, &p, 0)) == NULL)
goto done;
err = -EPERM;
- if (t == netdev_priv(ipgre_fb_tunnel_dev))
+ if (t == netdev_priv(ign->fb_tunnel_dev))
goto done;
dev = t->dev;
}
@@ -1173,7 +1195,7 @@ static int ipgre_open(struct net_device *dev)
.tos = RT_TOS(t->parms.iph.tos) } },
.proto = IPPROTO_GRE };
struct rtable *rt;
- if (ip_route_output_key(&init_net, &rt, &fl))
+ if (ip_route_output_key(dev_net(dev), &rt, &fl))
return -EADDRNOTAVAIL;
dev = rt->u.dst.dev;
ip_rt_put(rt);
@@ -1190,7 +1212,7 @@ static int ipgre_close(struct net_device *dev)
struct ip_tunnel *t = netdev_priv(dev);
if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) {
struct in_device *in_dev;
- in_dev = inetdev_by_index(dev->nd_net, t->mlink);
+ in_dev = inetdev_by_index(dev_net(dev), t->mlink);
if (in_dev) {
ip_mc_dec_group(in_dev, t->parms.iph.daddr);
in_dev_put(in_dev);
@@ -1216,6 +1238,7 @@ static void ipgre_tunnel_setup(struct net_device *dev)
dev->flags = IFF_NOARP;
dev->iflink = 0;
dev->addr_len = 4;
+ dev->features |= NETIF_F_NETNS_LOCAL;
}
static int ipgre_tunnel_init(struct net_device *dev)
@@ -1251,10 +1274,11 @@ static int ipgre_tunnel_init(struct net_device *dev)
return 0;
}
-static int __init ipgre_fb_tunnel_init(struct net_device *dev)
+static int ipgre_fb_tunnel_init(struct net_device *dev)
{
struct ip_tunnel *tunnel = netdev_priv(dev);
struct iphdr *iph = &tunnel->parms.iph;
+ struct ipgre_net *ign = net_generic(dev_net(dev), ipgre_net_id);
tunnel->dev = dev;
strcpy(tunnel->parms.name, dev->name);
@@ -1265,7 +1289,7 @@ static int __init ipgre_fb_tunnel_init(struct net_device *dev)
tunnel->hlen = sizeof(struct iphdr) + 4;
dev_hold(dev);
- tunnels_wc[0] = tunnel;
+ ign->tunnels_wc[0] = tunnel;
return 0;
}
@@ -1273,56 +1297,98 @@ static int __init ipgre_fb_tunnel_init(struct net_device *dev)
static struct net_protocol ipgre_protocol = {
.handler = ipgre_rcv,
.err_handler = ipgre_err,
+ .netns_ok = 1,
};
+static void ipgre_destroy_tunnels(struct ipgre_net *ign)
+{
+ int prio;
-/*
- * And now the modules code and kernel interface.
- */
+ for (prio = 0; prio < 4; prio++) {
+ int h;
+ for (h = 0; h < HASH_SIZE; h++) {
+ struct ip_tunnel *t;
+ while ((t = ign->tunnels[prio][h]) != NULL)
+ unregister_netdevice(t->dev);
+ }
+ }
+}
-static int __init ipgre_init(void)
+static int ipgre_init_net(struct net *net)
{
int err;
+ struct ipgre_net *ign;
- printk(KERN_INFO "GRE over IPv4 tunneling driver\n");
+ err = -ENOMEM;
+ ign = kzalloc(sizeof(struct ipgre_net), GFP_KERNEL);
+ if (ign == NULL)
+ goto err_alloc;
- if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
- printk(KERN_INFO "ipgre init: can't add protocol\n");
- return -EAGAIN;
- }
+ err = net_assign_generic(net, ipgre_net_id, ign);
+ if (err < 0)
+ goto err_assign;
- ipgre_fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0",
+ ign->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0",
ipgre_tunnel_setup);
- if (!ipgre_fb_tunnel_dev) {
+ if (!ign->fb_tunnel_dev) {
err = -ENOMEM;
- goto err1;
+ goto err_alloc_dev;
}
- ipgre_fb_tunnel_dev->init = ipgre_fb_tunnel_init;
+ ign->fb_tunnel_dev->init = ipgre_fb_tunnel_init;
+ dev_net_set(ign->fb_tunnel_dev, net);
- if ((err = register_netdev(ipgre_fb_tunnel_dev)))
- goto err2;
-out:
+ if ((err = register_netdev(ign->fb_tunnel_dev)))
+ goto err_reg_dev;
+
+ return 0;
+
+err_reg_dev:
+ free_netdev(ign->fb_tunnel_dev);
+err_alloc_dev:
+ /* nothing */
+err_assign:
+ kfree(ign);
+err_alloc:
return err;
-err2:
- free_netdev(ipgre_fb_tunnel_dev);
-err1:
- inet_del_protocol(&ipgre_protocol, IPPROTO_GRE);
- goto out;
}
-static void __exit ipgre_destroy_tunnels(void)
+static void ipgre_exit_net(struct net *net)
{
- int prio;
+ struct ipgre_net *ign;
- for (prio = 0; prio < 4; prio++) {
- int h;
- for (h = 0; h < HASH_SIZE; h++) {
- struct ip_tunnel *t;
- while ((t = tunnels[prio][h]) != NULL)
- unregister_netdevice(t->dev);
- }
+ ign = net_generic(net, ipgre_net_id);
+ rtnl_lock();
+ ipgre_destroy_tunnels(ign);
+ rtnl_unlock();
+ kfree(ign);
+}
+
+static struct pernet_operations ipgre_net_ops = {
+ .init = ipgre_init_net,
+ .exit = ipgre_exit_net,
+};
+
+/*
+ * And now the modules code and kernel interface.
+ */
+
+static int __init ipgre_init(void)
+{
+ int err;
+
+ printk(KERN_INFO "GRE over IPv4 tunneling driver\n");
+
+ if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
+ printk(KERN_INFO "ipgre init: can't add protocol\n");
+ return -EAGAIN;
}
+
+ err = register_pernet_gen_device(&ipgre_net_id, &ipgre_net_ops);
+ if (err < 0)
+ inet_del_protocol(&ipgre_protocol, IPPROTO_GRE);
+
+ return err;
}
static void __exit ipgre_fini(void)
@@ -1330,9 +1396,7 @@ static void __exit ipgre_fini(void)
if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0)
printk(KERN_INFO "ipgre close: can't remove protocol\n");
- rtnl_lock();
- ipgre_destroy_tunnels();
- rtnl_unlock();
+ unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
}
module_init(ipgre_init);
OpenPOWER on IntegriCloud