diff options
Diffstat (limited to 'net/ipv4/ip_gre.c')
-rw-r--r-- | net/ipv4/ip_gre.c | 228 |
1 files changed, 146 insertions, 82 deletions
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index e7821ba..2ada033 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -39,6 +39,8 @@ #include <net/dsfield.h> #include <net/inet_ecn.h> #include <net/xfrm.h> +#include <net/net_namespace.h> +#include <net/netns/generic.h> #ifdef CONFIG_IPV6 #include <net/ipv6.h> @@ -122,7 +124,14 @@ static void ipgre_tunnel_setup(struct net_device *dev); static int ipgre_fb_tunnel_init(struct net_device *dev); -static struct net_device *ipgre_fb_tunnel_dev; +#define HASH_SIZE 16 + +static int ipgre_net_id; +struct ipgre_net { + struct ip_tunnel *tunnels[4][HASH_SIZE]; + + struct net_device *fb_tunnel_dev; +}; /* Tunnel hash table */ @@ -142,39 +151,38 @@ static struct net_device *ipgre_fb_tunnel_dev; will match fallback tunnel. */ -#define HASH_SIZE 16 #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&0xF) -static struct ip_tunnel *tunnels[4][HASH_SIZE]; - -#define tunnels_r_l (tunnels[3]) -#define tunnels_r (tunnels[2]) -#define tunnels_l (tunnels[1]) -#define tunnels_wc (tunnels[0]) +#define tunnels_r_l tunnels[3] +#define tunnels_r tunnels[2] +#define tunnels_l tunnels[1] +#define tunnels_wc tunnels[0] static DEFINE_RWLOCK(ipgre_lock); /* Given src, dst and key, find appropriate for input tunnel. */ -static struct ip_tunnel * ipgre_tunnel_lookup(__be32 remote, __be32 local, __be32 key) +static struct ip_tunnel * ipgre_tunnel_lookup(struct net *net, + __be32 remote, __be32 local, __be32 key) { unsigned h0 = HASH(remote); unsigned h1 = HASH(key); struct ip_tunnel *t; + struct ipgre_net *ign = net_generic(net, ipgre_net_id); - for (t = tunnels_r_l[h0^h1]; t; t = t->next) { + for (t = ign->tunnels_r_l[h0^h1]; t; t = t->next) { if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) { if (t->parms.i_key == key && (t->dev->flags&IFF_UP)) return t; } } - for (t = tunnels_r[h0^h1]; t; t = t->next) { + for (t = ign->tunnels_r[h0^h1]; t; t = t->next) { if (remote == t->parms.iph.daddr) { if (t->parms.i_key == key && (t->dev->flags&IFF_UP)) return t; } } - for (t = tunnels_l[h1]; t; t = t->next) { + for (t = ign->tunnels_l[h1]; t; t = t->next) { if (local == t->parms.iph.saddr || (local == t->parms.iph.daddr && ipv4_is_multicast(local))) { @@ -182,17 +190,18 @@ static struct ip_tunnel * ipgre_tunnel_lookup(__be32 remote, __be32 local, __be3 return t; } } - for (t = tunnels_wc[h1]; t; t = t->next) { + for (t = ign->tunnels_wc[h1]; t; t = t->next) { if (t->parms.i_key == key && (t->dev->flags&IFF_UP)) return t; } - if (ipgre_fb_tunnel_dev->flags&IFF_UP) - return netdev_priv(ipgre_fb_tunnel_dev); + if (ign->fb_tunnel_dev->flags&IFF_UP) + return netdev_priv(ign->fb_tunnel_dev); return NULL; } -static struct ip_tunnel **__ipgre_bucket(struct ip_tunnel_parm *parms) +static struct ip_tunnel **__ipgre_bucket(struct ipgre_net *ign, + struct ip_tunnel_parm *parms) { __be32 remote = parms->iph.daddr; __be32 local = parms->iph.saddr; @@ -207,17 +216,18 @@ static struct ip_tunnel **__ipgre_bucket(struct ip_tunnel_parm *parms) h ^= HASH(remote); } - return &tunnels[prio][h]; + return &ign->tunnels[prio][h]; } -static inline struct ip_tunnel **ipgre_bucket(struct ip_tunnel *t) +static inline struct ip_tunnel **ipgre_bucket(struct ipgre_net *ign, + struct ip_tunnel *t) { - return __ipgre_bucket(&t->parms); + return __ipgre_bucket(ign, &t->parms); } -static void ipgre_tunnel_link(struct ip_tunnel *t) +static void ipgre_tunnel_link(struct ipgre_net *ign, struct ip_tunnel *t) { - struct ip_tunnel **tp = ipgre_bucket(t); + struct ip_tunnel **tp = ipgre_bucket(ign, t); t->next = *tp; write_lock_bh(&ipgre_lock); @@ -225,11 +235,11 @@ static void ipgre_tunnel_link(struct ip_tunnel *t) write_unlock_bh(&ipgre_lock); } -static void ipgre_tunnel_unlink(struct ip_tunnel *t) +static void ipgre_tunnel_unlink(struct ipgre_net *ign, struct ip_tunnel *t) { struct ip_tunnel **tp; - for (tp = ipgre_bucket(t); *tp; tp = &(*tp)->next) { + for (tp = ipgre_bucket(ign, t); *tp; tp = &(*tp)->next) { if (t == *tp) { write_lock_bh(&ipgre_lock); *tp = t->next; @@ -239,7 +249,8 @@ static void ipgre_tunnel_unlink(struct ip_tunnel *t) } } -static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int create) +static struct ip_tunnel * ipgre_tunnel_locate(struct net *net, + struct ip_tunnel_parm *parms, int create) { __be32 remote = parms->iph.daddr; __be32 local = parms->iph.saddr; @@ -247,8 +258,9 @@ static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int struct ip_tunnel *t, **tp, *nt; struct net_device *dev; char name[IFNAMSIZ]; + struct ipgre_net *ign = net_generic(net, ipgre_net_id); - for (tp = __ipgre_bucket(parms); (t = *tp) != NULL; tp = &t->next) { + for (tp = __ipgre_bucket(ign, parms); (t = *tp) != NULL; tp = &t->next) { if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) { if (key == t->parms.i_key) return t; @@ -266,6 +278,8 @@ static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int if (!dev) return NULL; + dev_net_set(dev, net); + if (strchr(name, '%')) { if (dev_alloc_name(dev, name) < 0) goto failed_free; @@ -279,7 +293,7 @@ static struct ip_tunnel * ipgre_tunnel_locate(struct ip_tunnel_parm *parms, int goto failed_free; dev_hold(dev); - ipgre_tunnel_link(nt); + ipgre_tunnel_link(ign, nt); return nt; failed_free: @@ -289,7 +303,10 @@ failed_free: static void ipgre_tunnel_uninit(struct net_device *dev) { - ipgre_tunnel_unlink(netdev_priv(dev)); + struct net *net = dev_net(dev); + struct ipgre_net *ign = net_generic(net, ipgre_net_id); + + ipgre_tunnel_unlink(ign, netdev_priv(dev)); dev_put(dev); } @@ -363,7 +380,9 @@ static void ipgre_err(struct sk_buff *skb, u32 info) } read_lock(&ipgre_lock); - t = ipgre_tunnel_lookup(iph->daddr, iph->saddr, (flags&GRE_KEY) ? *(((__be32*)p) + (grehlen>>2) - 1) : 0); + t = ipgre_tunnel_lookup(dev_net(skb->dev), iph->daddr, iph->saddr, + (flags&GRE_KEY) ? + *(((__be32*)p) + (grehlen>>2) - 1) : 0); if (t == NULL || t->parms.iph.daddr == 0 || ipv4_is_multicast(t->parms.iph.daddr)) goto out; @@ -476,7 +495,7 @@ out: fl.fl4_dst = eiph->saddr; fl.fl4_tos = RT_TOS(eiph->tos); fl.proto = IPPROTO_GRE; - if (ip_route_output_key(&init_net, &rt, &fl)) { + if (ip_route_output_key(dev_net(skb->dev), &rt, &fl)) { kfree_skb(skb2); return; } @@ -489,7 +508,7 @@ out: fl.fl4_dst = eiph->daddr; fl.fl4_src = eiph->saddr; fl.fl4_tos = eiph->tos; - if (ip_route_output_key(&init_net, &rt, &fl) || + if (ip_route_output_key(dev_net(skb->dev), &rt, &fl) || rt->u.dst.dev->type != ARPHRD_IPGRE) { ip_rt_put(rt); kfree_skb(skb2); @@ -596,7 +615,8 @@ static int ipgre_rcv(struct sk_buff *skb) } read_lock(&ipgre_lock); - if ((tunnel = ipgre_tunnel_lookup(iph->saddr, iph->daddr, key)) != NULL) { + if ((tunnel = ipgre_tunnel_lookup(dev_net(skb->dev), + iph->saddr, iph->daddr, key)) != NULL) { secpath_reset(skb); skb->protocol = *(__be16*)(h + 2); @@ -619,7 +639,7 @@ static int ipgre_rcv(struct sk_buff *skb) #ifdef CONFIG_NET_IPGRE_BROADCAST if (ipv4_is_multicast(iph->daddr)) { /* Looped back packet, drop it! */ - if (((struct rtable*)skb->dst)->fl.iif == 0) + if (skb->rtable->fl.iif == 0) goto drop; tunnel->stat.multicast++; skb->pkt_type = PACKET_BROADCAST; @@ -699,7 +719,7 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) } if (skb->protocol == htons(ETH_P_IP)) { - rt = (struct rtable*)skb->dst; + rt = skb->rtable; if ((dst = rt->rt_gateway) == 0) goto tx_error_icmp; } @@ -744,7 +764,7 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev) .saddr = tiph->saddr, .tos = RT_TOS(tos) } }, .proto = IPPROTO_GRE }; - if (ip_route_output_key(&init_net, &rt, &fl)) { + if (ip_route_output_key(dev_net(dev), &rt, &fl)) { tunnel->stat.tx_carrier_errors++; goto tx_error; } @@ -917,7 +937,7 @@ static void ipgre_tunnel_bind_dev(struct net_device *dev) .tos = RT_TOS(iph->tos) } }, .proto = IPPROTO_GRE }; struct rtable *rt; - if (!ip_route_output_key(&init_net, &rt, &fl)) { + if (!ip_route_output_key(dev_net(dev), &rt, &fl)) { tdev = rt->u.dst.dev; ip_rt_put(rt); } @@ -925,7 +945,7 @@ static void ipgre_tunnel_bind_dev(struct net_device *dev) } if (!tdev && tunnel->parms.link) - tdev = __dev_get_by_index(&init_net, tunnel->parms.link); + tdev = __dev_get_by_index(dev_net(dev), tunnel->parms.link); if (tdev) { hlen = tdev->hard_header_len; @@ -954,16 +974,18 @@ ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd) int err = 0; struct ip_tunnel_parm p; struct ip_tunnel *t; + struct net *net = dev_net(dev); + struct ipgre_net *ign = net_generic(net, ipgre_net_id); switch (cmd) { case SIOCGETTUNNEL: t = NULL; - if (dev == ipgre_fb_tunnel_dev) { + if (dev == ign->fb_tunnel_dev) { if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) { err = -EFAULT; break; } - t = ipgre_tunnel_locate(&p, 0); + t = ipgre_tunnel_locate(net, &p, 0); } if (t == NULL) t = netdev_priv(dev); @@ -995,9 +1017,9 @@ ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd) if (!(p.o_flags&GRE_KEY)) p.o_key = 0; - t = ipgre_tunnel_locate(&p, cmd == SIOCADDTUNNEL); + t = ipgre_tunnel_locate(net, &p, cmd == SIOCADDTUNNEL); - if (dev != ipgre_fb_tunnel_dev && cmd == SIOCCHGTUNNEL) { + if (dev != ign->fb_tunnel_dev && cmd == SIOCCHGTUNNEL) { if (t != NULL) { if (t->dev != dev) { err = -EEXIST; @@ -1017,14 +1039,14 @@ ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd) err = -EINVAL; break; } - ipgre_tunnel_unlink(t); + ipgre_tunnel_unlink(ign, t); t->parms.iph.saddr = p.iph.saddr; t->parms.iph.daddr = p.iph.daddr; t->parms.i_key = p.i_key; t->parms.o_key = p.o_key; memcpy(dev->dev_addr, &p.iph.saddr, 4); memcpy(dev->broadcast, &p.iph.daddr, 4); - ipgre_tunnel_link(t); + ipgre_tunnel_link(ign, t); netdev_state_change(dev); } } @@ -1052,15 +1074,15 @@ ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd) if (!capable(CAP_NET_ADMIN)) goto done; - if (dev == ipgre_fb_tunnel_dev) { + if (dev == ign->fb_tunnel_dev) { err = -EFAULT; if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof(p))) goto done; err = -ENOENT; - if ((t = ipgre_tunnel_locate(&p, 0)) == NULL) + if ((t = ipgre_tunnel_locate(net, &p, 0)) == NULL) goto done; err = -EPERM; - if (t == netdev_priv(ipgre_fb_tunnel_dev)) + if (t == netdev_priv(ign->fb_tunnel_dev)) goto done; dev = t->dev; } @@ -1173,7 +1195,7 @@ static int ipgre_open(struct net_device *dev) .tos = RT_TOS(t->parms.iph.tos) } }, .proto = IPPROTO_GRE }; struct rtable *rt; - if (ip_route_output_key(&init_net, &rt, &fl)) + if (ip_route_output_key(dev_net(dev), &rt, &fl)) return -EADDRNOTAVAIL; dev = rt->u.dst.dev; ip_rt_put(rt); @@ -1190,7 +1212,7 @@ static int ipgre_close(struct net_device *dev) struct ip_tunnel *t = netdev_priv(dev); if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) { struct in_device *in_dev; - in_dev = inetdev_by_index(dev->nd_net, t->mlink); + in_dev = inetdev_by_index(dev_net(dev), t->mlink); if (in_dev) { ip_mc_dec_group(in_dev, t->parms.iph.daddr); in_dev_put(in_dev); @@ -1216,6 +1238,7 @@ static void ipgre_tunnel_setup(struct net_device *dev) dev->flags = IFF_NOARP; dev->iflink = 0; dev->addr_len = 4; + dev->features |= NETIF_F_NETNS_LOCAL; } static int ipgre_tunnel_init(struct net_device *dev) @@ -1251,10 +1274,11 @@ static int ipgre_tunnel_init(struct net_device *dev) return 0; } -static int __init ipgre_fb_tunnel_init(struct net_device *dev) +static int ipgre_fb_tunnel_init(struct net_device *dev) { struct ip_tunnel *tunnel = netdev_priv(dev); struct iphdr *iph = &tunnel->parms.iph; + struct ipgre_net *ign = net_generic(dev_net(dev), ipgre_net_id); tunnel->dev = dev; strcpy(tunnel->parms.name, dev->name); @@ -1265,7 +1289,7 @@ static int __init ipgre_fb_tunnel_init(struct net_device *dev) tunnel->hlen = sizeof(struct iphdr) + 4; dev_hold(dev); - tunnels_wc[0] = tunnel; + ign->tunnels_wc[0] = tunnel; return 0; } @@ -1273,56 +1297,98 @@ static int __init ipgre_fb_tunnel_init(struct net_device *dev) static struct net_protocol ipgre_protocol = { .handler = ipgre_rcv, .err_handler = ipgre_err, + .netns_ok = 1, }; +static void ipgre_destroy_tunnels(struct ipgre_net *ign) +{ + int prio; -/* - * And now the modules code and kernel interface. - */ + for (prio = 0; prio < 4; prio++) { + int h; + for (h = 0; h < HASH_SIZE; h++) { + struct ip_tunnel *t; + while ((t = ign->tunnels[prio][h]) != NULL) + unregister_netdevice(t->dev); + } + } +} -static int __init ipgre_init(void) +static int ipgre_init_net(struct net *net) { int err; + struct ipgre_net *ign; - printk(KERN_INFO "GRE over IPv4 tunneling driver\n"); + err = -ENOMEM; + ign = kzalloc(sizeof(struct ipgre_net), GFP_KERNEL); + if (ign == NULL) + goto err_alloc; - if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) { - printk(KERN_INFO "ipgre init: can't add protocol\n"); - return -EAGAIN; - } + err = net_assign_generic(net, ipgre_net_id, ign); + if (err < 0) + goto err_assign; - ipgre_fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0", + ign->fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0", ipgre_tunnel_setup); - if (!ipgre_fb_tunnel_dev) { + if (!ign->fb_tunnel_dev) { err = -ENOMEM; - goto err1; + goto err_alloc_dev; } - ipgre_fb_tunnel_dev->init = ipgre_fb_tunnel_init; + ign->fb_tunnel_dev->init = ipgre_fb_tunnel_init; + dev_net_set(ign->fb_tunnel_dev, net); - if ((err = register_netdev(ipgre_fb_tunnel_dev))) - goto err2; -out: + if ((err = register_netdev(ign->fb_tunnel_dev))) + goto err_reg_dev; + + return 0; + +err_reg_dev: + free_netdev(ign->fb_tunnel_dev); +err_alloc_dev: + /* nothing */ +err_assign: + kfree(ign); +err_alloc: return err; -err2: - free_netdev(ipgre_fb_tunnel_dev); -err1: - inet_del_protocol(&ipgre_protocol, IPPROTO_GRE); - goto out; } -static void __exit ipgre_destroy_tunnels(void) +static void ipgre_exit_net(struct net *net) { - int prio; + struct ipgre_net *ign; - for (prio = 0; prio < 4; prio++) { - int h; - for (h = 0; h < HASH_SIZE; h++) { - struct ip_tunnel *t; - while ((t = tunnels[prio][h]) != NULL) - unregister_netdevice(t->dev); - } + ign = net_generic(net, ipgre_net_id); + rtnl_lock(); + ipgre_destroy_tunnels(ign); + rtnl_unlock(); + kfree(ign); +} + +static struct pernet_operations ipgre_net_ops = { + .init = ipgre_init_net, + .exit = ipgre_exit_net, +}; + +/* + * And now the modules code and kernel interface. + */ + +static int __init ipgre_init(void) +{ + int err; + + printk(KERN_INFO "GRE over IPv4 tunneling driver\n"); + + if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) { + printk(KERN_INFO "ipgre init: can't add protocol\n"); + return -EAGAIN; } + + err = register_pernet_gen_device(&ipgre_net_id, &ipgre_net_ops); + if (err < 0) + inet_del_protocol(&ipgre_protocol, IPPROTO_GRE); + + return err; } static void __exit ipgre_fini(void) @@ -1330,9 +1396,7 @@ static void __exit ipgre_fini(void) if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) printk(KERN_INFO "ipgre close: can't remove protocol\n"); - rtnl_lock(); - ipgre_destroy_tunnels(); - rtnl_unlock(); + unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops); } module_init(ipgre_init); |