1 | /* |
---|
2 | * Copyright (C) 2004, 2005 Mike Wray <mike.wray@hp.com> |
---|
3 | * |
---|
4 | * This program is free software; you can redistribute it and/or modify |
---|
5 | * it under the terms of the GNU General Public License as published by the |
---|
6 | * Free Software Foundation; either version 2 of the License, or (at your |
---|
7 | * option) any later version. |
---|
8 | * |
---|
9 | * This program is distributed in the hope that it will be useful, but |
---|
10 | * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY |
---|
11 | * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
---|
12 | * for more details. |
---|
13 | * |
---|
14 | * You should have received a copy of the GNU General Public License along |
---|
15 | * with this program; if not, write to the Free software Foundation, Inc., |
---|
16 | * 59 Temple Place, suite 330, Boston, MA 02111-1307 USA |
---|
17 | * |
---|
18 | */ |
---|
19 | #ifdef __KERNEL__ |
---|
20 | |
---|
21 | #include <linux/config.h> |
---|
22 | #include <linux/module.h> |
---|
23 | #include <linux/types.h> |
---|
24 | #include <linux/kernel.h> |
---|
25 | #include <linux/init.h> |
---|
26 | |
---|
27 | #include <linux/version.h> |
---|
28 | |
---|
29 | #include <linux/skbuff.h> |
---|
30 | #include <linux/net.h> |
---|
31 | #include <linux/netdevice.h> |
---|
32 | #include <linux/in.h> |
---|
33 | #include <linux/inet.h> |
---|
34 | #include <linux/netfilter_bridge.h> |
---|
35 | #include <linux/netfilter_ipv4.h> |
---|
36 | #include <linux/icmp.h> |
---|
37 | #include <linux/udp.h> |
---|
38 | |
---|
39 | #include <net/ip.h> |
---|
40 | #include <net/protocol.h> |
---|
41 | #include <net/route.h> |
---|
42 | #include <net/checksum.h> |
---|
43 | |
---|
44 | #else |
---|
45 | |
---|
46 | #include <netinet/in.h> |
---|
47 | #include <arpa/inet.h> |
---|
48 | |
---|
49 | #include "sys_kernel.h" |
---|
50 | #include "spinlock.h" |
---|
51 | #include "skbuff.h" |
---|
52 | #include <linux/ip.h> |
---|
53 | #include <linux/udp.h> |
---|
54 | |
---|
55 | #define IP_DF 0x4000 /* Flag: "Don't Fragment" */ |
---|
56 | |
---|
57 | #endif |
---|
58 | |
---|
59 | #include <etherip.h> |
---|
60 | #include <tunnel.h> |
---|
61 | #include <vnet.h> |
---|
62 | #include <varp.h> |
---|
63 | #include <if_varp.h> |
---|
64 | #include <varp.h> |
---|
65 | #include <skb_util.h> |
---|
66 | #include <skb_context.h> |
---|
67 | |
---|
68 | #define MODULE_NAME "VNET" |
---|
69 | #define DEBUG 1 |
---|
70 | #undef DEBUG |
---|
71 | #include "debug.h" |
---|
72 | |
---|
73 | /** @file Etherip implementation. |
---|
74 | * The etherip protocol is used to transport Ethernet frames in IP packets. |
---|
75 | */ |
---|
76 | |
---|
77 | /** Flag controlling whether to use etherip-in-udp encapsulation. |
---|
78 | * If false we send etherip protocol in IP packets. |
---|
79 | * If true we send etherip protocol in UDP packets with a vnet header. |
---|
80 | */ |
---|
81 | int etherip_in_udp = 1; |
---|
82 | |
---|
83 | /** Get the vnet label from an etherip header. |
---|
84 | * |
---|
85 | * @param hdr header |
---|
86 | * @@param vnet (in net order) |
---|
87 | */ |
---|
88 | void etheriphdr_get_vnet(struct etheriphdr *hdr, VnetId *vnet){ |
---|
89 | #ifdef CONFIG_ETHERIP_EXT |
---|
90 | *vnet = *(VnetId*)hdr->vnet; |
---|
91 | #else |
---|
92 | *vnet = (VnetId){}; |
---|
93 | vnet->u.vnet16[VNET_SIZE16 - 1] = (unsigned short)hdr->reserved; |
---|
94 | |
---|
95 | #endif |
---|
96 | } |
---|
97 | |
---|
98 | /** Set the vnet label in an etherip header. |
---|
99 | * Also sets the etherip version. |
---|
100 | * |
---|
101 | * @param hdr header |
---|
102 | * @param vnet vnet label (in net order) |
---|
103 | */ |
---|
104 | void etheriphdr_set_vnet(struct etheriphdr *hdr, VnetId *vnet){ |
---|
105 | #ifdef CONFIG_ETHERIP_EXT |
---|
106 | hdr->version = ETHERIP_VERSION; |
---|
107 | *(VnetId*)hdr->vnet = *vnet; |
---|
108 | #else |
---|
109 | hdr->version = ETHERIP_VERSION; |
---|
110 | hdr->reserved = (vnet->u.vnet16[VNET_SIZE16 - 1] & 0x0fff); |
---|
111 | #endif |
---|
112 | } |
---|
113 | |
---|
114 | /** Open an etherip tunnel. |
---|
115 | * |
---|
116 | * @param tunnel to open |
---|
117 | * @return 0 on success, error code otherwise |
---|
118 | */ |
---|
119 | static int etherip_tunnel_open(Tunnel *tunnel){ |
---|
120 | return 0; |
---|
121 | } |
---|
122 | |
---|
123 | /** Close an etherip tunnel. |
---|
124 | * |
---|
125 | * @param tunnel to close |
---|
126 | */ |
---|
127 | static void etherip_tunnel_close(Tunnel *tunnel){ |
---|
128 | } |
---|
129 | |
---|
130 | |
---|
131 | static inline int skb_make_headroom(struct sk_buff **pskb, struct sk_buff *skb, int head_n){ |
---|
132 | int err = 0; |
---|
133 | dprintf("> skb=%p headroom=%d head_n=%d\n", skb, skb_headroom(skb), head_n); |
---|
134 | if(head_n > skb_headroom(skb) || skb_cloned(skb) || skb_shared(skb)){ |
---|
135 | // Expand header the way GRE does. |
---|
136 | struct sk_buff *new_skb = skb_realloc_headroom(skb, head_n + 16); |
---|
137 | if(!new_skb){ |
---|
138 | err = -ENOMEM; |
---|
139 | goto exit; |
---|
140 | } |
---|
141 | kfree_skb(skb); |
---|
142 | *pskb = new_skb; |
---|
143 | } else { |
---|
144 | *pskb = skb; |
---|
145 | } |
---|
146 | exit: |
---|
147 | return err; |
---|
148 | } |
---|
149 | |
---|
150 | /** Send a packet via an etherip tunnel. |
---|
151 | * Adds etherip header and new ip header around ethernet frame. |
---|
152 | * |
---|
153 | * @param tunnel tunnel |
---|
154 | * @param skb packet |
---|
155 | * @return 0 on success, error code otherwise |
---|
156 | */ |
---|
157 | static int etherip_tunnel_send(Tunnel *tunnel, struct sk_buff *skb){ |
---|
158 | int err = 0; |
---|
159 | const int ip_n = sizeof(struct iphdr); |
---|
160 | const int etherip_n = sizeof(struct etheriphdr); |
---|
161 | const int udp_n = sizeof(struct udphdr); |
---|
162 | const int vnet_n = sizeof(struct VnetMsgHdr); |
---|
163 | int head_n = etherip_n + ip_n /* + ETH_HLEN */; |
---|
164 | VnetId *vnet = &tunnel->key.vnet; |
---|
165 | struct etheriphdr *etheriph; |
---|
166 | u32 saddr = 0; |
---|
167 | |
---|
168 | if(etherip_in_udp){ |
---|
169 | head_n += vnet_n + udp_n; |
---|
170 | } |
---|
171 | err = skb_make_headroom(&skb, skb, head_n); |
---|
172 | if(err) goto exit; |
---|
173 | |
---|
174 | // Null the pointer as we are pushing a new IP header. |
---|
175 | skb->mac.raw = NULL; |
---|
176 | |
---|
177 | // Setup the etherip header. |
---|
178 | etheriph = (void*)skb_push(skb, etherip_n); |
---|
179 | etheriphdr_set_vnet(etheriph, vnet); |
---|
180 | |
---|
181 | if(etherip_in_udp){ |
---|
182 | // Vnet header. |
---|
183 | struct VnetMsgHdr *vhdr = (void*)skb_push(skb, vnet_n); |
---|
184 | vhdr->id = htons(VUDP_ID); |
---|
185 | vhdr->opcode = 0; |
---|
186 | |
---|
187 | // Setup the UDP header. |
---|
188 | skb->h.raw = skb_push(skb, udp_n); |
---|
189 | skb->h.uh->source = varp_port; // Source port. |
---|
190 | skb->h.uh->dest = varp_port; // Destination port. |
---|
191 | skb->h.uh->len = htons(skb->len); // Total packet length (bytes). |
---|
192 | skb->h.uh->check = 0; |
---|
193 | } |
---|
194 | |
---|
195 | // Setup the IP header. |
---|
196 | skb->nh.raw = skb_push(skb, ip_n); |
---|
197 | skb->nh.iph->version = 4; // Standard version. |
---|
198 | skb->nh.iph->ihl = ip_n / 4; // IP header length (32-bit words). |
---|
199 | skb->nh.iph->tos = 0; // No special type-of-service. |
---|
200 | skb->nh.iph->tot_len = htons(skb->len); // Total packet length (bytes). |
---|
201 | skb->nh.iph->id = 0; // No flow id (since no frags). |
---|
202 | if(etherip_in_udp){ |
---|
203 | skb->nh.iph->protocol = IPPROTO_UDP; // IP protocol number. |
---|
204 | skb->nh.iph->frag_off = 0; |
---|
205 | } else { |
---|
206 | skb->nh.iph->protocol = IPPROTO_ETHERIP;// IP protocol number. |
---|
207 | skb->nh.iph->frag_off = htons(IP_DF); // Don't fragment - can't handle frags. |
---|
208 | } |
---|
209 | skb->nh.iph->ttl = 64; // Linux default time-to-live. |
---|
210 | skb->nh.iph->saddr = saddr; // Source address. |
---|
211 | skb->nh.iph->daddr = tunnel->key.addr.u.ip4.s_addr; // Destination address. |
---|
212 | skb->nh.iph->check = 0; // Zero the checksum. |
---|
213 | |
---|
214 | // Ethernet header will be filled-in by device. |
---|
215 | err = Tunnel_send(tunnel->base, skb); |
---|
216 | skb = NULL; |
---|
217 | exit: |
---|
218 | if(err && skb){ |
---|
219 | wprintf("< err=%d\n", err); |
---|
220 | kfree_skb(skb); |
---|
221 | } |
---|
222 | return err; |
---|
223 | } |
---|
224 | |
---|
225 | /** Tunnel type for etherip. |
---|
226 | */ |
---|
227 | static TunnelType _etherip_tunnel_type = { |
---|
228 | .name = "ETHERIP", |
---|
229 | .open = etherip_tunnel_open, |
---|
230 | .close = etherip_tunnel_close, |
---|
231 | .send = etherip_tunnel_send |
---|
232 | }; |
---|
233 | |
---|
234 | TunnelType *etherip_tunnel_type = &_etherip_tunnel_type; |
---|
235 | |
---|
236 | int etherip_tunnel_create(VnetId *vnet, VarpAddr *addr, Tunnel *base, Tunnel **tunnel){ |
---|
237 | return Tunnel_create(etherip_tunnel_type, vnet, addr, base, tunnel); |
---|
238 | } |
---|
239 | |
---|
240 | #if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER) |
---|
241 | /** We need our own copy of this as it is no longer exported from the bridge module. |
---|
242 | */ |
---|
243 | static inline void _nf_bridge_save_header(struct sk_buff *skb){ |
---|
244 | int header_size = 16; |
---|
245 | |
---|
246 | // Were using this modified to use h_proto instead of skb->protocol. |
---|
247 | if(skb->protocol == htons(ETH_P_8021Q)){ |
---|
248 | header_size = 18; |
---|
249 | } |
---|
250 | memcpy(skb->nf_bridge->data, skb->data - header_size, header_size); |
---|
251 | } |
---|
252 | #endif |
---|
253 | |
---|
254 | /** Do etherip receive processing. |
---|
255 | * Strips the etherip header to extract the ethernet frame, sets |
---|
256 | * the vnet from the header and re-receives the frame. |
---|
257 | * |
---|
258 | * Return code 1 means we now own the packet - the caller must not free it. |
---|
259 | * Return code < 0 means an error - caller still owns the packet. |
---|
260 | * |
---|
261 | * @param skb packet |
---|
262 | * @return 1 on success, error code otherwise |
---|
263 | */ |
---|
264 | int etherip_protocol_recv(struct sk_buff *skb){ |
---|
265 | int err = 0; |
---|
266 | const int etherip_n = sizeof(struct etheriphdr); |
---|
267 | struct etheriphdr *etheriph; |
---|
268 | Vnet *vinfo = NULL; |
---|
269 | VnetId vnet = {}; |
---|
270 | u32 saddr, daddr; |
---|
271 | char vnetbuf[VNET_ID_BUF]; |
---|
272 | struct ethhdr *eth; |
---|
273 | |
---|
274 | dprintf(">\n"); |
---|
275 | saddr = skb->nh.iph->saddr; |
---|
276 | daddr = skb->nh.iph->daddr; |
---|
277 | if(MULTICAST(daddr) && (daddr != varp_mcast_addr)){ |
---|
278 | // Ignore multicast packets not addressed to us. |
---|
279 | wprintf("> Ignoring mcast skb: src=%u.%u.%u.%u dst=%u.%u.%u.%u" |
---|
280 | " varp_mcast_addr=%u.%u.%u.%u\n", |
---|
281 | NIPQUAD(saddr), NIPQUAD(daddr), NIPQUAD(varp_mcast_addr)); |
---|
282 | goto exit; |
---|
283 | } |
---|
284 | if(skb->data == skb->mac.raw){ |
---|
285 | // skb->data points at ethernet header. |
---|
286 | //FIXME: Does this ever happen? |
---|
287 | //dprintf("> len=%d\n", skb->len); |
---|
288 | int ip_n = (skb->nh.iph->ihl << 2); |
---|
289 | int pull_n = ETH_HLEN + ip_n; |
---|
290 | if (!pskb_may_pull(skb, pull_n)){ |
---|
291 | wprintf("> Malformed skb (eth+ip) src=%u.%u.%u.%u\n", |
---|
292 | NIPQUAD(saddr)); |
---|
293 | err = -EINVAL; |
---|
294 | goto exit; |
---|
295 | } |
---|
296 | skb_pull(skb, pull_n); |
---|
297 | } |
---|
298 | // Assume skb->data points at etherip header. |
---|
299 | etheriph = (void*)skb->data; |
---|
300 | if(etheriph->version != ETHERIP_VERSION){ |
---|
301 | wprintf("> Bad etherip version=%d src=%u.%u.%u.%u\n", |
---|
302 | etheriph->version, NIPQUAD(saddr)); |
---|
303 | err = -EINVAL; |
---|
304 | goto exit; |
---|
305 | } |
---|
306 | if(!pskb_may_pull(skb, etherip_n)){ |
---|
307 | wprintf("> Malformed skb (etherip) src=%u.%u.%u.%u\n", |
---|
308 | NIPQUAD(saddr)); |
---|
309 | err = -EINVAL; |
---|
310 | goto exit; |
---|
311 | } |
---|
312 | etheriphdr_get_vnet(etheriph, &vnet); |
---|
313 | // If vnet is secure, context must include IPSEC ESP. |
---|
314 | err = vnet_check_context(&vnet, SKB_CONTEXT(skb), &vinfo); |
---|
315 | if(err){ |
---|
316 | wprintf("> Failed security check vnet=%s src=%u.%u.%u.%u\n", |
---|
317 | VnetId_ntoa(&vnet, vnetbuf), NIPQUAD(saddr)); |
---|
318 | goto exit; |
---|
319 | } |
---|
320 | // Point at the headers in the contained ethernet frame. |
---|
321 | skb->mac.raw = skb_pull(skb, etherip_n); |
---|
322 | eth = eth_hdr(skb); |
---|
323 | |
---|
324 | // Simulate the logic from eth_type_trans() |
---|
325 | // to set skb->pkt_type and skb->protocol. |
---|
326 | if(mac_is_multicast(eth->h_dest)){ |
---|
327 | if(mac_is_broadcast(eth->h_dest)){ |
---|
328 | skb->pkt_type = PACKET_BROADCAST; |
---|
329 | } else { |
---|
330 | skb->pkt_type = PACKET_MULTICAST; |
---|
331 | } |
---|
332 | } else { |
---|
333 | skb->pkt_type = PACKET_HOST; |
---|
334 | } |
---|
335 | if(ntohs(eth->h_proto) >= 1536){ |
---|
336 | skb->protocol = eth->h_proto; |
---|
337 | } else { |
---|
338 | skb->protocol = htons(ETH_P_802_2); |
---|
339 | } |
---|
340 | |
---|
341 | // Assuming a standard Ethernet frame. |
---|
342 | // Should check for protocol? Support ETH_P_8021Q too. |
---|
343 | skb->nh.raw = skb_pull(skb, ETH_HLEN); |
---|
344 | |
---|
345 | #ifdef __KERNEL__ |
---|
346 | // Fix IP options, checksum, skb dst, netfilter state. |
---|
347 | memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); |
---|
348 | if (skb->ip_summed == CHECKSUM_HW){ |
---|
349 | skb->ip_summed = CHECKSUM_NONE; |
---|
350 | } |
---|
351 | dst_release(skb->dst); |
---|
352 | skb->dst = NULL; |
---|
353 | nf_reset(skb); |
---|
354 | #ifdef CONFIG_BRIDGE_NETFILTER |
---|
355 | if(skb->nf_bridge){ |
---|
356 | // Stop the eth header being clobbered by nf_bridge_maybe_copy_header(). |
---|
357 | _nf_bridge_save_header(skb); |
---|
358 | } |
---|
359 | #endif |
---|
360 | #endif // __KERNEL__ |
---|
361 | |
---|
362 | dprintf("> Unpacked srcaddr=" IPFMT " vnet=%s srcmac=" MACFMT " dstmac=" MACFMT "\n", |
---|
363 | NIPQUAD(skb->nh.iph->saddr), |
---|
364 | VnetId_ntoa(&vnet, vnetbuf), |
---|
365 | MAC6TUPLE(eth->h_source), |
---|
366 | MAC6TUPLE(eth->h_dest)); |
---|
367 | //print_skb(__FUNCTION__, 0, skb); |
---|
368 | |
---|
369 | { |
---|
370 | // Know source ip, vnet, vmac, so update the varp cache. |
---|
371 | // For this to work forwarded vnet packets must have the |
---|
372 | // original source address. |
---|
373 | VarpAddr addr = { .family = AF_INET }; |
---|
374 | addr.u.ip4.s_addr = saddr; |
---|
375 | varp_update(&vnet, eth->h_source, &addr); |
---|
376 | } |
---|
377 | |
---|
378 | err = vnet_skb_recv(skb, vinfo); |
---|
379 | exit: |
---|
380 | if(vinfo) Vnet_decref(vinfo); |
---|
381 | dprintf("< skb=%p err=%d\n", skb, err); |
---|
382 | return err; |
---|
383 | } |
---|
384 | |
---|
385 | |
---|
386 | #ifdef __KERNEL__ |
---|
387 | |
---|
388 | /** Handle an ICMP error related to etherip. |
---|
389 | * |
---|
390 | * @param skb ICMP error packet |
---|
391 | * @param info |
---|
392 | */ |
---|
393 | static void etherip_protocol_icmp_err(struct sk_buff *skb, u32 info){ |
---|
394 | struct iphdr *iph = (struct iphdr*)skb->data; |
---|
395 | |
---|
396 | wprintf("> ICMP error type=%d code=%d addr=" IPFMT "\n", |
---|
397 | skb->h.icmph->type, skb->h.icmph->code, NIPQUAD(iph->daddr)); |
---|
398 | |
---|
399 | if (skb->h.icmph->type != ICMP_DEST_UNREACH || |
---|
400 | skb->h.icmph->code != ICMP_FRAG_NEEDED){ |
---|
401 | return; |
---|
402 | } |
---|
403 | wprintf("> MTU too big addr= " IPFMT "\n", NIPQUAD(iph->daddr)); |
---|
404 | } |
---|
405 | |
---|
406 | //============================================================================ |
---|
407 | #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) |
---|
408 | // Code for 2.6 kernel. |
---|
409 | |
---|
410 | /** Etherip protocol. */ |
---|
411 | static struct net_protocol etherip_protocol = { |
---|
412 | .handler = etherip_protocol_recv, |
---|
413 | .err_handler = etherip_protocol_icmp_err, |
---|
414 | }; |
---|
415 | |
---|
416 | static int etherip_protocol_add(void){ |
---|
417 | return inet_add_protocol(ðerip_protocol, IPPROTO_ETHERIP); |
---|
418 | } |
---|
419 | |
---|
420 | static int etherip_protocol_del(void){ |
---|
421 | return inet_del_protocol(ðerip_protocol, IPPROTO_ETHERIP); |
---|
422 | } |
---|
423 | |
---|
424 | //============================================================================ |
---|
425 | #else |
---|
426 | //============================================================================ |
---|
427 | // Code for 2.4 kernel. |
---|
428 | |
---|
429 | /** Etherip protocol. */ |
---|
430 | static struct inet_protocol etherip_protocol = { |
---|
431 | .name = "ETHERIP", |
---|
432 | .protocol = IPPROTO_ETHERIP, |
---|
433 | .handler = etherip_protocol_recv, |
---|
434 | .err_handler = etherip_protocol_icmp_err, |
---|
435 | }; |
---|
436 | |
---|
437 | static int etherip_protocol_add(void){ |
---|
438 | inet_add_protocol(ðerip_protocol); |
---|
439 | return 0; |
---|
440 | } |
---|
441 | |
---|
442 | static int etherip_protocol_del(void){ |
---|
443 | return inet_del_protocol(ðerip_protocol); |
---|
444 | } |
---|
445 | |
---|
446 | #endif |
---|
447 | //============================================================================ |
---|
448 | |
---|
449 | |
---|
450 | /** Initialize the etherip module. |
---|
451 | * Registers the etherip protocol. |
---|
452 | * |
---|
453 | * @return 0 on success, error code otherwise |
---|
454 | */ |
---|
455 | int __init etherip_module_init(void) { |
---|
456 | int err = 0; |
---|
457 | etherip_protocol_add(); |
---|
458 | return err; |
---|
459 | } |
---|
460 | |
---|
461 | /** Finalize the etherip module. |
---|
462 | * Deregisters the etherip protocol. |
---|
463 | */ |
---|
464 | void __exit etherip_module_exit(void) { |
---|
465 | if(etherip_protocol_del() < 0){ |
---|
466 | printk(KERN_INFO "%s: can't remove etherip protocol\n", __FUNCTION__); |
---|
467 | } |
---|
468 | } |
---|
469 | |
---|
470 | #endif // __KERNEL__ |
---|