diff options
-rw-r--r-- | net/ipv4/ip_gre.c | 146 | ||||
-rw-r--r-- | net/ipv4/ipip.c | 130 | ||||
-rw-r--r-- | net/ipv6/sit.c | 89 |
3 files changed, 3 insertions, 362 deletions
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index 2ada033406de..4342cba4ff82 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c | |||
@@ -313,9 +313,8 @@ static void ipgre_tunnel_uninit(struct net_device *dev) | |||
313 | 313 | ||
314 | static void ipgre_err(struct sk_buff *skb, u32 info) | 314 | static void ipgre_err(struct sk_buff *skb, u32 info) |
315 | { | 315 | { |
316 | #ifndef I_WISH_WORLD_WERE_PERFECT | ||
317 | 316 | ||
318 | /* It is not :-( All the routers (except for Linux) return only | 317 | /* All the routers (except for Linux) return only |
319 | 8 bytes of packet payload. It means, that precise relaying of | 318 | 8 bytes of packet payload. It means, that precise relaying of |
320 | ICMP in the real Internet is absolutely infeasible. | 319 | ICMP in the real Internet is absolutely infeasible. |
321 | 320 | ||
@@ -398,149 +397,6 @@ static void ipgre_err(struct sk_buff *skb, u32 info) | |||
398 | out: | 397 | out: |
399 | read_unlock(&ipgre_lock); | 398 | read_unlock(&ipgre_lock); |
400 | return; | 399 | return; |
401 | #else | ||
402 | struct iphdr *iph = (struct iphdr*)dp; | ||
403 | struct iphdr *eiph; | ||
404 | __be16 *p = (__be16*)(dp+(iph->ihl<<2)); | ||
405 | const int type = icmp_hdr(skb)->type; | ||
406 | const int code = icmp_hdr(skb)->code; | ||
407 | int rel_type = 0; | ||
408 | int rel_code = 0; | ||
409 | __be32 rel_info = 0; | ||
410 | __u32 n = 0; | ||
411 | __be16 flags; | ||
412 | int grehlen = (iph->ihl<<2) + 4; | ||
413 | struct sk_buff *skb2; | ||
414 | struct flowi fl; | ||
415 | struct rtable *rt; | ||
416 | |||
417 | if (p[1] != htons(ETH_P_IP)) | ||
418 | return; | ||
419 | |||
420 | flags = p[0]; | ||
421 | if (flags&(GRE_CSUM|GRE_KEY|GRE_SEQ|GRE_ROUTING|GRE_VERSION)) { | ||
422 | if (flags&(GRE_VERSION|GRE_ROUTING)) | ||
423 | return; | ||
424 | if (flags&GRE_CSUM) | ||
425 | grehlen += 4; | ||
426 | if (flags&GRE_KEY) | ||
427 | grehlen += 4; | ||
428 | if (flags&GRE_SEQ) | ||
429 | grehlen += 4; | ||
430 | } | ||
431 | if (len < grehlen + sizeof(struct iphdr)) | ||
432 | return; | ||
433 | eiph = (struct iphdr*)(dp + grehlen); | ||
434 | |||
435 | switch (type) { | ||
436 | default: | ||
437 | return; | ||
438 | case ICMP_PARAMETERPROB: | ||
439 | n = ntohl(icmp_hdr(skb)->un.gateway) >> 24; | ||
440 | if (n < (iph->ihl<<2)) | ||
441 | return; | ||
442 | |||
443 | /* So... This guy found something strange INSIDE encapsulated | ||
444 | packet. Well, he is fool, but what can we do ? | ||
445 | */ | ||
446 | rel_type = ICMP_PARAMETERPROB; | ||
447 | n -= grehlen; | ||
448 | rel_info = htonl(n << 24); | ||
449 | break; | ||
450 | |||
451 | case ICMP_DEST_UNREACH: | ||
452 | switch (code) { | ||
453 | case ICMP_SR_FAILED: | ||
454 | case ICMP_PORT_UNREACH: | ||
455 | /* Impossible event. */ | ||
456 | return; | ||
457 | case ICMP_FRAG_NEEDED: | ||
458 | /* And it is the only really necessary thing :-) */ | ||
459 | n = ntohs(icmp_hdr(skb)->un.frag.mtu); | ||
460 | if (n < grehlen+68) | ||
461 | return; | ||
462 | n -= grehlen; | ||
463 | /* BSD 4.2 MORE DOES NOT EXIST IN NATURE. */ | ||
464 | if (n > ntohs(eiph->tot_len)) | ||
465 | return; | ||
466 | rel_info = htonl(n); | ||
467 | break; | ||
468 | default: | ||
469 | /* All others are translated to HOST_UNREACH. | ||
470 | rfc2003 contains "deep thoughts" about NET_UNREACH, | ||
471 | I believe, it is just ether pollution. --ANK | ||
472 | */ | ||
473 | rel_type = ICMP_DEST_UNREACH; | ||
474 | rel_code = ICMP_HOST_UNREACH; | ||
475 | break; | ||
476 | } | ||
477 | break; | ||
478 | case ICMP_TIME_EXCEEDED: | ||
479 | if (code != ICMP_EXC_TTL) | ||
480 | return; | ||
481 | break; | ||
482 | } | ||
483 | |||
484 | /* Prepare fake skb to feed it to icmp_send */ | ||
485 | skb2 = skb_clone(skb, GFP_ATOMIC); | ||
486 | if (skb2 == NULL) | ||
487 | return; | ||
488 | dst_release(skb2->dst); | ||
489 | skb2->dst = NULL; | ||
490 | skb_pull(skb2, skb->data - (u8*)eiph); | ||
491 | skb_reset_network_header(skb2); | ||
492 | |||
493 | /* Try to guess incoming interface */ | ||
494 | memset(&fl, 0, sizeof(fl)); | ||
495 | fl.fl4_dst = eiph->saddr; | ||
496 | fl.fl4_tos = RT_TOS(eiph->tos); | ||
497 | fl.proto = IPPROTO_GRE; | ||
498 | if (ip_route_output_key(dev_net(skb->dev), &rt, &fl)) { | ||
499 | kfree_skb(skb2); | ||
500 | return; | ||
501 | } | ||
502 | skb2->dev = rt->u.dst.dev; | ||
503 | |||
504 | /* route "incoming" packet */ | ||
505 | if (rt->rt_flags&RTCF_LOCAL) { | ||
506 | ip_rt_put(rt); | ||
507 | rt = NULL; | ||
508 | fl.fl4_dst = eiph->daddr; | ||
509 | fl.fl4_src = eiph->saddr; | ||
510 | fl.fl4_tos = eiph->tos; | ||
511 | if (ip_route_output_key(dev_net(skb->dev), &rt, &fl) || | ||
512 | rt->u.dst.dev->type != ARPHRD_IPGRE) { | ||
513 | ip_rt_put(rt); | ||
514 | kfree_skb(skb2); | ||
515 | return; | ||
516 | } | ||
517 | } else { | ||
518 | ip_rt_put(rt); | ||
519 | if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, skb2->dev) || | ||
520 | skb2->dst->dev->type != ARPHRD_IPGRE) { | ||
521 | kfree_skb(skb2); | ||
522 | return; | ||
523 | } | ||
524 | } | ||
525 | |||
526 | /* change mtu on this route */ | ||
527 | if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { | ||
528 | if (n > dst_mtu(skb2->dst)) { | ||
529 | kfree_skb(skb2); | ||
530 | return; | ||
531 | } | ||
532 | skb2->dst->ops->update_pmtu(skb2->dst, n); | ||
533 | } else if (type == ICMP_TIME_EXCEEDED) { | ||
534 | struct ip_tunnel *t = netdev_priv(skb2->dev); | ||
535 | if (t->parms.iph.ttl) { | ||
536 | rel_type = ICMP_DEST_UNREACH; | ||
537 | rel_code = ICMP_HOST_UNREACH; | ||
538 | } | ||
539 | } | ||
540 | |||
541 | icmp_send(skb2, rel_type, rel_code, rel_info); | ||
542 | kfree_skb(skb2); | ||
543 | #endif | ||
544 | } | 400 | } |
545 | 401 | ||
546 | static inline void ipgre_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb) | 402 | static inline void ipgre_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb) |
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c index 149111f08e8d..af5cb53da5cc 100644 --- a/net/ipv4/ipip.c +++ b/net/ipv4/ipip.c | |||
@@ -278,9 +278,8 @@ static void ipip_tunnel_uninit(struct net_device *dev) | |||
278 | 278 | ||
279 | static int ipip_err(struct sk_buff *skb, u32 info) | 279 | static int ipip_err(struct sk_buff *skb, u32 info) |
280 | { | 280 | { |
281 | #ifndef I_WISH_WORLD_WERE_PERFECT | ||
282 | 281 | ||
283 | /* It is not :-( All the routers (except for Linux) return only | 282 | /* All the routers (except for Linux) return only |
284 | 8 bytes of packet payload. It means, that precise relaying of | 283 | 8 bytes of packet payload. It means, that precise relaying of |
285 | ICMP in the real Internet is absolutely infeasible. | 284 | ICMP in the real Internet is absolutely infeasible. |
286 | */ | 285 | */ |
@@ -337,133 +336,6 @@ static int ipip_err(struct sk_buff *skb, u32 info) | |||
337 | out: | 336 | out: |
338 | read_unlock(&ipip_lock); | 337 | read_unlock(&ipip_lock); |
339 | return err; | 338 | return err; |
340 | #else | ||
341 | struct iphdr *iph = (struct iphdr*)dp; | ||
342 | int hlen = iph->ihl<<2; | ||
343 | struct iphdr *eiph; | ||
344 | const int type = icmp_hdr(skb)->type; | ||
345 | const int code = icmp_hdr(skb)->code; | ||
346 | int rel_type = 0; | ||
347 | int rel_code = 0; | ||
348 | __be32 rel_info = 0; | ||
349 | __u32 n = 0; | ||
350 | struct sk_buff *skb2; | ||
351 | struct flowi fl; | ||
352 | struct rtable *rt; | ||
353 | |||
354 | if (len < hlen + sizeof(struct iphdr)) | ||
355 | return 0; | ||
356 | eiph = (struct iphdr*)(dp + hlen); | ||
357 | |||
358 | switch (type) { | ||
359 | default: | ||
360 | return 0; | ||
361 | case ICMP_PARAMETERPROB: | ||
362 | n = ntohl(icmp_hdr(skb)->un.gateway) >> 24; | ||
363 | if (n < hlen) | ||
364 | return 0; | ||
365 | |||
366 | /* So... This guy found something strange INSIDE encapsulated | ||
367 | packet. Well, he is fool, but what can we do ? | ||
368 | */ | ||
369 | rel_type = ICMP_PARAMETERPROB; | ||
370 | rel_info = htonl((n - hlen) << 24); | ||
371 | break; | ||
372 | |||
373 | case ICMP_DEST_UNREACH: | ||
374 | switch (code) { | ||
375 | case ICMP_SR_FAILED: | ||
376 | case ICMP_PORT_UNREACH: | ||
377 | /* Impossible event. */ | ||
378 | return 0; | ||
379 | case ICMP_FRAG_NEEDED: | ||
380 | /* And it is the only really necessary thing :-) */ | ||
381 | n = ntohs(icmp_hdr(skb)->un.frag.mtu); | ||
382 | if (n < hlen+68) | ||
383 | return 0; | ||
384 | n -= hlen; | ||
385 | /* BSD 4.2 MORE DOES NOT EXIST IN NATURE. */ | ||
386 | if (n > ntohs(eiph->tot_len)) | ||
387 | return 0; | ||
388 | rel_info = htonl(n); | ||
389 | break; | ||
390 | default: | ||
391 | /* All others are translated to HOST_UNREACH. | ||
392 | rfc2003 contains "deep thoughts" about NET_UNREACH, | ||
393 | I believe, it is just ether pollution. --ANK | ||
394 | */ | ||
395 | rel_type = ICMP_DEST_UNREACH; | ||
396 | rel_code = ICMP_HOST_UNREACH; | ||
397 | break; | ||
398 | } | ||
399 | break; | ||
400 | case ICMP_TIME_EXCEEDED: | ||
401 | if (code != ICMP_EXC_TTL) | ||
402 | return 0; | ||
403 | break; | ||
404 | } | ||
405 | |||
406 | /* Prepare fake skb to feed it to icmp_send */ | ||
407 | skb2 = skb_clone(skb, GFP_ATOMIC); | ||
408 | if (skb2 == NULL) | ||
409 | return 0; | ||
410 | dst_release(skb2->dst); | ||
411 | skb2->dst = NULL; | ||
412 | skb_pull(skb2, skb->data - (u8*)eiph); | ||
413 | skb_reset_network_header(skb2); | ||
414 | |||
415 | /* Try to guess incoming interface */ | ||
416 | memset(&fl, 0, sizeof(fl)); | ||
417 | fl.fl4_daddr = eiph->saddr; | ||
418 | fl.fl4_tos = RT_TOS(eiph->tos); | ||
419 | fl.proto = IPPROTO_IPIP; | ||
420 | if (ip_route_output_key(dev_net(skb->dev), &rt, &key)) { | ||
421 | kfree_skb(skb2); | ||
422 | return 0; | ||
423 | } | ||
424 | skb2->dev = rt->u.dst.dev; | ||
425 | |||
426 | /* route "incoming" packet */ | ||
427 | if (rt->rt_flags&RTCF_LOCAL) { | ||
428 | ip_rt_put(rt); | ||
429 | rt = NULL; | ||
430 | fl.fl4_daddr = eiph->daddr; | ||
431 | fl.fl4_src = eiph->saddr; | ||
432 | fl.fl4_tos = eiph->tos; | ||
433 | if (ip_route_output_key(dev_net(skb->dev), &rt, &fl) || | ||
434 | rt->u.dst.dev->type != ARPHRD_TUNNEL) { | ||
435 | ip_rt_put(rt); | ||
436 | kfree_skb(skb2); | ||
437 | return 0; | ||
438 | } | ||
439 | } else { | ||
440 | ip_rt_put(rt); | ||
441 | if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, skb2->dev) || | ||
442 | skb2->dst->dev->type != ARPHRD_TUNNEL) { | ||
443 | kfree_skb(skb2); | ||
444 | return 0; | ||
445 | } | ||
446 | } | ||
447 | |||
448 | /* change mtu on this route */ | ||
449 | if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) { | ||
450 | if (n > dst_mtu(skb2->dst)) { | ||
451 | kfree_skb(skb2); | ||
452 | return 0; | ||
453 | } | ||
454 | skb2->dst->ops->update_pmtu(skb2->dst, n); | ||
455 | } else if (type == ICMP_TIME_EXCEEDED) { | ||
456 | struct ip_tunnel *t = netdev_priv(skb2->dev); | ||
457 | if (t->parms.iph.ttl) { | ||
458 | rel_type = ICMP_DEST_UNREACH; | ||
459 | rel_code = ICMP_HOST_UNREACH; | ||
460 | } | ||
461 | } | ||
462 | |||
463 | icmp_send(skb2, rel_type, rel_code, rel_info); | ||
464 | kfree_skb(skb2); | ||
465 | return 0; | ||
466 | #endif | ||
467 | } | 339 | } |
468 | 340 | ||
469 | static inline void ipip_ecn_decapsulate(const struct iphdr *outer_iph, | 341 | static inline void ipip_ecn_decapsulate(const struct iphdr *outer_iph, |
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c index 5a6fab95569f..3de6ffdaedf2 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c | |||
@@ -403,9 +403,8 @@ static void ipip6_tunnel_uninit(struct net_device *dev) | |||
403 | 403 | ||
404 | static int ipip6_err(struct sk_buff *skb, u32 info) | 404 | static int ipip6_err(struct sk_buff *skb, u32 info) |
405 | { | 405 | { |
406 | #ifndef I_WISH_WORLD_WERE_PERFECT | ||
407 | 406 | ||
408 | /* It is not :-( All the routers (except for Linux) return only | 407 | /* All the routers (except for Linux) return only |
409 | 8 bytes of packet payload. It means, that precise relaying of | 408 | 8 bytes of packet payload. It means, that precise relaying of |
410 | ICMP in the real Internet is absolutely infeasible. | 409 | ICMP in the real Internet is absolutely infeasible. |
411 | */ | 410 | */ |
@@ -462,92 +461,6 @@ static int ipip6_err(struct sk_buff *skb, u32 info) | |||
462 | out: | 461 | out: |
463 | read_unlock(&ipip6_lock); | 462 | read_unlock(&ipip6_lock); |
464 | return err; | 463 | return err; |
465 | #else | ||
466 | struct iphdr *iph = (struct iphdr*)dp; | ||
467 | int hlen = iph->ihl<<2; | ||
468 | struct ipv6hdr *iph6; | ||
469 | const int type = icmp_hdr(skb)->type; | ||
470 | const int code = icmp_hdr(skb)->code; | ||
471 | int rel_type = 0; | ||
472 | int rel_code = 0; | ||
473 | int rel_info = 0; | ||
474 | struct sk_buff *skb2; | ||
475 | struct rt6_info *rt6i; | ||
476 | |||
477 | if (len < hlen + sizeof(struct ipv6hdr)) | ||
478 | return; | ||
479 | iph6 = (struct ipv6hdr*)(dp + hlen); | ||
480 | |||
481 | switch (type) { | ||
482 | default: | ||
483 | return; | ||
484 | case ICMP_PARAMETERPROB: | ||
485 | if (icmp_hdr(skb)->un.gateway < hlen) | ||
486 | return; | ||
487 | |||
488 | /* So... This guy found something strange INSIDE encapsulated | ||
489 | packet. Well, he is fool, but what can we do ? | ||
490 | */ | ||
491 | rel_type = ICMPV6_PARAMPROB; | ||
492 | rel_info = icmp_hdr(skb)->un.gateway - hlen; | ||
493 | break; | ||
494 | |||
495 | case ICMP_DEST_UNREACH: | ||
496 | switch (code) { | ||
497 | case ICMP_SR_FAILED: | ||
498 | case ICMP_PORT_UNREACH: | ||
499 | /* Impossible event. */ | ||
500 | return; | ||
501 | case ICMP_FRAG_NEEDED: | ||
502 | /* Too complicated case ... */ | ||
503 | return; | ||
504 | default: | ||
505 | /* All others are translated to HOST_UNREACH. | ||
506 | rfc2003 contains "deep thoughts" about NET_UNREACH, | ||
507 | I believe, it is just ether pollution. --ANK | ||
508 | */ | ||
509 | rel_type = ICMPV6_DEST_UNREACH; | ||
510 | rel_code = ICMPV6_ADDR_UNREACH; | ||
511 | break; | ||
512 | } | ||
513 | break; | ||
514 | case ICMP_TIME_EXCEEDED: | ||
515 | if (code != ICMP_EXC_TTL) | ||
516 | return; | ||
517 | rel_type = ICMPV6_TIME_EXCEED; | ||
518 | rel_code = ICMPV6_EXC_HOPLIMIT; | ||
519 | break; | ||
520 | } | ||
521 | |||
522 | /* Prepare fake skb to feed it to icmpv6_send */ | ||
523 | skb2 = skb_clone(skb, GFP_ATOMIC); | ||
524 | if (skb2 == NULL) | ||
525 | return 0; | ||
526 | dst_release(skb2->dst); | ||
527 | skb2->dst = NULL; | ||
528 | skb_pull(skb2, skb->data - (u8*)iph6); | ||
529 | skb_reset_network_header(skb2); | ||
530 | |||
531 | /* Try to guess incoming interface */ | ||
532 | rt6i = rt6_lookup(dev_net(skb->dev), &iph6->saddr, NULL, NULL, 0); | ||
533 | if (rt6i && rt6i->rt6i_dev) { | ||
534 | skb2->dev = rt6i->rt6i_dev; | ||
535 | |||
536 | rt6i = rt6_lookup(dev_net(skb->dev), | ||
537 | &iph6->daddr, &iph6->saddr, NULL, 0); | ||
538 | |||
539 | if (rt6i && rt6i->rt6i_dev && rt6i->rt6i_dev->type == ARPHRD_SIT) { | ||
540 | struct ip_tunnel *t = netdev_priv(rt6i->rt6i_dev); | ||
541 | if (rel_type == ICMPV6_TIME_EXCEED && t->parms.iph.ttl) { | ||
542 | rel_type = ICMPV6_DEST_UNREACH; | ||
543 | rel_code = ICMPV6_ADDR_UNREACH; | ||
544 | } | ||
545 | icmpv6_send(skb2, rel_type, rel_code, rel_info, skb2->dev); | ||
546 | } | ||
547 | } | ||
548 | kfree_skb(skb2); | ||
549 | return 0; | ||
550 | #endif | ||
551 | } | 464 | } |
552 | 465 | ||
553 | static inline void ipip6_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb) | 466 | static inline void ipip6_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb) |