[IPV6]: Fix SIOCCHGTUNNEL bug in IPv6 tunnels

[mv-sheeva.git] / net / ipv6 / ip6_tunnel.c

diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index bc77c0e1a943520fd31f4caf6b0bd5f23b1bba5f..fdf1a2fa3a3d4a4663046260642ba1f59844774c 100644 (file)
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -66,7 +66,7 @@ MODULE_LICENSE("GPL");
 
 #define HASH_SIZE  32
 
-#define HASH(addr) (((addr)->s6_addr32[0] ^ (addr)->s6_addr32[1] ^ \
+#define HASH(addr) ((__force u32)((addr)->s6_addr32[0] ^ (addr)->s6_addr32[1] ^ \
                     (addr)->s6_addr32[2] ^ (addr)->s6_addr32[3]) & \
                     (HASH_SIZE - 1))
 
@@ -215,11 +215,10 @@ ip6ip6_tnl_unlink(struct ip6_tnl *t)
  *   Create tunnel matching given parameters.
  * 
  * Return: 
- *   0 on success
+ *   created tunnel or NULL
  **/
 
-static int
-ip6_tnl_create(struct ip6_tnl_parm *p, struct ip6_tnl **pt)
+static struct ip6_tnl *ip6_tnl_create(struct ip6_tnl_parm *p)
 {
        struct net_device *dev;
        struct ip6_tnl *t;
@@ -236,11 +235,11 @@ ip6_tnl_create(struct ip6_tnl_parm *p, struct ip6_tnl **pt)
                                break;
                }
                if (i == IP6_TNL_MAX) 
-                       return -ENOBUFS;
+                       goto failed;
        }
        dev = alloc_netdev(sizeof (*t), name, ip6ip6_tnl_dev_setup);
        if (dev == NULL)
-               return -ENOMEM;
+               goto failed;
 
        t = netdev_priv(dev);
        dev->init = ip6ip6_tnl_dev_init;
@@ -248,13 +247,13 @@ ip6_tnl_create(struct ip6_tnl_parm *p, struct ip6_tnl **pt)
 
        if ((err = register_netdevice(dev)) < 0) {
                free_netdev(dev);
-               return err;
+               goto failed;
        }
        dev_hold(dev);
-
        ip6ip6_tnl_link(t);
-       *pt = t;
-       return 0;
+       return t;
+failed:
+       return NULL;
 }
 
 /**
@@ -268,32 +267,23 @@ ip6_tnl_create(struct ip6_tnl_parm *p, struct ip6_tnl **pt)
  *   tunnel device is created and registered for use.
  *
  * Return:
- *   0 if tunnel located or created,
- *   -EINVAL if parameters incorrect,
- *   -ENODEV if no matching tunnel available
+ *   matching tunnel or NULL
  **/
 
-static int
-ip6ip6_tnl_locate(struct ip6_tnl_parm *p, struct ip6_tnl **pt, int create)
+static struct ip6_tnl *ip6ip6_tnl_locate(struct ip6_tnl_parm *p, int create)
 {
        struct in6_addr *remote = &p->raddr;
        struct in6_addr *local = &p->laddr;
        struct ip6_tnl *t;
 
-       if (p->proto != IPPROTO_IPV6)
-               return -EINVAL;
-
        for (t = *ip6ip6_bucket(p); t; t = t->next) {
                if (ipv6_addr_equal(local, &t->parms.laddr) &&
-                   ipv6_addr_equal(remote, &t->parms.raddr)) {
-                       *pt = t;
-                       return (create ? -EEXIST : 0);
-               }
+                   ipv6_addr_equal(remote, &t->parms.raddr))
+                       return t;
        }
        if (!create)
-               return -ENODEV;
-       
-       return ip6_tnl_create(p, pt);
+               return NULL;
+       return ip6_tnl_create(p);
 }
 
 /**
@@ -391,7 +381,7 @@ parse_tlv_tnl_enc_lim(struct sk_buff *skb, __u8 * raw)
 
 static int
 ip6ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
-          int type, int code, int offset, __u32 info)
+          int type, int code, int offset, __be32 info)
 {
        struct ipv6hdr *ipv6h = (struct ipv6hdr *) skb->data;
        struct ip6_tnl *t;
@@ -542,6 +532,7 @@ ip6ip6_rcv(struct sk_buff *skb)
                skb->dev = t->dev;
                dst_release(skb->dst);
                skb->dst = NULL;
+               nf_reset(skb);
                if (t->parms.flags & IP6_TNL_F_RCV_DSCP_COPY)
                        ipv6_copy_dscp(ipv6h, skb->nh.ipv6h);
                ip6ip6_ecn_decapsulate(ipv6h, skb);
@@ -567,10 +558,9 @@ static inline struct ipv6_txoptions *create_tel(__u8 encap_limit)
 
        int opt_len = sizeof(*opt) + 8;
 
-       if (!(opt = kmalloc(opt_len, GFP_ATOMIC))) {
+       if (!(opt = kzalloc(opt_len, GFP_ATOMIC))) {
                return NULL;
        }
-       memset(opt, 0, opt_len);
        opt->tot_len = opt_len;
        opt->dst0opt = (struct ipv6_opt_hdr *) (opt + 1);
        opt->opt_nflen = 8;
@@ -665,9 +655,9 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
 
        dsfield = ipv6_get_dsfield(ipv6h);
        if ((t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS))
-               fl.fl6_flowlabel |= (*(__u32 *) ipv6h & IPV6_TCLASS_MASK);
+               fl.fl6_flowlabel |= (*(__be32 *) ipv6h & IPV6_TCLASS_MASK);
        if ((t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL))
-               fl.fl6_flowlabel |= (*(__u32 *) ipv6h & IPV6_FLOWLABEL_MASK);
+               fl.fl6_flowlabel |= (*(__be32 *) ipv6h & IPV6_FLOWLABEL_MASK);
 
        if (encap_limit >= 0 && (opt = create_tel(encap_limit)) == NULL)
                goto tx_err;
@@ -735,7 +725,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
 
        skb->nh.raw = skb_push(skb, sizeof(struct ipv6hdr));
        ipv6h = skb->nh.ipv6h;
-       *(u32*)ipv6h = fl.fl6_flowlabel | htonl(0x60000000);
+       *(__be32*)ipv6h = fl.fl6_flowlabel | htonl(0x60000000);
        dsfield = INET_ECN_encapsulate(0, dsfield);
        ipv6_change_dsfield(ipv6h, ~INET_ECN_MASK, dsfield);
        ipv6h->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
@@ -748,7 +738,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
        err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, 
                      skb->dst->dev, dst_output);
 
-       if (err == NET_XMIT_SUCCESS || err == NET_XMIT_CN) {
+       if (net_xmit_eval(err) == 0) {
                stats->tx_bytes += pkt_len;
                stats->tx_packets++;
        } else {
@@ -920,26 +910,20 @@ static int
 ip6ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
 {
        int err = 0;
-       int create;
        struct ip6_tnl_parm p;
        struct ip6_tnl *t = NULL;
 
        switch (cmd) {
        case SIOCGETTUNNEL:
                if (dev == ip6ip6_fb_tnl_dev) {
-                       if (copy_from_user(&p,
-                                          ifr->ifr_ifru.ifru_data,
-                                          sizeof (p))) {
+                       if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p))) {
                                err = -EFAULT;
                                break;
                        }
-                       if ((err = ip6ip6_tnl_locate(&p, &t, 0)) == -ENODEV)
-                               t = netdev_priv(dev);
-                       else if (err)
-                               break;
-               } else
+                       t = ip6ip6_tnl_locate(&p, 0);
+               }
+               if (t == NULL)
                        t = netdev_priv(dev);
-
                memcpy(&p, &t->parms, sizeof (p));
                if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof (p))) {
                        err = -EFAULT;
@@ -948,35 +932,36 @@ ip6ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
        case SIOCADDTUNNEL:
        case SIOCCHGTUNNEL:
                err = -EPERM;
-               create = (cmd == SIOCADDTUNNEL);
                if (!capable(CAP_NET_ADMIN))
                        break;
-               if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p))) {
-                       err = -EFAULT;
+               err = -EFAULT;
+               if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p)))
                        break;
-               }
-               if (!create && dev != ip6ip6_fb_tnl_dev) {
-                       t = netdev_priv(dev);
-               }
-               if (!t && (err = ip6ip6_tnl_locate(&p, &t, create))) {
+               err = -EINVAL;
+               if (p.proto != IPPROTO_IPV6)
                        break;
-               }
-               if (cmd == SIOCCHGTUNNEL) {
-                       if (t->dev != dev) {
-                               err = -EEXIST;
-                               break;
-                       }
+               t = ip6ip6_tnl_locate(&p, cmd == SIOCADDTUNNEL);
+               if (dev != ip6ip6_fb_tnl_dev && cmd == SIOCCHGTUNNEL) {
+                       if (t != NULL) {
+                               if (t->dev != dev) {
+                                       err = -EEXIST;
+                                       break;
+                               }
+                       } else
+                               t = netdev_priv(dev);
+
                        ip6ip6_tnl_unlink(t);
                        err = ip6ip6_tnl_change(t, &p);
                        ip6ip6_tnl_link(t);
                        netdev_state_change(dev);
                }
-               if (copy_to_user(ifr->ifr_ifru.ifru_data,
-                                &t->parms, sizeof (p))) {
-                       err = -EFAULT;
-               } else {
+               if (t) {
                        err = 0;
-               }
+                       if (copy_to_user(ifr->ifr_ifru.ifru_data, &t->parms, sizeof (p)))
+                               err = -EFAULT;
+
+               } else
+                       err = (cmd == SIOCADDTUNNEL ? -ENOBUFS : -ENOENT);
                break;
        case SIOCDELTUNNEL:
                err = -EPERM;
@@ -984,22 +969,18 @@ ip6ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
                        break;
 
                if (dev == ip6ip6_fb_tnl_dev) {
-                       if (copy_from_user(&p, ifr->ifr_ifru.ifru_data,
-                                          sizeof (p))) {
-                               err = -EFAULT;
+                       err = -EFAULT;
+                       if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p)))
                                break;
-                       }
-                       err = ip6ip6_tnl_locate(&p, &t, 0);
-                       if (err)
+                       err = -ENOENT;
+                       if ((t = ip6ip6_tnl_locate(&p, 0)) == NULL)
                                break;
-                       if (t == netdev_priv(ip6ip6_fb_tnl_dev)) {
-                               err = -EPERM;
+                       err = -EPERM;
+                       if (t->dev == ip6ip6_fb_tnl_dev)
                                break;
-                       }
-               } else {
-                       t = netdev_priv(dev);
+                       dev = t->dev;
                }
-               err = unregister_netdevice(t->dev);
+               err = unregister_netdevice(dev);
                break;
        default:
                err = -EINVAL;
@@ -1150,6 +1131,20 @@ fail:
        return err;
 }
 
+static void __exit ip6ip6_destroy_tunnels(void)
+{
+       int h;
+       struct ip6_tnl *t;
+
+       for (h = 0; h < HASH_SIZE; h++) {
+               while ((t = tnls_r_l[h]) != NULL)
+                       unregister_netdevice(t->dev);
+       }
+
+       t = tnls_wc[0];
+       unregister_netdevice(t->dev);
+}
+
 /**
  * ip6_tunnel_cleanup - free resources and unregister protocol
  **/
@@ -1159,7 +1154,9 @@ static void __exit ip6_tunnel_cleanup(void)
        if (xfrm6_tunnel_deregister(&ip6ip6_handler))
                printk(KERN_INFO "ip6ip6 close: can't deregister tunnel\n");
 
-       unregister_netdev(ip6ip6_fb_tnl_dev);
+       rtnl_lock();
+       ip6ip6_destroy_tunnels();
+       rtnl_unlock();
 }
 
 module_init(ip6_tunnel_init);