#include <linux/module.h>
  #include <linux/errno.h>
  #include <linux/socket.h>
  #include <linux/skbuff.h>
  #include <linux/ip.h>
  #include <linux/udp.h>
  #include <linux/types.h>
  #include <linux/kernel.h>
  #include <net/genetlink.h>

  #include <net/gue.h>

  #include <net/fou.h>

  #include <net/ip.h>

  #include <net/protocol.h>

  #include <net/udp.h>
  #include <net/udp_tunnel.h>
  #include <net/xfrm.h>
  #include <uapi/linux/fou.h>
  #include <uapi/linux/genetlink.h>

  struct fou {
  	struct socket *sock;
  	u8 protocol;

  	u8 flags;

  	__be16 port;

  	u8 family;

  	u16 type;

  	struct list_head list;

  	struct rcu_head rcu;

  };

  #define FOU_F_REMCSUM_NOPARTIAL BIT(0)

  struct fou_cfg {

  	u16 type;

  	u8 protocol;

  	u8 flags;

  	struct udp_port_cfg udp_config;
  };

  static unsigned int fou_net_id;
  
  struct fou_net {
  	struct list_head fou_list;
  	struct mutex fou_lock;
  };

  static inline struct fou *fou_from_sock(struct sock *sk)
  {
  	return sk->sk_user_data;
  }

  static int fou_recv_pull(struct sk_buff *skb, struct fou *fou, size_t len)

  {

  	/* Remove 'len' bytes from the packet (UDP header and

  	 * FOU header if present).

  	 */

  	if (fou->family == AF_INET)
  		ip_hdr(skb)->tot_len = htons(ntohs(ip_hdr(skb)->tot_len) - len);
  	else
  		ipv6_hdr(skb)->payload_len =
  		    htons(ntohs(ipv6_hdr(skb)->payload_len) - len);

  	__skb_pull(skb, len);
  	skb_postpull_rcsum(skb, udp_hdr(skb), len);
  	skb_reset_transport_header(skb);

  	return iptunnel_pull_offloads(skb);

  }
  
  static int fou_udp_recv(struct sock *sk, struct sk_buff *skb)
  {
  	struct fou *fou = fou_from_sock(sk);
  
  	if (!fou)
  		return 1;

  	if (fou_recv_pull(skb, fou, sizeof(struct udphdr)))

  		goto drop;

  
  	return -fou->protocol;

  
  drop:
  	kfree_skb(skb);
  	return 0;

  }

  static struct guehdr *gue_remcsum(struct sk_buff *skb, struct guehdr *guehdr,

  				  void *data, size_t hdrlen, u8 ipproto,
  				  bool nopartial)

  {
  	__be16 *pd = data;

  	size_t start = ntohs(pd[0]);
  	size_t offset = ntohs(pd[1]);

  	size_t plen = sizeof(struct udphdr) + hdrlen +
  	    max_t(size_t, offset + sizeof(u16), start);
  
  	if (skb->remcsum_offload)
  		return guehdr;

  	if (!pskb_may_pull(skb, plen))
  		return NULL;
  	guehdr = (struct guehdr *)&udp_hdr(skb)[1];

  	skb_remcsum_process(skb, (void *)guehdr + hdrlen,
  			    start, offset, nopartial);

  
  	return guehdr;
  }

  static int gue_control_message(struct sk_buff *skb, struct guehdr *guehdr)
  {
  	/* No support yet */
  	kfree_skb(skb);
  	return 0;

  }

  static int gue_udp_recv(struct sock *sk, struct sk_buff *skb)
  {
  	struct fou *fou = fou_from_sock(sk);

  	size_t len, optlen, hdrlen;

  	struct guehdr *guehdr;

  	void *data;

  	u16 doffset = 0;

  
  	if (!fou)
  		return 1;
  
  	len = sizeof(struct udphdr) + sizeof(struct guehdr);
  	if (!pskb_may_pull(skb, len))
  		goto drop;

  	guehdr = (struct guehdr *)&udp_hdr(skb)[1];

  	switch (guehdr->version) {
  	case 0: /* Full GUE header present */
  		break;
  
  	case 1: {
  		/* Direct encasulation of IPv4 or IPv6 */
  
  		int prot;
  
  		switch (((struct iphdr *)guehdr)->version) {
  		case 4:
  			prot = IPPROTO_IPIP;
  			break;
  		case 6:
  			prot = IPPROTO_IPV6;
  			break;
  		default:
  			goto drop;
  		}
  
  		if (fou_recv_pull(skb, fou, sizeof(struct udphdr)))
  			goto drop;
  
  		return -prot;
  	}
  
  	default: /* Undefined version */
  		goto drop;
  	}

  	optlen = guehdr->hlen << 2;
  	len += optlen;

  	if (!pskb_may_pull(skb, len))
  		goto drop;

  	/* guehdr may change after pull */
  	guehdr = (struct guehdr *)&udp_hdr(skb)[1];

  	hdrlen = sizeof(struct guehdr) + optlen;

  	if (guehdr->version != 0 || validate_gue_flags(guehdr, optlen))

  		goto drop;

  	hdrlen = sizeof(struct guehdr) + optlen;

  	if (fou->family == AF_INET)
  		ip_hdr(skb)->tot_len = htons(ntohs(ip_hdr(skb)->tot_len) - len);
  	else
  		ipv6_hdr(skb)->payload_len =
  		    htons(ntohs(ipv6_hdr(skb)->payload_len) - len);

  	/* Pull csum through the guehdr now . This can be used if
  	 * there is a remote checksum offload.
  	 */
  	skb_postpull_rcsum(skb, udp_hdr(skb), len);

  
  	data = &guehdr[1];
  
  	if (guehdr->flags & GUE_FLAG_PRIV) {

  		__be32 flags = *(__be32 *)(data + doffset);
  
  		doffset += GUE_LEN_PRIV;
  
  		if (flags & GUE_PFLAG_REMCSUM) {
  			guehdr = gue_remcsum(skb, guehdr, data + doffset,

  					     hdrlen, guehdr->proto_ctype,
  					     !!(fou->flags &
  						FOU_F_REMCSUM_NOPARTIAL));

  			if (!guehdr)
  				goto drop;
  
  			data = &guehdr[1];

  			doffset += GUE_PLEN_REMCSUM;
  		}

  	}

  	if (unlikely(guehdr->control))
  		return gue_control_message(skb, guehdr);

  	__skb_pull(skb, sizeof(struct udphdr) + hdrlen);

  	skb_reset_transport_header(skb);

  	if (iptunnel_pull_offloads(skb))
  		goto drop;

  	return -guehdr->proto_ctype;

  drop:
  	kfree_skb(skb);
  	return 0;
  }

  static struct sk_buff **fou_gro_receive(struct sock *sk,
  					struct sk_buff **head,
  					struct sk_buff *skb)

  {
  	const struct net_offload *ops;
  	struct sk_buff **pp = NULL;

  	u8 proto = fou_from_sock(sk)->protocol;

  	const struct net_offload **offloads;

  	/* We can clear the encap_mark for FOU as we are essentially doing
  	 * one of two possible things.  We are either adding an L4 tunnel
  	 * header to the outer L3 tunnel header, or we are are simply
  	 * treating the GRE tunnel header as though it is a UDP protocol
  	 * specific header such as VXLAN or GENEVE.
  	 */
  	NAPI_GRO_CB(skb)->encap_mark = 0;

  	/* Flag this frame as already having an outer encap header */
  	NAPI_GRO_CB(skb)->is_fou = 1;

  	rcu_read_lock();

  	offloads = NAPI_GRO_CB(skb)->is_ipv6 ? inet6_offloads : inet_offloads;

  	ops = rcu_dereference(offloads[proto]);
  	if (!ops || !ops->callbacks.gro_receive)
  		goto out_unlock;

  	pp = call_gro_receive(ops->callbacks.gro_receive, head, skb);

  
  out_unlock:
  	rcu_read_unlock();
  
  	return pp;
  }

  static int fou_gro_complete(struct sock *sk, struct sk_buff *skb,
  			    int nhoff)

  {
  	const struct net_offload *ops;

  	u8 proto = fou_from_sock(sk)->protocol;

  	int err = -ENOSYS;

  	const struct net_offload **offloads;

  
  	rcu_read_lock();

  	offloads = NAPI_GRO_CB(skb)->is_ipv6 ? inet6_offloads : inet_offloads;

  	ops = rcu_dereference(offloads[proto]);
  	if (WARN_ON(!ops || !ops->callbacks.gro_complete))
  		goto out_unlock;
  
  	err = ops->callbacks.gro_complete(skb, nhoff);

  	skb_set_inner_mac_header(skb, nhoff);

  out_unlock:
  	rcu_read_unlock();
  
  	return err;
  }

  static struct guehdr *gue_gro_remcsum(struct sk_buff *skb, unsigned int off,
  				      struct guehdr *guehdr, void *data,

  				      size_t hdrlen, struct gro_remcsum *grc,
  				      bool nopartial)

  {
  	__be16 *pd = data;

  	size_t start = ntohs(pd[0]);
  	size_t offset = ntohs(pd[1]);

  
  	if (skb->remcsum_offload)

  		return guehdr;

  	if (!NAPI_GRO_CB(skb)->csum_valid)

  		return NULL;

  	guehdr = skb_gro_remcsum_process(skb, (void *)guehdr, off, hdrlen,
  					 start, offset, grc, nopartial);

  
  	skb->remcsum_offload = 1;
  
  	return guehdr;
  }

  static struct sk_buff **gue_gro_receive(struct sock *sk,
  					struct sk_buff **head,
  					struct sk_buff *skb)

  {
  	const struct net_offload **offloads;
  	const struct net_offload *ops;
  	struct sk_buff **pp = NULL;
  	struct sk_buff *p;

  	struct guehdr *guehdr;

  	size_t len, optlen, hdrlen, off;
  	void *data;

  	u16 doffset = 0;

  	int flush = 1;

  	struct fou *fou = fou_from_sock(sk);

  	struct gro_remcsum grc;

  	u8 proto;

  
  	skb_gro_remcsum_init(&grc);

  
  	off = skb_gro_offset(skb);

  	len = off + sizeof(*guehdr);

  	guehdr = skb_gro_header_fast(skb, off);

  	if (skb_gro_header_hard(skb, len)) {
  		guehdr = skb_gro_header_slow(skb, len, off);

  		if (unlikely(!guehdr))
  			goto out;
  	}

  	switch (guehdr->version) {
  	case 0:
  		break;
  	case 1:
  		switch (((struct iphdr *)guehdr)->version) {
  		case 4:
  			proto = IPPROTO_IPIP;
  			break;
  		case 6:
  			proto = IPPROTO_IPV6;
  			break;
  		default:
  			goto out;
  		}
  		goto next_proto;
  	default:
  		goto out;
  	}

  	optlen = guehdr->hlen << 2;
  	len += optlen;

  	if (skb_gro_header_hard(skb, len)) {
  		guehdr = skb_gro_header_slow(skb, len, off);
  		if (unlikely(!guehdr))
  			goto out;
  	}

  	if (unlikely(guehdr->control) || guehdr->version != 0 ||
  	    validate_gue_flags(guehdr, optlen))
  		goto out;

  	hdrlen = sizeof(*guehdr) + optlen;

  	/* Adjust NAPI_GRO_CB(skb)->csum to account for guehdr,
  	 * this is needed if there is a remote checkcsum offload.
  	 */

  	skb_gro_postpull_rcsum(skb, guehdr, hdrlen);
  
  	data = &guehdr[1];
  
  	if (guehdr->flags & GUE_FLAG_PRIV) {

  		__be32 flags = *(__be32 *)(data + doffset);

  		doffset += GUE_LEN_PRIV;
  
  		if (flags & GUE_PFLAG_REMCSUM) {
  			guehdr = gue_gro_remcsum(skb, off, guehdr,

  						 data + doffset, hdrlen, &grc,

  						 !!(fou->flags &
  						    FOU_F_REMCSUM_NOPARTIAL));

  			if (!guehdr)
  				goto out;
  
  			data = &guehdr[1];
  
  			doffset += GUE_PLEN_REMCSUM;
  		}

  	}

  	skb_gro_pull(skb, hdrlen);

  	for (p = *head; p; p = p->next) {
  		const struct guehdr *guehdr2;
  
  		if (!NAPI_GRO_CB(p)->same_flow)
  			continue;
  
  		guehdr2 = (struct guehdr *)(p->data + off);
  
  		/* Compare base GUE header to be equal (covers

  		 * hlen, version, proto_ctype, and flags.

  		 */
  		if (guehdr->word != guehdr2->word) {
  			NAPI_GRO_CB(p)->same_flow = 0;
  			continue;
  		}
  
  		/* Compare optional fields are the same. */
  		if (guehdr->hlen && memcmp(&guehdr[1], &guehdr2[1],
  					   guehdr->hlen << 2)) {
  			NAPI_GRO_CB(p)->same_flow = 0;
  			continue;
  		}
  	}

  	proto = guehdr->proto_ctype;
  
  next_proto:

  	/* We can clear the encap_mark for GUE as we are essentially doing
  	 * one of two possible things.  We are either adding an L4 tunnel
  	 * header to the outer L3 tunnel header, or we are are simply
  	 * treating the GRE tunnel header as though it is a UDP protocol
  	 * specific header such as VXLAN or GENEVE.
  	 */
  	NAPI_GRO_CB(skb)->encap_mark = 0;

  	/* Flag this frame as already having an outer encap header */
  	NAPI_GRO_CB(skb)->is_fou = 1;

  	rcu_read_lock();
  	offloads = NAPI_GRO_CB(skb)->is_ipv6 ? inet6_offloads : inet_offloads;

  	ops = rcu_dereference(offloads[proto]);

  	if (WARN_ON_ONCE(!ops || !ops->callbacks.gro_receive))

  		goto out_unlock;

  	pp = call_gro_receive(ops->callbacks.gro_receive, head, skb);

  	flush = 0;

  
  out_unlock:
  	rcu_read_unlock();
  out:

  	skb_gro_flush_final_remcsum(skb, pp, flush, &grc);

  
  	return pp;
  }

  static int gue_gro_complete(struct sock *sk, struct sk_buff *skb, int nhoff)

  {
  	const struct net_offload **offloads;
  	struct guehdr *guehdr = (struct guehdr *)(skb->data + nhoff);
  	const struct net_offload *ops;

  	unsigned int guehlen = 0;

  	u8 proto;
  	int err = -ENOENT;

  	switch (guehdr->version) {
  	case 0:
  		proto = guehdr->proto_ctype;
  		guehlen = sizeof(*guehdr) + (guehdr->hlen << 2);
  		break;
  	case 1:
  		switch (((struct iphdr *)guehdr)->version) {
  		case 4:
  			proto = IPPROTO_IPIP;
  			break;
  		case 6:
  			proto = IPPROTO_IPV6;
  			break;
  		default:
  			return err;
  		}
  		break;
  	default:
  		return err;
  	}

  
  	rcu_read_lock();
  	offloads = NAPI_GRO_CB(skb)->is_ipv6 ? inet6_offloads : inet_offloads;
  	ops = rcu_dereference(offloads[proto]);
  	if (WARN_ON(!ops || !ops->callbacks.gro_complete))
  		goto out_unlock;
  
  	err = ops->callbacks.gro_complete(skb, nhoff + guehlen);

  	skb_set_inner_mac_header(skb, nhoff + guehlen);

  out_unlock:
  	rcu_read_unlock();
  	return err;
  }

  static int fou_add_to_port_list(struct net *net, struct fou *fou)

  {

  	struct fou_net *fn = net_generic(net, fou_net_id);

  	struct fou *fout;

  	mutex_lock(&fn->fou_lock);
  	list_for_each_entry(fout, &fn->fou_list, list) {

  		if (fou->port == fout->port &&
  		    fou->family == fout->family) {

  			mutex_unlock(&fn->fou_lock);

  			return -EALREADY;
  		}
  	}

  	list_add(&fou->list, &fn->fou_list);
  	mutex_unlock(&fn->fou_lock);

  
  	return 0;
  }
  
  static void fou_release(struct fou *fou)
  {
  	struct socket *sock = fou->sock;

  	list_del(&fou->list);

  	udp_tunnel_sock_release(sock);

  	kfree_rcu(fou, rcu);

  }
  
  static int fou_create(struct net *net, struct fou_cfg *cfg,
  		      struct socket **sockp)
  {

  	struct socket *sock = NULL;

  	struct fou *fou = NULL;

  	struct sock *sk;

  	struct udp_tunnel_sock_cfg tunnel_cfg;

  	int err;

  
  	/* Open UDP socket */
  	err = udp_sock_create(net, &cfg->udp_config, &sock);
  	if (err < 0)
  		goto error;
  
  	/* Allocate FOU port structure */
  	fou = kzalloc(sizeof(*fou), GFP_KERNEL);
  	if (!fou) {
  		err = -ENOMEM;
  		goto error;
  	}
  
  	sk = sock->sk;

  	fou->port = cfg->udp_config.local_udp_port;

  	fou->family = cfg->udp_config.family;
  	fou->flags = cfg->flags;

  	fou->type = cfg->type;
  	fou->sock = sock;
  
  	memset(&tunnel_cfg, 0, sizeof(tunnel_cfg));
  	tunnel_cfg.encap_type = 1;
  	tunnel_cfg.sk_user_data = fou;
  	tunnel_cfg.encap_destroy = NULL;

  
  	/* Initial for fou type */
  	switch (cfg->type) {
  	case FOU_ENCAP_DIRECT:

  		tunnel_cfg.encap_rcv = fou_udp_recv;
  		tunnel_cfg.gro_receive = fou_gro_receive;
  		tunnel_cfg.gro_complete = fou_gro_complete;
  		fou->protocol = cfg->protocol;

  		break;
  	case FOU_ENCAP_GUE:

  		tunnel_cfg.encap_rcv = gue_udp_recv;
  		tunnel_cfg.gro_receive = gue_gro_receive;
  		tunnel_cfg.gro_complete = gue_gro_complete;

  		break;
  	default:
  		err = -EINVAL;
  		goto error;
  	}

  	setup_udp_tunnel_sock(net, sock, &tunnel_cfg);

  
  	sk->sk_allocation = GFP_ATOMIC;

  	err = fou_add_to_port_list(net, fou);

  	if (err)
  		goto error;
  
  	if (sockp)
  		*sockp = sock;
  
  	return 0;
  
  error:
  	kfree(fou);
  	if (sock)

  		udp_tunnel_sock_release(sock);

  
  	return err;
  }
  
  static int fou_destroy(struct net *net, struct fou_cfg *cfg)
  {

  	struct fou_net *fn = net_generic(net, fou_net_id);

  	__be16 port = cfg->udp_config.local_udp_port;

  	u8 family = cfg->udp_config.family;

  	int err = -EINVAL;

  	struct fou *fou;

  	mutex_lock(&fn->fou_lock);
  	list_for_each_entry(fou, &fn->fou_list, list) {

  		if (fou->port == port && fou->family == family) {

  			fou_release(fou);
  			err = 0;
  			break;
  		}
  	}

  	mutex_unlock(&fn->fou_lock);

  
  	return err;
  }

  static struct genl_family fou_nl_family;

  static const struct nla_policy fou_nl_policy[FOU_ATTR_MAX + 1] = {

  	[FOU_ATTR_PORT] = { .type = NLA_U16, },
  	[FOU_ATTR_AF] = { .type = NLA_U8, },
  	[FOU_ATTR_IPPROTO] = { .type = NLA_U8, },

  	[FOU_ATTR_TYPE] = { .type = NLA_U8, },

  	[FOU_ATTR_REMCSUM_NOPARTIAL] = { .type = NLA_FLAG, },

  };
  
  static int parse_nl_config(struct genl_info *info,
  			   struct fou_cfg *cfg)
  {
  	memset(cfg, 0, sizeof(*cfg));
  
  	cfg->udp_config.family = AF_INET;
  
  	if (info->attrs[FOU_ATTR_AF]) {
  		u8 family = nla_get_u8(info->attrs[FOU_ATTR_AF]);

  		switch (family) {
  		case AF_INET:
  			break;
  		case AF_INET6:
  			cfg->udp_config.ipv6_v6only = 1;
  			break;
  		default:
  			return -EAFNOSUPPORT;
  		}

  
  		cfg->udp_config.family = family;
  	}
  
  	if (info->attrs[FOU_ATTR_PORT]) {

  		__be16 port = nla_get_be16(info->attrs[FOU_ATTR_PORT]);

  
  		cfg->udp_config.local_udp_port = port;
  	}
  
  	if (info->attrs[FOU_ATTR_IPPROTO])
  		cfg->protocol = nla_get_u8(info->attrs[FOU_ATTR_IPPROTO]);

  	if (info->attrs[FOU_ATTR_TYPE])
  		cfg->type = nla_get_u8(info->attrs[FOU_ATTR_TYPE]);

  	if (info->attrs[FOU_ATTR_REMCSUM_NOPARTIAL])
  		cfg->flags |= FOU_F_REMCSUM_NOPARTIAL;

  	return 0;
  }
  
  static int fou_nl_cmd_add_port(struct sk_buff *skb, struct genl_info *info)
  {

  	struct net *net = genl_info_net(info);

  	struct fou_cfg cfg;
  	int err;
  
  	err = parse_nl_config(info, &cfg);
  	if (err)
  		return err;

  	return fou_create(net, &cfg, NULL);

  }
  
  static int fou_nl_cmd_rm_port(struct sk_buff *skb, struct genl_info *info)
  {

  	struct net *net = genl_info_net(info);

  	struct fou_cfg cfg;

  	int err;

  	err = parse_nl_config(info, &cfg);
  	if (err)
  		return err;

  	return fou_destroy(net, &cfg);

  }

  static int fou_fill_info(struct fou *fou, struct sk_buff *msg)
  {
  	if (nla_put_u8(msg, FOU_ATTR_AF, fou->sock->sk->sk_family) ||
  	    nla_put_be16(msg, FOU_ATTR_PORT, fou->port) ||
  	    nla_put_u8(msg, FOU_ATTR_IPPROTO, fou->protocol) ||
  	    nla_put_u8(msg, FOU_ATTR_TYPE, fou->type))
  		return -1;
  
  	if (fou->flags & FOU_F_REMCSUM_NOPARTIAL)
  		if (nla_put_flag(msg, FOU_ATTR_REMCSUM_NOPARTIAL))
  			return -1;
  	return 0;
  }
  
  static int fou_dump_info(struct fou *fou, u32 portid, u32 seq,
  			 u32 flags, struct sk_buff *skb, u8 cmd)
  {
  	void *hdr;
  
  	hdr = genlmsg_put(skb, portid, seq, &fou_nl_family, flags, cmd);
  	if (!hdr)
  		return -ENOMEM;
  
  	if (fou_fill_info(fou, skb) < 0)
  		goto nla_put_failure;
  
  	genlmsg_end(skb, hdr);
  	return 0;
  
  nla_put_failure:
  	genlmsg_cancel(skb, hdr);
  	return -EMSGSIZE;
  }
  
  static int fou_nl_cmd_get_port(struct sk_buff *skb, struct genl_info *info)
  {
  	struct net *net = genl_info_net(info);
  	struct fou_net *fn = net_generic(net, fou_net_id);
  	struct sk_buff *msg;
  	struct fou_cfg cfg;
  	struct fou *fout;
  	__be16 port;

  	u8 family;

  	int ret;
  
  	ret = parse_nl_config(info, &cfg);
  	if (ret)
  		return ret;
  	port = cfg.udp_config.local_udp_port;
  	if (port == 0)
  		return -EINVAL;

  	family = cfg.udp_config.family;
  	if (family != AF_INET && family != AF_INET6)
  		return -EINVAL;

  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
  	if (!msg)
  		return -ENOMEM;
  
  	ret = -ESRCH;
  	mutex_lock(&fn->fou_lock);
  	list_for_each_entry(fout, &fn->fou_list, list) {

  		if (port == fout->port && family == fout->family) {

  			ret = fou_dump_info(fout, info->snd_portid,
  					    info->snd_seq, 0, msg,
  					    info->genlhdr->cmd);
  			break;
  		}
  	}
  	mutex_unlock(&fn->fou_lock);
  	if (ret < 0)
  		goto out_free;
  
  	return genlmsg_reply(msg, info);
  
  out_free:
  	nlmsg_free(msg);
  	return ret;
  }
  
  static int fou_nl_dump(struct sk_buff *skb, struct netlink_callback *cb)
  {
  	struct net *net = sock_net(skb->sk);
  	struct fou_net *fn = net_generic(net, fou_net_id);
  	struct fou *fout;
  	int idx = 0, ret;
  
  	mutex_lock(&fn->fou_lock);
  	list_for_each_entry(fout, &fn->fou_list, list) {
  		if (idx++ < cb->args[0])
  			continue;
  		ret = fou_dump_info(fout, NETLINK_CB(cb->skb).portid,
  				    cb->nlh->nlmsg_seq, NLM_F_MULTI,
  				    skb, FOU_CMD_GET);
  		if (ret)

  			break;

  	}
  	mutex_unlock(&fn->fou_lock);

  	cb->args[0] = idx;
  	return skb->len;
  }

  static const struct genl_ops fou_nl_ops[] = {
  	{
  		.cmd = FOU_CMD_ADD,
  		.doit = fou_nl_cmd_add_port,
  		.policy = fou_nl_policy,
  		.flags = GENL_ADMIN_PERM,
  	},
  	{
  		.cmd = FOU_CMD_DEL,
  		.doit = fou_nl_cmd_rm_port,
  		.policy = fou_nl_policy,
  		.flags = GENL_ADMIN_PERM,
  	},

  	{
  		.cmd = FOU_CMD_GET,
  		.doit = fou_nl_cmd_get_port,
  		.dumpit = fou_nl_dump,
  		.policy = fou_nl_policy,
  	},

  };

  static struct genl_family fou_nl_family __ro_after_init = {

  	.hdrsize	= 0,
  	.name		= FOU_GENL_NAME,
  	.version	= FOU_GENL_VERSION,
  	.maxattr	= FOU_ATTR_MAX,
  	.netnsok	= true,
  	.module		= THIS_MODULE,
  	.ops		= fou_nl_ops,
  	.n_ops		= ARRAY_SIZE(fou_nl_ops),
  };

  size_t fou_encap_hlen(struct ip_tunnel_encap *e)
  {
  	return sizeof(struct udphdr);
  }
  EXPORT_SYMBOL(fou_encap_hlen);
  
  size_t gue_encap_hlen(struct ip_tunnel_encap *e)
  {
  	size_t len;
  	bool need_priv = false;
  
  	len = sizeof(struct udphdr) + sizeof(struct guehdr);
  
  	if (e->flags & TUNNEL_ENCAP_FLAG_REMCSUM) {
  		len += GUE_PLEN_REMCSUM;
  		need_priv = true;
  	}
  
  	len += need_priv ? GUE_LEN_PRIV : 0;
  
  	return len;
  }
  EXPORT_SYMBOL(gue_encap_hlen);

  int __fou_build_header(struct sk_buff *skb, struct ip_tunnel_encap *e,
  		       u8 *protocol, __be16 *sport, int type)
  {
  	int err;
  
  	err = iptunnel_handle_offloads(skb, type);
  	if (err)
  		return err;
  
  	*sport = e->sport ? : udp_flow_src_port(dev_net(skb->dev),
  						skb, 0, 0, false);
  
  	return 0;
  }
  EXPORT_SYMBOL(__fou_build_header);

  int __gue_build_header(struct sk_buff *skb, struct ip_tunnel_encap *e,
  		       u8 *protocol, __be16 *sport, int type)

  {

  	struct guehdr *guehdr;

  	size_t hdrlen, optlen = 0;

  	void *data;
  	bool need_priv = false;

  	int err;

  	if ((e->flags & TUNNEL_ENCAP_FLAG_REMCSUM) &&
  	    skb->ip_summed == CHECKSUM_PARTIAL) {

  		optlen += GUE_PLEN_REMCSUM;
  		type |= SKB_GSO_TUNNEL_REMCSUM;
  		need_priv = true;
  	}

  	optlen += need_priv ? GUE_LEN_PRIV : 0;

  	err = iptunnel_handle_offloads(skb, type);
  	if (err)
  		return err;

  
  	/* Get source port (based on flow hash) before skb_push */

  	*sport = e->sport ? : udp_flow_src_port(dev_net(skb->dev),
  						skb, 0, 0, false);

  	hdrlen = sizeof(struct guehdr) + optlen;
  
  	skb_push(skb, hdrlen);

  
  	guehdr = (struct guehdr *)skb->data;

  	guehdr->control = 0;

  	guehdr->version = 0;

  	guehdr->hlen = optlen >> 2;

  	guehdr->flags = 0;

  	guehdr->proto_ctype = *protocol;
  
  	data = &guehdr[1];
  
  	if (need_priv) {
  		__be32 *flags = data;
  
  		guehdr->flags |= GUE_FLAG_PRIV;
  		*flags = 0;
  		data += GUE_LEN_PRIV;

  		if (type & SKB_GSO_TUNNEL_REMCSUM) {
  			u16 csum_start = skb_checksum_start_offset(skb);
  			__be16 *pd = data;
  
  			if (csum_start < hdrlen)
  				return -EINVAL;
  
  			csum_start -= hdrlen;
  			pd[0] = htons(csum_start);
  			pd[1] = htons(csum_start + skb->csum_offset);
  
  			if (!skb_is_gso(skb)) {
  				skb->ip_summed = CHECKSUM_NONE;
  				skb->encapsulation = 0;
  			}
  
  			*flags |= GUE_PFLAG_REMCSUM;
  			data += GUE_PLEN_REMCSUM;
  		}

  	}

  	return 0;
  }
  EXPORT_SYMBOL(__gue_build_header);

  #ifdef CONFIG_NET_FOU_IP_TUNNELS
  
  static void fou_build_udp(struct sk_buff *skb, struct ip_tunnel_encap *e,
  			  struct flowi4 *fl4, u8 *protocol, __be16 sport)
  {
  	struct udphdr *uh;
  
  	skb_push(skb, sizeof(struct udphdr));
  	skb_reset_transport_header(skb);
  
  	uh = udp_hdr(skb);
  
  	uh->dest = e->dport;
  	uh->source = sport;
  	uh->len = htons(skb->len);
  	udp_set_csum(!(e->flags & TUNNEL_ENCAP_FLAG_CSUM), skb,
  		     fl4->saddr, fl4->daddr, skb->len);
  
  	*protocol = IPPROTO_UDP;
  }
  
  static int fou_build_header(struct sk_buff *skb, struct ip_tunnel_encap *e,
  			    u8 *protocol, struct flowi4 *fl4)
  {
  	int type = e->flags & TUNNEL_ENCAP_FLAG_CSUM ? SKB_GSO_UDP_TUNNEL_CSUM :
  						       SKB_GSO_UDP_TUNNEL;
  	__be16 sport;
  	int err;
  
  	err = __fou_build_header(skb, e, protocol, &sport, type);
  	if (err)
  		return err;
  
  	fou_build_udp(skb, e, fl4, protocol, sport);
  
  	return 0;
  }
  
  static int gue_build_header(struct sk_buff *skb, struct ip_tunnel_encap *e,
  			    u8 *protocol, struct flowi4 *fl4)

  {
  	int type = e->flags & TUNNEL_ENCAP_FLAG_CSUM ? SKB_GSO_UDP_TUNNEL_CSUM :
  						       SKB_GSO_UDP_TUNNEL;
  	__be16 sport;
  	int err;
  
  	err = __gue_build_header(skb, e, protocol, &sport, type);
  	if (err)
  		return err;

  	fou_build_udp(skb, e, fl4, protocol, sport);
  
  	return 0;
  }

  static const struct ip_tunnel_encap_ops fou_iptun_ops = {

  	.encap_hlen = fou_encap_hlen,
  	.build_header = fou_build_header,
  };

  static const struct ip_tunnel_encap_ops gue_iptun_ops = {

  	.encap_hlen = gue_encap_hlen,
  	.build_header = gue_build_header,
  };
  
  static int ip_tunnel_encap_add_fou_ops(void)
  {
  	int ret;
  
  	ret = ip_tunnel_encap_add_ops(&fou_iptun_ops, TUNNEL_ENCAP_FOU);
  	if (ret < 0) {
  		pr_err("can't add fou ops
  ");
  		return ret;
  	}
  
  	ret = ip_tunnel_encap_add_ops(&gue_iptun_ops, TUNNEL_ENCAP_GUE);
  	if (ret < 0) {
  		pr_err("can't add gue ops
  ");
  		ip_tunnel_encap_del_ops(&fou_iptun_ops, TUNNEL_ENCAP_FOU);
  		return ret;
  	}
  
  	return 0;
  }
  
  static void ip_tunnel_encap_del_fou_ops(void)
  {
  	ip_tunnel_encap_del_ops(&fou_iptun_ops, TUNNEL_ENCAP_FOU);
  	ip_tunnel_encap_del_ops(&gue_iptun_ops, TUNNEL_ENCAP_GUE);
  }
  
  #else
  
  static int ip_tunnel_encap_add_fou_ops(void)
  {
  	return 0;
  }

  static void ip_tunnel_encap_del_fou_ops(void)

  {
  }
  
  #endif

  static __net_init int fou_init_net(struct net *net)
  {
  	struct fou_net *fn = net_generic(net, fou_net_id);
  
  	INIT_LIST_HEAD(&fn->fou_list);
  	mutex_init(&fn->fou_lock);
  	return 0;
  }
  
  static __net_exit void fou_exit_net(struct net *net)
  {
  	struct fou_net *fn = net_generic(net, fou_net_id);
  	struct fou *fou, *next;
  
  	/* Close all the FOU sockets */
  	mutex_lock(&fn->fou_lock);
  	list_for_each_entry_safe(fou, next, &fn->fou_list, list)
  		fou_release(fou);
  	mutex_unlock(&fn->fou_lock);
  }
  
  static struct pernet_operations fou_net_ops = {
  	.init = fou_init_net,
  	.exit = fou_exit_net,
  	.id   = &fou_net_id,
  	.size = sizeof(struct fou_net),
  };

  static int __init fou_init(void)
  {
  	int ret;

  	ret = register_pernet_device(&fou_net_ops);
  	if (ret)
  		goto exit;

  	ret = genl_register_family(&fou_nl_family);

  	if (ret < 0)

  		goto unregister;

  
  	ret = ip_tunnel_encap_add_fou_ops();

  	if (ret == 0)
  		return 0;

  	genl_unregister_family(&fou_nl_family);
  unregister:
  	unregister_pernet_device(&fou_net_ops);

  exit:

  	return ret;
  }
  
  static void __exit fou_fini(void)
  {

  	ip_tunnel_encap_del_fou_ops();

  	genl_unregister_family(&fou_nl_family);

  	unregister_pernet_device(&fou_net_ops);

  }
  
  module_init(fou_init);
  module_exit(fou_fini);
  MODULE_AUTHOR("Tom Herbert <therbert@google.com>");
  MODULE_LICENSE("GPL");