0001
0002
0003
0004
0005
0006
0007
0008
0009 #include <linux/kernel.h>
0010 #include <linux/slab.h>
0011 #include <linux/etherdevice.h>
0012 #include <linux/rhashtable.h>
0013 #include <net/rtnetlink.h>
0014 #include <net/net_namespace.h>
0015 #include <net/sock.h>
0016 #include <net/vxlan.h>
0017
0018 #include "vxlan_private.h"
0019
0020 static inline int vxlan_vni_cmp(struct rhashtable_compare_arg *arg,
0021 const void *ptr)
0022 {
0023 const struct vxlan_vni_node *vnode = ptr;
0024 __be32 vni = *(__be32 *)arg->key;
0025
0026 return vnode->vni != vni;
0027 }
0028
0029 const struct rhashtable_params vxlan_vni_rht_params = {
0030 .head_offset = offsetof(struct vxlan_vni_node, vnode),
0031 .key_offset = offsetof(struct vxlan_vni_node, vni),
0032 .key_len = sizeof(__be32),
0033 .nelem_hint = 3,
0034 .max_size = VXLAN_N_VID,
0035 .obj_cmpfn = vxlan_vni_cmp,
0036 .automatic_shrinking = true,
0037 };
0038
0039 static void vxlan_vs_add_del_vninode(struct vxlan_dev *vxlan,
0040 struct vxlan_vni_node *v,
0041 bool del)
0042 {
0043 struct vxlan_net *vn = net_generic(vxlan->net, vxlan_net_id);
0044 struct vxlan_dev_node *node;
0045 struct vxlan_sock *vs;
0046
0047 spin_lock(&vn->sock_lock);
0048 if (del) {
0049 if (!hlist_unhashed(&v->hlist4.hlist))
0050 hlist_del_init_rcu(&v->hlist4.hlist);
0051 #if IS_ENABLED(CONFIG_IPV6)
0052 if (!hlist_unhashed(&v->hlist6.hlist))
0053 hlist_del_init_rcu(&v->hlist6.hlist);
0054 #endif
0055 goto out;
0056 }
0057
0058 #if IS_ENABLED(CONFIG_IPV6)
0059 vs = rtnl_dereference(vxlan->vn6_sock);
0060 if (vs && v) {
0061 node = &v->hlist6;
0062 hlist_add_head_rcu(&node->hlist, vni_head(vs, v->vni));
0063 }
0064 #endif
0065 vs = rtnl_dereference(vxlan->vn4_sock);
0066 if (vs && v) {
0067 node = &v->hlist4;
0068 hlist_add_head_rcu(&node->hlist, vni_head(vs, v->vni));
0069 }
0070 out:
0071 spin_unlock(&vn->sock_lock);
0072 }
0073
0074 void vxlan_vs_add_vnigrp(struct vxlan_dev *vxlan,
0075 struct vxlan_sock *vs,
0076 bool ipv6)
0077 {
0078 struct vxlan_net *vn = net_generic(vxlan->net, vxlan_net_id);
0079 struct vxlan_vni_group *vg = rtnl_dereference(vxlan->vnigrp);
0080 struct vxlan_vni_node *v, *tmp;
0081 struct vxlan_dev_node *node;
0082
0083 if (!vg)
0084 return;
0085
0086 spin_lock(&vn->sock_lock);
0087 list_for_each_entry_safe(v, tmp, &vg->vni_list, vlist) {
0088 #if IS_ENABLED(CONFIG_IPV6)
0089 if (ipv6)
0090 node = &v->hlist6;
0091 else
0092 #endif
0093 node = &v->hlist4;
0094 node->vxlan = vxlan;
0095 hlist_add_head_rcu(&node->hlist, vni_head(vs, v->vni));
0096 }
0097 spin_unlock(&vn->sock_lock);
0098 }
0099
0100 void vxlan_vs_del_vnigrp(struct vxlan_dev *vxlan)
0101 {
0102 struct vxlan_vni_group *vg = rtnl_dereference(vxlan->vnigrp);
0103 struct vxlan_net *vn = net_generic(vxlan->net, vxlan_net_id);
0104 struct vxlan_vni_node *v, *tmp;
0105
0106 if (!vg)
0107 return;
0108
0109 spin_lock(&vn->sock_lock);
0110 list_for_each_entry_safe(v, tmp, &vg->vni_list, vlist) {
0111 hlist_del_init_rcu(&v->hlist4.hlist);
0112 #if IS_ENABLED(CONFIG_IPV6)
0113 hlist_del_init_rcu(&v->hlist6.hlist);
0114 #endif
0115 }
0116 spin_unlock(&vn->sock_lock);
0117 }
0118
0119 static void vxlan_vnifilter_stats_get(const struct vxlan_vni_node *vninode,
0120 struct vxlan_vni_stats *dest)
0121 {
0122 int i;
0123
0124 memset(dest, 0, sizeof(*dest));
0125 for_each_possible_cpu(i) {
0126 struct vxlan_vni_stats_pcpu *pstats;
0127 struct vxlan_vni_stats temp;
0128 unsigned int start;
0129
0130 pstats = per_cpu_ptr(vninode->stats, i);
0131 do {
0132 start = u64_stats_fetch_begin_irq(&pstats->syncp);
0133 memcpy(&temp, &pstats->stats, sizeof(temp));
0134 } while (u64_stats_fetch_retry_irq(&pstats->syncp, start));
0135
0136 dest->rx_packets += temp.rx_packets;
0137 dest->rx_bytes += temp.rx_bytes;
0138 dest->rx_drops += temp.rx_drops;
0139 dest->rx_errors += temp.rx_errors;
0140 dest->tx_packets += temp.tx_packets;
0141 dest->tx_bytes += temp.tx_bytes;
0142 dest->tx_drops += temp.tx_drops;
0143 dest->tx_errors += temp.tx_errors;
0144 }
0145 }
0146
0147 static void vxlan_vnifilter_stats_add(struct vxlan_vni_node *vninode,
0148 int type, unsigned int len)
0149 {
0150 struct vxlan_vni_stats_pcpu *pstats = this_cpu_ptr(vninode->stats);
0151
0152 u64_stats_update_begin(&pstats->syncp);
0153 switch (type) {
0154 case VXLAN_VNI_STATS_RX:
0155 pstats->stats.rx_bytes += len;
0156 pstats->stats.rx_packets++;
0157 break;
0158 case VXLAN_VNI_STATS_RX_DROPS:
0159 pstats->stats.rx_drops++;
0160 break;
0161 case VXLAN_VNI_STATS_RX_ERRORS:
0162 pstats->stats.rx_errors++;
0163 break;
0164 case VXLAN_VNI_STATS_TX:
0165 pstats->stats.tx_bytes += len;
0166 pstats->stats.tx_packets++;
0167 break;
0168 case VXLAN_VNI_STATS_TX_DROPS:
0169 pstats->stats.tx_drops++;
0170 break;
0171 case VXLAN_VNI_STATS_TX_ERRORS:
0172 pstats->stats.tx_errors++;
0173 break;
0174 }
0175 u64_stats_update_end(&pstats->syncp);
0176 }
0177
0178 void vxlan_vnifilter_count(struct vxlan_dev *vxlan, __be32 vni,
0179 struct vxlan_vni_node *vninode,
0180 int type, unsigned int len)
0181 {
0182 struct vxlan_vni_node *vnode;
0183
0184 if (!(vxlan->cfg.flags & VXLAN_F_VNIFILTER))
0185 return;
0186
0187 if (vninode) {
0188 vnode = vninode;
0189 } else {
0190 vnode = vxlan_vnifilter_lookup(vxlan, vni);
0191 if (!vnode)
0192 return;
0193 }
0194
0195 vxlan_vnifilter_stats_add(vnode, type, len);
0196 }
0197
0198 static u32 vnirange(struct vxlan_vni_node *vbegin,
0199 struct vxlan_vni_node *vend)
0200 {
0201 return (be32_to_cpu(vend->vni) - be32_to_cpu(vbegin->vni));
0202 }
0203
0204 static size_t vxlan_vnifilter_entry_nlmsg_size(void)
0205 {
0206 return NLMSG_ALIGN(sizeof(struct tunnel_msg))
0207 + nla_total_size(0)
0208 + nla_total_size(sizeof(u32))
0209 + nla_total_size(sizeof(u32))
0210 + nla_total_size(sizeof(struct in6_addr));
0211 }
0212
0213 static int __vnifilter_entry_fill_stats(struct sk_buff *skb,
0214 const struct vxlan_vni_node *vbegin)
0215 {
0216 struct vxlan_vni_stats vstats;
0217 struct nlattr *vstats_attr;
0218
0219 vstats_attr = nla_nest_start(skb, VXLAN_VNIFILTER_ENTRY_STATS);
0220 if (!vstats_attr)
0221 goto out_stats_err;
0222
0223 vxlan_vnifilter_stats_get(vbegin, &vstats);
0224 if (nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_RX_BYTES,
0225 vstats.rx_bytes, VNIFILTER_ENTRY_STATS_PAD) ||
0226 nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_RX_PKTS,
0227 vstats.rx_packets, VNIFILTER_ENTRY_STATS_PAD) ||
0228 nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_RX_DROPS,
0229 vstats.rx_drops, VNIFILTER_ENTRY_STATS_PAD) ||
0230 nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_RX_ERRORS,
0231 vstats.rx_errors, VNIFILTER_ENTRY_STATS_PAD) ||
0232 nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_TX_BYTES,
0233 vstats.tx_bytes, VNIFILTER_ENTRY_STATS_PAD) ||
0234 nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_TX_PKTS,
0235 vstats.tx_packets, VNIFILTER_ENTRY_STATS_PAD) ||
0236 nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_TX_DROPS,
0237 vstats.tx_drops, VNIFILTER_ENTRY_STATS_PAD) ||
0238 nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_TX_ERRORS,
0239 vstats.tx_errors, VNIFILTER_ENTRY_STATS_PAD))
0240 goto out_stats_err;
0241
0242 nla_nest_end(skb, vstats_attr);
0243
0244 return 0;
0245
0246 out_stats_err:
0247 nla_nest_cancel(skb, vstats_attr);
0248 return -EMSGSIZE;
0249 }
0250
0251 static bool vxlan_fill_vni_filter_entry(struct sk_buff *skb,
0252 struct vxlan_vni_node *vbegin,
0253 struct vxlan_vni_node *vend,
0254 bool fill_stats)
0255 {
0256 struct nlattr *ventry;
0257 u32 vs = be32_to_cpu(vbegin->vni);
0258 u32 ve = 0;
0259
0260 if (vbegin != vend)
0261 ve = be32_to_cpu(vend->vni);
0262
0263 ventry = nla_nest_start(skb, VXLAN_VNIFILTER_ENTRY);
0264 if (!ventry)
0265 return false;
0266
0267 if (nla_put_u32(skb, VXLAN_VNIFILTER_ENTRY_START, vs))
0268 goto out_err;
0269
0270 if (ve && nla_put_u32(skb, VXLAN_VNIFILTER_ENTRY_END, ve))
0271 goto out_err;
0272
0273 if (!vxlan_addr_any(&vbegin->remote_ip)) {
0274 if (vbegin->remote_ip.sa.sa_family == AF_INET) {
0275 if (nla_put_in_addr(skb, VXLAN_VNIFILTER_ENTRY_GROUP,
0276 vbegin->remote_ip.sin.sin_addr.s_addr))
0277 goto out_err;
0278 #if IS_ENABLED(CONFIG_IPV6)
0279 } else {
0280 if (nla_put_in6_addr(skb, VXLAN_VNIFILTER_ENTRY_GROUP6,
0281 &vbegin->remote_ip.sin6.sin6_addr))
0282 goto out_err;
0283 #endif
0284 }
0285 }
0286
0287 if (fill_stats && __vnifilter_entry_fill_stats(skb, vbegin))
0288 goto out_err;
0289
0290 nla_nest_end(skb, ventry);
0291
0292 return true;
0293
0294 out_err:
0295 nla_nest_cancel(skb, ventry);
0296
0297 return false;
0298 }
0299
0300 static void vxlan_vnifilter_notify(const struct vxlan_dev *vxlan,
0301 struct vxlan_vni_node *vninode, int cmd)
0302 {
0303 struct tunnel_msg *tmsg;
0304 struct sk_buff *skb;
0305 struct nlmsghdr *nlh;
0306 struct net *net = dev_net(vxlan->dev);
0307 int err = -ENOBUFS;
0308
0309 skb = nlmsg_new(vxlan_vnifilter_entry_nlmsg_size(), GFP_KERNEL);
0310 if (!skb)
0311 goto out_err;
0312
0313 err = -EMSGSIZE;
0314 nlh = nlmsg_put(skb, 0, 0, cmd, sizeof(*tmsg), 0);
0315 if (!nlh)
0316 goto out_err;
0317 tmsg = nlmsg_data(nlh);
0318 memset(tmsg, 0, sizeof(*tmsg));
0319 tmsg->family = AF_BRIDGE;
0320 tmsg->ifindex = vxlan->dev->ifindex;
0321
0322 if (!vxlan_fill_vni_filter_entry(skb, vninode, vninode, false))
0323 goto out_err;
0324
0325 nlmsg_end(skb, nlh);
0326 rtnl_notify(skb, net, 0, RTNLGRP_TUNNEL, NULL, GFP_KERNEL);
0327
0328 return;
0329
0330 out_err:
0331 rtnl_set_sk_err(net, RTNLGRP_TUNNEL, err);
0332
0333 kfree_skb(skb);
0334 }
0335
0336 static int vxlan_vnifilter_dump_dev(const struct net_device *dev,
0337 struct sk_buff *skb,
0338 struct netlink_callback *cb)
0339 {
0340 struct vxlan_vni_node *tmp, *v, *vbegin = NULL, *vend = NULL;
0341 struct vxlan_dev *vxlan = netdev_priv(dev);
0342 struct tunnel_msg *new_tmsg, *tmsg;
0343 int idx = 0, s_idx = cb->args[1];
0344 struct vxlan_vni_group *vg;
0345 struct nlmsghdr *nlh;
0346 bool dump_stats;
0347 int err = 0;
0348
0349 if (!(vxlan->cfg.flags & VXLAN_F_VNIFILTER))
0350 return -EINVAL;
0351
0352
0353 vg = rcu_dereference(vxlan->vnigrp);
0354 if (!vg || !vg->num_vnis)
0355 return 0;
0356
0357 tmsg = nlmsg_data(cb->nlh);
0358 dump_stats = !!(tmsg->flags & TUNNEL_MSG_FLAG_STATS);
0359
0360 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq,
0361 RTM_NEWTUNNEL, sizeof(*new_tmsg), NLM_F_MULTI);
0362 if (!nlh)
0363 return -EMSGSIZE;
0364 new_tmsg = nlmsg_data(nlh);
0365 memset(new_tmsg, 0, sizeof(*new_tmsg));
0366 new_tmsg->family = PF_BRIDGE;
0367 new_tmsg->ifindex = dev->ifindex;
0368
0369 list_for_each_entry_safe(v, tmp, &vg->vni_list, vlist) {
0370 if (idx < s_idx) {
0371 idx++;
0372 continue;
0373 }
0374 if (!vbegin) {
0375 vbegin = v;
0376 vend = v;
0377 continue;
0378 }
0379 if (!dump_stats && vnirange(vend, v) == 1 &&
0380 vxlan_addr_equal(&v->remote_ip, &vend->remote_ip)) {
0381 goto update_end;
0382 } else {
0383 if (!vxlan_fill_vni_filter_entry(skb, vbegin, vend,
0384 dump_stats)) {
0385 err = -EMSGSIZE;
0386 break;
0387 }
0388 idx += vnirange(vbegin, vend) + 1;
0389 vbegin = v;
0390 }
0391 update_end:
0392 vend = v;
0393 }
0394
0395 if (!err && vbegin) {
0396 if (!vxlan_fill_vni_filter_entry(skb, vbegin, vend, dump_stats))
0397 err = -EMSGSIZE;
0398 }
0399
0400 cb->args[1] = err ? idx : 0;
0401
0402 nlmsg_end(skb, nlh);
0403
0404 return err;
0405 }
0406
0407 static int vxlan_vnifilter_dump(struct sk_buff *skb, struct netlink_callback *cb)
0408 {
0409 int idx = 0, err = 0, s_idx = cb->args[0];
0410 struct net *net = sock_net(skb->sk);
0411 struct tunnel_msg *tmsg;
0412 struct net_device *dev;
0413
0414 tmsg = nlmsg_data(cb->nlh);
0415
0416 if (tmsg->flags & ~TUNNEL_MSG_VALID_USER_FLAGS) {
0417 NL_SET_ERR_MSG(cb->extack, "Invalid tunnelmsg flags in ancillary header");
0418 return -EINVAL;
0419 }
0420
0421 rcu_read_lock();
0422 if (tmsg->ifindex) {
0423 dev = dev_get_by_index_rcu(net, tmsg->ifindex);
0424 if (!dev) {
0425 err = -ENODEV;
0426 goto out_err;
0427 }
0428 if (!netif_is_vxlan(dev)) {
0429 NL_SET_ERR_MSG(cb->extack,
0430 "The device is not a vxlan device");
0431 err = -EINVAL;
0432 goto out_err;
0433 }
0434 err = vxlan_vnifilter_dump_dev(dev, skb, cb);
0435
0436 if (err != -EMSGSIZE)
0437 goto out_err;
0438 } else {
0439 for_each_netdev_rcu(net, dev) {
0440 if (!netif_is_vxlan(dev))
0441 continue;
0442 if (idx < s_idx)
0443 goto skip;
0444 err = vxlan_vnifilter_dump_dev(dev, skb, cb);
0445 if (err == -EMSGSIZE)
0446 break;
0447 skip:
0448 idx++;
0449 }
0450 }
0451 cb->args[0] = idx;
0452 rcu_read_unlock();
0453
0454 return skb->len;
0455
0456 out_err:
0457 rcu_read_unlock();
0458
0459 return err;
0460 }
0461
0462 static const struct nla_policy vni_filter_entry_policy[VXLAN_VNIFILTER_ENTRY_MAX + 1] = {
0463 [VXLAN_VNIFILTER_ENTRY_START] = { .type = NLA_U32 },
0464 [VXLAN_VNIFILTER_ENTRY_END] = { .type = NLA_U32 },
0465 [VXLAN_VNIFILTER_ENTRY_GROUP] = { .type = NLA_BINARY,
0466 .len = sizeof_field(struct iphdr, daddr) },
0467 [VXLAN_VNIFILTER_ENTRY_GROUP6] = { .type = NLA_BINARY,
0468 .len = sizeof(struct in6_addr) },
0469 };
0470
0471 static const struct nla_policy vni_filter_policy[VXLAN_VNIFILTER_MAX + 1] = {
0472 [VXLAN_VNIFILTER_ENTRY] = { .type = NLA_NESTED },
0473 };
0474
0475 static int vxlan_update_default_fdb_entry(struct vxlan_dev *vxlan, __be32 vni,
0476 union vxlan_addr *old_remote_ip,
0477 union vxlan_addr *remote_ip,
0478 struct netlink_ext_ack *extack)
0479 {
0480 struct vxlan_rdst *dst = &vxlan->default_dst;
0481 u32 hash_index;
0482 int err = 0;
0483
0484 hash_index = fdb_head_index(vxlan, all_zeros_mac, vni);
0485 spin_lock_bh(&vxlan->hash_lock[hash_index]);
0486 if (remote_ip && !vxlan_addr_any(remote_ip)) {
0487 err = vxlan_fdb_update(vxlan, all_zeros_mac,
0488 remote_ip,
0489 NUD_REACHABLE | NUD_PERMANENT,
0490 NLM_F_APPEND | NLM_F_CREATE,
0491 vxlan->cfg.dst_port,
0492 vni,
0493 vni,
0494 dst->remote_ifindex,
0495 NTF_SELF, 0, true, extack);
0496 if (err) {
0497 spin_unlock_bh(&vxlan->hash_lock[hash_index]);
0498 return err;
0499 }
0500 }
0501
0502 if (old_remote_ip && !vxlan_addr_any(old_remote_ip)) {
0503 __vxlan_fdb_delete(vxlan, all_zeros_mac,
0504 *old_remote_ip,
0505 vxlan->cfg.dst_port,
0506 vni, vni,
0507 dst->remote_ifindex,
0508 true);
0509 }
0510 spin_unlock_bh(&vxlan->hash_lock[hash_index]);
0511
0512 return err;
0513 }
0514
0515 static int vxlan_vni_update_group(struct vxlan_dev *vxlan,
0516 struct vxlan_vni_node *vninode,
0517 union vxlan_addr *group,
0518 bool create, bool *changed,
0519 struct netlink_ext_ack *extack)
0520 {
0521 struct vxlan_net *vn = net_generic(vxlan->net, vxlan_net_id);
0522 struct vxlan_rdst *dst = &vxlan->default_dst;
0523 union vxlan_addr *newrip = NULL, *oldrip = NULL;
0524 union vxlan_addr old_remote_ip;
0525 int ret = 0;
0526
0527 memcpy(&old_remote_ip, &vninode->remote_ip, sizeof(old_remote_ip));
0528
0529
0530
0531
0532 if (group && !vxlan_addr_any(group)) {
0533 newrip = group;
0534 } else {
0535 if (!vxlan_addr_any(&dst->remote_ip))
0536 newrip = &dst->remote_ip;
0537 }
0538
0539
0540
0541
0542 if (!newrip && !vxlan_addr_any(&old_remote_ip))
0543 oldrip = &old_remote_ip;
0544
0545 if (!newrip && !oldrip)
0546 return 0;
0547
0548 if (!create && oldrip && newrip && vxlan_addr_equal(oldrip, newrip))
0549 return 0;
0550
0551 ret = vxlan_update_default_fdb_entry(vxlan, vninode->vni,
0552 oldrip, newrip,
0553 extack);
0554 if (ret)
0555 goto out;
0556
0557 if (group)
0558 memcpy(&vninode->remote_ip, group, sizeof(vninode->remote_ip));
0559
0560 if (vxlan->dev->flags & IFF_UP) {
0561 if (vxlan_addr_multicast(&old_remote_ip) &&
0562 !vxlan_group_used(vn, vxlan, vninode->vni,
0563 &old_remote_ip,
0564 vxlan->default_dst.remote_ifindex)) {
0565 ret = vxlan_igmp_leave(vxlan, &old_remote_ip,
0566 0);
0567 if (ret)
0568 goto out;
0569 }
0570
0571 if (vxlan_addr_multicast(&vninode->remote_ip)) {
0572 ret = vxlan_igmp_join(vxlan, &vninode->remote_ip, 0);
0573 if (ret == -EADDRINUSE)
0574 ret = 0;
0575 if (ret)
0576 goto out;
0577 }
0578 }
0579
0580 *changed = true;
0581
0582 return 0;
0583 out:
0584 return ret;
0585 }
0586
0587 int vxlan_vnilist_update_group(struct vxlan_dev *vxlan,
0588 union vxlan_addr *old_remote_ip,
0589 union vxlan_addr *new_remote_ip,
0590 struct netlink_ext_ack *extack)
0591 {
0592 struct list_head *headp, *hpos;
0593 struct vxlan_vni_group *vg;
0594 struct vxlan_vni_node *vent;
0595 int ret;
0596
0597 vg = rtnl_dereference(vxlan->vnigrp);
0598
0599 headp = &vg->vni_list;
0600 list_for_each_prev(hpos, headp) {
0601 vent = list_entry(hpos, struct vxlan_vni_node, vlist);
0602 if (vxlan_addr_any(&vent->remote_ip)) {
0603 ret = vxlan_update_default_fdb_entry(vxlan, vent->vni,
0604 old_remote_ip,
0605 new_remote_ip,
0606 extack);
0607 if (ret)
0608 return ret;
0609 }
0610 }
0611
0612 return 0;
0613 }
0614
0615 static void vxlan_vni_delete_group(struct vxlan_dev *vxlan,
0616 struct vxlan_vni_node *vninode)
0617 {
0618 struct vxlan_net *vn = net_generic(vxlan->net, vxlan_net_id);
0619 struct vxlan_rdst *dst = &vxlan->default_dst;
0620
0621
0622
0623
0624 if (!vxlan_addr_any(&vninode->remote_ip) ||
0625 !vxlan_addr_any(&dst->remote_ip))
0626 __vxlan_fdb_delete(vxlan, all_zeros_mac,
0627 (vxlan_addr_any(&vninode->remote_ip) ?
0628 dst->remote_ip : vninode->remote_ip),
0629 vxlan->cfg.dst_port,
0630 vninode->vni, vninode->vni,
0631 dst->remote_ifindex,
0632 true);
0633
0634 if (vxlan->dev->flags & IFF_UP) {
0635 if (vxlan_addr_multicast(&vninode->remote_ip) &&
0636 !vxlan_group_used(vn, vxlan, vninode->vni,
0637 &vninode->remote_ip,
0638 dst->remote_ifindex)) {
0639 vxlan_igmp_leave(vxlan, &vninode->remote_ip, 0);
0640 }
0641 }
0642 }
0643
0644 static int vxlan_vni_update(struct vxlan_dev *vxlan,
0645 struct vxlan_vni_group *vg,
0646 __be32 vni, union vxlan_addr *group,
0647 bool *changed,
0648 struct netlink_ext_ack *extack)
0649 {
0650 struct vxlan_vni_node *vninode;
0651 int ret;
0652
0653 vninode = rhashtable_lookup_fast(&vg->vni_hash, &vni,
0654 vxlan_vni_rht_params);
0655 if (!vninode)
0656 return 0;
0657
0658 ret = vxlan_vni_update_group(vxlan, vninode, group, false, changed,
0659 extack);
0660 if (ret)
0661 return ret;
0662
0663 if (changed)
0664 vxlan_vnifilter_notify(vxlan, vninode, RTM_NEWTUNNEL);
0665
0666 return 0;
0667 }
0668
0669 static void __vxlan_vni_add_list(struct vxlan_vni_group *vg,
0670 struct vxlan_vni_node *v)
0671 {
0672 struct list_head *headp, *hpos;
0673 struct vxlan_vni_node *vent;
0674
0675 headp = &vg->vni_list;
0676 list_for_each_prev(hpos, headp) {
0677 vent = list_entry(hpos, struct vxlan_vni_node, vlist);
0678 if (be32_to_cpu(v->vni) < be32_to_cpu(vent->vni))
0679 continue;
0680 else
0681 break;
0682 }
0683 list_add_rcu(&v->vlist, hpos);
0684 vg->num_vnis++;
0685 }
0686
0687 static void __vxlan_vni_del_list(struct vxlan_vni_group *vg,
0688 struct vxlan_vni_node *v)
0689 {
0690 list_del_rcu(&v->vlist);
0691 vg->num_vnis--;
0692 }
0693
0694 static struct vxlan_vni_node *vxlan_vni_alloc(struct vxlan_dev *vxlan,
0695 __be32 vni)
0696 {
0697 struct vxlan_vni_node *vninode;
0698
0699 vninode = kzalloc(sizeof(*vninode), GFP_ATOMIC);
0700 if (!vninode)
0701 return NULL;
0702 vninode->stats = netdev_alloc_pcpu_stats(struct vxlan_vni_stats_pcpu);
0703 if (!vninode->stats) {
0704 kfree(vninode);
0705 return NULL;
0706 }
0707 vninode->vni = vni;
0708 vninode->hlist4.vxlan = vxlan;
0709 #if IS_ENABLED(CONFIG_IPV6)
0710 vninode->hlist6.vxlan = vxlan;
0711 #endif
0712
0713 return vninode;
0714 }
0715
0716 static int vxlan_vni_add(struct vxlan_dev *vxlan,
0717 struct vxlan_vni_group *vg,
0718 u32 vni, union vxlan_addr *group,
0719 struct netlink_ext_ack *extack)
0720 {
0721 struct vxlan_vni_node *vninode;
0722 __be32 v = cpu_to_be32(vni);
0723 bool changed = false;
0724 int err = 0;
0725
0726 if (vxlan_vnifilter_lookup(vxlan, v))
0727 return vxlan_vni_update(vxlan, vg, v, group, &changed, extack);
0728
0729 err = vxlan_vni_in_use(vxlan->net, vxlan, &vxlan->cfg, v);
0730 if (err) {
0731 NL_SET_ERR_MSG(extack, "VNI in use");
0732 return err;
0733 }
0734
0735 vninode = vxlan_vni_alloc(vxlan, v);
0736 if (!vninode)
0737 return -ENOMEM;
0738
0739 err = rhashtable_lookup_insert_fast(&vg->vni_hash,
0740 &vninode->vnode,
0741 vxlan_vni_rht_params);
0742 if (err) {
0743 kfree(vninode);
0744 return err;
0745 }
0746
0747 __vxlan_vni_add_list(vg, vninode);
0748
0749 if (vxlan->dev->flags & IFF_UP)
0750 vxlan_vs_add_del_vninode(vxlan, vninode, false);
0751
0752 err = vxlan_vni_update_group(vxlan, vninode, group, true, &changed,
0753 extack);
0754
0755 if (changed)
0756 vxlan_vnifilter_notify(vxlan, vninode, RTM_NEWTUNNEL);
0757
0758 return err;
0759 }
0760
0761 static void vxlan_vni_node_rcu_free(struct rcu_head *rcu)
0762 {
0763 struct vxlan_vni_node *v;
0764
0765 v = container_of(rcu, struct vxlan_vni_node, rcu);
0766 free_percpu(v->stats);
0767 kfree(v);
0768 }
0769
0770 static int vxlan_vni_del(struct vxlan_dev *vxlan,
0771 struct vxlan_vni_group *vg,
0772 u32 vni, struct netlink_ext_ack *extack)
0773 {
0774 struct vxlan_vni_node *vninode;
0775 __be32 v = cpu_to_be32(vni);
0776 int err = 0;
0777
0778 vg = rtnl_dereference(vxlan->vnigrp);
0779
0780 vninode = rhashtable_lookup_fast(&vg->vni_hash, &v,
0781 vxlan_vni_rht_params);
0782 if (!vninode) {
0783 err = -ENOENT;
0784 goto out;
0785 }
0786
0787 vxlan_vni_delete_group(vxlan, vninode);
0788
0789 err = rhashtable_remove_fast(&vg->vni_hash,
0790 &vninode->vnode,
0791 vxlan_vni_rht_params);
0792 if (err)
0793 goto out;
0794
0795 __vxlan_vni_del_list(vg, vninode);
0796
0797 vxlan_vnifilter_notify(vxlan, vninode, RTM_DELTUNNEL);
0798
0799 if (vxlan->dev->flags & IFF_UP)
0800 vxlan_vs_add_del_vninode(vxlan, vninode, true);
0801
0802 call_rcu(&vninode->rcu, vxlan_vni_node_rcu_free);
0803
0804 return 0;
0805 out:
0806 return err;
0807 }
0808
0809 static int vxlan_vni_add_del(struct vxlan_dev *vxlan, __u32 start_vni,
0810 __u32 end_vni, union vxlan_addr *group,
0811 int cmd, struct netlink_ext_ack *extack)
0812 {
0813 struct vxlan_vni_group *vg;
0814 int v, err = 0;
0815
0816 vg = rtnl_dereference(vxlan->vnigrp);
0817
0818 for (v = start_vni; v <= end_vni; v++) {
0819 switch (cmd) {
0820 case RTM_NEWTUNNEL:
0821 err = vxlan_vni_add(vxlan, vg, v, group, extack);
0822 break;
0823 case RTM_DELTUNNEL:
0824 err = vxlan_vni_del(vxlan, vg, v, extack);
0825 break;
0826 default:
0827 err = -EOPNOTSUPP;
0828 break;
0829 }
0830 if (err)
0831 goto out;
0832 }
0833
0834 return 0;
0835 out:
0836 return err;
0837 }
0838
0839 static int vxlan_process_vni_filter(struct vxlan_dev *vxlan,
0840 struct nlattr *nlvnifilter,
0841 int cmd, struct netlink_ext_ack *extack)
0842 {
0843 struct nlattr *vattrs[VXLAN_VNIFILTER_ENTRY_MAX + 1];
0844 u32 vni_start = 0, vni_end = 0;
0845 union vxlan_addr group;
0846 int err;
0847
0848 err = nla_parse_nested(vattrs,
0849 VXLAN_VNIFILTER_ENTRY_MAX,
0850 nlvnifilter, vni_filter_entry_policy,
0851 extack);
0852 if (err)
0853 return err;
0854
0855 if (vattrs[VXLAN_VNIFILTER_ENTRY_START]) {
0856 vni_start = nla_get_u32(vattrs[VXLAN_VNIFILTER_ENTRY_START]);
0857 vni_end = vni_start;
0858 }
0859
0860 if (vattrs[VXLAN_VNIFILTER_ENTRY_END])
0861 vni_end = nla_get_u32(vattrs[VXLAN_VNIFILTER_ENTRY_END]);
0862
0863 if (!vni_start && !vni_end) {
0864 NL_SET_ERR_MSG_ATTR(extack, nlvnifilter,
0865 "vni start nor end found in vni entry");
0866 return -EINVAL;
0867 }
0868
0869 if (vattrs[VXLAN_VNIFILTER_ENTRY_GROUP]) {
0870 group.sin.sin_addr.s_addr =
0871 nla_get_in_addr(vattrs[VXLAN_VNIFILTER_ENTRY_GROUP]);
0872 group.sa.sa_family = AF_INET;
0873 } else if (vattrs[VXLAN_VNIFILTER_ENTRY_GROUP6]) {
0874 group.sin6.sin6_addr =
0875 nla_get_in6_addr(vattrs[VXLAN_VNIFILTER_ENTRY_GROUP6]);
0876 group.sa.sa_family = AF_INET6;
0877 } else {
0878 memset(&group, 0, sizeof(group));
0879 }
0880
0881 if (vxlan_addr_multicast(&group) && !vxlan->default_dst.remote_ifindex) {
0882 NL_SET_ERR_MSG(extack,
0883 "Local interface required for multicast remote group");
0884
0885 return -EINVAL;
0886 }
0887
0888 err = vxlan_vni_add_del(vxlan, vni_start, vni_end, &group, cmd,
0889 extack);
0890 if (err)
0891 return err;
0892
0893 return 0;
0894 }
0895
0896 void vxlan_vnigroup_uninit(struct vxlan_dev *vxlan)
0897 {
0898 struct vxlan_vni_node *v, *tmp;
0899 struct vxlan_vni_group *vg;
0900
0901 vg = rtnl_dereference(vxlan->vnigrp);
0902 list_for_each_entry_safe(v, tmp, &vg->vni_list, vlist) {
0903 rhashtable_remove_fast(&vg->vni_hash, &v->vnode,
0904 vxlan_vni_rht_params);
0905 hlist_del_init_rcu(&v->hlist4.hlist);
0906 #if IS_ENABLED(CONFIG_IPV6)
0907 hlist_del_init_rcu(&v->hlist6.hlist);
0908 #endif
0909 __vxlan_vni_del_list(vg, v);
0910 vxlan_vnifilter_notify(vxlan, v, RTM_DELTUNNEL);
0911 call_rcu(&v->rcu, vxlan_vni_node_rcu_free);
0912 }
0913 rhashtable_destroy(&vg->vni_hash);
0914 kfree(vg);
0915 }
0916
0917 int vxlan_vnigroup_init(struct vxlan_dev *vxlan)
0918 {
0919 struct vxlan_vni_group *vg;
0920 int ret;
0921
0922 vg = kzalloc(sizeof(*vg), GFP_KERNEL);
0923 if (!vg)
0924 return -ENOMEM;
0925 ret = rhashtable_init(&vg->vni_hash, &vxlan_vni_rht_params);
0926 if (ret) {
0927 kfree(vg);
0928 return ret;
0929 }
0930 INIT_LIST_HEAD(&vg->vni_list);
0931 rcu_assign_pointer(vxlan->vnigrp, vg);
0932
0933 return 0;
0934 }
0935
0936 static int vxlan_vnifilter_process(struct sk_buff *skb, struct nlmsghdr *nlh,
0937 struct netlink_ext_ack *extack)
0938 {
0939 struct net *net = sock_net(skb->sk);
0940 struct tunnel_msg *tmsg;
0941 struct vxlan_dev *vxlan;
0942 struct net_device *dev;
0943 struct nlattr *attr;
0944 int err, vnis = 0;
0945 int rem;
0946
0947
0948 err = nlmsg_parse(nlh, sizeof(*tmsg), NULL, VXLAN_VNIFILTER_MAX,
0949 vni_filter_policy, extack);
0950 if (err < 0)
0951 return err;
0952
0953 tmsg = nlmsg_data(nlh);
0954 dev = __dev_get_by_index(net, tmsg->ifindex);
0955 if (!dev)
0956 return -ENODEV;
0957
0958 if (!netif_is_vxlan(dev)) {
0959 NL_SET_ERR_MSG_MOD(extack, "The device is not a vxlan device");
0960 return -EINVAL;
0961 }
0962
0963 vxlan = netdev_priv(dev);
0964
0965 if (!(vxlan->cfg.flags & VXLAN_F_VNIFILTER))
0966 return -EOPNOTSUPP;
0967
0968 nlmsg_for_each_attr(attr, nlh, sizeof(*tmsg), rem) {
0969 switch (nla_type(attr)) {
0970 case VXLAN_VNIFILTER_ENTRY:
0971 err = vxlan_process_vni_filter(vxlan, attr,
0972 nlh->nlmsg_type, extack);
0973 break;
0974 default:
0975 continue;
0976 }
0977 vnis++;
0978 if (err)
0979 break;
0980 }
0981
0982 if (!vnis) {
0983 NL_SET_ERR_MSG_MOD(extack, "No vnis found to process");
0984 err = -EINVAL;
0985 }
0986
0987 return err;
0988 }
0989
0990 void vxlan_vnifilter_init(void)
0991 {
0992 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_GETTUNNEL, NULL,
0993 vxlan_vnifilter_dump, 0);
0994 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_NEWTUNNEL,
0995 vxlan_vnifilter_process, NULL, 0);
0996 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_DELTUNNEL,
0997 vxlan_vnifilter_process, NULL, 0);
0998 }
0999
1000 void vxlan_vnifilter_uninit(void)
1001 {
1002 rtnl_unregister(PF_BRIDGE, RTM_GETTUNNEL);
1003 rtnl_unregister(PF_BRIDGE, RTM_NEWTUNNEL);
1004 rtnl_unregister(PF_BRIDGE, RTM_DELTUNNEL);
1005 }
