net/ipv6/seg6_local.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /*
0003  *  SR-IPv6 implementation
0004  *
0005  *  Authors:
0006  *  David Lebrun <david.lebrun@uclouvain.be>
0007  *  eBPF support: Mathieu Xhonneux <m.xhonneux@gmail.com>
0008  */
0009
0010 #include <linux/filter.h>
0011 #include <linux/types.h>
0012 #include <linux/skbuff.h>
0013 #include <linux/net.h>
0014 #include <linux/module.h>
0015 #include <net/ip.h>
0016 #include <net/lwtunnel.h>
0017 #include <net/netevent.h>
0018 #include <net/netns/generic.h>
0019 #include <net/ip6_fib.h>
0020 #include <net/route.h>
0021 #include <net/seg6.h>
0022 #include <linux/seg6.h>
0023 #include <linux/seg6_local.h>
0024 #include <net/addrconf.h>
0025 #include <net/ip6_route.h>
0026 #include <net/dst_cache.h>
0027 #include <net/ip_tunnels.h>
0028 #ifdef CONFIG_IPV6_SEG6_HMAC
0029 #include <net/seg6_hmac.h>
0030 #endif
0031 #include <net/seg6_local.h>
0032 #include <linux/etherdevice.h>
0033 #include <linux/bpf.h>
0034 #include <linux/netfilter.h>
0035
0036 #define SEG6_F_ATTR(i)      BIT(i)
0037
0038 struct seg6_local_lwt;
0039
0040 /* callbacks used for customizing the creation and destruction of a behavior */
0041 struct seg6_local_lwtunnel_ops {
0042     int (*build_state)(struct seg6_local_lwt *slwt, const void *cfg,
0043                struct netlink_ext_ack *extack);
0044     void (*destroy_state)(struct seg6_local_lwt *slwt);
0045 };
0046
0047 struct seg6_action_desc {
0048     int action;
0049     unsigned long attrs;
0050
0051     /* The optattrs field is used for specifying all the optional
0052      * attributes supported by a specific behavior.
0053      * It means that if one of these attributes is not provided in the
0054      * netlink message during the behavior creation, no errors will be
0055      * returned to the userspace.
0056      *
0057      * Each attribute can be only of two types (mutually exclusive):
0058      * 1) required or 2) optional.
0059      * Every user MUST obey to this rule! If you set an attribute as
0060      * required the same attribute CANNOT be set as optional and vice
0061      * versa.
0062      */
0063     unsigned long optattrs;
0064
0065     int (*input)(struct sk_buff *skb, struct seg6_local_lwt *slwt);
0066     int static_headroom;
0067
0068     struct seg6_local_lwtunnel_ops slwt_ops;
0069 };
0070
0071 struct bpf_lwt_prog {
0072     struct bpf_prog *prog;
0073     char *name;
0074 };
0075
0076 enum seg6_end_dt_mode {
0077     DT_INVALID_MODE = -EINVAL,
0078     DT_LEGACY_MODE  = 0,
0079     DT_VRF_MODE = 1,
0080 };
0081
0082 struct seg6_end_dt_info {
0083     enum seg6_end_dt_mode mode;
0084
0085     struct net *net;
0086     /* VRF device associated to the routing table used by the SRv6
0087      * End.DT4/DT6 behavior for routing IPv4/IPv6 packets.
0088      */
0089     int vrf_ifindex;
0090     int vrf_table;
0091
0092     /* tunneled packet family (IPv4 or IPv6).
0093      * Protocol and header length are inferred from family.
0094      */
0095     u16 family;
0096 };
0097
0098 struct pcpu_seg6_local_counters {
0099     u64_stats_t packets;
0100     u64_stats_t bytes;
0101     u64_stats_t errors;
0102
0103     struct u64_stats_sync syncp;
0104 };
0105
0106 /* This struct groups all the SRv6 Behavior counters supported so far.
0107  *
0108  * put_nla_counters() makes use of this data structure to collect all counter
0109  * values after the per-CPU counter evaluation has been performed.
0110  * Finally, each counter value (in seg6_local_counters) is stored in the
0111  * corresponding netlink attribute and sent to user space.
0112  *
0113  * NB: we don't want to expose this structure to user space!
0114  */
0115 struct seg6_local_counters {
0116     __u64 packets;
0117     __u64 bytes;
0118     __u64 errors;
0119 };
0120
0121 #define seg6_local_alloc_pcpu_counters(__gfp)               \
0122     __netdev_alloc_pcpu_stats(struct pcpu_seg6_local_counters,  \
0123                   ((__gfp) | __GFP_ZERO))
0124
0125 #define SEG6_F_LOCAL_COUNTERS   SEG6_F_ATTR(SEG6_LOCAL_COUNTERS)
0126
0127 struct seg6_local_lwt {
0128     int action;
0129     struct ipv6_sr_hdr *srh;
0130     int table;
0131     struct in_addr nh4;
0132     struct in6_addr nh6;
0133     int iif;
0134     int oif;
0135     struct bpf_lwt_prog bpf;
0136 #ifdef CONFIG_NET_L3_MASTER_DEV
0137     struct seg6_end_dt_info dt_info;
0138 #endif
0139     struct pcpu_seg6_local_counters __percpu *pcpu_counters;
0140
0141     int headroom;
0142     struct seg6_action_desc *desc;
0143     /* unlike the required attrs, we have to track the optional attributes
0144      * that have been effectively parsed.
0145      */
0146     unsigned long parsed_optattrs;
0147 };
0148
0149 static struct seg6_local_lwt *seg6_local_lwtunnel(struct lwtunnel_state *lwt)
0150 {
0151     return (struct seg6_local_lwt *)lwt->data;
0152 }
0153
0154 static struct ipv6_sr_hdr *get_and_validate_srh(struct sk_buff *skb)
0155 {
0156     struct ipv6_sr_hdr *srh;
0157
0158     srh = seg6_get_srh(skb, IP6_FH_F_SKIP_RH);
0159     if (!srh)
0160         return NULL;
0161
0162 #ifdef CONFIG_IPV6_SEG6_HMAC
0163     if (!seg6_hmac_validate_skb(skb))
0164         return NULL;
0165 #endif
0166
0167     return srh;
0168 }
0169
0170 static bool decap_and_validate(struct sk_buff *skb, int proto)
0171 {
0172     struct ipv6_sr_hdr *srh;
0173     unsigned int off = 0;
0174
0175     srh = seg6_get_srh(skb, 0);
0176     if (srh && srh->segments_left > 0)
0177         return false;
0178
0179 #ifdef CONFIG_IPV6_SEG6_HMAC
0180     if (srh && !seg6_hmac_validate_skb(skb))
0181         return false;
0182 #endif
0183
0184     if (ipv6_find_hdr(skb, &off, proto, NULL, NULL) < 0)
0185         return false;
0186
0187     if (!pskb_pull(skb, off))
0188         return false;
0189
0190     skb_postpull_rcsum(skb, skb_network_header(skb), off);
0191
0192     skb_reset_network_header(skb);
0193     skb_reset_transport_header(skb);
0194     if (iptunnel_pull_offloads(skb))
0195         return false;
0196
0197     return true;
0198 }
0199
0200 static void advance_nextseg(struct ipv6_sr_hdr *srh, struct in6_addr *daddr)
0201 {
0202     struct in6_addr *addr;
0203
0204     srh->segments_left--;
0205     addr = srh->segments + srh->segments_left;
0206     *daddr = *addr;
0207 }
0208
0209 static int
0210 seg6_lookup_any_nexthop(struct sk_buff *skb, struct in6_addr *nhaddr,
0211             u32 tbl_id, bool local_delivery)
0212 {
0213     struct net *net = dev_net(skb->dev);
0214     struct ipv6hdr *hdr = ipv6_hdr(skb);
0215     int flags = RT6_LOOKUP_F_HAS_SADDR;
0216     struct dst_entry *dst = NULL;
0217     struct rt6_info *rt;
0218     struct flowi6 fl6;
0219     int dev_flags = 0;
0220
0221     memset(&fl6, 0, sizeof(fl6));
0222     fl6.flowi6_iif = skb->dev->ifindex;
0223     fl6.daddr = nhaddr ? *nhaddr : hdr->daddr;
0224     fl6.saddr = hdr->saddr;
0225     fl6.flowlabel = ip6_flowinfo(hdr);
0226     fl6.flowi6_mark = skb->mark;
0227     fl6.flowi6_proto = hdr->nexthdr;
0228
0229     if (nhaddr)
0230         fl6.flowi6_flags = FLOWI_FLAG_KNOWN_NH;
0231
0232     if (!tbl_id) {
0233         dst = ip6_route_input_lookup(net, skb->dev, &fl6, skb, flags);
0234     } else {
0235         struct fib6_table *table;
0236
0237         table = fib6_get_table(net, tbl_id);
0238         if (!table)
0239             goto out;
0240
0241         rt = ip6_pol_route(net, table, 0, &fl6, skb, flags);
0242         dst = &rt->dst;
0243     }
0244
0245     /* we want to discard traffic destined for local packet processing,
0246      * if @local_delivery is set to false.
0247      */
0248     if (!local_delivery)
0249         dev_flags |= IFF_LOOPBACK;
0250
0251     if (dst && (dst->dev->flags & dev_flags) && !dst->error) {
0252         dst_release(dst);
0253         dst = NULL;
0254     }
0255
0256 out:
0257     if (!dst) {
0258         rt = net->ipv6.ip6_blk_hole_entry;
0259         dst = &rt->dst;
0260         dst_hold(dst);
0261     }
0262
0263     skb_dst_drop(skb);
0264     skb_dst_set(skb, dst);
0265     return dst->error;
0266 }
0267
0268 int seg6_lookup_nexthop(struct sk_buff *skb,
0269             struct in6_addr *nhaddr, u32 tbl_id)
0270 {
0271     return seg6_lookup_any_nexthop(skb, nhaddr, tbl_id, false);
0272 }
0273
0274 /* regular endpoint function */
0275 static int input_action_end(struct sk_buff *skb, struct seg6_local_lwt *slwt)
0276 {
0277     struct ipv6_sr_hdr *srh;
0278
0279     srh = get_and_validate_srh(skb);
0280     if (!srh)
0281         goto drop;
0282
0283     advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
0284
0285     seg6_lookup_nexthop(skb, NULL, 0);
0286
0287     return dst_input(skb);
0288
0289 drop:
0290     kfree_skb(skb);
0291     return -EINVAL;
0292 }
0293
0294 /* regular endpoint, and forward to specified nexthop */
0295 static int input_action_end_x(struct sk_buff *skb, struct seg6_local_lwt *slwt)
0296 {
0297     struct ipv6_sr_hdr *srh;
0298
0299     srh = get_and_validate_srh(skb);
0300     if (!srh)
0301         goto drop;
0302
0303     advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
0304
0305     seg6_lookup_nexthop(skb, &slwt->nh6, 0);
0306
0307     return dst_input(skb);
0308
0309 drop:
0310     kfree_skb(skb);
0311     return -EINVAL;
0312 }
0313
0314 static int input_action_end_t(struct sk_buff *skb, struct seg6_local_lwt *slwt)
0315 {
0316     struct ipv6_sr_hdr *srh;
0317
0318     srh = get_and_validate_srh(skb);
0319     if (!srh)
0320         goto drop;
0321
0322     advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
0323
0324     seg6_lookup_nexthop(skb, NULL, slwt->table);
0325
0326     return dst_input(skb);
0327
0328 drop:
0329     kfree_skb(skb);
0330     return -EINVAL;
0331 }
0332
0333 /* decapsulate and forward inner L2 frame on specified interface */
0334 static int input_action_end_dx2(struct sk_buff *skb,
0335                 struct seg6_local_lwt *slwt)
0336 {
0337     struct net *net = dev_net(skb->dev);
0338     struct net_device *odev;
0339     struct ethhdr *eth;
0340
0341     if (!decap_and_validate(skb, IPPROTO_ETHERNET))
0342         goto drop;
0343
0344     if (!pskb_may_pull(skb, ETH_HLEN))
0345         goto drop;
0346
0347     skb_reset_mac_header(skb);
0348     eth = (struct ethhdr *)skb->data;
0349
0350     /* To determine the frame's protocol, we assume it is 802.3. This avoids
0351      * a call to eth_type_trans(), which is not really relevant for our
0352      * use case.
0353      */
0354     if (!eth_proto_is_802_3(eth->h_proto))
0355         goto drop;
0356
0357     odev = dev_get_by_index_rcu(net, slwt->oif);
0358     if (!odev)
0359         goto drop;
0360
0361     /* As we accept Ethernet frames, make sure the egress device is of
0362      * the correct type.
0363      */
0364     if (odev->type != ARPHRD_ETHER)
0365         goto drop;
0366
0367     if (!(odev->flags & IFF_UP) || !netif_carrier_ok(odev))
0368         goto drop;
0369
0370     skb_orphan(skb);
0371
0372     if (skb_warn_if_lro(skb))
0373         goto drop;
0374
0375     skb_forward_csum(skb);
0376
0377     if (skb->len - ETH_HLEN > odev->mtu)
0378         goto drop;
0379
0380     skb->dev = odev;
0381     skb->protocol = eth->h_proto;
0382
0383     return dev_queue_xmit(skb);
0384
0385 drop:
0386     kfree_skb(skb);
0387     return -EINVAL;
0388 }
0389
0390 static int input_action_end_dx6_finish(struct net *net, struct sock *sk,
0391                        struct sk_buff *skb)
0392 {
0393     struct dst_entry *orig_dst = skb_dst(skb);
0394     struct in6_addr *nhaddr = NULL;
0395     struct seg6_local_lwt *slwt;
0396
0397     slwt = seg6_local_lwtunnel(orig_dst->lwtstate);
0398
0399     /* The inner packet is not associated to any local interface,
0400      * so we do not call netif_rx().
0401      *
0402      * If slwt->nh6 is set to ::, then lookup the nexthop for the
0403      * inner packet's DA. Otherwise, use the specified nexthop.
0404      */
0405     if (!ipv6_addr_any(&slwt->nh6))
0406         nhaddr = &slwt->nh6;
0407
0408     seg6_lookup_nexthop(skb, nhaddr, 0);
0409
0410     return dst_input(skb);
0411 }
0412
0413 /* decapsulate and forward to specified nexthop */
0414 static int input_action_end_dx6(struct sk_buff *skb,
0415                 struct seg6_local_lwt *slwt)
0416 {
0417     /* this function accepts IPv6 encapsulated packets, with either
0418      * an SRH with SL=0, or no SRH.
0419      */
0420
0421     if (!decap_and_validate(skb, IPPROTO_IPV6))
0422         goto drop;
0423
0424     if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
0425         goto drop;
0426
0427     skb_set_transport_header(skb, sizeof(struct ipv6hdr));
0428     nf_reset_ct(skb);
0429
0430     if (static_branch_unlikely(&nf_hooks_lwtunnel_enabled))
0431         return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING,
0432                    dev_net(skb->dev), NULL, skb, NULL,
0433                    skb_dst(skb)->dev, input_action_end_dx6_finish);
0434
0435     return input_action_end_dx6_finish(dev_net(skb->dev), NULL, skb);
0436 drop:
0437     kfree_skb(skb);
0438     return -EINVAL;
0439 }
0440
0441 static int input_action_end_dx4_finish(struct net *net, struct sock *sk,
0442                        struct sk_buff *skb)
0443 {
0444     struct dst_entry *orig_dst = skb_dst(skb);
0445     struct seg6_local_lwt *slwt;
0446     struct iphdr *iph;
0447     __be32 nhaddr;
0448     int err;
0449
0450     slwt = seg6_local_lwtunnel(orig_dst->lwtstate);
0451
0452     iph = ip_hdr(skb);
0453
0454     nhaddr = slwt->nh4.s_addr ?: iph->daddr;
0455
0456     skb_dst_drop(skb);
0457
0458     err = ip_route_input(skb, nhaddr, iph->saddr, 0, skb->dev);
0459     if (err) {
0460         kfree_skb(skb);
0461         return -EINVAL;
0462     }
0463
0464     return dst_input(skb);
0465 }
0466
0467 static int input_action_end_dx4(struct sk_buff *skb,
0468                 struct seg6_local_lwt *slwt)
0469 {
0470     if (!decap_and_validate(skb, IPPROTO_IPIP))
0471         goto drop;
0472
0473     if (!pskb_may_pull(skb, sizeof(struct iphdr)))
0474         goto drop;
0475
0476     skb->protocol = htons(ETH_P_IP);
0477     skb_set_transport_header(skb, sizeof(struct iphdr));
0478     nf_reset_ct(skb);
0479
0480     if (static_branch_unlikely(&nf_hooks_lwtunnel_enabled))
0481         return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING,
0482                    dev_net(skb->dev), NULL, skb, NULL,
0483                    skb_dst(skb)->dev, input_action_end_dx4_finish);
0484
0485     return input_action_end_dx4_finish(dev_net(skb->dev), NULL, skb);
0486 drop:
0487     kfree_skb(skb);
0488     return -EINVAL;
0489 }
0490
0491 #ifdef CONFIG_NET_L3_MASTER_DEV
0492 static struct net *fib6_config_get_net(const struct fib6_config *fib6_cfg)
0493 {
0494     const struct nl_info *nli = &fib6_cfg->fc_nlinfo;
0495
0496     return nli->nl_net;
0497 }
0498
0499 static int __seg6_end_dt_vrf_build(struct seg6_local_lwt *slwt, const void *cfg,
0500                    u16 family, struct netlink_ext_ack *extack)
0501 {
0502     struct seg6_end_dt_info *info = &slwt->dt_info;
0503     int vrf_ifindex;
0504     struct net *net;
0505
0506     net = fib6_config_get_net(cfg);
0507
0508     /* note that vrf_table was already set by parse_nla_vrftable() */
0509     vrf_ifindex = l3mdev_ifindex_lookup_by_table_id(L3MDEV_TYPE_VRF, net,
0510                             info->vrf_table);
0511     if (vrf_ifindex < 0) {
0512         if (vrf_ifindex == -EPERM) {
0513             NL_SET_ERR_MSG(extack,
0514                        "Strict mode for VRF is disabled");
0515         } else if (vrf_ifindex == -ENODEV) {
0516             NL_SET_ERR_MSG(extack,
0517                        "Table has no associated VRF device");
0518         } else {
0519             pr_debug("seg6local: SRv6 End.DT* creation error=%d\n",
0520                  vrf_ifindex);
0521         }
0522
0523         return vrf_ifindex;
0524     }
0525
0526     info->net = net;
0527     info->vrf_ifindex = vrf_ifindex;
0528
0529     info->family = family;
0530     info->mode = DT_VRF_MODE;
0531
0532     return 0;
0533 }
0534
0535 /* The SRv6 End.DT4/DT6 behavior extracts the inner (IPv4/IPv6) packet and
0536  * routes the IPv4/IPv6 packet by looking at the configured routing table.
0537  *
0538  * In the SRv6 End.DT4/DT6 use case, we can receive traffic (IPv6+Segment
0539  * Routing Header packets) from several interfaces and the outer IPv6
0540  * destination address (DA) is used for retrieving the specific instance of the
0541  * End.DT4/DT6 behavior that should process the packets.
0542  *
0543  * However, the inner IPv4/IPv6 packet is not really bound to any receiving
0544  * interface and thus the End.DT4/DT6 sets the VRF (associated with the
0545  * corresponding routing table) as the *receiving* interface.
0546  * In other words, the End.DT4/DT6 processes a packet as if it has been received
0547  * directly by the VRF (and not by one of its slave devices, if any).
0548  * In this way, the VRF interface is used for routing the IPv4/IPv6 packet in
0549  * according to the routing table configured by the End.DT4/DT6 instance.
0550  *
0551  * This design allows you to get some interesting features like:
0552  *  1) the statistics on rx packets;
0553  *  2) the possibility to install a packet sniffer on the receiving interface
0554  *     (the VRF one) for looking at the incoming packets;
0555  *  3) the possibility to leverage the netfilter prerouting hook for the inner
0556  *     IPv4 packet.
0557  *
0558  * This function returns:
0559  *  - the sk_buff* when the VRF rcv handler has processed the packet correctly;
0560  *  - NULL when the skb is consumed by the VRF rcv handler;
0561  *  - a pointer which encodes a negative error number in case of error.
0562  *    Note that in this case, the function takes care of freeing the skb.
0563  */
0564 static struct sk_buff *end_dt_vrf_rcv(struct sk_buff *skb, u16 family,
0565                       struct net_device *dev)
0566 {
0567     /* based on l3mdev_ip_rcv; we are only interested in the master */
0568     if (unlikely(!netif_is_l3_master(dev) && !netif_has_l3_rx_handler(dev)))
0569         goto drop;
0570
0571     if (unlikely(!dev->l3mdev_ops->l3mdev_l3_rcv))
0572         goto drop;
0573
0574     /* the decap packet IPv4/IPv6 does not come with any mac header info.
0575      * We must unset the mac header to allow the VRF device to rebuild it,
0576      * just in case there is a sniffer attached on the device.
0577      */
0578     skb_unset_mac_header(skb);
0579
0580     skb = dev->l3mdev_ops->l3mdev_l3_rcv(dev, skb, family);
0581     if (!skb)
0582         /* the skb buffer was consumed by the handler */
0583         return NULL;
0584
0585     /* when a packet is received by a VRF or by one of its slaves, the
0586      * master device reference is set into the skb.
0587      */
0588     if (unlikely(skb->dev != dev || skb->skb_iif != dev->ifindex))
0589         goto drop;
0590
0591     return skb;
0592
0593 drop:
0594     kfree_skb(skb);
0595     return ERR_PTR(-EINVAL);
0596 }
0597
0598 static struct net_device *end_dt_get_vrf_rcu(struct sk_buff *skb,
0599                          struct seg6_end_dt_info *info)
0600 {
0601     int vrf_ifindex = info->vrf_ifindex;
0602     struct net *net = info->net;
0603
0604     if (unlikely(vrf_ifindex < 0))
0605         goto error;
0606
0607     if (unlikely(!net_eq(dev_net(skb->dev), net)))
0608         goto error;
0609
0610     return dev_get_by_index_rcu(net, vrf_ifindex);
0611
0612 error:
0613     return NULL;
0614 }
0615
0616 static struct sk_buff *end_dt_vrf_core(struct sk_buff *skb,
0617                        struct seg6_local_lwt *slwt, u16 family)
0618 {
0619     struct seg6_end_dt_info *info = &slwt->dt_info;
0620     struct net_device *vrf;
0621     __be16 protocol;
0622     int hdrlen;
0623
0624     vrf = end_dt_get_vrf_rcu(skb, info);
0625     if (unlikely(!vrf))
0626         goto drop;
0627
0628     switch (family) {
0629     case AF_INET:
0630         protocol = htons(ETH_P_IP);
0631         hdrlen = sizeof(struct iphdr);
0632         break;
0633     case AF_INET6:
0634         protocol = htons(ETH_P_IPV6);
0635         hdrlen = sizeof(struct ipv6hdr);
0636         break;
0637     case AF_UNSPEC:
0638         fallthrough;
0639     default:
0640         goto drop;
0641     }
0642
0643     if (unlikely(info->family != AF_UNSPEC && info->family != family)) {
0644         pr_warn_once("seg6local: SRv6 End.DT* family mismatch");
0645         goto drop;
0646     }
0647
0648     skb->protocol = protocol;
0649
0650     skb_dst_drop(skb);
0651
0652     skb_set_transport_header(skb, hdrlen);
0653     nf_reset_ct(skb);
0654
0655     return end_dt_vrf_rcv(skb, family, vrf);
0656
0657 drop:
0658     kfree_skb(skb);
0659     return ERR_PTR(-EINVAL);
0660 }
0661
0662 static int input_action_end_dt4(struct sk_buff *skb,
0663                 struct seg6_local_lwt *slwt)
0664 {
0665     struct iphdr *iph;
0666     int err;
0667
0668     if (!decap_and_validate(skb, IPPROTO_IPIP))
0669         goto drop;
0670
0671     if (!pskb_may_pull(skb, sizeof(struct iphdr)))
0672         goto drop;
0673
0674     skb = end_dt_vrf_core(skb, slwt, AF_INET);
0675     if (!skb)
0676         /* packet has been processed and consumed by the VRF */
0677         return 0;
0678
0679     if (IS_ERR(skb))
0680         return PTR_ERR(skb);
0681
0682     iph = ip_hdr(skb);
0683
0684     err = ip_route_input(skb, iph->daddr, iph->saddr, 0, skb->dev);
0685     if (unlikely(err))
0686         goto drop;
0687
0688     return dst_input(skb);
0689
0690 drop:
0691     kfree_skb(skb);
0692     return -EINVAL;
0693 }
0694
0695 static int seg6_end_dt4_build(struct seg6_local_lwt *slwt, const void *cfg,
0696                   struct netlink_ext_ack *extack)
0697 {
0698     return __seg6_end_dt_vrf_build(slwt, cfg, AF_INET, extack);
0699 }
0700
0701 static enum
0702 seg6_end_dt_mode seg6_end_dt6_parse_mode(struct seg6_local_lwt *slwt)
0703 {
0704     unsigned long parsed_optattrs = slwt->parsed_optattrs;
0705     bool legacy, vrfmode;
0706
0707     legacy  = !!(parsed_optattrs & SEG6_F_ATTR(SEG6_LOCAL_TABLE));
0708     vrfmode = !!(parsed_optattrs & SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE));
0709
0710     if (!(legacy ^ vrfmode))
0711         /* both are absent or present: invalid DT6 mode */
0712         return DT_INVALID_MODE;
0713
0714     return legacy ? DT_LEGACY_MODE : DT_VRF_MODE;
0715 }
0716
0717 static enum seg6_end_dt_mode seg6_end_dt6_get_mode(struct seg6_local_lwt *slwt)
0718 {
0719     struct seg6_end_dt_info *info = &slwt->dt_info;
0720
0721     return info->mode;
0722 }
0723
0724 static int seg6_end_dt6_build(struct seg6_local_lwt *slwt, const void *cfg,
0725                   struct netlink_ext_ack *extack)
0726 {
0727     enum seg6_end_dt_mode mode = seg6_end_dt6_parse_mode(slwt);
0728     struct seg6_end_dt_info *info = &slwt->dt_info;
0729
0730     switch (mode) {
0731     case DT_LEGACY_MODE:
0732         info->mode = DT_LEGACY_MODE;
0733         return 0;
0734     case DT_VRF_MODE:
0735         return __seg6_end_dt_vrf_build(slwt, cfg, AF_INET6, extack);
0736     default:
0737         NL_SET_ERR_MSG(extack, "table or vrftable must be specified");
0738         return -EINVAL;
0739     }
0740 }
0741 #endif
0742
0743 static int input_action_end_dt6(struct sk_buff *skb,
0744                 struct seg6_local_lwt *slwt)
0745 {
0746     if (!decap_and_validate(skb, IPPROTO_IPV6))
0747         goto drop;
0748
0749     if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
0750         goto drop;
0751
0752 #ifdef CONFIG_NET_L3_MASTER_DEV
0753     if (seg6_end_dt6_get_mode(slwt) == DT_LEGACY_MODE)
0754         goto legacy_mode;
0755
0756     /* DT6_VRF_MODE */
0757     skb = end_dt_vrf_core(skb, slwt, AF_INET6);
0758     if (!skb)
0759         /* packet has been processed and consumed by the VRF */
0760         return 0;
0761
0762     if (IS_ERR(skb))
0763         return PTR_ERR(skb);
0764
0765     /* note: this time we do not need to specify the table because the VRF
0766      * takes care of selecting the correct table.
0767      */
0768     seg6_lookup_any_nexthop(skb, NULL, 0, true);
0769
0770     return dst_input(skb);
0771
0772 legacy_mode:
0773 #endif
0774     skb_set_transport_header(skb, sizeof(struct ipv6hdr));
0775
0776     seg6_lookup_any_nexthop(skb, NULL, slwt->table, true);
0777
0778     return dst_input(skb);
0779
0780 drop:
0781     kfree_skb(skb);
0782     return -EINVAL;
0783 }
0784
0785 #ifdef CONFIG_NET_L3_MASTER_DEV
0786 static int seg6_end_dt46_build(struct seg6_local_lwt *slwt, const void *cfg,
0787                    struct netlink_ext_ack *extack)
0788 {
0789     return __seg6_end_dt_vrf_build(slwt, cfg, AF_UNSPEC, extack);
0790 }
0791
0792 static int input_action_end_dt46(struct sk_buff *skb,
0793                  struct seg6_local_lwt *slwt)
0794 {
0795     unsigned int off = 0;
0796     int nexthdr;
0797
0798     nexthdr = ipv6_find_hdr(skb, &off, -1, NULL, NULL);
0799     if (unlikely(nexthdr < 0))
0800         goto drop;
0801
0802     switch (nexthdr) {
0803     case IPPROTO_IPIP:
0804         return input_action_end_dt4(skb, slwt);
0805     case IPPROTO_IPV6:
0806         return input_action_end_dt6(skb, slwt);
0807     }
0808
0809 drop:
0810     kfree_skb(skb);
0811     return -EINVAL;
0812 }
0813 #endif
0814
0815 /* push an SRH on top of the current one */
0816 static int input_action_end_b6(struct sk_buff *skb, struct seg6_local_lwt *slwt)
0817 {
0818     struct ipv6_sr_hdr *srh;
0819     int err = -EINVAL;
0820
0821     srh = get_and_validate_srh(skb);
0822     if (!srh)
0823         goto drop;
0824
0825     err = seg6_do_srh_inline(skb, slwt->srh);
0826     if (err)
0827         goto drop;
0828
0829     skb_set_transport_header(skb, sizeof(struct ipv6hdr));
0830
0831     seg6_lookup_nexthop(skb, NULL, 0);
0832
0833     return dst_input(skb);
0834
0835 drop:
0836     kfree_skb(skb);
0837     return err;
0838 }
0839
0840 /* encapsulate within an outer IPv6 header and a specified SRH */
0841 static int input_action_end_b6_encap(struct sk_buff *skb,
0842                      struct seg6_local_lwt *slwt)
0843 {
0844     struct ipv6_sr_hdr *srh;
0845     int err = -EINVAL;
0846
0847     srh = get_and_validate_srh(skb);
0848     if (!srh)
0849         goto drop;
0850
0851     advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
0852
0853     skb_reset_inner_headers(skb);
0854     skb->encapsulation = 1;
0855
0856     err = seg6_do_srh_encap(skb, slwt->srh, IPPROTO_IPV6);
0857     if (err)
0858         goto drop;
0859
0860     skb_set_transport_header(skb, sizeof(struct ipv6hdr));
0861
0862     seg6_lookup_nexthop(skb, NULL, 0);
0863
0864     return dst_input(skb);
0865
0866 drop:
0867     kfree_skb(skb);
0868     return err;
0869 }
0870
0871 DEFINE_PER_CPU(struct seg6_bpf_srh_state, seg6_bpf_srh_states);
0872
0873 bool seg6_bpf_has_valid_srh(struct sk_buff *skb)
0874 {
0875     struct seg6_bpf_srh_state *srh_state =
0876         this_cpu_ptr(&seg6_bpf_srh_states);
0877     struct ipv6_sr_hdr *srh = srh_state->srh;
0878
0879     if (unlikely(srh == NULL))
0880         return false;
0881
0882     if (unlikely(!srh_state->valid)) {
0883         if ((srh_state->hdrlen & 7) != 0)
0884             return false;
0885
0886         srh->hdrlen = (u8)(srh_state->hdrlen >> 3);
0887         if (!seg6_validate_srh(srh, (srh->hdrlen + 1) << 3, true))
0888             return false;
0889
0890         srh_state->valid = true;
0891     }
0892
0893     return true;
0894 }
0895
0896 static int input_action_end_bpf(struct sk_buff *skb,
0897                 struct seg6_local_lwt *slwt)
0898 {
0899     struct seg6_bpf_srh_state *srh_state =
0900         this_cpu_ptr(&seg6_bpf_srh_states);
0901     struct ipv6_sr_hdr *srh;
0902     int ret;
0903
0904     srh = get_and_validate_srh(skb);
0905     if (!srh) {
0906         kfree_skb(skb);
0907         return -EINVAL;
0908     }
0909     advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
0910
0911     /* preempt_disable is needed to protect the per-CPU buffer srh_state,
0912      * which is also accessed by the bpf_lwt_seg6_* helpers
0913      */
0914     preempt_disable();
0915     srh_state->srh = srh;
0916     srh_state->hdrlen = srh->hdrlen << 3;
0917     srh_state->valid = true;
0918
0919     rcu_read_lock();
0920     bpf_compute_data_pointers(skb);
0921     ret = bpf_prog_run_save_cb(slwt->bpf.prog, skb);
0922     rcu_read_unlock();
0923
0924     switch (ret) {
0925     case BPF_OK:
0926     case BPF_REDIRECT:
0927         break;
0928     case BPF_DROP:
0929         goto drop;
0930     default:
0931         pr_warn_once("bpf-seg6local: Illegal return value %u\n", ret);
0932         goto drop;
0933     }
0934
0935     if (srh_state->srh && !seg6_bpf_has_valid_srh(skb))
0936         goto drop;
0937
0938     preempt_enable();
0939     if (ret != BPF_REDIRECT)
0940         seg6_lookup_nexthop(skb, NULL, 0);
0941
0942     return dst_input(skb);
0943
0944 drop:
0945     preempt_enable();
0946     kfree_skb(skb);
0947     return -EINVAL;
0948 }
0949
0950 static struct seg6_action_desc seg6_action_table[] = {
0951     {
0952         .action     = SEG6_LOCAL_ACTION_END,
0953         .attrs      = 0,
0954         .optattrs   = SEG6_F_LOCAL_COUNTERS,
0955         .input      = input_action_end,
0956     },
0957     {
0958         .action     = SEG6_LOCAL_ACTION_END_X,
0959         .attrs      = SEG6_F_ATTR(SEG6_LOCAL_NH6),
0960         .optattrs   = SEG6_F_LOCAL_COUNTERS,
0961         .input      = input_action_end_x,
0962     },
0963     {
0964         .action     = SEG6_LOCAL_ACTION_END_T,
0965         .attrs      = SEG6_F_ATTR(SEG6_LOCAL_TABLE),
0966         .optattrs   = SEG6_F_LOCAL_COUNTERS,
0967         .input      = input_action_end_t,
0968     },
0969     {
0970         .action     = SEG6_LOCAL_ACTION_END_DX2,
0971         .attrs      = SEG6_F_ATTR(SEG6_LOCAL_OIF),
0972         .optattrs   = SEG6_F_LOCAL_COUNTERS,
0973         .input      = input_action_end_dx2,
0974     },
0975     {
0976         .action     = SEG6_LOCAL_ACTION_END_DX6,
0977         .attrs      = SEG6_F_ATTR(SEG6_LOCAL_NH6),
0978         .optattrs   = SEG6_F_LOCAL_COUNTERS,
0979         .input      = input_action_end_dx6,
0980     },
0981     {
0982         .action     = SEG6_LOCAL_ACTION_END_DX4,
0983         .attrs      = SEG6_F_ATTR(SEG6_LOCAL_NH4),
0984         .optattrs   = SEG6_F_LOCAL_COUNTERS,
0985         .input      = input_action_end_dx4,
0986     },
0987     {
0988         .action     = SEG6_LOCAL_ACTION_END_DT4,
0989         .attrs      = SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE),
0990         .optattrs   = SEG6_F_LOCAL_COUNTERS,
0991 #ifdef CONFIG_NET_L3_MASTER_DEV
0992         .input      = input_action_end_dt4,
0993         .slwt_ops   = {
0994                     .build_state = seg6_end_dt4_build,
0995                   },
0996 #endif
0997     },
0998     {
0999         .action     = SEG6_LOCAL_ACTION_END_DT6,
1000 #ifdef CONFIG_NET_L3_MASTER_DEV
1001         .attrs      = 0,
1002         .optattrs   = SEG6_F_LOCAL_COUNTERS     |
1003                   SEG6_F_ATTR(SEG6_LOCAL_TABLE) |
1004                   SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE),
1005         .slwt_ops   = {
1006                     .build_state = seg6_end_dt6_build,
1007                   },
1008 #else
1009         .attrs      = SEG6_F_ATTR(SEG6_LOCAL_TABLE),
1010         .optattrs   = SEG6_F_LOCAL_COUNTERS,
1011 #endif
1012         .input      = input_action_end_dt6,
1013     },
1014     {
1015         .action     = SEG6_LOCAL_ACTION_END_DT46,
1016         .attrs      = SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE),
1017         .optattrs   = SEG6_F_LOCAL_COUNTERS,
1018 #ifdef CONFIG_NET_L3_MASTER_DEV
1019         .input      = input_action_end_dt46,
1020         .slwt_ops   = {
1021                     .build_state = seg6_end_dt46_build,
1022                   },
1023 #endif
1024     },
1025     {
1026         .action     = SEG6_LOCAL_ACTION_END_B6,
1027         .attrs      = SEG6_F_ATTR(SEG6_LOCAL_SRH),
1028         .optattrs   = SEG6_F_LOCAL_COUNTERS,
1029         .input      = input_action_end_b6,
1030     },
1031     {
1032         .action     = SEG6_LOCAL_ACTION_END_B6_ENCAP,
1033         .attrs      = SEG6_F_ATTR(SEG6_LOCAL_SRH),
1034         .optattrs   = SEG6_F_LOCAL_COUNTERS,
1035         .input      = input_action_end_b6_encap,
1036         .static_headroom    = sizeof(struct ipv6hdr),
1037     },
1038     {
1039         .action     = SEG6_LOCAL_ACTION_END_BPF,
1040         .attrs      = SEG6_F_ATTR(SEG6_LOCAL_BPF),
1041         .optattrs   = SEG6_F_LOCAL_COUNTERS,
1042         .input      = input_action_end_bpf,
1043     },
1044
1045 };
1046
1047 static struct seg6_action_desc *__get_action_desc(int action)
1048 {
1049     struct seg6_action_desc *desc;
1050     int i, count;
1051
1052     count = ARRAY_SIZE(seg6_action_table);
1053     for (i = 0; i < count; i++) {
1054         desc = &seg6_action_table[i];
1055         if (desc->action == action)
1056             return desc;
1057     }
1058
1059     return NULL;
1060 }
1061
1062 static bool seg6_lwtunnel_counters_enabled(struct seg6_local_lwt *slwt)
1063 {
1064     return slwt->parsed_optattrs & SEG6_F_LOCAL_COUNTERS;
1065 }
1066
1067 static void seg6_local_update_counters(struct seg6_local_lwt *slwt,
1068                        unsigned int len, int err)
1069 {
1070     struct pcpu_seg6_local_counters *pcounters;
1071
1072     pcounters = this_cpu_ptr(slwt->pcpu_counters);
1073     u64_stats_update_begin(&pcounters->syncp);
1074
1075     if (likely(!err)) {
1076         u64_stats_inc(&pcounters->packets);
1077         u64_stats_add(&pcounters->bytes, len);
1078     } else {
1079         u64_stats_inc(&pcounters->errors);
1080     }
1081
1082     u64_stats_update_end(&pcounters->syncp);
1083 }
1084
1085 static int seg6_local_input_core(struct net *net, struct sock *sk,
1086                  struct sk_buff *skb)
1087 {
1088     struct dst_entry *orig_dst = skb_dst(skb);
1089     struct seg6_action_desc *desc;
1090     struct seg6_local_lwt *slwt;
1091     unsigned int len = skb->len;
1092     int rc;
1093
1094     slwt = seg6_local_lwtunnel(orig_dst->lwtstate);
1095     desc = slwt->desc;
1096
1097     rc = desc->input(skb, slwt);
1098
1099     if (!seg6_lwtunnel_counters_enabled(slwt))
1100         return rc;
1101
1102     seg6_local_update_counters(slwt, len, rc);
1103
1104     return rc;
1105 }
1106
1107 static int seg6_local_input(struct sk_buff *skb)
1108 {
1109     if (skb->protocol != htons(ETH_P_IPV6)) {
1110         kfree_skb(skb);
1111         return -EINVAL;
1112     }
1113
1114     if (static_branch_unlikely(&nf_hooks_lwtunnel_enabled))
1115         return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_IN,
1116                    dev_net(skb->dev), NULL, skb, skb->dev, NULL,
1117                    seg6_local_input_core);
1118
1119     return seg6_local_input_core(dev_net(skb->dev), NULL, skb);
1120 }
1121
1122 static const struct nla_policy seg6_local_policy[SEG6_LOCAL_MAX + 1] = {
1123     [SEG6_LOCAL_ACTION] = { .type = NLA_U32 },
1124     [SEG6_LOCAL_SRH]    = { .type = NLA_BINARY },
1125     [SEG6_LOCAL_TABLE]  = { .type = NLA_U32 },
1126     [SEG6_LOCAL_VRFTABLE]   = { .type = NLA_U32 },
1127     [SEG6_LOCAL_NH4]    = { .type = NLA_BINARY,
1128                     .len = sizeof(struct in_addr) },
1129     [SEG6_LOCAL_NH6]    = { .type = NLA_BINARY,
1130                     .len = sizeof(struct in6_addr) },
1131     [SEG6_LOCAL_IIF]    = { .type = NLA_U32 },
1132     [SEG6_LOCAL_OIF]    = { .type = NLA_U32 },
1133     [SEG6_LOCAL_BPF]    = { .type = NLA_NESTED },
1134     [SEG6_LOCAL_COUNTERS]   = { .type = NLA_NESTED },
1135 };
1136
1137 static int parse_nla_srh(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1138 {
1139     struct ipv6_sr_hdr *srh;
1140     int len;
1141
1142     srh = nla_data(attrs[SEG6_LOCAL_SRH]);
1143     len = nla_len(attrs[SEG6_LOCAL_SRH]);
1144
1145     /* SRH must contain at least one segment */
1146     if (len < sizeof(*srh) + sizeof(struct in6_addr))
1147         return -EINVAL;
1148
1149     if (!seg6_validate_srh(srh, len, false))
1150         return -EINVAL;
1151
1152     slwt->srh = kmemdup(srh, len, GFP_KERNEL);
1153     if (!slwt->srh)
1154         return -ENOMEM;
1155
1156     slwt->headroom += len;
1157
1158     return 0;
1159 }
1160
1161 static int put_nla_srh(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1162 {
1163     struct ipv6_sr_hdr *srh;
1164     struct nlattr *nla;
1165     int len;
1166
1167     srh = slwt->srh;
1168     len = (srh->hdrlen + 1) << 3;
1169
1170     nla = nla_reserve(skb, SEG6_LOCAL_SRH, len);
1171     if (!nla)
1172         return -EMSGSIZE;
1173
1174     memcpy(nla_data(nla), srh, len);
1175
1176     return 0;
1177 }
1178
1179 static int cmp_nla_srh(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1180 {
1181     int len = (a->srh->hdrlen + 1) << 3;
1182
1183     if (len != ((b->srh->hdrlen + 1) << 3))
1184         return 1;
1185
1186     return memcmp(a->srh, b->srh, len);
1187 }
1188
1189 static void destroy_attr_srh(struct seg6_local_lwt *slwt)
1190 {
1191     kfree(slwt->srh);
1192 }
1193
1194 static int parse_nla_table(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1195 {
1196     slwt->table = nla_get_u32(attrs[SEG6_LOCAL_TABLE]);
1197
1198     return 0;
1199 }
1200
1201 static int put_nla_table(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1202 {
1203     if (nla_put_u32(skb, SEG6_LOCAL_TABLE, slwt->table))
1204         return -EMSGSIZE;
1205
1206     return 0;
1207 }
1208
1209 static int cmp_nla_table(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1210 {
1211     if (a->table != b->table)
1212         return 1;
1213
1214     return 0;
1215 }
1216
1217 static struct
1218 seg6_end_dt_info *seg6_possible_end_dt_info(struct seg6_local_lwt *slwt)
1219 {
1220 #ifdef CONFIG_NET_L3_MASTER_DEV
1221     return &slwt->dt_info;
1222 #else
1223     return ERR_PTR(-EOPNOTSUPP);
1224 #endif
1225 }
1226
1227 static int parse_nla_vrftable(struct nlattr **attrs,
1228                   struct seg6_local_lwt *slwt)
1229 {
1230     struct seg6_end_dt_info *info = seg6_possible_end_dt_info(slwt);
1231
1232     if (IS_ERR(info))
1233         return PTR_ERR(info);
1234
1235     info->vrf_table = nla_get_u32(attrs[SEG6_LOCAL_VRFTABLE]);
1236
1237     return 0;
1238 }
1239
1240 static int put_nla_vrftable(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1241 {
1242     struct seg6_end_dt_info *info = seg6_possible_end_dt_info(slwt);
1243
1244     if (IS_ERR(info))
1245         return PTR_ERR(info);
1246
1247     if (nla_put_u32(skb, SEG6_LOCAL_VRFTABLE, info->vrf_table))
1248         return -EMSGSIZE;
1249
1250     return 0;
1251 }
1252
1253 static int cmp_nla_vrftable(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1254 {
1255     struct seg6_end_dt_info *info_a = seg6_possible_end_dt_info(a);
1256     struct seg6_end_dt_info *info_b = seg6_possible_end_dt_info(b);
1257
1258     if (info_a->vrf_table != info_b->vrf_table)
1259         return 1;
1260
1261     return 0;
1262 }
1263
1264 static int parse_nla_nh4(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1265 {
1266     memcpy(&slwt->nh4, nla_data(attrs[SEG6_LOCAL_NH4]),
1267            sizeof(struct in_addr));
1268
1269     return 0;
1270 }
1271
1272 static int put_nla_nh4(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1273 {
1274     struct nlattr *nla;
1275
1276     nla = nla_reserve(skb, SEG6_LOCAL_NH4, sizeof(struct in_addr));
1277     if (!nla)
1278         return -EMSGSIZE;
1279
1280     memcpy(nla_data(nla), &slwt->nh4, sizeof(struct in_addr));
1281
1282     return 0;
1283 }
1284
1285 static int cmp_nla_nh4(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1286 {
1287     return memcmp(&a->nh4, &b->nh4, sizeof(struct in_addr));
1288 }
1289
1290 static int parse_nla_nh6(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1291 {
1292     memcpy(&slwt->nh6, nla_data(attrs[SEG6_LOCAL_NH6]),
1293            sizeof(struct in6_addr));
1294
1295     return 0;
1296 }
1297
1298 static int put_nla_nh6(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1299 {
1300     struct nlattr *nla;
1301
1302     nla = nla_reserve(skb, SEG6_LOCAL_NH6, sizeof(struct in6_addr));
1303     if (!nla)
1304         return -EMSGSIZE;
1305
1306     memcpy(nla_data(nla), &slwt->nh6, sizeof(struct in6_addr));
1307
1308     return 0;
1309 }
1310
1311 static int cmp_nla_nh6(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1312 {
1313     return memcmp(&a->nh6, &b->nh6, sizeof(struct in6_addr));
1314 }
1315
1316 static int parse_nla_iif(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1317 {
1318     slwt->iif = nla_get_u32(attrs[SEG6_LOCAL_IIF]);
1319
1320     return 0;
1321 }
1322
1323 static int put_nla_iif(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1324 {
1325     if (nla_put_u32(skb, SEG6_LOCAL_IIF, slwt->iif))
1326         return -EMSGSIZE;
1327
1328     return 0;
1329 }
1330
1331 static int cmp_nla_iif(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1332 {
1333     if (a->iif != b->iif)
1334         return 1;
1335
1336     return 0;
1337 }
1338
1339 static int parse_nla_oif(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1340 {
1341     slwt->oif = nla_get_u32(attrs[SEG6_LOCAL_OIF]);
1342
1343     return 0;
1344 }
1345
1346 static int put_nla_oif(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1347 {
1348     if (nla_put_u32(skb, SEG6_LOCAL_OIF, slwt->oif))
1349         return -EMSGSIZE;
1350
1351     return 0;
1352 }
1353
1354 static int cmp_nla_oif(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1355 {
1356     if (a->oif != b->oif)
1357         return 1;
1358
1359     return 0;
1360 }
1361
1362 #define MAX_PROG_NAME 256
1363 static const struct nla_policy bpf_prog_policy[SEG6_LOCAL_BPF_PROG_MAX + 1] = {
1364     [SEG6_LOCAL_BPF_PROG]      = { .type = NLA_U32, },
1365     [SEG6_LOCAL_BPF_PROG_NAME] = { .type = NLA_NUL_STRING,
1366                        .len = MAX_PROG_NAME },
1367 };
1368
1369 static int parse_nla_bpf(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1370 {
1371     struct nlattr *tb[SEG6_LOCAL_BPF_PROG_MAX + 1];
1372     struct bpf_prog *p;
1373     int ret;
1374     u32 fd;
1375
1376     ret = nla_parse_nested_deprecated(tb, SEG6_LOCAL_BPF_PROG_MAX,
1377                       attrs[SEG6_LOCAL_BPF],
1378                       bpf_prog_policy, NULL);
1379     if (ret < 0)
1380         return ret;
1381
1382     if (!tb[SEG6_LOCAL_BPF_PROG] || !tb[SEG6_LOCAL_BPF_PROG_NAME])
1383         return -EINVAL;
1384
1385     slwt->bpf.name = nla_memdup(tb[SEG6_LOCAL_BPF_PROG_NAME], GFP_KERNEL);
1386     if (!slwt->bpf.name)
1387         return -ENOMEM;
1388
1389     fd = nla_get_u32(tb[SEG6_LOCAL_BPF_PROG]);
1390     p = bpf_prog_get_type(fd, BPF_PROG_TYPE_LWT_SEG6LOCAL);
1391     if (IS_ERR(p)) {
1392         kfree(slwt->bpf.name);
1393         return PTR_ERR(p);
1394     }
1395
1396     slwt->bpf.prog = p;
1397     return 0;
1398 }
1399
1400 static int put_nla_bpf(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1401 {
1402     struct nlattr *nest;
1403
1404     if (!slwt->bpf.prog)
1405         return 0;
1406
1407     nest = nla_nest_start_noflag(skb, SEG6_LOCAL_BPF);
1408     if (!nest)
1409         return -EMSGSIZE;
1410
1411     if (nla_put_u32(skb, SEG6_LOCAL_BPF_PROG, slwt->bpf.prog->aux->id))
1412         return -EMSGSIZE;
1413
1414     if (slwt->bpf.name &&
1415         nla_put_string(skb, SEG6_LOCAL_BPF_PROG_NAME, slwt->bpf.name))
1416         return -EMSGSIZE;
1417
1418     return nla_nest_end(skb, nest);
1419 }
1420
1421 static int cmp_nla_bpf(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1422 {
1423     if (!a->bpf.name && !b->bpf.name)
1424         return 0;
1425
1426     if (!a->bpf.name || !b->bpf.name)
1427         return 1;
1428
1429     return strcmp(a->bpf.name, b->bpf.name);
1430 }
1431
1432 static void destroy_attr_bpf(struct seg6_local_lwt *slwt)
1433 {
1434     kfree(slwt->bpf.name);
1435     if (slwt->bpf.prog)
1436         bpf_prog_put(slwt->bpf.prog);
1437 }
1438
1439 static const struct
1440 nla_policy seg6_local_counters_policy[SEG6_LOCAL_CNT_MAX + 1] = {
1441     [SEG6_LOCAL_CNT_PACKETS]    = { .type = NLA_U64 },
1442     [SEG6_LOCAL_CNT_BYTES]      = { .type = NLA_U64 },
1443     [SEG6_LOCAL_CNT_ERRORS]     = { .type = NLA_U64 },
1444 };
1445
1446 static int parse_nla_counters(struct nlattr **attrs,
1447                   struct seg6_local_lwt *slwt)
1448 {
1449     struct pcpu_seg6_local_counters __percpu *pcounters;
1450     struct nlattr *tb[SEG6_LOCAL_CNT_MAX + 1];
1451     int ret;
1452
1453     ret = nla_parse_nested_deprecated(tb, SEG6_LOCAL_CNT_MAX,
1454                       attrs[SEG6_LOCAL_COUNTERS],
1455                       seg6_local_counters_policy, NULL);
1456     if (ret < 0)
1457         return ret;
1458
1459     /* basic support for SRv6 Behavior counters requires at least:
1460      * packets, bytes and errors.
1461      */
1462     if (!tb[SEG6_LOCAL_CNT_PACKETS] || !tb[SEG6_LOCAL_CNT_BYTES] ||
1463         !tb[SEG6_LOCAL_CNT_ERRORS])
1464         return -EINVAL;
1465
1466     /* counters are always zero initialized */
1467     pcounters = seg6_local_alloc_pcpu_counters(GFP_KERNEL);
1468     if (!pcounters)
1469         return -ENOMEM;
1470
1471     slwt->pcpu_counters = pcounters;
1472
1473     return 0;
1474 }
1475
1476 static int seg6_local_fill_nla_counters(struct sk_buff *skb,
1477                     struct seg6_local_counters *counters)
1478 {
1479     if (nla_put_u64_64bit(skb, SEG6_LOCAL_CNT_PACKETS, counters->packets,
1480                   SEG6_LOCAL_CNT_PAD))
1481         return -EMSGSIZE;
1482
1483     if (nla_put_u64_64bit(skb, SEG6_LOCAL_CNT_BYTES, counters->bytes,
1484                   SEG6_LOCAL_CNT_PAD))
1485         return -EMSGSIZE;
1486
1487     if (nla_put_u64_64bit(skb, SEG6_LOCAL_CNT_ERRORS, counters->errors,
1488                   SEG6_LOCAL_CNT_PAD))
1489         return -EMSGSIZE;
1490
1491     return 0;
1492 }
1493
1494 static int put_nla_counters(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1495 {
1496     struct seg6_local_counters counters = { 0, 0, 0 };
1497     struct nlattr *nest;
1498     int rc, i;
1499
1500     nest = nla_nest_start(skb, SEG6_LOCAL_COUNTERS);
1501     if (!nest)
1502         return -EMSGSIZE;
1503
1504     for_each_possible_cpu(i) {
1505         struct pcpu_seg6_local_counters *pcounters;
1506         u64 packets, bytes, errors;
1507         unsigned int start;
1508
1509         pcounters = per_cpu_ptr(slwt->pcpu_counters, i);
1510         do {
1511             start = u64_stats_fetch_begin_irq(&pcounters->syncp);
1512
1513             packets = u64_stats_read(&pcounters->packets);
1514             bytes = u64_stats_read(&pcounters->bytes);
1515             errors = u64_stats_read(&pcounters->errors);
1516
1517         } while (u64_stats_fetch_retry_irq(&pcounters->syncp, start));
1518
1519         counters.packets += packets;
1520         counters.bytes += bytes;
1521         counters.errors += errors;
1522     }
1523
1524     rc = seg6_local_fill_nla_counters(skb, &counters);
1525     if (rc < 0) {
1526         nla_nest_cancel(skb, nest);
1527         return rc;
1528     }
1529
1530     return nla_nest_end(skb, nest);
1531 }
1532
1533 static int cmp_nla_counters(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1534 {
1535     /* a and b are equal if both have pcpu_counters set or not */
1536     return (!!((unsigned long)a->pcpu_counters)) ^
1537         (!!((unsigned long)b->pcpu_counters));
1538 }
1539
1540 static void destroy_attr_counters(struct seg6_local_lwt *slwt)
1541 {
1542     free_percpu(slwt->pcpu_counters);
1543 }
1544
1545 struct seg6_action_param {
1546     int (*parse)(struct nlattr **attrs, struct seg6_local_lwt *slwt);
1547     int (*put)(struct sk_buff *skb, struct seg6_local_lwt *slwt);
1548     int (*cmp)(struct seg6_local_lwt *a, struct seg6_local_lwt *b);
1549
1550     /* optional destroy() callback useful for releasing resources which
1551      * have been previously acquired in the corresponding parse()
1552      * function.
1553      */
1554     void (*destroy)(struct seg6_local_lwt *slwt);
1555 };
1556
1557 static struct seg6_action_param seg6_action_params[SEG6_LOCAL_MAX + 1] = {
1558     [SEG6_LOCAL_SRH]    = { .parse = parse_nla_srh,
1559                     .put = put_nla_srh,
1560                     .cmp = cmp_nla_srh,
1561                     .destroy = destroy_attr_srh },
1562
1563     [SEG6_LOCAL_TABLE]  = { .parse = parse_nla_table,
1564                     .put = put_nla_table,
1565                     .cmp = cmp_nla_table },
1566
1567     [SEG6_LOCAL_NH4]    = { .parse = parse_nla_nh4,
1568                     .put = put_nla_nh4,
1569                     .cmp = cmp_nla_nh4 },
1570
1571     [SEG6_LOCAL_NH6]    = { .parse = parse_nla_nh6,
1572                     .put = put_nla_nh6,
1573                     .cmp = cmp_nla_nh6 },
1574
1575     [SEG6_LOCAL_IIF]    = { .parse = parse_nla_iif,
1576                     .put = put_nla_iif,
1577                     .cmp = cmp_nla_iif },
1578
1579     [SEG6_LOCAL_OIF]    = { .parse = parse_nla_oif,
1580                     .put = put_nla_oif,
1581                     .cmp = cmp_nla_oif },
1582
1583     [SEG6_LOCAL_BPF]    = { .parse = parse_nla_bpf,
1584                     .put = put_nla_bpf,
1585                     .cmp = cmp_nla_bpf,
1586                     .destroy = destroy_attr_bpf },
1587
1588     [SEG6_LOCAL_VRFTABLE]   = { .parse = parse_nla_vrftable,
1589                     .put = put_nla_vrftable,
1590                     .cmp = cmp_nla_vrftable },
1591
1592     [SEG6_LOCAL_COUNTERS]   = { .parse = parse_nla_counters,
1593                     .put = put_nla_counters,
1594                     .cmp = cmp_nla_counters,
1595                     .destroy = destroy_attr_counters },
1596 };
1597
1598 /* call the destroy() callback (if available) for each set attribute in
1599  * @parsed_attrs, starting from the first attribute up to the @max_parsed
1600  * (excluded) attribute.
1601  */
1602 static void __destroy_attrs(unsigned long parsed_attrs, int max_parsed,
1603                 struct seg6_local_lwt *slwt)
1604 {
1605     struct seg6_action_param *param;
1606     int i;
1607
1608     /* Every required seg6local attribute is identified by an ID which is
1609      * encoded as a flag (i.e: 1 << ID) in the 'attrs' bitmask;
1610      *
1611      * We scan the 'parsed_attrs' bitmask, starting from the first attribute
1612      * up to the @max_parsed (excluded) attribute.
1613      * For each set attribute, we retrieve the corresponding destroy()
1614      * callback. If the callback is not available, then we skip to the next
1615      * attribute; otherwise, we call the destroy() callback.
1616      */
1617     for (i = SEG6_LOCAL_SRH; i < max_parsed; ++i) {
1618         if (!(parsed_attrs & SEG6_F_ATTR(i)))
1619             continue;
1620
1621         param = &seg6_action_params[i];
1622
1623         if (param->destroy)
1624             param->destroy(slwt);
1625     }
1626 }
1627
1628 /* release all the resources that may have been acquired during parsing
1629  * operations.
1630  */
1631 static void destroy_attrs(struct seg6_local_lwt *slwt)
1632 {
1633     unsigned long attrs = slwt->desc->attrs | slwt->parsed_optattrs;
1634
1635     __destroy_attrs(attrs, SEG6_LOCAL_MAX + 1, slwt);
1636 }
1637
1638 static int parse_nla_optional_attrs(struct nlattr **attrs,
1639                     struct seg6_local_lwt *slwt)
1640 {
1641     struct seg6_action_desc *desc = slwt->desc;
1642     unsigned long parsed_optattrs = 0;
1643     struct seg6_action_param *param;
1644     int err, i;
1645
1646     for (i = SEG6_LOCAL_SRH; i < SEG6_LOCAL_MAX + 1; ++i) {
1647         if (!(desc->optattrs & SEG6_F_ATTR(i)) || !attrs[i])
1648             continue;
1649
1650         /* once here, the i-th attribute is provided by the
1651          * userspace AND it is identified optional as well.
1652          */
1653         param = &seg6_action_params[i];
1654
1655         err = param->parse(attrs, slwt);
1656         if (err < 0)
1657             goto parse_optattrs_err;
1658
1659         /* current attribute has been correctly parsed */
1660         parsed_optattrs |= SEG6_F_ATTR(i);
1661     }
1662
1663     /* store in the tunnel state all the optional attributed successfully
1664      * parsed.
1665      */
1666     slwt->parsed_optattrs = parsed_optattrs;
1667
1668     return 0;
1669
1670 parse_optattrs_err:
1671     __destroy_attrs(parsed_optattrs, i, slwt);
1672
1673     return err;
1674 }
1675
1676 /* call the custom constructor of the behavior during its initialization phase
1677  * and after that all its attributes have been parsed successfully.
1678  */
1679 static int
1680 seg6_local_lwtunnel_build_state(struct seg6_local_lwt *slwt, const void *cfg,
1681                 struct netlink_ext_ack *extack)
1682 {
1683     struct seg6_action_desc *desc = slwt->desc;
1684     struct seg6_local_lwtunnel_ops *ops;
1685
1686     ops = &desc->slwt_ops;
1687     if (!ops->build_state)
1688         return 0;
1689
1690     return ops->build_state(slwt, cfg, extack);
1691 }
1692
1693 /* call the custom destructor of the behavior which is invoked before the
1694  * tunnel is going to be destroyed.
1695  */
1696 static void seg6_local_lwtunnel_destroy_state(struct seg6_local_lwt *slwt)
1697 {
1698     struct seg6_action_desc *desc = slwt->desc;
1699     struct seg6_local_lwtunnel_ops *ops;
1700
1701     ops = &desc->slwt_ops;
1702     if (!ops->destroy_state)
1703         return;
1704
1705     ops->destroy_state(slwt);
1706 }
1707
1708 static int parse_nla_action(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1709 {
1710     struct seg6_action_param *param;
1711     struct seg6_action_desc *desc;
1712     unsigned long invalid_attrs;
1713     int i, err;
1714
1715     desc = __get_action_desc(slwt->action);
1716     if (!desc)
1717         return -EINVAL;
1718
1719     if (!desc->input)
1720         return -EOPNOTSUPP;
1721
1722     slwt->desc = desc;
1723     slwt->headroom += desc->static_headroom;
1724
1725     /* Forcing the desc->optattrs *set* and the desc->attrs *set* to be
1726      * disjoined, this allow us to release acquired resources by optional
1727      * attributes and by required attributes independently from each other
1728      * without any interference.
1729      * In other terms, we are sure that we do not release some the acquired
1730      * resources twice.
1731      *
1732      * Note that if an attribute is configured both as required and as
1733      * optional, it means that the user has messed something up in the
1734      * seg6_action_table. Therefore, this check is required for SRv6
1735      * behaviors to work properly.
1736      */
1737     invalid_attrs = desc->attrs & desc->optattrs;
1738     if (invalid_attrs) {
1739         WARN_ONCE(1,
1740               "An attribute cannot be both required AND optional");
1741         return -EINVAL;
1742     }
1743
1744     /* parse the required attributes */
1745     for (i = SEG6_LOCAL_SRH; i < SEG6_LOCAL_MAX + 1; i++) {
1746         if (desc->attrs & SEG6_F_ATTR(i)) {
1747             if (!attrs[i])
1748                 return -EINVAL;
1749
1750             param = &seg6_action_params[i];
1751
1752             err = param->parse(attrs, slwt);
1753             if (err < 0)
1754                 goto parse_attrs_err;
1755         }
1756     }
1757
1758     /* parse the optional attributes, if any */
1759     err = parse_nla_optional_attrs(attrs, slwt);
1760     if (err < 0)
1761         goto parse_attrs_err;
1762
1763     return 0;
1764
1765 parse_attrs_err:
1766     /* release any resource that may have been acquired during the i-1
1767      * parse() operations.
1768      */
1769     __destroy_attrs(desc->attrs, i, slwt);
1770
1771     return err;
1772 }
1773
1774 static int seg6_local_build_state(struct net *net, struct nlattr *nla,
1775                   unsigned int family, const void *cfg,
1776                   struct lwtunnel_state **ts,
1777                   struct netlink_ext_ack *extack)
1778 {
1779     struct nlattr *tb[SEG6_LOCAL_MAX + 1];
1780     struct lwtunnel_state *newts;
1781     struct seg6_local_lwt *slwt;
1782     int err;
1783
1784     if (family != AF_INET6)
1785         return -EINVAL;
1786
1787     err = nla_parse_nested_deprecated(tb, SEG6_LOCAL_MAX, nla,
1788                       seg6_local_policy, extack);
1789
1790     if (err < 0)
1791         return err;
1792
1793     if (!tb[SEG6_LOCAL_ACTION])
1794         return -EINVAL;
1795
1796     newts = lwtunnel_state_alloc(sizeof(*slwt));
1797     if (!newts)
1798         return -ENOMEM;
1799
1800     slwt = seg6_local_lwtunnel(newts);
1801     slwt->action = nla_get_u32(tb[SEG6_LOCAL_ACTION]);
1802
1803     err = parse_nla_action(tb, slwt);
1804     if (err < 0)
1805         goto out_free;
1806
1807     err = seg6_local_lwtunnel_build_state(slwt, cfg, extack);
1808     if (err < 0)
1809         goto out_destroy_attrs;
1810
1811     newts->type = LWTUNNEL_ENCAP_SEG6_LOCAL;
1812     newts->flags = LWTUNNEL_STATE_INPUT_REDIRECT;
1813     newts->headroom = slwt->headroom;
1814
1815     *ts = newts;
1816
1817     return 0;
1818
1819 out_destroy_attrs:
1820     destroy_attrs(slwt);
1821 out_free:
1822     kfree(newts);
1823     return err;
1824 }
1825
1826 static void seg6_local_destroy_state(struct lwtunnel_state *lwt)
1827 {
1828     struct seg6_local_lwt *slwt = seg6_local_lwtunnel(lwt);
1829
1830     seg6_local_lwtunnel_destroy_state(slwt);
1831
1832     destroy_attrs(slwt);
1833
1834     return;
1835 }
1836
1837 static int seg6_local_fill_encap(struct sk_buff *skb,
1838                  struct lwtunnel_state *lwt)
1839 {
1840     struct seg6_local_lwt *slwt = seg6_local_lwtunnel(lwt);
1841     struct seg6_action_param *param;
1842     unsigned long attrs;
1843     int i, err;
1844
1845     if (nla_put_u32(skb, SEG6_LOCAL_ACTION, slwt->action))
1846         return -EMSGSIZE;
1847
1848     attrs = slwt->desc->attrs | slwt->parsed_optattrs;
1849
1850     for (i = SEG6_LOCAL_SRH; i < SEG6_LOCAL_MAX + 1; i++) {
1851         if (attrs & SEG6_F_ATTR(i)) {
1852             param = &seg6_action_params[i];
1853             err = param->put(skb, slwt);
1854             if (err < 0)
1855                 return err;
1856         }
1857     }
1858
1859     return 0;
1860 }
1861
1862 static int seg6_local_get_encap_size(struct lwtunnel_state *lwt)
1863 {
1864     struct seg6_local_lwt *slwt = seg6_local_lwtunnel(lwt);
1865     unsigned long attrs;
1866     int nlsize;
1867
1868     nlsize = nla_total_size(4); /* action */
1869
1870     attrs = slwt->desc->attrs | slwt->parsed_optattrs;
1871
1872     if (attrs & SEG6_F_ATTR(SEG6_LOCAL_SRH))
1873         nlsize += nla_total_size((slwt->srh->hdrlen + 1) << 3);
1874
1875     if (attrs & SEG6_F_ATTR(SEG6_LOCAL_TABLE))
1876         nlsize += nla_total_size(4);
1877
1878     if (attrs & SEG6_F_ATTR(SEG6_LOCAL_NH4))
1879         nlsize += nla_total_size(4);
1880
1881     if (attrs & SEG6_F_ATTR(SEG6_LOCAL_NH6))
1882         nlsize += nla_total_size(16);
1883
1884     if (attrs & SEG6_F_ATTR(SEG6_LOCAL_IIF))
1885         nlsize += nla_total_size(4);
1886
1887     if (attrs & SEG6_F_ATTR(SEG6_LOCAL_OIF))
1888         nlsize += nla_total_size(4);
1889
1890     if (attrs & SEG6_F_ATTR(SEG6_LOCAL_BPF))
1891         nlsize += nla_total_size(sizeof(struct nlattr)) +
1892                nla_total_size(MAX_PROG_NAME) +
1893                nla_total_size(4);
1894
1895     if (attrs & SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE))
1896         nlsize += nla_total_size(4);
1897
1898     if (attrs & SEG6_F_LOCAL_COUNTERS)
1899         nlsize += nla_total_size(0) + /* nest SEG6_LOCAL_COUNTERS */
1900               /* SEG6_LOCAL_CNT_PACKETS */
1901               nla_total_size_64bit(sizeof(__u64)) +
1902               /* SEG6_LOCAL_CNT_BYTES */
1903               nla_total_size_64bit(sizeof(__u64)) +
1904               /* SEG6_LOCAL_CNT_ERRORS */
1905               nla_total_size_64bit(sizeof(__u64));
1906
1907     return nlsize;
1908 }
1909
1910 static int seg6_local_cmp_encap(struct lwtunnel_state *a,
1911                 struct lwtunnel_state *b)
1912 {
1913     struct seg6_local_lwt *slwt_a, *slwt_b;
1914     struct seg6_action_param *param;
1915     unsigned long attrs_a, attrs_b;
1916     int i;
1917
1918     slwt_a = seg6_local_lwtunnel(a);
1919     slwt_b = seg6_local_lwtunnel(b);
1920
1921     if (slwt_a->action != slwt_b->action)
1922         return 1;
1923
1924     attrs_a = slwt_a->desc->attrs | slwt_a->parsed_optattrs;
1925     attrs_b = slwt_b->desc->attrs | slwt_b->parsed_optattrs;
1926
1927     if (attrs_a != attrs_b)
1928         return 1;
1929
1930     for (i = SEG6_LOCAL_SRH; i < SEG6_LOCAL_MAX + 1; i++) {
1931         if (attrs_a & SEG6_F_ATTR(i)) {
1932             param = &seg6_action_params[i];
1933             if (param->cmp(slwt_a, slwt_b))
1934                 return 1;
1935         }
1936     }
1937
1938     return 0;
1939 }
1940
1941 static const struct lwtunnel_encap_ops seg6_local_ops = {
1942     .build_state    = seg6_local_build_state,
1943     .destroy_state  = seg6_local_destroy_state,
1944     .input      = seg6_local_input,
1945     .fill_encap = seg6_local_fill_encap,
1946     .get_encap_size = seg6_local_get_encap_size,
1947     .cmp_encap  = seg6_local_cmp_encap,
1948     .owner      = THIS_MODULE,
1949 };
1950
1951 int __init seg6_local_init(void)
1952 {
1953     /* If the max total number of defined attributes is reached, then your
1954      * kernel build stops here.
1955      *
1956      * This check is required to avoid arithmetic overflows when processing
1957      * behavior attributes and the maximum number of defined attributes
1958      * exceeds the allowed value.
1959      */
1960     BUILD_BUG_ON(SEG6_LOCAL_MAX + 1 > BITS_PER_TYPE(unsigned long));
1961
1962     return lwtunnel_encap_add_ops(&seg6_local_ops,
1963                       LWTUNNEL_ENCAP_SEG6_LOCAL);
1964 }
1965
1966 void seg6_local_exit(void)
1967 {
1968     lwtunnel_encap_del_ops(&seg6_local_ops, LWTUNNEL_ENCAP_SEG6_LOCAL);
1969 }