0001
0002
0003
0004
0005
0006
0007
0008
0009
0010
0011 #include <linux/module.h>
0012 #include <linux/capability.h>
0013 #include <linux/errno.h>
0014 #include <linux/types.h>
0015 #include <linux/sockios.h>
0016 #include <linux/icmp.h>
0017 #include <linux/if.h>
0018 #include <linux/in.h>
0019 #include <linux/ip.h>
0020 #include <linux/net.h>
0021 #include <linux/in6.h>
0022 #include <linux/netdevice.h>
0023 #include <linux/if_link.h>
0024 #include <linux/if_arp.h>
0025 #include <linux/icmpv6.h>
0026 #include <linux/init.h>
0027 #include <linux/route.h>
0028 #include <linux/rtnetlink.h>
0029 #include <linux/netfilter_ipv6.h>
0030 #include <linux/slab.h>
0031 #include <linux/hash.h>
0032
0033 #include <linux/uaccess.h>
0034 #include <linux/atomic.h>
0035
0036 #include <net/icmp.h>
0037 #include <net/ip.h>
0038 #include <net/ipv6.h>
0039 #include <net/ip6_route.h>
0040 #include <net/ip_tunnels.h>
0041 #include <net/addrconf.h>
0042 #include <net/xfrm.h>
0043 #include <net/net_namespace.h>
0044 #include <net/netns/generic.h>
0045 #include <linux/etherdevice.h>
0046
0047 static int xfrmi_dev_init(struct net_device *dev);
0048 static void xfrmi_dev_setup(struct net_device *dev);
0049 static struct rtnl_link_ops xfrmi_link_ops __read_mostly;
0050 static unsigned int xfrmi_net_id __read_mostly;
0051 static const struct net_device_ops xfrmi_netdev_ops;
0052
0053 #define XFRMI_HASH_BITS 8
0054 #define XFRMI_HASH_SIZE BIT(XFRMI_HASH_BITS)
0055
0056 struct xfrmi_net {
0057
0058 struct xfrm_if __rcu *xfrmi[XFRMI_HASH_SIZE];
0059 };
0060
0061 #define for_each_xfrmi_rcu(start, xi) \
0062 for (xi = rcu_dereference(start); xi; xi = rcu_dereference(xi->next))
0063
0064 static u32 xfrmi_hash(u32 if_id)
0065 {
0066 return hash_32(if_id, XFRMI_HASH_BITS);
0067 }
0068
0069 static struct xfrm_if *xfrmi_lookup(struct net *net, struct xfrm_state *x)
0070 {
0071 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
0072 struct xfrm_if *xi;
0073
0074 for_each_xfrmi_rcu(xfrmn->xfrmi[xfrmi_hash(x->if_id)], xi) {
0075 if (x->if_id == xi->p.if_id &&
0076 (xi->dev->flags & IFF_UP))
0077 return xi;
0078 }
0079
0080 return NULL;
0081 }
0082
0083 static struct xfrm_if *xfrmi_decode_session(struct sk_buff *skb,
0084 unsigned short family)
0085 {
0086 struct net_device *dev;
0087 int ifindex = 0;
0088
0089 if (!secpath_exists(skb) || !skb->dev)
0090 return NULL;
0091
0092 switch (family) {
0093 case AF_INET6:
0094 ifindex = inet6_sdif(skb);
0095 break;
0096 case AF_INET:
0097 ifindex = inet_sdif(skb);
0098 break;
0099 }
0100
0101 if (ifindex) {
0102 struct net *net = xs_net(xfrm_input_state(skb));
0103
0104 dev = dev_get_by_index_rcu(net, ifindex);
0105 } else {
0106 dev = skb->dev;
0107 }
0108
0109 if (!dev || !(dev->flags & IFF_UP))
0110 return NULL;
0111 if (dev->netdev_ops != &xfrmi_netdev_ops)
0112 return NULL;
0113
0114 return netdev_priv(dev);
0115 }
0116
0117 static void xfrmi_link(struct xfrmi_net *xfrmn, struct xfrm_if *xi)
0118 {
0119 struct xfrm_if __rcu **xip = &xfrmn->xfrmi[xfrmi_hash(xi->p.if_id)];
0120
0121 rcu_assign_pointer(xi->next , rtnl_dereference(*xip));
0122 rcu_assign_pointer(*xip, xi);
0123 }
0124
0125 static void xfrmi_unlink(struct xfrmi_net *xfrmn, struct xfrm_if *xi)
0126 {
0127 struct xfrm_if __rcu **xip;
0128 struct xfrm_if *iter;
0129
0130 for (xip = &xfrmn->xfrmi[xfrmi_hash(xi->p.if_id)];
0131 (iter = rtnl_dereference(*xip)) != NULL;
0132 xip = &iter->next) {
0133 if (xi == iter) {
0134 rcu_assign_pointer(*xip, xi->next);
0135 break;
0136 }
0137 }
0138 }
0139
0140 static void xfrmi_dev_free(struct net_device *dev)
0141 {
0142 struct xfrm_if *xi = netdev_priv(dev);
0143
0144 gro_cells_destroy(&xi->gro_cells);
0145 free_percpu(dev->tstats);
0146 }
0147
0148 static int xfrmi_create(struct net_device *dev)
0149 {
0150 struct xfrm_if *xi = netdev_priv(dev);
0151 struct net *net = dev_net(dev);
0152 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
0153 int err;
0154
0155 dev->rtnl_link_ops = &xfrmi_link_ops;
0156 err = register_netdevice(dev);
0157 if (err < 0)
0158 goto out;
0159
0160 xfrmi_link(xfrmn, xi);
0161
0162 return 0;
0163
0164 out:
0165 return err;
0166 }
0167
0168 static struct xfrm_if *xfrmi_locate(struct net *net, struct xfrm_if_parms *p)
0169 {
0170 struct xfrm_if __rcu **xip;
0171 struct xfrm_if *xi;
0172 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
0173
0174 for (xip = &xfrmn->xfrmi[xfrmi_hash(p->if_id)];
0175 (xi = rtnl_dereference(*xip)) != NULL;
0176 xip = &xi->next)
0177 if (xi->p.if_id == p->if_id)
0178 return xi;
0179
0180 return NULL;
0181 }
0182
0183 static void xfrmi_dev_uninit(struct net_device *dev)
0184 {
0185 struct xfrm_if *xi = netdev_priv(dev);
0186 struct xfrmi_net *xfrmn = net_generic(xi->net, xfrmi_net_id);
0187
0188 xfrmi_unlink(xfrmn, xi);
0189 }
0190
0191 static void xfrmi_scrub_packet(struct sk_buff *skb, bool xnet)
0192 {
0193 skb_clear_tstamp(skb);
0194 skb->pkt_type = PACKET_HOST;
0195 skb->skb_iif = 0;
0196 skb->ignore_df = 0;
0197 skb_dst_drop(skb);
0198 nf_reset_ct(skb);
0199 nf_reset_trace(skb);
0200
0201 if (!xnet)
0202 return;
0203
0204 ipvs_reset(skb);
0205 secpath_reset(skb);
0206 skb_orphan(skb);
0207 skb->mark = 0;
0208 }
0209
0210 static int xfrmi_rcv_cb(struct sk_buff *skb, int err)
0211 {
0212 const struct xfrm_mode *inner_mode;
0213 struct net_device *dev;
0214 struct xfrm_state *x;
0215 struct xfrm_if *xi;
0216 bool xnet;
0217
0218 if (err && !secpath_exists(skb))
0219 return 0;
0220
0221 x = xfrm_input_state(skb);
0222
0223 xi = xfrmi_lookup(xs_net(x), x);
0224 if (!xi)
0225 return 1;
0226
0227 dev = xi->dev;
0228 skb->dev = dev;
0229
0230 if (err) {
0231 dev->stats.rx_errors++;
0232 dev->stats.rx_dropped++;
0233
0234 return 0;
0235 }
0236
0237 xnet = !net_eq(xi->net, dev_net(skb->dev));
0238
0239 if (xnet) {
0240 inner_mode = &x->inner_mode;
0241
0242 if (x->sel.family == AF_UNSPEC) {
0243 inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
0244 if (inner_mode == NULL) {
0245 XFRM_INC_STATS(dev_net(skb->dev),
0246 LINUX_MIB_XFRMINSTATEMODEERROR);
0247 return -EINVAL;
0248 }
0249 }
0250
0251 if (!xfrm_policy_check(NULL, XFRM_POLICY_IN, skb,
0252 inner_mode->family))
0253 return -EPERM;
0254 }
0255
0256 xfrmi_scrub_packet(skb, xnet);
0257 dev_sw_netstats_rx_add(dev, skb->len);
0258
0259 return 0;
0260 }
0261
0262 static int
0263 xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
0264 {
0265 struct xfrm_if *xi = netdev_priv(dev);
0266 struct net_device_stats *stats = &xi->dev->stats;
0267 struct dst_entry *dst = skb_dst(skb);
0268 unsigned int length = skb->len;
0269 struct net_device *tdev;
0270 struct xfrm_state *x;
0271 int err = -1;
0272 int mtu;
0273
0274 dst_hold(dst);
0275 dst = xfrm_lookup_with_ifid(xi->net, dst, fl, NULL, 0, xi->p.if_id);
0276 if (IS_ERR(dst)) {
0277 err = PTR_ERR(dst);
0278 dst = NULL;
0279 goto tx_err_link_failure;
0280 }
0281
0282 x = dst->xfrm;
0283 if (!x)
0284 goto tx_err_link_failure;
0285
0286 if (x->if_id != xi->p.if_id)
0287 goto tx_err_link_failure;
0288
0289 tdev = dst->dev;
0290
0291 if (tdev == dev) {
0292 stats->collisions++;
0293 net_warn_ratelimited("%s: Local routing loop detected!\n",
0294 dev->name);
0295 goto tx_err_dst_release;
0296 }
0297
0298 mtu = dst_mtu(dst);
0299 if ((!skb_is_gso(skb) && skb->len > mtu) ||
0300 (skb_is_gso(skb) && !skb_gso_validate_network_len(skb, mtu))) {
0301 skb_dst_update_pmtu_no_confirm(skb, mtu);
0302
0303 if (skb->protocol == htons(ETH_P_IPV6)) {
0304 if (mtu < IPV6_MIN_MTU)
0305 mtu = IPV6_MIN_MTU;
0306
0307 if (skb->len > 1280)
0308 icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
0309 else
0310 goto xmit;
0311 } else {
0312 if (!(ip_hdr(skb)->frag_off & htons(IP_DF)))
0313 goto xmit;
0314 icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
0315 htonl(mtu));
0316 }
0317
0318 dst_release(dst);
0319 return -EMSGSIZE;
0320 }
0321
0322 xmit:
0323 xfrmi_scrub_packet(skb, !net_eq(xi->net, dev_net(dev)));
0324 skb_dst_set(skb, dst);
0325 skb->dev = tdev;
0326
0327 err = dst_output(xi->net, skb->sk, skb);
0328 if (net_xmit_eval(err) == 0) {
0329 dev_sw_netstats_tx_add(dev, 1, length);
0330 } else {
0331 stats->tx_errors++;
0332 stats->tx_aborted_errors++;
0333 }
0334
0335 return 0;
0336 tx_err_link_failure:
0337 stats->tx_carrier_errors++;
0338 dst_link_failure(skb);
0339 tx_err_dst_release:
0340 dst_release(dst);
0341 return err;
0342 }
0343
0344 static netdev_tx_t xfrmi_xmit(struct sk_buff *skb, struct net_device *dev)
0345 {
0346 struct xfrm_if *xi = netdev_priv(dev);
0347 struct net_device_stats *stats = &xi->dev->stats;
0348 struct dst_entry *dst = skb_dst(skb);
0349 struct flowi fl;
0350 int ret;
0351
0352 memset(&fl, 0, sizeof(fl));
0353
0354 switch (skb->protocol) {
0355 case htons(ETH_P_IPV6):
0356 xfrm_decode_session(skb, &fl, AF_INET6);
0357 memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
0358 if (!dst) {
0359 fl.u.ip6.flowi6_oif = dev->ifindex;
0360 fl.u.ip6.flowi6_flags |= FLOWI_FLAG_ANYSRC;
0361 dst = ip6_route_output(dev_net(dev), NULL, &fl.u.ip6);
0362 if (dst->error) {
0363 dst_release(dst);
0364 stats->tx_carrier_errors++;
0365 goto tx_err;
0366 }
0367 skb_dst_set(skb, dst);
0368 }
0369 break;
0370 case htons(ETH_P_IP):
0371 xfrm_decode_session(skb, &fl, AF_INET);
0372 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
0373 if (!dst) {
0374 struct rtable *rt;
0375
0376 fl.u.ip4.flowi4_oif = dev->ifindex;
0377 fl.u.ip4.flowi4_flags |= FLOWI_FLAG_ANYSRC;
0378 rt = __ip_route_output_key(dev_net(dev), &fl.u.ip4);
0379 if (IS_ERR(rt)) {
0380 stats->tx_carrier_errors++;
0381 goto tx_err;
0382 }
0383 skb_dst_set(skb, &rt->dst);
0384 }
0385 break;
0386 default:
0387 goto tx_err;
0388 }
0389
0390 fl.flowi_oif = xi->p.link;
0391
0392 ret = xfrmi_xmit2(skb, dev, &fl);
0393 if (ret < 0)
0394 goto tx_err;
0395
0396 return NETDEV_TX_OK;
0397
0398 tx_err:
0399 stats->tx_errors++;
0400 stats->tx_dropped++;
0401 kfree_skb(skb);
0402 return NETDEV_TX_OK;
0403 }
0404
0405 static int xfrmi4_err(struct sk_buff *skb, u32 info)
0406 {
0407 const struct iphdr *iph = (const struct iphdr *)skb->data;
0408 struct net *net = dev_net(skb->dev);
0409 int protocol = iph->protocol;
0410 struct ip_comp_hdr *ipch;
0411 struct ip_esp_hdr *esph;
0412 struct ip_auth_hdr *ah ;
0413 struct xfrm_state *x;
0414 struct xfrm_if *xi;
0415 __be32 spi;
0416
0417 switch (protocol) {
0418 case IPPROTO_ESP:
0419 esph = (struct ip_esp_hdr *)(skb->data+(iph->ihl<<2));
0420 spi = esph->spi;
0421 break;
0422 case IPPROTO_AH:
0423 ah = (struct ip_auth_hdr *)(skb->data+(iph->ihl<<2));
0424 spi = ah->spi;
0425 break;
0426 case IPPROTO_COMP:
0427 ipch = (struct ip_comp_hdr *)(skb->data+(iph->ihl<<2));
0428 spi = htonl(ntohs(ipch->cpi));
0429 break;
0430 default:
0431 return 0;
0432 }
0433
0434 switch (icmp_hdr(skb)->type) {
0435 case ICMP_DEST_UNREACH:
0436 if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
0437 return 0;
0438 break;
0439 case ICMP_REDIRECT:
0440 break;
0441 default:
0442 return 0;
0443 }
0444
0445 x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
0446 spi, protocol, AF_INET);
0447 if (!x)
0448 return 0;
0449
0450 xi = xfrmi_lookup(net, x);
0451 if (!xi) {
0452 xfrm_state_put(x);
0453 return -1;
0454 }
0455
0456 if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
0457 ipv4_update_pmtu(skb, net, info, 0, protocol);
0458 else
0459 ipv4_redirect(skb, net, 0, protocol);
0460 xfrm_state_put(x);
0461
0462 return 0;
0463 }
0464
0465 static int xfrmi6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
0466 u8 type, u8 code, int offset, __be32 info)
0467 {
0468 const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
0469 struct net *net = dev_net(skb->dev);
0470 int protocol = iph->nexthdr;
0471 struct ip_comp_hdr *ipch;
0472 struct ip_esp_hdr *esph;
0473 struct ip_auth_hdr *ah;
0474 struct xfrm_state *x;
0475 struct xfrm_if *xi;
0476 __be32 spi;
0477
0478 switch (protocol) {
0479 case IPPROTO_ESP:
0480 esph = (struct ip_esp_hdr *)(skb->data + offset);
0481 spi = esph->spi;
0482 break;
0483 case IPPROTO_AH:
0484 ah = (struct ip_auth_hdr *)(skb->data + offset);
0485 spi = ah->spi;
0486 break;
0487 case IPPROTO_COMP:
0488 ipch = (struct ip_comp_hdr *)(skb->data + offset);
0489 spi = htonl(ntohs(ipch->cpi));
0490 break;
0491 default:
0492 return 0;
0493 }
0494
0495 if (type != ICMPV6_PKT_TOOBIG &&
0496 type != NDISC_REDIRECT)
0497 return 0;
0498
0499 x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
0500 spi, protocol, AF_INET6);
0501 if (!x)
0502 return 0;
0503
0504 xi = xfrmi_lookup(net, x);
0505 if (!xi) {
0506 xfrm_state_put(x);
0507 return -1;
0508 }
0509
0510 if (type == NDISC_REDIRECT)
0511 ip6_redirect(skb, net, skb->dev->ifindex, 0,
0512 sock_net_uid(net, NULL));
0513 else
0514 ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
0515 xfrm_state_put(x);
0516
0517 return 0;
0518 }
0519
0520 static int xfrmi_change(struct xfrm_if *xi, const struct xfrm_if_parms *p)
0521 {
0522 if (xi->p.link != p->link)
0523 return -EINVAL;
0524
0525 xi->p.if_id = p->if_id;
0526
0527 return 0;
0528 }
0529
0530 static int xfrmi_update(struct xfrm_if *xi, struct xfrm_if_parms *p)
0531 {
0532 struct net *net = xi->net;
0533 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
0534 int err;
0535
0536 xfrmi_unlink(xfrmn, xi);
0537 synchronize_net();
0538 err = xfrmi_change(xi, p);
0539 xfrmi_link(xfrmn, xi);
0540 netdev_state_change(xi->dev);
0541 return err;
0542 }
0543
0544 static int xfrmi_get_iflink(const struct net_device *dev)
0545 {
0546 struct xfrm_if *xi = netdev_priv(dev);
0547
0548 return xi->p.link;
0549 }
0550
0551 static const struct net_device_ops xfrmi_netdev_ops = {
0552 .ndo_init = xfrmi_dev_init,
0553 .ndo_uninit = xfrmi_dev_uninit,
0554 .ndo_start_xmit = xfrmi_xmit,
0555 .ndo_get_stats64 = dev_get_tstats64,
0556 .ndo_get_iflink = xfrmi_get_iflink,
0557 };
0558
0559 static void xfrmi_dev_setup(struct net_device *dev)
0560 {
0561 dev->netdev_ops = &xfrmi_netdev_ops;
0562 dev->header_ops = &ip_tunnel_header_ops;
0563 dev->type = ARPHRD_NONE;
0564 dev->mtu = ETH_DATA_LEN;
0565 dev->min_mtu = ETH_MIN_MTU;
0566 dev->max_mtu = IP_MAX_MTU;
0567 dev->flags = IFF_NOARP;
0568 dev->needs_free_netdev = true;
0569 dev->priv_destructor = xfrmi_dev_free;
0570 netif_keep_dst(dev);
0571
0572 eth_broadcast_addr(dev->broadcast);
0573 }
0574
0575 #define XFRMI_FEATURES (NETIF_F_SG | \
0576 NETIF_F_FRAGLIST | \
0577 NETIF_F_GSO_SOFTWARE | \
0578 NETIF_F_HW_CSUM)
0579
0580 static int xfrmi_dev_init(struct net_device *dev)
0581 {
0582 struct xfrm_if *xi = netdev_priv(dev);
0583 struct net_device *phydev = __dev_get_by_index(xi->net, xi->p.link);
0584 int err;
0585
0586 dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
0587 if (!dev->tstats)
0588 return -ENOMEM;
0589
0590 err = gro_cells_init(&xi->gro_cells, dev);
0591 if (err) {
0592 free_percpu(dev->tstats);
0593 return err;
0594 }
0595
0596 dev->features |= NETIF_F_LLTX;
0597 dev->features |= XFRMI_FEATURES;
0598 dev->hw_features |= XFRMI_FEATURES;
0599
0600 if (phydev) {
0601 dev->needed_headroom = phydev->needed_headroom;
0602 dev->needed_tailroom = phydev->needed_tailroom;
0603
0604 if (is_zero_ether_addr(dev->dev_addr))
0605 eth_hw_addr_inherit(dev, phydev);
0606 if (is_zero_ether_addr(dev->broadcast))
0607 memcpy(dev->broadcast, phydev->broadcast,
0608 dev->addr_len);
0609 } else {
0610 eth_hw_addr_random(dev);
0611 eth_broadcast_addr(dev->broadcast);
0612 }
0613
0614 return 0;
0615 }
0616
0617 static int xfrmi_validate(struct nlattr *tb[], struct nlattr *data[],
0618 struct netlink_ext_ack *extack)
0619 {
0620 return 0;
0621 }
0622
0623 static void xfrmi_netlink_parms(struct nlattr *data[],
0624 struct xfrm_if_parms *parms)
0625 {
0626 memset(parms, 0, sizeof(*parms));
0627
0628 if (!data)
0629 return;
0630
0631 if (data[IFLA_XFRM_LINK])
0632 parms->link = nla_get_u32(data[IFLA_XFRM_LINK]);
0633
0634 if (data[IFLA_XFRM_IF_ID])
0635 parms->if_id = nla_get_u32(data[IFLA_XFRM_IF_ID]);
0636 }
0637
0638 static int xfrmi_newlink(struct net *src_net, struct net_device *dev,
0639 struct nlattr *tb[], struct nlattr *data[],
0640 struct netlink_ext_ack *extack)
0641 {
0642 struct net *net = dev_net(dev);
0643 struct xfrm_if_parms p = {};
0644 struct xfrm_if *xi;
0645 int err;
0646
0647 xfrmi_netlink_parms(data, &p);
0648 if (!p.if_id) {
0649 NL_SET_ERR_MSG(extack, "if_id must be non zero");
0650 return -EINVAL;
0651 }
0652
0653 xi = xfrmi_locate(net, &p);
0654 if (xi)
0655 return -EEXIST;
0656
0657 xi = netdev_priv(dev);
0658 xi->p = p;
0659 xi->net = net;
0660 xi->dev = dev;
0661
0662 err = xfrmi_create(dev);
0663 return err;
0664 }
0665
0666 static void xfrmi_dellink(struct net_device *dev, struct list_head *head)
0667 {
0668 unregister_netdevice_queue(dev, head);
0669 }
0670
0671 static int xfrmi_changelink(struct net_device *dev, struct nlattr *tb[],
0672 struct nlattr *data[],
0673 struct netlink_ext_ack *extack)
0674 {
0675 struct xfrm_if *xi = netdev_priv(dev);
0676 struct net *net = xi->net;
0677 struct xfrm_if_parms p = {};
0678
0679 xfrmi_netlink_parms(data, &p);
0680 if (!p.if_id) {
0681 NL_SET_ERR_MSG(extack, "if_id must be non zero");
0682 return -EINVAL;
0683 }
0684
0685 xi = xfrmi_locate(net, &p);
0686 if (!xi) {
0687 xi = netdev_priv(dev);
0688 } else {
0689 if (xi->dev != dev)
0690 return -EEXIST;
0691 }
0692
0693 return xfrmi_update(xi, &p);
0694 }
0695
0696 static size_t xfrmi_get_size(const struct net_device *dev)
0697 {
0698 return
0699
0700 nla_total_size(4) +
0701
0702 nla_total_size(4) +
0703 0;
0704 }
0705
0706 static int xfrmi_fill_info(struct sk_buff *skb, const struct net_device *dev)
0707 {
0708 struct xfrm_if *xi = netdev_priv(dev);
0709 struct xfrm_if_parms *parm = &xi->p;
0710
0711 if (nla_put_u32(skb, IFLA_XFRM_LINK, parm->link) ||
0712 nla_put_u32(skb, IFLA_XFRM_IF_ID, parm->if_id))
0713 goto nla_put_failure;
0714 return 0;
0715
0716 nla_put_failure:
0717 return -EMSGSIZE;
0718 }
0719
0720 static struct net *xfrmi_get_link_net(const struct net_device *dev)
0721 {
0722 struct xfrm_if *xi = netdev_priv(dev);
0723
0724 return xi->net;
0725 }
0726
0727 static const struct nla_policy xfrmi_policy[IFLA_XFRM_MAX + 1] = {
0728 [IFLA_XFRM_LINK] = { .type = NLA_U32 },
0729 [IFLA_XFRM_IF_ID] = { .type = NLA_U32 },
0730 };
0731
0732 static struct rtnl_link_ops xfrmi_link_ops __read_mostly = {
0733 .kind = "xfrm",
0734 .maxtype = IFLA_XFRM_MAX,
0735 .policy = xfrmi_policy,
0736 .priv_size = sizeof(struct xfrm_if),
0737 .setup = xfrmi_dev_setup,
0738 .validate = xfrmi_validate,
0739 .newlink = xfrmi_newlink,
0740 .dellink = xfrmi_dellink,
0741 .changelink = xfrmi_changelink,
0742 .get_size = xfrmi_get_size,
0743 .fill_info = xfrmi_fill_info,
0744 .get_link_net = xfrmi_get_link_net,
0745 };
0746
0747 static void __net_exit xfrmi_exit_batch_net(struct list_head *net_exit_list)
0748 {
0749 struct net *net;
0750 LIST_HEAD(list);
0751
0752 rtnl_lock();
0753 list_for_each_entry(net, net_exit_list, exit_list) {
0754 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
0755 struct xfrm_if __rcu **xip;
0756 struct xfrm_if *xi;
0757 int i;
0758
0759 for (i = 0; i < XFRMI_HASH_SIZE; i++) {
0760 for (xip = &xfrmn->xfrmi[i];
0761 (xi = rtnl_dereference(*xip)) != NULL;
0762 xip = &xi->next)
0763 unregister_netdevice_queue(xi->dev, &list);
0764 }
0765 }
0766 unregister_netdevice_many(&list);
0767 rtnl_unlock();
0768 }
0769
0770 static struct pernet_operations xfrmi_net_ops = {
0771 .exit_batch = xfrmi_exit_batch_net,
0772 .id = &xfrmi_net_id,
0773 .size = sizeof(struct xfrmi_net),
0774 };
0775
0776 static struct xfrm6_protocol xfrmi_esp6_protocol __read_mostly = {
0777 .handler = xfrm6_rcv,
0778 .input_handler = xfrm_input,
0779 .cb_handler = xfrmi_rcv_cb,
0780 .err_handler = xfrmi6_err,
0781 .priority = 10,
0782 };
0783
0784 static struct xfrm6_protocol xfrmi_ah6_protocol __read_mostly = {
0785 .handler = xfrm6_rcv,
0786 .input_handler = xfrm_input,
0787 .cb_handler = xfrmi_rcv_cb,
0788 .err_handler = xfrmi6_err,
0789 .priority = 10,
0790 };
0791
0792 static struct xfrm6_protocol xfrmi_ipcomp6_protocol __read_mostly = {
0793 .handler = xfrm6_rcv,
0794 .input_handler = xfrm_input,
0795 .cb_handler = xfrmi_rcv_cb,
0796 .err_handler = xfrmi6_err,
0797 .priority = 10,
0798 };
0799
0800 #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
0801 static int xfrmi6_rcv_tunnel(struct sk_buff *skb)
0802 {
0803 const xfrm_address_t *saddr;
0804 __be32 spi;
0805
0806 saddr = (const xfrm_address_t *)&ipv6_hdr(skb)->saddr;
0807 spi = xfrm6_tunnel_spi_lookup(dev_net(skb->dev), saddr);
0808
0809 return xfrm6_rcv_spi(skb, IPPROTO_IPV6, spi, NULL);
0810 }
0811
0812 static struct xfrm6_tunnel xfrmi_ipv6_handler __read_mostly = {
0813 .handler = xfrmi6_rcv_tunnel,
0814 .cb_handler = xfrmi_rcv_cb,
0815 .err_handler = xfrmi6_err,
0816 .priority = 2,
0817 };
0818
0819 static struct xfrm6_tunnel xfrmi_ip6ip_handler __read_mostly = {
0820 .handler = xfrmi6_rcv_tunnel,
0821 .cb_handler = xfrmi_rcv_cb,
0822 .err_handler = xfrmi6_err,
0823 .priority = 2,
0824 };
0825 #endif
0826
0827 static struct xfrm4_protocol xfrmi_esp4_protocol __read_mostly = {
0828 .handler = xfrm4_rcv,
0829 .input_handler = xfrm_input,
0830 .cb_handler = xfrmi_rcv_cb,
0831 .err_handler = xfrmi4_err,
0832 .priority = 10,
0833 };
0834
0835 static struct xfrm4_protocol xfrmi_ah4_protocol __read_mostly = {
0836 .handler = xfrm4_rcv,
0837 .input_handler = xfrm_input,
0838 .cb_handler = xfrmi_rcv_cb,
0839 .err_handler = xfrmi4_err,
0840 .priority = 10,
0841 };
0842
0843 static struct xfrm4_protocol xfrmi_ipcomp4_protocol __read_mostly = {
0844 .handler = xfrm4_rcv,
0845 .input_handler = xfrm_input,
0846 .cb_handler = xfrmi_rcv_cb,
0847 .err_handler = xfrmi4_err,
0848 .priority = 10,
0849 };
0850
0851 #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
0852 static int xfrmi4_rcv_tunnel(struct sk_buff *skb)
0853 {
0854 return xfrm4_rcv_spi(skb, IPPROTO_IPIP, ip_hdr(skb)->saddr);
0855 }
0856
0857 static struct xfrm_tunnel xfrmi_ipip_handler __read_mostly = {
0858 .handler = xfrmi4_rcv_tunnel,
0859 .cb_handler = xfrmi_rcv_cb,
0860 .err_handler = xfrmi4_err,
0861 .priority = 3,
0862 };
0863
0864 static struct xfrm_tunnel xfrmi_ipip6_handler __read_mostly = {
0865 .handler = xfrmi4_rcv_tunnel,
0866 .cb_handler = xfrmi_rcv_cb,
0867 .err_handler = xfrmi4_err,
0868 .priority = 2,
0869 };
0870 #endif
0871
0872 static int __init xfrmi4_init(void)
0873 {
0874 int err;
0875
0876 err = xfrm4_protocol_register(&xfrmi_esp4_protocol, IPPROTO_ESP);
0877 if (err < 0)
0878 goto xfrm_proto_esp_failed;
0879 err = xfrm4_protocol_register(&xfrmi_ah4_protocol, IPPROTO_AH);
0880 if (err < 0)
0881 goto xfrm_proto_ah_failed;
0882 err = xfrm4_protocol_register(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
0883 if (err < 0)
0884 goto xfrm_proto_comp_failed;
0885 #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
0886 err = xfrm4_tunnel_register(&xfrmi_ipip_handler, AF_INET);
0887 if (err < 0)
0888 goto xfrm_tunnel_ipip_failed;
0889 err = xfrm4_tunnel_register(&xfrmi_ipip6_handler, AF_INET6);
0890 if (err < 0)
0891 goto xfrm_tunnel_ipip6_failed;
0892 #endif
0893
0894 return 0;
0895
0896 #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
0897 xfrm_tunnel_ipip6_failed:
0898 xfrm4_tunnel_deregister(&xfrmi_ipip_handler, AF_INET);
0899 xfrm_tunnel_ipip_failed:
0900 xfrm4_protocol_deregister(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
0901 #endif
0902 xfrm_proto_comp_failed:
0903 xfrm4_protocol_deregister(&xfrmi_ah4_protocol, IPPROTO_AH);
0904 xfrm_proto_ah_failed:
0905 xfrm4_protocol_deregister(&xfrmi_esp4_protocol, IPPROTO_ESP);
0906 xfrm_proto_esp_failed:
0907 return err;
0908 }
0909
0910 static void xfrmi4_fini(void)
0911 {
0912 #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
0913 xfrm4_tunnel_deregister(&xfrmi_ipip6_handler, AF_INET6);
0914 xfrm4_tunnel_deregister(&xfrmi_ipip_handler, AF_INET);
0915 #endif
0916 xfrm4_protocol_deregister(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
0917 xfrm4_protocol_deregister(&xfrmi_ah4_protocol, IPPROTO_AH);
0918 xfrm4_protocol_deregister(&xfrmi_esp4_protocol, IPPROTO_ESP);
0919 }
0920
0921 static int __init xfrmi6_init(void)
0922 {
0923 int err;
0924
0925 err = xfrm6_protocol_register(&xfrmi_esp6_protocol, IPPROTO_ESP);
0926 if (err < 0)
0927 goto xfrm_proto_esp_failed;
0928 err = xfrm6_protocol_register(&xfrmi_ah6_protocol, IPPROTO_AH);
0929 if (err < 0)
0930 goto xfrm_proto_ah_failed;
0931 err = xfrm6_protocol_register(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
0932 if (err < 0)
0933 goto xfrm_proto_comp_failed;
0934 #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
0935 err = xfrm6_tunnel_register(&xfrmi_ipv6_handler, AF_INET6);
0936 if (err < 0)
0937 goto xfrm_tunnel_ipv6_failed;
0938 err = xfrm6_tunnel_register(&xfrmi_ip6ip_handler, AF_INET);
0939 if (err < 0)
0940 goto xfrm_tunnel_ip6ip_failed;
0941 #endif
0942
0943 return 0;
0944
0945 #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
0946 xfrm_tunnel_ip6ip_failed:
0947 xfrm6_tunnel_deregister(&xfrmi_ipv6_handler, AF_INET6);
0948 xfrm_tunnel_ipv6_failed:
0949 xfrm6_protocol_deregister(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
0950 #endif
0951 xfrm_proto_comp_failed:
0952 xfrm6_protocol_deregister(&xfrmi_ah6_protocol, IPPROTO_AH);
0953 xfrm_proto_ah_failed:
0954 xfrm6_protocol_deregister(&xfrmi_esp6_protocol, IPPROTO_ESP);
0955 xfrm_proto_esp_failed:
0956 return err;
0957 }
0958
0959 static void xfrmi6_fini(void)
0960 {
0961 #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
0962 xfrm6_tunnel_deregister(&xfrmi_ip6ip_handler, AF_INET);
0963 xfrm6_tunnel_deregister(&xfrmi_ipv6_handler, AF_INET6);
0964 #endif
0965 xfrm6_protocol_deregister(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
0966 xfrm6_protocol_deregister(&xfrmi_ah6_protocol, IPPROTO_AH);
0967 xfrm6_protocol_deregister(&xfrmi_esp6_protocol, IPPROTO_ESP);
0968 }
0969
0970 static const struct xfrm_if_cb xfrm_if_cb = {
0971 .decode_session = xfrmi_decode_session,
0972 };
0973
0974 static int __init xfrmi_init(void)
0975 {
0976 const char *msg;
0977 int err;
0978
0979 pr_info("IPsec XFRM device driver\n");
0980
0981 msg = "tunnel device";
0982 err = register_pernet_device(&xfrmi_net_ops);
0983 if (err < 0)
0984 goto pernet_dev_failed;
0985
0986 msg = "xfrm4 protocols";
0987 err = xfrmi4_init();
0988 if (err < 0)
0989 goto xfrmi4_failed;
0990
0991 msg = "xfrm6 protocols";
0992 err = xfrmi6_init();
0993 if (err < 0)
0994 goto xfrmi6_failed;
0995
0996
0997 msg = "netlink interface";
0998 err = rtnl_link_register(&xfrmi_link_ops);
0999 if (err < 0)
1000 goto rtnl_link_failed;
1001
1002 xfrm_if_register_cb(&xfrm_if_cb);
1003
1004 return err;
1005
1006 rtnl_link_failed:
1007 xfrmi6_fini();
1008 xfrmi6_failed:
1009 xfrmi4_fini();
1010 xfrmi4_failed:
1011 unregister_pernet_device(&xfrmi_net_ops);
1012 pernet_dev_failed:
1013 pr_err("xfrmi init: failed to register %s\n", msg);
1014 return err;
1015 }
1016
1017 static void __exit xfrmi_fini(void)
1018 {
1019 xfrm_if_unregister_cb();
1020 rtnl_link_unregister(&xfrmi_link_ops);
1021 xfrmi4_fini();
1022 xfrmi6_fini();
1023 unregister_pernet_device(&xfrmi_net_ops);
1024 }
1025
1026 module_init(xfrmi_init);
1027 module_exit(xfrmi_fini);
1028 MODULE_LICENSE("GPL");
1029 MODULE_ALIAS_RTNL_LINK("xfrm");
1030 MODULE_ALIAS_NETDEV("xfrm0");
1031 MODULE_AUTHOR("Steffen Klassert");
1032 MODULE_DESCRIPTION("XFRM virtual interface");
