~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/sched/act_csum.c

Version: ~ [ linux-5.19-rc8 ] ~ [ linux-5.18.14 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.57 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.133 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.207 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.253 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.289 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.324 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.302 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * Checksum updating actions
  3  *
  4  * Copyright (c) 2010 Gregoire Baron <baronchon@n7mm.org>
  5  *
  6  * This program is free software; you can redistribute it and/or modify it
  7  * under the terms of the GNU General Public License as published by the Free
  8  * Software Foundation; either version 2 of the License, or (at your option)
  9  * any later version.
 10  *
 11  */
 12 
 13 #include <linux/types.h>
 14 #include <linux/init.h>
 15 #include <linux/kernel.h>
 16 #include <linux/module.h>
 17 #include <linux/spinlock.h>
 18 
 19 #include <linux/netlink.h>
 20 #include <net/netlink.h>
 21 #include <linux/rtnetlink.h>
 22 
 23 #include <linux/skbuff.h>
 24 
 25 #include <net/ip.h>
 26 #include <net/ipv6.h>
 27 #include <net/icmp.h>
 28 #include <linux/icmpv6.h>
 29 #include <linux/igmp.h>
 30 #include <net/tcp.h>
 31 #include <net/udp.h>
 32 #include <net/ip6_checksum.h>
 33 
 34 #include <net/act_api.h>
 35 
 36 #include <linux/tc_act/tc_csum.h>
 37 #include <net/tc_act/tc_csum.h>
 38 
 39 #define CSUM_TAB_MASK 15
 40 
 41 static const struct nla_policy csum_policy[TCA_CSUM_MAX + 1] = {
 42         [TCA_CSUM_PARMS] = { .len = sizeof(struct tc_csum), },
 43 };
 44 
 45 static int tcf_csum_init(struct net *n, struct nlattr *nla, struct nlattr *est,
 46                          struct tc_action *a, int ovr, int bind)
 47 {
 48         struct nlattr *tb[TCA_CSUM_MAX + 1];
 49         struct tc_csum *parm;
 50         struct tcf_csum *p;
 51         int ret = 0, err;
 52 
 53         if (nla == NULL)
 54                 return -EINVAL;
 55 
 56         err = nla_parse_nested(tb, TCA_CSUM_MAX, nla, csum_policy);
 57         if (err < 0)
 58                 return err;
 59 
 60         if (tb[TCA_CSUM_PARMS] == NULL)
 61                 return -EINVAL;
 62         parm = nla_data(tb[TCA_CSUM_PARMS]);
 63 
 64         if (!tcf_hash_check(parm->index, a, bind)) {
 65                 ret = tcf_hash_create(parm->index, est, a, sizeof(*p),
 66                                       bind, false);
 67                 if (ret)
 68                         return ret;
 69                 ret = ACT_P_CREATED;
 70         } else {
 71                 if (bind)/* dont override defaults */
 72                         return 0;
 73                 tcf_hash_release(a, bind);
 74                 if (!ovr)
 75                         return -EEXIST;
 76         }
 77 
 78         p = to_tcf_csum(a);
 79         spin_lock_bh(&p->tcf_lock);
 80         p->tcf_action = parm->action;
 81         p->update_flags = parm->update_flags;
 82         spin_unlock_bh(&p->tcf_lock);
 83 
 84         if (ret == ACT_P_CREATED)
 85                 tcf_hash_insert(a);
 86 
 87         return ret;
 88 }
 89 
 90 /**
 91  * tcf_csum_skb_nextlayer - Get next layer pointer
 92  * @skb: sk_buff to use
 93  * @ihl: previous summed headers length
 94  * @ipl: complete packet length
 95  * @jhl: next header length
 96  *
 97  * Check the expected next layer availability in the specified sk_buff.
 98  * Return the next layer pointer if pass, NULL otherwise.
 99  */
100 static void *tcf_csum_skb_nextlayer(struct sk_buff *skb,
101                                     unsigned int ihl, unsigned int ipl,
102                                     unsigned int jhl)
103 {
104         int ntkoff = skb_network_offset(skb);
105         int hl = ihl + jhl;
106 
107         if (!pskb_may_pull(skb, ipl + ntkoff) || (ipl < hl) ||
108             skb_try_make_writable(skb, hl + ntkoff))
109                 return NULL;
110         else
111                 return (void *)(skb_network_header(skb) + ihl);
112 }
113 
114 static int tcf_csum_ipv4_icmp(struct sk_buff *skb,
115                               unsigned int ihl, unsigned int ipl)
116 {
117         struct icmphdr *icmph;
118 
119         icmph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*icmph));
120         if (icmph == NULL)
121                 return 0;
122 
123         icmph->checksum = 0;
124         skb->csum = csum_partial(icmph, ipl - ihl, 0);
125         icmph->checksum = csum_fold(skb->csum);
126 
127         skb->ip_summed = CHECKSUM_NONE;
128 
129         return 1;
130 }
131 
132 static int tcf_csum_ipv4_igmp(struct sk_buff *skb,
133                               unsigned int ihl, unsigned int ipl)
134 {
135         struct igmphdr *igmph;
136 
137         igmph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*igmph));
138         if (igmph == NULL)
139                 return 0;
140 
141         igmph->csum = 0;
142         skb->csum = csum_partial(igmph, ipl - ihl, 0);
143         igmph->csum = csum_fold(skb->csum);
144 
145         skb->ip_summed = CHECKSUM_NONE;
146 
147         return 1;
148 }
149 
150 static int tcf_csum_ipv6_icmp(struct sk_buff *skb,
151                               unsigned int ihl, unsigned int ipl)
152 {
153         struct icmp6hdr *icmp6h;
154         const struct ipv6hdr *ip6h;
155 
156         icmp6h = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*icmp6h));
157         if (icmp6h == NULL)
158                 return 0;
159 
160         ip6h = ipv6_hdr(skb);
161         icmp6h->icmp6_cksum = 0;
162         skb->csum = csum_partial(icmp6h, ipl - ihl, 0);
163         icmp6h->icmp6_cksum = csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
164                                               ipl - ihl, IPPROTO_ICMPV6,
165                                               skb->csum);
166 
167         skb->ip_summed = CHECKSUM_NONE;
168 
169         return 1;
170 }
171 
172 static int tcf_csum_ipv4_tcp(struct sk_buff *skb,
173                              unsigned int ihl, unsigned int ipl)
174 {
175         struct tcphdr *tcph;
176         const struct iphdr *iph;
177 
178         if (skb_is_gso(skb) && skb_shinfo(skb)->gso_type & SKB_GSO_TCPV4)
179                 return 1;
180 
181         tcph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*tcph));
182         if (tcph == NULL)
183                 return 0;
184 
185         iph = ip_hdr(skb);
186         tcph->check = 0;
187         skb->csum = csum_partial(tcph, ipl - ihl, 0);
188         tcph->check = tcp_v4_check(ipl - ihl,
189                                    iph->saddr, iph->daddr, skb->csum);
190 
191         skb->ip_summed = CHECKSUM_NONE;
192 
193         return 1;
194 }
195 
196 static int tcf_csum_ipv6_tcp(struct sk_buff *skb,
197                              unsigned int ihl, unsigned int ipl)
198 {
199         struct tcphdr *tcph;
200         const struct ipv6hdr *ip6h;
201 
202         if (skb_is_gso(skb) && skb_shinfo(skb)->gso_type & SKB_GSO_TCPV6)
203                 return 1;
204 
205         tcph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*tcph));
206         if (tcph == NULL)
207                 return 0;
208 
209         ip6h = ipv6_hdr(skb);
210         tcph->check = 0;
211         skb->csum = csum_partial(tcph, ipl - ihl, 0);
212         tcph->check = csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
213                                       ipl - ihl, IPPROTO_TCP,
214                                       skb->csum);
215 
216         skb->ip_summed = CHECKSUM_NONE;
217 
218         return 1;
219 }
220 
221 static int tcf_csum_ipv4_udp(struct sk_buff *skb,
222                              unsigned int ihl, unsigned int ipl, int udplite)
223 {
224         struct udphdr *udph;
225         const struct iphdr *iph;
226         u16 ul;
227 
228         if (skb_is_gso(skb) && skb_shinfo(skb)->gso_type & SKB_GSO_UDP)
229                 return 1;
230 
231         /*
232          * Support both UDP and UDPLITE checksum algorithms, Don't use
233          * udph->len to get the real length without any protocol check,
234          * UDPLITE uses udph->len for another thing,
235          * Use iph->tot_len, or just ipl.
236          */
237 
238         udph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*udph));
239         if (udph == NULL)
240                 return 0;
241 
242         iph = ip_hdr(skb);
243         ul = ntohs(udph->len);
244 
245         if (udplite || udph->check) {
246 
247                 udph->check = 0;
248 
249                 if (udplite) {
250                         if (ul == 0)
251                                 skb->csum = csum_partial(udph, ipl - ihl, 0);
252                         else if ((ul >= sizeof(*udph)) && (ul <= ipl - ihl))
253                                 skb->csum = csum_partial(udph, ul, 0);
254                         else
255                                 goto ignore_obscure_skb;
256                 } else {
257                         if (ul != ipl - ihl)
258                                 goto ignore_obscure_skb;
259 
260                         skb->csum = csum_partial(udph, ul, 0);
261                 }
262 
263                 udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr,
264                                                 ul, iph->protocol,
265                                                 skb->csum);
266 
267                 if (!udph->check)
268                         udph->check = CSUM_MANGLED_0;
269         }
270 
271         skb->ip_summed = CHECKSUM_NONE;
272 
273 ignore_obscure_skb:
274         return 1;
275 }
276 
277 static int tcf_csum_ipv6_udp(struct sk_buff *skb,
278                              unsigned int ihl, unsigned int ipl, int udplite)
279 {
280         struct udphdr *udph;
281         const struct ipv6hdr *ip6h;
282         u16 ul;
283 
284         if (skb_is_gso(skb) && skb_shinfo(skb)->gso_type & SKB_GSO_UDP)
285                 return 1;
286 
287         /*
288          * Support both UDP and UDPLITE checksum algorithms, Don't use
289          * udph->len to get the real length without any protocol check,
290          * UDPLITE uses udph->len for another thing,
291          * Use ip6h->payload_len + sizeof(*ip6h) ... , or just ipl.
292          */
293 
294         udph = tcf_csum_skb_nextlayer(skb, ihl, ipl, sizeof(*udph));
295         if (udph == NULL)
296                 return 0;
297 
298         ip6h = ipv6_hdr(skb);
299         ul = ntohs(udph->len);
300 
301         udph->check = 0;
302 
303         if (udplite) {
304                 if (ul == 0)
305                         skb->csum = csum_partial(udph, ipl - ihl, 0);
306 
307                 else if ((ul >= sizeof(*udph)) && (ul <= ipl - ihl))
308                         skb->csum = csum_partial(udph, ul, 0);
309 
310                 else
311                         goto ignore_obscure_skb;
312         } else {
313                 if (ul != ipl - ihl)
314                         goto ignore_obscure_skb;
315 
316                 skb->csum = csum_partial(udph, ul, 0);
317         }
318 
319         udph->check = csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr, ul,
320                                       udplite ? IPPROTO_UDPLITE : IPPROTO_UDP,
321                                       skb->csum);
322 
323         if (!udph->check)
324                 udph->check = CSUM_MANGLED_0;
325 
326         skb->ip_summed = CHECKSUM_NONE;
327 
328 ignore_obscure_skb:
329         return 1;
330 }
331 
332 static int tcf_csum_ipv4(struct sk_buff *skb, u32 update_flags)
333 {
334         const struct iphdr *iph;
335         int ntkoff;
336 
337         ntkoff = skb_network_offset(skb);
338 
339         if (!pskb_may_pull(skb, sizeof(*iph) + ntkoff))
340                 goto fail;
341 
342         iph = ip_hdr(skb);
343 
344         switch (iph->frag_off & htons(IP_OFFSET) ? 0 : iph->protocol) {
345         case IPPROTO_ICMP:
346                 if (update_flags & TCA_CSUM_UPDATE_FLAG_ICMP)
347                         if (!tcf_csum_ipv4_icmp(skb, iph->ihl * 4,
348                                                 ntohs(iph->tot_len)))
349                                 goto fail;
350                 break;
351         case IPPROTO_IGMP:
352                 if (update_flags & TCA_CSUM_UPDATE_FLAG_IGMP)
353                         if (!tcf_csum_ipv4_igmp(skb, iph->ihl * 4,
354                                                 ntohs(iph->tot_len)))
355                                 goto fail;
356                 break;
357         case IPPROTO_TCP:
358                 if (update_flags & TCA_CSUM_UPDATE_FLAG_TCP)
359                         if (!tcf_csum_ipv4_tcp(skb, iph->ihl * 4,
360                                                ntohs(iph->tot_len)))
361                                 goto fail;
362                 break;
363         case IPPROTO_UDP:
364                 if (update_flags & TCA_CSUM_UPDATE_FLAG_UDP)
365                         if (!tcf_csum_ipv4_udp(skb, iph->ihl * 4,
366                                                ntohs(iph->tot_len), 0))
367                                 goto fail;
368                 break;
369         case IPPROTO_UDPLITE:
370                 if (update_flags & TCA_CSUM_UPDATE_FLAG_UDPLITE)
371                         if (!tcf_csum_ipv4_udp(skb, iph->ihl * 4,
372                                                ntohs(iph->tot_len), 1))
373                                 goto fail;
374                 break;
375         }
376 
377         if (update_flags & TCA_CSUM_UPDATE_FLAG_IPV4HDR) {
378                 if (skb_try_make_writable(skb, sizeof(*iph) + ntkoff))
379                         goto fail;
380 
381                 ip_send_check(ip_hdr(skb));
382         }
383 
384         return 1;
385 
386 fail:
387         return 0;
388 }
389 
390 static int tcf_csum_ipv6_hopopts(struct ipv6_opt_hdr *ip6xh,
391                                  unsigned int ixhl, unsigned int *pl)
392 {
393         int off, len, optlen;
394         unsigned char *xh = (void *)ip6xh;
395 
396         off = sizeof(*ip6xh);
397         len = ixhl - off;
398 
399         while (len > 1) {
400                 switch (xh[off]) {
401                 case IPV6_TLV_PAD1:
402                         optlen = 1;
403                         break;
404                 case IPV6_TLV_JUMBO:
405                         optlen = xh[off + 1] + 2;
406                         if (optlen != 6 || len < 6 || (off & 3) != 2)
407                                 /* wrong jumbo option length/alignment */
408                                 return 0;
409                         *pl = ntohl(*(__be32 *)(xh + off + 2));
410                         goto done;
411                 default:
412                         optlen = xh[off + 1] + 2;
413                         if (optlen > len)
414                                 /* ignore obscure options */
415                                 goto done;
416                         break;
417                 }
418                 off += optlen;
419                 len -= optlen;
420         }
421 
422 done:
423         return 1;
424 }
425 
426 static int tcf_csum_ipv6(struct sk_buff *skb, u32 update_flags)
427 {
428         struct ipv6hdr *ip6h;
429         struct ipv6_opt_hdr *ip6xh;
430         unsigned int hl, ixhl;
431         unsigned int pl;
432         int ntkoff;
433         u8 nexthdr;
434 
435         ntkoff = skb_network_offset(skb);
436 
437         hl = sizeof(*ip6h);
438 
439         if (!pskb_may_pull(skb, hl + ntkoff))
440                 goto fail;
441 
442         ip6h = ipv6_hdr(skb);
443 
444         pl = ntohs(ip6h->payload_len);
445         nexthdr = ip6h->nexthdr;
446 
447         do {
448                 switch (nexthdr) {
449                 case NEXTHDR_FRAGMENT:
450                         goto ignore_skb;
451                 case NEXTHDR_ROUTING:
452                 case NEXTHDR_HOP:
453                 case NEXTHDR_DEST:
454                         if (!pskb_may_pull(skb, hl + sizeof(*ip6xh) + ntkoff))
455                                 goto fail;
456                         ip6xh = (void *)(skb_network_header(skb) + hl);
457                         ixhl = ipv6_optlen(ip6xh);
458                         if (!pskb_may_pull(skb, hl + ixhl + ntkoff))
459                                 goto fail;
460                         ip6xh = (void *)(skb_network_header(skb) + hl);
461                         if ((nexthdr == NEXTHDR_HOP) &&
462                             !(tcf_csum_ipv6_hopopts(ip6xh, ixhl, &pl)))
463                                 goto fail;
464                         nexthdr = ip6xh->nexthdr;
465                         hl += ixhl;
466                         break;
467                 case IPPROTO_ICMPV6:
468                         if (update_flags & TCA_CSUM_UPDATE_FLAG_ICMP)
469                                 if (!tcf_csum_ipv6_icmp(skb,
470                                                         hl, pl + sizeof(*ip6h)))
471                                         goto fail;
472                         goto done;
473                 case IPPROTO_TCP:
474                         if (update_flags & TCA_CSUM_UPDATE_FLAG_TCP)
475                                 if (!tcf_csum_ipv6_tcp(skb,
476                                                        hl, pl + sizeof(*ip6h)))
477                                         goto fail;
478                         goto done;
479                 case IPPROTO_UDP:
480                         if (update_flags & TCA_CSUM_UPDATE_FLAG_UDP)
481                                 if (!tcf_csum_ipv6_udp(skb, hl,
482                                                        pl + sizeof(*ip6h), 0))
483                                         goto fail;
484                         goto done;
485                 case IPPROTO_UDPLITE:
486                         if (update_flags & TCA_CSUM_UPDATE_FLAG_UDPLITE)
487                                 if (!tcf_csum_ipv6_udp(skb, hl,
488                                                        pl + sizeof(*ip6h), 1))
489                                         goto fail;
490                         goto done;
491                 default:
492                         goto ignore_skb;
493                 }
494         } while (pskb_may_pull(skb, hl + 1 + ntkoff));
495 
496 done:
497 ignore_skb:
498         return 1;
499 
500 fail:
501         return 0;
502 }
503 
504 static int tcf_csum(struct sk_buff *skb,
505                     const struct tc_action *a, struct tcf_result *res)
506 {
507         struct tcf_csum *p = a->priv;
508         int action;
509         u32 update_flags;
510 
511         spin_lock(&p->tcf_lock);
512         p->tcf_tm.lastuse = jiffies;
513         bstats_update(&p->tcf_bstats, skb);
514         action = p->tcf_action;
515         update_flags = p->update_flags;
516         spin_unlock(&p->tcf_lock);
517 
518         if (unlikely(action == TC_ACT_SHOT))
519                 goto drop;
520 
521         switch (tc_skb_protocol(skb)) {
522         case cpu_to_be16(ETH_P_IP):
523                 if (!tcf_csum_ipv4(skb, update_flags))
524                         goto drop;
525                 break;
526         case cpu_to_be16(ETH_P_IPV6):
527                 if (!tcf_csum_ipv6(skb, update_flags))
528                         goto drop;
529                 break;
530         }
531 
532         return action;
533 
534 drop:
535         spin_lock(&p->tcf_lock);
536         p->tcf_qstats.drops++;
537         spin_unlock(&p->tcf_lock);
538         return TC_ACT_SHOT;
539 }
540 
541 static int tcf_csum_dump(struct sk_buff *skb,
542                          struct tc_action *a, int bind, int ref)
543 {
544         unsigned char *b = skb_tail_pointer(skb);
545         struct tcf_csum *p = a->priv;
546         struct tc_csum opt = {
547                 .update_flags = p->update_flags,
548                 .index   = p->tcf_index,
549                 .action  = p->tcf_action,
550                 .refcnt  = p->tcf_refcnt - ref,
551                 .bindcnt = p->tcf_bindcnt - bind,
552         };
553         struct tcf_t t;
554 
555         if (nla_put(skb, TCA_CSUM_PARMS, sizeof(opt), &opt))
556                 goto nla_put_failure;
557         t.install = jiffies_to_clock_t(jiffies - p->tcf_tm.install);
558         t.lastuse = jiffies_to_clock_t(jiffies - p->tcf_tm.lastuse);
559         t.expires = jiffies_to_clock_t(p->tcf_tm.expires);
560         if (nla_put(skb, TCA_CSUM_TM, sizeof(t), &t))
561                 goto nla_put_failure;
562 
563         return skb->len;
564 
565 nla_put_failure:
566         nlmsg_trim(skb, b);
567         return -1;
568 }
569 
570 static struct tc_action_ops act_csum_ops = {
571         .kind           = "csum",
572         .type           = TCA_ACT_CSUM,
573         .owner          = THIS_MODULE,
574         .act            = tcf_csum,
575         .dump           = tcf_csum_dump,
576         .init           = tcf_csum_init,
577 };
578 
579 MODULE_DESCRIPTION("Checksum updating actions");
580 MODULE_LICENSE("GPL");
581 
582 static int __init csum_init_module(void)
583 {
584         return tcf_register_action(&act_csum_ops, CSUM_TAB_MASK);
585 }
586 
587 static void __exit csum_cleanup_module(void)
588 {
589         tcf_unregister_action(&act_csum_ops);
590 }
591 
592 module_init(csum_init_module);
593 module_exit(csum_cleanup_module);
594 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp