~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/xfrm/xfrm_interface.c

Version: ~ [ linux-5.16 ] ~ [ linux-5.15.13 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.90 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.170 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.224 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.261 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.296 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.298 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 // SPDX-License-Identifier: GPL-2.0
  2 /*
  3  *      XFRM virtual interface
  4  *
  5  *      Copyright (C) 2018 secunet Security Networks AG
  6  *
  7  *      Author:
  8  *      Steffen Klassert <steffen.klassert@secunet.com>
  9  */
 10 
 11 #include <linux/module.h>
 12 #include <linux/capability.h>
 13 #include <linux/errno.h>
 14 #include <linux/types.h>
 15 #include <linux/sockios.h>
 16 #include <linux/icmp.h>
 17 #include <linux/if.h>
 18 #include <linux/in.h>
 19 #include <linux/ip.h>
 20 #include <linux/net.h>
 21 #include <linux/in6.h>
 22 #include <linux/netdevice.h>
 23 #include <linux/if_link.h>
 24 #include <linux/if_arp.h>
 25 #include <linux/icmpv6.h>
 26 #include <linux/init.h>
 27 #include <linux/route.h>
 28 #include <linux/rtnetlink.h>
 29 #include <linux/netfilter_ipv6.h>
 30 #include <linux/slab.h>
 31 #include <linux/hash.h>
 32 
 33 #include <linux/uaccess.h>
 34 #include <linux/atomic.h>
 35 
 36 #include <net/icmp.h>
 37 #include <net/ip.h>
 38 #include <net/ipv6.h>
 39 #include <net/ip6_route.h>
 40 #include <net/addrconf.h>
 41 #include <net/xfrm.h>
 42 #include <net/net_namespace.h>
 43 #include <net/netns/generic.h>
 44 #include <linux/etherdevice.h>
 45 
 46 static int xfrmi_dev_init(struct net_device *dev);
 47 static void xfrmi_dev_setup(struct net_device *dev);
 48 static struct rtnl_link_ops xfrmi_link_ops __read_mostly;
 49 static unsigned int xfrmi_net_id __read_mostly;
 50 
 51 struct xfrmi_net {
 52         /* lists for storing interfaces in use */
 53         struct xfrm_if __rcu *xfrmi[1];
 54 };
 55 
 56 #define for_each_xfrmi_rcu(start, xi) \
 57         for (xi = rcu_dereference(start); xi; xi = rcu_dereference(xi->next))
 58 
 59 static struct xfrm_if *xfrmi_lookup(struct net *net, struct xfrm_state *x)
 60 {
 61         struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
 62         struct xfrm_if *xi;
 63 
 64         for_each_xfrmi_rcu(xfrmn->xfrmi[0], xi) {
 65                 if (x->if_id == xi->p.if_id &&
 66                     (xi->dev->flags & IFF_UP))
 67                         return xi;
 68         }
 69 
 70         return NULL;
 71 }
 72 
 73 static struct xfrm_if *xfrmi_decode_session(struct sk_buff *skb,
 74                                             unsigned short family)
 75 {
 76         struct xfrmi_net *xfrmn;
 77         struct xfrm_if *xi;
 78         int ifindex = 0;
 79 
 80         if (!secpath_exists(skb) || !skb->dev)
 81                 return NULL;
 82 
 83         switch (family) {
 84         case AF_INET6:
 85                 ifindex = inet6_sdif(skb);
 86                 break;
 87         case AF_INET:
 88                 ifindex = inet_sdif(skb);
 89                 break;
 90         }
 91         if (!ifindex)
 92                 ifindex = skb->dev->ifindex;
 93 
 94         xfrmn = net_generic(xs_net(xfrm_input_state(skb)), xfrmi_net_id);
 95 
 96         for_each_xfrmi_rcu(xfrmn->xfrmi[0], xi) {
 97                 if (ifindex == xi->dev->ifindex &&
 98                         (xi->dev->flags & IFF_UP))
 99                                 return xi;
100         }
101 
102         return NULL;
103 }
104 
105 static void xfrmi_link(struct xfrmi_net *xfrmn, struct xfrm_if *xi)
106 {
107         struct xfrm_if __rcu **xip = &xfrmn->xfrmi[0];
108 
109         rcu_assign_pointer(xi->next , rtnl_dereference(*xip));
110         rcu_assign_pointer(*xip, xi);
111 }
112 
113 static void xfrmi_unlink(struct xfrmi_net *xfrmn, struct xfrm_if *xi)
114 {
115         struct xfrm_if __rcu **xip;
116         struct xfrm_if *iter;
117 
118         for (xip = &xfrmn->xfrmi[0];
119              (iter = rtnl_dereference(*xip)) != NULL;
120              xip = &iter->next) {
121                 if (xi == iter) {
122                         rcu_assign_pointer(*xip, xi->next);
123                         break;
124                 }
125         }
126 }
127 
128 static void xfrmi_dev_free(struct net_device *dev)
129 {
130         struct xfrm_if *xi = netdev_priv(dev);
131 
132         gro_cells_destroy(&xi->gro_cells);
133         free_percpu(dev->tstats);
134 }
135 
136 static int xfrmi_create2(struct net_device *dev)
137 {
138         struct xfrm_if *xi = netdev_priv(dev);
139         struct net *net = dev_net(dev);
140         struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
141         int err;
142 
143         dev->rtnl_link_ops = &xfrmi_link_ops;
144         err = register_netdevice(dev);
145         if (err < 0)
146                 goto out;
147 
148         strcpy(xi->p.name, dev->name);
149 
150         dev_hold(dev);
151         xfrmi_link(xfrmn, xi);
152 
153         return 0;
154 
155 out:
156         return err;
157 }
158 
159 static struct xfrm_if *xfrmi_create(struct net *net, struct xfrm_if_parms *p)
160 {
161         struct net_device *dev;
162         struct xfrm_if *xi;
163         char name[IFNAMSIZ];
164         int err;
165 
166         if (p->name[0]) {
167                 strlcpy(name, p->name, IFNAMSIZ);
168         } else {
169                 err = -EINVAL;
170                 goto failed;
171         }
172 
173         dev = alloc_netdev(sizeof(*xi), name, NET_NAME_UNKNOWN, xfrmi_dev_setup);
174         if (!dev) {
175                 err = -EAGAIN;
176                 goto failed;
177         }
178 
179         dev_net_set(dev, net);
180 
181         xi = netdev_priv(dev);
182         xi->p = *p;
183         xi->net = net;
184         xi->dev = dev;
185         xi->phydev = dev_get_by_index(net, p->link);
186         if (!xi->phydev) {
187                 err = -ENODEV;
188                 goto failed_free;
189         }
190 
191         err = xfrmi_create2(dev);
192         if (err < 0)
193                 goto failed_dev_put;
194 
195         return xi;
196 
197 failed_dev_put:
198         dev_put(xi->phydev);
199 failed_free:
200         free_netdev(dev);
201 failed:
202         return ERR_PTR(err);
203 }
204 
205 static struct xfrm_if *xfrmi_locate(struct net *net, struct xfrm_if_parms *p,
206                                    int create)
207 {
208         struct xfrm_if __rcu **xip;
209         struct xfrm_if *xi;
210         struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
211 
212         for (xip = &xfrmn->xfrmi[0];
213              (xi = rtnl_dereference(*xip)) != NULL;
214              xip = &xi->next) {
215                 if (xi->p.if_id == p->if_id) {
216                         if (create)
217                                 return ERR_PTR(-EEXIST);
218 
219                         return xi;
220                 }
221         }
222         if (!create)
223                 return ERR_PTR(-ENODEV);
224         return xfrmi_create(net, p);
225 }
226 
227 static void xfrmi_dev_uninit(struct net_device *dev)
228 {
229         struct xfrm_if *xi = netdev_priv(dev);
230         struct xfrmi_net *xfrmn = net_generic(xi->net, xfrmi_net_id);
231 
232         xfrmi_unlink(xfrmn, xi);
233         dev_put(xi->phydev);
234         dev_put(dev);
235 }
236 
237 static void xfrmi_scrub_packet(struct sk_buff *skb, bool xnet)
238 {
239         skb->tstamp = 0;
240         skb->pkt_type = PACKET_HOST;
241         skb->skb_iif = 0;
242         skb->ignore_df = 0;
243         skb_dst_drop(skb);
244         nf_reset(skb);
245         nf_reset_trace(skb);
246 
247         if (!xnet)
248                 return;
249 
250         ipvs_reset(skb);
251         secpath_reset(skb);
252         skb_orphan(skb);
253         skb->mark = 0;
254 }
255 
256 static int xfrmi_rcv_cb(struct sk_buff *skb, int err)
257 {
258         struct pcpu_sw_netstats *tstats;
259         struct xfrm_mode *inner_mode;
260         struct net_device *dev;
261         struct xfrm_state *x;
262         struct xfrm_if *xi;
263         bool xnet;
264 
265         if (err && !secpath_exists(skb))
266                 return 0;
267 
268         x = xfrm_input_state(skb);
269 
270         xi = xfrmi_lookup(xs_net(x), x);
271         if (!xi)
272                 return 1;
273 
274         dev = xi->dev;
275         skb->dev = dev;
276 
277         if (err) {
278                 dev->stats.rx_errors++;
279                 dev->stats.rx_dropped++;
280 
281                 return 0;
282         }
283 
284         xnet = !net_eq(xi->net, dev_net(skb->dev));
285 
286         if (xnet) {
287                 inner_mode = x->inner_mode;
288 
289                 if (x->sel.family == AF_UNSPEC) {
290                         inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
291                         if (inner_mode == NULL) {
292                                 XFRM_INC_STATS(dev_net(skb->dev),
293                                                LINUX_MIB_XFRMINSTATEMODEERROR);
294                                 return -EINVAL;
295                         }
296                 }
297 
298                 if (!xfrm_policy_check(NULL, XFRM_POLICY_IN, skb,
299                                        inner_mode->afinfo->family))
300                         return -EPERM;
301         }
302 
303         xfrmi_scrub_packet(skb, xnet);
304 
305         tstats = this_cpu_ptr(dev->tstats);
306 
307         u64_stats_update_begin(&tstats->syncp);
308         tstats->rx_packets++;
309         tstats->rx_bytes += skb->len;
310         u64_stats_update_end(&tstats->syncp);
311 
312         return 0;
313 }
314 
315 static int
316 xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
317 {
318         struct xfrm_if *xi = netdev_priv(dev);
319         struct net_device_stats *stats = &xi->dev->stats;
320         struct dst_entry *dst = skb_dst(skb);
321         unsigned int length = skb->len;
322         struct net_device *tdev;
323         struct xfrm_state *x;
324         int err = -1;
325         int mtu;
326 
327         if (!dst)
328                 goto tx_err_link_failure;
329 
330         dst_hold(dst);
331         dst = xfrm_lookup_with_ifid(xi->net, dst, fl, NULL, 0, xi->p.if_id);
332         if (IS_ERR(dst)) {
333                 err = PTR_ERR(dst);
334                 dst = NULL;
335                 goto tx_err_link_failure;
336         }
337 
338         x = dst->xfrm;
339         if (!x)
340                 goto tx_err_link_failure;
341 
342         if (x->if_id != xi->p.if_id)
343                 goto tx_err_link_failure;
344 
345         tdev = dst->dev;
346 
347         if (tdev == dev) {
348                 stats->collisions++;
349                 net_warn_ratelimited("%s: Local routing loop detected!\n",
350                                      xi->p.name);
351                 goto tx_err_dst_release;
352         }
353 
354         mtu = dst_mtu(dst);
355         if (!skb->ignore_df && skb->len > mtu) {
356                 skb_dst_update_pmtu(skb, mtu);
357 
358                 if (skb->protocol == htons(ETH_P_IPV6)) {
359                         if (mtu < IPV6_MIN_MTU)
360                                 mtu = IPV6_MIN_MTU;
361 
362                         icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
363                 } else {
364                         icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
365                                   htonl(mtu));
366                 }
367 
368                 dst_release(dst);
369                 return -EMSGSIZE;
370         }
371 
372         xfrmi_scrub_packet(skb, !net_eq(xi->net, dev_net(dev)));
373         skb_dst_set(skb, dst);
374         skb->dev = tdev;
375 
376         err = dst_output(xi->net, skb->sk, skb);
377         if (net_xmit_eval(err) == 0) {
378                 struct pcpu_sw_netstats *tstats = this_cpu_ptr(dev->tstats);
379 
380                 u64_stats_update_begin(&tstats->syncp);
381                 tstats->tx_bytes += length;
382                 tstats->tx_packets++;
383                 u64_stats_update_end(&tstats->syncp);
384         } else {
385                 stats->tx_errors++;
386                 stats->tx_aborted_errors++;
387         }
388 
389         return 0;
390 tx_err_link_failure:
391         stats->tx_carrier_errors++;
392         dst_link_failure(skb);
393 tx_err_dst_release:
394         dst_release(dst);
395         return err;
396 }
397 
398 static netdev_tx_t xfrmi_xmit(struct sk_buff *skb, struct net_device *dev)
399 {
400         struct xfrm_if *xi = netdev_priv(dev);
401         struct net_device_stats *stats = &xi->dev->stats;
402         struct flowi fl;
403         int ret;
404 
405         memset(&fl, 0, sizeof(fl));
406 
407         switch (skb->protocol) {
408         case htons(ETH_P_IPV6):
409                 xfrm_decode_session(skb, &fl, AF_INET6);
410                 memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
411                 break;
412         case htons(ETH_P_IP):
413                 xfrm_decode_session(skb, &fl, AF_INET);
414                 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
415                 break;
416         default:
417                 goto tx_err;
418         }
419 
420         fl.flowi_oif = xi->phydev->ifindex;
421 
422         ret = xfrmi_xmit2(skb, dev, &fl);
423         if (ret < 0)
424                 goto tx_err;
425 
426         return NETDEV_TX_OK;
427 
428 tx_err:
429         stats->tx_errors++;
430         stats->tx_dropped++;
431         kfree_skb(skb);
432         return NETDEV_TX_OK;
433 }
434 
435 static int xfrmi4_err(struct sk_buff *skb, u32 info)
436 {
437         const struct iphdr *iph = (const struct iphdr *)skb->data;
438         struct net *net = dev_net(skb->dev);
439         int protocol = iph->protocol;
440         struct ip_comp_hdr *ipch;
441         struct ip_esp_hdr *esph;
442         struct ip_auth_hdr *ah ;
443         struct xfrm_state *x;
444         struct xfrm_if *xi;
445         __be32 spi;
446 
447         switch (protocol) {
448         case IPPROTO_ESP:
449                 esph = (struct ip_esp_hdr *)(skb->data+(iph->ihl<<2));
450                 spi = esph->spi;
451                 break;
452         case IPPROTO_AH:
453                 ah = (struct ip_auth_hdr *)(skb->data+(iph->ihl<<2));
454                 spi = ah->spi;
455                 break;
456         case IPPROTO_COMP:
457                 ipch = (struct ip_comp_hdr *)(skb->data+(iph->ihl<<2));
458                 spi = htonl(ntohs(ipch->cpi));
459                 break;
460         default:
461                 return 0;
462         }
463 
464         switch (icmp_hdr(skb)->type) {
465         case ICMP_DEST_UNREACH:
466                 if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
467                         return 0;
468         case ICMP_REDIRECT:
469                 break;
470         default:
471                 return 0;
472         }
473 
474         x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
475                               spi, protocol, AF_INET);
476         if (!x)
477                 return 0;
478 
479         xi = xfrmi_lookup(net, x);
480         if (!xi) {
481                 xfrm_state_put(x);
482                 return -1;
483         }
484 
485         if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
486                 ipv4_update_pmtu(skb, net, info, 0, protocol);
487         else
488                 ipv4_redirect(skb, net, 0, protocol);
489         xfrm_state_put(x);
490 
491         return 0;
492 }
493 
494 static int xfrmi6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
495                     u8 type, u8 code, int offset, __be32 info)
496 {
497         const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
498         struct net *net = dev_net(skb->dev);
499         int protocol = iph->nexthdr;
500         struct ip_comp_hdr *ipch;
501         struct ip_esp_hdr *esph;
502         struct ip_auth_hdr *ah;
503         struct xfrm_state *x;
504         struct xfrm_if *xi;
505         __be32 spi;
506 
507         switch (protocol) {
508         case IPPROTO_ESP:
509                 esph = (struct ip_esp_hdr *)(skb->data + offset);
510                 spi = esph->spi;
511                 break;
512         case IPPROTO_AH:
513                 ah = (struct ip_auth_hdr *)(skb->data + offset);
514                 spi = ah->spi;
515                 break;
516         case IPPROTO_COMP:
517                 ipch = (struct ip_comp_hdr *)(skb->data + offset);
518                 spi = htonl(ntohs(ipch->cpi));
519                 break;
520         default:
521                 return 0;
522         }
523 
524         if (type != ICMPV6_PKT_TOOBIG &&
525             type != NDISC_REDIRECT)
526                 return 0;
527 
528         x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
529                               spi, protocol, AF_INET6);
530         if (!x)
531                 return 0;
532 
533         xi = xfrmi_lookup(net, x);
534         if (!xi) {
535                 xfrm_state_put(x);
536                 return -1;
537         }
538 
539         if (type == NDISC_REDIRECT)
540                 ip6_redirect(skb, net, skb->dev->ifindex, 0,
541                              sock_net_uid(net, NULL));
542         else
543                 ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
544         xfrm_state_put(x);
545 
546         return 0;
547 }
548 
549 static int xfrmi_change(struct xfrm_if *xi, const struct xfrm_if_parms *p)
550 {
551         if (xi->p.link != p->link)
552                 return -EINVAL;
553 
554         xi->p.if_id = p->if_id;
555 
556         return 0;
557 }
558 
559 static int xfrmi_update(struct xfrm_if *xi, struct xfrm_if_parms *p)
560 {
561         struct net *net = dev_net(xi->dev);
562         struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
563         int err;
564 
565         xfrmi_unlink(xfrmn, xi);
566         synchronize_net();
567         err = xfrmi_change(xi, p);
568         xfrmi_link(xfrmn, xi);
569         netdev_state_change(xi->dev);
570         return err;
571 }
572 
573 static void xfrmi_get_stats64(struct net_device *dev,
574                                struct rtnl_link_stats64 *s)
575 {
576         int cpu;
577 
578         for_each_possible_cpu(cpu) {
579                 struct pcpu_sw_netstats *stats;
580                 struct pcpu_sw_netstats tmp;
581                 int start;
582 
583                 stats = per_cpu_ptr(dev->tstats, cpu);
584                 do {
585                         start = u64_stats_fetch_begin_irq(&stats->syncp);
586                         tmp.rx_packets = stats->rx_packets;
587                         tmp.rx_bytes   = stats->rx_bytes;
588                         tmp.tx_packets = stats->tx_packets;
589                         tmp.tx_bytes   = stats->tx_bytes;
590                 } while (u64_stats_fetch_retry_irq(&stats->syncp, start));
591 
592                 s->rx_packets += tmp.rx_packets;
593                 s->rx_bytes   += tmp.rx_bytes;
594                 s->tx_packets += tmp.tx_packets;
595                 s->tx_bytes   += tmp.tx_bytes;
596         }
597 
598         s->rx_dropped = dev->stats.rx_dropped;
599         s->tx_dropped = dev->stats.tx_dropped;
600 }
601 
602 static int xfrmi_get_iflink(const struct net_device *dev)
603 {
604         struct xfrm_if *xi = netdev_priv(dev);
605 
606         return xi->phydev->ifindex;
607 }
608 
609 
610 static const struct net_device_ops xfrmi_netdev_ops = {
611         .ndo_init       = xfrmi_dev_init,
612         .ndo_uninit     = xfrmi_dev_uninit,
613         .ndo_start_xmit = xfrmi_xmit,
614         .ndo_get_stats64 = xfrmi_get_stats64,
615         .ndo_get_iflink = xfrmi_get_iflink,
616 };
617 
618 static void xfrmi_dev_setup(struct net_device *dev)
619 {
620         dev->netdev_ops         = &xfrmi_netdev_ops;
621         dev->type               = ARPHRD_NONE;
622         dev->hard_header_len    = ETH_HLEN;
623         dev->min_header_len     = ETH_HLEN;
624         dev->mtu                = ETH_DATA_LEN;
625         dev->min_mtu            = ETH_MIN_MTU;
626         dev->max_mtu            = ETH_DATA_LEN;
627         dev->addr_len           = ETH_ALEN;
628         dev->flags              = IFF_NOARP;
629         dev->needs_free_netdev  = true;
630         dev->priv_destructor    = xfrmi_dev_free;
631         netif_keep_dst(dev);
632 }
633 
634 static int xfrmi_dev_init(struct net_device *dev)
635 {
636         struct xfrm_if *xi = netdev_priv(dev);
637         struct net_device *phydev = xi->phydev;
638         int err;
639 
640         dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
641         if (!dev->tstats)
642                 return -ENOMEM;
643 
644         err = gro_cells_init(&xi->gro_cells, dev);
645         if (err) {
646                 free_percpu(dev->tstats);
647                 return err;
648         }
649 
650         dev->features |= NETIF_F_LLTX;
651 
652         dev->needed_headroom = phydev->needed_headroom;
653         dev->needed_tailroom = phydev->needed_tailroom;
654 
655         if (is_zero_ether_addr(dev->dev_addr))
656                 eth_hw_addr_inherit(dev, phydev);
657         if (is_zero_ether_addr(dev->broadcast))
658                 memcpy(dev->broadcast, phydev->broadcast, dev->addr_len);
659 
660         return 0;
661 }
662 
663 static int xfrmi_validate(struct nlattr *tb[], struct nlattr *data[],
664                          struct netlink_ext_ack *extack)
665 {
666         return 0;
667 }
668 
669 static void xfrmi_netlink_parms(struct nlattr *data[],
670                                struct xfrm_if_parms *parms)
671 {
672         memset(parms, 0, sizeof(*parms));
673 
674         if (!data)
675                 return;
676 
677         if (data[IFLA_XFRM_LINK])
678                 parms->link = nla_get_u32(data[IFLA_XFRM_LINK]);
679 
680         if (data[IFLA_XFRM_IF_ID])
681                 parms->if_id = nla_get_u32(data[IFLA_XFRM_IF_ID]);
682 }
683 
684 static int xfrmi_newlink(struct net *src_net, struct net_device *dev,
685                         struct nlattr *tb[], struct nlattr *data[],
686                         struct netlink_ext_ack *extack)
687 {
688         struct net *net = dev_net(dev);
689         struct xfrm_if_parms *p;
690         struct xfrm_if *xi;
691 
692         xi = netdev_priv(dev);
693         p = &xi->p;
694 
695         xfrmi_netlink_parms(data, p);
696 
697         if (!tb[IFLA_IFNAME])
698                 return -EINVAL;
699 
700         nla_strlcpy(p->name, tb[IFLA_IFNAME], IFNAMSIZ);
701 
702         xi = xfrmi_locate(net, p, 1);
703         return PTR_ERR_OR_ZERO(xi);
704 }
705 
706 static void xfrmi_dellink(struct net_device *dev, struct list_head *head)
707 {
708         unregister_netdevice_queue(dev, head);
709 }
710 
711 static int xfrmi_changelink(struct net_device *dev, struct nlattr *tb[],
712                            struct nlattr *data[],
713                            struct netlink_ext_ack *extack)
714 {
715         struct xfrm_if *xi = netdev_priv(dev);
716         struct net *net = dev_net(dev);
717 
718         xfrmi_netlink_parms(data, &xi->p);
719 
720         xi = xfrmi_locate(net, &xi->p, 0);
721 
722         if (IS_ERR_OR_NULL(xi)) {
723                 xi = netdev_priv(dev);
724         } else {
725                 if (xi->dev != dev)
726                         return -EEXIST;
727         }
728 
729         return xfrmi_update(xi, &xi->p);
730 }
731 
732 static size_t xfrmi_get_size(const struct net_device *dev)
733 {
734         return
735                 /* IFLA_XFRM_LINK */
736                 nla_total_size(4) +
737                 /* IFLA_XFRM_IF_ID */
738                 nla_total_size(4) +
739                 0;
740 }
741 
742 static int xfrmi_fill_info(struct sk_buff *skb, const struct net_device *dev)
743 {
744         struct xfrm_if *xi = netdev_priv(dev);
745         struct xfrm_if_parms *parm = &xi->p;
746 
747         if (nla_put_u32(skb, IFLA_XFRM_LINK, parm->link) ||
748             nla_put_u32(skb, IFLA_XFRM_IF_ID, parm->if_id))
749                 goto nla_put_failure;
750         return 0;
751 
752 nla_put_failure:
753         return -EMSGSIZE;
754 }
755 
756 static struct net *xfrmi_get_link_net(const struct net_device *dev)
757 {
758         struct xfrm_if *xi = netdev_priv(dev);
759 
760         return dev_net(xi->phydev);
761 }
762 
763 static const struct nla_policy xfrmi_policy[IFLA_XFRM_MAX + 1] = {
764         [IFLA_XFRM_LINK]        = { .type = NLA_U32 },
765         [IFLA_XFRM_IF_ID]       = { .type = NLA_U32 },
766 };
767 
768 static struct rtnl_link_ops xfrmi_link_ops __read_mostly = {
769         .kind           = "xfrm",
770         .maxtype        = IFLA_XFRM_MAX,
771         .policy         = xfrmi_policy,
772         .priv_size      = sizeof(struct xfrm_if),
773         .setup          = xfrmi_dev_setup,
774         .validate       = xfrmi_validate,
775         .newlink        = xfrmi_newlink,
776         .dellink        = xfrmi_dellink,
777         .changelink     = xfrmi_changelink,
778         .get_size       = xfrmi_get_size,
779         .fill_info      = xfrmi_fill_info,
780         .get_link_net   = xfrmi_get_link_net,
781 };
782 
783 static void __net_exit xfrmi_destroy_interfaces(struct xfrmi_net *xfrmn)
784 {
785         struct xfrm_if *xi;
786         LIST_HEAD(list);
787 
788         xi = rtnl_dereference(xfrmn->xfrmi[0]);
789         if (!xi)
790                 return;
791 
792         unregister_netdevice_queue(xi->dev, &list);
793         unregister_netdevice_many(&list);
794 }
795 
796 static int __net_init xfrmi_init_net(struct net *net)
797 {
798         return 0;
799 }
800 
801 static void __net_exit xfrmi_exit_net(struct net *net)
802 {
803         struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
804 
805         rtnl_lock();
806         xfrmi_destroy_interfaces(xfrmn);
807         rtnl_unlock();
808 }
809 
810 static struct pernet_operations xfrmi_net_ops = {
811         .init = xfrmi_init_net,
812         .exit = xfrmi_exit_net,
813         .id   = &xfrmi_net_id,
814         .size = sizeof(struct xfrmi_net),
815 };
816 
817 static struct xfrm6_protocol xfrmi_esp6_protocol __read_mostly = {
818         .handler        =       xfrm6_rcv,
819         .cb_handler     =       xfrmi_rcv_cb,
820         .err_handler    =       xfrmi6_err,
821         .priority       =       10,
822 };
823 
824 static struct xfrm6_protocol xfrmi_ah6_protocol __read_mostly = {
825         .handler        =       xfrm6_rcv,
826         .cb_handler     =       xfrmi_rcv_cb,
827         .err_handler    =       xfrmi6_err,
828         .priority       =       10,
829 };
830 
831 static struct xfrm6_protocol xfrmi_ipcomp6_protocol __read_mostly = {
832         .handler        =       xfrm6_rcv,
833         .cb_handler     =       xfrmi_rcv_cb,
834         .err_handler    =       xfrmi6_err,
835         .priority       =       10,
836 };
837 
838 static struct xfrm4_protocol xfrmi_esp4_protocol __read_mostly = {
839         .handler        =       xfrm4_rcv,
840         .input_handler  =       xfrm_input,
841         .cb_handler     =       xfrmi_rcv_cb,
842         .err_handler    =       xfrmi4_err,
843         .priority       =       10,
844 };
845 
846 static struct xfrm4_protocol xfrmi_ah4_protocol __read_mostly = {
847         .handler        =       xfrm4_rcv,
848         .input_handler  =       xfrm_input,
849         .cb_handler     =       xfrmi_rcv_cb,
850         .err_handler    =       xfrmi4_err,
851         .priority       =       10,
852 };
853 
854 static struct xfrm4_protocol xfrmi_ipcomp4_protocol __read_mostly = {
855         .handler        =       xfrm4_rcv,
856         .input_handler  =       xfrm_input,
857         .cb_handler     =       xfrmi_rcv_cb,
858         .err_handler    =       xfrmi4_err,
859         .priority       =       10,
860 };
861 
862 static int __init xfrmi4_init(void)
863 {
864         int err;
865 
866         err = xfrm4_protocol_register(&xfrmi_esp4_protocol, IPPROTO_ESP);
867         if (err < 0)
868                 goto xfrm_proto_esp_failed;
869         err = xfrm4_protocol_register(&xfrmi_ah4_protocol, IPPROTO_AH);
870         if (err < 0)
871                 goto xfrm_proto_ah_failed;
872         err = xfrm4_protocol_register(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
873         if (err < 0)
874                 goto xfrm_proto_comp_failed;
875 
876         return 0;
877 
878 xfrm_proto_comp_failed:
879         xfrm4_protocol_deregister(&xfrmi_ah4_protocol, IPPROTO_AH);
880 xfrm_proto_ah_failed:
881         xfrm4_protocol_deregister(&xfrmi_esp4_protocol, IPPROTO_ESP);
882 xfrm_proto_esp_failed:
883         return err;
884 }
885 
886 static void xfrmi4_fini(void)
887 {
888         xfrm4_protocol_deregister(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
889         xfrm4_protocol_deregister(&xfrmi_ah4_protocol, IPPROTO_AH);
890         xfrm4_protocol_deregister(&xfrmi_esp4_protocol, IPPROTO_ESP);
891 }
892 
893 static int __init xfrmi6_init(void)
894 {
895         int err;
896 
897         err = xfrm6_protocol_register(&xfrmi_esp6_protocol, IPPROTO_ESP);
898         if (err < 0)
899                 goto xfrm_proto_esp_failed;
900         err = xfrm6_protocol_register(&xfrmi_ah6_protocol, IPPROTO_AH);
901         if (err < 0)
902                 goto xfrm_proto_ah_failed;
903         err = xfrm6_protocol_register(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
904         if (err < 0)
905                 goto xfrm_proto_comp_failed;
906 
907         return 0;
908 
909 xfrm_proto_comp_failed:
910         xfrm6_protocol_deregister(&xfrmi_ah6_protocol, IPPROTO_AH);
911 xfrm_proto_ah_failed:
912         xfrm6_protocol_deregister(&xfrmi_esp6_protocol, IPPROTO_ESP);
913 xfrm_proto_esp_failed:
914         return err;
915 }
916 
917 static void xfrmi6_fini(void)
918 {
919         xfrm6_protocol_deregister(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
920         xfrm6_protocol_deregister(&xfrmi_ah6_protocol, IPPROTO_AH);
921         xfrm6_protocol_deregister(&xfrmi_esp6_protocol, IPPROTO_ESP);
922 }
923 
924 static const struct xfrm_if_cb xfrm_if_cb = {
925         .decode_session =       xfrmi_decode_session,
926 };
927 
928 static int __init xfrmi_init(void)
929 {
930         const char *msg;
931         int err;
932 
933         pr_info("IPsec XFRM device driver\n");
934 
935         msg = "tunnel device";
936         err = register_pernet_device(&xfrmi_net_ops);
937         if (err < 0)
938                 goto pernet_dev_failed;
939 
940         msg = "xfrm4 protocols";
941         err = xfrmi4_init();
942         if (err < 0)
943                 goto xfrmi4_failed;
944 
945         msg = "xfrm6 protocols";
946         err = xfrmi6_init();
947         if (err < 0)
948                 goto xfrmi6_failed;
949 
950 
951         msg = "netlink interface";
952         err = rtnl_link_register(&xfrmi_link_ops);
953         if (err < 0)
954                 goto rtnl_link_failed;
955 
956         xfrm_if_register_cb(&xfrm_if_cb);
957 
958         return err;
959 
960 rtnl_link_failed:
961         xfrmi6_fini();
962 xfrmi6_failed:
963         xfrmi4_fini();
964 xfrmi4_failed:
965         unregister_pernet_device(&xfrmi_net_ops);
966 pernet_dev_failed:
967         pr_err("xfrmi init: failed to register %s\n", msg);
968         return err;
969 }
970 
971 static void __exit xfrmi_fini(void)
972 {
973         xfrm_if_unregister_cb();
974         rtnl_link_unregister(&xfrmi_link_ops);
975         xfrmi4_fini();
976         xfrmi6_fini();
977         unregister_pernet_device(&xfrmi_net_ops);
978 }
979 
980 module_init(xfrmi_init);
981 module_exit(xfrmi_fini);
982 MODULE_LICENSE("GPL");
983 MODULE_ALIAS_RTNL_LINK("xfrm");
984 MODULE_ALIAS_NETDEV("xfrm0");
985 MODULE_AUTHOR("Steffen Klassert");
986 MODULE_DESCRIPTION("XFRM virtual interface");
987 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp