This source file includes following definitions.
- xfrmi_lookup
- xfrmi_decode_session
- xfrmi_link
- xfrmi_unlink
- xfrmi_dev_free
- xfrmi_create
- xfrmi_locate
- xfrmi_dev_uninit
- xfrmi_scrub_packet
- xfrmi_rcv_cb
- xfrmi_xmit2
- xfrmi_xmit
- xfrmi4_err
- xfrmi6_err
- xfrmi_change
- xfrmi_update
- xfrmi_get_stats64
- xfrmi_get_iflink
- xfrmi_dev_setup
- xfrmi_dev_init
- xfrmi_validate
- xfrmi_netlink_parms
- xfrmi_newlink
- xfrmi_dellink
- xfrmi_changelink
- xfrmi_get_size
- xfrmi_fill_info
- xfrmi_get_link_net
- xfrmi_destroy_interfaces
- xfrmi_exit_net
- xfrmi_exit_batch_net
- xfrmi4_init
- xfrmi4_fini
- xfrmi6_init
- xfrmi6_fini
- xfrmi_init
- xfrmi_fini
1
2
3
4
5
6
7
8
9
10
11 #include <linux/module.h>
12 #include <linux/capability.h>
13 #include <linux/errno.h>
14 #include <linux/types.h>
15 #include <linux/sockios.h>
16 #include <linux/icmp.h>
17 #include <linux/if.h>
18 #include <linux/in.h>
19 #include <linux/ip.h>
20 #include <linux/net.h>
21 #include <linux/in6.h>
22 #include <linux/netdevice.h>
23 #include <linux/if_link.h>
24 #include <linux/if_arp.h>
25 #include <linux/icmpv6.h>
26 #include <linux/init.h>
27 #include <linux/route.h>
28 #include <linux/rtnetlink.h>
29 #include <linux/netfilter_ipv6.h>
30 #include <linux/slab.h>
31 #include <linux/hash.h>
32
33 #include <linux/uaccess.h>
34 #include <linux/atomic.h>
35
36 #include <net/icmp.h>
37 #include <net/ip.h>
38 #include <net/ipv6.h>
39 #include <net/ip6_route.h>
40 #include <net/addrconf.h>
41 #include <net/xfrm.h>
42 #include <net/net_namespace.h>
43 #include <net/netns/generic.h>
44 #include <linux/etherdevice.h>
45
46 static int xfrmi_dev_init(struct net_device *dev);
47 static void xfrmi_dev_setup(struct net_device *dev);
48 static struct rtnl_link_ops xfrmi_link_ops __read_mostly;
49 static unsigned int xfrmi_net_id __read_mostly;
50
51 struct xfrmi_net {
52
53 struct xfrm_if __rcu *xfrmi[1];
54 };
55
56 #define for_each_xfrmi_rcu(start, xi) \
57 for (xi = rcu_dereference(start); xi; xi = rcu_dereference(xi->next))
58
59 static struct xfrm_if *xfrmi_lookup(struct net *net, struct xfrm_state *x)
60 {
61 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
62 struct xfrm_if *xi;
63
64 for_each_xfrmi_rcu(xfrmn->xfrmi[0], xi) {
65 if (x->if_id == xi->p.if_id &&
66 (xi->dev->flags & IFF_UP))
67 return xi;
68 }
69
70 return NULL;
71 }
72
73 static struct xfrm_if *xfrmi_decode_session(struct sk_buff *skb,
74 unsigned short family)
75 {
76 struct xfrmi_net *xfrmn;
77 struct xfrm_if *xi;
78 int ifindex = 0;
79
80 if (!secpath_exists(skb) || !skb->dev)
81 return NULL;
82
83 switch (family) {
84 case AF_INET6:
85 ifindex = inet6_sdif(skb);
86 break;
87 case AF_INET:
88 ifindex = inet_sdif(skb);
89 break;
90 }
91 if (!ifindex)
92 ifindex = skb->dev->ifindex;
93
94 xfrmn = net_generic(xs_net(xfrm_input_state(skb)), xfrmi_net_id);
95
96 for_each_xfrmi_rcu(xfrmn->xfrmi[0], xi) {
97 if (ifindex == xi->dev->ifindex &&
98 (xi->dev->flags & IFF_UP))
99 return xi;
100 }
101
102 return NULL;
103 }
104
105 static void xfrmi_link(struct xfrmi_net *xfrmn, struct xfrm_if *xi)
106 {
107 struct xfrm_if __rcu **xip = &xfrmn->xfrmi[0];
108
109 rcu_assign_pointer(xi->next , rtnl_dereference(*xip));
110 rcu_assign_pointer(*xip, xi);
111 }
112
113 static void xfrmi_unlink(struct xfrmi_net *xfrmn, struct xfrm_if *xi)
114 {
115 struct xfrm_if __rcu **xip;
116 struct xfrm_if *iter;
117
118 for (xip = &xfrmn->xfrmi[0];
119 (iter = rtnl_dereference(*xip)) != NULL;
120 xip = &iter->next) {
121 if (xi == iter) {
122 rcu_assign_pointer(*xip, xi->next);
123 break;
124 }
125 }
126 }
127
128 static void xfrmi_dev_free(struct net_device *dev)
129 {
130 struct xfrm_if *xi = netdev_priv(dev);
131
132 gro_cells_destroy(&xi->gro_cells);
133 free_percpu(dev->tstats);
134 }
135
136 static int xfrmi_create(struct net_device *dev)
137 {
138 struct xfrm_if *xi = netdev_priv(dev);
139 struct net *net = dev_net(dev);
140 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
141 int err;
142
143 dev->rtnl_link_ops = &xfrmi_link_ops;
144 err = register_netdevice(dev);
145 if (err < 0)
146 goto out;
147
148 dev_hold(dev);
149 xfrmi_link(xfrmn, xi);
150
151 return 0;
152
153 out:
154 return err;
155 }
156
157 static struct xfrm_if *xfrmi_locate(struct net *net, struct xfrm_if_parms *p)
158 {
159 struct xfrm_if __rcu **xip;
160 struct xfrm_if *xi;
161 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
162
163 for (xip = &xfrmn->xfrmi[0];
164 (xi = rtnl_dereference(*xip)) != NULL;
165 xip = &xi->next)
166 if (xi->p.if_id == p->if_id)
167 return xi;
168
169 return NULL;
170 }
171
172 static void xfrmi_dev_uninit(struct net_device *dev)
173 {
174 struct xfrm_if *xi = netdev_priv(dev);
175 struct xfrmi_net *xfrmn = net_generic(xi->net, xfrmi_net_id);
176
177 xfrmi_unlink(xfrmn, xi);
178 dev_put(dev);
179 }
180
181 static void xfrmi_scrub_packet(struct sk_buff *skb, bool xnet)
182 {
183 skb->tstamp = 0;
184 skb->pkt_type = PACKET_HOST;
185 skb->skb_iif = 0;
186 skb->ignore_df = 0;
187 skb_dst_drop(skb);
188 nf_reset_ct(skb);
189 nf_reset_trace(skb);
190
191 if (!xnet)
192 return;
193
194 ipvs_reset(skb);
195 secpath_reset(skb);
196 skb_orphan(skb);
197 skb->mark = 0;
198 }
199
200 static int xfrmi_rcv_cb(struct sk_buff *skb, int err)
201 {
202 const struct xfrm_mode *inner_mode;
203 struct pcpu_sw_netstats *tstats;
204 struct net_device *dev;
205 struct xfrm_state *x;
206 struct xfrm_if *xi;
207 bool xnet;
208
209 if (err && !secpath_exists(skb))
210 return 0;
211
212 x = xfrm_input_state(skb);
213
214 xi = xfrmi_lookup(xs_net(x), x);
215 if (!xi)
216 return 1;
217
218 dev = xi->dev;
219 skb->dev = dev;
220
221 if (err) {
222 dev->stats.rx_errors++;
223 dev->stats.rx_dropped++;
224
225 return 0;
226 }
227
228 xnet = !net_eq(xi->net, dev_net(skb->dev));
229
230 if (xnet) {
231 inner_mode = &x->inner_mode;
232
233 if (x->sel.family == AF_UNSPEC) {
234 inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
235 if (inner_mode == NULL) {
236 XFRM_INC_STATS(dev_net(skb->dev),
237 LINUX_MIB_XFRMINSTATEMODEERROR);
238 return -EINVAL;
239 }
240 }
241
242 if (!xfrm_policy_check(NULL, XFRM_POLICY_IN, skb,
243 inner_mode->family))
244 return -EPERM;
245 }
246
247 xfrmi_scrub_packet(skb, xnet);
248
249 tstats = this_cpu_ptr(dev->tstats);
250
251 u64_stats_update_begin(&tstats->syncp);
252 tstats->rx_packets++;
253 tstats->rx_bytes += skb->len;
254 u64_stats_update_end(&tstats->syncp);
255
256 return 0;
257 }
258
259 static int
260 xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
261 {
262 struct xfrm_if *xi = netdev_priv(dev);
263 struct net_device_stats *stats = &xi->dev->stats;
264 struct dst_entry *dst = skb_dst(skb);
265 unsigned int length = skb->len;
266 struct net_device *tdev;
267 struct xfrm_state *x;
268 int err = -1;
269 int mtu;
270
271 dst_hold(dst);
272 dst = xfrm_lookup_with_ifid(xi->net, dst, fl, NULL, 0, xi->p.if_id);
273 if (IS_ERR(dst)) {
274 err = PTR_ERR(dst);
275 dst = NULL;
276 goto tx_err_link_failure;
277 }
278
279 x = dst->xfrm;
280 if (!x)
281 goto tx_err_link_failure;
282
283 if (x->if_id != xi->p.if_id)
284 goto tx_err_link_failure;
285
286 tdev = dst->dev;
287
288 if (tdev == dev) {
289 stats->collisions++;
290 net_warn_ratelimited("%s: Local routing loop detected!\n",
291 dev->name);
292 goto tx_err_dst_release;
293 }
294
295 mtu = dst_mtu(dst);
296 if (!skb->ignore_df && skb->len > mtu) {
297 skb_dst_update_pmtu_no_confirm(skb, mtu);
298
299 if (skb->protocol == htons(ETH_P_IPV6)) {
300 if (mtu < IPV6_MIN_MTU)
301 mtu = IPV6_MIN_MTU;
302
303 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
304 } else {
305 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
306 htonl(mtu));
307 }
308
309 dst_release(dst);
310 return -EMSGSIZE;
311 }
312
313 xfrmi_scrub_packet(skb, !net_eq(xi->net, dev_net(dev)));
314 skb_dst_set(skb, dst);
315 skb->dev = tdev;
316
317 err = dst_output(xi->net, skb->sk, skb);
318 if (net_xmit_eval(err) == 0) {
319 struct pcpu_sw_netstats *tstats = this_cpu_ptr(dev->tstats);
320
321 u64_stats_update_begin(&tstats->syncp);
322 tstats->tx_bytes += length;
323 tstats->tx_packets++;
324 u64_stats_update_end(&tstats->syncp);
325 } else {
326 stats->tx_errors++;
327 stats->tx_aborted_errors++;
328 }
329
330 return 0;
331 tx_err_link_failure:
332 stats->tx_carrier_errors++;
333 dst_link_failure(skb);
334 tx_err_dst_release:
335 dst_release(dst);
336 return err;
337 }
338
339 static netdev_tx_t xfrmi_xmit(struct sk_buff *skb, struct net_device *dev)
340 {
341 struct xfrm_if *xi = netdev_priv(dev);
342 struct net_device_stats *stats = &xi->dev->stats;
343 struct dst_entry *dst = skb_dst(skb);
344 struct flowi fl;
345 int ret;
346
347 memset(&fl, 0, sizeof(fl));
348
349 switch (skb->protocol) {
350 case htons(ETH_P_IPV6):
351 xfrm_decode_session(skb, &fl, AF_INET6);
352 memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
353 if (!dst) {
354 fl.u.ip6.flowi6_oif = dev->ifindex;
355 fl.u.ip6.flowi6_flags |= FLOWI_FLAG_ANYSRC;
356 dst = ip6_route_output(dev_net(dev), NULL, &fl.u.ip6);
357 if (dst->error) {
358 dst_release(dst);
359 stats->tx_carrier_errors++;
360 goto tx_err;
361 }
362 skb_dst_set(skb, dst);
363 }
364 break;
365 case htons(ETH_P_IP):
366 xfrm_decode_session(skb, &fl, AF_INET);
367 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
368 if (!dst) {
369 struct rtable *rt;
370
371 fl.u.ip4.flowi4_oif = dev->ifindex;
372 fl.u.ip4.flowi4_flags |= FLOWI_FLAG_ANYSRC;
373 rt = __ip_route_output_key(dev_net(dev), &fl.u.ip4);
374 if (IS_ERR(rt)) {
375 stats->tx_carrier_errors++;
376 goto tx_err;
377 }
378 skb_dst_set(skb, &rt->dst);
379 }
380 break;
381 default:
382 goto tx_err;
383 }
384
385 fl.flowi_oif = xi->p.link;
386
387 ret = xfrmi_xmit2(skb, dev, &fl);
388 if (ret < 0)
389 goto tx_err;
390
391 return NETDEV_TX_OK;
392
393 tx_err:
394 stats->tx_errors++;
395 stats->tx_dropped++;
396 kfree_skb(skb);
397 return NETDEV_TX_OK;
398 }
399
400 static int xfrmi4_err(struct sk_buff *skb, u32 info)
401 {
402 const struct iphdr *iph = (const struct iphdr *)skb->data;
403 struct net *net = dev_net(skb->dev);
404 int protocol = iph->protocol;
405 struct ip_comp_hdr *ipch;
406 struct ip_esp_hdr *esph;
407 struct ip_auth_hdr *ah ;
408 struct xfrm_state *x;
409 struct xfrm_if *xi;
410 __be32 spi;
411
412 switch (protocol) {
413 case IPPROTO_ESP:
414 esph = (struct ip_esp_hdr *)(skb->data+(iph->ihl<<2));
415 spi = esph->spi;
416 break;
417 case IPPROTO_AH:
418 ah = (struct ip_auth_hdr *)(skb->data+(iph->ihl<<2));
419 spi = ah->spi;
420 break;
421 case IPPROTO_COMP:
422 ipch = (struct ip_comp_hdr *)(skb->data+(iph->ihl<<2));
423 spi = htonl(ntohs(ipch->cpi));
424 break;
425 default:
426 return 0;
427 }
428
429 switch (icmp_hdr(skb)->type) {
430 case ICMP_DEST_UNREACH:
431 if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
432 return 0;
433 case ICMP_REDIRECT:
434 break;
435 default:
436 return 0;
437 }
438
439 x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
440 spi, protocol, AF_INET);
441 if (!x)
442 return 0;
443
444 xi = xfrmi_lookup(net, x);
445 if (!xi) {
446 xfrm_state_put(x);
447 return -1;
448 }
449
450 if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
451 ipv4_update_pmtu(skb, net, info, 0, protocol);
452 else
453 ipv4_redirect(skb, net, 0, protocol);
454 xfrm_state_put(x);
455
456 return 0;
457 }
458
459 static int xfrmi6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
460 u8 type, u8 code, int offset, __be32 info)
461 {
462 const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
463 struct net *net = dev_net(skb->dev);
464 int protocol = iph->nexthdr;
465 struct ip_comp_hdr *ipch;
466 struct ip_esp_hdr *esph;
467 struct ip_auth_hdr *ah;
468 struct xfrm_state *x;
469 struct xfrm_if *xi;
470 __be32 spi;
471
472 switch (protocol) {
473 case IPPROTO_ESP:
474 esph = (struct ip_esp_hdr *)(skb->data + offset);
475 spi = esph->spi;
476 break;
477 case IPPROTO_AH:
478 ah = (struct ip_auth_hdr *)(skb->data + offset);
479 spi = ah->spi;
480 break;
481 case IPPROTO_COMP:
482 ipch = (struct ip_comp_hdr *)(skb->data + offset);
483 spi = htonl(ntohs(ipch->cpi));
484 break;
485 default:
486 return 0;
487 }
488
489 if (type != ICMPV6_PKT_TOOBIG &&
490 type != NDISC_REDIRECT)
491 return 0;
492
493 x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
494 spi, protocol, AF_INET6);
495 if (!x)
496 return 0;
497
498 xi = xfrmi_lookup(net, x);
499 if (!xi) {
500 xfrm_state_put(x);
501 return -1;
502 }
503
504 if (type == NDISC_REDIRECT)
505 ip6_redirect(skb, net, skb->dev->ifindex, 0,
506 sock_net_uid(net, NULL));
507 else
508 ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
509 xfrm_state_put(x);
510
511 return 0;
512 }
513
514 static int xfrmi_change(struct xfrm_if *xi, const struct xfrm_if_parms *p)
515 {
516 if (xi->p.link != p->link)
517 return -EINVAL;
518
519 xi->p.if_id = p->if_id;
520
521 return 0;
522 }
523
524 static int xfrmi_update(struct xfrm_if *xi, struct xfrm_if_parms *p)
525 {
526 struct net *net = xi->net;
527 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
528 int err;
529
530 xfrmi_unlink(xfrmn, xi);
531 synchronize_net();
532 err = xfrmi_change(xi, p);
533 xfrmi_link(xfrmn, xi);
534 netdev_state_change(xi->dev);
535 return err;
536 }
537
538 static void xfrmi_get_stats64(struct net_device *dev,
539 struct rtnl_link_stats64 *s)
540 {
541 int cpu;
542
543 for_each_possible_cpu(cpu) {
544 struct pcpu_sw_netstats *stats;
545 struct pcpu_sw_netstats tmp;
546 int start;
547
548 stats = per_cpu_ptr(dev->tstats, cpu);
549 do {
550 start = u64_stats_fetch_begin_irq(&stats->syncp);
551 tmp.rx_packets = stats->rx_packets;
552 tmp.rx_bytes = stats->rx_bytes;
553 tmp.tx_packets = stats->tx_packets;
554 tmp.tx_bytes = stats->tx_bytes;
555 } while (u64_stats_fetch_retry_irq(&stats->syncp, start));
556
557 s->rx_packets += tmp.rx_packets;
558 s->rx_bytes += tmp.rx_bytes;
559 s->tx_packets += tmp.tx_packets;
560 s->tx_bytes += tmp.tx_bytes;
561 }
562
563 s->rx_dropped = dev->stats.rx_dropped;
564 s->tx_dropped = dev->stats.tx_dropped;
565 }
566
567 static int xfrmi_get_iflink(const struct net_device *dev)
568 {
569 struct xfrm_if *xi = netdev_priv(dev);
570
571 return xi->p.link;
572 }
573
574
575 static const struct net_device_ops xfrmi_netdev_ops = {
576 .ndo_init = xfrmi_dev_init,
577 .ndo_uninit = xfrmi_dev_uninit,
578 .ndo_start_xmit = xfrmi_xmit,
579 .ndo_get_stats64 = xfrmi_get_stats64,
580 .ndo_get_iflink = xfrmi_get_iflink,
581 };
582
583 static void xfrmi_dev_setup(struct net_device *dev)
584 {
585 dev->netdev_ops = &xfrmi_netdev_ops;
586 dev->type = ARPHRD_NONE;
587 dev->mtu = ETH_DATA_LEN;
588 dev->min_mtu = ETH_MIN_MTU;
589 dev->max_mtu = IP_MAX_MTU;
590 dev->flags = IFF_NOARP;
591 dev->needs_free_netdev = true;
592 dev->priv_destructor = xfrmi_dev_free;
593 netif_keep_dst(dev);
594
595 eth_broadcast_addr(dev->broadcast);
596 }
597
598 static int xfrmi_dev_init(struct net_device *dev)
599 {
600 struct xfrm_if *xi = netdev_priv(dev);
601 struct net_device *phydev = __dev_get_by_index(xi->net, xi->p.link);
602 int err;
603
604 dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
605 if (!dev->tstats)
606 return -ENOMEM;
607
608 err = gro_cells_init(&xi->gro_cells, dev);
609 if (err) {
610 free_percpu(dev->tstats);
611 return err;
612 }
613
614 dev->features |= NETIF_F_LLTX;
615
616 if (phydev) {
617 dev->needed_headroom = phydev->needed_headroom;
618 dev->needed_tailroom = phydev->needed_tailroom;
619
620 if (is_zero_ether_addr(dev->dev_addr))
621 eth_hw_addr_inherit(dev, phydev);
622 if (is_zero_ether_addr(dev->broadcast))
623 memcpy(dev->broadcast, phydev->broadcast,
624 dev->addr_len);
625 } else {
626 eth_hw_addr_random(dev);
627 eth_broadcast_addr(dev->broadcast);
628 }
629
630 return 0;
631 }
632
633 static int xfrmi_validate(struct nlattr *tb[], struct nlattr *data[],
634 struct netlink_ext_ack *extack)
635 {
636 return 0;
637 }
638
639 static void xfrmi_netlink_parms(struct nlattr *data[],
640 struct xfrm_if_parms *parms)
641 {
642 memset(parms, 0, sizeof(*parms));
643
644 if (!data)
645 return;
646
647 if (data[IFLA_XFRM_LINK])
648 parms->link = nla_get_u32(data[IFLA_XFRM_LINK]);
649
650 if (data[IFLA_XFRM_IF_ID])
651 parms->if_id = nla_get_u32(data[IFLA_XFRM_IF_ID]);
652 }
653
654 static int xfrmi_newlink(struct net *src_net, struct net_device *dev,
655 struct nlattr *tb[], struct nlattr *data[],
656 struct netlink_ext_ack *extack)
657 {
658 struct net *net = dev_net(dev);
659 struct xfrm_if_parms p;
660 struct xfrm_if *xi;
661 int err;
662
663 xfrmi_netlink_parms(data, &p);
664 xi = xfrmi_locate(net, &p);
665 if (xi)
666 return -EEXIST;
667
668 xi = netdev_priv(dev);
669 xi->p = p;
670 xi->net = net;
671 xi->dev = dev;
672
673 err = xfrmi_create(dev);
674 return err;
675 }
676
677 static void xfrmi_dellink(struct net_device *dev, struct list_head *head)
678 {
679 unregister_netdevice_queue(dev, head);
680 }
681
682 static int xfrmi_changelink(struct net_device *dev, struct nlattr *tb[],
683 struct nlattr *data[],
684 struct netlink_ext_ack *extack)
685 {
686 struct xfrm_if *xi = netdev_priv(dev);
687 struct net *net = xi->net;
688 struct xfrm_if_parms p;
689
690 xfrmi_netlink_parms(data, &p);
691 xi = xfrmi_locate(net, &p);
692 if (!xi) {
693 xi = netdev_priv(dev);
694 } else {
695 if (xi->dev != dev)
696 return -EEXIST;
697 }
698
699 return xfrmi_update(xi, &p);
700 }
701
702 static size_t xfrmi_get_size(const struct net_device *dev)
703 {
704 return
705
706 nla_total_size(4) +
707
708 nla_total_size(4) +
709 0;
710 }
711
712 static int xfrmi_fill_info(struct sk_buff *skb, const struct net_device *dev)
713 {
714 struct xfrm_if *xi = netdev_priv(dev);
715 struct xfrm_if_parms *parm = &xi->p;
716
717 if (nla_put_u32(skb, IFLA_XFRM_LINK, parm->link) ||
718 nla_put_u32(skb, IFLA_XFRM_IF_ID, parm->if_id))
719 goto nla_put_failure;
720 return 0;
721
722 nla_put_failure:
723 return -EMSGSIZE;
724 }
725
726 static struct net *xfrmi_get_link_net(const struct net_device *dev)
727 {
728 struct xfrm_if *xi = netdev_priv(dev);
729
730 return xi->net;
731 }
732
733 static const struct nla_policy xfrmi_policy[IFLA_XFRM_MAX + 1] = {
734 [IFLA_XFRM_LINK] = { .type = NLA_U32 },
735 [IFLA_XFRM_IF_ID] = { .type = NLA_U32 },
736 };
737
738 static struct rtnl_link_ops xfrmi_link_ops __read_mostly = {
739 .kind = "xfrm",
740 .maxtype = IFLA_XFRM_MAX,
741 .policy = xfrmi_policy,
742 .priv_size = sizeof(struct xfrm_if),
743 .setup = xfrmi_dev_setup,
744 .validate = xfrmi_validate,
745 .newlink = xfrmi_newlink,
746 .dellink = xfrmi_dellink,
747 .changelink = xfrmi_changelink,
748 .get_size = xfrmi_get_size,
749 .fill_info = xfrmi_fill_info,
750 .get_link_net = xfrmi_get_link_net,
751 };
752
753 static void __net_exit xfrmi_destroy_interfaces(struct xfrmi_net *xfrmn)
754 {
755 struct xfrm_if *xi;
756 LIST_HEAD(list);
757
758 xi = rtnl_dereference(xfrmn->xfrmi[0]);
759 if (!xi)
760 return;
761
762 unregister_netdevice_queue(xi->dev, &list);
763 unregister_netdevice_many(&list);
764 }
765
766 static void __net_exit xfrmi_exit_net(struct net *net)
767 {
768 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
769
770 rtnl_lock();
771 xfrmi_destroy_interfaces(xfrmn);
772 rtnl_unlock();
773 }
774
775 static void __net_exit xfrmi_exit_batch_net(struct list_head *net_exit_list)
776 {
777 struct net *net;
778 LIST_HEAD(list);
779
780 rtnl_lock();
781 list_for_each_entry(net, net_exit_list, exit_list) {
782 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
783 struct xfrm_if __rcu **xip;
784 struct xfrm_if *xi;
785
786 for (xip = &xfrmn->xfrmi[0];
787 (xi = rtnl_dereference(*xip)) != NULL;
788 xip = &xi->next)
789 unregister_netdevice_queue(xi->dev, &list);
790 }
791 unregister_netdevice_many(&list);
792 rtnl_unlock();
793 }
794
795 static struct pernet_operations xfrmi_net_ops = {
796 .exit_batch = xfrmi_exit_batch_net,
797 .exit = xfrmi_exit_net,
798 .id = &xfrmi_net_id,
799 .size = sizeof(struct xfrmi_net),
800 };
801
802 static struct xfrm6_protocol xfrmi_esp6_protocol __read_mostly = {
803 .handler = xfrm6_rcv,
804 .cb_handler = xfrmi_rcv_cb,
805 .err_handler = xfrmi6_err,
806 .priority = 10,
807 };
808
809 static struct xfrm6_protocol xfrmi_ah6_protocol __read_mostly = {
810 .handler = xfrm6_rcv,
811 .cb_handler = xfrmi_rcv_cb,
812 .err_handler = xfrmi6_err,
813 .priority = 10,
814 };
815
816 static struct xfrm6_protocol xfrmi_ipcomp6_protocol __read_mostly = {
817 .handler = xfrm6_rcv,
818 .cb_handler = xfrmi_rcv_cb,
819 .err_handler = xfrmi6_err,
820 .priority = 10,
821 };
822
823 static struct xfrm4_protocol xfrmi_esp4_protocol __read_mostly = {
824 .handler = xfrm4_rcv,
825 .input_handler = xfrm_input,
826 .cb_handler = xfrmi_rcv_cb,
827 .err_handler = xfrmi4_err,
828 .priority = 10,
829 };
830
831 static struct xfrm4_protocol xfrmi_ah4_protocol __read_mostly = {
832 .handler = xfrm4_rcv,
833 .input_handler = xfrm_input,
834 .cb_handler = xfrmi_rcv_cb,
835 .err_handler = xfrmi4_err,
836 .priority = 10,
837 };
838
839 static struct xfrm4_protocol xfrmi_ipcomp4_protocol __read_mostly = {
840 .handler = xfrm4_rcv,
841 .input_handler = xfrm_input,
842 .cb_handler = xfrmi_rcv_cb,
843 .err_handler = xfrmi4_err,
844 .priority = 10,
845 };
846
847 static int __init xfrmi4_init(void)
848 {
849 int err;
850
851 err = xfrm4_protocol_register(&xfrmi_esp4_protocol, IPPROTO_ESP);
852 if (err < 0)
853 goto xfrm_proto_esp_failed;
854 err = xfrm4_protocol_register(&xfrmi_ah4_protocol, IPPROTO_AH);
855 if (err < 0)
856 goto xfrm_proto_ah_failed;
857 err = xfrm4_protocol_register(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
858 if (err < 0)
859 goto xfrm_proto_comp_failed;
860
861 return 0;
862
863 xfrm_proto_comp_failed:
864 xfrm4_protocol_deregister(&xfrmi_ah4_protocol, IPPROTO_AH);
865 xfrm_proto_ah_failed:
866 xfrm4_protocol_deregister(&xfrmi_esp4_protocol, IPPROTO_ESP);
867 xfrm_proto_esp_failed:
868 return err;
869 }
870
871 static void xfrmi4_fini(void)
872 {
873 xfrm4_protocol_deregister(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
874 xfrm4_protocol_deregister(&xfrmi_ah4_protocol, IPPROTO_AH);
875 xfrm4_protocol_deregister(&xfrmi_esp4_protocol, IPPROTO_ESP);
876 }
877
878 static int __init xfrmi6_init(void)
879 {
880 int err;
881
882 err = xfrm6_protocol_register(&xfrmi_esp6_protocol, IPPROTO_ESP);
883 if (err < 0)
884 goto xfrm_proto_esp_failed;
885 err = xfrm6_protocol_register(&xfrmi_ah6_protocol, IPPROTO_AH);
886 if (err < 0)
887 goto xfrm_proto_ah_failed;
888 err = xfrm6_protocol_register(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
889 if (err < 0)
890 goto xfrm_proto_comp_failed;
891
892 return 0;
893
894 xfrm_proto_comp_failed:
895 xfrm6_protocol_deregister(&xfrmi_ah6_protocol, IPPROTO_AH);
896 xfrm_proto_ah_failed:
897 xfrm6_protocol_deregister(&xfrmi_esp6_protocol, IPPROTO_ESP);
898 xfrm_proto_esp_failed:
899 return err;
900 }
901
902 static void xfrmi6_fini(void)
903 {
904 xfrm6_protocol_deregister(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
905 xfrm6_protocol_deregister(&xfrmi_ah6_protocol, IPPROTO_AH);
906 xfrm6_protocol_deregister(&xfrmi_esp6_protocol, IPPROTO_ESP);
907 }
908
909 static const struct xfrm_if_cb xfrm_if_cb = {
910 .decode_session = xfrmi_decode_session,
911 };
912
913 static int __init xfrmi_init(void)
914 {
915 const char *msg;
916 int err;
917
918 pr_info("IPsec XFRM device driver\n");
919
920 msg = "tunnel device";
921 err = register_pernet_device(&xfrmi_net_ops);
922 if (err < 0)
923 goto pernet_dev_failed;
924
925 msg = "xfrm4 protocols";
926 err = xfrmi4_init();
927 if (err < 0)
928 goto xfrmi4_failed;
929
930 msg = "xfrm6 protocols";
931 err = xfrmi6_init();
932 if (err < 0)
933 goto xfrmi6_failed;
934
935
936 msg = "netlink interface";
937 err = rtnl_link_register(&xfrmi_link_ops);
938 if (err < 0)
939 goto rtnl_link_failed;
940
941 xfrm_if_register_cb(&xfrm_if_cb);
942
943 return err;
944
945 rtnl_link_failed:
946 xfrmi6_fini();
947 xfrmi6_failed:
948 xfrmi4_fini();
949 xfrmi4_failed:
950 unregister_pernet_device(&xfrmi_net_ops);
951 pernet_dev_failed:
952 pr_err("xfrmi init: failed to register %s\n", msg);
953 return err;
954 }
955
956 static void __exit xfrmi_fini(void)
957 {
958 xfrm_if_unregister_cb();
959 rtnl_link_unregister(&xfrmi_link_ops);
960 xfrmi4_fini();
961 xfrmi6_fini();
962 unregister_pernet_device(&xfrmi_net_ops);
963 }
964
965 module_init(xfrmi_init);
966 module_exit(xfrmi_fini);
967 MODULE_LICENSE("GPL");
968 MODULE_ALIAS_RTNL_LINK("xfrm");
969 MODULE_ALIAS_NETDEV("xfrm0");
970 MODULE_AUTHOR("Steffen Klassert");
971 MODULE_DESCRIPTION("XFRM virtual interface");