search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'trace-printf-v6.13' of git://git.kernel.org/pub/scm/linux/kernel/git/trace...
[drm/drm-misc.git] / drivers / net / vxlan / vxlan_core.c
blob9ea63059d52d75d8c4771fe55a81f6be9b213a5d
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * VXLAN: Virtual eXtensible Local Area Network
4 *
5 * Copyright (c) 2012-2013 Vyatta Inc.
6 */
7
8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9
10 #include <linux/kernel.h>
11 #include <linux/module.h>
12 #include <linux/errno.h>
13 #include <linux/slab.h>
14 #include <linux/udp.h>
15 #include <linux/igmp.h>
16 #include <linux/if_ether.h>
17 #include <linux/ethtool.h>
18 #include <net/arp.h>
19 #include <net/ndisc.h>
20 #include <net/gro.h>
21 #include <net/ipv6_stubs.h>
22 #include <net/ip.h>
23 #include <net/icmp.h>
24 #include <net/rtnetlink.h>
25 #include <net/inet_ecn.h>
26 #include <net/net_namespace.h>
27 #include <net/netns/generic.h>
28 #include <net/tun_proto.h>
29 #include <net/vxlan.h>
30 #include <net/nexthop.h>
31
32 #if IS_ENABLED(CONFIG_IPV6)
33 #include <net/ip6_tunnel.h>
34 #include <net/ip6_checksum.h>
35 #endif
36
37 #include "vxlan_private.h"
38
39 #define VXLAN_VERSION "0.1"
40
41 #define FDB_AGE_DEFAULT 300 /* 5 min */
42 #define FDB_AGE_INTERVAL (10 * HZ) /* rescan interval */
43
44 /* UDP port for VXLAN traffic.
45 * The IANA assigned port is 4789, but the Linux default is 8472
46 * for compatibility with early adopters.
47 */
48 static unsigned short vxlan_port __read_mostly = 8472;
49 module_param_named(udp_port, vxlan_port, ushort, 0444);
50 MODULE_PARM_DESC(udp_port, "Destination UDP port");
51
52 static bool log_ecn_error = true;
53 module_param(log_ecn_error, bool, 0644);
54 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
55
56 unsigned int vxlan_net_id;
57
58 const u8 all_zeros_mac[ETH_ALEN + 2];
59 static struct rtnl_link_ops vxlan_link_ops;
60
61 static int vxlan_sock_add(struct vxlan_dev *vxlan);
62
63 static void vxlan_vs_del_dev(struct vxlan_dev *vxlan);
64
65 /* salt for hash table */
66 static u32 vxlan_salt __read_mostly;
67
68 static inline bool vxlan_collect_metadata(struct vxlan_sock *vs)
69 {
70 return vs->flags & VXLAN_F_COLLECT_METADATA ||
71 ip_tunnel_collect_metadata();
72 }
73
74 /* Find VXLAN socket based on network namespace, address family, UDP port,
75 * enabled unshareable flags and socket device binding (see l3mdev with
76 * non-default VRF).
77 */
78 static struct vxlan_sock *vxlan_find_sock(struct net *net, sa_family_t family,
79 __be16 port, u32 flags, int ifindex)
80 {
81 struct vxlan_sock *vs;
82
83 flags &= VXLAN_F_RCV_FLAGS;
84
85 hlist_for_each_entry_rcu(vs, vs_head(net, port), hlist) {
86 if (inet_sk(vs->sock->sk)->inet_sport == port &&
87 vxlan_get_sk_family(vs) == family &&
88 vs->flags == flags &&
89 vs->sock->sk->sk_bound_dev_if == ifindex)
90 return vs;
91 }
92 return NULL;
93 }
94
95 static struct vxlan_dev *vxlan_vs_find_vni(struct vxlan_sock *vs,
96 int ifindex, __be32 vni,
97 struct vxlan_vni_node **vninode)
98 {
99 struct vxlan_vni_node *vnode;
100 struct vxlan_dev_node *node;
101
102 /* For flow based devices, map all packets to VNI 0 */
103 if (vs->flags & VXLAN_F_COLLECT_METADATA &&
104 !(vs->flags & VXLAN_F_VNIFILTER))
105 vni = 0;
106
107 hlist_for_each_entry_rcu(node, vni_head(vs, vni), hlist) {
108 if (!node->vxlan)
109 continue;
110 vnode = NULL;
111 if (node->vxlan->cfg.flags & VXLAN_F_VNIFILTER) {
112 vnode = vxlan_vnifilter_lookup(node->vxlan, vni);
113 if (!vnode)
114 continue;
115 } else if (node->vxlan->default_dst.remote_vni != vni) {
116 continue;
117 }
118
119 if (IS_ENABLED(CONFIG_IPV6)) {
120 const struct vxlan_config *cfg = &node->vxlan->cfg;
121
122 if ((cfg->flags & VXLAN_F_IPV6_LINKLOCAL) &&
123 cfg->remote_ifindex != ifindex)
124 continue;
125 }
126
127 if (vninode)
128 *vninode = vnode;
129 return node->vxlan;
130 }
131
132 return NULL;
133 }
134
135 /* Look up VNI in a per net namespace table */
136 static struct vxlan_dev *vxlan_find_vni(struct net *net, int ifindex,
137 __be32 vni, sa_family_t family,
138 __be16 port, u32 flags)
139 {
140 struct vxlan_sock *vs;
141
142 vs = vxlan_find_sock(net, family, port, flags, ifindex);
143 if (!vs)
144 return NULL;
145
146 return vxlan_vs_find_vni(vs, ifindex, vni, NULL);
147 }
148
149 /* Fill in neighbour message in skbuff. */
150 static int vxlan_fdb_info(struct sk_buff *skb, struct vxlan_dev *vxlan,
151 const struct vxlan_fdb *fdb,
152 u32 portid, u32 seq, int type, unsigned int flags,
153 const struct vxlan_rdst *rdst)
154 {
155 unsigned long now = jiffies;
156 struct nda_cacheinfo ci;
157 bool send_ip, send_eth;
158 struct nlmsghdr *nlh;
159 struct nexthop *nh;
160 struct ndmsg *ndm;
161 int nh_family;
162 u32 nh_id;
163
164 nlh = nlmsg_put(skb, portid, seq, type, sizeof(*ndm), flags);
165 if (nlh == NULL)
166 return -EMSGSIZE;
167
168 ndm = nlmsg_data(nlh);
169 memset(ndm, 0, sizeof(*ndm));
170
171 send_eth = send_ip = true;
172
173 rcu_read_lock();
174 nh = rcu_dereference(fdb->nh);
175 if (nh) {
176 nh_family = nexthop_get_family(nh);
177 nh_id = nh->id;
178 }
179 rcu_read_unlock();
180
181 if (type == RTM_GETNEIGH) {
182 if (rdst) {
183 send_ip = !vxlan_addr_any(&rdst->remote_ip);
184 ndm->ndm_family = send_ip ? rdst->remote_ip.sa.sa_family : AF_INET;
185 } else if (nh) {
186 ndm->ndm_family = nh_family;
187 }
188 send_eth = !is_zero_ether_addr(fdb->eth_addr);
189 } else
190 ndm->ndm_family = AF_BRIDGE;
191 ndm->ndm_state = fdb->state;
192 ndm->ndm_ifindex = vxlan->dev->ifindex;
193 ndm->ndm_flags = fdb->flags;
194 if (rdst && rdst->offloaded)
195 ndm->ndm_flags |= NTF_OFFLOADED;
196 ndm->ndm_type = RTN_UNICAST;
197
198 if (!net_eq(dev_net(vxlan->dev), vxlan->net) &&
199 nla_put_s32(skb, NDA_LINK_NETNSID,
200 peernet2id(dev_net(vxlan->dev), vxlan->net)))
201 goto nla_put_failure;
202
203 if (send_eth && nla_put(skb, NDA_LLADDR, ETH_ALEN, &fdb->eth_addr))
204 goto nla_put_failure;
205 if (nh) {
206 if (nla_put_u32(skb, NDA_NH_ID, nh_id))
207 goto nla_put_failure;
208 } else if (rdst) {
209 if (send_ip && vxlan_nla_put_addr(skb, NDA_DST,
210 &rdst->remote_ip))
211 goto nla_put_failure;
212
213 if (rdst->remote_port &&
214 rdst->remote_port != vxlan->cfg.dst_port &&
215 nla_put_be16(skb, NDA_PORT, rdst->remote_port))
216 goto nla_put_failure;
217 if (rdst->remote_vni != vxlan->default_dst.remote_vni &&
218 nla_put_u32(skb, NDA_VNI, be32_to_cpu(rdst->remote_vni)))
219 goto nla_put_failure;
220 if (rdst->remote_ifindex &&
221 nla_put_u32(skb, NDA_IFINDEX, rdst->remote_ifindex))
222 goto nla_put_failure;
223 }
224
225 if ((vxlan->cfg.flags & VXLAN_F_COLLECT_METADATA) && fdb->vni &&
226 nla_put_u32(skb, NDA_SRC_VNI,
227 be32_to_cpu(fdb->vni)))
228 goto nla_put_failure;
229
230 ci.ndm_used = jiffies_to_clock_t(now - fdb->used);
231 ci.ndm_confirmed = 0;
232 ci.ndm_updated = jiffies_to_clock_t(now - fdb->updated);
233 ci.ndm_refcnt = 0;
234
235 if (nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
236 goto nla_put_failure;
237
238 nlmsg_end(skb, nlh);
239 return 0;
240
241 nla_put_failure:
242 nlmsg_cancel(skb, nlh);
243 return -EMSGSIZE;
244 }
245
246 static inline size_t vxlan_nlmsg_size(void)
247 {
248 return NLMSG_ALIGN(sizeof(struct ndmsg))
249 + nla_total_size(ETH_ALEN) /* NDA_LLADDR */
250 + nla_total_size(sizeof(struct in6_addr)) /* NDA_DST */
251 + nla_total_size(sizeof(__be16)) /* NDA_PORT */
252 + nla_total_size(sizeof(__be32)) /* NDA_VNI */
253 + nla_total_size(sizeof(__u32)) /* NDA_IFINDEX */
254 + nla_total_size(sizeof(__s32)) /* NDA_LINK_NETNSID */
255 + nla_total_size(sizeof(struct nda_cacheinfo));
256 }
257
258 static void __vxlan_fdb_notify(struct vxlan_dev *vxlan, struct vxlan_fdb *fdb,
259 struct vxlan_rdst *rd, int type)
260 {
261 struct net *net = dev_net(vxlan->dev);
262 struct sk_buff *skb;
263 int err = -ENOBUFS;
264
265 skb = nlmsg_new(vxlan_nlmsg_size(), GFP_ATOMIC);
266 if (skb == NULL)
267 goto errout;
268
269 err = vxlan_fdb_info(skb, vxlan, fdb, 0, 0, type, 0, rd);
270 if (err < 0) {
271 /* -EMSGSIZE implies BUG in vxlan_nlmsg_size() */
272 WARN_ON(err == -EMSGSIZE);
273 kfree_skb(skb);
274 goto errout;
275 }
276
277 rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
278 return;
279 errout:
280 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
281 }
282
283 static void vxlan_fdb_switchdev_notifier_info(const struct vxlan_dev *vxlan,
284 const struct vxlan_fdb *fdb,
285 const struct vxlan_rdst *rd,
286 struct netlink_ext_ack *extack,
287 struct switchdev_notifier_vxlan_fdb_info *fdb_info)
288 {
289 fdb_info->info.dev = vxlan->dev;
290 fdb_info->info.extack = extack;
291 fdb_info->remote_ip = rd->remote_ip;
292 fdb_info->remote_port = rd->remote_port;
293 fdb_info->remote_vni = rd->remote_vni;
294 fdb_info->remote_ifindex = rd->remote_ifindex;
295 memcpy(fdb_info->eth_addr, fdb->eth_addr, ETH_ALEN);
296 fdb_info->vni = fdb->vni;
297 fdb_info->offloaded = rd->offloaded;
298 fdb_info->added_by_user = fdb->flags & NTF_VXLAN_ADDED_BY_USER;
299 }
300
301 static int vxlan_fdb_switchdev_call_notifiers(struct vxlan_dev *vxlan,
302 struct vxlan_fdb *fdb,
303 struct vxlan_rdst *rd,
304 bool adding,
305 struct netlink_ext_ack *extack)
306 {
307 struct switchdev_notifier_vxlan_fdb_info info;
308 enum switchdev_notifier_type notifier_type;
309 int ret;
310
311 if (WARN_ON(!rd))
312 return 0;
313
314 notifier_type = adding ? SWITCHDEV_VXLAN_FDB_ADD_TO_DEVICE
315 : SWITCHDEV_VXLAN_FDB_DEL_TO_DEVICE;
316 vxlan_fdb_switchdev_notifier_info(vxlan, fdb, rd, NULL, &info);
317 ret = call_switchdev_notifiers(notifier_type, vxlan->dev,
318 &info.info, extack);
319 return notifier_to_errno(ret);
320 }
321
322 static int vxlan_fdb_notify(struct vxlan_dev *vxlan, struct vxlan_fdb *fdb,
323 struct vxlan_rdst *rd, int type, bool swdev_notify,
324 struct netlink_ext_ack *extack)
325 {
326 int err;
327
328 if (swdev_notify && rd) {
329 switch (type) {
330 case RTM_NEWNEIGH:
331 err = vxlan_fdb_switchdev_call_notifiers(vxlan, fdb, rd,
332 true, extack);
333 if (err)
334 return err;
335 break;
336 case RTM_DELNEIGH:
337 vxlan_fdb_switchdev_call_notifiers(vxlan, fdb, rd,
338 false, extack);
339 break;
340 }
341 }
342
343 __vxlan_fdb_notify(vxlan, fdb, rd, type);
344 return 0;
345 }
346
347 static void vxlan_ip_miss(struct net_device *dev, union vxlan_addr *ipa)
348 {
349 struct vxlan_dev *vxlan = netdev_priv(dev);
350 struct vxlan_fdb f = {
351 .state = NUD_STALE,
352 };
353 struct vxlan_rdst remote = {
354 .remote_ip = *ipa, /* goes to NDA_DST */
355 .remote_vni = cpu_to_be32(VXLAN_N_VID),
356 };
357
358 vxlan_fdb_notify(vxlan, &f, &remote, RTM_GETNEIGH, true, NULL);
359 }
360
361 static void vxlan_fdb_miss(struct vxlan_dev *vxlan, const u8 eth_addr[ETH_ALEN])
362 {
363 struct vxlan_fdb f = {
364 .state = NUD_STALE,
365 };
366 struct vxlan_rdst remote = { };
367
368 memcpy(f.eth_addr, eth_addr, ETH_ALEN);
369
370 vxlan_fdb_notify(vxlan, &f, &remote, RTM_GETNEIGH, true, NULL);
371 }
372
373 /* Hash Ethernet address */
374 static u32 eth_hash(const unsigned char *addr)
375 {
376 u64 value = get_unaligned((u64 *)addr);
377
378 /* only want 6 bytes */
379 #ifdef __BIG_ENDIAN
380 value >>= 16;
381 #else
382 value <<= 16;
383 #endif
384 return hash_64(value, FDB_HASH_BITS);
385 }
386
387 u32 eth_vni_hash(const unsigned char *addr, __be32 vni)
388 {
389 /* use 1 byte of OUI and 3 bytes of NIC */
390 u32 key = get_unaligned((u32 *)(addr + 2));
391
392 return jhash_2words(key, vni, vxlan_salt) & (FDB_HASH_SIZE - 1);
393 }
394
395 u32 fdb_head_index(struct vxlan_dev *vxlan, const u8 *mac, __be32 vni)
396 {
397 if (vxlan->cfg.flags & VXLAN_F_COLLECT_METADATA)
398 return eth_vni_hash(mac, vni);
399 else
400 return eth_hash(mac);
401 }
402
403 /* Hash chain to use given mac address */
404 static inline struct hlist_head *vxlan_fdb_head(struct vxlan_dev *vxlan,
405 const u8 *mac, __be32 vni)
406 {
407 return &vxlan->fdb_head[fdb_head_index(vxlan, mac, vni)];
408 }
409
410 /* Look up Ethernet address in forwarding table */
411 static struct vxlan_fdb *__vxlan_find_mac(struct vxlan_dev *vxlan,
412 const u8 *mac, __be32 vni)
413 {
414 struct hlist_head *head = vxlan_fdb_head(vxlan, mac, vni);
415 struct vxlan_fdb *f;
416
417 hlist_for_each_entry_rcu(f, head, hlist) {
418 if (ether_addr_equal(mac, f->eth_addr)) {
419 if (vxlan->cfg.flags & VXLAN_F_COLLECT_METADATA) {
420 if (vni == f->vni)
421 return f;
422 } else {
423 return f;
424 }
425 }
426 }
427
428 return NULL;
429 }
430
431 static struct vxlan_fdb *vxlan_find_mac(struct vxlan_dev *vxlan,
432 const u8 *mac, __be32 vni)
433 {
434 struct vxlan_fdb *f;
435
436 f = __vxlan_find_mac(vxlan, mac, vni);
437 if (f && f->used != jiffies)
438 f->used = jiffies;
439
440 return f;
441 }
442
443 /* caller should hold vxlan->hash_lock */
444 static struct vxlan_rdst *vxlan_fdb_find_rdst(struct vxlan_fdb *f,
445 union vxlan_addr *ip, __be16 port,
446 __be32 vni, __u32 ifindex)
447 {
448 struct vxlan_rdst *rd;
449
450 list_for_each_entry(rd, &f->remotes, list) {
451 if (vxlan_addr_equal(&rd->remote_ip, ip) &&
452 rd->remote_port == port &&
453 rd->remote_vni == vni &&
454 rd->remote_ifindex == ifindex)
455 return rd;
456 }
457
458 return NULL;
459 }
460
461 int vxlan_fdb_find_uc(struct net_device *dev, const u8 *mac, __be32 vni,
462 struct switchdev_notifier_vxlan_fdb_info *fdb_info)
463 {
464 struct vxlan_dev *vxlan = netdev_priv(dev);
465 u8 eth_addr[ETH_ALEN + 2] = { 0 };
466 struct vxlan_rdst *rdst;
467 struct vxlan_fdb *f;
468 int rc = 0;
469
470 if (is_multicast_ether_addr(mac) ||
471 is_zero_ether_addr(mac))
472 return -EINVAL;
473
474 ether_addr_copy(eth_addr, mac);
475
476 rcu_read_lock();
477
478 f = __vxlan_find_mac(vxlan, eth_addr, vni);
479 if (!f) {
480 rc = -ENOENT;
481 goto out;
482 }
483
484 rdst = first_remote_rcu(f);
485 vxlan_fdb_switchdev_notifier_info(vxlan, f, rdst, NULL, fdb_info);
486
487 out:
488 rcu_read_unlock();
489 return rc;
490 }
491 EXPORT_SYMBOL_GPL(vxlan_fdb_find_uc);
492
493 static int vxlan_fdb_notify_one(struct notifier_block *nb,
494 const struct vxlan_dev *vxlan,
495 const struct vxlan_fdb *f,
496 const struct vxlan_rdst *rdst,
497 struct netlink_ext_ack *extack)
498 {
499 struct switchdev_notifier_vxlan_fdb_info fdb_info;
500 int rc;
501
502 vxlan_fdb_switchdev_notifier_info(vxlan, f, rdst, extack, &fdb_info);
503 rc = nb->notifier_call(nb, SWITCHDEV_VXLAN_FDB_ADD_TO_DEVICE,
504 &fdb_info);
505 return notifier_to_errno(rc);
506 }
507
508 int vxlan_fdb_replay(const struct net_device *dev, __be32 vni,
509 struct notifier_block *nb,
510 struct netlink_ext_ack *extack)
511 {
512 struct vxlan_dev *vxlan;
513 struct vxlan_rdst *rdst;
514 struct vxlan_fdb *f;
515 unsigned int h;
516 int rc = 0;
517
518 if (!netif_is_vxlan(dev))
519 return -EINVAL;
520 vxlan = netdev_priv(dev);
521
522 for (h = 0; h < FDB_HASH_SIZE; ++h) {
523 spin_lock_bh(&vxlan->hash_lock[h]);
524 hlist_for_each_entry(f, &vxlan->fdb_head[h], hlist) {
525 if (f->vni == vni) {
526 list_for_each_entry(rdst, &f->remotes, list) {
527 rc = vxlan_fdb_notify_one(nb, vxlan,
528 f, rdst,
529 extack);
530 if (rc)
531 goto unlock;
532 }
533 }
534 }
535 spin_unlock_bh(&vxlan->hash_lock[h]);
536 }
537 return 0;
538
539 unlock:
540 spin_unlock_bh(&vxlan->hash_lock[h]);
541 return rc;
542 }
543 EXPORT_SYMBOL_GPL(vxlan_fdb_replay);
544
545 void vxlan_fdb_clear_offload(const struct net_device *dev, __be32 vni)
546 {
547 struct vxlan_dev *vxlan;
548 struct vxlan_rdst *rdst;
549 struct vxlan_fdb *f;
550 unsigned int h;
551
552 if (!netif_is_vxlan(dev))
553 return;
554 vxlan = netdev_priv(dev);
555
556 for (h = 0; h < FDB_HASH_SIZE; ++h) {
557 spin_lock_bh(&vxlan->hash_lock[h]);
558 hlist_for_each_entry(f, &vxlan->fdb_head[h], hlist)
559 if (f->vni == vni)
560 list_for_each_entry(rdst, &f->remotes, list)
561 rdst->offloaded = false;
562 spin_unlock_bh(&vxlan->hash_lock[h]);
563 }
564
565 }
566 EXPORT_SYMBOL_GPL(vxlan_fdb_clear_offload);
567
568 /* Replace destination of unicast mac */
569 static int vxlan_fdb_replace(struct vxlan_fdb *f,
570 union vxlan_addr *ip, __be16 port, __be32 vni,
571 __u32 ifindex, struct vxlan_rdst *oldrd)
572 {
573 struct vxlan_rdst *rd;
574
575 rd = vxlan_fdb_find_rdst(f, ip, port, vni, ifindex);
576 if (rd)
577 return 0;
578
579 rd = list_first_entry_or_null(&f->remotes, struct vxlan_rdst, list);
580 if (!rd)
581 return 0;
582
583 *oldrd = *rd;
584 dst_cache_reset(&rd->dst_cache);
585 rd->remote_ip = *ip;
586 rd->remote_port = port;
587 rd->remote_vni = vni;
588 rd->remote_ifindex = ifindex;
589 rd->offloaded = false;
590 return 1;
591 }
592
593 /* Add/update destinations for multicast */
594 static int vxlan_fdb_append(struct vxlan_fdb *f,
595 union vxlan_addr *ip, __be16 port, __be32 vni,
596 __u32 ifindex, struct vxlan_rdst **rdp)
597 {
598 struct vxlan_rdst *rd;
599
600 rd = vxlan_fdb_find_rdst(f, ip, port, vni, ifindex);
601 if (rd)
602 return 0;
603
604 rd = kmalloc(sizeof(*rd), GFP_ATOMIC);
605 if (rd == NULL)
606 return -ENOMEM;
607
608 if (dst_cache_init(&rd->dst_cache, GFP_ATOMIC)) {
609 kfree(rd);
610 return -ENOMEM;
611 }
612
613 rd->remote_ip = *ip;
614 rd->remote_port = port;
615 rd->offloaded = false;
616 rd->remote_vni = vni;
617 rd->remote_ifindex = ifindex;
618
619 list_add_tail_rcu(&rd->list, &f->remotes);
620
621 *rdp = rd;
622 return 1;
623 }
624
625 static bool vxlan_parse_gpe_proto(struct vxlanhdr *hdr, __be16 *protocol)
626 {
627 struct vxlanhdr_gpe *gpe = (struct vxlanhdr_gpe *)hdr;
628
629 /* Need to have Next Protocol set for interfaces in GPE mode. */
630 if (!gpe->np_applied)
631 return false;
632 /* "The initial version is 0. If a receiver does not support the
633 * version indicated it MUST drop the packet.
634 */
635 if (gpe->version != 0)
636 return false;
637 /* "When the O bit is set to 1, the packet is an OAM packet and OAM
638 * processing MUST occur." However, we don't implement OAM
639 * processing, thus drop the packet.
640 */
641 if (gpe->oam_flag)
642 return false;
643
644 *protocol = tun_p_to_eth_p(gpe->next_protocol);
645 if (!*protocol)
646 return false;
647
648 return true;
649 }
650
651 static struct vxlanhdr *vxlan_gro_remcsum(struct sk_buff *skb,
652 unsigned int off,
653 struct vxlanhdr *vh, size_t hdrlen,
654 __be32 vni_field,
655 struct gro_remcsum *grc,
656 bool nopartial)
657 {
658 size_t start, offset;
659
660 if (skb->remcsum_offload)
661 return vh;
662
663 if (!NAPI_GRO_CB(skb)->csum_valid)
664 return NULL;
665
666 start = vxlan_rco_start(vni_field);
667 offset = start + vxlan_rco_offset(vni_field);
668
669 vh = skb_gro_remcsum_process(skb, (void *)vh, off, hdrlen,
670 start, offset, grc, nopartial);
671
672 skb->remcsum_offload = 1;
673
674 return vh;
675 }
676
677 static struct vxlanhdr *vxlan_gro_prepare_receive(struct sock *sk,
678 struct list_head *head,
679 struct sk_buff *skb,
680 struct gro_remcsum *grc)
681 {
682 struct sk_buff *p;
683 struct vxlanhdr *vh, *vh2;
684 unsigned int hlen, off_vx;
685 struct vxlan_sock *vs = rcu_dereference_sk_user_data(sk);
686 __be32 flags;
687
688 skb_gro_remcsum_init(grc);
689
690 off_vx = skb_gro_offset(skb);
691 hlen = off_vx + sizeof(*vh);
692 vh = skb_gro_header(skb, hlen, off_vx);
693 if (unlikely(!vh))
694 return NULL;
695
696 skb_gro_postpull_rcsum(skb, vh, sizeof(struct vxlanhdr));
697
698 flags = vh->vx_flags;
699
700 if ((flags & VXLAN_HF_RCO) && (vs->flags & VXLAN_F_REMCSUM_RX)) {
701 vh = vxlan_gro_remcsum(skb, off_vx, vh, sizeof(struct vxlanhdr),
702 vh->vx_vni, grc,
703 !!(vs->flags &
704 VXLAN_F_REMCSUM_NOPARTIAL));
705
706 if (!vh)
707 return NULL;
708 }
709
710 skb_gro_pull(skb, sizeof(struct vxlanhdr)); /* pull vxlan header */
711
712 list_for_each_entry(p, head, list) {
713 if (!NAPI_GRO_CB(p)->same_flow)
714 continue;
715
716 vh2 = (struct vxlanhdr *)(p->data + off_vx);
717 if (vh->vx_flags != vh2->vx_flags ||
718 vh->vx_vni != vh2->vx_vni) {
719 NAPI_GRO_CB(p)->same_flow = 0;
720 continue;
721 }
722 }
723
724 return vh;
725 }
726
727 static struct sk_buff *vxlan_gro_receive(struct sock *sk,
728 struct list_head *head,
729 struct sk_buff *skb)
730 {
731 struct sk_buff *pp = NULL;
732 struct gro_remcsum grc;
733 int flush = 1;
734
735 if (vxlan_gro_prepare_receive(sk, head, skb, &grc)) {
736 pp = call_gro_receive(eth_gro_receive, head, skb);
737 flush = 0;
738 }
739 skb_gro_flush_final_remcsum(skb, pp, flush, &grc);
740 return pp;
741 }
742
743 static struct sk_buff *vxlan_gpe_gro_receive(struct sock *sk,
744 struct list_head *head,
745 struct sk_buff *skb)
746 {
747 const struct packet_offload *ptype;
748 struct sk_buff *pp = NULL;
749 struct gro_remcsum grc;
750 struct vxlanhdr *vh;
751 __be16 protocol;
752 int flush = 1;
753
754 vh = vxlan_gro_prepare_receive(sk, head, skb, &grc);
755 if (vh) {
756 if (!vxlan_parse_gpe_proto(vh, &protocol))
757 goto out;
758 ptype = gro_find_receive_by_type(protocol);
759 if (!ptype)
760 goto out;
761 pp = call_gro_receive(ptype->callbacks.gro_receive, head, skb);
762 flush = 0;
763 }
764 out:
765 skb_gro_flush_final_remcsum(skb, pp, flush, &grc);
766 return pp;
767 }
768
769 static int vxlan_gro_complete(struct sock *sk, struct sk_buff *skb, int nhoff)
770 {
771 /* Sets 'skb->inner_mac_header' since we are always called with
772 * 'skb->encapsulation' set.
773 */
774 return eth_gro_complete(skb, nhoff + sizeof(struct vxlanhdr));
775 }
776
777 static int vxlan_gpe_gro_complete(struct sock *sk, struct sk_buff *skb, int nhoff)
778 {
779 struct vxlanhdr *vh = (struct vxlanhdr *)(skb->data + nhoff);
780 const struct packet_offload *ptype;
781 int err = -ENOSYS;
782 __be16 protocol;
783
784 if (!vxlan_parse_gpe_proto(vh, &protocol))
785 return err;
786 ptype = gro_find_complete_by_type(protocol);
787 if (ptype)
788 err = ptype->callbacks.gro_complete(skb, nhoff + sizeof(struct vxlanhdr));
789 return err;
790 }
791
792 static struct vxlan_fdb *vxlan_fdb_alloc(struct vxlan_dev *vxlan, const u8 *mac,
793 __u16 state, __be32 src_vni,
794 __u16 ndm_flags)
795 {
796 struct vxlan_fdb *f;
797
798 f = kmalloc(sizeof(*f), GFP_ATOMIC);
799 if (!f)
800 return NULL;
801 f->state = state;
802 f->flags = ndm_flags;
803 f->updated = f->used = jiffies;
804 f->vni = src_vni;
805 f->nh = NULL;
806 RCU_INIT_POINTER(f->vdev, vxlan);
807 INIT_LIST_HEAD(&f->nh_list);
808 INIT_LIST_HEAD(&f->remotes);
809 memcpy(f->eth_addr, mac, ETH_ALEN);
810
811 return f;
812 }
813
814 static void vxlan_fdb_insert(struct vxlan_dev *vxlan, const u8 *mac,
815 __be32 src_vni, struct vxlan_fdb *f)
816 {
817 ++vxlan->addrcnt;
818 hlist_add_head_rcu(&f->hlist,
819 vxlan_fdb_head(vxlan, mac, src_vni));
820 }
821
822 static int vxlan_fdb_nh_update(struct vxlan_dev *vxlan, struct vxlan_fdb *fdb,
823 u32 nhid, struct netlink_ext_ack *extack)
824 {
825 struct nexthop *old_nh = rtnl_dereference(fdb->nh);
826 struct nexthop *nh;
827 int err = -EINVAL;
828
829 if (old_nh && old_nh->id == nhid)
830 return 0;
831
832 nh = nexthop_find_by_id(vxlan->net, nhid);
833 if (!nh) {
834 NL_SET_ERR_MSG(extack, "Nexthop id does not exist");
835 goto err_inval;
836 }
837
838 if (!nexthop_get(nh)) {
839 NL_SET_ERR_MSG(extack, "Nexthop has been deleted");
840 nh = NULL;
841 goto err_inval;
842 }
843 if (!nexthop_is_fdb(nh)) {
844 NL_SET_ERR_MSG(extack, "Nexthop is not a fdb nexthop");
845 goto err_inval;
846 }
847
848 if (!nexthop_is_multipath(nh)) {
849 NL_SET_ERR_MSG(extack, "Nexthop is not a multipath group");
850 goto err_inval;
851 }
852
853 /* check nexthop group family */
854 switch (vxlan->default_dst.remote_ip.sa.sa_family) {
855 case AF_INET:
856 if (!nexthop_has_v4(nh)) {
857 err = -EAFNOSUPPORT;
858 NL_SET_ERR_MSG(extack, "Nexthop group family not supported");
859 goto err_inval;
860 }
861 break;
862 case AF_INET6:
863 if (nexthop_has_v4(nh)) {
864 err = -EAFNOSUPPORT;
865 NL_SET_ERR_MSG(extack, "Nexthop group family not supported");
866 goto err_inval;
867 }
868 }
869
870 if (old_nh) {
871 list_del_rcu(&fdb->nh_list);
872 nexthop_put(old_nh);
873 }
874 rcu_assign_pointer(fdb->nh, nh);
875 list_add_tail_rcu(&fdb->nh_list, &nh->fdb_list);
876 return 1;
877
878 err_inval:
879 if (nh)
880 nexthop_put(nh);
881 return err;
882 }
883
884 int vxlan_fdb_create(struct vxlan_dev *vxlan,
885 const u8 *mac, union vxlan_addr *ip,
886 __u16 state, __be16 port, __be32 src_vni,
887 __be32 vni, __u32 ifindex, __u16 ndm_flags,
888 u32 nhid, struct vxlan_fdb **fdb,
889 struct netlink_ext_ack *extack)
890 {
891 struct vxlan_rdst *rd = NULL;
892 struct vxlan_fdb *f;
893 int rc;
894
895 if (vxlan->cfg.addrmax &&
896 vxlan->addrcnt >= vxlan->cfg.addrmax)
897 return -ENOSPC;
898
899 netdev_dbg(vxlan->dev, "add %pM -> %pIS\n", mac, ip);
900 f = vxlan_fdb_alloc(vxlan, mac, state, src_vni, ndm_flags);
901 if (!f)
902 return -ENOMEM;
903
904 if (nhid)
905 rc = vxlan_fdb_nh_update(vxlan, f, nhid, extack);
906 else
907 rc = vxlan_fdb_append(f, ip, port, vni, ifindex, &rd);
908 if (rc < 0)
909 goto errout;
910
911 *fdb = f;
912
913 return 0;
914
915 errout:
916 kfree(f);
917 return rc;
918 }
919
920 static void __vxlan_fdb_free(struct vxlan_fdb *f)
921 {
922 struct vxlan_rdst *rd, *nd;
923 struct nexthop *nh;
924
925 nh = rcu_dereference_raw(f->nh);
926 if (nh) {
927 rcu_assign_pointer(f->nh, NULL);
928 rcu_assign_pointer(f->vdev, NULL);
929 nexthop_put(nh);
930 }
931
932 list_for_each_entry_safe(rd, nd, &f->remotes, list) {
933 dst_cache_destroy(&rd->dst_cache);
934 kfree(rd);
935 }
936 kfree(f);
937 }
938
939 static void vxlan_fdb_free(struct rcu_head *head)
940 {
941 struct vxlan_fdb *f = container_of(head, struct vxlan_fdb, rcu);
942
943 __vxlan_fdb_free(f);
944 }
945
946 static void vxlan_fdb_destroy(struct vxlan_dev *vxlan, struct vxlan_fdb *f,
947 bool do_notify, bool swdev_notify)
948 {
949 struct vxlan_rdst *rd;
950
951 netdev_dbg(vxlan->dev, "delete %pM\n", f->eth_addr);
952
953 --vxlan->addrcnt;
954 if (do_notify) {
955 if (rcu_access_pointer(f->nh))
956 vxlan_fdb_notify(vxlan, f, NULL, RTM_DELNEIGH,
957 swdev_notify, NULL);
958 else
959 list_for_each_entry(rd, &f->remotes, list)
960 vxlan_fdb_notify(vxlan, f, rd, RTM_DELNEIGH,
961 swdev_notify, NULL);
962 }
963
964 hlist_del_rcu(&f->hlist);
965 list_del_rcu(&f->nh_list);
966 call_rcu(&f->rcu, vxlan_fdb_free);
967 }
968
969 static void vxlan_dst_free(struct rcu_head *head)
970 {
971 struct vxlan_rdst *rd = container_of(head, struct vxlan_rdst, rcu);
972
973 dst_cache_destroy(&rd->dst_cache);
974 kfree(rd);
975 }
976
977 static int vxlan_fdb_update_existing(struct vxlan_dev *vxlan,
978 union vxlan_addr *ip,
979 __u16 state, __u16 flags,
980 __be16 port, __be32 vni,
981 __u32 ifindex, __u16 ndm_flags,
982 struct vxlan_fdb *f, u32 nhid,
983 bool swdev_notify,
984 struct netlink_ext_ack *extack)
985 {
986 __u16 fdb_flags = (ndm_flags & ~NTF_USE);
987 struct vxlan_rdst *rd = NULL;
988 struct vxlan_rdst oldrd;
989 int notify = 0;
990 int rc = 0;
991 int err;
992
993 if (nhid && !rcu_access_pointer(f->nh)) {
994 NL_SET_ERR_MSG(extack,
995 "Cannot replace an existing non nexthop fdb with a nexthop");
996 return -EOPNOTSUPP;
997 }
998
999 if (nhid && (flags & NLM_F_APPEND)) {
1000 NL_SET_ERR_MSG(extack,
1001 "Cannot append to a nexthop fdb");
1002 return -EOPNOTSUPP;
1003 }
1004
1005 /* Do not allow an externally learned entry to take over an entry added
1006 * by the user.
1007 */
1008 if (!(fdb_flags & NTF_EXT_LEARNED) ||
1009 !(f->flags & NTF_VXLAN_ADDED_BY_USER)) {
1010 if (f->state != state) {
1011 f->state = state;
1012 f->updated = jiffies;
1013 notify = 1;
1014 }
1015 if (f->flags != fdb_flags) {
1016 f->flags = fdb_flags;
1017 f->updated = jiffies;
1018 notify = 1;
1019 }
1020 }
1021
1022 if ((flags & NLM_F_REPLACE)) {
1023 /* Only change unicasts */
1024 if (!(is_multicast_ether_addr(f->eth_addr) ||
1025 is_zero_ether_addr(f->eth_addr))) {
1026 if (nhid) {
1027 rc = vxlan_fdb_nh_update(vxlan, f, nhid, extack);
1028 if (rc < 0)
1029 return rc;
1030 } else {
1031 rc = vxlan_fdb_replace(f, ip, port, vni,
1032 ifindex, &oldrd);
1033 }
1034 notify |= rc;
1035 } else {
1036 NL_SET_ERR_MSG(extack, "Cannot replace non-unicast fdb entries");
1037 return -EOPNOTSUPP;
1038 }
1039 }
1040 if ((flags & NLM_F_APPEND) &&
1041 (is_multicast_ether_addr(f->eth_addr) ||
1042 is_zero_ether_addr(f->eth_addr))) {
1043 rc = vxlan_fdb_append(f, ip, port, vni, ifindex, &rd);
1044
1045 if (rc < 0)
1046 return rc;
1047 notify |= rc;
1048 }
1049
1050 if (ndm_flags & NTF_USE)
1051 f->used = jiffies;
1052
1053 if (notify) {
1054 if (rd == NULL)
1055 rd = first_remote_rtnl(f);
1056
1057 err = vxlan_fdb_notify(vxlan, f, rd, RTM_NEWNEIGH,
1058 swdev_notify, extack);
1059 if (err)
1060 goto err_notify;
1061 }
1062
1063 return 0;
1064
1065 err_notify:
1066 if (nhid)
1067 return err;
1068 if ((flags & NLM_F_REPLACE) && rc)
1069 *rd = oldrd;
1070 else if ((flags & NLM_F_APPEND) && rc) {
1071 list_del_rcu(&rd->list);
1072 call_rcu(&rd->rcu, vxlan_dst_free);
1073 }
1074 return err;
1075 }
1076
1077 static int vxlan_fdb_update_create(struct vxlan_dev *vxlan,
1078 const u8 *mac, union vxlan_addr *ip,
1079 __u16 state, __u16 flags,
1080 __be16 port, __be32 src_vni, __be32 vni,
1081 __u32 ifindex, __u16 ndm_flags, u32 nhid,
1082 bool swdev_notify,
1083 struct netlink_ext_ack *extack)
1084 {
1085 __u16 fdb_flags = (ndm_flags & ~NTF_USE);
1086 struct vxlan_fdb *f;
1087 int rc;
1088
1089 /* Disallow replace to add a multicast entry */
1090 if ((flags & NLM_F_REPLACE) &&
1091 (is_multicast_ether_addr(mac) || is_zero_ether_addr(mac)))
1092 return -EOPNOTSUPP;
1093
1094 netdev_dbg(vxlan->dev, "add %pM -> %pIS\n", mac, ip);
1095 rc = vxlan_fdb_create(vxlan, mac, ip, state, port, src_vni,
1096 vni, ifindex, fdb_flags, nhid, &f, extack);
1097 if (rc < 0)
1098 return rc;
1099
1100 vxlan_fdb_insert(vxlan, mac, src_vni, f);
1101 rc = vxlan_fdb_notify(vxlan, f, first_remote_rtnl(f), RTM_NEWNEIGH,
1102 swdev_notify, extack);
1103 if (rc)
1104 goto err_notify;
1105
1106 return 0;
1107
1108 err_notify:
1109 vxlan_fdb_destroy(vxlan, f, false, false);
1110 return rc;
1111 }
1112
1113 /* Add new entry to forwarding table -- assumes lock held */
1114 int vxlan_fdb_update(struct vxlan_dev *vxlan,
1115 const u8 *mac, union vxlan_addr *ip,
1116 __u16 state, __u16 flags,
1117 __be16 port, __be32 src_vni, __be32 vni,
1118 __u32 ifindex, __u16 ndm_flags, u32 nhid,
1119 bool swdev_notify,
1120 struct netlink_ext_ack *extack)
1121 {
1122 struct vxlan_fdb *f;
1123
1124 f = __vxlan_find_mac(vxlan, mac, src_vni);
1125 if (f) {
1126 if (flags & NLM_F_EXCL) {
1127 netdev_dbg(vxlan->dev,
1128 "lost race to create %pM\n", mac);
1129 return -EEXIST;
1130 }
1131
1132 return vxlan_fdb_update_existing(vxlan, ip, state, flags, port,
1133 vni, ifindex, ndm_flags, f,
1134 nhid, swdev_notify, extack);
1135 } else {
1136 if (!(flags & NLM_F_CREATE))
1137 return -ENOENT;
1138
1139 return vxlan_fdb_update_create(vxlan, mac, ip, state, flags,
1140 port, src_vni, vni, ifindex,
1141 ndm_flags, nhid, swdev_notify,
1142 extack);
1143 }
1144 }
1145
1146 static void vxlan_fdb_dst_destroy(struct vxlan_dev *vxlan, struct vxlan_fdb *f,
1147 struct vxlan_rdst *rd, bool swdev_notify)
1148 {
1149 list_del_rcu(&rd->list);
1150 vxlan_fdb_notify(vxlan, f, rd, RTM_DELNEIGH, swdev_notify, NULL);
1151 call_rcu(&rd->rcu, vxlan_dst_free);
1152 }
1153
1154 static int vxlan_fdb_parse(struct nlattr *tb[], struct vxlan_dev *vxlan,
1155 union vxlan_addr *ip, __be16 *port, __be32 *src_vni,
1156 __be32 *vni, u32 *ifindex, u32 *nhid,
1157 struct netlink_ext_ack *extack)
1158 {
1159 struct net *net = dev_net(vxlan->dev);
1160 int err;
1161
1162 if (tb[NDA_NH_ID] &&
1163 (tb[NDA_DST] || tb[NDA_VNI] || tb[NDA_IFINDEX] || tb[NDA_PORT])) {
1164 NL_SET_ERR_MSG(extack, "DST, VNI, ifindex and port are mutually exclusive with NH_ID");
1165 return -EINVAL;
1166 }
1167
1168 if (tb[NDA_DST]) {
1169 err = vxlan_nla_get_addr(ip, tb[NDA_DST]);
1170 if (err) {
1171 NL_SET_ERR_MSG(extack, "Unsupported address family");
1172 return err;
1173 }
1174 } else {
1175 union vxlan_addr *remote = &vxlan->default_dst.remote_ip;
1176
1177 if (remote->sa.sa_family == AF_INET) {
1178 ip->sin.sin_addr.s_addr = htonl(INADDR_ANY);
1179 ip->sa.sa_family = AF_INET;
1180 #if IS_ENABLED(CONFIG_IPV6)
1181 } else {
1182 ip->sin6.sin6_addr = in6addr_any;
1183 ip->sa.sa_family = AF_INET6;
1184 #endif
1185 }
1186 }
1187
1188 if (tb[NDA_PORT]) {
1189 if (nla_len(tb[NDA_PORT]) != sizeof(__be16)) {
1190 NL_SET_ERR_MSG(extack, "Invalid vxlan port");
1191 return -EINVAL;
1192 }
1193 *port = nla_get_be16(tb[NDA_PORT]);
1194 } else {
1195 *port = vxlan->cfg.dst_port;
1196 }
1197
1198 if (tb[NDA_VNI]) {
1199 if (nla_len(tb[NDA_VNI]) != sizeof(u32)) {
1200 NL_SET_ERR_MSG(extack, "Invalid vni");
1201 return -EINVAL;
1202 }
1203 *vni = cpu_to_be32(nla_get_u32(tb[NDA_VNI]));
1204 } else {
1205 *vni = vxlan->default_dst.remote_vni;
1206 }
1207
1208 if (tb[NDA_SRC_VNI]) {
1209 if (nla_len(tb[NDA_SRC_VNI]) != sizeof(u32)) {
1210 NL_SET_ERR_MSG(extack, "Invalid src vni");
1211 return -EINVAL;
1212 }
1213 *src_vni = cpu_to_be32(nla_get_u32(tb[NDA_SRC_VNI]));
1214 } else {
1215 *src_vni = vxlan->default_dst.remote_vni;
1216 }
1217
1218 if (tb[NDA_IFINDEX]) {
1219 struct net_device *tdev;
1220
1221 if (nla_len(tb[NDA_IFINDEX]) != sizeof(u32)) {
1222 NL_SET_ERR_MSG(extack, "Invalid ifindex");
1223 return -EINVAL;
1224 }
1225 *ifindex = nla_get_u32(tb[NDA_IFINDEX]);
1226 tdev = __dev_get_by_index(net, *ifindex);
1227 if (!tdev) {
1228 NL_SET_ERR_MSG(extack, "Device not found");
1229 return -EADDRNOTAVAIL;
1230 }
1231 } else {
1232 *ifindex = 0;
1233 }
1234
1235 *nhid = nla_get_u32_default(tb[NDA_NH_ID], 0);
1236
1237 return 0;
1238 }
1239
1240 /* Add static entry (via netlink) */
1241 static int vxlan_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
1242 struct net_device *dev,
1243 const unsigned char *addr, u16 vid, u16 flags,
1244 bool *notified, struct netlink_ext_ack *extack)
1245 {
1246 struct vxlan_dev *vxlan = netdev_priv(dev);
1247 /* struct net *net = dev_net(vxlan->dev); */
1248 union vxlan_addr ip;
1249 __be16 port;
1250 __be32 src_vni, vni;
1251 u32 ifindex, nhid;
1252 u32 hash_index;
1253 int err;
1254
1255 if (!(ndm->ndm_state & (NUD_PERMANENT|NUD_REACHABLE))) {
1256 pr_info("RTM_NEWNEIGH with invalid state %#x\n",
1257 ndm->ndm_state);
1258 return -EINVAL;
1259 }
1260
1261 if (!tb || (!tb[NDA_DST] && !tb[NDA_NH_ID]))
1262 return -EINVAL;
1263
1264 err = vxlan_fdb_parse(tb, vxlan, &ip, &port, &src_vni, &vni, &ifindex,
1265 &nhid, extack);
1266 if (err)
1267 return err;
1268
1269 if (vxlan->default_dst.remote_ip.sa.sa_family != ip.sa.sa_family)
1270 return -EAFNOSUPPORT;
1271
1272 hash_index = fdb_head_index(vxlan, addr, src_vni);
1273 spin_lock_bh(&vxlan->hash_lock[hash_index]);
1274 err = vxlan_fdb_update(vxlan, addr, &ip, ndm->ndm_state, flags,
1275 port, src_vni, vni, ifindex,
1276 ndm->ndm_flags | NTF_VXLAN_ADDED_BY_USER,
1277 nhid, true, extack);
1278 spin_unlock_bh(&vxlan->hash_lock[hash_index]);
1279
1280 if (!err)
1281 *notified = true;
1282
1283 return err;
1284 }
1285
1286 int __vxlan_fdb_delete(struct vxlan_dev *vxlan,
1287 const unsigned char *addr, union vxlan_addr ip,
1288 __be16 port, __be32 src_vni, __be32 vni,
1289 u32 ifindex, bool swdev_notify)
1290 {
1291 struct vxlan_rdst *rd = NULL;
1292 struct vxlan_fdb *f;
1293 int err = -ENOENT;
1294
1295 f = vxlan_find_mac(vxlan, addr, src_vni);
1296 if (!f)
1297 return err;
1298
1299 if (!vxlan_addr_any(&ip)) {
1300 rd = vxlan_fdb_find_rdst(f, &ip, port, vni, ifindex);
1301 if (!rd)
1302 goto out;
1303 }
1304
1305 /* remove a destination if it's not the only one on the list,
1306 * otherwise destroy the fdb entry
1307 */
1308 if (rd && !list_is_singular(&f->remotes)) {
1309 vxlan_fdb_dst_destroy(vxlan, f, rd, swdev_notify);
1310 goto out;
1311 }
1312
1313 vxlan_fdb_destroy(vxlan, f, true, swdev_notify);
1314
1315 out:
1316 return 0;
1317 }
1318
1319 /* Delete entry (via netlink) */
1320 static int vxlan_fdb_delete(struct ndmsg *ndm, struct nlattr *tb[],
1321 struct net_device *dev,
1322 const unsigned char *addr, u16 vid, bool *notified,
1323 struct netlink_ext_ack *extack)
1324 {
1325 struct vxlan_dev *vxlan = netdev_priv(dev);
1326 union vxlan_addr ip;
1327 __be32 src_vni, vni;
1328 u32 ifindex, nhid;
1329 u32 hash_index;
1330 __be16 port;
1331 int err;
1332
1333 err = vxlan_fdb_parse(tb, vxlan, &ip, &port, &src_vni, &vni, &ifindex,
1334 &nhid, extack);
1335 if (err)
1336 return err;
1337
1338 hash_index = fdb_head_index(vxlan, addr, src_vni);
1339 spin_lock_bh(&vxlan->hash_lock[hash_index]);
1340 err = __vxlan_fdb_delete(vxlan, addr, ip, port, src_vni, vni, ifindex,
1341 true);
1342 spin_unlock_bh(&vxlan->hash_lock[hash_index]);
1343
1344 if (!err)
1345 *notified = true;
1346
1347 return err;
1348 }
1349
1350 /* Dump forwarding table */
1351 static int vxlan_fdb_dump(struct sk_buff *skb, struct netlink_callback *cb,
1352 struct net_device *dev,
1353 struct net_device *filter_dev, int *idx)
1354 {
1355 struct vxlan_dev *vxlan = netdev_priv(dev);
1356 unsigned int h;
1357 int err = 0;
1358
1359 for (h = 0; h < FDB_HASH_SIZE; ++h) {
1360 struct vxlan_fdb *f;
1361
1362 rcu_read_lock();
1363 hlist_for_each_entry_rcu(f, &vxlan->fdb_head[h], hlist) {
1364 struct vxlan_rdst *rd;
1365
1366 if (rcu_access_pointer(f->nh)) {
1367 if (*idx < cb->args[2])
1368 goto skip_nh;
1369 err = vxlan_fdb_info(skb, vxlan, f,
1370 NETLINK_CB(cb->skb).portid,
1371 cb->nlh->nlmsg_seq,
1372 RTM_NEWNEIGH,
1373 NLM_F_MULTI, NULL);
1374 if (err < 0) {
1375 rcu_read_unlock();
1376 goto out;
1377 }
1378 skip_nh:
1379 *idx += 1;
1380 continue;
1381 }
1382
1383 list_for_each_entry_rcu(rd, &f->remotes, list) {
1384 if (*idx < cb->args[2])
1385 goto skip;
1386
1387 err = vxlan_fdb_info(skb, vxlan, f,
1388 NETLINK_CB(cb->skb).portid,
1389 cb->nlh->nlmsg_seq,
1390 RTM_NEWNEIGH,
1391 NLM_F_MULTI, rd);
1392 if (err < 0) {
1393 rcu_read_unlock();
1394 goto out;
1395 }
1396 skip:
1397 *idx += 1;
1398 }
1399 }
1400 rcu_read_unlock();
1401 }
1402 out:
1403 return err;
1404 }
1405
1406 static int vxlan_fdb_get(struct sk_buff *skb,
1407 struct nlattr *tb[],
1408 struct net_device *dev,
1409 const unsigned char *addr,
1410 u16 vid, u32 portid, u32 seq,
1411 struct netlink_ext_ack *extack)
1412 {
1413 struct vxlan_dev *vxlan = netdev_priv(dev);
1414 struct vxlan_fdb *f;
1415 __be32 vni;
1416 int err;
1417
1418 if (tb[NDA_VNI])
1419 vni = cpu_to_be32(nla_get_u32(tb[NDA_VNI]));
1420 else
1421 vni = vxlan->default_dst.remote_vni;
1422
1423 rcu_read_lock();
1424
1425 f = __vxlan_find_mac(vxlan, addr, vni);
1426 if (!f) {
1427 NL_SET_ERR_MSG(extack, "Fdb entry not found");
1428 err = -ENOENT;
1429 goto errout;
1430 }
1431
1432 err = vxlan_fdb_info(skb, vxlan, f, portid, seq,
1433 RTM_NEWNEIGH, 0, first_remote_rcu(f));
1434 errout:
1435 rcu_read_unlock();
1436 return err;
1437 }
1438
1439 /* Watch incoming packets to learn mapping between Ethernet address
1440 * and Tunnel endpoint.
1441 */
1442 static enum skb_drop_reason vxlan_snoop(struct net_device *dev,
1443 union vxlan_addr *src_ip,
1444 const u8 *src_mac, u32 src_ifindex,
1445 __be32 vni)
1446 {
1447 struct vxlan_dev *vxlan = netdev_priv(dev);
1448 struct vxlan_fdb *f;
1449 u32 ifindex = 0;
1450
1451 /* Ignore packets from invalid src-address */
1452 if (!is_valid_ether_addr(src_mac))
1453 return SKB_DROP_REASON_MAC_INVALID_SOURCE;
1454
1455 #if IS_ENABLED(CONFIG_IPV6)
1456 if (src_ip->sa.sa_family == AF_INET6 &&
1457 (ipv6_addr_type(&src_ip->sin6.sin6_addr) & IPV6_ADDR_LINKLOCAL))
1458 ifindex = src_ifindex;
1459 #endif
1460
1461 f = vxlan_find_mac(vxlan, src_mac, vni);
1462 if (likely(f)) {
1463 struct vxlan_rdst *rdst = first_remote_rcu(f);
1464
1465 if (likely(vxlan_addr_equal(&rdst->remote_ip, src_ip) &&
1466 rdst->remote_ifindex == ifindex))
1467 return SKB_NOT_DROPPED_YET;
1468
1469 /* Don't migrate static entries, drop packets */
1470 if (f->state & (NUD_PERMANENT | NUD_NOARP))
1471 return SKB_DROP_REASON_VXLAN_ENTRY_EXISTS;
1472
1473 /* Don't override an fdb with nexthop with a learnt entry */
1474 if (rcu_access_pointer(f->nh))
1475 return SKB_DROP_REASON_VXLAN_ENTRY_EXISTS;
1476
1477 if (net_ratelimit())
1478 netdev_info(dev,
1479 "%pM migrated from %pIS to %pIS\n",
1480 src_mac, &rdst->remote_ip.sa, &src_ip->sa);
1481
1482 rdst->remote_ip = *src_ip;
1483 f->updated = jiffies;
1484 vxlan_fdb_notify(vxlan, f, rdst, RTM_NEWNEIGH, true, NULL);
1485 } else {
1486 u32 hash_index = fdb_head_index(vxlan, src_mac, vni);
1487
1488 /* learned new entry */
1489 spin_lock(&vxlan->hash_lock[hash_index]);
1490
1491 /* close off race between vxlan_flush and incoming packets */
1492 if (netif_running(dev))
1493 vxlan_fdb_update(vxlan, src_mac, src_ip,
1494 NUD_REACHABLE,
1495 NLM_F_EXCL|NLM_F_CREATE,
1496 vxlan->cfg.dst_port,
1497 vni,
1498 vxlan->default_dst.remote_vni,
1499 ifindex, NTF_SELF, 0, true, NULL);
1500 spin_unlock(&vxlan->hash_lock[hash_index]);
1501 }
1502
1503 return SKB_NOT_DROPPED_YET;
1504 }
1505
1506 static bool __vxlan_sock_release_prep(struct vxlan_sock *vs)
1507 {
1508 struct vxlan_net *vn;
1509
1510 if (!vs)
1511 return false;
1512 if (!refcount_dec_and_test(&vs->refcnt))
1513 return false;
1514
1515 vn = net_generic(sock_net(vs->sock->sk), vxlan_net_id);
1516 spin_lock(&vn->sock_lock);
1517 hlist_del_rcu(&vs->hlist);
1518 udp_tunnel_notify_del_rx_port(vs->sock,
1519 (vs->flags & VXLAN_F_GPE) ?
1520 UDP_TUNNEL_TYPE_VXLAN_GPE :
1521 UDP_TUNNEL_TYPE_VXLAN);
1522 spin_unlock(&vn->sock_lock);
1523
1524 return true;
1525 }
1526
1527 static void vxlan_sock_release(struct vxlan_dev *vxlan)
1528 {
1529 struct vxlan_sock *sock4 = rtnl_dereference(vxlan->vn4_sock);
1530 #if IS_ENABLED(CONFIG_IPV6)
1531 struct vxlan_sock *sock6 = rtnl_dereference(vxlan->vn6_sock);
1532
1533 RCU_INIT_POINTER(vxlan->vn6_sock, NULL);
1534 #endif
1535
1536 RCU_INIT_POINTER(vxlan->vn4_sock, NULL);
1537 synchronize_net();
1538
1539 if (vxlan->cfg.flags & VXLAN_F_VNIFILTER)
1540 vxlan_vs_del_vnigrp(vxlan);
1541 else
1542 vxlan_vs_del_dev(vxlan);
1543
1544 if (__vxlan_sock_release_prep(sock4)) {
1545 udp_tunnel_sock_release(sock4->sock);
1546 kfree(sock4);
1547 }
1548
1549 #if IS_ENABLED(CONFIG_IPV6)
1550 if (__vxlan_sock_release_prep(sock6)) {
1551 udp_tunnel_sock_release(sock6->sock);
1552 kfree(sock6);
1553 }
1554 #endif
1555 }
1556
1557 static enum skb_drop_reason vxlan_remcsum(struct vxlanhdr *unparsed,
1558 struct sk_buff *skb,
1559 u32 vxflags)
1560 {
1561 enum skb_drop_reason reason;
1562 size_t start, offset;
1563
1564 if (!(unparsed->vx_flags & VXLAN_HF_RCO) || skb->remcsum_offload)
1565 goto out;
1566
1567 start = vxlan_rco_start(unparsed->vx_vni);
1568 offset = start + vxlan_rco_offset(unparsed->vx_vni);
1569
1570 reason = pskb_may_pull_reason(skb, offset + sizeof(u16));
1571 if (reason)
1572 return reason;
1573
1574 skb_remcsum_process(skb, (void *)(vxlan_hdr(skb) + 1), start, offset,
1575 !!(vxflags & VXLAN_F_REMCSUM_NOPARTIAL));
1576 out:
1577 unparsed->vx_flags &= ~VXLAN_HF_RCO;
1578 unparsed->vx_vni &= VXLAN_VNI_MASK;
1579
1580 return SKB_NOT_DROPPED_YET;
1581 }
1582
1583 static void vxlan_parse_gbp_hdr(struct vxlanhdr *unparsed,
1584 struct sk_buff *skb, u32 vxflags,
1585 struct vxlan_metadata *md)
1586 {
1587 struct vxlanhdr_gbp *gbp = (struct vxlanhdr_gbp *)unparsed;
1588 struct metadata_dst *tun_dst;
1589
1590 if (!(unparsed->vx_flags & VXLAN_HF_GBP))
1591 goto out;
1592
1593 md->gbp = ntohs(gbp->policy_id);
1594
1595 tun_dst = (struct metadata_dst *)skb_dst(skb);
1596 if (tun_dst) {
1597 __set_bit(IP_TUNNEL_VXLAN_OPT_BIT,
1598 tun_dst->u.tun_info.key.tun_flags);
1599 tun_dst->u.tun_info.options_len = sizeof(*md);
1600 }
1601 if (gbp->dont_learn)
1602 md->gbp |= VXLAN_GBP_DONT_LEARN;
1603
1604 if (gbp->policy_applied)
1605 md->gbp |= VXLAN_GBP_POLICY_APPLIED;
1606
1607 /* In flow-based mode, GBP is carried in dst_metadata */
1608 if (!(vxflags & VXLAN_F_COLLECT_METADATA))
1609 skb->mark = md->gbp;
1610 out:
1611 unparsed->vx_flags &= ~VXLAN_GBP_USED_BITS;
1612 }
1613
1614 static enum skb_drop_reason vxlan_set_mac(struct vxlan_dev *vxlan,
1615 struct vxlan_sock *vs,
1616 struct sk_buff *skb, __be32 vni)
1617 {
1618 union vxlan_addr saddr;
1619 u32 ifindex = skb->dev->ifindex;
1620
1621 skb_reset_mac_header(skb);
1622 skb->protocol = eth_type_trans(skb, vxlan->dev);
1623 skb_postpull_rcsum(skb, eth_hdr(skb), ETH_HLEN);
1624
1625 /* Ignore packet loops (and multicast echo) */
1626 if (ether_addr_equal(eth_hdr(skb)->h_source, vxlan->dev->dev_addr))
1627 return SKB_DROP_REASON_LOCAL_MAC;
1628
1629 /* Get address from the outer IP header */
1630 if (vxlan_get_sk_family(vs) == AF_INET) {
1631 saddr.sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
1632 saddr.sa.sa_family = AF_INET;
1633 #if IS_ENABLED(CONFIG_IPV6)
1634 } else {
1635 saddr.sin6.sin6_addr = ipv6_hdr(skb)->saddr;
1636 saddr.sa.sa_family = AF_INET6;
1637 #endif
1638 }
1639
1640 if (!(vxlan->cfg.flags & VXLAN_F_LEARN))
1641 return SKB_NOT_DROPPED_YET;
1642
1643 return vxlan_snoop(skb->dev, &saddr, eth_hdr(skb)->h_source,
1644 ifindex, vni);
1645 }
1646
1647 static bool vxlan_ecn_decapsulate(struct vxlan_sock *vs, void *oiph,
1648 struct sk_buff *skb)
1649 {
1650 int err = 0;
1651
1652 if (vxlan_get_sk_family(vs) == AF_INET)
1653 err = IP_ECN_decapsulate(oiph, skb);
1654 #if IS_ENABLED(CONFIG_IPV6)
1655 else
1656 err = IP6_ECN_decapsulate(oiph, skb);
1657 #endif
1658
1659 if (unlikely(err) && log_ecn_error) {
1660 if (vxlan_get_sk_family(vs) == AF_INET)
1661 net_info_ratelimited("non-ECT from %pI4 with TOS=%#x\n",
1662 &((struct iphdr *)oiph)->saddr,
1663 ((struct iphdr *)oiph)->tos);
1664 else
1665 net_info_ratelimited("non-ECT from %pI6\n",
1666 &((struct ipv6hdr *)oiph)->saddr);
1667 }
1668 return err <= 1;
1669 }
1670
1671 /* Callback from net/ipv4/udp.c to receive packets */
1672 static int vxlan_rcv(struct sock *sk, struct sk_buff *skb)
1673 {
1674 struct vxlan_vni_node *vninode = NULL;
1675 struct vxlan_dev *vxlan;
1676 struct vxlan_sock *vs;
1677 struct vxlanhdr unparsed;
1678 struct vxlan_metadata _md;
1679 struct vxlan_metadata *md = &_md;
1680 __be16 protocol = htons(ETH_P_TEB);
1681 enum skb_drop_reason reason;
1682 bool raw_proto = false;
1683 void *oiph;
1684 __be32 vni = 0;
1685 int nh;
1686
1687 /* Need UDP and VXLAN header to be present */
1688 reason = pskb_may_pull_reason(skb, VXLAN_HLEN);
1689 if (reason)
1690 goto drop;
1691
1692 unparsed = *vxlan_hdr(skb);
1693 /* VNI flag always required to be set */
1694 if (!(unparsed.vx_flags & VXLAN_HF_VNI)) {
1695 netdev_dbg(skb->dev, "invalid vxlan flags=%#x vni=%#x\n",
1696 ntohl(vxlan_hdr(skb)->vx_flags),
1697 ntohl(vxlan_hdr(skb)->vx_vni));
1698 reason = SKB_DROP_REASON_VXLAN_INVALID_HDR;
1699 /* Return non vxlan pkt */
1700 goto drop;
1701 }
1702 unparsed.vx_flags &= ~VXLAN_HF_VNI;
1703 unparsed.vx_vni &= ~VXLAN_VNI_MASK;
1704
1705 vs = rcu_dereference_sk_user_data(sk);
1706 if (!vs)
1707 goto drop;
1708
1709 vni = vxlan_vni(vxlan_hdr(skb)->vx_vni);
1710
1711 vxlan = vxlan_vs_find_vni(vs, skb->dev->ifindex, vni, &vninode);
1712 if (!vxlan) {
1713 reason = SKB_DROP_REASON_VXLAN_VNI_NOT_FOUND;
1714 goto drop;
1715 }
1716
1717 /* For backwards compatibility, only allow reserved fields to be
1718 * used by VXLAN extensions if explicitly requested.
1719 */
1720 if (vs->flags & VXLAN_F_GPE) {
1721 if (!vxlan_parse_gpe_proto(&unparsed, &protocol))
1722 goto drop;
1723 unparsed.vx_flags &= ~VXLAN_GPE_USED_BITS;
1724 raw_proto = true;
1725 }
1726
1727 if (__iptunnel_pull_header(skb, VXLAN_HLEN, protocol, raw_proto,
1728 !net_eq(vxlan->net, dev_net(vxlan->dev)))) {
1729 reason = SKB_DROP_REASON_NOMEM;
1730 goto drop;
1731 }
1732
1733 if (vs->flags & VXLAN_F_REMCSUM_RX) {
1734 reason = vxlan_remcsum(&unparsed, skb, vs->flags);
1735 if (unlikely(reason))
1736 goto drop;
1737 }
1738
1739 if (vxlan_collect_metadata(vs)) {
1740 IP_TUNNEL_DECLARE_FLAGS(flags) = { };
1741 struct metadata_dst *tun_dst;
1742
1743 __set_bit(IP_TUNNEL_KEY_BIT, flags);
1744 tun_dst = udp_tun_rx_dst(skb, vxlan_get_sk_family(vs), flags,
1745 key32_to_tunnel_id(vni), sizeof(*md));
1746
1747 if (!tun_dst) {
1748 reason = SKB_DROP_REASON_NOMEM;
1749 goto drop;
1750 }
1751
1752 md = ip_tunnel_info_opts(&tun_dst->u.tun_info);
1753
1754 skb_dst_set(skb, (struct dst_entry *)tun_dst);
1755 } else {
1756 memset(md, 0, sizeof(*md));
1757 }
1758
1759 if (vs->flags & VXLAN_F_GBP)
1760 vxlan_parse_gbp_hdr(&unparsed, skb, vs->flags, md);
1761 /* Note that GBP and GPE can never be active together. This is
1762 * ensured in vxlan_dev_configure.
1763 */
1764
1765 if (unparsed.vx_flags || unparsed.vx_vni) {
1766 /* If there are any unprocessed flags remaining treat
1767 * this as a malformed packet. This behavior diverges from
1768 * VXLAN RFC (RFC7348) which stipulates that bits in reserved
1769 * in reserved fields are to be ignored. The approach here
1770 * maintains compatibility with previous stack code, and also
1771 * is more robust and provides a little more security in
1772 * adding extensions to VXLAN.
1773 */
1774 reason = SKB_DROP_REASON_VXLAN_INVALID_HDR;
1775 goto drop;
1776 }
1777
1778 if (!raw_proto) {
1779 reason = vxlan_set_mac(vxlan, vs, skb, vni);
1780 if (reason)
1781 goto drop;
1782 } else {
1783 skb_reset_mac_header(skb);
1784 skb->dev = vxlan->dev;
1785 skb->pkt_type = PACKET_HOST;
1786 }
1787
1788 /* Save offset of outer header relative to skb->head,
1789 * because we are going to reset the network header to the inner header
1790 * and might change skb->head.
1791 */
1792 nh = skb_network_header(skb) - skb->head;
1793
1794 skb_reset_network_header(skb);
1795
1796 reason = pskb_inet_may_pull_reason(skb);
1797 if (reason) {
1798 DEV_STATS_INC(vxlan->dev, rx_length_errors);
1799 DEV_STATS_INC(vxlan->dev, rx_errors);
1800 vxlan_vnifilter_count(vxlan, vni, vninode,
1801 VXLAN_VNI_STATS_RX_ERRORS, 0);
1802 goto drop;
1803 }
1804
1805 /* Get the outer header. */
1806 oiph = skb->head + nh;
1807
1808 if (!vxlan_ecn_decapsulate(vs, oiph, skb)) {
1809 reason = SKB_DROP_REASON_IP_TUNNEL_ECN;
1810 DEV_STATS_INC(vxlan->dev, rx_frame_errors);
1811 DEV_STATS_INC(vxlan->dev, rx_errors);
1812 vxlan_vnifilter_count(vxlan, vni, vninode,
1813 VXLAN_VNI_STATS_RX_ERRORS, 0);
1814 goto drop;
1815 }
1816
1817 rcu_read_lock();
1818
1819 if (unlikely(!(vxlan->dev->flags & IFF_UP))) {
1820 rcu_read_unlock();
1821 dev_core_stats_rx_dropped_inc(vxlan->dev);
1822 vxlan_vnifilter_count(vxlan, vni, vninode,
1823 VXLAN_VNI_STATS_RX_DROPS, 0);
1824 reason = SKB_DROP_REASON_DEV_READY;
1825 goto drop;
1826 }
1827
1828 dev_sw_netstats_rx_add(vxlan->dev, skb->len);
1829 vxlan_vnifilter_count(vxlan, vni, vninode, VXLAN_VNI_STATS_RX, skb->len);
1830 gro_cells_receive(&vxlan->gro_cells, skb);
1831
1832 rcu_read_unlock();
1833
1834 return 0;
1835
1836 drop:
1837 reason = reason ?: SKB_DROP_REASON_NOT_SPECIFIED;
1838 /* Consume bad packet */
1839 kfree_skb_reason(skb, reason);
1840 return 0;
1841 }
1842
1843 /* Callback from net/ipv{4,6}/udp.c to check that we have a VNI for errors */
1844 static int vxlan_err_lookup(struct sock *sk, struct sk_buff *skb)
1845 {
1846 struct vxlan_dev *vxlan;
1847 struct vxlan_sock *vs;
1848 struct vxlanhdr *hdr;
1849 __be32 vni;
1850
1851 if (!pskb_may_pull(skb, skb_transport_offset(skb) + VXLAN_HLEN))
1852 return -EINVAL;
1853
1854 hdr = vxlan_hdr(skb);
1855
1856 if (!(hdr->vx_flags & VXLAN_HF_VNI))
1857 return -EINVAL;
1858
1859 vs = rcu_dereference_sk_user_data(sk);
1860 if (!vs)
1861 return -ENOENT;
1862
1863 vni = vxlan_vni(hdr->vx_vni);
1864 vxlan = vxlan_vs_find_vni(vs, skb->dev->ifindex, vni, NULL);
1865 if (!vxlan)
1866 return -ENOENT;
1867
1868 return 0;
1869 }
1870
1871 static int arp_reduce(struct net_device *dev, struct sk_buff *skb, __be32 vni)
1872 {
1873 struct vxlan_dev *vxlan = netdev_priv(dev);
1874 struct arphdr *parp;
1875 u8 *arpptr, *sha;
1876 __be32 sip, tip;
1877 struct neighbour *n;
1878
1879 if (dev->flags & IFF_NOARP)
1880 goto out;
1881
1882 if (!pskb_may_pull(skb, arp_hdr_len(dev))) {
1883 dev_core_stats_tx_dropped_inc(dev);
1884 vxlan_vnifilter_count(vxlan, vni, NULL,
1885 VXLAN_VNI_STATS_TX_DROPS, 0);
1886 goto out;
1887 }
1888 parp = arp_hdr(skb);
1889
1890 if ((parp->ar_hrd != htons(ARPHRD_ETHER) &&
1891 parp->ar_hrd != htons(ARPHRD_IEEE802)) ||
1892 parp->ar_pro != htons(ETH_P_IP) ||
1893 parp->ar_op != htons(ARPOP_REQUEST) ||
1894 parp->ar_hln != dev->addr_len ||
1895 parp->ar_pln != 4)
1896 goto out;
1897 arpptr = (u8 *)parp + sizeof(struct arphdr);
1898 sha = arpptr;
1899 arpptr += dev->addr_len; /* sha */
1900 memcpy(&sip, arpptr, sizeof(sip));
1901 arpptr += sizeof(sip);
1902 arpptr += dev->addr_len; /* tha */
1903 memcpy(&tip, arpptr, sizeof(tip));
1904
1905 if (ipv4_is_loopback(tip) ||
1906 ipv4_is_multicast(tip))
1907 goto out;
1908
1909 n = neigh_lookup(&arp_tbl, &tip, dev);
1910
1911 if (n) {
1912 struct vxlan_fdb *f;
1913 struct sk_buff *reply;
1914
1915 if (!(READ_ONCE(n->nud_state) & NUD_CONNECTED)) {
1916 neigh_release(n);
1917 goto out;
1918 }
1919
1920 f = vxlan_find_mac(vxlan, n->ha, vni);
1921 if (f && vxlan_addr_any(&(first_remote_rcu(f)->remote_ip))) {
1922 /* bridge-local neighbor */
1923 neigh_release(n);
1924 goto out;
1925 }
1926
1927 reply = arp_create(ARPOP_REPLY, ETH_P_ARP, sip, dev, tip, sha,
1928 n->ha, sha);
1929
1930 neigh_release(n);
1931
1932 if (reply == NULL)
1933 goto out;
1934
1935 skb_reset_mac_header(reply);
1936 __skb_pull(reply, skb_network_offset(reply));
1937 reply->ip_summed = CHECKSUM_UNNECESSARY;
1938 reply->pkt_type = PACKET_HOST;
1939
1940 if (netif_rx(reply) == NET_RX_DROP) {
1941 dev_core_stats_rx_dropped_inc(dev);
1942 vxlan_vnifilter_count(vxlan, vni, NULL,
1943 VXLAN_VNI_STATS_RX_DROPS, 0);
1944 }
1945
1946 } else if (vxlan->cfg.flags & VXLAN_F_L3MISS) {
1947 union vxlan_addr ipa = {
1948 .sin.sin_addr.s_addr = tip,
1949 .sin.sin_family = AF_INET,
1950 };
1951
1952 vxlan_ip_miss(dev, &ipa);
1953 }
1954 out:
1955 consume_skb(skb);
1956 return NETDEV_TX_OK;
1957 }
1958
1959 #if IS_ENABLED(CONFIG_IPV6)
1960 static struct sk_buff *vxlan_na_create(struct sk_buff *request,
1961 struct neighbour *n, bool isrouter)
1962 {
1963 struct net_device *dev = request->dev;
1964 struct sk_buff *reply;
1965 struct nd_msg *ns, *na;
1966 struct ipv6hdr *pip6;
1967 u8 *daddr;
1968 int na_olen = 8; /* opt hdr + ETH_ALEN for target */
1969 int ns_olen;
1970 int i, len;
1971
1972 if (dev == NULL || !pskb_may_pull(request, request->len))
1973 return NULL;
1974
1975 len = LL_RESERVED_SPACE(dev) + sizeof(struct ipv6hdr) +
1976 sizeof(*na) + na_olen + dev->needed_tailroom;
1977 reply = alloc_skb(len, GFP_ATOMIC);
1978 if (reply == NULL)
1979 return NULL;
1980
1981 reply->protocol = htons(ETH_P_IPV6);
1982 reply->dev = dev;
1983 skb_reserve(reply, LL_RESERVED_SPACE(request->dev));
1984 skb_push(reply, sizeof(struct ethhdr));
1985 skb_reset_mac_header(reply);
1986
1987 ns = (struct nd_msg *)(ipv6_hdr(request) + 1);
1988
1989 daddr = eth_hdr(request)->h_source;
1990 ns_olen = request->len - skb_network_offset(request) -
1991 sizeof(struct ipv6hdr) - sizeof(*ns);
1992 for (i = 0; i < ns_olen-1; i += (ns->opt[i+1]<<3)) {
1993 if (!ns->opt[i + 1]) {
1994 kfree_skb(reply);
1995 return NULL;
1996 }
1997 if (ns->opt[i] == ND_OPT_SOURCE_LL_ADDR) {
1998 daddr = ns->opt + i + sizeof(struct nd_opt_hdr);
1999 break;
2000 }
2001 }
2002
2003 /* Ethernet header */
2004 ether_addr_copy(eth_hdr(reply)->h_dest, daddr);
2005 ether_addr_copy(eth_hdr(reply)->h_source, n->ha);
2006 eth_hdr(reply)->h_proto = htons(ETH_P_IPV6);
2007 reply->protocol = htons(ETH_P_IPV6);
2008
2009 skb_pull(reply, sizeof(struct ethhdr));
2010 skb_reset_network_header(reply);
2011 skb_put(reply, sizeof(struct ipv6hdr));
2012
2013 /* IPv6 header */
2014
2015 pip6 = ipv6_hdr(reply);
2016 memset(pip6, 0, sizeof(struct ipv6hdr));
2017 pip6->version = 6;
2018 pip6->priority = ipv6_hdr(request)->priority;
2019 pip6->nexthdr = IPPROTO_ICMPV6;
2020 pip6->hop_limit = 255;
2021 pip6->daddr = ipv6_hdr(request)->saddr;
2022 pip6->saddr = *(struct in6_addr *)n->primary_key;
2023
2024 skb_pull(reply, sizeof(struct ipv6hdr));
2025 skb_reset_transport_header(reply);
2026
2027 /* Neighbor Advertisement */
2028 na = skb_put_zero(reply, sizeof(*na) + na_olen);
2029 na->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT;
2030 na->icmph.icmp6_router = isrouter;
2031 na->icmph.icmp6_override = 1;
2032 na->icmph.icmp6_solicited = 1;
2033 na->target = ns->target;
2034 ether_addr_copy(&na->opt[2], n->ha);
2035 na->opt[0] = ND_OPT_TARGET_LL_ADDR;
2036 na->opt[1] = na_olen >> 3;
2037
2038 na->icmph.icmp6_cksum = csum_ipv6_magic(&pip6->saddr,
2039 &pip6->daddr, sizeof(*na)+na_olen, IPPROTO_ICMPV6,
2040 csum_partial(na, sizeof(*na)+na_olen, 0));
2041
2042 pip6->payload_len = htons(sizeof(*na)+na_olen);
2043
2044 skb_push(reply, sizeof(struct ipv6hdr));
2045
2046 reply->ip_summed = CHECKSUM_UNNECESSARY;
2047
2048 return reply;
2049 }
2050
2051 static int neigh_reduce(struct net_device *dev, struct sk_buff *skb, __be32 vni)
2052 {
2053 struct vxlan_dev *vxlan = netdev_priv(dev);
2054 const struct in6_addr *daddr;
2055 const struct ipv6hdr *iphdr;
2056 struct inet6_dev *in6_dev;
2057 struct neighbour *n;
2058 struct nd_msg *msg;
2059
2060 rcu_read_lock();
2061 in6_dev = __in6_dev_get(dev);
2062 if (!in6_dev)
2063 goto out;
2064
2065 iphdr = ipv6_hdr(skb);
2066 daddr = &iphdr->daddr;
2067 msg = (struct nd_msg *)(iphdr + 1);
2068
2069 if (ipv6_addr_loopback(daddr) ||
2070 ipv6_addr_is_multicast(&msg->target))
2071 goto out;
2072
2073 n = neigh_lookup(ipv6_stub->nd_tbl, &msg->target, dev);
2074
2075 if (n) {
2076 struct vxlan_fdb *f;
2077 struct sk_buff *reply;
2078
2079 if (!(READ_ONCE(n->nud_state) & NUD_CONNECTED)) {
2080 neigh_release(n);
2081 goto out;
2082 }
2083
2084 f = vxlan_find_mac(vxlan, n->ha, vni);
2085 if (f && vxlan_addr_any(&(first_remote_rcu(f)->remote_ip))) {
2086 /* bridge-local neighbor */
2087 neigh_release(n);
2088 goto out;
2089 }
2090
2091 reply = vxlan_na_create(skb, n,
2092 !!(f ? f->flags & NTF_ROUTER : 0));
2093
2094 neigh_release(n);
2095
2096 if (reply == NULL)
2097 goto out;
2098
2099 if (netif_rx(reply) == NET_RX_DROP) {
2100 dev_core_stats_rx_dropped_inc(dev);
2101 vxlan_vnifilter_count(vxlan, vni, NULL,
2102 VXLAN_VNI_STATS_RX_DROPS, 0);
2103 }
2104 } else if (vxlan->cfg.flags & VXLAN_F_L3MISS) {
2105 union vxlan_addr ipa = {
2106 .sin6.sin6_addr = msg->target,
2107 .sin6.sin6_family = AF_INET6,
2108 };
2109
2110 vxlan_ip_miss(dev, &ipa);
2111 }
2112
2113 out:
2114 rcu_read_unlock();
2115 consume_skb(skb);
2116 return NETDEV_TX_OK;
2117 }
2118 #endif
2119
2120 static bool route_shortcircuit(struct net_device *dev, struct sk_buff *skb)
2121 {
2122 struct vxlan_dev *vxlan = netdev_priv(dev);
2123 struct neighbour *n;
2124
2125 if (is_multicast_ether_addr(eth_hdr(skb)->h_dest))
2126 return false;
2127
2128 n = NULL;
2129 switch (ntohs(eth_hdr(skb)->h_proto)) {
2130 case ETH_P_IP:
2131 {
2132 struct iphdr *pip;
2133
2134 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
2135 return false;
2136 pip = ip_hdr(skb);
2137 n = neigh_lookup(&arp_tbl, &pip->daddr, dev);
2138 if (!n && (vxlan->cfg.flags & VXLAN_F_L3MISS)) {
2139 union vxlan_addr ipa = {
2140 .sin.sin_addr.s_addr = pip->daddr,
2141 .sin.sin_family = AF_INET,
2142 };
2143
2144 vxlan_ip_miss(dev, &ipa);
2145 return false;
2146 }
2147
2148 break;
2149 }
2150 #if IS_ENABLED(CONFIG_IPV6)
2151 case ETH_P_IPV6:
2152 {
2153 struct ipv6hdr *pip6;
2154
2155 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
2156 return false;
2157 pip6 = ipv6_hdr(skb);
2158 n = neigh_lookup(ipv6_stub->nd_tbl, &pip6->daddr, dev);
2159 if (!n && (vxlan->cfg.flags & VXLAN_F_L3MISS)) {
2160 union vxlan_addr ipa = {
2161 .sin6.sin6_addr = pip6->daddr,
2162 .sin6.sin6_family = AF_INET6,
2163 };
2164
2165 vxlan_ip_miss(dev, &ipa);
2166 return false;
2167 }
2168
2169 break;
2170 }
2171 #endif
2172 default:
2173 return false;
2174 }
2175
2176 if (n) {
2177 bool diff;
2178
2179 diff = !ether_addr_equal(eth_hdr(skb)->h_dest, n->ha);
2180 if (diff) {
2181 memcpy(eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
2182 dev->addr_len);
2183 memcpy(eth_hdr(skb)->h_dest, n->ha, dev->addr_len);
2184 }
2185 neigh_release(n);
2186 return diff;
2187 }
2188
2189 return false;
2190 }
2191
2192 static int vxlan_build_gpe_hdr(struct vxlanhdr *vxh, __be16 protocol)
2193 {
2194 struct vxlanhdr_gpe *gpe = (struct vxlanhdr_gpe *)vxh;
2195
2196 gpe->np_applied = 1;
2197 gpe->next_protocol = tun_p_from_eth_p(protocol);
2198 if (!gpe->next_protocol)
2199 return -EPFNOSUPPORT;
2200 return 0;
2201 }
2202
2203 static int vxlan_build_skb(struct sk_buff *skb, struct dst_entry *dst,
2204 int iphdr_len, __be32 vni,
2205 struct vxlan_metadata *md, u32 vxflags,
2206 bool udp_sum)
2207 {
2208 struct vxlanhdr *vxh;
2209 int min_headroom;
2210 int err;
2211 int type = udp_sum ? SKB_GSO_UDP_TUNNEL_CSUM : SKB_GSO_UDP_TUNNEL;
2212 __be16 inner_protocol = htons(ETH_P_TEB);
2213
2214 if ((vxflags & VXLAN_F_REMCSUM_TX) &&
2215 skb->ip_summed == CHECKSUM_PARTIAL) {
2216 int csum_start = skb_checksum_start_offset(skb);
2217
2218 if (csum_start <= VXLAN_MAX_REMCSUM_START &&
2219 !(csum_start & VXLAN_RCO_SHIFT_MASK) &&
2220 (skb->csum_offset == offsetof(struct udphdr, check) ||
2221 skb->csum_offset == offsetof(struct tcphdr, check)))
2222 type |= SKB_GSO_TUNNEL_REMCSUM;
2223 }
2224
2225 min_headroom = LL_RESERVED_SPACE(dst->dev) + dst->header_len
2226 + VXLAN_HLEN + iphdr_len;
2227
2228 /* Need space for new headers (invalidates iph ptr) */
2229 err = skb_cow_head(skb, min_headroom);
2230 if (unlikely(err))
2231 return err;
2232
2233 err = iptunnel_handle_offloads(skb, type);
2234 if (err)
2235 return err;
2236
2237 vxh = __skb_push(skb, sizeof(*vxh));
2238 vxh->vx_flags = VXLAN_HF_VNI;
2239 vxh->vx_vni = vxlan_vni_field(vni);
2240
2241 if (type & SKB_GSO_TUNNEL_REMCSUM) {
2242 unsigned int start;
2243
2244 start = skb_checksum_start_offset(skb) - sizeof(struct vxlanhdr);
2245 vxh->vx_vni |= vxlan_compute_rco(start, skb->csum_offset);
2246 vxh->vx_flags |= VXLAN_HF_RCO;
2247
2248 if (!skb_is_gso(skb)) {
2249 skb->ip_summed = CHECKSUM_NONE;
2250 skb->encapsulation = 0;
2251 }
2252 }
2253
2254 if (vxflags & VXLAN_F_GBP)
2255 vxlan_build_gbp_hdr(vxh, md);
2256 if (vxflags & VXLAN_F_GPE) {
2257 err = vxlan_build_gpe_hdr(vxh, skb->protocol);
2258 if (err < 0)
2259 return err;
2260 inner_protocol = skb->protocol;
2261 }
2262
2263 skb_set_inner_protocol(skb, inner_protocol);
2264 return 0;
2265 }
2266
2267 /* Bypass encapsulation if the destination is local */
2268 static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan,
2269 struct vxlan_dev *dst_vxlan, __be32 vni,
2270 bool snoop)
2271 {
2272 union vxlan_addr loopback;
2273 union vxlan_addr *remote_ip = &dst_vxlan->default_dst.remote_ip;
2274 struct net_device *dev;
2275 int len = skb->len;
2276
2277 skb->pkt_type = PACKET_HOST;
2278 skb->encapsulation = 0;
2279 skb->dev = dst_vxlan->dev;
2280 __skb_pull(skb, skb_network_offset(skb));
2281
2282 if (remote_ip->sa.sa_family == AF_INET) {
2283 loopback.sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
2284 loopback.sa.sa_family = AF_INET;
2285 #if IS_ENABLED(CONFIG_IPV6)
2286 } else {
2287 loopback.sin6.sin6_addr = in6addr_loopback;
2288 loopback.sa.sa_family = AF_INET6;
2289 #endif
2290 }
2291
2292 rcu_read_lock();
2293 dev = skb->dev;
2294 if (unlikely(!(dev->flags & IFF_UP))) {
2295 kfree_skb_reason(skb, SKB_DROP_REASON_DEV_READY);
2296 goto drop;
2297 }
2298
2299 if ((dst_vxlan->cfg.flags & VXLAN_F_LEARN) && snoop)
2300 vxlan_snoop(dev, &loopback, eth_hdr(skb)->h_source, 0, vni);
2301
2302 dev_sw_netstats_tx_add(src_vxlan->dev, 1, len);
2303 vxlan_vnifilter_count(src_vxlan, vni, NULL, VXLAN_VNI_STATS_TX, len);
2304
2305 if (__netif_rx(skb) == NET_RX_SUCCESS) {
2306 dev_sw_netstats_rx_add(dst_vxlan->dev, len);
2307 vxlan_vnifilter_count(dst_vxlan, vni, NULL, VXLAN_VNI_STATS_RX,
2308 len);
2309 } else {
2310 drop:
2311 dev_core_stats_rx_dropped_inc(dev);
2312 vxlan_vnifilter_count(dst_vxlan, vni, NULL,
2313 VXLAN_VNI_STATS_RX_DROPS, 0);
2314 }
2315 rcu_read_unlock();
2316 }
2317
2318 static int encap_bypass_if_local(struct sk_buff *skb, struct net_device *dev,
2319 struct vxlan_dev *vxlan,
2320 int addr_family,
2321 __be16 dst_port, int dst_ifindex, __be32 vni,
2322 struct dst_entry *dst,
2323 u32 rt_flags)
2324 {
2325 #if IS_ENABLED(CONFIG_IPV6)
2326 /* IPv6 rt-flags are checked against RTF_LOCAL, but the value of
2327 * RTF_LOCAL is equal to RTCF_LOCAL. So to keep code simple
2328 * we can use RTCF_LOCAL which works for ipv4 and ipv6 route entry.
2329 */
2330 BUILD_BUG_ON(RTCF_LOCAL != RTF_LOCAL);
2331 #endif
2332 /* Bypass encapsulation if the destination is local */
2333 if (rt_flags & RTCF_LOCAL &&
2334 !(rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) &&
2335 vxlan->cfg.flags & VXLAN_F_LOCALBYPASS) {
2336 struct vxlan_dev *dst_vxlan;
2337
2338 dst_release(dst);
2339 dst_vxlan = vxlan_find_vni(vxlan->net, dst_ifindex, vni,
2340 addr_family, dst_port,
2341 vxlan->cfg.flags);
2342 if (!dst_vxlan) {
2343 DEV_STATS_INC(dev, tx_errors);
2344 vxlan_vnifilter_count(vxlan, vni, NULL,
2345 VXLAN_VNI_STATS_TX_ERRORS, 0);
2346 kfree_skb_reason(skb, SKB_DROP_REASON_VXLAN_VNI_NOT_FOUND);
2347
2348 return -ENOENT;
2349 }
2350 vxlan_encap_bypass(skb, vxlan, dst_vxlan, vni, true);
2351 return 1;
2352 }
2353
2354 return 0;
2355 }
2356
2357 void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
2358 __be32 default_vni, struct vxlan_rdst *rdst, bool did_rsc)
2359 {
2360 struct dst_cache *dst_cache;
2361 struct ip_tunnel_info *info;
2362 struct ip_tunnel_key *pkey;
2363 struct ip_tunnel_key key;
2364 struct vxlan_dev *vxlan = netdev_priv(dev);
2365 const struct iphdr *old_iph;
2366 struct vxlan_metadata _md;
2367 struct vxlan_metadata *md = &_md;
2368 unsigned int pkt_len = skb->len;
2369 __be16 src_port = 0, dst_port;
2370 struct dst_entry *ndst = NULL;
2371 int addr_family;
2372 __u8 tos, ttl;
2373 int ifindex;
2374 int err;
2375 u32 flags = vxlan->cfg.flags;
2376 bool use_cache;
2377 bool udp_sum = false;
2378 bool xnet = !net_eq(vxlan->net, dev_net(vxlan->dev));
2379 enum skb_drop_reason reason;
2380 bool no_eth_encap;
2381 __be32 vni = 0;
2382
2383 no_eth_encap = flags & VXLAN_F_GPE && skb->protocol != htons(ETH_P_TEB);
2384 reason = skb_vlan_inet_prepare(skb, no_eth_encap);
2385 if (reason)
2386 goto drop;
2387
2388 reason = SKB_DROP_REASON_NOT_SPECIFIED;
2389 old_iph = ip_hdr(skb);
2390
2391 info = skb_tunnel_info(skb);
2392 use_cache = ip_tunnel_dst_cache_usable(skb, info);
2393
2394 if (rdst) {
2395 memset(&key, 0, sizeof(key));
2396 pkey = &key;
2397
2398 if (vxlan_addr_any(&rdst->remote_ip)) {
2399 if (did_rsc) {
2400 /* short-circuited back to local bridge */
2401 vxlan_encap_bypass(skb, vxlan, vxlan,
2402 default_vni, true);
2403 return;
2404 }
2405 goto drop;
2406 }
2407
2408 addr_family = vxlan->cfg.saddr.sa.sa_family;
2409 dst_port = rdst->remote_port ? rdst->remote_port : vxlan->cfg.dst_port;
2410 vni = (rdst->remote_vni) ? : default_vni;
2411 ifindex = rdst->remote_ifindex;
2412
2413 if (addr_family == AF_INET) {
2414 key.u.ipv4.src = vxlan->cfg.saddr.sin.sin_addr.s_addr;
2415 key.u.ipv4.dst = rdst->remote_ip.sin.sin_addr.s_addr;
2416 } else {
2417 key.u.ipv6.src = vxlan->cfg.saddr.sin6.sin6_addr;
2418 key.u.ipv6.dst = rdst->remote_ip.sin6.sin6_addr;
2419 }
2420
2421 dst_cache = &rdst->dst_cache;
2422 md->gbp = skb->mark;
2423 if (flags & VXLAN_F_TTL_INHERIT) {
2424 ttl = ip_tunnel_get_ttl(old_iph, skb);
2425 } else {
2426 ttl = vxlan->cfg.ttl;
2427 if (!ttl && vxlan_addr_multicast(&rdst->remote_ip))
2428 ttl = 1;
2429 }
2430 tos = vxlan->cfg.tos;
2431 if (tos == 1)
2432 tos = ip_tunnel_get_dsfield(old_iph, skb);
2433 if (tos && !info)
2434 use_cache = false;
2435
2436 if (addr_family == AF_INET)
2437 udp_sum = !(flags & VXLAN_F_UDP_ZERO_CSUM_TX);
2438 else
2439 udp_sum = !(flags & VXLAN_F_UDP_ZERO_CSUM6_TX);
2440 #if IS_ENABLED(CONFIG_IPV6)
2441 switch (vxlan->cfg.label_policy) {
2442 case VXLAN_LABEL_FIXED:
2443 key.label = vxlan->cfg.label;
2444 break;
2445 case VXLAN_LABEL_INHERIT:
2446 key.label = ip_tunnel_get_flowlabel(old_iph, skb);
2447 break;
2448 default:
2449 DEBUG_NET_WARN_ON_ONCE(1);
2450 goto drop;
2451 }
2452 #endif
2453 } else {
2454 if (!info) {
2455 WARN_ONCE(1, "%s: Missing encapsulation instructions\n",
2456 dev->name);
2457 goto drop;
2458 }
2459 pkey = &info->key;
2460 addr_family = ip_tunnel_info_af(info);
2461 dst_port = info->key.tp_dst ? : vxlan->cfg.dst_port;
2462 vni = tunnel_id_to_key32(info->key.tun_id);
2463 ifindex = 0;
2464 dst_cache = &info->dst_cache;
2465 if (test_bit(IP_TUNNEL_VXLAN_OPT_BIT, info->key.tun_flags)) {
2466 if (info->options_len < sizeof(*md))
2467 goto drop;
2468 md = ip_tunnel_info_opts(info);
2469 }
2470 ttl = info->key.ttl;
2471 tos = info->key.tos;
2472 udp_sum = test_bit(IP_TUNNEL_CSUM_BIT, info->key.tun_flags);
2473 }
2474 src_port = udp_flow_src_port(dev_net(dev), skb, vxlan->cfg.port_min,
2475 vxlan->cfg.port_max, true);
2476
2477 rcu_read_lock();
2478 if (addr_family == AF_INET) {
2479 struct vxlan_sock *sock4 = rcu_dereference(vxlan->vn4_sock);
2480 struct rtable *rt;
2481 __be16 df = 0;
2482 __be32 saddr;
2483
2484 if (!ifindex)
2485 ifindex = sock4->sock->sk->sk_bound_dev_if;
2486
2487 rt = udp_tunnel_dst_lookup(skb, dev, vxlan->net, ifindex,
2488 &saddr, pkey, src_port, dst_port,
2489 tos, use_cache ? dst_cache : NULL);
2490 if (IS_ERR(rt)) {
2491 err = PTR_ERR(rt);
2492 reason = SKB_DROP_REASON_IP_OUTNOROUTES;
2493 goto tx_error;
2494 }
2495
2496 if (!info) {
2497 /* Bypass encapsulation if the destination is local */
2498 err = encap_bypass_if_local(skb, dev, vxlan, AF_INET,
2499 dst_port, ifindex, vni,
2500 &rt->dst, rt->rt_flags);
2501 if (err)
2502 goto out_unlock;
2503
2504 if (vxlan->cfg.df == VXLAN_DF_SET) {
2505 df = htons(IP_DF);
2506 } else if (vxlan->cfg.df == VXLAN_DF_INHERIT) {
2507 struct ethhdr *eth = eth_hdr(skb);
2508
2509 if (ntohs(eth->h_proto) == ETH_P_IPV6 ||
2510 (ntohs(eth->h_proto) == ETH_P_IP &&
2511 old_iph->frag_off & htons(IP_DF)))
2512 df = htons(IP_DF);
2513 }
2514 } else if (test_bit(IP_TUNNEL_DONT_FRAGMENT_BIT,
2515 info->key.tun_flags)) {
2516 df = htons(IP_DF);
2517 }
2518
2519 ndst = &rt->dst;
2520 err = skb_tunnel_check_pmtu(skb, ndst, vxlan_headroom(flags & VXLAN_F_GPE),
2521 netif_is_any_bridge_port(dev));
2522 if (err < 0) {
2523 goto tx_error;
2524 } else if (err) {
2525 if (info) {
2526 struct ip_tunnel_info *unclone;
2527
2528 unclone = skb_tunnel_info_unclone(skb);
2529 if (unlikely(!unclone))
2530 goto tx_error;
2531
2532 unclone->key.u.ipv4.src = pkey->u.ipv4.dst;
2533 unclone->key.u.ipv4.dst = saddr;
2534 }
2535 vxlan_encap_bypass(skb, vxlan, vxlan, vni, false);
2536 dst_release(ndst);
2537 goto out_unlock;
2538 }
2539
2540 tos = ip_tunnel_ecn_encap(tos, old_iph, skb);
2541 ttl = ttl ? : ip4_dst_hoplimit(&rt->dst);
2542 err = vxlan_build_skb(skb, ndst, sizeof(struct iphdr),
2543 vni, md, flags, udp_sum);
2544 if (err < 0) {
2545 reason = SKB_DROP_REASON_NOMEM;
2546 goto tx_error;
2547 }
2548
2549 udp_tunnel_xmit_skb(rt, sock4->sock->sk, skb, saddr,
2550 pkey->u.ipv4.dst, tos, ttl, df,
2551 src_port, dst_port, xnet, !udp_sum);
2552 #if IS_ENABLED(CONFIG_IPV6)
2553 } else {
2554 struct vxlan_sock *sock6 = rcu_dereference(vxlan->vn6_sock);
2555 struct in6_addr saddr;
2556
2557 if (!ifindex)
2558 ifindex = sock6->sock->sk->sk_bound_dev_if;
2559
2560 ndst = udp_tunnel6_dst_lookup(skb, dev, vxlan->net, sock6->sock,
2561 ifindex, &saddr, pkey,
2562 src_port, dst_port, tos,
2563 use_cache ? dst_cache : NULL);
2564 if (IS_ERR(ndst)) {
2565 err = PTR_ERR(ndst);
2566 ndst = NULL;
2567 reason = SKB_DROP_REASON_IP_OUTNOROUTES;
2568 goto tx_error;
2569 }
2570
2571 if (!info) {
2572 u32 rt6i_flags = dst_rt6_info(ndst)->rt6i_flags;
2573
2574 err = encap_bypass_if_local(skb, dev, vxlan, AF_INET6,
2575 dst_port, ifindex, vni,
2576 ndst, rt6i_flags);
2577 if (err)
2578 goto out_unlock;
2579 }
2580
2581 err = skb_tunnel_check_pmtu(skb, ndst,
2582 vxlan_headroom((flags & VXLAN_F_GPE) | VXLAN_F_IPV6),
2583 netif_is_any_bridge_port(dev));
2584 if (err < 0) {
2585 goto tx_error;
2586 } else if (err) {
2587 if (info) {
2588 struct ip_tunnel_info *unclone;
2589
2590 unclone = skb_tunnel_info_unclone(skb);
2591 if (unlikely(!unclone))
2592 goto tx_error;
2593
2594 unclone->key.u.ipv6.src = pkey->u.ipv6.dst;
2595 unclone->key.u.ipv6.dst = saddr;
2596 }
2597
2598 vxlan_encap_bypass(skb, vxlan, vxlan, vni, false);
2599 dst_release(ndst);
2600 goto out_unlock;
2601 }
2602
2603 tos = ip_tunnel_ecn_encap(tos, old_iph, skb);
2604 ttl = ttl ? : ip6_dst_hoplimit(ndst);
2605 skb_scrub_packet(skb, xnet);
2606 err = vxlan_build_skb(skb, ndst, sizeof(struct ipv6hdr),
2607 vni, md, flags, udp_sum);
2608 if (err < 0) {
2609 reason = SKB_DROP_REASON_NOMEM;
2610 goto tx_error;
2611 }
2612
2613 udp_tunnel6_xmit_skb(ndst, sock6->sock->sk, skb, dev,
2614 &saddr, &pkey->u.ipv6.dst, tos, ttl,
2615 pkey->label, src_port, dst_port, !udp_sum);
2616 #endif
2617 }
2618 vxlan_vnifilter_count(vxlan, vni, NULL, VXLAN_VNI_STATS_TX, pkt_len);
2619 out_unlock:
2620 rcu_read_unlock();
2621 return;
2622
2623 drop:
2624 dev_core_stats_tx_dropped_inc(dev);
2625 vxlan_vnifilter_count(vxlan, vni, NULL, VXLAN_VNI_STATS_TX_DROPS, 0);
2626 kfree_skb_reason(skb, reason);
2627 return;
2628
2629 tx_error:
2630 rcu_read_unlock();
2631 if (err == -ELOOP)
2632 DEV_STATS_INC(dev, collisions);
2633 else if (err == -ENETUNREACH)
2634 DEV_STATS_INC(dev, tx_carrier_errors);
2635 dst_release(ndst);
2636 DEV_STATS_INC(dev, tx_errors);
2637 vxlan_vnifilter_count(vxlan, vni, NULL, VXLAN_VNI_STATS_TX_ERRORS, 0);
2638 kfree_skb_reason(skb, reason);
2639 }
2640
2641 static void vxlan_xmit_nh(struct sk_buff *skb, struct net_device *dev,
2642 struct vxlan_fdb *f, __be32 vni, bool did_rsc)
2643 {
2644 struct vxlan_rdst nh_rdst;
2645 struct nexthop *nh;
2646 bool do_xmit;
2647 u32 hash;
2648
2649 memset(&nh_rdst, 0, sizeof(struct vxlan_rdst));
2650 hash = skb_get_hash(skb);
2651
2652 rcu_read_lock();
2653 nh = rcu_dereference(f->nh);
2654 if (!nh) {
2655 rcu_read_unlock();
2656 goto drop;
2657 }
2658 do_xmit = vxlan_fdb_nh_path_select(nh, hash, &nh_rdst);
2659 rcu_read_unlock();
2660
2661 if (likely(do_xmit))
2662 vxlan_xmit_one(skb, dev, vni, &nh_rdst, did_rsc);
2663 else
2664 goto drop;
2665
2666 return;
2667
2668 drop:
2669 dev_core_stats_tx_dropped_inc(dev);
2670 vxlan_vnifilter_count(netdev_priv(dev), vni, NULL,
2671 VXLAN_VNI_STATS_TX_DROPS, 0);
2672 dev_kfree_skb(skb);
2673 }
2674
2675 static netdev_tx_t vxlan_xmit_nhid(struct sk_buff *skb, struct net_device *dev,
2676 u32 nhid, __be32 vni)
2677 {
2678 struct vxlan_dev *vxlan = netdev_priv(dev);
2679 struct vxlan_rdst nh_rdst;
2680 struct nexthop *nh;
2681 bool do_xmit;
2682 u32 hash;
2683
2684 memset(&nh_rdst, 0, sizeof(struct vxlan_rdst));
2685 hash = skb_get_hash(skb);
2686
2687 rcu_read_lock();
2688 nh = nexthop_find_by_id(dev_net(dev), nhid);
2689 if (unlikely(!nh || !nexthop_is_fdb(nh) || !nexthop_is_multipath(nh))) {
2690 rcu_read_unlock();
2691 goto drop;
2692 }
2693 do_xmit = vxlan_fdb_nh_path_select(nh, hash, &nh_rdst);
2694 rcu_read_unlock();
2695
2696 if (vxlan->cfg.saddr.sa.sa_family != nh_rdst.remote_ip.sa.sa_family)
2697 goto drop;
2698
2699 if (likely(do_xmit))
2700 vxlan_xmit_one(skb, dev, vni, &nh_rdst, false);
2701 else
2702 goto drop;
2703
2704 return NETDEV_TX_OK;
2705
2706 drop:
2707 dev_core_stats_tx_dropped_inc(dev);
2708 vxlan_vnifilter_count(netdev_priv(dev), vni, NULL,
2709 VXLAN_VNI_STATS_TX_DROPS, 0);
2710 dev_kfree_skb(skb);
2711 return NETDEV_TX_OK;
2712 }
2713
2714 /* Transmit local packets over Vxlan
2715 *
2716 * Outer IP header inherits ECN and DF from inner header.
2717 * Outer UDP destination is the VXLAN assigned port.
2718 * source port is based on hash of flow
2719 */
2720 static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev)
2721 {
2722 struct vxlan_dev *vxlan = netdev_priv(dev);
2723 struct vxlan_rdst *rdst, *fdst = NULL;
2724 const struct ip_tunnel_info *info;
2725 struct vxlan_fdb *f;
2726 struct ethhdr *eth;
2727 __be32 vni = 0;
2728 u32 nhid = 0;
2729 bool did_rsc;
2730
2731 info = skb_tunnel_info(skb);
2732
2733 skb_reset_mac_header(skb);
2734
2735 if (vxlan->cfg.flags & VXLAN_F_COLLECT_METADATA) {
2736 if (info && info->mode & IP_TUNNEL_INFO_BRIDGE &&
2737 info->mode & IP_TUNNEL_INFO_TX) {
2738 vni = tunnel_id_to_key32(info->key.tun_id);
2739 nhid = info->key.nhid;
2740 } else {
2741 if (info && info->mode & IP_TUNNEL_INFO_TX)
2742 vxlan_xmit_one(skb, dev, vni, NULL, false);
2743 else
2744 kfree_skb_reason(skb, SKB_DROP_REASON_TUNNEL_TXINFO);
2745 return NETDEV_TX_OK;
2746 }
2747 }
2748
2749 if (vxlan->cfg.flags & VXLAN_F_PROXY) {
2750 eth = eth_hdr(skb);
2751 if (ntohs(eth->h_proto) == ETH_P_ARP)
2752 return arp_reduce(dev, skb, vni);
2753 #if IS_ENABLED(CONFIG_IPV6)
2754 else if (ntohs(eth->h_proto) == ETH_P_IPV6 &&
2755 pskb_may_pull(skb, sizeof(struct ipv6hdr) +
2756 sizeof(struct nd_msg)) &&
2757 ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) {
2758 struct nd_msg *m = (struct nd_msg *)(ipv6_hdr(skb) + 1);
2759
2760 if (m->icmph.icmp6_code == 0 &&
2761 m->icmph.icmp6_type == NDISC_NEIGHBOUR_SOLICITATION)
2762 return neigh_reduce(dev, skb, vni);
2763 }
2764 #endif
2765 }
2766
2767 if (nhid)
2768 return vxlan_xmit_nhid(skb, dev, nhid, vni);
2769
2770 if (vxlan->cfg.flags & VXLAN_F_MDB) {
2771 struct vxlan_mdb_entry *mdb_entry;
2772
2773 rcu_read_lock();
2774 mdb_entry = vxlan_mdb_entry_skb_get(vxlan, skb, vni);
2775 if (mdb_entry) {
2776 netdev_tx_t ret;
2777
2778 ret = vxlan_mdb_xmit(vxlan, mdb_entry, skb);
2779 rcu_read_unlock();
2780 return ret;
2781 }
2782 rcu_read_unlock();
2783 }
2784
2785 eth = eth_hdr(skb);
2786 f = vxlan_find_mac(vxlan, eth->h_dest, vni);
2787 did_rsc = false;
2788
2789 if (f && (f->flags & NTF_ROUTER) && (vxlan->cfg.flags & VXLAN_F_RSC) &&
2790 (ntohs(eth->h_proto) == ETH_P_IP ||
2791 ntohs(eth->h_proto) == ETH_P_IPV6)) {
2792 did_rsc = route_shortcircuit(dev, skb);
2793 if (did_rsc)
2794 f = vxlan_find_mac(vxlan, eth->h_dest, vni);
2795 }
2796
2797 if (f == NULL) {
2798 f = vxlan_find_mac(vxlan, all_zeros_mac, vni);
2799 if (f == NULL) {
2800 if ((vxlan->cfg.flags & VXLAN_F_L2MISS) &&
2801 !is_multicast_ether_addr(eth->h_dest))
2802 vxlan_fdb_miss(vxlan, eth->h_dest);
2803
2804 dev_core_stats_tx_dropped_inc(dev);
2805 vxlan_vnifilter_count(vxlan, vni, NULL,
2806 VXLAN_VNI_STATS_TX_DROPS, 0);
2807 kfree_skb_reason(skb, SKB_DROP_REASON_VXLAN_NO_REMOTE);
2808 return NETDEV_TX_OK;
2809 }
2810 }
2811
2812 if (rcu_access_pointer(f->nh)) {
2813 vxlan_xmit_nh(skb, dev, f,
2814 (vni ? : vxlan->default_dst.remote_vni), did_rsc);
2815 } else {
2816 list_for_each_entry_rcu(rdst, &f->remotes, list) {
2817 struct sk_buff *skb1;
2818
2819 if (!fdst) {
2820 fdst = rdst;
2821 continue;
2822 }
2823 skb1 = skb_clone(skb, GFP_ATOMIC);
2824 if (skb1)
2825 vxlan_xmit_one(skb1, dev, vni, rdst, did_rsc);
2826 }
2827 if (fdst)
2828 vxlan_xmit_one(skb, dev, vni, fdst, did_rsc);
2829 else
2830 kfree_skb_reason(skb, SKB_DROP_REASON_VXLAN_NO_REMOTE);
2831 }
2832
2833 return NETDEV_TX_OK;
2834 }
2835
2836 /* Walk the forwarding table and purge stale entries */
2837 static void vxlan_cleanup(struct timer_list *t)
2838 {
2839 struct vxlan_dev *vxlan = from_timer(vxlan, t, age_timer);
2840 unsigned long next_timer = jiffies + FDB_AGE_INTERVAL;
2841 unsigned int h;
2842
2843 if (!netif_running(vxlan->dev))
2844 return;
2845
2846 for (h = 0; h < FDB_HASH_SIZE; ++h) {
2847 struct hlist_node *p, *n;
2848
2849 spin_lock(&vxlan->hash_lock[h]);
2850 hlist_for_each_safe(p, n, &vxlan->fdb_head[h]) {
2851 struct vxlan_fdb *f
2852 = container_of(p, struct vxlan_fdb, hlist);
2853 unsigned long timeout;
2854
2855 if (f->state & (NUD_PERMANENT | NUD_NOARP))
2856 continue;
2857
2858 if (f->flags & NTF_EXT_LEARNED)
2859 continue;
2860
2861 timeout = f->used + vxlan->cfg.age_interval * HZ;
2862 if (time_before_eq(timeout, jiffies)) {
2863 netdev_dbg(vxlan->dev,
2864 "garbage collect %pM\n",
2865 f->eth_addr);
2866 f->state = NUD_STALE;
2867 vxlan_fdb_destroy(vxlan, f, true, true);
2868 } else if (time_before(timeout, next_timer))
2869 next_timer = timeout;
2870 }
2871 spin_unlock(&vxlan->hash_lock[h]);
2872 }
2873
2874 mod_timer(&vxlan->age_timer, next_timer);
2875 }
2876
2877 static void vxlan_vs_del_dev(struct vxlan_dev *vxlan)
2878 {
2879 struct vxlan_net *vn = net_generic(vxlan->net, vxlan_net_id);
2880
2881 spin_lock(&vn->sock_lock);
2882 hlist_del_init_rcu(&vxlan->hlist4.hlist);
2883 #if IS_ENABLED(CONFIG_IPV6)
2884 hlist_del_init_rcu(&vxlan->hlist6.hlist);
2885 #endif
2886 spin_unlock(&vn->sock_lock);
2887 }
2888
2889 static void vxlan_vs_add_dev(struct vxlan_sock *vs, struct vxlan_dev *vxlan,
2890 struct vxlan_dev_node *node)
2891 {
2892 struct vxlan_net *vn = net_generic(vxlan->net, vxlan_net_id);
2893 __be32 vni = vxlan->default_dst.remote_vni;
2894
2895 node->vxlan = vxlan;
2896 spin_lock(&vn->sock_lock);
2897 hlist_add_head_rcu(&node->hlist, vni_head(vs, vni));
2898 spin_unlock(&vn->sock_lock);
2899 }
2900
2901 /* Setup stats when device is created */
2902 static int vxlan_init(struct net_device *dev)
2903 {
2904 struct vxlan_dev *vxlan = netdev_priv(dev);
2905 int err;
2906
2907 if (vxlan->cfg.flags & VXLAN_F_VNIFILTER)
2908 vxlan_vnigroup_init(vxlan);
2909
2910 err = gro_cells_init(&vxlan->gro_cells, dev);
2911 if (err)
2912 goto err_vnigroup_uninit;
2913
2914 err = vxlan_mdb_init(vxlan);
2915 if (err)
2916 goto err_gro_cells_destroy;
2917
2918 netdev_lockdep_set_classes(dev);
2919 return 0;
2920
2921 err_gro_cells_destroy:
2922 gro_cells_destroy(&vxlan->gro_cells);
2923 err_vnigroup_uninit:
2924 if (vxlan->cfg.flags & VXLAN_F_VNIFILTER)
2925 vxlan_vnigroup_uninit(vxlan);
2926 return err;
2927 }
2928
2929 static void vxlan_fdb_delete_default(struct vxlan_dev *vxlan, __be32 vni)
2930 {
2931 struct vxlan_fdb *f;
2932 u32 hash_index = fdb_head_index(vxlan, all_zeros_mac, vni);
2933
2934 spin_lock_bh(&vxlan->hash_lock[hash_index]);
2935 f = __vxlan_find_mac(vxlan, all_zeros_mac, vni);
2936 if (f)
2937 vxlan_fdb_destroy(vxlan, f, true, true);
2938 spin_unlock_bh(&vxlan->hash_lock[hash_index]);
2939 }
2940
2941 static void vxlan_uninit(struct net_device *dev)
2942 {
2943 struct vxlan_dev *vxlan = netdev_priv(dev);
2944
2945 vxlan_mdb_fini(vxlan);
2946
2947 if (vxlan->cfg.flags & VXLAN_F_VNIFILTER)
2948 vxlan_vnigroup_uninit(vxlan);
2949
2950 gro_cells_destroy(&vxlan->gro_cells);
2951
2952 vxlan_fdb_delete_default(vxlan, vxlan->cfg.vni);
2953 }
2954
2955 /* Start ageing timer and join group when device is brought up */
2956 static int vxlan_open(struct net_device *dev)
2957 {
2958 struct vxlan_dev *vxlan = netdev_priv(dev);
2959 int ret;
2960
2961 ret = vxlan_sock_add(vxlan);
2962 if (ret < 0)
2963 return ret;
2964
2965 ret = vxlan_multicast_join(vxlan);
2966 if (ret) {
2967 vxlan_sock_release(vxlan);
2968 return ret;
2969 }
2970
2971 if (vxlan->cfg.age_interval)
2972 mod_timer(&vxlan->age_timer, jiffies + FDB_AGE_INTERVAL);
2973
2974 return ret;
2975 }
2976
2977 struct vxlan_fdb_flush_desc {
2978 bool ignore_default_entry;
2979 unsigned long state;
2980 unsigned long state_mask;
2981 unsigned long flags;
2982 unsigned long flags_mask;
2983 __be32 src_vni;
2984 u32 nhid;
2985 __be32 vni;
2986 __be16 port;
2987 union vxlan_addr dst_ip;
2988 };
2989
2990 static bool vxlan_fdb_is_default_entry(const struct vxlan_fdb *f,
2991 const struct vxlan_dev *vxlan)
2992 {
2993 return is_zero_ether_addr(f->eth_addr) && f->vni == vxlan->cfg.vni;
2994 }
2995
2996 static bool vxlan_fdb_nhid_matches(const struct vxlan_fdb *f, u32 nhid)
2997 {
2998 struct nexthop *nh = rtnl_dereference(f->nh);
2999
3000 return nh && nh->id == nhid;
3001 }
3002
3003 static bool vxlan_fdb_flush_matches(const struct vxlan_fdb *f,
3004 const struct vxlan_dev *vxlan,
3005 const struct vxlan_fdb_flush_desc *desc)
3006 {
3007 if (desc->state_mask && (f->state & desc->state_mask) != desc->state)
3008 return false;
3009
3010 if (desc->flags_mask && (f->flags & desc->flags_mask) != desc->flags)
3011 return false;
3012
3013 if (desc->ignore_default_entry && vxlan_fdb_is_default_entry(f, vxlan))
3014 return false;
3015
3016 if (desc->src_vni && f->vni != desc->src_vni)
3017 return false;
3018
3019 if (desc->nhid && !vxlan_fdb_nhid_matches(f, desc->nhid))
3020 return false;
3021
3022 return true;
3023 }
3024
3025 static bool
3026 vxlan_fdb_flush_should_match_remotes(const struct vxlan_fdb_flush_desc *desc)
3027 {
3028 return desc->vni || desc->port || desc->dst_ip.sa.sa_family;
3029 }
3030
3031 static bool
3032 vxlan_fdb_flush_remote_matches(const struct vxlan_fdb_flush_desc *desc,
3033 const struct vxlan_rdst *rd)
3034 {
3035 if (desc->vni && rd->remote_vni != desc->vni)
3036 return false;
3037
3038 if (desc->port && rd->remote_port != desc->port)
3039 return false;
3040
3041 if (desc->dst_ip.sa.sa_family &&
3042 !vxlan_addr_equal(&rd->remote_ip, &desc->dst_ip))
3043 return false;
3044
3045 return true;
3046 }
3047
3048 static void
3049 vxlan_fdb_flush_match_remotes(struct vxlan_fdb *f, struct vxlan_dev *vxlan,
3050 const struct vxlan_fdb_flush_desc *desc,
3051 bool *p_destroy_fdb)
3052 {
3053 bool remotes_flushed = false;
3054 struct vxlan_rdst *rd, *tmp;
3055
3056 list_for_each_entry_safe(rd, tmp, &f->remotes, list) {
3057 if (!vxlan_fdb_flush_remote_matches(desc, rd))
3058 continue;
3059
3060 vxlan_fdb_dst_destroy(vxlan, f, rd, true);
3061 remotes_flushed = true;
3062 }
3063
3064 *p_destroy_fdb = remotes_flushed && list_empty(&f->remotes);
3065 }
3066
3067 /* Purge the forwarding table */
3068 static void vxlan_flush(struct vxlan_dev *vxlan,
3069 const struct vxlan_fdb_flush_desc *desc)
3070 {
3071 bool match_remotes = vxlan_fdb_flush_should_match_remotes(desc);
3072 unsigned int h;
3073
3074 for (h = 0; h < FDB_HASH_SIZE; ++h) {
3075 struct hlist_node *p, *n;
3076
3077 spin_lock_bh(&vxlan->hash_lock[h]);
3078 hlist_for_each_safe(p, n, &vxlan->fdb_head[h]) {
3079 struct vxlan_fdb *f
3080 = container_of(p, struct vxlan_fdb, hlist);
3081
3082 if (!vxlan_fdb_flush_matches(f, vxlan, desc))
3083 continue;
3084
3085 if (match_remotes) {
3086 bool destroy_fdb = false;
3087
3088 vxlan_fdb_flush_match_remotes(f, vxlan, desc,
3089 &destroy_fdb);
3090
3091 if (!destroy_fdb)
3092 continue;
3093 }
3094
3095 vxlan_fdb_destroy(vxlan, f, true, true);
3096 }
3097 spin_unlock_bh(&vxlan->hash_lock[h]);
3098 }
3099 }
3100
3101 static const struct nla_policy vxlan_del_bulk_policy[NDA_MAX + 1] = {
3102 [NDA_SRC_VNI] = { .type = NLA_U32 },
3103 [NDA_NH_ID] = { .type = NLA_U32 },
3104 [NDA_VNI] = { .type = NLA_U32 },
3105 [NDA_PORT] = { .type = NLA_U16 },
3106 [NDA_DST] = NLA_POLICY_RANGE(NLA_BINARY, sizeof(struct in_addr),
3107 sizeof(struct in6_addr)),
3108 [NDA_NDM_STATE_MASK] = { .type = NLA_U16 },
3109 [NDA_NDM_FLAGS_MASK] = { .type = NLA_U8 },
3110 };
3111
3112 #define VXLAN_FDB_FLUSH_IGNORED_NDM_FLAGS (NTF_MASTER | NTF_SELF)
3113 #define VXLAN_FDB_FLUSH_ALLOWED_NDM_STATES (NUD_PERMANENT | NUD_NOARP)
3114 #define VXLAN_FDB_FLUSH_ALLOWED_NDM_FLAGS (NTF_EXT_LEARNED | NTF_OFFLOADED | \
3115 NTF_ROUTER)
3116
3117 static int vxlan_fdb_delete_bulk(struct nlmsghdr *nlh, struct net_device *dev,
3118 struct netlink_ext_ack *extack)
3119 {
3120 struct vxlan_dev *vxlan = netdev_priv(dev);
3121 struct vxlan_fdb_flush_desc desc = {};
3122 struct ndmsg *ndm = nlmsg_data(nlh);
3123 struct nlattr *tb[NDA_MAX + 1];
3124 u8 ndm_flags;
3125 int err;
3126
3127 ndm_flags = ndm->ndm_flags & ~VXLAN_FDB_FLUSH_IGNORED_NDM_FLAGS;
3128
3129 err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, vxlan_del_bulk_policy,
3130 extack);
3131 if (err)
3132 return err;
3133
3134 if (ndm_flags & ~VXLAN_FDB_FLUSH_ALLOWED_NDM_FLAGS) {
3135 NL_SET_ERR_MSG(extack, "Unsupported fdb flush ndm flag bits set");
3136 return -EINVAL;
3137 }
3138 if (ndm->ndm_state & ~VXLAN_FDB_FLUSH_ALLOWED_NDM_STATES) {
3139 NL_SET_ERR_MSG(extack, "Unsupported fdb flush ndm state bits set");
3140 return -EINVAL;
3141 }
3142
3143 desc.state = ndm->ndm_state;
3144 desc.flags = ndm_flags;
3145
3146 if (tb[NDA_NDM_STATE_MASK])
3147 desc.state_mask = nla_get_u16(tb[NDA_NDM_STATE_MASK]);
3148
3149 if (tb[NDA_NDM_FLAGS_MASK])
3150 desc.flags_mask = nla_get_u8(tb[NDA_NDM_FLAGS_MASK]);
3151
3152 if (tb[NDA_SRC_VNI])
3153 desc.src_vni = cpu_to_be32(nla_get_u32(tb[NDA_SRC_VNI]));
3154
3155 if (tb[NDA_NH_ID])
3156 desc.nhid = nla_get_u32(tb[NDA_NH_ID]);
3157
3158 if (tb[NDA_VNI])
3159 desc.vni = cpu_to_be32(nla_get_u32(tb[NDA_VNI]));
3160
3161 if (tb[NDA_PORT])
3162 desc.port = nla_get_be16(tb[NDA_PORT]);
3163
3164 if (tb[NDA_DST]) {
3165 union vxlan_addr ip;
3166
3167 err = vxlan_nla_get_addr(&ip, tb[NDA_DST]);
3168 if (err) {
3169 NL_SET_ERR_MSG_ATTR(extack, tb[NDA_DST],
3170 "Unsupported address family");
3171 return err;
3172 }
3173 desc.dst_ip = ip;
3174 }
3175
3176 vxlan_flush(vxlan, &desc);
3177
3178 return 0;
3179 }
3180
3181 /* Cleanup timer and forwarding table on shutdown */
3182 static int vxlan_stop(struct net_device *dev)
3183 {
3184 struct vxlan_dev *vxlan = netdev_priv(dev);
3185 struct vxlan_fdb_flush_desc desc = {
3186 /* Default entry is deleted at vxlan_uninit. */
3187 .ignore_default_entry = true,
3188 .state = 0,
3189 .state_mask = NUD_PERMANENT | NUD_NOARP,
3190 };
3191
3192 vxlan_multicast_leave(vxlan);
3193
3194 del_timer_sync(&vxlan->age_timer);
3195
3196 vxlan_flush(vxlan, &desc);
3197 vxlan_sock_release(vxlan);
3198
3199 return 0;
3200 }
3201
3202 /* Stub, nothing needs to be done. */
3203 static void vxlan_set_multicast_list(struct net_device *dev)
3204 {
3205 }
3206
3207 static int vxlan_change_mtu(struct net_device *dev, int new_mtu)
3208 {
3209 struct vxlan_dev *vxlan = netdev_priv(dev);
3210 struct vxlan_rdst *dst = &vxlan->default_dst;
3211 struct net_device *lowerdev = __dev_get_by_index(vxlan->net,
3212 dst->remote_ifindex);
3213
3214 /* This check is different than dev->max_mtu, because it looks at
3215 * the lowerdev->mtu, rather than the static dev->max_mtu
3216 */
3217 if (lowerdev) {
3218 int max_mtu = lowerdev->mtu - vxlan_headroom(vxlan->cfg.flags);
3219 if (new_mtu > max_mtu)
3220 return -EINVAL;
3221 }
3222
3223 WRITE_ONCE(dev->mtu, new_mtu);
3224 return 0;
3225 }
3226
3227 static int vxlan_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
3228 {
3229 struct vxlan_dev *vxlan = netdev_priv(dev);
3230 struct ip_tunnel_info *info = skb_tunnel_info(skb);
3231 __be16 sport, dport;
3232
3233 sport = udp_flow_src_port(dev_net(dev), skb, vxlan->cfg.port_min,
3234 vxlan->cfg.port_max, true);
3235 dport = info->key.tp_dst ? : vxlan->cfg.dst_port;
3236
3237 if (ip_tunnel_info_af(info) == AF_INET) {
3238 struct vxlan_sock *sock4 = rcu_dereference(vxlan->vn4_sock);
3239 struct rtable *rt;
3240
3241 if (!sock4)
3242 return -EIO;
3243
3244 rt = udp_tunnel_dst_lookup(skb, dev, vxlan->net, 0,
3245 &info->key.u.ipv4.src,
3246 &info->key,
3247 sport, dport, info->key.tos,
3248 &info->dst_cache);
3249 if (IS_ERR(rt))
3250 return PTR_ERR(rt);
3251 ip_rt_put(rt);
3252 } else {
3253 #if IS_ENABLED(CONFIG_IPV6)
3254 struct vxlan_sock *sock6 = rcu_dereference(vxlan->vn6_sock);
3255 struct dst_entry *ndst;
3256
3257 if (!sock6)
3258 return -EIO;
3259
3260 ndst = udp_tunnel6_dst_lookup(skb, dev, vxlan->net, sock6->sock,
3261 0, &info->key.u.ipv6.src,
3262 &info->key,
3263 sport, dport, info->key.tos,
3264 &info->dst_cache);
3265 if (IS_ERR(ndst))
3266 return PTR_ERR(ndst);
3267 dst_release(ndst);
3268 #else /* !CONFIG_IPV6 */
3269 return -EPFNOSUPPORT;
3270 #endif
3271 }
3272 info->key.tp_src = sport;
3273 info->key.tp_dst = dport;
3274 return 0;
3275 }
3276
3277 static const struct net_device_ops vxlan_netdev_ether_ops = {
3278 .ndo_init = vxlan_init,
3279 .ndo_uninit = vxlan_uninit,
3280 .ndo_open = vxlan_open,
3281 .ndo_stop = vxlan_stop,
3282 .ndo_start_xmit = vxlan_xmit,
3283 .ndo_set_rx_mode = vxlan_set_multicast_list,
3284 .ndo_change_mtu = vxlan_change_mtu,
3285 .ndo_validate_addr = eth_validate_addr,
3286 .ndo_set_mac_address = eth_mac_addr,
3287 .ndo_fdb_add = vxlan_fdb_add,
3288 .ndo_fdb_del = vxlan_fdb_delete,
3289 .ndo_fdb_del_bulk = vxlan_fdb_delete_bulk,
3290 .ndo_fdb_dump = vxlan_fdb_dump,
3291 .ndo_fdb_get = vxlan_fdb_get,
3292 .ndo_mdb_add = vxlan_mdb_add,
3293 .ndo_mdb_del = vxlan_mdb_del,
3294 .ndo_mdb_del_bulk = vxlan_mdb_del_bulk,
3295 .ndo_mdb_dump = vxlan_mdb_dump,
3296 .ndo_mdb_get = vxlan_mdb_get,
3297 .ndo_fill_metadata_dst = vxlan_fill_metadata_dst,
3298 };
3299
3300 static const struct net_device_ops vxlan_netdev_raw_ops = {
3301 .ndo_init = vxlan_init,
3302 .ndo_uninit = vxlan_uninit,
3303 .ndo_open = vxlan_open,
3304 .ndo_stop = vxlan_stop,
3305 .ndo_start_xmit = vxlan_xmit,
3306 .ndo_change_mtu = vxlan_change_mtu,
3307 .ndo_fill_metadata_dst = vxlan_fill_metadata_dst,
3308 };
3309
3310 /* Info for udev, that this is a virtual tunnel endpoint */
3311 static const struct device_type vxlan_type = {
3312 .name = "vxlan",
3313 };
3314
3315 /* Calls the ndo_udp_tunnel_add of the caller in order to
3316 * supply the listening VXLAN udp ports. Callers are expected
3317 * to implement the ndo_udp_tunnel_add.
3318 */
3319 static void vxlan_offload_rx_ports(struct net_device *dev, bool push)
3320 {
3321 struct vxlan_sock *vs;
3322 struct net *net = dev_net(dev);
3323 struct vxlan_net *vn = net_generic(net, vxlan_net_id);
3324 unsigned int i;
3325
3326 spin_lock(&vn->sock_lock);
3327 for (i = 0; i < PORT_HASH_SIZE; ++i) {
3328 hlist_for_each_entry_rcu(vs, &vn->sock_list[i], hlist) {
3329 unsigned short type;
3330
3331 if (vs->flags & VXLAN_F_GPE)
3332 type = UDP_TUNNEL_TYPE_VXLAN_GPE;
3333 else
3334 type = UDP_TUNNEL_TYPE_VXLAN;
3335
3336 if (push)
3337 udp_tunnel_push_rx_port(dev, vs->sock, type);
3338 else
3339 udp_tunnel_drop_rx_port(dev, vs->sock, type);
3340 }
3341 }
3342 spin_unlock(&vn->sock_lock);
3343 }
3344
3345 /* Initialize the device structure. */
3346 static void vxlan_setup(struct net_device *dev)
3347 {
3348 struct vxlan_dev *vxlan = netdev_priv(dev);
3349 unsigned int h;
3350
3351 eth_hw_addr_random(dev);
3352 ether_setup(dev);
3353
3354 dev->needs_free_netdev = true;
3355 SET_NETDEV_DEVTYPE(dev, &vxlan_type);
3356
3357 dev->features |= NETIF_F_SG | NETIF_F_HW_CSUM | NETIF_F_FRAGLIST;
3358 dev->features |= NETIF_F_RXCSUM;
3359 dev->features |= NETIF_F_GSO_SOFTWARE;
3360
3361 dev->vlan_features = dev->features;
3362 dev->hw_features |= NETIF_F_SG | NETIF_F_HW_CSUM | NETIF_F_FRAGLIST;
3363 dev->hw_features |= NETIF_F_RXCSUM;
3364 dev->hw_features |= NETIF_F_GSO_SOFTWARE;
3365 netif_keep_dst(dev);
3366 dev->priv_flags |= IFF_NO_QUEUE;
3367 dev->change_proto_down = true;
3368 dev->lltx = true;
3369
3370 /* MTU range: 68 - 65535 */
3371 dev->min_mtu = ETH_MIN_MTU;
3372 dev->max_mtu = ETH_MAX_MTU;
3373
3374 dev->pcpu_stat_type = NETDEV_PCPU_STAT_TSTATS;
3375 INIT_LIST_HEAD(&vxlan->next);
3376
3377 timer_setup(&vxlan->age_timer, vxlan_cleanup, TIMER_DEFERRABLE);
3378
3379 vxlan->dev = dev;
3380
3381 for (h = 0; h < FDB_HASH_SIZE; ++h) {
3382 spin_lock_init(&vxlan->hash_lock[h]);
3383 INIT_HLIST_HEAD(&vxlan->fdb_head[h]);
3384 }
3385 }
3386
3387 static void vxlan_ether_setup(struct net_device *dev)
3388 {
3389 dev->priv_flags &= ~IFF_TX_SKB_SHARING;
3390 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
3391 dev->netdev_ops = &vxlan_netdev_ether_ops;
3392 }
3393
3394 static void vxlan_raw_setup(struct net_device *dev)
3395 {
3396 dev->header_ops = NULL;
3397 dev->type = ARPHRD_NONE;
3398 dev->hard_header_len = 0;
3399 dev->addr_len = 0;
3400 dev->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
3401 dev->netdev_ops = &vxlan_netdev_raw_ops;
3402 }
3403
3404 static const struct nla_policy vxlan_policy[IFLA_VXLAN_MAX + 1] = {
3405 [IFLA_VXLAN_UNSPEC] = { .strict_start_type = IFLA_VXLAN_LOCALBYPASS },
3406 [IFLA_VXLAN_ID] = { .type = NLA_U32 },
3407 [IFLA_VXLAN_GROUP] = { .len = sizeof_field(struct iphdr, daddr) },
3408 [IFLA_VXLAN_GROUP6] = { .len = sizeof(struct in6_addr) },
3409 [IFLA_VXLAN_LINK] = { .type = NLA_U32 },
3410 [IFLA_VXLAN_LOCAL] = { .len = sizeof_field(struct iphdr, saddr) },
3411 [IFLA_VXLAN_LOCAL6] = { .len = sizeof(struct in6_addr) },
3412 [IFLA_VXLAN_TOS] = { .type = NLA_U8 },
3413 [IFLA_VXLAN_TTL] = { .type = NLA_U8 },
3414 [IFLA_VXLAN_LABEL] = { .type = NLA_U32 },
3415 [IFLA_VXLAN_LEARNING] = { .type = NLA_U8 },
3416 [IFLA_VXLAN_AGEING] = { .type = NLA_U32 },
3417 [IFLA_VXLAN_LIMIT] = { .type = NLA_U32 },
3418 [IFLA_VXLAN_PORT_RANGE] = { .len = sizeof(struct ifla_vxlan_port_range) },
3419 [IFLA_VXLAN_PROXY] = { .type = NLA_U8 },
3420 [IFLA_VXLAN_RSC] = { .type = NLA_U8 },
3421 [IFLA_VXLAN_L2MISS] = { .type = NLA_U8 },
3422 [IFLA_VXLAN_L3MISS] = { .type = NLA_U8 },
3423 [IFLA_VXLAN_COLLECT_METADATA] = { .type = NLA_U8 },
3424 [IFLA_VXLAN_PORT] = { .type = NLA_U16 },
3425 [IFLA_VXLAN_UDP_CSUM] = { .type = NLA_U8 },
3426 [IFLA_VXLAN_UDP_ZERO_CSUM6_TX] = { .type = NLA_U8 },
3427 [IFLA_VXLAN_UDP_ZERO_CSUM6_RX] = { .type = NLA_U8 },
3428 [IFLA_VXLAN_REMCSUM_TX] = { .type = NLA_U8 },
3429 [IFLA_VXLAN_REMCSUM_RX] = { .type = NLA_U8 },
3430 [IFLA_VXLAN_GBP] = { .type = NLA_FLAG, },
3431 [IFLA_VXLAN_GPE] = { .type = NLA_FLAG, },
3432 [IFLA_VXLAN_REMCSUM_NOPARTIAL] = { .type = NLA_FLAG },
3433 [IFLA_VXLAN_TTL_INHERIT] = { .type = NLA_FLAG },
3434 [IFLA_VXLAN_DF] = { .type = NLA_U8 },
3435 [IFLA_VXLAN_VNIFILTER] = { .type = NLA_U8 },
3436 [IFLA_VXLAN_LOCALBYPASS] = NLA_POLICY_MAX(NLA_U8, 1),
3437 [IFLA_VXLAN_LABEL_POLICY] = NLA_POLICY_MAX(NLA_U32, VXLAN_LABEL_MAX),
3438 };
3439
3440 static int vxlan_validate(struct nlattr *tb[], struct nlattr *data[],
3441 struct netlink_ext_ack *extack)
3442 {
3443 if (tb[IFLA_ADDRESS]) {
3444 if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) {
3445 NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_ADDRESS],
3446 "Provided link layer address is not Ethernet");
3447 return -EINVAL;
3448 }
3449
3450 if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) {
3451 NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_ADDRESS],
3452 "Provided Ethernet address is not unicast");
3453 return -EADDRNOTAVAIL;
3454 }
3455 }
3456
3457 if (tb[IFLA_MTU]) {
3458 u32 mtu = nla_get_u32(tb[IFLA_MTU]);
3459
3460 if (mtu < ETH_MIN_MTU || mtu > ETH_MAX_MTU) {
3461 NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_MTU],
3462 "MTU must be between 68 and 65535");
3463 return -EINVAL;
3464 }
3465 }
3466
3467 if (!data) {
3468 NL_SET_ERR_MSG(extack,
3469 "Required attributes not provided to perform the operation");
3470 return -EINVAL;
3471 }
3472
3473 if (data[IFLA_VXLAN_ID]) {
3474 u32 id = nla_get_u32(data[IFLA_VXLAN_ID]);
3475
3476 if (id >= VXLAN_N_VID) {
3477 NL_SET_ERR_MSG_ATTR(extack, data[IFLA_VXLAN_ID],
3478 "VXLAN ID must be lower than 16777216");
3479 return -ERANGE;
3480 }
3481 }
3482
3483 if (data[IFLA_VXLAN_PORT_RANGE]) {
3484 const struct ifla_vxlan_port_range *p
3485 = nla_data(data[IFLA_VXLAN_PORT_RANGE]);
3486
3487 if (ntohs(p->high) < ntohs(p->low)) {
3488 NL_SET_ERR_MSG_ATTR(extack, data[IFLA_VXLAN_PORT_RANGE],
3489 "Invalid source port range");
3490 return -EINVAL;
3491 }
3492 }
3493
3494 if (data[IFLA_VXLAN_DF]) {
3495 enum ifla_vxlan_df df = nla_get_u8(data[IFLA_VXLAN_DF]);
3496
3497 if (df < 0 || df > VXLAN_DF_MAX) {
3498 NL_SET_ERR_MSG_ATTR(extack, data[IFLA_VXLAN_DF],
3499 "Invalid DF attribute");
3500 return -EINVAL;
3501 }
3502 }
3503
3504 return 0;
3505 }
3506
3507 static void vxlan_get_drvinfo(struct net_device *netdev,
3508 struct ethtool_drvinfo *drvinfo)
3509 {
3510 strscpy(drvinfo->version, VXLAN_VERSION, sizeof(drvinfo->version));
3511 strscpy(drvinfo->driver, "vxlan", sizeof(drvinfo->driver));
3512 }
3513
3514 static int vxlan_get_link_ksettings(struct net_device *dev,
3515 struct ethtool_link_ksettings *cmd)
3516 {
3517 struct vxlan_dev *vxlan = netdev_priv(dev);
3518 struct vxlan_rdst *dst = &vxlan->default_dst;
3519 struct net_device *lowerdev = __dev_get_by_index(vxlan->net,
3520 dst->remote_ifindex);
3521
3522 if (!lowerdev) {
3523 cmd->base.duplex = DUPLEX_UNKNOWN;
3524 cmd->base.port = PORT_OTHER;
3525 cmd->base.speed = SPEED_UNKNOWN;
3526
3527 return 0;
3528 }
3529
3530 return __ethtool_get_link_ksettings(lowerdev, cmd);
3531 }
3532
3533 static const struct ethtool_ops vxlan_ethtool_ops = {
3534 .get_drvinfo = vxlan_get_drvinfo,
3535 .get_link = ethtool_op_get_link,
3536 .get_link_ksettings = vxlan_get_link_ksettings,
3537 };
3538
3539 static struct socket *vxlan_create_sock(struct net *net, bool ipv6,
3540 __be16 port, u32 flags, int ifindex)
3541 {
3542 struct socket *sock;
3543 struct udp_port_cfg udp_conf;
3544 int err;
3545
3546 memset(&udp_conf, 0, sizeof(udp_conf));
3547
3548 if (ipv6) {
3549 udp_conf.family = AF_INET6;
3550 udp_conf.use_udp6_rx_checksums =
3551 !(flags & VXLAN_F_UDP_ZERO_CSUM6_RX);
3552 udp_conf.ipv6_v6only = 1;
3553 } else {
3554 udp_conf.family = AF_INET;
3555 }
3556
3557 udp_conf.local_udp_port = port;
3558 udp_conf.bind_ifindex = ifindex;
3559
3560 /* Open UDP socket */
3561 err = udp_sock_create(net, &udp_conf, &sock);
3562 if (err < 0)
3563 return ERR_PTR(err);
3564
3565 udp_allow_gso(sock->sk);
3566 return sock;
3567 }
3568
3569 /* Create new listen socket if needed */
3570 static struct vxlan_sock *vxlan_socket_create(struct net *net, bool ipv6,
3571 __be16 port, u32 flags,
3572 int ifindex)
3573 {
3574 struct vxlan_net *vn = net_generic(net, vxlan_net_id);
3575 struct vxlan_sock *vs;
3576 struct socket *sock;
3577 unsigned int h;
3578 struct udp_tunnel_sock_cfg tunnel_cfg;
3579
3580 vs = kzalloc(sizeof(*vs), GFP_KERNEL);
3581 if (!vs)
3582 return ERR_PTR(-ENOMEM);
3583
3584 for (h = 0; h < VNI_HASH_SIZE; ++h)
3585 INIT_HLIST_HEAD(&vs->vni_list[h]);
3586
3587 sock = vxlan_create_sock(net, ipv6, port, flags, ifindex);
3588 if (IS_ERR(sock)) {
3589 kfree(vs);
3590 return ERR_CAST(sock);
3591 }
3592
3593 vs->sock = sock;
3594 refcount_set(&vs->refcnt, 1);
3595 vs->flags = (flags & VXLAN_F_RCV_FLAGS);
3596
3597 spin_lock(&vn->sock_lock);
3598 hlist_add_head_rcu(&vs->hlist, vs_head(net, port));
3599 udp_tunnel_notify_add_rx_port(sock,
3600 (vs->flags & VXLAN_F_GPE) ?
3601 UDP_TUNNEL_TYPE_VXLAN_GPE :
3602 UDP_TUNNEL_TYPE_VXLAN);
3603 spin_unlock(&vn->sock_lock);
3604
3605 /* Mark socket as an encapsulation socket. */
3606 memset(&tunnel_cfg, 0, sizeof(tunnel_cfg));
3607 tunnel_cfg.sk_user_data = vs;
3608 tunnel_cfg.encap_type = 1;
3609 tunnel_cfg.encap_rcv = vxlan_rcv;
3610 tunnel_cfg.encap_err_lookup = vxlan_err_lookup;
3611 tunnel_cfg.encap_destroy = NULL;
3612 if (vs->flags & VXLAN_F_GPE) {
3613 tunnel_cfg.gro_receive = vxlan_gpe_gro_receive;
3614 tunnel_cfg.gro_complete = vxlan_gpe_gro_complete;
3615 } else {
3616 tunnel_cfg.gro_receive = vxlan_gro_receive;
3617 tunnel_cfg.gro_complete = vxlan_gro_complete;
3618 }
3619
3620 setup_udp_tunnel_sock(net, sock, &tunnel_cfg);
3621
3622 return vs;
3623 }
3624
3625 static int __vxlan_sock_add(struct vxlan_dev *vxlan, bool ipv6)
3626 {
3627 struct vxlan_net *vn = net_generic(vxlan->net, vxlan_net_id);
3628 bool metadata = vxlan->cfg.flags & VXLAN_F_COLLECT_METADATA;
3629 struct vxlan_sock *vs = NULL;
3630 struct vxlan_dev_node *node;
3631 int l3mdev_index = 0;
3632
3633 if (vxlan->cfg.remote_ifindex)
3634 l3mdev_index = l3mdev_master_upper_ifindex_by_index(
3635 vxlan->net, vxlan->cfg.remote_ifindex);
3636
3637 if (!vxlan->cfg.no_share) {
3638 spin_lock(&vn->sock_lock);
3639 vs = vxlan_find_sock(vxlan->net, ipv6 ? AF_INET6 : AF_INET,
3640 vxlan->cfg.dst_port, vxlan->cfg.flags,
3641 l3mdev_index);
3642 if (vs && !refcount_inc_not_zero(&vs->refcnt)) {
3643 spin_unlock(&vn->sock_lock);
3644 return -EBUSY;
3645 }
3646 spin_unlock(&vn->sock_lock);
3647 }
3648 if (!vs)
3649 vs = vxlan_socket_create(vxlan->net, ipv6,
3650 vxlan->cfg.dst_port, vxlan->cfg.flags,
3651 l3mdev_index);
3652 if (IS_ERR(vs))
3653 return PTR_ERR(vs);
3654 #if IS_ENABLED(CONFIG_IPV6)
3655 if (ipv6) {
3656 rcu_assign_pointer(vxlan->vn6_sock, vs);
3657 node = &vxlan->hlist6;
3658 } else
3659 #endif
3660 {
3661 rcu_assign_pointer(vxlan->vn4_sock, vs);
3662 node = &vxlan->hlist4;
3663 }
3664
3665 if (metadata && (vxlan->cfg.flags & VXLAN_F_VNIFILTER))
3666 vxlan_vs_add_vnigrp(vxlan, vs, ipv6);
3667 else
3668 vxlan_vs_add_dev(vs, vxlan, node);
3669
3670 return 0;
3671 }
3672
3673 static int vxlan_sock_add(struct vxlan_dev *vxlan)
3674 {
3675 bool metadata = vxlan->cfg.flags & VXLAN_F_COLLECT_METADATA;
3676 bool ipv6 = vxlan->cfg.flags & VXLAN_F_IPV6 || metadata;
3677 bool ipv4 = !ipv6 || metadata;
3678 int ret = 0;
3679
3680 RCU_INIT_POINTER(vxlan->vn4_sock, NULL);
3681 #if IS_ENABLED(CONFIG_IPV6)
3682 RCU_INIT_POINTER(vxlan->vn6_sock, NULL);
3683 if (ipv6) {
3684 ret = __vxlan_sock_add(vxlan, true);
3685 if (ret < 0 && ret != -EAFNOSUPPORT)
3686 ipv4 = false;
3687 }
3688 #endif
3689 if (ipv4)
3690 ret = __vxlan_sock_add(vxlan, false);
3691 if (ret < 0)
3692 vxlan_sock_release(vxlan);
3693 return ret;
3694 }
3695
3696 int vxlan_vni_in_use(struct net *src_net, struct vxlan_dev *vxlan,
3697 struct vxlan_config *conf, __be32 vni)
3698 {
3699 struct vxlan_net *vn = net_generic(src_net, vxlan_net_id);
3700 struct vxlan_dev *tmp;
3701
3702 list_for_each_entry(tmp, &vn->vxlan_list, next) {
3703 if (tmp == vxlan)
3704 continue;
3705 if (tmp->cfg.flags & VXLAN_F_VNIFILTER) {
3706 if (!vxlan_vnifilter_lookup(tmp, vni))
3707 continue;
3708 } else if (tmp->cfg.vni != vni) {
3709 continue;
3710 }
3711 if (tmp->cfg.dst_port != conf->dst_port)
3712 continue;
3713 if ((tmp->cfg.flags & (VXLAN_F_RCV_FLAGS | VXLAN_F_IPV6)) !=
3714 (conf->flags & (VXLAN_F_RCV_FLAGS | VXLAN_F_IPV6)))
3715 continue;
3716
3717 if ((conf->flags & VXLAN_F_IPV6_LINKLOCAL) &&
3718 tmp->cfg.remote_ifindex != conf->remote_ifindex)
3719 continue;
3720
3721 return -EEXIST;
3722 }
3723
3724 return 0;
3725 }
3726
3727 static int vxlan_config_validate(struct net *src_net, struct vxlan_config *conf,
3728 struct net_device **lower,
3729 struct vxlan_dev *old,
3730 struct netlink_ext_ack *extack)
3731 {
3732 bool use_ipv6 = false;
3733
3734 if (conf->flags & VXLAN_F_GPE) {
3735 /* For now, allow GPE only together with
3736 * COLLECT_METADATA. This can be relaxed later; in such
3737 * case, the other side of the PtP link will have to be
3738 * provided.
3739 */
3740 if ((conf->flags & ~VXLAN_F_ALLOWED_GPE) ||
3741 !(conf->flags & VXLAN_F_COLLECT_METADATA)) {
3742 NL_SET_ERR_MSG(extack,
3743 "VXLAN GPE does not support this combination of attributes");
3744 return -EINVAL;
3745 }
3746 }
3747
3748 if (!conf->remote_ip.sa.sa_family && !conf->saddr.sa.sa_family) {
3749 /* Unless IPv6 is explicitly requested, assume IPv4 */
3750 conf->remote_ip.sa.sa_family = AF_INET;
3751 conf->saddr.sa.sa_family = AF_INET;
3752 } else if (!conf->remote_ip.sa.sa_family) {
3753 conf->remote_ip.sa.sa_family = conf->saddr.sa.sa_family;
3754 } else if (!conf->saddr.sa.sa_family) {
3755 conf->saddr.sa.sa_family = conf->remote_ip.sa.sa_family;
3756 }
3757
3758 if (conf->saddr.sa.sa_family != conf->remote_ip.sa.sa_family) {
3759 NL_SET_ERR_MSG(extack,
3760 "Local and remote address must be from the same family");
3761 return -EINVAL;
3762 }
3763
3764 if (vxlan_addr_multicast(&conf->saddr)) {
3765 NL_SET_ERR_MSG(extack, "Local address cannot be multicast");
3766 return -EINVAL;
3767 }
3768
3769 if (conf->saddr.sa.sa_family == AF_INET6) {
3770 if (!IS_ENABLED(CONFIG_IPV6)) {
3771 NL_SET_ERR_MSG(extack,
3772 "IPv6 support not enabled in the kernel");
3773 return -EPFNOSUPPORT;
3774 }
3775 use_ipv6 = true;
3776 conf->flags |= VXLAN_F_IPV6;
3777
3778 if (!(conf->flags & VXLAN_F_COLLECT_METADATA)) {
3779 int local_type =
3780 ipv6_addr_type(&conf->saddr.sin6.sin6_addr);
3781 int remote_type =
3782 ipv6_addr_type(&conf->remote_ip.sin6.sin6_addr);
3783
3784 if (local_type & IPV6_ADDR_LINKLOCAL) {
3785 if (!(remote_type & IPV6_ADDR_LINKLOCAL) &&
3786 (remote_type != IPV6_ADDR_ANY)) {
3787 NL_SET_ERR_MSG(extack,
3788 "Invalid combination of local and remote address scopes");
3789 return -EINVAL;
3790 }
3791
3792 conf->flags |= VXLAN_F_IPV6_LINKLOCAL;
3793 } else {
3794 if (remote_type ==
3795 (IPV6_ADDR_UNICAST | IPV6_ADDR_LINKLOCAL)) {
3796 NL_SET_ERR_MSG(extack,
3797 "Invalid combination of local and remote address scopes");
3798 return -EINVAL;
3799 }
3800
3801 conf->flags &= ~VXLAN_F_IPV6_LINKLOCAL;
3802 }
3803 }
3804 }
3805
3806 if (conf->label && !use_ipv6) {
3807 NL_SET_ERR_MSG(extack,
3808 "Label attribute only applies to IPv6 VXLAN devices");
3809 return -EINVAL;
3810 }
3811
3812 if (conf->label_policy && !use_ipv6) {
3813 NL_SET_ERR_MSG(extack,
3814 "Label policy only applies to IPv6 VXLAN devices");
3815 return -EINVAL;
3816 }
3817
3818 if (conf->remote_ifindex) {
3819 struct net_device *lowerdev;
3820
3821 lowerdev = __dev_get_by_index(src_net, conf->remote_ifindex);
3822 if (!lowerdev) {
3823 NL_SET_ERR_MSG(extack,
3824 "Invalid local interface, device not found");
3825 return -ENODEV;
3826 }
3827
3828 #if IS_ENABLED(CONFIG_IPV6)
3829 if (use_ipv6) {
3830 struct inet6_dev *idev = __in6_dev_get(lowerdev);
3831
3832 if (idev && idev->cnf.disable_ipv6) {
3833 NL_SET_ERR_MSG(extack,
3834 "IPv6 support disabled by administrator");
3835 return -EPERM;
3836 }
3837 }
3838 #endif
3839
3840 *lower = lowerdev;
3841 } else {
3842 if (vxlan_addr_multicast(&conf->remote_ip)) {
3843 NL_SET_ERR_MSG(extack,
3844 "Local interface required for multicast remote destination");
3845
3846 return -EINVAL;
3847 }
3848
3849 #if IS_ENABLED(CONFIG_IPV6)
3850 if (conf->flags & VXLAN_F_IPV6_LINKLOCAL) {
3851 NL_SET_ERR_MSG(extack,
3852 "Local interface required for link-local local/remote addresses");
3853 return -EINVAL;
3854 }
3855 #endif
3856
3857 *lower = NULL;
3858 }
3859
3860 if (!conf->dst_port) {
3861 if (conf->flags & VXLAN_F_GPE)
3862 conf->dst_port = htons(IANA_VXLAN_GPE_UDP_PORT);
3863 else
3864 conf->dst_port = htons(vxlan_port);
3865 }
3866
3867 if (!conf->age_interval)
3868 conf->age_interval = FDB_AGE_DEFAULT;
3869
3870 if (vxlan_vni_in_use(src_net, old, conf, conf->vni)) {
3871 NL_SET_ERR_MSG(extack,
3872 "A VXLAN device with the specified VNI already exists");
3873 return -EEXIST;
3874 }
3875
3876 return 0;
3877 }
3878
3879 static void vxlan_config_apply(struct net_device *dev,
3880 struct vxlan_config *conf,
3881 struct net_device *lowerdev,
3882 struct net *src_net,
3883 bool changelink)
3884 {
3885 struct vxlan_dev *vxlan = netdev_priv(dev);
3886 struct vxlan_rdst *dst = &vxlan->default_dst;
3887 unsigned short needed_headroom = ETH_HLEN;
3888 int max_mtu = ETH_MAX_MTU;
3889 u32 flags = conf->flags;
3890
3891 if (!changelink) {
3892 if (flags & VXLAN_F_GPE)
3893 vxlan_raw_setup(dev);
3894 else
3895 vxlan_ether_setup(dev);
3896
3897 if (conf->mtu)
3898 dev->mtu = conf->mtu;
3899
3900 vxlan->net = src_net;
3901 }
3902
3903 dst->remote_vni = conf->vni;
3904
3905 memcpy(&dst->remote_ip, &conf->remote_ip, sizeof(conf->remote_ip));
3906
3907 if (lowerdev) {
3908 dst->remote_ifindex = conf->remote_ifindex;
3909
3910 netif_inherit_tso_max(dev, lowerdev);
3911
3912 needed_headroom = lowerdev->hard_header_len;
3913 needed_headroom += lowerdev->needed_headroom;
3914
3915 dev->needed_tailroom = lowerdev->needed_tailroom;
3916
3917 max_mtu = lowerdev->mtu - vxlan_headroom(flags);
3918 if (max_mtu < ETH_MIN_MTU)
3919 max_mtu = ETH_MIN_MTU;
3920
3921 if (!changelink && !conf->mtu)
3922 dev->mtu = max_mtu;
3923 }
3924
3925 if (dev->mtu > max_mtu)
3926 dev->mtu = max_mtu;
3927
3928 if (flags & VXLAN_F_COLLECT_METADATA)
3929 flags |= VXLAN_F_IPV6;
3930 needed_headroom += vxlan_headroom(flags);
3931 dev->needed_headroom = needed_headroom;
3932
3933 memcpy(&vxlan->cfg, conf, sizeof(*conf));
3934 }
3935
3936 static int vxlan_dev_configure(struct net *src_net, struct net_device *dev,
3937 struct vxlan_config *conf, bool changelink,
3938 struct netlink_ext_ack *extack)
3939 {
3940 struct vxlan_dev *vxlan = netdev_priv(dev);
3941 struct net_device *lowerdev;
3942 int ret;
3943
3944 ret = vxlan_config_validate(src_net, conf, &lowerdev, vxlan, extack);
3945 if (ret)
3946 return ret;
3947
3948 vxlan_config_apply(dev, conf, lowerdev, src_net, changelink);
3949
3950 return 0;
3951 }
3952
3953 static int __vxlan_dev_create(struct net *net, struct net_device *dev,
3954 struct vxlan_config *conf,
3955 struct netlink_ext_ack *extack)
3956 {
3957 struct vxlan_net *vn = net_generic(net, vxlan_net_id);
3958 struct vxlan_dev *vxlan = netdev_priv(dev);
3959 struct net_device *remote_dev = NULL;
3960 struct vxlan_fdb *f = NULL;
3961 bool unregister = false;
3962 struct vxlan_rdst *dst;
3963 int err;
3964
3965 dst = &vxlan->default_dst;
3966 err = vxlan_dev_configure(net, dev, conf, false, extack);
3967 if (err)
3968 return err;
3969
3970 dev->ethtool_ops = &vxlan_ethtool_ops;
3971
3972 /* create an fdb entry for a valid default destination */
3973 if (!vxlan_addr_any(&dst->remote_ip)) {
3974 err = vxlan_fdb_create(vxlan, all_zeros_mac,
3975 &dst->remote_ip,
3976 NUD_REACHABLE | NUD_PERMANENT,
3977 vxlan->cfg.dst_port,
3978 dst->remote_vni,
3979 dst->remote_vni,
3980 dst->remote_ifindex,
3981 NTF_SELF, 0, &f, extack);
3982 if (err)
3983 return err;
3984 }
3985
3986 err = register_netdevice(dev);
3987 if (err)
3988 goto errout;
3989 unregister = true;
3990
3991 if (dst->remote_ifindex) {
3992 remote_dev = __dev_get_by_index(net, dst->remote_ifindex);
3993 if (!remote_dev) {
3994 err = -ENODEV;
3995 goto errout;
3996 }
3997
3998 err = netdev_upper_dev_link(remote_dev, dev, extack);
3999 if (err)
4000 goto errout;
4001 }
4002
4003 err = rtnl_configure_link(dev, NULL, 0, NULL);
4004 if (err < 0)
4005 goto unlink;
4006
4007 if (f) {
4008 vxlan_fdb_insert(vxlan, all_zeros_mac, dst->remote_vni, f);
4009
4010 /* notify default fdb entry */
4011 err = vxlan_fdb_notify(vxlan, f, first_remote_rtnl(f),
4012 RTM_NEWNEIGH, true, extack);
4013 if (err) {
4014 vxlan_fdb_destroy(vxlan, f, false, false);
4015 if (remote_dev)
4016 netdev_upper_dev_unlink(remote_dev, dev);
4017 goto unregister;
4018 }
4019 }
4020
4021 list_add(&vxlan->next, &vn->vxlan_list);
4022 if (remote_dev)
4023 dst->remote_dev = remote_dev;
4024 return 0;
4025 unlink:
4026 if (remote_dev)
4027 netdev_upper_dev_unlink(remote_dev, dev);
4028 errout:
4029 /* unregister_netdevice() destroys the default FDB entry with deletion
4030 * notification. But the addition notification was not sent yet, so
4031 * destroy the entry by hand here.
4032 */
4033 if (f)
4034 __vxlan_fdb_free(f);
4035 unregister:
4036 if (unregister)
4037 unregister_netdevice(dev);
4038 return err;
4039 }
4040
4041 /* Set/clear flags based on attribute */
4042 static int vxlan_nl2flag(struct vxlan_config *conf, struct nlattr *tb[],
4043 int attrtype, unsigned long mask, bool changelink,
4044 bool changelink_supported,
4045 struct netlink_ext_ack *extack)
4046 {
4047 unsigned long flags;
4048
4049 if (!tb[attrtype])
4050 return 0;
4051
4052 if (changelink && !changelink_supported) {
4053 vxlan_flag_attr_error(attrtype, extack);
4054 return -EOPNOTSUPP;
4055 }
4056
4057 if (vxlan_policy[attrtype].type == NLA_FLAG)
4058 flags = conf->flags | mask;
4059 else if (nla_get_u8(tb[attrtype]))
4060 flags = conf->flags | mask;
4061 else
4062 flags = conf->flags & ~mask;
4063
4064 conf->flags = flags;
4065
4066 return 0;
4067 }
4068
4069 static int vxlan_nl2conf(struct nlattr *tb[], struct nlattr *data[],
4070 struct net_device *dev, struct vxlan_config *conf,
4071 bool changelink, struct netlink_ext_ack *extack)
4072 {
4073 struct vxlan_dev *vxlan = netdev_priv(dev);
4074 int err = 0;
4075
4076 memset(conf, 0, sizeof(*conf));
4077
4078 /* if changelink operation, start with old existing cfg */
4079 if (changelink)
4080 memcpy(conf, &vxlan->cfg, sizeof(*conf));
4081
4082 if (data[IFLA_VXLAN_ID]) {
4083 __be32 vni = cpu_to_be32(nla_get_u32(data[IFLA_VXLAN_ID]));
4084
4085 if (changelink && (vni != conf->vni)) {
4086 NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_VXLAN_ID], "Cannot change VNI");
4087 return -EOPNOTSUPP;
4088 }
4089 conf->vni = cpu_to_be32(nla_get_u32(data[IFLA_VXLAN_ID]));
4090 }
4091
4092 if (data[IFLA_VXLAN_GROUP]) {
4093 if (changelink && (conf->remote_ip.sa.sa_family != AF_INET)) {
4094 NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_VXLAN_GROUP], "New group address family does not match old group");
4095 return -EOPNOTSUPP;
4096 }
4097
4098 conf->remote_ip.sin.sin_addr.s_addr = nla_get_in_addr(data[IFLA_VXLAN_GROUP]);
4099 conf->remote_ip.sa.sa_family = AF_INET;
4100 } else if (data[IFLA_VXLAN_GROUP6]) {
4101 if (!IS_ENABLED(CONFIG_IPV6)) {
4102 NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_VXLAN_GROUP6], "IPv6 support not enabled in the kernel");
4103 return -EPFNOSUPPORT;
4104 }
4105
4106 if (changelink && (conf->remote_ip.sa.sa_family != AF_INET6)) {
4107 NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_VXLAN_GROUP6], "New group address family does not match old group");
4108 return -EOPNOTSUPP;
4109 }
4110
4111 conf->remote_ip.sin6.sin6_addr = nla_get_in6_addr(data[IFLA_VXLAN_GROUP6]);
4112 conf->remote_ip.sa.sa_family = AF_INET6;
4113 }
4114
4115 if (data[IFLA_VXLAN_LOCAL]) {
4116 if (changelink && (conf->saddr.sa.sa_family != AF_INET)) {
4117 NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_VXLAN_LOCAL], "New local address family does not match old");
4118 return -EOPNOTSUPP;
4119 }
4120
4121 conf->saddr.sin.sin_addr.s_addr = nla_get_in_addr(data[IFLA_VXLAN_LOCAL]);
4122 conf->saddr.sa.sa_family = AF_INET;
4123 } else if (data[IFLA_VXLAN_LOCAL6]) {
4124 if (!IS_ENABLED(CONFIG_IPV6)) {
4125 NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_VXLAN_LOCAL6], "IPv6 support not enabled in the kernel");
4126 return -EPFNOSUPPORT;
4127 }
4128
4129 if (changelink && (conf->saddr.sa.sa_family != AF_INET6)) {
4130 NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_VXLAN_LOCAL6], "New local address family does not match old");
4131 return -EOPNOTSUPP;
4132 }
4133
4134 /* TODO: respect scope id */
4135 conf->saddr.sin6.sin6_addr = nla_get_in6_addr(data[IFLA_VXLAN_LOCAL6]);
4136 conf->saddr.sa.sa_family = AF_INET6;
4137 }
4138
4139 if (data[IFLA_VXLAN_LINK])
4140 conf->remote_ifindex = nla_get_u32(data[IFLA_VXLAN_LINK]);
4141
4142 if (data[IFLA_VXLAN_TOS])
4143 conf->tos = nla_get_u8(data[IFLA_VXLAN_TOS]);
4144
4145 if (data[IFLA_VXLAN_TTL])
4146 conf->ttl = nla_get_u8(data[IFLA_VXLAN_TTL]);
4147
4148 if (data[IFLA_VXLAN_TTL_INHERIT]) {
4149 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_TTL_INHERIT,
4150 VXLAN_F_TTL_INHERIT, changelink, false,
4151 extack);
4152 if (err)
4153 return err;
4154
4155 }
4156
4157 if (data[IFLA_VXLAN_LABEL])
4158 conf->label = nla_get_be32(data[IFLA_VXLAN_LABEL]) &
4159 IPV6_FLOWLABEL_MASK;
4160 if (data[IFLA_VXLAN_LABEL_POLICY])
4161 conf->label_policy = nla_get_u32(data[IFLA_VXLAN_LABEL_POLICY]);
4162
4163 if (data[IFLA_VXLAN_LEARNING]) {
4164 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_LEARNING,
4165 VXLAN_F_LEARN, changelink, true,
4166 extack);
4167 if (err)
4168 return err;
4169 } else if (!changelink) {
4170 /* default to learn on a new device */
4171 conf->flags |= VXLAN_F_LEARN;
4172 }
4173
4174 if (data[IFLA_VXLAN_AGEING])
4175 conf->age_interval = nla_get_u32(data[IFLA_VXLAN_AGEING]);
4176
4177 if (data[IFLA_VXLAN_PROXY]) {
4178 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_PROXY,
4179 VXLAN_F_PROXY, changelink, false,
4180 extack);
4181 if (err)
4182 return err;
4183 }
4184
4185 if (data[IFLA_VXLAN_RSC]) {
4186 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_RSC,
4187 VXLAN_F_RSC, changelink, false,
4188 extack);
4189 if (err)
4190 return err;
4191 }
4192
4193 if (data[IFLA_VXLAN_L2MISS]) {
4194 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_L2MISS,
4195 VXLAN_F_L2MISS, changelink, false,
4196 extack);
4197 if (err)
4198 return err;
4199 }
4200
4201 if (data[IFLA_VXLAN_L3MISS]) {
4202 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_L3MISS,
4203 VXLAN_F_L3MISS, changelink, false,
4204 extack);
4205 if (err)
4206 return err;
4207 }
4208
4209 if (data[IFLA_VXLAN_LIMIT]) {
4210 if (changelink) {
4211 NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_VXLAN_LIMIT],
4212 "Cannot change limit");
4213 return -EOPNOTSUPP;
4214 }
4215 conf->addrmax = nla_get_u32(data[IFLA_VXLAN_LIMIT]);
4216 }
4217
4218 if (data[IFLA_VXLAN_COLLECT_METADATA]) {
4219 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_COLLECT_METADATA,
4220 VXLAN_F_COLLECT_METADATA, changelink, false,
4221 extack);
4222 if (err)
4223 return err;
4224 }
4225
4226 if (data[IFLA_VXLAN_PORT_RANGE]) {
4227 if (!changelink) {
4228 const struct ifla_vxlan_port_range *p
4229 = nla_data(data[IFLA_VXLAN_PORT_RANGE]);
4230 conf->port_min = ntohs(p->low);
4231 conf->port_max = ntohs(p->high);
4232 } else {
4233 NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_VXLAN_PORT_RANGE],
4234 "Cannot change port range");
4235 return -EOPNOTSUPP;
4236 }
4237 }
4238
4239 if (data[IFLA_VXLAN_PORT]) {
4240 if (changelink) {
4241 NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_VXLAN_PORT],
4242 "Cannot change port");
4243 return -EOPNOTSUPP;
4244 }
4245 conf->dst_port = nla_get_be16(data[IFLA_VXLAN_PORT]);
4246 }
4247
4248 if (data[IFLA_VXLAN_UDP_CSUM]) {
4249 if (changelink) {
4250 NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_VXLAN_UDP_CSUM],
4251 "Cannot change UDP_CSUM flag");
4252 return -EOPNOTSUPP;
4253 }
4254 if (!nla_get_u8(data[IFLA_VXLAN_UDP_CSUM]))
4255 conf->flags |= VXLAN_F_UDP_ZERO_CSUM_TX;
4256 }
4257
4258 if (data[IFLA_VXLAN_LOCALBYPASS]) {
4259 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_LOCALBYPASS,
4260 VXLAN_F_LOCALBYPASS, changelink,
4261 true, extack);
4262 if (err)
4263 return err;
4264 } else if (!changelink) {
4265 /* default to local bypass on a new device */
4266 conf->flags |= VXLAN_F_LOCALBYPASS;
4267 }
4268
4269 if (data[IFLA_VXLAN_UDP_ZERO_CSUM6_TX]) {
4270 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_UDP_ZERO_CSUM6_TX,
4271 VXLAN_F_UDP_ZERO_CSUM6_TX, changelink,
4272 false, extack);
4273 if (err)
4274 return err;
4275 }
4276
4277 if (data[IFLA_VXLAN_UDP_ZERO_CSUM6_RX]) {
4278 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_UDP_ZERO_CSUM6_RX,
4279 VXLAN_F_UDP_ZERO_CSUM6_RX, changelink,
4280 false, extack);
4281 if (err)
4282 return err;
4283 }
4284
4285 if (data[IFLA_VXLAN_REMCSUM_TX]) {
4286 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_REMCSUM_TX,
4287 VXLAN_F_REMCSUM_TX, changelink, false,
4288 extack);
4289 if (err)
4290 return err;
4291 }
4292
4293 if (data[IFLA_VXLAN_REMCSUM_RX]) {
4294 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_REMCSUM_RX,
4295 VXLAN_F_REMCSUM_RX, changelink, false,
4296 extack);
4297 if (err)
4298 return err;
4299 }
4300
4301 if (data[IFLA_VXLAN_GBP]) {
4302 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_GBP,
4303 VXLAN_F_GBP, changelink, false, extack);
4304 if (err)
4305 return err;
4306 }
4307
4308 if (data[IFLA_VXLAN_GPE]) {
4309 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_GPE,
4310 VXLAN_F_GPE, changelink, false,
4311 extack);
4312 if (err)
4313 return err;
4314 }
4315
4316 if (data[IFLA_VXLAN_REMCSUM_NOPARTIAL]) {
4317 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_REMCSUM_NOPARTIAL,
4318 VXLAN_F_REMCSUM_NOPARTIAL, changelink,
4319 false, extack);
4320 if (err)
4321 return err;
4322 }
4323
4324 if (tb[IFLA_MTU]) {
4325 if (changelink) {
4326 NL_SET_ERR_MSG_ATTR(extack, tb[IFLA_MTU],
4327 "Cannot change mtu");
4328 return -EOPNOTSUPP;
4329 }
4330 conf->mtu = nla_get_u32(tb[IFLA_MTU]);
4331 }
4332
4333 if (data[IFLA_VXLAN_DF])
4334 conf->df = nla_get_u8(data[IFLA_VXLAN_DF]);
4335
4336 if (data[IFLA_VXLAN_VNIFILTER]) {
4337 err = vxlan_nl2flag(conf, data, IFLA_VXLAN_VNIFILTER,
4338 VXLAN_F_VNIFILTER, changelink, false,
4339 extack);
4340 if (err)
4341 return err;
4342
4343 if ((conf->flags & VXLAN_F_VNIFILTER) &&
4344 !(conf->flags & VXLAN_F_COLLECT_METADATA)) {
4345 NL_SET_ERR_MSG_ATTR(extack, data[IFLA_VXLAN_VNIFILTER],
4346 "vxlan vnifilter only valid in collect metadata mode");
4347 return -EINVAL;
4348 }
4349 }
4350
4351 return 0;
4352 }
4353
4354 static int vxlan_newlink(struct net *src_net, struct net_device *dev,
4355 struct nlattr *tb[], struct nlattr *data[],
4356 struct netlink_ext_ack *extack)
4357 {
4358 struct vxlan_config conf;
4359 int err;
4360
4361 err = vxlan_nl2conf(tb, data, dev, &conf, false, extack);
4362 if (err)
4363 return err;
4364
4365 return __vxlan_dev_create(src_net, dev, &conf, extack);
4366 }
4367
4368 static int vxlan_changelink(struct net_device *dev, struct nlattr *tb[],
4369 struct nlattr *data[],
4370 struct netlink_ext_ack *extack)
4371 {
4372 struct vxlan_dev *vxlan = netdev_priv(dev);
4373 struct net_device *lowerdev;
4374 struct vxlan_config conf;
4375 struct vxlan_rdst *dst;
4376 int err;
4377
4378 dst = &vxlan->default_dst;
4379 err = vxlan_nl2conf(tb, data, dev, &conf, true, extack);
4380 if (err)
4381 return err;
4382
4383 err = vxlan_config_validate(vxlan->net, &conf, &lowerdev,
4384 vxlan, extack);
4385 if (err)
4386 return err;
4387
4388 if (dst->remote_dev == lowerdev)
4389 lowerdev = NULL;
4390
4391 err = netdev_adjacent_change_prepare(dst->remote_dev, lowerdev, dev,
4392 extack);
4393 if (err)
4394 return err;
4395
4396 /* handle default dst entry */
4397 if (!vxlan_addr_equal(&conf.remote_ip, &dst->remote_ip)) {
4398 u32 hash_index = fdb_head_index(vxlan, all_zeros_mac, conf.vni);
4399
4400 spin_lock_bh(&vxlan->hash_lock[hash_index]);
4401 if (!vxlan_addr_any(&conf.remote_ip)) {
4402 err = vxlan_fdb_update(vxlan, all_zeros_mac,
4403 &conf.remote_ip,
4404 NUD_REACHABLE | NUD_PERMANENT,
4405 NLM_F_APPEND | NLM_F_CREATE,
4406 vxlan->cfg.dst_port,
4407 conf.vni, conf.vni,
4408 conf.remote_ifindex,
4409 NTF_SELF, 0, true, extack);
4410 if (err) {
4411 spin_unlock_bh(&vxlan->hash_lock[hash_index]);
4412 netdev_adjacent_change_abort(dst->remote_dev,
4413 lowerdev, dev);
4414 return err;
4415 }
4416 }
4417 if (!vxlan_addr_any(&dst->remote_ip))
4418 __vxlan_fdb_delete(vxlan, all_zeros_mac,
4419 dst->remote_ip,
4420 vxlan->cfg.dst_port,
4421 dst->remote_vni,
4422 dst->remote_vni,
4423 dst->remote_ifindex,
4424 true);
4425 spin_unlock_bh(&vxlan->hash_lock[hash_index]);
4426
4427 /* If vni filtering device, also update fdb entries of
4428 * all vnis that were using default remote ip
4429 */
4430 if (vxlan->cfg.flags & VXLAN_F_VNIFILTER) {
4431 err = vxlan_vnilist_update_group(vxlan, &dst->remote_ip,
4432 &conf.remote_ip, extack);
4433 if (err) {
4434 netdev_adjacent_change_abort(dst->remote_dev,
4435 lowerdev, dev);
4436 return err;
4437 }
4438 }
4439 }
4440
4441 if (conf.age_interval != vxlan->cfg.age_interval)
4442 mod_timer(&vxlan->age_timer, jiffies);
4443
4444 netdev_adjacent_change_commit(dst->remote_dev, lowerdev, dev);
4445 if (lowerdev && lowerdev != dst->remote_dev)
4446 dst->remote_dev = lowerdev;
4447 vxlan_config_apply(dev, &conf, lowerdev, vxlan->net, true);
4448 return 0;
4449 }
4450
4451 static void vxlan_dellink(struct net_device *dev, struct list_head *head)
4452 {
4453 struct vxlan_dev *vxlan = netdev_priv(dev);
4454 struct vxlan_fdb_flush_desc desc = {
4455 /* Default entry is deleted at vxlan_uninit. */
4456 .ignore_default_entry = true,
4457 };
4458
4459 vxlan_flush(vxlan, &desc);
4460
4461 list_del(&vxlan->next);
4462 unregister_netdevice_queue(dev, head);
4463 if (vxlan->default_dst.remote_dev)
4464 netdev_upper_dev_unlink(vxlan->default_dst.remote_dev, dev);
4465 }
4466
4467 static size_t vxlan_get_size(const struct net_device *dev)
4468 {
4469 return nla_total_size(sizeof(__u32)) + /* IFLA_VXLAN_ID */
4470 nla_total_size(sizeof(struct in6_addr)) + /* IFLA_VXLAN_GROUP{6} */
4471 nla_total_size(sizeof(__u32)) + /* IFLA_VXLAN_LINK */
4472 nla_total_size(sizeof(struct in6_addr)) + /* IFLA_VXLAN_LOCAL{6} */
4473 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_TTL */
4474 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_TTL_INHERIT */
4475 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_TOS */
4476 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_DF */
4477 nla_total_size(sizeof(__be32)) + /* IFLA_VXLAN_LABEL */
4478 nla_total_size(sizeof(__u32)) + /* IFLA_VXLAN_LABEL_POLICY */
4479 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_LEARNING */
4480 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_PROXY */
4481 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_RSC */
4482 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_L2MISS */
4483 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_L3MISS */
4484 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_COLLECT_METADATA */
4485 nla_total_size(sizeof(__u32)) + /* IFLA_VXLAN_AGEING */
4486 nla_total_size(sizeof(__u32)) + /* IFLA_VXLAN_LIMIT */
4487 nla_total_size(sizeof(__be16)) + /* IFLA_VXLAN_PORT */
4488 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_UDP_CSUM */
4489 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_UDP_ZERO_CSUM6_TX */
4490 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_UDP_ZERO_CSUM6_RX */
4491 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_REMCSUM_TX */
4492 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_REMCSUM_RX */
4493 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_LOCALBYPASS */
4494 /* IFLA_VXLAN_PORT_RANGE */
4495 nla_total_size(sizeof(struct ifla_vxlan_port_range)) +
4496 nla_total_size(0) + /* IFLA_VXLAN_GBP */
4497 nla_total_size(0) + /* IFLA_VXLAN_GPE */
4498 nla_total_size(0) + /* IFLA_VXLAN_REMCSUM_NOPARTIAL */
4499 nla_total_size(sizeof(__u8)) + /* IFLA_VXLAN_VNIFILTER */
4500 0;
4501 }
4502
4503 static int vxlan_fill_info(struct sk_buff *skb, const struct net_device *dev)
4504 {
4505 const struct vxlan_dev *vxlan = netdev_priv(dev);
4506 const struct vxlan_rdst *dst = &vxlan->default_dst;
4507 struct ifla_vxlan_port_range ports = {
4508 .low = htons(vxlan->cfg.port_min),
4509 .high = htons(vxlan->cfg.port_max),
4510 };
4511
4512 if (nla_put_u32(skb, IFLA_VXLAN_ID, be32_to_cpu(dst->remote_vni)))
4513 goto nla_put_failure;
4514
4515 if (!vxlan_addr_any(&dst->remote_ip)) {
4516 if (dst->remote_ip.sa.sa_family == AF_INET) {
4517 if (nla_put_in_addr(skb, IFLA_VXLAN_GROUP,
4518 dst->remote_ip.sin.sin_addr.s_addr))
4519 goto nla_put_failure;
4520 #if IS_ENABLED(CONFIG_IPV6)
4521 } else {
4522 if (nla_put_in6_addr(skb, IFLA_VXLAN_GROUP6,
4523 &dst->remote_ip.sin6.sin6_addr))
4524 goto nla_put_failure;
4525 #endif
4526 }
4527 }
4528
4529 if (dst->remote_ifindex && nla_put_u32(skb, IFLA_VXLAN_LINK, dst->remote_ifindex))
4530 goto nla_put_failure;
4531
4532 if (!vxlan_addr_any(&vxlan->cfg.saddr)) {
4533 if (vxlan->cfg.saddr.sa.sa_family == AF_INET) {
4534 if (nla_put_in_addr(skb, IFLA_VXLAN_LOCAL,
4535 vxlan->cfg.saddr.sin.sin_addr.s_addr))
4536 goto nla_put_failure;
4537 #if IS_ENABLED(CONFIG_IPV6)
4538 } else {
4539 if (nla_put_in6_addr(skb, IFLA_VXLAN_LOCAL6,
4540 &vxlan->cfg.saddr.sin6.sin6_addr))
4541 goto nla_put_failure;
4542 #endif
4543 }
4544 }
4545
4546 if (nla_put_u8(skb, IFLA_VXLAN_TTL, vxlan->cfg.ttl) ||
4547 nla_put_u8(skb, IFLA_VXLAN_TTL_INHERIT,
4548 !!(vxlan->cfg.flags & VXLAN_F_TTL_INHERIT)) ||
4549 nla_put_u8(skb, IFLA_VXLAN_TOS, vxlan->cfg.tos) ||
4550 nla_put_u8(skb, IFLA_VXLAN_DF, vxlan->cfg.df) ||
4551 nla_put_be32(skb, IFLA_VXLAN_LABEL, vxlan->cfg.label) ||
4552 nla_put_u32(skb, IFLA_VXLAN_LABEL_POLICY, vxlan->cfg.label_policy) ||
4553 nla_put_u8(skb, IFLA_VXLAN_LEARNING,
4554 !!(vxlan->cfg.flags & VXLAN_F_LEARN)) ||
4555 nla_put_u8(skb, IFLA_VXLAN_PROXY,
4556 !!(vxlan->cfg.flags & VXLAN_F_PROXY)) ||
4557 nla_put_u8(skb, IFLA_VXLAN_RSC,
4558 !!(vxlan->cfg.flags & VXLAN_F_RSC)) ||
4559 nla_put_u8(skb, IFLA_VXLAN_L2MISS,
4560 !!(vxlan->cfg.flags & VXLAN_F_L2MISS)) ||
4561 nla_put_u8(skb, IFLA_VXLAN_L3MISS,
4562 !!(vxlan->cfg.flags & VXLAN_F_L3MISS)) ||
4563 nla_put_u8(skb, IFLA_VXLAN_COLLECT_METADATA,
4564 !!(vxlan->cfg.flags & VXLAN_F_COLLECT_METADATA)) ||
4565 nla_put_u32(skb, IFLA_VXLAN_AGEING, vxlan->cfg.age_interval) ||
4566 nla_put_u32(skb, IFLA_VXLAN_LIMIT, vxlan->cfg.addrmax) ||
4567 nla_put_be16(skb, IFLA_VXLAN_PORT, vxlan->cfg.dst_port) ||
4568 nla_put_u8(skb, IFLA_VXLAN_UDP_CSUM,
4569 !(vxlan->cfg.flags & VXLAN_F_UDP_ZERO_CSUM_TX)) ||
4570 nla_put_u8(skb, IFLA_VXLAN_UDP_ZERO_CSUM6_TX,
4571 !!(vxlan->cfg.flags & VXLAN_F_UDP_ZERO_CSUM6_TX)) ||
4572 nla_put_u8(skb, IFLA_VXLAN_UDP_ZERO_CSUM6_RX,
4573 !!(vxlan->cfg.flags & VXLAN_F_UDP_ZERO_CSUM6_RX)) ||
4574 nla_put_u8(skb, IFLA_VXLAN_REMCSUM_TX,
4575 !!(vxlan->cfg.flags & VXLAN_F_REMCSUM_TX)) ||
4576 nla_put_u8(skb, IFLA_VXLAN_REMCSUM_RX,
4577 !!(vxlan->cfg.flags & VXLAN_F_REMCSUM_RX)) ||
4578 nla_put_u8(skb, IFLA_VXLAN_LOCALBYPASS,
4579 !!(vxlan->cfg.flags & VXLAN_F_LOCALBYPASS)))
4580 goto nla_put_failure;
4581
4582 if (nla_put(skb, IFLA_VXLAN_PORT_RANGE, sizeof(ports), &ports))
4583 goto nla_put_failure;
4584
4585 if (vxlan->cfg.flags & VXLAN_F_GBP &&
4586 nla_put_flag(skb, IFLA_VXLAN_GBP))
4587 goto nla_put_failure;
4588
4589 if (vxlan->cfg.flags & VXLAN_F_GPE &&
4590 nla_put_flag(skb, IFLA_VXLAN_GPE))
4591 goto nla_put_failure;
4592
4593 if (vxlan->cfg.flags & VXLAN_F_REMCSUM_NOPARTIAL &&
4594 nla_put_flag(skb, IFLA_VXLAN_REMCSUM_NOPARTIAL))
4595 goto nla_put_failure;
4596
4597 if (vxlan->cfg.flags & VXLAN_F_VNIFILTER &&
4598 nla_put_u8(skb, IFLA_VXLAN_VNIFILTER,
4599 !!(vxlan->cfg.flags & VXLAN_F_VNIFILTER)))
4600 goto nla_put_failure;
4601
4602 return 0;
4603
4604 nla_put_failure:
4605 return -EMSGSIZE;
4606 }
4607
4608 static struct net *vxlan_get_link_net(const struct net_device *dev)
4609 {
4610 struct vxlan_dev *vxlan = netdev_priv(dev);
4611
4612 return READ_ONCE(vxlan->net);
4613 }
4614
4615 static struct rtnl_link_ops vxlan_link_ops __read_mostly = {
4616 .kind = "vxlan",
4617 .maxtype = IFLA_VXLAN_MAX,
4618 .policy = vxlan_policy,
4619 .priv_size = sizeof(struct vxlan_dev),
4620 .setup = vxlan_setup,
4621 .validate = vxlan_validate,
4622 .newlink = vxlan_newlink,
4623 .changelink = vxlan_changelink,
4624 .dellink = vxlan_dellink,
4625 .get_size = vxlan_get_size,
4626 .fill_info = vxlan_fill_info,
4627 .get_link_net = vxlan_get_link_net,
4628 };
4629
4630 struct net_device *vxlan_dev_create(struct net *net, const char *name,
4631 u8 name_assign_type,
4632 struct vxlan_config *conf)
4633 {
4634 struct nlattr *tb[IFLA_MAX + 1];
4635 struct net_device *dev;
4636 int err;
4637
4638 memset(&tb, 0, sizeof(tb));
4639
4640 dev = rtnl_create_link(net, name, name_assign_type,
4641 &vxlan_link_ops, tb, NULL);
4642 if (IS_ERR(dev))
4643 return dev;
4644
4645 err = __vxlan_dev_create(net, dev, conf, NULL);
4646 if (err < 0) {
4647 free_netdev(dev);
4648 return ERR_PTR(err);
4649 }
4650
4651 err = rtnl_configure_link(dev, NULL, 0, NULL);
4652 if (err < 0) {
4653 LIST_HEAD(list_kill);
4654
4655 vxlan_dellink(dev, &list_kill);
4656 unregister_netdevice_many(&list_kill);
4657 return ERR_PTR(err);
4658 }
4659
4660 return dev;
4661 }
4662 EXPORT_SYMBOL_GPL(vxlan_dev_create);
4663
4664 static void vxlan_handle_lowerdev_unregister(struct vxlan_net *vn,
4665 struct net_device *dev)
4666 {
4667 struct vxlan_dev *vxlan, *next;
4668 LIST_HEAD(list_kill);
4669
4670 list_for_each_entry_safe(vxlan, next, &vn->vxlan_list, next) {
4671 struct vxlan_rdst *dst = &vxlan->default_dst;
4672
4673 /* In case we created vxlan device with carrier
4674 * and we loose the carrier due to module unload
4675 * we also need to remove vxlan device. In other
4676 * cases, it's not necessary and remote_ifindex
4677 * is 0 here, so no matches.
4678 */
4679 if (dst->remote_ifindex == dev->ifindex)
4680 vxlan_dellink(vxlan->dev, &list_kill);
4681 }
4682
4683 unregister_netdevice_many(&list_kill);
4684 }
4685
4686 static int vxlan_netdevice_event(struct notifier_block *unused,
4687 unsigned long event, void *ptr)
4688 {
4689 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
4690 struct vxlan_net *vn = net_generic(dev_net(dev), vxlan_net_id);
4691
4692 if (event == NETDEV_UNREGISTER)
4693 vxlan_handle_lowerdev_unregister(vn, dev);
4694 else if (event == NETDEV_UDP_TUNNEL_PUSH_INFO)
4695 vxlan_offload_rx_ports(dev, true);
4696 else if (event == NETDEV_UDP_TUNNEL_DROP_INFO)
4697 vxlan_offload_rx_ports(dev, false);
4698
4699 return NOTIFY_DONE;
4700 }
4701
4702 static struct notifier_block vxlan_notifier_block __read_mostly = {
4703 .notifier_call = vxlan_netdevice_event,
4704 };
4705
4706 static void
4707 vxlan_fdb_offloaded_set(struct net_device *dev,
4708 struct switchdev_notifier_vxlan_fdb_info *fdb_info)
4709 {
4710 struct vxlan_dev *vxlan = netdev_priv(dev);
4711 struct vxlan_rdst *rdst;
4712 struct vxlan_fdb *f;
4713 u32 hash_index;
4714
4715 hash_index = fdb_head_index(vxlan, fdb_info->eth_addr, fdb_info->vni);
4716
4717 spin_lock_bh(&vxlan->hash_lock[hash_index]);
4718
4719 f = vxlan_find_mac(vxlan, fdb_info->eth_addr, fdb_info->vni);
4720 if (!f)
4721 goto out;
4722
4723 rdst = vxlan_fdb_find_rdst(f, &fdb_info->remote_ip,
4724 fdb_info->remote_port,
4725 fdb_info->remote_vni,
4726 fdb_info->remote_ifindex);
4727 if (!rdst)
4728 goto out;
4729
4730 rdst->offloaded = fdb_info->offloaded;
4731
4732 out:
4733 spin_unlock_bh(&vxlan->hash_lock[hash_index]);
4734 }
4735
4736 static int
4737 vxlan_fdb_external_learn_add(struct net_device *dev,
4738 struct switchdev_notifier_vxlan_fdb_info *fdb_info)
4739 {
4740 struct vxlan_dev *vxlan = netdev_priv(dev);
4741 struct netlink_ext_ack *extack;
4742 u32 hash_index;
4743 int err;
4744
4745 hash_index = fdb_head_index(vxlan, fdb_info->eth_addr, fdb_info->vni);
4746 extack = switchdev_notifier_info_to_extack(&fdb_info->info);
4747
4748 spin_lock_bh(&vxlan->hash_lock[hash_index]);
4749 err = vxlan_fdb_update(vxlan, fdb_info->eth_addr, &fdb_info->remote_ip,
4750 NUD_REACHABLE,
4751 NLM_F_CREATE | NLM_F_REPLACE,
4752 fdb_info->remote_port,
4753 fdb_info->vni,
4754 fdb_info->remote_vni,
4755 fdb_info->remote_ifindex,
4756 NTF_USE | NTF_SELF | NTF_EXT_LEARNED,
4757 0, false, extack);
4758 spin_unlock_bh(&vxlan->hash_lock[hash_index]);
4759
4760 return err;
4761 }
4762
4763 static int
4764 vxlan_fdb_external_learn_del(struct net_device *dev,
4765 struct switchdev_notifier_vxlan_fdb_info *fdb_info)
4766 {
4767 struct vxlan_dev *vxlan = netdev_priv(dev);
4768 struct vxlan_fdb *f;
4769 u32 hash_index;
4770 int err = 0;
4771
4772 hash_index = fdb_head_index(vxlan, fdb_info->eth_addr, fdb_info->vni);
4773 spin_lock_bh(&vxlan->hash_lock[hash_index]);
4774
4775 f = vxlan_find_mac(vxlan, fdb_info->eth_addr, fdb_info->vni);
4776 if (!f)
4777 err = -ENOENT;
4778 else if (f->flags & NTF_EXT_LEARNED)
4779 err = __vxlan_fdb_delete(vxlan, fdb_info->eth_addr,
4780 fdb_info->remote_ip,
4781 fdb_info->remote_port,
4782 fdb_info->vni,
4783 fdb_info->remote_vni,
4784 fdb_info->remote_ifindex,
4785 false);
4786
4787 spin_unlock_bh(&vxlan->hash_lock[hash_index]);
4788
4789 return err;
4790 }
4791
4792 static int vxlan_switchdev_event(struct notifier_block *unused,
4793 unsigned long event, void *ptr)
4794 {
4795 struct net_device *dev = switchdev_notifier_info_to_dev(ptr);
4796 struct switchdev_notifier_vxlan_fdb_info *fdb_info;
4797 int err = 0;
4798
4799 switch (event) {
4800 case SWITCHDEV_VXLAN_FDB_OFFLOADED:
4801 vxlan_fdb_offloaded_set(dev, ptr);
4802 break;
4803 case SWITCHDEV_VXLAN_FDB_ADD_TO_BRIDGE:
4804 fdb_info = ptr;
4805 err = vxlan_fdb_external_learn_add(dev, fdb_info);
4806 if (err) {
4807 err = notifier_from_errno(err);
4808 break;
4809 }
4810 fdb_info->offloaded = true;
4811 vxlan_fdb_offloaded_set(dev, fdb_info);
4812 break;
4813 case SWITCHDEV_VXLAN_FDB_DEL_TO_BRIDGE:
4814 fdb_info = ptr;
4815 err = vxlan_fdb_external_learn_del(dev, fdb_info);
4816 if (err) {
4817 err = notifier_from_errno(err);
4818 break;
4819 }
4820 fdb_info->offloaded = false;
4821 vxlan_fdb_offloaded_set(dev, fdb_info);
4822 break;
4823 }
4824
4825 return err;
4826 }
4827
4828 static struct notifier_block vxlan_switchdev_notifier_block __read_mostly = {
4829 .notifier_call = vxlan_switchdev_event,
4830 };
4831
4832 static void vxlan_fdb_nh_flush(struct nexthop *nh)
4833 {
4834 struct vxlan_fdb *fdb;
4835 struct vxlan_dev *vxlan;
4836 u32 hash_index;
4837
4838 rcu_read_lock();
4839 list_for_each_entry_rcu(fdb, &nh->fdb_list, nh_list) {
4840 vxlan = rcu_dereference(fdb->vdev);
4841 WARN_ON(!vxlan);
4842 hash_index = fdb_head_index(vxlan, fdb->eth_addr,
4843 vxlan->default_dst.remote_vni);
4844 spin_lock_bh(&vxlan->hash_lock[hash_index]);
4845 if (!hlist_unhashed(&fdb->hlist))
4846 vxlan_fdb_destroy(vxlan, fdb, false, false);
4847 spin_unlock_bh(&vxlan->hash_lock[hash_index]);
4848 }
4849 rcu_read_unlock();
4850 }
4851
4852 static int vxlan_nexthop_event(struct notifier_block *nb,
4853 unsigned long event, void *ptr)
4854 {
4855 struct nh_notifier_info *info = ptr;
4856 struct nexthop *nh;
4857
4858 if (event != NEXTHOP_EVENT_DEL)
4859 return NOTIFY_DONE;
4860
4861 nh = nexthop_find_by_id(info->net, info->id);
4862 if (!nh)
4863 return NOTIFY_DONE;
4864
4865 vxlan_fdb_nh_flush(nh);
4866
4867 return NOTIFY_DONE;
4868 }
4869
4870 static __net_init int vxlan_init_net(struct net *net)
4871 {
4872 struct vxlan_net *vn = net_generic(net, vxlan_net_id);
4873 unsigned int h;
4874
4875 INIT_LIST_HEAD(&vn->vxlan_list);
4876 spin_lock_init(&vn->sock_lock);
4877 vn->nexthop_notifier_block.notifier_call = vxlan_nexthop_event;
4878
4879 for (h = 0; h < PORT_HASH_SIZE; ++h)
4880 INIT_HLIST_HEAD(&vn->sock_list[h]);
4881
4882 return register_nexthop_notifier(net, &vn->nexthop_notifier_block,
4883 NULL);
4884 }
4885
4886 static void __net_exit vxlan_destroy_tunnels(struct vxlan_net *vn,
4887 struct list_head *dev_to_kill)
4888 {
4889 struct vxlan_dev *vxlan, *next;
4890
4891 list_for_each_entry_safe(vxlan, next, &vn->vxlan_list, next)
4892 vxlan_dellink(vxlan->dev, dev_to_kill);
4893 }
4894
4895 static void __net_exit vxlan_exit_batch_rtnl(struct list_head *net_list,
4896 struct list_head *dev_to_kill)
4897 {
4898 struct net *net;
4899
4900 ASSERT_RTNL();
4901 list_for_each_entry(net, net_list, exit_list) {
4902 struct vxlan_net *vn = net_generic(net, vxlan_net_id);
4903
4904 __unregister_nexthop_notifier(net, &vn->nexthop_notifier_block);
4905
4906 vxlan_destroy_tunnels(vn, dev_to_kill);
4907 }
4908 }
4909
4910 static void __net_exit vxlan_exit_net(struct net *net)
4911 {
4912 struct vxlan_net *vn = net_generic(net, vxlan_net_id);
4913 unsigned int h;
4914
4915 for (h = 0; h < PORT_HASH_SIZE; ++h)
4916 WARN_ON_ONCE(!hlist_empty(&vn->sock_list[h]));
4917 }
4918
4919 static struct pernet_operations vxlan_net_ops = {
4920 .init = vxlan_init_net,
4921 .exit_batch_rtnl = vxlan_exit_batch_rtnl,
4922 .exit = vxlan_exit_net,
4923 .id = &vxlan_net_id,
4924 .size = sizeof(struct vxlan_net),
4925 };
4926
4927 static int __init vxlan_init_module(void)
4928 {
4929 int rc;
4930
4931 get_random_bytes(&vxlan_salt, sizeof(vxlan_salt));
4932
4933 rc = register_pernet_subsys(&vxlan_net_ops);
4934 if (rc)
4935 goto out1;
4936
4937 rc = register_netdevice_notifier(&vxlan_notifier_block);
4938 if (rc)
4939 goto out2;
4940
4941 rc = register_switchdev_notifier(&vxlan_switchdev_notifier_block);
4942 if (rc)
4943 goto out3;
4944
4945 rc = rtnl_link_register(&vxlan_link_ops);
4946 if (rc)
4947 goto out4;
4948
4949 rc = vxlan_vnifilter_init();
4950 if (rc)
4951 goto out5;
4952
4953 return 0;
4954 out5:
4955 rtnl_link_unregister(&vxlan_link_ops);
4956 out4:
4957 unregister_switchdev_notifier(&vxlan_switchdev_notifier_block);
4958 out3:
4959 unregister_netdevice_notifier(&vxlan_notifier_block);
4960 out2:
4961 unregister_pernet_subsys(&vxlan_net_ops);
4962 out1:
4963 return rc;
4964 }
4965 late_initcall(vxlan_init_module);
4966
4967 static void __exit vxlan_cleanup_module(void)
4968 {
4969 vxlan_vnifilter_uninit();
4970 rtnl_link_unregister(&vxlan_link_ops);
4971 unregister_switchdev_notifier(&vxlan_switchdev_notifier_block);
4972 unregister_netdevice_notifier(&vxlan_notifier_block);
4973 unregister_pernet_subsys(&vxlan_net_ops);
4974 /* rcu_barrier() is called by netns */
4975 }
4976 module_exit(vxlan_cleanup_module);
4977
4978 MODULE_LICENSE("GPL");
4979 MODULE_VERSION(VXLAN_VERSION);
4980 MODULE_AUTHOR("Stephen Hemminger <stephen@networkplumber.org>");
4981 MODULE_DESCRIPTION("Driver for VXLAN encapsulated traffic");
4982 MODULE_ALIAS_RTNL_LINK("vxlan");
Kernel DRM miscellaneous fixes and cross-tree changes