search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'nfsd-5.2-2' of git://linux-nfs.org/~bfields/linux
[linux-2.6/linux-2.6-arm.git] / net / xfrm / xfrm_interface.c
blobad3a2555c517f961c26712c4fcab60728bcf5798
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * XFRM virtual interface
4 *
5 * Copyright (C) 2018 secunet Security Networks AG
6 *
7 * Author:
8 * Steffen Klassert <steffen.klassert@secunet.com>
9 */
10
11 #include <linux/module.h>
12 #include <linux/capability.h>
13 #include <linux/errno.h>
14 #include <linux/types.h>
15 #include <linux/sockios.h>
16 #include <linux/icmp.h>
17 #include <linux/if.h>
18 #include <linux/in.h>
19 #include <linux/ip.h>
20 #include <linux/net.h>
21 #include <linux/in6.h>
22 #include <linux/netdevice.h>
23 #include <linux/if_link.h>
24 #include <linux/if_arp.h>
25 #include <linux/icmpv6.h>
26 #include <linux/init.h>
27 #include <linux/route.h>
28 #include <linux/rtnetlink.h>
29 #include <linux/netfilter_ipv6.h>
30 #include <linux/slab.h>
31 #include <linux/hash.h>
32
33 #include <linux/uaccess.h>
34 #include <linux/atomic.h>
35
36 #include <net/icmp.h>
37 #include <net/ip.h>
38 #include <net/ipv6.h>
39 #include <net/ip6_route.h>
40 #include <net/addrconf.h>
41 #include <net/xfrm.h>
42 #include <net/net_namespace.h>
43 #include <net/netns/generic.h>
44 #include <linux/etherdevice.h>
45
46 static int xfrmi_dev_init(struct net_device *dev);
47 static void xfrmi_dev_setup(struct net_device *dev);
48 static struct rtnl_link_ops xfrmi_link_ops __read_mostly;
49 static unsigned int xfrmi_net_id __read_mostly;
50
51 struct xfrmi_net {
52 /* lists for storing interfaces in use */
53 struct xfrm_if __rcu *xfrmi[1];
54 };
55
56 #define for_each_xfrmi_rcu(start, xi) \
57 for (xi = rcu_dereference(start); xi; xi = rcu_dereference(xi->next))
58
59 static struct xfrm_if *xfrmi_lookup(struct net *net, struct xfrm_state *x)
60 {
61 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
62 struct xfrm_if *xi;
63
64 for_each_xfrmi_rcu(xfrmn->xfrmi[0], xi) {
65 if (x->if_id == xi->p.if_id &&
66 (xi->dev->flags & IFF_UP))
67 return xi;
68 }
69
70 return NULL;
71 }
72
73 static struct xfrm_if *xfrmi_decode_session(struct sk_buff *skb,
74 unsigned short family)
75 {
76 struct xfrmi_net *xfrmn;
77 struct xfrm_if *xi;
78 int ifindex = 0;
79
80 if (!secpath_exists(skb) || !skb->dev)
81 return NULL;
82
83 switch (family) {
84 case AF_INET6:
85 ifindex = inet6_sdif(skb);
86 break;
87 case AF_INET:
88 ifindex = inet_sdif(skb);
89 break;
90 }
91 if (!ifindex)
92 ifindex = skb->dev->ifindex;
93
94 xfrmn = net_generic(xs_net(xfrm_input_state(skb)), xfrmi_net_id);
95
96 for_each_xfrmi_rcu(xfrmn->xfrmi[0], xi) {
97 if (ifindex == xi->dev->ifindex &&
98 (xi->dev->flags & IFF_UP))
99 return xi;
100 }
101
102 return NULL;
103 }
104
105 static void xfrmi_link(struct xfrmi_net *xfrmn, struct xfrm_if *xi)
106 {
107 struct xfrm_if __rcu **xip = &xfrmn->xfrmi[0];
108
109 rcu_assign_pointer(xi->next , rtnl_dereference(*xip));
110 rcu_assign_pointer(*xip, xi);
111 }
112
113 static void xfrmi_unlink(struct xfrmi_net *xfrmn, struct xfrm_if *xi)
114 {
115 struct xfrm_if __rcu **xip;
116 struct xfrm_if *iter;
117
118 for (xip = &xfrmn->xfrmi[0];
119 (iter = rtnl_dereference(*xip)) != NULL;
120 xip = &iter->next) {
121 if (xi == iter) {
122 rcu_assign_pointer(*xip, xi->next);
123 break;
124 }
125 }
126 }
127
128 static void xfrmi_dev_free(struct net_device *dev)
129 {
130 struct xfrm_if *xi = netdev_priv(dev);
131
132 gro_cells_destroy(&xi->gro_cells);
133 free_percpu(dev->tstats);
134 }
135
136 static int xfrmi_create2(struct net_device *dev)
137 {
138 struct xfrm_if *xi = netdev_priv(dev);
139 struct net *net = dev_net(dev);
140 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
141 int err;
142
143 dev->rtnl_link_ops = &xfrmi_link_ops;
144 err = register_netdevice(dev);
145 if (err < 0)
146 goto out;
147
148 strcpy(xi->p.name, dev->name);
149
150 dev_hold(dev);
151 xfrmi_link(xfrmn, xi);
152
153 return 0;
154
155 out:
156 return err;
157 }
158
159 static struct xfrm_if *xfrmi_create(struct net *net, struct xfrm_if_parms *p)
160 {
161 struct net_device *dev;
162 struct xfrm_if *xi;
163 char name[IFNAMSIZ];
164 int err;
165
166 if (p->name[0]) {
167 strlcpy(name, p->name, IFNAMSIZ);
168 } else {
169 err = -EINVAL;
170 goto failed;
171 }
172
173 dev = alloc_netdev(sizeof(*xi), name, NET_NAME_UNKNOWN, xfrmi_dev_setup);
174 if (!dev) {
175 err = -EAGAIN;
176 goto failed;
177 }
178
179 dev_net_set(dev, net);
180
181 xi = netdev_priv(dev);
182 xi->p = *p;
183 xi->net = net;
184 xi->dev = dev;
185 xi->phydev = dev_get_by_index(net, p->link);
186 if (!xi->phydev) {
187 err = -ENODEV;
188 goto failed_free;
189 }
190
191 err = xfrmi_create2(dev);
192 if (err < 0)
193 goto failed_dev_put;
194
195 return xi;
196
197 failed_dev_put:
198 dev_put(xi->phydev);
199 failed_free:
200 free_netdev(dev);
201 failed:
202 return ERR_PTR(err);
203 }
204
205 static struct xfrm_if *xfrmi_locate(struct net *net, struct xfrm_if_parms *p,
206 int create)
207 {
208 struct xfrm_if __rcu **xip;
209 struct xfrm_if *xi;
210 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
211
212 for (xip = &xfrmn->xfrmi[0];
213 (xi = rtnl_dereference(*xip)) != NULL;
214 xip = &xi->next) {
215 if (xi->p.if_id == p->if_id) {
216 if (create)
217 return ERR_PTR(-EEXIST);
218
219 return xi;
220 }
221 }
222 if (!create)
223 return ERR_PTR(-ENODEV);
224 return xfrmi_create(net, p);
225 }
226
227 static void xfrmi_dev_uninit(struct net_device *dev)
228 {
229 struct xfrm_if *xi = netdev_priv(dev);
230 struct xfrmi_net *xfrmn = net_generic(xi->net, xfrmi_net_id);
231
232 xfrmi_unlink(xfrmn, xi);
233 dev_put(xi->phydev);
234 dev_put(dev);
235 }
236
237 static void xfrmi_scrub_packet(struct sk_buff *skb, bool xnet)
238 {
239 skb->tstamp = 0;
240 skb->pkt_type = PACKET_HOST;
241 skb->skb_iif = 0;
242 skb->ignore_df = 0;
243 skb_dst_drop(skb);
244 nf_reset(skb);
245 nf_reset_trace(skb);
246
247 if (!xnet)
248 return;
249
250 ipvs_reset(skb);
251 secpath_reset(skb);
252 skb_orphan(skb);
253 skb->mark = 0;
254 }
255
256 static int xfrmi_rcv_cb(struct sk_buff *skb, int err)
257 {
258 const struct xfrm_mode *inner_mode;
259 struct pcpu_sw_netstats *tstats;
260 struct net_device *dev;
261 struct xfrm_state *x;
262 struct xfrm_if *xi;
263 bool xnet;
264
265 if (err && !secpath_exists(skb))
266 return 0;
267
268 x = xfrm_input_state(skb);
269
270 xi = xfrmi_lookup(xs_net(x), x);
271 if (!xi)
272 return 1;
273
274 dev = xi->dev;
275 skb->dev = dev;
276
277 if (err) {
278 dev->stats.rx_errors++;
279 dev->stats.rx_dropped++;
280
281 return 0;
282 }
283
284 xnet = !net_eq(xi->net, dev_net(skb->dev));
285
286 if (xnet) {
287 inner_mode = &x->inner_mode;
288
289 if (x->sel.family == AF_UNSPEC) {
290 inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
291 if (inner_mode == NULL) {
292 XFRM_INC_STATS(dev_net(skb->dev),
293 LINUX_MIB_XFRMINSTATEMODEERROR);
294 return -EINVAL;
295 }
296 }
297
298 if (!xfrm_policy_check(NULL, XFRM_POLICY_IN, skb,
299 inner_mode->family))
300 return -EPERM;
301 }
302
303 xfrmi_scrub_packet(skb, xnet);
304
305 tstats = this_cpu_ptr(dev->tstats);
306
307 u64_stats_update_begin(&tstats->syncp);
308 tstats->rx_packets++;
309 tstats->rx_bytes += skb->len;
310 u64_stats_update_end(&tstats->syncp);
311
312 return 0;
313 }
314
315 static int
316 xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
317 {
318 struct xfrm_if *xi = netdev_priv(dev);
319 struct net_device_stats *stats = &xi->dev->stats;
320 struct dst_entry *dst = skb_dst(skb);
321 unsigned int length = skb->len;
322 struct net_device *tdev;
323 struct xfrm_state *x;
324 int err = -1;
325 int mtu;
326
327 if (!dst)
328 goto tx_err_link_failure;
329
330 dst_hold(dst);
331 dst = xfrm_lookup_with_ifid(xi->net, dst, fl, NULL, 0, xi->p.if_id);
332 if (IS_ERR(dst)) {
333 err = PTR_ERR(dst);
334 dst = NULL;
335 goto tx_err_link_failure;
336 }
337
338 x = dst->xfrm;
339 if (!x)
340 goto tx_err_link_failure;
341
342 if (x->if_id != xi->p.if_id)
343 goto tx_err_link_failure;
344
345 tdev = dst->dev;
346
347 if (tdev == dev) {
348 stats->collisions++;
349 net_warn_ratelimited("%s: Local routing loop detected!\n",
350 xi->p.name);
351 goto tx_err_dst_release;
352 }
353
354 mtu = dst_mtu(dst);
355 if (!skb->ignore_df && skb->len > mtu) {
356 skb_dst_update_pmtu(skb, mtu);
357
358 if (skb->protocol == htons(ETH_P_IPV6)) {
359 if (mtu < IPV6_MIN_MTU)
360 mtu = IPV6_MIN_MTU;
361
362 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
363 } else {
364 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
365 htonl(mtu));
366 }
367
368 dst_release(dst);
369 return -EMSGSIZE;
370 }
371
372 xfrmi_scrub_packet(skb, !net_eq(xi->net, dev_net(dev)));
373 skb_dst_set(skb, dst);
374 skb->dev = tdev;
375
376 err = dst_output(xi->net, skb->sk, skb);
377 if (net_xmit_eval(err) == 0) {
378 struct pcpu_sw_netstats *tstats = this_cpu_ptr(dev->tstats);
379
380 u64_stats_update_begin(&tstats->syncp);
381 tstats->tx_bytes += length;
382 tstats->tx_packets++;
383 u64_stats_update_end(&tstats->syncp);
384 } else {
385 stats->tx_errors++;
386 stats->tx_aborted_errors++;
387 }
388
389 return 0;
390 tx_err_link_failure:
391 stats->tx_carrier_errors++;
392 dst_link_failure(skb);
393 tx_err_dst_release:
394 dst_release(dst);
395 return err;
396 }
397
398 static netdev_tx_t xfrmi_xmit(struct sk_buff *skb, struct net_device *dev)
399 {
400 struct xfrm_if *xi = netdev_priv(dev);
401 struct net_device_stats *stats = &xi->dev->stats;
402 struct flowi fl;
403 int ret;
404
405 memset(&fl, 0, sizeof(fl));
406
407 switch (skb->protocol) {
408 case htons(ETH_P_IPV6):
409 xfrm_decode_session(skb, &fl, AF_INET6);
410 memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
411 break;
412 case htons(ETH_P_IP):
413 xfrm_decode_session(skb, &fl, AF_INET);
414 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
415 break;
416 default:
417 goto tx_err;
418 }
419
420 fl.flowi_oif = xi->phydev->ifindex;
421
422 ret = xfrmi_xmit2(skb, dev, &fl);
423 if (ret < 0)
424 goto tx_err;
425
426 return NETDEV_TX_OK;
427
428 tx_err:
429 stats->tx_errors++;
430 stats->tx_dropped++;
431 kfree_skb(skb);
432 return NETDEV_TX_OK;
433 }
434
435 static int xfrmi4_err(struct sk_buff *skb, u32 info)
436 {
437 const struct iphdr *iph = (const struct iphdr *)skb->data;
438 struct net *net = dev_net(skb->dev);
439 int protocol = iph->protocol;
440 struct ip_comp_hdr *ipch;
441 struct ip_esp_hdr *esph;
442 struct ip_auth_hdr *ah ;
443 struct xfrm_state *x;
444 struct xfrm_if *xi;
445 __be32 spi;
446
447 switch (protocol) {
448 case IPPROTO_ESP:
449 esph = (struct ip_esp_hdr *)(skb->data+(iph->ihl<<2));
450 spi = esph->spi;
451 break;
452 case IPPROTO_AH:
453 ah = (struct ip_auth_hdr *)(skb->data+(iph->ihl<<2));
454 spi = ah->spi;
455 break;
456 case IPPROTO_COMP:
457 ipch = (struct ip_comp_hdr *)(skb->data+(iph->ihl<<2));
458 spi = htonl(ntohs(ipch->cpi));
459 break;
460 default:
461 return 0;
462 }
463
464 switch (icmp_hdr(skb)->type) {
465 case ICMP_DEST_UNREACH:
466 if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
467 return 0;
468 case ICMP_REDIRECT:
469 break;
470 default:
471 return 0;
472 }
473
474 x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
475 spi, protocol, AF_INET);
476 if (!x)
477 return 0;
478
479 xi = xfrmi_lookup(net, x);
480 if (!xi) {
481 xfrm_state_put(x);
482 return -1;
483 }
484
485 if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
486 ipv4_update_pmtu(skb, net, info, 0, protocol);
487 else
488 ipv4_redirect(skb, net, 0, protocol);
489 xfrm_state_put(x);
490
491 return 0;
492 }
493
494 static int xfrmi6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
495 u8 type, u8 code, int offset, __be32 info)
496 {
497 const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
498 struct net *net = dev_net(skb->dev);
499 int protocol = iph->nexthdr;
500 struct ip_comp_hdr *ipch;
501 struct ip_esp_hdr *esph;
502 struct ip_auth_hdr *ah;
503 struct xfrm_state *x;
504 struct xfrm_if *xi;
505 __be32 spi;
506
507 switch (protocol) {
508 case IPPROTO_ESP:
509 esph = (struct ip_esp_hdr *)(skb->data + offset);
510 spi = esph->spi;
511 break;
512 case IPPROTO_AH:
513 ah = (struct ip_auth_hdr *)(skb->data + offset);
514 spi = ah->spi;
515 break;
516 case IPPROTO_COMP:
517 ipch = (struct ip_comp_hdr *)(skb->data + offset);
518 spi = htonl(ntohs(ipch->cpi));
519 break;
520 default:
521 return 0;
522 }
523
524 if (type != ICMPV6_PKT_TOOBIG &&
525 type != NDISC_REDIRECT)
526 return 0;
527
528 x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
529 spi, protocol, AF_INET6);
530 if (!x)
531 return 0;
532
533 xi = xfrmi_lookup(net, x);
534 if (!xi) {
535 xfrm_state_put(x);
536 return -1;
537 }
538
539 if (type == NDISC_REDIRECT)
540 ip6_redirect(skb, net, skb->dev->ifindex, 0,
541 sock_net_uid(net, NULL));
542 else
543 ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
544 xfrm_state_put(x);
545
546 return 0;
547 }
548
549 static int xfrmi_change(struct xfrm_if *xi, const struct xfrm_if_parms *p)
550 {
551 if (xi->p.link != p->link)
552 return -EINVAL;
553
554 xi->p.if_id = p->if_id;
555
556 return 0;
557 }
558
559 static int xfrmi_update(struct xfrm_if *xi, struct xfrm_if_parms *p)
560 {
561 struct net *net = dev_net(xi->dev);
562 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
563 int err;
564
565 xfrmi_unlink(xfrmn, xi);
566 synchronize_net();
567 err = xfrmi_change(xi, p);
568 xfrmi_link(xfrmn, xi);
569 netdev_state_change(xi->dev);
570 return err;
571 }
572
573 static void xfrmi_get_stats64(struct net_device *dev,
574 struct rtnl_link_stats64 *s)
575 {
576 int cpu;
577
578 for_each_possible_cpu(cpu) {
579 struct pcpu_sw_netstats *stats;
580 struct pcpu_sw_netstats tmp;
581 int start;
582
583 stats = per_cpu_ptr(dev->tstats, cpu);
584 do {
585 start = u64_stats_fetch_begin_irq(&stats->syncp);
586 tmp.rx_packets = stats->rx_packets;
587 tmp.rx_bytes = stats->rx_bytes;
588 tmp.tx_packets = stats->tx_packets;
589 tmp.tx_bytes = stats->tx_bytes;
590 } while (u64_stats_fetch_retry_irq(&stats->syncp, start));
591
592 s->rx_packets += tmp.rx_packets;
593 s->rx_bytes += tmp.rx_bytes;
594 s->tx_packets += tmp.tx_packets;
595 s->tx_bytes += tmp.tx_bytes;
596 }
597
598 s->rx_dropped = dev->stats.rx_dropped;
599 s->tx_dropped = dev->stats.tx_dropped;
600 }
601
602 static int xfrmi_get_iflink(const struct net_device *dev)
603 {
604 struct xfrm_if *xi = netdev_priv(dev);
605
606 return xi->phydev->ifindex;
607 }
608
609
610 static const struct net_device_ops xfrmi_netdev_ops = {
611 .ndo_init = xfrmi_dev_init,
612 .ndo_uninit = xfrmi_dev_uninit,
613 .ndo_start_xmit = xfrmi_xmit,
614 .ndo_get_stats64 = xfrmi_get_stats64,
615 .ndo_get_iflink = xfrmi_get_iflink,
616 };
617
618 static void xfrmi_dev_setup(struct net_device *dev)
619 {
620 dev->netdev_ops = &xfrmi_netdev_ops;
621 dev->type = ARPHRD_NONE;
622 dev->hard_header_len = ETH_HLEN;
623 dev->min_header_len = ETH_HLEN;
624 dev->mtu = ETH_DATA_LEN;
625 dev->min_mtu = ETH_MIN_MTU;
626 dev->max_mtu = ETH_DATA_LEN;
627 dev->addr_len = ETH_ALEN;
628 dev->flags = IFF_NOARP;
629 dev->needs_free_netdev = true;
630 dev->priv_destructor = xfrmi_dev_free;
631 netif_keep_dst(dev);
632 }
633
634 static int xfrmi_dev_init(struct net_device *dev)
635 {
636 struct xfrm_if *xi = netdev_priv(dev);
637 struct net_device *phydev = xi->phydev;
638 int err;
639
640 dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
641 if (!dev->tstats)
642 return -ENOMEM;
643
644 err = gro_cells_init(&xi->gro_cells, dev);
645 if (err) {
646 free_percpu(dev->tstats);
647 return err;
648 }
649
650 dev->features |= NETIF_F_LLTX;
651
652 dev->needed_headroom = phydev->needed_headroom;
653 dev->needed_tailroom = phydev->needed_tailroom;
654
655 if (is_zero_ether_addr(dev->dev_addr))
656 eth_hw_addr_inherit(dev, phydev);
657 if (is_zero_ether_addr(dev->broadcast))
658 memcpy(dev->broadcast, phydev->broadcast, dev->addr_len);
659
660 return 0;
661 }
662
663 static int xfrmi_validate(struct nlattr *tb[], struct nlattr *data[],
664 struct netlink_ext_ack *extack)
665 {
666 return 0;
667 }
668
669 static void xfrmi_netlink_parms(struct nlattr *data[],
670 struct xfrm_if_parms *parms)
671 {
672 memset(parms, 0, sizeof(*parms));
673
674 if (!data)
675 return;
676
677 if (data[IFLA_XFRM_LINK])
678 parms->link = nla_get_u32(data[IFLA_XFRM_LINK]);
679
680 if (data[IFLA_XFRM_IF_ID])
681 parms->if_id = nla_get_u32(data[IFLA_XFRM_IF_ID]);
682 }
683
684 static int xfrmi_newlink(struct net *src_net, struct net_device *dev,
685 struct nlattr *tb[], struct nlattr *data[],
686 struct netlink_ext_ack *extack)
687 {
688 struct net *net = dev_net(dev);
689 struct xfrm_if_parms *p;
690 struct xfrm_if *xi;
691
692 xi = netdev_priv(dev);
693 p = &xi->p;
694
695 xfrmi_netlink_parms(data, p);
696
697 if (!tb[IFLA_IFNAME])
698 return -EINVAL;
699
700 nla_strlcpy(p->name, tb[IFLA_IFNAME], IFNAMSIZ);
701
702 xi = xfrmi_locate(net, p, 1);
703 return PTR_ERR_OR_ZERO(xi);
704 }
705
706 static void xfrmi_dellink(struct net_device *dev, struct list_head *head)
707 {
708 unregister_netdevice_queue(dev, head);
709 }
710
711 static int xfrmi_changelink(struct net_device *dev, struct nlattr *tb[],
712 struct nlattr *data[],
713 struct netlink_ext_ack *extack)
714 {
715 struct xfrm_if *xi = netdev_priv(dev);
716 struct net *net = dev_net(dev);
717
718 xfrmi_netlink_parms(data, &xi->p);
719
720 xi = xfrmi_locate(net, &xi->p, 0);
721
722 if (IS_ERR_OR_NULL(xi)) {
723 xi = netdev_priv(dev);
724 } else {
725 if (xi->dev != dev)
726 return -EEXIST;
727 }
728
729 return xfrmi_update(xi, &xi->p);
730 }
731
732 static size_t xfrmi_get_size(const struct net_device *dev)
733 {
734 return
735 /* IFLA_XFRM_LINK */
736 nla_total_size(4) +
737 /* IFLA_XFRM_IF_ID */
738 nla_total_size(4) +
739 0;
740 }
741
742 static int xfrmi_fill_info(struct sk_buff *skb, const struct net_device *dev)
743 {
744 struct xfrm_if *xi = netdev_priv(dev);
745 struct xfrm_if_parms *parm = &xi->p;
746
747 if (nla_put_u32(skb, IFLA_XFRM_LINK, parm->link) ||
748 nla_put_u32(skb, IFLA_XFRM_IF_ID, parm->if_id))
749 goto nla_put_failure;
750 return 0;
751
752 nla_put_failure:
753 return -EMSGSIZE;
754 }
755
756 static struct net *xfrmi_get_link_net(const struct net_device *dev)
757 {
758 struct xfrm_if *xi = netdev_priv(dev);
759
760 return dev_net(xi->phydev);
761 }
762
763 static const struct nla_policy xfrmi_policy[IFLA_XFRM_MAX + 1] = {
764 [IFLA_XFRM_LINK] = { .type = NLA_U32 },
765 [IFLA_XFRM_IF_ID] = { .type = NLA_U32 },
766 };
767
768 static struct rtnl_link_ops xfrmi_link_ops __read_mostly = {
769 .kind = "xfrm",
770 .maxtype = IFLA_XFRM_MAX,
771 .policy = xfrmi_policy,
772 .priv_size = sizeof(struct xfrm_if),
773 .setup = xfrmi_dev_setup,
774 .validate = xfrmi_validate,
775 .newlink = xfrmi_newlink,
776 .dellink = xfrmi_dellink,
777 .changelink = xfrmi_changelink,
778 .get_size = xfrmi_get_size,
779 .fill_info = xfrmi_fill_info,
780 .get_link_net = xfrmi_get_link_net,
781 };
782
783 static void __net_exit xfrmi_destroy_interfaces(struct xfrmi_net *xfrmn)
784 {
785 struct xfrm_if *xi;
786 LIST_HEAD(list);
787
788 xi = rtnl_dereference(xfrmn->xfrmi[0]);
789 if (!xi)
790 return;
791
792 unregister_netdevice_queue(xi->dev, &list);
793 unregister_netdevice_many(&list);
794 }
795
796 static int __net_init xfrmi_init_net(struct net *net)
797 {
798 return 0;
799 }
800
801 static void __net_exit xfrmi_exit_net(struct net *net)
802 {
803 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
804
805 rtnl_lock();
806 xfrmi_destroy_interfaces(xfrmn);
807 rtnl_unlock();
808 }
809
810 static struct pernet_operations xfrmi_net_ops = {
811 .init = xfrmi_init_net,
812 .exit = xfrmi_exit_net,
813 .id = &xfrmi_net_id,
814 .size = sizeof(struct xfrmi_net),
815 };
816
817 static struct xfrm6_protocol xfrmi_esp6_protocol __read_mostly = {
818 .handler = xfrm6_rcv,
819 .cb_handler = xfrmi_rcv_cb,
820 .err_handler = xfrmi6_err,
821 .priority = 10,
822 };
823
824 static struct xfrm6_protocol xfrmi_ah6_protocol __read_mostly = {
825 .handler = xfrm6_rcv,
826 .cb_handler = xfrmi_rcv_cb,
827 .err_handler = xfrmi6_err,
828 .priority = 10,
829 };
830
831 static struct xfrm6_protocol xfrmi_ipcomp6_protocol __read_mostly = {
832 .handler = xfrm6_rcv,
833 .cb_handler = xfrmi_rcv_cb,
834 .err_handler = xfrmi6_err,
835 .priority = 10,
836 };
837
838 static struct xfrm4_protocol xfrmi_esp4_protocol __read_mostly = {
839 .handler = xfrm4_rcv,
840 .input_handler = xfrm_input,
841 .cb_handler = xfrmi_rcv_cb,
842 .err_handler = xfrmi4_err,
843 .priority = 10,
844 };
845
846 static struct xfrm4_protocol xfrmi_ah4_protocol __read_mostly = {
847 .handler = xfrm4_rcv,
848 .input_handler = xfrm_input,
849 .cb_handler = xfrmi_rcv_cb,
850 .err_handler = xfrmi4_err,
851 .priority = 10,
852 };
853
854 static struct xfrm4_protocol xfrmi_ipcomp4_protocol __read_mostly = {
855 .handler = xfrm4_rcv,
856 .input_handler = xfrm_input,
857 .cb_handler = xfrmi_rcv_cb,
858 .err_handler = xfrmi4_err,
859 .priority = 10,
860 };
861
862 static int __init xfrmi4_init(void)
863 {
864 int err;
865
866 err = xfrm4_protocol_register(&xfrmi_esp4_protocol, IPPROTO_ESP);
867 if (err < 0)
868 goto xfrm_proto_esp_failed;
869 err = xfrm4_protocol_register(&xfrmi_ah4_protocol, IPPROTO_AH);
870 if (err < 0)
871 goto xfrm_proto_ah_failed;
872 err = xfrm4_protocol_register(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
873 if (err < 0)
874 goto xfrm_proto_comp_failed;
875
876 return 0;
877
878 xfrm_proto_comp_failed:
879 xfrm4_protocol_deregister(&xfrmi_ah4_protocol, IPPROTO_AH);
880 xfrm_proto_ah_failed:
881 xfrm4_protocol_deregister(&xfrmi_esp4_protocol, IPPROTO_ESP);
882 xfrm_proto_esp_failed:
883 return err;
884 }
885
886 static void xfrmi4_fini(void)
887 {
888 xfrm4_protocol_deregister(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
889 xfrm4_protocol_deregister(&xfrmi_ah4_protocol, IPPROTO_AH);
890 xfrm4_protocol_deregister(&xfrmi_esp4_protocol, IPPROTO_ESP);
891 }
892
893 static int __init xfrmi6_init(void)
894 {
895 int err;
896
897 err = xfrm6_protocol_register(&xfrmi_esp6_protocol, IPPROTO_ESP);
898 if (err < 0)
899 goto xfrm_proto_esp_failed;
900 err = xfrm6_protocol_register(&xfrmi_ah6_protocol, IPPROTO_AH);
901 if (err < 0)
902 goto xfrm_proto_ah_failed;
903 err = xfrm6_protocol_register(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
904 if (err < 0)
905 goto xfrm_proto_comp_failed;
906
907 return 0;
908
909 xfrm_proto_comp_failed:
910 xfrm6_protocol_deregister(&xfrmi_ah6_protocol, IPPROTO_AH);
911 xfrm_proto_ah_failed:
912 xfrm6_protocol_deregister(&xfrmi_esp6_protocol, IPPROTO_ESP);
913 xfrm_proto_esp_failed:
914 return err;
915 }
916
917 static void xfrmi6_fini(void)
918 {
919 xfrm6_protocol_deregister(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
920 xfrm6_protocol_deregister(&xfrmi_ah6_protocol, IPPROTO_AH);
921 xfrm6_protocol_deregister(&xfrmi_esp6_protocol, IPPROTO_ESP);
922 }
923
924 static const struct xfrm_if_cb xfrm_if_cb = {
925 .decode_session = xfrmi_decode_session,
926 };
927
928 static int __init xfrmi_init(void)
929 {
930 const char *msg;
931 int err;
932
933 pr_info("IPsec XFRM device driver\n");
934
935 msg = "tunnel device";
936 err = register_pernet_device(&xfrmi_net_ops);
937 if (err < 0)
938 goto pernet_dev_failed;
939
940 msg = "xfrm4 protocols";
941 err = xfrmi4_init();
942 if (err < 0)
943 goto xfrmi4_failed;
944
945 msg = "xfrm6 protocols";
946 err = xfrmi6_init();
947 if (err < 0)
948 goto xfrmi6_failed;
949
950
951 msg = "netlink interface";
952 err = rtnl_link_register(&xfrmi_link_ops);
953 if (err < 0)
954 goto rtnl_link_failed;
955
956 xfrm_if_register_cb(&xfrm_if_cb);
957
958 return err;
959
960 rtnl_link_failed:
961 xfrmi6_fini();
962 xfrmi6_failed:
963 xfrmi4_fini();
964 xfrmi4_failed:
965 unregister_pernet_device(&xfrmi_net_ops);
966 pernet_dev_failed:
967 pr_err("xfrmi init: failed to register %s\n", msg);
968 return err;
969 }
970
971 static void __exit xfrmi_fini(void)
972 {
973 xfrm_if_unregister_cb();
974 rtnl_link_unregister(&xfrmi_link_ops);
975 xfrmi4_fini();
976 xfrmi6_fini();
977 unregister_pernet_device(&xfrmi_net_ops);
978 }
979
980 module_init(xfrmi_init);
981 module_exit(xfrmi_fini);
982 MODULE_LICENSE("GPL");
983 MODULE_ALIAS_RTNL_LINK("xfrm");
984 MODULE_ALIAS_NETDEV("xfrm0");
985 MODULE_AUTHOR("Steffen Klassert");
986 MODULE_DESCRIPTION("XFRM virtual interface");
Mirror of linux-2.6-arm at arm.linux.org.uk