search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux v2.6.17-rc2
[linux-2.6/next.git] / net / ipv6 / ipcomp6.c
blob05eb67def39f17e9c9b84d9270fdbe6fe1ee2a87
1 /*
2 * IP Payload Compression Protocol (IPComp) for IPv6 - RFC3173
3 *
4 * Copyright (C)2003 USAGI/WIDE Project
5 *
6 * Author Mitsuru KANDA <mk@linux-ipv6.org>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
22 /*
23 * [Memo]
24 *
25 * Outbound:
26 * The compression of IP datagram MUST be done before AH/ESP processing,
27 * fragmentation, and the addition of Hop-by-Hop/Routing header.
28 *
29 * Inbound:
30 * The decompression of IP datagram MUST be done after the reassembly,
31 * AH/ESP processing.
32 */
33 #include <linux/config.h>
34 #include <linux/module.h>
35 #include <net/ip.h>
36 #include <net/xfrm.h>
37 #include <net/ipcomp.h>
38 #include <asm/scatterlist.h>
39 #include <asm/semaphore.h>
40 #include <linux/crypto.h>
41 #include <linux/pfkeyv2.h>
42 #include <linux/random.h>
43 #include <linux/percpu.h>
44 #include <linux/smp.h>
45 #include <linux/list.h>
46 #include <linux/vmalloc.h>
47 #include <linux/rtnetlink.h>
48 #include <net/icmp.h>
49 #include <net/ipv6.h>
50 #include <net/protocol.h>
51 #include <linux/ipv6.h>
52 #include <linux/icmpv6.h>
53 #include <linux/mutex.h>
54
55 struct ipcomp6_tfms {
56 struct list_head list;
57 struct crypto_tfm **tfms;
58 int users;
59 };
60
61 static DEFINE_MUTEX(ipcomp6_resource_mutex);
62 static void **ipcomp6_scratches;
63 static int ipcomp6_scratch_users;
64 static LIST_HEAD(ipcomp6_tfms_list);
65
66 static int ipcomp6_input(struct xfrm_state *x, struct sk_buff *skb)
67 {
68 int err = 0;
69 u8 nexthdr = 0;
70 int hdr_len = skb->h.raw - skb->nh.raw;
71 unsigned char *tmp_hdr = NULL;
72 struct ipv6hdr *iph;
73 int plen, dlen;
74 struct ipcomp_data *ipcd = x->data;
75 u8 *start, *scratch;
76 struct crypto_tfm *tfm;
77 int cpu;
78
79 if ((skb_is_nonlinear(skb) || skb_cloned(skb)) &&
80 skb_linearize(skb, GFP_ATOMIC) != 0) {
81 err = -ENOMEM;
82 goto out;
83 }
84
85 skb->ip_summed = CHECKSUM_NONE;
86
87 /* Remove ipcomp header and decompress original payload */
88 iph = skb->nh.ipv6h;
89 tmp_hdr = kmalloc(hdr_len, GFP_ATOMIC);
90 if (!tmp_hdr)
91 goto out;
92 memcpy(tmp_hdr, iph, hdr_len);
93 nexthdr = *(u8 *)skb->data;
94 skb_pull(skb, sizeof(struct ipv6_comp_hdr));
95 skb->nh.raw += sizeof(struct ipv6_comp_hdr);
96 memcpy(skb->nh.raw, tmp_hdr, hdr_len);
97 iph = skb->nh.ipv6h;
98 iph->payload_len = htons(ntohs(iph->payload_len) - sizeof(struct ipv6_comp_hdr));
99 skb->h.raw = skb->data;
100
101 /* decompression */
102 plen = skb->len;
103 dlen = IPCOMP_SCRATCH_SIZE;
104 start = skb->data;
105
106 cpu = get_cpu();
107 scratch = *per_cpu_ptr(ipcomp6_scratches, cpu);
108 tfm = *per_cpu_ptr(ipcd->tfms, cpu);
109
110 err = crypto_comp_decompress(tfm, start, plen, scratch, &dlen);
111 if (err) {
112 err = -EINVAL;
113 goto out_put_cpu;
114 }
115
116 if (dlen < (plen + sizeof(struct ipv6_comp_hdr))) {
117 err = -EINVAL;
118 goto out_put_cpu;
119 }
120
121 err = pskb_expand_head(skb, 0, dlen - plen, GFP_ATOMIC);
122 if (err) {
123 goto out_put_cpu;
124 }
125
126 skb_put(skb, dlen - plen);
127 memcpy(skb->data, scratch, dlen);
128
129 iph = skb->nh.ipv6h;
130 iph->payload_len = htons(skb->len);
131
132 out_put_cpu:
133 put_cpu();
134 out:
135 kfree(tmp_hdr);
136 if (err)
137 goto error_out;
138 return nexthdr;
139 error_out:
140 return err;
141 }
142
143 static int ipcomp6_output(struct xfrm_state *x, struct sk_buff *skb)
144 {
145 int err;
146 struct ipv6hdr *top_iph;
147 int hdr_len;
148 struct ipv6_comp_hdr *ipch;
149 struct ipcomp_data *ipcd = x->data;
150 int plen, dlen;
151 u8 *start, *scratch;
152 struct crypto_tfm *tfm;
153 int cpu;
154
155 hdr_len = skb->h.raw - skb->data;
156
157 /* check whether datagram len is larger than threshold */
158 if ((skb->len - hdr_len) < ipcd->threshold) {
159 goto out_ok;
160 }
161
162 if ((skb_is_nonlinear(skb) || skb_cloned(skb)) &&
163 skb_linearize(skb, GFP_ATOMIC) != 0) {
164 goto out_ok;
165 }
166
167 /* compression */
168 plen = skb->len - hdr_len;
169 dlen = IPCOMP_SCRATCH_SIZE;
170 start = skb->h.raw;
171
172 cpu = get_cpu();
173 scratch = *per_cpu_ptr(ipcomp6_scratches, cpu);
174 tfm = *per_cpu_ptr(ipcd->tfms, cpu);
175
176 err = crypto_comp_compress(tfm, start, plen, scratch, &dlen);
177 if (err || (dlen + sizeof(struct ipv6_comp_hdr)) >= plen) {
178 put_cpu();
179 goto out_ok;
180 }
181 memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
182 put_cpu();
183 pskb_trim(skb, hdr_len + dlen + sizeof(struct ip_comp_hdr));
184
185 /* insert ipcomp header and replace datagram */
186 top_iph = (struct ipv6hdr *)skb->data;
187
188 top_iph->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
189
190 ipch = (struct ipv6_comp_hdr *)start;
191 ipch->nexthdr = *skb->nh.raw;
192 ipch->flags = 0;
193 ipch->cpi = htons((u16 )ntohl(x->id.spi));
194 *skb->nh.raw = IPPROTO_COMP;
195
196 out_ok:
197 return 0;
198 }
199
200 static void ipcomp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
201 int type, int code, int offset, __u32 info)
202 {
203 u32 spi;
204 struct ipv6hdr *iph = (struct ipv6hdr*)skb->data;
205 struct ipv6_comp_hdr *ipcomph = (struct ipv6_comp_hdr*)(skb->data+offset);
206 struct xfrm_state *x;
207
208 if (type != ICMPV6_DEST_UNREACH && type != ICMPV6_PKT_TOOBIG)
209 return;
210
211 spi = ntohl(ntohs(ipcomph->cpi));
212 x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr, spi, IPPROTO_COMP, AF_INET6);
213 if (!x)
214 return;
215
216 printk(KERN_DEBUG "pmtu discovery on SA IPCOMP/%08x/" NIP6_FMT "\n",
217 spi, NIP6(iph->daddr));
218 xfrm_state_put(x);
219 }
220
221 static struct xfrm_state *ipcomp6_tunnel_create(struct xfrm_state *x)
222 {
223 struct xfrm_state *t = NULL;
224
225 t = xfrm_state_alloc();
226 if (!t)
227 goto out;
228
229 t->id.proto = IPPROTO_IPV6;
230 t->id.spi = xfrm6_tunnel_alloc_spi((xfrm_address_t *)&x->props.saddr);
231 if (!t->id.spi)
232 goto error;
233
234 memcpy(t->id.daddr.a6, x->id.daddr.a6, sizeof(struct in6_addr));
235 memcpy(&t->sel, &x->sel, sizeof(t->sel));
236 t->props.family = AF_INET6;
237 t->props.mode = 1;
238 memcpy(t->props.saddr.a6, x->props.saddr.a6, sizeof(struct in6_addr));
239
240 if (xfrm_init_state(t))
241 goto error;
242
243 atomic_set(&t->tunnel_users, 1);
244
245 out:
246 return t;
247
248 error:
249 t->km.state = XFRM_STATE_DEAD;
250 xfrm_state_put(t);
251 t = NULL;
252 goto out;
253 }
254
255 static int ipcomp6_tunnel_attach(struct xfrm_state *x)
256 {
257 int err = 0;
258 struct xfrm_state *t = NULL;
259 u32 spi;
260
261 spi = xfrm6_tunnel_spi_lookup((xfrm_address_t *)&x->props.saddr);
262 if (spi)
263 t = xfrm_state_lookup((xfrm_address_t *)&x->id.daddr,
264 spi, IPPROTO_IPV6, AF_INET6);
265 if (!t) {
266 t = ipcomp6_tunnel_create(x);
267 if (!t) {
268 err = -EINVAL;
269 goto out;
270 }
271 xfrm_state_insert(t);
272 xfrm_state_hold(t);
273 }
274 x->tunnel = t;
275 atomic_inc(&t->tunnel_users);
276
277 out:
278 return err;
279 }
280
281 static void ipcomp6_free_scratches(void)
282 {
283 int i;
284 void **scratches;
285
286 if (--ipcomp6_scratch_users)
287 return;
288
289 scratches = ipcomp6_scratches;
290 if (!scratches)
291 return;
292
293 for_each_possible_cpu(i) {
294 void *scratch = *per_cpu_ptr(scratches, i);
295
296 vfree(scratch);
297 }
298
299 free_percpu(scratches);
300 }
301
302 static void **ipcomp6_alloc_scratches(void)
303 {
304 int i;
305 void **scratches;
306
307 if (ipcomp6_scratch_users++)
308 return ipcomp6_scratches;
309
310 scratches = alloc_percpu(void *);
311 if (!scratches)
312 return NULL;
313
314 ipcomp6_scratches = scratches;
315
316 for_each_possible_cpu(i) {
317 void *scratch = vmalloc(IPCOMP_SCRATCH_SIZE);
318 if (!scratch)
319 return NULL;
320 *per_cpu_ptr(scratches, i) = scratch;
321 }
322
323 return scratches;
324 }
325
326 static void ipcomp6_free_tfms(struct crypto_tfm **tfms)
327 {
328 struct ipcomp6_tfms *pos;
329 int cpu;
330
331 list_for_each_entry(pos, &ipcomp6_tfms_list, list) {
332 if (pos->tfms == tfms)
333 break;
334 }
335
336 BUG_TRAP(pos);
337
338 if (--pos->users)
339 return;
340
341 list_del(&pos->list);
342 kfree(pos);
343
344 if (!tfms)
345 return;
346
347 for_each_possible_cpu(cpu) {
348 struct crypto_tfm *tfm = *per_cpu_ptr(tfms, cpu);
349 crypto_free_tfm(tfm);
350 }
351 free_percpu(tfms);
352 }
353
354 static struct crypto_tfm **ipcomp6_alloc_tfms(const char *alg_name)
355 {
356 struct ipcomp6_tfms *pos;
357 struct crypto_tfm **tfms;
358 int cpu;
359
360 /* This can be any valid CPU ID so we don't need locking. */
361 cpu = raw_smp_processor_id();
362
363 list_for_each_entry(pos, &ipcomp6_tfms_list, list) {
364 struct crypto_tfm *tfm;
365
366 tfms = pos->tfms;
367 tfm = *per_cpu_ptr(tfms, cpu);
368
369 if (!strcmp(crypto_tfm_alg_name(tfm), alg_name)) {
370 pos->users++;
371 return tfms;
372 }
373 }
374
375 pos = kmalloc(sizeof(*pos), GFP_KERNEL);
376 if (!pos)
377 return NULL;
378
379 pos->users = 1;
380 INIT_LIST_HEAD(&pos->list);
381 list_add(&pos->list, &ipcomp6_tfms_list);
382
383 pos->tfms = tfms = alloc_percpu(struct crypto_tfm *);
384 if (!tfms)
385 goto error;
386
387 for_each_possible_cpu(cpu) {
388 struct crypto_tfm *tfm = crypto_alloc_tfm(alg_name, 0);
389 if (!tfm)
390 goto error;
391 *per_cpu_ptr(tfms, cpu) = tfm;
392 }
393
394 return tfms;
395
396 error:
397 ipcomp6_free_tfms(tfms);
398 return NULL;
399 }
400
401 static void ipcomp6_free_data(struct ipcomp_data *ipcd)
402 {
403 if (ipcd->tfms)
404 ipcomp6_free_tfms(ipcd->tfms);
405 ipcomp6_free_scratches();
406 }
407
408 static void ipcomp6_destroy(struct xfrm_state *x)
409 {
410 struct ipcomp_data *ipcd = x->data;
411 if (!ipcd)
412 return;
413 xfrm_state_delete_tunnel(x);
414 mutex_lock(&ipcomp6_resource_mutex);
415 ipcomp6_free_data(ipcd);
416 mutex_unlock(&ipcomp6_resource_mutex);
417 kfree(ipcd);
418
419 xfrm6_tunnel_free_spi((xfrm_address_t *)&x->props.saddr);
420 }
421
422 static int ipcomp6_init_state(struct xfrm_state *x)
423 {
424 int err;
425 struct ipcomp_data *ipcd;
426 struct xfrm_algo_desc *calg_desc;
427
428 err = -EINVAL;
429 if (!x->calg)
430 goto out;
431
432 if (x->encap)
433 goto out;
434
435 err = -ENOMEM;
436 ipcd = kzalloc(sizeof(*ipcd), GFP_KERNEL);
437 if (!ipcd)
438 goto out;
439
440 x->props.header_len = 0;
441 if (x->props.mode)
442 x->props.header_len += sizeof(struct ipv6hdr);
443
444 mutex_lock(&ipcomp6_resource_mutex);
445 if (!ipcomp6_alloc_scratches())
446 goto error;
447
448 ipcd->tfms = ipcomp6_alloc_tfms(x->calg->alg_name);
449 if (!ipcd->tfms)
450 goto error;
451 mutex_unlock(&ipcomp6_resource_mutex);
452
453 if (x->props.mode) {
454 err = ipcomp6_tunnel_attach(x);
455 if (err)
456 goto error_tunnel;
457 }
458
459 calg_desc = xfrm_calg_get_byname(x->calg->alg_name, 0);
460 BUG_ON(!calg_desc);
461 ipcd->threshold = calg_desc->uinfo.comp.threshold;
462 x->data = ipcd;
463 err = 0;
464 out:
465 return err;
466 error_tunnel:
467 mutex_lock(&ipcomp6_resource_mutex);
468 error:
469 ipcomp6_free_data(ipcd);
470 mutex_unlock(&ipcomp6_resource_mutex);
471 kfree(ipcd);
472
473 goto out;
474 }
475
476 static struct xfrm_type ipcomp6_type =
477 {
478 .description = "IPCOMP6",
479 .owner = THIS_MODULE,
480 .proto = IPPROTO_COMP,
481 .init_state = ipcomp6_init_state,
482 .destructor = ipcomp6_destroy,
483 .input = ipcomp6_input,
484 .output = ipcomp6_output,
485 };
486
487 static struct inet6_protocol ipcomp6_protocol =
488 {
489 .handler = xfrm6_rcv,
490 .err_handler = ipcomp6_err,
491 .flags = INET6_PROTO_NOPOLICY,
492 };
493
494 static int __init ipcomp6_init(void)
495 {
496 if (xfrm_register_type(&ipcomp6_type, AF_INET6) < 0) {
497 printk(KERN_INFO "ipcomp6 init: can't add xfrm type\n");
498 return -EAGAIN;
499 }
500 if (inet6_add_protocol(&ipcomp6_protocol, IPPROTO_COMP) < 0) {
501 printk(KERN_INFO "ipcomp6 init: can't add protocol\n");
502 xfrm_unregister_type(&ipcomp6_type, AF_INET6);
503 return -EAGAIN;
504 }
505 return 0;
506 }
507
508 static void __exit ipcomp6_fini(void)
509 {
510 if (inet6_del_protocol(&ipcomp6_protocol, IPPROTO_COMP) < 0)
511 printk(KERN_INFO "ipv6 ipcomp close: can't remove protocol\n");
512 if (xfrm_unregister_type(&ipcomp6_type, AF_INET6) < 0)
513 printk(KERN_INFO "ipv6 ipcomp close: can't remove xfrm type\n");
514 }
515
516 module_init(ipcomp6_init);
517 module_exit(ipcomp6_fini);
518 MODULE_LICENSE("GPL");
519 MODULE_DESCRIPTION("IP Payload Compression Protocol (IPComp) for IPv6 - RFC3173");
520 MODULE_AUTHOR("Mitsuru KANDA <mk@linux-ipv6.org>");
521
522
linux-next