search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'iommu-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
[linux/fpc-iii.git] / net / ipv6 / seg6.c
blobd2f8138e5a73a5391963659be446f58f50d9d78e
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * SR-IPv6 implementation
4 *
5 * Author:
6 * David Lebrun <david.lebrun@uclouvain.be>
7 */
8
9 #include <linux/errno.h>
10 #include <linux/types.h>
11 #include <linux/socket.h>
12 #include <linux/net.h>
13 #include <linux/in6.h>
14 #include <linux/slab.h>
15 #include <linux/rhashtable.h>
16
17 #include <net/ipv6.h>
18 #include <net/protocol.h>
19
20 #include <net/seg6.h>
21 #include <net/genetlink.h>
22 #include <linux/seg6.h>
23 #include <linux/seg6_genl.h>
24 #ifdef CONFIG_IPV6_SEG6_HMAC
25 #include <net/seg6_hmac.h>
26 #endif
27
28 bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len, bool reduced)
29 {
30 unsigned int tlv_offset;
31 int max_last_entry;
32 int trailing;
33
34 if (srh->type != IPV6_SRCRT_TYPE_4)
35 return false;
36
37 if (((srh->hdrlen + 1) << 3) != len)
38 return false;
39
40 if (!reduced && srh->segments_left > srh->first_segment) {
41 return false;
42 } else {
43 max_last_entry = (srh->hdrlen / 2) - 1;
44
45 if (srh->first_segment > max_last_entry)
46 return false;
47
48 if (srh->segments_left > srh->first_segment + 1)
49 return false;
50 }
51
52 tlv_offset = sizeof(*srh) + ((srh->first_segment + 1) << 4);
53
54 trailing = len - tlv_offset;
55 if (trailing < 0)
56 return false;
57
58 while (trailing) {
59 struct sr6_tlv *tlv;
60 unsigned int tlv_len;
61
62 if (trailing < sizeof(*tlv))
63 return false;
64
65 tlv = (struct sr6_tlv *)((unsigned char *)srh + tlv_offset);
66 tlv_len = sizeof(*tlv) + tlv->len;
67
68 trailing -= tlv_len;
69 if (trailing < 0)
70 return false;
71
72 tlv_offset += tlv_len;
73 }
74
75 return true;
76 }
77
78 static struct genl_family seg6_genl_family;
79
80 static const struct nla_policy seg6_genl_policy[SEG6_ATTR_MAX + 1] = {
81 [SEG6_ATTR_DST] = { .type = NLA_BINARY,
82 .len = sizeof(struct in6_addr) },
83 [SEG6_ATTR_DSTLEN] = { .type = NLA_S32, },
84 [SEG6_ATTR_HMACKEYID] = { .type = NLA_U32, },
85 [SEG6_ATTR_SECRET] = { .type = NLA_BINARY, },
86 [SEG6_ATTR_SECRETLEN] = { .type = NLA_U8, },
87 [SEG6_ATTR_ALGID] = { .type = NLA_U8, },
88 [SEG6_ATTR_HMACINFO] = { .type = NLA_NESTED, },
89 };
90
91 #ifdef CONFIG_IPV6_SEG6_HMAC
92
93 static int seg6_genl_sethmac(struct sk_buff *skb, struct genl_info *info)
94 {
95 struct net *net = genl_info_net(info);
96 struct seg6_pernet_data *sdata;
97 struct seg6_hmac_info *hinfo;
98 u32 hmackeyid;
99 char *secret;
100 int err = 0;
101 u8 algid;
102 u8 slen;
103
104 sdata = seg6_pernet(net);
105
106 if (!info->attrs[SEG6_ATTR_HMACKEYID] ||
107 !info->attrs[SEG6_ATTR_SECRETLEN] ||
108 !info->attrs[SEG6_ATTR_ALGID])
109 return -EINVAL;
110
111 hmackeyid = nla_get_u32(info->attrs[SEG6_ATTR_HMACKEYID]);
112 slen = nla_get_u8(info->attrs[SEG6_ATTR_SECRETLEN]);
113 algid = nla_get_u8(info->attrs[SEG6_ATTR_ALGID]);
114
115 if (hmackeyid == 0)
116 return -EINVAL;
117
118 if (slen > SEG6_HMAC_SECRET_LEN)
119 return -EINVAL;
120
121 mutex_lock(&sdata->lock);
122 hinfo = seg6_hmac_info_lookup(net, hmackeyid);
123
124 if (!slen) {
125 if (!hinfo)
126 err = -ENOENT;
127
128 err = seg6_hmac_info_del(net, hmackeyid);
129
130 goto out_unlock;
131 }
132
133 if (!info->attrs[SEG6_ATTR_SECRET]) {
134 err = -EINVAL;
135 goto out_unlock;
136 }
137
138 if (hinfo) {
139 err = seg6_hmac_info_del(net, hmackeyid);
140 if (err)
141 goto out_unlock;
142 }
143
144 secret = (char *)nla_data(info->attrs[SEG6_ATTR_SECRET]);
145
146 hinfo = kzalloc(sizeof(*hinfo), GFP_KERNEL);
147 if (!hinfo) {
148 err = -ENOMEM;
149 goto out_unlock;
150 }
151
152 memcpy(hinfo->secret, secret, slen);
153 hinfo->slen = slen;
154 hinfo->alg_id = algid;
155 hinfo->hmackeyid = hmackeyid;
156
157 err = seg6_hmac_info_add(net, hmackeyid, hinfo);
158 if (err)
159 kfree(hinfo);
160
161 out_unlock:
162 mutex_unlock(&sdata->lock);
163 return err;
164 }
165
166 #else
167
168 static int seg6_genl_sethmac(struct sk_buff *skb, struct genl_info *info)
169 {
170 return -ENOTSUPP;
171 }
172
173 #endif
174
175 static int seg6_genl_set_tunsrc(struct sk_buff *skb, struct genl_info *info)
176 {
177 struct net *net = genl_info_net(info);
178 struct in6_addr *val, *t_old, *t_new;
179 struct seg6_pernet_data *sdata;
180
181 sdata = seg6_pernet(net);
182
183 if (!info->attrs[SEG6_ATTR_DST])
184 return -EINVAL;
185
186 val = nla_data(info->attrs[SEG6_ATTR_DST]);
187 t_new = kmemdup(val, sizeof(*val), GFP_KERNEL);
188 if (!t_new)
189 return -ENOMEM;
190
191 mutex_lock(&sdata->lock);
192
193 t_old = sdata->tun_src;
194 rcu_assign_pointer(sdata->tun_src, t_new);
195
196 mutex_unlock(&sdata->lock);
197
198 synchronize_net();
199 kfree(t_old);
200
201 return 0;
202 }
203
204 static int seg6_genl_get_tunsrc(struct sk_buff *skb, struct genl_info *info)
205 {
206 struct net *net = genl_info_net(info);
207 struct in6_addr *tun_src;
208 struct sk_buff *msg;
209 void *hdr;
210
211 msg = genlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
212 if (!msg)
213 return -ENOMEM;
214
215 hdr = genlmsg_put(msg, info->snd_portid, info->snd_seq,
216 &seg6_genl_family, 0, SEG6_CMD_GET_TUNSRC);
217 if (!hdr)
218 goto free_msg;
219
220 rcu_read_lock();
221 tun_src = rcu_dereference(seg6_pernet(net)->tun_src);
222
223 if (nla_put(msg, SEG6_ATTR_DST, sizeof(struct in6_addr), tun_src))
224 goto nla_put_failure;
225
226 rcu_read_unlock();
227
228 genlmsg_end(msg, hdr);
229 return genlmsg_reply(msg, info);
230
231 nla_put_failure:
232 rcu_read_unlock();
233 free_msg:
234 nlmsg_free(msg);
235 return -ENOMEM;
236 }
237
238 #ifdef CONFIG_IPV6_SEG6_HMAC
239
240 static int __seg6_hmac_fill_info(struct seg6_hmac_info *hinfo,
241 struct sk_buff *msg)
242 {
243 if (nla_put_u32(msg, SEG6_ATTR_HMACKEYID, hinfo->hmackeyid) ||
244 nla_put_u8(msg, SEG6_ATTR_SECRETLEN, hinfo->slen) ||
245 nla_put(msg, SEG6_ATTR_SECRET, hinfo->slen, hinfo->secret) ||
246 nla_put_u8(msg, SEG6_ATTR_ALGID, hinfo->alg_id))
247 return -1;
248
249 return 0;
250 }
251
252 static int __seg6_genl_dumphmac_element(struct seg6_hmac_info *hinfo,
253 u32 portid, u32 seq, u32 flags,
254 struct sk_buff *skb, u8 cmd)
255 {
256 void *hdr;
257
258 hdr = genlmsg_put(skb, portid, seq, &seg6_genl_family, flags, cmd);
259 if (!hdr)
260 return -ENOMEM;
261
262 if (__seg6_hmac_fill_info(hinfo, skb) < 0)
263 goto nla_put_failure;
264
265 genlmsg_end(skb, hdr);
266 return 0;
267
268 nla_put_failure:
269 genlmsg_cancel(skb, hdr);
270 return -EMSGSIZE;
271 }
272
273 static int seg6_genl_dumphmac_start(struct netlink_callback *cb)
274 {
275 struct net *net = sock_net(cb->skb->sk);
276 struct seg6_pernet_data *sdata;
277 struct rhashtable_iter *iter;
278
279 sdata = seg6_pernet(net);
280 iter = (struct rhashtable_iter *)cb->args[0];
281
282 if (!iter) {
283 iter = kmalloc(sizeof(*iter), GFP_KERNEL);
284 if (!iter)
285 return -ENOMEM;
286
287 cb->args[0] = (long)iter;
288 }
289
290 rhashtable_walk_enter(&sdata->hmac_infos, iter);
291
292 return 0;
293 }
294
295 static int seg6_genl_dumphmac_done(struct netlink_callback *cb)
296 {
297 struct rhashtable_iter *iter = (struct rhashtable_iter *)cb->args[0];
298
299 rhashtable_walk_exit(iter);
300
301 kfree(iter);
302
303 return 0;
304 }
305
306 static int seg6_genl_dumphmac(struct sk_buff *skb, struct netlink_callback *cb)
307 {
308 struct rhashtable_iter *iter = (struct rhashtable_iter *)cb->args[0];
309 struct seg6_hmac_info *hinfo;
310 int ret;
311
312 rhashtable_walk_start(iter);
313
314 for (;;) {
315 hinfo = rhashtable_walk_next(iter);
316
317 if (IS_ERR(hinfo)) {
318 if (PTR_ERR(hinfo) == -EAGAIN)
319 continue;
320 ret = PTR_ERR(hinfo);
321 goto done;
322 } else if (!hinfo) {
323 break;
324 }
325
326 ret = __seg6_genl_dumphmac_element(hinfo,
327 NETLINK_CB(cb->skb).portid,
328 cb->nlh->nlmsg_seq,
329 NLM_F_MULTI,
330 skb, SEG6_CMD_DUMPHMAC);
331 if (ret)
332 goto done;
333 }
334
335 ret = skb->len;
336
337 done:
338 rhashtable_walk_stop(iter);
339 return ret;
340 }
341
342 #else
343
344 static int seg6_genl_dumphmac_start(struct netlink_callback *cb)
345 {
346 return 0;
347 }
348
349 static int seg6_genl_dumphmac_done(struct netlink_callback *cb)
350 {
351 return 0;
352 }
353
354 static int seg6_genl_dumphmac(struct sk_buff *skb, struct netlink_callback *cb)
355 {
356 return -ENOTSUPP;
357 }
358
359 #endif
360
361 static int __net_init seg6_net_init(struct net *net)
362 {
363 struct seg6_pernet_data *sdata;
364
365 sdata = kzalloc(sizeof(*sdata), GFP_KERNEL);
366 if (!sdata)
367 return -ENOMEM;
368
369 mutex_init(&sdata->lock);
370
371 sdata->tun_src = kzalloc(sizeof(*sdata->tun_src), GFP_KERNEL);
372 if (!sdata->tun_src) {
373 kfree(sdata);
374 return -ENOMEM;
375 }
376
377 net->ipv6.seg6_data = sdata;
378
379 #ifdef CONFIG_IPV6_SEG6_HMAC
380 seg6_hmac_net_init(net);
381 #endif
382
383 return 0;
384 }
385
386 static void __net_exit seg6_net_exit(struct net *net)
387 {
388 struct seg6_pernet_data *sdata = seg6_pernet(net);
389
390 #ifdef CONFIG_IPV6_SEG6_HMAC
391 seg6_hmac_net_exit(net);
392 #endif
393
394 kfree(sdata->tun_src);
395 kfree(sdata);
396 }
397
398 static struct pernet_operations ip6_segments_ops = {
399 .init = seg6_net_init,
400 .exit = seg6_net_exit,
401 };
402
403 static const struct genl_ops seg6_genl_ops[] = {
404 {
405 .cmd = SEG6_CMD_SETHMAC,
406 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
407 .doit = seg6_genl_sethmac,
408 .flags = GENL_ADMIN_PERM,
409 },
410 {
411 .cmd = SEG6_CMD_DUMPHMAC,
412 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
413 .start = seg6_genl_dumphmac_start,
414 .dumpit = seg6_genl_dumphmac,
415 .done = seg6_genl_dumphmac_done,
416 .flags = GENL_ADMIN_PERM,
417 },
418 {
419 .cmd = SEG6_CMD_SET_TUNSRC,
420 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
421 .doit = seg6_genl_set_tunsrc,
422 .flags = GENL_ADMIN_PERM,
423 },
424 {
425 .cmd = SEG6_CMD_GET_TUNSRC,
426 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
427 .doit = seg6_genl_get_tunsrc,
428 .flags = GENL_ADMIN_PERM,
429 },
430 };
431
432 static struct genl_family seg6_genl_family __ro_after_init = {
433 .hdrsize = 0,
434 .name = SEG6_GENL_NAME,
435 .version = SEG6_GENL_VERSION,
436 .maxattr = SEG6_ATTR_MAX,
437 .policy = seg6_genl_policy,
438 .netnsok = true,
439 .parallel_ops = true,
440 .ops = seg6_genl_ops,
441 .n_ops = ARRAY_SIZE(seg6_genl_ops),
442 .module = THIS_MODULE,
443 };
444
445 int __init seg6_init(void)
446 {
447 int err;
448
449 err = genl_register_family(&seg6_genl_family);
450 if (err)
451 goto out;
452
453 err = register_pernet_subsys(&ip6_segments_ops);
454 if (err)
455 goto out_unregister_genl;
456
457 #ifdef CONFIG_IPV6_SEG6_LWTUNNEL
458 err = seg6_iptunnel_init();
459 if (err)
460 goto out_unregister_pernet;
461
462 err = seg6_local_init();
463 if (err)
464 goto out_unregister_pernet;
465 #endif
466
467 #ifdef CONFIG_IPV6_SEG6_HMAC
468 err = seg6_hmac_init();
469 if (err)
470 goto out_unregister_iptun;
471 #endif
472
473 pr_info("Segment Routing with IPv6\n");
474
475 out:
476 return err;
477 #ifdef CONFIG_IPV6_SEG6_HMAC
478 out_unregister_iptun:
479 #ifdef CONFIG_IPV6_SEG6_LWTUNNEL
480 seg6_local_exit();
481 seg6_iptunnel_exit();
482 #endif
483 #endif
484 #ifdef CONFIG_IPV6_SEG6_LWTUNNEL
485 out_unregister_pernet:
486 unregister_pernet_subsys(&ip6_segments_ops);
487 #endif
488 out_unregister_genl:
489 genl_unregister_family(&seg6_genl_family);
490 goto out;
491 }
492
493 void seg6_exit(void)
494 {
495 #ifdef CONFIG_IPV6_SEG6_HMAC
496 seg6_hmac_exit();
497 #endif
498 #ifdef CONFIG_IPV6_SEG6_LWTUNNEL
499 seg6_iptunnel_exit();
500 #endif
501 unregister_pernet_subsys(&ip6_segments_ops);
502 genl_unregister_family(&seg6_genl_family);
503 }
Linux with added FPC-III support