search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dccp: fix use-after-free in dccp_feat_activate_values
[linux/fpc-iii.git] / net / ipv4 / fou.c
blob805f6607f8d9a89661bed62db6b370b964d43f1d
1 #include <linux/module.h>
2 #include <linux/errno.h>
3 #include <linux/socket.h>
4 #include <linux/skbuff.h>
5 #include <linux/ip.h>
6 #include <linux/udp.h>
7 #include <linux/types.h>
8 #include <linux/kernel.h>
9 #include <net/genetlink.h>
10 #include <net/gue.h>
11 #include <net/ip.h>
12 #include <net/protocol.h>
13 #include <net/udp.h>
14 #include <net/udp_tunnel.h>
15 #include <net/xfrm.h>
16 #include <uapi/linux/fou.h>
17 #include <uapi/linux/genetlink.h>
18
19 struct fou {
20 struct socket *sock;
21 u8 protocol;
22 u8 flags;
23 __be16 port;
24 u8 family;
25 u16 type;
26 struct list_head list;
27 struct rcu_head rcu;
28 };
29
30 #define FOU_F_REMCSUM_NOPARTIAL BIT(0)
31
32 struct fou_cfg {
33 u16 type;
34 u8 protocol;
35 u8 flags;
36 struct udp_port_cfg udp_config;
37 };
38
39 static unsigned int fou_net_id;
40
41 struct fou_net {
42 struct list_head fou_list;
43 struct mutex fou_lock;
44 };
45
46 static inline struct fou *fou_from_sock(struct sock *sk)
47 {
48 return sk->sk_user_data;
49 }
50
51 static int fou_recv_pull(struct sk_buff *skb, struct fou *fou, size_t len)
52 {
53 /* Remove 'len' bytes from the packet (UDP header and
54 * FOU header if present).
55 */
56 if (fou->family == AF_INET)
57 ip_hdr(skb)->tot_len = htons(ntohs(ip_hdr(skb)->tot_len) - len);
58 else
59 ipv6_hdr(skb)->payload_len =
60 htons(ntohs(ipv6_hdr(skb)->payload_len) - len);
61
62 __skb_pull(skb, len);
63 skb_postpull_rcsum(skb, udp_hdr(skb), len);
64 skb_reset_transport_header(skb);
65 return iptunnel_pull_offloads(skb);
66 }
67
68 static int fou_udp_recv(struct sock *sk, struct sk_buff *skb)
69 {
70 struct fou *fou = fou_from_sock(sk);
71
72 if (!fou)
73 return 1;
74
75 if (fou_recv_pull(skb, fou, sizeof(struct udphdr)))
76 goto drop;
77
78 return -fou->protocol;
79
80 drop:
81 kfree_skb(skb);
82 return 0;
83 }
84
85 static struct guehdr *gue_remcsum(struct sk_buff *skb, struct guehdr *guehdr,
86 void *data, size_t hdrlen, u8 ipproto,
87 bool nopartial)
88 {
89 __be16 *pd = data;
90 size_t start = ntohs(pd[0]);
91 size_t offset = ntohs(pd[1]);
92 size_t plen = sizeof(struct udphdr) + hdrlen +
93 max_t(size_t, offset + sizeof(u16), start);
94
95 if (skb->remcsum_offload)
96 return guehdr;
97
98 if (!pskb_may_pull(skb, plen))
99 return NULL;
100 guehdr = (struct guehdr *)&udp_hdr(skb)[1];
101
102 skb_remcsum_process(skb, (void *)guehdr + hdrlen,
103 start, offset, nopartial);
104
105 return guehdr;
106 }
107
108 static int gue_control_message(struct sk_buff *skb, struct guehdr *guehdr)
109 {
110 /* No support yet */
111 kfree_skb(skb);
112 return 0;
113 }
114
115 static int gue_udp_recv(struct sock *sk, struct sk_buff *skb)
116 {
117 struct fou *fou = fou_from_sock(sk);
118 size_t len, optlen, hdrlen;
119 struct guehdr *guehdr;
120 void *data;
121 u16 doffset = 0;
122
123 if (!fou)
124 return 1;
125
126 len = sizeof(struct udphdr) + sizeof(struct guehdr);
127 if (!pskb_may_pull(skb, len))
128 goto drop;
129
130 guehdr = (struct guehdr *)&udp_hdr(skb)[1];
131
132 switch (guehdr->version) {
133 case 0: /* Full GUE header present */
134 break;
135
136 case 1: {
137 /* Direct encasulation of IPv4 or IPv6 */
138
139 int prot;
140
141 switch (((struct iphdr *)guehdr)->version) {
142 case 4:
143 prot = IPPROTO_IPIP;
144 break;
145 case 6:
146 prot = IPPROTO_IPV6;
147 break;
148 default:
149 goto drop;
150 }
151
152 if (fou_recv_pull(skb, fou, sizeof(struct udphdr)))
153 goto drop;
154
155 return -prot;
156 }
157
158 default: /* Undefined version */
159 goto drop;
160 }
161
162 optlen = guehdr->hlen << 2;
163 len += optlen;
164
165 if (!pskb_may_pull(skb, len))
166 goto drop;
167
168 /* guehdr may change after pull */
169 guehdr = (struct guehdr *)&udp_hdr(skb)[1];
170
171 hdrlen = sizeof(struct guehdr) + optlen;
172
173 if (guehdr->version != 0 || validate_gue_flags(guehdr, optlen))
174 goto drop;
175
176 hdrlen = sizeof(struct guehdr) + optlen;
177
178 if (fou->family == AF_INET)
179 ip_hdr(skb)->tot_len = htons(ntohs(ip_hdr(skb)->tot_len) - len);
180 else
181 ipv6_hdr(skb)->payload_len =
182 htons(ntohs(ipv6_hdr(skb)->payload_len) - len);
183
184 /* Pull csum through the guehdr now . This can be used if
185 * there is a remote checksum offload.
186 */
187 skb_postpull_rcsum(skb, udp_hdr(skb), len);
188
189 data = &guehdr[1];
190
191 if (guehdr->flags & GUE_FLAG_PRIV) {
192 __be32 flags = *(__be32 *)(data + doffset);
193
194 doffset += GUE_LEN_PRIV;
195
196 if (flags & GUE_PFLAG_REMCSUM) {
197 guehdr = gue_remcsum(skb, guehdr, data + doffset,
198 hdrlen, guehdr->proto_ctype,
199 !!(fou->flags &
200 FOU_F_REMCSUM_NOPARTIAL));
201 if (!guehdr)
202 goto drop;
203
204 data = &guehdr[1];
205
206 doffset += GUE_PLEN_REMCSUM;
207 }
208 }
209
210 if (unlikely(guehdr->control))
211 return gue_control_message(skb, guehdr);
212
213 __skb_pull(skb, sizeof(struct udphdr) + hdrlen);
214 skb_reset_transport_header(skb);
215
216 if (iptunnel_pull_offloads(skb))
217 goto drop;
218
219 return -guehdr->proto_ctype;
220
221 drop:
222 kfree_skb(skb);
223 return 0;
224 }
225
226 static struct sk_buff **fou_gro_receive(struct sock *sk,
227 struct sk_buff **head,
228 struct sk_buff *skb)
229 {
230 const struct net_offload *ops;
231 struct sk_buff **pp = NULL;
232 u8 proto = fou_from_sock(sk)->protocol;
233 const struct net_offload **offloads;
234
235 /* We can clear the encap_mark for FOU as we are essentially doing
236 * one of two possible things. We are either adding an L4 tunnel
237 * header to the outer L3 tunnel header, or we are are simply
238 * treating the GRE tunnel header as though it is a UDP protocol
239 * specific header such as VXLAN or GENEVE.
240 */
241 NAPI_GRO_CB(skb)->encap_mark = 0;
242
243 /* Flag this frame as already having an outer encap header */
244 NAPI_GRO_CB(skb)->is_fou = 1;
245
246 rcu_read_lock();
247 offloads = NAPI_GRO_CB(skb)->is_ipv6 ? inet6_offloads : inet_offloads;
248 ops = rcu_dereference(offloads[proto]);
249 if (!ops || !ops->callbacks.gro_receive)
250 goto out_unlock;
251
252 pp = call_gro_receive(ops->callbacks.gro_receive, head, skb);
253
254 out_unlock:
255 rcu_read_unlock();
256
257 return pp;
258 }
259
260 static int fou_gro_complete(struct sock *sk, struct sk_buff *skb,
261 int nhoff)
262 {
263 const struct net_offload *ops;
264 u8 proto = fou_from_sock(sk)->protocol;
265 int err = -ENOSYS;
266 const struct net_offload **offloads;
267
268 rcu_read_lock();
269 offloads = NAPI_GRO_CB(skb)->is_ipv6 ? inet6_offloads : inet_offloads;
270 ops = rcu_dereference(offloads[proto]);
271 if (WARN_ON(!ops || !ops->callbacks.gro_complete))
272 goto out_unlock;
273
274 err = ops->callbacks.gro_complete(skb, nhoff);
275
276 skb_set_inner_mac_header(skb, nhoff);
277
278 out_unlock:
279 rcu_read_unlock();
280
281 return err;
282 }
283
284 static struct guehdr *gue_gro_remcsum(struct sk_buff *skb, unsigned int off,
285 struct guehdr *guehdr, void *data,
286 size_t hdrlen, struct gro_remcsum *grc,
287 bool nopartial)
288 {
289 __be16 *pd = data;
290 size_t start = ntohs(pd[0]);
291 size_t offset = ntohs(pd[1]);
292
293 if (skb->remcsum_offload)
294 return guehdr;
295
296 if (!NAPI_GRO_CB(skb)->csum_valid)
297 return NULL;
298
299 guehdr = skb_gro_remcsum_process(skb, (void *)guehdr, off, hdrlen,
300 start, offset, grc, nopartial);
301
302 skb->remcsum_offload = 1;
303
304 return guehdr;
305 }
306
307 static struct sk_buff **gue_gro_receive(struct sock *sk,
308 struct sk_buff **head,
309 struct sk_buff *skb)
310 {
311 const struct net_offload **offloads;
312 const struct net_offload *ops;
313 struct sk_buff **pp = NULL;
314 struct sk_buff *p;
315 struct guehdr *guehdr;
316 size_t len, optlen, hdrlen, off;
317 void *data;
318 u16 doffset = 0;
319 int flush = 1;
320 struct fou *fou = fou_from_sock(sk);
321 struct gro_remcsum grc;
322 u8 proto;
323
324 skb_gro_remcsum_init(&grc);
325
326 off = skb_gro_offset(skb);
327 len = off + sizeof(*guehdr);
328
329 guehdr = skb_gro_header_fast(skb, off);
330 if (skb_gro_header_hard(skb, len)) {
331 guehdr = skb_gro_header_slow(skb, len, off);
332 if (unlikely(!guehdr))
333 goto out;
334 }
335
336 switch (guehdr->version) {
337 case 0:
338 break;
339 case 1:
340 switch (((struct iphdr *)guehdr)->version) {
341 case 4:
342 proto = IPPROTO_IPIP;
343 break;
344 case 6:
345 proto = IPPROTO_IPV6;
346 break;
347 default:
348 goto out;
349 }
350 goto next_proto;
351 default:
352 goto out;
353 }
354
355 optlen = guehdr->hlen << 2;
356 len += optlen;
357
358 if (skb_gro_header_hard(skb, len)) {
359 guehdr = skb_gro_header_slow(skb, len, off);
360 if (unlikely(!guehdr))
361 goto out;
362 }
363
364 if (unlikely(guehdr->control) || guehdr->version != 0 ||
365 validate_gue_flags(guehdr, optlen))
366 goto out;
367
368 hdrlen = sizeof(*guehdr) + optlen;
369
370 /* Adjust NAPI_GRO_CB(skb)->csum to account for guehdr,
371 * this is needed if there is a remote checkcsum offload.
372 */
373 skb_gro_postpull_rcsum(skb, guehdr, hdrlen);
374
375 data = &guehdr[1];
376
377 if (guehdr->flags & GUE_FLAG_PRIV) {
378 __be32 flags = *(__be32 *)(data + doffset);
379
380 doffset += GUE_LEN_PRIV;
381
382 if (flags & GUE_PFLAG_REMCSUM) {
383 guehdr = gue_gro_remcsum(skb, off, guehdr,
384 data + doffset, hdrlen, &grc,
385 !!(fou->flags &
386 FOU_F_REMCSUM_NOPARTIAL));
387
388 if (!guehdr)
389 goto out;
390
391 data = &guehdr[1];
392
393 doffset += GUE_PLEN_REMCSUM;
394 }
395 }
396
397 skb_gro_pull(skb, hdrlen);
398
399 for (p = *head; p; p = p->next) {
400 const struct guehdr *guehdr2;
401
402 if (!NAPI_GRO_CB(p)->same_flow)
403 continue;
404
405 guehdr2 = (struct guehdr *)(p->data + off);
406
407 /* Compare base GUE header to be equal (covers
408 * hlen, version, proto_ctype, and flags.
409 */
410 if (guehdr->word != guehdr2->word) {
411 NAPI_GRO_CB(p)->same_flow = 0;
412 continue;
413 }
414
415 /* Compare optional fields are the same. */
416 if (guehdr->hlen && memcmp(&guehdr[1], &guehdr2[1],
417 guehdr->hlen << 2)) {
418 NAPI_GRO_CB(p)->same_flow = 0;
419 continue;
420 }
421 }
422
423 proto = guehdr->proto_ctype;
424
425 next_proto:
426
427 /* We can clear the encap_mark for GUE as we are essentially doing
428 * one of two possible things. We are either adding an L4 tunnel
429 * header to the outer L3 tunnel header, or we are are simply
430 * treating the GRE tunnel header as though it is a UDP protocol
431 * specific header such as VXLAN or GENEVE.
432 */
433 NAPI_GRO_CB(skb)->encap_mark = 0;
434
435 /* Flag this frame as already having an outer encap header */
436 NAPI_GRO_CB(skb)->is_fou = 1;
437
438 rcu_read_lock();
439 offloads = NAPI_GRO_CB(skb)->is_ipv6 ? inet6_offloads : inet_offloads;
440 ops = rcu_dereference(offloads[proto]);
441 if (WARN_ON_ONCE(!ops || !ops->callbacks.gro_receive))
442 goto out_unlock;
443
444 pp = call_gro_receive(ops->callbacks.gro_receive, head, skb);
445 flush = 0;
446
447 out_unlock:
448 rcu_read_unlock();
449 out:
450 NAPI_GRO_CB(skb)->flush |= flush;
451 skb_gro_remcsum_cleanup(skb, &grc);
452
453 return pp;
454 }
455
456 static int gue_gro_complete(struct sock *sk, struct sk_buff *skb, int nhoff)
457 {
458 const struct net_offload **offloads;
459 struct guehdr *guehdr = (struct guehdr *)(skb->data + nhoff);
460 const struct net_offload *ops;
461 unsigned int guehlen = 0;
462 u8 proto;
463 int err = -ENOENT;
464
465 switch (guehdr->version) {
466 case 0:
467 proto = guehdr->proto_ctype;
468 guehlen = sizeof(*guehdr) + (guehdr->hlen << 2);
469 break;
470 case 1:
471 switch (((struct iphdr *)guehdr)->version) {
472 case 4:
473 proto = IPPROTO_IPIP;
474 break;
475 case 6:
476 proto = IPPROTO_IPV6;
477 break;
478 default:
479 return err;
480 }
481 break;
482 default:
483 return err;
484 }
485
486 rcu_read_lock();
487 offloads = NAPI_GRO_CB(skb)->is_ipv6 ? inet6_offloads : inet_offloads;
488 ops = rcu_dereference(offloads[proto]);
489 if (WARN_ON(!ops || !ops->callbacks.gro_complete))
490 goto out_unlock;
491
492 err = ops->callbacks.gro_complete(skb, nhoff + guehlen);
493
494 skb_set_inner_mac_header(skb, nhoff + guehlen);
495
496 out_unlock:
497 rcu_read_unlock();
498 return err;
499 }
500
501 static int fou_add_to_port_list(struct net *net, struct fou *fou)
502 {
503 struct fou_net *fn = net_generic(net, fou_net_id);
504 struct fou *fout;
505
506 mutex_lock(&fn->fou_lock);
507 list_for_each_entry(fout, &fn->fou_list, list) {
508 if (fou->port == fout->port &&
509 fou->family == fout->family) {
510 mutex_unlock(&fn->fou_lock);
511 return -EALREADY;
512 }
513 }
514
515 list_add(&fou->list, &fn->fou_list);
516 mutex_unlock(&fn->fou_lock);
517
518 return 0;
519 }
520
521 static void fou_release(struct fou *fou)
522 {
523 struct socket *sock = fou->sock;
524
525 list_del(&fou->list);
526 udp_tunnel_sock_release(sock);
527
528 kfree_rcu(fou, rcu);
529 }
530
531 static int fou_create(struct net *net, struct fou_cfg *cfg,
532 struct socket **sockp)
533 {
534 struct socket *sock = NULL;
535 struct fou *fou = NULL;
536 struct sock *sk;
537 struct udp_tunnel_sock_cfg tunnel_cfg;
538 int err;
539
540 /* Open UDP socket */
541 err = udp_sock_create(net, &cfg->udp_config, &sock);
542 if (err < 0)
543 goto error;
544
545 /* Allocate FOU port structure */
546 fou = kzalloc(sizeof(*fou), GFP_KERNEL);
547 if (!fou) {
548 err = -ENOMEM;
549 goto error;
550 }
551
552 sk = sock->sk;
553
554 fou->port = cfg->udp_config.local_udp_port;
555 fou->family = cfg->udp_config.family;
556 fou->flags = cfg->flags;
557 fou->type = cfg->type;
558 fou->sock = sock;
559
560 memset(&tunnel_cfg, 0, sizeof(tunnel_cfg));
561 tunnel_cfg.encap_type = 1;
562 tunnel_cfg.sk_user_data = fou;
563 tunnel_cfg.encap_destroy = NULL;
564
565 /* Initial for fou type */
566 switch (cfg->type) {
567 case FOU_ENCAP_DIRECT:
568 tunnel_cfg.encap_rcv = fou_udp_recv;
569 tunnel_cfg.gro_receive = fou_gro_receive;
570 tunnel_cfg.gro_complete = fou_gro_complete;
571 fou->protocol = cfg->protocol;
572 break;
573 case FOU_ENCAP_GUE:
574 tunnel_cfg.encap_rcv = gue_udp_recv;
575 tunnel_cfg.gro_receive = gue_gro_receive;
576 tunnel_cfg.gro_complete = gue_gro_complete;
577 break;
578 default:
579 err = -EINVAL;
580 goto error;
581 }
582
583 setup_udp_tunnel_sock(net, sock, &tunnel_cfg);
584
585 sk->sk_allocation = GFP_ATOMIC;
586
587 err = fou_add_to_port_list(net, fou);
588 if (err)
589 goto error;
590
591 if (sockp)
592 *sockp = sock;
593
594 return 0;
595
596 error:
597 kfree(fou);
598 if (sock)
599 udp_tunnel_sock_release(sock);
600
601 return err;
602 }
603
604 static int fou_destroy(struct net *net, struct fou_cfg *cfg)
605 {
606 struct fou_net *fn = net_generic(net, fou_net_id);
607 __be16 port = cfg->udp_config.local_udp_port;
608 u8 family = cfg->udp_config.family;
609 int err = -EINVAL;
610 struct fou *fou;
611
612 mutex_lock(&fn->fou_lock);
613 list_for_each_entry(fou, &fn->fou_list, list) {
614 if (fou->port == port && fou->family == family) {
615 fou_release(fou);
616 err = 0;
617 break;
618 }
619 }
620 mutex_unlock(&fn->fou_lock);
621
622 return err;
623 }
624
625 static struct genl_family fou_nl_family;
626
627 static const struct nla_policy fou_nl_policy[FOU_ATTR_MAX + 1] = {
628 [FOU_ATTR_PORT] = { .type = NLA_U16, },
629 [FOU_ATTR_AF] = { .type = NLA_U8, },
630 [FOU_ATTR_IPPROTO] = { .type = NLA_U8, },
631 [FOU_ATTR_TYPE] = { .type = NLA_U8, },
632 [FOU_ATTR_REMCSUM_NOPARTIAL] = { .type = NLA_FLAG, },
633 };
634
635 static int parse_nl_config(struct genl_info *info,
636 struct fou_cfg *cfg)
637 {
638 memset(cfg, 0, sizeof(*cfg));
639
640 cfg->udp_config.family = AF_INET;
641
642 if (info->attrs[FOU_ATTR_AF]) {
643 u8 family = nla_get_u8(info->attrs[FOU_ATTR_AF]);
644
645 switch (family) {
646 case AF_INET:
647 break;
648 case AF_INET6:
649 cfg->udp_config.ipv6_v6only = 1;
650 break;
651 default:
652 return -EAFNOSUPPORT;
653 }
654
655 cfg->udp_config.family = family;
656 }
657
658 if (info->attrs[FOU_ATTR_PORT]) {
659 __be16 port = nla_get_be16(info->attrs[FOU_ATTR_PORT]);
660
661 cfg->udp_config.local_udp_port = port;
662 }
663
664 if (info->attrs[FOU_ATTR_IPPROTO])
665 cfg->protocol = nla_get_u8(info->attrs[FOU_ATTR_IPPROTO]);
666
667 if (info->attrs[FOU_ATTR_TYPE])
668 cfg->type = nla_get_u8(info->attrs[FOU_ATTR_TYPE]);
669
670 if (info->attrs[FOU_ATTR_REMCSUM_NOPARTIAL])
671 cfg->flags |= FOU_F_REMCSUM_NOPARTIAL;
672
673 return 0;
674 }
675
676 static int fou_nl_cmd_add_port(struct sk_buff *skb, struct genl_info *info)
677 {
678 struct net *net = genl_info_net(info);
679 struct fou_cfg cfg;
680 int err;
681
682 err = parse_nl_config(info, &cfg);
683 if (err)
684 return err;
685
686 return fou_create(net, &cfg, NULL);
687 }
688
689 static int fou_nl_cmd_rm_port(struct sk_buff *skb, struct genl_info *info)
690 {
691 struct net *net = genl_info_net(info);
692 struct fou_cfg cfg;
693 int err;
694
695 err = parse_nl_config(info, &cfg);
696 if (err)
697 return err;
698
699 return fou_destroy(net, &cfg);
700 }
701
702 static int fou_fill_info(struct fou *fou, struct sk_buff *msg)
703 {
704 if (nla_put_u8(msg, FOU_ATTR_AF, fou->sock->sk->sk_family) ||
705 nla_put_be16(msg, FOU_ATTR_PORT, fou->port) ||
706 nla_put_u8(msg, FOU_ATTR_IPPROTO, fou->protocol) ||
707 nla_put_u8(msg, FOU_ATTR_TYPE, fou->type))
708 return -1;
709
710 if (fou->flags & FOU_F_REMCSUM_NOPARTIAL)
711 if (nla_put_flag(msg, FOU_ATTR_REMCSUM_NOPARTIAL))
712 return -1;
713 return 0;
714 }
715
716 static int fou_dump_info(struct fou *fou, u32 portid, u32 seq,
717 u32 flags, struct sk_buff *skb, u8 cmd)
718 {
719 void *hdr;
720
721 hdr = genlmsg_put(skb, portid, seq, &fou_nl_family, flags, cmd);
722 if (!hdr)
723 return -ENOMEM;
724
725 if (fou_fill_info(fou, skb) < 0)
726 goto nla_put_failure;
727
728 genlmsg_end(skb, hdr);
729 return 0;
730
731 nla_put_failure:
732 genlmsg_cancel(skb, hdr);
733 return -EMSGSIZE;
734 }
735
736 static int fou_nl_cmd_get_port(struct sk_buff *skb, struct genl_info *info)
737 {
738 struct net *net = genl_info_net(info);
739 struct fou_net *fn = net_generic(net, fou_net_id);
740 struct sk_buff *msg;
741 struct fou_cfg cfg;
742 struct fou *fout;
743 __be16 port;
744 u8 family;
745 int ret;
746
747 ret = parse_nl_config(info, &cfg);
748 if (ret)
749 return ret;
750 port = cfg.udp_config.local_udp_port;
751 if (port == 0)
752 return -EINVAL;
753
754 family = cfg.udp_config.family;
755 if (family != AF_INET && family != AF_INET6)
756 return -EINVAL;
757
758 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
759 if (!msg)
760 return -ENOMEM;
761
762 ret = -ESRCH;
763 mutex_lock(&fn->fou_lock);
764 list_for_each_entry(fout, &fn->fou_list, list) {
765 if (port == fout->port && family == fout->family) {
766 ret = fou_dump_info(fout, info->snd_portid,
767 info->snd_seq, 0, msg,
768 info->genlhdr->cmd);
769 break;
770 }
771 }
772 mutex_unlock(&fn->fou_lock);
773 if (ret < 0)
774 goto out_free;
775
776 return genlmsg_reply(msg, info);
777
778 out_free:
779 nlmsg_free(msg);
780 return ret;
781 }
782
783 static int fou_nl_dump(struct sk_buff *skb, struct netlink_callback *cb)
784 {
785 struct net *net = sock_net(skb->sk);
786 struct fou_net *fn = net_generic(net, fou_net_id);
787 struct fou *fout;
788 int idx = 0, ret;
789
790 mutex_lock(&fn->fou_lock);
791 list_for_each_entry(fout, &fn->fou_list, list) {
792 if (idx++ < cb->args[0])
793 continue;
794 ret = fou_dump_info(fout, NETLINK_CB(cb->skb).portid,
795 cb->nlh->nlmsg_seq, NLM_F_MULTI,
796 skb, FOU_CMD_GET);
797 if (ret)
798 break;
799 }
800 mutex_unlock(&fn->fou_lock);
801
802 cb->args[0] = idx;
803 return skb->len;
804 }
805
806 static const struct genl_ops fou_nl_ops[] = {
807 {
808 .cmd = FOU_CMD_ADD,
809 .doit = fou_nl_cmd_add_port,
810 .policy = fou_nl_policy,
811 .flags = GENL_ADMIN_PERM,
812 },
813 {
814 .cmd = FOU_CMD_DEL,
815 .doit = fou_nl_cmd_rm_port,
816 .policy = fou_nl_policy,
817 .flags = GENL_ADMIN_PERM,
818 },
819 {
820 .cmd = FOU_CMD_GET,
821 .doit = fou_nl_cmd_get_port,
822 .dumpit = fou_nl_dump,
823 .policy = fou_nl_policy,
824 },
825 };
826
827 static struct genl_family fou_nl_family __ro_after_init = {
828 .hdrsize = 0,
829 .name = FOU_GENL_NAME,
830 .version = FOU_GENL_VERSION,
831 .maxattr = FOU_ATTR_MAX,
832 .netnsok = true,
833 .module = THIS_MODULE,
834 .ops = fou_nl_ops,
835 .n_ops = ARRAY_SIZE(fou_nl_ops),
836 };
837
838 size_t fou_encap_hlen(struct ip_tunnel_encap *e)
839 {
840 return sizeof(struct udphdr);
841 }
842 EXPORT_SYMBOL(fou_encap_hlen);
843
844 size_t gue_encap_hlen(struct ip_tunnel_encap *e)
845 {
846 size_t len;
847 bool need_priv = false;
848
849 len = sizeof(struct udphdr) + sizeof(struct guehdr);
850
851 if (e->flags & TUNNEL_ENCAP_FLAG_REMCSUM) {
852 len += GUE_PLEN_REMCSUM;
853 need_priv = true;
854 }
855
856 len += need_priv ? GUE_LEN_PRIV : 0;
857
858 return len;
859 }
860 EXPORT_SYMBOL(gue_encap_hlen);
861
862 static void fou_build_udp(struct sk_buff *skb, struct ip_tunnel_encap *e,
863 struct flowi4 *fl4, u8 *protocol, __be16 sport)
864 {
865 struct udphdr *uh;
866
867 skb_push(skb, sizeof(struct udphdr));
868 skb_reset_transport_header(skb);
869
870 uh = udp_hdr(skb);
871
872 uh->dest = e->dport;
873 uh->source = sport;
874 uh->len = htons(skb->len);
875 udp_set_csum(!(e->flags & TUNNEL_ENCAP_FLAG_CSUM), skb,
876 fl4->saddr, fl4->daddr, skb->len);
877
878 *protocol = IPPROTO_UDP;
879 }
880
881 int __fou_build_header(struct sk_buff *skb, struct ip_tunnel_encap *e,
882 u8 *protocol, __be16 *sport, int type)
883 {
884 int err;
885
886 err = iptunnel_handle_offloads(skb, type);
887 if (err)
888 return err;
889
890 *sport = e->sport ? : udp_flow_src_port(dev_net(skb->dev),
891 skb, 0, 0, false);
892
893 return 0;
894 }
895 EXPORT_SYMBOL(__fou_build_header);
896
897 int fou_build_header(struct sk_buff *skb, struct ip_tunnel_encap *e,
898 u8 *protocol, struct flowi4 *fl4)
899 {
900 int type = e->flags & TUNNEL_ENCAP_FLAG_CSUM ? SKB_GSO_UDP_TUNNEL_CSUM :
901 SKB_GSO_UDP_TUNNEL;
902 __be16 sport;
903 int err;
904
905 err = __fou_build_header(skb, e, protocol, &sport, type);
906 if (err)
907 return err;
908
909 fou_build_udp(skb, e, fl4, protocol, sport);
910
911 return 0;
912 }
913 EXPORT_SYMBOL(fou_build_header);
914
915 int __gue_build_header(struct sk_buff *skb, struct ip_tunnel_encap *e,
916 u8 *protocol, __be16 *sport, int type)
917 {
918 struct guehdr *guehdr;
919 size_t hdrlen, optlen = 0;
920 void *data;
921 bool need_priv = false;
922 int err;
923
924 if ((e->flags & TUNNEL_ENCAP_FLAG_REMCSUM) &&
925 skb->ip_summed == CHECKSUM_PARTIAL) {
926 optlen += GUE_PLEN_REMCSUM;
927 type |= SKB_GSO_TUNNEL_REMCSUM;
928 need_priv = true;
929 }
930
931 optlen += need_priv ? GUE_LEN_PRIV : 0;
932
933 err = iptunnel_handle_offloads(skb, type);
934 if (err)
935 return err;
936
937 /* Get source port (based on flow hash) before skb_push */
938 *sport = e->sport ? : udp_flow_src_port(dev_net(skb->dev),
939 skb, 0, 0, false);
940
941 hdrlen = sizeof(struct guehdr) + optlen;
942
943 skb_push(skb, hdrlen);
944
945 guehdr = (struct guehdr *)skb->data;
946
947 guehdr->control = 0;
948 guehdr->version = 0;
949 guehdr->hlen = optlen >> 2;
950 guehdr->flags = 0;
951 guehdr->proto_ctype = *protocol;
952
953 data = &guehdr[1];
954
955 if (need_priv) {
956 __be32 *flags = data;
957
958 guehdr->flags |= GUE_FLAG_PRIV;
959 *flags = 0;
960 data += GUE_LEN_PRIV;
961
962 if (type & SKB_GSO_TUNNEL_REMCSUM) {
963 u16 csum_start = skb_checksum_start_offset(skb);
964 __be16 *pd = data;
965
966 if (csum_start < hdrlen)
967 return -EINVAL;
968
969 csum_start -= hdrlen;
970 pd[0] = htons(csum_start);
971 pd[1] = htons(csum_start + skb->csum_offset);
972
973 if (!skb_is_gso(skb)) {
974 skb->ip_summed = CHECKSUM_NONE;
975 skb->encapsulation = 0;
976 }
977
978 *flags |= GUE_PFLAG_REMCSUM;
979 data += GUE_PLEN_REMCSUM;
980 }
981
982 }
983
984 return 0;
985 }
986 EXPORT_SYMBOL(__gue_build_header);
987
988 int gue_build_header(struct sk_buff *skb, struct ip_tunnel_encap *e,
989 u8 *protocol, struct flowi4 *fl4)
990 {
991 int type = e->flags & TUNNEL_ENCAP_FLAG_CSUM ? SKB_GSO_UDP_TUNNEL_CSUM :
992 SKB_GSO_UDP_TUNNEL;
993 __be16 sport;
994 int err;
995
996 err = __gue_build_header(skb, e, protocol, &sport, type);
997 if (err)
998 return err;
999
1000 fou_build_udp(skb, e, fl4, protocol, sport);
1001
1002 return 0;
1003 }
1004 EXPORT_SYMBOL(gue_build_header);
1005
1006 #ifdef CONFIG_NET_FOU_IP_TUNNELS
1007
1008 static const struct ip_tunnel_encap_ops fou_iptun_ops = {
1009 .encap_hlen = fou_encap_hlen,
1010 .build_header = fou_build_header,
1011 };
1012
1013 static const struct ip_tunnel_encap_ops gue_iptun_ops = {
1014 .encap_hlen = gue_encap_hlen,
1015 .build_header = gue_build_header,
1016 };
1017
1018 static int ip_tunnel_encap_add_fou_ops(void)
1019 {
1020 int ret;
1021
1022 ret = ip_tunnel_encap_add_ops(&fou_iptun_ops, TUNNEL_ENCAP_FOU);
1023 if (ret < 0) {
1024 pr_err("can't add fou ops\n");
1025 return ret;
1026 }
1027
1028 ret = ip_tunnel_encap_add_ops(&gue_iptun_ops, TUNNEL_ENCAP_GUE);
1029 if (ret < 0) {
1030 pr_err("can't add gue ops\n");
1031 ip_tunnel_encap_del_ops(&fou_iptun_ops, TUNNEL_ENCAP_FOU);
1032 return ret;
1033 }
1034
1035 return 0;
1036 }
1037
1038 static void ip_tunnel_encap_del_fou_ops(void)
1039 {
1040 ip_tunnel_encap_del_ops(&fou_iptun_ops, TUNNEL_ENCAP_FOU);
1041 ip_tunnel_encap_del_ops(&gue_iptun_ops, TUNNEL_ENCAP_GUE);
1042 }
1043
1044 #else
1045
1046 static int ip_tunnel_encap_add_fou_ops(void)
1047 {
1048 return 0;
1049 }
1050
1051 static void ip_tunnel_encap_del_fou_ops(void)
1052 {
1053 }
1054
1055 #endif
1056
1057 static __net_init int fou_init_net(struct net *net)
1058 {
1059 struct fou_net *fn = net_generic(net, fou_net_id);
1060
1061 INIT_LIST_HEAD(&fn->fou_list);
1062 mutex_init(&fn->fou_lock);
1063 return 0;
1064 }
1065
1066 static __net_exit void fou_exit_net(struct net *net)
1067 {
1068 struct fou_net *fn = net_generic(net, fou_net_id);
1069 struct fou *fou, *next;
1070
1071 /* Close all the FOU sockets */
1072 mutex_lock(&fn->fou_lock);
1073 list_for_each_entry_safe(fou, next, &fn->fou_list, list)
1074 fou_release(fou);
1075 mutex_unlock(&fn->fou_lock);
1076 }
1077
1078 static struct pernet_operations fou_net_ops = {
1079 .init = fou_init_net,
1080 .exit = fou_exit_net,
1081 .id = &fou_net_id,
1082 .size = sizeof(struct fou_net),
1083 };
1084
1085 static int __init fou_init(void)
1086 {
1087 int ret;
1088
1089 ret = register_pernet_device(&fou_net_ops);
1090 if (ret)
1091 goto exit;
1092
1093 ret = genl_register_family(&fou_nl_family);
1094 if (ret < 0)
1095 goto unregister;
1096
1097 ret = ip_tunnel_encap_add_fou_ops();
1098 if (ret == 0)
1099 return 0;
1100
1101 genl_unregister_family(&fou_nl_family);
1102 unregister:
1103 unregister_pernet_device(&fou_net_ops);
1104 exit:
1105 return ret;
1106 }
1107
1108 static void __exit fou_fini(void)
1109 {
1110 ip_tunnel_encap_del_fou_ops();
1111 genl_unregister_family(&fou_nl_family);
1112 unregister_pernet_device(&fou_net_ops);
1113 }
1114
1115 module_init(fou_init);
1116 module_exit(fou_fini);
1117 MODULE_AUTHOR("Tom Herbert <therbert@google.com>");
1118 MODULE_LICENSE("GPL");
Linux with added FPC-III support