search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Linux 5.7.7
[linux/fpc-iii.git] / net / sched / act_tunnel_key.c
blob536c4bc31be60c35d0881fd3380aaebb42ab2d69
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) 2016, Amir Vadai <amir@vadai.me>
4 * Copyright (c) 2016, Mellanox Technologies. All rights reserved.
5 */
6
7 #include <linux/module.h>
8 #include <linux/init.h>
9 #include <linux/kernel.h>
10 #include <linux/skbuff.h>
11 #include <linux/rtnetlink.h>
12 #include <net/geneve.h>
13 #include <net/vxlan.h>
14 #include <net/erspan.h>
15 #include <net/netlink.h>
16 #include <net/pkt_sched.h>
17 #include <net/dst.h>
18 #include <net/pkt_cls.h>
19
20 #include <linux/tc_act/tc_tunnel_key.h>
21 #include <net/tc_act/tc_tunnel_key.h>
22
23 static unsigned int tunnel_key_net_id;
24 static struct tc_action_ops act_tunnel_key_ops;
25
26 static int tunnel_key_act(struct sk_buff *skb, const struct tc_action *a,
27 struct tcf_result *res)
28 {
29 struct tcf_tunnel_key *t = to_tunnel_key(a);
30 struct tcf_tunnel_key_params *params;
31 int action;
32
33 params = rcu_dereference_bh(t->params);
34
35 tcf_lastuse_update(&t->tcf_tm);
36 tcf_action_update_bstats(&t->common, skb);
37 action = READ_ONCE(t->tcf_action);
38
39 switch (params->tcft_action) {
40 case TCA_TUNNEL_KEY_ACT_RELEASE:
41 skb_dst_drop(skb);
42 break;
43 case TCA_TUNNEL_KEY_ACT_SET:
44 skb_dst_drop(skb);
45 skb_dst_set(skb, dst_clone(&params->tcft_enc_metadata->dst));
46 break;
47 default:
48 WARN_ONCE(1, "Bad tunnel_key action %d.\n",
49 params->tcft_action);
50 break;
51 }
52
53 return action;
54 }
55
56 static const struct nla_policy
57 enc_opts_policy[TCA_TUNNEL_KEY_ENC_OPTS_MAX + 1] = {
58 [TCA_TUNNEL_KEY_ENC_OPTS_UNSPEC] = {
59 .strict_start_type = TCA_TUNNEL_KEY_ENC_OPTS_VXLAN },
60 [TCA_TUNNEL_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED },
61 [TCA_TUNNEL_KEY_ENC_OPTS_VXLAN] = { .type = NLA_NESTED },
62 [TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN] = { .type = NLA_NESTED },
63 };
64
65 static const struct nla_policy
66 geneve_opt_policy[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_MAX + 1] = {
67 [TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 },
68 [TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 },
69 [TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY,
70 .len = 128 },
71 };
72
73 static const struct nla_policy
74 vxlan_opt_policy[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_MAX + 1] = {
75 [TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP] = { .type = NLA_U32 },
76 };
77
78 static const struct nla_policy
79 erspan_opt_policy[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_MAX + 1] = {
80 [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER] = { .type = NLA_U8 },
81 [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX] = { .type = NLA_U32 },
82 [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR] = { .type = NLA_U8 },
83 [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID] = { .type = NLA_U8 },
84 };
85
86 static int
87 tunnel_key_copy_geneve_opt(const struct nlattr *nla, void *dst, int dst_len,
88 struct netlink_ext_ack *extack)
89 {
90 struct nlattr *tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_MAX + 1];
91 int err, data_len, opt_len;
92 u8 *data;
93
94 err = nla_parse_nested_deprecated(tb,
95 TCA_TUNNEL_KEY_ENC_OPT_GENEVE_MAX,
96 nla, geneve_opt_policy, extack);
97 if (err < 0)
98 return err;
99
100 if (!tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS] ||
101 !tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE] ||
102 !tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA]) {
103 NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data");
104 return -EINVAL;
105 }
106
107 data = nla_data(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA]);
108 data_len = nla_len(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA]);
109 if (data_len < 4) {
110 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long");
111 return -ERANGE;
112 }
113 if (data_len % 4) {
114 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long");
115 return -ERANGE;
116 }
117
118 opt_len = sizeof(struct geneve_opt) + data_len;
119 if (dst) {
120 struct geneve_opt *opt = dst;
121
122 WARN_ON(dst_len < opt_len);
123
124 opt->opt_class =
125 nla_get_be16(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS]);
126 opt->type = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE]);
127 opt->length = data_len / 4; /* length is in units of 4 bytes */
128 opt->r1 = 0;
129 opt->r2 = 0;
130 opt->r3 = 0;
131
132 memcpy(opt + 1, data, data_len);
133 }
134
135 return opt_len;
136 }
137
138 static int
139 tunnel_key_copy_vxlan_opt(const struct nlattr *nla, void *dst, int dst_len,
140 struct netlink_ext_ack *extack)
141 {
142 struct nlattr *tb[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_MAX + 1];
143 int err;
144
145 err = nla_parse_nested(tb, TCA_TUNNEL_KEY_ENC_OPT_VXLAN_MAX, nla,
146 vxlan_opt_policy, extack);
147 if (err < 0)
148 return err;
149
150 if (!tb[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP]) {
151 NL_SET_ERR_MSG(extack, "Missing tunnel key vxlan option gbp");
152 return -EINVAL;
153 }
154
155 if (dst) {
156 struct vxlan_metadata *md = dst;
157
158 md->gbp = nla_get_u32(tb[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP]);
159 }
160
161 return sizeof(struct vxlan_metadata);
162 }
163
164 static int
165 tunnel_key_copy_erspan_opt(const struct nlattr *nla, void *dst, int dst_len,
166 struct netlink_ext_ack *extack)
167 {
168 struct nlattr *tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_MAX + 1];
169 int err;
170 u8 ver;
171
172 err = nla_parse_nested(tb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_MAX, nla,
173 erspan_opt_policy, extack);
174 if (err < 0)
175 return err;
176
177 if (!tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER]) {
178 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option ver");
179 return -EINVAL;
180 }
181
182 ver = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER]);
183 if (ver == 1) {
184 if (!tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX]) {
185 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option index");
186 return -EINVAL;
187 }
188 } else if (ver == 2) {
189 if (!tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR] ||
190 !tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID]) {
191 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option dir or hwid");
192 return -EINVAL;
193 }
194 } else {
195 NL_SET_ERR_MSG(extack, "Tunnel key erspan option ver is incorrect");
196 return -EINVAL;
197 }
198
199 if (dst) {
200 struct erspan_metadata *md = dst;
201
202 md->version = ver;
203 if (ver == 1) {
204 nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX];
205 md->u.index = nla_get_be32(nla);
206 } else {
207 nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR];
208 md->u.md2.dir = nla_get_u8(nla);
209 nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID];
210 set_hwid(&md->u.md2, nla_get_u8(nla));
211 }
212 }
213
214 return sizeof(struct erspan_metadata);
215 }
216
217 static int tunnel_key_copy_opts(const struct nlattr *nla, u8 *dst,
218 int dst_len, struct netlink_ext_ack *extack)
219 {
220 int err, rem, opt_len, len = nla_len(nla), opts_len = 0, type = 0;
221 const struct nlattr *attr, *head = nla_data(nla);
222
223 err = nla_validate_deprecated(head, len, TCA_TUNNEL_KEY_ENC_OPTS_MAX,
224 enc_opts_policy, extack);
225 if (err)
226 return err;
227
228 nla_for_each_attr(attr, head, len, rem) {
229 switch (nla_type(attr)) {
230 case TCA_TUNNEL_KEY_ENC_OPTS_GENEVE:
231 if (type && type != TUNNEL_GENEVE_OPT) {
232 NL_SET_ERR_MSG(extack, "Duplicate type for geneve options");
233 return -EINVAL;
234 }
235 opt_len = tunnel_key_copy_geneve_opt(attr, dst,
236 dst_len, extack);
237 if (opt_len < 0)
238 return opt_len;
239 opts_len += opt_len;
240 if (opts_len > IP_TUNNEL_OPTS_MAX) {
241 NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size");
242 return -EINVAL;
243 }
244 if (dst) {
245 dst_len -= opt_len;
246 dst += opt_len;
247 }
248 type = TUNNEL_GENEVE_OPT;
249 break;
250 case TCA_TUNNEL_KEY_ENC_OPTS_VXLAN:
251 if (type) {
252 NL_SET_ERR_MSG(extack, "Duplicate type for vxlan options");
253 return -EINVAL;
254 }
255 opt_len = tunnel_key_copy_vxlan_opt(attr, dst,
256 dst_len, extack);
257 if (opt_len < 0)
258 return opt_len;
259 opts_len += opt_len;
260 type = TUNNEL_VXLAN_OPT;
261 break;
262 case TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN:
263 if (type) {
264 NL_SET_ERR_MSG(extack, "Duplicate type for erspan options");
265 return -EINVAL;
266 }
267 opt_len = tunnel_key_copy_erspan_opt(attr, dst,
268 dst_len, extack);
269 if (opt_len < 0)
270 return opt_len;
271 opts_len += opt_len;
272 type = TUNNEL_ERSPAN_OPT;
273 break;
274 }
275 }
276
277 if (!opts_len) {
278 NL_SET_ERR_MSG(extack, "Empty list of tunnel options");
279 return -EINVAL;
280 }
281
282 if (rem > 0) {
283 NL_SET_ERR_MSG(extack, "Trailing data after parsing tunnel key options attributes");
284 return -EINVAL;
285 }
286
287 return opts_len;
288 }
289
290 static int tunnel_key_get_opts_len(struct nlattr *nla,
291 struct netlink_ext_ack *extack)
292 {
293 return tunnel_key_copy_opts(nla, NULL, 0, extack);
294 }
295
296 static int tunnel_key_opts_set(struct nlattr *nla, struct ip_tunnel_info *info,
297 int opts_len, struct netlink_ext_ack *extack)
298 {
299 info->options_len = opts_len;
300 switch (nla_type(nla_data(nla))) {
301 case TCA_TUNNEL_KEY_ENC_OPTS_GENEVE:
302 #if IS_ENABLED(CONFIG_INET)
303 info->key.tun_flags |= TUNNEL_GENEVE_OPT;
304 return tunnel_key_copy_opts(nla, ip_tunnel_info_opts(info),
305 opts_len, extack);
306 #else
307 return -EAFNOSUPPORT;
308 #endif
309 case TCA_TUNNEL_KEY_ENC_OPTS_VXLAN:
310 #if IS_ENABLED(CONFIG_INET)
311 info->key.tun_flags |= TUNNEL_VXLAN_OPT;
312 return tunnel_key_copy_opts(nla, ip_tunnel_info_opts(info),
313 opts_len, extack);
314 #else
315 return -EAFNOSUPPORT;
316 #endif
317 case TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN:
318 #if IS_ENABLED(CONFIG_INET)
319 info->key.tun_flags |= TUNNEL_ERSPAN_OPT;
320 return tunnel_key_copy_opts(nla, ip_tunnel_info_opts(info),
321 opts_len, extack);
322 #else
323 return -EAFNOSUPPORT;
324 #endif
325 default:
326 NL_SET_ERR_MSG(extack, "Cannot set tunnel options for unknown tunnel type");
327 return -EINVAL;
328 }
329 }
330
331 static const struct nla_policy tunnel_key_policy[TCA_TUNNEL_KEY_MAX + 1] = {
332 [TCA_TUNNEL_KEY_PARMS] = { .len = sizeof(struct tc_tunnel_key) },
333 [TCA_TUNNEL_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
334 [TCA_TUNNEL_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
335 [TCA_TUNNEL_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
336 [TCA_TUNNEL_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
337 [TCA_TUNNEL_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
338 [TCA_TUNNEL_KEY_ENC_DST_PORT] = {.type = NLA_U16},
339 [TCA_TUNNEL_KEY_NO_CSUM] = { .type = NLA_U8 },
340 [TCA_TUNNEL_KEY_ENC_OPTS] = { .type = NLA_NESTED },
341 [TCA_TUNNEL_KEY_ENC_TOS] = { .type = NLA_U8 },
342 [TCA_TUNNEL_KEY_ENC_TTL] = { .type = NLA_U8 },
343 };
344
345 static void tunnel_key_release_params(struct tcf_tunnel_key_params *p)
346 {
347 if (!p)
348 return;
349 if (p->tcft_action == TCA_TUNNEL_KEY_ACT_SET)
350 dst_release(&p->tcft_enc_metadata->dst);
351
352 kfree_rcu(p, rcu);
353 }
354
355 static int tunnel_key_init(struct net *net, struct nlattr *nla,
356 struct nlattr *est, struct tc_action **a,
357 int ovr, int bind, bool rtnl_held,
358 struct tcf_proto *tp, u32 act_flags,
359 struct netlink_ext_ack *extack)
360 {
361 struct tc_action_net *tn = net_generic(net, tunnel_key_net_id);
362 struct nlattr *tb[TCA_TUNNEL_KEY_MAX + 1];
363 struct tcf_tunnel_key_params *params_new;
364 struct metadata_dst *metadata = NULL;
365 struct tcf_chain *goto_ch = NULL;
366 struct tc_tunnel_key *parm;
367 struct tcf_tunnel_key *t;
368 bool exists = false;
369 __be16 dst_port = 0;
370 __be64 key_id = 0;
371 int opts_len = 0;
372 __be16 flags = 0;
373 u8 tos, ttl;
374 int ret = 0;
375 u32 index;
376 int err;
377
378 if (!nla) {
379 NL_SET_ERR_MSG(extack, "Tunnel requires attributes to be passed");
380 return -EINVAL;
381 }
382
383 err = nla_parse_nested_deprecated(tb, TCA_TUNNEL_KEY_MAX, nla,
384 tunnel_key_policy, extack);
385 if (err < 0) {
386 NL_SET_ERR_MSG(extack, "Failed to parse nested tunnel key attributes");
387 return err;
388 }
389
390 if (!tb[TCA_TUNNEL_KEY_PARMS]) {
391 NL_SET_ERR_MSG(extack, "Missing tunnel key parameters");
392 return -EINVAL;
393 }
394
395 parm = nla_data(tb[TCA_TUNNEL_KEY_PARMS]);
396 index = parm->index;
397 err = tcf_idr_check_alloc(tn, &index, a, bind);
398 if (err < 0)
399 return err;
400 exists = err;
401 if (exists && bind)
402 return 0;
403
404 switch (parm->t_action) {
405 case TCA_TUNNEL_KEY_ACT_RELEASE:
406 break;
407 case TCA_TUNNEL_KEY_ACT_SET:
408 if (tb[TCA_TUNNEL_KEY_ENC_KEY_ID]) {
409 __be32 key32;
410
411 key32 = nla_get_be32(tb[TCA_TUNNEL_KEY_ENC_KEY_ID]);
412 key_id = key32_to_tunnel_id(key32);
413 flags = TUNNEL_KEY;
414 }
415
416 flags |= TUNNEL_CSUM;
417 if (tb[TCA_TUNNEL_KEY_NO_CSUM] &&
418 nla_get_u8(tb[TCA_TUNNEL_KEY_NO_CSUM]))
419 flags &= ~TUNNEL_CSUM;
420
421 if (tb[TCA_TUNNEL_KEY_ENC_DST_PORT])
422 dst_port = nla_get_be16(tb[TCA_TUNNEL_KEY_ENC_DST_PORT]);
423
424 if (tb[TCA_TUNNEL_KEY_ENC_OPTS]) {
425 opts_len = tunnel_key_get_opts_len(tb[TCA_TUNNEL_KEY_ENC_OPTS],
426 extack);
427 if (opts_len < 0) {
428 ret = opts_len;
429 goto err_out;
430 }
431 }
432
433 tos = 0;
434 if (tb[TCA_TUNNEL_KEY_ENC_TOS])
435 tos = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_TOS]);
436 ttl = 0;
437 if (tb[TCA_TUNNEL_KEY_ENC_TTL])
438 ttl = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_TTL]);
439
440 if (tb[TCA_TUNNEL_KEY_ENC_IPV4_SRC] &&
441 tb[TCA_TUNNEL_KEY_ENC_IPV4_DST]) {
442 __be32 saddr;
443 __be32 daddr;
444
445 saddr = nla_get_in_addr(tb[TCA_TUNNEL_KEY_ENC_IPV4_SRC]);
446 daddr = nla_get_in_addr(tb[TCA_TUNNEL_KEY_ENC_IPV4_DST]);
447
448 metadata = __ip_tun_set_dst(saddr, daddr, tos, ttl,
449 dst_port, flags,
450 key_id, opts_len);
451 } else if (tb[TCA_TUNNEL_KEY_ENC_IPV6_SRC] &&
452 tb[TCA_TUNNEL_KEY_ENC_IPV6_DST]) {
453 struct in6_addr saddr;
454 struct in6_addr daddr;
455
456 saddr = nla_get_in6_addr(tb[TCA_TUNNEL_KEY_ENC_IPV6_SRC]);
457 daddr = nla_get_in6_addr(tb[TCA_TUNNEL_KEY_ENC_IPV6_DST]);
458
459 metadata = __ipv6_tun_set_dst(&saddr, &daddr, tos, ttl, dst_port,
460 0, flags,
461 key_id, 0);
462 } else {
463 NL_SET_ERR_MSG(extack, "Missing either ipv4 or ipv6 src and dst");
464 ret = -EINVAL;
465 goto err_out;
466 }
467
468 if (!metadata) {
469 NL_SET_ERR_MSG(extack, "Cannot allocate tunnel metadata dst");
470 ret = -ENOMEM;
471 goto err_out;
472 }
473
474 #ifdef CONFIG_DST_CACHE
475 ret = dst_cache_init(&metadata->u.tun_info.dst_cache, GFP_KERNEL);
476 if (ret)
477 goto release_tun_meta;
478 #endif
479
480 if (opts_len) {
481 ret = tunnel_key_opts_set(tb[TCA_TUNNEL_KEY_ENC_OPTS],
482 &metadata->u.tun_info,
483 opts_len, extack);
484 if (ret < 0)
485 goto release_tun_meta;
486 }
487
488 metadata->u.tun_info.mode |= IP_TUNNEL_INFO_TX;
489 break;
490 default:
491 NL_SET_ERR_MSG(extack, "Unknown tunnel key action");
492 ret = -EINVAL;
493 goto err_out;
494 }
495
496 if (!exists) {
497 ret = tcf_idr_create_from_flags(tn, index, est, a,
498 &act_tunnel_key_ops, bind,
499 act_flags);
500 if (ret) {
501 NL_SET_ERR_MSG(extack, "Cannot create TC IDR");
502 goto release_tun_meta;
503 }
504
505 ret = ACT_P_CREATED;
506 } else if (!ovr) {
507 NL_SET_ERR_MSG(extack, "TC IDR already exists");
508 ret = -EEXIST;
509 goto release_tun_meta;
510 }
511
512 err = tcf_action_check_ctrlact(parm->action, tp, &goto_ch, extack);
513 if (err < 0) {
514 ret = err;
515 exists = true;
516 goto release_tun_meta;
517 }
518 t = to_tunnel_key(*a);
519
520 params_new = kzalloc(sizeof(*params_new), GFP_KERNEL);
521 if (unlikely(!params_new)) {
522 NL_SET_ERR_MSG(extack, "Cannot allocate tunnel key parameters");
523 ret = -ENOMEM;
524 exists = true;
525 goto put_chain;
526 }
527 params_new->tcft_action = parm->t_action;
528 params_new->tcft_enc_metadata = metadata;
529
530 spin_lock_bh(&t->tcf_lock);
531 goto_ch = tcf_action_set_ctrlact(*a, parm->action, goto_ch);
532 params_new = rcu_replace_pointer(t->params, params_new,
533 lockdep_is_held(&t->tcf_lock));
534 spin_unlock_bh(&t->tcf_lock);
535 tunnel_key_release_params(params_new);
536 if (goto_ch)
537 tcf_chain_put_by_act(goto_ch);
538
539 if (ret == ACT_P_CREATED)
540 tcf_idr_insert(tn, *a);
541
542 return ret;
543
544 put_chain:
545 if (goto_ch)
546 tcf_chain_put_by_act(goto_ch);
547
548 release_tun_meta:
549 if (metadata)
550 dst_release(&metadata->dst);
551
552 err_out:
553 if (exists)
554 tcf_idr_release(*a, bind);
555 else
556 tcf_idr_cleanup(tn, index);
557 return ret;
558 }
559
560 static void tunnel_key_release(struct tc_action *a)
561 {
562 struct tcf_tunnel_key *t = to_tunnel_key(a);
563 struct tcf_tunnel_key_params *params;
564
565 params = rcu_dereference_protected(t->params, 1);
566 tunnel_key_release_params(params);
567 }
568
569 static int tunnel_key_geneve_opts_dump(struct sk_buff *skb,
570 const struct ip_tunnel_info *info)
571 {
572 int len = info->options_len;
573 u8 *src = (u8 *)(info + 1);
574 struct nlattr *start;
575
576 start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS_GENEVE);
577 if (!start)
578 return -EMSGSIZE;
579
580 while (len > 0) {
581 struct geneve_opt *opt = (struct geneve_opt *)src;
582
583 if (nla_put_be16(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS,
584 opt->opt_class) ||
585 nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE,
586 opt->type) ||
587 nla_put(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA,
588 opt->length * 4, opt + 1)) {
589 nla_nest_cancel(skb, start);
590 return -EMSGSIZE;
591 }
592
593 len -= sizeof(struct geneve_opt) + opt->length * 4;
594 src += sizeof(struct geneve_opt) + opt->length * 4;
595 }
596
597 nla_nest_end(skb, start);
598 return 0;
599 }
600
601 static int tunnel_key_vxlan_opts_dump(struct sk_buff *skb,
602 const struct ip_tunnel_info *info)
603 {
604 struct vxlan_metadata *md = (struct vxlan_metadata *)(info + 1);
605 struct nlattr *start;
606
607 start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS_VXLAN);
608 if (!start)
609 return -EMSGSIZE;
610
611 if (nla_put_u32(skb, TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP, md->gbp)) {
612 nla_nest_cancel(skb, start);
613 return -EMSGSIZE;
614 }
615
616 nla_nest_end(skb, start);
617 return 0;
618 }
619
620 static int tunnel_key_erspan_opts_dump(struct sk_buff *skb,
621 const struct ip_tunnel_info *info)
622 {
623 struct erspan_metadata *md = (struct erspan_metadata *)(info + 1);
624 struct nlattr *start;
625
626 start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN);
627 if (!start)
628 return -EMSGSIZE;
629
630 if (nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER, md->version))
631 goto err;
632
633 if (md->version == 1 &&
634 nla_put_be32(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX, md->u.index))
635 goto err;
636
637 if (md->version == 2 &&
638 (nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR,
639 md->u.md2.dir) ||
640 nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID,
641 get_hwid(&md->u.md2))))
642 goto err;
643
644 nla_nest_end(skb, start);
645 return 0;
646 err:
647 nla_nest_cancel(skb, start);
648 return -EMSGSIZE;
649 }
650
651 static int tunnel_key_opts_dump(struct sk_buff *skb,
652 const struct ip_tunnel_info *info)
653 {
654 struct nlattr *start;
655 int err = -EINVAL;
656
657 if (!info->options_len)
658 return 0;
659
660 start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS);
661 if (!start)
662 return -EMSGSIZE;
663
664 if (info->key.tun_flags & TUNNEL_GENEVE_OPT) {
665 err = tunnel_key_geneve_opts_dump(skb, info);
666 if (err)
667 goto err_out;
668 } else if (info->key.tun_flags & TUNNEL_VXLAN_OPT) {
669 err = tunnel_key_vxlan_opts_dump(skb, info);
670 if (err)
671 goto err_out;
672 } else if (info->key.tun_flags & TUNNEL_ERSPAN_OPT) {
673 err = tunnel_key_erspan_opts_dump(skb, info);
674 if (err)
675 goto err_out;
676 } else {
677 err_out:
678 nla_nest_cancel(skb, start);
679 return err;
680 }
681
682 nla_nest_end(skb, start);
683 return 0;
684 }
685
686 static int tunnel_key_dump_addresses(struct sk_buff *skb,
687 const struct ip_tunnel_info *info)
688 {
689 unsigned short family = ip_tunnel_info_af(info);
690
691 if (family == AF_INET) {
692 __be32 saddr = info->key.u.ipv4.src;
693 __be32 daddr = info->key.u.ipv4.dst;
694
695 if (!nla_put_in_addr(skb, TCA_TUNNEL_KEY_ENC_IPV4_SRC, saddr) &&
696 !nla_put_in_addr(skb, TCA_TUNNEL_KEY_ENC_IPV4_DST, daddr))
697 return 0;
698 }
699
700 if (family == AF_INET6) {
701 const struct in6_addr *saddr6 = &info->key.u.ipv6.src;
702 const struct in6_addr *daddr6 = &info->key.u.ipv6.dst;
703
704 if (!nla_put_in6_addr(skb,
705 TCA_TUNNEL_KEY_ENC_IPV6_SRC, saddr6) &&
706 !nla_put_in6_addr(skb,
707 TCA_TUNNEL_KEY_ENC_IPV6_DST, daddr6))
708 return 0;
709 }
710
711 return -EINVAL;
712 }
713
714 static int tunnel_key_dump(struct sk_buff *skb, struct tc_action *a,
715 int bind, int ref)
716 {
717 unsigned char *b = skb_tail_pointer(skb);
718 struct tcf_tunnel_key *t = to_tunnel_key(a);
719 struct tcf_tunnel_key_params *params;
720 struct tc_tunnel_key opt = {
721 .index = t->tcf_index,
722 .refcnt = refcount_read(&t->tcf_refcnt) - ref,
723 .bindcnt = atomic_read(&t->tcf_bindcnt) - bind,
724 };
725 struct tcf_t tm;
726
727 spin_lock_bh(&t->tcf_lock);
728 params = rcu_dereference_protected(t->params,
729 lockdep_is_held(&t->tcf_lock));
730 opt.action = t->tcf_action;
731 opt.t_action = params->tcft_action;
732
733 if (nla_put(skb, TCA_TUNNEL_KEY_PARMS, sizeof(opt), &opt))
734 goto nla_put_failure;
735
736 if (params->tcft_action == TCA_TUNNEL_KEY_ACT_SET) {
737 struct ip_tunnel_info *info =
738 &params->tcft_enc_metadata->u.tun_info;
739 struct ip_tunnel_key *key = &info->key;
740 __be32 key_id = tunnel_id_to_key32(key->tun_id);
741
742 if (((key->tun_flags & TUNNEL_KEY) &&
743 nla_put_be32(skb, TCA_TUNNEL_KEY_ENC_KEY_ID, key_id)) ||
744 tunnel_key_dump_addresses(skb,
745 &params->tcft_enc_metadata->u.tun_info) ||
746 (key->tp_dst &&
747 nla_put_be16(skb, TCA_TUNNEL_KEY_ENC_DST_PORT,
748 key->tp_dst)) ||
749 nla_put_u8(skb, TCA_TUNNEL_KEY_NO_CSUM,
750 !(key->tun_flags & TUNNEL_CSUM)) ||
751 tunnel_key_opts_dump(skb, info))
752 goto nla_put_failure;
753
754 if (key->tos && nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_TOS, key->tos))
755 goto nla_put_failure;
756
757 if (key->ttl && nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_TTL, key->ttl))
758 goto nla_put_failure;
759 }
760
761 tcf_tm_dump(&tm, &t->tcf_tm);
762 if (nla_put_64bit(skb, TCA_TUNNEL_KEY_TM, sizeof(tm),
763 &tm, TCA_TUNNEL_KEY_PAD))
764 goto nla_put_failure;
765 spin_unlock_bh(&t->tcf_lock);
766
767 return skb->len;
768
769 nla_put_failure:
770 spin_unlock_bh(&t->tcf_lock);
771 nlmsg_trim(skb, b);
772 return -1;
773 }
774
775 static int tunnel_key_walker(struct net *net, struct sk_buff *skb,
776 struct netlink_callback *cb, int type,
777 const struct tc_action_ops *ops,
778 struct netlink_ext_ack *extack)
779 {
780 struct tc_action_net *tn = net_generic(net, tunnel_key_net_id);
781
782 return tcf_generic_walker(tn, skb, cb, type, ops, extack);
783 }
784
785 static int tunnel_key_search(struct net *net, struct tc_action **a, u32 index)
786 {
787 struct tc_action_net *tn = net_generic(net, tunnel_key_net_id);
788
789 return tcf_idr_search(tn, a, index);
790 }
791
792 static struct tc_action_ops act_tunnel_key_ops = {
793 .kind = "tunnel_key",
794 .id = TCA_ID_TUNNEL_KEY,
795 .owner = THIS_MODULE,
796 .act = tunnel_key_act,
797 .dump = tunnel_key_dump,
798 .init = tunnel_key_init,
799 .cleanup = tunnel_key_release,
800 .walk = tunnel_key_walker,
801 .lookup = tunnel_key_search,
802 .size = sizeof(struct tcf_tunnel_key),
803 };
804
805 static __net_init int tunnel_key_init_net(struct net *net)
806 {
807 struct tc_action_net *tn = net_generic(net, tunnel_key_net_id);
808
809 return tc_action_net_init(net, tn, &act_tunnel_key_ops);
810 }
811
812 static void __net_exit tunnel_key_exit_net(struct list_head *net_list)
813 {
814 tc_action_net_exit(net_list, tunnel_key_net_id);
815 }
816
817 static struct pernet_operations tunnel_key_net_ops = {
818 .init = tunnel_key_init_net,
819 .exit_batch = tunnel_key_exit_net,
820 .id = &tunnel_key_net_id,
821 .size = sizeof(struct tc_action_net),
822 };
823
824 static int __init tunnel_key_init_module(void)
825 {
826 return tcf_register_action(&act_tunnel_key_ops, &tunnel_key_net_ops);
827 }
828
829 static void __exit tunnel_key_cleanup_module(void)
830 {
831 tcf_unregister_action(&act_tunnel_key_ops, &tunnel_key_net_ops);
832 }
833
834 module_init(tunnel_key_init_module);
835 module_exit(tunnel_key_cleanup_module);
836
837 MODULE_AUTHOR("Amir Vadai <amir@vadai.me>");
838 MODULE_DESCRIPTION("ip tunnel manipulation actions");
839 MODULE_LICENSE("GPL v2");
Linux with added FPC-III support