12874c5fdSThomas Gleixner // SPDX-License-Identifier: GPL-2.0-or-later 2d1df6fd8SDavid Lebrun /* 3d1df6fd8SDavid Lebrun * SR-IPv6 implementation 4d1df6fd8SDavid Lebrun * 5004d4b27SMathieu Xhonneux * Authors: 6d1df6fd8SDavid Lebrun * David Lebrun <david.lebrun@uclouvain.be> 7004d4b27SMathieu Xhonneux * eBPF support: Mathieu Xhonneux <m.xhonneux@gmail.com> 8d1df6fd8SDavid Lebrun */ 9d1df6fd8SDavid Lebrun 10d1df6fd8SDavid Lebrun #include <linux/types.h> 11d1df6fd8SDavid Lebrun #include <linux/skbuff.h> 12d1df6fd8SDavid Lebrun #include <linux/net.h> 13d1df6fd8SDavid Lebrun #include <linux/module.h> 14d1df6fd8SDavid Lebrun #include <net/ip.h> 15d1df6fd8SDavid Lebrun #include <net/lwtunnel.h> 16d1df6fd8SDavid Lebrun #include <net/netevent.h> 17d1df6fd8SDavid Lebrun #include <net/netns/generic.h> 18d1df6fd8SDavid Lebrun #include <net/ip6_fib.h> 19d1df6fd8SDavid Lebrun #include <net/route.h> 20d1df6fd8SDavid Lebrun #include <net/seg6.h> 21d1df6fd8SDavid Lebrun #include <linux/seg6.h> 22d1df6fd8SDavid Lebrun #include <linux/seg6_local.h> 23d1df6fd8SDavid Lebrun #include <net/addrconf.h> 24d1df6fd8SDavid Lebrun #include <net/ip6_route.h> 25d1df6fd8SDavid Lebrun #include <net/dst_cache.h> 2662ebaeaeSYuki Taguchi #include <net/ip_tunnels.h> 27d1df6fd8SDavid Lebrun #ifdef CONFIG_IPV6_SEG6_HMAC 28d1df6fd8SDavid Lebrun #include <net/seg6_hmac.h> 29d1df6fd8SDavid Lebrun #endif 301c1e761eSMathieu Xhonneux #include <net/seg6_local.h> 31891ef8ddSDavid Lebrun #include <linux/etherdevice.h> 32004d4b27SMathieu Xhonneux #include <linux/bpf.h> 33d1df6fd8SDavid Lebrun 34d1df6fd8SDavid Lebrun struct seg6_local_lwt; 35d1df6fd8SDavid Lebrun 36cfdf64a0SAndrea Mayer /* callbacks used for customizing the creation and destruction of a behavior */ 37cfdf64a0SAndrea Mayer struct seg6_local_lwtunnel_ops { 38cfdf64a0SAndrea Mayer int (*build_state)(struct seg6_local_lwt *slwt, const void *cfg, 39cfdf64a0SAndrea Mayer struct netlink_ext_ack *extack); 40cfdf64a0SAndrea Mayer void (*destroy_state)(struct seg6_local_lwt *slwt); 41cfdf64a0SAndrea Mayer }; 42cfdf64a0SAndrea Mayer 43d1df6fd8SDavid Lebrun struct seg6_action_desc { 44d1df6fd8SDavid Lebrun int action; 45d1df6fd8SDavid Lebrun unsigned long attrs; 460a3021f1SAndrea Mayer 470a3021f1SAndrea Mayer /* The optattrs field is used for specifying all the optional 480a3021f1SAndrea Mayer * attributes supported by a specific behavior. 490a3021f1SAndrea Mayer * It means that if one of these attributes is not provided in the 500a3021f1SAndrea Mayer * netlink message during the behavior creation, no errors will be 510a3021f1SAndrea Mayer * returned to the userspace. 520a3021f1SAndrea Mayer * 530a3021f1SAndrea Mayer * Each attribute can be only of two types (mutually exclusive): 540a3021f1SAndrea Mayer * 1) required or 2) optional. 550a3021f1SAndrea Mayer * Every user MUST obey to this rule! If you set an attribute as 560a3021f1SAndrea Mayer * required the same attribute CANNOT be set as optional and vice 570a3021f1SAndrea Mayer * versa. 580a3021f1SAndrea Mayer */ 590a3021f1SAndrea Mayer unsigned long optattrs; 600a3021f1SAndrea Mayer 61d1df6fd8SDavid Lebrun int (*input)(struct sk_buff *skb, struct seg6_local_lwt *slwt); 62d1df6fd8SDavid Lebrun int static_headroom; 63cfdf64a0SAndrea Mayer 64cfdf64a0SAndrea Mayer struct seg6_local_lwtunnel_ops slwt_ops; 65d1df6fd8SDavid Lebrun }; 66d1df6fd8SDavid Lebrun 67004d4b27SMathieu Xhonneux struct bpf_lwt_prog { 68004d4b27SMathieu Xhonneux struct bpf_prog *prog; 69004d4b27SMathieu Xhonneux char *name; 70004d4b27SMathieu Xhonneux }; 71004d4b27SMathieu Xhonneux 72664d6f86SAndrea Mayer enum seg6_end_dt_mode { 73664d6f86SAndrea Mayer DT_INVALID_MODE = -EINVAL, 74664d6f86SAndrea Mayer DT_LEGACY_MODE = 0, 75664d6f86SAndrea Mayer DT_VRF_MODE = 1, 76664d6f86SAndrea Mayer }; 77664d6f86SAndrea Mayer 78664d6f86SAndrea Mayer struct seg6_end_dt_info { 79664d6f86SAndrea Mayer enum seg6_end_dt_mode mode; 80664d6f86SAndrea Mayer 81664d6f86SAndrea Mayer struct net *net; 82664d6f86SAndrea Mayer /* VRF device associated to the routing table used by the SRv6 83664d6f86SAndrea Mayer * End.DT4/DT6 behavior for routing IPv4/IPv6 packets. 84664d6f86SAndrea Mayer */ 85664d6f86SAndrea Mayer int vrf_ifindex; 86664d6f86SAndrea Mayer int vrf_table; 87664d6f86SAndrea Mayer 88664d6f86SAndrea Mayer /* tunneled packet proto and family (IPv4 or IPv6) */ 89664d6f86SAndrea Mayer __be16 proto; 90664d6f86SAndrea Mayer u16 family; 91664d6f86SAndrea Mayer int hdrlen; 92664d6f86SAndrea Mayer }; 93664d6f86SAndrea Mayer 94d1df6fd8SDavid Lebrun struct seg6_local_lwt { 95d1df6fd8SDavid Lebrun int action; 96d1df6fd8SDavid Lebrun struct ipv6_sr_hdr *srh; 97d1df6fd8SDavid Lebrun int table; 98d1df6fd8SDavid Lebrun struct in_addr nh4; 99d1df6fd8SDavid Lebrun struct in6_addr nh6; 100d1df6fd8SDavid Lebrun int iif; 101d1df6fd8SDavid Lebrun int oif; 102004d4b27SMathieu Xhonneux struct bpf_lwt_prog bpf; 103664d6f86SAndrea Mayer #ifdef CONFIG_NET_L3_MASTER_DEV 104664d6f86SAndrea Mayer struct seg6_end_dt_info dt_info; 105664d6f86SAndrea Mayer #endif 106d1df6fd8SDavid Lebrun 107d1df6fd8SDavid Lebrun int headroom; 108d1df6fd8SDavid Lebrun struct seg6_action_desc *desc; 1090a3021f1SAndrea Mayer /* unlike the required attrs, we have to track the optional attributes 1100a3021f1SAndrea Mayer * that have been effectively parsed. 1110a3021f1SAndrea Mayer */ 1120a3021f1SAndrea Mayer unsigned long parsed_optattrs; 113d1df6fd8SDavid Lebrun }; 114d1df6fd8SDavid Lebrun 115d1df6fd8SDavid Lebrun static struct seg6_local_lwt *seg6_local_lwtunnel(struct lwtunnel_state *lwt) 116d1df6fd8SDavid Lebrun { 117d1df6fd8SDavid Lebrun return (struct seg6_local_lwt *)lwt->data; 118d1df6fd8SDavid Lebrun } 119d1df6fd8SDavid Lebrun 120140f04c3SDavid Lebrun static struct ipv6_sr_hdr *get_srh(struct sk_buff *skb) 121140f04c3SDavid Lebrun { 122140f04c3SDavid Lebrun struct ipv6_sr_hdr *srh; 1235829d70bSAhmed Abdelsalam int len, srhoff = 0; 124140f04c3SDavid Lebrun 1255829d70bSAhmed Abdelsalam if (ipv6_find_hdr(skb, &srhoff, IPPROTO_ROUTING, NULL, NULL) < 0) 126140f04c3SDavid Lebrun return NULL; 127140f04c3SDavid Lebrun 1285829d70bSAhmed Abdelsalam if (!pskb_may_pull(skb, srhoff + sizeof(*srh))) 1295829d70bSAhmed Abdelsalam return NULL; 1305829d70bSAhmed Abdelsalam 1315829d70bSAhmed Abdelsalam srh = (struct ipv6_sr_hdr *)(skb->data + srhoff); 1325829d70bSAhmed Abdelsalam 133140f04c3SDavid Lebrun len = (srh->hdrlen + 1) << 3; 134140f04c3SDavid Lebrun 1355829d70bSAhmed Abdelsalam if (!pskb_may_pull(skb, srhoff + len)) 136140f04c3SDavid Lebrun return NULL; 137140f04c3SDavid Lebrun 1387f91ed8cSAndrea Mayer /* note that pskb_may_pull may change pointers in header; 1397f91ed8cSAndrea Mayer * for this reason it is necessary to reload them when needed. 1407f91ed8cSAndrea Mayer */ 1417f91ed8cSAndrea Mayer srh = (struct ipv6_sr_hdr *)(skb->data + srhoff); 1427f91ed8cSAndrea Mayer 143bb986a50SAhmed Abdelsalam if (!seg6_validate_srh(srh, len, true)) 144140f04c3SDavid Lebrun return NULL; 145140f04c3SDavid Lebrun 146140f04c3SDavid Lebrun return srh; 147140f04c3SDavid Lebrun } 148140f04c3SDavid Lebrun 149140f04c3SDavid Lebrun static struct ipv6_sr_hdr *get_and_validate_srh(struct sk_buff *skb) 150140f04c3SDavid Lebrun { 151140f04c3SDavid Lebrun struct ipv6_sr_hdr *srh; 152140f04c3SDavid Lebrun 153140f04c3SDavid Lebrun srh = get_srh(skb); 154140f04c3SDavid Lebrun if (!srh) 155140f04c3SDavid Lebrun return NULL; 156140f04c3SDavid Lebrun 157140f04c3SDavid Lebrun if (srh->segments_left == 0) 158140f04c3SDavid Lebrun return NULL; 159140f04c3SDavid Lebrun 160140f04c3SDavid Lebrun #ifdef CONFIG_IPV6_SEG6_HMAC 161140f04c3SDavid Lebrun if (!seg6_hmac_validate_skb(skb)) 162140f04c3SDavid Lebrun return NULL; 163140f04c3SDavid Lebrun #endif 164140f04c3SDavid Lebrun 165140f04c3SDavid Lebrun return srh; 166140f04c3SDavid Lebrun } 167140f04c3SDavid Lebrun 168d7a669ddSDavid Lebrun static bool decap_and_validate(struct sk_buff *skb, int proto) 169d7a669ddSDavid Lebrun { 170d7a669ddSDavid Lebrun struct ipv6_sr_hdr *srh; 171d7a669ddSDavid Lebrun unsigned int off = 0; 172d7a669ddSDavid Lebrun 173d7a669ddSDavid Lebrun srh = get_srh(skb); 174d7a669ddSDavid Lebrun if (srh && srh->segments_left > 0) 175d7a669ddSDavid Lebrun return false; 176d7a669ddSDavid Lebrun 177d7a669ddSDavid Lebrun #ifdef CONFIG_IPV6_SEG6_HMAC 178d7a669ddSDavid Lebrun if (srh && !seg6_hmac_validate_skb(skb)) 179d7a669ddSDavid Lebrun return false; 180d7a669ddSDavid Lebrun #endif 181d7a669ddSDavid Lebrun 182d7a669ddSDavid Lebrun if (ipv6_find_hdr(skb, &off, proto, NULL, NULL) < 0) 183d7a669ddSDavid Lebrun return false; 184d7a669ddSDavid Lebrun 185d7a669ddSDavid Lebrun if (!pskb_pull(skb, off)) 186d7a669ddSDavid Lebrun return false; 187d7a669ddSDavid Lebrun 188d7a669ddSDavid Lebrun skb_postpull_rcsum(skb, skb_network_header(skb), off); 189d7a669ddSDavid Lebrun 190d7a669ddSDavid Lebrun skb_reset_network_header(skb); 191d7a669ddSDavid Lebrun skb_reset_transport_header(skb); 19262ebaeaeSYuki Taguchi if (iptunnel_pull_offloads(skb)) 19362ebaeaeSYuki Taguchi return false; 194d7a669ddSDavid Lebrun 195d7a669ddSDavid Lebrun return true; 196d7a669ddSDavid Lebrun } 197d7a669ddSDavid Lebrun 198d7a669ddSDavid Lebrun static void advance_nextseg(struct ipv6_sr_hdr *srh, struct in6_addr *daddr) 199d7a669ddSDavid Lebrun { 200d7a669ddSDavid Lebrun struct in6_addr *addr; 201d7a669ddSDavid Lebrun 202d7a669ddSDavid Lebrun srh->segments_left--; 203d7a669ddSDavid Lebrun addr = srh->segments + srh->segments_left; 204d7a669ddSDavid Lebrun *daddr = *addr; 205d7a669ddSDavid Lebrun } 206d7a669ddSDavid Lebrun 207fd1fef0cSAndrea Mayer static int 208fd1fef0cSAndrea Mayer seg6_lookup_any_nexthop(struct sk_buff *skb, struct in6_addr *nhaddr, 209fd1fef0cSAndrea Mayer u32 tbl_id, bool local_delivery) 210d7a669ddSDavid Lebrun { 211d7a669ddSDavid Lebrun struct net *net = dev_net(skb->dev); 212d7a669ddSDavid Lebrun struct ipv6hdr *hdr = ipv6_hdr(skb); 213d7a669ddSDavid Lebrun int flags = RT6_LOOKUP_F_HAS_SADDR; 214d7a669ddSDavid Lebrun struct dst_entry *dst = NULL; 215d7a669ddSDavid Lebrun struct rt6_info *rt; 216d7a669ddSDavid Lebrun struct flowi6 fl6; 217fd1fef0cSAndrea Mayer int dev_flags = 0; 218d7a669ddSDavid Lebrun 219d7a669ddSDavid Lebrun fl6.flowi6_iif = skb->dev->ifindex; 220d7a669ddSDavid Lebrun fl6.daddr = nhaddr ? *nhaddr : hdr->daddr; 221d7a669ddSDavid Lebrun fl6.saddr = hdr->saddr; 222d7a669ddSDavid Lebrun fl6.flowlabel = ip6_flowinfo(hdr); 223d7a669ddSDavid Lebrun fl6.flowi6_mark = skb->mark; 224d7a669ddSDavid Lebrun fl6.flowi6_proto = hdr->nexthdr; 225d7a669ddSDavid Lebrun 226d7a669ddSDavid Lebrun if (nhaddr) 227d7a669ddSDavid Lebrun fl6.flowi6_flags = FLOWI_FLAG_KNOWN_NH; 228d7a669ddSDavid Lebrun 229d7a669ddSDavid Lebrun if (!tbl_id) { 230b75cc8f9SDavid Ahern dst = ip6_route_input_lookup(net, skb->dev, &fl6, skb, flags); 231d7a669ddSDavid Lebrun } else { 232d7a669ddSDavid Lebrun struct fib6_table *table; 233d7a669ddSDavid Lebrun 234d7a669ddSDavid Lebrun table = fib6_get_table(net, tbl_id); 235d7a669ddSDavid Lebrun if (!table) 236d7a669ddSDavid Lebrun goto out; 237d7a669ddSDavid Lebrun 238b75cc8f9SDavid Ahern rt = ip6_pol_route(net, table, 0, &fl6, skb, flags); 239d7a669ddSDavid Lebrun dst = &rt->dst; 240d7a669ddSDavid Lebrun } 241d7a669ddSDavid Lebrun 242fd1fef0cSAndrea Mayer /* we want to discard traffic destined for local packet processing, 243fd1fef0cSAndrea Mayer * if @local_delivery is set to false. 244fd1fef0cSAndrea Mayer */ 245fd1fef0cSAndrea Mayer if (!local_delivery) 246fd1fef0cSAndrea Mayer dev_flags |= IFF_LOOPBACK; 247fd1fef0cSAndrea Mayer 248fd1fef0cSAndrea Mayer if (dst && (dst->dev->flags & dev_flags) && !dst->error) { 249d7a669ddSDavid Lebrun dst_release(dst); 250d7a669ddSDavid Lebrun dst = NULL; 251d7a669ddSDavid Lebrun } 252d7a669ddSDavid Lebrun 253d7a669ddSDavid Lebrun out: 254d7a669ddSDavid Lebrun if (!dst) { 255d7a669ddSDavid Lebrun rt = net->ipv6.ip6_blk_hole_entry; 256d7a669ddSDavid Lebrun dst = &rt->dst; 257d7a669ddSDavid Lebrun dst_hold(dst); 258d7a669ddSDavid Lebrun } 259d7a669ddSDavid Lebrun 260d7a669ddSDavid Lebrun skb_dst_drop(skb); 261d7a669ddSDavid Lebrun skb_dst_set(skb, dst); 2621c1e761eSMathieu Xhonneux return dst->error; 263d7a669ddSDavid Lebrun } 264d7a669ddSDavid Lebrun 265fd1fef0cSAndrea Mayer int seg6_lookup_nexthop(struct sk_buff *skb, 266fd1fef0cSAndrea Mayer struct in6_addr *nhaddr, u32 tbl_id) 267fd1fef0cSAndrea Mayer { 268fd1fef0cSAndrea Mayer return seg6_lookup_any_nexthop(skb, nhaddr, tbl_id, false); 269fd1fef0cSAndrea Mayer } 270fd1fef0cSAndrea Mayer 271140f04c3SDavid Lebrun /* regular endpoint function */ 272140f04c3SDavid Lebrun static int input_action_end(struct sk_buff *skb, struct seg6_local_lwt *slwt) 273140f04c3SDavid Lebrun { 274140f04c3SDavid Lebrun struct ipv6_sr_hdr *srh; 275140f04c3SDavid Lebrun 276140f04c3SDavid Lebrun srh = get_and_validate_srh(skb); 277140f04c3SDavid Lebrun if (!srh) 278140f04c3SDavid Lebrun goto drop; 279140f04c3SDavid Lebrun 280d7a669ddSDavid Lebrun advance_nextseg(srh, &ipv6_hdr(skb)->daddr); 281140f04c3SDavid Lebrun 2821c1e761eSMathieu Xhonneux seg6_lookup_nexthop(skb, NULL, 0); 283140f04c3SDavid Lebrun 284140f04c3SDavid Lebrun return dst_input(skb); 285140f04c3SDavid Lebrun 286140f04c3SDavid Lebrun drop: 287140f04c3SDavid Lebrun kfree_skb(skb); 288140f04c3SDavid Lebrun return -EINVAL; 289140f04c3SDavid Lebrun } 290140f04c3SDavid Lebrun 291140f04c3SDavid Lebrun /* regular endpoint, and forward to specified nexthop */ 292140f04c3SDavid Lebrun static int input_action_end_x(struct sk_buff *skb, struct seg6_local_lwt *slwt) 293140f04c3SDavid Lebrun { 294140f04c3SDavid Lebrun struct ipv6_sr_hdr *srh; 295140f04c3SDavid Lebrun 296140f04c3SDavid Lebrun srh = get_and_validate_srh(skb); 297140f04c3SDavid Lebrun if (!srh) 298140f04c3SDavid Lebrun goto drop; 299140f04c3SDavid Lebrun 300d7a669ddSDavid Lebrun advance_nextseg(srh, &ipv6_hdr(skb)->daddr); 301140f04c3SDavid Lebrun 3021c1e761eSMathieu Xhonneux seg6_lookup_nexthop(skb, &slwt->nh6, 0); 303140f04c3SDavid Lebrun 304140f04c3SDavid Lebrun return dst_input(skb); 305140f04c3SDavid Lebrun 306140f04c3SDavid Lebrun drop: 307140f04c3SDavid Lebrun kfree_skb(skb); 308140f04c3SDavid Lebrun return -EINVAL; 309140f04c3SDavid Lebrun } 310140f04c3SDavid Lebrun 311891ef8ddSDavid Lebrun static int input_action_end_t(struct sk_buff *skb, struct seg6_local_lwt *slwt) 312891ef8ddSDavid Lebrun { 313891ef8ddSDavid Lebrun struct ipv6_sr_hdr *srh; 314891ef8ddSDavid Lebrun 315891ef8ddSDavid Lebrun srh = get_and_validate_srh(skb); 316891ef8ddSDavid Lebrun if (!srh) 317891ef8ddSDavid Lebrun goto drop; 318891ef8ddSDavid Lebrun 319891ef8ddSDavid Lebrun advance_nextseg(srh, &ipv6_hdr(skb)->daddr); 320891ef8ddSDavid Lebrun 3211c1e761eSMathieu Xhonneux seg6_lookup_nexthop(skb, NULL, slwt->table); 322891ef8ddSDavid Lebrun 323891ef8ddSDavid Lebrun return dst_input(skb); 324891ef8ddSDavid Lebrun 325891ef8ddSDavid Lebrun drop: 326891ef8ddSDavid Lebrun kfree_skb(skb); 327891ef8ddSDavid Lebrun return -EINVAL; 328891ef8ddSDavid Lebrun } 329891ef8ddSDavid Lebrun 330891ef8ddSDavid Lebrun /* decapsulate and forward inner L2 frame on specified interface */ 331891ef8ddSDavid Lebrun static int input_action_end_dx2(struct sk_buff *skb, 332891ef8ddSDavid Lebrun struct seg6_local_lwt *slwt) 333891ef8ddSDavid Lebrun { 334891ef8ddSDavid Lebrun struct net *net = dev_net(skb->dev); 335891ef8ddSDavid Lebrun struct net_device *odev; 336891ef8ddSDavid Lebrun struct ethhdr *eth; 337891ef8ddSDavid Lebrun 33826776253SPaolo Lungaroni if (!decap_and_validate(skb, IPPROTO_ETHERNET)) 339891ef8ddSDavid Lebrun goto drop; 340891ef8ddSDavid Lebrun 341891ef8ddSDavid Lebrun if (!pskb_may_pull(skb, ETH_HLEN)) 342891ef8ddSDavid Lebrun goto drop; 343891ef8ddSDavid Lebrun 344891ef8ddSDavid Lebrun skb_reset_mac_header(skb); 345891ef8ddSDavid Lebrun eth = (struct ethhdr *)skb->data; 346891ef8ddSDavid Lebrun 347891ef8ddSDavid Lebrun /* To determine the frame's protocol, we assume it is 802.3. This avoids 348891ef8ddSDavid Lebrun * a call to eth_type_trans(), which is not really relevant for our 349891ef8ddSDavid Lebrun * use case. 350891ef8ddSDavid Lebrun */ 351891ef8ddSDavid Lebrun if (!eth_proto_is_802_3(eth->h_proto)) 352891ef8ddSDavid Lebrun goto drop; 353891ef8ddSDavid Lebrun 354891ef8ddSDavid Lebrun odev = dev_get_by_index_rcu(net, slwt->oif); 355891ef8ddSDavid Lebrun if (!odev) 356891ef8ddSDavid Lebrun goto drop; 357891ef8ddSDavid Lebrun 358891ef8ddSDavid Lebrun /* As we accept Ethernet frames, make sure the egress device is of 359891ef8ddSDavid Lebrun * the correct type. 360891ef8ddSDavid Lebrun */ 361891ef8ddSDavid Lebrun if (odev->type != ARPHRD_ETHER) 362891ef8ddSDavid Lebrun goto drop; 363891ef8ddSDavid Lebrun 364891ef8ddSDavid Lebrun if (!(odev->flags & IFF_UP) || !netif_carrier_ok(odev)) 365891ef8ddSDavid Lebrun goto drop; 366891ef8ddSDavid Lebrun 367891ef8ddSDavid Lebrun skb_orphan(skb); 368891ef8ddSDavid Lebrun 369891ef8ddSDavid Lebrun if (skb_warn_if_lro(skb)) 370891ef8ddSDavid Lebrun goto drop; 371891ef8ddSDavid Lebrun 372891ef8ddSDavid Lebrun skb_forward_csum(skb); 373891ef8ddSDavid Lebrun 374891ef8ddSDavid Lebrun if (skb->len - ETH_HLEN > odev->mtu) 375891ef8ddSDavid Lebrun goto drop; 376891ef8ddSDavid Lebrun 377891ef8ddSDavid Lebrun skb->dev = odev; 378891ef8ddSDavid Lebrun skb->protocol = eth->h_proto; 379891ef8ddSDavid Lebrun 380891ef8ddSDavid Lebrun return dev_queue_xmit(skb); 381891ef8ddSDavid Lebrun 382891ef8ddSDavid Lebrun drop: 383891ef8ddSDavid Lebrun kfree_skb(skb); 384891ef8ddSDavid Lebrun return -EINVAL; 385891ef8ddSDavid Lebrun } 386891ef8ddSDavid Lebrun 387140f04c3SDavid Lebrun /* decapsulate and forward to specified nexthop */ 388140f04c3SDavid Lebrun static int input_action_end_dx6(struct sk_buff *skb, 389140f04c3SDavid Lebrun struct seg6_local_lwt *slwt) 390140f04c3SDavid Lebrun { 391d7a669ddSDavid Lebrun struct in6_addr *nhaddr = NULL; 392140f04c3SDavid Lebrun 393140f04c3SDavid Lebrun /* this function accepts IPv6 encapsulated packets, with either 394140f04c3SDavid Lebrun * an SRH with SL=0, or no SRH. 395140f04c3SDavid Lebrun */ 396140f04c3SDavid Lebrun 397d7a669ddSDavid Lebrun if (!decap_and_validate(skb, IPPROTO_IPV6)) 398140f04c3SDavid Lebrun goto drop; 399140f04c3SDavid Lebrun 400d7a669ddSDavid Lebrun if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 401140f04c3SDavid Lebrun goto drop; 402140f04c3SDavid Lebrun 403140f04c3SDavid Lebrun /* The inner packet is not associated to any local interface, 404140f04c3SDavid Lebrun * so we do not call netif_rx(). 405140f04c3SDavid Lebrun * 406140f04c3SDavid Lebrun * If slwt->nh6 is set to ::, then lookup the nexthop for the 407140f04c3SDavid Lebrun * inner packet's DA. Otherwise, use the specified nexthop. 408140f04c3SDavid Lebrun */ 409140f04c3SDavid Lebrun 410d7a669ddSDavid Lebrun if (!ipv6_addr_any(&slwt->nh6)) 411d7a669ddSDavid Lebrun nhaddr = &slwt->nh6; 412140f04c3SDavid Lebrun 413c71644d0SAndrea Mayer skb_set_transport_header(skb, sizeof(struct ipv6hdr)); 414c71644d0SAndrea Mayer 4151c1e761eSMathieu Xhonneux seg6_lookup_nexthop(skb, nhaddr, 0); 416140f04c3SDavid Lebrun 417140f04c3SDavid Lebrun return dst_input(skb); 418140f04c3SDavid Lebrun drop: 419140f04c3SDavid Lebrun kfree_skb(skb); 420140f04c3SDavid Lebrun return -EINVAL; 421140f04c3SDavid Lebrun } 422140f04c3SDavid Lebrun 423891ef8ddSDavid Lebrun static int input_action_end_dx4(struct sk_buff *skb, 424891ef8ddSDavid Lebrun struct seg6_local_lwt *slwt) 425891ef8ddSDavid Lebrun { 426891ef8ddSDavid Lebrun struct iphdr *iph; 427891ef8ddSDavid Lebrun __be32 nhaddr; 428891ef8ddSDavid Lebrun int err; 429891ef8ddSDavid Lebrun 430891ef8ddSDavid Lebrun if (!decap_and_validate(skb, IPPROTO_IPIP)) 431891ef8ddSDavid Lebrun goto drop; 432891ef8ddSDavid Lebrun 433891ef8ddSDavid Lebrun if (!pskb_may_pull(skb, sizeof(struct iphdr))) 434891ef8ddSDavid Lebrun goto drop; 435891ef8ddSDavid Lebrun 436891ef8ddSDavid Lebrun skb->protocol = htons(ETH_P_IP); 437891ef8ddSDavid Lebrun 438891ef8ddSDavid Lebrun iph = ip_hdr(skb); 439891ef8ddSDavid Lebrun 440891ef8ddSDavid Lebrun nhaddr = slwt->nh4.s_addr ?: iph->daddr; 441891ef8ddSDavid Lebrun 442891ef8ddSDavid Lebrun skb_dst_drop(skb); 443891ef8ddSDavid Lebrun 444c71644d0SAndrea Mayer skb_set_transport_header(skb, sizeof(struct iphdr)); 445c71644d0SAndrea Mayer 446891ef8ddSDavid Lebrun err = ip_route_input(skb, nhaddr, iph->saddr, 0, skb->dev); 447891ef8ddSDavid Lebrun if (err) 448891ef8ddSDavid Lebrun goto drop; 449891ef8ddSDavid Lebrun 450891ef8ddSDavid Lebrun return dst_input(skb); 451891ef8ddSDavid Lebrun 452891ef8ddSDavid Lebrun drop: 453891ef8ddSDavid Lebrun kfree_skb(skb); 454891ef8ddSDavid Lebrun return -EINVAL; 455891ef8ddSDavid Lebrun } 456891ef8ddSDavid Lebrun 457664d6f86SAndrea Mayer #ifdef CONFIG_NET_L3_MASTER_DEV 458664d6f86SAndrea Mayer static struct net *fib6_config_get_net(const struct fib6_config *fib6_cfg) 459664d6f86SAndrea Mayer { 460664d6f86SAndrea Mayer const struct nl_info *nli = &fib6_cfg->fc_nlinfo; 461664d6f86SAndrea Mayer 462664d6f86SAndrea Mayer return nli->nl_net; 463664d6f86SAndrea Mayer } 464664d6f86SAndrea Mayer 465664d6f86SAndrea Mayer static int __seg6_end_dt_vrf_build(struct seg6_local_lwt *slwt, const void *cfg, 466664d6f86SAndrea Mayer u16 family, struct netlink_ext_ack *extack) 467664d6f86SAndrea Mayer { 468664d6f86SAndrea Mayer struct seg6_end_dt_info *info = &slwt->dt_info; 469664d6f86SAndrea Mayer int vrf_ifindex; 470664d6f86SAndrea Mayer struct net *net; 471664d6f86SAndrea Mayer 472664d6f86SAndrea Mayer net = fib6_config_get_net(cfg); 473664d6f86SAndrea Mayer 474664d6f86SAndrea Mayer /* note that vrf_table was already set by parse_nla_vrftable() */ 475664d6f86SAndrea Mayer vrf_ifindex = l3mdev_ifindex_lookup_by_table_id(L3MDEV_TYPE_VRF, net, 476664d6f86SAndrea Mayer info->vrf_table); 477664d6f86SAndrea Mayer if (vrf_ifindex < 0) { 478664d6f86SAndrea Mayer if (vrf_ifindex == -EPERM) { 479664d6f86SAndrea Mayer NL_SET_ERR_MSG(extack, 480664d6f86SAndrea Mayer "Strict mode for VRF is disabled"); 481664d6f86SAndrea Mayer } else if (vrf_ifindex == -ENODEV) { 482664d6f86SAndrea Mayer NL_SET_ERR_MSG(extack, 483664d6f86SAndrea Mayer "Table has no associated VRF device"); 484664d6f86SAndrea Mayer } else { 485664d6f86SAndrea Mayer pr_debug("seg6local: SRv6 End.DT* creation error=%d\n", 486664d6f86SAndrea Mayer vrf_ifindex); 487664d6f86SAndrea Mayer } 488664d6f86SAndrea Mayer 489664d6f86SAndrea Mayer return vrf_ifindex; 490664d6f86SAndrea Mayer } 491664d6f86SAndrea Mayer 492664d6f86SAndrea Mayer info->net = net; 493664d6f86SAndrea Mayer info->vrf_ifindex = vrf_ifindex; 494664d6f86SAndrea Mayer 495664d6f86SAndrea Mayer switch (family) { 496664d6f86SAndrea Mayer case AF_INET: 497664d6f86SAndrea Mayer info->proto = htons(ETH_P_IP); 498664d6f86SAndrea Mayer info->hdrlen = sizeof(struct iphdr); 499664d6f86SAndrea Mayer break; 500*20a081b7SAndrea Mayer case AF_INET6: 501*20a081b7SAndrea Mayer info->proto = htons(ETH_P_IPV6); 502*20a081b7SAndrea Mayer info->hdrlen = sizeof(struct ipv6hdr); 503*20a081b7SAndrea Mayer break; 504664d6f86SAndrea Mayer default: 505664d6f86SAndrea Mayer return -EINVAL; 506664d6f86SAndrea Mayer } 507664d6f86SAndrea Mayer 508664d6f86SAndrea Mayer info->family = family; 509664d6f86SAndrea Mayer info->mode = DT_VRF_MODE; 510664d6f86SAndrea Mayer 511664d6f86SAndrea Mayer return 0; 512664d6f86SAndrea Mayer } 513664d6f86SAndrea Mayer 514664d6f86SAndrea Mayer /* The SRv6 End.DT4/DT6 behavior extracts the inner (IPv4/IPv6) packet and 515664d6f86SAndrea Mayer * routes the IPv4/IPv6 packet by looking at the configured routing table. 516664d6f86SAndrea Mayer * 517664d6f86SAndrea Mayer * In the SRv6 End.DT4/DT6 use case, we can receive traffic (IPv6+Segment 518664d6f86SAndrea Mayer * Routing Header packets) from several interfaces and the outer IPv6 519664d6f86SAndrea Mayer * destination address (DA) is used for retrieving the specific instance of the 520664d6f86SAndrea Mayer * End.DT4/DT6 behavior that should process the packets. 521664d6f86SAndrea Mayer * 522664d6f86SAndrea Mayer * However, the inner IPv4/IPv6 packet is not really bound to any receiving 523664d6f86SAndrea Mayer * interface and thus the End.DT4/DT6 sets the VRF (associated with the 524664d6f86SAndrea Mayer * corresponding routing table) as the *receiving* interface. 525664d6f86SAndrea Mayer * In other words, the End.DT4/DT6 processes a packet as if it has been received 526664d6f86SAndrea Mayer * directly by the VRF (and not by one of its slave devices, if any). 527664d6f86SAndrea Mayer * In this way, the VRF interface is used for routing the IPv4/IPv6 packet in 528664d6f86SAndrea Mayer * according to the routing table configured by the End.DT4/DT6 instance. 529664d6f86SAndrea Mayer * 530664d6f86SAndrea Mayer * This design allows you to get some interesting features like: 531664d6f86SAndrea Mayer * 1) the statistics on rx packets; 532664d6f86SAndrea Mayer * 2) the possibility to install a packet sniffer on the receiving interface 533664d6f86SAndrea Mayer * (the VRF one) for looking at the incoming packets; 534664d6f86SAndrea Mayer * 3) the possibility to leverage the netfilter prerouting hook for the inner 535664d6f86SAndrea Mayer * IPv4 packet. 536664d6f86SAndrea Mayer * 537664d6f86SAndrea Mayer * This function returns: 538664d6f86SAndrea Mayer * - the sk_buff* when the VRF rcv handler has processed the packet correctly; 539664d6f86SAndrea Mayer * - NULL when the skb is consumed by the VRF rcv handler; 540664d6f86SAndrea Mayer * - a pointer which encodes a negative error number in case of error. 541664d6f86SAndrea Mayer * Note that in this case, the function takes care of freeing the skb. 542664d6f86SAndrea Mayer */ 543664d6f86SAndrea Mayer static struct sk_buff *end_dt_vrf_rcv(struct sk_buff *skb, u16 family, 544664d6f86SAndrea Mayer struct net_device *dev) 545664d6f86SAndrea Mayer { 546664d6f86SAndrea Mayer /* based on l3mdev_ip_rcv; we are only interested in the master */ 547664d6f86SAndrea Mayer if (unlikely(!netif_is_l3_master(dev) && !netif_has_l3_rx_handler(dev))) 548664d6f86SAndrea Mayer goto drop; 549664d6f86SAndrea Mayer 550664d6f86SAndrea Mayer if (unlikely(!dev->l3mdev_ops->l3mdev_l3_rcv)) 551664d6f86SAndrea Mayer goto drop; 552664d6f86SAndrea Mayer 553664d6f86SAndrea Mayer /* the decap packet IPv4/IPv6 does not come with any mac header info. 554664d6f86SAndrea Mayer * We must unset the mac header to allow the VRF device to rebuild it, 555664d6f86SAndrea Mayer * just in case there is a sniffer attached on the device. 556664d6f86SAndrea Mayer */ 557664d6f86SAndrea Mayer skb_unset_mac_header(skb); 558664d6f86SAndrea Mayer 559664d6f86SAndrea Mayer skb = dev->l3mdev_ops->l3mdev_l3_rcv(dev, skb, family); 560664d6f86SAndrea Mayer if (!skb) 561664d6f86SAndrea Mayer /* the skb buffer was consumed by the handler */ 562664d6f86SAndrea Mayer return NULL; 563664d6f86SAndrea Mayer 564664d6f86SAndrea Mayer /* when a packet is received by a VRF or by one of its slaves, the 565664d6f86SAndrea Mayer * master device reference is set into the skb. 566664d6f86SAndrea Mayer */ 567664d6f86SAndrea Mayer if (unlikely(skb->dev != dev || skb->skb_iif != dev->ifindex)) 568664d6f86SAndrea Mayer goto drop; 569664d6f86SAndrea Mayer 570664d6f86SAndrea Mayer return skb; 571664d6f86SAndrea Mayer 572664d6f86SAndrea Mayer drop: 573664d6f86SAndrea Mayer kfree_skb(skb); 574664d6f86SAndrea Mayer return ERR_PTR(-EINVAL); 575664d6f86SAndrea Mayer } 576664d6f86SAndrea Mayer 577664d6f86SAndrea Mayer static struct net_device *end_dt_get_vrf_rcu(struct sk_buff *skb, 578664d6f86SAndrea Mayer struct seg6_end_dt_info *info) 579664d6f86SAndrea Mayer { 580664d6f86SAndrea Mayer int vrf_ifindex = info->vrf_ifindex; 581664d6f86SAndrea Mayer struct net *net = info->net; 582664d6f86SAndrea Mayer 583664d6f86SAndrea Mayer if (unlikely(vrf_ifindex < 0)) 584664d6f86SAndrea Mayer goto error; 585664d6f86SAndrea Mayer 586664d6f86SAndrea Mayer if (unlikely(!net_eq(dev_net(skb->dev), net))) 587664d6f86SAndrea Mayer goto error; 588664d6f86SAndrea Mayer 589664d6f86SAndrea Mayer return dev_get_by_index_rcu(net, vrf_ifindex); 590664d6f86SAndrea Mayer 591664d6f86SAndrea Mayer error: 592664d6f86SAndrea Mayer return NULL; 593664d6f86SAndrea Mayer } 594664d6f86SAndrea Mayer 595664d6f86SAndrea Mayer static struct sk_buff *end_dt_vrf_core(struct sk_buff *skb, 596664d6f86SAndrea Mayer struct seg6_local_lwt *slwt) 597664d6f86SAndrea Mayer { 598664d6f86SAndrea Mayer struct seg6_end_dt_info *info = &slwt->dt_info; 599664d6f86SAndrea Mayer struct net_device *vrf; 600664d6f86SAndrea Mayer 601664d6f86SAndrea Mayer vrf = end_dt_get_vrf_rcu(skb, info); 602664d6f86SAndrea Mayer if (unlikely(!vrf)) 603664d6f86SAndrea Mayer goto drop; 604664d6f86SAndrea Mayer 605664d6f86SAndrea Mayer skb->protocol = info->proto; 606664d6f86SAndrea Mayer 607664d6f86SAndrea Mayer skb_dst_drop(skb); 608664d6f86SAndrea Mayer 609664d6f86SAndrea Mayer skb_set_transport_header(skb, info->hdrlen); 610664d6f86SAndrea Mayer 611664d6f86SAndrea Mayer return end_dt_vrf_rcv(skb, info->family, vrf); 612664d6f86SAndrea Mayer 613664d6f86SAndrea Mayer drop: 614664d6f86SAndrea Mayer kfree_skb(skb); 615664d6f86SAndrea Mayer return ERR_PTR(-EINVAL); 616664d6f86SAndrea Mayer } 617664d6f86SAndrea Mayer 618664d6f86SAndrea Mayer static int input_action_end_dt4(struct sk_buff *skb, 619664d6f86SAndrea Mayer struct seg6_local_lwt *slwt) 620664d6f86SAndrea Mayer { 621664d6f86SAndrea Mayer struct iphdr *iph; 622664d6f86SAndrea Mayer int err; 623664d6f86SAndrea Mayer 624664d6f86SAndrea Mayer if (!decap_and_validate(skb, IPPROTO_IPIP)) 625664d6f86SAndrea Mayer goto drop; 626664d6f86SAndrea Mayer 627664d6f86SAndrea Mayer if (!pskb_may_pull(skb, sizeof(struct iphdr))) 628664d6f86SAndrea Mayer goto drop; 629664d6f86SAndrea Mayer 630664d6f86SAndrea Mayer skb = end_dt_vrf_core(skb, slwt); 631664d6f86SAndrea Mayer if (!skb) 632664d6f86SAndrea Mayer /* packet has been processed and consumed by the VRF */ 633664d6f86SAndrea Mayer return 0; 634664d6f86SAndrea Mayer 635664d6f86SAndrea Mayer if (IS_ERR(skb)) 636664d6f86SAndrea Mayer return PTR_ERR(skb); 637664d6f86SAndrea Mayer 638664d6f86SAndrea Mayer iph = ip_hdr(skb); 639664d6f86SAndrea Mayer 640664d6f86SAndrea Mayer err = ip_route_input(skb, iph->daddr, iph->saddr, 0, skb->dev); 641664d6f86SAndrea Mayer if (unlikely(err)) 642664d6f86SAndrea Mayer goto drop; 643664d6f86SAndrea Mayer 644664d6f86SAndrea Mayer return dst_input(skb); 645664d6f86SAndrea Mayer 646664d6f86SAndrea Mayer drop: 647664d6f86SAndrea Mayer kfree_skb(skb); 648664d6f86SAndrea Mayer return -EINVAL; 649664d6f86SAndrea Mayer } 650664d6f86SAndrea Mayer 651664d6f86SAndrea Mayer static int seg6_end_dt4_build(struct seg6_local_lwt *slwt, const void *cfg, 652664d6f86SAndrea Mayer struct netlink_ext_ack *extack) 653664d6f86SAndrea Mayer { 654664d6f86SAndrea Mayer return __seg6_end_dt_vrf_build(slwt, cfg, AF_INET, extack); 655664d6f86SAndrea Mayer } 656*20a081b7SAndrea Mayer 657*20a081b7SAndrea Mayer static enum 658*20a081b7SAndrea Mayer seg6_end_dt_mode seg6_end_dt6_parse_mode(struct seg6_local_lwt *slwt) 659*20a081b7SAndrea Mayer { 660*20a081b7SAndrea Mayer unsigned long parsed_optattrs = slwt->parsed_optattrs; 661*20a081b7SAndrea Mayer bool legacy, vrfmode; 662*20a081b7SAndrea Mayer 663*20a081b7SAndrea Mayer legacy = !!(parsed_optattrs & (1 << SEG6_LOCAL_TABLE)); 664*20a081b7SAndrea Mayer vrfmode = !!(parsed_optattrs & (1 << SEG6_LOCAL_VRFTABLE)); 665*20a081b7SAndrea Mayer 666*20a081b7SAndrea Mayer if (!(legacy ^ vrfmode)) 667*20a081b7SAndrea Mayer /* both are absent or present: invalid DT6 mode */ 668*20a081b7SAndrea Mayer return DT_INVALID_MODE; 669*20a081b7SAndrea Mayer 670*20a081b7SAndrea Mayer return legacy ? DT_LEGACY_MODE : DT_VRF_MODE; 671*20a081b7SAndrea Mayer } 672*20a081b7SAndrea Mayer 673*20a081b7SAndrea Mayer static enum seg6_end_dt_mode seg6_end_dt6_get_mode(struct seg6_local_lwt *slwt) 674*20a081b7SAndrea Mayer { 675*20a081b7SAndrea Mayer struct seg6_end_dt_info *info = &slwt->dt_info; 676*20a081b7SAndrea Mayer 677*20a081b7SAndrea Mayer return info->mode; 678*20a081b7SAndrea Mayer } 679*20a081b7SAndrea Mayer 680*20a081b7SAndrea Mayer static int seg6_end_dt6_build(struct seg6_local_lwt *slwt, const void *cfg, 681*20a081b7SAndrea Mayer struct netlink_ext_ack *extack) 682*20a081b7SAndrea Mayer { 683*20a081b7SAndrea Mayer enum seg6_end_dt_mode mode = seg6_end_dt6_parse_mode(slwt); 684*20a081b7SAndrea Mayer struct seg6_end_dt_info *info = &slwt->dt_info; 685*20a081b7SAndrea Mayer 686*20a081b7SAndrea Mayer switch (mode) { 687*20a081b7SAndrea Mayer case DT_LEGACY_MODE: 688*20a081b7SAndrea Mayer info->mode = DT_LEGACY_MODE; 689*20a081b7SAndrea Mayer return 0; 690*20a081b7SAndrea Mayer case DT_VRF_MODE: 691*20a081b7SAndrea Mayer return __seg6_end_dt_vrf_build(slwt, cfg, AF_INET6, extack); 692*20a081b7SAndrea Mayer default: 693*20a081b7SAndrea Mayer NL_SET_ERR_MSG(extack, "table or vrftable must be specified"); 694*20a081b7SAndrea Mayer return -EINVAL; 695*20a081b7SAndrea Mayer } 696*20a081b7SAndrea Mayer } 697664d6f86SAndrea Mayer #endif 698664d6f86SAndrea Mayer 699891ef8ddSDavid Lebrun static int input_action_end_dt6(struct sk_buff *skb, 700891ef8ddSDavid Lebrun struct seg6_local_lwt *slwt) 701891ef8ddSDavid Lebrun { 702891ef8ddSDavid Lebrun if (!decap_and_validate(skb, IPPROTO_IPV6)) 703891ef8ddSDavid Lebrun goto drop; 704891ef8ddSDavid Lebrun 705891ef8ddSDavid Lebrun if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 706891ef8ddSDavid Lebrun goto drop; 707891ef8ddSDavid Lebrun 708*20a081b7SAndrea Mayer #ifdef CONFIG_NET_L3_MASTER_DEV 709*20a081b7SAndrea Mayer if (seg6_end_dt6_get_mode(slwt) == DT_LEGACY_MODE) 710*20a081b7SAndrea Mayer goto legacy_mode; 711*20a081b7SAndrea Mayer 712*20a081b7SAndrea Mayer /* DT6_VRF_MODE */ 713*20a081b7SAndrea Mayer skb = end_dt_vrf_core(skb, slwt); 714*20a081b7SAndrea Mayer if (!skb) 715*20a081b7SAndrea Mayer /* packet has been processed and consumed by the VRF */ 716*20a081b7SAndrea Mayer return 0; 717*20a081b7SAndrea Mayer 718*20a081b7SAndrea Mayer if (IS_ERR(skb)) 719*20a081b7SAndrea Mayer return PTR_ERR(skb); 720*20a081b7SAndrea Mayer 721*20a081b7SAndrea Mayer /* note: this time we do not need to specify the table because the VRF 722*20a081b7SAndrea Mayer * takes care of selecting the correct table. 723*20a081b7SAndrea Mayer */ 724*20a081b7SAndrea Mayer seg6_lookup_any_nexthop(skb, NULL, 0, true); 725*20a081b7SAndrea Mayer 726*20a081b7SAndrea Mayer return dst_input(skb); 727*20a081b7SAndrea Mayer 728*20a081b7SAndrea Mayer legacy_mode: 729*20a081b7SAndrea Mayer #endif 730c71644d0SAndrea Mayer skb_set_transport_header(skb, sizeof(struct ipv6hdr)); 731c71644d0SAndrea Mayer 732fd1fef0cSAndrea Mayer seg6_lookup_any_nexthop(skb, NULL, slwt->table, true); 733891ef8ddSDavid Lebrun 734891ef8ddSDavid Lebrun return dst_input(skb); 735891ef8ddSDavid Lebrun 736891ef8ddSDavid Lebrun drop: 737891ef8ddSDavid Lebrun kfree_skb(skb); 738891ef8ddSDavid Lebrun return -EINVAL; 739891ef8ddSDavid Lebrun } 740891ef8ddSDavid Lebrun 741140f04c3SDavid Lebrun /* push an SRH on top of the current one */ 742140f04c3SDavid Lebrun static int input_action_end_b6(struct sk_buff *skb, struct seg6_local_lwt *slwt) 743140f04c3SDavid Lebrun { 744140f04c3SDavid Lebrun struct ipv6_sr_hdr *srh; 745140f04c3SDavid Lebrun int err = -EINVAL; 746140f04c3SDavid Lebrun 747140f04c3SDavid Lebrun srh = get_and_validate_srh(skb); 748140f04c3SDavid Lebrun if (!srh) 749140f04c3SDavid Lebrun goto drop; 750140f04c3SDavid Lebrun 751140f04c3SDavid Lebrun err = seg6_do_srh_inline(skb, slwt->srh); 752140f04c3SDavid Lebrun if (err) 753140f04c3SDavid Lebrun goto drop; 754140f04c3SDavid Lebrun 755140f04c3SDavid Lebrun ipv6_hdr(skb)->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); 756140f04c3SDavid Lebrun skb_set_transport_header(skb, sizeof(struct ipv6hdr)); 757140f04c3SDavid Lebrun 7581c1e761eSMathieu Xhonneux seg6_lookup_nexthop(skb, NULL, 0); 759140f04c3SDavid Lebrun 760140f04c3SDavid Lebrun return dst_input(skb); 761140f04c3SDavid Lebrun 762140f04c3SDavid Lebrun drop: 763140f04c3SDavid Lebrun kfree_skb(skb); 764140f04c3SDavid Lebrun return err; 765140f04c3SDavid Lebrun } 766140f04c3SDavid Lebrun 767140f04c3SDavid Lebrun /* encapsulate within an outer IPv6 header and a specified SRH */ 768140f04c3SDavid Lebrun static int input_action_end_b6_encap(struct sk_buff *skb, 769140f04c3SDavid Lebrun struct seg6_local_lwt *slwt) 770140f04c3SDavid Lebrun { 771140f04c3SDavid Lebrun struct ipv6_sr_hdr *srh; 772140f04c3SDavid Lebrun int err = -EINVAL; 773140f04c3SDavid Lebrun 774140f04c3SDavid Lebrun srh = get_and_validate_srh(skb); 775140f04c3SDavid Lebrun if (!srh) 776140f04c3SDavid Lebrun goto drop; 777140f04c3SDavid Lebrun 778d7a669ddSDavid Lebrun advance_nextseg(srh, &ipv6_hdr(skb)->daddr); 779140f04c3SDavid Lebrun 780140f04c3SDavid Lebrun skb_reset_inner_headers(skb); 781140f04c3SDavid Lebrun skb->encapsulation = 1; 782140f04c3SDavid Lebrun 78332d99d0bSDavid Lebrun err = seg6_do_srh_encap(skb, slwt->srh, IPPROTO_IPV6); 784140f04c3SDavid Lebrun if (err) 785140f04c3SDavid Lebrun goto drop; 786140f04c3SDavid Lebrun 787140f04c3SDavid Lebrun ipv6_hdr(skb)->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); 788140f04c3SDavid Lebrun skb_set_transport_header(skb, sizeof(struct ipv6hdr)); 789140f04c3SDavid Lebrun 7901c1e761eSMathieu Xhonneux seg6_lookup_nexthop(skb, NULL, 0); 791140f04c3SDavid Lebrun 792140f04c3SDavid Lebrun return dst_input(skb); 793140f04c3SDavid Lebrun 794140f04c3SDavid Lebrun drop: 795140f04c3SDavid Lebrun kfree_skb(skb); 796140f04c3SDavid Lebrun return err; 797140f04c3SDavid Lebrun } 798140f04c3SDavid Lebrun 799fe94cc29SMathieu Xhonneux DEFINE_PER_CPU(struct seg6_bpf_srh_state, seg6_bpf_srh_states); 800fe94cc29SMathieu Xhonneux 801486cdf21SMathieu Xhonneux bool seg6_bpf_has_valid_srh(struct sk_buff *skb) 802486cdf21SMathieu Xhonneux { 803486cdf21SMathieu Xhonneux struct seg6_bpf_srh_state *srh_state = 804486cdf21SMathieu Xhonneux this_cpu_ptr(&seg6_bpf_srh_states); 805486cdf21SMathieu Xhonneux struct ipv6_sr_hdr *srh = srh_state->srh; 806486cdf21SMathieu Xhonneux 807486cdf21SMathieu Xhonneux if (unlikely(srh == NULL)) 808486cdf21SMathieu Xhonneux return false; 809486cdf21SMathieu Xhonneux 810486cdf21SMathieu Xhonneux if (unlikely(!srh_state->valid)) { 811486cdf21SMathieu Xhonneux if ((srh_state->hdrlen & 7) != 0) 812486cdf21SMathieu Xhonneux return false; 813486cdf21SMathieu Xhonneux 814486cdf21SMathieu Xhonneux srh->hdrlen = (u8)(srh_state->hdrlen >> 3); 815bb986a50SAhmed Abdelsalam if (!seg6_validate_srh(srh, (srh->hdrlen + 1) << 3, true)) 816486cdf21SMathieu Xhonneux return false; 817486cdf21SMathieu Xhonneux 818486cdf21SMathieu Xhonneux srh_state->valid = true; 819486cdf21SMathieu Xhonneux } 820486cdf21SMathieu Xhonneux 821486cdf21SMathieu Xhonneux return true; 822486cdf21SMathieu Xhonneux } 823486cdf21SMathieu Xhonneux 824004d4b27SMathieu Xhonneux static int input_action_end_bpf(struct sk_buff *skb, 825004d4b27SMathieu Xhonneux struct seg6_local_lwt *slwt) 826004d4b27SMathieu Xhonneux { 827004d4b27SMathieu Xhonneux struct seg6_bpf_srh_state *srh_state = 828004d4b27SMathieu Xhonneux this_cpu_ptr(&seg6_bpf_srh_states); 829004d4b27SMathieu Xhonneux struct ipv6_sr_hdr *srh; 830004d4b27SMathieu Xhonneux int ret; 831004d4b27SMathieu Xhonneux 832004d4b27SMathieu Xhonneux srh = get_and_validate_srh(skb); 833486cdf21SMathieu Xhonneux if (!srh) { 834486cdf21SMathieu Xhonneux kfree_skb(skb); 835486cdf21SMathieu Xhonneux return -EINVAL; 836486cdf21SMathieu Xhonneux } 837004d4b27SMathieu Xhonneux advance_nextseg(srh, &ipv6_hdr(skb)->daddr); 838004d4b27SMathieu Xhonneux 839004d4b27SMathieu Xhonneux /* preempt_disable is needed to protect the per-CPU buffer srh_state, 840004d4b27SMathieu Xhonneux * which is also accessed by the bpf_lwt_seg6_* helpers 841004d4b27SMathieu Xhonneux */ 842004d4b27SMathieu Xhonneux preempt_disable(); 843486cdf21SMathieu Xhonneux srh_state->srh = srh; 844004d4b27SMathieu Xhonneux srh_state->hdrlen = srh->hdrlen << 3; 845486cdf21SMathieu Xhonneux srh_state->valid = true; 846004d4b27SMathieu Xhonneux 847004d4b27SMathieu Xhonneux rcu_read_lock(); 848004d4b27SMathieu Xhonneux bpf_compute_data_pointers(skb); 849004d4b27SMathieu Xhonneux ret = bpf_prog_run_save_cb(slwt->bpf.prog, skb); 850004d4b27SMathieu Xhonneux rcu_read_unlock(); 851004d4b27SMathieu Xhonneux 852004d4b27SMathieu Xhonneux switch (ret) { 853004d4b27SMathieu Xhonneux case BPF_OK: 854004d4b27SMathieu Xhonneux case BPF_REDIRECT: 855004d4b27SMathieu Xhonneux break; 856004d4b27SMathieu Xhonneux case BPF_DROP: 857004d4b27SMathieu Xhonneux goto drop; 858004d4b27SMathieu Xhonneux default: 859004d4b27SMathieu Xhonneux pr_warn_once("bpf-seg6local: Illegal return value %u\n", ret); 860004d4b27SMathieu Xhonneux goto drop; 861004d4b27SMathieu Xhonneux } 862004d4b27SMathieu Xhonneux 863486cdf21SMathieu Xhonneux if (srh_state->srh && !seg6_bpf_has_valid_srh(skb)) 864004d4b27SMathieu Xhonneux goto drop; 865004d4b27SMathieu Xhonneux 866486cdf21SMathieu Xhonneux preempt_enable(); 867004d4b27SMathieu Xhonneux if (ret != BPF_REDIRECT) 868004d4b27SMathieu Xhonneux seg6_lookup_nexthop(skb, NULL, 0); 869004d4b27SMathieu Xhonneux 870004d4b27SMathieu Xhonneux return dst_input(skb); 871004d4b27SMathieu Xhonneux 872004d4b27SMathieu Xhonneux drop: 873486cdf21SMathieu Xhonneux preempt_enable(); 874004d4b27SMathieu Xhonneux kfree_skb(skb); 875004d4b27SMathieu Xhonneux return -EINVAL; 876004d4b27SMathieu Xhonneux } 877004d4b27SMathieu Xhonneux 878d1df6fd8SDavid Lebrun static struct seg6_action_desc seg6_action_table[] = { 879d1df6fd8SDavid Lebrun { 880d1df6fd8SDavid Lebrun .action = SEG6_LOCAL_ACTION_END, 881d1df6fd8SDavid Lebrun .attrs = 0, 882140f04c3SDavid Lebrun .input = input_action_end, 883d1df6fd8SDavid Lebrun }, 884140f04c3SDavid Lebrun { 885140f04c3SDavid Lebrun .action = SEG6_LOCAL_ACTION_END_X, 886140f04c3SDavid Lebrun .attrs = (1 << SEG6_LOCAL_NH6), 887140f04c3SDavid Lebrun .input = input_action_end_x, 888140f04c3SDavid Lebrun }, 889140f04c3SDavid Lebrun { 890891ef8ddSDavid Lebrun .action = SEG6_LOCAL_ACTION_END_T, 891891ef8ddSDavid Lebrun .attrs = (1 << SEG6_LOCAL_TABLE), 892891ef8ddSDavid Lebrun .input = input_action_end_t, 893891ef8ddSDavid Lebrun }, 894891ef8ddSDavid Lebrun { 895891ef8ddSDavid Lebrun .action = SEG6_LOCAL_ACTION_END_DX2, 896891ef8ddSDavid Lebrun .attrs = (1 << SEG6_LOCAL_OIF), 897891ef8ddSDavid Lebrun .input = input_action_end_dx2, 898891ef8ddSDavid Lebrun }, 899891ef8ddSDavid Lebrun { 900140f04c3SDavid Lebrun .action = SEG6_LOCAL_ACTION_END_DX6, 901140f04c3SDavid Lebrun .attrs = (1 << SEG6_LOCAL_NH6), 902140f04c3SDavid Lebrun .input = input_action_end_dx6, 903140f04c3SDavid Lebrun }, 904140f04c3SDavid Lebrun { 905891ef8ddSDavid Lebrun .action = SEG6_LOCAL_ACTION_END_DX4, 906891ef8ddSDavid Lebrun .attrs = (1 << SEG6_LOCAL_NH4), 907891ef8ddSDavid Lebrun .input = input_action_end_dx4, 908891ef8ddSDavid Lebrun }, 909891ef8ddSDavid Lebrun { 910664d6f86SAndrea Mayer .action = SEG6_LOCAL_ACTION_END_DT4, 911664d6f86SAndrea Mayer .attrs = (1 << SEG6_LOCAL_VRFTABLE), 912664d6f86SAndrea Mayer #ifdef CONFIG_NET_L3_MASTER_DEV 913664d6f86SAndrea Mayer .input = input_action_end_dt4, 914664d6f86SAndrea Mayer .slwt_ops = { 915664d6f86SAndrea Mayer .build_state = seg6_end_dt4_build, 916664d6f86SAndrea Mayer }, 917664d6f86SAndrea Mayer #endif 918664d6f86SAndrea Mayer }, 919664d6f86SAndrea Mayer { 920891ef8ddSDavid Lebrun .action = SEG6_LOCAL_ACTION_END_DT6, 921*20a081b7SAndrea Mayer #ifdef CONFIG_NET_L3_MASTER_DEV 922*20a081b7SAndrea Mayer .attrs = 0, 923*20a081b7SAndrea Mayer .optattrs = (1 << SEG6_LOCAL_TABLE) | 924*20a081b7SAndrea Mayer (1 << SEG6_LOCAL_VRFTABLE), 925*20a081b7SAndrea Mayer .slwt_ops = { 926*20a081b7SAndrea Mayer .build_state = seg6_end_dt6_build, 927*20a081b7SAndrea Mayer }, 928*20a081b7SAndrea Mayer #else 929891ef8ddSDavid Lebrun .attrs = (1 << SEG6_LOCAL_TABLE), 930*20a081b7SAndrea Mayer #endif 931891ef8ddSDavid Lebrun .input = input_action_end_dt6, 932891ef8ddSDavid Lebrun }, 933891ef8ddSDavid Lebrun { 934140f04c3SDavid Lebrun .action = SEG6_LOCAL_ACTION_END_B6, 935140f04c3SDavid Lebrun .attrs = (1 << SEG6_LOCAL_SRH), 936140f04c3SDavid Lebrun .input = input_action_end_b6, 937140f04c3SDavid Lebrun }, 938140f04c3SDavid Lebrun { 939140f04c3SDavid Lebrun .action = SEG6_LOCAL_ACTION_END_B6_ENCAP, 940140f04c3SDavid Lebrun .attrs = (1 << SEG6_LOCAL_SRH), 941140f04c3SDavid Lebrun .input = input_action_end_b6_encap, 942140f04c3SDavid Lebrun .static_headroom = sizeof(struct ipv6hdr), 943004d4b27SMathieu Xhonneux }, 944004d4b27SMathieu Xhonneux { 945004d4b27SMathieu Xhonneux .action = SEG6_LOCAL_ACTION_END_BPF, 946004d4b27SMathieu Xhonneux .attrs = (1 << SEG6_LOCAL_BPF), 947004d4b27SMathieu Xhonneux .input = input_action_end_bpf, 948004d4b27SMathieu Xhonneux }, 949004d4b27SMathieu Xhonneux 950d1df6fd8SDavid Lebrun }; 951d1df6fd8SDavid Lebrun 952d1df6fd8SDavid Lebrun static struct seg6_action_desc *__get_action_desc(int action) 953d1df6fd8SDavid Lebrun { 954d1df6fd8SDavid Lebrun struct seg6_action_desc *desc; 955d1df6fd8SDavid Lebrun int i, count; 956d1df6fd8SDavid Lebrun 957709af180SColin Ian King count = ARRAY_SIZE(seg6_action_table); 958d1df6fd8SDavid Lebrun for (i = 0; i < count; i++) { 959d1df6fd8SDavid Lebrun desc = &seg6_action_table[i]; 960d1df6fd8SDavid Lebrun if (desc->action == action) 961d1df6fd8SDavid Lebrun return desc; 962d1df6fd8SDavid Lebrun } 963d1df6fd8SDavid Lebrun 964d1df6fd8SDavid Lebrun return NULL; 965d1df6fd8SDavid Lebrun } 966d1df6fd8SDavid Lebrun 967d1df6fd8SDavid Lebrun static int seg6_local_input(struct sk_buff *skb) 968d1df6fd8SDavid Lebrun { 969d1df6fd8SDavid Lebrun struct dst_entry *orig_dst = skb_dst(skb); 970d1df6fd8SDavid Lebrun struct seg6_action_desc *desc; 971d1df6fd8SDavid Lebrun struct seg6_local_lwt *slwt; 972d1df6fd8SDavid Lebrun 9736285217fSDavid Lebrun if (skb->protocol != htons(ETH_P_IPV6)) { 9746285217fSDavid Lebrun kfree_skb(skb); 9756285217fSDavid Lebrun return -EINVAL; 9766285217fSDavid Lebrun } 9776285217fSDavid Lebrun 978d1df6fd8SDavid Lebrun slwt = seg6_local_lwtunnel(orig_dst->lwtstate); 979d1df6fd8SDavid Lebrun desc = slwt->desc; 980d1df6fd8SDavid Lebrun 981d1df6fd8SDavid Lebrun return desc->input(skb, slwt); 982d1df6fd8SDavid Lebrun } 983d1df6fd8SDavid Lebrun 984d1df6fd8SDavid Lebrun static const struct nla_policy seg6_local_policy[SEG6_LOCAL_MAX + 1] = { 985d1df6fd8SDavid Lebrun [SEG6_LOCAL_ACTION] = { .type = NLA_U32 }, 986d1df6fd8SDavid Lebrun [SEG6_LOCAL_SRH] = { .type = NLA_BINARY }, 987d1df6fd8SDavid Lebrun [SEG6_LOCAL_TABLE] = { .type = NLA_U32 }, 988664d6f86SAndrea Mayer [SEG6_LOCAL_VRFTABLE] = { .type = NLA_U32 }, 989d1df6fd8SDavid Lebrun [SEG6_LOCAL_NH4] = { .type = NLA_BINARY, 990d1df6fd8SDavid Lebrun .len = sizeof(struct in_addr) }, 991d1df6fd8SDavid Lebrun [SEG6_LOCAL_NH6] = { .type = NLA_BINARY, 992d1df6fd8SDavid Lebrun .len = sizeof(struct in6_addr) }, 993d1df6fd8SDavid Lebrun [SEG6_LOCAL_IIF] = { .type = NLA_U32 }, 994d1df6fd8SDavid Lebrun [SEG6_LOCAL_OIF] = { .type = NLA_U32 }, 995004d4b27SMathieu Xhonneux [SEG6_LOCAL_BPF] = { .type = NLA_NESTED }, 996d1df6fd8SDavid Lebrun }; 997d1df6fd8SDavid Lebrun 9982d9cc60aSDavid Lebrun static int parse_nla_srh(struct nlattr **attrs, struct seg6_local_lwt *slwt) 9992d9cc60aSDavid Lebrun { 10002d9cc60aSDavid Lebrun struct ipv6_sr_hdr *srh; 10012d9cc60aSDavid Lebrun int len; 10022d9cc60aSDavid Lebrun 10032d9cc60aSDavid Lebrun srh = nla_data(attrs[SEG6_LOCAL_SRH]); 10042d9cc60aSDavid Lebrun len = nla_len(attrs[SEG6_LOCAL_SRH]); 10052d9cc60aSDavid Lebrun 10062d9cc60aSDavid Lebrun /* SRH must contain at least one segment */ 10072d9cc60aSDavid Lebrun if (len < sizeof(*srh) + sizeof(struct in6_addr)) 10082d9cc60aSDavid Lebrun return -EINVAL; 10092d9cc60aSDavid Lebrun 1010bb986a50SAhmed Abdelsalam if (!seg6_validate_srh(srh, len, false)) 10112d9cc60aSDavid Lebrun return -EINVAL; 10122d9cc60aSDavid Lebrun 10137fa41efaSYueHaibing slwt->srh = kmemdup(srh, len, GFP_KERNEL); 10142d9cc60aSDavid Lebrun if (!slwt->srh) 10152d9cc60aSDavid Lebrun return -ENOMEM; 10162d9cc60aSDavid Lebrun 10172d9cc60aSDavid Lebrun slwt->headroom += len; 10182d9cc60aSDavid Lebrun 10192d9cc60aSDavid Lebrun return 0; 10202d9cc60aSDavid Lebrun } 10212d9cc60aSDavid Lebrun 10222d9cc60aSDavid Lebrun static int put_nla_srh(struct sk_buff *skb, struct seg6_local_lwt *slwt) 10232d9cc60aSDavid Lebrun { 10242d9cc60aSDavid Lebrun struct ipv6_sr_hdr *srh; 10252d9cc60aSDavid Lebrun struct nlattr *nla; 10262d9cc60aSDavid Lebrun int len; 10272d9cc60aSDavid Lebrun 10282d9cc60aSDavid Lebrun srh = slwt->srh; 10292d9cc60aSDavid Lebrun len = (srh->hdrlen + 1) << 3; 10302d9cc60aSDavid Lebrun 10312d9cc60aSDavid Lebrun nla = nla_reserve(skb, SEG6_LOCAL_SRH, len); 10322d9cc60aSDavid Lebrun if (!nla) 10332d9cc60aSDavid Lebrun return -EMSGSIZE; 10342d9cc60aSDavid Lebrun 10352d9cc60aSDavid Lebrun memcpy(nla_data(nla), srh, len); 10362d9cc60aSDavid Lebrun 10372d9cc60aSDavid Lebrun return 0; 10382d9cc60aSDavid Lebrun } 10392d9cc60aSDavid Lebrun 10402d9cc60aSDavid Lebrun static int cmp_nla_srh(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 10412d9cc60aSDavid Lebrun { 10422d9cc60aSDavid Lebrun int len = (a->srh->hdrlen + 1) << 3; 10432d9cc60aSDavid Lebrun 10442d9cc60aSDavid Lebrun if (len != ((b->srh->hdrlen + 1) << 3)) 10452d9cc60aSDavid Lebrun return 1; 10462d9cc60aSDavid Lebrun 10472d9cc60aSDavid Lebrun return memcmp(a->srh, b->srh, len); 10482d9cc60aSDavid Lebrun } 10492d9cc60aSDavid Lebrun 1050964adce5SAndrea Mayer static void destroy_attr_srh(struct seg6_local_lwt *slwt) 1051964adce5SAndrea Mayer { 1052964adce5SAndrea Mayer kfree(slwt->srh); 1053964adce5SAndrea Mayer } 1054964adce5SAndrea Mayer 10552d9cc60aSDavid Lebrun static int parse_nla_table(struct nlattr **attrs, struct seg6_local_lwt *slwt) 10562d9cc60aSDavid Lebrun { 10572d9cc60aSDavid Lebrun slwt->table = nla_get_u32(attrs[SEG6_LOCAL_TABLE]); 10582d9cc60aSDavid Lebrun 10592d9cc60aSDavid Lebrun return 0; 10602d9cc60aSDavid Lebrun } 10612d9cc60aSDavid Lebrun 10622d9cc60aSDavid Lebrun static int put_nla_table(struct sk_buff *skb, struct seg6_local_lwt *slwt) 10632d9cc60aSDavid Lebrun { 10642d9cc60aSDavid Lebrun if (nla_put_u32(skb, SEG6_LOCAL_TABLE, slwt->table)) 10652d9cc60aSDavid Lebrun return -EMSGSIZE; 10662d9cc60aSDavid Lebrun 10672d9cc60aSDavid Lebrun return 0; 10682d9cc60aSDavid Lebrun } 10692d9cc60aSDavid Lebrun 10702d9cc60aSDavid Lebrun static int cmp_nla_table(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 10712d9cc60aSDavid Lebrun { 10722d9cc60aSDavid Lebrun if (a->table != b->table) 10732d9cc60aSDavid Lebrun return 1; 10742d9cc60aSDavid Lebrun 10752d9cc60aSDavid Lebrun return 0; 10762d9cc60aSDavid Lebrun } 10772d9cc60aSDavid Lebrun 1078664d6f86SAndrea Mayer static struct 1079664d6f86SAndrea Mayer seg6_end_dt_info *seg6_possible_end_dt_info(struct seg6_local_lwt *slwt) 1080664d6f86SAndrea Mayer { 1081664d6f86SAndrea Mayer #ifdef CONFIG_NET_L3_MASTER_DEV 1082664d6f86SAndrea Mayer return &slwt->dt_info; 1083664d6f86SAndrea Mayer #else 1084664d6f86SAndrea Mayer return ERR_PTR(-EOPNOTSUPP); 1085664d6f86SAndrea Mayer #endif 1086664d6f86SAndrea Mayer } 1087664d6f86SAndrea Mayer 1088664d6f86SAndrea Mayer static int parse_nla_vrftable(struct nlattr **attrs, 1089664d6f86SAndrea Mayer struct seg6_local_lwt *slwt) 1090664d6f86SAndrea Mayer { 1091664d6f86SAndrea Mayer struct seg6_end_dt_info *info = seg6_possible_end_dt_info(slwt); 1092664d6f86SAndrea Mayer 1093664d6f86SAndrea Mayer if (IS_ERR(info)) 1094664d6f86SAndrea Mayer return PTR_ERR(info); 1095664d6f86SAndrea Mayer 1096664d6f86SAndrea Mayer info->vrf_table = nla_get_u32(attrs[SEG6_LOCAL_VRFTABLE]); 1097664d6f86SAndrea Mayer 1098664d6f86SAndrea Mayer return 0; 1099664d6f86SAndrea Mayer } 1100664d6f86SAndrea Mayer 1101664d6f86SAndrea Mayer static int put_nla_vrftable(struct sk_buff *skb, struct seg6_local_lwt *slwt) 1102664d6f86SAndrea Mayer { 1103664d6f86SAndrea Mayer struct seg6_end_dt_info *info = seg6_possible_end_dt_info(slwt); 1104664d6f86SAndrea Mayer 1105664d6f86SAndrea Mayer if (IS_ERR(info)) 1106664d6f86SAndrea Mayer return PTR_ERR(info); 1107664d6f86SAndrea Mayer 1108664d6f86SAndrea Mayer if (nla_put_u32(skb, SEG6_LOCAL_VRFTABLE, info->vrf_table)) 1109664d6f86SAndrea Mayer return -EMSGSIZE; 1110664d6f86SAndrea Mayer 1111664d6f86SAndrea Mayer return 0; 1112664d6f86SAndrea Mayer } 1113664d6f86SAndrea Mayer 1114664d6f86SAndrea Mayer static int cmp_nla_vrftable(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 1115664d6f86SAndrea Mayer { 1116664d6f86SAndrea Mayer struct seg6_end_dt_info *info_a = seg6_possible_end_dt_info(a); 1117664d6f86SAndrea Mayer struct seg6_end_dt_info *info_b = seg6_possible_end_dt_info(b); 1118664d6f86SAndrea Mayer 1119664d6f86SAndrea Mayer if (info_a->vrf_table != info_b->vrf_table) 1120664d6f86SAndrea Mayer return 1; 1121664d6f86SAndrea Mayer 1122664d6f86SAndrea Mayer return 0; 1123664d6f86SAndrea Mayer } 1124664d6f86SAndrea Mayer 11252d9cc60aSDavid Lebrun static int parse_nla_nh4(struct nlattr **attrs, struct seg6_local_lwt *slwt) 11262d9cc60aSDavid Lebrun { 11272d9cc60aSDavid Lebrun memcpy(&slwt->nh4, nla_data(attrs[SEG6_LOCAL_NH4]), 11282d9cc60aSDavid Lebrun sizeof(struct in_addr)); 11292d9cc60aSDavid Lebrun 11302d9cc60aSDavid Lebrun return 0; 11312d9cc60aSDavid Lebrun } 11322d9cc60aSDavid Lebrun 11332d9cc60aSDavid Lebrun static int put_nla_nh4(struct sk_buff *skb, struct seg6_local_lwt *slwt) 11342d9cc60aSDavid Lebrun { 11352d9cc60aSDavid Lebrun struct nlattr *nla; 11362d9cc60aSDavid Lebrun 11372d9cc60aSDavid Lebrun nla = nla_reserve(skb, SEG6_LOCAL_NH4, sizeof(struct in_addr)); 11382d9cc60aSDavid Lebrun if (!nla) 11392d9cc60aSDavid Lebrun return -EMSGSIZE; 11402d9cc60aSDavid Lebrun 11412d9cc60aSDavid Lebrun memcpy(nla_data(nla), &slwt->nh4, sizeof(struct in_addr)); 11422d9cc60aSDavid Lebrun 11432d9cc60aSDavid Lebrun return 0; 11442d9cc60aSDavid Lebrun } 11452d9cc60aSDavid Lebrun 11462d9cc60aSDavid Lebrun static int cmp_nla_nh4(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 11472d9cc60aSDavid Lebrun { 11482d9cc60aSDavid Lebrun return memcmp(&a->nh4, &b->nh4, sizeof(struct in_addr)); 11492d9cc60aSDavid Lebrun } 11502d9cc60aSDavid Lebrun 11512d9cc60aSDavid Lebrun static int parse_nla_nh6(struct nlattr **attrs, struct seg6_local_lwt *slwt) 11522d9cc60aSDavid Lebrun { 11532d9cc60aSDavid Lebrun memcpy(&slwt->nh6, nla_data(attrs[SEG6_LOCAL_NH6]), 11542d9cc60aSDavid Lebrun sizeof(struct in6_addr)); 11552d9cc60aSDavid Lebrun 11562d9cc60aSDavid Lebrun return 0; 11572d9cc60aSDavid Lebrun } 11582d9cc60aSDavid Lebrun 11592d9cc60aSDavid Lebrun static int put_nla_nh6(struct sk_buff *skb, struct seg6_local_lwt *slwt) 11602d9cc60aSDavid Lebrun { 11612d9cc60aSDavid Lebrun struct nlattr *nla; 11622d9cc60aSDavid Lebrun 11632d9cc60aSDavid Lebrun nla = nla_reserve(skb, SEG6_LOCAL_NH6, sizeof(struct in6_addr)); 11642d9cc60aSDavid Lebrun if (!nla) 11652d9cc60aSDavid Lebrun return -EMSGSIZE; 11662d9cc60aSDavid Lebrun 11672d9cc60aSDavid Lebrun memcpy(nla_data(nla), &slwt->nh6, sizeof(struct in6_addr)); 11682d9cc60aSDavid Lebrun 11692d9cc60aSDavid Lebrun return 0; 11702d9cc60aSDavid Lebrun } 11712d9cc60aSDavid Lebrun 11722d9cc60aSDavid Lebrun static int cmp_nla_nh6(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 11732d9cc60aSDavid Lebrun { 11742d9cc60aSDavid Lebrun return memcmp(&a->nh6, &b->nh6, sizeof(struct in6_addr)); 11752d9cc60aSDavid Lebrun } 11762d9cc60aSDavid Lebrun 11772d9cc60aSDavid Lebrun static int parse_nla_iif(struct nlattr **attrs, struct seg6_local_lwt *slwt) 11782d9cc60aSDavid Lebrun { 11792d9cc60aSDavid Lebrun slwt->iif = nla_get_u32(attrs[SEG6_LOCAL_IIF]); 11802d9cc60aSDavid Lebrun 11812d9cc60aSDavid Lebrun return 0; 11822d9cc60aSDavid Lebrun } 11832d9cc60aSDavid Lebrun 11842d9cc60aSDavid Lebrun static int put_nla_iif(struct sk_buff *skb, struct seg6_local_lwt *slwt) 11852d9cc60aSDavid Lebrun { 11862d9cc60aSDavid Lebrun if (nla_put_u32(skb, SEG6_LOCAL_IIF, slwt->iif)) 11872d9cc60aSDavid Lebrun return -EMSGSIZE; 11882d9cc60aSDavid Lebrun 11892d9cc60aSDavid Lebrun return 0; 11902d9cc60aSDavid Lebrun } 11912d9cc60aSDavid Lebrun 11922d9cc60aSDavid Lebrun static int cmp_nla_iif(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 11932d9cc60aSDavid Lebrun { 11942d9cc60aSDavid Lebrun if (a->iif != b->iif) 11952d9cc60aSDavid Lebrun return 1; 11962d9cc60aSDavid Lebrun 11972d9cc60aSDavid Lebrun return 0; 11982d9cc60aSDavid Lebrun } 11992d9cc60aSDavid Lebrun 12002d9cc60aSDavid Lebrun static int parse_nla_oif(struct nlattr **attrs, struct seg6_local_lwt *slwt) 12012d9cc60aSDavid Lebrun { 12022d9cc60aSDavid Lebrun slwt->oif = nla_get_u32(attrs[SEG6_LOCAL_OIF]); 12032d9cc60aSDavid Lebrun 12042d9cc60aSDavid Lebrun return 0; 12052d9cc60aSDavid Lebrun } 12062d9cc60aSDavid Lebrun 12072d9cc60aSDavid Lebrun static int put_nla_oif(struct sk_buff *skb, struct seg6_local_lwt *slwt) 12082d9cc60aSDavid Lebrun { 12092d9cc60aSDavid Lebrun if (nla_put_u32(skb, SEG6_LOCAL_OIF, slwt->oif)) 12102d9cc60aSDavid Lebrun return -EMSGSIZE; 12112d9cc60aSDavid Lebrun 12122d9cc60aSDavid Lebrun return 0; 12132d9cc60aSDavid Lebrun } 12142d9cc60aSDavid Lebrun 12152d9cc60aSDavid Lebrun static int cmp_nla_oif(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 12162d9cc60aSDavid Lebrun { 12172d9cc60aSDavid Lebrun if (a->oif != b->oif) 12182d9cc60aSDavid Lebrun return 1; 12192d9cc60aSDavid Lebrun 12202d9cc60aSDavid Lebrun return 0; 12212d9cc60aSDavid Lebrun } 12222d9cc60aSDavid Lebrun 1223004d4b27SMathieu Xhonneux #define MAX_PROG_NAME 256 1224004d4b27SMathieu Xhonneux static const struct nla_policy bpf_prog_policy[SEG6_LOCAL_BPF_PROG_MAX + 1] = { 1225004d4b27SMathieu Xhonneux [SEG6_LOCAL_BPF_PROG] = { .type = NLA_U32, }, 1226004d4b27SMathieu Xhonneux [SEG6_LOCAL_BPF_PROG_NAME] = { .type = NLA_NUL_STRING, 1227004d4b27SMathieu Xhonneux .len = MAX_PROG_NAME }, 1228004d4b27SMathieu Xhonneux }; 1229004d4b27SMathieu Xhonneux 1230004d4b27SMathieu Xhonneux static int parse_nla_bpf(struct nlattr **attrs, struct seg6_local_lwt *slwt) 1231004d4b27SMathieu Xhonneux { 1232004d4b27SMathieu Xhonneux struct nlattr *tb[SEG6_LOCAL_BPF_PROG_MAX + 1]; 1233004d4b27SMathieu Xhonneux struct bpf_prog *p; 1234004d4b27SMathieu Xhonneux int ret; 1235004d4b27SMathieu Xhonneux u32 fd; 1236004d4b27SMathieu Xhonneux 12378cb08174SJohannes Berg ret = nla_parse_nested_deprecated(tb, SEG6_LOCAL_BPF_PROG_MAX, 12388cb08174SJohannes Berg attrs[SEG6_LOCAL_BPF], 12398cb08174SJohannes Berg bpf_prog_policy, NULL); 1240004d4b27SMathieu Xhonneux if (ret < 0) 1241004d4b27SMathieu Xhonneux return ret; 1242004d4b27SMathieu Xhonneux 1243004d4b27SMathieu Xhonneux if (!tb[SEG6_LOCAL_BPF_PROG] || !tb[SEG6_LOCAL_BPF_PROG_NAME]) 1244004d4b27SMathieu Xhonneux return -EINVAL; 1245004d4b27SMathieu Xhonneux 1246004d4b27SMathieu Xhonneux slwt->bpf.name = nla_memdup(tb[SEG6_LOCAL_BPF_PROG_NAME], GFP_KERNEL); 1247004d4b27SMathieu Xhonneux if (!slwt->bpf.name) 1248004d4b27SMathieu Xhonneux return -ENOMEM; 1249004d4b27SMathieu Xhonneux 1250004d4b27SMathieu Xhonneux fd = nla_get_u32(tb[SEG6_LOCAL_BPF_PROG]); 1251004d4b27SMathieu Xhonneux p = bpf_prog_get_type(fd, BPF_PROG_TYPE_LWT_SEG6LOCAL); 1252004d4b27SMathieu Xhonneux if (IS_ERR(p)) { 1253004d4b27SMathieu Xhonneux kfree(slwt->bpf.name); 1254004d4b27SMathieu Xhonneux return PTR_ERR(p); 1255004d4b27SMathieu Xhonneux } 1256004d4b27SMathieu Xhonneux 1257004d4b27SMathieu Xhonneux slwt->bpf.prog = p; 1258004d4b27SMathieu Xhonneux return 0; 1259004d4b27SMathieu Xhonneux } 1260004d4b27SMathieu Xhonneux 1261004d4b27SMathieu Xhonneux static int put_nla_bpf(struct sk_buff *skb, struct seg6_local_lwt *slwt) 1262004d4b27SMathieu Xhonneux { 1263004d4b27SMathieu Xhonneux struct nlattr *nest; 1264004d4b27SMathieu Xhonneux 1265004d4b27SMathieu Xhonneux if (!slwt->bpf.prog) 1266004d4b27SMathieu Xhonneux return 0; 1267004d4b27SMathieu Xhonneux 1268ae0be8deSMichal Kubecek nest = nla_nest_start_noflag(skb, SEG6_LOCAL_BPF); 1269004d4b27SMathieu Xhonneux if (!nest) 1270004d4b27SMathieu Xhonneux return -EMSGSIZE; 1271004d4b27SMathieu Xhonneux 1272004d4b27SMathieu Xhonneux if (nla_put_u32(skb, SEG6_LOCAL_BPF_PROG, slwt->bpf.prog->aux->id)) 1273004d4b27SMathieu Xhonneux return -EMSGSIZE; 1274004d4b27SMathieu Xhonneux 1275004d4b27SMathieu Xhonneux if (slwt->bpf.name && 1276004d4b27SMathieu Xhonneux nla_put_string(skb, SEG6_LOCAL_BPF_PROG_NAME, slwt->bpf.name)) 1277004d4b27SMathieu Xhonneux return -EMSGSIZE; 1278004d4b27SMathieu Xhonneux 1279004d4b27SMathieu Xhonneux return nla_nest_end(skb, nest); 1280004d4b27SMathieu Xhonneux } 1281004d4b27SMathieu Xhonneux 1282004d4b27SMathieu Xhonneux static int cmp_nla_bpf(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 1283004d4b27SMathieu Xhonneux { 1284004d4b27SMathieu Xhonneux if (!a->bpf.name && !b->bpf.name) 1285004d4b27SMathieu Xhonneux return 0; 1286004d4b27SMathieu Xhonneux 1287004d4b27SMathieu Xhonneux if (!a->bpf.name || !b->bpf.name) 1288004d4b27SMathieu Xhonneux return 1; 1289004d4b27SMathieu Xhonneux 1290004d4b27SMathieu Xhonneux return strcmp(a->bpf.name, b->bpf.name); 1291004d4b27SMathieu Xhonneux } 1292004d4b27SMathieu Xhonneux 1293964adce5SAndrea Mayer static void destroy_attr_bpf(struct seg6_local_lwt *slwt) 1294964adce5SAndrea Mayer { 1295964adce5SAndrea Mayer kfree(slwt->bpf.name); 1296964adce5SAndrea Mayer if (slwt->bpf.prog) 1297964adce5SAndrea Mayer bpf_prog_put(slwt->bpf.prog); 1298964adce5SAndrea Mayer } 1299964adce5SAndrea Mayer 1300d1df6fd8SDavid Lebrun struct seg6_action_param { 1301d1df6fd8SDavid Lebrun int (*parse)(struct nlattr **attrs, struct seg6_local_lwt *slwt); 1302d1df6fd8SDavid Lebrun int (*put)(struct sk_buff *skb, struct seg6_local_lwt *slwt); 1303d1df6fd8SDavid Lebrun int (*cmp)(struct seg6_local_lwt *a, struct seg6_local_lwt *b); 1304964adce5SAndrea Mayer 1305964adce5SAndrea Mayer /* optional destroy() callback useful for releasing resources which 1306964adce5SAndrea Mayer * have been previously acquired in the corresponding parse() 1307964adce5SAndrea Mayer * function. 1308964adce5SAndrea Mayer */ 1309964adce5SAndrea Mayer void (*destroy)(struct seg6_local_lwt *slwt); 1310d1df6fd8SDavid Lebrun }; 1311d1df6fd8SDavid Lebrun 1312d1df6fd8SDavid Lebrun static struct seg6_action_param seg6_action_params[SEG6_LOCAL_MAX + 1] = { 13132d9cc60aSDavid Lebrun [SEG6_LOCAL_SRH] = { .parse = parse_nla_srh, 13142d9cc60aSDavid Lebrun .put = put_nla_srh, 1315964adce5SAndrea Mayer .cmp = cmp_nla_srh, 1316964adce5SAndrea Mayer .destroy = destroy_attr_srh }, 1317d1df6fd8SDavid Lebrun 13182d9cc60aSDavid Lebrun [SEG6_LOCAL_TABLE] = { .parse = parse_nla_table, 13192d9cc60aSDavid Lebrun .put = put_nla_table, 13202d9cc60aSDavid Lebrun .cmp = cmp_nla_table }, 1321d1df6fd8SDavid Lebrun 13222d9cc60aSDavid Lebrun [SEG6_LOCAL_NH4] = { .parse = parse_nla_nh4, 13232d9cc60aSDavid Lebrun .put = put_nla_nh4, 13242d9cc60aSDavid Lebrun .cmp = cmp_nla_nh4 }, 1325d1df6fd8SDavid Lebrun 13262d9cc60aSDavid Lebrun [SEG6_LOCAL_NH6] = { .parse = parse_nla_nh6, 13272d9cc60aSDavid Lebrun .put = put_nla_nh6, 13282d9cc60aSDavid Lebrun .cmp = cmp_nla_nh6 }, 1329d1df6fd8SDavid Lebrun 13302d9cc60aSDavid Lebrun [SEG6_LOCAL_IIF] = { .parse = parse_nla_iif, 13312d9cc60aSDavid Lebrun .put = put_nla_iif, 13322d9cc60aSDavid Lebrun .cmp = cmp_nla_iif }, 1333d1df6fd8SDavid Lebrun 13342d9cc60aSDavid Lebrun [SEG6_LOCAL_OIF] = { .parse = parse_nla_oif, 13352d9cc60aSDavid Lebrun .put = put_nla_oif, 13362d9cc60aSDavid Lebrun .cmp = cmp_nla_oif }, 1337004d4b27SMathieu Xhonneux 1338004d4b27SMathieu Xhonneux [SEG6_LOCAL_BPF] = { .parse = parse_nla_bpf, 1339004d4b27SMathieu Xhonneux .put = put_nla_bpf, 1340964adce5SAndrea Mayer .cmp = cmp_nla_bpf, 1341964adce5SAndrea Mayer .destroy = destroy_attr_bpf }, 1342004d4b27SMathieu Xhonneux 1343664d6f86SAndrea Mayer [SEG6_LOCAL_VRFTABLE] = { .parse = parse_nla_vrftable, 1344664d6f86SAndrea Mayer .put = put_nla_vrftable, 1345664d6f86SAndrea Mayer .cmp = cmp_nla_vrftable }, 1346664d6f86SAndrea Mayer 1347d1df6fd8SDavid Lebrun }; 1348d1df6fd8SDavid Lebrun 1349964adce5SAndrea Mayer /* call the destroy() callback (if available) for each set attribute in 13500a3021f1SAndrea Mayer * @parsed_attrs, starting from the first attribute up to the @max_parsed 13510a3021f1SAndrea Mayer * (excluded) attribute. 1352964adce5SAndrea Mayer */ 13530a3021f1SAndrea Mayer static void __destroy_attrs(unsigned long parsed_attrs, int max_parsed, 13540a3021f1SAndrea Mayer struct seg6_local_lwt *slwt) 1355964adce5SAndrea Mayer { 1356964adce5SAndrea Mayer struct seg6_action_param *param; 1357964adce5SAndrea Mayer int i; 1358964adce5SAndrea Mayer 1359964adce5SAndrea Mayer /* Every required seg6local attribute is identified by an ID which is 1360964adce5SAndrea Mayer * encoded as a flag (i.e: 1 << ID) in the 'attrs' bitmask; 1361964adce5SAndrea Mayer * 13620a3021f1SAndrea Mayer * We scan the 'parsed_attrs' bitmask, starting from the first attribute 1363964adce5SAndrea Mayer * up to the @max_parsed (excluded) attribute. 1364964adce5SAndrea Mayer * For each set attribute, we retrieve the corresponding destroy() 1365964adce5SAndrea Mayer * callback. If the callback is not available, then we skip to the next 1366964adce5SAndrea Mayer * attribute; otherwise, we call the destroy() callback. 1367964adce5SAndrea Mayer */ 1368964adce5SAndrea Mayer for (i = 0; i < max_parsed; ++i) { 13690a3021f1SAndrea Mayer if (!(parsed_attrs & (1 << i))) 1370964adce5SAndrea Mayer continue; 1371964adce5SAndrea Mayer 1372964adce5SAndrea Mayer param = &seg6_action_params[i]; 1373964adce5SAndrea Mayer 1374964adce5SAndrea Mayer if (param->destroy) 1375964adce5SAndrea Mayer param->destroy(slwt); 1376964adce5SAndrea Mayer } 1377964adce5SAndrea Mayer } 1378964adce5SAndrea Mayer 1379964adce5SAndrea Mayer /* release all the resources that may have been acquired during parsing 1380964adce5SAndrea Mayer * operations. 1381964adce5SAndrea Mayer */ 1382964adce5SAndrea Mayer static void destroy_attrs(struct seg6_local_lwt *slwt) 1383964adce5SAndrea Mayer { 13840a3021f1SAndrea Mayer unsigned long attrs = slwt->desc->attrs | slwt->parsed_optattrs; 13850a3021f1SAndrea Mayer 13860a3021f1SAndrea Mayer __destroy_attrs(attrs, SEG6_LOCAL_MAX + 1, slwt); 13870a3021f1SAndrea Mayer } 13880a3021f1SAndrea Mayer 13890a3021f1SAndrea Mayer static int parse_nla_optional_attrs(struct nlattr **attrs, 13900a3021f1SAndrea Mayer struct seg6_local_lwt *slwt) 13910a3021f1SAndrea Mayer { 13920a3021f1SAndrea Mayer struct seg6_action_desc *desc = slwt->desc; 13930a3021f1SAndrea Mayer unsigned long parsed_optattrs = 0; 13940a3021f1SAndrea Mayer struct seg6_action_param *param; 13950a3021f1SAndrea Mayer int err, i; 13960a3021f1SAndrea Mayer 13970a3021f1SAndrea Mayer for (i = 0; i < SEG6_LOCAL_MAX + 1; ++i) { 13980a3021f1SAndrea Mayer if (!(desc->optattrs & (1 << i)) || !attrs[i]) 13990a3021f1SAndrea Mayer continue; 14000a3021f1SAndrea Mayer 14010a3021f1SAndrea Mayer /* once here, the i-th attribute is provided by the 14020a3021f1SAndrea Mayer * userspace AND it is identified optional as well. 14030a3021f1SAndrea Mayer */ 14040a3021f1SAndrea Mayer param = &seg6_action_params[i]; 14050a3021f1SAndrea Mayer 14060a3021f1SAndrea Mayer err = param->parse(attrs, slwt); 14070a3021f1SAndrea Mayer if (err < 0) 14080a3021f1SAndrea Mayer goto parse_optattrs_err; 14090a3021f1SAndrea Mayer 14100a3021f1SAndrea Mayer /* current attribute has been correctly parsed */ 14110a3021f1SAndrea Mayer parsed_optattrs |= (1 << i); 14120a3021f1SAndrea Mayer } 14130a3021f1SAndrea Mayer 14140a3021f1SAndrea Mayer /* store in the tunnel state all the optional attributed successfully 14150a3021f1SAndrea Mayer * parsed. 14160a3021f1SAndrea Mayer */ 14170a3021f1SAndrea Mayer slwt->parsed_optattrs = parsed_optattrs; 14180a3021f1SAndrea Mayer 14190a3021f1SAndrea Mayer return 0; 14200a3021f1SAndrea Mayer 14210a3021f1SAndrea Mayer parse_optattrs_err: 14220a3021f1SAndrea Mayer __destroy_attrs(parsed_optattrs, i, slwt); 14230a3021f1SAndrea Mayer 14240a3021f1SAndrea Mayer return err; 1425964adce5SAndrea Mayer } 1426964adce5SAndrea Mayer 1427cfdf64a0SAndrea Mayer /* call the custom constructor of the behavior during its initialization phase 1428cfdf64a0SAndrea Mayer * and after that all its attributes have been parsed successfully. 1429cfdf64a0SAndrea Mayer */ 1430cfdf64a0SAndrea Mayer static int 1431cfdf64a0SAndrea Mayer seg6_local_lwtunnel_build_state(struct seg6_local_lwt *slwt, const void *cfg, 1432cfdf64a0SAndrea Mayer struct netlink_ext_ack *extack) 1433cfdf64a0SAndrea Mayer { 1434cfdf64a0SAndrea Mayer struct seg6_action_desc *desc = slwt->desc; 1435cfdf64a0SAndrea Mayer struct seg6_local_lwtunnel_ops *ops; 1436cfdf64a0SAndrea Mayer 1437cfdf64a0SAndrea Mayer ops = &desc->slwt_ops; 1438cfdf64a0SAndrea Mayer if (!ops->build_state) 1439cfdf64a0SAndrea Mayer return 0; 1440cfdf64a0SAndrea Mayer 1441cfdf64a0SAndrea Mayer return ops->build_state(slwt, cfg, extack); 1442cfdf64a0SAndrea Mayer } 1443cfdf64a0SAndrea Mayer 1444cfdf64a0SAndrea Mayer /* call the custom destructor of the behavior which is invoked before the 1445cfdf64a0SAndrea Mayer * tunnel is going to be destroyed. 1446cfdf64a0SAndrea Mayer */ 1447cfdf64a0SAndrea Mayer static void seg6_local_lwtunnel_destroy_state(struct seg6_local_lwt *slwt) 1448cfdf64a0SAndrea Mayer { 1449cfdf64a0SAndrea Mayer struct seg6_action_desc *desc = slwt->desc; 1450cfdf64a0SAndrea Mayer struct seg6_local_lwtunnel_ops *ops; 1451cfdf64a0SAndrea Mayer 1452cfdf64a0SAndrea Mayer ops = &desc->slwt_ops; 1453cfdf64a0SAndrea Mayer if (!ops->destroy_state) 1454cfdf64a0SAndrea Mayer return; 1455cfdf64a0SAndrea Mayer 1456cfdf64a0SAndrea Mayer ops->destroy_state(slwt); 1457cfdf64a0SAndrea Mayer } 1458cfdf64a0SAndrea Mayer 1459d1df6fd8SDavid Lebrun static int parse_nla_action(struct nlattr **attrs, struct seg6_local_lwt *slwt) 1460d1df6fd8SDavid Lebrun { 1461d1df6fd8SDavid Lebrun struct seg6_action_param *param; 1462d1df6fd8SDavid Lebrun struct seg6_action_desc *desc; 14630a3021f1SAndrea Mayer unsigned long invalid_attrs; 1464d1df6fd8SDavid Lebrun int i, err; 1465d1df6fd8SDavid Lebrun 1466d1df6fd8SDavid Lebrun desc = __get_action_desc(slwt->action); 1467d1df6fd8SDavid Lebrun if (!desc) 1468d1df6fd8SDavid Lebrun return -EINVAL; 1469d1df6fd8SDavid Lebrun 1470d1df6fd8SDavid Lebrun if (!desc->input) 1471d1df6fd8SDavid Lebrun return -EOPNOTSUPP; 1472d1df6fd8SDavid Lebrun 1473d1df6fd8SDavid Lebrun slwt->desc = desc; 1474d1df6fd8SDavid Lebrun slwt->headroom += desc->static_headroom; 1475d1df6fd8SDavid Lebrun 14760a3021f1SAndrea Mayer /* Forcing the desc->optattrs *set* and the desc->attrs *set* to be 14770a3021f1SAndrea Mayer * disjoined, this allow us to release acquired resources by optional 14780a3021f1SAndrea Mayer * attributes and by required attributes independently from each other 14790a3021f1SAndrea Mayer * without any interfarence. 14800a3021f1SAndrea Mayer * In other terms, we are sure that we do not release some the acquired 14810a3021f1SAndrea Mayer * resources twice. 14820a3021f1SAndrea Mayer * 14830a3021f1SAndrea Mayer * Note that if an attribute is configured both as required and as 14840a3021f1SAndrea Mayer * optional, it means that the user has messed something up in the 14850a3021f1SAndrea Mayer * seg6_action_table. Therefore, this check is required for SRv6 14860a3021f1SAndrea Mayer * behaviors to work properly. 14870a3021f1SAndrea Mayer */ 14880a3021f1SAndrea Mayer invalid_attrs = desc->attrs & desc->optattrs; 14890a3021f1SAndrea Mayer if (invalid_attrs) { 14900a3021f1SAndrea Mayer WARN_ONCE(1, 14910a3021f1SAndrea Mayer "An attribute cannot be both required AND optional"); 14920a3021f1SAndrea Mayer return -EINVAL; 14930a3021f1SAndrea Mayer } 14940a3021f1SAndrea Mayer 14950a3021f1SAndrea Mayer /* parse the required attributes */ 1496d1df6fd8SDavid Lebrun for (i = 0; i < SEG6_LOCAL_MAX + 1; i++) { 1497d1df6fd8SDavid Lebrun if (desc->attrs & (1 << i)) { 1498d1df6fd8SDavid Lebrun if (!attrs[i]) 1499d1df6fd8SDavid Lebrun return -EINVAL; 1500d1df6fd8SDavid Lebrun 1501d1df6fd8SDavid Lebrun param = &seg6_action_params[i]; 1502d1df6fd8SDavid Lebrun 1503d1df6fd8SDavid Lebrun err = param->parse(attrs, slwt); 1504d1df6fd8SDavid Lebrun if (err < 0) 15050a3021f1SAndrea Mayer goto parse_attrs_err; 1506d1df6fd8SDavid Lebrun } 1507d1df6fd8SDavid Lebrun } 1508d1df6fd8SDavid Lebrun 15090a3021f1SAndrea Mayer /* parse the optional attributes, if any */ 15100a3021f1SAndrea Mayer err = parse_nla_optional_attrs(attrs, slwt); 15110a3021f1SAndrea Mayer if (err < 0) 15120a3021f1SAndrea Mayer goto parse_attrs_err; 15130a3021f1SAndrea Mayer 1514d1df6fd8SDavid Lebrun return 0; 1515964adce5SAndrea Mayer 15160a3021f1SAndrea Mayer parse_attrs_err: 1517964adce5SAndrea Mayer /* release any resource that may have been acquired during the i-1 1518964adce5SAndrea Mayer * parse() operations. 1519964adce5SAndrea Mayer */ 15200a3021f1SAndrea Mayer __destroy_attrs(desc->attrs, i, slwt); 1521964adce5SAndrea Mayer 1522964adce5SAndrea Mayer return err; 1523d1df6fd8SDavid Lebrun } 1524d1df6fd8SDavid Lebrun 1525faee6769SAlexander Aring static int seg6_local_build_state(struct net *net, struct nlattr *nla, 1526faee6769SAlexander Aring unsigned int family, const void *cfg, 1527faee6769SAlexander Aring struct lwtunnel_state **ts, 1528d1df6fd8SDavid Lebrun struct netlink_ext_ack *extack) 1529d1df6fd8SDavid Lebrun { 1530d1df6fd8SDavid Lebrun struct nlattr *tb[SEG6_LOCAL_MAX + 1]; 1531d1df6fd8SDavid Lebrun struct lwtunnel_state *newts; 1532d1df6fd8SDavid Lebrun struct seg6_local_lwt *slwt; 1533d1df6fd8SDavid Lebrun int err; 1534d1df6fd8SDavid Lebrun 15356285217fSDavid Lebrun if (family != AF_INET6) 15366285217fSDavid Lebrun return -EINVAL; 15376285217fSDavid Lebrun 15388cb08174SJohannes Berg err = nla_parse_nested_deprecated(tb, SEG6_LOCAL_MAX, nla, 15398cb08174SJohannes Berg seg6_local_policy, extack); 1540d1df6fd8SDavid Lebrun 1541d1df6fd8SDavid Lebrun if (err < 0) 1542d1df6fd8SDavid Lebrun return err; 1543d1df6fd8SDavid Lebrun 1544d1df6fd8SDavid Lebrun if (!tb[SEG6_LOCAL_ACTION]) 1545d1df6fd8SDavid Lebrun return -EINVAL; 1546d1df6fd8SDavid Lebrun 1547d1df6fd8SDavid Lebrun newts = lwtunnel_state_alloc(sizeof(*slwt)); 1548d1df6fd8SDavid Lebrun if (!newts) 1549d1df6fd8SDavid Lebrun return -ENOMEM; 1550d1df6fd8SDavid Lebrun 1551d1df6fd8SDavid Lebrun slwt = seg6_local_lwtunnel(newts); 1552d1df6fd8SDavid Lebrun slwt->action = nla_get_u32(tb[SEG6_LOCAL_ACTION]); 1553d1df6fd8SDavid Lebrun 1554d1df6fd8SDavid Lebrun err = parse_nla_action(tb, slwt); 1555d1df6fd8SDavid Lebrun if (err < 0) 1556d1df6fd8SDavid Lebrun goto out_free; 1557d1df6fd8SDavid Lebrun 1558cfdf64a0SAndrea Mayer err = seg6_local_lwtunnel_build_state(slwt, cfg, extack); 1559cfdf64a0SAndrea Mayer if (err < 0) 1560cfdf64a0SAndrea Mayer goto out_destroy_attrs; 1561cfdf64a0SAndrea Mayer 1562d1df6fd8SDavid Lebrun newts->type = LWTUNNEL_ENCAP_SEG6_LOCAL; 1563d1df6fd8SDavid Lebrun newts->flags = LWTUNNEL_STATE_INPUT_REDIRECT; 1564d1df6fd8SDavid Lebrun newts->headroom = slwt->headroom; 1565d1df6fd8SDavid Lebrun 1566d1df6fd8SDavid Lebrun *ts = newts; 1567d1df6fd8SDavid Lebrun 1568d1df6fd8SDavid Lebrun return 0; 1569d1df6fd8SDavid Lebrun 1570cfdf64a0SAndrea Mayer out_destroy_attrs: 1571cfdf64a0SAndrea Mayer destroy_attrs(slwt); 1572d1df6fd8SDavid Lebrun out_free: 1573d1df6fd8SDavid Lebrun kfree(newts); 1574d1df6fd8SDavid Lebrun return err; 1575d1df6fd8SDavid Lebrun } 1576d1df6fd8SDavid Lebrun 1577d1df6fd8SDavid Lebrun static void seg6_local_destroy_state(struct lwtunnel_state *lwt) 1578d1df6fd8SDavid Lebrun { 1579d1df6fd8SDavid Lebrun struct seg6_local_lwt *slwt = seg6_local_lwtunnel(lwt); 1580d1df6fd8SDavid Lebrun 1581cfdf64a0SAndrea Mayer seg6_local_lwtunnel_destroy_state(slwt); 1582cfdf64a0SAndrea Mayer 1583964adce5SAndrea Mayer destroy_attrs(slwt); 1584004d4b27SMathieu Xhonneux 1585004d4b27SMathieu Xhonneux return; 1586d1df6fd8SDavid Lebrun } 1587d1df6fd8SDavid Lebrun 1588d1df6fd8SDavid Lebrun static int seg6_local_fill_encap(struct sk_buff *skb, 1589d1df6fd8SDavid Lebrun struct lwtunnel_state *lwt) 1590d1df6fd8SDavid Lebrun { 1591d1df6fd8SDavid Lebrun struct seg6_local_lwt *slwt = seg6_local_lwtunnel(lwt); 1592d1df6fd8SDavid Lebrun struct seg6_action_param *param; 15930a3021f1SAndrea Mayer unsigned long attrs; 1594d1df6fd8SDavid Lebrun int i, err; 1595d1df6fd8SDavid Lebrun 1596d1df6fd8SDavid Lebrun if (nla_put_u32(skb, SEG6_LOCAL_ACTION, slwt->action)) 1597d1df6fd8SDavid Lebrun return -EMSGSIZE; 1598d1df6fd8SDavid Lebrun 15990a3021f1SAndrea Mayer attrs = slwt->desc->attrs | slwt->parsed_optattrs; 16000a3021f1SAndrea Mayer 1601d1df6fd8SDavid Lebrun for (i = 0; i < SEG6_LOCAL_MAX + 1; i++) { 16020a3021f1SAndrea Mayer if (attrs & (1 << i)) { 1603d1df6fd8SDavid Lebrun param = &seg6_action_params[i]; 1604d1df6fd8SDavid Lebrun err = param->put(skb, slwt); 1605d1df6fd8SDavid Lebrun if (err < 0) 1606d1df6fd8SDavid Lebrun return err; 1607d1df6fd8SDavid Lebrun } 1608d1df6fd8SDavid Lebrun } 1609d1df6fd8SDavid Lebrun 1610d1df6fd8SDavid Lebrun return 0; 1611d1df6fd8SDavid Lebrun } 1612d1df6fd8SDavid Lebrun 1613d1df6fd8SDavid Lebrun static int seg6_local_get_encap_size(struct lwtunnel_state *lwt) 1614d1df6fd8SDavid Lebrun { 1615d1df6fd8SDavid Lebrun struct seg6_local_lwt *slwt = seg6_local_lwtunnel(lwt); 1616d1df6fd8SDavid Lebrun unsigned long attrs; 1617d1df6fd8SDavid Lebrun int nlsize; 1618d1df6fd8SDavid Lebrun 1619d1df6fd8SDavid Lebrun nlsize = nla_total_size(4); /* action */ 1620d1df6fd8SDavid Lebrun 16210a3021f1SAndrea Mayer attrs = slwt->desc->attrs | slwt->parsed_optattrs; 1622d1df6fd8SDavid Lebrun 1623d1df6fd8SDavid Lebrun if (attrs & (1 << SEG6_LOCAL_SRH)) 1624d1df6fd8SDavid Lebrun nlsize += nla_total_size((slwt->srh->hdrlen + 1) << 3); 1625d1df6fd8SDavid Lebrun 1626d1df6fd8SDavid Lebrun if (attrs & (1 << SEG6_LOCAL_TABLE)) 1627d1df6fd8SDavid Lebrun nlsize += nla_total_size(4); 1628d1df6fd8SDavid Lebrun 1629d1df6fd8SDavid Lebrun if (attrs & (1 << SEG6_LOCAL_NH4)) 1630d1df6fd8SDavid Lebrun nlsize += nla_total_size(4); 1631d1df6fd8SDavid Lebrun 1632d1df6fd8SDavid Lebrun if (attrs & (1 << SEG6_LOCAL_NH6)) 1633d1df6fd8SDavid Lebrun nlsize += nla_total_size(16); 1634d1df6fd8SDavid Lebrun 1635d1df6fd8SDavid Lebrun if (attrs & (1 << SEG6_LOCAL_IIF)) 1636d1df6fd8SDavid Lebrun nlsize += nla_total_size(4); 1637d1df6fd8SDavid Lebrun 1638d1df6fd8SDavid Lebrun if (attrs & (1 << SEG6_LOCAL_OIF)) 1639d1df6fd8SDavid Lebrun nlsize += nla_total_size(4); 1640d1df6fd8SDavid Lebrun 1641004d4b27SMathieu Xhonneux if (attrs & (1 << SEG6_LOCAL_BPF)) 1642004d4b27SMathieu Xhonneux nlsize += nla_total_size(sizeof(struct nlattr)) + 1643004d4b27SMathieu Xhonneux nla_total_size(MAX_PROG_NAME) + 1644004d4b27SMathieu Xhonneux nla_total_size(4); 1645004d4b27SMathieu Xhonneux 1646664d6f86SAndrea Mayer if (attrs & (1 << SEG6_LOCAL_VRFTABLE)) 1647664d6f86SAndrea Mayer nlsize += nla_total_size(4); 1648664d6f86SAndrea Mayer 1649d1df6fd8SDavid Lebrun return nlsize; 1650d1df6fd8SDavid Lebrun } 1651d1df6fd8SDavid Lebrun 1652d1df6fd8SDavid Lebrun static int seg6_local_cmp_encap(struct lwtunnel_state *a, 1653d1df6fd8SDavid Lebrun struct lwtunnel_state *b) 1654d1df6fd8SDavid Lebrun { 1655d1df6fd8SDavid Lebrun struct seg6_local_lwt *slwt_a, *slwt_b; 1656d1df6fd8SDavid Lebrun struct seg6_action_param *param; 16570a3021f1SAndrea Mayer unsigned long attrs_a, attrs_b; 1658d1df6fd8SDavid Lebrun int i; 1659d1df6fd8SDavid Lebrun 1660d1df6fd8SDavid Lebrun slwt_a = seg6_local_lwtunnel(a); 1661d1df6fd8SDavid Lebrun slwt_b = seg6_local_lwtunnel(b); 1662d1df6fd8SDavid Lebrun 1663d1df6fd8SDavid Lebrun if (slwt_a->action != slwt_b->action) 1664d1df6fd8SDavid Lebrun return 1; 1665d1df6fd8SDavid Lebrun 16660a3021f1SAndrea Mayer attrs_a = slwt_a->desc->attrs | slwt_a->parsed_optattrs; 16670a3021f1SAndrea Mayer attrs_b = slwt_b->desc->attrs | slwt_b->parsed_optattrs; 16680a3021f1SAndrea Mayer 16690a3021f1SAndrea Mayer if (attrs_a != attrs_b) 1670d1df6fd8SDavid Lebrun return 1; 1671d1df6fd8SDavid Lebrun 1672d1df6fd8SDavid Lebrun for (i = 0; i < SEG6_LOCAL_MAX + 1; i++) { 16730a3021f1SAndrea Mayer if (attrs_a & (1 << i)) { 1674d1df6fd8SDavid Lebrun param = &seg6_action_params[i]; 1675d1df6fd8SDavid Lebrun if (param->cmp(slwt_a, slwt_b)) 1676d1df6fd8SDavid Lebrun return 1; 1677d1df6fd8SDavid Lebrun } 1678d1df6fd8SDavid Lebrun } 1679d1df6fd8SDavid Lebrun 1680d1df6fd8SDavid Lebrun return 0; 1681d1df6fd8SDavid Lebrun } 1682d1df6fd8SDavid Lebrun 1683d1df6fd8SDavid Lebrun static const struct lwtunnel_encap_ops seg6_local_ops = { 1684d1df6fd8SDavid Lebrun .build_state = seg6_local_build_state, 1685d1df6fd8SDavid Lebrun .destroy_state = seg6_local_destroy_state, 1686d1df6fd8SDavid Lebrun .input = seg6_local_input, 1687d1df6fd8SDavid Lebrun .fill_encap = seg6_local_fill_encap, 1688d1df6fd8SDavid Lebrun .get_encap_size = seg6_local_get_encap_size, 1689d1df6fd8SDavid Lebrun .cmp_encap = seg6_local_cmp_encap, 1690d1df6fd8SDavid Lebrun .owner = THIS_MODULE, 1691d1df6fd8SDavid Lebrun }; 1692d1df6fd8SDavid Lebrun 1693d1df6fd8SDavid Lebrun int __init seg6_local_init(void) 1694d1df6fd8SDavid Lebrun { 1695d1df6fd8SDavid Lebrun return lwtunnel_encap_add_ops(&seg6_local_ops, 1696d1df6fd8SDavid Lebrun LWTUNNEL_ENCAP_SEG6_LOCAL); 1697d1df6fd8SDavid Lebrun } 1698d1df6fd8SDavid Lebrun 1699d1df6fd8SDavid Lebrun void seg6_local_exit(void) 1700d1df6fd8SDavid Lebrun { 1701d1df6fd8SDavid Lebrun lwtunnel_encap_del_ops(&seg6_local_ops, LWTUNNEL_ENCAP_SEG6_LOCAL); 1702d1df6fd8SDavid Lebrun } 1703