xref: /openbmc/linux/drivers/net/gtp.c (revision 11a163f2)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* GTP according to GSM TS 09.60 / 3GPP TS 29.060
3  *
4  * (C) 2012-2014 by sysmocom - s.f.m.c. GmbH
5  * (C) 2016 by Pablo Neira Ayuso <pablo@netfilter.org>
6  *
7  * Author: Harald Welte <hwelte@sysmocom.de>
8  *	   Pablo Neira Ayuso <pablo@netfilter.org>
9  *	   Andreas Schultz <aschultz@travelping.com>
10  */
11 
12 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13 
14 #include <linux/module.h>
15 #include <linux/skbuff.h>
16 #include <linux/udp.h>
17 #include <linux/rculist.h>
18 #include <linux/jhash.h>
19 #include <linux/if_tunnel.h>
20 #include <linux/net.h>
21 #include <linux/file.h>
22 #include <linux/gtp.h>
23 
24 #include <net/net_namespace.h>
25 #include <net/protocol.h>
26 #include <net/ip.h>
27 #include <net/udp.h>
28 #include <net/udp_tunnel.h>
29 #include <net/icmp.h>
30 #include <net/xfrm.h>
31 #include <net/genetlink.h>
32 #include <net/netns/generic.h>
33 #include <net/gtp.h>
34 
35 /* An active session for the subscriber. */
36 struct pdp_ctx {
37 	struct hlist_node	hlist_tid;
38 	struct hlist_node	hlist_addr;
39 
40 	union {
41 		struct {
42 			u64	tid;
43 			u16	flow;
44 		} v0;
45 		struct {
46 			u32	i_tei;
47 			u32	o_tei;
48 		} v1;
49 	} u;
50 	u8			gtp_version;
51 	u16			af;
52 
53 	struct in_addr		ms_addr_ip4;
54 	struct in_addr		peer_addr_ip4;
55 
56 	struct sock		*sk;
57 	struct net_device       *dev;
58 
59 	atomic_t		tx_seq;
60 	struct rcu_head		rcu_head;
61 };
62 
63 /* One instance of the GTP device. */
64 struct gtp_dev {
65 	struct list_head	list;
66 
67 	struct sock		*sk0;
68 	struct sock		*sk1u;
69 
70 	struct net_device	*dev;
71 
72 	unsigned int		role;
73 	unsigned int		hash_size;
74 	struct hlist_head	*tid_hash;
75 	struct hlist_head	*addr_hash;
76 };
77 
78 static unsigned int gtp_net_id __read_mostly;
79 
80 struct gtp_net {
81 	struct list_head gtp_dev_list;
82 };
83 
84 static u32 gtp_h_initval;
85 
86 static void pdp_context_delete(struct pdp_ctx *pctx);
87 
88 static inline u32 gtp0_hashfn(u64 tid)
89 {
90 	u32 *tid32 = (u32 *) &tid;
91 	return jhash_2words(tid32[0], tid32[1], gtp_h_initval);
92 }
93 
94 static inline u32 gtp1u_hashfn(u32 tid)
95 {
96 	return jhash_1word(tid, gtp_h_initval);
97 }
98 
99 static inline u32 ipv4_hashfn(__be32 ip)
100 {
101 	return jhash_1word((__force u32)ip, gtp_h_initval);
102 }
103 
104 /* Resolve a PDP context structure based on the 64bit TID. */
105 static struct pdp_ctx *gtp0_pdp_find(struct gtp_dev *gtp, u64 tid)
106 {
107 	struct hlist_head *head;
108 	struct pdp_ctx *pdp;
109 
110 	head = &gtp->tid_hash[gtp0_hashfn(tid) % gtp->hash_size];
111 
112 	hlist_for_each_entry_rcu(pdp, head, hlist_tid) {
113 		if (pdp->gtp_version == GTP_V0 &&
114 		    pdp->u.v0.tid == tid)
115 			return pdp;
116 	}
117 	return NULL;
118 }
119 
120 /* Resolve a PDP context structure based on the 32bit TEI. */
121 static struct pdp_ctx *gtp1_pdp_find(struct gtp_dev *gtp, u32 tid)
122 {
123 	struct hlist_head *head;
124 	struct pdp_ctx *pdp;
125 
126 	head = &gtp->tid_hash[gtp1u_hashfn(tid) % gtp->hash_size];
127 
128 	hlist_for_each_entry_rcu(pdp, head, hlist_tid) {
129 		if (pdp->gtp_version == GTP_V1 &&
130 		    pdp->u.v1.i_tei == tid)
131 			return pdp;
132 	}
133 	return NULL;
134 }
135 
136 /* Resolve a PDP context based on IPv4 address of MS. */
137 static struct pdp_ctx *ipv4_pdp_find(struct gtp_dev *gtp, __be32 ms_addr)
138 {
139 	struct hlist_head *head;
140 	struct pdp_ctx *pdp;
141 
142 	head = &gtp->addr_hash[ipv4_hashfn(ms_addr) % gtp->hash_size];
143 
144 	hlist_for_each_entry_rcu(pdp, head, hlist_addr) {
145 		if (pdp->af == AF_INET &&
146 		    pdp->ms_addr_ip4.s_addr == ms_addr)
147 			return pdp;
148 	}
149 
150 	return NULL;
151 }
152 
153 static bool gtp_check_ms_ipv4(struct sk_buff *skb, struct pdp_ctx *pctx,
154 				  unsigned int hdrlen, unsigned int role)
155 {
156 	struct iphdr *iph;
157 
158 	if (!pskb_may_pull(skb, hdrlen + sizeof(struct iphdr)))
159 		return false;
160 
161 	iph = (struct iphdr *)(skb->data + hdrlen);
162 
163 	if (role == GTP_ROLE_SGSN)
164 		return iph->daddr == pctx->ms_addr_ip4.s_addr;
165 	else
166 		return iph->saddr == pctx->ms_addr_ip4.s_addr;
167 }
168 
169 /* Check if the inner IP address in this packet is assigned to any
170  * existing mobile subscriber.
171  */
172 static bool gtp_check_ms(struct sk_buff *skb, struct pdp_ctx *pctx,
173 			     unsigned int hdrlen, unsigned int role)
174 {
175 	switch (ntohs(skb->protocol)) {
176 	case ETH_P_IP:
177 		return gtp_check_ms_ipv4(skb, pctx, hdrlen, role);
178 	}
179 	return false;
180 }
181 
182 static int gtp_rx(struct pdp_ctx *pctx, struct sk_buff *skb,
183 			unsigned int hdrlen, unsigned int role)
184 {
185 	if (!gtp_check_ms(skb, pctx, hdrlen, role)) {
186 		netdev_dbg(pctx->dev, "No PDP ctx for this MS\n");
187 		return 1;
188 	}
189 
190 	/* Get rid of the GTP + UDP headers. */
191 	if (iptunnel_pull_header(skb, hdrlen, skb->protocol,
192 				 !net_eq(sock_net(pctx->sk), dev_net(pctx->dev))))
193 		return -1;
194 
195 	netdev_dbg(pctx->dev, "forwarding packet from GGSN to uplink\n");
196 
197 	/* Now that the UDP and the GTP header have been removed, set up the
198 	 * new network header. This is required by the upper layer to
199 	 * calculate the transport header.
200 	 */
201 	skb_reset_network_header(skb);
202 
203 	skb->dev = pctx->dev;
204 
205 	dev_sw_netstats_rx_add(pctx->dev, skb->len);
206 
207 	netif_rx(skb);
208 	return 0;
209 }
210 
211 /* 1 means pass up to the stack, -1 means drop and 0 means decapsulated. */
212 static int gtp0_udp_encap_recv(struct gtp_dev *gtp, struct sk_buff *skb)
213 {
214 	unsigned int hdrlen = sizeof(struct udphdr) +
215 			      sizeof(struct gtp0_header);
216 	struct gtp0_header *gtp0;
217 	struct pdp_ctx *pctx;
218 
219 	if (!pskb_may_pull(skb, hdrlen))
220 		return -1;
221 
222 	gtp0 = (struct gtp0_header *)(skb->data + sizeof(struct udphdr));
223 
224 	if ((gtp0->flags >> 5) != GTP_V0)
225 		return 1;
226 
227 	if (gtp0->type != GTP_TPDU)
228 		return 1;
229 
230 	pctx = gtp0_pdp_find(gtp, be64_to_cpu(gtp0->tid));
231 	if (!pctx) {
232 		netdev_dbg(gtp->dev, "No PDP ctx to decap skb=%p\n", skb);
233 		return 1;
234 	}
235 
236 	return gtp_rx(pctx, skb, hdrlen, gtp->role);
237 }
238 
239 static int gtp1u_udp_encap_recv(struct gtp_dev *gtp, struct sk_buff *skb)
240 {
241 	unsigned int hdrlen = sizeof(struct udphdr) +
242 			      sizeof(struct gtp1_header);
243 	struct gtp1_header *gtp1;
244 	struct pdp_ctx *pctx;
245 
246 	if (!pskb_may_pull(skb, hdrlen))
247 		return -1;
248 
249 	gtp1 = (struct gtp1_header *)(skb->data + sizeof(struct udphdr));
250 
251 	if ((gtp1->flags >> 5) != GTP_V1)
252 		return 1;
253 
254 	if (gtp1->type != GTP_TPDU)
255 		return 1;
256 
257 	/* From 29.060: "This field shall be present if and only if any one or
258 	 * more of the S, PN and E flags are set.".
259 	 *
260 	 * If any of the bit is set, then the remaining ones also have to be
261 	 * set.
262 	 */
263 	if (gtp1->flags & GTP1_F_MASK)
264 		hdrlen += 4;
265 
266 	/* Make sure the header is larger enough, including extensions. */
267 	if (!pskb_may_pull(skb, hdrlen))
268 		return -1;
269 
270 	gtp1 = (struct gtp1_header *)(skb->data + sizeof(struct udphdr));
271 
272 	pctx = gtp1_pdp_find(gtp, ntohl(gtp1->tid));
273 	if (!pctx) {
274 		netdev_dbg(gtp->dev, "No PDP ctx to decap skb=%p\n", skb);
275 		return 1;
276 	}
277 
278 	return gtp_rx(pctx, skb, hdrlen, gtp->role);
279 }
280 
281 static void __gtp_encap_destroy(struct sock *sk)
282 {
283 	struct gtp_dev *gtp;
284 
285 	lock_sock(sk);
286 	gtp = sk->sk_user_data;
287 	if (gtp) {
288 		if (gtp->sk0 == sk)
289 			gtp->sk0 = NULL;
290 		else
291 			gtp->sk1u = NULL;
292 		udp_sk(sk)->encap_type = 0;
293 		rcu_assign_sk_user_data(sk, NULL);
294 		sock_put(sk);
295 	}
296 	release_sock(sk);
297 }
298 
299 static void gtp_encap_destroy(struct sock *sk)
300 {
301 	rtnl_lock();
302 	__gtp_encap_destroy(sk);
303 	rtnl_unlock();
304 }
305 
306 static void gtp_encap_disable_sock(struct sock *sk)
307 {
308 	if (!sk)
309 		return;
310 
311 	__gtp_encap_destroy(sk);
312 }
313 
314 static void gtp_encap_disable(struct gtp_dev *gtp)
315 {
316 	gtp_encap_disable_sock(gtp->sk0);
317 	gtp_encap_disable_sock(gtp->sk1u);
318 }
319 
320 /* UDP encapsulation receive handler. See net/ipv4/udp.c.
321  * Return codes: 0: success, <0: error, >0: pass up to userspace UDP socket.
322  */
323 static int gtp_encap_recv(struct sock *sk, struct sk_buff *skb)
324 {
325 	struct gtp_dev *gtp;
326 	int ret = 0;
327 
328 	gtp = rcu_dereference_sk_user_data(sk);
329 	if (!gtp)
330 		return 1;
331 
332 	netdev_dbg(gtp->dev, "encap_recv sk=%p\n", sk);
333 
334 	switch (udp_sk(sk)->encap_type) {
335 	case UDP_ENCAP_GTP0:
336 		netdev_dbg(gtp->dev, "received GTP0 packet\n");
337 		ret = gtp0_udp_encap_recv(gtp, skb);
338 		break;
339 	case UDP_ENCAP_GTP1U:
340 		netdev_dbg(gtp->dev, "received GTP1U packet\n");
341 		ret = gtp1u_udp_encap_recv(gtp, skb);
342 		break;
343 	default:
344 		ret = -1; /* Shouldn't happen. */
345 	}
346 
347 	switch (ret) {
348 	case 1:
349 		netdev_dbg(gtp->dev, "pass up to the process\n");
350 		break;
351 	case 0:
352 		break;
353 	case -1:
354 		netdev_dbg(gtp->dev, "GTP packet has been dropped\n");
355 		kfree_skb(skb);
356 		ret = 0;
357 		break;
358 	}
359 
360 	return ret;
361 }
362 
363 static int gtp_dev_init(struct net_device *dev)
364 {
365 	struct gtp_dev *gtp = netdev_priv(dev);
366 
367 	gtp->dev = dev;
368 
369 	dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
370 	if (!dev->tstats)
371 		return -ENOMEM;
372 
373 	return 0;
374 }
375 
376 static void gtp_dev_uninit(struct net_device *dev)
377 {
378 	struct gtp_dev *gtp = netdev_priv(dev);
379 
380 	gtp_encap_disable(gtp);
381 	free_percpu(dev->tstats);
382 }
383 
384 static struct rtable *ip4_route_output_gtp(struct flowi4 *fl4,
385 					   const struct sock *sk,
386 					   __be32 daddr)
387 {
388 	memset(fl4, 0, sizeof(*fl4));
389 	fl4->flowi4_oif		= sk->sk_bound_dev_if;
390 	fl4->daddr		= daddr;
391 	fl4->saddr		= inet_sk(sk)->inet_saddr;
392 	fl4->flowi4_tos		= RT_CONN_FLAGS(sk);
393 	fl4->flowi4_proto	= sk->sk_protocol;
394 
395 	return ip_route_output_key(sock_net(sk), fl4);
396 }
397 
398 static inline void gtp0_push_header(struct sk_buff *skb, struct pdp_ctx *pctx)
399 {
400 	int payload_len = skb->len;
401 	struct gtp0_header *gtp0;
402 
403 	gtp0 = skb_push(skb, sizeof(*gtp0));
404 
405 	gtp0->flags	= 0x1e; /* v0, GTP-non-prime. */
406 	gtp0->type	= GTP_TPDU;
407 	gtp0->length	= htons(payload_len);
408 	gtp0->seq	= htons((atomic_inc_return(&pctx->tx_seq) - 1) % 0xffff);
409 	gtp0->flow	= htons(pctx->u.v0.flow);
410 	gtp0->number	= 0xff;
411 	gtp0->spare[0]	= gtp0->spare[1] = gtp0->spare[2] = 0xff;
412 	gtp0->tid	= cpu_to_be64(pctx->u.v0.tid);
413 }
414 
415 static inline void gtp1_push_header(struct sk_buff *skb, struct pdp_ctx *pctx)
416 {
417 	int payload_len = skb->len;
418 	struct gtp1_header *gtp1;
419 
420 	gtp1 = skb_push(skb, sizeof(*gtp1));
421 
422 	/* Bits    8  7  6  5  4  3  2	1
423 	 *	  +--+--+--+--+--+--+--+--+
424 	 *	  |version |PT| 0| E| S|PN|
425 	 *	  +--+--+--+--+--+--+--+--+
426 	 *	    0  0  1  1	1  0  0  0
427 	 */
428 	gtp1->flags	= 0x30; /* v1, GTP-non-prime. */
429 	gtp1->type	= GTP_TPDU;
430 	gtp1->length	= htons(payload_len);
431 	gtp1->tid	= htonl(pctx->u.v1.o_tei);
432 
433 	/* TODO: Suppport for extension header, sequence number and N-PDU.
434 	 *	 Update the length field if any of them is available.
435 	 */
436 }
437 
438 struct gtp_pktinfo {
439 	struct sock		*sk;
440 	struct iphdr		*iph;
441 	struct flowi4		fl4;
442 	struct rtable		*rt;
443 	struct pdp_ctx		*pctx;
444 	struct net_device	*dev;
445 	__be16			gtph_port;
446 };
447 
448 static void gtp_push_header(struct sk_buff *skb, struct gtp_pktinfo *pktinfo)
449 {
450 	switch (pktinfo->pctx->gtp_version) {
451 	case GTP_V0:
452 		pktinfo->gtph_port = htons(GTP0_PORT);
453 		gtp0_push_header(skb, pktinfo->pctx);
454 		break;
455 	case GTP_V1:
456 		pktinfo->gtph_port = htons(GTP1U_PORT);
457 		gtp1_push_header(skb, pktinfo->pctx);
458 		break;
459 	}
460 }
461 
462 static inline void gtp_set_pktinfo_ipv4(struct gtp_pktinfo *pktinfo,
463 					struct sock *sk, struct iphdr *iph,
464 					struct pdp_ctx *pctx, struct rtable *rt,
465 					struct flowi4 *fl4,
466 					struct net_device *dev)
467 {
468 	pktinfo->sk	= sk;
469 	pktinfo->iph	= iph;
470 	pktinfo->pctx	= pctx;
471 	pktinfo->rt	= rt;
472 	pktinfo->fl4	= *fl4;
473 	pktinfo->dev	= dev;
474 }
475 
476 static int gtp_build_skb_ip4(struct sk_buff *skb, struct net_device *dev,
477 			     struct gtp_pktinfo *pktinfo)
478 {
479 	struct gtp_dev *gtp = netdev_priv(dev);
480 	struct pdp_ctx *pctx;
481 	struct rtable *rt;
482 	struct flowi4 fl4;
483 	struct iphdr *iph;
484 	__be16 df;
485 	int mtu;
486 
487 	/* Read the IP destination address and resolve the PDP context.
488 	 * Prepend PDP header with TEI/TID from PDP ctx.
489 	 */
490 	iph = ip_hdr(skb);
491 	if (gtp->role == GTP_ROLE_SGSN)
492 		pctx = ipv4_pdp_find(gtp, iph->saddr);
493 	else
494 		pctx = ipv4_pdp_find(gtp, iph->daddr);
495 
496 	if (!pctx) {
497 		netdev_dbg(dev, "no PDP ctx found for %pI4, skip\n",
498 			   &iph->daddr);
499 		return -ENOENT;
500 	}
501 	netdev_dbg(dev, "found PDP context %p\n", pctx);
502 
503 	rt = ip4_route_output_gtp(&fl4, pctx->sk, pctx->peer_addr_ip4.s_addr);
504 	if (IS_ERR(rt)) {
505 		netdev_dbg(dev, "no route to SSGN %pI4\n",
506 			   &pctx->peer_addr_ip4.s_addr);
507 		dev->stats.tx_carrier_errors++;
508 		goto err;
509 	}
510 
511 	if (rt->dst.dev == dev) {
512 		netdev_dbg(dev, "circular route to SSGN %pI4\n",
513 			   &pctx->peer_addr_ip4.s_addr);
514 		dev->stats.collisions++;
515 		goto err_rt;
516 	}
517 
518 	skb_dst_drop(skb);
519 
520 	/* This is similar to tnl_update_pmtu(). */
521 	df = iph->frag_off;
522 	if (df) {
523 		mtu = dst_mtu(&rt->dst) - dev->hard_header_len -
524 			sizeof(struct iphdr) - sizeof(struct udphdr);
525 		switch (pctx->gtp_version) {
526 		case GTP_V0:
527 			mtu -= sizeof(struct gtp0_header);
528 			break;
529 		case GTP_V1:
530 			mtu -= sizeof(struct gtp1_header);
531 			break;
532 		}
533 	} else {
534 		mtu = dst_mtu(&rt->dst);
535 	}
536 
537 	rt->dst.ops->update_pmtu(&rt->dst, NULL, skb, mtu, false);
538 
539 	if (!skb_is_gso(skb) && (iph->frag_off & htons(IP_DF)) &&
540 	    mtu < ntohs(iph->tot_len)) {
541 		netdev_dbg(dev, "packet too big, fragmentation needed\n");
542 		memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
543 		icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
544 			      htonl(mtu));
545 		goto err_rt;
546 	}
547 
548 	gtp_set_pktinfo_ipv4(pktinfo, pctx->sk, iph, pctx, rt, &fl4, dev);
549 	gtp_push_header(skb, pktinfo);
550 
551 	return 0;
552 err_rt:
553 	ip_rt_put(rt);
554 err:
555 	return -EBADMSG;
556 }
557 
558 static netdev_tx_t gtp_dev_xmit(struct sk_buff *skb, struct net_device *dev)
559 {
560 	unsigned int proto = ntohs(skb->protocol);
561 	struct gtp_pktinfo pktinfo;
562 	int err;
563 
564 	/* Ensure there is sufficient headroom. */
565 	if (skb_cow_head(skb, dev->needed_headroom))
566 		goto tx_err;
567 
568 	skb_reset_inner_headers(skb);
569 
570 	/* PDP context lookups in gtp_build_skb_*() need rcu read-side lock. */
571 	rcu_read_lock();
572 	switch (proto) {
573 	case ETH_P_IP:
574 		err = gtp_build_skb_ip4(skb, dev, &pktinfo);
575 		break;
576 	default:
577 		err = -EOPNOTSUPP;
578 		break;
579 	}
580 	rcu_read_unlock();
581 
582 	if (err < 0)
583 		goto tx_err;
584 
585 	switch (proto) {
586 	case ETH_P_IP:
587 		netdev_dbg(pktinfo.dev, "gtp -> IP src: %pI4 dst: %pI4\n",
588 			   &pktinfo.iph->saddr, &pktinfo.iph->daddr);
589 		udp_tunnel_xmit_skb(pktinfo.rt, pktinfo.sk, skb,
590 				    pktinfo.fl4.saddr, pktinfo.fl4.daddr,
591 				    pktinfo.iph->tos,
592 				    ip4_dst_hoplimit(&pktinfo.rt->dst),
593 				    0,
594 				    pktinfo.gtph_port, pktinfo.gtph_port,
595 				    true, false);
596 		break;
597 	}
598 
599 	return NETDEV_TX_OK;
600 tx_err:
601 	dev->stats.tx_errors++;
602 	dev_kfree_skb(skb);
603 	return NETDEV_TX_OK;
604 }
605 
606 static const struct net_device_ops gtp_netdev_ops = {
607 	.ndo_init		= gtp_dev_init,
608 	.ndo_uninit		= gtp_dev_uninit,
609 	.ndo_start_xmit		= gtp_dev_xmit,
610 	.ndo_get_stats64	= ip_tunnel_get_stats64,
611 };
612 
613 static void gtp_link_setup(struct net_device *dev)
614 {
615 	dev->netdev_ops		= &gtp_netdev_ops;
616 	dev->needs_free_netdev	= true;
617 
618 	dev->hard_header_len = 0;
619 	dev->addr_len = 0;
620 
621 	/* Zero header length. */
622 	dev->type = ARPHRD_NONE;
623 	dev->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
624 
625 	dev->priv_flags	|= IFF_NO_QUEUE;
626 	dev->features	|= NETIF_F_LLTX;
627 	netif_keep_dst(dev);
628 
629 	/* Assume largest header, ie. GTPv0. */
630 	dev->needed_headroom	= LL_MAX_HEADER +
631 				  sizeof(struct iphdr) +
632 				  sizeof(struct udphdr) +
633 				  sizeof(struct gtp0_header);
634 }
635 
636 static int gtp_hashtable_new(struct gtp_dev *gtp, int hsize);
637 static int gtp_encap_enable(struct gtp_dev *gtp, struct nlattr *data[]);
638 
639 static void gtp_destructor(struct net_device *dev)
640 {
641 	struct gtp_dev *gtp = netdev_priv(dev);
642 
643 	kfree(gtp->addr_hash);
644 	kfree(gtp->tid_hash);
645 }
646 
647 static int gtp_newlink(struct net *src_net, struct net_device *dev,
648 		       struct nlattr *tb[], struct nlattr *data[],
649 		       struct netlink_ext_ack *extack)
650 {
651 	struct gtp_dev *gtp;
652 	struct gtp_net *gn;
653 	int hashsize, err;
654 
655 	if (!data[IFLA_GTP_FD0] && !data[IFLA_GTP_FD1])
656 		return -EINVAL;
657 
658 	gtp = netdev_priv(dev);
659 
660 	err = gtp_encap_enable(gtp, data);
661 	if (err < 0)
662 		return err;
663 
664 	if (!data[IFLA_GTP_PDP_HASHSIZE]) {
665 		hashsize = 1024;
666 	} else {
667 		hashsize = nla_get_u32(data[IFLA_GTP_PDP_HASHSIZE]);
668 		if (!hashsize)
669 			hashsize = 1024;
670 	}
671 
672 	err = gtp_hashtable_new(gtp, hashsize);
673 	if (err < 0)
674 		goto out_encap;
675 
676 	err = register_netdevice(dev);
677 	if (err < 0) {
678 		netdev_dbg(dev, "failed to register new netdev %d\n", err);
679 		goto out_hashtable;
680 	}
681 
682 	gn = net_generic(dev_net(dev), gtp_net_id);
683 	list_add_rcu(&gtp->list, &gn->gtp_dev_list);
684 	dev->priv_destructor = gtp_destructor;
685 
686 	netdev_dbg(dev, "registered new GTP interface\n");
687 
688 	return 0;
689 
690 out_hashtable:
691 	kfree(gtp->addr_hash);
692 	kfree(gtp->tid_hash);
693 out_encap:
694 	gtp_encap_disable(gtp);
695 	return err;
696 }
697 
698 static void gtp_dellink(struct net_device *dev, struct list_head *head)
699 {
700 	struct gtp_dev *gtp = netdev_priv(dev);
701 	struct pdp_ctx *pctx;
702 	int i;
703 
704 	for (i = 0; i < gtp->hash_size; i++)
705 		hlist_for_each_entry_rcu(pctx, &gtp->tid_hash[i], hlist_tid)
706 			pdp_context_delete(pctx);
707 
708 	list_del_rcu(&gtp->list);
709 	unregister_netdevice_queue(dev, head);
710 }
711 
712 static const struct nla_policy gtp_policy[IFLA_GTP_MAX + 1] = {
713 	[IFLA_GTP_FD0]			= { .type = NLA_U32 },
714 	[IFLA_GTP_FD1]			= { .type = NLA_U32 },
715 	[IFLA_GTP_PDP_HASHSIZE]		= { .type = NLA_U32 },
716 	[IFLA_GTP_ROLE]			= { .type = NLA_U32 },
717 };
718 
719 static int gtp_validate(struct nlattr *tb[], struct nlattr *data[],
720 			struct netlink_ext_ack *extack)
721 {
722 	if (!data)
723 		return -EINVAL;
724 
725 	return 0;
726 }
727 
728 static size_t gtp_get_size(const struct net_device *dev)
729 {
730 	return nla_total_size(sizeof(__u32));	/* IFLA_GTP_PDP_HASHSIZE */
731 }
732 
733 static int gtp_fill_info(struct sk_buff *skb, const struct net_device *dev)
734 {
735 	struct gtp_dev *gtp = netdev_priv(dev);
736 
737 	if (nla_put_u32(skb, IFLA_GTP_PDP_HASHSIZE, gtp->hash_size))
738 		goto nla_put_failure;
739 
740 	return 0;
741 
742 nla_put_failure:
743 	return -EMSGSIZE;
744 }
745 
746 static struct rtnl_link_ops gtp_link_ops __read_mostly = {
747 	.kind		= "gtp",
748 	.maxtype	= IFLA_GTP_MAX,
749 	.policy		= gtp_policy,
750 	.priv_size	= sizeof(struct gtp_dev),
751 	.setup		= gtp_link_setup,
752 	.validate	= gtp_validate,
753 	.newlink	= gtp_newlink,
754 	.dellink	= gtp_dellink,
755 	.get_size	= gtp_get_size,
756 	.fill_info	= gtp_fill_info,
757 };
758 
759 static int gtp_hashtable_new(struct gtp_dev *gtp, int hsize)
760 {
761 	int i;
762 
763 	gtp->addr_hash = kmalloc_array(hsize, sizeof(struct hlist_head),
764 				       GFP_KERNEL | __GFP_NOWARN);
765 	if (gtp->addr_hash == NULL)
766 		return -ENOMEM;
767 
768 	gtp->tid_hash = kmalloc_array(hsize, sizeof(struct hlist_head),
769 				      GFP_KERNEL | __GFP_NOWARN);
770 	if (gtp->tid_hash == NULL)
771 		goto err1;
772 
773 	gtp->hash_size = hsize;
774 
775 	for (i = 0; i < hsize; i++) {
776 		INIT_HLIST_HEAD(&gtp->addr_hash[i]);
777 		INIT_HLIST_HEAD(&gtp->tid_hash[i]);
778 	}
779 	return 0;
780 err1:
781 	kfree(gtp->addr_hash);
782 	return -ENOMEM;
783 }
784 
785 static struct sock *gtp_encap_enable_socket(int fd, int type,
786 					    struct gtp_dev *gtp)
787 {
788 	struct udp_tunnel_sock_cfg tuncfg = {NULL};
789 	struct socket *sock;
790 	struct sock *sk;
791 	int err;
792 
793 	pr_debug("enable gtp on %d, %d\n", fd, type);
794 
795 	sock = sockfd_lookup(fd, &err);
796 	if (!sock) {
797 		pr_debug("gtp socket fd=%d not found\n", fd);
798 		return NULL;
799 	}
800 
801 	sk = sock->sk;
802 	if (sk->sk_protocol != IPPROTO_UDP ||
803 	    sk->sk_type != SOCK_DGRAM ||
804 	    (sk->sk_family != AF_INET && sk->sk_family != AF_INET6)) {
805 		pr_debug("socket fd=%d not UDP\n", fd);
806 		sk = ERR_PTR(-EINVAL);
807 		goto out_sock;
808 	}
809 
810 	lock_sock(sk);
811 	if (sk->sk_user_data) {
812 		sk = ERR_PTR(-EBUSY);
813 		goto out_rel_sock;
814 	}
815 
816 	sock_hold(sk);
817 
818 	tuncfg.sk_user_data = gtp;
819 	tuncfg.encap_type = type;
820 	tuncfg.encap_rcv = gtp_encap_recv;
821 	tuncfg.encap_destroy = gtp_encap_destroy;
822 
823 	setup_udp_tunnel_sock(sock_net(sock->sk), sock, &tuncfg);
824 
825 out_rel_sock:
826 	release_sock(sock->sk);
827 out_sock:
828 	sockfd_put(sock);
829 	return sk;
830 }
831 
832 static int gtp_encap_enable(struct gtp_dev *gtp, struct nlattr *data[])
833 {
834 	struct sock *sk1u = NULL;
835 	struct sock *sk0 = NULL;
836 	unsigned int role = GTP_ROLE_GGSN;
837 
838 	if (data[IFLA_GTP_FD0]) {
839 		u32 fd0 = nla_get_u32(data[IFLA_GTP_FD0]);
840 
841 		sk0 = gtp_encap_enable_socket(fd0, UDP_ENCAP_GTP0, gtp);
842 		if (IS_ERR(sk0))
843 			return PTR_ERR(sk0);
844 	}
845 
846 	if (data[IFLA_GTP_FD1]) {
847 		u32 fd1 = nla_get_u32(data[IFLA_GTP_FD1]);
848 
849 		sk1u = gtp_encap_enable_socket(fd1, UDP_ENCAP_GTP1U, gtp);
850 		if (IS_ERR(sk1u)) {
851 			gtp_encap_disable_sock(sk0);
852 			return PTR_ERR(sk1u);
853 		}
854 	}
855 
856 	if (data[IFLA_GTP_ROLE]) {
857 		role = nla_get_u32(data[IFLA_GTP_ROLE]);
858 		if (role > GTP_ROLE_SGSN) {
859 			gtp_encap_disable_sock(sk0);
860 			gtp_encap_disable_sock(sk1u);
861 			return -EINVAL;
862 		}
863 	}
864 
865 	gtp->sk0 = sk0;
866 	gtp->sk1u = sk1u;
867 	gtp->role = role;
868 
869 	return 0;
870 }
871 
872 static struct gtp_dev *gtp_find_dev(struct net *src_net, struct nlattr *nla[])
873 {
874 	struct gtp_dev *gtp = NULL;
875 	struct net_device *dev;
876 	struct net *net;
877 
878 	/* Examine the link attributes and figure out which network namespace
879 	 * we are talking about.
880 	 */
881 	if (nla[GTPA_NET_NS_FD])
882 		net = get_net_ns_by_fd(nla_get_u32(nla[GTPA_NET_NS_FD]));
883 	else
884 		net = get_net(src_net);
885 
886 	if (IS_ERR(net))
887 		return NULL;
888 
889 	/* Check if there's an existing gtpX device to configure */
890 	dev = dev_get_by_index_rcu(net, nla_get_u32(nla[GTPA_LINK]));
891 	if (dev && dev->netdev_ops == &gtp_netdev_ops)
892 		gtp = netdev_priv(dev);
893 
894 	put_net(net);
895 	return gtp;
896 }
897 
898 static void ipv4_pdp_fill(struct pdp_ctx *pctx, struct genl_info *info)
899 {
900 	pctx->gtp_version = nla_get_u32(info->attrs[GTPA_VERSION]);
901 	pctx->af = AF_INET;
902 	pctx->peer_addr_ip4.s_addr =
903 		nla_get_be32(info->attrs[GTPA_PEER_ADDRESS]);
904 	pctx->ms_addr_ip4.s_addr =
905 		nla_get_be32(info->attrs[GTPA_MS_ADDRESS]);
906 
907 	switch (pctx->gtp_version) {
908 	case GTP_V0:
909 		/* According to TS 09.60, sections 7.5.1 and 7.5.2, the flow
910 		 * label needs to be the same for uplink and downlink packets,
911 		 * so let's annotate this.
912 		 */
913 		pctx->u.v0.tid = nla_get_u64(info->attrs[GTPA_TID]);
914 		pctx->u.v0.flow = nla_get_u16(info->attrs[GTPA_FLOW]);
915 		break;
916 	case GTP_V1:
917 		pctx->u.v1.i_tei = nla_get_u32(info->attrs[GTPA_I_TEI]);
918 		pctx->u.v1.o_tei = nla_get_u32(info->attrs[GTPA_O_TEI]);
919 		break;
920 	default:
921 		break;
922 	}
923 }
924 
925 static struct pdp_ctx *gtp_pdp_add(struct gtp_dev *gtp, struct sock *sk,
926 				   struct genl_info *info)
927 {
928 	struct pdp_ctx *pctx, *pctx_tid = NULL;
929 	struct net_device *dev = gtp->dev;
930 	u32 hash_ms, hash_tid = 0;
931 	unsigned int version;
932 	bool found = false;
933 	__be32 ms_addr;
934 
935 	ms_addr = nla_get_be32(info->attrs[GTPA_MS_ADDRESS]);
936 	hash_ms = ipv4_hashfn(ms_addr) % gtp->hash_size;
937 	version = nla_get_u32(info->attrs[GTPA_VERSION]);
938 
939 	pctx = ipv4_pdp_find(gtp, ms_addr);
940 	if (pctx)
941 		found = true;
942 	if (version == GTP_V0)
943 		pctx_tid = gtp0_pdp_find(gtp,
944 					 nla_get_u64(info->attrs[GTPA_TID]));
945 	else if (version == GTP_V1)
946 		pctx_tid = gtp1_pdp_find(gtp,
947 					 nla_get_u32(info->attrs[GTPA_I_TEI]));
948 	if (pctx_tid)
949 		found = true;
950 
951 	if (found) {
952 		if (info->nlhdr->nlmsg_flags & NLM_F_EXCL)
953 			return ERR_PTR(-EEXIST);
954 		if (info->nlhdr->nlmsg_flags & NLM_F_REPLACE)
955 			return ERR_PTR(-EOPNOTSUPP);
956 
957 		if (pctx && pctx_tid)
958 			return ERR_PTR(-EEXIST);
959 		if (!pctx)
960 			pctx = pctx_tid;
961 
962 		ipv4_pdp_fill(pctx, info);
963 
964 		if (pctx->gtp_version == GTP_V0)
965 			netdev_dbg(dev, "GTPv0-U: update tunnel id = %llx (pdp %p)\n",
966 				   pctx->u.v0.tid, pctx);
967 		else if (pctx->gtp_version == GTP_V1)
968 			netdev_dbg(dev, "GTPv1-U: update tunnel id = %x/%x (pdp %p)\n",
969 				   pctx->u.v1.i_tei, pctx->u.v1.o_tei, pctx);
970 
971 		return pctx;
972 
973 	}
974 
975 	pctx = kmalloc(sizeof(*pctx), GFP_ATOMIC);
976 	if (pctx == NULL)
977 		return ERR_PTR(-ENOMEM);
978 
979 	sock_hold(sk);
980 	pctx->sk = sk;
981 	pctx->dev = gtp->dev;
982 	ipv4_pdp_fill(pctx, info);
983 	atomic_set(&pctx->tx_seq, 0);
984 
985 	switch (pctx->gtp_version) {
986 	case GTP_V0:
987 		/* TS 09.60: "The flow label identifies unambiguously a GTP
988 		 * flow.". We use the tid for this instead, I cannot find a
989 		 * situation in which this doesn't unambiguosly identify the
990 		 * PDP context.
991 		 */
992 		hash_tid = gtp0_hashfn(pctx->u.v0.tid) % gtp->hash_size;
993 		break;
994 	case GTP_V1:
995 		hash_tid = gtp1u_hashfn(pctx->u.v1.i_tei) % gtp->hash_size;
996 		break;
997 	}
998 
999 	hlist_add_head_rcu(&pctx->hlist_addr, &gtp->addr_hash[hash_ms]);
1000 	hlist_add_head_rcu(&pctx->hlist_tid, &gtp->tid_hash[hash_tid]);
1001 
1002 	switch (pctx->gtp_version) {
1003 	case GTP_V0:
1004 		netdev_dbg(dev, "GTPv0-U: new PDP ctx id=%llx ssgn=%pI4 ms=%pI4 (pdp=%p)\n",
1005 			   pctx->u.v0.tid, &pctx->peer_addr_ip4,
1006 			   &pctx->ms_addr_ip4, pctx);
1007 		break;
1008 	case GTP_V1:
1009 		netdev_dbg(dev, "GTPv1-U: new PDP ctx id=%x/%x ssgn=%pI4 ms=%pI4 (pdp=%p)\n",
1010 			   pctx->u.v1.i_tei, pctx->u.v1.o_tei,
1011 			   &pctx->peer_addr_ip4, &pctx->ms_addr_ip4, pctx);
1012 		break;
1013 	}
1014 
1015 	return pctx;
1016 }
1017 
1018 static void pdp_context_free(struct rcu_head *head)
1019 {
1020 	struct pdp_ctx *pctx = container_of(head, struct pdp_ctx, rcu_head);
1021 
1022 	sock_put(pctx->sk);
1023 	kfree(pctx);
1024 }
1025 
1026 static void pdp_context_delete(struct pdp_ctx *pctx)
1027 {
1028 	hlist_del_rcu(&pctx->hlist_tid);
1029 	hlist_del_rcu(&pctx->hlist_addr);
1030 	call_rcu(&pctx->rcu_head, pdp_context_free);
1031 }
1032 
1033 static int gtp_tunnel_notify(struct pdp_ctx *pctx, u8 cmd, gfp_t allocation);
1034 
1035 static int gtp_genl_new_pdp(struct sk_buff *skb, struct genl_info *info)
1036 {
1037 	unsigned int version;
1038 	struct pdp_ctx *pctx;
1039 	struct gtp_dev *gtp;
1040 	struct sock *sk;
1041 	int err;
1042 
1043 	if (!info->attrs[GTPA_VERSION] ||
1044 	    !info->attrs[GTPA_LINK] ||
1045 	    !info->attrs[GTPA_PEER_ADDRESS] ||
1046 	    !info->attrs[GTPA_MS_ADDRESS])
1047 		return -EINVAL;
1048 
1049 	version = nla_get_u32(info->attrs[GTPA_VERSION]);
1050 
1051 	switch (version) {
1052 	case GTP_V0:
1053 		if (!info->attrs[GTPA_TID] ||
1054 		    !info->attrs[GTPA_FLOW])
1055 			return -EINVAL;
1056 		break;
1057 	case GTP_V1:
1058 		if (!info->attrs[GTPA_I_TEI] ||
1059 		    !info->attrs[GTPA_O_TEI])
1060 			return -EINVAL;
1061 		break;
1062 
1063 	default:
1064 		return -EINVAL;
1065 	}
1066 
1067 	rtnl_lock();
1068 
1069 	gtp = gtp_find_dev(sock_net(skb->sk), info->attrs);
1070 	if (!gtp) {
1071 		err = -ENODEV;
1072 		goto out_unlock;
1073 	}
1074 
1075 	if (version == GTP_V0)
1076 		sk = gtp->sk0;
1077 	else if (version == GTP_V1)
1078 		sk = gtp->sk1u;
1079 	else
1080 		sk = NULL;
1081 
1082 	if (!sk) {
1083 		err = -ENODEV;
1084 		goto out_unlock;
1085 	}
1086 
1087 	pctx = gtp_pdp_add(gtp, sk, info);
1088 	if (IS_ERR(pctx)) {
1089 		err = PTR_ERR(pctx);
1090 	} else {
1091 		gtp_tunnel_notify(pctx, GTP_CMD_NEWPDP, GFP_KERNEL);
1092 		err = 0;
1093 	}
1094 
1095 out_unlock:
1096 	rtnl_unlock();
1097 	return err;
1098 }
1099 
1100 static struct pdp_ctx *gtp_find_pdp_by_link(struct net *net,
1101 					    struct nlattr *nla[])
1102 {
1103 	struct gtp_dev *gtp;
1104 
1105 	gtp = gtp_find_dev(net, nla);
1106 	if (!gtp)
1107 		return ERR_PTR(-ENODEV);
1108 
1109 	if (nla[GTPA_MS_ADDRESS]) {
1110 		__be32 ip = nla_get_be32(nla[GTPA_MS_ADDRESS]);
1111 
1112 		return ipv4_pdp_find(gtp, ip);
1113 	} else if (nla[GTPA_VERSION]) {
1114 		u32 gtp_version = nla_get_u32(nla[GTPA_VERSION]);
1115 
1116 		if (gtp_version == GTP_V0 && nla[GTPA_TID])
1117 			return gtp0_pdp_find(gtp, nla_get_u64(nla[GTPA_TID]));
1118 		else if (gtp_version == GTP_V1 && nla[GTPA_I_TEI])
1119 			return gtp1_pdp_find(gtp, nla_get_u32(nla[GTPA_I_TEI]));
1120 	}
1121 
1122 	return ERR_PTR(-EINVAL);
1123 }
1124 
1125 static struct pdp_ctx *gtp_find_pdp(struct net *net, struct nlattr *nla[])
1126 {
1127 	struct pdp_ctx *pctx;
1128 
1129 	if (nla[GTPA_LINK])
1130 		pctx = gtp_find_pdp_by_link(net, nla);
1131 	else
1132 		pctx = ERR_PTR(-EINVAL);
1133 
1134 	if (!pctx)
1135 		pctx = ERR_PTR(-ENOENT);
1136 
1137 	return pctx;
1138 }
1139 
1140 static int gtp_genl_del_pdp(struct sk_buff *skb, struct genl_info *info)
1141 {
1142 	struct pdp_ctx *pctx;
1143 	int err = 0;
1144 
1145 	if (!info->attrs[GTPA_VERSION])
1146 		return -EINVAL;
1147 
1148 	rcu_read_lock();
1149 
1150 	pctx = gtp_find_pdp(sock_net(skb->sk), info->attrs);
1151 	if (IS_ERR(pctx)) {
1152 		err = PTR_ERR(pctx);
1153 		goto out_unlock;
1154 	}
1155 
1156 	if (pctx->gtp_version == GTP_V0)
1157 		netdev_dbg(pctx->dev, "GTPv0-U: deleting tunnel id = %llx (pdp %p)\n",
1158 			   pctx->u.v0.tid, pctx);
1159 	else if (pctx->gtp_version == GTP_V1)
1160 		netdev_dbg(pctx->dev, "GTPv1-U: deleting tunnel id = %x/%x (pdp %p)\n",
1161 			   pctx->u.v1.i_tei, pctx->u.v1.o_tei, pctx);
1162 
1163 	gtp_tunnel_notify(pctx, GTP_CMD_DELPDP, GFP_ATOMIC);
1164 	pdp_context_delete(pctx);
1165 
1166 out_unlock:
1167 	rcu_read_unlock();
1168 	return err;
1169 }
1170 
1171 static struct genl_family gtp_genl_family;
1172 
1173 enum gtp_multicast_groups {
1174 	GTP_GENL_MCGRP,
1175 };
1176 
1177 static const struct genl_multicast_group gtp_genl_mcgrps[] = {
1178 	[GTP_GENL_MCGRP] = { .name = GTP_GENL_MCGRP_NAME },
1179 };
1180 
1181 static int gtp_genl_fill_info(struct sk_buff *skb, u32 snd_portid, u32 snd_seq,
1182 			      int flags, u32 type, struct pdp_ctx *pctx)
1183 {
1184 	void *genlh;
1185 
1186 	genlh = genlmsg_put(skb, snd_portid, snd_seq, &gtp_genl_family, flags,
1187 			    type);
1188 	if (genlh == NULL)
1189 		goto nlmsg_failure;
1190 
1191 	if (nla_put_u32(skb, GTPA_VERSION, pctx->gtp_version) ||
1192 	    nla_put_u32(skb, GTPA_LINK, pctx->dev->ifindex) ||
1193 	    nla_put_be32(skb, GTPA_PEER_ADDRESS, pctx->peer_addr_ip4.s_addr) ||
1194 	    nla_put_be32(skb, GTPA_MS_ADDRESS, pctx->ms_addr_ip4.s_addr))
1195 		goto nla_put_failure;
1196 
1197 	switch (pctx->gtp_version) {
1198 	case GTP_V0:
1199 		if (nla_put_u64_64bit(skb, GTPA_TID, pctx->u.v0.tid, GTPA_PAD) ||
1200 		    nla_put_u16(skb, GTPA_FLOW, pctx->u.v0.flow))
1201 			goto nla_put_failure;
1202 		break;
1203 	case GTP_V1:
1204 		if (nla_put_u32(skb, GTPA_I_TEI, pctx->u.v1.i_tei) ||
1205 		    nla_put_u32(skb, GTPA_O_TEI, pctx->u.v1.o_tei))
1206 			goto nla_put_failure;
1207 		break;
1208 	}
1209 	genlmsg_end(skb, genlh);
1210 	return 0;
1211 
1212 nlmsg_failure:
1213 nla_put_failure:
1214 	genlmsg_cancel(skb, genlh);
1215 	return -EMSGSIZE;
1216 }
1217 
1218 static int gtp_tunnel_notify(struct pdp_ctx *pctx, u8 cmd, gfp_t allocation)
1219 {
1220 	struct sk_buff *msg;
1221 	int ret;
1222 
1223 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, allocation);
1224 	if (!msg)
1225 		return -ENOMEM;
1226 
1227 	ret = gtp_genl_fill_info(msg, 0, 0, 0, cmd, pctx);
1228 	if (ret < 0) {
1229 		nlmsg_free(msg);
1230 		return ret;
1231 	}
1232 
1233 	ret = genlmsg_multicast_netns(&gtp_genl_family, dev_net(pctx->dev), msg,
1234 				      0, GTP_GENL_MCGRP, GFP_ATOMIC);
1235 	return ret;
1236 }
1237 
1238 static int gtp_genl_get_pdp(struct sk_buff *skb, struct genl_info *info)
1239 {
1240 	struct pdp_ctx *pctx = NULL;
1241 	struct sk_buff *skb2;
1242 	int err;
1243 
1244 	if (!info->attrs[GTPA_VERSION])
1245 		return -EINVAL;
1246 
1247 	rcu_read_lock();
1248 
1249 	pctx = gtp_find_pdp(sock_net(skb->sk), info->attrs);
1250 	if (IS_ERR(pctx)) {
1251 		err = PTR_ERR(pctx);
1252 		goto err_unlock;
1253 	}
1254 
1255 	skb2 = genlmsg_new(NLMSG_GOODSIZE, GFP_ATOMIC);
1256 	if (skb2 == NULL) {
1257 		err = -ENOMEM;
1258 		goto err_unlock;
1259 	}
1260 
1261 	err = gtp_genl_fill_info(skb2, NETLINK_CB(skb).portid, info->snd_seq,
1262 				 0, info->nlhdr->nlmsg_type, pctx);
1263 	if (err < 0)
1264 		goto err_unlock_free;
1265 
1266 	rcu_read_unlock();
1267 	return genlmsg_unicast(genl_info_net(info), skb2, info->snd_portid);
1268 
1269 err_unlock_free:
1270 	kfree_skb(skb2);
1271 err_unlock:
1272 	rcu_read_unlock();
1273 	return err;
1274 }
1275 
1276 static int gtp_genl_dump_pdp(struct sk_buff *skb,
1277 				struct netlink_callback *cb)
1278 {
1279 	struct gtp_dev *last_gtp = (struct gtp_dev *)cb->args[2], *gtp;
1280 	int i, j, bucket = cb->args[0], skip = cb->args[1];
1281 	struct net *net = sock_net(skb->sk);
1282 	struct pdp_ctx *pctx;
1283 	struct gtp_net *gn;
1284 
1285 	gn = net_generic(net, gtp_net_id);
1286 
1287 	if (cb->args[4])
1288 		return 0;
1289 
1290 	rcu_read_lock();
1291 	list_for_each_entry_rcu(gtp, &gn->gtp_dev_list, list) {
1292 		if (last_gtp && last_gtp != gtp)
1293 			continue;
1294 		else
1295 			last_gtp = NULL;
1296 
1297 		for (i = bucket; i < gtp->hash_size; i++) {
1298 			j = 0;
1299 			hlist_for_each_entry_rcu(pctx, &gtp->tid_hash[i],
1300 						 hlist_tid) {
1301 				if (j >= skip &&
1302 				    gtp_genl_fill_info(skb,
1303 					    NETLINK_CB(cb->skb).portid,
1304 					    cb->nlh->nlmsg_seq,
1305 					    NLM_F_MULTI,
1306 					    cb->nlh->nlmsg_type, pctx)) {
1307 					cb->args[0] = i;
1308 					cb->args[1] = j;
1309 					cb->args[2] = (unsigned long)gtp;
1310 					goto out;
1311 				}
1312 				j++;
1313 			}
1314 			skip = 0;
1315 		}
1316 		bucket = 0;
1317 	}
1318 	cb->args[4] = 1;
1319 out:
1320 	rcu_read_unlock();
1321 	return skb->len;
1322 }
1323 
1324 static const struct nla_policy gtp_genl_policy[GTPA_MAX + 1] = {
1325 	[GTPA_LINK]		= { .type = NLA_U32, },
1326 	[GTPA_VERSION]		= { .type = NLA_U32, },
1327 	[GTPA_TID]		= { .type = NLA_U64, },
1328 	[GTPA_PEER_ADDRESS]	= { .type = NLA_U32, },
1329 	[GTPA_MS_ADDRESS]	= { .type = NLA_U32, },
1330 	[GTPA_FLOW]		= { .type = NLA_U16, },
1331 	[GTPA_NET_NS_FD]	= { .type = NLA_U32, },
1332 	[GTPA_I_TEI]		= { .type = NLA_U32, },
1333 	[GTPA_O_TEI]		= { .type = NLA_U32, },
1334 };
1335 
1336 static const struct genl_small_ops gtp_genl_ops[] = {
1337 	{
1338 		.cmd = GTP_CMD_NEWPDP,
1339 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
1340 		.doit = gtp_genl_new_pdp,
1341 		.flags = GENL_ADMIN_PERM,
1342 	},
1343 	{
1344 		.cmd = GTP_CMD_DELPDP,
1345 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
1346 		.doit = gtp_genl_del_pdp,
1347 		.flags = GENL_ADMIN_PERM,
1348 	},
1349 	{
1350 		.cmd = GTP_CMD_GETPDP,
1351 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
1352 		.doit = gtp_genl_get_pdp,
1353 		.dumpit = gtp_genl_dump_pdp,
1354 		.flags = GENL_ADMIN_PERM,
1355 	},
1356 };
1357 
1358 static struct genl_family gtp_genl_family __ro_after_init = {
1359 	.name		= "gtp",
1360 	.version	= 0,
1361 	.hdrsize	= 0,
1362 	.maxattr	= GTPA_MAX,
1363 	.policy = gtp_genl_policy,
1364 	.netnsok	= true,
1365 	.module		= THIS_MODULE,
1366 	.small_ops	= gtp_genl_ops,
1367 	.n_small_ops	= ARRAY_SIZE(gtp_genl_ops),
1368 	.mcgrps		= gtp_genl_mcgrps,
1369 	.n_mcgrps	= ARRAY_SIZE(gtp_genl_mcgrps),
1370 };
1371 
1372 static int __net_init gtp_net_init(struct net *net)
1373 {
1374 	struct gtp_net *gn = net_generic(net, gtp_net_id);
1375 
1376 	INIT_LIST_HEAD(&gn->gtp_dev_list);
1377 	return 0;
1378 }
1379 
1380 static void __net_exit gtp_net_exit(struct net *net)
1381 {
1382 	struct gtp_net *gn = net_generic(net, gtp_net_id);
1383 	struct gtp_dev *gtp;
1384 	LIST_HEAD(list);
1385 
1386 	rtnl_lock();
1387 	list_for_each_entry(gtp, &gn->gtp_dev_list, list)
1388 		gtp_dellink(gtp->dev, &list);
1389 
1390 	unregister_netdevice_many(&list);
1391 	rtnl_unlock();
1392 }
1393 
1394 static struct pernet_operations gtp_net_ops = {
1395 	.init	= gtp_net_init,
1396 	.exit	= gtp_net_exit,
1397 	.id	= &gtp_net_id,
1398 	.size	= sizeof(struct gtp_net),
1399 };
1400 
1401 static int __init gtp_init(void)
1402 {
1403 	int err;
1404 
1405 	get_random_bytes(&gtp_h_initval, sizeof(gtp_h_initval));
1406 
1407 	err = rtnl_link_register(&gtp_link_ops);
1408 	if (err < 0)
1409 		goto error_out;
1410 
1411 	err = genl_register_family(&gtp_genl_family);
1412 	if (err < 0)
1413 		goto unreg_rtnl_link;
1414 
1415 	err = register_pernet_subsys(&gtp_net_ops);
1416 	if (err < 0)
1417 		goto unreg_genl_family;
1418 
1419 	pr_info("GTP module loaded (pdp ctx size %zd bytes)\n",
1420 		sizeof(struct pdp_ctx));
1421 	return 0;
1422 
1423 unreg_genl_family:
1424 	genl_unregister_family(&gtp_genl_family);
1425 unreg_rtnl_link:
1426 	rtnl_link_unregister(&gtp_link_ops);
1427 error_out:
1428 	pr_err("error loading GTP module loaded\n");
1429 	return err;
1430 }
1431 late_initcall(gtp_init);
1432 
1433 static void __exit gtp_fini(void)
1434 {
1435 	genl_unregister_family(&gtp_genl_family);
1436 	rtnl_link_unregister(&gtp_link_ops);
1437 	unregister_pernet_subsys(&gtp_net_ops);
1438 
1439 	pr_info("GTP module unloaded\n");
1440 }
1441 module_exit(gtp_fini);
1442 
1443 MODULE_LICENSE("GPL");
1444 MODULE_AUTHOR("Harald Welte <hwelte@sysmocom.de>");
1445 MODULE_DESCRIPTION("Interface driver for GTP encapsulated traffic");
1446 MODULE_ALIAS_RTNL_LINK("gtp");
1447 MODULE_ALIAS_GENL_FAMILY("gtp");
1448