1 /* Copyright (c) 2014 Mahesh Bandewar <maheshb@google.com> 2 * 3 * This program is free software; you can redistribute it and/or 4 * modify it under the terms of the GNU General Public License as 5 * published by the Free Software Foundation; either version 2 of 6 * the License, or (at your option) any later version. 7 * 8 */ 9 10 #include "ipvlan.h" 11 12 static u32 ipvlan_jhash_secret __read_mostly; 13 14 void ipvlan_init_secret(void) 15 { 16 net_get_random_once(&ipvlan_jhash_secret, sizeof(ipvlan_jhash_secret)); 17 } 18 19 static void ipvlan_count_rx(const struct ipvl_dev *ipvlan, 20 unsigned int len, bool success, bool mcast) 21 { 22 if (likely(success)) { 23 struct ipvl_pcpu_stats *pcptr; 24 25 pcptr = this_cpu_ptr(ipvlan->pcpu_stats); 26 u64_stats_update_begin(&pcptr->syncp); 27 pcptr->rx_pkts++; 28 pcptr->rx_bytes += len; 29 if (mcast) 30 pcptr->rx_mcast++; 31 u64_stats_update_end(&pcptr->syncp); 32 } else { 33 this_cpu_inc(ipvlan->pcpu_stats->rx_errs); 34 } 35 } 36 37 static u8 ipvlan_get_v6_hash(const void *iaddr) 38 { 39 const struct in6_addr *ip6_addr = iaddr; 40 41 return __ipv6_addr_jhash(ip6_addr, ipvlan_jhash_secret) & 42 IPVLAN_HASH_MASK; 43 } 44 45 static u8 ipvlan_get_v4_hash(const void *iaddr) 46 { 47 const struct in_addr *ip4_addr = iaddr; 48 49 return jhash_1word(ip4_addr->s_addr, ipvlan_jhash_secret) & 50 IPVLAN_HASH_MASK; 51 } 52 53 static struct ipvl_addr *ipvlan_ht_addr_lookup(const struct ipvl_port *port, 54 const void *iaddr, bool is_v6) 55 { 56 struct ipvl_addr *addr; 57 u8 hash; 58 59 hash = is_v6 ? ipvlan_get_v6_hash(iaddr) : 60 ipvlan_get_v4_hash(iaddr); 61 hlist_for_each_entry_rcu(addr, &port->hlhead[hash], hlnode) { 62 if (is_v6 && addr->atype == IPVL_IPV6 && 63 ipv6_addr_equal(&addr->ip6addr, iaddr)) 64 return addr; 65 else if (!is_v6 && addr->atype == IPVL_IPV4 && 66 addr->ip4addr.s_addr == 67 ((struct in_addr *)iaddr)->s_addr) 68 return addr; 69 } 70 return NULL; 71 } 72 73 void ipvlan_ht_addr_add(struct ipvl_dev *ipvlan, struct ipvl_addr *addr) 74 { 75 struct ipvl_port *port = ipvlan->port; 76 u8 hash; 77 78 hash = (addr->atype == IPVL_IPV6) ? 79 ipvlan_get_v6_hash(&addr->ip6addr) : 80 ipvlan_get_v4_hash(&addr->ip4addr); 81 if (hlist_unhashed(&addr->hlnode)) 82 hlist_add_head_rcu(&addr->hlnode, &port->hlhead[hash]); 83 } 84 85 void ipvlan_ht_addr_del(struct ipvl_addr *addr) 86 { 87 hlist_del_init_rcu(&addr->hlnode); 88 } 89 90 struct ipvl_addr *ipvlan_find_addr(const struct ipvl_dev *ipvlan, 91 const void *iaddr, bool is_v6) 92 { 93 struct ipvl_addr *addr; 94 95 list_for_each_entry(addr, &ipvlan->addrs, anode) { 96 if ((is_v6 && addr->atype == IPVL_IPV6 && 97 ipv6_addr_equal(&addr->ip6addr, iaddr)) || 98 (!is_v6 && addr->atype == IPVL_IPV4 && 99 addr->ip4addr.s_addr == ((struct in_addr *)iaddr)->s_addr)) 100 return addr; 101 } 102 return NULL; 103 } 104 105 bool ipvlan_addr_busy(struct ipvl_port *port, void *iaddr, bool is_v6) 106 { 107 struct ipvl_dev *ipvlan; 108 109 ASSERT_RTNL(); 110 111 list_for_each_entry(ipvlan, &port->ipvlans, pnode) { 112 if (ipvlan_find_addr(ipvlan, iaddr, is_v6)) 113 return true; 114 } 115 return false; 116 } 117 118 static void *ipvlan_get_L3_hdr(struct sk_buff *skb, int *type) 119 { 120 void *lyr3h = NULL; 121 122 switch (skb->protocol) { 123 case htons(ETH_P_ARP): { 124 struct arphdr *arph; 125 126 if (unlikely(!pskb_may_pull(skb, sizeof(*arph)))) 127 return NULL; 128 129 arph = arp_hdr(skb); 130 *type = IPVL_ARP; 131 lyr3h = arph; 132 break; 133 } 134 case htons(ETH_P_IP): { 135 u32 pktlen; 136 struct iphdr *ip4h; 137 138 if (unlikely(!pskb_may_pull(skb, sizeof(*ip4h)))) 139 return NULL; 140 141 ip4h = ip_hdr(skb); 142 pktlen = ntohs(ip4h->tot_len); 143 if (ip4h->ihl < 5 || ip4h->version != 4) 144 return NULL; 145 if (skb->len < pktlen || pktlen < (ip4h->ihl * 4)) 146 return NULL; 147 148 *type = IPVL_IPV4; 149 lyr3h = ip4h; 150 break; 151 } 152 case htons(ETH_P_IPV6): { 153 struct ipv6hdr *ip6h; 154 155 if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h)))) 156 return NULL; 157 158 ip6h = ipv6_hdr(skb); 159 if (ip6h->version != 6) 160 return NULL; 161 162 *type = IPVL_IPV6; 163 lyr3h = ip6h; 164 /* Only Neighbour Solicitation pkts need different treatment */ 165 if (ipv6_addr_any(&ip6h->saddr) && 166 ip6h->nexthdr == NEXTHDR_ICMP) { 167 *type = IPVL_ICMPV6; 168 lyr3h = ip6h + 1; 169 } 170 break; 171 } 172 default: 173 return NULL; 174 } 175 176 return lyr3h; 177 } 178 179 unsigned int ipvlan_mac_hash(const unsigned char *addr) 180 { 181 u32 hash = jhash_1word(__get_unaligned_cpu32(addr+2), 182 ipvlan_jhash_secret); 183 184 return hash & IPVLAN_MAC_FILTER_MASK; 185 } 186 187 void ipvlan_process_multicast(struct work_struct *work) 188 { 189 struct ipvl_port *port = container_of(work, struct ipvl_port, wq); 190 struct ethhdr *ethh; 191 struct ipvl_dev *ipvlan; 192 struct sk_buff *skb, *nskb; 193 struct sk_buff_head list; 194 unsigned int len; 195 unsigned int mac_hash; 196 int ret; 197 u8 pkt_type; 198 bool tx_pkt; 199 200 __skb_queue_head_init(&list); 201 202 spin_lock_bh(&port->backlog.lock); 203 skb_queue_splice_tail_init(&port->backlog, &list); 204 spin_unlock_bh(&port->backlog.lock); 205 206 while ((skb = __skb_dequeue(&list)) != NULL) { 207 struct net_device *dev = skb->dev; 208 bool consumed = false; 209 210 ethh = eth_hdr(skb); 211 tx_pkt = IPVL_SKB_CB(skb)->tx_pkt; 212 mac_hash = ipvlan_mac_hash(ethh->h_dest); 213 214 if (ether_addr_equal(ethh->h_dest, port->dev->broadcast)) 215 pkt_type = PACKET_BROADCAST; 216 else 217 pkt_type = PACKET_MULTICAST; 218 219 rcu_read_lock(); 220 list_for_each_entry_rcu(ipvlan, &port->ipvlans, pnode) { 221 if (tx_pkt && (ipvlan->dev == skb->dev)) 222 continue; 223 if (!test_bit(mac_hash, ipvlan->mac_filters)) 224 continue; 225 if (!(ipvlan->dev->flags & IFF_UP)) 226 continue; 227 ret = NET_RX_DROP; 228 len = skb->len + ETH_HLEN; 229 nskb = skb_clone(skb, GFP_ATOMIC); 230 local_bh_disable(); 231 if (nskb) { 232 consumed = true; 233 nskb->pkt_type = pkt_type; 234 nskb->dev = ipvlan->dev; 235 if (tx_pkt) 236 ret = dev_forward_skb(ipvlan->dev, nskb); 237 else 238 ret = netif_rx(nskb); 239 } 240 ipvlan_count_rx(ipvlan, len, ret == NET_RX_SUCCESS, true); 241 local_bh_enable(); 242 } 243 rcu_read_unlock(); 244 245 if (tx_pkt) { 246 /* If the packet originated here, send it out. */ 247 skb->dev = port->dev; 248 skb->pkt_type = pkt_type; 249 dev_queue_xmit(skb); 250 } else { 251 if (consumed) 252 consume_skb(skb); 253 else 254 kfree_skb(skb); 255 } 256 if (dev) 257 dev_put(dev); 258 } 259 } 260 261 static void ipvlan_skb_crossing_ns(struct sk_buff *skb, struct net_device *dev) 262 { 263 bool xnet = true; 264 265 if (dev) 266 xnet = !net_eq(dev_net(skb->dev), dev_net(dev)); 267 268 skb_scrub_packet(skb, xnet); 269 if (dev) 270 skb->dev = dev; 271 } 272 273 static int ipvlan_rcv_frame(struct ipvl_addr *addr, struct sk_buff **pskb, 274 bool local) 275 { 276 struct ipvl_dev *ipvlan = addr->master; 277 struct net_device *dev = ipvlan->dev; 278 unsigned int len; 279 rx_handler_result_t ret = RX_HANDLER_CONSUMED; 280 bool success = false; 281 struct sk_buff *skb = *pskb; 282 283 len = skb->len + ETH_HLEN; 284 /* Only packets exchanged between two local slaves need to have 285 * device-up check as well as skb-share check. 286 */ 287 if (local) { 288 if (unlikely(!(dev->flags & IFF_UP))) { 289 kfree_skb(skb); 290 goto out; 291 } 292 293 skb = skb_share_check(skb, GFP_ATOMIC); 294 if (!skb) 295 goto out; 296 297 *pskb = skb; 298 } 299 ipvlan_skb_crossing_ns(skb, dev); 300 301 if (local) { 302 skb->pkt_type = PACKET_HOST; 303 if (dev_forward_skb(ipvlan->dev, skb) == NET_RX_SUCCESS) 304 success = true; 305 } else { 306 ret = RX_HANDLER_ANOTHER; 307 success = true; 308 } 309 310 out: 311 ipvlan_count_rx(ipvlan, len, success, false); 312 return ret; 313 } 314 315 static struct ipvl_addr *ipvlan_addr_lookup(struct ipvl_port *port, 316 void *lyr3h, int addr_type, 317 bool use_dest) 318 { 319 struct ipvl_addr *addr = NULL; 320 321 if (addr_type == IPVL_IPV6) { 322 struct ipv6hdr *ip6h; 323 struct in6_addr *i6addr; 324 325 ip6h = (struct ipv6hdr *)lyr3h; 326 i6addr = use_dest ? &ip6h->daddr : &ip6h->saddr; 327 addr = ipvlan_ht_addr_lookup(port, i6addr, true); 328 } else if (addr_type == IPVL_ICMPV6) { 329 struct nd_msg *ndmh; 330 struct in6_addr *i6addr; 331 332 /* Make sure that the NeighborSolicitation ICMPv6 packets 333 * are handled to avoid DAD issue. 334 */ 335 ndmh = (struct nd_msg *)lyr3h; 336 if (ndmh->icmph.icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) { 337 i6addr = &ndmh->target; 338 addr = ipvlan_ht_addr_lookup(port, i6addr, true); 339 } 340 } else if (addr_type == IPVL_IPV4) { 341 struct iphdr *ip4h; 342 __be32 *i4addr; 343 344 ip4h = (struct iphdr *)lyr3h; 345 i4addr = use_dest ? &ip4h->daddr : &ip4h->saddr; 346 addr = ipvlan_ht_addr_lookup(port, i4addr, false); 347 } else if (addr_type == IPVL_ARP) { 348 struct arphdr *arph; 349 unsigned char *arp_ptr; 350 __be32 dip; 351 352 arph = (struct arphdr *)lyr3h; 353 arp_ptr = (unsigned char *)(arph + 1); 354 if (use_dest) 355 arp_ptr += (2 * port->dev->addr_len) + 4; 356 else 357 arp_ptr += port->dev->addr_len; 358 359 memcpy(&dip, arp_ptr, 4); 360 addr = ipvlan_ht_addr_lookup(port, &dip, false); 361 } 362 363 return addr; 364 } 365 366 static int ipvlan_process_v4_outbound(struct sk_buff *skb) 367 { 368 const struct iphdr *ip4h = ip_hdr(skb); 369 struct net_device *dev = skb->dev; 370 struct net *net = dev_net(dev); 371 struct rtable *rt; 372 int err, ret = NET_XMIT_DROP; 373 struct flowi4 fl4 = { 374 .flowi4_oif = dev->ifindex, 375 .flowi4_tos = RT_TOS(ip4h->tos), 376 .flowi4_flags = FLOWI_FLAG_ANYSRC, 377 .daddr = ip4h->daddr, 378 .saddr = ip4h->saddr, 379 }; 380 381 rt = ip_route_output_flow(net, &fl4, NULL); 382 if (IS_ERR(rt)) 383 goto err; 384 385 if (rt->rt_type != RTN_UNICAST && rt->rt_type != RTN_LOCAL) { 386 ip_rt_put(rt); 387 goto err; 388 } 389 skb_dst_set(skb, &rt->dst); 390 err = ip_local_out(net, skb->sk, skb); 391 if (unlikely(net_xmit_eval(err))) 392 dev->stats.tx_errors++; 393 else 394 ret = NET_XMIT_SUCCESS; 395 goto out; 396 err: 397 dev->stats.tx_errors++; 398 kfree_skb(skb); 399 out: 400 return ret; 401 } 402 403 static int ipvlan_process_v6_outbound(struct sk_buff *skb) 404 { 405 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 406 struct net_device *dev = skb->dev; 407 struct net *net = dev_net(dev); 408 struct dst_entry *dst; 409 int err, ret = NET_XMIT_DROP; 410 struct flowi6 fl6 = { 411 .flowi6_iif = dev->ifindex, 412 .daddr = ip6h->daddr, 413 .saddr = ip6h->saddr, 414 .flowi6_flags = FLOWI_FLAG_ANYSRC, 415 .flowlabel = ip6_flowinfo(ip6h), 416 .flowi6_mark = skb->mark, 417 .flowi6_proto = ip6h->nexthdr, 418 }; 419 420 dst = ip6_route_output(net, NULL, &fl6); 421 if (dst->error) { 422 ret = dst->error; 423 dst_release(dst); 424 goto err; 425 } 426 skb_dst_set(skb, dst); 427 err = ip6_local_out(net, skb->sk, skb); 428 if (unlikely(net_xmit_eval(err))) 429 dev->stats.tx_errors++; 430 else 431 ret = NET_XMIT_SUCCESS; 432 goto out; 433 err: 434 dev->stats.tx_errors++; 435 kfree_skb(skb); 436 out: 437 return ret; 438 } 439 440 static int ipvlan_process_outbound(struct sk_buff *skb) 441 { 442 struct ethhdr *ethh = eth_hdr(skb); 443 int ret = NET_XMIT_DROP; 444 445 /* In this mode we dont care about multicast and broadcast traffic */ 446 if (is_multicast_ether_addr(ethh->h_dest)) { 447 pr_warn_ratelimited("Dropped {multi|broad}cast of type= [%x]\n", 448 ntohs(skb->protocol)); 449 kfree_skb(skb); 450 goto out; 451 } 452 453 /* The ipvlan is a pseudo-L2 device, so the packets that we receive 454 * will have L2; which need to discarded and processed further 455 * in the net-ns of the main-device. 456 */ 457 if (skb_mac_header_was_set(skb)) { 458 skb_pull(skb, sizeof(*ethh)); 459 skb->mac_header = (typeof(skb->mac_header))~0U; 460 skb_reset_network_header(skb); 461 } 462 463 if (skb->protocol == htons(ETH_P_IPV6)) 464 ret = ipvlan_process_v6_outbound(skb); 465 else if (skb->protocol == htons(ETH_P_IP)) 466 ret = ipvlan_process_v4_outbound(skb); 467 else { 468 pr_warn_ratelimited("Dropped outbound packet type=%x\n", 469 ntohs(skb->protocol)); 470 kfree_skb(skb); 471 } 472 out: 473 return ret; 474 } 475 476 static void ipvlan_multicast_enqueue(struct ipvl_port *port, 477 struct sk_buff *skb, bool tx_pkt) 478 { 479 if (skb->protocol == htons(ETH_P_PAUSE)) { 480 kfree_skb(skb); 481 return; 482 } 483 484 /* Record that the deferred packet is from TX or RX path. By 485 * looking at mac-addresses on packet will lead to erronus decisions. 486 * (This would be true for a loopback-mode on master device or a 487 * hair-pin mode of the switch.) 488 */ 489 IPVL_SKB_CB(skb)->tx_pkt = tx_pkt; 490 491 spin_lock(&port->backlog.lock); 492 if (skb_queue_len(&port->backlog) < IPVLAN_QBACKLOG_LIMIT) { 493 if (skb->dev) 494 dev_hold(skb->dev); 495 __skb_queue_tail(&port->backlog, skb); 496 spin_unlock(&port->backlog.lock); 497 schedule_work(&port->wq); 498 } else { 499 spin_unlock(&port->backlog.lock); 500 atomic_long_inc(&skb->dev->rx_dropped); 501 kfree_skb(skb); 502 } 503 } 504 505 static int ipvlan_xmit_mode_l3(struct sk_buff *skb, struct net_device *dev) 506 { 507 const struct ipvl_dev *ipvlan = netdev_priv(dev); 508 void *lyr3h; 509 struct ipvl_addr *addr; 510 int addr_type; 511 512 lyr3h = ipvlan_get_L3_hdr(skb, &addr_type); 513 if (!lyr3h) 514 goto out; 515 516 addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true); 517 if (addr) 518 return ipvlan_rcv_frame(addr, &skb, true); 519 520 out: 521 ipvlan_skb_crossing_ns(skb, ipvlan->phy_dev); 522 return ipvlan_process_outbound(skb); 523 } 524 525 static int ipvlan_xmit_mode_l2(struct sk_buff *skb, struct net_device *dev) 526 { 527 const struct ipvl_dev *ipvlan = netdev_priv(dev); 528 struct ethhdr *eth = eth_hdr(skb); 529 struct ipvl_addr *addr; 530 void *lyr3h; 531 int addr_type; 532 533 if (ether_addr_equal(eth->h_dest, eth->h_source)) { 534 lyr3h = ipvlan_get_L3_hdr(skb, &addr_type); 535 if (lyr3h) { 536 addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true); 537 if (addr) 538 return ipvlan_rcv_frame(addr, &skb, true); 539 } 540 skb = skb_share_check(skb, GFP_ATOMIC); 541 if (!skb) 542 return NET_XMIT_DROP; 543 544 /* Packet definitely does not belong to any of the 545 * virtual devices, but the dest is local. So forward 546 * the skb for the main-dev. At the RX side we just return 547 * RX_PASS for it to be processed further on the stack. 548 */ 549 return dev_forward_skb(ipvlan->phy_dev, skb); 550 551 } else if (is_multicast_ether_addr(eth->h_dest)) { 552 ipvlan_skb_crossing_ns(skb, NULL); 553 ipvlan_multicast_enqueue(ipvlan->port, skb, true); 554 return NET_XMIT_SUCCESS; 555 } 556 557 ipvlan_skb_crossing_ns(skb, ipvlan->phy_dev); 558 return dev_queue_xmit(skb); 559 } 560 561 int ipvlan_queue_xmit(struct sk_buff *skb, struct net_device *dev) 562 { 563 struct ipvl_dev *ipvlan = netdev_priv(dev); 564 struct ipvl_port *port = ipvlan_port_get_rcu_bh(ipvlan->phy_dev); 565 566 if (!port) 567 goto out; 568 569 if (unlikely(!pskb_may_pull(skb, sizeof(struct ethhdr)))) 570 goto out; 571 572 switch(port->mode) { 573 case IPVLAN_MODE_L2: 574 return ipvlan_xmit_mode_l2(skb, dev); 575 case IPVLAN_MODE_L3: 576 case IPVLAN_MODE_L3S: 577 return ipvlan_xmit_mode_l3(skb, dev); 578 } 579 580 /* Should not reach here */ 581 WARN_ONCE(true, "ipvlan_queue_xmit() called for mode = [%hx]\n", 582 port->mode); 583 out: 584 kfree_skb(skb); 585 return NET_XMIT_DROP; 586 } 587 588 static bool ipvlan_external_frame(struct sk_buff *skb, struct ipvl_port *port) 589 { 590 struct ethhdr *eth = eth_hdr(skb); 591 struct ipvl_addr *addr; 592 void *lyr3h; 593 int addr_type; 594 595 if (ether_addr_equal(eth->h_source, skb->dev->dev_addr)) { 596 lyr3h = ipvlan_get_L3_hdr(skb, &addr_type); 597 if (!lyr3h) 598 return true; 599 600 addr = ipvlan_addr_lookup(port, lyr3h, addr_type, false); 601 if (addr) 602 return false; 603 } 604 605 return true; 606 } 607 608 static rx_handler_result_t ipvlan_handle_mode_l3(struct sk_buff **pskb, 609 struct ipvl_port *port) 610 { 611 void *lyr3h; 612 int addr_type; 613 struct ipvl_addr *addr; 614 struct sk_buff *skb = *pskb; 615 rx_handler_result_t ret = RX_HANDLER_PASS; 616 617 lyr3h = ipvlan_get_L3_hdr(skb, &addr_type); 618 if (!lyr3h) 619 goto out; 620 621 addr = ipvlan_addr_lookup(port, lyr3h, addr_type, true); 622 if (addr) 623 ret = ipvlan_rcv_frame(addr, pskb, false); 624 625 out: 626 return ret; 627 } 628 629 static rx_handler_result_t ipvlan_handle_mode_l2(struct sk_buff **pskb, 630 struct ipvl_port *port) 631 { 632 struct sk_buff *skb = *pskb; 633 struct ethhdr *eth = eth_hdr(skb); 634 rx_handler_result_t ret = RX_HANDLER_PASS; 635 void *lyr3h; 636 int addr_type; 637 638 if (is_multicast_ether_addr(eth->h_dest)) { 639 if (ipvlan_external_frame(skb, port)) { 640 struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC); 641 642 /* External frames are queued for device local 643 * distribution, but a copy is given to master 644 * straight away to avoid sending duplicates later 645 * when work-queue processes this frame. This is 646 * achieved by returning RX_HANDLER_PASS. 647 */ 648 if (nskb) { 649 ipvlan_skb_crossing_ns(nskb, NULL); 650 ipvlan_multicast_enqueue(port, nskb, false); 651 } 652 } 653 } else { 654 struct ipvl_addr *addr; 655 656 lyr3h = ipvlan_get_L3_hdr(skb, &addr_type); 657 if (!lyr3h) 658 return ret; 659 660 addr = ipvlan_addr_lookup(port, lyr3h, addr_type, true); 661 if (addr) 662 ret = ipvlan_rcv_frame(addr, pskb, false); 663 } 664 665 return ret; 666 } 667 668 rx_handler_result_t ipvlan_handle_frame(struct sk_buff **pskb) 669 { 670 struct sk_buff *skb = *pskb; 671 struct ipvl_port *port = ipvlan_port_get_rcu(skb->dev); 672 673 if (!port) 674 return RX_HANDLER_PASS; 675 676 switch (port->mode) { 677 case IPVLAN_MODE_L2: 678 return ipvlan_handle_mode_l2(pskb, port); 679 case IPVLAN_MODE_L3: 680 return ipvlan_handle_mode_l3(pskb, port); 681 case IPVLAN_MODE_L3S: 682 return RX_HANDLER_PASS; 683 } 684 685 /* Should not reach here */ 686 WARN_ONCE(true, "ipvlan_handle_frame() called for mode = [%hx]\n", 687 port->mode); 688 kfree_skb(skb); 689 return RX_HANDLER_CONSUMED; 690 } 691 692 static struct ipvl_addr *ipvlan_skb_to_addr(struct sk_buff *skb, 693 struct net_device *dev) 694 { 695 struct ipvl_addr *addr = NULL; 696 struct ipvl_port *port; 697 void *lyr3h; 698 int addr_type; 699 700 if (!dev || !netif_is_ipvlan_port(dev)) 701 goto out; 702 703 port = ipvlan_port_get_rcu(dev); 704 if (!port || port->mode != IPVLAN_MODE_L3S) 705 goto out; 706 707 lyr3h = ipvlan_get_L3_hdr(skb, &addr_type); 708 if (!lyr3h) 709 goto out; 710 711 addr = ipvlan_addr_lookup(port, lyr3h, addr_type, true); 712 out: 713 return addr; 714 } 715 716 struct sk_buff *ipvlan_l3_rcv(struct net_device *dev, struct sk_buff *skb, 717 u16 proto) 718 { 719 struct ipvl_addr *addr; 720 struct net_device *sdev; 721 722 addr = ipvlan_skb_to_addr(skb, dev); 723 if (!addr) 724 goto out; 725 726 sdev = addr->master->dev; 727 switch (proto) { 728 case AF_INET: 729 { 730 int err; 731 struct iphdr *ip4h = ip_hdr(skb); 732 733 err = ip_route_input_noref(skb, ip4h->daddr, ip4h->saddr, 734 ip4h->tos, sdev); 735 if (unlikely(err)) 736 goto out; 737 break; 738 } 739 case AF_INET6: 740 { 741 struct dst_entry *dst; 742 struct ipv6hdr *ip6h = ipv6_hdr(skb); 743 int flags = RT6_LOOKUP_F_HAS_SADDR; 744 struct flowi6 fl6 = { 745 .flowi6_iif = sdev->ifindex, 746 .daddr = ip6h->daddr, 747 .saddr = ip6h->saddr, 748 .flowlabel = ip6_flowinfo(ip6h), 749 .flowi6_mark = skb->mark, 750 .flowi6_proto = ip6h->nexthdr, 751 }; 752 753 skb_dst_drop(skb); 754 dst = ip6_route_input_lookup(dev_net(sdev), sdev, &fl6, flags); 755 skb_dst_set(skb, dst); 756 break; 757 } 758 default: 759 break; 760 } 761 762 out: 763 return skb; 764 } 765 766 unsigned int ipvlan_nf_input(void *priv, struct sk_buff *skb, 767 const struct nf_hook_state *state) 768 { 769 struct ipvl_addr *addr; 770 unsigned int len; 771 772 addr = ipvlan_skb_to_addr(skb, skb->dev); 773 if (!addr) 774 goto out; 775 776 skb->dev = addr->master->dev; 777 len = skb->len + ETH_HLEN; 778 ipvlan_count_rx(addr->master, len, true, false); 779 out: 780 return NF_ACCEPT; 781 } 782