xref: /openbmc/linux/net/ipv4/xfrm4_policy.c (revision c67ce71d) 
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * xfrm4_policy.c
4  *
5  * Changes:
6  *	Kazunori MIYAZAWA @USAGI
7  * 	YOSHIFUJI Hideaki @USAGI
8  *		Split up af-specific portion
9  *
10  */
11 
12 #include <linux/err.h>
13 #include <linux/kernel.h>
14 #include <linux/inetdevice.h>
15 #include <net/dst.h>
16 #include <net/xfrm.h>
17 #include <net/ip.h>
18 #include <net/l3mdev.h>
19 
20 static struct dst_entry *__xfrm4_dst_lookup(struct flowi4 *fl4,
21 					    const struct xfrm_dst_lookup_params *params)
22 {
23 	struct rtable *rt;
24 
25 	memset(fl4, 0, sizeof(*fl4));
26 	fl4->daddr = params->daddr->a4;
27 	fl4->flowi4_tos = params->tos;
28 	fl4->flowi4_l3mdev = l3mdev_master_ifindex_by_index(params->net,
29 							    params->oif);
30 	fl4->flowi4_mark = params->mark;
31 	if (params->saddr)
32 		fl4->saddr = params->saddr->a4;
33 	fl4->flowi4_proto = params->ipproto;
34 	fl4->uli = params->uli;
35 
36 	rt = __ip_route_output_key(params->net, fl4);
37 	if (!IS_ERR(rt))
38 		return &rt->dst;
39 
40 	return ERR_CAST(rt);
41 }
42 
43 static struct dst_entry *xfrm4_dst_lookup(const struct xfrm_dst_lookup_params *params)
44 {
45 	struct flowi4 fl4;
46 
47 	return __xfrm4_dst_lookup(&fl4, params);
48 }
49 
50 static int xfrm4_get_saddr(xfrm_address_t *saddr,
51 			   const struct xfrm_dst_lookup_params *params)
52 {
53 	struct dst_entry *dst;
54 	struct flowi4 fl4;
55 
56 	dst = __xfrm4_dst_lookup(&fl4, params);
57 	if (IS_ERR(dst))
58 		return -EHOSTUNREACH;
59 
60 	saddr->a4 = fl4.saddr;
61 	dst_release(dst);
62 	return 0;
63 }
64 
65 static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
66 			  const struct flowi *fl)
67 {
68 	struct rtable *rt = (struct rtable *)xdst->route;
69 	const struct flowi4 *fl4 = &fl->u.ip4;
70 
71 	xdst->u.rt.rt_iif = fl4->flowi4_iif;
72 
73 	xdst->u.dst.dev = dev;
74 	netdev_hold(dev, &xdst->u.dst.dev_tracker, GFP_ATOMIC);
75 
76 	/* Sheit... I remember I did this right. Apparently,
77 	 * it was magically lost, so this code needs audit */
78 	xdst->u.rt.rt_is_input = rt->rt_is_input;
79 	xdst->u.rt.rt_flags = rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST |
80 					      RTCF_LOCAL);
81 	xdst->u.rt.rt_type = rt->rt_type;
82 	xdst->u.rt.rt_uses_gateway = rt->rt_uses_gateway;
83 	xdst->u.rt.rt_gw_family = rt->rt_gw_family;
84 	if (rt->rt_gw_family == AF_INET)
85 		xdst->u.rt.rt_gw4 = rt->rt_gw4;
86 	else if (rt->rt_gw_family == AF_INET6)
87 		xdst->u.rt.rt_gw6 = rt->rt_gw6;
88 	xdst->u.rt.rt_pmtu = rt->rt_pmtu;
89 	xdst->u.rt.rt_mtu_locked = rt->rt_mtu_locked;
90 	rt_add_uncached_list(&xdst->u.rt);
91 
92 	return 0;
93 }
94 
95 static void xfrm4_update_pmtu(struct dst_entry *dst, struct sock *sk,
96 			      struct sk_buff *skb, u32 mtu,
97 			      bool confirm_neigh)
98 {
99 	struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
100 	struct dst_entry *path = xdst->route;
101 
102 	path->ops->update_pmtu(path, sk, skb, mtu, confirm_neigh);
103 }
104 
105 static void xfrm4_redirect(struct dst_entry *dst, struct sock *sk,
106 			   struct sk_buff *skb)
107 {
108 	struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
109 	struct dst_entry *path = xdst->route;
110 
111 	path->ops->redirect(path, sk, skb);
112 }
113 
114 static void xfrm4_dst_destroy(struct dst_entry *dst)
115 {
116 	struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
117 
118 	dst_destroy_metrics_generic(dst);
119 	rt_del_uncached_list(&xdst->u.rt);
120 	xfrm_dst_destroy(xdst);
121 }
122 
123 static struct dst_ops xfrm4_dst_ops_template = {
124 	.family =		AF_INET,
125 	.update_pmtu =		xfrm4_update_pmtu,
126 	.redirect =		xfrm4_redirect,
127 	.cow_metrics =		dst_cow_metrics_generic,
128 	.destroy =		xfrm4_dst_destroy,
129 	.ifdown =		xfrm_dst_ifdown,
130 	.local_out =		__ip_local_out,
131 	.gc_thresh =		32768,
132 };
133 
134 static const struct xfrm_policy_afinfo xfrm4_policy_afinfo = {
135 	.dst_ops =		&xfrm4_dst_ops_template,
136 	.dst_lookup =		xfrm4_dst_lookup,
137 	.get_saddr =		xfrm4_get_saddr,
138 	.fill_dst =		xfrm4_fill_dst,
139 	.blackhole_route =	ipv4_blackhole_route,
140 };
141 
142 #ifdef CONFIG_SYSCTL
143 static struct ctl_table xfrm4_policy_table[] = {
144 	{
145 		.procname       = "xfrm4_gc_thresh",
146 		.data           = &init_net.xfrm.xfrm4_dst_ops.gc_thresh,
147 		.maxlen         = sizeof(int),
148 		.mode           = 0644,
149 		.proc_handler   = proc_dointvec,
150 	},
151 	{ }
152 };
153 
154 static __net_init int xfrm4_net_sysctl_init(struct net *net)
155 {
156 	struct ctl_table *table;
157 	struct ctl_table_header *hdr;
158 
159 	table = xfrm4_policy_table;
160 	if (!net_eq(net, &init_net)) {
161 		table = kmemdup(table, sizeof(xfrm4_policy_table), GFP_KERNEL);
162 		if (!table)
163 			goto err_alloc;
164 
165 		table[0].data = &net->xfrm.xfrm4_dst_ops.gc_thresh;
166 	}
167 
168 	hdr = register_net_sysctl_sz(net, "net/ipv4", table,
169 				     ARRAY_SIZE(xfrm4_policy_table));
170 	if (!hdr)
171 		goto err_reg;
172 
173 	net->ipv4.xfrm4_hdr = hdr;
174 	return 0;
175 
176 err_reg:
177 	if (!net_eq(net, &init_net))
178 		kfree(table);
179 err_alloc:
180 	return -ENOMEM;
181 }
182 
183 static __net_exit void xfrm4_net_sysctl_exit(struct net *net)
184 {
185 	struct ctl_table *table;
186 
187 	if (!net->ipv4.xfrm4_hdr)
188 		return;
189 
190 	table = net->ipv4.xfrm4_hdr->ctl_table_arg;
191 	unregister_net_sysctl_table(net->ipv4.xfrm4_hdr);
192 	if (!net_eq(net, &init_net))
193 		kfree(table);
194 }
195 #else /* CONFIG_SYSCTL */
196 static inline int xfrm4_net_sysctl_init(struct net *net)
197 {
198 	return 0;
199 }
200 
201 static inline void xfrm4_net_sysctl_exit(struct net *net)
202 {
203 }
204 #endif
205 
206 static int __net_init xfrm4_net_init(struct net *net)
207 {
208 	int ret;
209 
210 	memcpy(&net->xfrm.xfrm4_dst_ops, &xfrm4_dst_ops_template,
211 	       sizeof(xfrm4_dst_ops_template));
212 	ret = dst_entries_init(&net->xfrm.xfrm4_dst_ops);
213 	if (ret)
214 		return ret;
215 
216 	ret = xfrm4_net_sysctl_init(net);
217 	if (ret)
218 		dst_entries_destroy(&net->xfrm.xfrm4_dst_ops);
219 
220 	return ret;
221 }
222 
223 static void __net_exit xfrm4_net_exit(struct net *net)
224 {
225 	xfrm4_net_sysctl_exit(net);
226 	dst_entries_destroy(&net->xfrm.xfrm4_dst_ops);
227 }
228 
229 static struct pernet_operations __net_initdata xfrm4_net_ops = {
230 	.init	= xfrm4_net_init,
231 	.exit	= xfrm4_net_exit,
232 };
233 
234 static void __init xfrm4_policy_init(void)
235 {
236 	xfrm_policy_register_afinfo(&xfrm4_policy_afinfo, AF_INET);
237 }
238 
239 void __init xfrm4_init(void)
240 {
241 	xfrm4_state_init();
242 	xfrm4_policy_init();
243 	xfrm4_protocol_init();
244 	register_pernet_subsys(&xfrm4_net_ops);
245 }
246