16c8702c6SDavid Lebrun /* 26c8702c6SDavid Lebrun * SR-IPv6 implementation 36c8702c6SDavid Lebrun * 46c8702c6SDavid Lebrun * Author: 56c8702c6SDavid Lebrun * David Lebrun <david.lebrun@uclouvain.be> 66c8702c6SDavid Lebrun * 76c8702c6SDavid Lebrun * 86c8702c6SDavid Lebrun * This program is free software; you can redistribute it and/or 96c8702c6SDavid Lebrun * modify it under the terms of the GNU General Public License 106c8702c6SDavid Lebrun * as published by the Free Software Foundation; either version 116c8702c6SDavid Lebrun * 2 of the License, or (at your option) any later version. 126c8702c6SDavid Lebrun */ 136c8702c6SDavid Lebrun 146c8702c6SDavid Lebrun #include <linux/types.h> 156c8702c6SDavid Lebrun #include <linux/skbuff.h> 166c8702c6SDavid Lebrun #include <linux/net.h> 176c8702c6SDavid Lebrun #include <linux/module.h> 186c8702c6SDavid Lebrun #include <net/ip.h> 196c8702c6SDavid Lebrun #include <net/lwtunnel.h> 206c8702c6SDavid Lebrun #include <net/netevent.h> 216c8702c6SDavid Lebrun #include <net/netns/generic.h> 226c8702c6SDavid Lebrun #include <net/ip6_fib.h> 236c8702c6SDavid Lebrun #include <net/route.h> 246c8702c6SDavid Lebrun #include <net/seg6.h> 256c8702c6SDavid Lebrun #include <linux/seg6.h> 266c8702c6SDavid Lebrun #include <linux/seg6_iptunnel.h> 276c8702c6SDavid Lebrun #include <net/addrconf.h> 286c8702c6SDavid Lebrun #include <net/ip6_route.h> 296c8702c6SDavid Lebrun #include <net/dst_cache.h> 309baee834SDavid Lebrun #ifdef CONFIG_IPV6_SEG6_HMAC 319baee834SDavid Lebrun #include <net/seg6_hmac.h> 329baee834SDavid Lebrun #endif 336c8702c6SDavid Lebrun 346c8702c6SDavid Lebrun struct seg6_lwt { 356c8702c6SDavid Lebrun struct dst_cache cache; 366c8702c6SDavid Lebrun struct seg6_iptunnel_encap tuninfo[0]; 376c8702c6SDavid Lebrun }; 386c8702c6SDavid Lebrun 396c8702c6SDavid Lebrun static inline struct seg6_lwt *seg6_lwt_lwtunnel(struct lwtunnel_state *lwt) 406c8702c6SDavid Lebrun { 416c8702c6SDavid Lebrun return (struct seg6_lwt *)lwt->data; 426c8702c6SDavid Lebrun } 436c8702c6SDavid Lebrun 446c8702c6SDavid Lebrun static inline struct seg6_iptunnel_encap * 456c8702c6SDavid Lebrun seg6_encap_lwtunnel(struct lwtunnel_state *lwt) 466c8702c6SDavid Lebrun { 476c8702c6SDavid Lebrun return seg6_lwt_lwtunnel(lwt)->tuninfo; 486c8702c6SDavid Lebrun } 496c8702c6SDavid Lebrun 506c8702c6SDavid Lebrun static const struct nla_policy seg6_iptunnel_policy[SEG6_IPTUNNEL_MAX + 1] = { 516c8702c6SDavid Lebrun [SEG6_IPTUNNEL_SRH] = { .type = NLA_BINARY }, 526c8702c6SDavid Lebrun }; 536c8702c6SDavid Lebrun 54bb4005baSWei Yongjun static int nla_put_srh(struct sk_buff *skb, int attrtype, 556c8702c6SDavid Lebrun struct seg6_iptunnel_encap *tuninfo) 566c8702c6SDavid Lebrun { 576c8702c6SDavid Lebrun struct seg6_iptunnel_encap *data; 586c8702c6SDavid Lebrun struct nlattr *nla; 596c8702c6SDavid Lebrun int len; 606c8702c6SDavid Lebrun 616c8702c6SDavid Lebrun len = SEG6_IPTUN_ENCAP_SIZE(tuninfo); 626c8702c6SDavid Lebrun 636c8702c6SDavid Lebrun nla = nla_reserve(skb, attrtype, len); 646c8702c6SDavid Lebrun if (!nla) 656c8702c6SDavid Lebrun return -EMSGSIZE; 666c8702c6SDavid Lebrun 676c8702c6SDavid Lebrun data = nla_data(nla); 686c8702c6SDavid Lebrun memcpy(data, tuninfo, len); 696c8702c6SDavid Lebrun 706c8702c6SDavid Lebrun return 0; 716c8702c6SDavid Lebrun } 726c8702c6SDavid Lebrun 736c8702c6SDavid Lebrun static void set_tun_src(struct net *net, struct net_device *dev, 746c8702c6SDavid Lebrun struct in6_addr *daddr, struct in6_addr *saddr) 756c8702c6SDavid Lebrun { 766c8702c6SDavid Lebrun struct seg6_pernet_data *sdata = seg6_pernet(net); 776c8702c6SDavid Lebrun struct in6_addr *tun_src; 786c8702c6SDavid Lebrun 796c8702c6SDavid Lebrun rcu_read_lock(); 806c8702c6SDavid Lebrun 816c8702c6SDavid Lebrun tun_src = rcu_dereference(sdata->tun_src); 826c8702c6SDavid Lebrun 836c8702c6SDavid Lebrun if (!ipv6_addr_any(tun_src)) { 846c8702c6SDavid Lebrun memcpy(saddr, tun_src, sizeof(struct in6_addr)); 856c8702c6SDavid Lebrun } else { 866c8702c6SDavid Lebrun ipv6_dev_get_saddr(net, dev, daddr, IPV6_PREFER_SRC_PUBLIC, 876c8702c6SDavid Lebrun saddr); 886c8702c6SDavid Lebrun } 896c8702c6SDavid Lebrun 906c8702c6SDavid Lebrun rcu_read_unlock(); 916c8702c6SDavid Lebrun } 926c8702c6SDavid Lebrun 936c8702c6SDavid Lebrun /* encapsulate an IPv6 packet within an outer IPv6 header with a given SRH */ 9432d99d0bSDavid Lebrun int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh, int proto) 956c8702c6SDavid Lebrun { 968936ef76SDavid Lebrun struct dst_entry *dst = skb_dst(skb); 978936ef76SDavid Lebrun struct net *net = dev_net(dst->dev); 986c8702c6SDavid Lebrun struct ipv6hdr *hdr, *inner_hdr; 996c8702c6SDavid Lebrun struct ipv6_sr_hdr *isrh; 1006c8702c6SDavid Lebrun int hdrlen, tot_len, err; 1016c8702c6SDavid Lebrun 1026c8702c6SDavid Lebrun hdrlen = (osrh->hdrlen + 1) << 3; 1036c8702c6SDavid Lebrun tot_len = hdrlen + sizeof(*hdr); 1046c8702c6SDavid Lebrun 10519d5a26fSDavid Lebrun err = skb_cow_head(skb, tot_len); 1066c8702c6SDavid Lebrun if (unlikely(err)) 1076c8702c6SDavid Lebrun return err; 1086c8702c6SDavid Lebrun 1096c8702c6SDavid Lebrun inner_hdr = ipv6_hdr(skb); 1106c8702c6SDavid Lebrun 1116c8702c6SDavid Lebrun skb_push(skb, tot_len); 1126c8702c6SDavid Lebrun skb_reset_network_header(skb); 1136c8702c6SDavid Lebrun skb_mac_header_rebuild(skb); 1146c8702c6SDavid Lebrun hdr = ipv6_hdr(skb); 1156c8702c6SDavid Lebrun 1166c8702c6SDavid Lebrun /* inherit tc, flowlabel and hlim 1176c8702c6SDavid Lebrun * hlim will be decremented in ip6_forward() afterwards and 1186c8702c6SDavid Lebrun * decapsulation will overwrite inner hlim with outer hlim 1196c8702c6SDavid Lebrun */ 12032d99d0bSDavid Lebrun 12132d99d0bSDavid Lebrun if (skb->protocol == htons(ETH_P_IPV6)) { 1226c8702c6SDavid Lebrun ip6_flow_hdr(hdr, ip6_tclass(ip6_flowinfo(inner_hdr)), 1236c8702c6SDavid Lebrun ip6_flowlabel(inner_hdr)); 1246c8702c6SDavid Lebrun hdr->hop_limit = inner_hdr->hop_limit; 12532d99d0bSDavid Lebrun } else { 12632d99d0bSDavid Lebrun ip6_flow_hdr(hdr, 0, 0); 12732d99d0bSDavid Lebrun hdr->hop_limit = ip6_dst_hoplimit(skb_dst(skb)); 12832d99d0bSDavid Lebrun } 12932d99d0bSDavid Lebrun 1306c8702c6SDavid Lebrun hdr->nexthdr = NEXTHDR_ROUTING; 1316c8702c6SDavid Lebrun 1326c8702c6SDavid Lebrun isrh = (void *)hdr + sizeof(*hdr); 1336c8702c6SDavid Lebrun memcpy(isrh, osrh, hdrlen); 1346c8702c6SDavid Lebrun 13532d99d0bSDavid Lebrun isrh->nexthdr = proto; 1366c8702c6SDavid Lebrun 1376c8702c6SDavid Lebrun hdr->daddr = isrh->segments[isrh->first_segment]; 1388936ef76SDavid Lebrun set_tun_src(net, ip6_dst_idev(dst)->dev, &hdr->daddr, &hdr->saddr); 1396c8702c6SDavid Lebrun 1409baee834SDavid Lebrun #ifdef CONFIG_IPV6_SEG6_HMAC 1419baee834SDavid Lebrun if (sr_has_hmac(isrh)) { 1429baee834SDavid Lebrun err = seg6_push_hmac(net, &hdr->saddr, isrh); 1439baee834SDavid Lebrun if (unlikely(err)) 1449baee834SDavid Lebrun return err; 1459baee834SDavid Lebrun } 1469baee834SDavid Lebrun #endif 1479baee834SDavid Lebrun 1486c8702c6SDavid Lebrun skb_postpush_rcsum(skb, hdr, tot_len); 1496c8702c6SDavid Lebrun 1506c8702c6SDavid Lebrun return 0; 1516c8702c6SDavid Lebrun } 152b04c80d3SDavid Lebrun EXPORT_SYMBOL_GPL(seg6_do_srh_encap); 1536c8702c6SDavid Lebrun 1546c8702c6SDavid Lebrun /* insert an SRH within an IPv6 packet, just after the IPv6 header */ 155b04c80d3SDavid Lebrun int seg6_do_srh_inline(struct sk_buff *skb, struct ipv6_sr_hdr *osrh) 1566c8702c6SDavid Lebrun { 1576c8702c6SDavid Lebrun struct ipv6hdr *hdr, *oldhdr; 1586c8702c6SDavid Lebrun struct ipv6_sr_hdr *isrh; 1596c8702c6SDavid Lebrun int hdrlen, err; 1606c8702c6SDavid Lebrun 1616c8702c6SDavid Lebrun hdrlen = (osrh->hdrlen + 1) << 3; 1626c8702c6SDavid Lebrun 16319d5a26fSDavid Lebrun err = skb_cow_head(skb, hdrlen); 1646c8702c6SDavid Lebrun if (unlikely(err)) 1656c8702c6SDavid Lebrun return err; 1666c8702c6SDavid Lebrun 1676c8702c6SDavid Lebrun oldhdr = ipv6_hdr(skb); 1686c8702c6SDavid Lebrun 1696c8702c6SDavid Lebrun skb_pull(skb, sizeof(struct ipv6hdr)); 1706c8702c6SDavid Lebrun skb_postpull_rcsum(skb, skb_network_header(skb), 1716c8702c6SDavid Lebrun sizeof(struct ipv6hdr)); 1726c8702c6SDavid Lebrun 1736c8702c6SDavid Lebrun skb_push(skb, sizeof(struct ipv6hdr) + hdrlen); 1746c8702c6SDavid Lebrun skb_reset_network_header(skb); 1756c8702c6SDavid Lebrun skb_mac_header_rebuild(skb); 1766c8702c6SDavid Lebrun 1776c8702c6SDavid Lebrun hdr = ipv6_hdr(skb); 1786c8702c6SDavid Lebrun 1796c8702c6SDavid Lebrun memmove(hdr, oldhdr, sizeof(*hdr)); 1806c8702c6SDavid Lebrun 1816c8702c6SDavid Lebrun isrh = (void *)hdr + sizeof(*hdr); 1826c8702c6SDavid Lebrun memcpy(isrh, osrh, hdrlen); 1836c8702c6SDavid Lebrun 1846c8702c6SDavid Lebrun isrh->nexthdr = hdr->nexthdr; 1856c8702c6SDavid Lebrun hdr->nexthdr = NEXTHDR_ROUTING; 1866c8702c6SDavid Lebrun 1876c8702c6SDavid Lebrun isrh->segments[0] = hdr->daddr; 1886c8702c6SDavid Lebrun hdr->daddr = isrh->segments[isrh->first_segment]; 1896c8702c6SDavid Lebrun 1909baee834SDavid Lebrun #ifdef CONFIG_IPV6_SEG6_HMAC 1919baee834SDavid Lebrun if (sr_has_hmac(isrh)) { 1929baee834SDavid Lebrun struct net *net = dev_net(skb_dst(skb)->dev); 1939baee834SDavid Lebrun 1949baee834SDavid Lebrun err = seg6_push_hmac(net, &hdr->saddr, isrh); 1959baee834SDavid Lebrun if (unlikely(err)) 1969baee834SDavid Lebrun return err; 1979baee834SDavid Lebrun } 1989baee834SDavid Lebrun #endif 1999baee834SDavid Lebrun 2006c8702c6SDavid Lebrun skb_postpush_rcsum(skb, hdr, sizeof(struct ipv6hdr) + hdrlen); 2016c8702c6SDavid Lebrun 2026c8702c6SDavid Lebrun return 0; 2036c8702c6SDavid Lebrun } 204b04c80d3SDavid Lebrun EXPORT_SYMBOL_GPL(seg6_do_srh_inline); 2056c8702c6SDavid Lebrun 2066c8702c6SDavid Lebrun static int seg6_do_srh(struct sk_buff *skb) 2076c8702c6SDavid Lebrun { 2086c8702c6SDavid Lebrun struct dst_entry *dst = skb_dst(skb); 2096c8702c6SDavid Lebrun struct seg6_iptunnel_encap *tinfo; 21032d99d0bSDavid Lebrun int proto, err = 0; 2116c8702c6SDavid Lebrun 2126c8702c6SDavid Lebrun tinfo = seg6_encap_lwtunnel(dst->lwtstate); 2136c8702c6SDavid Lebrun 2146c8702c6SDavid Lebrun if (likely(!skb->encapsulation)) { 2156c8702c6SDavid Lebrun skb_reset_inner_headers(skb); 2166c8702c6SDavid Lebrun skb->encapsulation = 1; 2176c8702c6SDavid Lebrun } 2186c8702c6SDavid Lebrun 2196c8702c6SDavid Lebrun switch (tinfo->mode) { 2206c8702c6SDavid Lebrun case SEG6_IPTUN_MODE_INLINE: 22132d99d0bSDavid Lebrun if (skb->protocol != htons(ETH_P_IPV6)) 22232d99d0bSDavid Lebrun return -EINVAL; 22332d99d0bSDavid Lebrun 2246c8702c6SDavid Lebrun err = seg6_do_srh_inline(skb, tinfo->srh); 22532d99d0bSDavid Lebrun if (err) 22632d99d0bSDavid Lebrun return err; 22732d99d0bSDavid Lebrun 2286c8702c6SDavid Lebrun skb_reset_inner_headers(skb); 2296c8702c6SDavid Lebrun break; 2306c8702c6SDavid Lebrun case SEG6_IPTUN_MODE_ENCAP: 23132d99d0bSDavid Lebrun if (skb->protocol == htons(ETH_P_IPV6)) 23232d99d0bSDavid Lebrun proto = IPPROTO_IPV6; 23332d99d0bSDavid Lebrun else if (skb->protocol == htons(ETH_P_IP)) 23432d99d0bSDavid Lebrun proto = IPPROTO_IPIP; 23532d99d0bSDavid Lebrun else 23632d99d0bSDavid Lebrun return -EINVAL; 2376c8702c6SDavid Lebrun 23832d99d0bSDavid Lebrun err = seg6_do_srh_encap(skb, tinfo->srh, proto); 2396c8702c6SDavid Lebrun if (err) 2406c8702c6SDavid Lebrun return err; 2416c8702c6SDavid Lebrun 24232d99d0bSDavid Lebrun skb->protocol = htons(ETH_P_IPV6); 24332d99d0bSDavid Lebrun break; 24438ee7f2dSDavid Lebrun case SEG6_IPTUN_MODE_L2ENCAP: 24538ee7f2dSDavid Lebrun if (!skb_mac_header_was_set(skb)) 24638ee7f2dSDavid Lebrun return -EINVAL; 24738ee7f2dSDavid Lebrun 24838ee7f2dSDavid Lebrun if (pskb_expand_head(skb, skb->mac_len, 0, GFP_ATOMIC) < 0) 24938ee7f2dSDavid Lebrun return -ENOMEM; 25038ee7f2dSDavid Lebrun 25138ee7f2dSDavid Lebrun skb_mac_header_rebuild(skb); 25238ee7f2dSDavid Lebrun skb_push(skb, skb->mac_len); 25338ee7f2dSDavid Lebrun 25438ee7f2dSDavid Lebrun err = seg6_do_srh_encap(skb, tinfo->srh, NEXTHDR_NONE); 25538ee7f2dSDavid Lebrun if (err) 25638ee7f2dSDavid Lebrun return err; 25738ee7f2dSDavid Lebrun 25838ee7f2dSDavid Lebrun skb->protocol = htons(ETH_P_IPV6); 25938ee7f2dSDavid Lebrun break; 26032d99d0bSDavid Lebrun } 26132d99d0bSDavid Lebrun 2626c8702c6SDavid Lebrun ipv6_hdr(skb)->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); 2636c8702c6SDavid Lebrun skb_set_transport_header(skb, sizeof(struct ipv6hdr)); 2646c8702c6SDavid Lebrun 2656c8702c6SDavid Lebrun skb_set_inner_protocol(skb, skb->protocol); 2666c8702c6SDavid Lebrun 2676c8702c6SDavid Lebrun return 0; 2686c8702c6SDavid Lebrun } 2696c8702c6SDavid Lebrun 270bb4005baSWei Yongjun static int seg6_input(struct sk_buff *skb) 2716c8702c6SDavid Lebrun { 272af4a2209SDavid Lebrun struct dst_entry *orig_dst = skb_dst(skb); 273af4a2209SDavid Lebrun struct dst_entry *dst = NULL; 274af4a2209SDavid Lebrun struct seg6_lwt *slwt; 2756c8702c6SDavid Lebrun int err; 2766c8702c6SDavid Lebrun 2776c8702c6SDavid Lebrun err = seg6_do_srh(skb); 2786c8702c6SDavid Lebrun if (unlikely(err)) { 2796c8702c6SDavid Lebrun kfree_skb(skb); 2806c8702c6SDavid Lebrun return err; 2816c8702c6SDavid Lebrun } 2826c8702c6SDavid Lebrun 283af4a2209SDavid Lebrun slwt = seg6_lwt_lwtunnel(orig_dst->lwtstate); 284af4a2209SDavid Lebrun 285af4a2209SDavid Lebrun preempt_disable(); 286af4a2209SDavid Lebrun dst = dst_cache_get(&slwt->cache); 287af4a2209SDavid Lebrun preempt_enable(); 288af4a2209SDavid Lebrun 2896c8702c6SDavid Lebrun skb_dst_drop(skb); 290af4a2209SDavid Lebrun 291af4a2209SDavid Lebrun if (!dst) { 2926c8702c6SDavid Lebrun ip6_route_input(skb); 293af4a2209SDavid Lebrun dst = skb_dst(skb); 294af4a2209SDavid Lebrun if (!dst->error) { 295af4a2209SDavid Lebrun preempt_disable(); 296af4a2209SDavid Lebrun dst_cache_set_ip6(&slwt->cache, dst, 297af4a2209SDavid Lebrun &ipv6_hdr(skb)->saddr); 298af4a2209SDavid Lebrun preempt_enable(); 299af4a2209SDavid Lebrun } 300af4a2209SDavid Lebrun } else { 301af4a2209SDavid Lebrun skb_dst_set(skb, dst); 302af4a2209SDavid Lebrun } 3036c8702c6SDavid Lebrun 304af3b5158SDavid Lebrun err = skb_cow_head(skb, LL_RESERVED_SPACE(dst->dev)); 305af3b5158SDavid Lebrun if (unlikely(err)) 306af3b5158SDavid Lebrun return err; 307af3b5158SDavid Lebrun 3086c8702c6SDavid Lebrun return dst_input(skb); 3096c8702c6SDavid Lebrun } 3106c8702c6SDavid Lebrun 311bb4005baSWei Yongjun static int seg6_output(struct net *net, struct sock *sk, struct sk_buff *skb) 3126c8702c6SDavid Lebrun { 3136c8702c6SDavid Lebrun struct dst_entry *orig_dst = skb_dst(skb); 3146c8702c6SDavid Lebrun struct dst_entry *dst = NULL; 3156c8702c6SDavid Lebrun struct seg6_lwt *slwt; 3166c8702c6SDavid Lebrun int err = -EINVAL; 3176c8702c6SDavid Lebrun 3186c8702c6SDavid Lebrun err = seg6_do_srh(skb); 3196c8702c6SDavid Lebrun if (unlikely(err)) 3206c8702c6SDavid Lebrun goto drop; 3216c8702c6SDavid Lebrun 3226c8702c6SDavid Lebrun slwt = seg6_lwt_lwtunnel(orig_dst->lwtstate); 3236c8702c6SDavid Lebrun 324fa79581eSDavid Lebrun preempt_disable(); 3256c8702c6SDavid Lebrun dst = dst_cache_get(&slwt->cache); 326fa79581eSDavid Lebrun preempt_enable(); 3276c8702c6SDavid Lebrun 3286c8702c6SDavid Lebrun if (unlikely(!dst)) { 3296c8702c6SDavid Lebrun struct ipv6hdr *hdr = ipv6_hdr(skb); 3306c8702c6SDavid Lebrun struct flowi6 fl6; 3316c8702c6SDavid Lebrun 3326c8702c6SDavid Lebrun fl6.daddr = hdr->daddr; 3336c8702c6SDavid Lebrun fl6.saddr = hdr->saddr; 3346c8702c6SDavid Lebrun fl6.flowlabel = ip6_flowinfo(hdr); 3356c8702c6SDavid Lebrun fl6.flowi6_mark = skb->mark; 3366c8702c6SDavid Lebrun fl6.flowi6_proto = hdr->nexthdr; 3376c8702c6SDavid Lebrun 3386c8702c6SDavid Lebrun dst = ip6_route_output(net, NULL, &fl6); 3396c8702c6SDavid Lebrun if (dst->error) { 3406c8702c6SDavid Lebrun err = dst->error; 3416c8702c6SDavid Lebrun dst_release(dst); 3426c8702c6SDavid Lebrun goto drop; 3436c8702c6SDavid Lebrun } 3446c8702c6SDavid Lebrun 345fa79581eSDavid Lebrun preempt_disable(); 3466c8702c6SDavid Lebrun dst_cache_set_ip6(&slwt->cache, dst, &fl6.saddr); 347fa79581eSDavid Lebrun preempt_enable(); 3486c8702c6SDavid Lebrun } 3496c8702c6SDavid Lebrun 3506c8702c6SDavid Lebrun skb_dst_drop(skb); 3516c8702c6SDavid Lebrun skb_dst_set(skb, dst); 3526c8702c6SDavid Lebrun 353af3b5158SDavid Lebrun err = skb_cow_head(skb, LL_RESERVED_SPACE(dst->dev)); 354af3b5158SDavid Lebrun if (unlikely(err)) 355af3b5158SDavid Lebrun goto drop; 356af3b5158SDavid Lebrun 3576c8702c6SDavid Lebrun return dst_output(net, sk, skb); 3586c8702c6SDavid Lebrun drop: 3596c8702c6SDavid Lebrun kfree_skb(skb); 3606c8702c6SDavid Lebrun return err; 3616c8702c6SDavid Lebrun } 3626c8702c6SDavid Lebrun 36330357d7dSDavid Ahern static int seg6_build_state(struct nlattr *nla, 3646c8702c6SDavid Lebrun unsigned int family, const void *cfg, 3659ae28727SDavid Ahern struct lwtunnel_state **ts, 3669ae28727SDavid Ahern struct netlink_ext_ack *extack) 3676c8702c6SDavid Lebrun { 3686c8702c6SDavid Lebrun struct nlattr *tb[SEG6_IPTUNNEL_MAX + 1]; 3696c8702c6SDavid Lebrun struct seg6_iptunnel_encap *tuninfo; 3706c8702c6SDavid Lebrun struct lwtunnel_state *newts; 3716c8702c6SDavid Lebrun int tuninfo_len, min_size; 3726c8702c6SDavid Lebrun struct seg6_lwt *slwt; 3736c8702c6SDavid Lebrun int err; 3746c8702c6SDavid Lebrun 37532d99d0bSDavid Lebrun if (family != AF_INET && family != AF_INET6) 37632d99d0bSDavid Lebrun return -EINVAL; 37732d99d0bSDavid Lebrun 3786c8702c6SDavid Lebrun err = nla_parse_nested(tb, SEG6_IPTUNNEL_MAX, nla, 3799ae28727SDavid Ahern seg6_iptunnel_policy, extack); 3806c8702c6SDavid Lebrun 3816c8702c6SDavid Lebrun if (err < 0) 3826c8702c6SDavid Lebrun return err; 3836c8702c6SDavid Lebrun 3846c8702c6SDavid Lebrun if (!tb[SEG6_IPTUNNEL_SRH]) 3856c8702c6SDavid Lebrun return -EINVAL; 3866c8702c6SDavid Lebrun 3876c8702c6SDavid Lebrun tuninfo = nla_data(tb[SEG6_IPTUNNEL_SRH]); 3886c8702c6SDavid Lebrun tuninfo_len = nla_len(tb[SEG6_IPTUNNEL_SRH]); 3896c8702c6SDavid Lebrun 3906c8702c6SDavid Lebrun /* tuninfo must contain at least the iptunnel encap structure, 3916c8702c6SDavid Lebrun * the SRH and one segment 3926c8702c6SDavid Lebrun */ 3936c8702c6SDavid Lebrun min_size = sizeof(*tuninfo) + sizeof(struct ipv6_sr_hdr) + 3946c8702c6SDavid Lebrun sizeof(struct in6_addr); 3956c8702c6SDavid Lebrun if (tuninfo_len < min_size) 3966c8702c6SDavid Lebrun return -EINVAL; 3976c8702c6SDavid Lebrun 3986c8702c6SDavid Lebrun switch (tuninfo->mode) { 3996c8702c6SDavid Lebrun case SEG6_IPTUN_MODE_INLINE: 40032d99d0bSDavid Lebrun if (family != AF_INET6) 40132d99d0bSDavid Lebrun return -EINVAL; 40232d99d0bSDavid Lebrun 4036c8702c6SDavid Lebrun break; 4046c8702c6SDavid Lebrun case SEG6_IPTUN_MODE_ENCAP: 4056c8702c6SDavid Lebrun break; 40638ee7f2dSDavid Lebrun case SEG6_IPTUN_MODE_L2ENCAP: 40738ee7f2dSDavid Lebrun break; 4086c8702c6SDavid Lebrun default: 4096c8702c6SDavid Lebrun return -EINVAL; 4106c8702c6SDavid Lebrun } 4116c8702c6SDavid Lebrun 4126c8702c6SDavid Lebrun /* verify that SRH is consistent */ 4136c8702c6SDavid Lebrun if (!seg6_validate_srh(tuninfo->srh, tuninfo_len - sizeof(*tuninfo))) 4146c8702c6SDavid Lebrun return -EINVAL; 4156c8702c6SDavid Lebrun 4166c8702c6SDavid Lebrun newts = lwtunnel_state_alloc(tuninfo_len + sizeof(*slwt)); 4176c8702c6SDavid Lebrun if (!newts) 4186c8702c6SDavid Lebrun return -ENOMEM; 4196c8702c6SDavid Lebrun 4206c8702c6SDavid Lebrun slwt = seg6_lwt_lwtunnel(newts); 4216c8702c6SDavid Lebrun 422191f86caSDavid Lebrun err = dst_cache_init(&slwt->cache, GFP_ATOMIC); 4236c8702c6SDavid Lebrun if (err) { 4246c8702c6SDavid Lebrun kfree(newts); 4256c8702c6SDavid Lebrun return err; 4266c8702c6SDavid Lebrun } 4276c8702c6SDavid Lebrun 4286c8702c6SDavid Lebrun memcpy(&slwt->tuninfo, tuninfo, tuninfo_len); 4296c8702c6SDavid Lebrun 4306c8702c6SDavid Lebrun newts->type = LWTUNNEL_ENCAP_SEG6; 43138ee7f2dSDavid Lebrun newts->flags |= LWTUNNEL_STATE_INPUT_REDIRECT; 43238ee7f2dSDavid Lebrun 43338ee7f2dSDavid Lebrun if (tuninfo->mode != SEG6_IPTUN_MODE_L2ENCAP) 43438ee7f2dSDavid Lebrun newts->flags |= LWTUNNEL_STATE_OUTPUT_REDIRECT; 43538ee7f2dSDavid Lebrun 4366c8702c6SDavid Lebrun newts->headroom = seg6_lwt_headroom(tuninfo); 4376c8702c6SDavid Lebrun 4386c8702c6SDavid Lebrun *ts = newts; 4396c8702c6SDavid Lebrun 4406c8702c6SDavid Lebrun return 0; 4416c8702c6SDavid Lebrun } 4426c8702c6SDavid Lebrun 4436c8702c6SDavid Lebrun static void seg6_destroy_state(struct lwtunnel_state *lwt) 4446c8702c6SDavid Lebrun { 4456c8702c6SDavid Lebrun dst_cache_destroy(&seg6_lwt_lwtunnel(lwt)->cache); 4466c8702c6SDavid Lebrun } 4476c8702c6SDavid Lebrun 4486c8702c6SDavid Lebrun static int seg6_fill_encap_info(struct sk_buff *skb, 4496c8702c6SDavid Lebrun struct lwtunnel_state *lwtstate) 4506c8702c6SDavid Lebrun { 4516c8702c6SDavid Lebrun struct seg6_iptunnel_encap *tuninfo = seg6_encap_lwtunnel(lwtstate); 4526c8702c6SDavid Lebrun 4536c8702c6SDavid Lebrun if (nla_put_srh(skb, SEG6_IPTUNNEL_SRH, tuninfo)) 4546c8702c6SDavid Lebrun return -EMSGSIZE; 4556c8702c6SDavid Lebrun 4566c8702c6SDavid Lebrun return 0; 4576c8702c6SDavid Lebrun } 4586c8702c6SDavid Lebrun 4596c8702c6SDavid Lebrun static int seg6_encap_nlsize(struct lwtunnel_state *lwtstate) 4606c8702c6SDavid Lebrun { 4616c8702c6SDavid Lebrun struct seg6_iptunnel_encap *tuninfo = seg6_encap_lwtunnel(lwtstate); 4626c8702c6SDavid Lebrun 4636c8702c6SDavid Lebrun return nla_total_size(SEG6_IPTUN_ENCAP_SIZE(tuninfo)); 4646c8702c6SDavid Lebrun } 4656c8702c6SDavid Lebrun 4666c8702c6SDavid Lebrun static int seg6_encap_cmp(struct lwtunnel_state *a, struct lwtunnel_state *b) 4676c8702c6SDavid Lebrun { 4686c8702c6SDavid Lebrun struct seg6_iptunnel_encap *a_hdr = seg6_encap_lwtunnel(a); 4696c8702c6SDavid Lebrun struct seg6_iptunnel_encap *b_hdr = seg6_encap_lwtunnel(b); 4706c8702c6SDavid Lebrun int len = SEG6_IPTUN_ENCAP_SIZE(a_hdr); 4716c8702c6SDavid Lebrun 4726c8702c6SDavid Lebrun if (len != SEG6_IPTUN_ENCAP_SIZE(b_hdr)) 4736c8702c6SDavid Lebrun return 1; 4746c8702c6SDavid Lebrun 4756c8702c6SDavid Lebrun return memcmp(a_hdr, b_hdr, len); 4766c8702c6SDavid Lebrun } 4776c8702c6SDavid Lebrun 4786c8702c6SDavid Lebrun static const struct lwtunnel_encap_ops seg6_iptun_ops = { 4796c8702c6SDavid Lebrun .build_state = seg6_build_state, 4806c8702c6SDavid Lebrun .destroy_state = seg6_destroy_state, 4816c8702c6SDavid Lebrun .output = seg6_output, 4826c8702c6SDavid Lebrun .input = seg6_input, 4836c8702c6SDavid Lebrun .fill_encap = seg6_fill_encap_info, 4846c8702c6SDavid Lebrun .get_encap_size = seg6_encap_nlsize, 4856c8702c6SDavid Lebrun .cmp_encap = seg6_encap_cmp, 48688ff7334SRobert Shearman .owner = THIS_MODULE, 4876c8702c6SDavid Lebrun }; 4886c8702c6SDavid Lebrun 4896c8702c6SDavid Lebrun int __init seg6_iptunnel_init(void) 4906c8702c6SDavid Lebrun { 4916c8702c6SDavid Lebrun return lwtunnel_encap_add_ops(&seg6_iptun_ops, LWTUNNEL_ENCAP_SEG6); 4926c8702c6SDavid Lebrun } 4936c8702c6SDavid Lebrun 4946c8702c6SDavid Lebrun void seg6_iptunnel_exit(void) 4956c8702c6SDavid Lebrun { 4966c8702c6SDavid Lebrun lwtunnel_encap_del_ops(&seg6_iptun_ops, LWTUNNEL_ENCAP_SEG6); 4976c8702c6SDavid Lebrun } 498