16c8702c6SDavid Lebrun /* 26c8702c6SDavid Lebrun * SR-IPv6 implementation 36c8702c6SDavid Lebrun * 46c8702c6SDavid Lebrun * Author: 56c8702c6SDavid Lebrun * David Lebrun <david.lebrun@uclouvain.be> 66c8702c6SDavid Lebrun * 76c8702c6SDavid Lebrun * 86c8702c6SDavid Lebrun * This program is free software; you can redistribute it and/or 96c8702c6SDavid Lebrun * modify it under the terms of the GNU General Public License 106c8702c6SDavid Lebrun * as published by the Free Software Foundation; either version 116c8702c6SDavid Lebrun * 2 of the License, or (at your option) any later version. 126c8702c6SDavid Lebrun */ 136c8702c6SDavid Lebrun 146c8702c6SDavid Lebrun #include <linux/types.h> 156c8702c6SDavid Lebrun #include <linux/skbuff.h> 166c8702c6SDavid Lebrun #include <linux/net.h> 176c8702c6SDavid Lebrun #include <linux/module.h> 186c8702c6SDavid Lebrun #include <net/ip.h> 195807b22cSDavid Lebrun #include <net/ip_tunnels.h> 206c8702c6SDavid Lebrun #include <net/lwtunnel.h> 216c8702c6SDavid Lebrun #include <net/netevent.h> 226c8702c6SDavid Lebrun #include <net/netns/generic.h> 236c8702c6SDavid Lebrun #include <net/ip6_fib.h> 246c8702c6SDavid Lebrun #include <net/route.h> 256c8702c6SDavid Lebrun #include <net/seg6.h> 266c8702c6SDavid Lebrun #include <linux/seg6.h> 276c8702c6SDavid Lebrun #include <linux/seg6_iptunnel.h> 286c8702c6SDavid Lebrun #include <net/addrconf.h> 296c8702c6SDavid Lebrun #include <net/ip6_route.h> 306c8702c6SDavid Lebrun #include <net/dst_cache.h> 319baee834SDavid Lebrun #ifdef CONFIG_IPV6_SEG6_HMAC 329baee834SDavid Lebrun #include <net/seg6_hmac.h> 339baee834SDavid Lebrun #endif 346c8702c6SDavid Lebrun 356c8702c6SDavid Lebrun struct seg6_lwt { 366c8702c6SDavid Lebrun struct dst_cache cache; 376c8702c6SDavid Lebrun struct seg6_iptunnel_encap tuninfo[0]; 386c8702c6SDavid Lebrun }; 396c8702c6SDavid Lebrun 406c8702c6SDavid Lebrun static inline struct seg6_lwt *seg6_lwt_lwtunnel(struct lwtunnel_state *lwt) 416c8702c6SDavid Lebrun { 426c8702c6SDavid Lebrun return (struct seg6_lwt *)lwt->data; 436c8702c6SDavid Lebrun } 446c8702c6SDavid Lebrun 456c8702c6SDavid Lebrun static inline struct seg6_iptunnel_encap * 466c8702c6SDavid Lebrun seg6_encap_lwtunnel(struct lwtunnel_state *lwt) 476c8702c6SDavid Lebrun { 486c8702c6SDavid Lebrun return seg6_lwt_lwtunnel(lwt)->tuninfo; 496c8702c6SDavid Lebrun } 506c8702c6SDavid Lebrun 516c8702c6SDavid Lebrun static const struct nla_policy seg6_iptunnel_policy[SEG6_IPTUNNEL_MAX + 1] = { 526c8702c6SDavid Lebrun [SEG6_IPTUNNEL_SRH] = { .type = NLA_BINARY }, 536c8702c6SDavid Lebrun }; 546c8702c6SDavid Lebrun 55bb4005baSWei Yongjun static int nla_put_srh(struct sk_buff *skb, int attrtype, 566c8702c6SDavid Lebrun struct seg6_iptunnel_encap *tuninfo) 576c8702c6SDavid Lebrun { 586c8702c6SDavid Lebrun struct seg6_iptunnel_encap *data; 596c8702c6SDavid Lebrun struct nlattr *nla; 606c8702c6SDavid Lebrun int len; 616c8702c6SDavid Lebrun 626c8702c6SDavid Lebrun len = SEG6_IPTUN_ENCAP_SIZE(tuninfo); 636c8702c6SDavid Lebrun 646c8702c6SDavid Lebrun nla = nla_reserve(skb, attrtype, len); 656c8702c6SDavid Lebrun if (!nla) 666c8702c6SDavid Lebrun return -EMSGSIZE; 676c8702c6SDavid Lebrun 686c8702c6SDavid Lebrun data = nla_data(nla); 696c8702c6SDavid Lebrun memcpy(data, tuninfo, len); 706c8702c6SDavid Lebrun 716c8702c6SDavid Lebrun return 0; 726c8702c6SDavid Lebrun } 736c8702c6SDavid Lebrun 746c8702c6SDavid Lebrun static void set_tun_src(struct net *net, struct net_device *dev, 756c8702c6SDavid Lebrun struct in6_addr *daddr, struct in6_addr *saddr) 766c8702c6SDavid Lebrun { 776c8702c6SDavid Lebrun struct seg6_pernet_data *sdata = seg6_pernet(net); 786c8702c6SDavid Lebrun struct in6_addr *tun_src; 796c8702c6SDavid Lebrun 806c8702c6SDavid Lebrun rcu_read_lock(); 816c8702c6SDavid Lebrun 826c8702c6SDavid Lebrun tun_src = rcu_dereference(sdata->tun_src); 836c8702c6SDavid Lebrun 846c8702c6SDavid Lebrun if (!ipv6_addr_any(tun_src)) { 856c8702c6SDavid Lebrun memcpy(saddr, tun_src, sizeof(struct in6_addr)); 866c8702c6SDavid Lebrun } else { 876c8702c6SDavid Lebrun ipv6_dev_get_saddr(net, dev, daddr, IPV6_PREFER_SRC_PUBLIC, 886c8702c6SDavid Lebrun saddr); 896c8702c6SDavid Lebrun } 906c8702c6SDavid Lebrun 916c8702c6SDavid Lebrun rcu_read_unlock(); 926c8702c6SDavid Lebrun } 936c8702c6SDavid Lebrun 946c8702c6SDavid Lebrun /* encapsulate an IPv6 packet within an outer IPv6 header with a given SRH */ 9532d99d0bSDavid Lebrun int seg6_do_srh_encap(struct sk_buff *skb, struct ipv6_sr_hdr *osrh, int proto) 966c8702c6SDavid Lebrun { 978936ef76SDavid Lebrun struct dst_entry *dst = skb_dst(skb); 988936ef76SDavid Lebrun struct net *net = dev_net(dst->dev); 996c8702c6SDavid Lebrun struct ipv6hdr *hdr, *inner_hdr; 1006c8702c6SDavid Lebrun struct ipv6_sr_hdr *isrh; 1016c8702c6SDavid Lebrun int hdrlen, tot_len, err; 1026c8702c6SDavid Lebrun 1036c8702c6SDavid Lebrun hdrlen = (osrh->hdrlen + 1) << 3; 1046c8702c6SDavid Lebrun tot_len = hdrlen + sizeof(*hdr); 1056c8702c6SDavid Lebrun 106bbb40a0bSMathieu Xhonneux err = skb_cow_head(skb, tot_len + skb->mac_len); 1076c8702c6SDavid Lebrun if (unlikely(err)) 1086c8702c6SDavid Lebrun return err; 1096c8702c6SDavid Lebrun 1106c8702c6SDavid Lebrun inner_hdr = ipv6_hdr(skb); 1116c8702c6SDavid Lebrun 1126c8702c6SDavid Lebrun skb_push(skb, tot_len); 1136c8702c6SDavid Lebrun skb_reset_network_header(skb); 1146c8702c6SDavid Lebrun skb_mac_header_rebuild(skb); 1156c8702c6SDavid Lebrun hdr = ipv6_hdr(skb); 1166c8702c6SDavid Lebrun 1176c8702c6SDavid Lebrun /* inherit tc, flowlabel and hlim 1186c8702c6SDavid Lebrun * hlim will be decremented in ip6_forward() afterwards and 1196c8702c6SDavid Lebrun * decapsulation will overwrite inner hlim with outer hlim 1206c8702c6SDavid Lebrun */ 12132d99d0bSDavid Lebrun 12232d99d0bSDavid Lebrun if (skb->protocol == htons(ETH_P_IPV6)) { 1236c8702c6SDavid Lebrun ip6_flow_hdr(hdr, ip6_tclass(ip6_flowinfo(inner_hdr)), 1246c8702c6SDavid Lebrun ip6_flowlabel(inner_hdr)); 1256c8702c6SDavid Lebrun hdr->hop_limit = inner_hdr->hop_limit; 12632d99d0bSDavid Lebrun } else { 12732d99d0bSDavid Lebrun ip6_flow_hdr(hdr, 0, 0); 12832d99d0bSDavid Lebrun hdr->hop_limit = ip6_dst_hoplimit(skb_dst(skb)); 12932d99d0bSDavid Lebrun } 13032d99d0bSDavid Lebrun 1316c8702c6SDavid Lebrun hdr->nexthdr = NEXTHDR_ROUTING; 1326c8702c6SDavid Lebrun 1336c8702c6SDavid Lebrun isrh = (void *)hdr + sizeof(*hdr); 1346c8702c6SDavid Lebrun memcpy(isrh, osrh, hdrlen); 1356c8702c6SDavid Lebrun 13632d99d0bSDavid Lebrun isrh->nexthdr = proto; 1376c8702c6SDavid Lebrun 1386c8702c6SDavid Lebrun hdr->daddr = isrh->segments[isrh->first_segment]; 139a957fa19SAhmed Abdelsalam set_tun_src(net, dst->dev, &hdr->daddr, &hdr->saddr); 1406c8702c6SDavid Lebrun 1419baee834SDavid Lebrun #ifdef CONFIG_IPV6_SEG6_HMAC 1429baee834SDavid Lebrun if (sr_has_hmac(isrh)) { 1439baee834SDavid Lebrun err = seg6_push_hmac(net, &hdr->saddr, isrh); 1449baee834SDavid Lebrun if (unlikely(err)) 1459baee834SDavid Lebrun return err; 1469baee834SDavid Lebrun } 1479baee834SDavid Lebrun #endif 1489baee834SDavid Lebrun 1496c8702c6SDavid Lebrun skb_postpush_rcsum(skb, hdr, tot_len); 1506c8702c6SDavid Lebrun 1516c8702c6SDavid Lebrun return 0; 1526c8702c6SDavid Lebrun } 153b04c80d3SDavid Lebrun EXPORT_SYMBOL_GPL(seg6_do_srh_encap); 1546c8702c6SDavid Lebrun 1556c8702c6SDavid Lebrun /* insert an SRH within an IPv6 packet, just after the IPv6 header */ 156b04c80d3SDavid Lebrun int seg6_do_srh_inline(struct sk_buff *skb, struct ipv6_sr_hdr *osrh) 1576c8702c6SDavid Lebrun { 1586c8702c6SDavid Lebrun struct ipv6hdr *hdr, *oldhdr; 1596c8702c6SDavid Lebrun struct ipv6_sr_hdr *isrh; 1606c8702c6SDavid Lebrun int hdrlen, err; 1616c8702c6SDavid Lebrun 1626c8702c6SDavid Lebrun hdrlen = (osrh->hdrlen + 1) << 3; 1636c8702c6SDavid Lebrun 164bbb40a0bSMathieu Xhonneux err = skb_cow_head(skb, hdrlen + skb->mac_len); 1656c8702c6SDavid Lebrun if (unlikely(err)) 1666c8702c6SDavid Lebrun return err; 1676c8702c6SDavid Lebrun 1686c8702c6SDavid Lebrun oldhdr = ipv6_hdr(skb); 1696c8702c6SDavid Lebrun 1706c8702c6SDavid Lebrun skb_pull(skb, sizeof(struct ipv6hdr)); 1716c8702c6SDavid Lebrun skb_postpull_rcsum(skb, skb_network_header(skb), 1726c8702c6SDavid Lebrun sizeof(struct ipv6hdr)); 1736c8702c6SDavid Lebrun 1746c8702c6SDavid Lebrun skb_push(skb, sizeof(struct ipv6hdr) + hdrlen); 1756c8702c6SDavid Lebrun skb_reset_network_header(skb); 1766c8702c6SDavid Lebrun skb_mac_header_rebuild(skb); 1776c8702c6SDavid Lebrun 1786c8702c6SDavid Lebrun hdr = ipv6_hdr(skb); 1796c8702c6SDavid Lebrun 1806c8702c6SDavid Lebrun memmove(hdr, oldhdr, sizeof(*hdr)); 1816c8702c6SDavid Lebrun 1826c8702c6SDavid Lebrun isrh = (void *)hdr + sizeof(*hdr); 1836c8702c6SDavid Lebrun memcpy(isrh, osrh, hdrlen); 1846c8702c6SDavid Lebrun 1856c8702c6SDavid Lebrun isrh->nexthdr = hdr->nexthdr; 1866c8702c6SDavid Lebrun hdr->nexthdr = NEXTHDR_ROUTING; 1876c8702c6SDavid Lebrun 1886c8702c6SDavid Lebrun isrh->segments[0] = hdr->daddr; 1896c8702c6SDavid Lebrun hdr->daddr = isrh->segments[isrh->first_segment]; 1906c8702c6SDavid Lebrun 1919baee834SDavid Lebrun #ifdef CONFIG_IPV6_SEG6_HMAC 1929baee834SDavid Lebrun if (sr_has_hmac(isrh)) { 1939baee834SDavid Lebrun struct net *net = dev_net(skb_dst(skb)->dev); 1949baee834SDavid Lebrun 1959baee834SDavid Lebrun err = seg6_push_hmac(net, &hdr->saddr, isrh); 1969baee834SDavid Lebrun if (unlikely(err)) 1979baee834SDavid Lebrun return err; 1989baee834SDavid Lebrun } 1999baee834SDavid Lebrun #endif 2009baee834SDavid Lebrun 2016c8702c6SDavid Lebrun skb_postpush_rcsum(skb, hdr, sizeof(struct ipv6hdr) + hdrlen); 2026c8702c6SDavid Lebrun 2036c8702c6SDavid Lebrun return 0; 2046c8702c6SDavid Lebrun } 205b04c80d3SDavid Lebrun EXPORT_SYMBOL_GPL(seg6_do_srh_inline); 2066c8702c6SDavid Lebrun 2076c8702c6SDavid Lebrun static int seg6_do_srh(struct sk_buff *skb) 2086c8702c6SDavid Lebrun { 2096c8702c6SDavid Lebrun struct dst_entry *dst = skb_dst(skb); 2106c8702c6SDavid Lebrun struct seg6_iptunnel_encap *tinfo; 21132d99d0bSDavid Lebrun int proto, err = 0; 2126c8702c6SDavid Lebrun 2136c8702c6SDavid Lebrun tinfo = seg6_encap_lwtunnel(dst->lwtstate); 2146c8702c6SDavid Lebrun 2156c8702c6SDavid Lebrun switch (tinfo->mode) { 2166c8702c6SDavid Lebrun case SEG6_IPTUN_MODE_INLINE: 21732d99d0bSDavid Lebrun if (skb->protocol != htons(ETH_P_IPV6)) 21832d99d0bSDavid Lebrun return -EINVAL; 21932d99d0bSDavid Lebrun 2206c8702c6SDavid Lebrun err = seg6_do_srh_inline(skb, tinfo->srh); 22132d99d0bSDavid Lebrun if (err) 22232d99d0bSDavid Lebrun return err; 2236c8702c6SDavid Lebrun break; 2246c8702c6SDavid Lebrun case SEG6_IPTUN_MODE_ENCAP: 2255807b22cSDavid Lebrun err = iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6); 2265807b22cSDavid Lebrun if (err) 2275807b22cSDavid Lebrun return err; 2285807b22cSDavid Lebrun 22932d99d0bSDavid Lebrun if (skb->protocol == htons(ETH_P_IPV6)) 23032d99d0bSDavid Lebrun proto = IPPROTO_IPV6; 23132d99d0bSDavid Lebrun else if (skb->protocol == htons(ETH_P_IP)) 23232d99d0bSDavid Lebrun proto = IPPROTO_IPIP; 23332d99d0bSDavid Lebrun else 23432d99d0bSDavid Lebrun return -EINVAL; 2356c8702c6SDavid Lebrun 23632d99d0bSDavid Lebrun err = seg6_do_srh_encap(skb, tinfo->srh, proto); 2376c8702c6SDavid Lebrun if (err) 2386c8702c6SDavid Lebrun return err; 2396c8702c6SDavid Lebrun 2405807b22cSDavid Lebrun skb_set_inner_transport_header(skb, skb_transport_offset(skb)); 2415807b22cSDavid Lebrun skb_set_inner_protocol(skb, skb->protocol); 24232d99d0bSDavid Lebrun skb->protocol = htons(ETH_P_IPV6); 24332d99d0bSDavid Lebrun break; 24438ee7f2dSDavid Lebrun case SEG6_IPTUN_MODE_L2ENCAP: 24538ee7f2dSDavid Lebrun if (!skb_mac_header_was_set(skb)) 24638ee7f2dSDavid Lebrun return -EINVAL; 24738ee7f2dSDavid Lebrun 24838ee7f2dSDavid Lebrun if (pskb_expand_head(skb, skb->mac_len, 0, GFP_ATOMIC) < 0) 24938ee7f2dSDavid Lebrun return -ENOMEM; 25038ee7f2dSDavid Lebrun 25138ee7f2dSDavid Lebrun skb_mac_header_rebuild(skb); 25238ee7f2dSDavid Lebrun skb_push(skb, skb->mac_len); 25338ee7f2dSDavid Lebrun 25438ee7f2dSDavid Lebrun err = seg6_do_srh_encap(skb, tinfo->srh, NEXTHDR_NONE); 25538ee7f2dSDavid Lebrun if (err) 25638ee7f2dSDavid Lebrun return err; 25738ee7f2dSDavid Lebrun 25838ee7f2dSDavid Lebrun skb->protocol = htons(ETH_P_IPV6); 25938ee7f2dSDavid Lebrun break; 26032d99d0bSDavid Lebrun } 26132d99d0bSDavid Lebrun 2626c8702c6SDavid Lebrun ipv6_hdr(skb)->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); 2636c8702c6SDavid Lebrun skb_set_transport_header(skb, sizeof(struct ipv6hdr)); 2646c8702c6SDavid Lebrun 2656c8702c6SDavid Lebrun return 0; 2666c8702c6SDavid Lebrun } 2676c8702c6SDavid Lebrun 268bb4005baSWei Yongjun static int seg6_input(struct sk_buff *skb) 2696c8702c6SDavid Lebrun { 270af4a2209SDavid Lebrun struct dst_entry *orig_dst = skb_dst(skb); 271af4a2209SDavid Lebrun struct dst_entry *dst = NULL; 272af4a2209SDavid Lebrun struct seg6_lwt *slwt; 2736c8702c6SDavid Lebrun int err; 2746c8702c6SDavid Lebrun 2756c8702c6SDavid Lebrun err = seg6_do_srh(skb); 2766c8702c6SDavid Lebrun if (unlikely(err)) { 2776c8702c6SDavid Lebrun kfree_skb(skb); 2786c8702c6SDavid Lebrun return err; 2796c8702c6SDavid Lebrun } 2806c8702c6SDavid Lebrun 281af4a2209SDavid Lebrun slwt = seg6_lwt_lwtunnel(orig_dst->lwtstate); 282af4a2209SDavid Lebrun 283af4a2209SDavid Lebrun preempt_disable(); 284af4a2209SDavid Lebrun dst = dst_cache_get(&slwt->cache); 285af4a2209SDavid Lebrun preempt_enable(); 286af4a2209SDavid Lebrun 2876c8702c6SDavid Lebrun skb_dst_drop(skb); 288af4a2209SDavid Lebrun 289af4a2209SDavid Lebrun if (!dst) { 2906c8702c6SDavid Lebrun ip6_route_input(skb); 291af4a2209SDavid Lebrun dst = skb_dst(skb); 292af4a2209SDavid Lebrun if (!dst->error) { 293af4a2209SDavid Lebrun preempt_disable(); 294af4a2209SDavid Lebrun dst_cache_set_ip6(&slwt->cache, dst, 295af4a2209SDavid Lebrun &ipv6_hdr(skb)->saddr); 296af4a2209SDavid Lebrun preempt_enable(); 297af4a2209SDavid Lebrun } 298af4a2209SDavid Lebrun } else { 299af4a2209SDavid Lebrun skb_dst_set(skb, dst); 300af4a2209SDavid Lebrun } 3016c8702c6SDavid Lebrun 302af3b5158SDavid Lebrun err = skb_cow_head(skb, LL_RESERVED_SPACE(dst->dev)); 303af3b5158SDavid Lebrun if (unlikely(err)) 304af3b5158SDavid Lebrun return err; 305af3b5158SDavid Lebrun 3066c8702c6SDavid Lebrun return dst_input(skb); 3076c8702c6SDavid Lebrun } 3086c8702c6SDavid Lebrun 309bb4005baSWei Yongjun static int seg6_output(struct net *net, struct sock *sk, struct sk_buff *skb) 3106c8702c6SDavid Lebrun { 3116c8702c6SDavid Lebrun struct dst_entry *orig_dst = skb_dst(skb); 3126c8702c6SDavid Lebrun struct dst_entry *dst = NULL; 3136c8702c6SDavid Lebrun struct seg6_lwt *slwt; 3146c8702c6SDavid Lebrun int err = -EINVAL; 3156c8702c6SDavid Lebrun 3166c8702c6SDavid Lebrun err = seg6_do_srh(skb); 3176c8702c6SDavid Lebrun if (unlikely(err)) 3186c8702c6SDavid Lebrun goto drop; 3196c8702c6SDavid Lebrun 3206c8702c6SDavid Lebrun slwt = seg6_lwt_lwtunnel(orig_dst->lwtstate); 3216c8702c6SDavid Lebrun 322fa79581eSDavid Lebrun preempt_disable(); 3236c8702c6SDavid Lebrun dst = dst_cache_get(&slwt->cache); 324fa79581eSDavid Lebrun preempt_enable(); 3256c8702c6SDavid Lebrun 3266c8702c6SDavid Lebrun if (unlikely(!dst)) { 3276c8702c6SDavid Lebrun struct ipv6hdr *hdr = ipv6_hdr(skb); 3286c8702c6SDavid Lebrun struct flowi6 fl6; 3296c8702c6SDavid Lebrun 3306c8702c6SDavid Lebrun fl6.daddr = hdr->daddr; 3316c8702c6SDavid Lebrun fl6.saddr = hdr->saddr; 3326c8702c6SDavid Lebrun fl6.flowlabel = ip6_flowinfo(hdr); 3336c8702c6SDavid Lebrun fl6.flowi6_mark = skb->mark; 3346c8702c6SDavid Lebrun fl6.flowi6_proto = hdr->nexthdr; 3356c8702c6SDavid Lebrun 3366c8702c6SDavid Lebrun dst = ip6_route_output(net, NULL, &fl6); 3376c8702c6SDavid Lebrun if (dst->error) { 3386c8702c6SDavid Lebrun err = dst->error; 3396c8702c6SDavid Lebrun dst_release(dst); 3406c8702c6SDavid Lebrun goto drop; 3416c8702c6SDavid Lebrun } 3426c8702c6SDavid Lebrun 343fa79581eSDavid Lebrun preempt_disable(); 3446c8702c6SDavid Lebrun dst_cache_set_ip6(&slwt->cache, dst, &fl6.saddr); 345fa79581eSDavid Lebrun preempt_enable(); 3466c8702c6SDavid Lebrun } 3476c8702c6SDavid Lebrun 3486c8702c6SDavid Lebrun skb_dst_drop(skb); 3496c8702c6SDavid Lebrun skb_dst_set(skb, dst); 3506c8702c6SDavid Lebrun 351af3b5158SDavid Lebrun err = skb_cow_head(skb, LL_RESERVED_SPACE(dst->dev)); 352af3b5158SDavid Lebrun if (unlikely(err)) 353af3b5158SDavid Lebrun goto drop; 354af3b5158SDavid Lebrun 3556c8702c6SDavid Lebrun return dst_output(net, sk, skb); 3566c8702c6SDavid Lebrun drop: 3576c8702c6SDavid Lebrun kfree_skb(skb); 3586c8702c6SDavid Lebrun return err; 3596c8702c6SDavid Lebrun } 3606c8702c6SDavid Lebrun 36130357d7dSDavid Ahern static int seg6_build_state(struct nlattr *nla, 3626c8702c6SDavid Lebrun unsigned int family, const void *cfg, 3639ae28727SDavid Ahern struct lwtunnel_state **ts, 3649ae28727SDavid Ahern struct netlink_ext_ack *extack) 3656c8702c6SDavid Lebrun { 3666c8702c6SDavid Lebrun struct nlattr *tb[SEG6_IPTUNNEL_MAX + 1]; 3676c8702c6SDavid Lebrun struct seg6_iptunnel_encap *tuninfo; 3686c8702c6SDavid Lebrun struct lwtunnel_state *newts; 3696c8702c6SDavid Lebrun int tuninfo_len, min_size; 3706c8702c6SDavid Lebrun struct seg6_lwt *slwt; 3716c8702c6SDavid Lebrun int err; 3726c8702c6SDavid Lebrun 37332d99d0bSDavid Lebrun if (family != AF_INET && family != AF_INET6) 37432d99d0bSDavid Lebrun return -EINVAL; 37532d99d0bSDavid Lebrun 3766c8702c6SDavid Lebrun err = nla_parse_nested(tb, SEG6_IPTUNNEL_MAX, nla, 3779ae28727SDavid Ahern seg6_iptunnel_policy, extack); 3786c8702c6SDavid Lebrun 3796c8702c6SDavid Lebrun if (err < 0) 3806c8702c6SDavid Lebrun return err; 3816c8702c6SDavid Lebrun 3826c8702c6SDavid Lebrun if (!tb[SEG6_IPTUNNEL_SRH]) 3836c8702c6SDavid Lebrun return -EINVAL; 3846c8702c6SDavid Lebrun 3856c8702c6SDavid Lebrun tuninfo = nla_data(tb[SEG6_IPTUNNEL_SRH]); 3866c8702c6SDavid Lebrun tuninfo_len = nla_len(tb[SEG6_IPTUNNEL_SRH]); 3876c8702c6SDavid Lebrun 3886c8702c6SDavid Lebrun /* tuninfo must contain at least the iptunnel encap structure, 3896c8702c6SDavid Lebrun * the SRH and one segment 3906c8702c6SDavid Lebrun */ 3916c8702c6SDavid Lebrun min_size = sizeof(*tuninfo) + sizeof(struct ipv6_sr_hdr) + 3926c8702c6SDavid Lebrun sizeof(struct in6_addr); 3936c8702c6SDavid Lebrun if (tuninfo_len < min_size) 3946c8702c6SDavid Lebrun return -EINVAL; 3956c8702c6SDavid Lebrun 3966c8702c6SDavid Lebrun switch (tuninfo->mode) { 3976c8702c6SDavid Lebrun case SEG6_IPTUN_MODE_INLINE: 39832d99d0bSDavid Lebrun if (family != AF_INET6) 39932d99d0bSDavid Lebrun return -EINVAL; 40032d99d0bSDavid Lebrun 4016c8702c6SDavid Lebrun break; 4026c8702c6SDavid Lebrun case SEG6_IPTUN_MODE_ENCAP: 4036c8702c6SDavid Lebrun break; 40438ee7f2dSDavid Lebrun case SEG6_IPTUN_MODE_L2ENCAP: 40538ee7f2dSDavid Lebrun break; 4066c8702c6SDavid Lebrun default: 4076c8702c6SDavid Lebrun return -EINVAL; 4086c8702c6SDavid Lebrun } 4096c8702c6SDavid Lebrun 4106c8702c6SDavid Lebrun /* verify that SRH is consistent */ 4116c8702c6SDavid Lebrun if (!seg6_validate_srh(tuninfo->srh, tuninfo_len - sizeof(*tuninfo))) 4126c8702c6SDavid Lebrun return -EINVAL; 4136c8702c6SDavid Lebrun 4146c8702c6SDavid Lebrun newts = lwtunnel_state_alloc(tuninfo_len + sizeof(*slwt)); 4156c8702c6SDavid Lebrun if (!newts) 4166c8702c6SDavid Lebrun return -ENOMEM; 4176c8702c6SDavid Lebrun 4186c8702c6SDavid Lebrun slwt = seg6_lwt_lwtunnel(newts); 4196c8702c6SDavid Lebrun 420191f86caSDavid Lebrun err = dst_cache_init(&slwt->cache, GFP_ATOMIC); 4216c8702c6SDavid Lebrun if (err) { 4226c8702c6SDavid Lebrun kfree(newts); 4236c8702c6SDavid Lebrun return err; 4246c8702c6SDavid Lebrun } 4256c8702c6SDavid Lebrun 4266c8702c6SDavid Lebrun memcpy(&slwt->tuninfo, tuninfo, tuninfo_len); 4276c8702c6SDavid Lebrun 4286c8702c6SDavid Lebrun newts->type = LWTUNNEL_ENCAP_SEG6; 42938ee7f2dSDavid Lebrun newts->flags |= LWTUNNEL_STATE_INPUT_REDIRECT; 43038ee7f2dSDavid Lebrun 43138ee7f2dSDavid Lebrun if (tuninfo->mode != SEG6_IPTUN_MODE_L2ENCAP) 43238ee7f2dSDavid Lebrun newts->flags |= LWTUNNEL_STATE_OUTPUT_REDIRECT; 43338ee7f2dSDavid Lebrun 4346c8702c6SDavid Lebrun newts->headroom = seg6_lwt_headroom(tuninfo); 4356c8702c6SDavid Lebrun 4366c8702c6SDavid Lebrun *ts = newts; 4376c8702c6SDavid Lebrun 4386c8702c6SDavid Lebrun return 0; 4396c8702c6SDavid Lebrun } 4406c8702c6SDavid Lebrun 4416c8702c6SDavid Lebrun static void seg6_destroy_state(struct lwtunnel_state *lwt) 4426c8702c6SDavid Lebrun { 4436c8702c6SDavid Lebrun dst_cache_destroy(&seg6_lwt_lwtunnel(lwt)->cache); 4446c8702c6SDavid Lebrun } 4456c8702c6SDavid Lebrun 4466c8702c6SDavid Lebrun static int seg6_fill_encap_info(struct sk_buff *skb, 4476c8702c6SDavid Lebrun struct lwtunnel_state *lwtstate) 4486c8702c6SDavid Lebrun { 4496c8702c6SDavid Lebrun struct seg6_iptunnel_encap *tuninfo = seg6_encap_lwtunnel(lwtstate); 4506c8702c6SDavid Lebrun 4516c8702c6SDavid Lebrun if (nla_put_srh(skb, SEG6_IPTUNNEL_SRH, tuninfo)) 4526c8702c6SDavid Lebrun return -EMSGSIZE; 4536c8702c6SDavid Lebrun 4546c8702c6SDavid Lebrun return 0; 4556c8702c6SDavid Lebrun } 4566c8702c6SDavid Lebrun 4576c8702c6SDavid Lebrun static int seg6_encap_nlsize(struct lwtunnel_state *lwtstate) 4586c8702c6SDavid Lebrun { 4596c8702c6SDavid Lebrun struct seg6_iptunnel_encap *tuninfo = seg6_encap_lwtunnel(lwtstate); 4606c8702c6SDavid Lebrun 4616c8702c6SDavid Lebrun return nla_total_size(SEG6_IPTUN_ENCAP_SIZE(tuninfo)); 4626c8702c6SDavid Lebrun } 4636c8702c6SDavid Lebrun 4646c8702c6SDavid Lebrun static int seg6_encap_cmp(struct lwtunnel_state *a, struct lwtunnel_state *b) 4656c8702c6SDavid Lebrun { 4666c8702c6SDavid Lebrun struct seg6_iptunnel_encap *a_hdr = seg6_encap_lwtunnel(a); 4676c8702c6SDavid Lebrun struct seg6_iptunnel_encap *b_hdr = seg6_encap_lwtunnel(b); 4686c8702c6SDavid Lebrun int len = SEG6_IPTUN_ENCAP_SIZE(a_hdr); 4696c8702c6SDavid Lebrun 4706c8702c6SDavid Lebrun if (len != SEG6_IPTUN_ENCAP_SIZE(b_hdr)) 4716c8702c6SDavid Lebrun return 1; 4726c8702c6SDavid Lebrun 4736c8702c6SDavid Lebrun return memcmp(a_hdr, b_hdr, len); 4746c8702c6SDavid Lebrun } 4756c8702c6SDavid Lebrun 4766c8702c6SDavid Lebrun static const struct lwtunnel_encap_ops seg6_iptun_ops = { 4776c8702c6SDavid Lebrun .build_state = seg6_build_state, 4786c8702c6SDavid Lebrun .destroy_state = seg6_destroy_state, 4796c8702c6SDavid Lebrun .output = seg6_output, 4806c8702c6SDavid Lebrun .input = seg6_input, 4816c8702c6SDavid Lebrun .fill_encap = seg6_fill_encap_info, 4826c8702c6SDavid Lebrun .get_encap_size = seg6_encap_nlsize, 4836c8702c6SDavid Lebrun .cmp_encap = seg6_encap_cmp, 48488ff7334SRobert Shearman .owner = THIS_MODULE, 4856c8702c6SDavid Lebrun }; 4866c8702c6SDavid Lebrun 4876c8702c6SDavid Lebrun int __init seg6_iptunnel_init(void) 4886c8702c6SDavid Lebrun { 4896c8702c6SDavid Lebrun return lwtunnel_encap_add_ops(&seg6_iptun_ops, LWTUNNEL_ENCAP_SEG6); 4906c8702c6SDavid Lebrun } 4916c8702c6SDavid Lebrun 4926c8702c6SDavid Lebrun void seg6_iptunnel_exit(void) 4936c8702c6SDavid Lebrun { 4946c8702c6SDavid Lebrun lwtunnel_encap_del_ops(&seg6_iptun_ops, LWTUNNEL_ENCAP_SEG6); 4956c8702c6SDavid Lebrun } 496