1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * SR-IPv6 implementation 4 * 5 * Authors: 6 * David Lebrun <david.lebrun@uclouvain.be> 7 * eBPF support: Mathieu Xhonneux <m.xhonneux@gmail.com> 8 */ 9 10 #include <linux/filter.h> 11 #include <linux/types.h> 12 #include <linux/skbuff.h> 13 #include <linux/net.h> 14 #include <linux/module.h> 15 #include <net/ip.h> 16 #include <net/lwtunnel.h> 17 #include <net/netevent.h> 18 #include <net/netns/generic.h> 19 #include <net/ip6_fib.h> 20 #include <net/route.h> 21 #include <net/seg6.h> 22 #include <linux/seg6.h> 23 #include <linux/seg6_local.h> 24 #include <net/addrconf.h> 25 #include <net/ip6_route.h> 26 #include <net/dst_cache.h> 27 #include <net/ip_tunnels.h> 28 #ifdef CONFIG_IPV6_SEG6_HMAC 29 #include <net/seg6_hmac.h> 30 #endif 31 #include <net/seg6_local.h> 32 #include <linux/etherdevice.h> 33 #include <linux/bpf.h> 34 #include <linux/netfilter.h> 35 36 #define SEG6_F_ATTR(i) BIT(i) 37 38 struct seg6_local_lwt; 39 40 /* callbacks used for customizing the creation and destruction of a behavior */ 41 struct seg6_local_lwtunnel_ops { 42 int (*build_state)(struct seg6_local_lwt *slwt, const void *cfg, 43 struct netlink_ext_ack *extack); 44 void (*destroy_state)(struct seg6_local_lwt *slwt); 45 }; 46 47 struct seg6_action_desc { 48 int action; 49 unsigned long attrs; 50 51 /* The optattrs field is used for specifying all the optional 52 * attributes supported by a specific behavior. 53 * It means that if one of these attributes is not provided in the 54 * netlink message during the behavior creation, no errors will be 55 * returned to the userspace. 56 * 57 * Each attribute can be only of two types (mutually exclusive): 58 * 1) required or 2) optional. 59 * Every user MUST obey to this rule! If you set an attribute as 60 * required the same attribute CANNOT be set as optional and vice 61 * versa. 62 */ 63 unsigned long optattrs; 64 65 int (*input)(struct sk_buff *skb, struct seg6_local_lwt *slwt); 66 int static_headroom; 67 68 struct seg6_local_lwtunnel_ops slwt_ops; 69 }; 70 71 struct bpf_lwt_prog { 72 struct bpf_prog *prog; 73 char *name; 74 }; 75 76 /* default length values (expressed in bits) for both Locator-Block and 77 * Locator-Node Function. 78 * 79 * Both SEG6_LOCAL_LCBLOCK_DBITS and SEG6_LOCAL_LCNODE_FN_DBITS *must* be: 80 * i) greater than 0; 81 * ii) evenly divisible by 8. In other terms, the lengths of the 82 * Locator-Block and Locator-Node Function must be byte-aligned (we can 83 * relax this constraint in the future if really needed). 84 * 85 * Moreover, a third condition must hold: 86 * iii) SEG6_LOCAL_LCBLOCK_DBITS + SEG6_LOCAL_LCNODE_FN_DBITS <= 128. 87 * 88 * The correctness of SEG6_LOCAL_LCBLOCK_DBITS and SEG6_LOCAL_LCNODE_FN_DBITS 89 * values are checked during the kernel compilation. If the compilation stops, 90 * check the value of these parameters to see if they meet conditions (i), (ii) 91 * and (iii). 92 */ 93 #define SEG6_LOCAL_LCBLOCK_DBITS 32 94 #define SEG6_LOCAL_LCNODE_FN_DBITS 16 95 96 /* The following next_csid_chk_{cntr,lcblock,lcblock_fn}_bits macros can be 97 * used directly to check whether the lengths (in bits) of Locator-Block and 98 * Locator-Node Function are valid according to (i), (ii), (iii). 99 */ 100 #define next_csid_chk_cntr_bits(blen, flen) \ 101 ((blen) + (flen) > 128) 102 103 #define next_csid_chk_lcblock_bits(blen) \ 104 ({ \ 105 typeof(blen) __tmp = blen; \ 106 (!__tmp || __tmp > 120 || (__tmp & 0x07)); \ 107 }) 108 109 #define next_csid_chk_lcnode_fn_bits(flen) \ 110 next_csid_chk_lcblock_bits(flen) 111 112 #define SEG6_F_LOCAL_FLV_OP(flvname) BIT(SEG6_LOCAL_FLV_OP_##flvname) 113 #define SEG6_F_LOCAL_FLV_PSP SEG6_F_LOCAL_FLV_OP(PSP) 114 115 /* Supported RFC8986 Flavor operations are reported in this bitmask */ 116 #define SEG6_LOCAL_FLV8986_SUPP_OPS SEG6_F_LOCAL_FLV_PSP 117 118 /* Supported Flavor operations are reported in this bitmask */ 119 #define SEG6_LOCAL_FLV_SUPP_OPS (SEG6_F_LOCAL_FLV_OP(NEXT_CSID) | \ 120 SEG6_LOCAL_FLV8986_SUPP_OPS) 121 122 struct seg6_flavors_info { 123 /* Flavor operations */ 124 __u32 flv_ops; 125 126 /* Locator-Block length, expressed in bits */ 127 __u8 lcblock_bits; 128 /* Locator-Node Function length, expressed in bits*/ 129 __u8 lcnode_func_bits; 130 }; 131 132 enum seg6_end_dt_mode { 133 DT_INVALID_MODE = -EINVAL, 134 DT_LEGACY_MODE = 0, 135 DT_VRF_MODE = 1, 136 }; 137 138 struct seg6_end_dt_info { 139 enum seg6_end_dt_mode mode; 140 141 struct net *net; 142 /* VRF device associated to the routing table used by the SRv6 143 * End.DT4/DT6 behavior for routing IPv4/IPv6 packets. 144 */ 145 int vrf_ifindex; 146 int vrf_table; 147 148 /* tunneled packet family (IPv4 or IPv6). 149 * Protocol and header length are inferred from family. 150 */ 151 u16 family; 152 }; 153 154 struct pcpu_seg6_local_counters { 155 u64_stats_t packets; 156 u64_stats_t bytes; 157 u64_stats_t errors; 158 159 struct u64_stats_sync syncp; 160 }; 161 162 /* This struct groups all the SRv6 Behavior counters supported so far. 163 * 164 * put_nla_counters() makes use of this data structure to collect all counter 165 * values after the per-CPU counter evaluation has been performed. 166 * Finally, each counter value (in seg6_local_counters) is stored in the 167 * corresponding netlink attribute and sent to user space. 168 * 169 * NB: we don't want to expose this structure to user space! 170 */ 171 struct seg6_local_counters { 172 __u64 packets; 173 __u64 bytes; 174 __u64 errors; 175 }; 176 177 #define seg6_local_alloc_pcpu_counters(__gfp) \ 178 __netdev_alloc_pcpu_stats(struct pcpu_seg6_local_counters, \ 179 ((__gfp) | __GFP_ZERO)) 180 181 #define SEG6_F_LOCAL_COUNTERS SEG6_F_ATTR(SEG6_LOCAL_COUNTERS) 182 183 struct seg6_local_lwt { 184 int action; 185 struct ipv6_sr_hdr *srh; 186 int table; 187 struct in_addr nh4; 188 struct in6_addr nh6; 189 int iif; 190 int oif; 191 struct bpf_lwt_prog bpf; 192 #ifdef CONFIG_NET_L3_MASTER_DEV 193 struct seg6_end_dt_info dt_info; 194 #endif 195 struct seg6_flavors_info flv_info; 196 197 struct pcpu_seg6_local_counters __percpu *pcpu_counters; 198 199 int headroom; 200 struct seg6_action_desc *desc; 201 /* unlike the required attrs, we have to track the optional attributes 202 * that have been effectively parsed. 203 */ 204 unsigned long parsed_optattrs; 205 }; 206 207 static struct seg6_local_lwt *seg6_local_lwtunnel(struct lwtunnel_state *lwt) 208 { 209 return (struct seg6_local_lwt *)lwt->data; 210 } 211 212 static struct ipv6_sr_hdr *get_and_validate_srh(struct sk_buff *skb) 213 { 214 struct ipv6_sr_hdr *srh; 215 216 srh = seg6_get_srh(skb, IP6_FH_F_SKIP_RH); 217 if (!srh) 218 return NULL; 219 220 #ifdef CONFIG_IPV6_SEG6_HMAC 221 if (!seg6_hmac_validate_skb(skb)) 222 return NULL; 223 #endif 224 225 return srh; 226 } 227 228 static bool decap_and_validate(struct sk_buff *skb, int proto) 229 { 230 struct ipv6_sr_hdr *srh; 231 unsigned int off = 0; 232 233 srh = seg6_get_srh(skb, 0); 234 if (srh && srh->segments_left > 0) 235 return false; 236 237 #ifdef CONFIG_IPV6_SEG6_HMAC 238 if (srh && !seg6_hmac_validate_skb(skb)) 239 return false; 240 #endif 241 242 if (ipv6_find_hdr(skb, &off, proto, NULL, NULL) < 0) 243 return false; 244 245 if (!pskb_pull(skb, off)) 246 return false; 247 248 skb_postpull_rcsum(skb, skb_network_header(skb), off); 249 250 skb_reset_network_header(skb); 251 skb_reset_transport_header(skb); 252 if (iptunnel_pull_offloads(skb)) 253 return false; 254 255 return true; 256 } 257 258 static void advance_nextseg(struct ipv6_sr_hdr *srh, struct in6_addr *daddr) 259 { 260 struct in6_addr *addr; 261 262 srh->segments_left--; 263 addr = srh->segments + srh->segments_left; 264 *daddr = *addr; 265 } 266 267 static int 268 seg6_lookup_any_nexthop(struct sk_buff *skb, struct in6_addr *nhaddr, 269 u32 tbl_id, bool local_delivery) 270 { 271 struct net *net = dev_net(skb->dev); 272 struct ipv6hdr *hdr = ipv6_hdr(skb); 273 int flags = RT6_LOOKUP_F_HAS_SADDR; 274 struct dst_entry *dst = NULL; 275 struct rt6_info *rt; 276 struct flowi6 fl6; 277 int dev_flags = 0; 278 279 memset(&fl6, 0, sizeof(fl6)); 280 fl6.flowi6_iif = skb->dev->ifindex; 281 fl6.daddr = nhaddr ? *nhaddr : hdr->daddr; 282 fl6.saddr = hdr->saddr; 283 fl6.flowlabel = ip6_flowinfo(hdr); 284 fl6.flowi6_mark = skb->mark; 285 fl6.flowi6_proto = hdr->nexthdr; 286 287 if (nhaddr) 288 fl6.flowi6_flags = FLOWI_FLAG_KNOWN_NH; 289 290 if (!tbl_id) { 291 dst = ip6_route_input_lookup(net, skb->dev, &fl6, skb, flags); 292 } else { 293 struct fib6_table *table; 294 295 table = fib6_get_table(net, tbl_id); 296 if (!table) 297 goto out; 298 299 rt = ip6_pol_route(net, table, 0, &fl6, skb, flags); 300 dst = &rt->dst; 301 } 302 303 /* we want to discard traffic destined for local packet processing, 304 * if @local_delivery is set to false. 305 */ 306 if (!local_delivery) 307 dev_flags |= IFF_LOOPBACK; 308 309 if (dst && (dst->dev->flags & dev_flags) && !dst->error) { 310 dst_release(dst); 311 dst = NULL; 312 } 313 314 out: 315 if (!dst) { 316 rt = net->ipv6.ip6_blk_hole_entry; 317 dst = &rt->dst; 318 dst_hold(dst); 319 } 320 321 skb_dst_drop(skb); 322 skb_dst_set(skb, dst); 323 return dst->error; 324 } 325 326 int seg6_lookup_nexthop(struct sk_buff *skb, 327 struct in6_addr *nhaddr, u32 tbl_id) 328 { 329 return seg6_lookup_any_nexthop(skb, nhaddr, tbl_id, false); 330 } 331 332 static __u8 seg6_flv_lcblock_octects(const struct seg6_flavors_info *finfo) 333 { 334 return finfo->lcblock_bits >> 3; 335 } 336 337 static __u8 seg6_flv_lcnode_func_octects(const struct seg6_flavors_info *finfo) 338 { 339 return finfo->lcnode_func_bits >> 3; 340 } 341 342 static bool seg6_next_csid_is_arg_zero(const struct in6_addr *addr, 343 const struct seg6_flavors_info *finfo) 344 { 345 __u8 fnc_octects = seg6_flv_lcnode_func_octects(finfo); 346 __u8 blk_octects = seg6_flv_lcblock_octects(finfo); 347 __u8 arg_octects; 348 int i; 349 350 arg_octects = 16 - blk_octects - fnc_octects; 351 for (i = 0; i < arg_octects; ++i) { 352 if (addr->s6_addr[blk_octects + fnc_octects + i] != 0x00) 353 return false; 354 } 355 356 return true; 357 } 358 359 /* assume that DA.Argument length > 0 */ 360 static void seg6_next_csid_advance_arg(struct in6_addr *addr, 361 const struct seg6_flavors_info *finfo) 362 { 363 __u8 fnc_octects = seg6_flv_lcnode_func_octects(finfo); 364 __u8 blk_octects = seg6_flv_lcblock_octects(finfo); 365 366 /* advance DA.Argument */ 367 memmove(&addr->s6_addr[blk_octects], 368 &addr->s6_addr[blk_octects + fnc_octects], 369 16 - blk_octects - fnc_octects); 370 371 memset(&addr->s6_addr[16 - fnc_octects], 0x00, fnc_octects); 372 } 373 374 static int input_action_end_finish(struct sk_buff *skb, 375 struct seg6_local_lwt *slwt) 376 { 377 seg6_lookup_nexthop(skb, NULL, 0); 378 379 return dst_input(skb); 380 } 381 382 static int input_action_end_core(struct sk_buff *skb, 383 struct seg6_local_lwt *slwt) 384 { 385 struct ipv6_sr_hdr *srh; 386 387 srh = get_and_validate_srh(skb); 388 if (!srh) 389 goto drop; 390 391 advance_nextseg(srh, &ipv6_hdr(skb)->daddr); 392 393 return input_action_end_finish(skb, slwt); 394 395 drop: 396 kfree_skb(skb); 397 return -EINVAL; 398 } 399 400 static int end_next_csid_core(struct sk_buff *skb, struct seg6_local_lwt *slwt) 401 { 402 const struct seg6_flavors_info *finfo = &slwt->flv_info; 403 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 404 405 if (seg6_next_csid_is_arg_zero(daddr, finfo)) 406 return input_action_end_core(skb, slwt); 407 408 /* update DA */ 409 seg6_next_csid_advance_arg(daddr, finfo); 410 411 return input_action_end_finish(skb, slwt); 412 } 413 414 static bool seg6_next_csid_enabled(__u32 fops) 415 { 416 return fops & BIT(SEG6_LOCAL_FLV_OP_NEXT_CSID); 417 } 418 419 /* We describe the packet state in relation to the absence/presence of the SRH 420 * and the Segment Left (SL) field. 421 * For our purposes, it is not necessary to record the exact value of the SL 422 * when the SID List consists of two or more segments. 423 */ 424 enum seg6_local_pktinfo { 425 /* the order really matters! */ 426 SEG6_LOCAL_PKTINFO_NOHDR = 0, 427 SEG6_LOCAL_PKTINFO_SL_ZERO, 428 SEG6_LOCAL_PKTINFO_SL_ONE, 429 SEG6_LOCAL_PKTINFO_SL_MORE, 430 __SEG6_LOCAL_PKTINFO_MAX, 431 }; 432 433 #define SEG6_LOCAL_PKTINFO_MAX (__SEG6_LOCAL_PKTINFO_MAX - 1) 434 435 static enum seg6_local_pktinfo seg6_get_srh_pktinfo(struct ipv6_sr_hdr *srh) 436 { 437 __u8 sgl; 438 439 if (!srh) 440 return SEG6_LOCAL_PKTINFO_NOHDR; 441 442 sgl = srh->segments_left; 443 if (sgl < 2) 444 return SEG6_LOCAL_PKTINFO_SL_ZERO + sgl; 445 446 return SEG6_LOCAL_PKTINFO_SL_MORE; 447 } 448 449 enum seg6_local_flv_action { 450 SEG6_LOCAL_FLV_ACT_UNSPEC = 0, 451 SEG6_LOCAL_FLV_ACT_END, 452 SEG6_LOCAL_FLV_ACT_PSP, 453 SEG6_LOCAL_FLV_ACT_USP, 454 SEG6_LOCAL_FLV_ACT_USD, 455 __SEG6_LOCAL_FLV_ACT_MAX 456 }; 457 458 #define SEG6_LOCAL_FLV_ACT_MAX (__SEG6_LOCAL_FLV_ACT_MAX - 1) 459 460 /* The action table for RFC8986 flavors (see the flv8986_act_tbl below) 461 * contains the actions (i.e. processing operations) to be applied on packets 462 * when flavors are configured for an End* behavior. 463 * By combining the pkinfo data and from the flavors mask, the macro 464 * computes the index used to access the elements (actions) stored in the 465 * action table. The index is structured as follows: 466 * 467 * index 468 * _______________/\________________ 469 * / \ 470 * +----------------+----------------+ 471 * | pf | afm | 472 * +----------------+----------------+ 473 * ph-1 ... p1 p0 fk-1 ... f1 f0 474 * MSB LSB 475 * 476 * where: 477 * - 'afm' (adjusted flavor mask) is the mask containing a combination of the 478 * RFC8986 flavors currently supported. 'afm' corresponds to the @fm 479 * argument of the macro whose value is righ-shifted by 1 bit. By doing so, 480 * we discard the SEG6_LOCAL_FLV_OP_UNSPEC flag (bit 0 in @fm) which is 481 * never used here; 482 * - 'pf' encodes the packet info (pktinfo) regarding the presence/absence of 483 * the SRH, SL = 0, etc. 'pf' is set with the value of @pf provided as 484 * argument to the macro. 485 */ 486 #define flv8986_act_tbl_idx(pf, fm) \ 487 ((((pf) << bits_per(SEG6_LOCAL_FLV8986_SUPP_OPS)) | \ 488 ((fm) & SEG6_LOCAL_FLV8986_SUPP_OPS)) >> SEG6_LOCAL_FLV_OP_PSP) 489 490 /* We compute the size of the action table by considering the RFC8986 flavors 491 * actually supported by the kernel. In this way, the size is automatically 492 * adjusted when new flavors are supported. 493 */ 494 #define FLV8986_ACT_TBL_SIZE \ 495 roundup_pow_of_two(flv8986_act_tbl_idx(SEG6_LOCAL_PKTINFO_MAX, \ 496 SEG6_LOCAL_FLV8986_SUPP_OPS)) 497 498 /* tbl_cfg(act, pf, fm) macro is used to easily configure the action 499 * table; it accepts 3 arguments: 500 * i) @act, the suffix from SEG6_LOCAL_FLV_ACT_{act} representing 501 * the action that should be applied on the packet; 502 * ii) @pf, the suffix from SEG6_LOCAL_PKTINFO_{pf} reporting the packet 503 * info about the lack/presence of SRH, SRH with SL = 0, etc; 504 * iii) @fm, the mask of flavors. 505 */ 506 #define tbl_cfg(act, pf, fm) \ 507 [flv8986_act_tbl_idx(SEG6_LOCAL_PKTINFO_##pf, \ 508 (fm))] = SEG6_LOCAL_FLV_ACT_##act 509 510 /* shorthand for improving readability */ 511 #define F_PSP SEG6_F_LOCAL_FLV_PSP 512 513 /* The table contains, for each combination of the pktinfo data and 514 * flavors, the action that should be taken on a packet (e.g. 515 * "standard" Endpoint processing, Penultimate Segment Pop, etc). 516 * 517 * By default, table entries not explicitly configured are initialized with the 518 * SEG6_LOCAL_FLV_ACT_UNSPEC action, which generally has the effect of 519 * discarding the processed packet. 520 */ 521 static const u8 flv8986_act_tbl[FLV8986_ACT_TBL_SIZE] = { 522 /* PSP variant for packet where SRH with SL = 1 */ 523 tbl_cfg(PSP, SL_ONE, F_PSP), 524 /* End for packet where the SRH with SL > 1*/ 525 tbl_cfg(END, SL_MORE, F_PSP), 526 }; 527 528 #undef F_PSP 529 #undef tbl_cfg 530 531 /* For each flavor defined in RFC8986 (or a combination of them) an action is 532 * performed on the packet. The specific action depends on: 533 * - info extracted from the packet (i.e. pktinfo data) regarding the 534 * lack/presence of the SRH, and if the SRH is available, on the value of 535 * Segment Left field; 536 * - the mask of flavors configured for the specific SRv6 End* behavior. 537 * 538 * The function combines both the pkinfo and the flavors mask to evaluate the 539 * corresponding action to be taken on the packet. 540 */ 541 static enum seg6_local_flv_action 542 seg6_local_flv8986_act_lookup(enum seg6_local_pktinfo pinfo, __u32 flvmask) 543 { 544 unsigned long index; 545 546 /* check if the provided mask of flavors is supported */ 547 if (unlikely(flvmask & ~SEG6_LOCAL_FLV8986_SUPP_OPS)) 548 return SEG6_LOCAL_FLV_ACT_UNSPEC; 549 550 index = flv8986_act_tbl_idx(pinfo, flvmask); 551 if (unlikely(index >= FLV8986_ACT_TBL_SIZE)) 552 return SEG6_LOCAL_FLV_ACT_UNSPEC; 553 554 return flv8986_act_tbl[index]; 555 } 556 557 /* skb->data must be aligned with skb->network_header */ 558 static bool seg6_pop_srh(struct sk_buff *skb, int srhoff) 559 { 560 struct ipv6_sr_hdr *srh; 561 struct ipv6hdr *iph; 562 __u8 srh_nexthdr; 563 int thoff = -1; 564 int srhlen; 565 int nhlen; 566 567 if (unlikely(srhoff < sizeof(*iph) || 568 !pskb_may_pull(skb, srhoff + sizeof(*srh)))) 569 return false; 570 571 srh = (struct ipv6_sr_hdr *)(skb->data + srhoff); 572 srhlen = ipv6_optlen(srh); 573 574 /* we are about to mangle the pkt, let's check if we can write on it */ 575 if (unlikely(skb_ensure_writable(skb, srhoff + srhlen))) 576 return false; 577 578 /* skb_ensure_writable() may change skb pointers; evaluate srh again */ 579 srh = (struct ipv6_sr_hdr *)(skb->data + srhoff); 580 srh_nexthdr = srh->nexthdr; 581 582 if (unlikely(!skb_transport_header_was_set(skb))) 583 goto pull; 584 585 nhlen = skb_network_header_len(skb); 586 /* we have to deal with the transport header: it could be set before 587 * the SRH, after the SRH, or within it (which is considered wrong, 588 * however). 589 */ 590 if (likely(nhlen <= srhoff)) 591 thoff = nhlen; 592 else if (nhlen >= srhoff + srhlen) 593 /* transport_header is set after the SRH */ 594 thoff = nhlen - srhlen; 595 else 596 /* transport_header falls inside the SRH; hence, we can't 597 * restore the transport_header pointer properly after 598 * SRH removing operation. 599 */ 600 return false; 601 pull: 602 /* we need to pop the SRH: 603 * 1) first of all, we pull out everything from IPv6 header up to SRH 604 * (included) evaluating also the rcsum; 605 * 2) we overwrite (and then remove) the SRH by properly moving the 606 * IPv6 along with any extension header that precedes the SRH; 607 * 3) At the end, we push back the pulled headers (except for SRH, 608 * obviously). 609 */ 610 skb_pull_rcsum(skb, srhoff + srhlen); 611 memmove(skb_network_header(skb) + srhlen, skb_network_header(skb), 612 srhoff); 613 skb_push(skb, srhoff); 614 615 skb_reset_network_header(skb); 616 skb_mac_header_rebuild(skb); 617 if (likely(thoff >= 0)) 618 skb_set_transport_header(skb, thoff); 619 620 iph = ipv6_hdr(skb); 621 if (iph->nexthdr == NEXTHDR_ROUTING) { 622 iph->nexthdr = srh_nexthdr; 623 } else { 624 /* we must look for the extension header (EXTH, for short) that 625 * immediately precedes the SRH we have just removed. 626 * Then, we update the value of the EXTH nexthdr with the one 627 * contained in the SRH nexthdr. 628 */ 629 unsigned int off = sizeof(*iph); 630 struct ipv6_opt_hdr *hp, _hdr; 631 __u8 nexthdr = iph->nexthdr; 632 633 for (;;) { 634 if (unlikely(!ipv6_ext_hdr(nexthdr) || 635 nexthdr == NEXTHDR_NONE)) 636 return false; 637 638 hp = skb_header_pointer(skb, off, sizeof(_hdr), &_hdr); 639 if (unlikely(!hp)) 640 return false; 641 642 if (hp->nexthdr == NEXTHDR_ROUTING) { 643 hp->nexthdr = srh_nexthdr; 644 break; 645 } 646 647 switch (nexthdr) { 648 case NEXTHDR_FRAGMENT: 649 fallthrough; 650 case NEXTHDR_AUTH: 651 /* we expect SRH before FRAG and AUTH */ 652 return false; 653 default: 654 off += ipv6_optlen(hp); 655 break; 656 } 657 658 nexthdr = hp->nexthdr; 659 } 660 } 661 662 iph->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); 663 664 skb_postpush_rcsum(skb, iph, srhoff); 665 666 return true; 667 } 668 669 /* process the packet on the basis of the RFC8986 flavors set for the given 670 * SRv6 End behavior instance. 671 */ 672 static int end_flv8986_core(struct sk_buff *skb, struct seg6_local_lwt *slwt) 673 { 674 const struct seg6_flavors_info *finfo = &slwt->flv_info; 675 enum seg6_local_flv_action action; 676 enum seg6_local_pktinfo pinfo; 677 struct ipv6_sr_hdr *srh; 678 __u32 flvmask; 679 int srhoff; 680 681 srh = seg6_get_srh(skb, 0); 682 srhoff = srh ? ((unsigned char *)srh - skb->data) : 0; 683 pinfo = seg6_get_srh_pktinfo(srh); 684 #ifdef CONFIG_IPV6_SEG6_HMAC 685 if (srh && !seg6_hmac_validate_skb(skb)) 686 goto drop; 687 #endif 688 flvmask = finfo->flv_ops; 689 if (unlikely(flvmask & ~SEG6_LOCAL_FLV8986_SUPP_OPS)) { 690 pr_warn_once("seg6local: invalid RFC8986 flavors\n"); 691 goto drop; 692 } 693 694 /* retrieve the action triggered by the combination of pktinfo data and 695 * the flavors mask. 696 */ 697 action = seg6_local_flv8986_act_lookup(pinfo, flvmask); 698 switch (action) { 699 case SEG6_LOCAL_FLV_ACT_END: 700 /* process the packet as the "standard" End behavior */ 701 advance_nextseg(srh, &ipv6_hdr(skb)->daddr); 702 break; 703 case SEG6_LOCAL_FLV_ACT_PSP: 704 advance_nextseg(srh, &ipv6_hdr(skb)->daddr); 705 706 if (unlikely(!seg6_pop_srh(skb, srhoff))) 707 goto drop; 708 break; 709 case SEG6_LOCAL_FLV_ACT_UNSPEC: 710 fallthrough; 711 default: 712 /* by default, we drop the packet since we could not find a 713 * suitable action. 714 */ 715 goto drop; 716 } 717 718 return input_action_end_finish(skb, slwt); 719 720 drop: 721 kfree_skb(skb); 722 return -EINVAL; 723 } 724 725 /* regular endpoint function */ 726 static int input_action_end(struct sk_buff *skb, struct seg6_local_lwt *slwt) 727 { 728 const struct seg6_flavors_info *finfo = &slwt->flv_info; 729 __u32 fops = finfo->flv_ops; 730 731 if (!fops) 732 return input_action_end_core(skb, slwt); 733 734 /* check for the presence of NEXT-C-SID since it applies first */ 735 if (seg6_next_csid_enabled(fops)) 736 return end_next_csid_core(skb, slwt); 737 738 /* the specific processing function to be performed on the packet 739 * depends on the combination of flavors defined in RFC8986 and some 740 * information extracted from the packet, e.g. presence/absence of SRH, 741 * Segment Left = 0, etc. 742 */ 743 return end_flv8986_core(skb, slwt); 744 } 745 746 /* regular endpoint, and forward to specified nexthop */ 747 static int input_action_end_x(struct sk_buff *skb, struct seg6_local_lwt *slwt) 748 { 749 struct ipv6_sr_hdr *srh; 750 751 srh = get_and_validate_srh(skb); 752 if (!srh) 753 goto drop; 754 755 advance_nextseg(srh, &ipv6_hdr(skb)->daddr); 756 757 seg6_lookup_nexthop(skb, &slwt->nh6, 0); 758 759 return dst_input(skb); 760 761 drop: 762 kfree_skb(skb); 763 return -EINVAL; 764 } 765 766 static int input_action_end_t(struct sk_buff *skb, struct seg6_local_lwt *slwt) 767 { 768 struct ipv6_sr_hdr *srh; 769 770 srh = get_and_validate_srh(skb); 771 if (!srh) 772 goto drop; 773 774 advance_nextseg(srh, &ipv6_hdr(skb)->daddr); 775 776 seg6_lookup_nexthop(skb, NULL, slwt->table); 777 778 return dst_input(skb); 779 780 drop: 781 kfree_skb(skb); 782 return -EINVAL; 783 } 784 785 /* decapsulate and forward inner L2 frame on specified interface */ 786 static int input_action_end_dx2(struct sk_buff *skb, 787 struct seg6_local_lwt *slwt) 788 { 789 struct net *net = dev_net(skb->dev); 790 struct net_device *odev; 791 struct ethhdr *eth; 792 793 if (!decap_and_validate(skb, IPPROTO_ETHERNET)) 794 goto drop; 795 796 if (!pskb_may_pull(skb, ETH_HLEN)) 797 goto drop; 798 799 skb_reset_mac_header(skb); 800 eth = (struct ethhdr *)skb->data; 801 802 /* To determine the frame's protocol, we assume it is 802.3. This avoids 803 * a call to eth_type_trans(), which is not really relevant for our 804 * use case. 805 */ 806 if (!eth_proto_is_802_3(eth->h_proto)) 807 goto drop; 808 809 odev = dev_get_by_index_rcu(net, slwt->oif); 810 if (!odev) 811 goto drop; 812 813 /* As we accept Ethernet frames, make sure the egress device is of 814 * the correct type. 815 */ 816 if (odev->type != ARPHRD_ETHER) 817 goto drop; 818 819 if (!(odev->flags & IFF_UP) || !netif_carrier_ok(odev)) 820 goto drop; 821 822 skb_orphan(skb); 823 824 if (skb_warn_if_lro(skb)) 825 goto drop; 826 827 skb_forward_csum(skb); 828 829 if (skb->len - ETH_HLEN > odev->mtu) 830 goto drop; 831 832 skb->dev = odev; 833 skb->protocol = eth->h_proto; 834 835 return dev_queue_xmit(skb); 836 837 drop: 838 kfree_skb(skb); 839 return -EINVAL; 840 } 841 842 static int input_action_end_dx6_finish(struct net *net, struct sock *sk, 843 struct sk_buff *skb) 844 { 845 struct dst_entry *orig_dst = skb_dst(skb); 846 struct in6_addr *nhaddr = NULL; 847 struct seg6_local_lwt *slwt; 848 849 slwt = seg6_local_lwtunnel(orig_dst->lwtstate); 850 851 /* The inner packet is not associated to any local interface, 852 * so we do not call netif_rx(). 853 * 854 * If slwt->nh6 is set to ::, then lookup the nexthop for the 855 * inner packet's DA. Otherwise, use the specified nexthop. 856 */ 857 if (!ipv6_addr_any(&slwt->nh6)) 858 nhaddr = &slwt->nh6; 859 860 seg6_lookup_nexthop(skb, nhaddr, 0); 861 862 return dst_input(skb); 863 } 864 865 /* decapsulate and forward to specified nexthop */ 866 static int input_action_end_dx6(struct sk_buff *skb, 867 struct seg6_local_lwt *slwt) 868 { 869 /* this function accepts IPv6 encapsulated packets, with either 870 * an SRH with SL=0, or no SRH. 871 */ 872 873 if (!decap_and_validate(skb, IPPROTO_IPV6)) 874 goto drop; 875 876 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 877 goto drop; 878 879 skb_set_transport_header(skb, sizeof(struct ipv6hdr)); 880 nf_reset_ct(skb); 881 882 if (static_branch_unlikely(&nf_hooks_lwtunnel_enabled)) 883 return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, 884 dev_net(skb->dev), NULL, skb, NULL, 885 skb_dst(skb)->dev, input_action_end_dx6_finish); 886 887 return input_action_end_dx6_finish(dev_net(skb->dev), NULL, skb); 888 drop: 889 kfree_skb(skb); 890 return -EINVAL; 891 } 892 893 static int input_action_end_dx4_finish(struct net *net, struct sock *sk, 894 struct sk_buff *skb) 895 { 896 struct dst_entry *orig_dst = skb_dst(skb); 897 struct seg6_local_lwt *slwt; 898 struct iphdr *iph; 899 __be32 nhaddr; 900 int err; 901 902 slwt = seg6_local_lwtunnel(orig_dst->lwtstate); 903 904 iph = ip_hdr(skb); 905 906 nhaddr = slwt->nh4.s_addr ?: iph->daddr; 907 908 skb_dst_drop(skb); 909 910 err = ip_route_input(skb, nhaddr, iph->saddr, 0, skb->dev); 911 if (err) { 912 kfree_skb(skb); 913 return -EINVAL; 914 } 915 916 return dst_input(skb); 917 } 918 919 static int input_action_end_dx4(struct sk_buff *skb, 920 struct seg6_local_lwt *slwt) 921 { 922 if (!decap_and_validate(skb, IPPROTO_IPIP)) 923 goto drop; 924 925 if (!pskb_may_pull(skb, sizeof(struct iphdr))) 926 goto drop; 927 928 skb->protocol = htons(ETH_P_IP); 929 skb_set_transport_header(skb, sizeof(struct iphdr)); 930 nf_reset_ct(skb); 931 932 if (static_branch_unlikely(&nf_hooks_lwtunnel_enabled)) 933 return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, 934 dev_net(skb->dev), NULL, skb, NULL, 935 skb_dst(skb)->dev, input_action_end_dx4_finish); 936 937 return input_action_end_dx4_finish(dev_net(skb->dev), NULL, skb); 938 drop: 939 kfree_skb(skb); 940 return -EINVAL; 941 } 942 943 #ifdef CONFIG_NET_L3_MASTER_DEV 944 static struct net *fib6_config_get_net(const struct fib6_config *fib6_cfg) 945 { 946 const struct nl_info *nli = &fib6_cfg->fc_nlinfo; 947 948 return nli->nl_net; 949 } 950 951 static int __seg6_end_dt_vrf_build(struct seg6_local_lwt *slwt, const void *cfg, 952 u16 family, struct netlink_ext_ack *extack) 953 { 954 struct seg6_end_dt_info *info = &slwt->dt_info; 955 int vrf_ifindex; 956 struct net *net; 957 958 net = fib6_config_get_net(cfg); 959 960 /* note that vrf_table was already set by parse_nla_vrftable() */ 961 vrf_ifindex = l3mdev_ifindex_lookup_by_table_id(L3MDEV_TYPE_VRF, net, 962 info->vrf_table); 963 if (vrf_ifindex < 0) { 964 if (vrf_ifindex == -EPERM) { 965 NL_SET_ERR_MSG(extack, 966 "Strict mode for VRF is disabled"); 967 } else if (vrf_ifindex == -ENODEV) { 968 NL_SET_ERR_MSG(extack, 969 "Table has no associated VRF device"); 970 } else { 971 pr_debug("seg6local: SRv6 End.DT* creation error=%d\n", 972 vrf_ifindex); 973 } 974 975 return vrf_ifindex; 976 } 977 978 info->net = net; 979 info->vrf_ifindex = vrf_ifindex; 980 981 info->family = family; 982 info->mode = DT_VRF_MODE; 983 984 return 0; 985 } 986 987 /* The SRv6 End.DT4/DT6 behavior extracts the inner (IPv4/IPv6) packet and 988 * routes the IPv4/IPv6 packet by looking at the configured routing table. 989 * 990 * In the SRv6 End.DT4/DT6 use case, we can receive traffic (IPv6+Segment 991 * Routing Header packets) from several interfaces and the outer IPv6 992 * destination address (DA) is used for retrieving the specific instance of the 993 * End.DT4/DT6 behavior that should process the packets. 994 * 995 * However, the inner IPv4/IPv6 packet is not really bound to any receiving 996 * interface and thus the End.DT4/DT6 sets the VRF (associated with the 997 * corresponding routing table) as the *receiving* interface. 998 * In other words, the End.DT4/DT6 processes a packet as if it has been received 999 * directly by the VRF (and not by one of its slave devices, if any). 1000 * In this way, the VRF interface is used for routing the IPv4/IPv6 packet in 1001 * according to the routing table configured by the End.DT4/DT6 instance. 1002 * 1003 * This design allows you to get some interesting features like: 1004 * 1) the statistics on rx packets; 1005 * 2) the possibility to install a packet sniffer on the receiving interface 1006 * (the VRF one) for looking at the incoming packets; 1007 * 3) the possibility to leverage the netfilter prerouting hook for the inner 1008 * IPv4 packet. 1009 * 1010 * This function returns: 1011 * - the sk_buff* when the VRF rcv handler has processed the packet correctly; 1012 * - NULL when the skb is consumed by the VRF rcv handler; 1013 * - a pointer which encodes a negative error number in case of error. 1014 * Note that in this case, the function takes care of freeing the skb. 1015 */ 1016 static struct sk_buff *end_dt_vrf_rcv(struct sk_buff *skb, u16 family, 1017 struct net_device *dev) 1018 { 1019 /* based on l3mdev_ip_rcv; we are only interested in the master */ 1020 if (unlikely(!netif_is_l3_master(dev) && !netif_has_l3_rx_handler(dev))) 1021 goto drop; 1022 1023 if (unlikely(!dev->l3mdev_ops->l3mdev_l3_rcv)) 1024 goto drop; 1025 1026 /* the decap packet IPv4/IPv6 does not come with any mac header info. 1027 * We must unset the mac header to allow the VRF device to rebuild it, 1028 * just in case there is a sniffer attached on the device. 1029 */ 1030 skb_unset_mac_header(skb); 1031 1032 skb = dev->l3mdev_ops->l3mdev_l3_rcv(dev, skb, family); 1033 if (!skb) 1034 /* the skb buffer was consumed by the handler */ 1035 return NULL; 1036 1037 /* when a packet is received by a VRF or by one of its slaves, the 1038 * master device reference is set into the skb. 1039 */ 1040 if (unlikely(skb->dev != dev || skb->skb_iif != dev->ifindex)) 1041 goto drop; 1042 1043 return skb; 1044 1045 drop: 1046 kfree_skb(skb); 1047 return ERR_PTR(-EINVAL); 1048 } 1049 1050 static struct net_device *end_dt_get_vrf_rcu(struct sk_buff *skb, 1051 struct seg6_end_dt_info *info) 1052 { 1053 int vrf_ifindex = info->vrf_ifindex; 1054 struct net *net = info->net; 1055 1056 if (unlikely(vrf_ifindex < 0)) 1057 goto error; 1058 1059 if (unlikely(!net_eq(dev_net(skb->dev), net))) 1060 goto error; 1061 1062 return dev_get_by_index_rcu(net, vrf_ifindex); 1063 1064 error: 1065 return NULL; 1066 } 1067 1068 static struct sk_buff *end_dt_vrf_core(struct sk_buff *skb, 1069 struct seg6_local_lwt *slwt, u16 family) 1070 { 1071 struct seg6_end_dt_info *info = &slwt->dt_info; 1072 struct net_device *vrf; 1073 __be16 protocol; 1074 int hdrlen; 1075 1076 vrf = end_dt_get_vrf_rcu(skb, info); 1077 if (unlikely(!vrf)) 1078 goto drop; 1079 1080 switch (family) { 1081 case AF_INET: 1082 protocol = htons(ETH_P_IP); 1083 hdrlen = sizeof(struct iphdr); 1084 break; 1085 case AF_INET6: 1086 protocol = htons(ETH_P_IPV6); 1087 hdrlen = sizeof(struct ipv6hdr); 1088 break; 1089 case AF_UNSPEC: 1090 fallthrough; 1091 default: 1092 goto drop; 1093 } 1094 1095 if (unlikely(info->family != AF_UNSPEC && info->family != family)) { 1096 pr_warn_once("seg6local: SRv6 End.DT* family mismatch"); 1097 goto drop; 1098 } 1099 1100 skb->protocol = protocol; 1101 1102 skb_dst_drop(skb); 1103 1104 skb_set_transport_header(skb, hdrlen); 1105 nf_reset_ct(skb); 1106 1107 return end_dt_vrf_rcv(skb, family, vrf); 1108 1109 drop: 1110 kfree_skb(skb); 1111 return ERR_PTR(-EINVAL); 1112 } 1113 1114 static int input_action_end_dt4(struct sk_buff *skb, 1115 struct seg6_local_lwt *slwt) 1116 { 1117 struct iphdr *iph; 1118 int err; 1119 1120 if (!decap_and_validate(skb, IPPROTO_IPIP)) 1121 goto drop; 1122 1123 if (!pskb_may_pull(skb, sizeof(struct iphdr))) 1124 goto drop; 1125 1126 skb = end_dt_vrf_core(skb, slwt, AF_INET); 1127 if (!skb) 1128 /* packet has been processed and consumed by the VRF */ 1129 return 0; 1130 1131 if (IS_ERR(skb)) 1132 return PTR_ERR(skb); 1133 1134 iph = ip_hdr(skb); 1135 1136 err = ip_route_input(skb, iph->daddr, iph->saddr, 0, skb->dev); 1137 if (unlikely(err)) 1138 goto drop; 1139 1140 return dst_input(skb); 1141 1142 drop: 1143 kfree_skb(skb); 1144 return -EINVAL; 1145 } 1146 1147 static int seg6_end_dt4_build(struct seg6_local_lwt *slwt, const void *cfg, 1148 struct netlink_ext_ack *extack) 1149 { 1150 return __seg6_end_dt_vrf_build(slwt, cfg, AF_INET, extack); 1151 } 1152 1153 static enum 1154 seg6_end_dt_mode seg6_end_dt6_parse_mode(struct seg6_local_lwt *slwt) 1155 { 1156 unsigned long parsed_optattrs = slwt->parsed_optattrs; 1157 bool legacy, vrfmode; 1158 1159 legacy = !!(parsed_optattrs & SEG6_F_ATTR(SEG6_LOCAL_TABLE)); 1160 vrfmode = !!(parsed_optattrs & SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE)); 1161 1162 if (!(legacy ^ vrfmode)) 1163 /* both are absent or present: invalid DT6 mode */ 1164 return DT_INVALID_MODE; 1165 1166 return legacy ? DT_LEGACY_MODE : DT_VRF_MODE; 1167 } 1168 1169 static enum seg6_end_dt_mode seg6_end_dt6_get_mode(struct seg6_local_lwt *slwt) 1170 { 1171 struct seg6_end_dt_info *info = &slwt->dt_info; 1172 1173 return info->mode; 1174 } 1175 1176 static int seg6_end_dt6_build(struct seg6_local_lwt *slwt, const void *cfg, 1177 struct netlink_ext_ack *extack) 1178 { 1179 enum seg6_end_dt_mode mode = seg6_end_dt6_parse_mode(slwt); 1180 struct seg6_end_dt_info *info = &slwt->dt_info; 1181 1182 switch (mode) { 1183 case DT_LEGACY_MODE: 1184 info->mode = DT_LEGACY_MODE; 1185 return 0; 1186 case DT_VRF_MODE: 1187 return __seg6_end_dt_vrf_build(slwt, cfg, AF_INET6, extack); 1188 default: 1189 NL_SET_ERR_MSG(extack, "table or vrftable must be specified"); 1190 return -EINVAL; 1191 } 1192 } 1193 #endif 1194 1195 static int input_action_end_dt6(struct sk_buff *skb, 1196 struct seg6_local_lwt *slwt) 1197 { 1198 if (!decap_and_validate(skb, IPPROTO_IPV6)) 1199 goto drop; 1200 1201 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 1202 goto drop; 1203 1204 #ifdef CONFIG_NET_L3_MASTER_DEV 1205 if (seg6_end_dt6_get_mode(slwt) == DT_LEGACY_MODE) 1206 goto legacy_mode; 1207 1208 /* DT6_VRF_MODE */ 1209 skb = end_dt_vrf_core(skb, slwt, AF_INET6); 1210 if (!skb) 1211 /* packet has been processed and consumed by the VRF */ 1212 return 0; 1213 1214 if (IS_ERR(skb)) 1215 return PTR_ERR(skb); 1216 1217 /* note: this time we do not need to specify the table because the VRF 1218 * takes care of selecting the correct table. 1219 */ 1220 seg6_lookup_any_nexthop(skb, NULL, 0, true); 1221 1222 return dst_input(skb); 1223 1224 legacy_mode: 1225 #endif 1226 skb_set_transport_header(skb, sizeof(struct ipv6hdr)); 1227 1228 seg6_lookup_any_nexthop(skb, NULL, slwt->table, true); 1229 1230 return dst_input(skb); 1231 1232 drop: 1233 kfree_skb(skb); 1234 return -EINVAL; 1235 } 1236 1237 #ifdef CONFIG_NET_L3_MASTER_DEV 1238 static int seg6_end_dt46_build(struct seg6_local_lwt *slwt, const void *cfg, 1239 struct netlink_ext_ack *extack) 1240 { 1241 return __seg6_end_dt_vrf_build(slwt, cfg, AF_UNSPEC, extack); 1242 } 1243 1244 static int input_action_end_dt46(struct sk_buff *skb, 1245 struct seg6_local_lwt *slwt) 1246 { 1247 unsigned int off = 0; 1248 int nexthdr; 1249 1250 nexthdr = ipv6_find_hdr(skb, &off, -1, NULL, NULL); 1251 if (unlikely(nexthdr < 0)) 1252 goto drop; 1253 1254 switch (nexthdr) { 1255 case IPPROTO_IPIP: 1256 return input_action_end_dt4(skb, slwt); 1257 case IPPROTO_IPV6: 1258 return input_action_end_dt6(skb, slwt); 1259 } 1260 1261 drop: 1262 kfree_skb(skb); 1263 return -EINVAL; 1264 } 1265 #endif 1266 1267 /* push an SRH on top of the current one */ 1268 static int input_action_end_b6(struct sk_buff *skb, struct seg6_local_lwt *slwt) 1269 { 1270 struct ipv6_sr_hdr *srh; 1271 int err = -EINVAL; 1272 1273 srh = get_and_validate_srh(skb); 1274 if (!srh) 1275 goto drop; 1276 1277 err = seg6_do_srh_inline(skb, slwt->srh); 1278 if (err) 1279 goto drop; 1280 1281 skb_set_transport_header(skb, sizeof(struct ipv6hdr)); 1282 1283 seg6_lookup_nexthop(skb, NULL, 0); 1284 1285 return dst_input(skb); 1286 1287 drop: 1288 kfree_skb(skb); 1289 return err; 1290 } 1291 1292 /* encapsulate within an outer IPv6 header and a specified SRH */ 1293 static int input_action_end_b6_encap(struct sk_buff *skb, 1294 struct seg6_local_lwt *slwt) 1295 { 1296 struct ipv6_sr_hdr *srh; 1297 int err = -EINVAL; 1298 1299 srh = get_and_validate_srh(skb); 1300 if (!srh) 1301 goto drop; 1302 1303 advance_nextseg(srh, &ipv6_hdr(skb)->daddr); 1304 1305 skb_reset_inner_headers(skb); 1306 skb->encapsulation = 1; 1307 1308 err = seg6_do_srh_encap(skb, slwt->srh, IPPROTO_IPV6); 1309 if (err) 1310 goto drop; 1311 1312 skb_set_transport_header(skb, sizeof(struct ipv6hdr)); 1313 1314 seg6_lookup_nexthop(skb, NULL, 0); 1315 1316 return dst_input(skb); 1317 1318 drop: 1319 kfree_skb(skb); 1320 return err; 1321 } 1322 1323 DEFINE_PER_CPU(struct seg6_bpf_srh_state, seg6_bpf_srh_states); 1324 1325 bool seg6_bpf_has_valid_srh(struct sk_buff *skb) 1326 { 1327 struct seg6_bpf_srh_state *srh_state = 1328 this_cpu_ptr(&seg6_bpf_srh_states); 1329 struct ipv6_sr_hdr *srh = srh_state->srh; 1330 1331 if (unlikely(srh == NULL)) 1332 return false; 1333 1334 if (unlikely(!srh_state->valid)) { 1335 if ((srh_state->hdrlen & 7) != 0) 1336 return false; 1337 1338 srh->hdrlen = (u8)(srh_state->hdrlen >> 3); 1339 if (!seg6_validate_srh(srh, (srh->hdrlen + 1) << 3, true)) 1340 return false; 1341 1342 srh_state->valid = true; 1343 } 1344 1345 return true; 1346 } 1347 1348 static int input_action_end_bpf(struct sk_buff *skb, 1349 struct seg6_local_lwt *slwt) 1350 { 1351 struct seg6_bpf_srh_state *srh_state = 1352 this_cpu_ptr(&seg6_bpf_srh_states); 1353 struct ipv6_sr_hdr *srh; 1354 int ret; 1355 1356 srh = get_and_validate_srh(skb); 1357 if (!srh) { 1358 kfree_skb(skb); 1359 return -EINVAL; 1360 } 1361 advance_nextseg(srh, &ipv6_hdr(skb)->daddr); 1362 1363 /* preempt_disable is needed to protect the per-CPU buffer srh_state, 1364 * which is also accessed by the bpf_lwt_seg6_* helpers 1365 */ 1366 preempt_disable(); 1367 srh_state->srh = srh; 1368 srh_state->hdrlen = srh->hdrlen << 3; 1369 srh_state->valid = true; 1370 1371 rcu_read_lock(); 1372 bpf_compute_data_pointers(skb); 1373 ret = bpf_prog_run_save_cb(slwt->bpf.prog, skb); 1374 rcu_read_unlock(); 1375 1376 switch (ret) { 1377 case BPF_OK: 1378 case BPF_REDIRECT: 1379 break; 1380 case BPF_DROP: 1381 goto drop; 1382 default: 1383 pr_warn_once("bpf-seg6local: Illegal return value %u\n", ret); 1384 goto drop; 1385 } 1386 1387 if (srh_state->srh && !seg6_bpf_has_valid_srh(skb)) 1388 goto drop; 1389 1390 preempt_enable(); 1391 if (ret != BPF_REDIRECT) 1392 seg6_lookup_nexthop(skb, NULL, 0); 1393 1394 return dst_input(skb); 1395 1396 drop: 1397 preempt_enable(); 1398 kfree_skb(skb); 1399 return -EINVAL; 1400 } 1401 1402 static struct seg6_action_desc seg6_action_table[] = { 1403 { 1404 .action = SEG6_LOCAL_ACTION_END, 1405 .attrs = 0, 1406 .optattrs = SEG6_F_LOCAL_COUNTERS | 1407 SEG6_F_ATTR(SEG6_LOCAL_FLAVORS), 1408 .input = input_action_end, 1409 }, 1410 { 1411 .action = SEG6_LOCAL_ACTION_END_X, 1412 .attrs = SEG6_F_ATTR(SEG6_LOCAL_NH6), 1413 .optattrs = SEG6_F_LOCAL_COUNTERS, 1414 .input = input_action_end_x, 1415 }, 1416 { 1417 .action = SEG6_LOCAL_ACTION_END_T, 1418 .attrs = SEG6_F_ATTR(SEG6_LOCAL_TABLE), 1419 .optattrs = SEG6_F_LOCAL_COUNTERS, 1420 .input = input_action_end_t, 1421 }, 1422 { 1423 .action = SEG6_LOCAL_ACTION_END_DX2, 1424 .attrs = SEG6_F_ATTR(SEG6_LOCAL_OIF), 1425 .optattrs = SEG6_F_LOCAL_COUNTERS, 1426 .input = input_action_end_dx2, 1427 }, 1428 { 1429 .action = SEG6_LOCAL_ACTION_END_DX6, 1430 .attrs = SEG6_F_ATTR(SEG6_LOCAL_NH6), 1431 .optattrs = SEG6_F_LOCAL_COUNTERS, 1432 .input = input_action_end_dx6, 1433 }, 1434 { 1435 .action = SEG6_LOCAL_ACTION_END_DX4, 1436 .attrs = SEG6_F_ATTR(SEG6_LOCAL_NH4), 1437 .optattrs = SEG6_F_LOCAL_COUNTERS, 1438 .input = input_action_end_dx4, 1439 }, 1440 { 1441 .action = SEG6_LOCAL_ACTION_END_DT4, 1442 .attrs = SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE), 1443 .optattrs = SEG6_F_LOCAL_COUNTERS, 1444 #ifdef CONFIG_NET_L3_MASTER_DEV 1445 .input = input_action_end_dt4, 1446 .slwt_ops = { 1447 .build_state = seg6_end_dt4_build, 1448 }, 1449 #endif 1450 }, 1451 { 1452 .action = SEG6_LOCAL_ACTION_END_DT6, 1453 #ifdef CONFIG_NET_L3_MASTER_DEV 1454 .attrs = 0, 1455 .optattrs = SEG6_F_LOCAL_COUNTERS | 1456 SEG6_F_ATTR(SEG6_LOCAL_TABLE) | 1457 SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE), 1458 .slwt_ops = { 1459 .build_state = seg6_end_dt6_build, 1460 }, 1461 #else 1462 .attrs = SEG6_F_ATTR(SEG6_LOCAL_TABLE), 1463 .optattrs = SEG6_F_LOCAL_COUNTERS, 1464 #endif 1465 .input = input_action_end_dt6, 1466 }, 1467 { 1468 .action = SEG6_LOCAL_ACTION_END_DT46, 1469 .attrs = SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE), 1470 .optattrs = SEG6_F_LOCAL_COUNTERS, 1471 #ifdef CONFIG_NET_L3_MASTER_DEV 1472 .input = input_action_end_dt46, 1473 .slwt_ops = { 1474 .build_state = seg6_end_dt46_build, 1475 }, 1476 #endif 1477 }, 1478 { 1479 .action = SEG6_LOCAL_ACTION_END_B6, 1480 .attrs = SEG6_F_ATTR(SEG6_LOCAL_SRH), 1481 .optattrs = SEG6_F_LOCAL_COUNTERS, 1482 .input = input_action_end_b6, 1483 }, 1484 { 1485 .action = SEG6_LOCAL_ACTION_END_B6_ENCAP, 1486 .attrs = SEG6_F_ATTR(SEG6_LOCAL_SRH), 1487 .optattrs = SEG6_F_LOCAL_COUNTERS, 1488 .input = input_action_end_b6_encap, 1489 .static_headroom = sizeof(struct ipv6hdr), 1490 }, 1491 { 1492 .action = SEG6_LOCAL_ACTION_END_BPF, 1493 .attrs = SEG6_F_ATTR(SEG6_LOCAL_BPF), 1494 .optattrs = SEG6_F_LOCAL_COUNTERS, 1495 .input = input_action_end_bpf, 1496 }, 1497 1498 }; 1499 1500 static struct seg6_action_desc *__get_action_desc(int action) 1501 { 1502 struct seg6_action_desc *desc; 1503 int i, count; 1504 1505 count = ARRAY_SIZE(seg6_action_table); 1506 for (i = 0; i < count; i++) { 1507 desc = &seg6_action_table[i]; 1508 if (desc->action == action) 1509 return desc; 1510 } 1511 1512 return NULL; 1513 } 1514 1515 static bool seg6_lwtunnel_counters_enabled(struct seg6_local_lwt *slwt) 1516 { 1517 return slwt->parsed_optattrs & SEG6_F_LOCAL_COUNTERS; 1518 } 1519 1520 static void seg6_local_update_counters(struct seg6_local_lwt *slwt, 1521 unsigned int len, int err) 1522 { 1523 struct pcpu_seg6_local_counters *pcounters; 1524 1525 pcounters = this_cpu_ptr(slwt->pcpu_counters); 1526 u64_stats_update_begin(&pcounters->syncp); 1527 1528 if (likely(!err)) { 1529 u64_stats_inc(&pcounters->packets); 1530 u64_stats_add(&pcounters->bytes, len); 1531 } else { 1532 u64_stats_inc(&pcounters->errors); 1533 } 1534 1535 u64_stats_update_end(&pcounters->syncp); 1536 } 1537 1538 static int seg6_local_input_core(struct net *net, struct sock *sk, 1539 struct sk_buff *skb) 1540 { 1541 struct dst_entry *orig_dst = skb_dst(skb); 1542 struct seg6_action_desc *desc; 1543 struct seg6_local_lwt *slwt; 1544 unsigned int len = skb->len; 1545 int rc; 1546 1547 slwt = seg6_local_lwtunnel(orig_dst->lwtstate); 1548 desc = slwt->desc; 1549 1550 rc = desc->input(skb, slwt); 1551 1552 if (!seg6_lwtunnel_counters_enabled(slwt)) 1553 return rc; 1554 1555 seg6_local_update_counters(slwt, len, rc); 1556 1557 return rc; 1558 } 1559 1560 static int seg6_local_input(struct sk_buff *skb) 1561 { 1562 if (skb->protocol != htons(ETH_P_IPV6)) { 1563 kfree_skb(skb); 1564 return -EINVAL; 1565 } 1566 1567 if (static_branch_unlikely(&nf_hooks_lwtunnel_enabled)) 1568 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_IN, 1569 dev_net(skb->dev), NULL, skb, skb->dev, NULL, 1570 seg6_local_input_core); 1571 1572 return seg6_local_input_core(dev_net(skb->dev), NULL, skb); 1573 } 1574 1575 static const struct nla_policy seg6_local_policy[SEG6_LOCAL_MAX + 1] = { 1576 [SEG6_LOCAL_ACTION] = { .type = NLA_U32 }, 1577 [SEG6_LOCAL_SRH] = { .type = NLA_BINARY }, 1578 [SEG6_LOCAL_TABLE] = { .type = NLA_U32 }, 1579 [SEG6_LOCAL_VRFTABLE] = { .type = NLA_U32 }, 1580 [SEG6_LOCAL_NH4] = { .type = NLA_BINARY, 1581 .len = sizeof(struct in_addr) }, 1582 [SEG6_LOCAL_NH6] = { .type = NLA_BINARY, 1583 .len = sizeof(struct in6_addr) }, 1584 [SEG6_LOCAL_IIF] = { .type = NLA_U32 }, 1585 [SEG6_LOCAL_OIF] = { .type = NLA_U32 }, 1586 [SEG6_LOCAL_BPF] = { .type = NLA_NESTED }, 1587 [SEG6_LOCAL_COUNTERS] = { .type = NLA_NESTED }, 1588 [SEG6_LOCAL_FLAVORS] = { .type = NLA_NESTED }, 1589 }; 1590 1591 static int parse_nla_srh(struct nlattr **attrs, struct seg6_local_lwt *slwt, 1592 struct netlink_ext_ack *extack) 1593 { 1594 struct ipv6_sr_hdr *srh; 1595 int len; 1596 1597 srh = nla_data(attrs[SEG6_LOCAL_SRH]); 1598 len = nla_len(attrs[SEG6_LOCAL_SRH]); 1599 1600 /* SRH must contain at least one segment */ 1601 if (len < sizeof(*srh) + sizeof(struct in6_addr)) 1602 return -EINVAL; 1603 1604 if (!seg6_validate_srh(srh, len, false)) 1605 return -EINVAL; 1606 1607 slwt->srh = kmemdup(srh, len, GFP_KERNEL); 1608 if (!slwt->srh) 1609 return -ENOMEM; 1610 1611 slwt->headroom += len; 1612 1613 return 0; 1614 } 1615 1616 static int put_nla_srh(struct sk_buff *skb, struct seg6_local_lwt *slwt) 1617 { 1618 struct ipv6_sr_hdr *srh; 1619 struct nlattr *nla; 1620 int len; 1621 1622 srh = slwt->srh; 1623 len = (srh->hdrlen + 1) << 3; 1624 1625 nla = nla_reserve(skb, SEG6_LOCAL_SRH, len); 1626 if (!nla) 1627 return -EMSGSIZE; 1628 1629 memcpy(nla_data(nla), srh, len); 1630 1631 return 0; 1632 } 1633 1634 static int cmp_nla_srh(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 1635 { 1636 int len = (a->srh->hdrlen + 1) << 3; 1637 1638 if (len != ((b->srh->hdrlen + 1) << 3)) 1639 return 1; 1640 1641 return memcmp(a->srh, b->srh, len); 1642 } 1643 1644 static void destroy_attr_srh(struct seg6_local_lwt *slwt) 1645 { 1646 kfree(slwt->srh); 1647 } 1648 1649 static int parse_nla_table(struct nlattr **attrs, struct seg6_local_lwt *slwt, 1650 struct netlink_ext_ack *extack) 1651 { 1652 slwt->table = nla_get_u32(attrs[SEG6_LOCAL_TABLE]); 1653 1654 return 0; 1655 } 1656 1657 static int put_nla_table(struct sk_buff *skb, struct seg6_local_lwt *slwt) 1658 { 1659 if (nla_put_u32(skb, SEG6_LOCAL_TABLE, slwt->table)) 1660 return -EMSGSIZE; 1661 1662 return 0; 1663 } 1664 1665 static int cmp_nla_table(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 1666 { 1667 if (a->table != b->table) 1668 return 1; 1669 1670 return 0; 1671 } 1672 1673 static struct 1674 seg6_end_dt_info *seg6_possible_end_dt_info(struct seg6_local_lwt *slwt) 1675 { 1676 #ifdef CONFIG_NET_L3_MASTER_DEV 1677 return &slwt->dt_info; 1678 #else 1679 return ERR_PTR(-EOPNOTSUPP); 1680 #endif 1681 } 1682 1683 static int parse_nla_vrftable(struct nlattr **attrs, 1684 struct seg6_local_lwt *slwt, 1685 struct netlink_ext_ack *extack) 1686 { 1687 struct seg6_end_dt_info *info = seg6_possible_end_dt_info(slwt); 1688 1689 if (IS_ERR(info)) 1690 return PTR_ERR(info); 1691 1692 info->vrf_table = nla_get_u32(attrs[SEG6_LOCAL_VRFTABLE]); 1693 1694 return 0; 1695 } 1696 1697 static int put_nla_vrftable(struct sk_buff *skb, struct seg6_local_lwt *slwt) 1698 { 1699 struct seg6_end_dt_info *info = seg6_possible_end_dt_info(slwt); 1700 1701 if (IS_ERR(info)) 1702 return PTR_ERR(info); 1703 1704 if (nla_put_u32(skb, SEG6_LOCAL_VRFTABLE, info->vrf_table)) 1705 return -EMSGSIZE; 1706 1707 return 0; 1708 } 1709 1710 static int cmp_nla_vrftable(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 1711 { 1712 struct seg6_end_dt_info *info_a = seg6_possible_end_dt_info(a); 1713 struct seg6_end_dt_info *info_b = seg6_possible_end_dt_info(b); 1714 1715 if (info_a->vrf_table != info_b->vrf_table) 1716 return 1; 1717 1718 return 0; 1719 } 1720 1721 static int parse_nla_nh4(struct nlattr **attrs, struct seg6_local_lwt *slwt, 1722 struct netlink_ext_ack *extack) 1723 { 1724 memcpy(&slwt->nh4, nla_data(attrs[SEG6_LOCAL_NH4]), 1725 sizeof(struct in_addr)); 1726 1727 return 0; 1728 } 1729 1730 static int put_nla_nh4(struct sk_buff *skb, struct seg6_local_lwt *slwt) 1731 { 1732 struct nlattr *nla; 1733 1734 nla = nla_reserve(skb, SEG6_LOCAL_NH4, sizeof(struct in_addr)); 1735 if (!nla) 1736 return -EMSGSIZE; 1737 1738 memcpy(nla_data(nla), &slwt->nh4, sizeof(struct in_addr)); 1739 1740 return 0; 1741 } 1742 1743 static int cmp_nla_nh4(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 1744 { 1745 return memcmp(&a->nh4, &b->nh4, sizeof(struct in_addr)); 1746 } 1747 1748 static int parse_nla_nh6(struct nlattr **attrs, struct seg6_local_lwt *slwt, 1749 struct netlink_ext_ack *extack) 1750 { 1751 memcpy(&slwt->nh6, nla_data(attrs[SEG6_LOCAL_NH6]), 1752 sizeof(struct in6_addr)); 1753 1754 return 0; 1755 } 1756 1757 static int put_nla_nh6(struct sk_buff *skb, struct seg6_local_lwt *slwt) 1758 { 1759 struct nlattr *nla; 1760 1761 nla = nla_reserve(skb, SEG6_LOCAL_NH6, sizeof(struct in6_addr)); 1762 if (!nla) 1763 return -EMSGSIZE; 1764 1765 memcpy(nla_data(nla), &slwt->nh6, sizeof(struct in6_addr)); 1766 1767 return 0; 1768 } 1769 1770 static int cmp_nla_nh6(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 1771 { 1772 return memcmp(&a->nh6, &b->nh6, sizeof(struct in6_addr)); 1773 } 1774 1775 static int parse_nla_iif(struct nlattr **attrs, struct seg6_local_lwt *slwt, 1776 struct netlink_ext_ack *extack) 1777 { 1778 slwt->iif = nla_get_u32(attrs[SEG6_LOCAL_IIF]); 1779 1780 return 0; 1781 } 1782 1783 static int put_nla_iif(struct sk_buff *skb, struct seg6_local_lwt *slwt) 1784 { 1785 if (nla_put_u32(skb, SEG6_LOCAL_IIF, slwt->iif)) 1786 return -EMSGSIZE; 1787 1788 return 0; 1789 } 1790 1791 static int cmp_nla_iif(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 1792 { 1793 if (a->iif != b->iif) 1794 return 1; 1795 1796 return 0; 1797 } 1798 1799 static int parse_nla_oif(struct nlattr **attrs, struct seg6_local_lwt *slwt, 1800 struct netlink_ext_ack *extack) 1801 { 1802 slwt->oif = nla_get_u32(attrs[SEG6_LOCAL_OIF]); 1803 1804 return 0; 1805 } 1806 1807 static int put_nla_oif(struct sk_buff *skb, struct seg6_local_lwt *slwt) 1808 { 1809 if (nla_put_u32(skb, SEG6_LOCAL_OIF, slwt->oif)) 1810 return -EMSGSIZE; 1811 1812 return 0; 1813 } 1814 1815 static int cmp_nla_oif(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 1816 { 1817 if (a->oif != b->oif) 1818 return 1; 1819 1820 return 0; 1821 } 1822 1823 #define MAX_PROG_NAME 256 1824 static const struct nla_policy bpf_prog_policy[SEG6_LOCAL_BPF_PROG_MAX + 1] = { 1825 [SEG6_LOCAL_BPF_PROG] = { .type = NLA_U32, }, 1826 [SEG6_LOCAL_BPF_PROG_NAME] = { .type = NLA_NUL_STRING, 1827 .len = MAX_PROG_NAME }, 1828 }; 1829 1830 static int parse_nla_bpf(struct nlattr **attrs, struct seg6_local_lwt *slwt, 1831 struct netlink_ext_ack *extack) 1832 { 1833 struct nlattr *tb[SEG6_LOCAL_BPF_PROG_MAX + 1]; 1834 struct bpf_prog *p; 1835 int ret; 1836 u32 fd; 1837 1838 ret = nla_parse_nested_deprecated(tb, SEG6_LOCAL_BPF_PROG_MAX, 1839 attrs[SEG6_LOCAL_BPF], 1840 bpf_prog_policy, NULL); 1841 if (ret < 0) 1842 return ret; 1843 1844 if (!tb[SEG6_LOCAL_BPF_PROG] || !tb[SEG6_LOCAL_BPF_PROG_NAME]) 1845 return -EINVAL; 1846 1847 slwt->bpf.name = nla_memdup(tb[SEG6_LOCAL_BPF_PROG_NAME], GFP_KERNEL); 1848 if (!slwt->bpf.name) 1849 return -ENOMEM; 1850 1851 fd = nla_get_u32(tb[SEG6_LOCAL_BPF_PROG]); 1852 p = bpf_prog_get_type(fd, BPF_PROG_TYPE_LWT_SEG6LOCAL); 1853 if (IS_ERR(p)) { 1854 kfree(slwt->bpf.name); 1855 return PTR_ERR(p); 1856 } 1857 1858 slwt->bpf.prog = p; 1859 return 0; 1860 } 1861 1862 static int put_nla_bpf(struct sk_buff *skb, struct seg6_local_lwt *slwt) 1863 { 1864 struct nlattr *nest; 1865 1866 if (!slwt->bpf.prog) 1867 return 0; 1868 1869 nest = nla_nest_start_noflag(skb, SEG6_LOCAL_BPF); 1870 if (!nest) 1871 return -EMSGSIZE; 1872 1873 if (nla_put_u32(skb, SEG6_LOCAL_BPF_PROG, slwt->bpf.prog->aux->id)) 1874 return -EMSGSIZE; 1875 1876 if (slwt->bpf.name && 1877 nla_put_string(skb, SEG6_LOCAL_BPF_PROG_NAME, slwt->bpf.name)) 1878 return -EMSGSIZE; 1879 1880 return nla_nest_end(skb, nest); 1881 } 1882 1883 static int cmp_nla_bpf(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 1884 { 1885 if (!a->bpf.name && !b->bpf.name) 1886 return 0; 1887 1888 if (!a->bpf.name || !b->bpf.name) 1889 return 1; 1890 1891 return strcmp(a->bpf.name, b->bpf.name); 1892 } 1893 1894 static void destroy_attr_bpf(struct seg6_local_lwt *slwt) 1895 { 1896 kfree(slwt->bpf.name); 1897 if (slwt->bpf.prog) 1898 bpf_prog_put(slwt->bpf.prog); 1899 } 1900 1901 static const struct 1902 nla_policy seg6_local_counters_policy[SEG6_LOCAL_CNT_MAX + 1] = { 1903 [SEG6_LOCAL_CNT_PACKETS] = { .type = NLA_U64 }, 1904 [SEG6_LOCAL_CNT_BYTES] = { .type = NLA_U64 }, 1905 [SEG6_LOCAL_CNT_ERRORS] = { .type = NLA_U64 }, 1906 }; 1907 1908 static int parse_nla_counters(struct nlattr **attrs, 1909 struct seg6_local_lwt *slwt, 1910 struct netlink_ext_ack *extack) 1911 { 1912 struct pcpu_seg6_local_counters __percpu *pcounters; 1913 struct nlattr *tb[SEG6_LOCAL_CNT_MAX + 1]; 1914 int ret; 1915 1916 ret = nla_parse_nested_deprecated(tb, SEG6_LOCAL_CNT_MAX, 1917 attrs[SEG6_LOCAL_COUNTERS], 1918 seg6_local_counters_policy, NULL); 1919 if (ret < 0) 1920 return ret; 1921 1922 /* basic support for SRv6 Behavior counters requires at least: 1923 * packets, bytes and errors. 1924 */ 1925 if (!tb[SEG6_LOCAL_CNT_PACKETS] || !tb[SEG6_LOCAL_CNT_BYTES] || 1926 !tb[SEG6_LOCAL_CNT_ERRORS]) 1927 return -EINVAL; 1928 1929 /* counters are always zero initialized */ 1930 pcounters = seg6_local_alloc_pcpu_counters(GFP_KERNEL); 1931 if (!pcounters) 1932 return -ENOMEM; 1933 1934 slwt->pcpu_counters = pcounters; 1935 1936 return 0; 1937 } 1938 1939 static int seg6_local_fill_nla_counters(struct sk_buff *skb, 1940 struct seg6_local_counters *counters) 1941 { 1942 if (nla_put_u64_64bit(skb, SEG6_LOCAL_CNT_PACKETS, counters->packets, 1943 SEG6_LOCAL_CNT_PAD)) 1944 return -EMSGSIZE; 1945 1946 if (nla_put_u64_64bit(skb, SEG6_LOCAL_CNT_BYTES, counters->bytes, 1947 SEG6_LOCAL_CNT_PAD)) 1948 return -EMSGSIZE; 1949 1950 if (nla_put_u64_64bit(skb, SEG6_LOCAL_CNT_ERRORS, counters->errors, 1951 SEG6_LOCAL_CNT_PAD)) 1952 return -EMSGSIZE; 1953 1954 return 0; 1955 } 1956 1957 static int put_nla_counters(struct sk_buff *skb, struct seg6_local_lwt *slwt) 1958 { 1959 struct seg6_local_counters counters = { 0, 0, 0 }; 1960 struct nlattr *nest; 1961 int rc, i; 1962 1963 nest = nla_nest_start(skb, SEG6_LOCAL_COUNTERS); 1964 if (!nest) 1965 return -EMSGSIZE; 1966 1967 for_each_possible_cpu(i) { 1968 struct pcpu_seg6_local_counters *pcounters; 1969 u64 packets, bytes, errors; 1970 unsigned int start; 1971 1972 pcounters = per_cpu_ptr(slwt->pcpu_counters, i); 1973 do { 1974 start = u64_stats_fetch_begin(&pcounters->syncp); 1975 1976 packets = u64_stats_read(&pcounters->packets); 1977 bytes = u64_stats_read(&pcounters->bytes); 1978 errors = u64_stats_read(&pcounters->errors); 1979 1980 } while (u64_stats_fetch_retry(&pcounters->syncp, start)); 1981 1982 counters.packets += packets; 1983 counters.bytes += bytes; 1984 counters.errors += errors; 1985 } 1986 1987 rc = seg6_local_fill_nla_counters(skb, &counters); 1988 if (rc < 0) { 1989 nla_nest_cancel(skb, nest); 1990 return rc; 1991 } 1992 1993 return nla_nest_end(skb, nest); 1994 } 1995 1996 static int cmp_nla_counters(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 1997 { 1998 /* a and b are equal if both have pcpu_counters set or not */ 1999 return (!!((unsigned long)a->pcpu_counters)) ^ 2000 (!!((unsigned long)b->pcpu_counters)); 2001 } 2002 2003 static void destroy_attr_counters(struct seg6_local_lwt *slwt) 2004 { 2005 free_percpu(slwt->pcpu_counters); 2006 } 2007 2008 static const 2009 struct nla_policy seg6_local_flavors_policy[SEG6_LOCAL_FLV_MAX + 1] = { 2010 [SEG6_LOCAL_FLV_OPERATION] = { .type = NLA_U32 }, 2011 [SEG6_LOCAL_FLV_LCBLOCK_BITS] = { .type = NLA_U8 }, 2012 [SEG6_LOCAL_FLV_LCNODE_FN_BITS] = { .type = NLA_U8 }, 2013 }; 2014 2015 /* check whether the lengths of the Locator-Block and Locator-Node Function 2016 * are compatible with the dimension of a C-SID container. 2017 */ 2018 static int seg6_chk_next_csid_cfg(__u8 block_len, __u8 func_len) 2019 { 2020 /* Locator-Block and Locator-Node Function cannot exceed 128 bits 2021 * (i.e. C-SID container lenghts). 2022 */ 2023 if (next_csid_chk_cntr_bits(block_len, func_len)) 2024 return -EINVAL; 2025 2026 /* Locator-Block length must be greater than zero and evenly divisible 2027 * by 8. There must be room for a Locator-Node Function, at least. 2028 */ 2029 if (next_csid_chk_lcblock_bits(block_len)) 2030 return -EINVAL; 2031 2032 /* Locator-Node Function length must be greater than zero and evenly 2033 * divisible by 8. There must be room for the Locator-Block. 2034 */ 2035 if (next_csid_chk_lcnode_fn_bits(func_len)) 2036 return -EINVAL; 2037 2038 return 0; 2039 } 2040 2041 static int seg6_parse_nla_next_csid_cfg(struct nlattr **tb, 2042 struct seg6_flavors_info *finfo, 2043 struct netlink_ext_ack *extack) 2044 { 2045 __u8 func_len = SEG6_LOCAL_LCNODE_FN_DBITS; 2046 __u8 block_len = SEG6_LOCAL_LCBLOCK_DBITS; 2047 int rc; 2048 2049 if (tb[SEG6_LOCAL_FLV_LCBLOCK_BITS]) 2050 block_len = nla_get_u8(tb[SEG6_LOCAL_FLV_LCBLOCK_BITS]); 2051 2052 if (tb[SEG6_LOCAL_FLV_LCNODE_FN_BITS]) 2053 func_len = nla_get_u8(tb[SEG6_LOCAL_FLV_LCNODE_FN_BITS]); 2054 2055 rc = seg6_chk_next_csid_cfg(block_len, func_len); 2056 if (rc < 0) { 2057 NL_SET_ERR_MSG(extack, 2058 "Invalid Locator Block/Node Function lengths"); 2059 return rc; 2060 } 2061 2062 finfo->lcblock_bits = block_len; 2063 finfo->lcnode_func_bits = func_len; 2064 2065 return 0; 2066 } 2067 2068 static int parse_nla_flavors(struct nlattr **attrs, struct seg6_local_lwt *slwt, 2069 struct netlink_ext_ack *extack) 2070 { 2071 struct seg6_flavors_info *finfo = &slwt->flv_info; 2072 struct nlattr *tb[SEG6_LOCAL_FLV_MAX + 1]; 2073 unsigned long fops; 2074 int rc; 2075 2076 rc = nla_parse_nested_deprecated(tb, SEG6_LOCAL_FLV_MAX, 2077 attrs[SEG6_LOCAL_FLAVORS], 2078 seg6_local_flavors_policy, NULL); 2079 if (rc < 0) 2080 return rc; 2081 2082 /* this attribute MUST always be present since it represents the Flavor 2083 * operation(s) to be carried out. 2084 */ 2085 if (!tb[SEG6_LOCAL_FLV_OPERATION]) 2086 return -EINVAL; 2087 2088 fops = nla_get_u32(tb[SEG6_LOCAL_FLV_OPERATION]); 2089 if (fops & ~SEG6_LOCAL_FLV_SUPP_OPS) { 2090 NL_SET_ERR_MSG(extack, "Unsupported Flavor operation(s)"); 2091 return -EOPNOTSUPP; 2092 } 2093 2094 finfo->flv_ops = fops; 2095 2096 if (seg6_next_csid_enabled(fops)) { 2097 /* Locator-Block and Locator-Node Function lengths can be 2098 * provided by the user space. Otherwise, default values are 2099 * applied. 2100 */ 2101 rc = seg6_parse_nla_next_csid_cfg(tb, finfo, extack); 2102 if (rc < 0) 2103 return rc; 2104 } 2105 2106 return 0; 2107 } 2108 2109 static int seg6_fill_nla_next_csid_cfg(struct sk_buff *skb, 2110 struct seg6_flavors_info *finfo) 2111 { 2112 if (nla_put_u8(skb, SEG6_LOCAL_FLV_LCBLOCK_BITS, finfo->lcblock_bits)) 2113 return -EMSGSIZE; 2114 2115 if (nla_put_u8(skb, SEG6_LOCAL_FLV_LCNODE_FN_BITS, 2116 finfo->lcnode_func_bits)) 2117 return -EMSGSIZE; 2118 2119 return 0; 2120 } 2121 2122 static int put_nla_flavors(struct sk_buff *skb, struct seg6_local_lwt *slwt) 2123 { 2124 struct seg6_flavors_info *finfo = &slwt->flv_info; 2125 __u32 fops = finfo->flv_ops; 2126 struct nlattr *nest; 2127 int rc; 2128 2129 nest = nla_nest_start(skb, SEG6_LOCAL_FLAVORS); 2130 if (!nest) 2131 return -EMSGSIZE; 2132 2133 if (nla_put_u32(skb, SEG6_LOCAL_FLV_OPERATION, fops)) { 2134 rc = -EMSGSIZE; 2135 goto err; 2136 } 2137 2138 if (seg6_next_csid_enabled(fops)) { 2139 rc = seg6_fill_nla_next_csid_cfg(skb, finfo); 2140 if (rc < 0) 2141 goto err; 2142 } 2143 2144 return nla_nest_end(skb, nest); 2145 2146 err: 2147 nla_nest_cancel(skb, nest); 2148 return rc; 2149 } 2150 2151 static int seg6_cmp_nla_next_csid_cfg(struct seg6_flavors_info *finfo_a, 2152 struct seg6_flavors_info *finfo_b) 2153 { 2154 if (finfo_a->lcblock_bits != finfo_b->lcblock_bits) 2155 return 1; 2156 2157 if (finfo_a->lcnode_func_bits != finfo_b->lcnode_func_bits) 2158 return 1; 2159 2160 return 0; 2161 } 2162 2163 static int cmp_nla_flavors(struct seg6_local_lwt *a, struct seg6_local_lwt *b) 2164 { 2165 struct seg6_flavors_info *finfo_a = &a->flv_info; 2166 struct seg6_flavors_info *finfo_b = &b->flv_info; 2167 2168 if (finfo_a->flv_ops != finfo_b->flv_ops) 2169 return 1; 2170 2171 if (seg6_next_csid_enabled(finfo_a->flv_ops)) { 2172 if (seg6_cmp_nla_next_csid_cfg(finfo_a, finfo_b)) 2173 return 1; 2174 } 2175 2176 return 0; 2177 } 2178 2179 static int encap_size_flavors(struct seg6_local_lwt *slwt) 2180 { 2181 struct seg6_flavors_info *finfo = &slwt->flv_info; 2182 int nlsize; 2183 2184 nlsize = nla_total_size(0) + /* nest SEG6_LOCAL_FLAVORS */ 2185 nla_total_size(4); /* SEG6_LOCAL_FLV_OPERATION */ 2186 2187 if (seg6_next_csid_enabled(finfo->flv_ops)) 2188 nlsize += nla_total_size(1) + /* SEG6_LOCAL_FLV_LCBLOCK_BITS */ 2189 nla_total_size(1); /* SEG6_LOCAL_FLV_LCNODE_FN_BITS */ 2190 2191 return nlsize; 2192 } 2193 2194 struct seg6_action_param { 2195 int (*parse)(struct nlattr **attrs, struct seg6_local_lwt *slwt, 2196 struct netlink_ext_ack *extack); 2197 int (*put)(struct sk_buff *skb, struct seg6_local_lwt *slwt); 2198 int (*cmp)(struct seg6_local_lwt *a, struct seg6_local_lwt *b); 2199 2200 /* optional destroy() callback useful for releasing resources which 2201 * have been previously acquired in the corresponding parse() 2202 * function. 2203 */ 2204 void (*destroy)(struct seg6_local_lwt *slwt); 2205 }; 2206 2207 static struct seg6_action_param seg6_action_params[SEG6_LOCAL_MAX + 1] = { 2208 [SEG6_LOCAL_SRH] = { .parse = parse_nla_srh, 2209 .put = put_nla_srh, 2210 .cmp = cmp_nla_srh, 2211 .destroy = destroy_attr_srh }, 2212 2213 [SEG6_LOCAL_TABLE] = { .parse = parse_nla_table, 2214 .put = put_nla_table, 2215 .cmp = cmp_nla_table }, 2216 2217 [SEG6_LOCAL_NH4] = { .parse = parse_nla_nh4, 2218 .put = put_nla_nh4, 2219 .cmp = cmp_nla_nh4 }, 2220 2221 [SEG6_LOCAL_NH6] = { .parse = parse_nla_nh6, 2222 .put = put_nla_nh6, 2223 .cmp = cmp_nla_nh6 }, 2224 2225 [SEG6_LOCAL_IIF] = { .parse = parse_nla_iif, 2226 .put = put_nla_iif, 2227 .cmp = cmp_nla_iif }, 2228 2229 [SEG6_LOCAL_OIF] = { .parse = parse_nla_oif, 2230 .put = put_nla_oif, 2231 .cmp = cmp_nla_oif }, 2232 2233 [SEG6_LOCAL_BPF] = { .parse = parse_nla_bpf, 2234 .put = put_nla_bpf, 2235 .cmp = cmp_nla_bpf, 2236 .destroy = destroy_attr_bpf }, 2237 2238 [SEG6_LOCAL_VRFTABLE] = { .parse = parse_nla_vrftable, 2239 .put = put_nla_vrftable, 2240 .cmp = cmp_nla_vrftable }, 2241 2242 [SEG6_LOCAL_COUNTERS] = { .parse = parse_nla_counters, 2243 .put = put_nla_counters, 2244 .cmp = cmp_nla_counters, 2245 .destroy = destroy_attr_counters }, 2246 2247 [SEG6_LOCAL_FLAVORS] = { .parse = parse_nla_flavors, 2248 .put = put_nla_flavors, 2249 .cmp = cmp_nla_flavors }, 2250 }; 2251 2252 /* call the destroy() callback (if available) for each set attribute in 2253 * @parsed_attrs, starting from the first attribute up to the @max_parsed 2254 * (excluded) attribute. 2255 */ 2256 static void __destroy_attrs(unsigned long parsed_attrs, int max_parsed, 2257 struct seg6_local_lwt *slwt) 2258 { 2259 struct seg6_action_param *param; 2260 int i; 2261 2262 /* Every required seg6local attribute is identified by an ID which is 2263 * encoded as a flag (i.e: 1 << ID) in the 'attrs' bitmask; 2264 * 2265 * We scan the 'parsed_attrs' bitmask, starting from the first attribute 2266 * up to the @max_parsed (excluded) attribute. 2267 * For each set attribute, we retrieve the corresponding destroy() 2268 * callback. If the callback is not available, then we skip to the next 2269 * attribute; otherwise, we call the destroy() callback. 2270 */ 2271 for (i = SEG6_LOCAL_SRH; i < max_parsed; ++i) { 2272 if (!(parsed_attrs & SEG6_F_ATTR(i))) 2273 continue; 2274 2275 param = &seg6_action_params[i]; 2276 2277 if (param->destroy) 2278 param->destroy(slwt); 2279 } 2280 } 2281 2282 /* release all the resources that may have been acquired during parsing 2283 * operations. 2284 */ 2285 static void destroy_attrs(struct seg6_local_lwt *slwt) 2286 { 2287 unsigned long attrs = slwt->desc->attrs | slwt->parsed_optattrs; 2288 2289 __destroy_attrs(attrs, SEG6_LOCAL_MAX + 1, slwt); 2290 } 2291 2292 static int parse_nla_optional_attrs(struct nlattr **attrs, 2293 struct seg6_local_lwt *slwt, 2294 struct netlink_ext_ack *extack) 2295 { 2296 struct seg6_action_desc *desc = slwt->desc; 2297 unsigned long parsed_optattrs = 0; 2298 struct seg6_action_param *param; 2299 int err, i; 2300 2301 for (i = SEG6_LOCAL_SRH; i < SEG6_LOCAL_MAX + 1; ++i) { 2302 if (!(desc->optattrs & SEG6_F_ATTR(i)) || !attrs[i]) 2303 continue; 2304 2305 /* once here, the i-th attribute is provided by the 2306 * userspace AND it is identified optional as well. 2307 */ 2308 param = &seg6_action_params[i]; 2309 2310 err = param->parse(attrs, slwt, extack); 2311 if (err < 0) 2312 goto parse_optattrs_err; 2313 2314 /* current attribute has been correctly parsed */ 2315 parsed_optattrs |= SEG6_F_ATTR(i); 2316 } 2317 2318 /* store in the tunnel state all the optional attributed successfully 2319 * parsed. 2320 */ 2321 slwt->parsed_optattrs = parsed_optattrs; 2322 2323 return 0; 2324 2325 parse_optattrs_err: 2326 __destroy_attrs(parsed_optattrs, i, slwt); 2327 2328 return err; 2329 } 2330 2331 /* call the custom constructor of the behavior during its initialization phase 2332 * and after that all its attributes have been parsed successfully. 2333 */ 2334 static int 2335 seg6_local_lwtunnel_build_state(struct seg6_local_lwt *slwt, const void *cfg, 2336 struct netlink_ext_ack *extack) 2337 { 2338 struct seg6_action_desc *desc = slwt->desc; 2339 struct seg6_local_lwtunnel_ops *ops; 2340 2341 ops = &desc->slwt_ops; 2342 if (!ops->build_state) 2343 return 0; 2344 2345 return ops->build_state(slwt, cfg, extack); 2346 } 2347 2348 /* call the custom destructor of the behavior which is invoked before the 2349 * tunnel is going to be destroyed. 2350 */ 2351 static void seg6_local_lwtunnel_destroy_state(struct seg6_local_lwt *slwt) 2352 { 2353 struct seg6_action_desc *desc = slwt->desc; 2354 struct seg6_local_lwtunnel_ops *ops; 2355 2356 ops = &desc->slwt_ops; 2357 if (!ops->destroy_state) 2358 return; 2359 2360 ops->destroy_state(slwt); 2361 } 2362 2363 static int parse_nla_action(struct nlattr **attrs, struct seg6_local_lwt *slwt, 2364 struct netlink_ext_ack *extack) 2365 { 2366 struct seg6_action_param *param; 2367 struct seg6_action_desc *desc; 2368 unsigned long invalid_attrs; 2369 int i, err; 2370 2371 desc = __get_action_desc(slwt->action); 2372 if (!desc) 2373 return -EINVAL; 2374 2375 if (!desc->input) 2376 return -EOPNOTSUPP; 2377 2378 slwt->desc = desc; 2379 slwt->headroom += desc->static_headroom; 2380 2381 /* Forcing the desc->optattrs *set* and the desc->attrs *set* to be 2382 * disjoined, this allow us to release acquired resources by optional 2383 * attributes and by required attributes independently from each other 2384 * without any interference. 2385 * In other terms, we are sure that we do not release some the acquired 2386 * resources twice. 2387 * 2388 * Note that if an attribute is configured both as required and as 2389 * optional, it means that the user has messed something up in the 2390 * seg6_action_table. Therefore, this check is required for SRv6 2391 * behaviors to work properly. 2392 */ 2393 invalid_attrs = desc->attrs & desc->optattrs; 2394 if (invalid_attrs) { 2395 WARN_ONCE(1, 2396 "An attribute cannot be both required AND optional"); 2397 return -EINVAL; 2398 } 2399 2400 /* parse the required attributes */ 2401 for (i = SEG6_LOCAL_SRH; i < SEG6_LOCAL_MAX + 1; i++) { 2402 if (desc->attrs & SEG6_F_ATTR(i)) { 2403 if (!attrs[i]) 2404 return -EINVAL; 2405 2406 param = &seg6_action_params[i]; 2407 2408 err = param->parse(attrs, slwt, extack); 2409 if (err < 0) 2410 goto parse_attrs_err; 2411 } 2412 } 2413 2414 /* parse the optional attributes, if any */ 2415 err = parse_nla_optional_attrs(attrs, slwt, extack); 2416 if (err < 0) 2417 goto parse_attrs_err; 2418 2419 return 0; 2420 2421 parse_attrs_err: 2422 /* release any resource that may have been acquired during the i-1 2423 * parse() operations. 2424 */ 2425 __destroy_attrs(desc->attrs, i, slwt); 2426 2427 return err; 2428 } 2429 2430 static int seg6_local_build_state(struct net *net, struct nlattr *nla, 2431 unsigned int family, const void *cfg, 2432 struct lwtunnel_state **ts, 2433 struct netlink_ext_ack *extack) 2434 { 2435 struct nlattr *tb[SEG6_LOCAL_MAX + 1]; 2436 struct lwtunnel_state *newts; 2437 struct seg6_local_lwt *slwt; 2438 int err; 2439 2440 if (family != AF_INET6) 2441 return -EINVAL; 2442 2443 err = nla_parse_nested_deprecated(tb, SEG6_LOCAL_MAX, nla, 2444 seg6_local_policy, extack); 2445 2446 if (err < 0) 2447 return err; 2448 2449 if (!tb[SEG6_LOCAL_ACTION]) 2450 return -EINVAL; 2451 2452 newts = lwtunnel_state_alloc(sizeof(*slwt)); 2453 if (!newts) 2454 return -ENOMEM; 2455 2456 slwt = seg6_local_lwtunnel(newts); 2457 slwt->action = nla_get_u32(tb[SEG6_LOCAL_ACTION]); 2458 2459 err = parse_nla_action(tb, slwt, extack); 2460 if (err < 0) 2461 goto out_free; 2462 2463 err = seg6_local_lwtunnel_build_state(slwt, cfg, extack); 2464 if (err < 0) 2465 goto out_destroy_attrs; 2466 2467 newts->type = LWTUNNEL_ENCAP_SEG6_LOCAL; 2468 newts->flags = LWTUNNEL_STATE_INPUT_REDIRECT; 2469 newts->headroom = slwt->headroom; 2470 2471 *ts = newts; 2472 2473 return 0; 2474 2475 out_destroy_attrs: 2476 destroy_attrs(slwt); 2477 out_free: 2478 kfree(newts); 2479 return err; 2480 } 2481 2482 static void seg6_local_destroy_state(struct lwtunnel_state *lwt) 2483 { 2484 struct seg6_local_lwt *slwt = seg6_local_lwtunnel(lwt); 2485 2486 seg6_local_lwtunnel_destroy_state(slwt); 2487 2488 destroy_attrs(slwt); 2489 2490 return; 2491 } 2492 2493 static int seg6_local_fill_encap(struct sk_buff *skb, 2494 struct lwtunnel_state *lwt) 2495 { 2496 struct seg6_local_lwt *slwt = seg6_local_lwtunnel(lwt); 2497 struct seg6_action_param *param; 2498 unsigned long attrs; 2499 int i, err; 2500 2501 if (nla_put_u32(skb, SEG6_LOCAL_ACTION, slwt->action)) 2502 return -EMSGSIZE; 2503 2504 attrs = slwt->desc->attrs | slwt->parsed_optattrs; 2505 2506 for (i = SEG6_LOCAL_SRH; i < SEG6_LOCAL_MAX + 1; i++) { 2507 if (attrs & SEG6_F_ATTR(i)) { 2508 param = &seg6_action_params[i]; 2509 err = param->put(skb, slwt); 2510 if (err < 0) 2511 return err; 2512 } 2513 } 2514 2515 return 0; 2516 } 2517 2518 static int seg6_local_get_encap_size(struct lwtunnel_state *lwt) 2519 { 2520 struct seg6_local_lwt *slwt = seg6_local_lwtunnel(lwt); 2521 unsigned long attrs; 2522 int nlsize; 2523 2524 nlsize = nla_total_size(4); /* action */ 2525 2526 attrs = slwt->desc->attrs | slwt->parsed_optattrs; 2527 2528 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_SRH)) 2529 nlsize += nla_total_size((slwt->srh->hdrlen + 1) << 3); 2530 2531 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_TABLE)) 2532 nlsize += nla_total_size(4); 2533 2534 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_NH4)) 2535 nlsize += nla_total_size(4); 2536 2537 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_NH6)) 2538 nlsize += nla_total_size(16); 2539 2540 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_IIF)) 2541 nlsize += nla_total_size(4); 2542 2543 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_OIF)) 2544 nlsize += nla_total_size(4); 2545 2546 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_BPF)) 2547 nlsize += nla_total_size(sizeof(struct nlattr)) + 2548 nla_total_size(MAX_PROG_NAME) + 2549 nla_total_size(4); 2550 2551 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE)) 2552 nlsize += nla_total_size(4); 2553 2554 if (attrs & SEG6_F_LOCAL_COUNTERS) 2555 nlsize += nla_total_size(0) + /* nest SEG6_LOCAL_COUNTERS */ 2556 /* SEG6_LOCAL_CNT_PACKETS */ 2557 nla_total_size_64bit(sizeof(__u64)) + 2558 /* SEG6_LOCAL_CNT_BYTES */ 2559 nla_total_size_64bit(sizeof(__u64)) + 2560 /* SEG6_LOCAL_CNT_ERRORS */ 2561 nla_total_size_64bit(sizeof(__u64)); 2562 2563 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_FLAVORS)) 2564 nlsize += encap_size_flavors(slwt); 2565 2566 return nlsize; 2567 } 2568 2569 static int seg6_local_cmp_encap(struct lwtunnel_state *a, 2570 struct lwtunnel_state *b) 2571 { 2572 struct seg6_local_lwt *slwt_a, *slwt_b; 2573 struct seg6_action_param *param; 2574 unsigned long attrs_a, attrs_b; 2575 int i; 2576 2577 slwt_a = seg6_local_lwtunnel(a); 2578 slwt_b = seg6_local_lwtunnel(b); 2579 2580 if (slwt_a->action != slwt_b->action) 2581 return 1; 2582 2583 attrs_a = slwt_a->desc->attrs | slwt_a->parsed_optattrs; 2584 attrs_b = slwt_b->desc->attrs | slwt_b->parsed_optattrs; 2585 2586 if (attrs_a != attrs_b) 2587 return 1; 2588 2589 for (i = SEG6_LOCAL_SRH; i < SEG6_LOCAL_MAX + 1; i++) { 2590 if (attrs_a & SEG6_F_ATTR(i)) { 2591 param = &seg6_action_params[i]; 2592 if (param->cmp(slwt_a, slwt_b)) 2593 return 1; 2594 } 2595 } 2596 2597 return 0; 2598 } 2599 2600 static const struct lwtunnel_encap_ops seg6_local_ops = { 2601 .build_state = seg6_local_build_state, 2602 .destroy_state = seg6_local_destroy_state, 2603 .input = seg6_local_input, 2604 .fill_encap = seg6_local_fill_encap, 2605 .get_encap_size = seg6_local_get_encap_size, 2606 .cmp_encap = seg6_local_cmp_encap, 2607 .owner = THIS_MODULE, 2608 }; 2609 2610 int __init seg6_local_init(void) 2611 { 2612 /* If the max total number of defined attributes is reached, then your 2613 * kernel build stops here. 2614 * 2615 * This check is required to avoid arithmetic overflows when processing 2616 * behavior attributes and the maximum number of defined attributes 2617 * exceeds the allowed value. 2618 */ 2619 BUILD_BUG_ON(SEG6_LOCAL_MAX + 1 > BITS_PER_TYPE(unsigned long)); 2620 2621 /* If the default NEXT-C-SID Locator-Block/Node Function lengths (in 2622 * bits) have been changed with invalid values, kernel build stops 2623 * here. 2624 */ 2625 BUILD_BUG_ON(next_csid_chk_cntr_bits(SEG6_LOCAL_LCBLOCK_DBITS, 2626 SEG6_LOCAL_LCNODE_FN_DBITS)); 2627 BUILD_BUG_ON(next_csid_chk_lcblock_bits(SEG6_LOCAL_LCBLOCK_DBITS)); 2628 BUILD_BUG_ON(next_csid_chk_lcnode_fn_bits(SEG6_LOCAL_LCNODE_FN_DBITS)); 2629 2630 /* To be memory efficient, we use 'u8' to represent the different 2631 * actions related to RFC8986 flavors. If the kernel build stops here, 2632 * it means that it is not possible to correctly encode these actions 2633 * with the data type chosen for the action table. 2634 */ 2635 BUILD_BUG_ON(SEG6_LOCAL_FLV_ACT_MAX > (typeof(flv8986_act_tbl[0]))~0U); 2636 2637 return lwtunnel_encap_add_ops(&seg6_local_ops, 2638 LWTUNNEL_ENCAP_SEG6_LOCAL); 2639 } 2640 2641 void seg6_local_exit(void) 2642 { 2643 lwtunnel_encap_del_ops(&seg6_local_ops, LWTUNNEL_ENCAP_SEG6_LOCAL); 2644 } 2645