Blame view
net/ipv6/xfrm6_policy.c
6.74 KB
b24413180
|
1 |
// SPDX-License-Identifier: GPL-2.0 |
1da177e4c
|
2 3 4 5 6 |
/* * xfrm6_policy.c: based on xfrm4_policy.c * * Authors: * Mitsuru KANDA @USAGI |
67ba4152e
|
7 8 9 10 11 |
* Kazunori MIYAZAWA @USAGI * Kunihiro Ishiguro <kunihiro@ipinfusion.com> * IPv6 support * YOSHIFUJI Hideaki * Split up af-specific portion |
1ab1457c4
|
12 |
* |
1da177e4c
|
13 |
*/ |
66cdb3ca2
|
14 15 |
#include <linux/err.h> #include <linux/kernel.h> |
aabc9761b
|
16 17 |
#include <linux/netdevice.h> #include <net/addrconf.h> |
45ff5a3f9
|
18 |
#include <net/dst.h> |
1da177e4c
|
19 20 21 22 |
#include <net/xfrm.h> #include <net/ip.h> #include <net/ipv6.h> #include <net/ip6_route.h> |
385add906
|
23 |
#include <net/l3mdev.h> |
1da177e4c
|
24 |
|
42a7b32b7
|
25 |
static struct dst_entry *xfrm6_dst_lookup(struct net *net, int tos, int oif, |
5e6b930f2
|
26 |
const xfrm_address_t *saddr, |
077fbac40
|
27 28 |
const xfrm_address_t *daddr, u32 mark) |
1da177e4c
|
29 |
{ |
7e1dc7b6f
|
30 |
struct flowi6 fl6; |
66cdb3ca2
|
31 32 |
struct dst_entry *dst; int err; |
7e1dc7b6f
|
33 |
memset(&fl6, 0, sizeof(fl6)); |
11d7a0bb9
|
34 |
fl6.flowi6_oif = l3mdev_master_ifindex_by_index(net, oif); |
4148987a5
|
35 |
fl6.flowi6_flags = FLOWI_FLAG_SKIP_NH_OIF; |
077fbac40
|
36 |
fl6.flowi6_mark = mark; |
7e1dc7b6f
|
37 |
memcpy(&fl6.daddr, daddr, sizeof(fl6.daddr)); |
66cdb3ca2
|
38 |
if (saddr) |
7e1dc7b6f
|
39 |
memcpy(&fl6.saddr, saddr, sizeof(fl6.saddr)); |
66cdb3ca2
|
40 |
|
4c9483b2f
|
41 |
dst = ip6_route_output(net, NULL, &fl6); |
66cdb3ca2
|
42 43 44 |
err = dst->error; if (dst->error) { |
4251320fa
|
45 |
dst_release(dst); |
66cdb3ca2
|
46 47 48 49 |
dst = ERR_PTR(err); } return dst; |
1da177e4c
|
50 |
} |
42a7b32b7
|
51 |
static int xfrm6_get_saddr(struct net *net, int oif, |
077fbac40
|
52 53 |
xfrm_address_t *saddr, xfrm_address_t *daddr, u32 mark) |
a1e59abf8
|
54 |
{ |
66cdb3ca2
|
55 |
struct dst_entry *dst; |
191cd5825
|
56 |
struct net_device *dev; |
66cdb3ca2
|
57 |
|
077fbac40
|
58 |
dst = xfrm6_dst_lookup(net, 0, oif, NULL, daddr, mark); |
66cdb3ca2
|
59 60 |
if (IS_ERR(dst)) return -EHOSTUNREACH; |
191cd5825
|
61 |
dev = ip6_dst_idev(dst)->dev; |
15e318bdc
|
62 |
ipv6_dev_get_saddr(dev_net(dev), dev, &daddr->in6, 0, &saddr->in6); |
66cdb3ca2
|
63 64 |
dst_release(dst); return 0; |
a1e59abf8
|
65 |
} |
87c1e12b5
|
66 |
static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev, |
0c7b3eefb
|
67 |
const struct flowi *fl) |
25ee3286d
|
68 |
{ |
67ba4152e
|
69 |
struct rt6_info *rt = (struct rt6_info *)xdst->route; |
1da177e4c
|
70 |
|
25ee3286d
|
71 72 |
xdst->u.dst.dev = dev; dev_hold(dev); |
1da177e4c
|
73 |
|
bc8e4b954
|
74 |
xdst->u.rt6.rt6i_idev = in6_dev_get(dev); |
84c4a9dfb
|
75 76 |
if (!xdst->u.rt6.rt6i_idev) { dev_put(dev); |
25ee3286d
|
77 |
return -ENODEV; |
84c4a9dfb
|
78 |
} |
1da177e4c
|
79 |
|
25ee3286d
|
80 81 82 83 |
/* Sheit... I remember I did this right. Apparently, * it was magically lost, so this code needs audit */ xdst->u.rt6.rt6i_flags = rt->rt6i_flags & (RTF_ANYCAST | RTF_LOCAL); |
b197df4f0
|
84 |
xdst->route_cookie = rt6_get_cookie(rt); |
25ee3286d
|
85 86 87 |
xdst->u.rt6.rt6i_gateway = rt->rt6i_gateway; xdst->u.rt6.rt6i_dst = rt->rt6i_dst; xdst->u.rt6.rt6i_src = rt->rt6i_src; |
510c321b5
|
88 89 90 |
INIT_LIST_HEAD(&xdst->u.rt6.rt6i_uncached); rt6_uncached_list_add(&xdst->u.rt6); atomic_inc(&dev_net(dev)->ipv6.rt6_stats->fib_rt_uncache); |
1da177e4c
|
91 |
|
1da177e4c
|
92 |
return 0; |
1da177e4c
|
93 |
} |
6700c2709
|
94 |
static void xfrm6_update_pmtu(struct dst_entry *dst, struct sock *sk, |
bd085ef67
|
95 96 |
struct sk_buff *skb, u32 mtu, bool confirm_neigh) |
1da177e4c
|
97 98 99 |
{ struct xfrm_dst *xdst = (struct xfrm_dst *)dst; struct dst_entry *path = xdst->route; |
bd085ef67
|
100 |
path->ops->update_pmtu(path, sk, skb, mtu, confirm_neigh); |
1da177e4c
|
101 |
} |
6700c2709
|
102 103 |
static void xfrm6_redirect(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb) |
ec18d9a26
|
104 105 106 |
{ struct xfrm_dst *xdst = (struct xfrm_dst *)dst; struct dst_entry *path = xdst->route; |
6700c2709
|
107 |
path->ops->redirect(path, sk, skb); |
ec18d9a26
|
108 |
} |
aabc9761b
|
109 110 111 112 113 114 |
static void xfrm6_dst_destroy(struct dst_entry *dst) { struct xfrm_dst *xdst = (struct xfrm_dst *)dst; if (likely(xdst->u.rt6.rt6i_idev)) in6_dev_put(xdst->u.rt6.rt6i_idev); |
62fa8a846
|
115 |
dst_destroy_metrics_generic(dst); |
510c321b5
|
116 117 |
if (xdst->u.rt6.rt6i_uncached_list) rt6_uncached_list_del(&xdst->u.rt6); |
aabc9761b
|
118 119 120 121 122 123 124 125 126 127 128 129 130 |
xfrm_dst_destroy(xdst); } static void xfrm6_dst_ifdown(struct dst_entry *dst, struct net_device *dev, int unregister) { struct xfrm_dst *xdst; if (!unregister) return; xdst = (struct xfrm_dst *)dst; if (xdst->u.rt6.rt6i_idev->dev == dev) { |
5a3e55d68
|
131 |
struct inet6_dev *loopback_idev = |
c346dca10
|
132 |
in6_dev_get(dev_net(dev)->loopback_dev); |
aabc9761b
|
133 134 135 136 137 |
do { in6_dev_put(xdst->u.rt6.rt6i_idev); xdst->u.rt6.rt6i_idev = loopback_idev; in6_dev_hold(loopback_idev); |
b92cf4aab
|
138 |
xdst = (struct xfrm_dst *)xfrm_dst_child(&xdst->u.dst); |
aabc9761b
|
139 140 141 142 143 144 145 |
} while (xdst->u.dst.xfrm); __in6_dev_put(loopback_idev); } xfrm_dst_ifdown(dst, dev); } |
a8a572a6b
|
146 |
static struct dst_ops xfrm6_dst_ops_template = { |
1da177e4c
|
147 |
.family = AF_INET6, |
1da177e4c
|
148 |
.update_pmtu = xfrm6_update_pmtu, |
ec18d9a26
|
149 |
.redirect = xfrm6_redirect, |
62fa8a846
|
150 |
.cow_metrics = dst_cow_metrics_generic, |
aabc9761b
|
151 152 |
.destroy = xfrm6_dst_destroy, .ifdown = xfrm6_dst_ifdown, |
862b82c6f
|
153 |
.local_out = __ip6_local_out, |
3c2a89ddc
|
154 |
.gc_thresh = 32768, |
1da177e4c
|
155 |
}; |
37b103830
|
156 |
static const struct xfrm_policy_afinfo xfrm6_policy_afinfo = { |
a8a572a6b
|
157 |
.dst_ops = &xfrm6_dst_ops_template, |
1da177e4c
|
158 |
.dst_lookup = xfrm6_dst_lookup, |
67ba4152e
|
159 |
.get_saddr = xfrm6_get_saddr, |
25ee3286d
|
160 |
.fill_dst = xfrm6_fill_dst, |
2774c131b
|
161 |
.blackhole_route = ip6_blackhole_route, |
1da177e4c
|
162 |
}; |
0013cabab
|
163 |
static int __init xfrm6_policy_init(void) |
1da177e4c
|
164 |
{ |
a2817d8b2
|
165 |
return xfrm_policy_register_afinfo(&xfrm6_policy_afinfo, AF_INET6); |
1da177e4c
|
166 167 168 169 170 171 |
} static void xfrm6_policy_fini(void) { xfrm_policy_unregister_afinfo(&xfrm6_policy_afinfo); } |
db71789c0
|
172 |
#ifdef CONFIG_SYSCTL |
a44a4a006
|
173 174 |
static struct ctl_table xfrm6_policy_table[] = { { |
a44a4a006
|
175 |
.procname = "xfrm6_gc_thresh", |
67ba4152e
|
176 177 178 |
.data = &init_net.xfrm.xfrm6_dst_ops.gc_thresh, .maxlen = sizeof(int), .mode = 0644, |
a44a4a006
|
179 180 181 182 |
.proc_handler = proc_dointvec, }, { } }; |
a8a572a6b
|
183 |
static int __net_init xfrm6_net_sysctl_init(struct net *net) |
8d068875c
|
184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 |
{ struct ctl_table *table; struct ctl_table_header *hdr; table = xfrm6_policy_table; if (!net_eq(net, &init_net)) { table = kmemdup(table, sizeof(xfrm6_policy_table), GFP_KERNEL); if (!table) goto err_alloc; table[0].data = &net->xfrm.xfrm6_dst_ops.gc_thresh; } hdr = register_net_sysctl(net, "net/ipv6", table); if (!hdr) goto err_reg; net->ipv6.sysctl.xfrm6_hdr = hdr; return 0; err_reg: if (!net_eq(net, &init_net)) kfree(table); err_alloc: return -ENOMEM; } |
a8a572a6b
|
210 |
static void __net_exit xfrm6_net_sysctl_exit(struct net *net) |
8d068875c
|
211 212 |
{ struct ctl_table *table; |
63159f29b
|
213 |
if (!net->ipv6.sysctl.xfrm6_hdr) |
8d068875c
|
214 215 216 217 218 219 220 |
return; table = net->ipv6.sysctl.xfrm6_hdr->ctl_table_arg; unregister_net_sysctl_table(net->ipv6.sysctl.xfrm6_hdr); if (!net_eq(net, &init_net)) kfree(table); } |
a8a572a6b
|
221 |
#else /* CONFIG_SYSCTL */ |
318d3cc04
|
222 |
static inline int xfrm6_net_sysctl_init(struct net *net) |
a8a572a6b
|
223 224 225 |
{ return 0; } |
318d3cc04
|
226 |
static inline void xfrm6_net_sysctl_exit(struct net *net) |
a8a572a6b
|
227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 |
{ } #endif static int __net_init xfrm6_net_init(struct net *net) { int ret; memcpy(&net->xfrm.xfrm6_dst_ops, &xfrm6_dst_ops_template, sizeof(xfrm6_dst_ops_template)); ret = dst_entries_init(&net->xfrm.xfrm6_dst_ops); if (ret) return ret; ret = xfrm6_net_sysctl_init(net); if (ret) dst_entries_destroy(&net->xfrm.xfrm6_dst_ops); return ret; } static void __net_exit xfrm6_net_exit(struct net *net) { xfrm6_net_sysctl_exit(net); dst_entries_destroy(&net->xfrm.xfrm6_dst_ops); } |
8d068875c
|
253 254 255 256 257 |
static struct pernet_operations xfrm6_net_ops = { .init = xfrm6_net_init, .exit = xfrm6_net_exit, }; |
a44a4a006
|
258 |
|
0013cabab
|
259 |
int __init xfrm6_init(void) |
1da177e4c
|
260 |
{ |
0013cabab
|
261 |
int ret; |
c38132865
|
262 |
|
d7c7544c3
|
263 |
ret = xfrm6_policy_init(); |
a8a572a6b
|
264 |
if (ret) |
d7c7544c3
|
265 |
goto out; |
d7c7544c3
|
266 267 268 |
ret = xfrm6_state_init(); if (ret) goto out_policy; |
7e14ea152
|
269 270 271 |
ret = xfrm6_protocol_init(); if (ret) goto out_state; |
8d068875c
|
272 |
register_pernet_subsys(&xfrm6_net_ops); |
0013cabab
|
273 274 |
out: return ret; |
7e14ea152
|
275 276 |
out_state: xfrm6_state_fini(); |
0013cabab
|
277 278 279 |
out_policy: xfrm6_policy_fini(); goto out; |
1da177e4c
|
280 281 282 283 |
} void xfrm6_fini(void) { |
8d068875c
|
284 |
unregister_pernet_subsys(&xfrm6_net_ops); |
7e14ea152
|
285 |
xfrm6_protocol_fini(); |
1da177e4c
|
286 287 288 |
xfrm6_policy_fini(); xfrm6_state_fini(); } |