]>
Commit | Line | Data |
---|---|---|
2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
3328715e SK |
2 | /* xfrm4_protocol.c - Generic xfrm protocol multiplexer. |
3 | * | |
4 | * Copyright (C) 2013 secunet Security Networks AG | |
5 | * | |
6 | * Author: | |
7 | * Steffen Klassert <steffen.klassert@secunet.com> | |
8 | * | |
9 | * Based on: | |
10 | * net/ipv4/tunnel4.c | |
3328715e SK |
11 | */ |
12 | ||
13 | #include <linux/init.h> | |
14 | #include <linux/mutex.h> | |
15 | #include <linux/skbuff.h> | |
16 | #include <net/icmp.h> | |
17 | #include <net/ip.h> | |
18 | #include <net/protocol.h> | |
19 | #include <net/xfrm.h> | |
20 | ||
21 | static struct xfrm4_protocol __rcu *esp4_handlers __read_mostly; | |
22 | static struct xfrm4_protocol __rcu *ah4_handlers __read_mostly; | |
23 | static struct xfrm4_protocol __rcu *ipcomp4_handlers __read_mostly; | |
24 | static DEFINE_MUTEX(xfrm4_protocol_mutex); | |
25 | ||
26 | static inline struct xfrm4_protocol __rcu **proto_handlers(u8 protocol) | |
27 | { | |
28 | switch (protocol) { | |
29 | case IPPROTO_ESP: | |
30 | return &esp4_handlers; | |
31 | case IPPROTO_AH: | |
32 | return &ah4_handlers; | |
33 | case IPPROTO_COMP: | |
34 | return &ipcomp4_handlers; | |
35 | } | |
36 | ||
37 | return NULL; | |
38 | } | |
39 | ||
40 | #define for_each_protocol_rcu(head, handler) \ | |
41 | for (handler = rcu_dereference(head); \ | |
42 | handler != NULL; \ | |
43 | handler = rcu_dereference(handler->next)) \ | |
44 | ||
bb9cd077 | 45 | static int xfrm4_rcv_cb(struct sk_buff *skb, u8 protocol, int err) |
3328715e SK |
46 | { |
47 | int ret; | |
48 | struct xfrm4_protocol *handler; | |
61622cc6 | 49 | struct xfrm4_protocol __rcu **head = proto_handlers(protocol); |
3328715e | 50 | |
61622cc6 SK |
51 | if (!head) |
52 | return 0; | |
53 | ||
54 | for_each_protocol_rcu(*head, handler) | |
3328715e SK |
55 | if ((ret = handler->cb_handler(skb, err)) <= 0) |
56 | return ret; | |
57 | ||
58 | return 0; | |
59 | } | |
3328715e SK |
60 | |
61 | int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi, | |
62 | int encap_type) | |
63 | { | |
64 | int ret; | |
65 | struct xfrm4_protocol *handler; | |
61622cc6 | 66 | struct xfrm4_protocol __rcu **head = proto_handlers(nexthdr); |
3328715e | 67 | |
70be6c91 | 68 | XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; |
3328715e SK |
69 | XFRM_SPI_SKB_CB(skb)->family = AF_INET; |
70 | XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr); | |
71 | ||
61622cc6 SK |
72 | if (!head) |
73 | goto out; | |
74 | ||
cac3c716 SD |
75 | if (!skb_dst(skb)) { |
76 | const struct iphdr *iph = ip_hdr(skb); | |
77 | ||
78 | if (ip_route_input_noref(skb, iph->daddr, iph->saddr, | |
79 | iph->tos, skb->dev)) | |
80 | goto drop; | |
81 | } | |
82 | ||
61622cc6 | 83 | for_each_protocol_rcu(*head, handler) |
3328715e SK |
84 | if ((ret = handler->input_handler(skb, nexthdr, spi, encap_type)) != -EINVAL) |
85 | return ret; | |
86 | ||
61622cc6 | 87 | out: |
3328715e SK |
88 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); |
89 | ||
cac3c716 | 90 | drop: |
3328715e SK |
91 | kfree_skb(skb); |
92 | return 0; | |
93 | } | |
94 | EXPORT_SYMBOL(xfrm4_rcv_encap); | |
95 | ||
96 | static int xfrm4_esp_rcv(struct sk_buff *skb) | |
97 | { | |
98 | int ret; | |
99 | struct xfrm4_protocol *handler; | |
100 | ||
70be6c91 SK |
101 | XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; |
102 | ||
3328715e SK |
103 | for_each_protocol_rcu(esp4_handlers, handler) |
104 | if ((ret = handler->handler(skb)) != -EINVAL) | |
105 | return ret; | |
106 | ||
107 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); | |
108 | ||
109 | kfree_skb(skb); | |
110 | return 0; | |
111 | } | |
112 | ||
32bbd879 | 113 | static int xfrm4_esp_err(struct sk_buff *skb, u32 info) |
3328715e SK |
114 | { |
115 | struct xfrm4_protocol *handler; | |
116 | ||
117 | for_each_protocol_rcu(esp4_handlers, handler) | |
118 | if (!handler->err_handler(skb, info)) | |
32bbd879 SB |
119 | return 0; |
120 | ||
121 | return -ENOENT; | |
3328715e SK |
122 | } |
123 | ||
124 | static int xfrm4_ah_rcv(struct sk_buff *skb) | |
125 | { | |
126 | int ret; | |
127 | struct xfrm4_protocol *handler; | |
128 | ||
70be6c91 SK |
129 | XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; |
130 | ||
3328715e SK |
131 | for_each_protocol_rcu(ah4_handlers, handler) |
132 | if ((ret = handler->handler(skb)) != -EINVAL) | |
1759389e | 133 | return ret; |
3328715e SK |
134 | |
135 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); | |
136 | ||
137 | kfree_skb(skb); | |
138 | return 0; | |
139 | } | |
140 | ||
32bbd879 | 141 | static int xfrm4_ah_err(struct sk_buff *skb, u32 info) |
3328715e SK |
142 | { |
143 | struct xfrm4_protocol *handler; | |
144 | ||
145 | for_each_protocol_rcu(ah4_handlers, handler) | |
146 | if (!handler->err_handler(skb, info)) | |
32bbd879 SB |
147 | return 0; |
148 | ||
149 | return -ENOENT; | |
3328715e SK |
150 | } |
151 | ||
152 | static int xfrm4_ipcomp_rcv(struct sk_buff *skb) | |
153 | { | |
154 | int ret; | |
155 | struct xfrm4_protocol *handler; | |
156 | ||
70be6c91 SK |
157 | XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; |
158 | ||
3328715e SK |
159 | for_each_protocol_rcu(ipcomp4_handlers, handler) |
160 | if ((ret = handler->handler(skb)) != -EINVAL) | |
161 | return ret; | |
162 | ||
163 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); | |
164 | ||
165 | kfree_skb(skb); | |
166 | return 0; | |
167 | } | |
168 | ||
32bbd879 | 169 | static int xfrm4_ipcomp_err(struct sk_buff *skb, u32 info) |
3328715e SK |
170 | { |
171 | struct xfrm4_protocol *handler; | |
172 | ||
173 | for_each_protocol_rcu(ipcomp4_handlers, handler) | |
174 | if (!handler->err_handler(skb, info)) | |
32bbd879 SB |
175 | return 0; |
176 | ||
177 | return -ENOENT; | |
3328715e SK |
178 | } |
179 | ||
180 | static const struct net_protocol esp4_protocol = { | |
181 | .handler = xfrm4_esp_rcv, | |
182 | .err_handler = xfrm4_esp_err, | |
183 | .no_policy = 1, | |
3328715e SK |
184 | }; |
185 | ||
186 | static const struct net_protocol ah4_protocol = { | |
187 | .handler = xfrm4_ah_rcv, | |
188 | .err_handler = xfrm4_ah_err, | |
189 | .no_policy = 1, | |
3328715e SK |
190 | }; |
191 | ||
192 | static const struct net_protocol ipcomp4_protocol = { | |
193 | .handler = xfrm4_ipcomp_rcv, | |
194 | .err_handler = xfrm4_ipcomp_err, | |
195 | .no_policy = 1, | |
3328715e SK |
196 | }; |
197 | ||
960fdfde | 198 | static const struct xfrm_input_afinfo xfrm4_input_afinfo = { |
2f32b51b | 199 | .family = AF_INET, |
2f32b51b SK |
200 | .callback = xfrm4_rcv_cb, |
201 | }; | |
202 | ||
3328715e SK |
203 | static inline const struct net_protocol *netproto(unsigned char protocol) |
204 | { | |
205 | switch (protocol) { | |
206 | case IPPROTO_ESP: | |
207 | return &esp4_protocol; | |
208 | case IPPROTO_AH: | |
209 | return &ah4_protocol; | |
210 | case IPPROTO_COMP: | |
211 | return &ipcomp4_protocol; | |
212 | } | |
213 | ||
214 | return NULL; | |
215 | } | |
216 | ||
217 | int xfrm4_protocol_register(struct xfrm4_protocol *handler, | |
218 | unsigned char protocol) | |
219 | { | |
220 | struct xfrm4_protocol __rcu **pprev; | |
221 | struct xfrm4_protocol *t; | |
222 | bool add_netproto = false; | |
3328715e SK |
223 | int ret = -EEXIST; |
224 | int priority = handler->priority; | |
225 | ||
61622cc6 SK |
226 | if (!proto_handlers(protocol) || !netproto(protocol)) |
227 | return -EINVAL; | |
228 | ||
3328715e SK |
229 | mutex_lock(&xfrm4_protocol_mutex); |
230 | ||
231 | if (!rcu_dereference_protected(*proto_handlers(protocol), | |
232 | lockdep_is_held(&xfrm4_protocol_mutex))) | |
233 | add_netproto = true; | |
234 | ||
235 | for (pprev = proto_handlers(protocol); | |
236 | (t = rcu_dereference_protected(*pprev, | |
237 | lockdep_is_held(&xfrm4_protocol_mutex))) != NULL; | |
238 | pprev = &t->next) { | |
239 | if (t->priority < priority) | |
240 | break; | |
241 | if (t->priority == priority) | |
242 | goto err; | |
243 | } | |
244 | ||
245 | handler->next = *pprev; | |
246 | rcu_assign_pointer(*pprev, handler); | |
247 | ||
248 | ret = 0; | |
249 | ||
250 | err: | |
251 | mutex_unlock(&xfrm4_protocol_mutex); | |
252 | ||
253 | if (add_netproto) { | |
254 | if (inet_add_protocol(netproto(protocol), protocol)) { | |
255 | pr_err("%s: can't add protocol\n", __func__); | |
256 | ret = -EAGAIN; | |
257 | } | |
258 | } | |
259 | ||
260 | return ret; | |
261 | } | |
262 | EXPORT_SYMBOL(xfrm4_protocol_register); | |
263 | ||
264 | int xfrm4_protocol_deregister(struct xfrm4_protocol *handler, | |
265 | unsigned char protocol) | |
266 | { | |
267 | struct xfrm4_protocol __rcu **pprev; | |
268 | struct xfrm4_protocol *t; | |
269 | int ret = -ENOENT; | |
270 | ||
61622cc6 SK |
271 | if (!proto_handlers(protocol) || !netproto(protocol)) |
272 | return -EINVAL; | |
273 | ||
3328715e SK |
274 | mutex_lock(&xfrm4_protocol_mutex); |
275 | ||
276 | for (pprev = proto_handlers(protocol); | |
277 | (t = rcu_dereference_protected(*pprev, | |
278 | lockdep_is_held(&xfrm4_protocol_mutex))) != NULL; | |
279 | pprev = &t->next) { | |
280 | if (t == handler) { | |
281 | *pprev = handler->next; | |
282 | ret = 0; | |
283 | break; | |
284 | } | |
285 | } | |
286 | ||
287 | if (!rcu_dereference_protected(*proto_handlers(protocol), | |
288 | lockdep_is_held(&xfrm4_protocol_mutex))) { | |
289 | if (inet_del_protocol(netproto(protocol), protocol) < 0) { | |
290 | pr_err("%s: can't remove protocol\n", __func__); | |
291 | ret = -EAGAIN; | |
292 | } | |
293 | } | |
294 | ||
295 | mutex_unlock(&xfrm4_protocol_mutex); | |
296 | ||
297 | synchronize_net(); | |
298 | ||
299 | return ret; | |
300 | } | |
301 | EXPORT_SYMBOL(xfrm4_protocol_deregister); | |
2f32b51b SK |
302 | |
303 | void __init xfrm4_protocol_init(void) | |
304 | { | |
305 | xfrm_input_register_afinfo(&xfrm4_input_afinfo); | |
306 | } |