]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright (C)2003,2004 USAGI/WIDE Project | |
3 | * | |
4 | * This program is free software; you can redistribute it and/or modify | |
5 | * it under the terms of the GNU General Public License as published by | |
6 | * the Free Software Foundation; either version 2 of the License, or | |
7 | * (at your option) any later version. | |
8 | * | |
9 | * This program is distributed in the hope that it will be useful, | |
10 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | * GNU General Public License for more details. | |
13 | * | |
14 | * You should have received a copy of the GNU General Public License | |
15 | * along with this program; if not, see <http://www.gnu.org/licenses/>. | |
16 | * | |
17 | * Authors Mitsuru KANDA <mk@linux-ipv6.org> | |
18 | * YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> | |
19 | * | |
20 | * Based on net/ipv4/xfrm4_tunnel.c | |
21 | * | |
22 | */ | |
23 | #include <linux/module.h> | |
24 | #include <linux/xfrm.h> | |
25 | #include <linux/slab.h> | |
26 | #include <linux/rculist.h> | |
27 | #include <net/ip.h> | |
28 | #include <net/xfrm.h> | |
29 | #include <net/ipv6.h> | |
30 | #include <linux/ipv6.h> | |
31 | #include <linux/icmpv6.h> | |
32 | #include <linux/mutex.h> | |
33 | #include <net/netns/generic.h> | |
34 | ||
35 | #define XFRM6_TUNNEL_SPI_BYADDR_HSIZE 256 | |
36 | #define XFRM6_TUNNEL_SPI_BYSPI_HSIZE 256 | |
37 | ||
38 | #define XFRM6_TUNNEL_SPI_MIN 1 | |
39 | #define XFRM6_TUNNEL_SPI_MAX 0xffffffff | |
40 | ||
41 | struct xfrm6_tunnel_net { | |
42 | struct hlist_head spi_byaddr[XFRM6_TUNNEL_SPI_BYADDR_HSIZE]; | |
43 | struct hlist_head spi_byspi[XFRM6_TUNNEL_SPI_BYSPI_HSIZE]; | |
44 | u32 spi; | |
45 | }; | |
46 | ||
47 | static int xfrm6_tunnel_net_id __read_mostly; | |
48 | static inline struct xfrm6_tunnel_net *xfrm6_tunnel_pernet(struct net *net) | |
49 | { | |
50 | return net_generic(net, xfrm6_tunnel_net_id); | |
51 | } | |
52 | ||
53 | /* | |
54 | * xfrm_tunnel_spi things are for allocating unique id ("spi") | |
55 | * per xfrm_address_t. | |
56 | */ | |
57 | struct xfrm6_tunnel_spi { | |
58 | struct hlist_node list_byaddr; | |
59 | struct hlist_node list_byspi; | |
60 | xfrm_address_t addr; | |
61 | u32 spi; | |
62 | atomic_t refcnt; | |
63 | struct rcu_head rcu_head; | |
64 | }; | |
65 | ||
66 | static DEFINE_SPINLOCK(xfrm6_tunnel_spi_lock); | |
67 | ||
68 | static struct kmem_cache *xfrm6_tunnel_spi_kmem __read_mostly; | |
69 | ||
70 | static inline unsigned int xfrm6_tunnel_spi_hash_byaddr(const xfrm_address_t *addr) | |
71 | { | |
72 | unsigned int h; | |
73 | ||
74 | h = ipv6_addr_hash((const struct in6_addr *)addr); | |
75 | h ^= h >> 16; | |
76 | h ^= h >> 8; | |
77 | h &= XFRM6_TUNNEL_SPI_BYADDR_HSIZE - 1; | |
78 | ||
79 | return h; | |
80 | } | |
81 | ||
82 | static inline unsigned int xfrm6_tunnel_spi_hash_byspi(u32 spi) | |
83 | { | |
84 | return spi % XFRM6_TUNNEL_SPI_BYSPI_HSIZE; | |
85 | } | |
86 | ||
87 | static struct xfrm6_tunnel_spi *__xfrm6_tunnel_spi_lookup(struct net *net, const xfrm_address_t *saddr) | |
88 | { | |
89 | struct xfrm6_tunnel_net *xfrm6_tn = xfrm6_tunnel_pernet(net); | |
90 | struct xfrm6_tunnel_spi *x6spi; | |
91 | ||
92 | hlist_for_each_entry_rcu(x6spi, | |
93 | &xfrm6_tn->spi_byaddr[xfrm6_tunnel_spi_hash_byaddr(saddr)], | |
94 | list_byaddr) { | |
95 | if (xfrm6_addr_equal(&x6spi->addr, saddr)) | |
96 | return x6spi; | |
97 | } | |
98 | ||
99 | return NULL; | |
100 | } | |
101 | ||
102 | __be32 xfrm6_tunnel_spi_lookup(struct net *net, const xfrm_address_t *saddr) | |
103 | { | |
104 | struct xfrm6_tunnel_spi *x6spi; | |
105 | u32 spi; | |
106 | ||
107 | rcu_read_lock_bh(); | |
108 | x6spi = __xfrm6_tunnel_spi_lookup(net, saddr); | |
109 | spi = x6spi ? x6spi->spi : 0; | |
110 | rcu_read_unlock_bh(); | |
111 | return htonl(spi); | |
112 | } | |
113 | ||
114 | EXPORT_SYMBOL(xfrm6_tunnel_spi_lookup); | |
115 | ||
116 | static int __xfrm6_tunnel_spi_check(struct net *net, u32 spi) | |
117 | { | |
118 | struct xfrm6_tunnel_net *xfrm6_tn = xfrm6_tunnel_pernet(net); | |
119 | struct xfrm6_tunnel_spi *x6spi; | |
120 | int index = xfrm6_tunnel_spi_hash_byspi(spi); | |
121 | ||
122 | hlist_for_each_entry(x6spi, | |
123 | &xfrm6_tn->spi_byspi[index], | |
124 | list_byspi) { | |
125 | if (x6spi->spi == spi) | |
126 | return -1; | |
127 | } | |
128 | return index; | |
129 | } | |
130 | ||
131 | static u32 __xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr) | |
132 | { | |
133 | struct xfrm6_tunnel_net *xfrm6_tn = xfrm6_tunnel_pernet(net); | |
134 | u32 spi; | |
135 | struct xfrm6_tunnel_spi *x6spi; | |
136 | int index; | |
137 | ||
138 | if (xfrm6_tn->spi < XFRM6_TUNNEL_SPI_MIN || | |
139 | xfrm6_tn->spi >= XFRM6_TUNNEL_SPI_MAX) | |
140 | xfrm6_tn->spi = XFRM6_TUNNEL_SPI_MIN; | |
141 | else | |
142 | xfrm6_tn->spi++; | |
143 | ||
144 | for (spi = xfrm6_tn->spi; spi <= XFRM6_TUNNEL_SPI_MAX; spi++) { | |
145 | index = __xfrm6_tunnel_spi_check(net, spi); | |
146 | if (index >= 0) | |
147 | goto alloc_spi; | |
148 | } | |
149 | for (spi = XFRM6_TUNNEL_SPI_MIN; spi < xfrm6_tn->spi; spi++) { | |
150 | index = __xfrm6_tunnel_spi_check(net, spi); | |
151 | if (index >= 0) | |
152 | goto alloc_spi; | |
153 | } | |
154 | spi = 0; | |
155 | goto out; | |
156 | alloc_spi: | |
157 | xfrm6_tn->spi = spi; | |
158 | x6spi = kmem_cache_alloc(xfrm6_tunnel_spi_kmem, GFP_ATOMIC); | |
159 | if (!x6spi) | |
160 | goto out; | |
161 | ||
162 | memcpy(&x6spi->addr, saddr, sizeof(x6spi->addr)); | |
163 | x6spi->spi = spi; | |
164 | atomic_set(&x6spi->refcnt, 1); | |
165 | ||
166 | hlist_add_head_rcu(&x6spi->list_byspi, &xfrm6_tn->spi_byspi[index]); | |
167 | ||
168 | index = xfrm6_tunnel_spi_hash_byaddr(saddr); | |
169 | hlist_add_head_rcu(&x6spi->list_byaddr, &xfrm6_tn->spi_byaddr[index]); | |
170 | out: | |
171 | return spi; | |
172 | } | |
173 | ||
174 | __be32 xfrm6_tunnel_alloc_spi(struct net *net, xfrm_address_t *saddr) | |
175 | { | |
176 | struct xfrm6_tunnel_spi *x6spi; | |
177 | u32 spi; | |
178 | ||
179 | spin_lock_bh(&xfrm6_tunnel_spi_lock); | |
180 | x6spi = __xfrm6_tunnel_spi_lookup(net, saddr); | |
181 | if (x6spi) { | |
182 | atomic_inc(&x6spi->refcnt); | |
183 | spi = x6spi->spi; | |
184 | } else | |
185 | spi = __xfrm6_tunnel_alloc_spi(net, saddr); | |
186 | spin_unlock_bh(&xfrm6_tunnel_spi_lock); | |
187 | ||
188 | return htonl(spi); | |
189 | } | |
190 | ||
191 | EXPORT_SYMBOL(xfrm6_tunnel_alloc_spi); | |
192 | ||
193 | static void x6spi_destroy_rcu(struct rcu_head *head) | |
194 | { | |
195 | kmem_cache_free(xfrm6_tunnel_spi_kmem, | |
196 | container_of(head, struct xfrm6_tunnel_spi, rcu_head)); | |
197 | } | |
198 | ||
199 | static void xfrm6_tunnel_free_spi(struct net *net, xfrm_address_t *saddr) | |
200 | { | |
201 | struct xfrm6_tunnel_net *xfrm6_tn = xfrm6_tunnel_pernet(net); | |
202 | struct xfrm6_tunnel_spi *x6spi; | |
203 | struct hlist_node *n; | |
204 | ||
205 | spin_lock_bh(&xfrm6_tunnel_spi_lock); | |
206 | ||
207 | hlist_for_each_entry_safe(x6spi, n, | |
208 | &xfrm6_tn->spi_byaddr[xfrm6_tunnel_spi_hash_byaddr(saddr)], | |
209 | list_byaddr) | |
210 | { | |
211 | if (xfrm6_addr_equal(&x6spi->addr, saddr)) { | |
212 | if (atomic_dec_and_test(&x6spi->refcnt)) { | |
213 | hlist_del_rcu(&x6spi->list_byaddr); | |
214 | hlist_del_rcu(&x6spi->list_byspi); | |
215 | call_rcu(&x6spi->rcu_head, x6spi_destroy_rcu); | |
216 | break; | |
217 | } | |
218 | } | |
219 | } | |
220 | spin_unlock_bh(&xfrm6_tunnel_spi_lock); | |
221 | } | |
222 | ||
223 | static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) | |
224 | { | |
225 | skb_push(skb, -skb_network_offset(skb)); | |
226 | return 0; | |
227 | } | |
228 | ||
229 | static int xfrm6_tunnel_input(struct xfrm_state *x, struct sk_buff *skb) | |
230 | { | |
231 | return skb_network_header(skb)[IP6CB(skb)->nhoff]; | |
232 | } | |
233 | ||
234 | static int xfrm6_tunnel_rcv(struct sk_buff *skb) | |
235 | { | |
236 | struct net *net = dev_net(skb->dev); | |
237 | const struct ipv6hdr *iph = ipv6_hdr(skb); | |
238 | __be32 spi; | |
239 | ||
240 | spi = xfrm6_tunnel_spi_lookup(net, (const xfrm_address_t *)&iph->saddr); | |
241 | return xfrm6_rcv_spi(skb, IPPROTO_IPV6, spi); | |
242 | } | |
243 | ||
244 | static int xfrm6_tunnel_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | |
245 | u8 type, u8 code, int offset, __be32 info) | |
246 | { | |
247 | /* xfrm6_tunnel native err handling */ | |
248 | switch (type) { | |
249 | case ICMPV6_DEST_UNREACH: | |
250 | switch (code) { | |
251 | case ICMPV6_NOROUTE: | |
252 | case ICMPV6_ADM_PROHIBITED: | |
253 | case ICMPV6_NOT_NEIGHBOUR: | |
254 | case ICMPV6_ADDR_UNREACH: | |
255 | case ICMPV6_PORT_UNREACH: | |
256 | default: | |
257 | break; | |
258 | } | |
259 | break; | |
260 | case ICMPV6_PKT_TOOBIG: | |
261 | break; | |
262 | case ICMPV6_TIME_EXCEED: | |
263 | switch (code) { | |
264 | case ICMPV6_EXC_HOPLIMIT: | |
265 | break; | |
266 | case ICMPV6_EXC_FRAGTIME: | |
267 | default: | |
268 | break; | |
269 | } | |
270 | break; | |
271 | case ICMPV6_PARAMPROB: | |
272 | switch (code) { | |
273 | case ICMPV6_HDR_FIELD: break; | |
274 | case ICMPV6_UNK_NEXTHDR: break; | |
275 | case ICMPV6_UNK_OPTION: break; | |
276 | } | |
277 | break; | |
278 | default: | |
279 | break; | |
280 | } | |
281 | ||
282 | return 0; | |
283 | } | |
284 | ||
285 | static int xfrm6_tunnel_init_state(struct xfrm_state *x) | |
286 | { | |
287 | if (x->props.mode != XFRM_MODE_TUNNEL) | |
288 | return -EINVAL; | |
289 | ||
290 | if (x->encap) | |
291 | return -EINVAL; | |
292 | ||
293 | x->props.header_len = sizeof(struct ipv6hdr); | |
294 | ||
295 | return 0; | |
296 | } | |
297 | ||
298 | static void xfrm6_tunnel_destroy(struct xfrm_state *x) | |
299 | { | |
300 | struct net *net = xs_net(x); | |
301 | ||
302 | xfrm6_tunnel_free_spi(net, (xfrm_address_t *)&x->props.saddr); | |
303 | } | |
304 | ||
305 | static const struct xfrm_type xfrm6_tunnel_type = { | |
306 | .description = "IP6IP6", | |
307 | .owner = THIS_MODULE, | |
308 | .proto = IPPROTO_IPV6, | |
309 | .init_state = xfrm6_tunnel_init_state, | |
310 | .destructor = xfrm6_tunnel_destroy, | |
311 | .input = xfrm6_tunnel_input, | |
312 | .output = xfrm6_tunnel_output, | |
313 | }; | |
314 | ||
315 | static struct xfrm6_tunnel xfrm6_tunnel_handler __read_mostly = { | |
316 | .handler = xfrm6_tunnel_rcv, | |
317 | .err_handler = xfrm6_tunnel_err, | |
318 | .priority = 2, | |
319 | }; | |
320 | ||
321 | static struct xfrm6_tunnel xfrm46_tunnel_handler __read_mostly = { | |
322 | .handler = xfrm6_tunnel_rcv, | |
323 | .err_handler = xfrm6_tunnel_err, | |
324 | .priority = 2, | |
325 | }; | |
326 | ||
327 | static int __net_init xfrm6_tunnel_net_init(struct net *net) | |
328 | { | |
329 | struct xfrm6_tunnel_net *xfrm6_tn = xfrm6_tunnel_pernet(net); | |
330 | unsigned int i; | |
331 | ||
332 | for (i = 0; i < XFRM6_TUNNEL_SPI_BYADDR_HSIZE; i++) | |
333 | INIT_HLIST_HEAD(&xfrm6_tn->spi_byaddr[i]); | |
334 | for (i = 0; i < XFRM6_TUNNEL_SPI_BYSPI_HSIZE; i++) | |
335 | INIT_HLIST_HEAD(&xfrm6_tn->spi_byspi[i]); | |
336 | xfrm6_tn->spi = 0; | |
337 | ||
338 | return 0; | |
339 | } | |
340 | ||
341 | static void __net_exit xfrm6_tunnel_net_exit(struct net *net) | |
342 | { | |
343 | } | |
344 | ||
345 | static struct pernet_operations xfrm6_tunnel_net_ops = { | |
346 | .init = xfrm6_tunnel_net_init, | |
347 | .exit = xfrm6_tunnel_net_exit, | |
348 | .id = &xfrm6_tunnel_net_id, | |
349 | .size = sizeof(struct xfrm6_tunnel_net), | |
350 | }; | |
351 | ||
352 | static int __init xfrm6_tunnel_init(void) | |
353 | { | |
354 | int rv; | |
355 | ||
356 | xfrm6_tunnel_spi_kmem = kmem_cache_create("xfrm6_tunnel_spi", | |
357 | sizeof(struct xfrm6_tunnel_spi), | |
358 | 0, SLAB_HWCACHE_ALIGN, | |
359 | NULL); | |
360 | if (!xfrm6_tunnel_spi_kmem) | |
361 | return -ENOMEM; | |
362 | rv = register_pernet_subsys(&xfrm6_tunnel_net_ops); | |
363 | if (rv < 0) | |
364 | goto out_pernet; | |
365 | rv = xfrm_register_type(&xfrm6_tunnel_type, AF_INET6); | |
366 | if (rv < 0) | |
367 | goto out_type; | |
368 | rv = xfrm6_tunnel_register(&xfrm6_tunnel_handler, AF_INET6); | |
369 | if (rv < 0) | |
370 | goto out_xfrm6; | |
371 | rv = xfrm6_tunnel_register(&xfrm46_tunnel_handler, AF_INET); | |
372 | if (rv < 0) | |
373 | goto out_xfrm46; | |
374 | return 0; | |
375 | ||
376 | out_xfrm46: | |
377 | xfrm6_tunnel_deregister(&xfrm6_tunnel_handler, AF_INET6); | |
378 | out_xfrm6: | |
379 | xfrm_unregister_type(&xfrm6_tunnel_type, AF_INET6); | |
380 | out_type: | |
381 | unregister_pernet_subsys(&xfrm6_tunnel_net_ops); | |
382 | out_pernet: | |
383 | kmem_cache_destroy(xfrm6_tunnel_spi_kmem); | |
384 | return rv; | |
385 | } | |
386 | ||
387 | static void __exit xfrm6_tunnel_fini(void) | |
388 | { | |
389 | xfrm6_tunnel_deregister(&xfrm46_tunnel_handler, AF_INET); | |
390 | xfrm6_tunnel_deregister(&xfrm6_tunnel_handler, AF_INET6); | |
391 | xfrm_unregister_type(&xfrm6_tunnel_type, AF_INET6); | |
392 | unregister_pernet_subsys(&xfrm6_tunnel_net_ops); | |
393 | kmem_cache_destroy(xfrm6_tunnel_spi_kmem); | |
394 | } | |
395 | ||
396 | module_init(xfrm6_tunnel_init); | |
397 | module_exit(xfrm6_tunnel_fini); | |
398 | MODULE_LICENSE("GPL"); | |
399 | MODULE_ALIAS_XFRM_TYPE(AF_INET6, XFRM_PROTO_IPV6); |