1 // SPDX-License-Identifier: GPL-2.0
3 * XFRM virtual interface
5 * Copyright (C) 2018 secunet Security Networks AG
8 * Steffen Klassert <steffen.klassert@secunet.com>
11 #include <linux/module.h>
12 #include <linux/capability.h>
13 #include <linux/errno.h>
14 #include <linux/types.h>
15 #include <linux/sockios.h>
16 #include <linux/icmp.h>
20 #include <linux/net.h>
21 #include <linux/in6.h>
22 #include <linux/netdevice.h>
23 #include <linux/if_link.h>
24 #include <linux/if_arp.h>
25 #include <linux/icmpv6.h>
26 #include <linux/init.h>
27 #include <linux/route.h>
28 #include <linux/rtnetlink.h>
29 #include <linux/netfilter_ipv6.h>
30 #include <linux/slab.h>
31 #include <linux/hash.h>
33 #include <linux/uaccess.h>
34 #include <linux/atomic.h>
39 #include <net/ip6_route.h>
40 #include <net/ip_tunnels.h>
41 #include <net/addrconf.h>
43 #include <net/net_namespace.h>
44 #include <net/netns/generic.h>
45 #include <linux/etherdevice.h>
47 static int xfrmi_dev_init(struct net_device
*dev
);
48 static void xfrmi_dev_setup(struct net_device
*dev
);
49 static struct rtnl_link_ops xfrmi_link_ops __read_mostly
;
50 static unsigned int xfrmi_net_id __read_mostly
;
51 static const struct net_device_ops xfrmi_netdev_ops
;
53 #define XFRMI_HASH_BITS 8
54 #define XFRMI_HASH_SIZE BIT(XFRMI_HASH_BITS)
57 /* lists for storing interfaces in use */
58 struct xfrm_if __rcu
*xfrmi
[XFRMI_HASH_SIZE
];
61 #define for_each_xfrmi_rcu(start, xi) \
62 for (xi = rcu_dereference(start); xi; xi = rcu_dereference(xi->next))
64 static u32
xfrmi_hash(u32 if_id
)
66 return hash_32(if_id
, XFRMI_HASH_BITS
);
69 static struct xfrm_if
*xfrmi_lookup(struct net
*net
, struct xfrm_state
*x
)
71 struct xfrmi_net
*xfrmn
= net_generic(net
, xfrmi_net_id
);
74 for_each_xfrmi_rcu(xfrmn
->xfrmi
[xfrmi_hash(x
->if_id
)], xi
) {
75 if (x
->if_id
== xi
->p
.if_id
&&
76 (xi
->dev
->flags
& IFF_UP
))
83 static struct xfrm_if
*xfrmi_decode_session(struct sk_buff
*skb
,
84 unsigned short family
)
86 struct net_device
*dev
;
89 if (!secpath_exists(skb
) || !skb
->dev
)
94 ifindex
= inet6_sdif(skb
);
97 ifindex
= inet_sdif(skb
);
102 struct net
*net
= xs_net(xfrm_input_state(skb
));
104 dev
= dev_get_by_index_rcu(net
, ifindex
);
109 if (!dev
|| !(dev
->flags
& IFF_UP
))
111 if (dev
->netdev_ops
!= &xfrmi_netdev_ops
)
114 return netdev_priv(dev
);
117 static void xfrmi_link(struct xfrmi_net
*xfrmn
, struct xfrm_if
*xi
)
119 struct xfrm_if __rcu
**xip
= &xfrmn
->xfrmi
[xfrmi_hash(xi
->p
.if_id
)];
121 rcu_assign_pointer(xi
->next
, rtnl_dereference(*xip
));
122 rcu_assign_pointer(*xip
, xi
);
125 static void xfrmi_unlink(struct xfrmi_net
*xfrmn
, struct xfrm_if
*xi
)
127 struct xfrm_if __rcu
**xip
;
128 struct xfrm_if
*iter
;
130 for (xip
= &xfrmn
->xfrmi
[xfrmi_hash(xi
->p
.if_id
)];
131 (iter
= rtnl_dereference(*xip
)) != NULL
;
134 rcu_assign_pointer(*xip
, xi
->next
);
140 static void xfrmi_dev_free(struct net_device
*dev
)
142 struct xfrm_if
*xi
= netdev_priv(dev
);
144 gro_cells_destroy(&xi
->gro_cells
);
145 free_percpu(dev
->tstats
);
148 static int xfrmi_create(struct net_device
*dev
)
150 struct xfrm_if
*xi
= netdev_priv(dev
);
151 struct net
*net
= dev_net(dev
);
152 struct xfrmi_net
*xfrmn
= net_generic(net
, xfrmi_net_id
);
155 dev
->rtnl_link_ops
= &xfrmi_link_ops
;
156 err
= register_netdevice(dev
);
160 xfrmi_link(xfrmn
, xi
);
168 static struct xfrm_if
*xfrmi_locate(struct net
*net
, struct xfrm_if_parms
*p
)
170 struct xfrm_if __rcu
**xip
;
172 struct xfrmi_net
*xfrmn
= net_generic(net
, xfrmi_net_id
);
174 for (xip
= &xfrmn
->xfrmi
[xfrmi_hash(p
->if_id
)];
175 (xi
= rtnl_dereference(*xip
)) != NULL
;
177 if (xi
->p
.if_id
== p
->if_id
)
183 static void xfrmi_dev_uninit(struct net_device
*dev
)
185 struct xfrm_if
*xi
= netdev_priv(dev
);
186 struct xfrmi_net
*xfrmn
= net_generic(xi
->net
, xfrmi_net_id
);
188 xfrmi_unlink(xfrmn
, xi
);
191 static void xfrmi_scrub_packet(struct sk_buff
*skb
, bool xnet
)
194 skb
->pkt_type
= PACKET_HOST
;
210 static int xfrmi_rcv_cb(struct sk_buff
*skb
, int err
)
212 const struct xfrm_mode
*inner_mode
;
213 struct net_device
*dev
;
214 struct xfrm_state
*x
;
218 if (err
&& !secpath_exists(skb
))
221 x
= xfrm_input_state(skb
);
223 xi
= xfrmi_lookup(xs_net(x
), x
);
231 dev
->stats
.rx_errors
++;
232 dev
->stats
.rx_dropped
++;
237 xnet
= !net_eq(xi
->net
, dev_net(skb
->dev
));
240 inner_mode
= &x
->inner_mode
;
242 if (x
->sel
.family
== AF_UNSPEC
) {
243 inner_mode
= xfrm_ip2inner_mode(x
, XFRM_MODE_SKB_CB(skb
)->protocol
);
244 if (inner_mode
== NULL
) {
245 XFRM_INC_STATS(dev_net(skb
->dev
),
246 LINUX_MIB_XFRMINSTATEMODEERROR
);
251 if (!xfrm_policy_check(NULL
, XFRM_POLICY_IN
, skb
,
256 xfrmi_scrub_packet(skb
, xnet
);
257 dev_sw_netstats_rx_add(dev
, skb
->len
);
263 xfrmi_xmit2(struct sk_buff
*skb
, struct net_device
*dev
, struct flowi
*fl
)
265 struct xfrm_if
*xi
= netdev_priv(dev
);
266 struct net_device_stats
*stats
= &xi
->dev
->stats
;
267 struct dst_entry
*dst
= skb_dst(skb
);
268 unsigned int length
= skb
->len
;
269 struct net_device
*tdev
;
270 struct xfrm_state
*x
;
275 dst
= xfrm_lookup_with_ifid(xi
->net
, dst
, fl
, NULL
, 0, xi
->p
.if_id
);
279 goto tx_err_link_failure
;
284 goto tx_err_link_failure
;
286 if (x
->if_id
!= xi
->p
.if_id
)
287 goto tx_err_link_failure
;
293 net_warn_ratelimited("%s: Local routing loop detected!\n",
295 goto tx_err_dst_release
;
299 if ((!skb_is_gso(skb
) && skb
->len
> mtu
) ||
300 (skb_is_gso(skb
) && !skb_gso_validate_network_len(skb
, mtu
))) {
301 skb_dst_update_pmtu_no_confirm(skb
, mtu
);
303 if (skb
->protocol
== htons(ETH_P_IPV6
)) {
304 if (mtu
< IPV6_MIN_MTU
)
307 icmpv6_ndo_send(skb
, ICMPV6_PKT_TOOBIG
, 0, mtu
);
309 if (!(ip_hdr(skb
)->frag_off
& htons(IP_DF
)))
311 icmp_ndo_send(skb
, ICMP_DEST_UNREACH
, ICMP_FRAG_NEEDED
,
320 xfrmi_scrub_packet(skb
, !net_eq(xi
->net
, dev_net(dev
)));
321 skb_dst_set(skb
, dst
);
324 err
= dst_output(xi
->net
, skb
->sk
, skb
);
325 if (net_xmit_eval(err
) == 0) {
326 dev_sw_netstats_tx_add(dev
, 1, length
);
329 stats
->tx_aborted_errors
++;
334 stats
->tx_carrier_errors
++;
335 dst_link_failure(skb
);
341 static netdev_tx_t
xfrmi_xmit(struct sk_buff
*skb
, struct net_device
*dev
)
343 struct xfrm_if
*xi
= netdev_priv(dev
);
344 struct net_device_stats
*stats
= &xi
->dev
->stats
;
345 struct dst_entry
*dst
= skb_dst(skb
);
349 memset(&fl
, 0, sizeof(fl
));
351 switch (skb
->protocol
) {
352 case htons(ETH_P_IPV6
):
353 xfrm_decode_session(skb
, &fl
, AF_INET6
);
354 memset(IP6CB(skb
), 0, sizeof(*IP6CB(skb
)));
356 fl
.u
.ip6
.flowi6_oif
= dev
->ifindex
;
357 fl
.u
.ip6
.flowi6_flags
|= FLOWI_FLAG_ANYSRC
;
358 dst
= ip6_route_output(dev_net(dev
), NULL
, &fl
.u
.ip6
);
361 stats
->tx_carrier_errors
++;
364 skb_dst_set(skb
, dst
);
367 case htons(ETH_P_IP
):
368 xfrm_decode_session(skb
, &fl
, AF_INET
);
369 memset(IPCB(skb
), 0, sizeof(*IPCB(skb
)));
373 fl
.u
.ip4
.flowi4_oif
= dev
->ifindex
;
374 fl
.u
.ip4
.flowi4_flags
|= FLOWI_FLAG_ANYSRC
;
375 rt
= __ip_route_output_key(dev_net(dev
), &fl
.u
.ip4
);
377 stats
->tx_carrier_errors
++;
380 skb_dst_set(skb
, &rt
->dst
);
387 fl
.flowi_oif
= xi
->p
.link
;
389 ret
= xfrmi_xmit2(skb
, dev
, &fl
);
402 static int xfrmi4_err(struct sk_buff
*skb
, u32 info
)
404 const struct iphdr
*iph
= (const struct iphdr
*)skb
->data
;
405 struct net
*net
= dev_net(skb
->dev
);
406 int protocol
= iph
->protocol
;
407 struct ip_comp_hdr
*ipch
;
408 struct ip_esp_hdr
*esph
;
409 struct ip_auth_hdr
*ah
;
410 struct xfrm_state
*x
;
416 esph
= (struct ip_esp_hdr
*)(skb
->data
+(iph
->ihl
<<2));
420 ah
= (struct ip_auth_hdr
*)(skb
->data
+(iph
->ihl
<<2));
424 ipch
= (struct ip_comp_hdr
*)(skb
->data
+(iph
->ihl
<<2));
425 spi
= htonl(ntohs(ipch
->cpi
));
431 switch (icmp_hdr(skb
)->type
) {
432 case ICMP_DEST_UNREACH
:
433 if (icmp_hdr(skb
)->code
!= ICMP_FRAG_NEEDED
)
442 x
= xfrm_state_lookup(net
, skb
->mark
, (const xfrm_address_t
*)&iph
->daddr
,
443 spi
, protocol
, AF_INET
);
447 xi
= xfrmi_lookup(net
, x
);
453 if (icmp_hdr(skb
)->type
== ICMP_DEST_UNREACH
)
454 ipv4_update_pmtu(skb
, net
, info
, 0, protocol
);
456 ipv4_redirect(skb
, net
, 0, protocol
);
462 static int xfrmi6_err(struct sk_buff
*skb
, struct inet6_skb_parm
*opt
,
463 u8 type
, u8 code
, int offset
, __be32 info
)
465 const struct ipv6hdr
*iph
= (const struct ipv6hdr
*)skb
->data
;
466 struct net
*net
= dev_net(skb
->dev
);
467 int protocol
= iph
->nexthdr
;
468 struct ip_comp_hdr
*ipch
;
469 struct ip_esp_hdr
*esph
;
470 struct ip_auth_hdr
*ah
;
471 struct xfrm_state
*x
;
477 esph
= (struct ip_esp_hdr
*)(skb
->data
+ offset
);
481 ah
= (struct ip_auth_hdr
*)(skb
->data
+ offset
);
485 ipch
= (struct ip_comp_hdr
*)(skb
->data
+ offset
);
486 spi
= htonl(ntohs(ipch
->cpi
));
492 if (type
!= ICMPV6_PKT_TOOBIG
&&
493 type
!= NDISC_REDIRECT
)
496 x
= xfrm_state_lookup(net
, skb
->mark
, (const xfrm_address_t
*)&iph
->daddr
,
497 spi
, protocol
, AF_INET6
);
501 xi
= xfrmi_lookup(net
, x
);
507 if (type
== NDISC_REDIRECT
)
508 ip6_redirect(skb
, net
, skb
->dev
->ifindex
, 0,
509 sock_net_uid(net
, NULL
));
511 ip6_update_pmtu(skb
, net
, info
, 0, 0, sock_net_uid(net
, NULL
));
517 static int xfrmi_change(struct xfrm_if
*xi
, const struct xfrm_if_parms
*p
)
519 if (xi
->p
.link
!= p
->link
)
522 xi
->p
.if_id
= p
->if_id
;
527 static int xfrmi_update(struct xfrm_if
*xi
, struct xfrm_if_parms
*p
)
529 struct net
*net
= xi
->net
;
530 struct xfrmi_net
*xfrmn
= net_generic(net
, xfrmi_net_id
);
533 xfrmi_unlink(xfrmn
, xi
);
535 err
= xfrmi_change(xi
, p
);
536 xfrmi_link(xfrmn
, xi
);
537 netdev_state_change(xi
->dev
);
541 static int xfrmi_get_iflink(const struct net_device
*dev
)
543 struct xfrm_if
*xi
= netdev_priv(dev
);
548 static const struct net_device_ops xfrmi_netdev_ops
= {
549 .ndo_init
= xfrmi_dev_init
,
550 .ndo_uninit
= xfrmi_dev_uninit
,
551 .ndo_start_xmit
= xfrmi_xmit
,
552 .ndo_get_stats64
= dev_get_tstats64
,
553 .ndo_get_iflink
= xfrmi_get_iflink
,
556 static void xfrmi_dev_setup(struct net_device
*dev
)
558 dev
->netdev_ops
= &xfrmi_netdev_ops
;
559 dev
->header_ops
= &ip_tunnel_header_ops
;
560 dev
->type
= ARPHRD_NONE
;
561 dev
->mtu
= ETH_DATA_LEN
;
562 dev
->min_mtu
= ETH_MIN_MTU
;
563 dev
->max_mtu
= IP_MAX_MTU
;
564 dev
->flags
= IFF_NOARP
;
565 dev
->needs_free_netdev
= true;
566 dev
->priv_destructor
= xfrmi_dev_free
;
569 eth_broadcast_addr(dev
->broadcast
);
572 #define XFRMI_FEATURES (NETIF_F_SG | \
574 NETIF_F_GSO_SOFTWARE | \
577 static int xfrmi_dev_init(struct net_device
*dev
)
579 struct xfrm_if
*xi
= netdev_priv(dev
);
580 struct net_device
*phydev
= __dev_get_by_index(xi
->net
, xi
->p
.link
);
583 dev
->tstats
= netdev_alloc_pcpu_stats(struct pcpu_sw_netstats
);
587 err
= gro_cells_init(&xi
->gro_cells
, dev
);
589 free_percpu(dev
->tstats
);
593 dev
->features
|= NETIF_F_LLTX
;
594 dev
->features
|= XFRMI_FEATURES
;
595 dev
->hw_features
|= XFRMI_FEATURES
;
598 dev
->needed_headroom
= phydev
->needed_headroom
;
599 dev
->needed_tailroom
= phydev
->needed_tailroom
;
601 if (is_zero_ether_addr(dev
->dev_addr
))
602 eth_hw_addr_inherit(dev
, phydev
);
603 if (is_zero_ether_addr(dev
->broadcast
))
604 memcpy(dev
->broadcast
, phydev
->broadcast
,
607 eth_hw_addr_random(dev
);
608 eth_broadcast_addr(dev
->broadcast
);
614 static int xfrmi_validate(struct nlattr
*tb
[], struct nlattr
*data
[],
615 struct netlink_ext_ack
*extack
)
620 static void xfrmi_netlink_parms(struct nlattr
*data
[],
621 struct xfrm_if_parms
*parms
)
623 memset(parms
, 0, sizeof(*parms
));
628 if (data
[IFLA_XFRM_LINK
])
629 parms
->link
= nla_get_u32(data
[IFLA_XFRM_LINK
]);
631 if (data
[IFLA_XFRM_IF_ID
])
632 parms
->if_id
= nla_get_u32(data
[IFLA_XFRM_IF_ID
]);
635 static int xfrmi_newlink(struct net
*src_net
, struct net_device
*dev
,
636 struct nlattr
*tb
[], struct nlattr
*data
[],
637 struct netlink_ext_ack
*extack
)
639 struct net
*net
= dev_net(dev
);
640 struct xfrm_if_parms p
;
644 xfrmi_netlink_parms(data
, &p
);
645 xi
= xfrmi_locate(net
, &p
);
649 xi
= netdev_priv(dev
);
654 err
= xfrmi_create(dev
);
658 static void xfrmi_dellink(struct net_device
*dev
, struct list_head
*head
)
660 unregister_netdevice_queue(dev
, head
);
663 static int xfrmi_changelink(struct net_device
*dev
, struct nlattr
*tb
[],
664 struct nlattr
*data
[],
665 struct netlink_ext_ack
*extack
)
667 struct xfrm_if
*xi
= netdev_priv(dev
);
668 struct net
*net
= xi
->net
;
669 struct xfrm_if_parms p
;
671 xfrmi_netlink_parms(data
, &p
);
672 xi
= xfrmi_locate(net
, &p
);
674 xi
= netdev_priv(dev
);
680 return xfrmi_update(xi
, &p
);
683 static size_t xfrmi_get_size(const struct net_device
*dev
)
688 /* IFLA_XFRM_IF_ID */
693 static int xfrmi_fill_info(struct sk_buff
*skb
, const struct net_device
*dev
)
695 struct xfrm_if
*xi
= netdev_priv(dev
);
696 struct xfrm_if_parms
*parm
= &xi
->p
;
698 if (nla_put_u32(skb
, IFLA_XFRM_LINK
, parm
->link
) ||
699 nla_put_u32(skb
, IFLA_XFRM_IF_ID
, parm
->if_id
))
700 goto nla_put_failure
;
707 static struct net
*xfrmi_get_link_net(const struct net_device
*dev
)
709 struct xfrm_if
*xi
= netdev_priv(dev
);
714 static const struct nla_policy xfrmi_policy
[IFLA_XFRM_MAX
+ 1] = {
715 [IFLA_XFRM_LINK
] = { .type
= NLA_U32
},
716 [IFLA_XFRM_IF_ID
] = { .type
= NLA_U32
},
719 static struct rtnl_link_ops xfrmi_link_ops __read_mostly
= {
721 .maxtype
= IFLA_XFRM_MAX
,
722 .policy
= xfrmi_policy
,
723 .priv_size
= sizeof(struct xfrm_if
),
724 .setup
= xfrmi_dev_setup
,
725 .validate
= xfrmi_validate
,
726 .newlink
= xfrmi_newlink
,
727 .dellink
= xfrmi_dellink
,
728 .changelink
= xfrmi_changelink
,
729 .get_size
= xfrmi_get_size
,
730 .fill_info
= xfrmi_fill_info
,
731 .get_link_net
= xfrmi_get_link_net
,
734 static void __net_exit
xfrmi_exit_batch_net(struct list_head
*net_exit_list
)
740 list_for_each_entry(net
, net_exit_list
, exit_list
) {
741 struct xfrmi_net
*xfrmn
= net_generic(net
, xfrmi_net_id
);
742 struct xfrm_if __rcu
**xip
;
746 for (i
= 0; i
< XFRMI_HASH_SIZE
; i
++) {
747 for (xip
= &xfrmn
->xfrmi
[i
];
748 (xi
= rtnl_dereference(*xip
)) != NULL
;
750 unregister_netdevice_queue(xi
->dev
, &list
);
753 unregister_netdevice_many(&list
);
757 static struct pernet_operations xfrmi_net_ops
= {
758 .exit_batch
= xfrmi_exit_batch_net
,
760 .size
= sizeof(struct xfrmi_net
),
763 static struct xfrm6_protocol xfrmi_esp6_protocol __read_mostly
= {
764 .handler
= xfrm6_rcv
,
765 .input_handler
= xfrm_input
,
766 .cb_handler
= xfrmi_rcv_cb
,
767 .err_handler
= xfrmi6_err
,
771 static struct xfrm6_protocol xfrmi_ah6_protocol __read_mostly
= {
772 .handler
= xfrm6_rcv
,
773 .input_handler
= xfrm_input
,
774 .cb_handler
= xfrmi_rcv_cb
,
775 .err_handler
= xfrmi6_err
,
779 static struct xfrm6_protocol xfrmi_ipcomp6_protocol __read_mostly
= {
780 .handler
= xfrm6_rcv
,
781 .input_handler
= xfrm_input
,
782 .cb_handler
= xfrmi_rcv_cb
,
783 .err_handler
= xfrmi6_err
,
787 #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
788 static int xfrmi6_rcv_tunnel(struct sk_buff
*skb
)
790 const xfrm_address_t
*saddr
;
793 saddr
= (const xfrm_address_t
*)&ipv6_hdr(skb
)->saddr
;
794 spi
= xfrm6_tunnel_spi_lookup(dev_net(skb
->dev
), saddr
);
796 return xfrm6_rcv_spi(skb
, IPPROTO_IPV6
, spi
, NULL
);
799 static struct xfrm6_tunnel xfrmi_ipv6_handler __read_mostly
= {
800 .handler
= xfrmi6_rcv_tunnel
,
801 .cb_handler
= xfrmi_rcv_cb
,
802 .err_handler
= xfrmi6_err
,
806 static struct xfrm6_tunnel xfrmi_ip6ip_handler __read_mostly
= {
807 .handler
= xfrmi6_rcv_tunnel
,
808 .cb_handler
= xfrmi_rcv_cb
,
809 .err_handler
= xfrmi6_err
,
814 static struct xfrm4_protocol xfrmi_esp4_protocol __read_mostly
= {
815 .handler
= xfrm4_rcv
,
816 .input_handler
= xfrm_input
,
817 .cb_handler
= xfrmi_rcv_cb
,
818 .err_handler
= xfrmi4_err
,
822 static struct xfrm4_protocol xfrmi_ah4_protocol __read_mostly
= {
823 .handler
= xfrm4_rcv
,
824 .input_handler
= xfrm_input
,
825 .cb_handler
= xfrmi_rcv_cb
,
826 .err_handler
= xfrmi4_err
,
830 static struct xfrm4_protocol xfrmi_ipcomp4_protocol __read_mostly
= {
831 .handler
= xfrm4_rcv
,
832 .input_handler
= xfrm_input
,
833 .cb_handler
= xfrmi_rcv_cb
,
834 .err_handler
= xfrmi4_err
,
838 #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
839 static int xfrmi4_rcv_tunnel(struct sk_buff
*skb
)
841 return xfrm4_rcv_spi(skb
, IPPROTO_IPIP
, ip_hdr(skb
)->saddr
);
844 static struct xfrm_tunnel xfrmi_ipip_handler __read_mostly
= {
845 .handler
= xfrmi4_rcv_tunnel
,
846 .cb_handler
= xfrmi_rcv_cb
,
847 .err_handler
= xfrmi4_err
,
851 static struct xfrm_tunnel xfrmi_ipip6_handler __read_mostly
= {
852 .handler
= xfrmi4_rcv_tunnel
,
853 .cb_handler
= xfrmi_rcv_cb
,
854 .err_handler
= xfrmi4_err
,
859 static int __init
xfrmi4_init(void)
863 err
= xfrm4_protocol_register(&xfrmi_esp4_protocol
, IPPROTO_ESP
);
865 goto xfrm_proto_esp_failed
;
866 err
= xfrm4_protocol_register(&xfrmi_ah4_protocol
, IPPROTO_AH
);
868 goto xfrm_proto_ah_failed
;
869 err
= xfrm4_protocol_register(&xfrmi_ipcomp4_protocol
, IPPROTO_COMP
);
871 goto xfrm_proto_comp_failed
;
872 #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
873 err
= xfrm4_tunnel_register(&xfrmi_ipip_handler
, AF_INET
);
875 goto xfrm_tunnel_ipip_failed
;
876 err
= xfrm4_tunnel_register(&xfrmi_ipip6_handler
, AF_INET6
);
878 goto xfrm_tunnel_ipip6_failed
;
883 #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
884 xfrm_tunnel_ipip6_failed
:
885 xfrm4_tunnel_deregister(&xfrmi_ipip_handler
, AF_INET
);
886 xfrm_tunnel_ipip_failed
:
887 xfrm4_protocol_deregister(&xfrmi_ipcomp4_protocol
, IPPROTO_COMP
);
889 xfrm_proto_comp_failed
:
890 xfrm4_protocol_deregister(&xfrmi_ah4_protocol
, IPPROTO_AH
);
891 xfrm_proto_ah_failed
:
892 xfrm4_protocol_deregister(&xfrmi_esp4_protocol
, IPPROTO_ESP
);
893 xfrm_proto_esp_failed
:
897 static void xfrmi4_fini(void)
899 #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
900 xfrm4_tunnel_deregister(&xfrmi_ipip6_handler
, AF_INET6
);
901 xfrm4_tunnel_deregister(&xfrmi_ipip_handler
, AF_INET
);
903 xfrm4_protocol_deregister(&xfrmi_ipcomp4_protocol
, IPPROTO_COMP
);
904 xfrm4_protocol_deregister(&xfrmi_ah4_protocol
, IPPROTO_AH
);
905 xfrm4_protocol_deregister(&xfrmi_esp4_protocol
, IPPROTO_ESP
);
908 static int __init
xfrmi6_init(void)
912 err
= xfrm6_protocol_register(&xfrmi_esp6_protocol
, IPPROTO_ESP
);
914 goto xfrm_proto_esp_failed
;
915 err
= xfrm6_protocol_register(&xfrmi_ah6_protocol
, IPPROTO_AH
);
917 goto xfrm_proto_ah_failed
;
918 err
= xfrm6_protocol_register(&xfrmi_ipcomp6_protocol
, IPPROTO_COMP
);
920 goto xfrm_proto_comp_failed
;
921 #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
922 err
= xfrm6_tunnel_register(&xfrmi_ipv6_handler
, AF_INET6
);
924 goto xfrm_tunnel_ipv6_failed
;
925 err
= xfrm6_tunnel_register(&xfrmi_ip6ip_handler
, AF_INET
);
927 goto xfrm_tunnel_ip6ip_failed
;
932 #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
933 xfrm_tunnel_ip6ip_failed
:
934 xfrm6_tunnel_deregister(&xfrmi_ipv6_handler
, AF_INET6
);
935 xfrm_tunnel_ipv6_failed
:
936 xfrm6_protocol_deregister(&xfrmi_ipcomp6_protocol
, IPPROTO_COMP
);
938 xfrm_proto_comp_failed
:
939 xfrm6_protocol_deregister(&xfrmi_ah6_protocol
, IPPROTO_AH
);
940 xfrm_proto_ah_failed
:
941 xfrm6_protocol_deregister(&xfrmi_esp6_protocol
, IPPROTO_ESP
);
942 xfrm_proto_esp_failed
:
946 static void xfrmi6_fini(void)
948 #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
949 xfrm6_tunnel_deregister(&xfrmi_ip6ip_handler
, AF_INET
);
950 xfrm6_tunnel_deregister(&xfrmi_ipv6_handler
, AF_INET6
);
952 xfrm6_protocol_deregister(&xfrmi_ipcomp6_protocol
, IPPROTO_COMP
);
953 xfrm6_protocol_deregister(&xfrmi_ah6_protocol
, IPPROTO_AH
);
954 xfrm6_protocol_deregister(&xfrmi_esp6_protocol
, IPPROTO_ESP
);
957 static const struct xfrm_if_cb xfrm_if_cb
= {
958 .decode_session
= xfrmi_decode_session
,
961 static int __init
xfrmi_init(void)
966 pr_info("IPsec XFRM device driver\n");
968 msg
= "tunnel device";
969 err
= register_pernet_device(&xfrmi_net_ops
);
971 goto pernet_dev_failed
;
973 msg
= "xfrm4 protocols";
978 msg
= "xfrm6 protocols";
984 msg
= "netlink interface";
985 err
= rtnl_link_register(&xfrmi_link_ops
);
987 goto rtnl_link_failed
;
989 xfrm_if_register_cb(&xfrm_if_cb
);
998 unregister_pernet_device(&xfrmi_net_ops
);
1000 pr_err("xfrmi init: failed to register %s\n", msg
);
1004 static void __exit
xfrmi_fini(void)
1006 xfrm_if_unregister_cb();
1007 rtnl_link_unregister(&xfrmi_link_ops
);
1010 unregister_pernet_device(&xfrmi_net_ops
);
1013 module_init(xfrmi_init
);
1014 module_exit(xfrmi_fini
);
1015 MODULE_LICENSE("GPL");
1016 MODULE_ALIAS_RTNL_LINK("xfrm");
1017 MODULE_ALIAS_NETDEV("xfrm0");
1018 MODULE_AUTHOR("Steffen Klassert");
1019 MODULE_DESCRIPTION("XFRM virtual interface");