Gitiles
Code Review Sign In
192.168.1.100 / T800 / d35e95e9925a64cb7657c4ebb5d76d1911359e4b / . / src / kernel / linux / v4.19 / net / xfrm / xfrm_interface.c
blob: d6a3cdf7885c3e9d8ce3296fc55db80c8ec19abb [file] [log] [blame]
xjb04a4022021-11-25 15:01:52 +0800[diff] [blame]1// SPDX-License-Identifier: GPL-2.0
2/*
3 * XFRM virtual interface
4 *
5 * Copyright (C) 2018 secunet Security Networks AG
6 *
7 * Author:
8 * Steffen Klassert <steffen.klassert@secunet.com>
9 */
10
11#include <linux/module.h>
12#include <linux/capability.h>
13#include <linux/errno.h>
14#include <linux/types.h>
15#include <linux/sockios.h>
16#include <linux/icmp.h>
17#include <linux/if.h>
18#include <linux/in.h>
19#include <linux/ip.h>
20#include <linux/net.h>
21#include <linux/in6.h>
22#include <linux/netdevice.h>
23#include <linux/if_link.h>
24#include <linux/if_arp.h>
25#include <linux/icmpv6.h>
26#include <linux/init.h>
27#include <linux/route.h>
28#include <linux/rtnetlink.h>
29#include <linux/netfilter_ipv6.h>
30#include <linux/slab.h>
31#include <linux/hash.h>
32
33#include <linux/uaccess.h>
34#include <linux/atomic.h>
35
36#include <net/icmp.h>
37#include <net/ip.h>
38#include <net/ipv6.h>
39#include <net/ip6_route.h>
40#include <net/addrconf.h>
41#include <net/xfrm.h>
42#include <net/net_namespace.h>
43#include <net/netns/generic.h>
44#include <linux/etherdevice.h>
45
46static int xfrmi_dev_init(struct net_device *dev);
47static void xfrmi_dev_setup(struct net_device *dev);
48static struct rtnl_link_ops xfrmi_link_ops __read_mostly;
49static unsigned int xfrmi_net_id __read_mostly;
50
51struct xfrmi_net {
52 /* lists for storing interfaces in use */
53 struct xfrm_if __rcu *xfrmi[1];
54};
55
56#define for_each_xfrmi_rcu(start, xi) \
57 for (xi = rcu_dereference(start); xi; xi = rcu_dereference(xi->next))
58
59static struct xfrm_if *xfrmi_lookup(struct net *net, struct xfrm_state *x)
60{
61 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
62 struct xfrm_if *xi;
63
64 for_each_xfrmi_rcu(xfrmn->xfrmi[0], xi) {
65 if (x->if_id == xi->p.if_id &&
66 (xi->dev->flags & IFF_UP))
67 return xi;
68 }
69
70 return NULL;
71}
72
73static struct xfrm_if *xfrmi_decode_session(struct sk_buff *skb,
74 unsigned short family)
75{
76 struct xfrmi_net *xfrmn;
77 struct xfrm_if *xi;
78 int ifindex = 0;
79
80 if (!secpath_exists(skb) || !skb->dev)
81 return NULL;
82
83 switch (family) {
84 case AF_INET6:
85 ifindex = inet6_sdif(skb);
86 break;
87 case AF_INET:
88 ifindex = inet_sdif(skb);
89 break;
90 }
91 if (!ifindex)
92 ifindex = skb->dev->ifindex;
93
94 xfrmn = net_generic(xs_net(xfrm_input_state(skb)), xfrmi_net_id);
95
96 for_each_xfrmi_rcu(xfrmn->xfrmi[0], xi) {
97 if (ifindex == xi->dev->ifindex &&
98 (xi->dev->flags & IFF_UP))
99 return xi;
100 }
101
102 return NULL;
103}
104
105static void xfrmi_link(struct xfrmi_net *xfrmn, struct xfrm_if *xi)
106{
107 struct xfrm_if __rcu **xip = &xfrmn->xfrmi[0];
108
109 rcu_assign_pointer(xi->next , rtnl_dereference(*xip));
110 rcu_assign_pointer(*xip, xi);
111}
112
113static void xfrmi_unlink(struct xfrmi_net *xfrmn, struct xfrm_if *xi)
114{
115 struct xfrm_if __rcu **xip;
116 struct xfrm_if *iter;
117
118 for (xip = &xfrmn->xfrmi[0];
119 (iter = rtnl_dereference(*xip)) != NULL;
120 xip = &iter->next) {
121 if (xi == iter) {
122 rcu_assign_pointer(*xip, xi->next);
123 break;
124 }
125 }
126}
127
128static void xfrmi_dev_free(struct net_device *dev)
129{
130 struct xfrm_if *xi = netdev_priv(dev);
131
132 gro_cells_destroy(&xi->gro_cells);
133 free_percpu(dev->tstats);
134}
135
136static int xfrmi_create(struct net_device *dev)
137{
138 struct xfrm_if *xi = netdev_priv(dev);
139 struct net *net = dev_net(dev);
140 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
141 int err;
142
143 dev->rtnl_link_ops = &xfrmi_link_ops;
144 err = register_netdevice(dev);
145 if (err < 0)
146 goto out;
147
148 strcpy(xi->p.name, dev->name);
149
150 dev_hold(dev);
151 xfrmi_link(xfrmn, xi);
152
153 return 0;
154
155out:
156 return err;
157}
158
159static struct xfrm_if *xfrmi_locate(struct net *net, struct xfrm_if_parms *p)
160{
161 struct xfrm_if __rcu **xip;
162 struct xfrm_if *xi;
163 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
164
165 for (xip = &xfrmn->xfrmi[0];
166 (xi = rtnl_dereference(*xip)) != NULL;
167 xip = &xi->next)
168 if (xi->p.if_id == p->if_id)
169 return xi;
170
171 return NULL;
172}
173
174static void xfrmi_dev_uninit(struct net_device *dev)
175{
176 struct xfrm_if *xi = netdev_priv(dev);
177 struct xfrmi_net *xfrmn = net_generic(xi->net, xfrmi_net_id);
178
179 xfrmi_unlink(xfrmn, xi);
180 dev_put(dev);
181}
182
183static void xfrmi_scrub_packet(struct sk_buff *skb, bool xnet)
184{
185 skb->tstamp = 0;
186 skb->pkt_type = PACKET_HOST;
187 skb->skb_iif = 0;
188 skb->ignore_df = 0;
189 skb_dst_drop(skb);
190 nf_reset(skb);
191 nf_reset_trace(skb);
192
193 if (!xnet)
194 return;
195
196 ipvs_reset(skb);
197 secpath_reset(skb);
198 skb_orphan(skb);
199 skb->mark = 0;
200}
201
202static int xfrmi_rcv_cb(struct sk_buff *skb, int err)
203{
204 struct pcpu_sw_netstats *tstats;
205 struct xfrm_mode *inner_mode;
206 struct net_device *dev;
207 struct xfrm_state *x;
208 struct xfrm_if *xi;
209 bool xnet;
210
211 if (err && !skb->sp)
212 return 0;
213
214 x = xfrm_input_state(skb);
215
216 xi = xfrmi_lookup(xs_net(x), x);
217 if (!xi)
218 return 1;
219
220 dev = xi->dev;
221 skb->dev = dev;
222
223 if (err) {
224 dev->stats.rx_errors++;
225 dev->stats.rx_dropped++;
226
227 return 0;
228 }
229
230 xnet = !net_eq(xi->net, dev_net(skb->dev));
231
232 if (xnet) {
233 inner_mode = x->inner_mode;
234
235 if (x->sel.family == AF_UNSPEC) {
236 inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
237 if (inner_mode == NULL) {
238 XFRM_INC_STATS(dev_net(skb->dev),
239 LINUX_MIB_XFRMINSTATEMODEERROR);
240 return -EINVAL;
241 }
242 }
243
244 if (!xfrm_policy_check(NULL, XFRM_POLICY_IN, skb,
245 inner_mode->afinfo->family))
246 return -EPERM;
247 }
248
249 xfrmi_scrub_packet(skb, xnet);
250
251 tstats = this_cpu_ptr(dev->tstats);
252
253 u64_stats_update_begin(&tstats->syncp);
254 tstats->rx_packets++;
255 tstats->rx_bytes += skb->len;
256 u64_stats_update_end(&tstats->syncp);
257
258 return 0;
259}
260
261static int
262xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
263{
264 struct xfrm_if *xi = netdev_priv(dev);
265 struct net_device_stats *stats = &xi->dev->stats;
266 struct dst_entry *dst = skb_dst(skb);
267 unsigned int length = skb->len;
268 struct net_device *tdev;
269 struct xfrm_state *x;
270 int err = -1;
271 int mtu;
272
273 if (!dst)
274 goto tx_err_link_failure;
275
276 dst_hold(dst);
277 dst = xfrm_lookup_with_ifid(xi->net, dst, fl, NULL, 0, xi->p.if_id);
278 if (IS_ERR(dst)) {
279 err = PTR_ERR(dst);
280 dst = NULL;
281 goto tx_err_link_failure;
282 }
283
284 x = dst->xfrm;
285 if (!x)
286 goto tx_err_link_failure;
287
288 if (x->if_id != xi->p.if_id)
289 goto tx_err_link_failure;
290
291 tdev = dst->dev;
292
293 if (tdev == dev) {
294 stats->collisions++;
295 net_warn_ratelimited("%s: Local routing loop detected!\n",
296 xi->p.name);
297 goto tx_err_dst_release;
298 }
299
300 mtu = dst_mtu(dst);
301 if (!skb->ignore_df && skb->len > mtu) {
302 skb_dst_update_pmtu(skb, mtu);
303
304 if (skb->protocol == htons(ETH_P_IPV6)) {
305 if (mtu < IPV6_MIN_MTU)
306 mtu = IPV6_MIN_MTU;
307
308 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
309 } else {
310 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
311 htonl(mtu));
312 }
313
314 dst_release(dst);
315 return -EMSGSIZE;
316 }
317
318 xfrmi_scrub_packet(skb, !net_eq(xi->net, dev_net(dev)));
319 skb_dst_set(skb, dst);
320 skb->dev = tdev;
321
322 err = dst_output(xi->net, skb->sk, skb);
323 if (net_xmit_eval(err) == 0) {
324 struct pcpu_sw_netstats *tstats = this_cpu_ptr(dev->tstats);
325
326 u64_stats_update_begin(&tstats->syncp);
327 tstats->tx_bytes += length;
328 tstats->tx_packets++;
329 u64_stats_update_end(&tstats->syncp);
330 } else {
331 stats->tx_errors++;
332 stats->tx_aborted_errors++;
333 }
334
335 return 0;
336tx_err_link_failure:
337 stats->tx_carrier_errors++;
338 dst_link_failure(skb);
339tx_err_dst_release:
340 dst_release(dst);
341 return err;
342}
343
344static netdev_tx_t xfrmi_xmit(struct sk_buff *skb, struct net_device *dev)
345{
346 struct xfrm_if *xi = netdev_priv(dev);
347 struct net_device_stats *stats = &xi->dev->stats;
348 struct flowi fl;
349 int ret;
350
351 memset(&fl, 0, sizeof(fl));
352
353 switch (skb->protocol) {
354 case htons(ETH_P_IPV6):
355 xfrm_decode_session(skb, &fl, AF_INET6);
356 memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
357 break;
358 case htons(ETH_P_IP):
359 xfrm_decode_session(skb, &fl, AF_INET);
360 memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
361 break;
362 default:
363 goto tx_err;
364 }
365
366 fl.flowi_oif = xi->p.link;
367
368 ret = xfrmi_xmit2(skb, dev, &fl);
369 if (ret < 0)
370 goto tx_err;
371
372 return NETDEV_TX_OK;
373
374tx_err:
375 stats->tx_errors++;
376 stats->tx_dropped++;
377 kfree_skb(skb);
378 return NETDEV_TX_OK;
379}
380
381static int xfrmi4_err(struct sk_buff *skb, u32 info)
382{
383 const struct iphdr *iph = (const struct iphdr *)skb->data;
384 struct net *net = dev_net(skb->dev);
385 int protocol = iph->protocol;
386 struct ip_comp_hdr *ipch;
387 struct ip_esp_hdr *esph;
388 struct ip_auth_hdr *ah ;
389 struct xfrm_state *x;
390 struct xfrm_if *xi;
391 __be32 spi;
392
393 switch (protocol) {
394 case IPPROTO_ESP:
395 esph = (struct ip_esp_hdr *)(skb->data+(iph->ihl<<2));
396 spi = esph->spi;
397 break;
398 case IPPROTO_AH:
399 ah = (struct ip_auth_hdr *)(skb->data+(iph->ihl<<2));
400 spi = ah->spi;
401 break;
402 case IPPROTO_COMP:
403 ipch = (struct ip_comp_hdr *)(skb->data+(iph->ihl<<2));
404 spi = htonl(ntohs(ipch->cpi));
405 break;
406 default:
407 return 0;
408 }
409
410 switch (icmp_hdr(skb)->type) {
411 case ICMP_DEST_UNREACH:
412 if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
413 return 0;
414 case ICMP_REDIRECT:
415 break;
416 default:
417 return 0;
418 }
419
420 x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
421 spi, protocol, AF_INET);
422 if (!x)
423 return 0;
424
425 xi = xfrmi_lookup(net, x);
426 if (!xi) {
427 xfrm_state_put(x);
428 return -1;
429 }
430
431 if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
432 ipv4_update_pmtu(skb, net, info, 0, 0, protocol, 0);
433 else
434 ipv4_redirect(skb, net, 0, 0, protocol, 0);
435 xfrm_state_put(x);
436
437 return 0;
438}
439
440static int xfrmi6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
441 u8 type, u8 code, int offset, __be32 info)
442{
443 const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
444 struct net *net = dev_net(skb->dev);
445 int protocol = iph->nexthdr;
446 struct ip_comp_hdr *ipch;
447 struct ip_esp_hdr *esph;
448 struct ip_auth_hdr *ah;
449 struct xfrm_state *x;
450 struct xfrm_if *xi;
451 __be32 spi;
452
453 switch (protocol) {
454 case IPPROTO_ESP:
455 esph = (struct ip_esp_hdr *)(skb->data + offset);
456 spi = esph->spi;
457 break;
458 case IPPROTO_AH:
459 ah = (struct ip_auth_hdr *)(skb->data + offset);
460 spi = ah->spi;
461 break;
462 case IPPROTO_COMP:
463 ipch = (struct ip_comp_hdr *)(skb->data + offset);
464 spi = htonl(ntohs(ipch->cpi));
465 break;
466 default:
467 return 0;
468 }
469
470 if (type != ICMPV6_PKT_TOOBIG &&
471 type != NDISC_REDIRECT)
472 return 0;
473
474 x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
475 spi, protocol, AF_INET6);
476 if (!x)
477 return 0;
478
479 xi = xfrmi_lookup(net, x);
480 if (!xi) {
481 xfrm_state_put(x);
482 return -1;
483 }
484
485 if (type == NDISC_REDIRECT)
486 ip6_redirect(skb, net, skb->dev->ifindex, 0,
487 sock_net_uid(net, NULL));
488 else
489 ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
490 xfrm_state_put(x);
491
492 return 0;
493}
494
495static int xfrmi_change(struct xfrm_if *xi, const struct xfrm_if_parms *p)
496{
497 if (xi->p.link != p->link)
498 return -EINVAL;
499
500 xi->p.if_id = p->if_id;
501
502 return 0;
503}
504
505static int xfrmi_update(struct xfrm_if *xi, struct xfrm_if_parms *p)
506{
507 struct net *net = xi->net;
508 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
509 int err;
510
511 xfrmi_unlink(xfrmn, xi);
512 synchronize_net();
513 err = xfrmi_change(xi, p);
514 xfrmi_link(xfrmn, xi);
515 netdev_state_change(xi->dev);
516 return err;
517}
518
519static void xfrmi_get_stats64(struct net_device *dev,
520 struct rtnl_link_stats64 *s)
521{
522 int cpu;
523
524 if (!dev->tstats)
525 return;
526
527 for_each_possible_cpu(cpu) {
528 struct pcpu_sw_netstats *stats;
529 struct pcpu_sw_netstats tmp;
530 int start;
531
532 stats = per_cpu_ptr(dev->tstats, cpu);
533 do {
534 start = u64_stats_fetch_begin_irq(&stats->syncp);
535 tmp.rx_packets = stats->rx_packets;
536 tmp.rx_bytes = stats->rx_bytes;
537 tmp.tx_packets = stats->tx_packets;
538 tmp.tx_bytes = stats->tx_bytes;
539 } while (u64_stats_fetch_retry_irq(&stats->syncp, start));
540
541 s->rx_packets += tmp.rx_packets;
542 s->rx_bytes += tmp.rx_bytes;
543 s->tx_packets += tmp.tx_packets;
544 s->tx_bytes += tmp.tx_bytes;
545 }
546
547 s->rx_dropped = dev->stats.rx_dropped;
548 s->tx_dropped = dev->stats.tx_dropped;
549}
550
551static int xfrmi_get_iflink(const struct net_device *dev)
552{
553 struct xfrm_if *xi = netdev_priv(dev);
554
555 return xi->p.link;
556}
557
558
559static const struct net_device_ops xfrmi_netdev_ops = {
560 .ndo_init = xfrmi_dev_init,
561 .ndo_uninit = xfrmi_dev_uninit,
562 .ndo_start_xmit = xfrmi_xmit,
563 .ndo_get_stats64 = xfrmi_get_stats64,
564 .ndo_get_iflink = xfrmi_get_iflink,
565};
566
567static void xfrmi_dev_setup(struct net_device *dev)
568{
569 dev->netdev_ops = &xfrmi_netdev_ops;
570 dev->type = ARPHRD_NONE;
571 dev->hard_header_len = ETH_HLEN;
572 dev->min_header_len = ETH_HLEN;
573 dev->mtu = ETH_DATA_LEN;
574 dev->min_mtu = ETH_MIN_MTU;
575 dev->max_mtu = ETH_DATA_LEN;
576 dev->addr_len = ETH_ALEN;
577 dev->flags = IFF_NOARP;
578 dev->needs_free_netdev = true;
579 dev->priv_destructor = xfrmi_dev_free;
580 netif_keep_dst(dev);
581
582 eth_broadcast_addr(dev->broadcast);
583}
584
585static int xfrmi_dev_init(struct net_device *dev)
586{
587 struct xfrm_if *xi = netdev_priv(dev);
588 struct net_device *phydev = __dev_get_by_index(xi->net, xi->p.link);
589 int err;
590
591 dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
592 if (!dev->tstats)
593 return -ENOMEM;
594
595 err = gro_cells_init(&xi->gro_cells, dev);
596 if (err) {
597 free_percpu(dev->tstats);
598 return err;
599 }
600
601 dev->features |= NETIF_F_LLTX;
602
603 if (phydev) {
604 dev->needed_headroom = phydev->needed_headroom;
605 dev->needed_tailroom = phydev->needed_tailroom;
606
607 if (is_zero_ether_addr(dev->dev_addr))
608 eth_hw_addr_inherit(dev, phydev);
609 if (is_zero_ether_addr(dev->broadcast))
610 memcpy(dev->broadcast, phydev->broadcast,
611 dev->addr_len);
612 } else {
613 eth_hw_addr_random(dev);
614 eth_broadcast_addr(dev->broadcast);
615 }
616
617 return 0;
618}
619
620static int xfrmi_validate(struct nlattr *tb[], struct nlattr *data[],
621 struct netlink_ext_ack *extack)
622{
623 return 0;
624}
625
626static void xfrmi_netlink_parms(struct nlattr *data[],
627 struct xfrm_if_parms *parms)
628{
629 memset(parms, 0, sizeof(*parms));
630
631 if (!data)
632 return;
633
634 if (data[IFLA_XFRM_LINK])
635 parms->link = nla_get_u32(data[IFLA_XFRM_LINK]);
636
637 if (data[IFLA_XFRM_IF_ID])
638 parms->if_id = nla_get_u32(data[IFLA_XFRM_IF_ID]);
639}
640
641static int xfrmi_newlink(struct net *src_net, struct net_device *dev,
642 struct nlattr *tb[], struct nlattr *data[],
643 struct netlink_ext_ack *extack)
644{
645 struct net *net = dev_net(dev);
646 struct xfrm_if_parms p;
647 struct xfrm_if *xi;
648 int err;
649
650 xfrmi_netlink_parms(data, &p);
651
652 if (!tb[IFLA_IFNAME])
653 return -EINVAL;
654
655 nla_strlcpy(p.name, tb[IFLA_IFNAME], IFNAMSIZ);
656
657 xi = xfrmi_locate(net, &p);
658 if (xi)
659 return -EEXIST;
660
661 xi = netdev_priv(dev);
662 xi->p = p;
663 xi->net = net;
664 xi->dev = dev;
665
666 err = xfrmi_create(dev);
667 return err;
668}
669
670static void xfrmi_dellink(struct net_device *dev, struct list_head *head)
671{
672 unregister_netdevice_queue(dev, head);
673}
674
675static int xfrmi_changelink(struct net_device *dev, struct nlattr *tb[],
676 struct nlattr *data[],
677 struct netlink_ext_ack *extack)
678{
679 struct xfrm_if *xi = netdev_priv(dev);
680 struct net *net = xi->net;
681 struct xfrm_if_parms p;
682
683 xfrmi_netlink_parms(data, &p);
684 xi = xfrmi_locate(net, &p);
685 if (!xi) {
686 xi = netdev_priv(dev);
687 } else {
688 if (xi->dev != dev)
689 return -EEXIST;
690 }
691
692 return xfrmi_update(xi, &p);
693}
694
695static size_t xfrmi_get_size(const struct net_device *dev)
696{
697 return
698 /* IFLA_XFRM_LINK */
699 nla_total_size(4) +
700 /* IFLA_XFRM_IF_ID */
701 nla_total_size(4) +
702 0;
703}
704
705static int xfrmi_fill_info(struct sk_buff *skb, const struct net_device *dev)
706{
707 struct xfrm_if *xi = netdev_priv(dev);
708 struct xfrm_if_parms *parm = &xi->p;
709
710 if (nla_put_u32(skb, IFLA_XFRM_LINK, parm->link) ||
711 nla_put_u32(skb, IFLA_XFRM_IF_ID, parm->if_id))
712 goto nla_put_failure;
713 return 0;
714
715nla_put_failure:
716 return -EMSGSIZE;
717}
718
719struct net *xfrmi_get_link_net(const struct net_device *dev)
720{
721 struct xfrm_if *xi = netdev_priv(dev);
722
723 return xi->net;
724}
725
726static const struct nla_policy xfrmi_policy[IFLA_XFRM_MAX + 1] = {
727 [IFLA_XFRM_LINK] = { .type = NLA_U32 },
728 [IFLA_XFRM_IF_ID] = { .type = NLA_U32 },
729};
730
731static struct rtnl_link_ops xfrmi_link_ops __read_mostly = {
732 .kind = "xfrm",
733 .maxtype = IFLA_XFRM_MAX,
734 .policy = xfrmi_policy,
735 .priv_size = sizeof(struct xfrm_if),
736 .setup = xfrmi_dev_setup,
737 .validate = xfrmi_validate,
738 .newlink = xfrmi_newlink,
739 .dellink = xfrmi_dellink,
740 .changelink = xfrmi_changelink,
741 .get_size = xfrmi_get_size,
742 .fill_info = xfrmi_fill_info,
743 .get_link_net = xfrmi_get_link_net,
744};
745
746static void __net_exit xfrmi_destroy_interfaces(struct xfrmi_net *xfrmn)
747{
748 struct xfrm_if *xi;
749 LIST_HEAD(list);
750
751 xi = rtnl_dereference(xfrmn->xfrmi[0]);
752 if (!xi)
753 return;
754
755 unregister_netdevice_queue(xi->dev, &list);
756 unregister_netdevice_many(&list);
757}
758
759static int __net_init xfrmi_init_net(struct net *net)
760{
761 return 0;
762}
763
764static void __net_exit xfrmi_exit_net(struct net *net)
765{
766 struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
767
768 rtnl_lock();
769 xfrmi_destroy_interfaces(xfrmn);
770 rtnl_unlock();
771}
772
773static struct pernet_operations xfrmi_net_ops = {
774 .init = xfrmi_init_net,
775 .exit = xfrmi_exit_net,
776 .id = &xfrmi_net_id,
777 .size = sizeof(struct xfrmi_net),
778};
779
780static struct xfrm6_protocol xfrmi_esp6_protocol __read_mostly = {
781 .handler = xfrm6_rcv,
782 .cb_handler = xfrmi_rcv_cb,
783 .err_handler = xfrmi6_err,
784 .priority = 10,
785};
786
787static struct xfrm6_protocol xfrmi_ah6_protocol __read_mostly = {
788 .handler = xfrm6_rcv,
789 .cb_handler = xfrmi_rcv_cb,
790 .err_handler = xfrmi6_err,
791 .priority = 10,
792};
793
794static struct xfrm6_protocol xfrmi_ipcomp6_protocol __read_mostly = {
795 .handler = xfrm6_rcv,
796 .cb_handler = xfrmi_rcv_cb,
797 .err_handler = xfrmi6_err,
798 .priority = 10,
799};
800
801static struct xfrm4_protocol xfrmi_esp4_protocol __read_mostly = {
802 .handler = xfrm4_rcv,
803 .input_handler = xfrm_input,
804 .cb_handler = xfrmi_rcv_cb,
805 .err_handler = xfrmi4_err,
806 .priority = 10,
807};
808
809static struct xfrm4_protocol xfrmi_ah4_protocol __read_mostly = {
810 .handler = xfrm4_rcv,
811 .input_handler = xfrm_input,
812 .cb_handler = xfrmi_rcv_cb,
813 .err_handler = xfrmi4_err,
814 .priority = 10,
815};
816
817static struct xfrm4_protocol xfrmi_ipcomp4_protocol __read_mostly = {
818 .handler = xfrm4_rcv,
819 .input_handler = xfrm_input,
820 .cb_handler = xfrmi_rcv_cb,
821 .err_handler = xfrmi4_err,
822 .priority = 10,
823};
824
825static int __init xfrmi4_init(void)
826{
827 int err;
828
829 err = xfrm4_protocol_register(&xfrmi_esp4_protocol, IPPROTO_ESP);
830 if (err < 0)
831 goto xfrm_proto_esp_failed;
832 err = xfrm4_protocol_register(&xfrmi_ah4_protocol, IPPROTO_AH);
833 if (err < 0)
834 goto xfrm_proto_ah_failed;
835 err = xfrm4_protocol_register(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
836 if (err < 0)
837 goto xfrm_proto_comp_failed;
838
839 return 0;
840
841xfrm_proto_comp_failed:
842 xfrm4_protocol_deregister(&xfrmi_ah4_protocol, IPPROTO_AH);
843xfrm_proto_ah_failed:
844 xfrm4_protocol_deregister(&xfrmi_esp4_protocol, IPPROTO_ESP);
845xfrm_proto_esp_failed:
846 return err;
847}
848
849static void xfrmi4_fini(void)
850{
851 xfrm4_protocol_deregister(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
852 xfrm4_protocol_deregister(&xfrmi_ah4_protocol, IPPROTO_AH);
853 xfrm4_protocol_deregister(&xfrmi_esp4_protocol, IPPROTO_ESP);
854}
855
856static int __init xfrmi6_init(void)
857{
858 int err;
859
860 err = xfrm6_protocol_register(&xfrmi_esp6_protocol, IPPROTO_ESP);
861 if (err < 0)
862 goto xfrm_proto_esp_failed;
863 err = xfrm6_protocol_register(&xfrmi_ah6_protocol, IPPROTO_AH);
864 if (err < 0)
865 goto xfrm_proto_ah_failed;
866 err = xfrm6_protocol_register(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
867 if (err < 0)
868 goto xfrm_proto_comp_failed;
869
870 return 0;
871
872xfrm_proto_comp_failed:
873 xfrm6_protocol_deregister(&xfrmi_ah6_protocol, IPPROTO_AH);
874xfrm_proto_ah_failed:
875 xfrm6_protocol_deregister(&xfrmi_esp6_protocol, IPPROTO_ESP);
876xfrm_proto_esp_failed:
877 return err;
878}
879
880static void xfrmi6_fini(void)
881{
882 xfrm6_protocol_deregister(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
883 xfrm6_protocol_deregister(&xfrmi_ah6_protocol, IPPROTO_AH);
884 xfrm6_protocol_deregister(&xfrmi_esp6_protocol, IPPROTO_ESP);
885}
886
887static const struct xfrm_if_cb xfrm_if_cb = {
888 .decode_session = xfrmi_decode_session,
889};
890
891static int __init xfrmi_init(void)
892{
893 const char *msg;
894 int err;
895
896 pr_info("IPsec XFRM device driver\n");
897
898 msg = "tunnel device";
899 err = register_pernet_device(&xfrmi_net_ops);
900 if (err < 0)
901 goto pernet_dev_failed;
902
903 msg = "xfrm4 protocols";
904 err = xfrmi4_init();
905 if (err < 0)
906 goto xfrmi4_failed;
907
908 msg = "xfrm6 protocols";
909 err = xfrmi6_init();
910 if (err < 0)
911 goto xfrmi6_failed;
912
913
914 msg = "netlink interface";
915 err = rtnl_link_register(&xfrmi_link_ops);
916 if (err < 0)
917 goto rtnl_link_failed;
918
919 xfrm_if_register_cb(&xfrm_if_cb);
920
921 return err;
922
923rtnl_link_failed:
924 xfrmi6_fini();
925xfrmi6_failed:
926 xfrmi4_fini();
927xfrmi4_failed:
928 unregister_pernet_device(&xfrmi_net_ops);
929pernet_dev_failed:
930 pr_err("xfrmi init: failed to register %s\n", msg);
931 return err;
932}
933
934static void __exit xfrmi_fini(void)
935{
936 xfrm_if_unregister_cb();
937 rtnl_link_unregister(&xfrmi_link_ops);
938 xfrmi4_fini();
939 xfrmi6_fini();
940 unregister_pernet_device(&xfrmi_net_ops);
941}
942
943module_init(xfrmi_init);
944module_exit(xfrmi_fini);
945MODULE_LICENSE("GPL");
946MODULE_ALIAS_RTNL_LINK("xfrm");
947MODULE_ALIAS_NETDEV("xfrm0");
948MODULE_AUTHOR("Steffen Klassert");
949MODULE_DESCRIPTION("XFRM virtual interface");