18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 28c2ecf20Sopenharmony_ci/* Copyright (c) 2014 Mahesh Bandewar <maheshb@google.com> 38c2ecf20Sopenharmony_ci */ 48c2ecf20Sopenharmony_ci 58c2ecf20Sopenharmony_ci#include "ipvlan.h" 68c2ecf20Sopenharmony_ci 78c2ecf20Sopenharmony_cistatic unsigned int ipvlan_netid __read_mostly; 88c2ecf20Sopenharmony_ci 98c2ecf20Sopenharmony_cistruct ipvlan_netns { 108c2ecf20Sopenharmony_ci unsigned int ipvl_nf_hook_refcnt; 118c2ecf20Sopenharmony_ci}; 128c2ecf20Sopenharmony_ci 138c2ecf20Sopenharmony_cistatic struct ipvl_addr *ipvlan_skb_to_addr(struct sk_buff *skb, 148c2ecf20Sopenharmony_ci struct net_device *dev) 158c2ecf20Sopenharmony_ci{ 168c2ecf20Sopenharmony_ci struct ipvl_addr *addr = NULL; 178c2ecf20Sopenharmony_ci struct ipvl_port *port; 188c2ecf20Sopenharmony_ci int addr_type; 198c2ecf20Sopenharmony_ci void *lyr3h; 208c2ecf20Sopenharmony_ci 218c2ecf20Sopenharmony_ci if (!dev || !netif_is_ipvlan_port(dev)) 228c2ecf20Sopenharmony_ci goto out; 238c2ecf20Sopenharmony_ci 248c2ecf20Sopenharmony_ci port = ipvlan_port_get_rcu(dev); 258c2ecf20Sopenharmony_ci if (!port || port->mode != IPVLAN_MODE_L3S) 268c2ecf20Sopenharmony_ci goto out; 278c2ecf20Sopenharmony_ci 288c2ecf20Sopenharmony_ci lyr3h = ipvlan_get_L3_hdr(port, skb, &addr_type); 298c2ecf20Sopenharmony_ci if (!lyr3h) 308c2ecf20Sopenharmony_ci goto out; 318c2ecf20Sopenharmony_ci 328c2ecf20Sopenharmony_ci addr = ipvlan_addr_lookup(port, lyr3h, addr_type, true); 338c2ecf20Sopenharmony_ciout: 348c2ecf20Sopenharmony_ci return addr; 358c2ecf20Sopenharmony_ci} 368c2ecf20Sopenharmony_ci 378c2ecf20Sopenharmony_cistatic struct sk_buff *ipvlan_l3_rcv(struct net_device *dev, 388c2ecf20Sopenharmony_ci struct sk_buff *skb, u16 proto) 398c2ecf20Sopenharmony_ci{ 408c2ecf20Sopenharmony_ci struct ipvl_addr *addr; 418c2ecf20Sopenharmony_ci struct net_device *sdev; 428c2ecf20Sopenharmony_ci 438c2ecf20Sopenharmony_ci addr = ipvlan_skb_to_addr(skb, dev); 448c2ecf20Sopenharmony_ci if (!addr) 458c2ecf20Sopenharmony_ci goto out; 468c2ecf20Sopenharmony_ci 478c2ecf20Sopenharmony_ci sdev = addr->master->dev; 488c2ecf20Sopenharmony_ci switch (proto) { 498c2ecf20Sopenharmony_ci case AF_INET: 508c2ecf20Sopenharmony_ci { 518c2ecf20Sopenharmony_ci struct iphdr *ip4h = ip_hdr(skb); 528c2ecf20Sopenharmony_ci int err; 538c2ecf20Sopenharmony_ci 548c2ecf20Sopenharmony_ci err = ip_route_input_noref(skb, ip4h->daddr, ip4h->saddr, 558c2ecf20Sopenharmony_ci ip4h->tos, sdev); 568c2ecf20Sopenharmony_ci if (unlikely(err)) 578c2ecf20Sopenharmony_ci goto out; 588c2ecf20Sopenharmony_ci break; 598c2ecf20Sopenharmony_ci } 608c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 618c2ecf20Sopenharmony_ci case AF_INET6: 628c2ecf20Sopenharmony_ci { 638c2ecf20Sopenharmony_ci struct dst_entry *dst; 648c2ecf20Sopenharmony_ci struct ipv6hdr *ip6h = ipv6_hdr(skb); 658c2ecf20Sopenharmony_ci int flags = RT6_LOOKUP_F_HAS_SADDR; 668c2ecf20Sopenharmony_ci struct flowi6 fl6 = { 678c2ecf20Sopenharmony_ci .flowi6_iif = sdev->ifindex, 688c2ecf20Sopenharmony_ci .daddr = ip6h->daddr, 698c2ecf20Sopenharmony_ci .saddr = ip6h->saddr, 708c2ecf20Sopenharmony_ci .flowlabel = ip6_flowinfo(ip6h), 718c2ecf20Sopenharmony_ci .flowi6_mark = skb->mark, 728c2ecf20Sopenharmony_ci .flowi6_proto = ip6h->nexthdr, 738c2ecf20Sopenharmony_ci }; 748c2ecf20Sopenharmony_ci 758c2ecf20Sopenharmony_ci skb_dst_drop(skb); 768c2ecf20Sopenharmony_ci dst = ip6_route_input_lookup(dev_net(sdev), sdev, &fl6, 778c2ecf20Sopenharmony_ci skb, flags); 788c2ecf20Sopenharmony_ci skb_dst_set(skb, dst); 798c2ecf20Sopenharmony_ci break; 808c2ecf20Sopenharmony_ci } 818c2ecf20Sopenharmony_ci#endif 828c2ecf20Sopenharmony_ci default: 838c2ecf20Sopenharmony_ci break; 848c2ecf20Sopenharmony_ci } 858c2ecf20Sopenharmony_ciout: 868c2ecf20Sopenharmony_ci return skb; 878c2ecf20Sopenharmony_ci} 888c2ecf20Sopenharmony_ci 898c2ecf20Sopenharmony_cistatic const struct l3mdev_ops ipvl_l3mdev_ops = { 908c2ecf20Sopenharmony_ci .l3mdev_l3_rcv = ipvlan_l3_rcv, 918c2ecf20Sopenharmony_ci}; 928c2ecf20Sopenharmony_ci 938c2ecf20Sopenharmony_cistatic unsigned int ipvlan_nf_input(void *priv, struct sk_buff *skb, 948c2ecf20Sopenharmony_ci const struct nf_hook_state *state) 958c2ecf20Sopenharmony_ci{ 968c2ecf20Sopenharmony_ci struct ipvl_addr *addr; 978c2ecf20Sopenharmony_ci unsigned int len; 988c2ecf20Sopenharmony_ci 998c2ecf20Sopenharmony_ci addr = ipvlan_skb_to_addr(skb, skb->dev); 1008c2ecf20Sopenharmony_ci if (!addr) 1018c2ecf20Sopenharmony_ci goto out; 1028c2ecf20Sopenharmony_ci 1038c2ecf20Sopenharmony_ci skb->dev = addr->master->dev; 1048c2ecf20Sopenharmony_ci skb->skb_iif = skb->dev->ifindex; 1058c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 1068c2ecf20Sopenharmony_ci if (addr->atype == IPVL_IPV6) 1078c2ecf20Sopenharmony_ci IP6CB(skb)->iif = skb->dev->ifindex; 1088c2ecf20Sopenharmony_ci#endif 1098c2ecf20Sopenharmony_ci len = skb->len + ETH_HLEN; 1108c2ecf20Sopenharmony_ci ipvlan_count_rx(addr->master, len, true, false); 1118c2ecf20Sopenharmony_ciout: 1128c2ecf20Sopenharmony_ci return NF_ACCEPT; 1138c2ecf20Sopenharmony_ci} 1148c2ecf20Sopenharmony_ci 1158c2ecf20Sopenharmony_cistatic const struct nf_hook_ops ipvl_nfops[] = { 1168c2ecf20Sopenharmony_ci { 1178c2ecf20Sopenharmony_ci .hook = ipvlan_nf_input, 1188c2ecf20Sopenharmony_ci .pf = NFPROTO_IPV4, 1198c2ecf20Sopenharmony_ci .hooknum = NF_INET_LOCAL_IN, 1208c2ecf20Sopenharmony_ci .priority = INT_MAX, 1218c2ecf20Sopenharmony_ci }, 1228c2ecf20Sopenharmony_ci#if IS_ENABLED(CONFIG_IPV6) 1238c2ecf20Sopenharmony_ci { 1248c2ecf20Sopenharmony_ci .hook = ipvlan_nf_input, 1258c2ecf20Sopenharmony_ci .pf = NFPROTO_IPV6, 1268c2ecf20Sopenharmony_ci .hooknum = NF_INET_LOCAL_IN, 1278c2ecf20Sopenharmony_ci .priority = INT_MAX, 1288c2ecf20Sopenharmony_ci }, 1298c2ecf20Sopenharmony_ci#endif 1308c2ecf20Sopenharmony_ci}; 1318c2ecf20Sopenharmony_ci 1328c2ecf20Sopenharmony_cistatic int ipvlan_register_nf_hook(struct net *net) 1338c2ecf20Sopenharmony_ci{ 1348c2ecf20Sopenharmony_ci struct ipvlan_netns *vnet = net_generic(net, ipvlan_netid); 1358c2ecf20Sopenharmony_ci int err = 0; 1368c2ecf20Sopenharmony_ci 1378c2ecf20Sopenharmony_ci if (!vnet->ipvl_nf_hook_refcnt) { 1388c2ecf20Sopenharmony_ci err = nf_register_net_hooks(net, ipvl_nfops, 1398c2ecf20Sopenharmony_ci ARRAY_SIZE(ipvl_nfops)); 1408c2ecf20Sopenharmony_ci if (!err) 1418c2ecf20Sopenharmony_ci vnet->ipvl_nf_hook_refcnt = 1; 1428c2ecf20Sopenharmony_ci } else { 1438c2ecf20Sopenharmony_ci vnet->ipvl_nf_hook_refcnt++; 1448c2ecf20Sopenharmony_ci } 1458c2ecf20Sopenharmony_ci 1468c2ecf20Sopenharmony_ci return err; 1478c2ecf20Sopenharmony_ci} 1488c2ecf20Sopenharmony_ci 1498c2ecf20Sopenharmony_cistatic void ipvlan_unregister_nf_hook(struct net *net) 1508c2ecf20Sopenharmony_ci{ 1518c2ecf20Sopenharmony_ci struct ipvlan_netns *vnet = net_generic(net, ipvlan_netid); 1528c2ecf20Sopenharmony_ci 1538c2ecf20Sopenharmony_ci if (WARN_ON(!vnet->ipvl_nf_hook_refcnt)) 1548c2ecf20Sopenharmony_ci return; 1558c2ecf20Sopenharmony_ci 1568c2ecf20Sopenharmony_ci vnet->ipvl_nf_hook_refcnt--; 1578c2ecf20Sopenharmony_ci if (!vnet->ipvl_nf_hook_refcnt) 1588c2ecf20Sopenharmony_ci nf_unregister_net_hooks(net, ipvl_nfops, 1598c2ecf20Sopenharmony_ci ARRAY_SIZE(ipvl_nfops)); 1608c2ecf20Sopenharmony_ci} 1618c2ecf20Sopenharmony_ci 1628c2ecf20Sopenharmony_civoid ipvlan_migrate_l3s_hook(struct net *oldnet, struct net *newnet) 1638c2ecf20Sopenharmony_ci{ 1648c2ecf20Sopenharmony_ci struct ipvlan_netns *old_vnet; 1658c2ecf20Sopenharmony_ci 1668c2ecf20Sopenharmony_ci ASSERT_RTNL(); 1678c2ecf20Sopenharmony_ci 1688c2ecf20Sopenharmony_ci old_vnet = net_generic(oldnet, ipvlan_netid); 1698c2ecf20Sopenharmony_ci if (!old_vnet->ipvl_nf_hook_refcnt) 1708c2ecf20Sopenharmony_ci return; 1718c2ecf20Sopenharmony_ci 1728c2ecf20Sopenharmony_ci ipvlan_register_nf_hook(newnet); 1738c2ecf20Sopenharmony_ci ipvlan_unregister_nf_hook(oldnet); 1748c2ecf20Sopenharmony_ci} 1758c2ecf20Sopenharmony_ci 1768c2ecf20Sopenharmony_cistatic void ipvlan_ns_exit(struct net *net) 1778c2ecf20Sopenharmony_ci{ 1788c2ecf20Sopenharmony_ci struct ipvlan_netns *vnet = net_generic(net, ipvlan_netid); 1798c2ecf20Sopenharmony_ci 1808c2ecf20Sopenharmony_ci if (WARN_ON_ONCE(vnet->ipvl_nf_hook_refcnt)) { 1818c2ecf20Sopenharmony_ci vnet->ipvl_nf_hook_refcnt = 0; 1828c2ecf20Sopenharmony_ci nf_unregister_net_hooks(net, ipvl_nfops, 1838c2ecf20Sopenharmony_ci ARRAY_SIZE(ipvl_nfops)); 1848c2ecf20Sopenharmony_ci } 1858c2ecf20Sopenharmony_ci} 1868c2ecf20Sopenharmony_ci 1878c2ecf20Sopenharmony_cistatic struct pernet_operations ipvlan_net_ops = { 1888c2ecf20Sopenharmony_ci .id = &ipvlan_netid, 1898c2ecf20Sopenharmony_ci .size = sizeof(struct ipvlan_netns), 1908c2ecf20Sopenharmony_ci .exit = ipvlan_ns_exit, 1918c2ecf20Sopenharmony_ci}; 1928c2ecf20Sopenharmony_ci 1938c2ecf20Sopenharmony_ciint ipvlan_l3s_init(void) 1948c2ecf20Sopenharmony_ci{ 1958c2ecf20Sopenharmony_ci return register_pernet_subsys(&ipvlan_net_ops); 1968c2ecf20Sopenharmony_ci} 1978c2ecf20Sopenharmony_ci 1988c2ecf20Sopenharmony_civoid ipvlan_l3s_cleanup(void) 1998c2ecf20Sopenharmony_ci{ 2008c2ecf20Sopenharmony_ci unregister_pernet_subsys(&ipvlan_net_ops); 2018c2ecf20Sopenharmony_ci} 2028c2ecf20Sopenharmony_ci 2038c2ecf20Sopenharmony_ciint ipvlan_l3s_register(struct ipvl_port *port) 2048c2ecf20Sopenharmony_ci{ 2058c2ecf20Sopenharmony_ci struct net_device *dev = port->dev; 2068c2ecf20Sopenharmony_ci int ret; 2078c2ecf20Sopenharmony_ci 2088c2ecf20Sopenharmony_ci ASSERT_RTNL(); 2098c2ecf20Sopenharmony_ci 2108c2ecf20Sopenharmony_ci ret = ipvlan_register_nf_hook(read_pnet(&port->pnet)); 2118c2ecf20Sopenharmony_ci if (!ret) { 2128c2ecf20Sopenharmony_ci dev->l3mdev_ops = &ipvl_l3mdev_ops; 2138c2ecf20Sopenharmony_ci dev->priv_flags |= IFF_L3MDEV_RX_HANDLER; 2148c2ecf20Sopenharmony_ci } 2158c2ecf20Sopenharmony_ci 2168c2ecf20Sopenharmony_ci return ret; 2178c2ecf20Sopenharmony_ci} 2188c2ecf20Sopenharmony_ci 2198c2ecf20Sopenharmony_civoid ipvlan_l3s_unregister(struct ipvl_port *port) 2208c2ecf20Sopenharmony_ci{ 2218c2ecf20Sopenharmony_ci struct net_device *dev = port->dev; 2228c2ecf20Sopenharmony_ci 2238c2ecf20Sopenharmony_ci ASSERT_RTNL(); 2248c2ecf20Sopenharmony_ci 2258c2ecf20Sopenharmony_ci dev->priv_flags &= ~IFF_L3MDEV_RX_HANDLER; 2268c2ecf20Sopenharmony_ci ipvlan_unregister_nf_hook(read_pnet(&port->pnet)); 2278c2ecf20Sopenharmony_ci dev->l3mdev_ops = NULL; 2288c2ecf20Sopenharmony_ci} 229