18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 28c2ecf20Sopenharmony_ci/* xfrm4_protocol.c - Generic xfrm protocol multiplexer. 38c2ecf20Sopenharmony_ci * 48c2ecf20Sopenharmony_ci * Copyright (C) 2013 secunet Security Networks AG 58c2ecf20Sopenharmony_ci * 68c2ecf20Sopenharmony_ci * Author: 78c2ecf20Sopenharmony_ci * Steffen Klassert <steffen.klassert@secunet.com> 88c2ecf20Sopenharmony_ci * 98c2ecf20Sopenharmony_ci * Based on: 108c2ecf20Sopenharmony_ci * net/ipv4/tunnel4.c 118c2ecf20Sopenharmony_ci */ 128c2ecf20Sopenharmony_ci 138c2ecf20Sopenharmony_ci#include <linux/init.h> 148c2ecf20Sopenharmony_ci#include <linux/mutex.h> 158c2ecf20Sopenharmony_ci#include <linux/skbuff.h> 168c2ecf20Sopenharmony_ci#include <net/icmp.h> 178c2ecf20Sopenharmony_ci#include <net/ip.h> 188c2ecf20Sopenharmony_ci#include <net/protocol.h> 198c2ecf20Sopenharmony_ci#include <net/xfrm.h> 208c2ecf20Sopenharmony_ci 218c2ecf20Sopenharmony_cistatic struct xfrm4_protocol __rcu *esp4_handlers __read_mostly; 228c2ecf20Sopenharmony_cistatic struct xfrm4_protocol __rcu *ah4_handlers __read_mostly; 238c2ecf20Sopenharmony_cistatic struct xfrm4_protocol __rcu *ipcomp4_handlers __read_mostly; 248c2ecf20Sopenharmony_cistatic DEFINE_MUTEX(xfrm4_protocol_mutex); 258c2ecf20Sopenharmony_ci 268c2ecf20Sopenharmony_cistatic inline struct xfrm4_protocol __rcu **proto_handlers(u8 protocol) 278c2ecf20Sopenharmony_ci{ 288c2ecf20Sopenharmony_ci switch (protocol) { 298c2ecf20Sopenharmony_ci case IPPROTO_ESP: 308c2ecf20Sopenharmony_ci return &esp4_handlers; 318c2ecf20Sopenharmony_ci case IPPROTO_AH: 328c2ecf20Sopenharmony_ci return &ah4_handlers; 338c2ecf20Sopenharmony_ci case IPPROTO_COMP: 348c2ecf20Sopenharmony_ci return &ipcomp4_handlers; 358c2ecf20Sopenharmony_ci } 368c2ecf20Sopenharmony_ci 378c2ecf20Sopenharmony_ci return NULL; 388c2ecf20Sopenharmony_ci} 398c2ecf20Sopenharmony_ci 408c2ecf20Sopenharmony_ci#define for_each_protocol_rcu(head, handler) \ 418c2ecf20Sopenharmony_ci for (handler = rcu_dereference(head); \ 428c2ecf20Sopenharmony_ci handler != NULL; \ 438c2ecf20Sopenharmony_ci handler = rcu_dereference(handler->next)) \ 448c2ecf20Sopenharmony_ci 458c2ecf20Sopenharmony_cistatic int xfrm4_rcv_cb(struct sk_buff *skb, u8 protocol, int err) 468c2ecf20Sopenharmony_ci{ 478c2ecf20Sopenharmony_ci int ret; 488c2ecf20Sopenharmony_ci struct xfrm4_protocol *handler; 498c2ecf20Sopenharmony_ci struct xfrm4_protocol __rcu **head = proto_handlers(protocol); 508c2ecf20Sopenharmony_ci 518c2ecf20Sopenharmony_ci if (!head) 528c2ecf20Sopenharmony_ci return 0; 538c2ecf20Sopenharmony_ci 548c2ecf20Sopenharmony_ci for_each_protocol_rcu(*head, handler) 558c2ecf20Sopenharmony_ci if ((ret = handler->cb_handler(skb, err)) <= 0) 568c2ecf20Sopenharmony_ci return ret; 578c2ecf20Sopenharmony_ci 588c2ecf20Sopenharmony_ci return 0; 598c2ecf20Sopenharmony_ci} 608c2ecf20Sopenharmony_ci 618c2ecf20Sopenharmony_ciint xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi, 628c2ecf20Sopenharmony_ci int encap_type) 638c2ecf20Sopenharmony_ci{ 648c2ecf20Sopenharmony_ci int ret; 658c2ecf20Sopenharmony_ci struct xfrm4_protocol *handler; 668c2ecf20Sopenharmony_ci struct xfrm4_protocol __rcu **head = proto_handlers(nexthdr); 678c2ecf20Sopenharmony_ci 688c2ecf20Sopenharmony_ci XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; 698c2ecf20Sopenharmony_ci XFRM_SPI_SKB_CB(skb)->family = AF_INET; 708c2ecf20Sopenharmony_ci XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr); 718c2ecf20Sopenharmony_ci 728c2ecf20Sopenharmony_ci if (!head) 738c2ecf20Sopenharmony_ci goto out; 748c2ecf20Sopenharmony_ci 758c2ecf20Sopenharmony_ci if (!skb_dst(skb)) { 768c2ecf20Sopenharmony_ci const struct iphdr *iph = ip_hdr(skb); 778c2ecf20Sopenharmony_ci 788c2ecf20Sopenharmony_ci if (ip_route_input_noref(skb, iph->daddr, iph->saddr, 798c2ecf20Sopenharmony_ci iph->tos, skb->dev)) 808c2ecf20Sopenharmony_ci goto drop; 818c2ecf20Sopenharmony_ci } 828c2ecf20Sopenharmony_ci 838c2ecf20Sopenharmony_ci for_each_protocol_rcu(*head, handler) 848c2ecf20Sopenharmony_ci if ((ret = handler->input_handler(skb, nexthdr, spi, encap_type)) != -EINVAL) 858c2ecf20Sopenharmony_ci return ret; 868c2ecf20Sopenharmony_ci 878c2ecf20Sopenharmony_ciout: 888c2ecf20Sopenharmony_ci icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 898c2ecf20Sopenharmony_ci 908c2ecf20Sopenharmony_cidrop: 918c2ecf20Sopenharmony_ci kfree_skb(skb); 928c2ecf20Sopenharmony_ci return 0; 938c2ecf20Sopenharmony_ci} 948c2ecf20Sopenharmony_ciEXPORT_SYMBOL(xfrm4_rcv_encap); 958c2ecf20Sopenharmony_ci 968c2ecf20Sopenharmony_cistatic int xfrm4_esp_rcv(struct sk_buff *skb) 978c2ecf20Sopenharmony_ci{ 988c2ecf20Sopenharmony_ci int ret; 998c2ecf20Sopenharmony_ci struct xfrm4_protocol *handler; 1008c2ecf20Sopenharmony_ci 1018c2ecf20Sopenharmony_ci XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; 1028c2ecf20Sopenharmony_ci 1038c2ecf20Sopenharmony_ci for_each_protocol_rcu(esp4_handlers, handler) 1048c2ecf20Sopenharmony_ci if ((ret = handler->handler(skb)) != -EINVAL) 1058c2ecf20Sopenharmony_ci return ret; 1068c2ecf20Sopenharmony_ci 1078c2ecf20Sopenharmony_ci icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 1088c2ecf20Sopenharmony_ci 1098c2ecf20Sopenharmony_ci kfree_skb(skb); 1108c2ecf20Sopenharmony_ci return 0; 1118c2ecf20Sopenharmony_ci} 1128c2ecf20Sopenharmony_ci 1138c2ecf20Sopenharmony_cistatic int xfrm4_esp_err(struct sk_buff *skb, u32 info) 1148c2ecf20Sopenharmony_ci{ 1158c2ecf20Sopenharmony_ci struct xfrm4_protocol *handler; 1168c2ecf20Sopenharmony_ci 1178c2ecf20Sopenharmony_ci for_each_protocol_rcu(esp4_handlers, handler) 1188c2ecf20Sopenharmony_ci if (!handler->err_handler(skb, info)) 1198c2ecf20Sopenharmony_ci return 0; 1208c2ecf20Sopenharmony_ci 1218c2ecf20Sopenharmony_ci return -ENOENT; 1228c2ecf20Sopenharmony_ci} 1238c2ecf20Sopenharmony_ci 1248c2ecf20Sopenharmony_cistatic int xfrm4_ah_rcv(struct sk_buff *skb) 1258c2ecf20Sopenharmony_ci{ 1268c2ecf20Sopenharmony_ci int ret; 1278c2ecf20Sopenharmony_ci struct xfrm4_protocol *handler; 1288c2ecf20Sopenharmony_ci 1298c2ecf20Sopenharmony_ci XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; 1308c2ecf20Sopenharmony_ci 1318c2ecf20Sopenharmony_ci for_each_protocol_rcu(ah4_handlers, handler) 1328c2ecf20Sopenharmony_ci if ((ret = handler->handler(skb)) != -EINVAL) 1338c2ecf20Sopenharmony_ci return ret; 1348c2ecf20Sopenharmony_ci 1358c2ecf20Sopenharmony_ci icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 1368c2ecf20Sopenharmony_ci 1378c2ecf20Sopenharmony_ci kfree_skb(skb); 1388c2ecf20Sopenharmony_ci return 0; 1398c2ecf20Sopenharmony_ci} 1408c2ecf20Sopenharmony_ci 1418c2ecf20Sopenharmony_cistatic int xfrm4_ah_err(struct sk_buff *skb, u32 info) 1428c2ecf20Sopenharmony_ci{ 1438c2ecf20Sopenharmony_ci struct xfrm4_protocol *handler; 1448c2ecf20Sopenharmony_ci 1458c2ecf20Sopenharmony_ci for_each_protocol_rcu(ah4_handlers, handler) 1468c2ecf20Sopenharmony_ci if (!handler->err_handler(skb, info)) 1478c2ecf20Sopenharmony_ci return 0; 1488c2ecf20Sopenharmony_ci 1498c2ecf20Sopenharmony_ci return -ENOENT; 1508c2ecf20Sopenharmony_ci} 1518c2ecf20Sopenharmony_ci 1528c2ecf20Sopenharmony_cistatic int xfrm4_ipcomp_rcv(struct sk_buff *skb) 1538c2ecf20Sopenharmony_ci{ 1548c2ecf20Sopenharmony_ci int ret; 1558c2ecf20Sopenharmony_ci struct xfrm4_protocol *handler; 1568c2ecf20Sopenharmony_ci 1578c2ecf20Sopenharmony_ci XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; 1588c2ecf20Sopenharmony_ci 1598c2ecf20Sopenharmony_ci for_each_protocol_rcu(ipcomp4_handlers, handler) 1608c2ecf20Sopenharmony_ci if ((ret = handler->handler(skb)) != -EINVAL) 1618c2ecf20Sopenharmony_ci return ret; 1628c2ecf20Sopenharmony_ci 1638c2ecf20Sopenharmony_ci icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 1648c2ecf20Sopenharmony_ci 1658c2ecf20Sopenharmony_ci kfree_skb(skb); 1668c2ecf20Sopenharmony_ci return 0; 1678c2ecf20Sopenharmony_ci} 1688c2ecf20Sopenharmony_ci 1698c2ecf20Sopenharmony_cistatic int xfrm4_ipcomp_err(struct sk_buff *skb, u32 info) 1708c2ecf20Sopenharmony_ci{ 1718c2ecf20Sopenharmony_ci struct xfrm4_protocol *handler; 1728c2ecf20Sopenharmony_ci 1738c2ecf20Sopenharmony_ci for_each_protocol_rcu(ipcomp4_handlers, handler) 1748c2ecf20Sopenharmony_ci if (!handler->err_handler(skb, info)) 1758c2ecf20Sopenharmony_ci return 0; 1768c2ecf20Sopenharmony_ci 1778c2ecf20Sopenharmony_ci return -ENOENT; 1788c2ecf20Sopenharmony_ci} 1798c2ecf20Sopenharmony_ci 1808c2ecf20Sopenharmony_cistatic const struct net_protocol esp4_protocol = { 1818c2ecf20Sopenharmony_ci .handler = xfrm4_esp_rcv, 1828c2ecf20Sopenharmony_ci .err_handler = xfrm4_esp_err, 1838c2ecf20Sopenharmony_ci .no_policy = 1, 1848c2ecf20Sopenharmony_ci .netns_ok = 1, 1858c2ecf20Sopenharmony_ci}; 1868c2ecf20Sopenharmony_ci 1878c2ecf20Sopenharmony_cistatic const struct net_protocol ah4_protocol = { 1888c2ecf20Sopenharmony_ci .handler = xfrm4_ah_rcv, 1898c2ecf20Sopenharmony_ci .err_handler = xfrm4_ah_err, 1908c2ecf20Sopenharmony_ci .no_policy = 1, 1918c2ecf20Sopenharmony_ci .netns_ok = 1, 1928c2ecf20Sopenharmony_ci}; 1938c2ecf20Sopenharmony_ci 1948c2ecf20Sopenharmony_cistatic const struct net_protocol ipcomp4_protocol = { 1958c2ecf20Sopenharmony_ci .handler = xfrm4_ipcomp_rcv, 1968c2ecf20Sopenharmony_ci .err_handler = xfrm4_ipcomp_err, 1978c2ecf20Sopenharmony_ci .no_policy = 1, 1988c2ecf20Sopenharmony_ci .netns_ok = 1, 1998c2ecf20Sopenharmony_ci}; 2008c2ecf20Sopenharmony_ci 2018c2ecf20Sopenharmony_cistatic const struct xfrm_input_afinfo xfrm4_input_afinfo = { 2028c2ecf20Sopenharmony_ci .family = AF_INET, 2038c2ecf20Sopenharmony_ci .callback = xfrm4_rcv_cb, 2048c2ecf20Sopenharmony_ci}; 2058c2ecf20Sopenharmony_ci 2068c2ecf20Sopenharmony_cistatic inline const struct net_protocol *netproto(unsigned char protocol) 2078c2ecf20Sopenharmony_ci{ 2088c2ecf20Sopenharmony_ci switch (protocol) { 2098c2ecf20Sopenharmony_ci case IPPROTO_ESP: 2108c2ecf20Sopenharmony_ci return &esp4_protocol; 2118c2ecf20Sopenharmony_ci case IPPROTO_AH: 2128c2ecf20Sopenharmony_ci return &ah4_protocol; 2138c2ecf20Sopenharmony_ci case IPPROTO_COMP: 2148c2ecf20Sopenharmony_ci return &ipcomp4_protocol; 2158c2ecf20Sopenharmony_ci } 2168c2ecf20Sopenharmony_ci 2178c2ecf20Sopenharmony_ci return NULL; 2188c2ecf20Sopenharmony_ci} 2198c2ecf20Sopenharmony_ci 2208c2ecf20Sopenharmony_ciint xfrm4_protocol_register(struct xfrm4_protocol *handler, 2218c2ecf20Sopenharmony_ci unsigned char protocol) 2228c2ecf20Sopenharmony_ci{ 2238c2ecf20Sopenharmony_ci struct xfrm4_protocol __rcu **pprev; 2248c2ecf20Sopenharmony_ci struct xfrm4_protocol *t; 2258c2ecf20Sopenharmony_ci bool add_netproto = false; 2268c2ecf20Sopenharmony_ci int ret = -EEXIST; 2278c2ecf20Sopenharmony_ci int priority = handler->priority; 2288c2ecf20Sopenharmony_ci 2298c2ecf20Sopenharmony_ci if (!proto_handlers(protocol) || !netproto(protocol)) 2308c2ecf20Sopenharmony_ci return -EINVAL; 2318c2ecf20Sopenharmony_ci 2328c2ecf20Sopenharmony_ci mutex_lock(&xfrm4_protocol_mutex); 2338c2ecf20Sopenharmony_ci 2348c2ecf20Sopenharmony_ci if (!rcu_dereference_protected(*proto_handlers(protocol), 2358c2ecf20Sopenharmony_ci lockdep_is_held(&xfrm4_protocol_mutex))) 2368c2ecf20Sopenharmony_ci add_netproto = true; 2378c2ecf20Sopenharmony_ci 2388c2ecf20Sopenharmony_ci for (pprev = proto_handlers(protocol); 2398c2ecf20Sopenharmony_ci (t = rcu_dereference_protected(*pprev, 2408c2ecf20Sopenharmony_ci lockdep_is_held(&xfrm4_protocol_mutex))) != NULL; 2418c2ecf20Sopenharmony_ci pprev = &t->next) { 2428c2ecf20Sopenharmony_ci if (t->priority < priority) 2438c2ecf20Sopenharmony_ci break; 2448c2ecf20Sopenharmony_ci if (t->priority == priority) 2458c2ecf20Sopenharmony_ci goto err; 2468c2ecf20Sopenharmony_ci } 2478c2ecf20Sopenharmony_ci 2488c2ecf20Sopenharmony_ci handler->next = *pprev; 2498c2ecf20Sopenharmony_ci rcu_assign_pointer(*pprev, handler); 2508c2ecf20Sopenharmony_ci 2518c2ecf20Sopenharmony_ci ret = 0; 2528c2ecf20Sopenharmony_ci 2538c2ecf20Sopenharmony_cierr: 2548c2ecf20Sopenharmony_ci mutex_unlock(&xfrm4_protocol_mutex); 2558c2ecf20Sopenharmony_ci 2568c2ecf20Sopenharmony_ci if (add_netproto) { 2578c2ecf20Sopenharmony_ci if (inet_add_protocol(netproto(protocol), protocol)) { 2588c2ecf20Sopenharmony_ci pr_err("%s: can't add protocol\n", __func__); 2598c2ecf20Sopenharmony_ci ret = -EAGAIN; 2608c2ecf20Sopenharmony_ci } 2618c2ecf20Sopenharmony_ci } 2628c2ecf20Sopenharmony_ci 2638c2ecf20Sopenharmony_ci return ret; 2648c2ecf20Sopenharmony_ci} 2658c2ecf20Sopenharmony_ciEXPORT_SYMBOL(xfrm4_protocol_register); 2668c2ecf20Sopenharmony_ci 2678c2ecf20Sopenharmony_ciint xfrm4_protocol_deregister(struct xfrm4_protocol *handler, 2688c2ecf20Sopenharmony_ci unsigned char protocol) 2698c2ecf20Sopenharmony_ci{ 2708c2ecf20Sopenharmony_ci struct xfrm4_protocol __rcu **pprev; 2718c2ecf20Sopenharmony_ci struct xfrm4_protocol *t; 2728c2ecf20Sopenharmony_ci int ret = -ENOENT; 2738c2ecf20Sopenharmony_ci 2748c2ecf20Sopenharmony_ci if (!proto_handlers(protocol) || !netproto(protocol)) 2758c2ecf20Sopenharmony_ci return -EINVAL; 2768c2ecf20Sopenharmony_ci 2778c2ecf20Sopenharmony_ci mutex_lock(&xfrm4_protocol_mutex); 2788c2ecf20Sopenharmony_ci 2798c2ecf20Sopenharmony_ci for (pprev = proto_handlers(protocol); 2808c2ecf20Sopenharmony_ci (t = rcu_dereference_protected(*pprev, 2818c2ecf20Sopenharmony_ci lockdep_is_held(&xfrm4_protocol_mutex))) != NULL; 2828c2ecf20Sopenharmony_ci pprev = &t->next) { 2838c2ecf20Sopenharmony_ci if (t == handler) { 2848c2ecf20Sopenharmony_ci *pprev = handler->next; 2858c2ecf20Sopenharmony_ci ret = 0; 2868c2ecf20Sopenharmony_ci break; 2878c2ecf20Sopenharmony_ci } 2888c2ecf20Sopenharmony_ci } 2898c2ecf20Sopenharmony_ci 2908c2ecf20Sopenharmony_ci if (!rcu_dereference_protected(*proto_handlers(protocol), 2918c2ecf20Sopenharmony_ci lockdep_is_held(&xfrm4_protocol_mutex))) { 2928c2ecf20Sopenharmony_ci if (inet_del_protocol(netproto(protocol), protocol) < 0) { 2938c2ecf20Sopenharmony_ci pr_err("%s: can't remove protocol\n", __func__); 2948c2ecf20Sopenharmony_ci ret = -EAGAIN; 2958c2ecf20Sopenharmony_ci } 2968c2ecf20Sopenharmony_ci } 2978c2ecf20Sopenharmony_ci 2988c2ecf20Sopenharmony_ci mutex_unlock(&xfrm4_protocol_mutex); 2998c2ecf20Sopenharmony_ci 3008c2ecf20Sopenharmony_ci synchronize_net(); 3018c2ecf20Sopenharmony_ci 3028c2ecf20Sopenharmony_ci return ret; 3038c2ecf20Sopenharmony_ci} 3048c2ecf20Sopenharmony_ciEXPORT_SYMBOL(xfrm4_protocol_deregister); 3058c2ecf20Sopenharmony_ci 3068c2ecf20Sopenharmony_civoid __init xfrm4_protocol_init(void) 3078c2ecf20Sopenharmony_ci{ 3088c2ecf20Sopenharmony_ci xfrm_input_register_afinfo(&xfrm4_input_afinfo); 3098c2ecf20Sopenharmony_ci} 310