162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. 462306a36Sopenharmony_ci */ 562306a36Sopenharmony_ci 662306a36Sopenharmony_ci#include "allowedips.h" 762306a36Sopenharmony_ci#include "peer.h" 862306a36Sopenharmony_ci 962306a36Sopenharmony_cienum { MAX_ALLOWEDIPS_DEPTH = 129 }; 1062306a36Sopenharmony_ci 1162306a36Sopenharmony_cistatic struct kmem_cache *node_cache; 1262306a36Sopenharmony_ci 1362306a36Sopenharmony_cistatic void swap_endian(u8 *dst, const u8 *src, u8 bits) 1462306a36Sopenharmony_ci{ 1562306a36Sopenharmony_ci if (bits == 32) { 1662306a36Sopenharmony_ci *(u32 *)dst = be32_to_cpu(*(const __be32 *)src); 1762306a36Sopenharmony_ci } else if (bits == 128) { 1862306a36Sopenharmony_ci ((u64 *)dst)[0] = be64_to_cpu(((const __be64 *)src)[0]); 1962306a36Sopenharmony_ci ((u64 *)dst)[1] = be64_to_cpu(((const __be64 *)src)[1]); 2062306a36Sopenharmony_ci } 2162306a36Sopenharmony_ci} 2262306a36Sopenharmony_ci 2362306a36Sopenharmony_cistatic void copy_and_assign_cidr(struct allowedips_node *node, const u8 *src, 2462306a36Sopenharmony_ci u8 cidr, u8 bits) 2562306a36Sopenharmony_ci{ 2662306a36Sopenharmony_ci node->cidr = cidr; 2762306a36Sopenharmony_ci node->bit_at_a = cidr / 8U; 2862306a36Sopenharmony_ci#ifdef __LITTLE_ENDIAN 2962306a36Sopenharmony_ci node->bit_at_a ^= (bits / 8U - 1U) % 8U; 3062306a36Sopenharmony_ci#endif 3162306a36Sopenharmony_ci node->bit_at_b = 7U - (cidr % 8U); 3262306a36Sopenharmony_ci node->bitlen = bits; 3362306a36Sopenharmony_ci memcpy(node->bits, src, bits / 8U); 3462306a36Sopenharmony_ci} 3562306a36Sopenharmony_ci 3662306a36Sopenharmony_cistatic inline u8 choose(struct allowedips_node *node, const u8 *key) 3762306a36Sopenharmony_ci{ 3862306a36Sopenharmony_ci return (key[node->bit_at_a] >> node->bit_at_b) & 1; 3962306a36Sopenharmony_ci} 4062306a36Sopenharmony_ci 4162306a36Sopenharmony_cistatic void push_rcu(struct allowedips_node **stack, 4262306a36Sopenharmony_ci struct allowedips_node __rcu *p, unsigned int *len) 4362306a36Sopenharmony_ci{ 4462306a36Sopenharmony_ci if (rcu_access_pointer(p)) { 4562306a36Sopenharmony_ci if (WARN_ON(IS_ENABLED(DEBUG) && *len >= MAX_ALLOWEDIPS_DEPTH)) 4662306a36Sopenharmony_ci return; 4762306a36Sopenharmony_ci stack[(*len)++] = rcu_dereference_raw(p); 4862306a36Sopenharmony_ci } 4962306a36Sopenharmony_ci} 5062306a36Sopenharmony_ci 5162306a36Sopenharmony_cistatic void node_free_rcu(struct rcu_head *rcu) 5262306a36Sopenharmony_ci{ 5362306a36Sopenharmony_ci kmem_cache_free(node_cache, container_of(rcu, struct allowedips_node, rcu)); 5462306a36Sopenharmony_ci} 5562306a36Sopenharmony_ci 5662306a36Sopenharmony_cistatic void root_free_rcu(struct rcu_head *rcu) 5762306a36Sopenharmony_ci{ 5862306a36Sopenharmony_ci struct allowedips_node *node, *stack[MAX_ALLOWEDIPS_DEPTH] = { 5962306a36Sopenharmony_ci container_of(rcu, struct allowedips_node, rcu) }; 6062306a36Sopenharmony_ci unsigned int len = 1; 6162306a36Sopenharmony_ci 6262306a36Sopenharmony_ci while (len > 0 && (node = stack[--len])) { 6362306a36Sopenharmony_ci push_rcu(stack, node->bit[0], &len); 6462306a36Sopenharmony_ci push_rcu(stack, node->bit[1], &len); 6562306a36Sopenharmony_ci kmem_cache_free(node_cache, node); 6662306a36Sopenharmony_ci } 6762306a36Sopenharmony_ci} 6862306a36Sopenharmony_ci 6962306a36Sopenharmony_cistatic void root_remove_peer_lists(struct allowedips_node *root) 7062306a36Sopenharmony_ci{ 7162306a36Sopenharmony_ci struct allowedips_node *node, *stack[MAX_ALLOWEDIPS_DEPTH] = { root }; 7262306a36Sopenharmony_ci unsigned int len = 1; 7362306a36Sopenharmony_ci 7462306a36Sopenharmony_ci while (len > 0 && (node = stack[--len])) { 7562306a36Sopenharmony_ci push_rcu(stack, node->bit[0], &len); 7662306a36Sopenharmony_ci push_rcu(stack, node->bit[1], &len); 7762306a36Sopenharmony_ci if (rcu_access_pointer(node->peer)) 7862306a36Sopenharmony_ci list_del(&node->peer_list); 7962306a36Sopenharmony_ci } 8062306a36Sopenharmony_ci} 8162306a36Sopenharmony_ci 8262306a36Sopenharmony_cistatic unsigned int fls128(u64 a, u64 b) 8362306a36Sopenharmony_ci{ 8462306a36Sopenharmony_ci return a ? fls64(a) + 64U : fls64(b); 8562306a36Sopenharmony_ci} 8662306a36Sopenharmony_ci 8762306a36Sopenharmony_cistatic u8 common_bits(const struct allowedips_node *node, const u8 *key, 8862306a36Sopenharmony_ci u8 bits) 8962306a36Sopenharmony_ci{ 9062306a36Sopenharmony_ci if (bits == 32) 9162306a36Sopenharmony_ci return 32U - fls(*(const u32 *)node->bits ^ *(const u32 *)key); 9262306a36Sopenharmony_ci else if (bits == 128) 9362306a36Sopenharmony_ci return 128U - fls128( 9462306a36Sopenharmony_ci *(const u64 *)&node->bits[0] ^ *(const u64 *)&key[0], 9562306a36Sopenharmony_ci *(const u64 *)&node->bits[8] ^ *(const u64 *)&key[8]); 9662306a36Sopenharmony_ci return 0; 9762306a36Sopenharmony_ci} 9862306a36Sopenharmony_ci 9962306a36Sopenharmony_cistatic bool prefix_matches(const struct allowedips_node *node, const u8 *key, 10062306a36Sopenharmony_ci u8 bits) 10162306a36Sopenharmony_ci{ 10262306a36Sopenharmony_ci /* This could be much faster if it actually just compared the common 10362306a36Sopenharmony_ci * bits properly, by precomputing a mask bswap(~0 << (32 - cidr)), and 10462306a36Sopenharmony_ci * the rest, but it turns out that common_bits is already super fast on 10562306a36Sopenharmony_ci * modern processors, even taking into account the unfortunate bswap. 10662306a36Sopenharmony_ci * So, we just inline it like this instead. 10762306a36Sopenharmony_ci */ 10862306a36Sopenharmony_ci return common_bits(node, key, bits) >= node->cidr; 10962306a36Sopenharmony_ci} 11062306a36Sopenharmony_ci 11162306a36Sopenharmony_cistatic struct allowedips_node *find_node(struct allowedips_node *trie, u8 bits, 11262306a36Sopenharmony_ci const u8 *key) 11362306a36Sopenharmony_ci{ 11462306a36Sopenharmony_ci struct allowedips_node *node = trie, *found = NULL; 11562306a36Sopenharmony_ci 11662306a36Sopenharmony_ci while (node && prefix_matches(node, key, bits)) { 11762306a36Sopenharmony_ci if (rcu_access_pointer(node->peer)) 11862306a36Sopenharmony_ci found = node; 11962306a36Sopenharmony_ci if (node->cidr == bits) 12062306a36Sopenharmony_ci break; 12162306a36Sopenharmony_ci node = rcu_dereference_bh(node->bit[choose(node, key)]); 12262306a36Sopenharmony_ci } 12362306a36Sopenharmony_ci return found; 12462306a36Sopenharmony_ci} 12562306a36Sopenharmony_ci 12662306a36Sopenharmony_ci/* Returns a strong reference to a peer */ 12762306a36Sopenharmony_cistatic struct wg_peer *lookup(struct allowedips_node __rcu *root, u8 bits, 12862306a36Sopenharmony_ci const void *be_ip) 12962306a36Sopenharmony_ci{ 13062306a36Sopenharmony_ci /* Aligned so it can be passed to fls/fls64 */ 13162306a36Sopenharmony_ci u8 ip[16] __aligned(__alignof(u64)); 13262306a36Sopenharmony_ci struct allowedips_node *node; 13362306a36Sopenharmony_ci struct wg_peer *peer = NULL; 13462306a36Sopenharmony_ci 13562306a36Sopenharmony_ci swap_endian(ip, be_ip, bits); 13662306a36Sopenharmony_ci 13762306a36Sopenharmony_ci rcu_read_lock_bh(); 13862306a36Sopenharmony_ciretry: 13962306a36Sopenharmony_ci node = find_node(rcu_dereference_bh(root), bits, ip); 14062306a36Sopenharmony_ci if (node) { 14162306a36Sopenharmony_ci peer = wg_peer_get_maybe_zero(rcu_dereference_bh(node->peer)); 14262306a36Sopenharmony_ci if (!peer) 14362306a36Sopenharmony_ci goto retry; 14462306a36Sopenharmony_ci } 14562306a36Sopenharmony_ci rcu_read_unlock_bh(); 14662306a36Sopenharmony_ci return peer; 14762306a36Sopenharmony_ci} 14862306a36Sopenharmony_ci 14962306a36Sopenharmony_cistatic bool node_placement(struct allowedips_node __rcu *trie, const u8 *key, 15062306a36Sopenharmony_ci u8 cidr, u8 bits, struct allowedips_node **rnode, 15162306a36Sopenharmony_ci struct mutex *lock) 15262306a36Sopenharmony_ci{ 15362306a36Sopenharmony_ci struct allowedips_node *node = rcu_dereference_protected(trie, lockdep_is_held(lock)); 15462306a36Sopenharmony_ci struct allowedips_node *parent = NULL; 15562306a36Sopenharmony_ci bool exact = false; 15662306a36Sopenharmony_ci 15762306a36Sopenharmony_ci while (node && node->cidr <= cidr && prefix_matches(node, key, bits)) { 15862306a36Sopenharmony_ci parent = node; 15962306a36Sopenharmony_ci if (parent->cidr == cidr) { 16062306a36Sopenharmony_ci exact = true; 16162306a36Sopenharmony_ci break; 16262306a36Sopenharmony_ci } 16362306a36Sopenharmony_ci node = rcu_dereference_protected(parent->bit[choose(parent, key)], lockdep_is_held(lock)); 16462306a36Sopenharmony_ci } 16562306a36Sopenharmony_ci *rnode = parent; 16662306a36Sopenharmony_ci return exact; 16762306a36Sopenharmony_ci} 16862306a36Sopenharmony_ci 16962306a36Sopenharmony_cistatic inline void connect_node(struct allowedips_node __rcu **parent, u8 bit, struct allowedips_node *node) 17062306a36Sopenharmony_ci{ 17162306a36Sopenharmony_ci node->parent_bit_packed = (unsigned long)parent | bit; 17262306a36Sopenharmony_ci rcu_assign_pointer(*parent, node); 17362306a36Sopenharmony_ci} 17462306a36Sopenharmony_ci 17562306a36Sopenharmony_cistatic inline void choose_and_connect_node(struct allowedips_node *parent, struct allowedips_node *node) 17662306a36Sopenharmony_ci{ 17762306a36Sopenharmony_ci u8 bit = choose(parent, node->bits); 17862306a36Sopenharmony_ci connect_node(&parent->bit[bit], bit, node); 17962306a36Sopenharmony_ci} 18062306a36Sopenharmony_ci 18162306a36Sopenharmony_cistatic int add(struct allowedips_node __rcu **trie, u8 bits, const u8 *key, 18262306a36Sopenharmony_ci u8 cidr, struct wg_peer *peer, struct mutex *lock) 18362306a36Sopenharmony_ci{ 18462306a36Sopenharmony_ci struct allowedips_node *node, *parent, *down, *newnode; 18562306a36Sopenharmony_ci 18662306a36Sopenharmony_ci if (unlikely(cidr > bits || !peer)) 18762306a36Sopenharmony_ci return -EINVAL; 18862306a36Sopenharmony_ci 18962306a36Sopenharmony_ci if (!rcu_access_pointer(*trie)) { 19062306a36Sopenharmony_ci node = kmem_cache_zalloc(node_cache, GFP_KERNEL); 19162306a36Sopenharmony_ci if (unlikely(!node)) 19262306a36Sopenharmony_ci return -ENOMEM; 19362306a36Sopenharmony_ci RCU_INIT_POINTER(node->peer, peer); 19462306a36Sopenharmony_ci list_add_tail(&node->peer_list, &peer->allowedips_list); 19562306a36Sopenharmony_ci copy_and_assign_cidr(node, key, cidr, bits); 19662306a36Sopenharmony_ci connect_node(trie, 2, node); 19762306a36Sopenharmony_ci return 0; 19862306a36Sopenharmony_ci } 19962306a36Sopenharmony_ci if (node_placement(*trie, key, cidr, bits, &node, lock)) { 20062306a36Sopenharmony_ci rcu_assign_pointer(node->peer, peer); 20162306a36Sopenharmony_ci list_move_tail(&node->peer_list, &peer->allowedips_list); 20262306a36Sopenharmony_ci return 0; 20362306a36Sopenharmony_ci } 20462306a36Sopenharmony_ci 20562306a36Sopenharmony_ci newnode = kmem_cache_zalloc(node_cache, GFP_KERNEL); 20662306a36Sopenharmony_ci if (unlikely(!newnode)) 20762306a36Sopenharmony_ci return -ENOMEM; 20862306a36Sopenharmony_ci RCU_INIT_POINTER(newnode->peer, peer); 20962306a36Sopenharmony_ci list_add_tail(&newnode->peer_list, &peer->allowedips_list); 21062306a36Sopenharmony_ci copy_and_assign_cidr(newnode, key, cidr, bits); 21162306a36Sopenharmony_ci 21262306a36Sopenharmony_ci if (!node) { 21362306a36Sopenharmony_ci down = rcu_dereference_protected(*trie, lockdep_is_held(lock)); 21462306a36Sopenharmony_ci } else { 21562306a36Sopenharmony_ci const u8 bit = choose(node, key); 21662306a36Sopenharmony_ci down = rcu_dereference_protected(node->bit[bit], lockdep_is_held(lock)); 21762306a36Sopenharmony_ci if (!down) { 21862306a36Sopenharmony_ci connect_node(&node->bit[bit], bit, newnode); 21962306a36Sopenharmony_ci return 0; 22062306a36Sopenharmony_ci } 22162306a36Sopenharmony_ci } 22262306a36Sopenharmony_ci cidr = min(cidr, common_bits(down, key, bits)); 22362306a36Sopenharmony_ci parent = node; 22462306a36Sopenharmony_ci 22562306a36Sopenharmony_ci if (newnode->cidr == cidr) { 22662306a36Sopenharmony_ci choose_and_connect_node(newnode, down); 22762306a36Sopenharmony_ci if (!parent) 22862306a36Sopenharmony_ci connect_node(trie, 2, newnode); 22962306a36Sopenharmony_ci else 23062306a36Sopenharmony_ci choose_and_connect_node(parent, newnode); 23162306a36Sopenharmony_ci return 0; 23262306a36Sopenharmony_ci } 23362306a36Sopenharmony_ci 23462306a36Sopenharmony_ci node = kmem_cache_zalloc(node_cache, GFP_KERNEL); 23562306a36Sopenharmony_ci if (unlikely(!node)) { 23662306a36Sopenharmony_ci list_del(&newnode->peer_list); 23762306a36Sopenharmony_ci kmem_cache_free(node_cache, newnode); 23862306a36Sopenharmony_ci return -ENOMEM; 23962306a36Sopenharmony_ci } 24062306a36Sopenharmony_ci INIT_LIST_HEAD(&node->peer_list); 24162306a36Sopenharmony_ci copy_and_assign_cidr(node, newnode->bits, cidr, bits); 24262306a36Sopenharmony_ci 24362306a36Sopenharmony_ci choose_and_connect_node(node, down); 24462306a36Sopenharmony_ci choose_and_connect_node(node, newnode); 24562306a36Sopenharmony_ci if (!parent) 24662306a36Sopenharmony_ci connect_node(trie, 2, node); 24762306a36Sopenharmony_ci else 24862306a36Sopenharmony_ci choose_and_connect_node(parent, node); 24962306a36Sopenharmony_ci return 0; 25062306a36Sopenharmony_ci} 25162306a36Sopenharmony_ci 25262306a36Sopenharmony_civoid wg_allowedips_init(struct allowedips *table) 25362306a36Sopenharmony_ci{ 25462306a36Sopenharmony_ci table->root4 = table->root6 = NULL; 25562306a36Sopenharmony_ci table->seq = 1; 25662306a36Sopenharmony_ci} 25762306a36Sopenharmony_ci 25862306a36Sopenharmony_civoid wg_allowedips_free(struct allowedips *table, struct mutex *lock) 25962306a36Sopenharmony_ci{ 26062306a36Sopenharmony_ci struct allowedips_node __rcu *old4 = table->root4, *old6 = table->root6; 26162306a36Sopenharmony_ci 26262306a36Sopenharmony_ci ++table->seq; 26362306a36Sopenharmony_ci RCU_INIT_POINTER(table->root4, NULL); 26462306a36Sopenharmony_ci RCU_INIT_POINTER(table->root6, NULL); 26562306a36Sopenharmony_ci if (rcu_access_pointer(old4)) { 26662306a36Sopenharmony_ci struct allowedips_node *node = rcu_dereference_protected(old4, 26762306a36Sopenharmony_ci lockdep_is_held(lock)); 26862306a36Sopenharmony_ci 26962306a36Sopenharmony_ci root_remove_peer_lists(node); 27062306a36Sopenharmony_ci call_rcu(&node->rcu, root_free_rcu); 27162306a36Sopenharmony_ci } 27262306a36Sopenharmony_ci if (rcu_access_pointer(old6)) { 27362306a36Sopenharmony_ci struct allowedips_node *node = rcu_dereference_protected(old6, 27462306a36Sopenharmony_ci lockdep_is_held(lock)); 27562306a36Sopenharmony_ci 27662306a36Sopenharmony_ci root_remove_peer_lists(node); 27762306a36Sopenharmony_ci call_rcu(&node->rcu, root_free_rcu); 27862306a36Sopenharmony_ci } 27962306a36Sopenharmony_ci} 28062306a36Sopenharmony_ci 28162306a36Sopenharmony_ciint wg_allowedips_insert_v4(struct allowedips *table, const struct in_addr *ip, 28262306a36Sopenharmony_ci u8 cidr, struct wg_peer *peer, struct mutex *lock) 28362306a36Sopenharmony_ci{ 28462306a36Sopenharmony_ci /* Aligned so it can be passed to fls */ 28562306a36Sopenharmony_ci u8 key[4] __aligned(__alignof(u32)); 28662306a36Sopenharmony_ci 28762306a36Sopenharmony_ci ++table->seq; 28862306a36Sopenharmony_ci swap_endian(key, (const u8 *)ip, 32); 28962306a36Sopenharmony_ci return add(&table->root4, 32, key, cidr, peer, lock); 29062306a36Sopenharmony_ci} 29162306a36Sopenharmony_ci 29262306a36Sopenharmony_ciint wg_allowedips_insert_v6(struct allowedips *table, const struct in6_addr *ip, 29362306a36Sopenharmony_ci u8 cidr, struct wg_peer *peer, struct mutex *lock) 29462306a36Sopenharmony_ci{ 29562306a36Sopenharmony_ci /* Aligned so it can be passed to fls64 */ 29662306a36Sopenharmony_ci u8 key[16] __aligned(__alignof(u64)); 29762306a36Sopenharmony_ci 29862306a36Sopenharmony_ci ++table->seq; 29962306a36Sopenharmony_ci swap_endian(key, (const u8 *)ip, 128); 30062306a36Sopenharmony_ci return add(&table->root6, 128, key, cidr, peer, lock); 30162306a36Sopenharmony_ci} 30262306a36Sopenharmony_ci 30362306a36Sopenharmony_civoid wg_allowedips_remove_by_peer(struct allowedips *table, 30462306a36Sopenharmony_ci struct wg_peer *peer, struct mutex *lock) 30562306a36Sopenharmony_ci{ 30662306a36Sopenharmony_ci struct allowedips_node *node, *child, **parent_bit, *parent, *tmp; 30762306a36Sopenharmony_ci bool free_parent; 30862306a36Sopenharmony_ci 30962306a36Sopenharmony_ci if (list_empty(&peer->allowedips_list)) 31062306a36Sopenharmony_ci return; 31162306a36Sopenharmony_ci ++table->seq; 31262306a36Sopenharmony_ci list_for_each_entry_safe(node, tmp, &peer->allowedips_list, peer_list) { 31362306a36Sopenharmony_ci list_del_init(&node->peer_list); 31462306a36Sopenharmony_ci RCU_INIT_POINTER(node->peer, NULL); 31562306a36Sopenharmony_ci if (node->bit[0] && node->bit[1]) 31662306a36Sopenharmony_ci continue; 31762306a36Sopenharmony_ci child = rcu_dereference_protected(node->bit[!rcu_access_pointer(node->bit[0])], 31862306a36Sopenharmony_ci lockdep_is_held(lock)); 31962306a36Sopenharmony_ci if (child) 32062306a36Sopenharmony_ci child->parent_bit_packed = node->parent_bit_packed; 32162306a36Sopenharmony_ci parent_bit = (struct allowedips_node **)(node->parent_bit_packed & ~3UL); 32262306a36Sopenharmony_ci *parent_bit = child; 32362306a36Sopenharmony_ci parent = (void *)parent_bit - 32462306a36Sopenharmony_ci offsetof(struct allowedips_node, bit[node->parent_bit_packed & 1]); 32562306a36Sopenharmony_ci free_parent = !rcu_access_pointer(node->bit[0]) && 32662306a36Sopenharmony_ci !rcu_access_pointer(node->bit[1]) && 32762306a36Sopenharmony_ci (node->parent_bit_packed & 3) <= 1 && 32862306a36Sopenharmony_ci !rcu_access_pointer(parent->peer); 32962306a36Sopenharmony_ci if (free_parent) 33062306a36Sopenharmony_ci child = rcu_dereference_protected( 33162306a36Sopenharmony_ci parent->bit[!(node->parent_bit_packed & 1)], 33262306a36Sopenharmony_ci lockdep_is_held(lock)); 33362306a36Sopenharmony_ci call_rcu(&node->rcu, node_free_rcu); 33462306a36Sopenharmony_ci if (!free_parent) 33562306a36Sopenharmony_ci continue; 33662306a36Sopenharmony_ci if (child) 33762306a36Sopenharmony_ci child->parent_bit_packed = parent->parent_bit_packed; 33862306a36Sopenharmony_ci *(struct allowedips_node **)(parent->parent_bit_packed & ~3UL) = child; 33962306a36Sopenharmony_ci call_rcu(&parent->rcu, node_free_rcu); 34062306a36Sopenharmony_ci } 34162306a36Sopenharmony_ci} 34262306a36Sopenharmony_ci 34362306a36Sopenharmony_ciint wg_allowedips_read_node(struct allowedips_node *node, u8 ip[16], u8 *cidr) 34462306a36Sopenharmony_ci{ 34562306a36Sopenharmony_ci const unsigned int cidr_bytes = DIV_ROUND_UP(node->cidr, 8U); 34662306a36Sopenharmony_ci swap_endian(ip, node->bits, node->bitlen); 34762306a36Sopenharmony_ci memset(ip + cidr_bytes, 0, node->bitlen / 8U - cidr_bytes); 34862306a36Sopenharmony_ci if (node->cidr) 34962306a36Sopenharmony_ci ip[cidr_bytes - 1U] &= ~0U << (-node->cidr % 8U); 35062306a36Sopenharmony_ci 35162306a36Sopenharmony_ci *cidr = node->cidr; 35262306a36Sopenharmony_ci return node->bitlen == 32 ? AF_INET : AF_INET6; 35362306a36Sopenharmony_ci} 35462306a36Sopenharmony_ci 35562306a36Sopenharmony_ci/* Returns a strong reference to a peer */ 35662306a36Sopenharmony_cistruct wg_peer *wg_allowedips_lookup_dst(struct allowedips *table, 35762306a36Sopenharmony_ci struct sk_buff *skb) 35862306a36Sopenharmony_ci{ 35962306a36Sopenharmony_ci if (skb->protocol == htons(ETH_P_IP)) 36062306a36Sopenharmony_ci return lookup(table->root4, 32, &ip_hdr(skb)->daddr); 36162306a36Sopenharmony_ci else if (skb->protocol == htons(ETH_P_IPV6)) 36262306a36Sopenharmony_ci return lookup(table->root6, 128, &ipv6_hdr(skb)->daddr); 36362306a36Sopenharmony_ci return NULL; 36462306a36Sopenharmony_ci} 36562306a36Sopenharmony_ci 36662306a36Sopenharmony_ci/* Returns a strong reference to a peer */ 36762306a36Sopenharmony_cistruct wg_peer *wg_allowedips_lookup_src(struct allowedips *table, 36862306a36Sopenharmony_ci struct sk_buff *skb) 36962306a36Sopenharmony_ci{ 37062306a36Sopenharmony_ci if (skb->protocol == htons(ETH_P_IP)) 37162306a36Sopenharmony_ci return lookup(table->root4, 32, &ip_hdr(skb)->saddr); 37262306a36Sopenharmony_ci else if (skb->protocol == htons(ETH_P_IPV6)) 37362306a36Sopenharmony_ci return lookup(table->root6, 128, &ipv6_hdr(skb)->saddr); 37462306a36Sopenharmony_ci return NULL; 37562306a36Sopenharmony_ci} 37662306a36Sopenharmony_ci 37762306a36Sopenharmony_ciint __init wg_allowedips_slab_init(void) 37862306a36Sopenharmony_ci{ 37962306a36Sopenharmony_ci node_cache = KMEM_CACHE(allowedips_node, 0); 38062306a36Sopenharmony_ci return node_cache ? 0 : -ENOMEM; 38162306a36Sopenharmony_ci} 38262306a36Sopenharmony_ci 38362306a36Sopenharmony_civoid wg_allowedips_slab_uninit(void) 38462306a36Sopenharmony_ci{ 38562306a36Sopenharmony_ci rcu_barrier(); 38662306a36Sopenharmony_ci kmem_cache_destroy(node_cache); 38762306a36Sopenharmony_ci} 38862306a36Sopenharmony_ci 38962306a36Sopenharmony_ci#include "selftest/allowedips.c" 390