162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * xfrm4_policy.c 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Changes: 662306a36Sopenharmony_ci * Kazunori MIYAZAWA @USAGI 762306a36Sopenharmony_ci * YOSHIFUJI Hideaki @USAGI 862306a36Sopenharmony_ci * Split up af-specific portion 962306a36Sopenharmony_ci * 1062306a36Sopenharmony_ci */ 1162306a36Sopenharmony_ci 1262306a36Sopenharmony_ci#include <linux/err.h> 1362306a36Sopenharmony_ci#include <linux/kernel.h> 1462306a36Sopenharmony_ci#include <linux/inetdevice.h> 1562306a36Sopenharmony_ci#include <net/dst.h> 1662306a36Sopenharmony_ci#include <net/xfrm.h> 1762306a36Sopenharmony_ci#include <net/ip.h> 1862306a36Sopenharmony_ci#include <net/l3mdev.h> 1962306a36Sopenharmony_ci 2062306a36Sopenharmony_cistatic struct dst_entry *__xfrm4_dst_lookup(struct net *net, struct flowi4 *fl4, 2162306a36Sopenharmony_ci int tos, int oif, 2262306a36Sopenharmony_ci const xfrm_address_t *saddr, 2362306a36Sopenharmony_ci const xfrm_address_t *daddr, 2462306a36Sopenharmony_ci u32 mark) 2562306a36Sopenharmony_ci{ 2662306a36Sopenharmony_ci struct rtable *rt; 2762306a36Sopenharmony_ci 2862306a36Sopenharmony_ci memset(fl4, 0, sizeof(*fl4)); 2962306a36Sopenharmony_ci fl4->daddr = daddr->a4; 3062306a36Sopenharmony_ci fl4->flowi4_tos = tos; 3162306a36Sopenharmony_ci fl4->flowi4_l3mdev = l3mdev_master_ifindex_by_index(net, oif); 3262306a36Sopenharmony_ci fl4->flowi4_mark = mark; 3362306a36Sopenharmony_ci if (saddr) 3462306a36Sopenharmony_ci fl4->saddr = saddr->a4; 3562306a36Sopenharmony_ci 3662306a36Sopenharmony_ci rt = __ip_route_output_key(net, fl4); 3762306a36Sopenharmony_ci if (!IS_ERR(rt)) 3862306a36Sopenharmony_ci return &rt->dst; 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_ci return ERR_CAST(rt); 4162306a36Sopenharmony_ci} 4262306a36Sopenharmony_ci 4362306a36Sopenharmony_cistatic struct dst_entry *xfrm4_dst_lookup(struct net *net, int tos, int oif, 4462306a36Sopenharmony_ci const xfrm_address_t *saddr, 4562306a36Sopenharmony_ci const xfrm_address_t *daddr, 4662306a36Sopenharmony_ci u32 mark) 4762306a36Sopenharmony_ci{ 4862306a36Sopenharmony_ci struct flowi4 fl4; 4962306a36Sopenharmony_ci 5062306a36Sopenharmony_ci return __xfrm4_dst_lookup(net, &fl4, tos, oif, saddr, daddr, mark); 5162306a36Sopenharmony_ci} 5262306a36Sopenharmony_ci 5362306a36Sopenharmony_cistatic int xfrm4_get_saddr(struct net *net, int oif, 5462306a36Sopenharmony_ci xfrm_address_t *saddr, xfrm_address_t *daddr, 5562306a36Sopenharmony_ci u32 mark) 5662306a36Sopenharmony_ci{ 5762306a36Sopenharmony_ci struct dst_entry *dst; 5862306a36Sopenharmony_ci struct flowi4 fl4; 5962306a36Sopenharmony_ci 6062306a36Sopenharmony_ci dst = __xfrm4_dst_lookup(net, &fl4, 0, oif, NULL, daddr, mark); 6162306a36Sopenharmony_ci if (IS_ERR(dst)) 6262306a36Sopenharmony_ci return -EHOSTUNREACH; 6362306a36Sopenharmony_ci 6462306a36Sopenharmony_ci saddr->a4 = fl4.saddr; 6562306a36Sopenharmony_ci dst_release(dst); 6662306a36Sopenharmony_ci return 0; 6762306a36Sopenharmony_ci} 6862306a36Sopenharmony_ci 6962306a36Sopenharmony_cistatic int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev, 7062306a36Sopenharmony_ci const struct flowi *fl) 7162306a36Sopenharmony_ci{ 7262306a36Sopenharmony_ci struct rtable *rt = (struct rtable *)xdst->route; 7362306a36Sopenharmony_ci const struct flowi4 *fl4 = &fl->u.ip4; 7462306a36Sopenharmony_ci 7562306a36Sopenharmony_ci xdst->u.rt.rt_iif = fl4->flowi4_iif; 7662306a36Sopenharmony_ci 7762306a36Sopenharmony_ci xdst->u.dst.dev = dev; 7862306a36Sopenharmony_ci netdev_hold(dev, &xdst->u.dst.dev_tracker, GFP_ATOMIC); 7962306a36Sopenharmony_ci 8062306a36Sopenharmony_ci /* Sheit... I remember I did this right. Apparently, 8162306a36Sopenharmony_ci * it was magically lost, so this code needs audit */ 8262306a36Sopenharmony_ci xdst->u.rt.rt_is_input = rt->rt_is_input; 8362306a36Sopenharmony_ci xdst->u.rt.rt_flags = rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST | 8462306a36Sopenharmony_ci RTCF_LOCAL); 8562306a36Sopenharmony_ci xdst->u.rt.rt_type = rt->rt_type; 8662306a36Sopenharmony_ci xdst->u.rt.rt_uses_gateway = rt->rt_uses_gateway; 8762306a36Sopenharmony_ci xdst->u.rt.rt_gw_family = rt->rt_gw_family; 8862306a36Sopenharmony_ci if (rt->rt_gw_family == AF_INET) 8962306a36Sopenharmony_ci xdst->u.rt.rt_gw4 = rt->rt_gw4; 9062306a36Sopenharmony_ci else if (rt->rt_gw_family == AF_INET6) 9162306a36Sopenharmony_ci xdst->u.rt.rt_gw6 = rt->rt_gw6; 9262306a36Sopenharmony_ci xdst->u.rt.rt_pmtu = rt->rt_pmtu; 9362306a36Sopenharmony_ci xdst->u.rt.rt_mtu_locked = rt->rt_mtu_locked; 9462306a36Sopenharmony_ci rt_add_uncached_list(&xdst->u.rt); 9562306a36Sopenharmony_ci 9662306a36Sopenharmony_ci return 0; 9762306a36Sopenharmony_ci} 9862306a36Sopenharmony_ci 9962306a36Sopenharmony_cistatic void xfrm4_update_pmtu(struct dst_entry *dst, struct sock *sk, 10062306a36Sopenharmony_ci struct sk_buff *skb, u32 mtu, 10162306a36Sopenharmony_ci bool confirm_neigh) 10262306a36Sopenharmony_ci{ 10362306a36Sopenharmony_ci struct xfrm_dst *xdst = (struct xfrm_dst *)dst; 10462306a36Sopenharmony_ci struct dst_entry *path = xdst->route; 10562306a36Sopenharmony_ci 10662306a36Sopenharmony_ci path->ops->update_pmtu(path, sk, skb, mtu, confirm_neigh); 10762306a36Sopenharmony_ci} 10862306a36Sopenharmony_ci 10962306a36Sopenharmony_cistatic void xfrm4_redirect(struct dst_entry *dst, struct sock *sk, 11062306a36Sopenharmony_ci struct sk_buff *skb) 11162306a36Sopenharmony_ci{ 11262306a36Sopenharmony_ci struct xfrm_dst *xdst = (struct xfrm_dst *)dst; 11362306a36Sopenharmony_ci struct dst_entry *path = xdst->route; 11462306a36Sopenharmony_ci 11562306a36Sopenharmony_ci path->ops->redirect(path, sk, skb); 11662306a36Sopenharmony_ci} 11762306a36Sopenharmony_ci 11862306a36Sopenharmony_cistatic void xfrm4_dst_destroy(struct dst_entry *dst) 11962306a36Sopenharmony_ci{ 12062306a36Sopenharmony_ci struct xfrm_dst *xdst = (struct xfrm_dst *)dst; 12162306a36Sopenharmony_ci 12262306a36Sopenharmony_ci dst_destroy_metrics_generic(dst); 12362306a36Sopenharmony_ci rt_del_uncached_list(&xdst->u.rt); 12462306a36Sopenharmony_ci xfrm_dst_destroy(xdst); 12562306a36Sopenharmony_ci} 12662306a36Sopenharmony_ci 12762306a36Sopenharmony_cistatic struct dst_ops xfrm4_dst_ops_template = { 12862306a36Sopenharmony_ci .family = AF_INET, 12962306a36Sopenharmony_ci .update_pmtu = xfrm4_update_pmtu, 13062306a36Sopenharmony_ci .redirect = xfrm4_redirect, 13162306a36Sopenharmony_ci .cow_metrics = dst_cow_metrics_generic, 13262306a36Sopenharmony_ci .destroy = xfrm4_dst_destroy, 13362306a36Sopenharmony_ci .ifdown = xfrm_dst_ifdown, 13462306a36Sopenharmony_ci .local_out = __ip_local_out, 13562306a36Sopenharmony_ci .gc_thresh = 32768, 13662306a36Sopenharmony_ci}; 13762306a36Sopenharmony_ci 13862306a36Sopenharmony_cistatic const struct xfrm_policy_afinfo xfrm4_policy_afinfo = { 13962306a36Sopenharmony_ci .dst_ops = &xfrm4_dst_ops_template, 14062306a36Sopenharmony_ci .dst_lookup = xfrm4_dst_lookup, 14162306a36Sopenharmony_ci .get_saddr = xfrm4_get_saddr, 14262306a36Sopenharmony_ci .fill_dst = xfrm4_fill_dst, 14362306a36Sopenharmony_ci .blackhole_route = ipv4_blackhole_route, 14462306a36Sopenharmony_ci}; 14562306a36Sopenharmony_ci 14662306a36Sopenharmony_ci#ifdef CONFIG_SYSCTL 14762306a36Sopenharmony_cistatic struct ctl_table xfrm4_policy_table[] = { 14862306a36Sopenharmony_ci { 14962306a36Sopenharmony_ci .procname = "xfrm4_gc_thresh", 15062306a36Sopenharmony_ci .data = &init_net.xfrm.xfrm4_dst_ops.gc_thresh, 15162306a36Sopenharmony_ci .maxlen = sizeof(int), 15262306a36Sopenharmony_ci .mode = 0644, 15362306a36Sopenharmony_ci .proc_handler = proc_dointvec, 15462306a36Sopenharmony_ci }, 15562306a36Sopenharmony_ci { } 15662306a36Sopenharmony_ci}; 15762306a36Sopenharmony_ci 15862306a36Sopenharmony_cistatic __net_init int xfrm4_net_sysctl_init(struct net *net) 15962306a36Sopenharmony_ci{ 16062306a36Sopenharmony_ci struct ctl_table *table; 16162306a36Sopenharmony_ci struct ctl_table_header *hdr; 16262306a36Sopenharmony_ci 16362306a36Sopenharmony_ci table = xfrm4_policy_table; 16462306a36Sopenharmony_ci if (!net_eq(net, &init_net)) { 16562306a36Sopenharmony_ci table = kmemdup(table, sizeof(xfrm4_policy_table), GFP_KERNEL); 16662306a36Sopenharmony_ci if (!table) 16762306a36Sopenharmony_ci goto err_alloc; 16862306a36Sopenharmony_ci 16962306a36Sopenharmony_ci table[0].data = &net->xfrm.xfrm4_dst_ops.gc_thresh; 17062306a36Sopenharmony_ci } 17162306a36Sopenharmony_ci 17262306a36Sopenharmony_ci hdr = register_net_sysctl_sz(net, "net/ipv4", table, 17362306a36Sopenharmony_ci ARRAY_SIZE(xfrm4_policy_table)); 17462306a36Sopenharmony_ci if (!hdr) 17562306a36Sopenharmony_ci goto err_reg; 17662306a36Sopenharmony_ci 17762306a36Sopenharmony_ci net->ipv4.xfrm4_hdr = hdr; 17862306a36Sopenharmony_ci return 0; 17962306a36Sopenharmony_ci 18062306a36Sopenharmony_cierr_reg: 18162306a36Sopenharmony_ci if (!net_eq(net, &init_net)) 18262306a36Sopenharmony_ci kfree(table); 18362306a36Sopenharmony_cierr_alloc: 18462306a36Sopenharmony_ci return -ENOMEM; 18562306a36Sopenharmony_ci} 18662306a36Sopenharmony_ci 18762306a36Sopenharmony_cistatic __net_exit void xfrm4_net_sysctl_exit(struct net *net) 18862306a36Sopenharmony_ci{ 18962306a36Sopenharmony_ci struct ctl_table *table; 19062306a36Sopenharmony_ci 19162306a36Sopenharmony_ci if (!net->ipv4.xfrm4_hdr) 19262306a36Sopenharmony_ci return; 19362306a36Sopenharmony_ci 19462306a36Sopenharmony_ci table = net->ipv4.xfrm4_hdr->ctl_table_arg; 19562306a36Sopenharmony_ci unregister_net_sysctl_table(net->ipv4.xfrm4_hdr); 19662306a36Sopenharmony_ci if (!net_eq(net, &init_net)) 19762306a36Sopenharmony_ci kfree(table); 19862306a36Sopenharmony_ci} 19962306a36Sopenharmony_ci#else /* CONFIG_SYSCTL */ 20062306a36Sopenharmony_cistatic inline int xfrm4_net_sysctl_init(struct net *net) 20162306a36Sopenharmony_ci{ 20262306a36Sopenharmony_ci return 0; 20362306a36Sopenharmony_ci} 20462306a36Sopenharmony_ci 20562306a36Sopenharmony_cistatic inline void xfrm4_net_sysctl_exit(struct net *net) 20662306a36Sopenharmony_ci{ 20762306a36Sopenharmony_ci} 20862306a36Sopenharmony_ci#endif 20962306a36Sopenharmony_ci 21062306a36Sopenharmony_cistatic int __net_init xfrm4_net_init(struct net *net) 21162306a36Sopenharmony_ci{ 21262306a36Sopenharmony_ci int ret; 21362306a36Sopenharmony_ci 21462306a36Sopenharmony_ci memcpy(&net->xfrm.xfrm4_dst_ops, &xfrm4_dst_ops_template, 21562306a36Sopenharmony_ci sizeof(xfrm4_dst_ops_template)); 21662306a36Sopenharmony_ci ret = dst_entries_init(&net->xfrm.xfrm4_dst_ops); 21762306a36Sopenharmony_ci if (ret) 21862306a36Sopenharmony_ci return ret; 21962306a36Sopenharmony_ci 22062306a36Sopenharmony_ci ret = xfrm4_net_sysctl_init(net); 22162306a36Sopenharmony_ci if (ret) 22262306a36Sopenharmony_ci dst_entries_destroy(&net->xfrm.xfrm4_dst_ops); 22362306a36Sopenharmony_ci 22462306a36Sopenharmony_ci return ret; 22562306a36Sopenharmony_ci} 22662306a36Sopenharmony_ci 22762306a36Sopenharmony_cistatic void __net_exit xfrm4_net_exit(struct net *net) 22862306a36Sopenharmony_ci{ 22962306a36Sopenharmony_ci xfrm4_net_sysctl_exit(net); 23062306a36Sopenharmony_ci dst_entries_destroy(&net->xfrm.xfrm4_dst_ops); 23162306a36Sopenharmony_ci} 23262306a36Sopenharmony_ci 23362306a36Sopenharmony_cistatic struct pernet_operations __net_initdata xfrm4_net_ops = { 23462306a36Sopenharmony_ci .init = xfrm4_net_init, 23562306a36Sopenharmony_ci .exit = xfrm4_net_exit, 23662306a36Sopenharmony_ci}; 23762306a36Sopenharmony_ci 23862306a36Sopenharmony_cistatic void __init xfrm4_policy_init(void) 23962306a36Sopenharmony_ci{ 24062306a36Sopenharmony_ci xfrm_policy_register_afinfo(&xfrm4_policy_afinfo, AF_INET); 24162306a36Sopenharmony_ci} 24262306a36Sopenharmony_ci 24362306a36Sopenharmony_civoid __init xfrm4_init(void) 24462306a36Sopenharmony_ci{ 24562306a36Sopenharmony_ci xfrm4_state_init(); 24662306a36Sopenharmony_ci xfrm4_policy_init(); 24762306a36Sopenharmony_ci xfrm4_protocol_init(); 24862306a36Sopenharmony_ci register_pernet_subsys(&xfrm4_net_ops); 24962306a36Sopenharmony_ci} 250