162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 262306a36Sopenharmony_ci/* xfrm4_protocol.c - Generic xfrm protocol multiplexer. 362306a36Sopenharmony_ci * 462306a36Sopenharmony_ci * Copyright (C) 2013 secunet Security Networks AG 562306a36Sopenharmony_ci * 662306a36Sopenharmony_ci * Author: 762306a36Sopenharmony_ci * Steffen Klassert <steffen.klassert@secunet.com> 862306a36Sopenharmony_ci * 962306a36Sopenharmony_ci * Based on: 1062306a36Sopenharmony_ci * net/ipv4/tunnel4.c 1162306a36Sopenharmony_ci */ 1262306a36Sopenharmony_ci 1362306a36Sopenharmony_ci#include <linux/init.h> 1462306a36Sopenharmony_ci#include <linux/mutex.h> 1562306a36Sopenharmony_ci#include <linux/skbuff.h> 1662306a36Sopenharmony_ci#include <net/icmp.h> 1762306a36Sopenharmony_ci#include <net/ip.h> 1862306a36Sopenharmony_ci#include <net/protocol.h> 1962306a36Sopenharmony_ci#include <net/xfrm.h> 2062306a36Sopenharmony_ci 2162306a36Sopenharmony_cistatic struct xfrm4_protocol __rcu *esp4_handlers __read_mostly; 2262306a36Sopenharmony_cistatic struct xfrm4_protocol __rcu *ah4_handlers __read_mostly; 2362306a36Sopenharmony_cistatic struct xfrm4_protocol __rcu *ipcomp4_handlers __read_mostly; 2462306a36Sopenharmony_cistatic DEFINE_MUTEX(xfrm4_protocol_mutex); 2562306a36Sopenharmony_ci 2662306a36Sopenharmony_cistatic inline struct xfrm4_protocol __rcu **proto_handlers(u8 protocol) 2762306a36Sopenharmony_ci{ 2862306a36Sopenharmony_ci switch (protocol) { 2962306a36Sopenharmony_ci case IPPROTO_ESP: 3062306a36Sopenharmony_ci return &esp4_handlers; 3162306a36Sopenharmony_ci case IPPROTO_AH: 3262306a36Sopenharmony_ci return &ah4_handlers; 3362306a36Sopenharmony_ci case IPPROTO_COMP: 3462306a36Sopenharmony_ci return &ipcomp4_handlers; 3562306a36Sopenharmony_ci } 3662306a36Sopenharmony_ci 3762306a36Sopenharmony_ci return NULL; 3862306a36Sopenharmony_ci} 3962306a36Sopenharmony_ci 4062306a36Sopenharmony_ci#define for_each_protocol_rcu(head, handler) \ 4162306a36Sopenharmony_ci for (handler = rcu_dereference(head); \ 4262306a36Sopenharmony_ci handler != NULL; \ 4362306a36Sopenharmony_ci handler = rcu_dereference(handler->next)) \ 4462306a36Sopenharmony_ci 4562306a36Sopenharmony_cistatic int xfrm4_rcv_cb(struct sk_buff *skb, u8 protocol, int err) 4662306a36Sopenharmony_ci{ 4762306a36Sopenharmony_ci int ret; 4862306a36Sopenharmony_ci struct xfrm4_protocol *handler; 4962306a36Sopenharmony_ci struct xfrm4_protocol __rcu **head = proto_handlers(protocol); 5062306a36Sopenharmony_ci 5162306a36Sopenharmony_ci if (!head) 5262306a36Sopenharmony_ci return 0; 5362306a36Sopenharmony_ci 5462306a36Sopenharmony_ci for_each_protocol_rcu(*head, handler) 5562306a36Sopenharmony_ci if ((ret = handler->cb_handler(skb, err)) <= 0) 5662306a36Sopenharmony_ci return ret; 5762306a36Sopenharmony_ci 5862306a36Sopenharmony_ci return 0; 5962306a36Sopenharmony_ci} 6062306a36Sopenharmony_ci 6162306a36Sopenharmony_ciint xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi, 6262306a36Sopenharmony_ci int encap_type) 6362306a36Sopenharmony_ci{ 6462306a36Sopenharmony_ci int ret; 6562306a36Sopenharmony_ci struct xfrm4_protocol *handler; 6662306a36Sopenharmony_ci struct xfrm4_protocol __rcu **head = proto_handlers(nexthdr); 6762306a36Sopenharmony_ci 6862306a36Sopenharmony_ci XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; 6962306a36Sopenharmony_ci XFRM_SPI_SKB_CB(skb)->family = AF_INET; 7062306a36Sopenharmony_ci XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr); 7162306a36Sopenharmony_ci 7262306a36Sopenharmony_ci if (!head) 7362306a36Sopenharmony_ci goto out; 7462306a36Sopenharmony_ci 7562306a36Sopenharmony_ci if (!skb_dst(skb)) { 7662306a36Sopenharmony_ci const struct iphdr *iph = ip_hdr(skb); 7762306a36Sopenharmony_ci 7862306a36Sopenharmony_ci if (ip_route_input_noref(skb, iph->daddr, iph->saddr, 7962306a36Sopenharmony_ci iph->tos, skb->dev)) 8062306a36Sopenharmony_ci goto drop; 8162306a36Sopenharmony_ci } 8262306a36Sopenharmony_ci 8362306a36Sopenharmony_ci for_each_protocol_rcu(*head, handler) 8462306a36Sopenharmony_ci if ((ret = handler->input_handler(skb, nexthdr, spi, encap_type)) != -EINVAL) 8562306a36Sopenharmony_ci return ret; 8662306a36Sopenharmony_ci 8762306a36Sopenharmony_ciout: 8862306a36Sopenharmony_ci icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 8962306a36Sopenharmony_ci 9062306a36Sopenharmony_cidrop: 9162306a36Sopenharmony_ci kfree_skb(skb); 9262306a36Sopenharmony_ci return 0; 9362306a36Sopenharmony_ci} 9462306a36Sopenharmony_ciEXPORT_SYMBOL(xfrm4_rcv_encap); 9562306a36Sopenharmony_ci 9662306a36Sopenharmony_cistatic int xfrm4_esp_rcv(struct sk_buff *skb) 9762306a36Sopenharmony_ci{ 9862306a36Sopenharmony_ci int ret; 9962306a36Sopenharmony_ci struct xfrm4_protocol *handler; 10062306a36Sopenharmony_ci 10162306a36Sopenharmony_ci XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; 10262306a36Sopenharmony_ci 10362306a36Sopenharmony_ci for_each_protocol_rcu(esp4_handlers, handler) 10462306a36Sopenharmony_ci if ((ret = handler->handler(skb)) != -EINVAL) 10562306a36Sopenharmony_ci return ret; 10662306a36Sopenharmony_ci 10762306a36Sopenharmony_ci icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 10862306a36Sopenharmony_ci 10962306a36Sopenharmony_ci kfree_skb(skb); 11062306a36Sopenharmony_ci return 0; 11162306a36Sopenharmony_ci} 11262306a36Sopenharmony_ci 11362306a36Sopenharmony_cistatic int xfrm4_esp_err(struct sk_buff *skb, u32 info) 11462306a36Sopenharmony_ci{ 11562306a36Sopenharmony_ci struct xfrm4_protocol *handler; 11662306a36Sopenharmony_ci 11762306a36Sopenharmony_ci for_each_protocol_rcu(esp4_handlers, handler) 11862306a36Sopenharmony_ci if (!handler->err_handler(skb, info)) 11962306a36Sopenharmony_ci return 0; 12062306a36Sopenharmony_ci 12162306a36Sopenharmony_ci return -ENOENT; 12262306a36Sopenharmony_ci} 12362306a36Sopenharmony_ci 12462306a36Sopenharmony_cistatic int xfrm4_ah_rcv(struct sk_buff *skb) 12562306a36Sopenharmony_ci{ 12662306a36Sopenharmony_ci int ret; 12762306a36Sopenharmony_ci struct xfrm4_protocol *handler; 12862306a36Sopenharmony_ci 12962306a36Sopenharmony_ci XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; 13062306a36Sopenharmony_ci 13162306a36Sopenharmony_ci for_each_protocol_rcu(ah4_handlers, handler) 13262306a36Sopenharmony_ci if ((ret = handler->handler(skb)) != -EINVAL) 13362306a36Sopenharmony_ci return ret; 13462306a36Sopenharmony_ci 13562306a36Sopenharmony_ci icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 13662306a36Sopenharmony_ci 13762306a36Sopenharmony_ci kfree_skb(skb); 13862306a36Sopenharmony_ci return 0; 13962306a36Sopenharmony_ci} 14062306a36Sopenharmony_ci 14162306a36Sopenharmony_cistatic int xfrm4_ah_err(struct sk_buff *skb, u32 info) 14262306a36Sopenharmony_ci{ 14362306a36Sopenharmony_ci struct xfrm4_protocol *handler; 14462306a36Sopenharmony_ci 14562306a36Sopenharmony_ci for_each_protocol_rcu(ah4_handlers, handler) 14662306a36Sopenharmony_ci if (!handler->err_handler(skb, info)) 14762306a36Sopenharmony_ci return 0; 14862306a36Sopenharmony_ci 14962306a36Sopenharmony_ci return -ENOENT; 15062306a36Sopenharmony_ci} 15162306a36Sopenharmony_ci 15262306a36Sopenharmony_cistatic int xfrm4_ipcomp_rcv(struct sk_buff *skb) 15362306a36Sopenharmony_ci{ 15462306a36Sopenharmony_ci int ret; 15562306a36Sopenharmony_ci struct xfrm4_protocol *handler; 15662306a36Sopenharmony_ci 15762306a36Sopenharmony_ci XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; 15862306a36Sopenharmony_ci 15962306a36Sopenharmony_ci for_each_protocol_rcu(ipcomp4_handlers, handler) 16062306a36Sopenharmony_ci if ((ret = handler->handler(skb)) != -EINVAL) 16162306a36Sopenharmony_ci return ret; 16262306a36Sopenharmony_ci 16362306a36Sopenharmony_ci icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); 16462306a36Sopenharmony_ci 16562306a36Sopenharmony_ci kfree_skb(skb); 16662306a36Sopenharmony_ci return 0; 16762306a36Sopenharmony_ci} 16862306a36Sopenharmony_ci 16962306a36Sopenharmony_cistatic int xfrm4_ipcomp_err(struct sk_buff *skb, u32 info) 17062306a36Sopenharmony_ci{ 17162306a36Sopenharmony_ci struct xfrm4_protocol *handler; 17262306a36Sopenharmony_ci 17362306a36Sopenharmony_ci for_each_protocol_rcu(ipcomp4_handlers, handler) 17462306a36Sopenharmony_ci if (!handler->err_handler(skb, info)) 17562306a36Sopenharmony_ci return 0; 17662306a36Sopenharmony_ci 17762306a36Sopenharmony_ci return -ENOENT; 17862306a36Sopenharmony_ci} 17962306a36Sopenharmony_ci 18062306a36Sopenharmony_cistatic const struct net_protocol esp4_protocol = { 18162306a36Sopenharmony_ci .handler = xfrm4_esp_rcv, 18262306a36Sopenharmony_ci .err_handler = xfrm4_esp_err, 18362306a36Sopenharmony_ci .no_policy = 1, 18462306a36Sopenharmony_ci}; 18562306a36Sopenharmony_ci 18662306a36Sopenharmony_cistatic const struct net_protocol ah4_protocol = { 18762306a36Sopenharmony_ci .handler = xfrm4_ah_rcv, 18862306a36Sopenharmony_ci .err_handler = xfrm4_ah_err, 18962306a36Sopenharmony_ci .no_policy = 1, 19062306a36Sopenharmony_ci}; 19162306a36Sopenharmony_ci 19262306a36Sopenharmony_cistatic const struct net_protocol ipcomp4_protocol = { 19362306a36Sopenharmony_ci .handler = xfrm4_ipcomp_rcv, 19462306a36Sopenharmony_ci .err_handler = xfrm4_ipcomp_err, 19562306a36Sopenharmony_ci .no_policy = 1, 19662306a36Sopenharmony_ci}; 19762306a36Sopenharmony_ci 19862306a36Sopenharmony_cistatic const struct xfrm_input_afinfo xfrm4_input_afinfo = { 19962306a36Sopenharmony_ci .family = AF_INET, 20062306a36Sopenharmony_ci .callback = xfrm4_rcv_cb, 20162306a36Sopenharmony_ci}; 20262306a36Sopenharmony_ci 20362306a36Sopenharmony_cistatic inline const struct net_protocol *netproto(unsigned char protocol) 20462306a36Sopenharmony_ci{ 20562306a36Sopenharmony_ci switch (protocol) { 20662306a36Sopenharmony_ci case IPPROTO_ESP: 20762306a36Sopenharmony_ci return &esp4_protocol; 20862306a36Sopenharmony_ci case IPPROTO_AH: 20962306a36Sopenharmony_ci return &ah4_protocol; 21062306a36Sopenharmony_ci case IPPROTO_COMP: 21162306a36Sopenharmony_ci return &ipcomp4_protocol; 21262306a36Sopenharmony_ci } 21362306a36Sopenharmony_ci 21462306a36Sopenharmony_ci return NULL; 21562306a36Sopenharmony_ci} 21662306a36Sopenharmony_ci 21762306a36Sopenharmony_ciint xfrm4_protocol_register(struct xfrm4_protocol *handler, 21862306a36Sopenharmony_ci unsigned char protocol) 21962306a36Sopenharmony_ci{ 22062306a36Sopenharmony_ci struct xfrm4_protocol __rcu **pprev; 22162306a36Sopenharmony_ci struct xfrm4_protocol *t; 22262306a36Sopenharmony_ci bool add_netproto = false; 22362306a36Sopenharmony_ci int ret = -EEXIST; 22462306a36Sopenharmony_ci int priority = handler->priority; 22562306a36Sopenharmony_ci 22662306a36Sopenharmony_ci if (!proto_handlers(protocol) || !netproto(protocol)) 22762306a36Sopenharmony_ci return -EINVAL; 22862306a36Sopenharmony_ci 22962306a36Sopenharmony_ci mutex_lock(&xfrm4_protocol_mutex); 23062306a36Sopenharmony_ci 23162306a36Sopenharmony_ci if (!rcu_dereference_protected(*proto_handlers(protocol), 23262306a36Sopenharmony_ci lockdep_is_held(&xfrm4_protocol_mutex))) 23362306a36Sopenharmony_ci add_netproto = true; 23462306a36Sopenharmony_ci 23562306a36Sopenharmony_ci for (pprev = proto_handlers(protocol); 23662306a36Sopenharmony_ci (t = rcu_dereference_protected(*pprev, 23762306a36Sopenharmony_ci lockdep_is_held(&xfrm4_protocol_mutex))) != NULL; 23862306a36Sopenharmony_ci pprev = &t->next) { 23962306a36Sopenharmony_ci if (t->priority < priority) 24062306a36Sopenharmony_ci break; 24162306a36Sopenharmony_ci if (t->priority == priority) 24262306a36Sopenharmony_ci goto err; 24362306a36Sopenharmony_ci } 24462306a36Sopenharmony_ci 24562306a36Sopenharmony_ci handler->next = *pprev; 24662306a36Sopenharmony_ci rcu_assign_pointer(*pprev, handler); 24762306a36Sopenharmony_ci 24862306a36Sopenharmony_ci ret = 0; 24962306a36Sopenharmony_ci 25062306a36Sopenharmony_cierr: 25162306a36Sopenharmony_ci mutex_unlock(&xfrm4_protocol_mutex); 25262306a36Sopenharmony_ci 25362306a36Sopenharmony_ci if (add_netproto) { 25462306a36Sopenharmony_ci if (inet_add_protocol(netproto(protocol), protocol)) { 25562306a36Sopenharmony_ci pr_err("%s: can't add protocol\n", __func__); 25662306a36Sopenharmony_ci ret = -EAGAIN; 25762306a36Sopenharmony_ci } 25862306a36Sopenharmony_ci } 25962306a36Sopenharmony_ci 26062306a36Sopenharmony_ci return ret; 26162306a36Sopenharmony_ci} 26262306a36Sopenharmony_ciEXPORT_SYMBOL(xfrm4_protocol_register); 26362306a36Sopenharmony_ci 26462306a36Sopenharmony_ciint xfrm4_protocol_deregister(struct xfrm4_protocol *handler, 26562306a36Sopenharmony_ci unsigned char protocol) 26662306a36Sopenharmony_ci{ 26762306a36Sopenharmony_ci struct xfrm4_protocol __rcu **pprev; 26862306a36Sopenharmony_ci struct xfrm4_protocol *t; 26962306a36Sopenharmony_ci int ret = -ENOENT; 27062306a36Sopenharmony_ci 27162306a36Sopenharmony_ci if (!proto_handlers(protocol) || !netproto(protocol)) 27262306a36Sopenharmony_ci return -EINVAL; 27362306a36Sopenharmony_ci 27462306a36Sopenharmony_ci mutex_lock(&xfrm4_protocol_mutex); 27562306a36Sopenharmony_ci 27662306a36Sopenharmony_ci for (pprev = proto_handlers(protocol); 27762306a36Sopenharmony_ci (t = rcu_dereference_protected(*pprev, 27862306a36Sopenharmony_ci lockdep_is_held(&xfrm4_protocol_mutex))) != NULL; 27962306a36Sopenharmony_ci pprev = &t->next) { 28062306a36Sopenharmony_ci if (t == handler) { 28162306a36Sopenharmony_ci *pprev = handler->next; 28262306a36Sopenharmony_ci ret = 0; 28362306a36Sopenharmony_ci break; 28462306a36Sopenharmony_ci } 28562306a36Sopenharmony_ci } 28662306a36Sopenharmony_ci 28762306a36Sopenharmony_ci if (!rcu_dereference_protected(*proto_handlers(protocol), 28862306a36Sopenharmony_ci lockdep_is_held(&xfrm4_protocol_mutex))) { 28962306a36Sopenharmony_ci if (inet_del_protocol(netproto(protocol), protocol) < 0) { 29062306a36Sopenharmony_ci pr_err("%s: can't remove protocol\n", __func__); 29162306a36Sopenharmony_ci ret = -EAGAIN; 29262306a36Sopenharmony_ci } 29362306a36Sopenharmony_ci } 29462306a36Sopenharmony_ci 29562306a36Sopenharmony_ci mutex_unlock(&xfrm4_protocol_mutex); 29662306a36Sopenharmony_ci 29762306a36Sopenharmony_ci synchronize_net(); 29862306a36Sopenharmony_ci 29962306a36Sopenharmony_ci return ret; 30062306a36Sopenharmony_ci} 30162306a36Sopenharmony_ciEXPORT_SYMBOL(xfrm4_protocol_deregister); 30262306a36Sopenharmony_ci 30362306a36Sopenharmony_civoid __init xfrm4_protocol_init(void) 30462306a36Sopenharmony_ci{ 30562306a36Sopenharmony_ci xfrm_input_register_afinfo(&xfrm4_input_afinfo); 30662306a36Sopenharmony_ci} 307