162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 262306a36Sopenharmony_ci/* xfrm6_protocol.c - Generic xfrm protocol multiplexer for ipv6. 362306a36Sopenharmony_ci * 462306a36Sopenharmony_ci * Copyright (C) 2013 secunet Security Networks AG 562306a36Sopenharmony_ci * 662306a36Sopenharmony_ci * Author: 762306a36Sopenharmony_ci * Steffen Klassert <steffen.klassert@secunet.com> 862306a36Sopenharmony_ci * 962306a36Sopenharmony_ci * Based on: 1062306a36Sopenharmony_ci * net/ipv4/xfrm4_protocol.c 1162306a36Sopenharmony_ci */ 1262306a36Sopenharmony_ci 1362306a36Sopenharmony_ci#include <linux/init.h> 1462306a36Sopenharmony_ci#include <linux/mutex.h> 1562306a36Sopenharmony_ci#include <linux/skbuff.h> 1662306a36Sopenharmony_ci#include <linux/icmpv6.h> 1762306a36Sopenharmony_ci#include <net/ip6_route.h> 1862306a36Sopenharmony_ci#include <net/ipv6.h> 1962306a36Sopenharmony_ci#include <net/protocol.h> 2062306a36Sopenharmony_ci#include <net/xfrm.h> 2162306a36Sopenharmony_ci 2262306a36Sopenharmony_cistatic struct xfrm6_protocol __rcu *esp6_handlers __read_mostly; 2362306a36Sopenharmony_cistatic struct xfrm6_protocol __rcu *ah6_handlers __read_mostly; 2462306a36Sopenharmony_cistatic struct xfrm6_protocol __rcu *ipcomp6_handlers __read_mostly; 2562306a36Sopenharmony_cistatic DEFINE_MUTEX(xfrm6_protocol_mutex); 2662306a36Sopenharmony_ci 2762306a36Sopenharmony_cistatic inline struct xfrm6_protocol __rcu **proto_handlers(u8 protocol) 2862306a36Sopenharmony_ci{ 2962306a36Sopenharmony_ci switch (protocol) { 3062306a36Sopenharmony_ci case IPPROTO_ESP: 3162306a36Sopenharmony_ci return &esp6_handlers; 3262306a36Sopenharmony_ci case IPPROTO_AH: 3362306a36Sopenharmony_ci return &ah6_handlers; 3462306a36Sopenharmony_ci case IPPROTO_COMP: 3562306a36Sopenharmony_ci return &ipcomp6_handlers; 3662306a36Sopenharmony_ci } 3762306a36Sopenharmony_ci 3862306a36Sopenharmony_ci return NULL; 3962306a36Sopenharmony_ci} 4062306a36Sopenharmony_ci 4162306a36Sopenharmony_ci#define for_each_protocol_rcu(head, handler) \ 4262306a36Sopenharmony_ci for (handler = rcu_dereference(head); \ 4362306a36Sopenharmony_ci handler != NULL; \ 4462306a36Sopenharmony_ci handler = rcu_dereference(handler->next)) \ 4562306a36Sopenharmony_ci 4662306a36Sopenharmony_cistatic int xfrm6_rcv_cb(struct sk_buff *skb, u8 protocol, int err) 4762306a36Sopenharmony_ci{ 4862306a36Sopenharmony_ci int ret; 4962306a36Sopenharmony_ci struct xfrm6_protocol *handler; 5062306a36Sopenharmony_ci struct xfrm6_protocol __rcu **head = proto_handlers(protocol); 5162306a36Sopenharmony_ci 5262306a36Sopenharmony_ci if (!head) 5362306a36Sopenharmony_ci return 0; 5462306a36Sopenharmony_ci 5562306a36Sopenharmony_ci for_each_protocol_rcu(*proto_handlers(protocol), handler) 5662306a36Sopenharmony_ci if ((ret = handler->cb_handler(skb, err)) <= 0) 5762306a36Sopenharmony_ci return ret; 5862306a36Sopenharmony_ci 5962306a36Sopenharmony_ci return 0; 6062306a36Sopenharmony_ci} 6162306a36Sopenharmony_ci 6262306a36Sopenharmony_ciint xfrm6_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi, 6362306a36Sopenharmony_ci int encap_type) 6462306a36Sopenharmony_ci{ 6562306a36Sopenharmony_ci int ret; 6662306a36Sopenharmony_ci struct xfrm6_protocol *handler; 6762306a36Sopenharmony_ci struct xfrm6_protocol __rcu **head = proto_handlers(nexthdr); 6862306a36Sopenharmony_ci 6962306a36Sopenharmony_ci XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = NULL; 7062306a36Sopenharmony_ci XFRM_SPI_SKB_CB(skb)->family = AF_INET6; 7162306a36Sopenharmony_ci XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct ipv6hdr, daddr); 7262306a36Sopenharmony_ci 7362306a36Sopenharmony_ci if (!head) 7462306a36Sopenharmony_ci goto out; 7562306a36Sopenharmony_ci 7662306a36Sopenharmony_ci if (!skb_dst(skb)) { 7762306a36Sopenharmony_ci const struct ipv6hdr *ip6h = ipv6_hdr(skb); 7862306a36Sopenharmony_ci int flags = RT6_LOOKUP_F_HAS_SADDR; 7962306a36Sopenharmony_ci struct dst_entry *dst; 8062306a36Sopenharmony_ci struct flowi6 fl6 = { 8162306a36Sopenharmony_ci .flowi6_iif = skb->dev->ifindex, 8262306a36Sopenharmony_ci .daddr = ip6h->daddr, 8362306a36Sopenharmony_ci .saddr = ip6h->saddr, 8462306a36Sopenharmony_ci .flowlabel = ip6_flowinfo(ip6h), 8562306a36Sopenharmony_ci .flowi6_mark = skb->mark, 8662306a36Sopenharmony_ci .flowi6_proto = ip6h->nexthdr, 8762306a36Sopenharmony_ci }; 8862306a36Sopenharmony_ci 8962306a36Sopenharmony_ci dst = ip6_route_input_lookup(dev_net(skb->dev), skb->dev, &fl6, 9062306a36Sopenharmony_ci skb, flags); 9162306a36Sopenharmony_ci if (dst->error) 9262306a36Sopenharmony_ci goto drop; 9362306a36Sopenharmony_ci skb_dst_set(skb, dst); 9462306a36Sopenharmony_ci } 9562306a36Sopenharmony_ci 9662306a36Sopenharmony_ci for_each_protocol_rcu(*head, handler) 9762306a36Sopenharmony_ci if ((ret = handler->input_handler(skb, nexthdr, spi, encap_type)) != -EINVAL) 9862306a36Sopenharmony_ci return ret; 9962306a36Sopenharmony_ci 10062306a36Sopenharmony_ciout: 10162306a36Sopenharmony_ci icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); 10262306a36Sopenharmony_ci 10362306a36Sopenharmony_cidrop: 10462306a36Sopenharmony_ci kfree_skb(skb); 10562306a36Sopenharmony_ci return 0; 10662306a36Sopenharmony_ci} 10762306a36Sopenharmony_ciEXPORT_SYMBOL(xfrm6_rcv_encap); 10862306a36Sopenharmony_ci 10962306a36Sopenharmony_cistatic int xfrm6_esp_rcv(struct sk_buff *skb) 11062306a36Sopenharmony_ci{ 11162306a36Sopenharmony_ci int ret; 11262306a36Sopenharmony_ci struct xfrm6_protocol *handler; 11362306a36Sopenharmony_ci 11462306a36Sopenharmony_ci XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = NULL; 11562306a36Sopenharmony_ci 11662306a36Sopenharmony_ci for_each_protocol_rcu(esp6_handlers, handler) 11762306a36Sopenharmony_ci if ((ret = handler->handler(skb)) != -EINVAL) 11862306a36Sopenharmony_ci return ret; 11962306a36Sopenharmony_ci 12062306a36Sopenharmony_ci icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); 12162306a36Sopenharmony_ci 12262306a36Sopenharmony_ci kfree_skb(skb); 12362306a36Sopenharmony_ci return 0; 12462306a36Sopenharmony_ci} 12562306a36Sopenharmony_ci 12662306a36Sopenharmony_cistatic int xfrm6_esp_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 12762306a36Sopenharmony_ci u8 type, u8 code, int offset, __be32 info) 12862306a36Sopenharmony_ci{ 12962306a36Sopenharmony_ci struct xfrm6_protocol *handler; 13062306a36Sopenharmony_ci 13162306a36Sopenharmony_ci for_each_protocol_rcu(esp6_handlers, handler) 13262306a36Sopenharmony_ci if (!handler->err_handler(skb, opt, type, code, offset, info)) 13362306a36Sopenharmony_ci return 0; 13462306a36Sopenharmony_ci 13562306a36Sopenharmony_ci return -ENOENT; 13662306a36Sopenharmony_ci} 13762306a36Sopenharmony_ci 13862306a36Sopenharmony_cistatic int xfrm6_ah_rcv(struct sk_buff *skb) 13962306a36Sopenharmony_ci{ 14062306a36Sopenharmony_ci int ret; 14162306a36Sopenharmony_ci struct xfrm6_protocol *handler; 14262306a36Sopenharmony_ci 14362306a36Sopenharmony_ci XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = NULL; 14462306a36Sopenharmony_ci 14562306a36Sopenharmony_ci for_each_protocol_rcu(ah6_handlers, handler) 14662306a36Sopenharmony_ci if ((ret = handler->handler(skb)) != -EINVAL) 14762306a36Sopenharmony_ci return ret; 14862306a36Sopenharmony_ci 14962306a36Sopenharmony_ci icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); 15062306a36Sopenharmony_ci 15162306a36Sopenharmony_ci kfree_skb(skb); 15262306a36Sopenharmony_ci return 0; 15362306a36Sopenharmony_ci} 15462306a36Sopenharmony_ci 15562306a36Sopenharmony_cistatic int xfrm6_ah_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 15662306a36Sopenharmony_ci u8 type, u8 code, int offset, __be32 info) 15762306a36Sopenharmony_ci{ 15862306a36Sopenharmony_ci struct xfrm6_protocol *handler; 15962306a36Sopenharmony_ci 16062306a36Sopenharmony_ci for_each_protocol_rcu(ah6_handlers, handler) 16162306a36Sopenharmony_ci if (!handler->err_handler(skb, opt, type, code, offset, info)) 16262306a36Sopenharmony_ci return 0; 16362306a36Sopenharmony_ci 16462306a36Sopenharmony_ci return -ENOENT; 16562306a36Sopenharmony_ci} 16662306a36Sopenharmony_ci 16762306a36Sopenharmony_cistatic int xfrm6_ipcomp_rcv(struct sk_buff *skb) 16862306a36Sopenharmony_ci{ 16962306a36Sopenharmony_ci int ret; 17062306a36Sopenharmony_ci struct xfrm6_protocol *handler; 17162306a36Sopenharmony_ci 17262306a36Sopenharmony_ci XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = NULL; 17362306a36Sopenharmony_ci 17462306a36Sopenharmony_ci for_each_protocol_rcu(ipcomp6_handlers, handler) 17562306a36Sopenharmony_ci if ((ret = handler->handler(skb)) != -EINVAL) 17662306a36Sopenharmony_ci return ret; 17762306a36Sopenharmony_ci 17862306a36Sopenharmony_ci icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); 17962306a36Sopenharmony_ci 18062306a36Sopenharmony_ci kfree_skb(skb); 18162306a36Sopenharmony_ci return 0; 18262306a36Sopenharmony_ci} 18362306a36Sopenharmony_ci 18462306a36Sopenharmony_cistatic int xfrm6_ipcomp_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 18562306a36Sopenharmony_ci u8 type, u8 code, int offset, __be32 info) 18662306a36Sopenharmony_ci{ 18762306a36Sopenharmony_ci struct xfrm6_protocol *handler; 18862306a36Sopenharmony_ci 18962306a36Sopenharmony_ci for_each_protocol_rcu(ipcomp6_handlers, handler) 19062306a36Sopenharmony_ci if (!handler->err_handler(skb, opt, type, code, offset, info)) 19162306a36Sopenharmony_ci return 0; 19262306a36Sopenharmony_ci 19362306a36Sopenharmony_ci return -ENOENT; 19462306a36Sopenharmony_ci} 19562306a36Sopenharmony_ci 19662306a36Sopenharmony_cistatic const struct inet6_protocol esp6_protocol = { 19762306a36Sopenharmony_ci .handler = xfrm6_esp_rcv, 19862306a36Sopenharmony_ci .err_handler = xfrm6_esp_err, 19962306a36Sopenharmony_ci .flags = INET6_PROTO_NOPOLICY, 20062306a36Sopenharmony_ci}; 20162306a36Sopenharmony_ci 20262306a36Sopenharmony_cistatic const struct inet6_protocol ah6_protocol = { 20362306a36Sopenharmony_ci .handler = xfrm6_ah_rcv, 20462306a36Sopenharmony_ci .err_handler = xfrm6_ah_err, 20562306a36Sopenharmony_ci .flags = INET6_PROTO_NOPOLICY, 20662306a36Sopenharmony_ci}; 20762306a36Sopenharmony_ci 20862306a36Sopenharmony_cistatic const struct inet6_protocol ipcomp6_protocol = { 20962306a36Sopenharmony_ci .handler = xfrm6_ipcomp_rcv, 21062306a36Sopenharmony_ci .err_handler = xfrm6_ipcomp_err, 21162306a36Sopenharmony_ci .flags = INET6_PROTO_NOPOLICY, 21262306a36Sopenharmony_ci}; 21362306a36Sopenharmony_ci 21462306a36Sopenharmony_cistatic const struct xfrm_input_afinfo xfrm6_input_afinfo = { 21562306a36Sopenharmony_ci .family = AF_INET6, 21662306a36Sopenharmony_ci .callback = xfrm6_rcv_cb, 21762306a36Sopenharmony_ci}; 21862306a36Sopenharmony_ci 21962306a36Sopenharmony_cistatic inline const struct inet6_protocol *netproto(unsigned char protocol) 22062306a36Sopenharmony_ci{ 22162306a36Sopenharmony_ci switch (protocol) { 22262306a36Sopenharmony_ci case IPPROTO_ESP: 22362306a36Sopenharmony_ci return &esp6_protocol; 22462306a36Sopenharmony_ci case IPPROTO_AH: 22562306a36Sopenharmony_ci return &ah6_protocol; 22662306a36Sopenharmony_ci case IPPROTO_COMP: 22762306a36Sopenharmony_ci return &ipcomp6_protocol; 22862306a36Sopenharmony_ci } 22962306a36Sopenharmony_ci 23062306a36Sopenharmony_ci return NULL; 23162306a36Sopenharmony_ci} 23262306a36Sopenharmony_ci 23362306a36Sopenharmony_ciint xfrm6_protocol_register(struct xfrm6_protocol *handler, 23462306a36Sopenharmony_ci unsigned char protocol) 23562306a36Sopenharmony_ci{ 23662306a36Sopenharmony_ci struct xfrm6_protocol __rcu **pprev; 23762306a36Sopenharmony_ci struct xfrm6_protocol *t; 23862306a36Sopenharmony_ci bool add_netproto = false; 23962306a36Sopenharmony_ci int ret = -EEXIST; 24062306a36Sopenharmony_ci int priority = handler->priority; 24162306a36Sopenharmony_ci 24262306a36Sopenharmony_ci if (!proto_handlers(protocol) || !netproto(protocol)) 24362306a36Sopenharmony_ci return -EINVAL; 24462306a36Sopenharmony_ci 24562306a36Sopenharmony_ci mutex_lock(&xfrm6_protocol_mutex); 24662306a36Sopenharmony_ci 24762306a36Sopenharmony_ci if (!rcu_dereference_protected(*proto_handlers(protocol), 24862306a36Sopenharmony_ci lockdep_is_held(&xfrm6_protocol_mutex))) 24962306a36Sopenharmony_ci add_netproto = true; 25062306a36Sopenharmony_ci 25162306a36Sopenharmony_ci for (pprev = proto_handlers(protocol); 25262306a36Sopenharmony_ci (t = rcu_dereference_protected(*pprev, 25362306a36Sopenharmony_ci lockdep_is_held(&xfrm6_protocol_mutex))) != NULL; 25462306a36Sopenharmony_ci pprev = &t->next) { 25562306a36Sopenharmony_ci if (t->priority < priority) 25662306a36Sopenharmony_ci break; 25762306a36Sopenharmony_ci if (t->priority == priority) 25862306a36Sopenharmony_ci goto err; 25962306a36Sopenharmony_ci } 26062306a36Sopenharmony_ci 26162306a36Sopenharmony_ci handler->next = *pprev; 26262306a36Sopenharmony_ci rcu_assign_pointer(*pprev, handler); 26362306a36Sopenharmony_ci 26462306a36Sopenharmony_ci ret = 0; 26562306a36Sopenharmony_ci 26662306a36Sopenharmony_cierr: 26762306a36Sopenharmony_ci mutex_unlock(&xfrm6_protocol_mutex); 26862306a36Sopenharmony_ci 26962306a36Sopenharmony_ci if (add_netproto) { 27062306a36Sopenharmony_ci if (inet6_add_protocol(netproto(protocol), protocol)) { 27162306a36Sopenharmony_ci pr_err("%s: can't add protocol\n", __func__); 27262306a36Sopenharmony_ci ret = -EAGAIN; 27362306a36Sopenharmony_ci } 27462306a36Sopenharmony_ci } 27562306a36Sopenharmony_ci 27662306a36Sopenharmony_ci return ret; 27762306a36Sopenharmony_ci} 27862306a36Sopenharmony_ciEXPORT_SYMBOL(xfrm6_protocol_register); 27962306a36Sopenharmony_ci 28062306a36Sopenharmony_ciint xfrm6_protocol_deregister(struct xfrm6_protocol *handler, 28162306a36Sopenharmony_ci unsigned char protocol) 28262306a36Sopenharmony_ci{ 28362306a36Sopenharmony_ci struct xfrm6_protocol __rcu **pprev; 28462306a36Sopenharmony_ci struct xfrm6_protocol *t; 28562306a36Sopenharmony_ci int ret = -ENOENT; 28662306a36Sopenharmony_ci 28762306a36Sopenharmony_ci if (!proto_handlers(protocol) || !netproto(protocol)) 28862306a36Sopenharmony_ci return -EINVAL; 28962306a36Sopenharmony_ci 29062306a36Sopenharmony_ci mutex_lock(&xfrm6_protocol_mutex); 29162306a36Sopenharmony_ci 29262306a36Sopenharmony_ci for (pprev = proto_handlers(protocol); 29362306a36Sopenharmony_ci (t = rcu_dereference_protected(*pprev, 29462306a36Sopenharmony_ci lockdep_is_held(&xfrm6_protocol_mutex))) != NULL; 29562306a36Sopenharmony_ci pprev = &t->next) { 29662306a36Sopenharmony_ci if (t == handler) { 29762306a36Sopenharmony_ci *pprev = handler->next; 29862306a36Sopenharmony_ci ret = 0; 29962306a36Sopenharmony_ci break; 30062306a36Sopenharmony_ci } 30162306a36Sopenharmony_ci } 30262306a36Sopenharmony_ci 30362306a36Sopenharmony_ci if (!rcu_dereference_protected(*proto_handlers(protocol), 30462306a36Sopenharmony_ci lockdep_is_held(&xfrm6_protocol_mutex))) { 30562306a36Sopenharmony_ci if (inet6_del_protocol(netproto(protocol), protocol) < 0) { 30662306a36Sopenharmony_ci pr_err("%s: can't remove protocol\n", __func__); 30762306a36Sopenharmony_ci ret = -EAGAIN; 30862306a36Sopenharmony_ci } 30962306a36Sopenharmony_ci } 31062306a36Sopenharmony_ci 31162306a36Sopenharmony_ci mutex_unlock(&xfrm6_protocol_mutex); 31262306a36Sopenharmony_ci 31362306a36Sopenharmony_ci synchronize_net(); 31462306a36Sopenharmony_ci 31562306a36Sopenharmony_ci return ret; 31662306a36Sopenharmony_ci} 31762306a36Sopenharmony_ciEXPORT_SYMBOL(xfrm6_protocol_deregister); 31862306a36Sopenharmony_ci 31962306a36Sopenharmony_ciint __init xfrm6_protocol_init(void) 32062306a36Sopenharmony_ci{ 32162306a36Sopenharmony_ci return xfrm_input_register_afinfo(&xfrm6_input_afinfo); 32262306a36Sopenharmony_ci} 32362306a36Sopenharmony_ci 32462306a36Sopenharmony_civoid xfrm6_protocol_fini(void) 32562306a36Sopenharmony_ci{ 32662306a36Sopenharmony_ci xfrm_input_unregister_afinfo(&xfrm6_input_afinfo); 32762306a36Sopenharmony_ci} 328