projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...
[linux-2.6-block.git] / net / sched / act_tunnel_key.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
d0f6dd8a
AV		 2/*
3 * Copyright (c) 2016, Amir Vadai <amir@vadai.me>
4 * Copyright (c) 2016, Mellanox Technologies. All rights reserved.
d0f6dd8a
AV		 5 */
6
7#include <linux/module.h>
8#include <linux/init.h>
9#include <linux/kernel.h>
10#include <linux/skbuff.h>
11#include <linux/rtnetlink.h>
0ed5269f 12#include <net/geneve.h>
fca3f91c 13#include <net/vxlan.h>
e20d4ff2 14#include <net/erspan.h>
d0f6dd8a
AV		 15#include <net/netlink.h>
16#include <net/pkt_sched.h>
17#include <net/dst.h>
e5fdabac 18#include <net/pkt_cls.h>
d0f6dd8a
AV		 19
20#include <linux/tc_act/tc_tunnel_key.h>
21#include <net/tc_act/tc_tunnel_key.h>
22
c7d03a00 23static unsigned int tunnel_key_net_id;
d0f6dd8a
AV		 24static struct tc_action_ops act_tunnel_key_ops;
25
26static int tunnel_key_act(struct sk_buff *skb, const struct tc_action *a,
27 struct tcf_result *res)
28{
29 struct tcf_tunnel_key *t = to_tunnel_key(a);
30 struct tcf_tunnel_key_params *params;
31 int action;
32
7fd4b288 33 params = rcu_dereference_bh(t->params);
d0f6dd8a
AV		 34
35 tcf_lastuse_update(&t->tcf_tm);
5e1ad95b 36 tcf_action_update_bstats(&t->common, skb);
38230a3e 37 action = READ_ONCE(t->tcf_action);
d0f6dd8a
AV		 38
39 switch (params->tcft_action) {
40 case TCA_TUNNEL_KEY_ACT_RELEASE:
41 skb_dst_drop(skb);
42 break;
43 case TCA_TUNNEL_KEY_ACT_SET:
44 skb_dst_drop(skb);
45 skb_dst_set(skb, dst_clone(&params->tcft_enc_metadata->dst));
46 break;
47 default:
48 WARN_ONCE(1, "Bad tunnel_key action %d.\n",
49 params->tcft_action);
50 break;
51 }
52
d0f6dd8a
AV		 53 return action;
54}
55
0ed5269f
SH		 56static const struct nla_policy
57enc_opts_policy[TCA_TUNNEL_KEY_ENC_OPTS_MAX + 1] = {
fca3f91c
XL		 58 [TCA_TUNNEL_KEY_ENC_OPTS_UNSPEC] = {
59 .strict_start_type = TCA_TUNNEL_KEY_ENC_OPTS_VXLAN },
0ed5269f 60 [TCA_TUNNEL_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED },
fca3f91c 61 [TCA_TUNNEL_KEY_ENC_OPTS_VXLAN] = { .type = NLA_NESTED },
e20d4ff2 62 [TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN] = { .type = NLA_NESTED },
0ed5269f
SH		 63};
64
65static const struct nla_policy
66geneve_opt_policy[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_MAX + 1] = {
67 [TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 },
68 [TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 },
69 [TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY,
70 .len = 128 },
71};
72
fca3f91c
XL		 73static const struct nla_policy
74vxlan_opt_policy[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_MAX + 1] = {
75 [TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP] = { .type = NLA_U32 },
76};
77
e20d4ff2
XL		 78static const struct nla_policy
79erspan_opt_policy[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_MAX + 1] = {
80 [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER] = { .type = NLA_U8 },
81 [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX] = { .type = NLA_U32 },
82 [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR] = { .type = NLA_U8 },
83 [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID] = { .type = NLA_U8 },
84};
85
0ed5269f
SH		 86static int
87tunnel_key_copy_geneve_opt(const struct nlattr *nla, void *dst, int dst_len,
88 struct netlink_ext_ack *extack)
89{
90 struct nlattr *tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_MAX + 1];
91 int err, data_len, opt_len;
92 u8 *data;
93
8cb08174
JB		 94 err = nla_parse_nested_deprecated(tb,
95 TCA_TUNNEL_KEY_ENC_OPT_GENEVE_MAX,
96 nla, geneve_opt_policy, extack);
0ed5269f
SH		 97 if (err < 0)
98 return err;
99
100 if (!tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS] ||
101 !tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE] ||
102 !tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA]) {
103 NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data");
104 return -EINVAL;
105 }
106
107 data = nla_data(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA]);
108 data_len = nla_len(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA]);
109 if (data_len < 4) {
110 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long");
111 return -ERANGE;
112 }
113 if (data_len % 4) {
114 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long");
115 return -ERANGE;
116 }
117
118 opt_len = sizeof(struct geneve_opt) + data_len;
119 if (dst) {
120 struct geneve_opt *opt = dst;
121
122 WARN_ON(dst_len < opt_len);
123
124 opt->opt_class =
125 nla_get_be16(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS]);
126 opt->type = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE]);
127 opt->length = data_len / 4; /* length is in units of 4 bytes */
128 opt->r1 = 0;
129 opt->r2 = 0;
130 opt->r3 = 0;
131
132 memcpy(opt + 1, data, data_len);
133 }
134
135 return opt_len;
136}
137
fca3f91c
XL		 138static int
139tunnel_key_copy_vxlan_opt(const struct nlattr *nla, void *dst, int dst_len,
140 struct netlink_ext_ack *extack)
141{
142 struct nlattr *tb[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_MAX + 1];
143 int err;
144
145 err = nla_parse_nested(tb, TCA_TUNNEL_KEY_ENC_OPT_VXLAN_MAX, nla,
146 vxlan_opt_policy, extack);
147 if (err < 0)
148 return err;
149
150 if (!tb[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP]) {
151 NL_SET_ERR_MSG(extack, "Missing tunnel key vxlan option gbp");
152 return -EINVAL;
153 }
154
155 if (dst) {
156 struct vxlan_metadata *md = dst;
157
158 md->gbp = nla_get_u32(tb[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP]);
159 }
160
161 return sizeof(struct vxlan_metadata);
162}
163
e20d4ff2
XL		 164static int
165tunnel_key_copy_erspan_opt(const struct nlattr *nla, void *dst, int dst_len,
166 struct netlink_ext_ack *extack)
167{
168 struct nlattr *tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_MAX + 1];
169 int err;
170 u8 ver;
171
172 err = nla_parse_nested(tb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_MAX, nla,
173 erspan_opt_policy, extack);
174 if (err < 0)
175 return err;
176
177 if (!tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER]) {
178 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option ver");
179 return -EINVAL;
180 }
181
182 ver = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER]);
183 if (ver == 1) {
184 if (!tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX]) {
185 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option index");
186 return -EINVAL;
187 }
188 } else if (ver == 2) {
189 if (!tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR] ||
190 !tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID]) {
191 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option dir or hwid");
192 return -EINVAL;
193 }
194 } else {
195 NL_SET_ERR_MSG(extack, "Tunnel key erspan option ver is incorrect");
196 return -EINVAL;
197 }
198
199 if (dst) {
200 struct erspan_metadata *md = dst;
201
202 md->version = ver;
203 if (ver == 1) {
204 nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX];
205 md->u.index = nla_get_be32(nla);
206 } else {
207 nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR];
208 md->u.md2.dir = nla_get_u8(nla);
209 nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID];
210 set_hwid(&md->u.md2, nla_get_u8(nla));
211 }
212 }
213
214 return sizeof(struct erspan_metadata);
215}
216
0ed5269f
SH		 217static int tunnel_key_copy_opts(const struct nlattr *nla, u8 *dst,
218 int dst_len, struct netlink_ext_ack *extack)
219{
fca3f91c 220 int err, rem, opt_len, len = nla_len(nla), opts_len = 0, type = 0;
0ed5269f
SH		 221 const struct nlattr *attr, *head = nla_data(nla);
222
8cb08174
JB		 223 err = nla_validate_deprecated(head, len, TCA_TUNNEL_KEY_ENC_OPTS_MAX,
224 enc_opts_policy, extack);
0ed5269f
SH		 225 if (err)
226 return err;
227
228 nla_for_each_attr(attr, head, len, rem) {
229 switch (nla_type(attr)) {
230 case TCA_TUNNEL_KEY_ENC_OPTS_GENEVE:
fca3f91c
XL		 231 if (type && type != TUNNEL_GENEVE_OPT) {
232 NL_SET_ERR_MSG(extack, "Duplicate type for geneve options");
233 return -EINVAL;
234 }
0ed5269f
SH		 235 opt_len = tunnel_key_copy_geneve_opt(attr, dst,
236 dst_len, extack);
237 if (opt_len < 0)
238 return opt_len;
239 opts_len += opt_len;
4f0e97d0
XL		 240 if (opts_len > IP_TUNNEL_OPTS_MAX) {
241 NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size");
242 return -EINVAL;
243 }
0ed5269f
SH		 244 if (dst) {
245 dst_len -= opt_len;
246 dst += opt_len;
247 }
fca3f91c
XL		 248 type = TUNNEL_GENEVE_OPT;
249 break;
250 case TCA_TUNNEL_KEY_ENC_OPTS_VXLAN:
251 if (type) {
252 NL_SET_ERR_MSG(extack, "Duplicate type for vxlan options");
253 return -EINVAL;
254 }
255 opt_len = tunnel_key_copy_vxlan_opt(attr, dst,
256 dst_len, extack);
257 if (opt_len < 0)
258 return opt_len;
259 opts_len += opt_len;
260 type = TUNNEL_VXLAN_OPT;
0ed5269f 261 break;
e20d4ff2
XL		 262 case TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN:
263 if (type) {
264 NL_SET_ERR_MSG(extack, "Duplicate type for erspan options");
265 return -EINVAL;
266 }
267 opt_len = tunnel_key_copy_erspan_opt(attr, dst,
268 dst_len, extack);
269 if (opt_len < 0)
270 return opt_len;
271 opts_len += opt_len;
272 type = TUNNEL_ERSPAN_OPT;
273 break;
0ed5269f
SH		 274 }
275 }
276
277 if (!opts_len) {
278 NL_SET_ERR_MSG(extack, "Empty list of tunnel options");
279 return -EINVAL;
280 }
281
282 if (rem > 0) {
283 NL_SET_ERR_MSG(extack, "Trailing data after parsing tunnel key options attributes");
284 return -EINVAL;
285 }
286
287 return opts_len;
288}
289
290static int tunnel_key_get_opts_len(struct nlattr *nla,
291 struct netlink_ext_ack *extack)
292{
293 return tunnel_key_copy_opts(nla, NULL, 0, extack);
294}
295
296static int tunnel_key_opts_set(struct nlattr *nla, struct ip_tunnel_info *info,
297 int opts_len, struct netlink_ext_ack *extack)
298{
299 info->options_len = opts_len;
300 switch (nla_type(nla_data(nla))) {
301 case TCA_TUNNEL_KEY_ENC_OPTS_GENEVE:
302#if IS_ENABLED(CONFIG_INET)
303 info->key.tun_flags |= TUNNEL_GENEVE_OPT;
304 return tunnel_key_copy_opts(nla, ip_tunnel_info_opts(info),
305 opts_len, extack);
306#else
307 return -EAFNOSUPPORT;
fca3f91c
XL		 308#endif
309 case TCA_TUNNEL_KEY_ENC_OPTS_VXLAN:
310#if IS_ENABLED(CONFIG_INET)
311 info->key.tun_flags |= TUNNEL_VXLAN_OPT;
312 return tunnel_key_copy_opts(nla, ip_tunnel_info_opts(info),
313 opts_len, extack);
314#else
315 return -EAFNOSUPPORT;
e20d4ff2
XL		 316#endif
317 case TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN:
318#if IS_ENABLED(CONFIG_INET)
319 info->key.tun_flags |= TUNNEL_ERSPAN_OPT;
320 return tunnel_key_copy_opts(nla, ip_tunnel_info_opts(info),
321 opts_len, extack);
322#else
323 return -EAFNOSUPPORT;
0ed5269f
SH		 324#endif
325 default:
326 NL_SET_ERR_MSG(extack, "Cannot set tunnel options for unknown tunnel type");
327 return -EINVAL;
328 }
329}
330
d0f6dd8a
AV		 331static const struct nla_policy tunnel_key_policy[TCA_TUNNEL_KEY_MAX + 1] = {
332 [TCA_TUNNEL_KEY_PARMS] = { .len = sizeof(struct tc_tunnel_key) },
333 [TCA_TUNNEL_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 },
334 [TCA_TUNNEL_KEY_ENC_IPV4_DST] = { .type = NLA_U32 },
335 [TCA_TUNNEL_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) },
336 [TCA_TUNNEL_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) },
337 [TCA_TUNNEL_KEY_ENC_KEY_ID] = { .type = NLA_U32 },
75bfbca0 338 [TCA_TUNNEL_KEY_ENC_DST_PORT] = {.type = NLA_U16},
86087e17 339 [TCA_TUNNEL_KEY_NO_CSUM] = { .type = NLA_U8 },
0ed5269f 340 [TCA_TUNNEL_KEY_ENC_OPTS] = { .type = NLA_NESTED },
07a557f4
OG		 341 [TCA_TUNNEL_KEY_ENC_TOS] = { .type = NLA_U8 },
342 [TCA_TUNNEL_KEY_ENC_TTL] = { .type = NLA_U8 },
d0f6dd8a
AV		 343};
344
9174c3df
DC		 345static void tunnel_key_release_params(struct tcf_tunnel_key_params *p)
346{
347 if (!p)
348 return;
4177c5d9 349 if (p->tcft_action == TCA_TUNNEL_KEY_ACT_SET)
9174c3df 350 dst_release(&p->tcft_enc_metadata->dst);
4177c5d9 351
9174c3df
DC		 352 kfree_rcu(p, rcu);
353}
354
d0f6dd8a
AV		 355static int tunnel_key_init(struct net *net, struct nlattr *nla,
356 struct nlattr *est, struct tc_action **a,
789871bb 357 int ovr, int bind, bool rtnl_held,
abbb0d33 358 struct tcf_proto *tp, u32 act_flags,
789871bb 359 struct netlink_ext_ack *extack)
d0f6dd8a
AV		 360{
361 struct tc_action_net *tn = net_generic(net, tunnel_key_net_id);
362 struct nlattr *tb[TCA_TUNNEL_KEY_MAX + 1];
d0f6dd8a
AV		 363 struct tcf_tunnel_key_params *params_new;
364 struct metadata_dst *metadata = NULL;
e5fdabac 365 struct tcf_chain *goto_ch = NULL;
d0f6dd8a
AV		 366 struct tc_tunnel_key *parm;
367 struct tcf_tunnel_key *t;
368 bool exists = false;
75bfbca0 369 __be16 dst_port = 0;
80ef0f22 370 __be64 key_id = 0;
0ed5269f 371 int opts_len = 0;
80ef0f22 372 __be16 flags = 0;
07a557f4 373 u8 tos, ttl;
d0f6dd8a 374 int ret = 0;
7be8ef2c 375 u32 index;
d0f6dd8a
AV		 376 int err;
377
9d7298cd
SH		 378 if (!nla) {
379 NL_SET_ERR_MSG(extack, "Tunnel requires attributes to be passed");
d0f6dd8a 380 return -EINVAL;
9d7298cd 381 }
d0f6dd8a 382
8cb08174
JB		 383 err = nla_parse_nested_deprecated(tb, TCA_TUNNEL_KEY_MAX, nla,
384 tunnel_key_policy, extack);
9d7298cd
SH		 385 if (err < 0) {
386 NL_SET_ERR_MSG(extack, "Failed to parse nested tunnel key attributes");
d0f6dd8a 387 return err;
9d7298cd 388 }
d0f6dd8a 389
9d7298cd
SH		 390 if (!tb[TCA_TUNNEL_KEY_PARMS]) {
391 NL_SET_ERR_MSG(extack, "Missing tunnel key parameters");
d0f6dd8a 392 return -EINVAL;
9d7298cd 393 }
d0f6dd8a
AV		 394
395 parm = nla_data(tb[TCA_TUNNEL_KEY_PARMS]);
7be8ef2c
DL		 396 index = parm->index;
397 err = tcf_idr_check_alloc(tn, &index, a, bind);
0190c1d4
VB		 398 if (err < 0)
399 return err;
400 exists = err;
d0f6dd8a
AV		 401 if (exists && bind)
402 return 0;
403
404 switch (parm->t_action) {
405 case TCA_TUNNEL_KEY_ACT_RELEASE:
406 break;
407 case TCA_TUNNEL_KEY_ACT_SET:
80ef0f22
AN		 408 if (tb[TCA_TUNNEL_KEY_ENC_KEY_ID]) {
409 __be32 key32;
d0f6dd8a 410
80ef0f22
AN		 411 key32 = nla_get_be32(tb[TCA_TUNNEL_KEY_ENC_KEY_ID]);
412 key_id = key32_to_tunnel_id(key32);
413 flags = TUNNEL_KEY;
414 }
d0f6dd8a 415
80ef0f22 416 flags |= TUNNEL_CSUM;
86087e17
JB		 417 if (tb[TCA_TUNNEL_KEY_NO_CSUM] &&
418 nla_get_u8(tb[TCA_TUNNEL_KEY_NO_CSUM]))
419 flags &= ~TUNNEL_CSUM;
420
75bfbca0
HHZ		 421 if (tb[TCA_TUNNEL_KEY_ENC_DST_PORT])
422 dst_port = nla_get_be16(tb[TCA_TUNNEL_KEY_ENC_DST_PORT]);
423
0ed5269f
SH		 424 if (tb[TCA_TUNNEL_KEY_ENC_OPTS]) {
425 opts_len = tunnel_key_get_opts_len(tb[TCA_TUNNEL_KEY_ENC_OPTS],
426 extack);
427 if (opts_len < 0) {
428 ret = opts_len;
429 goto err_out;
430 }
431 }
432
07a557f4
OG		 433 tos = 0;
434 if (tb[TCA_TUNNEL_KEY_ENC_TOS])
435 tos = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_TOS]);
436 ttl = 0;
437 if (tb[TCA_TUNNEL_KEY_ENC_TTL])
438 ttl = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_TTL]);
439
d0f6dd8a
AV		 440 if (tb[TCA_TUNNEL_KEY_ENC_IPV4_SRC] &&
441 tb[TCA_TUNNEL_KEY_ENC_IPV4_DST]) {
442 __be32 saddr;
443 __be32 daddr;
444
445 saddr = nla_get_in_addr(tb[TCA_TUNNEL_KEY_ENC_IPV4_SRC]);
446 daddr = nla_get_in_addr(tb[TCA_TUNNEL_KEY_ENC_IPV4_DST]);
447
07a557f4 448 metadata = __ip_tun_set_dst(saddr, daddr, tos, ttl,
86087e17 449 dst_port, flags,
0ed5269f 450 key_id, opts_len);
d0f6dd8a
AV		 451 } else if (tb[TCA_TUNNEL_KEY_ENC_IPV6_SRC] &&
452 tb[TCA_TUNNEL_KEY_ENC_IPV6_DST]) {
453 struct in6_addr saddr;
454 struct in6_addr daddr;
455
456 saddr = nla_get_in6_addr(tb[TCA_TUNNEL_KEY_ENC_IPV6_SRC]);
457 daddr = nla_get_in6_addr(tb[TCA_TUNNEL_KEY_ENC_IPV6_DST]);
458
07a557f4 459 metadata = __ipv6_tun_set_dst(&saddr, &daddr, tos, ttl, dst_port,
86087e17 460 0, flags,
75bfbca0 461 key_id, 0);
a1165b59 462 } else {
9d7298cd 463 NL_SET_ERR_MSG(extack, "Missing either ipv4 or ipv6 src and dst");
a1165b59
SH		 464 ret = -EINVAL;
465 goto err_out;
d0f6dd8a
AV		 466 }
467
468 if (!metadata) {
9d7298cd 469 NL_SET_ERR_MSG(extack, "Cannot allocate tunnel metadata dst");
a1165b59 470 ret = -ENOMEM;
d0f6dd8a
AV		 471 goto err_out;
472 }
473
41411e2f 474#ifdef CONFIG_DST_CACHE
475 ret = dst_cache_init(&metadata->u.tun_info.dst_cache, GFP_KERNEL);
476 if (ret)
477 goto release_tun_meta;
478#endif
479
0ed5269f
SH		 480 if (opts_len) {
481 ret = tunnel_key_opts_set(tb[TCA_TUNNEL_KEY_ENC_OPTS],
482 &metadata->u.tun_info,
483 opts_len, extack);
484 if (ret < 0)
4177c5d9 485 goto release_tun_meta;
0ed5269f
SH		 486 }
487
d0f6dd8a
AV		 488 metadata->u.tun_info.mode |= IP_TUNNEL_INFO_TX;
489 break;
490 default:
9d7298cd 491 NL_SET_ERR_MSG(extack, "Unknown tunnel key action");
51d4740f 492 ret = -EINVAL;
d0f6dd8a
AV		 493 goto err_out;
494 }
495
496 if (!exists) {
e3822678
VB		 497 ret = tcf_idr_create_from_flags(tn, index, est, a,
498 &act_tunnel_key_ops, bind,
499 act_flags);
9d7298cd
SH		 500 if (ret) {
501 NL_SET_ERR_MSG(extack, "Cannot create TC IDR");
4177c5d9 502 goto release_tun_meta;
9d7298cd 503 }
d0f6dd8a
AV		 504
505 ret = ACT_P_CREATED;
4e8ddd7f 506 } else if (!ovr) {
4e8ddd7f 507 NL_SET_ERR_MSG(extack, "TC IDR already exists");
ee28bb56 508 ret = -EEXIST;
4177c5d9 509 goto release_tun_meta;
d0f6dd8a
AV		 510 }
511
e5fdabac
DC		 512 err = tcf_action_check_ctrlact(parm->action, tp, &goto_ch, extack);
513 if (err < 0) {
514 ret = err;
515 exists = true;
516 goto release_tun_meta;
517 }
d0f6dd8a
AV		 518 t = to_tunnel_key(*a);
519
d0f6dd8a
AV		 520 params_new = kzalloc(sizeof(*params_new), GFP_KERNEL);
521 if (unlikely(!params_new)) {
9d7298cd 522 NL_SET_ERR_MSG(extack, "Cannot allocate tunnel key parameters");
ee28bb56
DC		 523 ret = -ENOMEM;
524 exists = true;
e5fdabac 525 goto put_chain;
d0f6dd8a 526 }
d0f6dd8a
AV		 527 params_new->tcft_action = parm->t_action;
528 params_new->tcft_enc_metadata = metadata;
529
653cd284 530 spin_lock_bh(&t->tcf_lock);
e5fdabac 531 goto_ch = tcf_action_set_ctrlact(*a, parm->action, goto_ch);
729e0126
VB		 532 rcu_swap_protected(t->params, params_new,
533 lockdep_is_held(&t->tcf_lock));
653cd284 534 spin_unlock_bh(&t->tcf_lock);
9174c3df 535 tunnel_key_release_params(params_new);
e5fdabac
DC		 536 if (goto_ch)
537 tcf_chain_put_by_act(goto_ch);
d0f6dd8a
AV		 538
539 if (ret == ACT_P_CREATED)
65a206c0 540 tcf_idr_insert(tn, *a);
d0f6dd8a
AV		 541
542 return ret;
543
e5fdabac
DC		 544put_chain:
545 if (goto_ch)
546 tcf_chain_put_by_act(goto_ch);
547
ee28bb56 548release_tun_meta:
a3df633a
VB		 549 if (metadata)
550 dst_release(&metadata->dst);
ee28bb56 551
d0f6dd8a
AV		 552err_out:
553 if (exists)
65a206c0 554 tcf_idr_release(*a, bind);
0190c1d4 555 else
7be8ef2c 556 tcf_idr_cleanup(tn, index);
d0f6dd8a
AV		 557 return ret;
558}
559
9a63b255 560static void tunnel_key_release(struct tc_action *a)
d0f6dd8a
AV		 561{
562 struct tcf_tunnel_key *t = to_tunnel_key(a);
563 struct tcf_tunnel_key_params *params;
564
07c0f09e 565 params = rcu_dereference_protected(t->params, 1);
9174c3df 566 tunnel_key_release_params(params);
d0f6dd8a
AV		 567}
568
0ed5269f
SH		 569static int tunnel_key_geneve_opts_dump(struct sk_buff *skb,
570 const struct ip_tunnel_info *info)
571{
572 int len = info->options_len;
573 u8 *src = (u8 *)(info + 1);
574 struct nlattr *start;
575
ae0be8de 576 start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS_GENEVE);
0ed5269f
SH		 577 if (!start)
578 return -EMSGSIZE;
579
580 while (len > 0) {
581 struct geneve_opt *opt = (struct geneve_opt *)src;
582
583 if (nla_put_be16(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS,
584 opt->opt_class) ||
585 nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE,
586 opt->type) ||
587 nla_put(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA,
a162c351
CW		 588 opt->length * 4, opt + 1)) {
589 nla_nest_cancel(skb, start);
0ed5269f 590 return -EMSGSIZE;
a162c351 591 }
0ed5269f
SH		 592
593 len -= sizeof(struct geneve_opt) + opt->length * 4;
594 src += sizeof(struct geneve_opt) + opt->length * 4;
595 }
596
597 nla_nest_end(skb, start);
598 return 0;
599}
600
fca3f91c
XL		 601static int tunnel_key_vxlan_opts_dump(struct sk_buff *skb,
602 const struct ip_tunnel_info *info)
603{
604 struct vxlan_metadata *md = (struct vxlan_metadata *)(info + 1);
605 struct nlattr *start;
606
607 start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS_VXLAN);
608 if (!start)
609 return -EMSGSIZE;
610
611 if (nla_put_u32(skb, TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP, md->gbp)) {
612 nla_nest_cancel(skb, start);
613 return -EMSGSIZE;
614 }
615
616 nla_nest_end(skb, start);
617 return 0;
618}
619
e20d4ff2
XL		 620static int tunnel_key_erspan_opts_dump(struct sk_buff *skb,
621 const struct ip_tunnel_info *info)
622{
623 struct erspan_metadata *md = (struct erspan_metadata *)(info + 1);
624 struct nlattr *start;
625
626 start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN);
627 if (!start)
628 return -EMSGSIZE;
629
630 if (nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER, md->version))
631 goto err;
632
633 if (md->version == 1 &&
634 nla_put_be32(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX, md->u.index))
635 goto err;
636
637 if (md->version == 2 &&
638 (nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR,
639 md->u.md2.dir) ||
640 nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID,
641 get_hwid(&md->u.md2))))
642 goto err;
643
644 nla_nest_end(skb, start);
645 return 0;
646err:
647 nla_nest_cancel(skb, start);
648 return -EMSGSIZE;
649}
650
0ed5269f
SH		 651static int tunnel_key_opts_dump(struct sk_buff *skb,
652 const struct ip_tunnel_info *info)
653{
654 struct nlattr *start;
a162c351 655 int err = -EINVAL;
0ed5269f
SH		 656
657 if (!info->options_len)
658 return 0;
659
ae0be8de 660 start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS);
0ed5269f
SH		 661 if (!start)
662 return -EMSGSIZE;
663
664 if (info->key.tun_flags & TUNNEL_GENEVE_OPT) {
665 err = tunnel_key_geneve_opts_dump(skb, info);
666 if (err)
a162c351 667 goto err_out;
fca3f91c
XL		 668 } else if (info->key.tun_flags & TUNNEL_VXLAN_OPT) {
669 err = tunnel_key_vxlan_opts_dump(skb, info);
670 if (err)
671 goto err_out;
e20d4ff2
XL		 672 } else if (info->key.tun_flags & TUNNEL_ERSPAN_OPT) {
673 err = tunnel_key_erspan_opts_dump(skb, info);
674 if (err)
675 goto err_out;
0ed5269f 676 } else {
a162c351
CW		 677err_out:
678 nla_nest_cancel(skb, start);
679 return err;
0ed5269f
SH		 680 }
681
682 nla_nest_end(skb, start);
683 return 0;
684}
685
d0f6dd8a
AV		 686static int tunnel_key_dump_addresses(struct sk_buff *skb,
687 const struct ip_tunnel_info *info)
688{
689 unsigned short family = ip_tunnel_info_af(info);
690
691 if (family == AF_INET) {
692 __be32 saddr = info->key.u.ipv4.src;
693 __be32 daddr = info->key.u.ipv4.dst;
694
695 if (!nla_put_in_addr(skb, TCA_TUNNEL_KEY_ENC_IPV4_SRC, saddr) &&
696 !nla_put_in_addr(skb, TCA_TUNNEL_KEY_ENC_IPV4_DST, daddr))
697 return 0;
698 }
699
700 if (family == AF_INET6) {
701 const struct in6_addr *saddr6 = &info->key.u.ipv6.src;
702 const struct in6_addr *daddr6 = &info->key.u.ipv6.dst;
703
704 if (!nla_put_in6_addr(skb,
705 TCA_TUNNEL_KEY_ENC_IPV6_SRC, saddr6) &&
706 !nla_put_in6_addr(skb,
707 TCA_TUNNEL_KEY_ENC_IPV6_DST, daddr6))
708 return 0;
709 }
710
711 return -EINVAL;
712}
713
714static int tunnel_key_dump(struct sk_buff *skb, struct tc_action *a,
715 int bind, int ref)
716{
717 unsigned char *b = skb_tail_pointer(skb);
718 struct tcf_tunnel_key *t = to_tunnel_key(a);
719 struct tcf_tunnel_key_params *params;
720 struct tc_tunnel_key opt = {
721 .index = t->tcf_index,
036bb443
VB		 722 .refcnt = refcount_read(&t->tcf_refcnt) - ref,
723 .bindcnt = atomic_read(&t->tcf_bindcnt) - bind,
d0f6dd8a
AV		 724 };
725 struct tcf_t tm;
d0f6dd8a 726
653cd284 727 spin_lock_bh(&t->tcf_lock);
729e0126
VB		 728 params = rcu_dereference_protected(t->params,
729 lockdep_is_held(&t->tcf_lock));
730 opt.action = t->tcf_action;
d0f6dd8a 731 opt.t_action = params->tcft_action;
d0f6dd8a
AV		 732
733 if (nla_put(skb, TCA_TUNNEL_KEY_PARMS, sizeof(opt), &opt))
734 goto nla_put_failure;
735
736 if (params->tcft_action == TCA_TUNNEL_KEY_ACT_SET) {
0ed5269f
SH		 737 struct ip_tunnel_info *info =
738 &params->tcft_enc_metadata->u.tun_info;
739 struct ip_tunnel_key *key = &info->key;
d0f6dd8a
AV		 740 __be32 key_id = tunnel_id_to_key32(key->tun_id);
741
80ef0f22
AN		 742 if (((key->tun_flags & TUNNEL_KEY) &&
743 nla_put_be32(skb, TCA_TUNNEL_KEY_ENC_KEY_ID, key_id)) ||
d0f6dd8a 744 tunnel_key_dump_addresses(skb,
75bfbca0 745 &params->tcft_enc_metadata->u.tun_info) ||
1c25324c
AN		 746 (key->tp_dst &&
747 nla_put_be16(skb, TCA_TUNNEL_KEY_ENC_DST_PORT,
748 key->tp_dst)) ||
86087e17 749 nla_put_u8(skb, TCA_TUNNEL_KEY_NO_CSUM,
0ed5269f
SH		 750 !(key->tun_flags & TUNNEL_CSUM)) ||
751 tunnel_key_opts_dump(skb, info))
d0f6dd8a 752 goto nla_put_failure;
07a557f4
OG		 753
754 if (key->tos && nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_TOS, key->tos))
755 goto nla_put_failure;
756
757 if (key->ttl && nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_TTL, key->ttl))
758 goto nla_put_failure;
d0f6dd8a
AV		 759 }
760
761 tcf_tm_dump(&tm, &t->tcf_tm);
762 if (nla_put_64bit(skb, TCA_TUNNEL_KEY_TM, sizeof(tm),
763 &tm, TCA_TUNNEL_KEY_PAD))
764 goto nla_put_failure;
653cd284 765 spin_unlock_bh(&t->tcf_lock);
d0f6dd8a 766
07c0f09e 767 return skb->len;
d0f6dd8a
AV		 768
769nla_put_failure:
653cd284 770 spin_unlock_bh(&t->tcf_lock);
d0f6dd8a 771 nlmsg_trim(skb, b);
07c0f09e 772 return -1;
d0f6dd8a
AV		 773}
774
775static int tunnel_key_walker(struct net *net, struct sk_buff *skb,
776 struct netlink_callback *cb, int type,
41780105
AA		 777 const struct tc_action_ops *ops,
778 struct netlink_ext_ack *extack)
d0f6dd8a
AV		 779{
780 struct tc_action_net *tn = net_generic(net, tunnel_key_net_id);
781
b3620145 782 return tcf_generic_walker(tn, skb, cb, type, ops, extack);
d0f6dd8a
AV		 783}
784
f061b48c 785static int tunnel_key_search(struct net *net, struct tc_action **a, u32 index)
d0f6dd8a
AV		 786{
787 struct tc_action_net *tn = net_generic(net, tunnel_key_net_id);
788
65a206c0 789 return tcf_idr_search(tn, a, index);
d0f6dd8a
AV		 790}
791
792static struct tc_action_ops act_tunnel_key_ops = {
793 .kind = "tunnel_key",
eddd2cf1 794 .id = TCA_ID_TUNNEL_KEY,
d0f6dd8a
AV		 795 .owner = THIS_MODULE,
796 .act = tunnel_key_act,
797 .dump = tunnel_key_dump,
798 .init = tunnel_key_init,
799 .cleanup = tunnel_key_release,
800 .walk = tunnel_key_walker,
801 .lookup = tunnel_key_search,
802 .size = sizeof(struct tcf_tunnel_key),
803};
804
805static __net_init int tunnel_key_init_net(struct net *net)
806{
807 struct tc_action_net *tn = net_generic(net, tunnel_key_net_id);
808
981471bd 809 return tc_action_net_init(net, tn, &act_tunnel_key_ops);
d0f6dd8a
AV		 810}
811
039af9c6 812static void __net_exit tunnel_key_exit_net(struct list_head *net_list)
d0f6dd8a 813{
039af9c6 814 tc_action_net_exit(net_list, tunnel_key_net_id);
d0f6dd8a
AV		 815}
816
817static struct pernet_operations tunnel_key_net_ops = {
818 .init = tunnel_key_init_net,
039af9c6 819 .exit_batch = tunnel_key_exit_net,
d0f6dd8a
AV		 820 .id = &tunnel_key_net_id,
821 .size = sizeof(struct tc_action_net),
822};
823
824static int __init tunnel_key_init_module(void)
825{
826 return tcf_register_action(&act_tunnel_key_ops, &tunnel_key_net_ops);
827}
828
829static void __exit tunnel_key_cleanup_module(void)
830{
831 tcf_unregister_action(&act_tunnel_key_ops, &tunnel_key_net_ops);
832}
833
834module_init(tunnel_key_init_module);
835module_exit(tunnel_key_cleanup_module);
836
837MODULE_AUTHOR("Amir Vadai <amir@vadai.me>");
838MODULE_DESCRIPTION("ip tunnel manipulation actions");
839MODULE_LICENSE("GPL v2");
Linux 6.x block layer and io_uring tree(s)