Commit | Line | Data |
---|---|---|
2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
d0f6dd8a AV |
2 | /* |
3 | * Copyright (c) 2016, Amir Vadai <amir@vadai.me> | |
4 | * Copyright (c) 2016, Mellanox Technologies. All rights reserved. | |
d0f6dd8a AV |
5 | */ |
6 | ||
7 | #include <linux/module.h> | |
8 | #include <linux/init.h> | |
9 | #include <linux/kernel.h> | |
10 | #include <linux/skbuff.h> | |
11 | #include <linux/rtnetlink.h> | |
0ed5269f | 12 | #include <net/geneve.h> |
fca3f91c | 13 | #include <net/vxlan.h> |
e20d4ff2 | 14 | #include <net/erspan.h> |
d0f6dd8a AV |
15 | #include <net/netlink.h> |
16 | #include <net/pkt_sched.h> | |
17 | #include <net/dst.h> | |
e5fdabac | 18 | #include <net/pkt_cls.h> |
d0f6dd8a AV |
19 | |
20 | #include <linux/tc_act/tc_tunnel_key.h> | |
21 | #include <net/tc_act/tc_tunnel_key.h> | |
22 | ||
c7d03a00 | 23 | static unsigned int tunnel_key_net_id; |
d0f6dd8a AV |
24 | static struct tc_action_ops act_tunnel_key_ops; |
25 | ||
26 | static int tunnel_key_act(struct sk_buff *skb, const struct tc_action *a, | |
27 | struct tcf_result *res) | |
28 | { | |
29 | struct tcf_tunnel_key *t = to_tunnel_key(a); | |
30 | struct tcf_tunnel_key_params *params; | |
31 | int action; | |
32 | ||
7fd4b288 | 33 | params = rcu_dereference_bh(t->params); |
d0f6dd8a AV |
34 | |
35 | tcf_lastuse_update(&t->tcf_tm); | |
5e1ad95b | 36 | tcf_action_update_bstats(&t->common, skb); |
38230a3e | 37 | action = READ_ONCE(t->tcf_action); |
d0f6dd8a AV |
38 | |
39 | switch (params->tcft_action) { | |
40 | case TCA_TUNNEL_KEY_ACT_RELEASE: | |
41 | skb_dst_drop(skb); | |
42 | break; | |
43 | case TCA_TUNNEL_KEY_ACT_SET: | |
44 | skb_dst_drop(skb); | |
45 | skb_dst_set(skb, dst_clone(¶ms->tcft_enc_metadata->dst)); | |
46 | break; | |
47 | default: | |
48 | WARN_ONCE(1, "Bad tunnel_key action %d.\n", | |
49 | params->tcft_action); | |
50 | break; | |
51 | } | |
52 | ||
d0f6dd8a AV |
53 | return action; |
54 | } | |
55 | ||
0ed5269f SH |
56 | static const struct nla_policy |
57 | enc_opts_policy[TCA_TUNNEL_KEY_ENC_OPTS_MAX + 1] = { | |
fca3f91c XL |
58 | [TCA_TUNNEL_KEY_ENC_OPTS_UNSPEC] = { |
59 | .strict_start_type = TCA_TUNNEL_KEY_ENC_OPTS_VXLAN }, | |
0ed5269f | 60 | [TCA_TUNNEL_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED }, |
fca3f91c | 61 | [TCA_TUNNEL_KEY_ENC_OPTS_VXLAN] = { .type = NLA_NESTED }, |
e20d4ff2 | 62 | [TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN] = { .type = NLA_NESTED }, |
0ed5269f SH |
63 | }; |
64 | ||
65 | static const struct nla_policy | |
66 | geneve_opt_policy[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_MAX + 1] = { | |
67 | [TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 }, | |
68 | [TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 }, | |
69 | [TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY, | |
70 | .len = 128 }, | |
71 | }; | |
72 | ||
fca3f91c XL |
73 | static const struct nla_policy |
74 | vxlan_opt_policy[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_MAX + 1] = { | |
75 | [TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP] = { .type = NLA_U32 }, | |
76 | }; | |
77 | ||
e20d4ff2 XL |
78 | static const struct nla_policy |
79 | erspan_opt_policy[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_MAX + 1] = { | |
80 | [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER] = { .type = NLA_U8 }, | |
81 | [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX] = { .type = NLA_U32 }, | |
82 | [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR] = { .type = NLA_U8 }, | |
83 | [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID] = { .type = NLA_U8 }, | |
84 | }; | |
85 | ||
0ed5269f SH |
86 | static int |
87 | tunnel_key_copy_geneve_opt(const struct nlattr *nla, void *dst, int dst_len, | |
88 | struct netlink_ext_ack *extack) | |
89 | { | |
90 | struct nlattr *tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_MAX + 1]; | |
91 | int err, data_len, opt_len; | |
92 | u8 *data; | |
93 | ||
8cb08174 JB |
94 | err = nla_parse_nested_deprecated(tb, |
95 | TCA_TUNNEL_KEY_ENC_OPT_GENEVE_MAX, | |
96 | nla, geneve_opt_policy, extack); | |
0ed5269f SH |
97 | if (err < 0) |
98 | return err; | |
99 | ||
100 | if (!tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS] || | |
101 | !tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE] || | |
102 | !tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA]) { | |
103 | NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data"); | |
104 | return -EINVAL; | |
105 | } | |
106 | ||
107 | data = nla_data(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA]); | |
108 | data_len = nla_len(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA]); | |
109 | if (data_len < 4) { | |
110 | NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long"); | |
111 | return -ERANGE; | |
112 | } | |
113 | if (data_len % 4) { | |
114 | NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long"); | |
115 | return -ERANGE; | |
116 | } | |
117 | ||
118 | opt_len = sizeof(struct geneve_opt) + data_len; | |
119 | if (dst) { | |
120 | struct geneve_opt *opt = dst; | |
121 | ||
122 | WARN_ON(dst_len < opt_len); | |
123 | ||
124 | opt->opt_class = | |
125 | nla_get_be16(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS]); | |
126 | opt->type = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE]); | |
127 | opt->length = data_len / 4; /* length is in units of 4 bytes */ | |
128 | opt->r1 = 0; | |
129 | opt->r2 = 0; | |
130 | opt->r3 = 0; | |
131 | ||
132 | memcpy(opt + 1, data, data_len); | |
133 | } | |
134 | ||
135 | return opt_len; | |
136 | } | |
137 | ||
fca3f91c XL |
138 | static int |
139 | tunnel_key_copy_vxlan_opt(const struct nlattr *nla, void *dst, int dst_len, | |
140 | struct netlink_ext_ack *extack) | |
141 | { | |
142 | struct nlattr *tb[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_MAX + 1]; | |
143 | int err; | |
144 | ||
145 | err = nla_parse_nested(tb, TCA_TUNNEL_KEY_ENC_OPT_VXLAN_MAX, nla, | |
146 | vxlan_opt_policy, extack); | |
147 | if (err < 0) | |
148 | return err; | |
149 | ||
150 | if (!tb[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP]) { | |
151 | NL_SET_ERR_MSG(extack, "Missing tunnel key vxlan option gbp"); | |
152 | return -EINVAL; | |
153 | } | |
154 | ||
155 | if (dst) { | |
156 | struct vxlan_metadata *md = dst; | |
157 | ||
158 | md->gbp = nla_get_u32(tb[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP]); | |
159 | } | |
160 | ||
161 | return sizeof(struct vxlan_metadata); | |
162 | } | |
163 | ||
e20d4ff2 XL |
164 | static int |
165 | tunnel_key_copy_erspan_opt(const struct nlattr *nla, void *dst, int dst_len, | |
166 | struct netlink_ext_ack *extack) | |
167 | { | |
168 | struct nlattr *tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_MAX + 1]; | |
169 | int err; | |
170 | u8 ver; | |
171 | ||
172 | err = nla_parse_nested(tb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_MAX, nla, | |
173 | erspan_opt_policy, extack); | |
174 | if (err < 0) | |
175 | return err; | |
176 | ||
177 | if (!tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER]) { | |
178 | NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option ver"); | |
179 | return -EINVAL; | |
180 | } | |
181 | ||
182 | ver = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER]); | |
183 | if (ver == 1) { | |
184 | if (!tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX]) { | |
185 | NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option index"); | |
186 | return -EINVAL; | |
187 | } | |
188 | } else if (ver == 2) { | |
189 | if (!tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR] || | |
190 | !tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID]) { | |
191 | NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option dir or hwid"); | |
192 | return -EINVAL; | |
193 | } | |
194 | } else { | |
195 | NL_SET_ERR_MSG(extack, "Tunnel key erspan option ver is incorrect"); | |
196 | return -EINVAL; | |
197 | } | |
198 | ||
199 | if (dst) { | |
200 | struct erspan_metadata *md = dst; | |
201 | ||
202 | md->version = ver; | |
203 | if (ver == 1) { | |
204 | nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX]; | |
205 | md->u.index = nla_get_be32(nla); | |
206 | } else { | |
207 | nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR]; | |
208 | md->u.md2.dir = nla_get_u8(nla); | |
209 | nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID]; | |
210 | set_hwid(&md->u.md2, nla_get_u8(nla)); | |
211 | } | |
212 | } | |
213 | ||
214 | return sizeof(struct erspan_metadata); | |
215 | } | |
216 | ||
0ed5269f SH |
217 | static int tunnel_key_copy_opts(const struct nlattr *nla, u8 *dst, |
218 | int dst_len, struct netlink_ext_ack *extack) | |
219 | { | |
fca3f91c | 220 | int err, rem, opt_len, len = nla_len(nla), opts_len = 0, type = 0; |
0ed5269f SH |
221 | const struct nlattr *attr, *head = nla_data(nla); |
222 | ||
8cb08174 JB |
223 | err = nla_validate_deprecated(head, len, TCA_TUNNEL_KEY_ENC_OPTS_MAX, |
224 | enc_opts_policy, extack); | |
0ed5269f SH |
225 | if (err) |
226 | return err; | |
227 | ||
228 | nla_for_each_attr(attr, head, len, rem) { | |
229 | switch (nla_type(attr)) { | |
230 | case TCA_TUNNEL_KEY_ENC_OPTS_GENEVE: | |
fca3f91c XL |
231 | if (type && type != TUNNEL_GENEVE_OPT) { |
232 | NL_SET_ERR_MSG(extack, "Duplicate type for geneve options"); | |
233 | return -EINVAL; | |
234 | } | |
0ed5269f SH |
235 | opt_len = tunnel_key_copy_geneve_opt(attr, dst, |
236 | dst_len, extack); | |
237 | if (opt_len < 0) | |
238 | return opt_len; | |
239 | opts_len += opt_len; | |
4f0e97d0 XL |
240 | if (opts_len > IP_TUNNEL_OPTS_MAX) { |
241 | NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size"); | |
242 | return -EINVAL; | |
243 | } | |
0ed5269f SH |
244 | if (dst) { |
245 | dst_len -= opt_len; | |
246 | dst += opt_len; | |
247 | } | |
fca3f91c XL |
248 | type = TUNNEL_GENEVE_OPT; |
249 | break; | |
250 | case TCA_TUNNEL_KEY_ENC_OPTS_VXLAN: | |
251 | if (type) { | |
252 | NL_SET_ERR_MSG(extack, "Duplicate type for vxlan options"); | |
253 | return -EINVAL; | |
254 | } | |
255 | opt_len = tunnel_key_copy_vxlan_opt(attr, dst, | |
256 | dst_len, extack); | |
257 | if (opt_len < 0) | |
258 | return opt_len; | |
259 | opts_len += opt_len; | |
260 | type = TUNNEL_VXLAN_OPT; | |
0ed5269f | 261 | break; |
e20d4ff2 XL |
262 | case TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN: |
263 | if (type) { | |
264 | NL_SET_ERR_MSG(extack, "Duplicate type for erspan options"); | |
265 | return -EINVAL; | |
266 | } | |
267 | opt_len = tunnel_key_copy_erspan_opt(attr, dst, | |
268 | dst_len, extack); | |
269 | if (opt_len < 0) | |
270 | return opt_len; | |
271 | opts_len += opt_len; | |
272 | type = TUNNEL_ERSPAN_OPT; | |
273 | break; | |
0ed5269f SH |
274 | } |
275 | } | |
276 | ||
277 | if (!opts_len) { | |
278 | NL_SET_ERR_MSG(extack, "Empty list of tunnel options"); | |
279 | return -EINVAL; | |
280 | } | |
281 | ||
282 | if (rem > 0) { | |
283 | NL_SET_ERR_MSG(extack, "Trailing data after parsing tunnel key options attributes"); | |
284 | return -EINVAL; | |
285 | } | |
286 | ||
287 | return opts_len; | |
288 | } | |
289 | ||
290 | static int tunnel_key_get_opts_len(struct nlattr *nla, | |
291 | struct netlink_ext_ack *extack) | |
292 | { | |
293 | return tunnel_key_copy_opts(nla, NULL, 0, extack); | |
294 | } | |
295 | ||
296 | static int tunnel_key_opts_set(struct nlattr *nla, struct ip_tunnel_info *info, | |
297 | int opts_len, struct netlink_ext_ack *extack) | |
298 | { | |
299 | info->options_len = opts_len; | |
300 | switch (nla_type(nla_data(nla))) { | |
301 | case TCA_TUNNEL_KEY_ENC_OPTS_GENEVE: | |
302 | #if IS_ENABLED(CONFIG_INET) | |
303 | info->key.tun_flags |= TUNNEL_GENEVE_OPT; | |
304 | return tunnel_key_copy_opts(nla, ip_tunnel_info_opts(info), | |
305 | opts_len, extack); | |
306 | #else | |
307 | return -EAFNOSUPPORT; | |
fca3f91c XL |
308 | #endif |
309 | case TCA_TUNNEL_KEY_ENC_OPTS_VXLAN: | |
310 | #if IS_ENABLED(CONFIG_INET) | |
311 | info->key.tun_flags |= TUNNEL_VXLAN_OPT; | |
312 | return tunnel_key_copy_opts(nla, ip_tunnel_info_opts(info), | |
313 | opts_len, extack); | |
314 | #else | |
315 | return -EAFNOSUPPORT; | |
e20d4ff2 XL |
316 | #endif |
317 | case TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN: | |
318 | #if IS_ENABLED(CONFIG_INET) | |
319 | info->key.tun_flags |= TUNNEL_ERSPAN_OPT; | |
320 | return tunnel_key_copy_opts(nla, ip_tunnel_info_opts(info), | |
321 | opts_len, extack); | |
322 | #else | |
323 | return -EAFNOSUPPORT; | |
0ed5269f SH |
324 | #endif |
325 | default: | |
326 | NL_SET_ERR_MSG(extack, "Cannot set tunnel options for unknown tunnel type"); | |
327 | return -EINVAL; | |
328 | } | |
329 | } | |
330 | ||
d0f6dd8a AV |
331 | static const struct nla_policy tunnel_key_policy[TCA_TUNNEL_KEY_MAX + 1] = { |
332 | [TCA_TUNNEL_KEY_PARMS] = { .len = sizeof(struct tc_tunnel_key) }, | |
333 | [TCA_TUNNEL_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 }, | |
334 | [TCA_TUNNEL_KEY_ENC_IPV4_DST] = { .type = NLA_U32 }, | |
335 | [TCA_TUNNEL_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) }, | |
336 | [TCA_TUNNEL_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) }, | |
337 | [TCA_TUNNEL_KEY_ENC_KEY_ID] = { .type = NLA_U32 }, | |
75bfbca0 | 338 | [TCA_TUNNEL_KEY_ENC_DST_PORT] = {.type = NLA_U16}, |
86087e17 | 339 | [TCA_TUNNEL_KEY_NO_CSUM] = { .type = NLA_U8 }, |
0ed5269f | 340 | [TCA_TUNNEL_KEY_ENC_OPTS] = { .type = NLA_NESTED }, |
07a557f4 OG |
341 | [TCA_TUNNEL_KEY_ENC_TOS] = { .type = NLA_U8 }, |
342 | [TCA_TUNNEL_KEY_ENC_TTL] = { .type = NLA_U8 }, | |
d0f6dd8a AV |
343 | }; |
344 | ||
9174c3df DC |
345 | static void tunnel_key_release_params(struct tcf_tunnel_key_params *p) |
346 | { | |
347 | if (!p) | |
348 | return; | |
4177c5d9 | 349 | if (p->tcft_action == TCA_TUNNEL_KEY_ACT_SET) |
9174c3df | 350 | dst_release(&p->tcft_enc_metadata->dst); |
4177c5d9 | 351 | |
9174c3df DC |
352 | kfree_rcu(p, rcu); |
353 | } | |
354 | ||
d0f6dd8a AV |
355 | static int tunnel_key_init(struct net *net, struct nlattr *nla, |
356 | struct nlattr *est, struct tc_action **a, | |
789871bb | 357 | int ovr, int bind, bool rtnl_held, |
abbb0d33 | 358 | struct tcf_proto *tp, u32 act_flags, |
789871bb | 359 | struct netlink_ext_ack *extack) |
d0f6dd8a AV |
360 | { |
361 | struct tc_action_net *tn = net_generic(net, tunnel_key_net_id); | |
362 | struct nlattr *tb[TCA_TUNNEL_KEY_MAX + 1]; | |
d0f6dd8a AV |
363 | struct tcf_tunnel_key_params *params_new; |
364 | struct metadata_dst *metadata = NULL; | |
e5fdabac | 365 | struct tcf_chain *goto_ch = NULL; |
d0f6dd8a AV |
366 | struct tc_tunnel_key *parm; |
367 | struct tcf_tunnel_key *t; | |
368 | bool exists = false; | |
75bfbca0 | 369 | __be16 dst_port = 0; |
80ef0f22 | 370 | __be64 key_id = 0; |
0ed5269f | 371 | int opts_len = 0; |
80ef0f22 | 372 | __be16 flags = 0; |
07a557f4 | 373 | u8 tos, ttl; |
d0f6dd8a | 374 | int ret = 0; |
7be8ef2c | 375 | u32 index; |
d0f6dd8a AV |
376 | int err; |
377 | ||
9d7298cd SH |
378 | if (!nla) { |
379 | NL_SET_ERR_MSG(extack, "Tunnel requires attributes to be passed"); | |
d0f6dd8a | 380 | return -EINVAL; |
9d7298cd | 381 | } |
d0f6dd8a | 382 | |
8cb08174 JB |
383 | err = nla_parse_nested_deprecated(tb, TCA_TUNNEL_KEY_MAX, nla, |
384 | tunnel_key_policy, extack); | |
9d7298cd SH |
385 | if (err < 0) { |
386 | NL_SET_ERR_MSG(extack, "Failed to parse nested tunnel key attributes"); | |
d0f6dd8a | 387 | return err; |
9d7298cd | 388 | } |
d0f6dd8a | 389 | |
9d7298cd SH |
390 | if (!tb[TCA_TUNNEL_KEY_PARMS]) { |
391 | NL_SET_ERR_MSG(extack, "Missing tunnel key parameters"); | |
d0f6dd8a | 392 | return -EINVAL; |
9d7298cd | 393 | } |
d0f6dd8a AV |
394 | |
395 | parm = nla_data(tb[TCA_TUNNEL_KEY_PARMS]); | |
7be8ef2c DL |
396 | index = parm->index; |
397 | err = tcf_idr_check_alloc(tn, &index, a, bind); | |
0190c1d4 VB |
398 | if (err < 0) |
399 | return err; | |
400 | exists = err; | |
d0f6dd8a AV |
401 | if (exists && bind) |
402 | return 0; | |
403 | ||
404 | switch (parm->t_action) { | |
405 | case TCA_TUNNEL_KEY_ACT_RELEASE: | |
406 | break; | |
407 | case TCA_TUNNEL_KEY_ACT_SET: | |
80ef0f22 AN |
408 | if (tb[TCA_TUNNEL_KEY_ENC_KEY_ID]) { |
409 | __be32 key32; | |
d0f6dd8a | 410 | |
80ef0f22 AN |
411 | key32 = nla_get_be32(tb[TCA_TUNNEL_KEY_ENC_KEY_ID]); |
412 | key_id = key32_to_tunnel_id(key32); | |
413 | flags = TUNNEL_KEY; | |
414 | } | |
d0f6dd8a | 415 | |
80ef0f22 | 416 | flags |= TUNNEL_CSUM; |
86087e17 JB |
417 | if (tb[TCA_TUNNEL_KEY_NO_CSUM] && |
418 | nla_get_u8(tb[TCA_TUNNEL_KEY_NO_CSUM])) | |
419 | flags &= ~TUNNEL_CSUM; | |
420 | ||
75bfbca0 HHZ |
421 | if (tb[TCA_TUNNEL_KEY_ENC_DST_PORT]) |
422 | dst_port = nla_get_be16(tb[TCA_TUNNEL_KEY_ENC_DST_PORT]); | |
423 | ||
0ed5269f SH |
424 | if (tb[TCA_TUNNEL_KEY_ENC_OPTS]) { |
425 | opts_len = tunnel_key_get_opts_len(tb[TCA_TUNNEL_KEY_ENC_OPTS], | |
426 | extack); | |
427 | if (opts_len < 0) { | |
428 | ret = opts_len; | |
429 | goto err_out; | |
430 | } | |
431 | } | |
432 | ||
07a557f4 OG |
433 | tos = 0; |
434 | if (tb[TCA_TUNNEL_KEY_ENC_TOS]) | |
435 | tos = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_TOS]); | |
436 | ttl = 0; | |
437 | if (tb[TCA_TUNNEL_KEY_ENC_TTL]) | |
438 | ttl = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_TTL]); | |
439 | ||
d0f6dd8a AV |
440 | if (tb[TCA_TUNNEL_KEY_ENC_IPV4_SRC] && |
441 | tb[TCA_TUNNEL_KEY_ENC_IPV4_DST]) { | |
442 | __be32 saddr; | |
443 | __be32 daddr; | |
444 | ||
445 | saddr = nla_get_in_addr(tb[TCA_TUNNEL_KEY_ENC_IPV4_SRC]); | |
446 | daddr = nla_get_in_addr(tb[TCA_TUNNEL_KEY_ENC_IPV4_DST]); | |
447 | ||
07a557f4 | 448 | metadata = __ip_tun_set_dst(saddr, daddr, tos, ttl, |
86087e17 | 449 | dst_port, flags, |
0ed5269f | 450 | key_id, opts_len); |
d0f6dd8a AV |
451 | } else if (tb[TCA_TUNNEL_KEY_ENC_IPV6_SRC] && |
452 | tb[TCA_TUNNEL_KEY_ENC_IPV6_DST]) { | |
453 | struct in6_addr saddr; | |
454 | struct in6_addr daddr; | |
455 | ||
456 | saddr = nla_get_in6_addr(tb[TCA_TUNNEL_KEY_ENC_IPV6_SRC]); | |
457 | daddr = nla_get_in6_addr(tb[TCA_TUNNEL_KEY_ENC_IPV6_DST]); | |
458 | ||
07a557f4 | 459 | metadata = __ipv6_tun_set_dst(&saddr, &daddr, tos, ttl, dst_port, |
86087e17 | 460 | 0, flags, |
75bfbca0 | 461 | key_id, 0); |
a1165b59 | 462 | } else { |
9d7298cd | 463 | NL_SET_ERR_MSG(extack, "Missing either ipv4 or ipv6 src and dst"); |
a1165b59 SH |
464 | ret = -EINVAL; |
465 | goto err_out; | |
d0f6dd8a AV |
466 | } |
467 | ||
468 | if (!metadata) { | |
9d7298cd | 469 | NL_SET_ERR_MSG(extack, "Cannot allocate tunnel metadata dst"); |
a1165b59 | 470 | ret = -ENOMEM; |
d0f6dd8a AV |
471 | goto err_out; |
472 | } | |
473 | ||
41411e2f | 474 | #ifdef CONFIG_DST_CACHE |
475 | ret = dst_cache_init(&metadata->u.tun_info.dst_cache, GFP_KERNEL); | |
476 | if (ret) | |
477 | goto release_tun_meta; | |
478 | #endif | |
479 | ||
0ed5269f SH |
480 | if (opts_len) { |
481 | ret = tunnel_key_opts_set(tb[TCA_TUNNEL_KEY_ENC_OPTS], | |
482 | &metadata->u.tun_info, | |
483 | opts_len, extack); | |
484 | if (ret < 0) | |
4177c5d9 | 485 | goto release_tun_meta; |
0ed5269f SH |
486 | } |
487 | ||
d0f6dd8a AV |
488 | metadata->u.tun_info.mode |= IP_TUNNEL_INFO_TX; |
489 | break; | |
490 | default: | |
9d7298cd | 491 | NL_SET_ERR_MSG(extack, "Unknown tunnel key action"); |
51d4740f | 492 | ret = -EINVAL; |
d0f6dd8a AV |
493 | goto err_out; |
494 | } | |
495 | ||
496 | if (!exists) { | |
e3822678 VB |
497 | ret = tcf_idr_create_from_flags(tn, index, est, a, |
498 | &act_tunnel_key_ops, bind, | |
499 | act_flags); | |
9d7298cd SH |
500 | if (ret) { |
501 | NL_SET_ERR_MSG(extack, "Cannot create TC IDR"); | |
4177c5d9 | 502 | goto release_tun_meta; |
9d7298cd | 503 | } |
d0f6dd8a AV |
504 | |
505 | ret = ACT_P_CREATED; | |
4e8ddd7f | 506 | } else if (!ovr) { |
4e8ddd7f | 507 | NL_SET_ERR_MSG(extack, "TC IDR already exists"); |
ee28bb56 | 508 | ret = -EEXIST; |
4177c5d9 | 509 | goto release_tun_meta; |
d0f6dd8a AV |
510 | } |
511 | ||
e5fdabac DC |
512 | err = tcf_action_check_ctrlact(parm->action, tp, &goto_ch, extack); |
513 | if (err < 0) { | |
514 | ret = err; | |
515 | exists = true; | |
516 | goto release_tun_meta; | |
517 | } | |
d0f6dd8a AV |
518 | t = to_tunnel_key(*a); |
519 | ||
d0f6dd8a AV |
520 | params_new = kzalloc(sizeof(*params_new), GFP_KERNEL); |
521 | if (unlikely(!params_new)) { | |
9d7298cd | 522 | NL_SET_ERR_MSG(extack, "Cannot allocate tunnel key parameters"); |
ee28bb56 DC |
523 | ret = -ENOMEM; |
524 | exists = true; | |
e5fdabac | 525 | goto put_chain; |
d0f6dd8a | 526 | } |
d0f6dd8a AV |
527 | params_new->tcft_action = parm->t_action; |
528 | params_new->tcft_enc_metadata = metadata; | |
529 | ||
653cd284 | 530 | spin_lock_bh(&t->tcf_lock); |
e5fdabac | 531 | goto_ch = tcf_action_set_ctrlact(*a, parm->action, goto_ch); |
729e0126 VB |
532 | rcu_swap_protected(t->params, params_new, |
533 | lockdep_is_held(&t->tcf_lock)); | |
653cd284 | 534 | spin_unlock_bh(&t->tcf_lock); |
9174c3df | 535 | tunnel_key_release_params(params_new); |
e5fdabac DC |
536 | if (goto_ch) |
537 | tcf_chain_put_by_act(goto_ch); | |
d0f6dd8a AV |
538 | |
539 | if (ret == ACT_P_CREATED) | |
65a206c0 | 540 | tcf_idr_insert(tn, *a); |
d0f6dd8a AV |
541 | |
542 | return ret; | |
543 | ||
e5fdabac DC |
544 | put_chain: |
545 | if (goto_ch) | |
546 | tcf_chain_put_by_act(goto_ch); | |
547 | ||
ee28bb56 | 548 | release_tun_meta: |
a3df633a VB |
549 | if (metadata) |
550 | dst_release(&metadata->dst); | |
ee28bb56 | 551 | |
d0f6dd8a AV |
552 | err_out: |
553 | if (exists) | |
65a206c0 | 554 | tcf_idr_release(*a, bind); |
0190c1d4 | 555 | else |
7be8ef2c | 556 | tcf_idr_cleanup(tn, index); |
d0f6dd8a AV |
557 | return ret; |
558 | } | |
559 | ||
9a63b255 | 560 | static void tunnel_key_release(struct tc_action *a) |
d0f6dd8a AV |
561 | { |
562 | struct tcf_tunnel_key *t = to_tunnel_key(a); | |
563 | struct tcf_tunnel_key_params *params; | |
564 | ||
07c0f09e | 565 | params = rcu_dereference_protected(t->params, 1); |
9174c3df | 566 | tunnel_key_release_params(params); |
d0f6dd8a AV |
567 | } |
568 | ||
0ed5269f SH |
569 | static int tunnel_key_geneve_opts_dump(struct sk_buff *skb, |
570 | const struct ip_tunnel_info *info) | |
571 | { | |
572 | int len = info->options_len; | |
573 | u8 *src = (u8 *)(info + 1); | |
574 | struct nlattr *start; | |
575 | ||
ae0be8de | 576 | start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS_GENEVE); |
0ed5269f SH |
577 | if (!start) |
578 | return -EMSGSIZE; | |
579 | ||
580 | while (len > 0) { | |
581 | struct geneve_opt *opt = (struct geneve_opt *)src; | |
582 | ||
583 | if (nla_put_be16(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS, | |
584 | opt->opt_class) || | |
585 | nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE, | |
586 | opt->type) || | |
587 | nla_put(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA, | |
a162c351 CW |
588 | opt->length * 4, opt + 1)) { |
589 | nla_nest_cancel(skb, start); | |
0ed5269f | 590 | return -EMSGSIZE; |
a162c351 | 591 | } |
0ed5269f SH |
592 | |
593 | len -= sizeof(struct geneve_opt) + opt->length * 4; | |
594 | src += sizeof(struct geneve_opt) + opt->length * 4; | |
595 | } | |
596 | ||
597 | nla_nest_end(skb, start); | |
598 | return 0; | |
599 | } | |
600 | ||
fca3f91c XL |
601 | static int tunnel_key_vxlan_opts_dump(struct sk_buff *skb, |
602 | const struct ip_tunnel_info *info) | |
603 | { | |
604 | struct vxlan_metadata *md = (struct vxlan_metadata *)(info + 1); | |
605 | struct nlattr *start; | |
606 | ||
607 | start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS_VXLAN); | |
608 | if (!start) | |
609 | return -EMSGSIZE; | |
610 | ||
611 | if (nla_put_u32(skb, TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP, md->gbp)) { | |
612 | nla_nest_cancel(skb, start); | |
613 | return -EMSGSIZE; | |
614 | } | |
615 | ||
616 | nla_nest_end(skb, start); | |
617 | return 0; | |
618 | } | |
619 | ||
e20d4ff2 XL |
620 | static int tunnel_key_erspan_opts_dump(struct sk_buff *skb, |
621 | const struct ip_tunnel_info *info) | |
622 | { | |
623 | struct erspan_metadata *md = (struct erspan_metadata *)(info + 1); | |
624 | struct nlattr *start; | |
625 | ||
626 | start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN); | |
627 | if (!start) | |
628 | return -EMSGSIZE; | |
629 | ||
630 | if (nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER, md->version)) | |
631 | goto err; | |
632 | ||
633 | if (md->version == 1 && | |
634 | nla_put_be32(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX, md->u.index)) | |
635 | goto err; | |
636 | ||
637 | if (md->version == 2 && | |
638 | (nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR, | |
639 | md->u.md2.dir) || | |
640 | nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID, | |
641 | get_hwid(&md->u.md2)))) | |
642 | goto err; | |
643 | ||
644 | nla_nest_end(skb, start); | |
645 | return 0; | |
646 | err: | |
647 | nla_nest_cancel(skb, start); | |
648 | return -EMSGSIZE; | |
649 | } | |
650 | ||
0ed5269f SH |
651 | static int tunnel_key_opts_dump(struct sk_buff *skb, |
652 | const struct ip_tunnel_info *info) | |
653 | { | |
654 | struct nlattr *start; | |
a162c351 | 655 | int err = -EINVAL; |
0ed5269f SH |
656 | |
657 | if (!info->options_len) | |
658 | return 0; | |
659 | ||
ae0be8de | 660 | start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS); |
0ed5269f SH |
661 | if (!start) |
662 | return -EMSGSIZE; | |
663 | ||
664 | if (info->key.tun_flags & TUNNEL_GENEVE_OPT) { | |
665 | err = tunnel_key_geneve_opts_dump(skb, info); | |
666 | if (err) | |
a162c351 | 667 | goto err_out; |
fca3f91c XL |
668 | } else if (info->key.tun_flags & TUNNEL_VXLAN_OPT) { |
669 | err = tunnel_key_vxlan_opts_dump(skb, info); | |
670 | if (err) | |
671 | goto err_out; | |
e20d4ff2 XL |
672 | } else if (info->key.tun_flags & TUNNEL_ERSPAN_OPT) { |
673 | err = tunnel_key_erspan_opts_dump(skb, info); | |
674 | if (err) | |
675 | goto err_out; | |
0ed5269f | 676 | } else { |
a162c351 CW |
677 | err_out: |
678 | nla_nest_cancel(skb, start); | |
679 | return err; | |
0ed5269f SH |
680 | } |
681 | ||
682 | nla_nest_end(skb, start); | |
683 | return 0; | |
684 | } | |
685 | ||
d0f6dd8a AV |
686 | static int tunnel_key_dump_addresses(struct sk_buff *skb, |
687 | const struct ip_tunnel_info *info) | |
688 | { | |
689 | unsigned short family = ip_tunnel_info_af(info); | |
690 | ||
691 | if (family == AF_INET) { | |
692 | __be32 saddr = info->key.u.ipv4.src; | |
693 | __be32 daddr = info->key.u.ipv4.dst; | |
694 | ||
695 | if (!nla_put_in_addr(skb, TCA_TUNNEL_KEY_ENC_IPV4_SRC, saddr) && | |
696 | !nla_put_in_addr(skb, TCA_TUNNEL_KEY_ENC_IPV4_DST, daddr)) | |
697 | return 0; | |
698 | } | |
699 | ||
700 | if (family == AF_INET6) { | |
701 | const struct in6_addr *saddr6 = &info->key.u.ipv6.src; | |
702 | const struct in6_addr *daddr6 = &info->key.u.ipv6.dst; | |
703 | ||
704 | if (!nla_put_in6_addr(skb, | |
705 | TCA_TUNNEL_KEY_ENC_IPV6_SRC, saddr6) && | |
706 | !nla_put_in6_addr(skb, | |
707 | TCA_TUNNEL_KEY_ENC_IPV6_DST, daddr6)) | |
708 | return 0; | |
709 | } | |
710 | ||
711 | return -EINVAL; | |
712 | } | |
713 | ||
714 | static int tunnel_key_dump(struct sk_buff *skb, struct tc_action *a, | |
715 | int bind, int ref) | |
716 | { | |
717 | unsigned char *b = skb_tail_pointer(skb); | |
718 | struct tcf_tunnel_key *t = to_tunnel_key(a); | |
719 | struct tcf_tunnel_key_params *params; | |
720 | struct tc_tunnel_key opt = { | |
721 | .index = t->tcf_index, | |
036bb443 VB |
722 | .refcnt = refcount_read(&t->tcf_refcnt) - ref, |
723 | .bindcnt = atomic_read(&t->tcf_bindcnt) - bind, | |
d0f6dd8a AV |
724 | }; |
725 | struct tcf_t tm; | |
d0f6dd8a | 726 | |
653cd284 | 727 | spin_lock_bh(&t->tcf_lock); |
729e0126 VB |
728 | params = rcu_dereference_protected(t->params, |
729 | lockdep_is_held(&t->tcf_lock)); | |
730 | opt.action = t->tcf_action; | |
d0f6dd8a | 731 | opt.t_action = params->tcft_action; |
d0f6dd8a AV |
732 | |
733 | if (nla_put(skb, TCA_TUNNEL_KEY_PARMS, sizeof(opt), &opt)) | |
734 | goto nla_put_failure; | |
735 | ||
736 | if (params->tcft_action == TCA_TUNNEL_KEY_ACT_SET) { | |
0ed5269f SH |
737 | struct ip_tunnel_info *info = |
738 | ¶ms->tcft_enc_metadata->u.tun_info; | |
739 | struct ip_tunnel_key *key = &info->key; | |
d0f6dd8a AV |
740 | __be32 key_id = tunnel_id_to_key32(key->tun_id); |
741 | ||
80ef0f22 AN |
742 | if (((key->tun_flags & TUNNEL_KEY) && |
743 | nla_put_be32(skb, TCA_TUNNEL_KEY_ENC_KEY_ID, key_id)) || | |
d0f6dd8a | 744 | tunnel_key_dump_addresses(skb, |
75bfbca0 | 745 | ¶ms->tcft_enc_metadata->u.tun_info) || |
1c25324c AN |
746 | (key->tp_dst && |
747 | nla_put_be16(skb, TCA_TUNNEL_KEY_ENC_DST_PORT, | |
748 | key->tp_dst)) || | |
86087e17 | 749 | nla_put_u8(skb, TCA_TUNNEL_KEY_NO_CSUM, |
0ed5269f SH |
750 | !(key->tun_flags & TUNNEL_CSUM)) || |
751 | tunnel_key_opts_dump(skb, info)) | |
d0f6dd8a | 752 | goto nla_put_failure; |
07a557f4 OG |
753 | |
754 | if (key->tos && nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_TOS, key->tos)) | |
755 | goto nla_put_failure; | |
756 | ||
757 | if (key->ttl && nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_TTL, key->ttl)) | |
758 | goto nla_put_failure; | |
d0f6dd8a AV |
759 | } |
760 | ||
761 | tcf_tm_dump(&tm, &t->tcf_tm); | |
762 | if (nla_put_64bit(skb, TCA_TUNNEL_KEY_TM, sizeof(tm), | |
763 | &tm, TCA_TUNNEL_KEY_PAD)) | |
764 | goto nla_put_failure; | |
653cd284 | 765 | spin_unlock_bh(&t->tcf_lock); |
d0f6dd8a | 766 | |
07c0f09e | 767 | return skb->len; |
d0f6dd8a AV |
768 | |
769 | nla_put_failure: | |
653cd284 | 770 | spin_unlock_bh(&t->tcf_lock); |
d0f6dd8a | 771 | nlmsg_trim(skb, b); |
07c0f09e | 772 | return -1; |
d0f6dd8a AV |
773 | } |
774 | ||
775 | static int tunnel_key_walker(struct net *net, struct sk_buff *skb, | |
776 | struct netlink_callback *cb, int type, | |
41780105 AA |
777 | const struct tc_action_ops *ops, |
778 | struct netlink_ext_ack *extack) | |
d0f6dd8a AV |
779 | { |
780 | struct tc_action_net *tn = net_generic(net, tunnel_key_net_id); | |
781 | ||
b3620145 | 782 | return tcf_generic_walker(tn, skb, cb, type, ops, extack); |
d0f6dd8a AV |
783 | } |
784 | ||
f061b48c | 785 | static int tunnel_key_search(struct net *net, struct tc_action **a, u32 index) |
d0f6dd8a AV |
786 | { |
787 | struct tc_action_net *tn = net_generic(net, tunnel_key_net_id); | |
788 | ||
65a206c0 | 789 | return tcf_idr_search(tn, a, index); |
d0f6dd8a AV |
790 | } |
791 | ||
792 | static struct tc_action_ops act_tunnel_key_ops = { | |
793 | .kind = "tunnel_key", | |
eddd2cf1 | 794 | .id = TCA_ID_TUNNEL_KEY, |
d0f6dd8a AV |
795 | .owner = THIS_MODULE, |
796 | .act = tunnel_key_act, | |
797 | .dump = tunnel_key_dump, | |
798 | .init = tunnel_key_init, | |
799 | .cleanup = tunnel_key_release, | |
800 | .walk = tunnel_key_walker, | |
801 | .lookup = tunnel_key_search, | |
802 | .size = sizeof(struct tcf_tunnel_key), | |
803 | }; | |
804 | ||
805 | static __net_init int tunnel_key_init_net(struct net *net) | |
806 | { | |
807 | struct tc_action_net *tn = net_generic(net, tunnel_key_net_id); | |
808 | ||
981471bd | 809 | return tc_action_net_init(net, tn, &act_tunnel_key_ops); |
d0f6dd8a AV |
810 | } |
811 | ||
039af9c6 | 812 | static void __net_exit tunnel_key_exit_net(struct list_head *net_list) |
d0f6dd8a | 813 | { |
039af9c6 | 814 | tc_action_net_exit(net_list, tunnel_key_net_id); |
d0f6dd8a AV |
815 | } |
816 | ||
817 | static struct pernet_operations tunnel_key_net_ops = { | |
818 | .init = tunnel_key_init_net, | |
039af9c6 | 819 | .exit_batch = tunnel_key_exit_net, |
d0f6dd8a AV |
820 | .id = &tunnel_key_net_id, |
821 | .size = sizeof(struct tc_action_net), | |
822 | }; | |
823 | ||
824 | static int __init tunnel_key_init_module(void) | |
825 | { | |
826 | return tcf_register_action(&act_tunnel_key_ops, &tunnel_key_net_ops); | |
827 | } | |
828 | ||
829 | static void __exit tunnel_key_cleanup_module(void) | |
830 | { | |
831 | tcf_unregister_action(&act_tunnel_key_ops, &tunnel_key_net_ops); | |
832 | } | |
833 | ||
834 | module_init(tunnel_key_init_module); | |
835 | module_exit(tunnel_key_cleanup_module); | |
836 | ||
837 | MODULE_AUTHOR("Amir Vadai <amir@vadai.me>"); | |
838 | MODULE_DESCRIPTION("ip tunnel manipulation actions"); | |
839 | MODULE_LICENSE("GPL v2"); |