Commit | Line | Data |
---|---|---|
3328715e SK |
1 | /* xfrm4_protocol.c - Generic xfrm protocol multiplexer. |
2 | * | |
3 | * Copyright (C) 2013 secunet Security Networks AG | |
4 | * | |
5 | * Author: | |
6 | * Steffen Klassert <steffen.klassert@secunet.com> | |
7 | * | |
8 | * Based on: | |
9 | * net/ipv4/tunnel4.c | |
10 | * | |
11 | * This program is free software; you can redistribute it and/or | |
12 | * modify it under the terms of the GNU General Public License | |
13 | * as published by the Free Software Foundation; either version | |
14 | * 2 of the License, or (at your option) any later version. | |
15 | */ | |
16 | ||
17 | #include <linux/init.h> | |
18 | #include <linux/mutex.h> | |
19 | #include <linux/skbuff.h> | |
20 | #include <net/icmp.h> | |
21 | #include <net/ip.h> | |
22 | #include <net/protocol.h> | |
23 | #include <net/xfrm.h> | |
24 | ||
25 | static struct xfrm4_protocol __rcu *esp4_handlers __read_mostly; | |
26 | static struct xfrm4_protocol __rcu *ah4_handlers __read_mostly; | |
27 | static struct xfrm4_protocol __rcu *ipcomp4_handlers __read_mostly; | |
28 | static DEFINE_MUTEX(xfrm4_protocol_mutex); | |
29 | ||
30 | static inline struct xfrm4_protocol __rcu **proto_handlers(u8 protocol) | |
31 | { | |
32 | switch (protocol) { | |
33 | case IPPROTO_ESP: | |
34 | return &esp4_handlers; | |
35 | case IPPROTO_AH: | |
36 | return &ah4_handlers; | |
37 | case IPPROTO_COMP: | |
38 | return &ipcomp4_handlers; | |
39 | } | |
40 | ||
41 | return NULL; | |
42 | } | |
43 | ||
44 | #define for_each_protocol_rcu(head, handler) \ | |
45 | for (handler = rcu_dereference(head); \ | |
46 | handler != NULL; \ | |
47 | handler = rcu_dereference(handler->next)) \ | |
48 | ||
49 | int xfrm4_rcv_cb(struct sk_buff *skb, u8 protocol, int err) | |
50 | { | |
51 | int ret; | |
52 | struct xfrm4_protocol *handler; | |
61622cc6 | 53 | struct xfrm4_protocol __rcu **head = proto_handlers(protocol); |
3328715e | 54 | |
61622cc6 SK |
55 | if (!head) |
56 | return 0; | |
57 | ||
58 | for_each_protocol_rcu(*head, handler) | |
3328715e SK |
59 | if ((ret = handler->cb_handler(skb, err)) <= 0) |
60 | return ret; | |
61 | ||
62 | return 0; | |
63 | } | |
64 | EXPORT_SYMBOL(xfrm4_rcv_cb); | |
65 | ||
66 | int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi, | |
67 | int encap_type) | |
68 | { | |
69 | int ret; | |
70 | struct xfrm4_protocol *handler; | |
61622cc6 | 71 | struct xfrm4_protocol __rcu **head = proto_handlers(nexthdr); |
3328715e | 72 | |
70be6c91 | 73 | XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; |
3328715e SK |
74 | XFRM_SPI_SKB_CB(skb)->family = AF_INET; |
75 | XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr); | |
76 | ||
61622cc6 SK |
77 | if (!head) |
78 | goto out; | |
79 | ||
80 | for_each_protocol_rcu(*head, handler) | |
3328715e SK |
81 | if ((ret = handler->input_handler(skb, nexthdr, spi, encap_type)) != -EINVAL) |
82 | return ret; | |
83 | ||
61622cc6 | 84 | out: |
3328715e SK |
85 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); |
86 | ||
87 | kfree_skb(skb); | |
88 | return 0; | |
89 | } | |
90 | EXPORT_SYMBOL(xfrm4_rcv_encap); | |
91 | ||
92 | static int xfrm4_esp_rcv(struct sk_buff *skb) | |
93 | { | |
94 | int ret; | |
95 | struct xfrm4_protocol *handler; | |
96 | ||
70be6c91 SK |
97 | XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; |
98 | ||
3328715e SK |
99 | for_each_protocol_rcu(esp4_handlers, handler) |
100 | if ((ret = handler->handler(skb)) != -EINVAL) | |
101 | return ret; | |
102 | ||
103 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); | |
104 | ||
105 | kfree_skb(skb); | |
106 | return 0; | |
107 | } | |
108 | ||
109 | static void xfrm4_esp_err(struct sk_buff *skb, u32 info) | |
110 | { | |
111 | struct xfrm4_protocol *handler; | |
112 | ||
113 | for_each_protocol_rcu(esp4_handlers, handler) | |
114 | if (!handler->err_handler(skb, info)) | |
115 | break; | |
116 | } | |
117 | ||
118 | static int xfrm4_ah_rcv(struct sk_buff *skb) | |
119 | { | |
120 | int ret; | |
121 | struct xfrm4_protocol *handler; | |
122 | ||
70be6c91 SK |
123 | XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; |
124 | ||
3328715e SK |
125 | for_each_protocol_rcu(ah4_handlers, handler) |
126 | if ((ret = handler->handler(skb)) != -EINVAL) | |
1759389e | 127 | return ret; |
3328715e SK |
128 | |
129 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); | |
130 | ||
131 | kfree_skb(skb); | |
132 | return 0; | |
133 | } | |
134 | ||
135 | static void xfrm4_ah_err(struct sk_buff *skb, u32 info) | |
136 | { | |
137 | struct xfrm4_protocol *handler; | |
138 | ||
139 | for_each_protocol_rcu(ah4_handlers, handler) | |
140 | if (!handler->err_handler(skb, info)) | |
141 | break; | |
142 | } | |
143 | ||
144 | static int xfrm4_ipcomp_rcv(struct sk_buff *skb) | |
145 | { | |
146 | int ret; | |
147 | struct xfrm4_protocol *handler; | |
148 | ||
70be6c91 SK |
149 | XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; |
150 | ||
3328715e SK |
151 | for_each_protocol_rcu(ipcomp4_handlers, handler) |
152 | if ((ret = handler->handler(skb)) != -EINVAL) | |
153 | return ret; | |
154 | ||
155 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); | |
156 | ||
157 | kfree_skb(skb); | |
158 | return 0; | |
159 | } | |
160 | ||
161 | static void xfrm4_ipcomp_err(struct sk_buff *skb, u32 info) | |
162 | { | |
163 | struct xfrm4_protocol *handler; | |
164 | ||
165 | for_each_protocol_rcu(ipcomp4_handlers, handler) | |
166 | if (!handler->err_handler(skb, info)) | |
167 | break; | |
168 | } | |
169 | ||
170 | static const struct net_protocol esp4_protocol = { | |
171 | .handler = xfrm4_esp_rcv, | |
172 | .err_handler = xfrm4_esp_err, | |
173 | .no_policy = 1, | |
174 | .netns_ok = 1, | |
175 | }; | |
176 | ||
177 | static const struct net_protocol ah4_protocol = { | |
178 | .handler = xfrm4_ah_rcv, | |
179 | .err_handler = xfrm4_ah_err, | |
180 | .no_policy = 1, | |
181 | .netns_ok = 1, | |
182 | }; | |
183 | ||
184 | static const struct net_protocol ipcomp4_protocol = { | |
185 | .handler = xfrm4_ipcomp_rcv, | |
186 | .err_handler = xfrm4_ipcomp_err, | |
187 | .no_policy = 1, | |
188 | .netns_ok = 1, | |
189 | }; | |
190 | ||
960fdfde | 191 | static const struct xfrm_input_afinfo xfrm4_input_afinfo = { |
2f32b51b | 192 | .family = AF_INET, |
2f32b51b SK |
193 | .callback = xfrm4_rcv_cb, |
194 | }; | |
195 | ||
3328715e SK |
196 | static inline const struct net_protocol *netproto(unsigned char protocol) |
197 | { | |
198 | switch (protocol) { | |
199 | case IPPROTO_ESP: | |
200 | return &esp4_protocol; | |
201 | case IPPROTO_AH: | |
202 | return &ah4_protocol; | |
203 | case IPPROTO_COMP: | |
204 | return &ipcomp4_protocol; | |
205 | } | |
206 | ||
207 | return NULL; | |
208 | } | |
209 | ||
210 | int xfrm4_protocol_register(struct xfrm4_protocol *handler, | |
211 | unsigned char protocol) | |
212 | { | |
213 | struct xfrm4_protocol __rcu **pprev; | |
214 | struct xfrm4_protocol *t; | |
215 | bool add_netproto = false; | |
3328715e SK |
216 | int ret = -EEXIST; |
217 | int priority = handler->priority; | |
218 | ||
61622cc6 SK |
219 | if (!proto_handlers(protocol) || !netproto(protocol)) |
220 | return -EINVAL; | |
221 | ||
3328715e SK |
222 | mutex_lock(&xfrm4_protocol_mutex); |
223 | ||
224 | if (!rcu_dereference_protected(*proto_handlers(protocol), | |
225 | lockdep_is_held(&xfrm4_protocol_mutex))) | |
226 | add_netproto = true; | |
227 | ||
228 | for (pprev = proto_handlers(protocol); | |
229 | (t = rcu_dereference_protected(*pprev, | |
230 | lockdep_is_held(&xfrm4_protocol_mutex))) != NULL; | |
231 | pprev = &t->next) { | |
232 | if (t->priority < priority) | |
233 | break; | |
234 | if (t->priority == priority) | |
235 | goto err; | |
236 | } | |
237 | ||
238 | handler->next = *pprev; | |
239 | rcu_assign_pointer(*pprev, handler); | |
240 | ||
241 | ret = 0; | |
242 | ||
243 | err: | |
244 | mutex_unlock(&xfrm4_protocol_mutex); | |
245 | ||
246 | if (add_netproto) { | |
247 | if (inet_add_protocol(netproto(protocol), protocol)) { | |
248 | pr_err("%s: can't add protocol\n", __func__); | |
249 | ret = -EAGAIN; | |
250 | } | |
251 | } | |
252 | ||
253 | return ret; | |
254 | } | |
255 | EXPORT_SYMBOL(xfrm4_protocol_register); | |
256 | ||
257 | int xfrm4_protocol_deregister(struct xfrm4_protocol *handler, | |
258 | unsigned char protocol) | |
259 | { | |
260 | struct xfrm4_protocol __rcu **pprev; | |
261 | struct xfrm4_protocol *t; | |
262 | int ret = -ENOENT; | |
263 | ||
61622cc6 SK |
264 | if (!proto_handlers(protocol) || !netproto(protocol)) |
265 | return -EINVAL; | |
266 | ||
3328715e SK |
267 | mutex_lock(&xfrm4_protocol_mutex); |
268 | ||
269 | for (pprev = proto_handlers(protocol); | |
270 | (t = rcu_dereference_protected(*pprev, | |
271 | lockdep_is_held(&xfrm4_protocol_mutex))) != NULL; | |
272 | pprev = &t->next) { | |
273 | if (t == handler) { | |
274 | *pprev = handler->next; | |
275 | ret = 0; | |
276 | break; | |
277 | } | |
278 | } | |
279 | ||
280 | if (!rcu_dereference_protected(*proto_handlers(protocol), | |
281 | lockdep_is_held(&xfrm4_protocol_mutex))) { | |
282 | if (inet_del_protocol(netproto(protocol), protocol) < 0) { | |
283 | pr_err("%s: can't remove protocol\n", __func__); | |
284 | ret = -EAGAIN; | |
285 | } | |
286 | } | |
287 | ||
288 | mutex_unlock(&xfrm4_protocol_mutex); | |
289 | ||
290 | synchronize_net(); | |
291 | ||
292 | return ret; | |
293 | } | |
294 | EXPORT_SYMBOL(xfrm4_protocol_deregister); | |
2f32b51b SK |
295 | |
296 | void __init xfrm4_protocol_init(void) | |
297 | { | |
298 | xfrm_input_register_afinfo(&xfrm4_input_afinfo); | |
299 | } | |
300 | EXPORT_SYMBOL(xfrm4_protocol_init); |