xfrm4_protocol.c 6.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /* xfrm4_protocol.c - Generic xfrm protocol multiplexer.
  3. *
  4. * Copyright (C) 2013 secunet Security Networks AG
  5. *
  6. * Author:
  7. * Steffen Klassert <[email protected]>
  8. *
  9. * Based on:
  10. * net/ipv4/tunnel4.c
  11. */
  12. #include <linux/init.h>
  13. #include <linux/mutex.h>
  14. #include <linux/skbuff.h>
  15. #include <net/icmp.h>
  16. #include <net/ip.h>
  17. #include <net/protocol.h>
  18. #include <net/xfrm.h>
  19. static struct xfrm4_protocol __rcu *esp4_handlers __read_mostly;
  20. static struct xfrm4_protocol __rcu *ah4_handlers __read_mostly;
  21. static struct xfrm4_protocol __rcu *ipcomp4_handlers __read_mostly;
  22. static DEFINE_MUTEX(xfrm4_protocol_mutex);
  23. static inline struct xfrm4_protocol __rcu **proto_handlers(u8 protocol)
  24. {
  25. switch (protocol) {
  26. case IPPROTO_ESP:
  27. return &esp4_handlers;
  28. case IPPROTO_AH:
  29. return &ah4_handlers;
  30. case IPPROTO_COMP:
  31. return &ipcomp4_handlers;
  32. }
  33. return NULL;
  34. }
  35. #define for_each_protocol_rcu(head, handler) \
  36. for (handler = rcu_dereference(head); \
  37. handler != NULL; \
  38. handler = rcu_dereference(handler->next)) \
  39. static int xfrm4_rcv_cb(struct sk_buff *skb, u8 protocol, int err)
  40. {
  41. int ret;
  42. struct xfrm4_protocol *handler;
  43. struct xfrm4_protocol __rcu **head = proto_handlers(protocol);
  44. if (!head)
  45. return 0;
  46. for_each_protocol_rcu(*head, handler)
  47. if ((ret = handler->cb_handler(skb, err)) <= 0)
  48. return ret;
  49. return 0;
  50. }
  51. int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
  52. int encap_type)
  53. {
  54. int ret;
  55. struct xfrm4_protocol *handler;
  56. struct xfrm4_protocol __rcu **head = proto_handlers(nexthdr);
  57. XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
  58. XFRM_SPI_SKB_CB(skb)->family = AF_INET;
  59. XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
  60. if (!head)
  61. goto out;
  62. if (!skb_dst(skb)) {
  63. const struct iphdr *iph = ip_hdr(skb);
  64. if (ip_route_input_noref(skb, iph->daddr, iph->saddr,
  65. iph->tos, skb->dev))
  66. goto drop;
  67. }
  68. for_each_protocol_rcu(*head, handler)
  69. if ((ret = handler->input_handler(skb, nexthdr, spi, encap_type)) != -EINVAL)
  70. return ret;
  71. out:
  72. icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
  73. drop:
  74. kfree_skb(skb);
  75. return 0;
  76. }
  77. EXPORT_SYMBOL(xfrm4_rcv_encap);
  78. static int xfrm4_esp_rcv(struct sk_buff *skb)
  79. {
  80. int ret;
  81. struct xfrm4_protocol *handler;
  82. XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
  83. for_each_protocol_rcu(esp4_handlers, handler)
  84. if ((ret = handler->handler(skb)) != -EINVAL)
  85. return ret;
  86. icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
  87. kfree_skb(skb);
  88. return 0;
  89. }
  90. static int xfrm4_esp_err(struct sk_buff *skb, u32 info)
  91. {
  92. struct xfrm4_protocol *handler;
  93. for_each_protocol_rcu(esp4_handlers, handler)
  94. if (!handler->err_handler(skb, info))
  95. return 0;
  96. return -ENOENT;
  97. }
  98. static int xfrm4_ah_rcv(struct sk_buff *skb)
  99. {
  100. int ret;
  101. struct xfrm4_protocol *handler;
  102. XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
  103. for_each_protocol_rcu(ah4_handlers, handler)
  104. if ((ret = handler->handler(skb)) != -EINVAL)
  105. return ret;
  106. icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
  107. kfree_skb(skb);
  108. return 0;
  109. }
  110. static int xfrm4_ah_err(struct sk_buff *skb, u32 info)
  111. {
  112. struct xfrm4_protocol *handler;
  113. for_each_protocol_rcu(ah4_handlers, handler)
  114. if (!handler->err_handler(skb, info))
  115. return 0;
  116. return -ENOENT;
  117. }
  118. static int xfrm4_ipcomp_rcv(struct sk_buff *skb)
  119. {
  120. int ret;
  121. struct xfrm4_protocol *handler;
  122. XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
  123. for_each_protocol_rcu(ipcomp4_handlers, handler)
  124. if ((ret = handler->handler(skb)) != -EINVAL)
  125. return ret;
  126. icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
  127. kfree_skb(skb);
  128. return 0;
  129. }
  130. static int xfrm4_ipcomp_err(struct sk_buff *skb, u32 info)
  131. {
  132. struct xfrm4_protocol *handler;
  133. for_each_protocol_rcu(ipcomp4_handlers, handler)
  134. if (!handler->err_handler(skb, info))
  135. return 0;
  136. return -ENOENT;
  137. }
  138. static const struct net_protocol esp4_protocol = {
  139. .handler = xfrm4_esp_rcv,
  140. .err_handler = xfrm4_esp_err,
  141. .no_policy = 1,
  142. };
  143. static const struct net_protocol ah4_protocol = {
  144. .handler = xfrm4_ah_rcv,
  145. .err_handler = xfrm4_ah_err,
  146. .no_policy = 1,
  147. };
  148. static const struct net_protocol ipcomp4_protocol = {
  149. .handler = xfrm4_ipcomp_rcv,
  150. .err_handler = xfrm4_ipcomp_err,
  151. .no_policy = 1,
  152. };
  153. static const struct xfrm_input_afinfo xfrm4_input_afinfo = {
  154. .family = AF_INET,
  155. .callback = xfrm4_rcv_cb,
  156. };
  157. static inline const struct net_protocol *netproto(unsigned char protocol)
  158. {
  159. switch (protocol) {
  160. case IPPROTO_ESP:
  161. return &esp4_protocol;
  162. case IPPROTO_AH:
  163. return &ah4_protocol;
  164. case IPPROTO_COMP:
  165. return &ipcomp4_protocol;
  166. }
  167. return NULL;
  168. }
  169. int xfrm4_protocol_register(struct xfrm4_protocol *handler,
  170. unsigned char protocol)
  171. {
  172. struct xfrm4_protocol __rcu **pprev;
  173. struct xfrm4_protocol *t;
  174. bool add_netproto = false;
  175. int ret = -EEXIST;
  176. int priority = handler->priority;
  177. if (!proto_handlers(protocol) || !netproto(protocol))
  178. return -EINVAL;
  179. mutex_lock(&xfrm4_protocol_mutex);
  180. if (!rcu_dereference_protected(*proto_handlers(protocol),
  181. lockdep_is_held(&xfrm4_protocol_mutex)))
  182. add_netproto = true;
  183. for (pprev = proto_handlers(protocol);
  184. (t = rcu_dereference_protected(*pprev,
  185. lockdep_is_held(&xfrm4_protocol_mutex))) != NULL;
  186. pprev = &t->next) {
  187. if (t->priority < priority)
  188. break;
  189. if (t->priority == priority)
  190. goto err;
  191. }
  192. handler->next = *pprev;
  193. rcu_assign_pointer(*pprev, handler);
  194. ret = 0;
  195. err:
  196. mutex_unlock(&xfrm4_protocol_mutex);
  197. if (add_netproto) {
  198. if (inet_add_protocol(netproto(protocol), protocol)) {
  199. pr_err("%s: can't add protocol\n", __func__);
  200. ret = -EAGAIN;
  201. }
  202. }
  203. return ret;
  204. }
  205. EXPORT_SYMBOL(xfrm4_protocol_register);
  206. int xfrm4_protocol_deregister(struct xfrm4_protocol *handler,
  207. unsigned char protocol)
  208. {
  209. struct xfrm4_protocol __rcu **pprev;
  210. struct xfrm4_protocol *t;
  211. int ret = -ENOENT;
  212. if (!proto_handlers(protocol) || !netproto(protocol))
  213. return -EINVAL;
  214. mutex_lock(&xfrm4_protocol_mutex);
  215. for (pprev = proto_handlers(protocol);
  216. (t = rcu_dereference_protected(*pprev,
  217. lockdep_is_held(&xfrm4_protocol_mutex))) != NULL;
  218. pprev = &t->next) {
  219. if (t == handler) {
  220. *pprev = handler->next;
  221. ret = 0;
  222. break;
  223. }
  224. }
  225. if (!rcu_dereference_protected(*proto_handlers(protocol),
  226. lockdep_is_held(&xfrm4_protocol_mutex))) {
  227. if (inet_del_protocol(netproto(protocol), protocol) < 0) {
  228. pr_err("%s: can't remove protocol\n", __func__);
  229. ret = -EAGAIN;
  230. }
  231. }
  232. mutex_unlock(&xfrm4_protocol_mutex);
  233. synchronize_net();
  234. return ret;
  235. }
  236. EXPORT_SYMBOL(xfrm4_protocol_deregister);
  237. void __init xfrm4_protocol_init(void)
  238. {
  239. xfrm_input_register_afinfo(&xfrm4_input_afinfo);
  240. }