Commit | Line | Data |
---|---|---|
3328715e SK |
1 | /* xfrm4_protocol.c - Generic xfrm protocol multiplexer. |
2 | * | |
3 | * Copyright (C) 2013 secunet Security Networks AG | |
4 | * | |
5 | * Author: | |
6 | * Steffen Klassert <steffen.klassert@secunet.com> | |
7 | * | |
8 | * Based on: | |
9 | * net/ipv4/tunnel4.c | |
10 | * | |
11 | * This program is free software; you can redistribute it and/or | |
12 | * modify it under the terms of the GNU General Public License | |
13 | * as published by the Free Software Foundation; either version | |
14 | * 2 of the License, or (at your option) any later version. | |
15 | */ | |
16 | ||
17 | #include <linux/init.h> | |
18 | #include <linux/mutex.h> | |
19 | #include <linux/skbuff.h> | |
20 | #include <net/icmp.h> | |
21 | #include <net/ip.h> | |
22 | #include <net/protocol.h> | |
23 | #include <net/xfrm.h> | |
24 | ||
25 | static struct xfrm4_protocol __rcu *esp4_handlers __read_mostly; | |
26 | static struct xfrm4_protocol __rcu *ah4_handlers __read_mostly; | |
27 | static struct xfrm4_protocol __rcu *ipcomp4_handlers __read_mostly; | |
28 | static DEFINE_MUTEX(xfrm4_protocol_mutex); | |
29 | ||
30 | static inline struct xfrm4_protocol __rcu **proto_handlers(u8 protocol) | |
31 | { | |
32 | switch (protocol) { | |
33 | case IPPROTO_ESP: | |
34 | return &esp4_handlers; | |
35 | case IPPROTO_AH: | |
36 | return &ah4_handlers; | |
37 | case IPPROTO_COMP: | |
38 | return &ipcomp4_handlers; | |
39 | } | |
40 | ||
41 | return NULL; | |
42 | } | |
43 | ||
44 | #define for_each_protocol_rcu(head, handler) \ | |
45 | for (handler = rcu_dereference(head); \ | |
46 | handler != NULL; \ | |
47 | handler = rcu_dereference(handler->next)) \ | |
48 | ||
49 | int xfrm4_rcv_cb(struct sk_buff *skb, u8 protocol, int err) | |
50 | { | |
51 | int ret; | |
52 | struct xfrm4_protocol *handler; | |
53 | ||
54 | for_each_protocol_rcu(*proto_handlers(protocol), handler) | |
55 | if ((ret = handler->cb_handler(skb, err)) <= 0) | |
56 | return ret; | |
57 | ||
58 | return 0; | |
59 | } | |
60 | EXPORT_SYMBOL(xfrm4_rcv_cb); | |
61 | ||
62 | int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi, | |
63 | int encap_type) | |
64 | { | |
65 | int ret; | |
66 | struct xfrm4_protocol *handler; | |
67 | ||
70be6c91 | 68 | XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; |
3328715e SK |
69 | XFRM_SPI_SKB_CB(skb)->family = AF_INET; |
70 | XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr); | |
71 | ||
72 | for_each_protocol_rcu(*proto_handlers(nexthdr), handler) | |
73 | if ((ret = handler->input_handler(skb, nexthdr, spi, encap_type)) != -EINVAL) | |
74 | return ret; | |
75 | ||
76 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); | |
77 | ||
78 | kfree_skb(skb); | |
79 | return 0; | |
80 | } | |
81 | EXPORT_SYMBOL(xfrm4_rcv_encap); | |
82 | ||
83 | static int xfrm4_esp_rcv(struct sk_buff *skb) | |
84 | { | |
85 | int ret; | |
86 | struct xfrm4_protocol *handler; | |
87 | ||
70be6c91 SK |
88 | XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; |
89 | ||
3328715e SK |
90 | for_each_protocol_rcu(esp4_handlers, handler) |
91 | if ((ret = handler->handler(skb)) != -EINVAL) | |
92 | return ret; | |
93 | ||
94 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); | |
95 | ||
96 | kfree_skb(skb); | |
97 | return 0; | |
98 | } | |
99 | ||
100 | static void xfrm4_esp_err(struct sk_buff *skb, u32 info) | |
101 | { | |
102 | struct xfrm4_protocol *handler; | |
103 | ||
104 | for_each_protocol_rcu(esp4_handlers, handler) | |
105 | if (!handler->err_handler(skb, info)) | |
106 | break; | |
107 | } | |
108 | ||
109 | static int xfrm4_ah_rcv(struct sk_buff *skb) | |
110 | { | |
111 | int ret; | |
112 | struct xfrm4_protocol *handler; | |
113 | ||
70be6c91 SK |
114 | XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; |
115 | ||
3328715e SK |
116 | for_each_protocol_rcu(ah4_handlers, handler) |
117 | if ((ret = handler->handler(skb)) != -EINVAL) | |
118 | return ret;; | |
119 | ||
120 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); | |
121 | ||
122 | kfree_skb(skb); | |
123 | return 0; | |
124 | } | |
125 | ||
126 | static void xfrm4_ah_err(struct sk_buff *skb, u32 info) | |
127 | { | |
128 | struct xfrm4_protocol *handler; | |
129 | ||
130 | for_each_protocol_rcu(ah4_handlers, handler) | |
131 | if (!handler->err_handler(skb, info)) | |
132 | break; | |
133 | } | |
134 | ||
135 | static int xfrm4_ipcomp_rcv(struct sk_buff *skb) | |
136 | { | |
137 | int ret; | |
138 | struct xfrm4_protocol *handler; | |
139 | ||
70be6c91 SK |
140 | XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL; |
141 | ||
3328715e SK |
142 | for_each_protocol_rcu(ipcomp4_handlers, handler) |
143 | if ((ret = handler->handler(skb)) != -EINVAL) | |
144 | return ret; | |
145 | ||
146 | icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); | |
147 | ||
148 | kfree_skb(skb); | |
149 | return 0; | |
150 | } | |
151 | ||
152 | static void xfrm4_ipcomp_err(struct sk_buff *skb, u32 info) | |
153 | { | |
154 | struct xfrm4_protocol *handler; | |
155 | ||
156 | for_each_protocol_rcu(ipcomp4_handlers, handler) | |
157 | if (!handler->err_handler(skb, info)) | |
158 | break; | |
159 | } | |
160 | ||
161 | static const struct net_protocol esp4_protocol = { | |
162 | .handler = xfrm4_esp_rcv, | |
163 | .err_handler = xfrm4_esp_err, | |
164 | .no_policy = 1, | |
165 | .netns_ok = 1, | |
166 | }; | |
167 | ||
168 | static const struct net_protocol ah4_protocol = { | |
169 | .handler = xfrm4_ah_rcv, | |
170 | .err_handler = xfrm4_ah_err, | |
171 | .no_policy = 1, | |
172 | .netns_ok = 1, | |
173 | }; | |
174 | ||
175 | static const struct net_protocol ipcomp4_protocol = { | |
176 | .handler = xfrm4_ipcomp_rcv, | |
177 | .err_handler = xfrm4_ipcomp_err, | |
178 | .no_policy = 1, | |
179 | .netns_ok = 1, | |
180 | }; | |
181 | ||
2f32b51b SK |
182 | static struct xfrm_input_afinfo xfrm4_input_afinfo = { |
183 | .family = AF_INET, | |
184 | .owner = THIS_MODULE, | |
185 | .callback = xfrm4_rcv_cb, | |
186 | }; | |
187 | ||
3328715e SK |
188 | static inline const struct net_protocol *netproto(unsigned char protocol) |
189 | { | |
190 | switch (protocol) { | |
191 | case IPPROTO_ESP: | |
192 | return &esp4_protocol; | |
193 | case IPPROTO_AH: | |
194 | return &ah4_protocol; | |
195 | case IPPROTO_COMP: | |
196 | return &ipcomp4_protocol; | |
197 | } | |
198 | ||
199 | return NULL; | |
200 | } | |
201 | ||
202 | int xfrm4_protocol_register(struct xfrm4_protocol *handler, | |
203 | unsigned char protocol) | |
204 | { | |
205 | struct xfrm4_protocol __rcu **pprev; | |
206 | struct xfrm4_protocol *t; | |
207 | bool add_netproto = false; | |
3328715e SK |
208 | int ret = -EEXIST; |
209 | int priority = handler->priority; | |
210 | ||
211 | mutex_lock(&xfrm4_protocol_mutex); | |
212 | ||
213 | if (!rcu_dereference_protected(*proto_handlers(protocol), | |
214 | lockdep_is_held(&xfrm4_protocol_mutex))) | |
215 | add_netproto = true; | |
216 | ||
217 | for (pprev = proto_handlers(protocol); | |
218 | (t = rcu_dereference_protected(*pprev, | |
219 | lockdep_is_held(&xfrm4_protocol_mutex))) != NULL; | |
220 | pprev = &t->next) { | |
221 | if (t->priority < priority) | |
222 | break; | |
223 | if (t->priority == priority) | |
224 | goto err; | |
225 | } | |
226 | ||
227 | handler->next = *pprev; | |
228 | rcu_assign_pointer(*pprev, handler); | |
229 | ||
230 | ret = 0; | |
231 | ||
232 | err: | |
233 | mutex_unlock(&xfrm4_protocol_mutex); | |
234 | ||
235 | if (add_netproto) { | |
236 | if (inet_add_protocol(netproto(protocol), protocol)) { | |
237 | pr_err("%s: can't add protocol\n", __func__); | |
238 | ret = -EAGAIN; | |
239 | } | |
240 | } | |
241 | ||
242 | return ret; | |
243 | } | |
244 | EXPORT_SYMBOL(xfrm4_protocol_register); | |
245 | ||
246 | int xfrm4_protocol_deregister(struct xfrm4_protocol *handler, | |
247 | unsigned char protocol) | |
248 | { | |
249 | struct xfrm4_protocol __rcu **pprev; | |
250 | struct xfrm4_protocol *t; | |
251 | int ret = -ENOENT; | |
252 | ||
253 | mutex_lock(&xfrm4_protocol_mutex); | |
254 | ||
255 | for (pprev = proto_handlers(protocol); | |
256 | (t = rcu_dereference_protected(*pprev, | |
257 | lockdep_is_held(&xfrm4_protocol_mutex))) != NULL; | |
258 | pprev = &t->next) { | |
259 | if (t == handler) { | |
260 | *pprev = handler->next; | |
261 | ret = 0; | |
262 | break; | |
263 | } | |
264 | } | |
265 | ||
266 | if (!rcu_dereference_protected(*proto_handlers(protocol), | |
267 | lockdep_is_held(&xfrm4_protocol_mutex))) { | |
268 | if (inet_del_protocol(netproto(protocol), protocol) < 0) { | |
269 | pr_err("%s: can't remove protocol\n", __func__); | |
270 | ret = -EAGAIN; | |
271 | } | |
272 | } | |
273 | ||
274 | mutex_unlock(&xfrm4_protocol_mutex); | |
275 | ||
276 | synchronize_net(); | |
277 | ||
278 | return ret; | |
279 | } | |
280 | EXPORT_SYMBOL(xfrm4_protocol_deregister); | |
2f32b51b SK |
281 | |
282 | void __init xfrm4_protocol_init(void) | |
283 | { | |
284 | xfrm_input_register_afinfo(&xfrm4_input_afinfo); | |
285 | } | |
286 | EXPORT_SYMBOL(xfrm4_protocol_init); |