--- zzzz-none-000/linux-4.9.276/net/ipv6/ip6_tunnel.c 2021-07-20 14:21:16.000000000 +0000 +++ falcon-5530-750/linux-4.9.276/net/ipv6/ip6_tunnel.c 2023-04-05 08:19:02.000000000 +0000 @@ -16,6 +16,8 @@ * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. * + * Changes: + * Steven Barth : MAP-E FMR support */ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt @@ -41,7 +43,7 @@ #include #include #include - +#include #include #include @@ -72,9 +74,9 @@ module_param(log_ecn_error, bool, 0644); MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN"); -static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) +static u32 HASH(const struct in6_addr *addr) { - u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2); + u32 hash = ipv6_addr_hash(addr); return hash_32(hash, IP6_TUNNEL_HASH_SIZE_SHIFT); } @@ -82,6 +84,12 @@ static int ip6_tnl_dev_init(struct net_device *dev); static void ip6_tnl_dev_setup(struct net_device *dev); static struct rtnl_link_ops ip6_link_ops __read_mostly; +static int ipmap_parm_from_user(struct map_rule_parm *p_rule, + struct __ip6_tnl_parm *p2, struct net *net, struct ip6_tnl **tl); +static void ipmap_parm_to_user(struct __ip6_tnl_fmr *fmrs, + struct map_rule_parm *p_rule); +static int del_fmr(struct map_rule_parm *p_rule, struct net *net); +static int if_map_parm_unique(struct ip6_tnl *t, struct map_rule_parm *p_rule); static int ip6_tnl_net_id __read_mostly; struct ip6_tnl_net { @@ -141,20 +149,29 @@ static struct ip6_tnl * ip6_tnl_lookup(struct net *net, const struct in6_addr *remote, const struct in6_addr *local) { - unsigned int hash = HASH(remote, local); + unsigned int hash = HASH(local); struct ip6_tnl *t; struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); struct in6_addr any; + struct __ip6_tnl_fmr *fmr; for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) { - if (ipv6_addr_equal(local, &t->parms.laddr) && - ipv6_addr_equal(remote, &t->parms.raddr) && - (t->dev->flags & IFF_UP)) + if (!ipv6_addr_equal(local, &t->parms.laddr) || + !(t->dev->flags & IFF_UP)) + continue; + + if (ipv6_addr_equal(remote, &t->parms.raddr)) return t; + + for (fmr = t->parms.fmrs; fmr; fmr = fmr->next) { + if (ipv6_prefix_equal(remote, &fmr->ip6_prefix, + fmr->ip6_prefix_len)) + return t; + } } memset(&any, 0, sizeof(any)); - hash = HASH(&any, local); + hash = HASH(local); for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) { if (ipv6_addr_equal(local, &t->parms.laddr) && ipv6_addr_any(&t->parms.raddr) && @@ -162,7 +179,7 @@ return t; } - hash = HASH(remote, &any); + hash = HASH(&any); for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) { if (ipv6_addr_equal(remote, &t->parms.raddr) && ipv6_addr_any(&t->parms.laddr) && @@ -202,7 +219,7 @@ if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) { prio = 1; - h = HASH(remote, local); + h = HASH(local); } return &ip6n->tnls[prio][h]; } @@ -383,6 +400,12 @@ struct net *net = t->net; struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); + while (t->parms.fmrs) { + struct __ip6_tnl_fmr *next = t->parms.fmrs->next; + kfree(t->parms.fmrs); + t->parms.fmrs = next; + } + if (dev == ip6n->fb_tnl_dev) RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL); else @@ -779,6 +802,96 @@ } EXPORT_SYMBOL_GPL(ip6_tnl_rcv_ctl); +/** + * ip4ip6_fmr_calc - calculate target / source IPv6-address based on FMR + * @dest: destination IPv6 address buffer + * @skb: received socket buffer + * @fmr: MAP FMR + * @xmit: Calculate for xmit or rcv + **/ +static void ip4ip6_fmr_calc(struct in6_addr *dest, + const struct iphdr *iph, const uint8_t *end, + const struct __ip6_tnl_fmr *fmr, bool xmit) +{ + int psidlen = fmr->ea_len - (32 - fmr->ip4_prefix_len); + u8 *portp = NULL; + bool use_dest_addr; + const struct iphdr *dsth = iph; + + if ((u8 *)dsth >= end) + return; + + /* find significant IP header */ + if (iph->protocol == IPPROTO_ICMP) { + struct icmphdr *ih = (struct icmphdr *)(((u8 *)dsth) + dsth->ihl * 4); + if (ih && ((u8 *)&ih[1]) <= end && (ih->type == ICMP_DEST_UNREACH || ih->type == ICMP_SOURCE_QUENCH || ih->type == ICMP_TIME_EXCEEDED || ih->type == ICMP_PARAMETERPROB || ih->type == ICMP_REDIRECT)) + dsth = (const struct iphdr *)&ih[1]; + } + + /* in xmit-path use dest port by default and source port only if + this is an ICMP reply to something else; vice versa in rcv-path */ + use_dest_addr = (xmit && dsth == iph) || (!xmit && dsth != iph); + + /* get dst port */ + if (((u8 *)&dsth[1]) <= end && (dsth->protocol == IPPROTO_UDP || + dsth->protocol == IPPROTO_TCP || + dsth->protocol == IPPROTO_SCTP || + dsth->protocol == IPPROTO_DCCP)) { + /* for UDP, TCP, SCTP and DCCP source and dest port + follow IPv4 header directly */ + portp = ((u8 *)dsth) + dsth->ihl * 4; + + if (use_dest_addr) + portp += sizeof(u16); + } else if (iph->protocol == IPPROTO_ICMP) { + struct icmphdr *ih = (struct icmphdr *)(((u8 *)dsth) + dsth->ihl * 4); + + /* use icmp identifier as port */ + if (((u8 *)&ih) <= end && ((use_dest_addr && (ih->type == ICMP_ECHOREPLY || + ih->type == ICMP_TIMESTAMPREPLY || + ih->type == ICMP_INFO_REPLY || + ih->type == ICMP_ADDRESSREPLY)) || + (!use_dest_addr && (ih->type == ICMP_ECHO || + ih->type == ICMP_TIMESTAMP || + ih->type == ICMP_INFO_REQUEST || + ih->type == ICMP_ADDRESS)))) + portp = (u8 *)&ih->un.echo.id; + } + + if ((portp && &portp[2] <= end) || psidlen == 0) { + int frombyte = fmr->ip6_prefix_len / 8; + int fromrem = fmr->ip6_prefix_len % 8; + int bytes = sizeof(struct in6_addr) - frombyte; + const u32 *addr = (use_dest_addr) ? &iph->daddr : &iph->saddr; + u64 eabits = ((u64)ntohl(*addr)) << (32 + fmr->ip4_prefix_len); + u64 t = 0; + + /* extract PSID from port and add it to eabits */ + u16 psidbits = 0; + if (psidlen > 0) { + psidbits = ((u16)portp[0]) << 8 | ((u16)portp[1]); + psidbits >>= 16 - psidlen - fmr->offset; + psidbits = (u16)(psidbits << (16 - psidlen)); + eabits |= ((u64)psidbits) << (48 - (fmr->ea_len - psidlen)); + } + + /* rewrite destination address */ + *dest = fmr->ip6_prefix; + memcpy(&dest->s6_addr[10], addr, sizeof(*addr)); + dest->s6_addr16[7] = htons(psidbits >> (16 - psidlen)); + + if (bytes > sizeof(u64)) + bytes = sizeof(u64); + + /* insert eabits */ + memcpy(&t, &dest->s6_addr[frombyte], bytes); + t = be64_to_cpu(t) & ~(((((u64)1) << fmr->ea_len) - 1) + << (64 - fmr->ea_len - fromrem)); + t = cpu_to_be64(t | (eabits >> fromrem)); + memcpy(&dest->s6_addr[frombyte], &t, bytes); + } +} + static int __ip6_tnl_rcv(struct ip6_tnl *tunnel, struct sk_buff *skb, const struct tnl_ptk_info *tpi, struct metadata_dst *tun_dst, @@ -831,6 +944,25 @@ skb_reset_network_header(skb); memset(skb->cb, 0, sizeof(struct inet6_skb_parm)); + if (tpi->proto == htons(ETH_P_IP) && tunnel->parms.fmrs && + !ipv6_addr_equal(&ipv6h->saddr, &tunnel->parms.raddr)) { + /* Packet didn't come from BR, so lookup FMR */ + struct __ip6_tnl_fmr *fmr; + struct in6_addr expected = tunnel->parms.raddr; + for (fmr = tunnel->parms.fmrs; fmr; fmr = fmr->next) + if (ipv6_prefix_equal(&ipv6h->saddr, + &fmr->ip6_prefix, fmr->ip6_prefix_len)) + break; + + /* Check that IPv6 matches IPv4 source to prevent spoofing */ + if (fmr) + ip4ip6_fmr_calc(&expected, ip_hdr(skb), + skb_tail_pointer(skb), fmr, false); + + if (!ipv6_addr_equal(&ipv6h->saddr, &expected)) + goto drop; + } + __skb_tunnel_rx(skb, tunnel->dev, tunnel->net); err = dscp_ecn_decapsulate(tunnel, ipv6h, skb); @@ -965,7 +1097,7 @@ opt->dst_opt[5] = IPV6_TLV_PADN; opt->dst_opt[6] = 1; - opt->ops.dst0opt = (struct ipv6_opt_hdr *) opt->dst_opt; + opt->ops.dst1opt = (struct ipv6_opt_hdr *)opt->dst_opt; opt->ops.opt_nflen = 8; } @@ -1147,11 +1279,18 @@ if (skb_dst(skb) && !t->parms.collect_md) skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu); if (skb->len - t->tun_hlen - eth_hlen > mtu && !skb_is_gso(skb)) { + if ((fl6->flowi6_proto == IPPROTO_IPIP)) { + struct iphdr *ipv4h = ip_hdr(skb); + if (!(ipv4h->frag_off & htons(IP_DF))) + goto ipv6_frag; + } *pmtu = mtu; err = -EMSGSIZE; goto tx_err_dst_release; } +ipv6_frag: + if (t->err_count > 0) { if (time_before(jiffies, t->err_time + IP6TUNNEL_ERR_TIMEO)) { @@ -1207,7 +1346,7 @@ if (encap_limit >= 0) { init_tel_txopt(&opt, encap_limit); - ipv6_push_nfrag_opts(skb, &opt.ops, &proto, NULL); + ipv6_push_frag_opts(skb, &opt.ops, &proto); } skb_push(skb, sizeof(struct ipv6hdr)); @@ -1219,6 +1358,11 @@ ipv6h->nexthdr = proto; ipv6h->saddr = fl6->saddr; ipv6h->daddr = fl6->daddr; + if (fl6->flowi6_proto == IPPROTO_IPIP && + skb->dev->type == ARPHRD_TUNNEL6 && + (skb->len > ip6_skb_dst_mtu(skb))) { + skb->ignore_df = 1; + } ip6tunnel_xmit(NULL, skb, dev); return 0; tx_err_link_failure: @@ -1235,6 +1379,7 @@ { struct ip6_tnl *t = netdev_priv(dev); const struct iphdr *iph; + struct __ip6_tnl_fmr *fmr; int encap_limit = -1; struct flowi6 fl6; __u8 dsfield; @@ -1282,8 +1427,22 @@ fl6.flowi6_mark = skb->mark; } + fl6.flowi6_uid = sock_net_uid(dev_net(dev), NULL); dsfield = INET_ECN_encapsulate(dsfield, ipv4_get_dsfield(iph)); + /* try to find matching FMR (Forwarding Mapping Rules) */ + for (fmr = t->parms.fmrs; fmr; fmr = fmr->next) { + unsigned mshift = 32 - fmr->ip4_prefix_len; + if (ntohl(fmr->ip4_prefix.s_addr) >> mshift == + ntohl(ip_hdr(skb)->daddr) >> mshift) + break; + } + + /* change dstaddr according to FMR */ + if (fmr) + ip4ip6_fmr_calc(&fl6.daddr, ip_hdr(skb), + skb_tail_pointer(skb), fmr, true); + if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6)) return -1; @@ -1307,6 +1466,7 @@ { struct ip6_tnl *t = netdev_priv(dev); struct ipv6hdr *ipv6h; + struct __ip6_tnl_fmr *fmr; int encap_limit = -1; __u16 offset; struct flowi6 fl6; @@ -1369,8 +1529,22 @@ fl6.flowi6_mark = skb->mark; } + fl6.flowi6_uid = sock_net_uid(dev_net(dev), NULL); dsfield = INET_ECN_encapsulate(dsfield, ipv6_get_dsfield(ipv6h)); + /* try to find matching FMR */ + for (fmr = t->parms.fmrs; fmr; fmr = fmr->next) { + unsigned mshift = 32 - fmr->ip4_prefix_len; + if (ntohl(fmr->ip4_prefix.s_addr) >> mshift == + ntohl(ip_hdr(skb)->daddr) >> mshift) + break; + } + + /* change dstaddr according to FMR */ + if (fmr) + ip4ip6_fmr_calc(&fl6.daddr, ip_hdr(skb), + skb_tail_pointer(skb), fmr, true); + if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6)) return -1; @@ -1496,6 +1670,14 @@ t->parms.flowinfo = p->flowinfo; t->parms.link = p->link; t->parms.proto = p->proto; + + while (t->parms.fmrs) { + struct __ip6_tnl_fmr *next = t->parms.fmrs->next; + kfree(t->parms.fmrs); + t->parms.fmrs = next; + } + t->parms.fmrs = p->fmrs; + dst_cache_reset(&t->dst_cache); ip6_tnl_link_config(t); return 0; @@ -1534,6 +1716,7 @@ p->flowinfo = u->flowinfo; p->link = u->link; p->proto = u->proto; + p->fmrs = NULL; memcpy(p->name, u->name, sizeof(u->name)); } @@ -1551,6 +1734,134 @@ memcpy(u->name, p->name, sizeof(u->name)); } +static int if_map_parm_unique(struct ip6_tnl *t, struct map_rule_parm *p_rule) +{ + struct __ip6_tnl_fmr *fmr = NULL; + fmr = t->parms.fmrs; + while (fmr) { + /*Compare v6 prefix, v4 prefix and ea-length*/ + if ((ipv6_prefix_equal(&p_rule->ipv6_prefix, &fmr->ip6_prefix, + p_rule->ipv6_prefix_length)) && + ((ntohl(fmr->ip4_prefix.s_addr) >> (32 - fmr->ip4_prefix_len)) == ((ntohl(p_rule->ipv4_prefix)) >> (32 - p_rule->ipv4_prefix_length))) && (fmr->ea_len == p_rule->ea_length)) { + return 1; + } + fmr = fmr->next; + } + return 0; +} + +static void ipmap_parm_to_user(struct __ip6_tnl_fmr *fmrs, + struct map_rule_parm *p_rule) +{ + p_rule->ipv6_prefix_length = fmrs->ip6_prefix_len; + p_rule->ipv4_prefix_length = fmrs->ip4_prefix_len; + p_rule->ea_length = fmrs->ea_len; + p_rule->psid_offset = 6; /* fix 6 bits for offset */ + memcpy(&p_rule->ipv6_prefix, &fmrs->ip6_prefix, + sizeof(fmrs->ip6_prefix)); + memcpy(&p_rule->ipv4_prefix, &fmrs->ip4_prefix, + sizeof(fmrs->ip4_prefix)); +} + +static int ipmap_parm_from_user(struct map_rule_parm *p_rule, + struct __ip6_tnl_parm *p2, struct net *net, struct ip6_tnl **tnl) +{ + struct __ip6_tnl_fmr *t_parm = NULL, *fmr_node = NULL; + struct ip6_tnl *t = NULL; + p2->laddr = p_rule->laddr; + p2->raddr = p_rule->raddr; + + t = ip6_tnl_locate(net, p2, 0); + if (!IS_ERR(t)) { + if (if_map_parm_unique(t, p_rule)) + return -EINVAL; + p2->fmrs = kzalloc(sizeof(struct __ip6_tnl_fmr), GFP_KERNEL); + if (!p2->fmrs) + return -ENOMEM; + p2->fmrs->next = NULL; + p2->fmrs->ip6_prefix_len = p_rule->ipv6_prefix_length; + p2->fmrs->ip4_prefix_len = p_rule->ipv4_prefix_length; + p2->fmrs->ea_len = p_rule->ea_length; + p2->fmrs->offset = p_rule->psid_offset; + memcpy(&p2->fmrs->ip6_prefix, &p_rule->ipv6_prefix, + sizeof(p2->fmrs->ip6_prefix)); + memcpy(&p2->fmrs->ip4_prefix, &p_rule->ipv4_prefix, + sizeof(p2->fmrs->ip4_prefix)); + p2->laddr = t->parms.laddr; + p2->raddr = t->parms.raddr; + p2->flags = t->parms.flags; + p2->hop_limit = t->parms.hop_limit; + p2->encap_limit = t->parms.encap_limit; + p2->flowinfo = t->parms.flowinfo; + p2->link = t->parms.link; + p2->proto = t->parms.proto; + memcpy(p2->name, t->parms.name, sizeof(t->parms.name)); + t_parm = t->parms.fmrs; + + /* Copy fmr link list from the tunnel parm*/ + while (t_parm != NULL) { + fmr_node = kzalloc(sizeof(struct __ip6_tnl_fmr), + GFP_KERNEL); + if (!fmr_node) + return -ENOMEM; + memcpy(fmr_node, t_parm, sizeof(struct __ip6_tnl_fmr)); + fmr_node->next = p2->fmrs; + p2->fmrs = fmr_node; + t_parm = t_parm->next; + } + } else { + return -1; + } + *tnl = t; + return 0; +} + +static int del_fmr(struct map_rule_parm *p_rule, struct net *net) +{ + int fmr_del = -ENOENT; + struct ip6_tnl *t = NULL; + struct __ip6_tnl_parm p2; + struct __ip6_tnl_fmr *prev_fmrs = NULL, *fmrs = NULL, *temp = NULL; + memcpy(&p2.laddr, &p_rule->laddr, sizeof(p2.laddr)); + memcpy(&p2.raddr, &p_rule->raddr, sizeof(p2.raddr)); + + /* Locate the tunnel from the given remote and local address*/ + t = ip6_tnl_locate(net, &p2, 0); + if (!IS_ERR(t)) + return -ENOENT; + fmrs = t->parms.fmrs; + temp = t->parms.fmrs; + prev_fmrs = t->parms.fmrs; + + /* Find the node by matching the Param "IPv6 Prefix, + IPv4 Prefix & EA LENGTH" */ + if (t->parms.fmrs) { + if (((ipv6_prefix_equal(&p_rule->ipv6_prefix, + &fmrs->ip6_prefix, p_rule->ipv6_prefix_length))) && + ((ntohl(fmrs->ip4_prefix.s_addr) >> (32 - fmrs->ip4_prefix_len)) == ((ntohl(p_rule->ipv4_prefix)) >> (32 - p_rule->ipv4_prefix_length))) && (fmrs->ea_len == p_rule->ea_length)) { + fmr_del = 1; + t->parms.fmrs = fmrs->next; + kfree(fmrs); + } else { + while (fmrs != NULL) { + if (((ipv6_prefix_equal(&p_rule->ipv6_prefix, + &fmrs->ip6_prefix, + p_rule->ipv6_prefix_length))) && + ((ntohl(fmrs->ip4_prefix.s_addr) >> (32 - fmrs->ip4_prefix_len)) == ((ntohl(p_rule->ipv4_prefix)) >> (32 - p_rule->ipv4_prefix_length))) && (fmrs->ea_len == p_rule->ea_length)) { + prev_fmrs->next = fmrs->next; + kfree(fmrs); + fmr_del = 1; + break; + } + prev_fmrs = fmrs; + fmrs = fmrs->next; + } + } + } + + return fmr_del; +} + /** * ip6_tnl_ioctl - configure ipv6 tunnels from userspace * @dev: virtual device associated with tunnel @@ -1582,12 +1893,15 @@ static int ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) { - int err = 0; + int err = 0, fmrs_count = 0, i; struct ip6_tnl_parm p; - struct __ip6_tnl_parm p1; + struct __ip6_tnl_parm p1, p2; struct ip6_tnl *t = netdev_priv(dev); + struct __ip6_tnl_fmr *temp = NULL; struct net *net = t->net; struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); + struct map_parm *pptr, pParm; + struct map_rule_parm *p_rule; memset(&p1, 0, sizeof(p1)); @@ -1610,6 +1924,7 @@ err = -EFAULT; } break; + case SIOCADDTUNNEL: case SIOCCHGTUNNEL: err = -EPERM; @@ -1669,6 +1984,99 @@ err = 0; unregister_netdevice(dev); break; + case SIOCGETRULES: + case SIOCGETPRL: + if (t == NULL) + t = netdev_priv(dev); + if (t != NULL) { + if (cmd == SIOCGETRULES) { + if (t->parms.fmrs != NULL) { + temp = t->parms.fmrs; + while (temp != NULL) { + temp = temp->next; + fmrs_count++; + } + if (!fmrs_count) + err = ENOENT; + pParm.rule_num = fmrs_count; + if (copy_to_user(ifr->ifr_ifru.ifru_data, + &pParm, + sizeof(struct map_parm))) + err = -EFAULT; + } else { + err = ENOENT; + } + } + if (cmd == SIOCGETPRL) { + temp = t->parms.fmrs; + while (temp != NULL) { + temp = temp->next; + fmrs_count++; + } + pptr = kzalloc(sizeof(struct map_parm) + (sizeof(struct map_rule_parm) * fmrs_count), GFP_KERNEL); + if (!pptr) + break; + temp = t->parms.fmrs; + for (i = 0; i < fmrs_count; i++) { + if (temp != NULL) { + ipmap_parm_to_user(temp, + &pptr->rule[i]); + temp = temp->next; + } + } + pptr->rule_num = fmrs_count; + if (copy_to_user(ifr->ifr_ifru.ifru_data, pptr, + sizeof(struct map_parm) + (sizeof(struct map_rule_parm) * fmrs_count))) + err = -EFAULT; + if (pptr != NULL) + kfree(pptr); + } + } else { + err = -EINVAL; + } + break; + case SIOCADDPRL: + err = -EPERM; + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) + break; + pptr = kzalloc(sizeof(struct map_parm) + sizeof(struct map_rule_parm), GFP_KERNEL); + if (!pptr) + break; + memset(&p2, 0, sizeof(p2)); + if (copy_from_user(pptr, ifr->ifr_ifru.ifru_data, + sizeof(struct map_parm) + sizeof(struct map_rule_parm))) + break; + p_rule = &pptr->rule[0]; + + if (ipmap_parm_from_user(p_rule, &p2, net, &t) == 0) { + err = ip6_tnl_update(t, &p2); + ipmap_parm_to_user(t->parms.fmrs, p_rule); + if (copy_to_user(ifr->ifr_ifru.ifru_data, + pptr, sizeof(struct map_parm) + sizeof(struct map_rule_parm))) + err = -EFAULT; + + } else { + err = -ENOENT; + } + kfree(pptr); + break; + case SIOCDELPRL: + err = -EPERM; + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) + break; + pptr = kzalloc(sizeof(struct map_parm) + sizeof(struct map_rule_parm), GFP_KERNEL); + if (!pptr) + break; + memset(&p2, 0, sizeof(p2)); + if (copy_from_user(pptr, ifr->ifr_ifru.ifru_data, + sizeof(struct map_parm) + sizeof(struct map_rule_parm))) + break; + p_rule = &pptr->rule[0]; + err = 0; + if (!del_fmr(p_rule, net)) + err = -ENOENT; + kfree(pptr); + break; default: err = -EINVAL; } @@ -1909,6 +2317,15 @@ return 0; } +static const struct nla_policy ip6_tnl_fmr_policy[IFLA_IPTUN_FMR_MAX + 1] = { + [IFLA_IPTUN_FMR_IP6_PREFIX] = { .len = sizeof(struct in6_addr) }, + [IFLA_IPTUN_FMR_IP4_PREFIX] = { .len = sizeof(struct in_addr) }, + [IFLA_IPTUN_FMR_IP6_PREFIX_LEN] = { .type = NLA_U8 }, + [IFLA_IPTUN_FMR_IP4_PREFIX_LEN] = { .type = NLA_U8 }, + [IFLA_IPTUN_FMR_EA_LEN] = { .type = NLA_U8 }, + [IFLA_IPTUN_FMR_OFFSET] = { .type = NLA_U8 } +}; + static void ip6_tnl_netlink_parms(struct nlattr *data[], struct __ip6_tnl_parm *parms) { @@ -1943,6 +2360,46 @@ if (data[IFLA_IPTUN_COLLECT_METADATA]) parms->collect_md = true; + + if (data[IFLA_IPTUN_FMRS]) { + unsigned rem; + struct nlattr *fmr; + nla_for_each_nested (fmr, data[IFLA_IPTUN_FMRS], rem) { + struct nlattr *fmrd[IFLA_IPTUN_FMR_MAX + 1], *c; + struct __ip6_tnl_fmr *nfmr; + + nla_parse_nested(fmrd, IFLA_IPTUN_FMR_MAX, + fmr, ip6_tnl_fmr_policy); + + if (!(nfmr = kzalloc(sizeof(*nfmr), GFP_KERNEL))) + continue; + + nfmr->offset = 6; + + if ((c = fmrd[IFLA_IPTUN_FMR_IP6_PREFIX])) + nla_memcpy(&nfmr->ip6_prefix, fmrd[IFLA_IPTUN_FMR_IP6_PREFIX], + sizeof(nfmr->ip6_prefix)); + + if ((c = fmrd[IFLA_IPTUN_FMR_IP4_PREFIX])) + nla_memcpy(&nfmr->ip4_prefix, fmrd[IFLA_IPTUN_FMR_IP4_PREFIX], + sizeof(nfmr->ip4_prefix)); + + if ((c = fmrd[IFLA_IPTUN_FMR_IP6_PREFIX_LEN])) + nfmr->ip6_prefix_len = nla_get_u8(c); + + if ((c = fmrd[IFLA_IPTUN_FMR_IP4_PREFIX_LEN])) + nfmr->ip4_prefix_len = nla_get_u8(c); + + if ((c = fmrd[IFLA_IPTUN_FMR_EA_LEN])) + nfmr->ea_len = nla_get_u8(c); + + if ((c = fmrd[IFLA_IPTUN_FMR_OFFSET])) + nfmr->offset = nla_get_u8(c); + + nfmr->next = parms->fmrs; + parms->fmrs = nfmr; + } + } } static bool ip6_tnl_netlink_encap_parms(struct nlattr *data[], @@ -2056,6 +2513,12 @@ static size_t ip6_tnl_get_size(const struct net_device *dev) { + const struct ip6_tnl *t = netdev_priv(dev); + struct __ip6_tnl_fmr *c; + int fmrs = 0; + for (c = t->parms.fmrs; c; c = c->next) + ++fmrs; + return /* IFLA_IPTUN_LINK */ nla_total_size(4) + @@ -2083,6 +2546,24 @@ nla_total_size(2) + /* IFLA_IPTUN_COLLECT_METADATA */ nla_total_size(0) + + /* IFLA_IPTUN_FMRS */ + nla_total_size(0) + + ( + /* nest */ + nla_total_size(0) + + /* IFLA_IPTUN_FMR_IP6_PREFIX */ + nla_total_size(sizeof(struct in6_addr)) + + /* IFLA_IPTUN_FMR_IP4_PREFIX */ + nla_total_size(sizeof(struct in_addr)) + + /* IFLA_IPTUN_FMR_EA_LEN */ + nla_total_size(1) + + /* IFLA_IPTUN_FMR_IP6_PREFIX_LEN */ + nla_total_size(1) + + /* IFLA_IPTUN_FMR_IP4_PREFIX_LEN */ + nla_total_size(1) + + /* IFLA_IPTUN_FMR_OFFSET */ + nla_total_size(1)) * + fmrs + 0; } @@ -2090,6 +2571,9 @@ { struct ip6_tnl *tunnel = netdev_priv(dev); struct __ip6_tnl_parm *parm = &tunnel->parms; + struct __ip6_tnl_fmr *c; + int fmrcnt = 0; + struct nlattr *fmrs; if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) || nla_put_in6_addr(skb, IFLA_IPTUN_LOCAL, &parm->laddr) || @@ -2098,9 +2582,27 @@ nla_put_u8(skb, IFLA_IPTUN_ENCAP_LIMIT, parm->encap_limit) || nla_put_be32(skb, IFLA_IPTUN_FLOWINFO, parm->flowinfo) || nla_put_u32(skb, IFLA_IPTUN_FLAGS, parm->flags) || - nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->proto)) + nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->proto) || + !(fmrs = nla_nest_start(skb, IFLA_IPTUN_FMRS))) goto nla_put_failure; + for (c = parm->fmrs; c; c = c->next) { + struct nlattr *fmr = nla_nest_start(skb, ++fmrcnt); + if (!fmr || + nla_put(skb, IFLA_IPTUN_FMR_IP6_PREFIX, + sizeof(c->ip6_prefix), &c->ip6_prefix) || + nla_put(skb, IFLA_IPTUN_FMR_IP4_PREFIX, + sizeof(c->ip4_prefix), &c->ip4_prefix) || + nla_put_u8(skb, IFLA_IPTUN_FMR_IP6_PREFIX_LEN, c->ip6_prefix_len) || + nla_put_u8(skb, IFLA_IPTUN_FMR_IP4_PREFIX_LEN, c->ip4_prefix_len) || + nla_put_u8(skb, IFLA_IPTUN_FMR_EA_LEN, c->ea_len) || + nla_put_u8(skb, IFLA_IPTUN_FMR_OFFSET, c->offset)) + goto nla_put_failure; + + nla_nest_end(skb, fmr); + } + nla_nest_end(skb, fmrs); + if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE, tunnel->encap.type) || nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT, tunnel->encap.sport) || nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT, tunnel->encap.dport) || @@ -2125,19 +2627,20 @@ EXPORT_SYMBOL(ip6_tnl_get_link_net); static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { - [IFLA_IPTUN_LINK] = { .type = NLA_U32 }, - [IFLA_IPTUN_LOCAL] = { .len = sizeof(struct in6_addr) }, - [IFLA_IPTUN_REMOTE] = { .len = sizeof(struct in6_addr) }, - [IFLA_IPTUN_TTL] = { .type = NLA_U8 }, - [IFLA_IPTUN_ENCAP_LIMIT] = { .type = NLA_U8 }, - [IFLA_IPTUN_FLOWINFO] = { .type = NLA_U32 }, - [IFLA_IPTUN_FLAGS] = { .type = NLA_U32 }, - [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, - [IFLA_IPTUN_ENCAP_TYPE] = { .type = NLA_U16 }, - [IFLA_IPTUN_ENCAP_FLAGS] = { .type = NLA_U16 }, - [IFLA_IPTUN_ENCAP_SPORT] = { .type = NLA_U16 }, - [IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 }, - [IFLA_IPTUN_COLLECT_METADATA] = { .type = NLA_FLAG }, + [IFLA_IPTUN_LINK] = { .type = NLA_U32 }, + [IFLA_IPTUN_LOCAL] = { .len = sizeof(struct in6_addr) }, + [IFLA_IPTUN_REMOTE] = { .len = sizeof(struct in6_addr) }, + [IFLA_IPTUN_TTL] = { .type = NLA_U8 }, + [IFLA_IPTUN_ENCAP_LIMIT] = { .type = NLA_U8 }, + [IFLA_IPTUN_FLOWINFO] = { .type = NLA_U32 }, + [IFLA_IPTUN_FLAGS] = { .type = NLA_U32 }, + [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, + [IFLA_IPTUN_ENCAP_TYPE] = { .type = NLA_U16 }, + [IFLA_IPTUN_ENCAP_FLAGS] = { .type = NLA_U16 }, + [IFLA_IPTUN_ENCAP_SPORT] = { .type = NLA_U16 }, + [IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 }, + [IFLA_IPTUN_COLLECT_METADATA] = { .type = NLA_FLAG }, + [IFLA_IPTUN_FMRS] = { .type = NLA_NESTED }, }; static struct rtnl_link_ops ip6_link_ops __read_mostly = {