^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * vrf.c: device driver to encapsulate a VRF space
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Copyright (c) 2015 Cumulus Networks. All rights reserved.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * Copyright (c) 2015 Shrijeet Mukherjee <shm@cumulusnetworks.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * Copyright (c) 2015 David Ahern <dsa@cumulusnetworks.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) * Based on dummy, team and ipvlan drivers
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <linux/netdevice.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/etherdevice.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/ip.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <linux/init.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/moduleparam.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <linux/netfilter.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <linux/rtnetlink.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include <net/rtnetlink.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #include <linux/u64_stats_sync.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) #include <linux/hashtable.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #include <linux/spinlock_types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #include <linux/inetdevice.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) #include <net/arp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) #include <net/ip.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) #include <net/ip_fib.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) #include <net/ip6_fib.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) #include <net/ip6_route.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) #include <net/route.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) #include <net/addrconf.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) #include <net/l3mdev.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) #include <net/fib_rules.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) #include <net/netns/generic.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) #include <net/netfilter/nf_conntrack.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) #define DRV_NAME "vrf"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) #define DRV_VERSION "1.1"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) #define FIB_RULE_PREF 1000 /* default preference for FIB rules */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) #define HT_MAP_BITS 4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) #define HASH_INITVAL ((u32)0xcafef00d)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) struct vrf_map {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) DECLARE_HASHTABLE(ht, HT_MAP_BITS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) spinlock_t vmap_lock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) /* shared_tables:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) * count how many distinct tables do not comply with the strict mode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) * requirement.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) * shared_tables value must be 0 in order to enable the strict mode.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) * example of the evolution of shared_tables:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) * | time
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) * add vrf0 --> table 100 shared_tables = 0 | t0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) * add vrf1 --> table 101 shared_tables = 0 | t1
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) * add vrf2 --> table 100 shared_tables = 1 | t2
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) * add vrf3 --> table 100 shared_tables = 1 | t3
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) * add vrf4 --> table 101 shared_tables = 2 v t4
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) * shared_tables is a "step function" (or "staircase function")
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) * and it is increased by one when the second vrf is associated to a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) * table.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) * at t2, vrf0 and vrf2 are bound to table 100: shared_tables = 1.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) * at t3, another dev (vrf3) is bound to the same table 100 but the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) * value of shared_tables is still 1.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72) * This means that no matter how many new vrfs will register on the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) * table 100, the shared_tables will not increase (considering only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) * table 100).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) * at t4, vrf4 is bound to table 101, and shared_tables = 2.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) * Looking at the value of shared_tables we can immediately know if
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) * the strict_mode can or cannot be enforced. Indeed, strict_mode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) * can be enforced iff shared_tables = 0.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) * Conversely, shared_tables is decreased when a vrf is de-associated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) * from a table with exactly two associated vrfs.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) u32 shared_tables;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) bool strict_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) struct vrf_map_elem {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) struct hlist_node hnode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) struct list_head vrf_list; /* VRFs registered to this table */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) u32 table_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) int users;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) int ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) static unsigned int vrf_net_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) /* per netns vrf data */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) struct netns_vrf {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) /* protected by rtnl lock */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) bool add_fib_rules;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) struct vrf_map vmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) struct ctl_table_header *ctl_hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) struct net_vrf {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) struct rtable __rcu *rth;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) struct rt6_info __rcu *rt6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) struct fib6_table *fib6_table;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) u32 tb_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) struct list_head me_list; /* entry in vrf_map_elem */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) int ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) struct pcpu_dstats {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) u64 tx_pkts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) u64 tx_bytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) u64 tx_drps;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) u64 rx_pkts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) u64 rx_bytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) u64 rx_drps;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) struct u64_stats_sync syncp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) static void vrf_rx_stats(struct net_device *dev, int len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) struct pcpu_dstats *dstats = this_cpu_ptr(dev->dstats);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) u64_stats_update_begin(&dstats->syncp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) dstats->rx_pkts++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) dstats->rx_bytes += len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) u64_stats_update_end(&dstats->syncp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) static void vrf_tx_error(struct net_device *vrf_dev, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) vrf_dev->stats.tx_errors++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) static void vrf_get_stats64(struct net_device *dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) struct rtnl_link_stats64 *stats)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) for_each_possible_cpu(i) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) const struct pcpu_dstats *dstats;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) u64 tbytes, tpkts, tdrops, rbytes, rpkts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) unsigned int start;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) dstats = per_cpu_ptr(dev->dstats, i);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) do {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) start = u64_stats_fetch_begin_irq(&dstats->syncp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) tbytes = dstats->tx_bytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) tpkts = dstats->tx_pkts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) tdrops = dstats->tx_drps;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) rbytes = dstats->rx_bytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) rpkts = dstats->rx_pkts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) } while (u64_stats_fetch_retry_irq(&dstats->syncp, start));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) stats->tx_bytes += tbytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) stats->tx_packets += tpkts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) stats->tx_dropped += tdrops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) stats->rx_bytes += rbytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) stats->rx_packets += rpkts;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) static struct vrf_map *netns_vrf_map(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) struct netns_vrf *nn_vrf = net_generic(net, vrf_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) return &nn_vrf->vmap;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) static struct vrf_map *netns_vrf_map_by_dev(struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) return netns_vrf_map(dev_net(dev));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) static int vrf_map_elem_get_vrf_ifindex(struct vrf_map_elem *me)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) struct list_head *me_head = &me->vrf_list;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) struct net_vrf *vrf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) if (list_empty(me_head))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) return -ENODEV;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) vrf = list_first_entry(me_head, struct net_vrf, me_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) return vrf->ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) static struct vrf_map_elem *vrf_map_elem_alloc(gfp_t flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) struct vrf_map_elem *me;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) me = kmalloc(sizeof(*me), flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) if (!me)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) return me;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) static void vrf_map_elem_free(struct vrf_map_elem *me)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) kfree(me);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) static void vrf_map_elem_init(struct vrf_map_elem *me, int table_id,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) int ifindex, int users)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) me->table_id = table_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) me->ifindex = ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) me->users = users;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) INIT_LIST_HEAD(&me->vrf_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) static struct vrf_map_elem *vrf_map_lookup_elem(struct vrf_map *vmap,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) u32 table_id)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) struct vrf_map_elem *me;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) u32 key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) key = jhash_1word(table_id, HASH_INITVAL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) hash_for_each_possible(vmap->ht, me, hnode, key) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) if (me->table_id == table_id)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) return me;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) static void vrf_map_add_elem(struct vrf_map *vmap, struct vrf_map_elem *me)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) u32 table_id = me->table_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) u32 key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) key = jhash_1word(table_id, HASH_INITVAL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) hash_add(vmap->ht, &me->hnode, key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) static void vrf_map_del_elem(struct vrf_map_elem *me)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) hash_del(&me->hnode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) static void vrf_map_lock(struct vrf_map *vmap) __acquires(&vmap->vmap_lock)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) spin_lock(&vmap->vmap_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) static void vrf_map_unlock(struct vrf_map *vmap) __releases(&vmap->vmap_lock)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) spin_unlock(&vmap->vmap_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) /* called with rtnl lock held */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) vrf_map_register_dev(struct net_device *dev, struct netlink_ext_ack *extack)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) struct vrf_map *vmap = netns_vrf_map_by_dev(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) struct net_vrf *vrf = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) struct vrf_map_elem *new_me, *me;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) u32 table_id = vrf->tb_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) bool free_new_me = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) int users;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) int res;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) /* we pre-allocate elements used in the spin-locked section (so that we
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) * keep the spinlock as short as possibile).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) new_me = vrf_map_elem_alloc(GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) if (!new_me)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) vrf_map_elem_init(new_me, table_id, dev->ifindex, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) vrf_map_lock(vmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) me = vrf_map_lookup_elem(vmap, table_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) if (!me) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) me = new_me;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) vrf_map_add_elem(vmap, me);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) goto link_vrf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) /* we already have an entry in the vrf_map, so it means there is (at
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) * least) a vrf registered on the specific table.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) free_new_me = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) if (vmap->strict_mode) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) /* vrfs cannot share the same table */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) NL_SET_ERR_MSG(extack, "Table is used by another VRF");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) res = -EBUSY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) goto unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) link_vrf:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) users = ++me->users;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) if (users == 2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) ++vmap->shared_tables;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) list_add(&vrf->me_list, &me->vrf_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) res = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) unlock:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) vrf_map_unlock(vmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) /* clean-up, if needed */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) if (free_new_me)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) vrf_map_elem_free(new_me);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) return res;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) /* called with rtnl lock held */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) static void vrf_map_unregister_dev(struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) struct vrf_map *vmap = netns_vrf_map_by_dev(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) struct net_vrf *vrf = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) u32 table_id = vrf->tb_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) struct vrf_map_elem *me;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) int users;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) vrf_map_lock(vmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) me = vrf_map_lookup_elem(vmap, table_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) if (!me)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) goto unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) list_del(&vrf->me_list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) users = --me->users;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) if (users == 1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) --vmap->shared_tables;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) } else if (users == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) vrf_map_del_elem(me);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) /* no one will refer to this element anymore */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) vrf_map_elem_free(me);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) unlock:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) vrf_map_unlock(vmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) /* return the vrf device index associated with the table_id */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) static int vrf_ifindex_lookup_by_table_id(struct net *net, u32 table_id)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358) struct vrf_map *vmap = netns_vrf_map(net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) struct vrf_map_elem *me;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) int ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) vrf_map_lock(vmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) if (!vmap->strict_mode) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) ifindex = -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) goto unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) me = vrf_map_lookup_elem(vmap, table_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370) if (!me) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) ifindex = -ENODEV;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) goto unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) ifindex = vrf_map_elem_get_vrf_ifindex(me);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) unlock:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) vrf_map_unlock(vmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) return ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) /* by default VRF devices do not have a qdisc and are expected
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) * to be created with only a single queue.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) static bool qdisc_tx_is_default(const struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388) struct netdev_queue *txq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) struct Qdisc *qdisc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391) if (dev->num_tx_queues > 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) return false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) txq = netdev_get_tx_queue(dev, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) qdisc = rcu_access_pointer(txq->qdisc);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) return !qdisc->enqueue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) /* Local traffic destined to local address. Reinsert the packet to rx
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) * path, similar to loopback handling.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403) static int vrf_local_xmit(struct sk_buff *skb, struct net_device *dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) struct dst_entry *dst)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) int len = skb->len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) skb_orphan(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) skb_dst_set(skb, dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) /* set pkt_type to avoid skb hitting packet taps twice -
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413) * once on Tx and again in Rx processing
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) skb->pkt_type = PACKET_LOOPBACK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) skb->protocol = eth_type_trans(skb, dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) if (likely(netif_rx(skb) == NET_RX_SUCCESS))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) vrf_rx_stats(dev, len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) this_cpu_inc(dev->dstats->rx_drps);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) return NETDEV_TX_OK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) static void vrf_nf_set_untracked(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) if (skb_get_nfct(skb) == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) nf_ct_set(skb, NULL, IP_CT_UNTRACKED);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433) static void vrf_nf_reset_ct(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) if (skb_get_nfct(skb) == IP_CT_UNTRACKED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) nf_reset_ct(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) static int vrf_ip6_local_out(struct net *net, struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) vrf_nf_reset_ct(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) err = nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) sk, skb, NULL, skb_dst(skb)->dev, dst_output);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) if (likely(err == 1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) err = dst_output(net, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) static netdev_tx_t vrf_process_v6_outbound(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) const struct ipv6hdr *iph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) struct net *net = dev_net(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) struct flowi6 fl6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) int ret = NET_XMIT_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) struct dst_entry *dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) struct dst_entry *dst_null = &net->ipv6.ip6_null_entry->dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) if (!pskb_may_pull(skb, ETH_HLEN + sizeof(struct ipv6hdr)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) iph = ipv6_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) memset(&fl6, 0, sizeof(fl6));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) /* needed to match OIF rule */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) fl6.flowi6_oif = dev->ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) fl6.flowi6_iif = LOOPBACK_IFINDEX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) fl6.daddr = iph->daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) fl6.saddr = iph->saddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477) fl6.flowlabel = ip6_flowinfo(iph);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) fl6.flowi6_mark = skb->mark;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) fl6.flowi6_proto = iph->nexthdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480) fl6.flowi6_flags = FLOWI_FLAG_SKIP_NH_OIF;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) dst = ip6_dst_lookup_flow(net, NULL, &fl6, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) if (IS_ERR(dst) || dst == dst_null)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) skb_dst_drop(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) /* if dst.dev is loopback or the VRF device again this is locally
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) * originated traffic destined to a local address. Short circuit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) * to Rx path
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492) if (dst->dev == dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) return vrf_local_xmit(skb, dev, dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) skb_dst_set(skb, dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) /* strip the ethernet header added for pass through VRF device */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) __skb_pull(skb, skb_network_offset(skb));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501) ret = vrf_ip6_local_out(net, skb->sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) if (unlikely(net_xmit_eval(ret)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) dev->stats.tx_errors++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505) ret = NET_XMIT_SUCCESS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509) vrf_tx_error(dev, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) return NET_XMIT_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) static netdev_tx_t vrf_process_v6_outbound(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516) vrf_tx_error(dev, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) return NET_XMIT_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) /* based on ip_local_out; can't use it b/c the dst is switched pointing to us */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) static int vrf_ip_local_out(struct net *net, struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) vrf_nf_reset_ct(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) err = nf_hook(NFPROTO_IPV4, NF_INET_LOCAL_OUT, net, sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) skb, NULL, skb_dst(skb)->dev, dst_output);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) if (likely(err == 1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532) err = dst_output(net, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) static netdev_tx_t vrf_process_v4_outbound(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538) struct net_device *vrf_dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) struct iphdr *ip4h;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541) int ret = NET_XMIT_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) struct flowi4 fl4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543) struct net *net = dev_net(vrf_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) struct rtable *rt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) if (!pskb_may_pull(skb, ETH_HLEN + sizeof(struct iphdr)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) ip4h = ip_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) memset(&fl4, 0, sizeof(fl4));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) /* needed to match OIF rule */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) fl4.flowi4_oif = vrf_dev->ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) fl4.flowi4_iif = LOOPBACK_IFINDEX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555) fl4.flowi4_tos = RT_TOS(ip4h->tos);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) fl4.flowi4_flags = FLOWI_FLAG_ANYSRC | FLOWI_FLAG_SKIP_NH_OIF;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) fl4.flowi4_proto = ip4h->protocol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) fl4.daddr = ip4h->daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) fl4.saddr = ip4h->saddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561) rt = ip_route_output_flow(net, &fl4, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) if (IS_ERR(rt))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) skb_dst_drop(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) /* if dst.dev is loopback or the VRF device again this is locally
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568) * originated traffic destined to a local address. Short circuit
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) * to Rx path
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) if (rt->dst.dev == vrf_dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) return vrf_local_xmit(skb, vrf_dev, &rt->dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) skb_dst_set(skb, &rt->dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) /* strip the ethernet header added for pass through VRF device */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) __skb_pull(skb, skb_network_offset(skb));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579) if (!ip4h->saddr) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) ip4h->saddr = inet_select_addr(skb_dst(skb)->dev, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581) RT_SCOPE_LINK);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) ret = vrf_ip_local_out(dev_net(skb_dst(skb)->dev), skb->sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) if (unlikely(net_xmit_eval(ret)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587) vrf_dev->stats.tx_errors++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589) ret = NET_XMIT_SUCCESS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) vrf_tx_error(vrf_dev, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) static netdev_tx_t is_ip_tx_frame(struct sk_buff *skb, struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600) switch (skb->protocol) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) case htons(ETH_P_IP):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) return vrf_process_v4_outbound(skb, dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) case htons(ETH_P_IPV6):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) return vrf_process_v6_outbound(skb, dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) vrf_tx_error(dev, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) return NET_XMIT_DROP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611) static netdev_tx_t vrf_xmit(struct sk_buff *skb, struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) int len = skb->len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614) netdev_tx_t ret = is_ip_tx_frame(skb, dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616) if (likely(ret == NET_XMIT_SUCCESS || ret == NET_XMIT_CN)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) struct pcpu_dstats *dstats = this_cpu_ptr(dev->dstats);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619) u64_stats_update_begin(&dstats->syncp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) dstats->tx_pkts++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) dstats->tx_bytes += len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) u64_stats_update_end(&dstats->syncp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624) this_cpu_inc(dev->dstats->tx_drps);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) static void vrf_finish_direct(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) struct net_device *vrf_dev = skb->dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) if (!list_empty(&vrf_dev->ptype_all) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) likely(skb_headroom(skb) >= ETH_HLEN)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636) struct ethhdr *eth = skb_push(skb, ETH_HLEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638) ether_addr_copy(eth->h_source, vrf_dev->dev_addr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) eth_zero_addr(eth->h_dest);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) eth->h_proto = skb->protocol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) rcu_read_lock_bh();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643) dev_queue_xmit_nit(skb, vrf_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644) rcu_read_unlock_bh();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) skb_pull(skb, ETH_HLEN);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) vrf_nf_reset_ct(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) /* modelled after ip6_finish_output2 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) static int vrf_finish_output6(struct net *net, struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) struct dst_entry *dst = skb_dst(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) struct net_device *dev = dst->dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659) const struct in6_addr *nexthop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) struct neighbour *neigh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) vrf_nf_reset_ct(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) skb->protocol = htons(ETH_P_IPV6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) skb->dev = dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) rcu_read_lock_bh();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669) nexthop = rt6_nexthop((struct rt6_info *)dst, &ipv6_hdr(skb)->daddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) neigh = __ipv6_neigh_lookup_noref(dst->dev, nexthop);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) if (unlikely(!neigh))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672) neigh = __neigh_create(&nd_tbl, nexthop, dst->dev, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) if (!IS_ERR(neigh)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674) sock_confirm_neigh(skb, neigh);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) ret = neigh_output(neigh, skb, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676) rcu_read_unlock_bh();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) rcu_read_unlock_bh();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) IP6_INC_STATS(dev_net(dst->dev),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682) ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683) kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687) /* modelled after ip6_output */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688) static int vrf_output6(struct net *net, struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690) return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691) net, sk, skb, NULL, skb_dst(skb)->dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692) vrf_finish_output6,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693) !(IP6CB(skb)->flags & IP6SKB_REROUTED));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696) /* set dst on skb to send packet to us via dev_xmit path. Allows
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697) * packet to go through device based features such as qdisc, netfilter
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698) * hooks and packet sockets with skb->dev set to vrf device.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700) static struct sk_buff *vrf_ip6_out_redirect(struct net_device *vrf_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703) struct net_vrf *vrf = netdev_priv(vrf_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704) struct dst_entry *dst = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705) struct rt6_info *rt6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709) rt6 = rcu_dereference(vrf->rt6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710) if (likely(rt6)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711) dst = &rt6->dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712) dst_hold(dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 715) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 716)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 717) if (unlikely(!dst)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 718) vrf_tx_error(vrf_dev, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 719) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 720) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 721)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 722) skb_dst_drop(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 723) skb_dst_set(skb, dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 724)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 725) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 726) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 727)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 728) static int vrf_output6_direct_finish(struct net *net, struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 729) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 730) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 731) vrf_finish_direct(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 732)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 733) return vrf_ip6_local_out(net, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 734) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 735)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 736) static int vrf_output6_direct(struct net *net, struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 737) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 738) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 739) int err = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 740)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 741) skb->protocol = htons(ETH_P_IPV6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 742)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 743) if (!(IPCB(skb)->flags & IPSKB_REROUTED))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 744) err = nf_hook(NFPROTO_IPV6, NF_INET_POST_ROUTING, net, sk, skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 745) NULL, skb->dev, vrf_output6_direct_finish);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 746)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 747) if (likely(err == 1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 748) vrf_finish_direct(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 749)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 750) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 751) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 752)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 753) static int vrf_ip6_out_direct_finish(struct net *net, struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 754) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 755) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 756) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 757)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 758) err = vrf_output6_direct(net, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 759) if (likely(err == 1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 760) err = vrf_ip6_local_out(net, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 761)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 762) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 763) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 764)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 765) static struct sk_buff *vrf_ip6_out_direct(struct net_device *vrf_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 766) struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 767) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 768) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 769) struct net *net = dev_net(vrf_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 770) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 771)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 772) skb->dev = vrf_dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 773)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 774) err = nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, net, sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 775) skb, NULL, vrf_dev, vrf_ip6_out_direct_finish);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 776)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 777) if (likely(err == 1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 778) err = vrf_output6_direct(net, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 779)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 780) if (likely(err == 1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 781) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 782)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 783) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 784) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 785)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 786) static struct sk_buff *vrf_ip6_out(struct net_device *vrf_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 787) struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 788) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 789) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 790) /* don't divert link scope packets */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 791) if (rt6_need_strict(&ipv6_hdr(skb)->daddr))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 792) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 793)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 794) vrf_nf_set_untracked(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 795)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 796) if (qdisc_tx_is_default(vrf_dev) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 797) IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 798) return vrf_ip6_out_direct(vrf_dev, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 799)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 800) return vrf_ip6_out_redirect(vrf_dev, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 801) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 802)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 803) /* holding rtnl */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 804) static void vrf_rt6_release(struct net_device *dev, struct net_vrf *vrf)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 805) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 806) struct rt6_info *rt6 = rtnl_dereference(vrf->rt6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 807) struct net *net = dev_net(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 808) struct dst_entry *dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 809)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 810) RCU_INIT_POINTER(vrf->rt6, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 811) synchronize_rcu();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 812)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 813) /* move dev in dst's to loopback so this VRF device can be deleted
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 814) * - based on dst_ifdown
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 815) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 816) if (rt6) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 817) dst = &rt6->dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 818) dev_put(dst->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 819) dst->dev = net->loopback_dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 820) dev_hold(dst->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 821) dst_release(dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 822) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 823) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 824)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 825) static int vrf_rt6_create(struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 826) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 827) int flags = DST_NOPOLICY | DST_NOXFRM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 828) struct net_vrf *vrf = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 829) struct net *net = dev_net(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 830) struct rt6_info *rt6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 831) int rc = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 832)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 833) /* IPv6 can be CONFIG enabled and then disabled runtime */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 834) if (!ipv6_mod_enabled())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 835) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 836)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 837) vrf->fib6_table = fib6_new_table(net, vrf->tb_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 838) if (!vrf->fib6_table)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 839) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 840)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 841) /* create a dst for routing packets out a VRF device */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 842) rt6 = ip6_dst_alloc(net, dev, flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 843) if (!rt6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 844) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 845)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 846) rt6->dst.output = vrf_output6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 847)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 848) rcu_assign_pointer(vrf->rt6, rt6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 849)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 850) rc = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 851) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 852) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 853) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 854) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 855) static struct sk_buff *vrf_ip6_out(struct net_device *vrf_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 856) struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 857) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 858) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 859) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 860) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 861)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 862) static void vrf_rt6_release(struct net_device *dev, struct net_vrf *vrf)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 863) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 864) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 865)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 866) static int vrf_rt6_create(struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 867) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 868) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 869) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 870) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 871)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 872) /* modelled after ip_finish_output2 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 873) static int vrf_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 874) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 875) struct dst_entry *dst = skb_dst(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 876) struct rtable *rt = (struct rtable *)dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 877) struct net_device *dev = dst->dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 878) unsigned int hh_len = LL_RESERVED_SPACE(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 879) struct neighbour *neigh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 880) bool is_v6gw = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 881) int ret = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 882)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 883) vrf_nf_reset_ct(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 884)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 885) /* Be paranoid, rather than too clever. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 886) if (unlikely(skb_headroom(skb) < hh_len && dev->header_ops)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 887) struct sk_buff *skb2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 888)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 889) skb2 = skb_realloc_headroom(skb, LL_RESERVED_SPACE(dev));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 890) if (!skb2) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 891) ret = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 892) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 893) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 894) if (skb->sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 895) skb_set_owner_w(skb2, skb->sk);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 896)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 897) consume_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 898) skb = skb2;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 899) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 900)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 901) rcu_read_lock_bh();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 902)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 903) neigh = ip_neigh_for_gw(rt, skb, &is_v6gw);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 904) if (!IS_ERR(neigh)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 905) sock_confirm_neigh(skb, neigh);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 906) /* if crossing protocols, can not use the cached header */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 907) ret = neigh_output(neigh, skb, is_v6gw);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 908) rcu_read_unlock_bh();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 909) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 910) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 911)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 912) rcu_read_unlock_bh();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 913) err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 914) vrf_tx_error(skb->dev, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 915) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 916) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 917)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 918) static int vrf_output(struct net *net, struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 919) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 920) struct net_device *dev = skb_dst(skb)->dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 921)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 922) IP_UPD_PO_STATS(net, IPSTATS_MIB_OUT, skb->len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 923)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 924) skb->dev = dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 925) skb->protocol = htons(ETH_P_IP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 926)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 927) return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 928) net, sk, skb, NULL, dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 929) vrf_finish_output,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 930) !(IPCB(skb)->flags & IPSKB_REROUTED));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 931) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 932)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 933) /* set dst on skb to send packet to us via dev_xmit path. Allows
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 934) * packet to go through device based features such as qdisc, netfilter
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 935) * hooks and packet sockets with skb->dev set to vrf device.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 936) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 937) static struct sk_buff *vrf_ip_out_redirect(struct net_device *vrf_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 938) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 939) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 940) struct net_vrf *vrf = netdev_priv(vrf_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 941) struct dst_entry *dst = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 942) struct rtable *rth;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 943)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 944) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 945)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 946) rth = rcu_dereference(vrf->rth);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 947) if (likely(rth)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 948) dst = &rth->dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 949) dst_hold(dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 950) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 951)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 952) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 953)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 954) if (unlikely(!dst)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 955) vrf_tx_error(vrf_dev, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 956) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 957) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 958)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 959) skb_dst_drop(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 960) skb_dst_set(skb, dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 961)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 962) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 963) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 964)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 965) static int vrf_output_direct_finish(struct net *net, struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 966) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 967) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 968) vrf_finish_direct(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 969)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 970) return vrf_ip_local_out(net, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 971) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 972)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 973) static int vrf_output_direct(struct net *net, struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 974) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 975) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 976) int err = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 977)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 978) skb->protocol = htons(ETH_P_IP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 979)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 980) if (!(IPCB(skb)->flags & IPSKB_REROUTED))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 981) err = nf_hook(NFPROTO_IPV4, NF_INET_POST_ROUTING, net, sk, skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 982) NULL, skb->dev, vrf_output_direct_finish);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 983)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 984) if (likely(err == 1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 985) vrf_finish_direct(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 986)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 987) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 988) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 989)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 990) static int vrf_ip_out_direct_finish(struct net *net, struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 991) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 992) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 993) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 994)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 995) err = vrf_output_direct(net, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 996) if (likely(err == 1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 997) err = vrf_ip_local_out(net, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 998)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 999) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1000) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1001)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1002) static struct sk_buff *vrf_ip_out_direct(struct net_device *vrf_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1003) struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1004) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1005) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1006) struct net *net = dev_net(vrf_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1007) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1008)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1009) skb->dev = vrf_dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1010)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1011) err = nf_hook(NFPROTO_IPV4, NF_INET_LOCAL_OUT, net, sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1012) skb, NULL, vrf_dev, vrf_ip_out_direct_finish);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1013)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1014) if (likely(err == 1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1015) err = vrf_output_direct(net, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1016)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1017) if (likely(err == 1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1018) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1019)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1020) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1021) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1022)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1023) static struct sk_buff *vrf_ip_out(struct net_device *vrf_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1024) struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1025) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1026) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1027) /* don't divert multicast or local broadcast */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1028) if (ipv4_is_multicast(ip_hdr(skb)->daddr) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1029) ipv4_is_lbcast(ip_hdr(skb)->daddr))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1030) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1031)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1032) vrf_nf_set_untracked(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1033)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1034) if (qdisc_tx_is_default(vrf_dev) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1035) IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1036) return vrf_ip_out_direct(vrf_dev, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1037)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1038) return vrf_ip_out_redirect(vrf_dev, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1039) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1040)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1041) /* called with rcu lock held */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1042) static struct sk_buff *vrf_l3_out(struct net_device *vrf_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1043) struct sock *sk,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1044) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1045) u16 proto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1046) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1047) switch (proto) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1048) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1049) return vrf_ip_out(vrf_dev, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1050) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1051) return vrf_ip6_out(vrf_dev, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1052) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1053)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1054) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1055) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1056)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1057) /* holding rtnl */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1058) static void vrf_rtable_release(struct net_device *dev, struct net_vrf *vrf)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1059) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1060) struct rtable *rth = rtnl_dereference(vrf->rth);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1061) struct net *net = dev_net(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1062) struct dst_entry *dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1063)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1064) RCU_INIT_POINTER(vrf->rth, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1065) synchronize_rcu();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1066)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1067) /* move dev in dst's to loopback so this VRF device can be deleted
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1068) * - based on dst_ifdown
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1069) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1070) if (rth) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1071) dst = &rth->dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1072) dev_put(dst->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1073) dst->dev = net->loopback_dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1074) dev_hold(dst->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1075) dst_release(dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1076) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1077) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1078)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1079) static int vrf_rtable_create(struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1080) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1081) struct net_vrf *vrf = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1082) struct rtable *rth;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1083)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1084) if (!fib_new_table(dev_net(dev), vrf->tb_id))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1085) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1086)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1087) /* create a dst for routing packets out through a VRF device */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1088) rth = rt_dst_alloc(dev, 0, RTN_UNICAST, 1, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1089) if (!rth)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1090) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1091)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1092) rth->dst.output = vrf_output;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1093)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1094) rcu_assign_pointer(vrf->rth, rth);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1095)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1096) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1097) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1098)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1099) /**************************** device handling ********************/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1100)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1101) /* cycle interface to flush neighbor cache and move routes across tables */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1102) static void cycle_netdev(struct net_device *dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1103) struct netlink_ext_ack *extack)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1104) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1105) unsigned int flags = dev->flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1106) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1107)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1108) if (!netif_running(dev))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1109) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1110)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1111) ret = dev_change_flags(dev, flags & ~IFF_UP, extack);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1112) if (ret >= 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1113) ret = dev_change_flags(dev, flags, extack);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1115) if (ret < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1116) netdev_err(dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1117) "Failed to cycle device %s; route tables might be wrong!\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1118) dev->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1119) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1120) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1121)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1122) static int do_vrf_add_slave(struct net_device *dev, struct net_device *port_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1123) struct netlink_ext_ack *extack)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1124) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1125) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1126)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1127) /* do not allow loopback device to be enslaved to a VRF.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1128) * The vrf device acts as the loopback for the vrf.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1129) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1130) if (port_dev == dev_net(dev)->loopback_dev) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1131) NL_SET_ERR_MSG(extack,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1132) "Can not enslave loopback device to a VRF");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1133) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1134) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1135)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1136) port_dev->priv_flags |= IFF_L3MDEV_SLAVE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1137) ret = netdev_master_upper_dev_link(port_dev, dev, NULL, NULL, extack);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1138) if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1139) goto err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1140)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1141) cycle_netdev(port_dev, extack);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1142)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1143) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1144)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1145) err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1146) port_dev->priv_flags &= ~IFF_L3MDEV_SLAVE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1147) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1148) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1149)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1150) static int vrf_add_slave(struct net_device *dev, struct net_device *port_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1151) struct netlink_ext_ack *extack)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1152) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1153) if (netif_is_l3_master(port_dev)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1154) NL_SET_ERR_MSG(extack,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1155) "Can not enslave an L3 master device to a VRF");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1156) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1157) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1158)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1159) if (netif_is_l3_slave(port_dev))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1160) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1161)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1162) return do_vrf_add_slave(dev, port_dev, extack);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1163) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1164)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1165) /* inverse of do_vrf_add_slave */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1166) static int do_vrf_del_slave(struct net_device *dev, struct net_device *port_dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1167) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1168) netdev_upper_dev_unlink(port_dev, dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1169) port_dev->priv_flags &= ~IFF_L3MDEV_SLAVE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1170)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1171) cycle_netdev(port_dev, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1172)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1173) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1174) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1175)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1176) static int vrf_del_slave(struct net_device *dev, struct net_device *port_dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1177) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1178) return do_vrf_del_slave(dev, port_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1179) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1180)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1181) static void vrf_dev_uninit(struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1182) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1183) struct net_vrf *vrf = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1184)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1185) vrf_rtable_release(dev, vrf);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1186) vrf_rt6_release(dev, vrf);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1187)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1188) free_percpu(dev->dstats);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1189) dev->dstats = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1190) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1191)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1192) static int vrf_dev_init(struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1193) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1194) struct net_vrf *vrf = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1195)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1196) dev->dstats = netdev_alloc_pcpu_stats(struct pcpu_dstats);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1197) if (!dev->dstats)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1198) goto out_nomem;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1199)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1200) /* create the default dst which points back to us */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1201) if (vrf_rtable_create(dev) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1202) goto out_stats;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1203)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1204) if (vrf_rt6_create(dev) != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1205) goto out_rth;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1206)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1207) dev->flags = IFF_MASTER | IFF_NOARP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1208)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1209) /* similarly, oper state is irrelevant; set to up to avoid confusion */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1210) dev->operstate = IF_OPER_UP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1211) netdev_lockdep_set_classes(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1212) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1213)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1214) out_rth:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1215) vrf_rtable_release(dev, vrf);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1216) out_stats:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1217) free_percpu(dev->dstats);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1218) dev->dstats = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1219) out_nomem:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1220) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1221) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1222)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1223) static const struct net_device_ops vrf_netdev_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1224) .ndo_init = vrf_dev_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1225) .ndo_uninit = vrf_dev_uninit,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1226) .ndo_start_xmit = vrf_xmit,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1227) .ndo_set_mac_address = eth_mac_addr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1228) .ndo_get_stats64 = vrf_get_stats64,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1229) .ndo_add_slave = vrf_add_slave,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1230) .ndo_del_slave = vrf_del_slave,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1231) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1232)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1233) static u32 vrf_fib_table(const struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1234) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1235) struct net_vrf *vrf = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1236)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1237) return vrf->tb_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1238) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1239)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1240) static int vrf_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1241) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1242) kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1243) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1244) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1245)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1246) static struct sk_buff *vrf_rcv_nfhook(u8 pf, unsigned int hook,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1247) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1248) struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1249) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1250) struct net *net = dev_net(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1251)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1252) if (nf_hook(pf, hook, net, NULL, skb, dev, NULL, vrf_rcv_finish) != 1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1253) skb = NULL; /* kfree_skb(skb) handled by nf code */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1254)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1255) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1256) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1257)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1258) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1259) /* neighbor handling is done with actual device; do not want
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1260) * to flip skb->dev for those ndisc packets. This really fails
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1261) * for multiple next protocols (e.g., NEXTHDR_HOP). But it is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1262) * a start.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1263) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1264) static bool ipv6_ndisc_frame(const struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1265) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1266) const struct ipv6hdr *iph = ipv6_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1267) bool rc = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1268)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1269) if (iph->nexthdr == NEXTHDR_ICMP) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1270) const struct icmp6hdr *icmph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1271) struct icmp6hdr _icmph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1272)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1273) icmph = skb_header_pointer(skb, sizeof(*iph),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1274) sizeof(_icmph), &_icmph);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1275) if (!icmph)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1276) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1277)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1278) switch (icmph->icmp6_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1279) case NDISC_ROUTER_SOLICITATION:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1280) case NDISC_ROUTER_ADVERTISEMENT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1281) case NDISC_NEIGHBOUR_SOLICITATION:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1282) case NDISC_NEIGHBOUR_ADVERTISEMENT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1283) case NDISC_REDIRECT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1284) rc = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1285) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1286) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1287) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1288)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1289) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1290) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1291) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1292)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1293) static struct rt6_info *vrf_ip6_route_lookup(struct net *net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1294) const struct net_device *dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1295) struct flowi6 *fl6,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1296) int ifindex,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1297) const struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1298) int flags)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1299) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1300) struct net_vrf *vrf = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1301)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1302) return ip6_pol_route(net, vrf->fib6_table, ifindex, fl6, skb, flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1303) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1304)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1305) static void vrf_ip6_input_dst(struct sk_buff *skb, struct net_device *vrf_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1306) int ifindex)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1307) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1308) const struct ipv6hdr *iph = ipv6_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1309) struct flowi6 fl6 = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1310) .flowi6_iif = ifindex,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1311) .flowi6_mark = skb->mark,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1312) .flowi6_proto = iph->nexthdr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1313) .daddr = iph->daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1314) .saddr = iph->saddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1315) .flowlabel = ip6_flowinfo(iph),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1316) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1317) struct net *net = dev_net(vrf_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1318) struct rt6_info *rt6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1319)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1320) rt6 = vrf_ip6_route_lookup(net, vrf_dev, &fl6, ifindex, skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1321) RT6_LOOKUP_F_HAS_SADDR | RT6_LOOKUP_F_IFACE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1322) if (unlikely(!rt6))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1323) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1324)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1325) if (unlikely(&rt6->dst == &net->ipv6.ip6_null_entry->dst))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1326) return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1327)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1328) skb_dst_set(skb, &rt6->dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1329) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1330)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1331) static struct sk_buff *vrf_ip6_rcv(struct net_device *vrf_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1332) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1333) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1334) int orig_iif = skb->skb_iif;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1335) bool need_strict = rt6_need_strict(&ipv6_hdr(skb)->daddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1336) bool is_ndisc = ipv6_ndisc_frame(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1337)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1338) /* loopback, multicast & non-ND link-local traffic; do not push through
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1339) * packet taps again. Reset pkt_type for upper layers to process skb.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1340) * For strict packets with a source LLA, determine the dst using the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1341) * original ifindex.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1342) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1343) if (skb->pkt_type == PACKET_LOOPBACK || (need_strict && !is_ndisc)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1344) skb->dev = vrf_dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1345) skb->skb_iif = vrf_dev->ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1346) IP6CB(skb)->flags |= IP6SKB_L3SLAVE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1347)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1348) if (skb->pkt_type == PACKET_LOOPBACK)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1349) skb->pkt_type = PACKET_HOST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1350) else if (ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1351) vrf_ip6_input_dst(skb, vrf_dev, orig_iif);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1352)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1353) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1354) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1355)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1356) /* if packet is NDISC then keep the ingress interface */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1357) if (!is_ndisc) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1358) vrf_rx_stats(vrf_dev, skb->len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1359) skb->dev = vrf_dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1360) skb->skb_iif = vrf_dev->ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1361)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1362) if (!list_empty(&vrf_dev->ptype_all)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1363) skb_push(skb, skb->mac_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1364) dev_queue_xmit_nit(skb, vrf_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1365) skb_pull(skb, skb->mac_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1366) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1367)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1368) IP6CB(skb)->flags |= IP6SKB_L3SLAVE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1369) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1370)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1371) if (need_strict)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1372) vrf_ip6_input_dst(skb, vrf_dev, orig_iif);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1373)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1374) skb = vrf_rcv_nfhook(NFPROTO_IPV6, NF_INET_PRE_ROUTING, skb, vrf_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1375) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1376) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1377) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1378)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1379) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1380) static struct sk_buff *vrf_ip6_rcv(struct net_device *vrf_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1381) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1382) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1383) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1384) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1385) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1386)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1387) static struct sk_buff *vrf_ip_rcv(struct net_device *vrf_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1388) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1389) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1390) skb->dev = vrf_dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1391) skb->skb_iif = vrf_dev->ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1392) IPCB(skb)->flags |= IPSKB_L3SLAVE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1393)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1394) if (ipv4_is_multicast(ip_hdr(skb)->daddr))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1395) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1396)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1397) /* loopback traffic; do not push through packet taps again.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1398) * Reset pkt_type for upper layers to process skb
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1399) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1400) if (skb->pkt_type == PACKET_LOOPBACK) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1401) skb->pkt_type = PACKET_HOST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1402) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1403) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1404)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1405) vrf_rx_stats(vrf_dev, skb->len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1406)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1407) if (!list_empty(&vrf_dev->ptype_all)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1408) skb_push(skb, skb->mac_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1409) dev_queue_xmit_nit(skb, vrf_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1410) skb_pull(skb, skb->mac_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1411) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1412)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1413) skb = vrf_rcv_nfhook(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, vrf_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1414) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1415) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1416) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1417)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1418) /* called with rcu lock held */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1419) static struct sk_buff *vrf_l3_rcv(struct net_device *vrf_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1420) struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1421) u16 proto)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1422) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1423) switch (proto) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1424) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1425) return vrf_ip_rcv(vrf_dev, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1426) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1427) return vrf_ip6_rcv(vrf_dev, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1428) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1429)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1430) return skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1431) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1432)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1433) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1434) /* send to link-local or multicast address via interface enslaved to
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1435) * VRF device. Force lookup to VRF table without changing flow struct
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1436) * Note: Caller to this function must hold rcu_read_lock() and no refcnt
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1437) * is taken on the dst by this function.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1438) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1439) static struct dst_entry *vrf_link_scope_lookup(const struct net_device *dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1440) struct flowi6 *fl6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1441) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1442) struct net *net = dev_net(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1443) int flags = RT6_LOOKUP_F_IFACE | RT6_LOOKUP_F_DST_NOREF;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1444) struct dst_entry *dst = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1445) struct rt6_info *rt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1446)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1447) /* VRF device does not have a link-local address and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1448) * sending packets to link-local or mcast addresses over
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1449) * a VRF device does not make sense
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1450) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1451) if (fl6->flowi6_oif == dev->ifindex) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1452) dst = &net->ipv6.ip6_null_entry->dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1453) return dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1454) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1455)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1456) if (!ipv6_addr_any(&fl6->saddr))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1457) flags |= RT6_LOOKUP_F_HAS_SADDR;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1458)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1459) rt = vrf_ip6_route_lookup(net, dev, fl6, fl6->flowi6_oif, NULL, flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1460) if (rt)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1461) dst = &rt->dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1462)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1463) return dst;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1464) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1465) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1466)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1467) static const struct l3mdev_ops vrf_l3mdev_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1468) .l3mdev_fib_table = vrf_fib_table,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1469) .l3mdev_l3_rcv = vrf_l3_rcv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1470) .l3mdev_l3_out = vrf_l3_out,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1471) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1472) .l3mdev_link_scope_lookup = vrf_link_scope_lookup,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1473) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1474) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1475)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1476) static void vrf_get_drvinfo(struct net_device *dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1477) struct ethtool_drvinfo *info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1478) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1479) strlcpy(info->driver, DRV_NAME, sizeof(info->driver));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1480) strlcpy(info->version, DRV_VERSION, sizeof(info->version));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1481) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1482)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1483) static const struct ethtool_ops vrf_ethtool_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1484) .get_drvinfo = vrf_get_drvinfo,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1485) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1486)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1487) static inline size_t vrf_fib_rule_nl_size(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1488) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1489) size_t sz;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1490)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1491) sz = NLMSG_ALIGN(sizeof(struct fib_rule_hdr));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1492) sz += nla_total_size(sizeof(u8)); /* FRA_L3MDEV */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1493) sz += nla_total_size(sizeof(u32)); /* FRA_PRIORITY */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1494) sz += nla_total_size(sizeof(u8)); /* FRA_PROTOCOL */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1495)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1496) return sz;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1497) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1498)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1499) static int vrf_fib_rule(const struct net_device *dev, __u8 family, bool add_it)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1500) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1501) struct fib_rule_hdr *frh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1502) struct nlmsghdr *nlh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1503) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1504) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1505)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1506) if ((family == AF_INET6 || family == RTNL_FAMILY_IP6MR) &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1507) !ipv6_mod_enabled())
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1508) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1509)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1510) skb = nlmsg_new(vrf_fib_rule_nl_size(), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1511) if (!skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1512) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1513)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1514) nlh = nlmsg_put(skb, 0, 0, 0, sizeof(*frh), 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1515) if (!nlh)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1516) goto nla_put_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1517)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1518) /* rule only needs to appear once */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1519) nlh->nlmsg_flags |= NLM_F_EXCL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1520)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1521) frh = nlmsg_data(nlh);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1522) memset(frh, 0, sizeof(*frh));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1523) frh->family = family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1524) frh->action = FR_ACT_TO_TBL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1525)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1526) if (nla_put_u8(skb, FRA_PROTOCOL, RTPROT_KERNEL))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1527) goto nla_put_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1528)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1529) if (nla_put_u8(skb, FRA_L3MDEV, 1))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1530) goto nla_put_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1531)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1532) if (nla_put_u32(skb, FRA_PRIORITY, FIB_RULE_PREF))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1533) goto nla_put_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1534)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1535) nlmsg_end(skb, nlh);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1536)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1537) /* fib_nl_{new,del}rule handling looks for net from skb->sk */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1538) skb->sk = dev_net(dev)->rtnl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1539) if (add_it) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1540) err = fib_nl_newrule(skb, nlh, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1541) if (err == -EEXIST)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1542) err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1543) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1544) err = fib_nl_delrule(skb, nlh, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1545) if (err == -ENOENT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1546) err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1547) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1548) nlmsg_free(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1549)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1550) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1551)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1552) nla_put_failure:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1553) nlmsg_free(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1554)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1555) return -EMSGSIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1556) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1557)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1558) static int vrf_add_fib_rules(const struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1559) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1560) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1561)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1562) err = vrf_fib_rule(dev, AF_INET, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1563) if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1564) goto out_err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1565)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1566) err = vrf_fib_rule(dev, AF_INET6, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1567) if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1568) goto ipv6_err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1569)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1570) #if IS_ENABLED(CONFIG_IP_MROUTE_MULTIPLE_TABLES)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1571) err = vrf_fib_rule(dev, RTNL_FAMILY_IPMR, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1572) if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1573) goto ipmr_err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1574) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1575)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1576) #if IS_ENABLED(CONFIG_IPV6_MROUTE_MULTIPLE_TABLES)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1577) err = vrf_fib_rule(dev, RTNL_FAMILY_IP6MR, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1578) if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1579) goto ip6mr_err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1580) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1581)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1582) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1583)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1584) #if IS_ENABLED(CONFIG_IPV6_MROUTE_MULTIPLE_TABLES)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1585) ip6mr_err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1586) vrf_fib_rule(dev, RTNL_FAMILY_IPMR, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1587) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1588)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1589) #if IS_ENABLED(CONFIG_IP_MROUTE_MULTIPLE_TABLES)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1590) ipmr_err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1591) vrf_fib_rule(dev, AF_INET6, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1592) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1593)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1594) ipv6_err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1595) vrf_fib_rule(dev, AF_INET, false);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1596)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1597) out_err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1598) netdev_err(dev, "Failed to add FIB rules.\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1599) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1600) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1601)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1602) static void vrf_setup(struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1603) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1604) ether_setup(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1605)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1606) /* Initialize the device structure. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1607) dev->netdev_ops = &vrf_netdev_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1608) dev->l3mdev_ops = &vrf_l3mdev_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1609) dev->ethtool_ops = &vrf_ethtool_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1610) dev->needs_free_netdev = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1611)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1612) /* Fill in device structure with ethernet-generic values. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1613) eth_hw_addr_random(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1614)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1615) /* don't acquire vrf device's netif_tx_lock when transmitting */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1616) dev->features |= NETIF_F_LLTX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1617)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1618) /* don't allow vrf devices to change network namespaces. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1619) dev->features |= NETIF_F_NETNS_LOCAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1620)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1621) /* does not make sense for a VLAN to be added to a vrf device */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1622) dev->features |= NETIF_F_VLAN_CHALLENGED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1623)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1624) /* enable offload features */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1625) dev->features |= NETIF_F_GSO_SOFTWARE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1626) dev->features |= NETIF_F_RXCSUM | NETIF_F_HW_CSUM | NETIF_F_SCTP_CRC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1627) dev->features |= NETIF_F_SG | NETIF_F_FRAGLIST | NETIF_F_HIGHDMA;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1628)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1629) dev->hw_features = dev->features;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1630) dev->hw_enc_features = dev->features;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1631)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1632) /* default to no qdisc; user can add if desired */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1633) dev->priv_flags |= IFF_NO_QUEUE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1634) dev->priv_flags |= IFF_NO_RX_HANDLER;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1635) dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1636)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1637) /* VRF devices do not care about MTU, but if the MTU is set
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1638) * too low then the ipv4 and ipv6 protocols are disabled
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1639) * which breaks networking.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1640) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1641) dev->min_mtu = IPV6_MIN_MTU;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1642) dev->max_mtu = IP6_MAX_MTU;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1643) dev->mtu = dev->max_mtu;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1644) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1645)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1646) static int vrf_validate(struct nlattr *tb[], struct nlattr *data[],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1647) struct netlink_ext_ack *extack)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1648) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1649) if (tb[IFLA_ADDRESS]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1650) if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1651) NL_SET_ERR_MSG(extack, "Invalid hardware address");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1652) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1653) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1654) if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1655) NL_SET_ERR_MSG(extack, "Invalid hardware address");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1656) return -EADDRNOTAVAIL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1657) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1658) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1659) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1660) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1661)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1662) static void vrf_dellink(struct net_device *dev, struct list_head *head)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1663) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1664) struct net_device *port_dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1665) struct list_head *iter;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1666)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1667) netdev_for_each_lower_dev(dev, port_dev, iter)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1668) vrf_del_slave(dev, port_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1669)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1670) vrf_map_unregister_dev(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1671)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1672) unregister_netdevice_queue(dev, head);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1673) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1674)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1675) static int vrf_newlink(struct net *src_net, struct net_device *dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1676) struct nlattr *tb[], struct nlattr *data[],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1677) struct netlink_ext_ack *extack)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1678) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1679) struct net_vrf *vrf = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1680) struct netns_vrf *nn_vrf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1681) bool *add_fib_rules;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1682) struct net *net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1683) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1684)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1685) if (!data || !data[IFLA_VRF_TABLE]) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1686) NL_SET_ERR_MSG(extack, "VRF table id is missing");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1687) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1688) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1689)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1690) vrf->tb_id = nla_get_u32(data[IFLA_VRF_TABLE]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1691) if (vrf->tb_id == RT_TABLE_UNSPEC) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1692) NL_SET_ERR_MSG_ATTR(extack, data[IFLA_VRF_TABLE],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1693) "Invalid VRF table id");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1694) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1695) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1696)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1697) dev->priv_flags |= IFF_L3MDEV_MASTER;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1698)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1699) err = register_netdevice(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1700) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1701) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1702)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1703) /* mapping between table_id and vrf;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1704) * note: such binding could not be done in the dev init function
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1705) * because dev->ifindex id is not available yet.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1706) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1707) vrf->ifindex = dev->ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1708)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1709) err = vrf_map_register_dev(dev, extack);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1710) if (err) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1711) unregister_netdevice(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1712) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1713) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1714)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1715) net = dev_net(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1716) nn_vrf = net_generic(net, vrf_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1717)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1718) add_fib_rules = &nn_vrf->add_fib_rules;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1719) if (*add_fib_rules) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1720) err = vrf_add_fib_rules(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1721) if (err) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1722) vrf_map_unregister_dev(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1723) unregister_netdevice(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1724) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1725) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1726) *add_fib_rules = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1727) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1728)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1729) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1730) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1731) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1732)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1733) static size_t vrf_nl_getsize(const struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1734) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1735) return nla_total_size(sizeof(u32)); /* IFLA_VRF_TABLE */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1736) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1737)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1738) static int vrf_fillinfo(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1739) const struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1740) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1741) struct net_vrf *vrf = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1742)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1743) return nla_put_u32(skb, IFLA_VRF_TABLE, vrf->tb_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1744) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1745)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1746) static size_t vrf_get_slave_size(const struct net_device *bond_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1747) const struct net_device *slave_dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1748) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1749) return nla_total_size(sizeof(u32)); /* IFLA_VRF_PORT_TABLE */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1750) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1751)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1752) static int vrf_fill_slave_info(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1753) const struct net_device *vrf_dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1754) const struct net_device *slave_dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1755) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1756) struct net_vrf *vrf = netdev_priv(vrf_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1757)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1758) if (nla_put_u32(skb, IFLA_VRF_PORT_TABLE, vrf->tb_id))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1759) return -EMSGSIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1760)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1761) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1762) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1763)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1764) static const struct nla_policy vrf_nl_policy[IFLA_VRF_MAX + 1] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1765) [IFLA_VRF_TABLE] = { .type = NLA_U32 },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1766) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1767)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1768) static struct rtnl_link_ops vrf_link_ops __read_mostly = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1769) .kind = DRV_NAME,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1770) .priv_size = sizeof(struct net_vrf),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1771)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1772) .get_size = vrf_nl_getsize,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1773) .policy = vrf_nl_policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1774) .validate = vrf_validate,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1775) .fill_info = vrf_fillinfo,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1776)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1777) .get_slave_size = vrf_get_slave_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1778) .fill_slave_info = vrf_fill_slave_info,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1779)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1780) .newlink = vrf_newlink,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1781) .dellink = vrf_dellink,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1782) .setup = vrf_setup,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1783) .maxtype = IFLA_VRF_MAX,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1784) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1785)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1786) static int vrf_device_event(struct notifier_block *unused,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1787) unsigned long event, void *ptr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1788) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1789) struct net_device *dev = netdev_notifier_info_to_dev(ptr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1790)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1791) /* only care about unregister events to drop slave references */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1792) if (event == NETDEV_UNREGISTER) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1793) struct net_device *vrf_dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1794)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1795) if (!netif_is_l3_slave(dev))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1796) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1797)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1798) vrf_dev = netdev_master_upper_dev_get(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1799) vrf_del_slave(vrf_dev, dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1800) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1801) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1802) return NOTIFY_DONE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1803) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1804)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1805) static struct notifier_block vrf_notifier_block __read_mostly = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1806) .notifier_call = vrf_device_event,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1807) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1808)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1809) static int vrf_map_init(struct vrf_map *vmap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1810) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1811) spin_lock_init(&vmap->vmap_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1812) hash_init(vmap->ht);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1813)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1814) vmap->strict_mode = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1815)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1816) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1817) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1818)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1819) #ifdef CONFIG_SYSCTL
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1820) static bool vrf_strict_mode(struct vrf_map *vmap)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1821) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1822) bool strict_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1823)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1824) vrf_map_lock(vmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1825) strict_mode = vmap->strict_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1826) vrf_map_unlock(vmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1827)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1828) return strict_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1829) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1830)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1831) static int vrf_strict_mode_change(struct vrf_map *vmap, bool new_mode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1832) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1833) bool *cur_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1834) int res = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1835)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1836) vrf_map_lock(vmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1837)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1838) cur_mode = &vmap->strict_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1839) if (*cur_mode == new_mode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1840) goto unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1841)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1842) if (*cur_mode) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1843) /* disable strict mode */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1844) *cur_mode = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1845) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1846) if (vmap->shared_tables) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1847) /* we cannot allow strict_mode because there are some
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1848) * vrfs that share one or more tables.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1849) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1850) res = -EBUSY;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1851) goto unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1852) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1853)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1854) /* no tables are shared among vrfs, so we can go back
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1855) * to 1:1 association between a vrf with its table.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1856) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1857) *cur_mode = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1858) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1859)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1860) unlock:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1861) vrf_map_unlock(vmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1862)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1863) return res;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1864) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1865)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1866) static int vrf_shared_table_handler(struct ctl_table *table, int write,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1867) void *buffer, size_t *lenp, loff_t *ppos)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1868) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1869) struct net *net = (struct net *)table->extra1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1870) struct vrf_map *vmap = netns_vrf_map(net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1871) int proc_strict_mode = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1872) struct ctl_table tmp = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1873) .procname = table->procname,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1874) .data = &proc_strict_mode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1875) .maxlen = sizeof(int),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1876) .mode = table->mode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1877) .extra1 = SYSCTL_ZERO,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1878) .extra2 = SYSCTL_ONE,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1879) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1880) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1881)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1882) if (!write)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1883) proc_strict_mode = vrf_strict_mode(vmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1884)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1885) ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1886)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1887) if (write && ret == 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1888) ret = vrf_strict_mode_change(vmap, (bool)proc_strict_mode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1889)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1890) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1891) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1892)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1893) static const struct ctl_table vrf_table[] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1894) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1895) .procname = "strict_mode",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1896) .data = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1897) .maxlen = sizeof(int),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1898) .mode = 0644,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1899) .proc_handler = vrf_shared_table_handler,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1900) /* set by the vrf_netns_init */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1901) .extra1 = NULL,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1902) },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1903) { },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1904) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1905)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1906) static int vrf_netns_init_sysctl(struct net *net, struct netns_vrf *nn_vrf)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1907) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1908) struct ctl_table *table;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1909)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1910) table = kmemdup(vrf_table, sizeof(vrf_table), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1911) if (!table)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1912) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1913)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1914) /* init the extra1 parameter with the reference to current netns */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1915) table[0].extra1 = net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1916)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1917) nn_vrf->ctl_hdr = register_net_sysctl(net, "net/vrf", table);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1918) if (!nn_vrf->ctl_hdr) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1919) kfree(table);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1920) return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1921) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1922)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1923) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1924) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1925)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1926) static void vrf_netns_exit_sysctl(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1927) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1928) struct netns_vrf *nn_vrf = net_generic(net, vrf_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1929) struct ctl_table *table;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1930)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1931) table = nn_vrf->ctl_hdr->ctl_table_arg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1932) unregister_net_sysctl_table(nn_vrf->ctl_hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1933) kfree(table);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1934) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1935) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1936) static int vrf_netns_init_sysctl(struct net *net, struct netns_vrf *nn_vrf)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1937) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1938) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1939) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1940)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1941) static void vrf_netns_exit_sysctl(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1942) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1943) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1944) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1945)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1946) /* Initialize per network namespace state */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1947) static int __net_init vrf_netns_init(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1948) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1949) struct netns_vrf *nn_vrf = net_generic(net, vrf_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1950)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1951) nn_vrf->add_fib_rules = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1952) vrf_map_init(&nn_vrf->vmap);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1953)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1954) return vrf_netns_init_sysctl(net, nn_vrf);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1955) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1956)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1957) static void __net_exit vrf_netns_exit(struct net *net)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1958) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1959) vrf_netns_exit_sysctl(net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1960) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1961)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1962) static struct pernet_operations vrf_net_ops __net_initdata = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1963) .init = vrf_netns_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1964) .exit = vrf_netns_exit,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1965) .id = &vrf_net_id,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1966) .size = sizeof(struct netns_vrf),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1967) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1968)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1969) static int __init vrf_init_module(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1970) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1971) int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1972)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1973) register_netdevice_notifier(&vrf_notifier_block);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1974)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1975) rc = register_pernet_subsys(&vrf_net_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1976) if (rc < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1977) goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1978)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1979) rc = l3mdev_table_lookup_register(L3MDEV_TYPE_VRF,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1980) vrf_ifindex_lookup_by_table_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1981) if (rc < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1982) goto unreg_pernet;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1983)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1984) rc = rtnl_link_register(&vrf_link_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1985) if (rc < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1986) goto table_lookup_unreg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1987)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1988) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1989)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1990) table_lookup_unreg:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1991) l3mdev_table_lookup_unregister(L3MDEV_TYPE_VRF,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1992) vrf_ifindex_lookup_by_table_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1993)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1994) unreg_pernet:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1995) unregister_pernet_subsys(&vrf_net_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1996)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1997) error:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1998) unregister_netdevice_notifier(&vrf_notifier_block);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1999) return rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2000) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2001)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2002) module_init(vrf_init_module);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2003) MODULE_AUTHOR("Shrijeet Mukherjee, David Ahern");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2004) MODULE_DESCRIPTION("Device driver to instantiate VRF domains");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2005) MODULE_LICENSE("GPL");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2006) MODULE_ALIAS_RTNL_LINK(DRV_NAME);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2007) MODULE_VERSION(DRV_VERSION);
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags