Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/net/ipv6/xfrm6_output.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * xfrm6_output.c - Common IPsec encapsulation code for IPv6.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  * Copyright (C) 2002 USAGI/WIDE Project
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Copyright (c) 2004 Herbert Xu <herbert@gondor.apana.org.au>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8) #include <linux/if_ether.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #include <linux/skbuff.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) #include <linux/icmpv6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #include <linux/netfilter_ipv6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <net/dst.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include <net/ipv6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <net/ip6_route.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <net/xfrm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) 			  u8 **prevhdr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) 	return ip6_find_1stfragopt(skb, prevhdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) EXPORT_SYMBOL(xfrm6_find_1stfragopt);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) void xfrm6_local_rxpmtu(struct sk_buff *skb, u32 mtu)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) 	struct flowi6 fl6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) 	struct sock *sk = skb->sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 	fl6.flowi6_oif = sk->sk_bound_dev_if;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 	fl6.daddr = ipv6_hdr(skb)->daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 	ipv6_local_rxpmtu(sk, &fl6, mtu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) void xfrm6_local_error(struct sk_buff *skb, u32 mtu)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 	struct flowi6 fl6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 	const struct ipv6hdr *hdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 	struct sock *sk = skb->sk;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 	hdr = skb->encapsulation ? inner_ipv6_hdr(skb) : ipv6_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 	fl6.fl6_dport = inet_sk(sk)->inet_dport;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) 	fl6.daddr = hdr->daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) 	ipv6_local_error(sk, EMSGSIZE, &fl6, mtu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) static int __xfrm6_output_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 	return xfrm_output(sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) static int xfrm6_noneed_fragment(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 	struct frag_hdr *fh;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 	u8 prevhdr = ipv6_hdr(skb)->nexthdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 	if (prevhdr != NEXTHDR_FRAGMENT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 	fh = (struct frag_hdr *)(skb->data + sizeof(struct ipv6hdr));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 	if (fh->nexthdr == NEXTHDR_ESP || fh->nexthdr == NEXTHDR_AUTH)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 		return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) static int __xfrm6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 	struct dst_entry *dst = skb_dst(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 	struct xfrm_state *x = dst->xfrm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 	unsigned int mtu;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 	bool toobig;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) #ifdef CONFIG_NETFILTER
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 	if (!x) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 		IP6CB(skb)->flags |= IP6SKB_REROUTED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 		return dst_output(net, sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 	if (x->props.mode != XFRM_MODE_TUNNEL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 		goto skip_frag;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 	if (skb->protocol == htons(ETH_P_IPV6))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 		mtu = ip6_skb_dst_mtu(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 	else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 		mtu = dst_mtu(skb_dst(skb));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 	toobig = skb->len > mtu && !skb_is_gso(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 	if (toobig && xfrm6_local_dontfrag(skb->sk)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 		xfrm6_local_rxpmtu(skb, mtu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 		kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 		return -EMSGSIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 	} else if (toobig && xfrm6_noneed_fragment(skb)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 		skb->ignore_df = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 		goto skip_frag;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 	} else if (!skb->ignore_df && toobig && skb->sk) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 		xfrm_local_error(skb, mtu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 		kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 		return -EMSGSIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 	if (toobig || dst_allfrag(skb_dst(skb)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 		return ip6_fragment(net, sk, skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 				    __xfrm6_output_finish);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) skip_frag:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 	return xfrm_output(sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) int xfrm6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 	return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 			    net, sk, skb,  skb->dev, skb_dst(skb)->dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 			    __xfrm6_output,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 			    !(IP6CB(skb)->flags & IP6SKB_REROUTED));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) }
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.