^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * xfrm_input.c
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Changes:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * YOSHIFUJI Hideaki @USAGI
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) * Split up af-specific portion
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <linux/bottom_half.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/cache.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/interrupt.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/netdevice.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <linux/percpu.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <net/dst.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <net/ip.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <net/xfrm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include <net/ip_tunnels.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) #include <net/ip6_tunnel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) #include "xfrm_inout.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) struct xfrm_trans_tasklet {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) struct tasklet_struct tasklet;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) struct sk_buff_head queue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) struct xfrm_trans_cb {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) union {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) struct inet_skb_parm h4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) struct inet6_skb_parm h6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) } header;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) int (*finish)(struct net *net, struct sock *sk, struct sk_buff *skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) struct net *net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) #define XFRM_TRANS_SKB_CB(__skb) ((struct xfrm_trans_cb *)&((__skb)->cb[0]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) static DEFINE_SPINLOCK(xfrm_input_afinfo_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) static struct xfrm_input_afinfo const __rcu *xfrm_input_afinfo[2][AF_INET6 + 1];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) static struct gro_cells gro_cells;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) static struct net_device xfrm_napi_dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) static DEFINE_PER_CPU(struct xfrm_trans_tasklet, xfrm_trans_tasklet);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) int xfrm_input_register_afinfo(const struct xfrm_input_afinfo *afinfo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) int err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) if (WARN_ON(afinfo->family > AF_INET6))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) return -EAFNOSUPPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) spin_lock_bh(&xfrm_input_afinfo_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) if (unlikely(xfrm_input_afinfo[afinfo->is_ipip][afinfo->family]))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) err = -EEXIST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) rcu_assign_pointer(xfrm_input_afinfo[afinfo->is_ipip][afinfo->family], afinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) spin_unlock_bh(&xfrm_input_afinfo_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) EXPORT_SYMBOL(xfrm_input_register_afinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69) int xfrm_input_unregister_afinfo(const struct xfrm_input_afinfo *afinfo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) int err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) spin_lock_bh(&xfrm_input_afinfo_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) if (likely(xfrm_input_afinfo[afinfo->is_ipip][afinfo->family])) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) if (unlikely(xfrm_input_afinfo[afinfo->is_ipip][afinfo->family] != afinfo))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) RCU_INIT_POINTER(xfrm_input_afinfo[afinfo->is_ipip][afinfo->family], NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) spin_unlock_bh(&xfrm_input_afinfo_lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) synchronize_rcu();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84) EXPORT_SYMBOL(xfrm_input_unregister_afinfo);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) static const struct xfrm_input_afinfo *xfrm_input_get_afinfo(u8 family, bool is_ipip)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) const struct xfrm_input_afinfo *afinfo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90) if (WARN_ON_ONCE(family > AF_INET6))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) afinfo = rcu_dereference(xfrm_input_afinfo[is_ipip][family]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) if (unlikely(!afinfo))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) return afinfo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) static int xfrm_rcv_cb(struct sk_buff *skb, unsigned int family, u8 protocol,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) int err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) bool is_ipip = (protocol == IPPROTO_IPIP || protocol == IPPROTO_IPV6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) const struct xfrm_input_afinfo *afinfo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) afinfo = xfrm_input_get_afinfo(family, is_ipip);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) if (!afinfo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) return -EAFNOSUPPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) ret = afinfo->callback(skb, protocol, err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) struct sec_path *secpath_set(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) struct sec_path *sp, *tmp = skb_ext_find(skb, SKB_EXT_SEC_PATH);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) sp = skb_ext_add(skb, SKB_EXT_SEC_PATH);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) if (!sp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) if (tmp) /* reused existing one (was COW'd if needed) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) return sp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) /* allocated new secpath */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) memset(sp->ovec, 0, sizeof(sp->ovec));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) sp->olen = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) sp->len = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) return sp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) EXPORT_SYMBOL(secpath_set);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) /* Fetch spi and seq from ipsec header */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) int offset, offset_seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) int hlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) switch (nexthdr) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) case IPPROTO_AH:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) hlen = sizeof(struct ip_auth_hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) offset = offsetof(struct ip_auth_hdr, spi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) offset_seq = offsetof(struct ip_auth_hdr, seq_no);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) case IPPROTO_ESP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) hlen = sizeof(struct ip_esp_hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) offset = offsetof(struct ip_esp_hdr, spi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) offset_seq = offsetof(struct ip_esp_hdr, seq_no);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) case IPPROTO_COMP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) if (!pskb_may_pull(skb, sizeof(struct ip_comp_hdr)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) *spi = htonl(ntohs(*(__be16 *)(skb_transport_header(skb) + 2)));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) *seq = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) if (!pskb_may_pull(skb, hlen))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) *spi = *(__be32 *)(skb_transport_header(skb) + offset);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) *seq = *(__be32 *)(skb_transport_header(skb) + offset_seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) EXPORT_SYMBOL(xfrm_parse_spi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) static int xfrm4_remove_beet_encap(struct xfrm_state *x, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) struct iphdr *iph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) int optlen = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) int err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) if (unlikely(XFRM_MODE_SKB_CB(skb)->protocol == IPPROTO_BEETPH)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) struct ip_beet_phdr *ph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) int phlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) if (!pskb_may_pull(skb, sizeof(*ph)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) ph = (struct ip_beet_phdr *)skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) phlen = sizeof(*ph) + ph->padlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) optlen = ph->hdrlen * 8 + (IPV4_BEET_PHMAXLEN - phlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) if (optlen < 0 || optlen & 3 || optlen > 250)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) XFRM_MODE_SKB_CB(skb)->protocol = ph->nexthdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) if (!pskb_may_pull(skb, phlen))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) __skb_pull(skb, phlen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) skb_push(skb, sizeof(*iph));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) skb_reset_network_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) skb_mac_header_rebuild(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) xfrm4_beet_make_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) iph = ip_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) iph->ihl += optlen / 4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) iph->tot_len = htons(skb->len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) iph->daddr = x->sel.daddr.a4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) iph->saddr = x->sel.saddr.a4;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) iph->check = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) iph->check = ip_fast_csum(skb_network_header(skb), iph->ihl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) static void ipip_ecn_decapsulate(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) struct iphdr *inner_iph = ipip_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) if (INET_ECN_is_ce(XFRM_MODE_SKB_CB(skb)->tos))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) IP_ECN_set_ce(inner_iph);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) static int xfrm4_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) int err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPIP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) if (!pskb_may_pull(skb, sizeof(struct iphdr)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) err = skb_unclone(skb, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) if (x->props.flags & XFRM_STATE_DECAP_DSCP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) ipv4_copy_dscp(XFRM_MODE_SKB_CB(skb)->tos, ipip_hdr(skb));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) if (!(x->props.flags & XFRM_STATE_NOECN))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) ipip_ecn_decapsulate(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) skb_reset_network_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) skb_mac_header_rebuild(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) if (skb->mac_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) eth_hdr(skb)->h_proto = skb->protocol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) static void ipip6_ecn_decapsulate(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) struct ipv6hdr *inner_iph = ipipv6_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) if (INET_ECN_is_ce(XFRM_MODE_SKB_CB(skb)->tos))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) IP6_ECN_set_ce(skb, inner_iph);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) static int xfrm6_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) int err = -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) err = skb_unclone(skb, GFP_ATOMIC);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) if (x->props.flags & XFRM_STATE_DECAP_DSCP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) ipv6_copy_dscp(ipv6_get_dsfield(ipv6_hdr(skb)),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) ipipv6_hdr(skb));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) if (!(x->props.flags & XFRM_STATE_NOECN))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) ipip6_ecn_decapsulate(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) skb_reset_network_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) skb_mac_header_rebuild(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) if (skb->mac_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) eth_hdr(skb)->h_proto = skb->protocol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) static int xfrm6_remove_beet_encap(struct xfrm_state *x, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) struct ipv6hdr *ip6h;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) int size = sizeof(struct ipv6hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) err = skb_cow_head(skb, size + skb->mac_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) __skb_push(skb, size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) skb_reset_network_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308) skb_mac_header_rebuild(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) xfrm6_beet_make_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) ip6h = ipv6_hdr(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313) ip6h->payload_len = htons(skb->len - size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) ip6h->daddr = x->sel.daddr.in6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) ip6h->saddr = x->sel.saddr.in6;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) err = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) /* Remove encapsulation header.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) * The IP header will be moved over the top of the encapsulation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) * header.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) * On entry, the transport header shall point to where the IP header
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) * should be and the network header shall be set to where the IP
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) * header currently is. skb->data shall point to the start of the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329) * payload.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) xfrm_inner_mode_encap_remove(struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) const struct xfrm_mode *inner_mode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) switch (inner_mode->encap) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337) case XFRM_MODE_BEET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) if (inner_mode->family == AF_INET)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) return xfrm4_remove_beet_encap(x, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) if (inner_mode->family == AF_INET6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) return xfrm6_remove_beet_encap(x, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) case XFRM_MODE_TUNNEL:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) if (inner_mode->family == AF_INET)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) return xfrm4_remove_tunnel_encap(x, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) if (inner_mode->family == AF_INET6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347) return xfrm6_remove_tunnel_encap(x, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) WARN_ON_ONCE(1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) const struct xfrm_mode *inner_mode = &x->inner_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) switch (x->outer_mode.family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) xfrm4_extract_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364) xfrm6_extract_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) WARN_ON_ONCE(1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) return -EAFNOSUPPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) if (x->sel.family == AF_UNSPEC) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372) inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) if (!inner_mode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374) return -EAFNOSUPPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 377) switch (inner_mode->family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 378) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 379) skb->protocol = htons(ETH_P_IP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 380) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 381) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 382) skb->protocol = htons(ETH_P_IPV6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 383) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 384) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 385) WARN_ON_ONCE(1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 386) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 387) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 388)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 389) return xfrm_inner_mode_encap_remove(x, inner_mode, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 390) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 391)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 392) /* Remove encapsulation header.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 393) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 394) * The IP header will be moved over the top of the encapsulation header.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 395) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 396) * On entry, skb_transport_header() shall point to where the IP header
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 397) * should be and skb_network_header() shall be set to where the IP header
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 398) * currently is. skb->data shall point to the start of the payload.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 399) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 400) static int xfrm4_transport_input(struct xfrm_state *x, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 401) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 402) int ihl = skb->data - skb_transport_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 403)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 404) if (skb->transport_header != skb->network_header) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 405) memmove(skb_transport_header(skb),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 406) skb_network_header(skb), ihl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 407) skb->network_header = skb->transport_header;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 408) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 409) ip_hdr(skb)->tot_len = htons(skb->len + ihl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 410) skb_reset_transport_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 411) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 412) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 413)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 414) static int xfrm6_transport_input(struct xfrm_state *x, struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 415) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 416) #if IS_ENABLED(CONFIG_IPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 417) int ihl = skb->data - skb_transport_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 418)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 419) if (skb->transport_header != skb->network_header) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 420) memmove(skb_transport_header(skb),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 421) skb_network_header(skb), ihl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 422) skb->network_header = skb->transport_header;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 423) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 424) ipv6_hdr(skb)->payload_len = htons(skb->len + ihl -
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 425) sizeof(struct ipv6hdr));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 426) skb_reset_transport_header(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 427) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 428) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 429) WARN_ON_ONCE(1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 430) return -EAFNOSUPPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 431) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 432) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 433)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 434) static int xfrm_inner_mode_input(struct xfrm_state *x,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 435) const struct xfrm_mode *inner_mode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 436) struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 437) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 438) switch (inner_mode->encap) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 439) case XFRM_MODE_BEET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 440) case XFRM_MODE_TUNNEL:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 441) return xfrm_prepare_input(x, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 442) case XFRM_MODE_TRANSPORT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 443) if (inner_mode->family == AF_INET)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 444) return xfrm4_transport_input(x, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 445) if (inner_mode->family == AF_INET6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 446) return xfrm6_transport_input(x, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 447) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 448) case XFRM_MODE_ROUTEOPTIMIZATION:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 449) WARN_ON_ONCE(1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 450) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 451) default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 452) WARN_ON_ONCE(1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 453) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 454) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 455)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 456) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 457) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 458)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 459) int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 460) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 461) const struct xfrm_state_afinfo *afinfo;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 462) struct net *net = dev_net(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 463) const struct xfrm_mode *inner_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 464) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 465) __be32 seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 466) __be32 seq_hi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 467) struct xfrm_state *x = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 468) xfrm_address_t *daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 469) u32 mark = skb->mark;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 470) unsigned int family = AF_UNSPEC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 471) int decaps = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 472) int async = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 473) bool xfrm_gro = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 474) bool crypto_done = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 475) struct xfrm_offload *xo = xfrm_offload(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 476) struct sec_path *sp;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 477)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 478) if (encap_type < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 479) x = xfrm_input_state(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 480)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 481) if (unlikely(x->km.state != XFRM_STATE_VALID)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 482) if (x->km.state == XFRM_STATE_ACQ)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 483) XFRM_INC_STATS(net, LINUX_MIB_XFRMACQUIREERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 484) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 485) XFRM_INC_STATS(net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 486) LINUX_MIB_XFRMINSTATEINVALID);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 487)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 488) if (encap_type == -1)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 489) dev_put(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 490) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 491) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 492)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 493) family = x->outer_mode.family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 494)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 495) /* An encap_type of -1 indicates async resumption. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 496) if (encap_type == -1) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 497) async = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 498) seq = XFRM_SKB_CB(skb)->seq.input.low;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 499) goto resume;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 500) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 501)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 502) /* encap_type < -1 indicates a GRO call. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 503) encap_type = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 504) seq = XFRM_SPI_SKB_CB(skb)->seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 505)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 506) if (xo && (xo->flags & CRYPTO_DONE)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 507) crypto_done = true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 508) family = XFRM_SPI_SKB_CB(skb)->family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 509)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 510) if (!(xo->status & CRYPTO_SUCCESS)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 511) if (xo->status &
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 512) (CRYPTO_TRANSPORT_AH_AUTH_FAILED |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 513) CRYPTO_TRANSPORT_ESP_AUTH_FAILED |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 514) CRYPTO_TUNNEL_AH_AUTH_FAILED |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 515) CRYPTO_TUNNEL_ESP_AUTH_FAILED)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 516)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 517) xfrm_audit_state_icvfail(x, skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 518) x->type->proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 519) x->stats.integrity_failed++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 520) XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEPROTOERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 521) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 522) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 523)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 524) if (xo->status & CRYPTO_INVALID_PROTOCOL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 525) XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEPROTOERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 526) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 527) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 528)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 529) XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 530) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 531) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 532)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 533) if ((err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 534) XFRM_INC_STATS(net, LINUX_MIB_XFRMINHDRERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 535) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 536) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 537) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 538)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 539) goto lock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 540) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 541)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 542) family = XFRM_SPI_SKB_CB(skb)->family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 543)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 544) /* if tunnel is present override skb->mark value with tunnel i_key */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 545) switch (family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 546) case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 547) if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 548) mark = be32_to_cpu(XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4->parms.i_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 549) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 550) case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 551) if (XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 552) mark = be32_to_cpu(XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6->parms.i_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 553) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 554) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 555)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 556) sp = secpath_set(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 557) if (!sp) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 558) XFRM_INC_STATS(net, LINUX_MIB_XFRMINERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 559) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 560) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 561)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 562) seq = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 563) if (!spi && (err = xfrm_parse_spi(skb, nexthdr, &spi, &seq)) != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 564) secpath_reset(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 565) XFRM_INC_STATS(net, LINUX_MIB_XFRMINHDRERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 566) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 567) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 568)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 569) daddr = (xfrm_address_t *)(skb_network_header(skb) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 570) XFRM_SPI_SKB_CB(skb)->daddroff);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 571) do {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 572) sp = skb_sec_path(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 573)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 574) if (sp->len == XFRM_MAX_DEPTH) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 575) secpath_reset(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 576) XFRM_INC_STATS(net, LINUX_MIB_XFRMINBUFFERERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 577) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 578) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 579)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 580) x = xfrm_state_lookup(net, mark, daddr, spi, nexthdr, family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 581) if (x == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 582) secpath_reset(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 583) XFRM_INC_STATS(net, LINUX_MIB_XFRMINNOSTATES);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 584) xfrm_audit_state_notfound(skb, family, spi, seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 585) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 586) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 587)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 588) skb->mark = xfrm_smark_get(skb->mark, x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 589)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 590) sp->xvec[sp->len++] = x;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 591)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 592) skb_dst_force(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 593) if (!skb_dst(skb)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 594) XFRM_INC_STATS(net, LINUX_MIB_XFRMINERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 595) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 596) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 597)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 598) lock:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 599) spin_lock(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 600)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 601) if (unlikely(x->km.state != XFRM_STATE_VALID)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 602) if (x->km.state == XFRM_STATE_ACQ)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 603) XFRM_INC_STATS(net, LINUX_MIB_XFRMACQUIREERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 604) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 605) XFRM_INC_STATS(net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 606) LINUX_MIB_XFRMINSTATEINVALID);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 607) goto drop_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 608) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 609)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 610) if ((x->encap ? x->encap->encap_type : 0) != encap_type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 611) XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMISMATCH);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 612) goto drop_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 613) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 614)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 615) if (x->repl->check(x, skb, seq)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 616) XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 617) goto drop_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 618) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 619)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 620) if (xfrm_state_check_expire(x)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 621) XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEEXPIRED);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 622) goto drop_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 623) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 624)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 625) spin_unlock(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 626)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 627) if (xfrm_tunnel_check(skb, x, family)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 628) XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 629) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 630) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 631)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 632) seq_hi = htonl(xfrm_replay_seqhi(x, seq));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 633)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 634) XFRM_SKB_CB(skb)->seq.input.low = seq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 635) XFRM_SKB_CB(skb)->seq.input.hi = seq_hi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 636)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 637) dev_hold(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 638)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 639) if (crypto_done)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 640) nexthdr = x->type_offload->input_tail(x, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 641) else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 642) nexthdr = x->type->input(x, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 643)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 644) if (nexthdr == -EINPROGRESS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 645) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 646) resume:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 647) dev_put(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 648)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 649) spin_lock(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 650) if (nexthdr < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 651) if (nexthdr == -EBADMSG) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 652) xfrm_audit_state_icvfail(x, skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 653) x->type->proto);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 654) x->stats.integrity_failed++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 655) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 656) XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEPROTOERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 657) goto drop_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 658) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 659)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 660) /* only the first xfrm gets the encap type */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 661) encap_type = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 662)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 663) if (x->repl->recheck(x, skb, seq)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 664) XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATESEQERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 665) goto drop_unlock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 666) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 667)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 668) x->repl->advance(x, seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 669)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 670) x->curlft.bytes += skb->len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 671) x->curlft.packets++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 672)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 673) spin_unlock(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 674)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 675) XFRM_MODE_SKB_CB(skb)->protocol = nexthdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 676)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 677) inner_mode = &x->inner_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 678)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 679) if (x->sel.family == AF_UNSPEC) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 680) inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 681) if (inner_mode == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 682) XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 683) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 684) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 685) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 686)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 687) if (xfrm_inner_mode_input(x, inner_mode, skb)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 688) XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 689) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 690) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 691)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 692) if (x->outer_mode.flags & XFRM_MODE_FLAG_TUNNEL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 693) decaps = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 694) break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 695) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 696)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 697) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 698) * We need the inner address. However, we only get here for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 699) * transport mode so the outer address is identical.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 700) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 701) daddr = &x->id.daddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 702) family = x->outer_mode.family;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 703)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 704) err = xfrm_parse_spi(skb, nexthdr, &spi, &seq);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 705) if (err < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 706) XFRM_INC_STATS(net, LINUX_MIB_XFRMINHDRERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 707) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 708) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 709) crypto_done = false;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 710) } while (!err);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 711)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 712) err = xfrm_rcv_cb(skb, family, x->type->proto, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 713) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 714) goto drop;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 715)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 716) nf_reset_ct(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 717)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 718) if (decaps) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 719) sp = skb_sec_path(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 720) if (sp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 721) sp->olen = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 722) skb_dst_drop(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 723) gro_cells_receive(&gro_cells, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 724) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 725) } else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 726) xo = xfrm_offload(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 727) if (xo)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 728) xfrm_gro = xo->flags & XFRM_GRO;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 729)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 730) err = -EAFNOSUPPORT;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 731) rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 732) afinfo = xfrm_state_afinfo_get_rcu(x->inner_mode.family);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 733) if (likely(afinfo))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 734) err = afinfo->transport_finish(skb, xfrm_gro || async);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 735) rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 736) if (xfrm_gro) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 737) sp = skb_sec_path(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 738) if (sp)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 739) sp->olen = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 740) skb_dst_drop(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 741) gro_cells_receive(&gro_cells, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 742) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 743) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 744)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 745) return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 746) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 747)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 748) drop_unlock:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 749) spin_unlock(&x->lock);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 750) drop:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 751) xfrm_rcv_cb(skb, family, x && x->type ? x->type->proto : nexthdr, -1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 752) kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 753) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 754) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 755) EXPORT_SYMBOL(xfrm_input);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 756)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 757) int xfrm_input_resume(struct sk_buff *skb, int nexthdr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 758) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 759) return xfrm_input(skb, nexthdr, 0, -1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 760) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 761) EXPORT_SYMBOL(xfrm_input_resume);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 762)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 763) static void xfrm_trans_reinject(unsigned long data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 764) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 765) struct xfrm_trans_tasklet *trans = (void *)data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 766) struct sk_buff_head queue;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 767) struct sk_buff *skb;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 768)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 769) __skb_queue_head_init(&queue);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 770) skb_queue_splice_init(&trans->queue, &queue);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 771)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 772) while ((skb = __skb_dequeue(&queue)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 773) XFRM_TRANS_SKB_CB(skb)->finish(XFRM_TRANS_SKB_CB(skb)->net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 774) NULL, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 775) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 776)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 777) int xfrm_trans_queue_net(struct net *net, struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 778) int (*finish)(struct net *, struct sock *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 779) struct sk_buff *))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 780) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 781) struct xfrm_trans_tasklet *trans;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 782)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 783) trans = this_cpu_ptr(&xfrm_trans_tasklet);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 784)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 785) if (skb_queue_len(&trans->queue) >= netdev_max_backlog)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 786) return -ENOBUFS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 787)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 788) BUILD_BUG_ON(sizeof(struct xfrm_trans_cb) > sizeof(skb->cb));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 789)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 790) XFRM_TRANS_SKB_CB(skb)->finish = finish;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 791) XFRM_TRANS_SKB_CB(skb)->net = net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 792) __skb_queue_tail(&trans->queue, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 793) tasklet_schedule(&trans->tasklet);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 794) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 795) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 796) EXPORT_SYMBOL(xfrm_trans_queue_net);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 797)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 798) int xfrm_trans_queue(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 799) int (*finish)(struct net *, struct sock *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 800) struct sk_buff *))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 801) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 802) return xfrm_trans_queue_net(dev_net(skb->dev), skb, finish);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 803) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 804) EXPORT_SYMBOL(xfrm_trans_queue);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 805)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 806) void __init xfrm_input_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 807) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 808) int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 809) int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 810)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 811) init_dummy_netdev(&xfrm_napi_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 812) err = gro_cells_init(&gro_cells, &xfrm_napi_dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 813) if (err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 814) gro_cells.cells = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 815)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 816) for_each_possible_cpu(i) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 817) struct xfrm_trans_tasklet *trans;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 818)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 819) trans = &per_cpu(xfrm_trans_tasklet, i);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 820) __skb_queue_head_init(&trans->queue);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 821) tasklet_init(&trans->tasklet, xfrm_trans_reinject,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 822) (unsigned long)trans);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 823) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 824) }
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags