Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/net/xfrm/xfrm_interface.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    1) // SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    3)  *	XFRM virtual interface
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    5)  *	Copyright (C) 2018 secunet Security Networks AG
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    6)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    7)  *	Author:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    8)  *	Steffen Klassert <steffen.klassert@secunet.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300    9)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   10) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   11) #include <linux/module.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   12) #include <linux/capability.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   13) #include <linux/errno.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   14) #include <linux/types.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   15) #include <linux/sockios.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   16) #include <linux/icmp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   17) #include <linux/if.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   18) #include <linux/in.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   19) #include <linux/ip.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   20) #include <linux/net.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   21) #include <linux/in6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   22) #include <linux/netdevice.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   23) #include <linux/if_link.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   24) #include <linux/if_arp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   25) #include <linux/icmpv6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   26) #include <linux/init.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   27) #include <linux/route.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   28) #include <linux/rtnetlink.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   29) #include <linux/netfilter_ipv6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   30) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   31) #include <linux/hash.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   32) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   33) #include <linux/uaccess.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   34) #include <linux/atomic.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   35) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   36) #include <net/icmp.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   37) #include <net/ip.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   38) #include <net/ipv6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   39) #include <net/ip6_route.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   40) #include <net/ip_tunnels.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   41) #include <net/addrconf.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   42) #include <net/xfrm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   43) #include <net/net_namespace.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   44) #include <net/netns/generic.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   45) #include <linux/etherdevice.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   46) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   47) static int xfrmi_dev_init(struct net_device *dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   48) static void xfrmi_dev_setup(struct net_device *dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   49) static struct rtnl_link_ops xfrmi_link_ops __read_mostly;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   50) static unsigned int xfrmi_net_id __read_mostly;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   51) static const struct net_device_ops xfrmi_netdev_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   52) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   53) #define XFRMI_HASH_BITS	8
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   54) #define XFRMI_HASH_SIZE	BIT(XFRMI_HASH_BITS)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   55) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   56) struct xfrmi_net {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   57) 	/* lists for storing interfaces in use */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   58) 	struct xfrm_if __rcu *xfrmi[XFRMI_HASH_SIZE];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   59) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   60) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   61) #define for_each_xfrmi_rcu(start, xi) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   62) 	for (xi = rcu_dereference(start); xi; xi = rcu_dereference(xi->next))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   63) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   64) static u32 xfrmi_hash(u32 if_id)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   65) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   66) 	return hash_32(if_id, XFRMI_HASH_BITS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   67) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   68) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   69) static struct xfrm_if *xfrmi_lookup(struct net *net, struct xfrm_state *x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   70) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   71) 	struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   72) 	struct xfrm_if *xi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   73) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   74) 	for_each_xfrmi_rcu(xfrmn->xfrmi[xfrmi_hash(x->if_id)], xi) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   75) 		if (x->if_id == xi->p.if_id &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   76) 		    (xi->dev->flags & IFF_UP))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   77) 			return xi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   78) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   79) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   80) 	return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   81) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   82) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   83) static struct xfrm_if *xfrmi_decode_session(struct sk_buff *skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   84) 					    unsigned short family)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   85) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   86) 	struct net_device *dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   87) 	int ifindex = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   88) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   89) 	if (!secpath_exists(skb) || !skb->dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   90) 		return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   91) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   92) 	switch (family) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   93) 	case AF_INET6:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   94) 		ifindex = inet6_sdif(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   95) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   96) 	case AF_INET:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   97) 		ifindex = inet_sdif(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   98) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   99) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  100) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  101) 	if (ifindex) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  102) 		struct net *net = xs_net(xfrm_input_state(skb));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  103) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  104) 		dev = dev_get_by_index_rcu(net, ifindex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  105) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  106) 		dev = skb->dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  107) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  108) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  109) 	if (!dev || !(dev->flags & IFF_UP))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  110) 		return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  111) 	if (dev->netdev_ops != &xfrmi_netdev_ops)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  112) 		return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  113) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  114) 	return netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  115) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  116) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  117) static void xfrmi_link(struct xfrmi_net *xfrmn, struct xfrm_if *xi)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  118) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  119) 	struct xfrm_if __rcu **xip = &xfrmn->xfrmi[xfrmi_hash(xi->p.if_id)];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  120) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  121) 	rcu_assign_pointer(xi->next , rtnl_dereference(*xip));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  122) 	rcu_assign_pointer(*xip, xi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  123) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  124) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  125) static void xfrmi_unlink(struct xfrmi_net *xfrmn, struct xfrm_if *xi)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  126) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  127) 	struct xfrm_if __rcu **xip;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  128) 	struct xfrm_if *iter;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  129) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  130) 	for (xip = &xfrmn->xfrmi[xfrmi_hash(xi->p.if_id)];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  131) 	     (iter = rtnl_dereference(*xip)) != NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  132) 	     xip = &iter->next) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  133) 		if (xi == iter) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  134) 			rcu_assign_pointer(*xip, xi->next);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  135) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  136) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  137) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  138) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  139) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  140) static void xfrmi_dev_free(struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  141) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  142) 	struct xfrm_if *xi = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  143) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  144) 	gro_cells_destroy(&xi->gro_cells);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  145) 	free_percpu(dev->tstats);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  146) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  147) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  148) static int xfrmi_create(struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  149) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  150) 	struct xfrm_if *xi = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  151) 	struct net *net = dev_net(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  152) 	struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  153) 	int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  154) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  155) 	dev->rtnl_link_ops = &xfrmi_link_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  156) 	err = register_netdevice(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  157) 	if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  158) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  159) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  160) 	xfrmi_link(xfrmn, xi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  161) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  162) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  163) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  164) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  165) 	return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  166) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  167) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  168) static struct xfrm_if *xfrmi_locate(struct net *net, struct xfrm_if_parms *p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  169) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  170) 	struct xfrm_if __rcu **xip;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  171) 	struct xfrm_if *xi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  172) 	struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  173) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  174) 	for (xip = &xfrmn->xfrmi[xfrmi_hash(p->if_id)];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  175) 	     (xi = rtnl_dereference(*xip)) != NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  176) 	     xip = &xi->next)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  177) 		if (xi->p.if_id == p->if_id)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  178) 			return xi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  179) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  180) 	return NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  181) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  182) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  183) static void xfrmi_dev_uninit(struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  184) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  185) 	struct xfrm_if *xi = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  186) 	struct xfrmi_net *xfrmn = net_generic(xi->net, xfrmi_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  187) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  188) 	xfrmi_unlink(xfrmn, xi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  189) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  190) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  191) static void xfrmi_scrub_packet(struct sk_buff *skb, bool xnet)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  192) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  193) 	skb->tstamp = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  194) 	skb->pkt_type = PACKET_HOST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  195) 	skb->skb_iif = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  196) 	skb->ignore_df = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  197) 	skb_dst_drop(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  198) 	nf_reset_ct(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  199) 	nf_reset_trace(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  200) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  201) 	if (!xnet)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  202) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  203) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  204) 	ipvs_reset(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  205) 	secpath_reset(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  206) 	skb_orphan(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  207) 	skb->mark = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  208) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  209) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  210) static int xfrmi_rcv_cb(struct sk_buff *skb, int err)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  211) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  212) 	const struct xfrm_mode *inner_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  213) 	struct net_device *dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  214) 	struct xfrm_state *x;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  215) 	struct xfrm_if *xi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  216) 	bool xnet;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  217) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  218) 	if (err && !secpath_exists(skb))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  219) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  220) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  221) 	x = xfrm_input_state(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  222) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  223) 	xi = xfrmi_lookup(xs_net(x), x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  224) 	if (!xi)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  225) 		return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  226) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  227) 	dev = xi->dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  228) 	skb->dev = dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  229) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  230) 	if (err) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  231) 		dev->stats.rx_errors++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  232) 		dev->stats.rx_dropped++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  233) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  234) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  235) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  236) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  237) 	xnet = !net_eq(xi->net, dev_net(skb->dev));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  238) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  239) 	if (xnet) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  240) 		inner_mode = &x->inner_mode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  241) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  242) 		if (x->sel.family == AF_UNSPEC) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  243) 			inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  244) 			if (inner_mode == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  245) 				XFRM_INC_STATS(dev_net(skb->dev),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  246) 					       LINUX_MIB_XFRMINSTATEMODEERROR);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  247) 				return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  248) 			}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  249) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  250) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  251) 		if (!xfrm_policy_check(NULL, XFRM_POLICY_IN, skb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  252) 				       inner_mode->family))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  253) 			return -EPERM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  254) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  255) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  256) 	xfrmi_scrub_packet(skb, xnet);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  257) 	dev_sw_netstats_rx_add(dev, skb->len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  258) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  259) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  260) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  261) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  262) static int
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  263) xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  264) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  265) 	struct xfrm_if *xi = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  266) 	struct net_device_stats *stats = &xi->dev->stats;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  267) 	struct dst_entry *dst = skb_dst(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  268) 	unsigned int length = skb->len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  269) 	struct net_device *tdev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  270) 	struct xfrm_state *x;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  271) 	int err = -1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  272) 	int mtu;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  273) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  274) 	dst_hold(dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  275) 	dst = xfrm_lookup_with_ifid(xi->net, dst, fl, NULL, 0, xi->p.if_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  276) 	if (IS_ERR(dst)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  277) 		err = PTR_ERR(dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  278) 		dst = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  279) 		goto tx_err_link_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  280) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  281) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  282) 	x = dst->xfrm;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  283) 	if (!x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  284) 		goto tx_err_link_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  285) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  286) 	if (x->if_id != xi->p.if_id)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  287) 		goto tx_err_link_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  288) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  289) 	tdev = dst->dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  290) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  291) 	if (tdev == dev) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  292) 		stats->collisions++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  293) 		net_warn_ratelimited("%s: Local routing loop detected!\n",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  294) 				     dev->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  295) 		goto tx_err_dst_release;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  296) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  297) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  298) 	mtu = dst_mtu(dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  299) 	if (skb->len > mtu) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  300) 		skb_dst_update_pmtu_no_confirm(skb, mtu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  301) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  302) 		if (skb->protocol == htons(ETH_P_IPV6)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  303) 			if (mtu < IPV6_MIN_MTU)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  304) 				mtu = IPV6_MIN_MTU;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  305) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  306) 			if (skb->len > 1280)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  307) 				icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  308) 			else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  309) 				goto xmit;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  310) 		} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  311) 			if (!(ip_hdr(skb)->frag_off & htons(IP_DF)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  312) 				goto xmit;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  313) 			icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  314) 				      htonl(mtu));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  315) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  316) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  317) 		dst_release(dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  318) 		return -EMSGSIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  319) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  320) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  321) xmit:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  322) 	xfrmi_scrub_packet(skb, !net_eq(xi->net, dev_net(dev)));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  323) 	skb_dst_set(skb, dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  324) 	skb->dev = tdev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  325) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  326) 	err = dst_output(xi->net, skb->sk, skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  327) 	if (net_xmit_eval(err) == 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  328) 		struct pcpu_sw_netstats *tstats = this_cpu_ptr(dev->tstats);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  329) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  330) 		u64_stats_update_begin(&tstats->syncp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  331) 		tstats->tx_bytes += length;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  332) 		tstats->tx_packets++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  333) 		u64_stats_update_end(&tstats->syncp);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  334) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  335) 		stats->tx_errors++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  336) 		stats->tx_aborted_errors++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  337) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  338) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  339) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  340) tx_err_link_failure:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  341) 	stats->tx_carrier_errors++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  342) 	dst_link_failure(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  343) tx_err_dst_release:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  344) 	dst_release(dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  345) 	return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  346) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  347) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  348) static netdev_tx_t xfrmi_xmit(struct sk_buff *skb, struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  349) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  350) 	struct xfrm_if *xi = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  351) 	struct net_device_stats *stats = &xi->dev->stats;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  352) 	struct dst_entry *dst = skb_dst(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  353) 	struct flowi fl;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  354) 	int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  355) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  356) 	memset(&fl, 0, sizeof(fl));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  357) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  358) 	switch (skb->protocol) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  359) 	case htons(ETH_P_IPV6):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  360) 		xfrm_decode_session(skb, &fl, AF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  361) 		memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  362) 		if (!dst) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  363) 			fl.u.ip6.flowi6_oif = dev->ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  364) 			fl.u.ip6.flowi6_flags |= FLOWI_FLAG_ANYSRC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  365) 			dst = ip6_route_output(dev_net(dev), NULL, &fl.u.ip6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  366) 			if (dst->error) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  367) 				dst_release(dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  368) 				stats->tx_carrier_errors++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  369) 				goto tx_err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  370) 			}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  371) 			skb_dst_set(skb, dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  372) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  373) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  374) 	case htons(ETH_P_IP):
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  375) 		xfrm_decode_session(skb, &fl, AF_INET);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  376) 		memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  377) 		if (!dst) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  378) 			struct rtable *rt;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  379) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  380) 			fl.u.ip4.flowi4_oif = dev->ifindex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  381) 			fl.u.ip4.flowi4_flags |= FLOWI_FLAG_ANYSRC;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  382) 			rt = __ip_route_output_key(dev_net(dev), &fl.u.ip4);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  383) 			if (IS_ERR(rt)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  384) 				stats->tx_carrier_errors++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  385) 				goto tx_err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  386) 			}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  387) 			skb_dst_set(skb, &rt->dst);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  388) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  389) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  390) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  391) 		goto tx_err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  392) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  393) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  394) 	fl.flowi_oif = xi->p.link;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  395) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  396) 	ret = xfrmi_xmit2(skb, dev, &fl);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  397) 	if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  398) 		goto tx_err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  399) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  400) 	return NETDEV_TX_OK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  401) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  402) tx_err:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  403) 	stats->tx_errors++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  404) 	stats->tx_dropped++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  405) 	kfree_skb(skb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  406) 	return NETDEV_TX_OK;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  407) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  408) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  409) static int xfrmi4_err(struct sk_buff *skb, u32 info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  410) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  411) 	const struct iphdr *iph = (const struct iphdr *)skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  412) 	struct net *net = dev_net(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  413) 	int protocol = iph->protocol;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  414) 	struct ip_comp_hdr *ipch;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  415) 	struct ip_esp_hdr *esph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  416) 	struct ip_auth_hdr *ah ;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  417) 	struct xfrm_state *x;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  418) 	struct xfrm_if *xi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  419) 	__be32 spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  420) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  421) 	switch (protocol) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  422) 	case IPPROTO_ESP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  423) 		esph = (struct ip_esp_hdr *)(skb->data+(iph->ihl<<2));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  424) 		spi = esph->spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  425) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  426) 	case IPPROTO_AH:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  427) 		ah = (struct ip_auth_hdr *)(skb->data+(iph->ihl<<2));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  428) 		spi = ah->spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  429) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  430) 	case IPPROTO_COMP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  431) 		ipch = (struct ip_comp_hdr *)(skb->data+(iph->ihl<<2));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  432) 		spi = htonl(ntohs(ipch->cpi));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  433) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  434) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  435) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  436) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  437) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  438) 	switch (icmp_hdr(skb)->type) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  439) 	case ICMP_DEST_UNREACH:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  440) 		if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  441) 			return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  442) 	case ICMP_REDIRECT:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  443) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  444) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  445) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  446) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  447) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  448) 	x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  449) 			      spi, protocol, AF_INET);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  450) 	if (!x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  451) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  452) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  453) 	xi = xfrmi_lookup(net, x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  454) 	if (!xi) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  455) 		xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  456) 		return -1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  457) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  458) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  459) 	if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  460) 		ipv4_update_pmtu(skb, net, info, 0, protocol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  461) 	else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  462) 		ipv4_redirect(skb, net, 0, protocol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  463) 	xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  464) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  465) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  466) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  467) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  468) static int xfrmi6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  469) 		    u8 type, u8 code, int offset, __be32 info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  470) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  471) 	const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  472) 	struct net *net = dev_net(skb->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  473) 	int protocol = iph->nexthdr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  474) 	struct ip_comp_hdr *ipch;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  475) 	struct ip_esp_hdr *esph;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  476) 	struct ip_auth_hdr *ah;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  477) 	struct xfrm_state *x;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  478) 	struct xfrm_if *xi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  479) 	__be32 spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  480) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  481) 	switch (protocol) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  482) 	case IPPROTO_ESP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  483) 		esph = (struct ip_esp_hdr *)(skb->data + offset);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  484) 		spi = esph->spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  485) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  486) 	case IPPROTO_AH:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  487) 		ah = (struct ip_auth_hdr *)(skb->data + offset);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  488) 		spi = ah->spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  489) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  490) 	case IPPROTO_COMP:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  491) 		ipch = (struct ip_comp_hdr *)(skb->data + offset);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  492) 		spi = htonl(ntohs(ipch->cpi));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  493) 		break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  494) 	default:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  495) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  496) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  497) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  498) 	if (type != ICMPV6_PKT_TOOBIG &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  499) 	    type != NDISC_REDIRECT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  500) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  501) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  502) 	x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  503) 			      spi, protocol, AF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  504) 	if (!x)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  505) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  506) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  507) 	xi = xfrmi_lookup(net, x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  508) 	if (!xi) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  509) 		xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  510) 		return -1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  511) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  512) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  513) 	if (type == NDISC_REDIRECT)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  514) 		ip6_redirect(skb, net, skb->dev->ifindex, 0,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  515) 			     sock_net_uid(net, NULL));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  516) 	else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  517) 		ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  518) 	xfrm_state_put(x);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  519) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  520) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  521) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  522) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  523) static int xfrmi_change(struct xfrm_if *xi, const struct xfrm_if_parms *p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  524) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  525) 	if (xi->p.link != p->link)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  526) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  527) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  528) 	xi->p.if_id = p->if_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  529) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  530) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  531) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  532) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  533) static int xfrmi_update(struct xfrm_if *xi, struct xfrm_if_parms *p)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  534) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  535) 	struct net *net = xi->net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  536) 	struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  537) 	int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  538) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  539) 	xfrmi_unlink(xfrmn, xi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  540) 	synchronize_net();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  541) 	err = xfrmi_change(xi, p);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  542) 	xfrmi_link(xfrmn, xi);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  543) 	netdev_state_change(xi->dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  544) 	return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  545) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  546) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  547) static void xfrmi_get_stats64(struct net_device *dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  548) 			       struct rtnl_link_stats64 *s)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  549) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  550) 	dev_fetch_sw_netstats(s, dev->tstats);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  551) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  552) 	s->rx_dropped = dev->stats.rx_dropped;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  553) 	s->tx_dropped = dev->stats.tx_dropped;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  554) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  555) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  556) static int xfrmi_get_iflink(const struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  557) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  558) 	struct xfrm_if *xi = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  559) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  560) 	return xi->p.link;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  561) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  562) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  563) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  564) static const struct net_device_ops xfrmi_netdev_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  565) 	.ndo_init	= xfrmi_dev_init,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  566) 	.ndo_uninit	= xfrmi_dev_uninit,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  567) 	.ndo_start_xmit = xfrmi_xmit,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  568) 	.ndo_get_stats64 = xfrmi_get_stats64,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  569) 	.ndo_get_iflink = xfrmi_get_iflink,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  570) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  571) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  572) static void xfrmi_dev_setup(struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  573) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  574) 	dev->netdev_ops 	= &xfrmi_netdev_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  575) 	dev->header_ops		= &ip_tunnel_header_ops;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  576) 	dev->type		= ARPHRD_NONE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  577) 	dev->mtu		= ETH_DATA_LEN;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  578) 	dev->min_mtu		= ETH_MIN_MTU;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  579) 	dev->max_mtu		= IP_MAX_MTU;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  580) 	dev->flags 		= IFF_NOARP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  581) 	dev->needs_free_netdev	= true;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  582) 	dev->priv_destructor	= xfrmi_dev_free;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  583) 	netif_keep_dst(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  584) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  585) 	eth_broadcast_addr(dev->broadcast);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  586) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  587) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  588) static int xfrmi_dev_init(struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  589) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  590) 	struct xfrm_if *xi = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  591) 	struct net_device *phydev = __dev_get_by_index(xi->net, xi->p.link);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  592) 	int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  593) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  594) 	dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  595) 	if (!dev->tstats)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  596) 		return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  597) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  598) 	err = gro_cells_init(&xi->gro_cells, dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  599) 	if (err) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  600) 		free_percpu(dev->tstats);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  601) 		return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  602) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  603) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  604) 	dev->features |= NETIF_F_LLTX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  605) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  606) 	if (phydev) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  607) 		dev->needed_headroom = phydev->needed_headroom;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  608) 		dev->needed_tailroom = phydev->needed_tailroom;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  609) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  610) 		if (is_zero_ether_addr(dev->dev_addr))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  611) 			eth_hw_addr_inherit(dev, phydev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  612) 		if (is_zero_ether_addr(dev->broadcast))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  613) 			memcpy(dev->broadcast, phydev->broadcast,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  614) 			       dev->addr_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  615) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  616) 		eth_hw_addr_random(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  617) 		eth_broadcast_addr(dev->broadcast);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  618) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  619) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  620) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  621) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  622) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  623) static int xfrmi_validate(struct nlattr *tb[], struct nlattr *data[],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  624) 			 struct netlink_ext_ack *extack)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  625) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  626) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  627) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  628) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  629) static void xfrmi_netlink_parms(struct nlattr *data[],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  630) 			       struct xfrm_if_parms *parms)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  631) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  632) 	memset(parms, 0, sizeof(*parms));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  633) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  634) 	if (!data)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  635) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  636) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  637) 	if (data[IFLA_XFRM_LINK])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  638) 		parms->link = nla_get_u32(data[IFLA_XFRM_LINK]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  639) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  640) 	if (data[IFLA_XFRM_IF_ID])
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  641) 		parms->if_id = nla_get_u32(data[IFLA_XFRM_IF_ID]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  642) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  643) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  644) static int xfrmi_newlink(struct net *src_net, struct net_device *dev,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  645) 			struct nlattr *tb[], struct nlattr *data[],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  646) 			struct netlink_ext_ack *extack)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  647) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  648) 	struct net *net = dev_net(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  649) 	struct xfrm_if_parms p = {};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  650) 	struct xfrm_if *xi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  651) 	int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  652) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  653) 	xfrmi_netlink_parms(data, &p);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  654) 	if (!p.if_id) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  655) 		NL_SET_ERR_MSG(extack, "if_id must be non zero");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  656) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  657) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  658) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  659) 	xi = xfrmi_locate(net, &p);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  660) 	if (xi)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  661) 		return -EEXIST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  662) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  663) 	xi = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  664) 	xi->p = p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  665) 	xi->net = net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  666) 	xi->dev = dev;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  667) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  668) 	err = xfrmi_create(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  669) 	return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  670) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  671) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  672) static void xfrmi_dellink(struct net_device *dev, struct list_head *head)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  673) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  674) 	unregister_netdevice_queue(dev, head);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  675) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  676) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  677) static int xfrmi_changelink(struct net_device *dev, struct nlattr *tb[],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  678) 			   struct nlattr *data[],
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  679) 			   struct netlink_ext_ack *extack)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  680) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  681) 	struct xfrm_if *xi = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  682) 	struct net *net = xi->net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  683) 	struct xfrm_if_parms p = {};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  684) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  685) 	xfrmi_netlink_parms(data, &p);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  686) 	if (!p.if_id) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  687) 		NL_SET_ERR_MSG(extack, "if_id must be non zero");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  688) 		return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  689) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  690) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  691) 	xi = xfrmi_locate(net, &p);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  692) 	if (!xi) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  693) 		xi = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  694) 	} else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  695) 		if (xi->dev != dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  696) 			return -EEXIST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  697) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  698) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  699) 	return xfrmi_update(xi, &p);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  700) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  701) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  702) static size_t xfrmi_get_size(const struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  703) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  704) 	return
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  705) 		/* IFLA_XFRM_LINK */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  706) 		nla_total_size(4) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  707) 		/* IFLA_XFRM_IF_ID */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  708) 		nla_total_size(4) +
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  709) 		0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  710) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  711) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  712) static int xfrmi_fill_info(struct sk_buff *skb, const struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  713) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  714) 	struct xfrm_if *xi = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  715) 	struct xfrm_if_parms *parm = &xi->p;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  716) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  717) 	if (nla_put_u32(skb, IFLA_XFRM_LINK, parm->link) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  718) 	    nla_put_u32(skb, IFLA_XFRM_IF_ID, parm->if_id))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  719) 		goto nla_put_failure;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  720) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  721) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  722) nla_put_failure:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  723) 	return -EMSGSIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  724) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  725) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  726) static struct net *xfrmi_get_link_net(const struct net_device *dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  727) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  728) 	struct xfrm_if *xi = netdev_priv(dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  729) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  730) 	return xi->net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  731) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  732) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  733) static const struct nla_policy xfrmi_policy[IFLA_XFRM_MAX + 1] = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  734) 	[IFLA_XFRM_LINK]	= { .type = NLA_U32 },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  735) 	[IFLA_XFRM_IF_ID]	= { .type = NLA_U32 },
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  736) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  737) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  738) static struct rtnl_link_ops xfrmi_link_ops __read_mostly = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  739) 	.kind		= "xfrm",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  740) 	.maxtype	= IFLA_XFRM_MAX,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  741) 	.policy		= xfrmi_policy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  742) 	.priv_size	= sizeof(struct xfrm_if),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  743) 	.setup		= xfrmi_dev_setup,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  744) 	.validate	= xfrmi_validate,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  745) 	.newlink	= xfrmi_newlink,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  746) 	.dellink	= xfrmi_dellink,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  747) 	.changelink	= xfrmi_changelink,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  748) 	.get_size	= xfrmi_get_size,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  749) 	.fill_info	= xfrmi_fill_info,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  750) 	.get_link_net	= xfrmi_get_link_net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  751) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  752) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  753) static void __net_exit xfrmi_exit_batch_net(struct list_head *net_exit_list)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  754) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  755) 	struct net *net;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  756) 	LIST_HEAD(list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  757) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  758) 	rtnl_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  759) 	list_for_each_entry(net, net_exit_list, exit_list) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  760) 		struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  761) 		struct xfrm_if __rcu **xip;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  762) 		struct xfrm_if *xi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  763) 		int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  764) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  765) 		for (i = 0; i < XFRMI_HASH_SIZE; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  766) 			for (xip = &xfrmn->xfrmi[i];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  767) 			     (xi = rtnl_dereference(*xip)) != NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  768) 			     xip = &xi->next)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  769) 				unregister_netdevice_queue(xi->dev, &list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  770) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  771) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  772) 	unregister_netdevice_many(&list);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  773) 	rtnl_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  774) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  775) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  776) static struct pernet_operations xfrmi_net_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  777) 	.exit_batch = xfrmi_exit_batch_net,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  778) 	.id   = &xfrmi_net_id,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  779) 	.size = sizeof(struct xfrmi_net),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  780) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  781) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  782) static struct xfrm6_protocol xfrmi_esp6_protocol __read_mostly = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  783) 	.handler	=	xfrm6_rcv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  784) 	.input_handler	=	xfrm_input,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  785) 	.cb_handler	=	xfrmi_rcv_cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  786) 	.err_handler	=	xfrmi6_err,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  787) 	.priority	=	10,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  788) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  789) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  790) static struct xfrm6_protocol xfrmi_ah6_protocol __read_mostly = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  791) 	.handler	=	xfrm6_rcv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  792) 	.input_handler	=	xfrm_input,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  793) 	.cb_handler	=	xfrmi_rcv_cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  794) 	.err_handler	=	xfrmi6_err,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  795) 	.priority	=	10,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  796) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  797) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  798) static struct xfrm6_protocol xfrmi_ipcomp6_protocol __read_mostly = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  799) 	.handler	=	xfrm6_rcv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  800) 	.input_handler	=	xfrm_input,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  801) 	.cb_handler	=	xfrmi_rcv_cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  802) 	.err_handler	=	xfrmi6_err,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  803) 	.priority	=	10,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  804) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  805) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  806) #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  807) static int xfrmi6_rcv_tunnel(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  808) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  809) 	const xfrm_address_t *saddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  810) 	__be32 spi;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  811) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  812) 	saddr = (const xfrm_address_t *)&ipv6_hdr(skb)->saddr;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  813) 	spi = xfrm6_tunnel_spi_lookup(dev_net(skb->dev), saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  814) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  815) 	return xfrm6_rcv_spi(skb, IPPROTO_IPV6, spi, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  816) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  817) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  818) static struct xfrm6_tunnel xfrmi_ipv6_handler __read_mostly = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  819) 	.handler	=	xfrmi6_rcv_tunnel,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  820) 	.cb_handler	=	xfrmi_rcv_cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  821) 	.err_handler	=	xfrmi6_err,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  822) 	.priority	=	2,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  823) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  824) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  825) static struct xfrm6_tunnel xfrmi_ip6ip_handler __read_mostly = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  826) 	.handler	=	xfrmi6_rcv_tunnel,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  827) 	.cb_handler	=	xfrmi_rcv_cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  828) 	.err_handler	=	xfrmi6_err,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  829) 	.priority	=	2,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  830) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  831) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  832) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  833) static struct xfrm4_protocol xfrmi_esp4_protocol __read_mostly = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  834) 	.handler	=	xfrm4_rcv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  835) 	.input_handler	=	xfrm_input,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  836) 	.cb_handler	=	xfrmi_rcv_cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  837) 	.err_handler	=	xfrmi4_err,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  838) 	.priority	=	10,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  839) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  840) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  841) static struct xfrm4_protocol xfrmi_ah4_protocol __read_mostly = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  842) 	.handler	=	xfrm4_rcv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  843) 	.input_handler	=	xfrm_input,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  844) 	.cb_handler	=	xfrmi_rcv_cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  845) 	.err_handler	=	xfrmi4_err,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  846) 	.priority	=	10,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  847) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  848) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  849) static struct xfrm4_protocol xfrmi_ipcomp4_protocol __read_mostly = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  850) 	.handler	=	xfrm4_rcv,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  851) 	.input_handler	=	xfrm_input,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  852) 	.cb_handler	=	xfrmi_rcv_cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  853) 	.err_handler	=	xfrmi4_err,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  854) 	.priority	=	10,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  855) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  856) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  857) #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  858) static int xfrmi4_rcv_tunnel(struct sk_buff *skb)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  859) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  860) 	return xfrm4_rcv_spi(skb, IPPROTO_IPIP, ip_hdr(skb)->saddr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  861) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  862) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  863) static struct xfrm_tunnel xfrmi_ipip_handler __read_mostly = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  864) 	.handler	=	xfrmi4_rcv_tunnel,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  865) 	.cb_handler	=	xfrmi_rcv_cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  866) 	.err_handler	=	xfrmi4_err,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  867) 	.priority	=	3,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  868) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  869) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  870) static struct xfrm_tunnel xfrmi_ipip6_handler __read_mostly = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  871) 	.handler	=	xfrmi4_rcv_tunnel,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  872) 	.cb_handler	=	xfrmi_rcv_cb,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  873) 	.err_handler	=	xfrmi4_err,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  874) 	.priority	=	2,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  875) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  876) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  877) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  878) static int __init xfrmi4_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  879) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  880) 	int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  881) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  882) 	err = xfrm4_protocol_register(&xfrmi_esp4_protocol, IPPROTO_ESP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  883) 	if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  884) 		goto xfrm_proto_esp_failed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  885) 	err = xfrm4_protocol_register(&xfrmi_ah4_protocol, IPPROTO_AH);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  886) 	if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  887) 		goto xfrm_proto_ah_failed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  888) 	err = xfrm4_protocol_register(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  889) 	if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  890) 		goto xfrm_proto_comp_failed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  891) #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  892) 	err = xfrm4_tunnel_register(&xfrmi_ipip_handler, AF_INET);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  893) 	if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  894) 		goto xfrm_tunnel_ipip_failed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  895) 	err = xfrm4_tunnel_register(&xfrmi_ipip6_handler, AF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  896) 	if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  897) 		goto xfrm_tunnel_ipip6_failed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  898) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  899) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  900) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  901) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  902) #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  903) xfrm_tunnel_ipip6_failed:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  904) 	xfrm4_tunnel_deregister(&xfrmi_ipip_handler, AF_INET);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  905) xfrm_tunnel_ipip_failed:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  906) 	xfrm4_protocol_deregister(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  907) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  908) xfrm_proto_comp_failed:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  909) 	xfrm4_protocol_deregister(&xfrmi_ah4_protocol, IPPROTO_AH);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  910) xfrm_proto_ah_failed:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  911) 	xfrm4_protocol_deregister(&xfrmi_esp4_protocol, IPPROTO_ESP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  912) xfrm_proto_esp_failed:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  913) 	return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  914) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  915) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  916) static void xfrmi4_fini(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  917) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  918) #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  919) 	xfrm4_tunnel_deregister(&xfrmi_ipip6_handler, AF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  920) 	xfrm4_tunnel_deregister(&xfrmi_ipip_handler, AF_INET);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  921) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  922) 	xfrm4_protocol_deregister(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  923) 	xfrm4_protocol_deregister(&xfrmi_ah4_protocol, IPPROTO_AH);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  924) 	xfrm4_protocol_deregister(&xfrmi_esp4_protocol, IPPROTO_ESP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  925) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  926) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  927) static int __init xfrmi6_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  928) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  929) 	int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  930) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  931) 	err = xfrm6_protocol_register(&xfrmi_esp6_protocol, IPPROTO_ESP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  932) 	if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  933) 		goto xfrm_proto_esp_failed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  934) 	err = xfrm6_protocol_register(&xfrmi_ah6_protocol, IPPROTO_AH);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  935) 	if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  936) 		goto xfrm_proto_ah_failed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  937) 	err = xfrm6_protocol_register(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  938) 	if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  939) 		goto xfrm_proto_comp_failed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  940) #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  941) 	err = xfrm6_tunnel_register(&xfrmi_ipv6_handler, AF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  942) 	if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  943) 		goto xfrm_tunnel_ipv6_failed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  944) 	err = xfrm6_tunnel_register(&xfrmi_ip6ip_handler, AF_INET);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  945) 	if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  946) 		goto xfrm_tunnel_ip6ip_failed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  947) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  948) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  949) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  950) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  951) #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  952) xfrm_tunnel_ip6ip_failed:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  953) 	xfrm6_tunnel_deregister(&xfrmi_ipv6_handler, AF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  954) xfrm_tunnel_ipv6_failed:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  955) 	xfrm6_protocol_deregister(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  956) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  957) xfrm_proto_comp_failed:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  958) 	xfrm6_protocol_deregister(&xfrmi_ah6_protocol, IPPROTO_AH);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  959) xfrm_proto_ah_failed:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  960) 	xfrm6_protocol_deregister(&xfrmi_esp6_protocol, IPPROTO_ESP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  961) xfrm_proto_esp_failed:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  962) 	return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  963) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  964) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  965) static void xfrmi6_fini(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  966) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  967) #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  968) 	xfrm6_tunnel_deregister(&xfrmi_ip6ip_handler, AF_INET);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  969) 	xfrm6_tunnel_deregister(&xfrmi_ipv6_handler, AF_INET6);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  970) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  971) 	xfrm6_protocol_deregister(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  972) 	xfrm6_protocol_deregister(&xfrmi_ah6_protocol, IPPROTO_AH);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  973) 	xfrm6_protocol_deregister(&xfrmi_esp6_protocol, IPPROTO_ESP);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  974) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  975) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  976) static const struct xfrm_if_cb xfrm_if_cb = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  977) 	.decode_session =	xfrmi_decode_session,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  978) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  979) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  980) static int __init xfrmi_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  981) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  982) 	const char *msg;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  983) 	int err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  984) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  985) 	pr_info("IPsec XFRM device driver\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  986) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  987) 	msg = "tunnel device";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  988) 	err = register_pernet_device(&xfrmi_net_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  989) 	if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  990) 		goto pernet_dev_failed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  991) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  992) 	msg = "xfrm4 protocols";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  993) 	err = xfrmi4_init();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  994) 	if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  995) 		goto xfrmi4_failed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  996) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  997) 	msg = "xfrm6 protocols";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  998) 	err = xfrmi6_init();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  999) 	if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1000) 		goto xfrmi6_failed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1001) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1002) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1003) 	msg = "netlink interface";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1004) 	err = rtnl_link_register(&xfrmi_link_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1005) 	if (err < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1006) 		goto rtnl_link_failed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1007) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1008) 	xfrm_if_register_cb(&xfrm_if_cb);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1009) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1010) 	return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1011) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1012) rtnl_link_failed:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1013) 	xfrmi6_fini();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1014) xfrmi6_failed:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1015) 	xfrmi4_fini();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1016) xfrmi4_failed:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1017) 	unregister_pernet_device(&xfrmi_net_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1018) pernet_dev_failed:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1019) 	pr_err("xfrmi init: failed to register %s\n", msg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1020) 	return err;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1021) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1022) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1023) static void __exit xfrmi_fini(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1024) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1025) 	xfrm_if_unregister_cb();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1026) 	rtnl_link_unregister(&xfrmi_link_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1027) 	xfrmi4_fini();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1028) 	xfrmi6_fini();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1029) 	unregister_pernet_device(&xfrmi_net_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1030) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1031) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1032) module_init(xfrmi_init);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1033) module_exit(xfrmi_fini);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1034) MODULE_LICENSE("GPL");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1035) MODULE_ALIAS_RTNL_LINK("xfrm");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1036) MODULE_ALIAS_NETDEV("xfrm0");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1037) MODULE_AUTHOR("Steffen Klassert");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1038) MODULE_DESCRIPTION("XFRM virtual interface");
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.