1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* Copyright (c) 2014 Mahesh Bandewar <maheshb@google.com> 3 */ 4 5 #include "ipvlan.h" 6 7 static u32 ipvlan_jhash_secret __read_mostly; 8 9 void ipvlan_init_secret(void) 10 { 11 net_get_random_once(&ipvlan_jhash_secret, sizeof(ipvlan_jhash_secret)); 12 } 13 14 void ipvlan_count_rx(const struct ipvl_dev *ipvlan, 15 unsigned int len, bool success, bool mcast) 16 { 17 if (likely(success)) { 18 struct ipvl_pcpu_stats *pcptr; 19 20 pcptr = this_cpu_ptr(ipvlan->pcpu_stats); 21 u64_stats_update_begin(&pcptr->syncp); 22 pcptr->rx_pkts++; 23 pcptr->rx_bytes += len; 24 if (mcast) 25 pcptr->rx_mcast++; 26 u64_stats_update_end(&pcptr->syncp); 27 } else { 28 this_cpu_inc(ipvlan->pcpu_stats->rx_errs); 29 } 30 } 31 EXPORT_SYMBOL_GPL(ipvlan_count_rx); 32 33 #if IS_ENABLED(CONFIG_IPV6) 34 static u8 ipvlan_get_v6_hash(const void *iaddr) 35 { 36 const struct in6_addr *ip6_addr = iaddr; 37 38 return __ipv6_addr_jhash(ip6_addr, ipvlan_jhash_secret) & 39 IPVLAN_HASH_MASK; 40 } 41 #else 42 static u8 ipvlan_get_v6_hash(const void *iaddr) 43 { 44 return 0; 45 } 46 #endif 47 48 static u8 ipvlan_get_v4_hash(const void *iaddr) 49 { 50 const struct in_addr *ip4_addr = iaddr; 51 52 return jhash_1word(ip4_addr->s_addr, ipvlan_jhash_secret) & 53 IPVLAN_HASH_MASK; 54 } 55 56 static bool addr_equal(bool is_v6, struct ipvl_addr *addr, const void *iaddr) 57 { 58 if (!is_v6 && addr->atype == IPVL_IPV4) { 59 struct in_addr *i4addr = (struct in_addr *)iaddr; 60 61 return addr->ip4addr.s_addr == i4addr->s_addr; 62 #if IS_ENABLED(CONFIG_IPV6) 63 } else if (is_v6 && addr->atype == IPVL_IPV6) { 64 struct in6_addr *i6addr = (struct in6_addr *)iaddr; 65 66 return ipv6_addr_equal(&addr->ip6addr, i6addr); 67 #endif 68 } 69 70 return false; 71 } 72 73 static struct ipvl_addr *ipvlan_ht_addr_lookup(const struct ipvl_port *port, 74 const void *iaddr, bool is_v6) 75 { 76 struct ipvl_addr *addr; 77 u8 hash; 78 79 hash = is_v6 ? ipvlan_get_v6_hash(iaddr) : 80 ipvlan_get_v4_hash(iaddr); 81 hlist_for_each_entry_rcu(addr, &port->hlhead[hash], hlnode) 82 if (addr_equal(is_v6, addr, iaddr)) 83 return addr; 84 return NULL; 85 } 86 87 void ipvlan_ht_addr_add(struct ipvl_dev *ipvlan, struct ipvl_addr *addr) 88 { 89 struct ipvl_port *port = ipvlan->port; 90 u8 hash; 91 92 hash = (addr->atype == IPVL_IPV6) ? 93 ipvlan_get_v6_hash(&addr->ip6addr) : 94 ipvlan_get_v4_hash(&addr->ip4addr); 95 if (hlist_unhashed(&addr->hlnode)) 96 hlist_add_head_rcu(&addr->hlnode, &port->hlhead[hash]); 97 } 98 99 void ipvlan_ht_addr_del(struct ipvl_addr *addr) 100 { 101 hlist_del_init_rcu(&addr->hlnode); 102 } 103 104 struct ipvl_addr *ipvlan_find_addr(const struct ipvl_dev *ipvlan, 105 const void *iaddr, bool is_v6) 106 { 107 struct ipvl_addr *addr, *ret = NULL; 108 109 rcu_read_lock(); 110 list_for_each_entry_rcu(addr, &ipvlan->addrs, anode) { 111 if (addr_equal(is_v6, addr, iaddr)) { 112 ret = addr; 113 break; 114 } 115 } 116 rcu_read_unlock(); 117 return ret; 118 } 119 120 bool ipvlan_addr_busy(struct ipvl_port *port, void *iaddr, bool is_v6) 121 { 122 struct ipvl_dev *ipvlan; 123 bool ret = false; 124 125 rcu_read_lock(); 126 list_for_each_entry_rcu(ipvlan, &port->ipvlans, pnode) { 127 if (ipvlan_find_addr(ipvlan, iaddr, is_v6)) { 128 ret = true; 129 break; 130 } 131 } 132 rcu_read_unlock(); 133 return ret; 134 } 135 136 void *ipvlan_get_L3_hdr(struct ipvl_port *port, struct sk_buff *skb, int *type) 137 { 138 void *lyr3h = NULL; 139 140 switch (skb->protocol) { 141 case htons(ETH_P_ARP): { 142 struct arphdr *arph; 143 144 if (unlikely(!pskb_may_pull(skb, arp_hdr_len(port->dev)))) 145 return NULL; 146 147 arph = arp_hdr(skb); 148 *type = IPVL_ARP; 149 lyr3h = arph; 150 break; 151 } 152 case htons(ETH_P_IP): { 153 u32 pktlen; 154 struct iphdr *ip4h; 155 156 if (unlikely(!pskb_may_pull(skb, sizeof(*ip4h)))) 157 return NULL; 158 159 ip4h = ip_hdr(skb); 160 pktlen = ntohs(ip4h->tot_len); 161 if (ip4h->ihl < 5 || ip4h->version != 4) 162 return NULL; 163 if (skb->len < pktlen || pktlen < (ip4h->ihl * 4)) 164 return NULL; 165 166 *type = IPVL_IPV4; 167 lyr3h = ip4h; 168 break; 169 } 170 #if IS_ENABLED(CONFIG_IPV6) 171 case htons(ETH_P_IPV6): { 172 struct ipv6hdr *ip6h; 173 174 if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h)))) 175 return NULL; 176 177 ip6h = ipv6_hdr(skb); 178 if (ip6h->version != 6) 179 return NULL; 180 181 *type = IPVL_IPV6; 182 lyr3h = ip6h; 183 /* Only Neighbour Solicitation pkts need different treatment */ 184 if (ipv6_addr_any(&ip6h->saddr) && 185 ip6h->nexthdr == NEXTHDR_ICMP) { 186 struct icmp6hdr *icmph; 187 188 if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h) + sizeof(*icmph)))) 189 return NULL; 190 191 ip6h = ipv6_hdr(skb); 192 icmph = (struct icmp6hdr *)(ip6h + 1); 193 194 if (icmph->icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) { 195 /* Need to access the ipv6 address in body */ 196 if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h) + sizeof(*icmph) 197 + sizeof(struct in6_addr)))) 198 return NULL; 199 200 ip6h = ipv6_hdr(skb); 201 icmph = (struct icmp6hdr *)(ip6h + 1); 202 } 203 204 *type = IPVL_ICMPV6; 205 lyr3h = icmph; 206 } 207 break; 208 } 209 #endif 210 default: 211 return NULL; 212 } 213 214 return lyr3h; 215 } 216 217 unsigned int ipvlan_mac_hash(const unsigned char *addr) 218 { 219 u32 hash = jhash_1word(__get_unaligned_cpu32(addr+2), 220 ipvlan_jhash_secret); 221 222 return hash & IPVLAN_MAC_FILTER_MASK; 223 } 224 225 void ipvlan_process_multicast(struct work_struct *work) 226 { 227 struct ipvl_port *port = container_of(work, struct ipvl_port, wq); 228 struct ethhdr *ethh; 229 struct ipvl_dev *ipvlan; 230 struct sk_buff *skb, *nskb; 231 struct sk_buff_head list; 232 unsigned int len; 233 unsigned int mac_hash; 234 int ret; 235 u8 pkt_type; 236 bool tx_pkt; 237 238 __skb_queue_head_init(&list); 239 240 spin_lock_bh(&port->backlog.lock); 241 skb_queue_splice_tail_init(&port->backlog, &list); 242 spin_unlock_bh(&port->backlog.lock); 243 244 while ((skb = __skb_dequeue(&list)) != NULL) { 245 struct net_device *dev = skb->dev; 246 bool consumed = false; 247 248 ethh = eth_hdr(skb); 249 tx_pkt = IPVL_SKB_CB(skb)->tx_pkt; 250 mac_hash = ipvlan_mac_hash(ethh->h_dest); 251 252 if (ether_addr_equal(ethh->h_dest, port->dev->broadcast)) 253 pkt_type = PACKET_BROADCAST; 254 else 255 pkt_type = PACKET_MULTICAST; 256 257 rcu_read_lock(); 258 list_for_each_entry_rcu(ipvlan, &port->ipvlans, pnode) { 259 if (tx_pkt && (ipvlan->dev == skb->dev)) 260 continue; 261 if (!test_bit(mac_hash, ipvlan->mac_filters)) 262 continue; 263 if (!(ipvlan->dev->flags & IFF_UP)) 264 continue; 265 ret = NET_RX_DROP; 266 len = skb->len + ETH_HLEN; 267 nskb = skb_clone(skb, GFP_ATOMIC); 268 local_bh_disable(); 269 if (nskb) { 270 consumed = true; 271 nskb->pkt_type = pkt_type; 272 nskb->dev = ipvlan->dev; 273 if (tx_pkt) 274 ret = dev_forward_skb(ipvlan->dev, nskb); 275 else 276 ret = netif_rx(nskb); 277 } 278 ipvlan_count_rx(ipvlan, len, ret == NET_RX_SUCCESS, true); 279 local_bh_enable(); 280 } 281 rcu_read_unlock(); 282 283 if (tx_pkt) { 284 /* If the packet originated here, send it out. */ 285 skb->dev = port->dev; 286 skb->pkt_type = pkt_type; 287 dev_queue_xmit(skb); 288 } else { 289 if (consumed) 290 consume_skb(skb); 291 else 292 kfree_skb(skb); 293 } 294 if (dev) 295 dev_put(dev); 296 } 297 } 298 299 static void ipvlan_skb_crossing_ns(struct sk_buff *skb, struct net_device *dev) 300 { 301 bool xnet = true; 302 303 if (dev) 304 xnet = !net_eq(dev_net(skb->dev), dev_net(dev)); 305 306 skb_scrub_packet(skb, xnet); 307 if (dev) 308 skb->dev = dev; 309 } 310 311 static int ipvlan_rcv_frame(struct ipvl_addr *addr, struct sk_buff **pskb, 312 bool local) 313 { 314 struct ipvl_dev *ipvlan = addr->master; 315 struct net_device *dev = ipvlan->dev; 316 unsigned int len; 317 rx_handler_result_t ret = RX_HANDLER_CONSUMED; 318 bool success = false; 319 struct sk_buff *skb = *pskb; 320 321 len = skb->len + ETH_HLEN; 322 /* Only packets exchanged between two local slaves need to have 323 * device-up check as well as skb-share check. 324 */ 325 if (local) { 326 if (unlikely(!(dev->flags & IFF_UP))) { 327 kfree_skb(skb); 328 goto out; 329 } 330 331 skb = skb_share_check(skb, GFP_ATOMIC); 332 if (!skb) 333 goto out; 334 335 *pskb = skb; 336 } 337 338 if (local) { 339 skb->pkt_type = PACKET_HOST; 340 if (dev_forward_skb(ipvlan->dev, skb) == NET_RX_SUCCESS) 341 success = true; 342 } else { 343 skb->dev = dev; 344 ret = RX_HANDLER_ANOTHER; 345 success = true; 346 } 347 348 out: 349 ipvlan_count_rx(ipvlan, len, success, false); 350 return ret; 351 } 352 353 struct ipvl_addr *ipvlan_addr_lookup(struct ipvl_port *port, void *lyr3h, 354 int addr_type, bool use_dest) 355 { 356 struct ipvl_addr *addr = NULL; 357 358 switch (addr_type) { 359 #if IS_ENABLED(CONFIG_IPV6) 360 case IPVL_IPV6: { 361 struct ipv6hdr *ip6h; 362 struct in6_addr *i6addr; 363 364 ip6h = (struct ipv6hdr *)lyr3h; 365 i6addr = use_dest ? &ip6h->daddr : &ip6h->saddr; 366 addr = ipvlan_ht_addr_lookup(port, i6addr, true); 367 break; 368 } 369 case IPVL_ICMPV6: { 370 struct nd_msg *ndmh; 371 struct in6_addr *i6addr; 372 373 /* Make sure that the NeighborSolicitation ICMPv6 packets 374 * are handled to avoid DAD issue. 375 */ 376 ndmh = (struct nd_msg *)lyr3h; 377 if (ndmh->icmph.icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) { 378 i6addr = &ndmh->target; 379 addr = ipvlan_ht_addr_lookup(port, i6addr, true); 380 } 381 break; 382 } 383 #endif 384 case IPVL_IPV4: { 385 struct iphdr *ip4h; 386 __be32 *i4addr; 387 388 ip4h = (struct iphdr *)lyr3h; 389 i4addr = use_dest ? &ip4h->daddr : &ip4h->saddr; 390 addr = ipvlan_ht_addr_lookup(port, i4addr, false); 391 break; 392 } 393 case IPVL_ARP: { 394 struct arphdr *arph; 395 unsigned char *arp_ptr; 396 __be32 dip; 397 398 arph = (struct arphdr *)lyr3h; 399 arp_ptr = (unsigned char *)(arph + 1); 400 if (use_dest) 401 arp_ptr += (2 * port->dev->addr_len) + 4; 402 else 403 arp_ptr += port->dev->addr_len; 404 405 memcpy(&dip, arp_ptr, 4); 406 addr = ipvlan_ht_addr_lookup(port, &dip, false); 407 break; 408 } 409 } 410 411 return addr; 412 } 413 414 static int ipvlan_process_v4_outbound(struct sk_buff *skb) 415 { 416 const struct iphdr *ip4h = ip_hdr(skb); 417 struct net_device *dev = skb->dev; 418 struct net *net = dev_net(dev); 419 struct rtable *rt; 420 int err, ret = NET_XMIT_DROP; 421 struct flowi4 fl4 = { 422 .flowi4_oif = dev->ifindex, 423 .flowi4_tos = RT_TOS(ip4h->tos), 424 .flowi4_flags = FLOWI_FLAG_ANYSRC, 425 .flowi4_mark = skb->mark, 426 .daddr = ip4h->daddr, 427 .saddr = ip4h->saddr, 428 }; 429 430 rt = ip_route_output_flow(net, &fl4, NULL); 431 if (IS_ERR(rt)) 432 goto err; 433 434 if (rt->rt_type != RTN_UNICAST && rt->rt_type != RTN_LOCAL) { 435 ip_rt_put(rt); 436 goto err; 437 } 438 skb_dst_set(skb, &rt->dst); 439 err = ip_local_out(net, skb->sk, skb); 440 if (unlikely(net_xmit_eval(err))) 441 dev->stats.tx_errors++; 442 else 443 ret = NET_XMIT_SUCCESS; 444 goto out; 445 err: 446 dev->stats.tx_errors++; 447 kfree_skb(skb); 448 out: 449 return ret; 450 } 451 452 #if IS_ENABLED(CONFIG_IPV6) 453 static int ipvlan_process_v6_outbound(struct sk_buff *skb) 454 { 455 const struct ipv6hdr *ip6h = ipv6_hdr(skb); 456 struct net_device *dev = skb->dev; 457 struct net *net = dev_net(dev); 458 struct dst_entry *dst; 459 int err, ret = NET_XMIT_DROP; 460 struct flowi6 fl6 = { 461 .flowi6_oif = dev->ifindex, 462 .daddr = ip6h->daddr, 463 .saddr = ip6h->saddr, 464 .flowi6_flags = FLOWI_FLAG_ANYSRC, 465 .flowlabel = ip6_flowinfo(ip6h), 466 .flowi6_mark = skb->mark, 467 .flowi6_proto = ip6h->nexthdr, 468 }; 469 470 dst = ip6_route_output(net, NULL, &fl6); 471 if (dst->error) { 472 ret = dst->error; 473 dst_release(dst); 474 goto err; 475 } 476 skb_dst_set(skb, dst); 477 err = ip6_local_out(net, skb->sk, skb); 478 if (unlikely(net_xmit_eval(err))) 479 dev->stats.tx_errors++; 480 else 481 ret = NET_XMIT_SUCCESS; 482 goto out; 483 err: 484 dev->stats.tx_errors++; 485 kfree_skb(skb); 486 out: 487 return ret; 488 } 489 #else 490 static int ipvlan_process_v6_outbound(struct sk_buff *skb) 491 { 492 return NET_XMIT_DROP; 493 } 494 #endif 495 496 static int ipvlan_process_outbound(struct sk_buff *skb) 497 { 498 struct ethhdr *ethh = eth_hdr(skb); 499 int ret = NET_XMIT_DROP; 500 501 /* In this mode we dont care about multicast and broadcast traffic */ 502 if (is_multicast_ether_addr(ethh->h_dest)) { 503 pr_debug_ratelimited("Dropped {multi|broad}cast of type=[%x]\n", 504 ntohs(skb->protocol)); 505 kfree_skb(skb); 506 goto out; 507 } 508 509 /* The ipvlan is a pseudo-L2 device, so the packets that we receive 510 * will have L2; which need to discarded and processed further 511 * in the net-ns of the main-device. 512 */ 513 if (skb_mac_header_was_set(skb)) { 514 skb_pull(skb, sizeof(*ethh)); 515 skb->mac_header = (typeof(skb->mac_header))~0U; 516 skb_reset_network_header(skb); 517 } 518 519 if (skb->protocol == htons(ETH_P_IPV6)) 520 ret = ipvlan_process_v6_outbound(skb); 521 else if (skb->protocol == htons(ETH_P_IP)) 522 ret = ipvlan_process_v4_outbound(skb); 523 else { 524 pr_warn_ratelimited("Dropped outbound packet type=%x\n", 525 ntohs(skb->protocol)); 526 kfree_skb(skb); 527 } 528 out: 529 return ret; 530 } 531 532 static void ipvlan_multicast_enqueue(struct ipvl_port *port, 533 struct sk_buff *skb, bool tx_pkt) 534 { 535 if (skb->protocol == htons(ETH_P_PAUSE)) { 536 kfree_skb(skb); 537 return; 538 } 539 540 /* Record that the deferred packet is from TX or RX path. By 541 * looking at mac-addresses on packet will lead to erronus decisions. 542 * (This would be true for a loopback-mode on master device or a 543 * hair-pin mode of the switch.) 544 */ 545 IPVL_SKB_CB(skb)->tx_pkt = tx_pkt; 546 547 spin_lock(&port->backlog.lock); 548 if (skb_queue_len(&port->backlog) < IPVLAN_QBACKLOG_LIMIT) { 549 if (skb->dev) 550 dev_hold(skb->dev); 551 __skb_queue_tail(&port->backlog, skb); 552 spin_unlock(&port->backlog.lock); 553 schedule_work(&port->wq); 554 } else { 555 spin_unlock(&port->backlog.lock); 556 atomic_long_inc(&skb->dev->rx_dropped); 557 kfree_skb(skb); 558 } 559 } 560 561 static int ipvlan_xmit_mode_l3(struct sk_buff *skb, struct net_device *dev) 562 { 563 const struct ipvl_dev *ipvlan = netdev_priv(dev); 564 void *lyr3h; 565 struct ipvl_addr *addr; 566 int addr_type; 567 568 lyr3h = ipvlan_get_L3_hdr(ipvlan->port, skb, &addr_type); 569 if (!lyr3h) 570 goto out; 571 572 if (!ipvlan_is_vepa(ipvlan->port)) { 573 addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true); 574 if (addr) { 575 if (ipvlan_is_private(ipvlan->port)) { 576 consume_skb(skb); 577 return NET_XMIT_DROP; 578 } 579 return ipvlan_rcv_frame(addr, &skb, true); 580 } 581 } 582 out: 583 ipvlan_skb_crossing_ns(skb, ipvlan->phy_dev); 584 return ipvlan_process_outbound(skb); 585 } 586 587 static int ipvlan_xmit_mode_l2(struct sk_buff *skb, struct net_device *dev) 588 { 589 const struct ipvl_dev *ipvlan = netdev_priv(dev); 590 struct ethhdr *eth = eth_hdr(skb); 591 struct ipvl_addr *addr; 592 void *lyr3h; 593 int addr_type; 594 595 if (!ipvlan_is_vepa(ipvlan->port) && 596 ether_addr_equal(eth->h_dest, eth->h_source)) { 597 lyr3h = ipvlan_get_L3_hdr(ipvlan->port, skb, &addr_type); 598 if (lyr3h) { 599 addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true); 600 if (addr) { 601 if (ipvlan_is_private(ipvlan->port)) { 602 consume_skb(skb); 603 return NET_XMIT_DROP; 604 } 605 return ipvlan_rcv_frame(addr, &skb, true); 606 } 607 } 608 skb = skb_share_check(skb, GFP_ATOMIC); 609 if (!skb) 610 return NET_XMIT_DROP; 611 612 /* Packet definitely does not belong to any of the 613 * virtual devices, but the dest is local. So forward 614 * the skb for the main-dev. At the RX side we just return 615 * RX_PASS for it to be processed further on the stack. 616 */ 617 return dev_forward_skb(ipvlan->phy_dev, skb); 618 619 } else if (is_multicast_ether_addr(eth->h_dest)) { 620 ipvlan_skb_crossing_ns(skb, NULL); 621 ipvlan_multicast_enqueue(ipvlan->port, skb, true); 622 return NET_XMIT_SUCCESS; 623 } 624 625 skb->dev = ipvlan->phy_dev; 626 return dev_queue_xmit(skb); 627 } 628 629 int ipvlan_queue_xmit(struct sk_buff *skb, struct net_device *dev) 630 { 631 struct ipvl_dev *ipvlan = netdev_priv(dev); 632 struct ipvl_port *port = ipvlan_port_get_rcu_bh(ipvlan->phy_dev); 633 634 if (!port) 635 goto out; 636 637 if (unlikely(!pskb_may_pull(skb, sizeof(struct ethhdr)))) 638 goto out; 639 640 switch(port->mode) { 641 case IPVLAN_MODE_L2: 642 return ipvlan_xmit_mode_l2(skb, dev); 643 case IPVLAN_MODE_L3: 644 #ifdef CONFIG_IPVLAN_L3S 645 case IPVLAN_MODE_L3S: 646 #endif 647 return ipvlan_xmit_mode_l3(skb, dev); 648 } 649 650 /* Should not reach here */ 651 WARN_ONCE(true, "ipvlan_queue_xmit() called for mode = [%hx]\n", 652 port->mode); 653 out: 654 kfree_skb(skb); 655 return NET_XMIT_DROP; 656 } 657 658 static bool ipvlan_external_frame(struct sk_buff *skb, struct ipvl_port *port) 659 { 660 struct ethhdr *eth = eth_hdr(skb); 661 struct ipvl_addr *addr; 662 void *lyr3h; 663 int addr_type; 664 665 if (ether_addr_equal(eth->h_source, skb->dev->dev_addr)) { 666 lyr3h = ipvlan_get_L3_hdr(port, skb, &addr_type); 667 if (!lyr3h) 668 return true; 669 670 addr = ipvlan_addr_lookup(port, lyr3h, addr_type, false); 671 if (addr) 672 return false; 673 } 674 675 return true; 676 } 677 678 static rx_handler_result_t ipvlan_handle_mode_l3(struct sk_buff **pskb, 679 struct ipvl_port *port) 680 { 681 void *lyr3h; 682 int addr_type; 683 struct ipvl_addr *addr; 684 struct sk_buff *skb = *pskb; 685 rx_handler_result_t ret = RX_HANDLER_PASS; 686 687 lyr3h = ipvlan_get_L3_hdr(port, skb, &addr_type); 688 if (!lyr3h) 689 goto out; 690 691 addr = ipvlan_addr_lookup(port, lyr3h, addr_type, true); 692 if (addr) 693 ret = ipvlan_rcv_frame(addr, pskb, false); 694 695 out: 696 return ret; 697 } 698 699 static rx_handler_result_t ipvlan_handle_mode_l2(struct sk_buff **pskb, 700 struct ipvl_port *port) 701 { 702 struct sk_buff *skb = *pskb; 703 struct ethhdr *eth = eth_hdr(skb); 704 rx_handler_result_t ret = RX_HANDLER_PASS; 705 706 if (is_multicast_ether_addr(eth->h_dest)) { 707 if (ipvlan_external_frame(skb, port)) { 708 struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC); 709 710 /* External frames are queued for device local 711 * distribution, but a copy is given to master 712 * straight away to avoid sending duplicates later 713 * when work-queue processes this frame. This is 714 * achieved by returning RX_HANDLER_PASS. 715 */ 716 if (nskb) { 717 ipvlan_skb_crossing_ns(nskb, NULL); 718 ipvlan_multicast_enqueue(port, nskb, false); 719 } 720 } 721 } else { 722 /* Perform like l3 mode for non-multicast packet */ 723 ret = ipvlan_handle_mode_l3(pskb, port); 724 } 725 726 return ret; 727 } 728 729 rx_handler_result_t ipvlan_handle_frame(struct sk_buff **pskb) 730 { 731 struct sk_buff *skb = *pskb; 732 struct ipvl_port *port = ipvlan_port_get_rcu(skb->dev); 733 734 if (!port) 735 return RX_HANDLER_PASS; 736 737 switch (port->mode) { 738 case IPVLAN_MODE_L2: 739 return ipvlan_handle_mode_l2(pskb, port); 740 case IPVLAN_MODE_L3: 741 return ipvlan_handle_mode_l3(pskb, port); 742 #ifdef CONFIG_IPVLAN_L3S 743 case IPVLAN_MODE_L3S: 744 return RX_HANDLER_PASS; 745 #endif 746 } 747 748 /* Should not reach here */ 749 WARN_ONCE(true, "ipvlan_handle_frame() called for mode = [%hx]\n", 750 port->mode); 751 kfree_skb(skb); 752 return RX_HANDLER_CONSUMED; 753 } 754