xref: /linux/net/core/lwtunnel.c (revision bf80eef2212a1e8451df13b52533f4bc31bb4f8e) 
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * lwtunnel	Infrastructure for light weight tunnels like mpls
4  *
5  * Authors:	Roopa Prabhu, <roopa@cumulusnetworks.com>
6  */
7 
8 #include <linux/capability.h>
9 #include <linux/module.h>
10 #include <linux/types.h>
11 #include <linux/kernel.h>
12 #include <linux/slab.h>
13 #include <linux/uaccess.h>
14 #include <linux/skbuff.h>
15 #include <linux/netdevice.h>
16 #include <linux/lwtunnel.h>
17 #include <linux/in.h>
18 #include <linux/init.h>
19 #include <linux/err.h>
20 
21 #include <net/lwtunnel.h>
22 #include <net/rtnetlink.h>
23 #include <net/ip6_fib.h>
24 #include <net/rtnh.h>
25 
26 DEFINE_STATIC_KEY_FALSE(nf_hooks_lwtunnel_enabled);
27 EXPORT_SYMBOL_GPL(nf_hooks_lwtunnel_enabled);
28 
29 #ifdef CONFIG_MODULES
30 
31 static const char *lwtunnel_encap_str(enum lwtunnel_encap_types encap_type)
32 {
33 	/* Only lwt encaps implemented without using an interface for
34 	 * the encap need to return a string here.
35 	 */
36 	switch (encap_type) {
37 	case LWTUNNEL_ENCAP_MPLS:
38 		return "MPLS";
39 	case LWTUNNEL_ENCAP_ILA:
40 		return "ILA";
41 	case LWTUNNEL_ENCAP_SEG6:
42 		return "SEG6";
43 	case LWTUNNEL_ENCAP_BPF:
44 		return "BPF";
45 	case LWTUNNEL_ENCAP_SEG6_LOCAL:
46 		return "SEG6LOCAL";
47 	case LWTUNNEL_ENCAP_RPL:
48 		return "RPL";
49 	case LWTUNNEL_ENCAP_IOAM6:
50 		return "IOAM6";
51 	case LWTUNNEL_ENCAP_IP6:
52 	case LWTUNNEL_ENCAP_IP:
53 	case LWTUNNEL_ENCAP_XFRM:
54 	case LWTUNNEL_ENCAP_NONE:
55 	case __LWTUNNEL_ENCAP_MAX:
56 		/* should not have got here */
57 		WARN_ON(1);
58 		break;
59 	}
60 	return NULL;
61 }
62 
63 #endif /* CONFIG_MODULES */
64 
65 struct lwtunnel_state *lwtunnel_state_alloc(int encap_len)
66 {
67 	struct lwtunnel_state *lws;
68 
69 	lws = kzalloc(sizeof(*lws) + encap_len, GFP_ATOMIC);
70 
71 	return lws;
72 }
73 EXPORT_SYMBOL_GPL(lwtunnel_state_alloc);
74 
75 static const struct lwtunnel_encap_ops __rcu *
76 		lwtun_encaps[LWTUNNEL_ENCAP_MAX + 1] __read_mostly;
77 
78 int lwtunnel_encap_add_ops(const struct lwtunnel_encap_ops *ops,
79 			   unsigned int num)
80 {
81 	if (num > LWTUNNEL_ENCAP_MAX)
82 		return -ERANGE;
83 
84 	return !cmpxchg((const struct lwtunnel_encap_ops **)
85 			&lwtun_encaps[num],
86 			NULL, ops) ? 0 : -1;
87 }
88 EXPORT_SYMBOL_GPL(lwtunnel_encap_add_ops);
89 
90 int lwtunnel_encap_del_ops(const struct lwtunnel_encap_ops *ops,
91 			   unsigned int encap_type)
92 {
93 	int ret;
94 
95 	if (encap_type == LWTUNNEL_ENCAP_NONE ||
96 	    encap_type > LWTUNNEL_ENCAP_MAX)
97 		return -ERANGE;
98 
99 	ret = (cmpxchg((const struct lwtunnel_encap_ops **)
100 		       &lwtun_encaps[encap_type],
101 		       ops, NULL) == ops) ? 0 : -1;
102 
103 	synchronize_net();
104 
105 	return ret;
106 }
107 EXPORT_SYMBOL_GPL(lwtunnel_encap_del_ops);
108 
109 int lwtunnel_build_state(struct net *net, u16 encap_type,
110 			 struct nlattr *encap, unsigned int family,
111 			 const void *cfg, struct lwtunnel_state **lws,
112 			 struct netlink_ext_ack *extack)
113 {
114 	const struct lwtunnel_encap_ops *ops;
115 	bool found = false;
116 	int ret = -EINVAL;
117 
118 	if (encap_type == LWTUNNEL_ENCAP_NONE ||
119 	    encap_type > LWTUNNEL_ENCAP_MAX) {
120 		NL_SET_ERR_MSG_ATTR(extack, encap,
121 				    "Unknown LWT encapsulation type");
122 		return ret;
123 	}
124 
125 	ret = -EOPNOTSUPP;
126 	rcu_read_lock();
127 	ops = rcu_dereference(lwtun_encaps[encap_type]);
128 	if (likely(ops && ops->build_state && try_module_get(ops->owner)))
129 		found = true;
130 	rcu_read_unlock();
131 
132 	if (found) {
133 		ret = ops->build_state(net, encap, family, cfg, lws, extack);
134 		if (ret)
135 			module_put(ops->owner);
136 	} else {
137 		/* don't rely on -EOPNOTSUPP to detect match as build_state
138 		 * handlers could return it
139 		 */
140 		NL_SET_ERR_MSG_ATTR(extack, encap,
141 				    "LWT encapsulation type not supported");
142 	}
143 
144 	return ret;
145 }
146 EXPORT_SYMBOL_GPL(lwtunnel_build_state);
147 
148 int lwtunnel_valid_encap_type(u16 encap_type, struct netlink_ext_ack *extack)
149 {
150 	const struct lwtunnel_encap_ops *ops;
151 	int ret = -EINVAL;
152 
153 	if (encap_type == LWTUNNEL_ENCAP_NONE ||
154 	    encap_type > LWTUNNEL_ENCAP_MAX) {
155 		NL_SET_ERR_MSG(extack, "Unknown lwt encapsulation type");
156 		return ret;
157 	}
158 
159 	rcu_read_lock();
160 	ops = rcu_dereference(lwtun_encaps[encap_type]);
161 	rcu_read_unlock();
162 #ifdef CONFIG_MODULES
163 	if (!ops) {
164 		const char *encap_type_str = lwtunnel_encap_str(encap_type);
165 
166 		if (encap_type_str) {
167 			__rtnl_unlock();
168 			request_module("rtnl-lwt-%s", encap_type_str);
169 			rtnl_lock();
170 
171 			rcu_read_lock();
172 			ops = rcu_dereference(lwtun_encaps[encap_type]);
173 			rcu_read_unlock();
174 		}
175 	}
176 #endif
177 	ret = ops ? 0 : -EOPNOTSUPP;
178 	if (ret < 0)
179 		NL_SET_ERR_MSG(extack, "lwt encapsulation type not supported");
180 
181 	return ret;
182 }
183 EXPORT_SYMBOL_GPL(lwtunnel_valid_encap_type);
184 
185 int lwtunnel_valid_encap_type_attr(struct nlattr *attr, int remaining,
186 				   struct netlink_ext_ack *extack)
187 {
188 	struct rtnexthop *rtnh = (struct rtnexthop *)attr;
189 	struct nlattr *nla_entype;
190 	struct nlattr *attrs;
191 	u16 encap_type;
192 	int attrlen;
193 
194 	while (rtnh_ok(rtnh, remaining)) {
195 		attrlen = rtnh_attrlen(rtnh);
196 		if (attrlen > 0) {
197 			attrs = rtnh_attrs(rtnh);
198 			nla_entype = nla_find(attrs, attrlen, RTA_ENCAP_TYPE);
199 
200 			if (nla_entype) {
201 				if (nla_len(nla_entype) < sizeof(u16)) {
202 					NL_SET_ERR_MSG(extack, "Invalid RTA_ENCAP_TYPE");
203 					return -EINVAL;
204 				}
205 				encap_type = nla_get_u16(nla_entype);
206 
207 				if (lwtunnel_valid_encap_type(encap_type,
208 							      extack) != 0)
209 					return -EOPNOTSUPP;
210 			}
211 		}
212 		rtnh = rtnh_next(rtnh, &remaining);
213 	}
214 
215 	return 0;
216 }
217 EXPORT_SYMBOL_GPL(lwtunnel_valid_encap_type_attr);
218 
219 void lwtstate_free(struct lwtunnel_state *lws)
220 {
221 	const struct lwtunnel_encap_ops *ops = lwtun_encaps[lws->type];
222 
223 	if (ops->destroy_state) {
224 		ops->destroy_state(lws);
225 		kfree_rcu(lws, rcu);
226 	} else {
227 		kfree(lws);
228 	}
229 	module_put(ops->owner);
230 }
231 EXPORT_SYMBOL_GPL(lwtstate_free);
232 
233 int lwtunnel_fill_encap(struct sk_buff *skb, struct lwtunnel_state *lwtstate,
234 			int encap_attr, int encap_type_attr)
235 {
236 	const struct lwtunnel_encap_ops *ops;
237 	struct nlattr *nest;
238 	int ret;
239 
240 	if (!lwtstate)
241 		return 0;
242 
243 	if (lwtstate->type == LWTUNNEL_ENCAP_NONE ||
244 	    lwtstate->type > LWTUNNEL_ENCAP_MAX)
245 		return 0;
246 
247 	nest = nla_nest_start_noflag(skb, encap_attr);
248 	if (!nest)
249 		return -EMSGSIZE;
250 
251 	ret = -EOPNOTSUPP;
252 	rcu_read_lock();
253 	ops = rcu_dereference(lwtun_encaps[lwtstate->type]);
254 	if (likely(ops && ops->fill_encap))
255 		ret = ops->fill_encap(skb, lwtstate);
256 	rcu_read_unlock();
257 
258 	if (ret)
259 		goto nla_put_failure;
260 	nla_nest_end(skb, nest);
261 	ret = nla_put_u16(skb, encap_type_attr, lwtstate->type);
262 	if (ret)
263 		goto nla_put_failure;
264 
265 	return 0;
266 
267 nla_put_failure:
268 	nla_nest_cancel(skb, nest);
269 
270 	return (ret == -EOPNOTSUPP ? 0 : ret);
271 }
272 EXPORT_SYMBOL_GPL(lwtunnel_fill_encap);
273 
274 int lwtunnel_get_encap_size(struct lwtunnel_state *lwtstate)
275 {
276 	const struct lwtunnel_encap_ops *ops;
277 	int ret = 0;
278 
279 	if (!lwtstate)
280 		return 0;
281 
282 	if (lwtstate->type == LWTUNNEL_ENCAP_NONE ||
283 	    lwtstate->type > LWTUNNEL_ENCAP_MAX)
284 		return 0;
285 
286 	rcu_read_lock();
287 	ops = rcu_dereference(lwtun_encaps[lwtstate->type]);
288 	if (likely(ops && ops->get_encap_size))
289 		ret = nla_total_size(ops->get_encap_size(lwtstate));
290 	rcu_read_unlock();
291 
292 	return ret;
293 }
294 EXPORT_SYMBOL_GPL(lwtunnel_get_encap_size);
295 
296 int lwtunnel_cmp_encap(struct lwtunnel_state *a, struct lwtunnel_state *b)
297 {
298 	const struct lwtunnel_encap_ops *ops;
299 	int ret = 0;
300 
301 	if (!a && !b)
302 		return 0;
303 
304 	if (!a || !b)
305 		return 1;
306 
307 	if (a->type != b->type)
308 		return 1;
309 
310 	if (a->type == LWTUNNEL_ENCAP_NONE ||
311 	    a->type > LWTUNNEL_ENCAP_MAX)
312 		return 0;
313 
314 	rcu_read_lock();
315 	ops = rcu_dereference(lwtun_encaps[a->type]);
316 	if (likely(ops && ops->cmp_encap))
317 		ret = ops->cmp_encap(a, b);
318 	rcu_read_unlock();
319 
320 	return ret;
321 }
322 EXPORT_SYMBOL_GPL(lwtunnel_cmp_encap);
323 
324 int lwtunnel_output(struct net *net, struct sock *sk, struct sk_buff *skb)
325 {
326 	struct dst_entry *dst = skb_dst(skb);
327 	const struct lwtunnel_encap_ops *ops;
328 	struct lwtunnel_state *lwtstate;
329 	int ret = -EINVAL;
330 
331 	if (!dst)
332 		goto drop;
333 	lwtstate = dst->lwtstate;
334 
335 	if (lwtstate->type == LWTUNNEL_ENCAP_NONE ||
336 	    lwtstate->type > LWTUNNEL_ENCAP_MAX)
337 		return 0;
338 
339 	ret = -EOPNOTSUPP;
340 	rcu_read_lock();
341 	ops = rcu_dereference(lwtun_encaps[lwtstate->type]);
342 	if (likely(ops && ops->output))
343 		ret = ops->output(net, sk, skb);
344 	rcu_read_unlock();
345 
346 	if (ret == -EOPNOTSUPP)
347 		goto drop;
348 
349 	return ret;
350 
351 drop:
352 	kfree_skb(skb);
353 
354 	return ret;
355 }
356 EXPORT_SYMBOL_GPL(lwtunnel_output);
357 
358 int lwtunnel_xmit(struct sk_buff *skb)
359 {
360 	struct dst_entry *dst = skb_dst(skb);
361 	const struct lwtunnel_encap_ops *ops;
362 	struct lwtunnel_state *lwtstate;
363 	int ret = -EINVAL;
364 
365 	if (!dst)
366 		goto drop;
367 
368 	lwtstate = dst->lwtstate;
369 
370 	if (lwtstate->type == LWTUNNEL_ENCAP_NONE ||
371 	    lwtstate->type > LWTUNNEL_ENCAP_MAX)
372 		return 0;
373 
374 	ret = -EOPNOTSUPP;
375 	rcu_read_lock();
376 	ops = rcu_dereference(lwtun_encaps[lwtstate->type]);
377 	if (likely(ops && ops->xmit))
378 		ret = ops->xmit(skb);
379 	rcu_read_unlock();
380 
381 	if (ret == -EOPNOTSUPP)
382 		goto drop;
383 
384 	return ret;
385 
386 drop:
387 	kfree_skb(skb);
388 
389 	return ret;
390 }
391 EXPORT_SYMBOL_GPL(lwtunnel_xmit);
392 
393 int lwtunnel_input(struct sk_buff *skb)
394 {
395 	struct dst_entry *dst = skb_dst(skb);
396 	const struct lwtunnel_encap_ops *ops;
397 	struct lwtunnel_state *lwtstate;
398 	int ret = -EINVAL;
399 
400 	if (!dst)
401 		goto drop;
402 	lwtstate = dst->lwtstate;
403 
404 	if (lwtstate->type == LWTUNNEL_ENCAP_NONE ||
405 	    lwtstate->type > LWTUNNEL_ENCAP_MAX)
406 		return 0;
407 
408 	ret = -EOPNOTSUPP;
409 	rcu_read_lock();
410 	ops = rcu_dereference(lwtun_encaps[lwtstate->type]);
411 	if (likely(ops && ops->input))
412 		ret = ops->input(skb);
413 	rcu_read_unlock();
414 
415 	if (ret == -EOPNOTSUPP)
416 		goto drop;
417 
418 	return ret;
419 
420 drop:
421 	kfree_skb(skb);
422 
423 	return ret;
424 }
425 EXPORT_SYMBOL_GPL(lwtunnel_input);
426