xref: /linux/net/ipv4/xfrm4_policy.c (revision a885a6b2d37eaaae08323583bdb1928c8a2935fc) 
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * xfrm4_policy.c
4  *
5  * Changes:
6  *	Kazunori MIYAZAWA @USAGI
7  * 	YOSHIFUJI Hideaki @USAGI
8  *		Split up af-specific portion
9  *
10  */
11 
12 #include <linux/err.h>
13 #include <linux/kernel.h>
14 #include <linux/inetdevice.h>
15 #include <net/dst.h>
16 #include <net/xfrm.h>
17 #include <net/ip.h>
18 #include <net/l3mdev.h>
19 
20 static struct dst_entry *__xfrm4_dst_lookup(struct flowi4 *fl4,
21 					    const struct xfrm_dst_lookup_params *params)
22 {
23 	struct rtable *rt;
24 
25 	memset(fl4, 0, sizeof(*fl4));
26 	fl4->daddr = params->daddr->a4;
27 	fl4->flowi4_tos = params->tos;
28 	fl4->flowi4_l3mdev = l3mdev_master_ifindex_by_index(params->net,
29 							    params->oif);
30 	fl4->flowi4_mark = params->mark;
31 	if (params->saddr)
32 		fl4->saddr = params->saddr->a4;
33 	fl4->flowi4_proto = params->ipproto;
34 	fl4->uli = params->uli;
35 
36 	rt = __ip_route_output_key(params->net, fl4);
37 	if (!IS_ERR(rt))
38 		return &rt->dst;
39 
40 	return ERR_CAST(rt);
41 }
42 
43 static struct dst_entry *xfrm4_dst_lookup(const struct xfrm_dst_lookup_params *params)
44 {
45 	struct flowi4 fl4;
46 
47 	return __xfrm4_dst_lookup(&fl4, params);
48 }
49 
50 static int xfrm4_get_saddr(xfrm_address_t *saddr,
51 			   const struct xfrm_dst_lookup_params *params)
52 {
53 	struct dst_entry *dst;
54 	struct flowi4 fl4;
55 
56 	dst = __xfrm4_dst_lookup(&fl4, params);
57 	if (IS_ERR(dst))
58 		return -EHOSTUNREACH;
59 
60 	saddr->a4 = fl4.saddr;
61 	dst_release(dst);
62 	return 0;
63 }
64 
65 static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
66 			  const struct flowi *fl)
67 {
68 	struct rtable *rt = dst_rtable(xdst->route);
69 	const struct flowi4 *fl4 = &fl->u.ip4;
70 
71 	xdst->u.rt.rt_iif = fl4->flowi4_iif;
72 
73 	xdst->u.dst.dev = dev;
74 	netdev_hold(dev, &xdst->u.dst.dev_tracker, GFP_ATOMIC);
75 
76 	/* Sheit... I remember I did this right. Apparently,
77 	 * it was magically lost, so this code needs audit */
78 	xdst->u.rt.rt_is_input = rt->rt_is_input;
79 	xdst->u.rt.rt_flags = rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST |
80 					      RTCF_LOCAL);
81 	xdst->u.rt.rt_type = rt->rt_type;
82 	xdst->u.rt.rt_uses_gateway = rt->rt_uses_gateway;
83 	xdst->u.rt.rt_gw_family = rt->rt_gw_family;
84 	if (rt->rt_gw_family == AF_INET)
85 		xdst->u.rt.rt_gw4 = rt->rt_gw4;
86 	else if (rt->rt_gw_family == AF_INET6)
87 		xdst->u.rt.rt_gw6 = rt->rt_gw6;
88 	xdst->u.rt.rt_pmtu = rt->rt_pmtu;
89 	xdst->u.rt.rt_mtu_locked = rt->rt_mtu_locked;
90 	rt_add_uncached_list(&xdst->u.rt);
91 
92 	return 0;
93 }
94 
95 static void xfrm4_update_pmtu(struct dst_entry *dst, struct sock *sk,
96 			      struct sk_buff *skb, u32 mtu,
97 			      bool confirm_neigh)
98 {
99 	struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
100 	struct dst_entry *path = xdst->route;
101 
102 	path->ops->update_pmtu(path, sk, skb, mtu, confirm_neigh);
103 }
104 
105 static void xfrm4_redirect(struct dst_entry *dst, struct sock *sk,
106 			   struct sk_buff *skb)
107 {
108 	struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
109 	struct dst_entry *path = xdst->route;
110 
111 	path->ops->redirect(path, sk, skb);
112 }
113 
114 static void xfrm4_dst_destroy(struct dst_entry *dst)
115 {
116 	struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
117 
118 	dst_destroy_metrics_generic(dst);
119 	rt_del_uncached_list(&xdst->u.rt);
120 	xfrm_dst_destroy(xdst);
121 }
122 
123 static struct dst_ops xfrm4_dst_ops_template = {
124 	.family =		AF_INET,
125 	.update_pmtu =		xfrm4_update_pmtu,
126 	.redirect =		xfrm4_redirect,
127 	.cow_metrics =		dst_cow_metrics_generic,
128 	.destroy =		xfrm4_dst_destroy,
129 	.ifdown =		xfrm_dst_ifdown,
130 	.local_out =		__ip_local_out,
131 	.gc_thresh =		32768,
132 };
133 
134 static const struct xfrm_policy_afinfo xfrm4_policy_afinfo = {
135 	.dst_ops =		&xfrm4_dst_ops_template,
136 	.dst_lookup =		xfrm4_dst_lookup,
137 	.get_saddr =		xfrm4_get_saddr,
138 	.fill_dst =		xfrm4_fill_dst,
139 	.blackhole_route =	ipv4_blackhole_route,
140 };
141 
142 #ifdef CONFIG_SYSCTL
143 static struct ctl_table xfrm4_policy_table[] = {
144 	{
145 		.procname       = "xfrm4_gc_thresh",
146 		.data           = &init_net.xfrm.xfrm4_dst_ops.gc_thresh,
147 		.maxlen         = sizeof(int),
148 		.mode           = 0644,
149 		.proc_handler   = proc_dointvec,
150 	},
151 };
152 
153 static __net_init int xfrm4_net_sysctl_init(struct net *net)
154 {
155 	struct ctl_table *table;
156 	struct ctl_table_header *hdr;
157 
158 	table = xfrm4_policy_table;
159 	if (!net_eq(net, &init_net)) {
160 		table = kmemdup(table, sizeof(xfrm4_policy_table), GFP_KERNEL);
161 		if (!table)
162 			goto err_alloc;
163 
164 		table[0].data = &net->xfrm.xfrm4_dst_ops.gc_thresh;
165 	}
166 
167 	hdr = register_net_sysctl_sz(net, "net/ipv4", table,
168 				     ARRAY_SIZE(xfrm4_policy_table));
169 	if (!hdr)
170 		goto err_reg;
171 
172 	net->ipv4.xfrm4_hdr = hdr;
173 	return 0;
174 
175 err_reg:
176 	if (!net_eq(net, &init_net))
177 		kfree(table);
178 err_alloc:
179 	return -ENOMEM;
180 }
181 
182 static __net_exit void xfrm4_net_sysctl_exit(struct net *net)
183 {
184 	const struct ctl_table *table;
185 
186 	if (!net->ipv4.xfrm4_hdr)
187 		return;
188 
189 	table = net->ipv4.xfrm4_hdr->ctl_table_arg;
190 	unregister_net_sysctl_table(net->ipv4.xfrm4_hdr);
191 	if (!net_eq(net, &init_net))
192 		kfree(table);
193 }
194 #else /* CONFIG_SYSCTL */
195 static inline int xfrm4_net_sysctl_init(struct net *net)
196 {
197 	return 0;
198 }
199 
200 static inline void xfrm4_net_sysctl_exit(struct net *net)
201 {
202 }
203 #endif
204 
205 static int __net_init xfrm4_net_init(struct net *net)
206 {
207 	int ret;
208 
209 	memcpy(&net->xfrm.xfrm4_dst_ops, &xfrm4_dst_ops_template,
210 	       sizeof(xfrm4_dst_ops_template));
211 	ret = dst_entries_init(&net->xfrm.xfrm4_dst_ops);
212 	if (ret)
213 		return ret;
214 
215 	ret = xfrm4_net_sysctl_init(net);
216 	if (ret)
217 		dst_entries_destroy(&net->xfrm.xfrm4_dst_ops);
218 
219 	return ret;
220 }
221 
222 static void __net_exit xfrm4_net_exit(struct net *net)
223 {
224 	xfrm4_net_sysctl_exit(net);
225 	dst_entries_destroy(&net->xfrm.xfrm4_dst_ops);
226 }
227 
228 static struct pernet_operations __net_initdata xfrm4_net_ops = {
229 	.init	= xfrm4_net_init,
230 	.exit	= xfrm4_net_exit,
231 };
232 
233 static void __init xfrm4_policy_init(void)
234 {
235 	xfrm_policy_register_afinfo(&xfrm4_policy_afinfo, AF_INET);
236 }
237 
238 void __init xfrm4_init(void)
239 {
240 	xfrm4_state_init();
241 	xfrm4_policy_init();
242 	xfrm4_protocol_init();
243 	register_pernet_subsys(&xfrm4_net_ops);
244 }
245