1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * IPv6 Address Label subsystem 4 * for the IPv6 "Default" Source Address Selection 5 * 6 * Copyright (C)2007 USAGI/WIDE Project 7 */ 8 /* 9 * Author: 10 * YOSHIFUJI Hideaki @ USAGI/WIDE Project <yoshfuji@linux-ipv6.org> 11 */ 12 13 #include <linux/kernel.h> 14 #include <linux/list.h> 15 #include <linux/rcupdate.h> 16 #include <linux/in6.h> 17 #include <linux/slab.h> 18 #include <net/addrconf.h> 19 #include <linux/if_addrlabel.h> 20 #include <linux/netlink.h> 21 #include <linux/rtnetlink.h> 22 23 #if 0 24 #define ADDRLABEL(x...) printk(x) 25 #else 26 #define ADDRLABEL(x...) do { ; } while (0) 27 #endif 28 29 /* 30 * Policy Table 31 */ 32 struct ip6addrlbl_entry { 33 struct in6_addr prefix; 34 int prefixlen; 35 int ifindex; 36 int addrtype; 37 u32 label; 38 struct hlist_node list; 39 struct rcu_head rcu; 40 }; 41 42 /* 43 * Default policy table (RFC6724 + extensions) 44 * 45 * prefix addr_type label 46 * ------------------------------------------------------------------------- 47 * ::1/128 LOOPBACK 0 48 * ::/0 N/A 1 49 * 2002::/16 N/A 2 50 * ::/96 COMPATv4 3 51 * ::ffff:0:0/96 V4MAPPED 4 52 * fc00::/7 N/A 5 ULA (RFC 4193) 53 * 2001::/32 N/A 6 Teredo (RFC 4380) 54 * 2001:10::/28 N/A 7 ORCHID (RFC 4843) 55 * fec0::/10 N/A 11 Site-local 56 * (deprecated by RFC3879) 57 * 3ffe::/16 N/A 12 6bone 58 * 59 * Note: 0xffffffff is used if we do not have any policies. 60 * Note: Labels for ULA and 6to4 are different from labels listed in RFC6724. 61 */ 62 63 #define IPV6_ADDR_LABEL_DEFAULT 0xffffffffUL 64 65 static const __net_initconst struct ip6addrlbl_init_table 66 { 67 const struct in6_addr *prefix; 68 int prefixlen; 69 u32 label; 70 } ip6addrlbl_init_table[] = { 71 { /* ::/0 */ 72 .prefix = &in6addr_any, 73 .label = 1, 74 }, { /* fc00::/7 */ 75 .prefix = &(struct in6_addr){ { { 0xfc } } } , 76 .prefixlen = 7, 77 .label = 5, 78 }, { /* fec0::/10 */ 79 .prefix = &(struct in6_addr){ { { 0xfe, 0xc0 } } }, 80 .prefixlen = 10, 81 .label = 11, 82 }, { /* 2002::/16 */ 83 .prefix = &(struct in6_addr){ { { 0x20, 0x02 } } }, 84 .prefixlen = 16, 85 .label = 2, 86 }, { /* 3ffe::/16 */ 87 .prefix = &(struct in6_addr){ { { 0x3f, 0xfe } } }, 88 .prefixlen = 16, 89 .label = 12, 90 }, { /* 2001::/32 */ 91 .prefix = &(struct in6_addr){ { { 0x20, 0x01 } } }, 92 .prefixlen = 32, 93 .label = 6, 94 }, { /* 2001:10::/28 */ 95 .prefix = &(struct in6_addr){ { { 0x20, 0x01, 0x00, 0x10 } } }, 96 .prefixlen = 28, 97 .label = 7, 98 }, { /* ::ffff:0:0 */ 99 .prefix = &(struct in6_addr){ { { [10] = 0xff, [11] = 0xff } } }, 100 .prefixlen = 96, 101 .label = 4, 102 }, { /* ::/96 */ 103 .prefix = &in6addr_any, 104 .prefixlen = 96, 105 .label = 3, 106 }, { /* ::1/128 */ 107 .prefix = &in6addr_loopback, 108 .prefixlen = 128, 109 .label = 0, 110 } 111 }; 112 113 /* Find label */ 114 static bool __ip6addrlbl_match(const struct ip6addrlbl_entry *p, 115 const struct in6_addr *addr, 116 int addrtype, int ifindex) 117 { 118 if (p->ifindex && p->ifindex != ifindex) 119 return false; 120 if (p->addrtype && p->addrtype != addrtype) 121 return false; 122 if (!ipv6_prefix_equal(addr, &p->prefix, p->prefixlen)) 123 return false; 124 return true; 125 } 126 127 static struct ip6addrlbl_entry *__ipv6_addr_label(struct net *net, 128 const struct in6_addr *addr, 129 int type, int ifindex) 130 { 131 struct ip6addrlbl_entry *p; 132 133 hlist_for_each_entry_rcu(p, &net->ipv6.ip6addrlbl_table.head, list) { 134 if (__ip6addrlbl_match(p, addr, type, ifindex)) 135 return p; 136 } 137 return NULL; 138 } 139 140 u32 ipv6_addr_label(struct net *net, 141 const struct in6_addr *addr, int type, int ifindex) 142 { 143 u32 label; 144 struct ip6addrlbl_entry *p; 145 146 type &= IPV6_ADDR_MAPPED | IPV6_ADDR_COMPATv4 | IPV6_ADDR_LOOPBACK; 147 148 rcu_read_lock(); 149 p = __ipv6_addr_label(net, addr, type, ifindex); 150 label = p ? p->label : IPV6_ADDR_LABEL_DEFAULT; 151 rcu_read_unlock(); 152 153 ADDRLABEL(KERN_DEBUG "%s(addr=%pI6, type=%d, ifindex=%d) => %08x\n", 154 __func__, addr, type, ifindex, label); 155 156 return label; 157 } 158 159 /* allocate one entry */ 160 static struct ip6addrlbl_entry *ip6addrlbl_alloc(const struct in6_addr *prefix, 161 int prefixlen, int ifindex, 162 u32 label) 163 { 164 struct ip6addrlbl_entry *newp; 165 int addrtype; 166 167 ADDRLABEL(KERN_DEBUG "%s(prefix=%pI6, prefixlen=%d, ifindex=%d, label=%u)\n", 168 __func__, prefix, prefixlen, ifindex, (unsigned int)label); 169 170 addrtype = ipv6_addr_type(prefix) & (IPV6_ADDR_MAPPED | IPV6_ADDR_COMPATv4 | IPV6_ADDR_LOOPBACK); 171 172 switch (addrtype) { 173 case IPV6_ADDR_MAPPED: 174 if (prefixlen > 96) 175 return ERR_PTR(-EINVAL); 176 if (prefixlen < 96) 177 addrtype = 0; 178 break; 179 case IPV6_ADDR_COMPATv4: 180 if (prefixlen != 96) 181 addrtype = 0; 182 break; 183 case IPV6_ADDR_LOOPBACK: 184 if (prefixlen != 128) 185 addrtype = 0; 186 break; 187 } 188 189 newp = kmalloc(sizeof(*newp), GFP_KERNEL); 190 if (!newp) 191 return ERR_PTR(-ENOMEM); 192 193 ipv6_addr_prefix(&newp->prefix, prefix, prefixlen); 194 newp->prefixlen = prefixlen; 195 newp->ifindex = ifindex; 196 newp->addrtype = addrtype; 197 newp->label = label; 198 INIT_HLIST_NODE(&newp->list); 199 return newp; 200 } 201 202 /* add a label */ 203 static int __ip6addrlbl_add(struct net *net, struct ip6addrlbl_entry *newp, 204 int replace) 205 { 206 struct ip6addrlbl_entry *last = NULL, *p = NULL; 207 struct hlist_node *n; 208 int ret = 0; 209 210 ADDRLABEL(KERN_DEBUG "%s(newp=%p, replace=%d)\n", __func__, newp, 211 replace); 212 213 hlist_for_each_entry_safe(p, n, &net->ipv6.ip6addrlbl_table.head, list) { 214 if (p->prefixlen == newp->prefixlen && 215 p->ifindex == newp->ifindex && 216 ipv6_addr_equal(&p->prefix, &newp->prefix)) { 217 if (!replace) { 218 ret = -EEXIST; 219 goto out; 220 } 221 hlist_replace_rcu(&p->list, &newp->list); 222 kfree_rcu(p, rcu); 223 goto out; 224 } else if ((p->prefixlen == newp->prefixlen && !p->ifindex) || 225 (p->prefixlen < newp->prefixlen)) { 226 hlist_add_before_rcu(&newp->list, &p->list); 227 goto out; 228 } 229 last = p; 230 } 231 if (last) 232 hlist_add_behind_rcu(&newp->list, &last->list); 233 else 234 hlist_add_head_rcu(&newp->list, &net->ipv6.ip6addrlbl_table.head); 235 out: 236 if (!ret) 237 net->ipv6.ip6addrlbl_table.seq++; 238 return ret; 239 } 240 241 /* add a label */ 242 static int ip6addrlbl_add(struct net *net, 243 const struct in6_addr *prefix, int prefixlen, 244 int ifindex, u32 label, int replace) 245 { 246 struct ip6addrlbl_entry *newp; 247 int ret = 0; 248 249 ADDRLABEL(KERN_DEBUG "%s(prefix=%pI6, prefixlen=%d, ifindex=%d, label=%u, replace=%d)\n", 250 __func__, prefix, prefixlen, ifindex, (unsigned int)label, 251 replace); 252 253 newp = ip6addrlbl_alloc(prefix, prefixlen, ifindex, label); 254 if (IS_ERR(newp)) 255 return PTR_ERR(newp); 256 spin_lock(&net->ipv6.ip6addrlbl_table.lock); 257 ret = __ip6addrlbl_add(net, newp, replace); 258 spin_unlock(&net->ipv6.ip6addrlbl_table.lock); 259 if (ret) 260 kfree(newp); 261 return ret; 262 } 263 264 /* remove a label */ 265 static int __ip6addrlbl_del(struct net *net, 266 const struct in6_addr *prefix, int prefixlen, 267 int ifindex) 268 { 269 struct ip6addrlbl_entry *p = NULL; 270 struct hlist_node *n; 271 int ret = -ESRCH; 272 273 ADDRLABEL(KERN_DEBUG "%s(prefix=%pI6, prefixlen=%d, ifindex=%d)\n", 274 __func__, prefix, prefixlen, ifindex); 275 276 hlist_for_each_entry_safe(p, n, &net->ipv6.ip6addrlbl_table.head, list) { 277 if (p->prefixlen == prefixlen && 278 p->ifindex == ifindex && 279 ipv6_addr_equal(&p->prefix, prefix)) { 280 hlist_del_rcu(&p->list); 281 kfree_rcu(p, rcu); 282 ret = 0; 283 break; 284 } 285 } 286 return ret; 287 } 288 289 static int ip6addrlbl_del(struct net *net, 290 const struct in6_addr *prefix, int prefixlen, 291 int ifindex) 292 { 293 struct in6_addr prefix_buf; 294 int ret; 295 296 ADDRLABEL(KERN_DEBUG "%s(prefix=%pI6, prefixlen=%d, ifindex=%d)\n", 297 __func__, prefix, prefixlen, ifindex); 298 299 ipv6_addr_prefix(&prefix_buf, prefix, prefixlen); 300 spin_lock(&net->ipv6.ip6addrlbl_table.lock); 301 ret = __ip6addrlbl_del(net, &prefix_buf, prefixlen, ifindex); 302 spin_unlock(&net->ipv6.ip6addrlbl_table.lock); 303 return ret; 304 } 305 306 /* add default label */ 307 static int __net_init ip6addrlbl_net_init(struct net *net) 308 { 309 int err = 0; 310 int i; 311 312 ADDRLABEL(KERN_DEBUG "%s\n", __func__); 313 314 spin_lock_init(&net->ipv6.ip6addrlbl_table.lock); 315 INIT_HLIST_HEAD(&net->ipv6.ip6addrlbl_table.head); 316 317 for (i = 0; i < ARRAY_SIZE(ip6addrlbl_init_table); i++) { 318 int ret = ip6addrlbl_add(net, 319 ip6addrlbl_init_table[i].prefix, 320 ip6addrlbl_init_table[i].prefixlen, 321 0, 322 ip6addrlbl_init_table[i].label, 0); 323 /* XXX: should we free all rules when we catch an error? */ 324 if (ret && (!err || err != -ENOMEM)) 325 err = ret; 326 } 327 return err; 328 } 329 330 static void __net_exit ip6addrlbl_net_exit(struct net *net) 331 { 332 struct ip6addrlbl_entry *p = NULL; 333 struct hlist_node *n; 334 335 /* Remove all labels belonging to the exiting net */ 336 spin_lock(&net->ipv6.ip6addrlbl_table.lock); 337 hlist_for_each_entry_safe(p, n, &net->ipv6.ip6addrlbl_table.head, list) { 338 hlist_del_rcu(&p->list); 339 kfree_rcu(p, rcu); 340 } 341 spin_unlock(&net->ipv6.ip6addrlbl_table.lock); 342 } 343 344 static struct pernet_operations ipv6_addr_label_ops = { 345 .init = ip6addrlbl_net_init, 346 .exit = ip6addrlbl_net_exit, 347 .async = true, 348 }; 349 350 int __init ipv6_addr_label_init(void) 351 { 352 return register_pernet_subsys(&ipv6_addr_label_ops); 353 } 354 355 void ipv6_addr_label_cleanup(void) 356 { 357 unregister_pernet_subsys(&ipv6_addr_label_ops); 358 } 359 360 static const struct nla_policy ifal_policy[IFAL_MAX+1] = { 361 [IFAL_ADDRESS] = { .len = sizeof(struct in6_addr), }, 362 [IFAL_LABEL] = { .len = sizeof(u32), }, 363 }; 364 365 static bool addrlbl_ifindex_exists(struct net *net, int ifindex) 366 { 367 368 struct net_device *dev; 369 370 rcu_read_lock(); 371 dev = dev_get_by_index_rcu(net, ifindex); 372 rcu_read_unlock(); 373 374 return dev != NULL; 375 } 376 377 static int ip6addrlbl_newdel(struct sk_buff *skb, struct nlmsghdr *nlh, 378 struct netlink_ext_ack *extack) 379 { 380 struct net *net = sock_net(skb->sk); 381 struct ifaddrlblmsg *ifal; 382 struct nlattr *tb[IFAL_MAX+1]; 383 struct in6_addr *pfx; 384 u32 label; 385 int err = 0; 386 387 err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy, 388 extack); 389 if (err < 0) 390 return err; 391 392 ifal = nlmsg_data(nlh); 393 394 if (ifal->ifal_family != AF_INET6 || 395 ifal->ifal_prefixlen > 128) 396 return -EINVAL; 397 398 if (!tb[IFAL_ADDRESS]) 399 return -EINVAL; 400 pfx = nla_data(tb[IFAL_ADDRESS]); 401 402 if (!tb[IFAL_LABEL]) 403 return -EINVAL; 404 label = nla_get_u32(tb[IFAL_LABEL]); 405 if (label == IPV6_ADDR_LABEL_DEFAULT) 406 return -EINVAL; 407 408 switch (nlh->nlmsg_type) { 409 case RTM_NEWADDRLABEL: 410 if (ifal->ifal_index && 411 !addrlbl_ifindex_exists(net, ifal->ifal_index)) 412 return -EINVAL; 413 414 err = ip6addrlbl_add(net, pfx, ifal->ifal_prefixlen, 415 ifal->ifal_index, label, 416 nlh->nlmsg_flags & NLM_F_REPLACE); 417 break; 418 case RTM_DELADDRLABEL: 419 err = ip6addrlbl_del(net, pfx, ifal->ifal_prefixlen, 420 ifal->ifal_index); 421 break; 422 default: 423 err = -EOPNOTSUPP; 424 } 425 return err; 426 } 427 428 static void ip6addrlbl_putmsg(struct nlmsghdr *nlh, 429 int prefixlen, int ifindex, u32 lseq) 430 { 431 struct ifaddrlblmsg *ifal = nlmsg_data(nlh); 432 ifal->ifal_family = AF_INET6; 433 ifal->ifal_prefixlen = prefixlen; 434 ifal->ifal_flags = 0; 435 ifal->ifal_index = ifindex; 436 ifal->ifal_seq = lseq; 437 }; 438 439 static int ip6addrlbl_fill(struct sk_buff *skb, 440 struct ip6addrlbl_entry *p, 441 u32 lseq, 442 u32 portid, u32 seq, int event, 443 unsigned int flags) 444 { 445 struct nlmsghdr *nlh = nlmsg_put(skb, portid, seq, event, 446 sizeof(struct ifaddrlblmsg), flags); 447 if (!nlh) 448 return -EMSGSIZE; 449 450 ip6addrlbl_putmsg(nlh, p->prefixlen, p->ifindex, lseq); 451 452 if (nla_put_in6_addr(skb, IFAL_ADDRESS, &p->prefix) < 0 || 453 nla_put_u32(skb, IFAL_LABEL, p->label) < 0) { 454 nlmsg_cancel(skb, nlh); 455 return -EMSGSIZE; 456 } 457 458 nlmsg_end(skb, nlh); 459 return 0; 460 } 461 462 static int ip6addrlbl_dump(struct sk_buff *skb, struct netlink_callback *cb) 463 { 464 struct net *net = sock_net(skb->sk); 465 struct ip6addrlbl_entry *p; 466 int idx = 0, s_idx = cb->args[0]; 467 int err; 468 469 rcu_read_lock(); 470 hlist_for_each_entry_rcu(p, &net->ipv6.ip6addrlbl_table.head, list) { 471 if (idx >= s_idx) { 472 err = ip6addrlbl_fill(skb, p, 473 net->ipv6.ip6addrlbl_table.seq, 474 NETLINK_CB(cb->skb).portid, 475 cb->nlh->nlmsg_seq, 476 RTM_NEWADDRLABEL, 477 NLM_F_MULTI); 478 if (err < 0) 479 break; 480 } 481 idx++; 482 } 483 rcu_read_unlock(); 484 cb->args[0] = idx; 485 return skb->len; 486 } 487 488 static inline int ip6addrlbl_msgsize(void) 489 { 490 return NLMSG_ALIGN(sizeof(struct ifaddrlblmsg)) 491 + nla_total_size(16) /* IFAL_ADDRESS */ 492 + nla_total_size(4); /* IFAL_LABEL */ 493 } 494 495 static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr *nlh, 496 struct netlink_ext_ack *extack) 497 { 498 struct net *net = sock_net(in_skb->sk); 499 struct ifaddrlblmsg *ifal; 500 struct nlattr *tb[IFAL_MAX+1]; 501 struct in6_addr *addr; 502 u32 lseq; 503 int err = 0; 504 struct ip6addrlbl_entry *p; 505 struct sk_buff *skb; 506 507 err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy, 508 extack); 509 if (err < 0) 510 return err; 511 512 ifal = nlmsg_data(nlh); 513 514 if (ifal->ifal_family != AF_INET6 || 515 ifal->ifal_prefixlen != 128) 516 return -EINVAL; 517 518 if (ifal->ifal_index && 519 !addrlbl_ifindex_exists(net, ifal->ifal_index)) 520 return -EINVAL; 521 522 if (!tb[IFAL_ADDRESS]) 523 return -EINVAL; 524 addr = nla_data(tb[IFAL_ADDRESS]); 525 526 skb = nlmsg_new(ip6addrlbl_msgsize(), GFP_KERNEL); 527 if (!skb) 528 return -ENOBUFS; 529 530 err = -ESRCH; 531 532 rcu_read_lock(); 533 p = __ipv6_addr_label(net, addr, ipv6_addr_type(addr), ifal->ifal_index); 534 lseq = net->ipv6.ip6addrlbl_table.seq; 535 if (p) 536 err = ip6addrlbl_fill(skb, p, lseq, 537 NETLINK_CB(in_skb).portid, 538 nlh->nlmsg_seq, 539 RTM_NEWADDRLABEL, 0); 540 rcu_read_unlock(); 541 542 if (err < 0) { 543 WARN_ON(err == -EMSGSIZE); 544 kfree_skb(skb); 545 } else { 546 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).portid); 547 } 548 return err; 549 } 550 551 int __init ipv6_addr_label_rtnl_register(void) 552 { 553 int ret; 554 555 ret = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_NEWADDRLABEL, 556 ip6addrlbl_newdel, 557 NULL, RTNL_FLAG_DOIT_UNLOCKED); 558 if (ret < 0) 559 return ret; 560 ret = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_DELADDRLABEL, 561 ip6addrlbl_newdel, 562 NULL, RTNL_FLAG_DOIT_UNLOCKED); 563 if (ret < 0) 564 return ret; 565 ret = rtnl_register_module(THIS_MODULE, PF_INET6, RTM_GETADDRLABEL, 566 ip6addrlbl_get, 567 ip6addrlbl_dump, RTNL_FLAG_DOIT_UNLOCKED); 568 return ret; 569 } 570