1 /* 2 * IPv6 Address Label subsystem 3 * for the IPv6 "Default" Source Address Selection 4 * 5 * Copyright (C)2007 USAGI/WIDE Project 6 */ 7 /* 8 * Author: 9 * YOSHIFUJI Hideaki @ USAGI/WIDE Project <yoshfuji@linux-ipv6.org> 10 */ 11 12 #include <linux/kernel.h> 13 #include <linux/list.h> 14 #include <linux/rcupdate.h> 15 #include <linux/in6.h> 16 #include <linux/slab.h> 17 #include <net/addrconf.h> 18 #include <linux/if_addrlabel.h> 19 #include <linux/netlink.h> 20 #include <linux/rtnetlink.h> 21 22 #if 0 23 #define ADDRLABEL(x...) printk(x) 24 #else 25 #define ADDRLABEL(x...) do { ; } while(0) 26 #endif 27 28 /* 29 * Policy Table 30 */ 31 struct ip6addrlbl_entry 32 { 33 #ifdef CONFIG_NET_NS 34 struct net *lbl_net; 35 #endif 36 struct in6_addr prefix; 37 int prefixlen; 38 int ifindex; 39 int addrtype; 40 u32 label; 41 struct hlist_node list; 42 atomic_t refcnt; 43 struct rcu_head rcu; 44 }; 45 46 static struct ip6addrlbl_table 47 { 48 struct hlist_head head; 49 spinlock_t lock; 50 u32 seq; 51 } ip6addrlbl_table; 52 53 static inline 54 struct net *ip6addrlbl_net(const struct ip6addrlbl_entry *lbl) 55 { 56 #ifdef CONFIG_NET_NS 57 return lbl->lbl_net; 58 #else 59 return &init_net; 60 #endif 61 } 62 63 /* 64 * Default policy table (RFC3484 + extensions) 65 * 66 * prefix addr_type label 67 * ------------------------------------------------------------------------- 68 * ::1/128 LOOPBACK 0 69 * ::/0 N/A 1 70 * 2002::/16 N/A 2 71 * ::/96 COMPATv4 3 72 * ::ffff:0:0/96 V4MAPPED 4 73 * fc00::/7 N/A 5 ULA (RFC 4193) 74 * 2001::/32 N/A 6 Teredo (RFC 4380) 75 * 2001:10::/28 N/A 7 ORCHID (RFC 4843) 76 * 77 * Note: 0xffffffff is used if we do not have any policies. 78 */ 79 80 #define IPV6_ADDR_LABEL_DEFAULT 0xffffffffUL 81 82 static const __net_initdata struct ip6addrlbl_init_table 83 { 84 const struct in6_addr *prefix; 85 int prefixlen; 86 u32 label; 87 } ip6addrlbl_init_table[] = { 88 { /* ::/0 */ 89 .prefix = &in6addr_any, 90 .label = 1, 91 },{ /* fc00::/7 */ 92 .prefix = &(struct in6_addr){{{ 0xfc }}}, 93 .prefixlen = 7, 94 .label = 5, 95 },{ /* 2002::/16 */ 96 .prefix = &(struct in6_addr){{{ 0x20, 0x02 }}}, 97 .prefixlen = 16, 98 .label = 2, 99 },{ /* 2001::/32 */ 100 .prefix = &(struct in6_addr){{{ 0x20, 0x01 }}}, 101 .prefixlen = 32, 102 .label = 6, 103 },{ /* 2001:10::/28 */ 104 .prefix = &(struct in6_addr){{{ 0x20, 0x01, 0x00, 0x10 }}}, 105 .prefixlen = 28, 106 .label = 7, 107 },{ /* ::ffff:0:0 */ 108 .prefix = &(struct in6_addr){{{ [10] = 0xff, [11] = 0xff }}}, 109 .prefixlen = 96, 110 .label = 4, 111 },{ /* ::/96 */ 112 .prefix = &in6addr_any, 113 .prefixlen = 96, 114 .label = 3, 115 },{ /* ::1/128 */ 116 .prefix = &in6addr_loopback, 117 .prefixlen = 128, 118 .label = 0, 119 } 120 }; 121 122 /* Object management */ 123 static inline void ip6addrlbl_free(struct ip6addrlbl_entry *p) 124 { 125 #ifdef CONFIG_NET_NS 126 release_net(p->lbl_net); 127 #endif 128 kfree(p); 129 } 130 131 static void ip6addrlbl_free_rcu(struct rcu_head *h) 132 { 133 ip6addrlbl_free(container_of(h, struct ip6addrlbl_entry, rcu)); 134 } 135 136 static inline int ip6addrlbl_hold(struct ip6addrlbl_entry *p) 137 { 138 return atomic_inc_not_zero(&p->refcnt); 139 } 140 141 static inline void ip6addrlbl_put(struct ip6addrlbl_entry *p) 142 { 143 if (atomic_dec_and_test(&p->refcnt)) 144 call_rcu(&p->rcu, ip6addrlbl_free_rcu); 145 } 146 147 /* Find label */ 148 static int __ip6addrlbl_match(struct net *net, 149 struct ip6addrlbl_entry *p, 150 const struct in6_addr *addr, 151 int addrtype, int ifindex) 152 { 153 if (!net_eq(ip6addrlbl_net(p), net)) 154 return 0; 155 if (p->ifindex && p->ifindex != ifindex) 156 return 0; 157 if (p->addrtype && p->addrtype != addrtype) 158 return 0; 159 if (!ipv6_prefix_equal(addr, &p->prefix, p->prefixlen)) 160 return 0; 161 return 1; 162 } 163 164 static struct ip6addrlbl_entry *__ipv6_addr_label(struct net *net, 165 const struct in6_addr *addr, 166 int type, int ifindex) 167 { 168 struct hlist_node *pos; 169 struct ip6addrlbl_entry *p; 170 hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) { 171 if (__ip6addrlbl_match(net, p, addr, type, ifindex)) 172 return p; 173 } 174 return NULL; 175 } 176 177 u32 ipv6_addr_label(struct net *net, 178 const struct in6_addr *addr, int type, int ifindex) 179 { 180 u32 label; 181 struct ip6addrlbl_entry *p; 182 183 type &= IPV6_ADDR_MAPPED | IPV6_ADDR_COMPATv4 | IPV6_ADDR_LOOPBACK; 184 185 rcu_read_lock(); 186 p = __ipv6_addr_label(net, addr, type, ifindex); 187 label = p ? p->label : IPV6_ADDR_LABEL_DEFAULT; 188 rcu_read_unlock(); 189 190 ADDRLABEL(KERN_DEBUG "%s(addr=%pI6, type=%d, ifindex=%d) => %08x\n", 191 __func__, addr, type, ifindex, label); 192 193 return label; 194 } 195 196 /* allocate one entry */ 197 static struct ip6addrlbl_entry *ip6addrlbl_alloc(struct net *net, 198 const struct in6_addr *prefix, 199 int prefixlen, int ifindex, 200 u32 label) 201 { 202 struct ip6addrlbl_entry *newp; 203 int addrtype; 204 205 ADDRLABEL(KERN_DEBUG "%s(prefix=%pI6, prefixlen=%d, ifindex=%d, label=%u)\n", 206 __func__, prefix, prefixlen, ifindex, (unsigned int)label); 207 208 addrtype = ipv6_addr_type(prefix) & (IPV6_ADDR_MAPPED | IPV6_ADDR_COMPATv4 | IPV6_ADDR_LOOPBACK); 209 210 switch (addrtype) { 211 case IPV6_ADDR_MAPPED: 212 if (prefixlen > 96) 213 return ERR_PTR(-EINVAL); 214 if (prefixlen < 96) 215 addrtype = 0; 216 break; 217 case IPV6_ADDR_COMPATv4: 218 if (prefixlen != 96) 219 addrtype = 0; 220 break; 221 case IPV6_ADDR_LOOPBACK: 222 if (prefixlen != 128) 223 addrtype = 0; 224 break; 225 } 226 227 newp = kmalloc(sizeof(*newp), GFP_KERNEL); 228 if (!newp) 229 return ERR_PTR(-ENOMEM); 230 231 ipv6_addr_prefix(&newp->prefix, prefix, prefixlen); 232 newp->prefixlen = prefixlen; 233 newp->ifindex = ifindex; 234 newp->addrtype = addrtype; 235 newp->label = label; 236 INIT_HLIST_NODE(&newp->list); 237 #ifdef CONFIG_NET_NS 238 newp->lbl_net = hold_net(net); 239 #endif 240 atomic_set(&newp->refcnt, 1); 241 return newp; 242 } 243 244 /* add a label */ 245 static int __ip6addrlbl_add(struct ip6addrlbl_entry *newp, int replace) 246 { 247 int ret = 0; 248 249 ADDRLABEL(KERN_DEBUG "%s(newp=%p, replace=%d)\n", 250 __func__, 251 newp, replace); 252 253 if (hlist_empty(&ip6addrlbl_table.head)) { 254 hlist_add_head_rcu(&newp->list, &ip6addrlbl_table.head); 255 } else { 256 struct hlist_node *pos, *n; 257 struct ip6addrlbl_entry *p = NULL; 258 hlist_for_each_entry_safe(p, pos, n, 259 &ip6addrlbl_table.head, list) { 260 if (p->prefixlen == newp->prefixlen && 261 net_eq(ip6addrlbl_net(p), ip6addrlbl_net(newp)) && 262 p->ifindex == newp->ifindex && 263 ipv6_addr_equal(&p->prefix, &newp->prefix)) { 264 if (!replace) { 265 ret = -EEXIST; 266 goto out; 267 } 268 hlist_replace_rcu(&p->list, &newp->list); 269 ip6addrlbl_put(p); 270 goto out; 271 } else if ((p->prefixlen == newp->prefixlen && !p->ifindex) || 272 (p->prefixlen < newp->prefixlen)) { 273 hlist_add_before_rcu(&newp->list, &p->list); 274 goto out; 275 } 276 } 277 hlist_add_after_rcu(&p->list, &newp->list); 278 } 279 out: 280 if (!ret) 281 ip6addrlbl_table.seq++; 282 return ret; 283 } 284 285 /* add a label */ 286 static int ip6addrlbl_add(struct net *net, 287 const struct in6_addr *prefix, int prefixlen, 288 int ifindex, u32 label, int replace) 289 { 290 struct ip6addrlbl_entry *newp; 291 int ret = 0; 292 293 ADDRLABEL(KERN_DEBUG "%s(prefix=%pI6, prefixlen=%d, ifindex=%d, label=%u, replace=%d)\n", 294 __func__, prefix, prefixlen, ifindex, (unsigned int)label, 295 replace); 296 297 newp = ip6addrlbl_alloc(net, prefix, prefixlen, ifindex, label); 298 if (IS_ERR(newp)) 299 return PTR_ERR(newp); 300 spin_lock(&ip6addrlbl_table.lock); 301 ret = __ip6addrlbl_add(newp, replace); 302 spin_unlock(&ip6addrlbl_table.lock); 303 if (ret) 304 ip6addrlbl_free(newp); 305 return ret; 306 } 307 308 /* remove a label */ 309 static int __ip6addrlbl_del(struct net *net, 310 const struct in6_addr *prefix, int prefixlen, 311 int ifindex) 312 { 313 struct ip6addrlbl_entry *p = NULL; 314 struct hlist_node *pos, *n; 315 int ret = -ESRCH; 316 317 ADDRLABEL(KERN_DEBUG "%s(prefix=%pI6, prefixlen=%d, ifindex=%d)\n", 318 __func__, prefix, prefixlen, ifindex); 319 320 hlist_for_each_entry_safe(p, pos, n, &ip6addrlbl_table.head, list) { 321 if (p->prefixlen == prefixlen && 322 net_eq(ip6addrlbl_net(p), net) && 323 p->ifindex == ifindex && 324 ipv6_addr_equal(&p->prefix, prefix)) { 325 hlist_del_rcu(&p->list); 326 ip6addrlbl_put(p); 327 ret = 0; 328 break; 329 } 330 } 331 return ret; 332 } 333 334 static int ip6addrlbl_del(struct net *net, 335 const struct in6_addr *prefix, int prefixlen, 336 int ifindex) 337 { 338 struct in6_addr prefix_buf; 339 int ret; 340 341 ADDRLABEL(KERN_DEBUG "%s(prefix=%pI6, prefixlen=%d, ifindex=%d)\n", 342 __func__, prefix, prefixlen, ifindex); 343 344 ipv6_addr_prefix(&prefix_buf, prefix, prefixlen); 345 spin_lock(&ip6addrlbl_table.lock); 346 ret = __ip6addrlbl_del(net, &prefix_buf, prefixlen, ifindex); 347 spin_unlock(&ip6addrlbl_table.lock); 348 return ret; 349 } 350 351 /* add default label */ 352 static int __net_init ip6addrlbl_net_init(struct net *net) 353 { 354 int err = 0; 355 int i; 356 357 ADDRLABEL(KERN_DEBUG "%s()\n", __func__); 358 359 for (i = 0; i < ARRAY_SIZE(ip6addrlbl_init_table); i++) { 360 int ret = ip6addrlbl_add(net, 361 ip6addrlbl_init_table[i].prefix, 362 ip6addrlbl_init_table[i].prefixlen, 363 0, 364 ip6addrlbl_init_table[i].label, 0); 365 /* XXX: should we free all rules when we catch an error? */ 366 if (ret && (!err || err != -ENOMEM)) 367 err = ret; 368 } 369 return err; 370 } 371 372 static void __net_exit ip6addrlbl_net_exit(struct net *net) 373 { 374 struct ip6addrlbl_entry *p = NULL; 375 struct hlist_node *pos, *n; 376 377 /* Remove all labels belonging to the exiting net */ 378 spin_lock(&ip6addrlbl_table.lock); 379 hlist_for_each_entry_safe(p, pos, n, &ip6addrlbl_table.head, list) { 380 if (net_eq(ip6addrlbl_net(p), net)) { 381 hlist_del_rcu(&p->list); 382 ip6addrlbl_put(p); 383 } 384 } 385 spin_unlock(&ip6addrlbl_table.lock); 386 } 387 388 static struct pernet_operations ipv6_addr_label_ops = { 389 .init = ip6addrlbl_net_init, 390 .exit = ip6addrlbl_net_exit, 391 }; 392 393 int __init ipv6_addr_label_init(void) 394 { 395 spin_lock_init(&ip6addrlbl_table.lock); 396 397 return register_pernet_subsys(&ipv6_addr_label_ops); 398 } 399 400 static const struct nla_policy ifal_policy[IFAL_MAX+1] = { 401 [IFAL_ADDRESS] = { .len = sizeof(struct in6_addr), }, 402 [IFAL_LABEL] = { .len = sizeof(u32), }, 403 }; 404 405 static int ip6addrlbl_newdel(struct sk_buff *skb, struct nlmsghdr *nlh, 406 void *arg) 407 { 408 struct net *net = sock_net(skb->sk); 409 struct ifaddrlblmsg *ifal; 410 struct nlattr *tb[IFAL_MAX+1]; 411 struct in6_addr *pfx; 412 u32 label; 413 int err = 0; 414 415 err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy); 416 if (err < 0) 417 return err; 418 419 ifal = nlmsg_data(nlh); 420 421 if (ifal->ifal_family != AF_INET6 || 422 ifal->ifal_prefixlen > 128) 423 return -EINVAL; 424 425 if (!tb[IFAL_ADDRESS]) 426 return -EINVAL; 427 428 pfx = nla_data(tb[IFAL_ADDRESS]); 429 if (!pfx) 430 return -EINVAL; 431 432 if (!tb[IFAL_LABEL]) 433 return -EINVAL; 434 label = nla_get_u32(tb[IFAL_LABEL]); 435 if (label == IPV6_ADDR_LABEL_DEFAULT) 436 return -EINVAL; 437 438 switch(nlh->nlmsg_type) { 439 case RTM_NEWADDRLABEL: 440 if (ifal->ifal_index && 441 !__dev_get_by_index(net, ifal->ifal_index)) 442 return -EINVAL; 443 444 err = ip6addrlbl_add(net, pfx, ifal->ifal_prefixlen, 445 ifal->ifal_index, label, 446 nlh->nlmsg_flags & NLM_F_REPLACE); 447 break; 448 case RTM_DELADDRLABEL: 449 err = ip6addrlbl_del(net, pfx, ifal->ifal_prefixlen, 450 ifal->ifal_index); 451 break; 452 default: 453 err = -EOPNOTSUPP; 454 } 455 return err; 456 } 457 458 static inline void ip6addrlbl_putmsg(struct nlmsghdr *nlh, 459 int prefixlen, int ifindex, u32 lseq) 460 { 461 struct ifaddrlblmsg *ifal = nlmsg_data(nlh); 462 ifal->ifal_family = AF_INET6; 463 ifal->ifal_prefixlen = prefixlen; 464 ifal->ifal_flags = 0; 465 ifal->ifal_index = ifindex; 466 ifal->ifal_seq = lseq; 467 }; 468 469 static int ip6addrlbl_fill(struct sk_buff *skb, 470 struct ip6addrlbl_entry *p, 471 u32 lseq, 472 u32 pid, u32 seq, int event, 473 unsigned int flags) 474 { 475 struct nlmsghdr *nlh = nlmsg_put(skb, pid, seq, event, 476 sizeof(struct ifaddrlblmsg), flags); 477 if (!nlh) 478 return -EMSGSIZE; 479 480 ip6addrlbl_putmsg(nlh, p->prefixlen, p->ifindex, lseq); 481 482 if (nla_put(skb, IFAL_ADDRESS, 16, &p->prefix) < 0 || 483 nla_put_u32(skb, IFAL_LABEL, p->label) < 0) { 484 nlmsg_cancel(skb, nlh); 485 return -EMSGSIZE; 486 } 487 488 return nlmsg_end(skb, nlh); 489 } 490 491 static int ip6addrlbl_dump(struct sk_buff *skb, struct netlink_callback *cb) 492 { 493 struct net *net = sock_net(skb->sk); 494 struct ip6addrlbl_entry *p; 495 struct hlist_node *pos; 496 int idx = 0, s_idx = cb->args[0]; 497 int err; 498 499 rcu_read_lock(); 500 hlist_for_each_entry_rcu(p, pos, &ip6addrlbl_table.head, list) { 501 if (idx >= s_idx && 502 net_eq(ip6addrlbl_net(p), net)) { 503 if ((err = ip6addrlbl_fill(skb, p, 504 ip6addrlbl_table.seq, 505 NETLINK_CB(cb->skb).pid, 506 cb->nlh->nlmsg_seq, 507 RTM_NEWADDRLABEL, 508 NLM_F_MULTI)) <= 0) 509 break; 510 } 511 idx++; 512 } 513 rcu_read_unlock(); 514 cb->args[0] = idx; 515 return skb->len; 516 } 517 518 static inline int ip6addrlbl_msgsize(void) 519 { 520 return (NLMSG_ALIGN(sizeof(struct ifaddrlblmsg)) 521 + nla_total_size(16) /* IFAL_ADDRESS */ 522 + nla_total_size(4) /* IFAL_LABEL */ 523 ); 524 } 525 526 static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr* nlh, 527 void *arg) 528 { 529 struct net *net = sock_net(in_skb->sk); 530 struct ifaddrlblmsg *ifal; 531 struct nlattr *tb[IFAL_MAX+1]; 532 struct in6_addr *addr; 533 u32 lseq; 534 int err = 0; 535 struct ip6addrlbl_entry *p; 536 struct sk_buff *skb; 537 538 err = nlmsg_parse(nlh, sizeof(*ifal), tb, IFAL_MAX, ifal_policy); 539 if (err < 0) 540 return err; 541 542 ifal = nlmsg_data(nlh); 543 544 if (ifal->ifal_family != AF_INET6 || 545 ifal->ifal_prefixlen != 128) 546 return -EINVAL; 547 548 if (ifal->ifal_index && 549 !__dev_get_by_index(net, ifal->ifal_index)) 550 return -EINVAL; 551 552 if (!tb[IFAL_ADDRESS]) 553 return -EINVAL; 554 555 addr = nla_data(tb[IFAL_ADDRESS]); 556 if (!addr) 557 return -EINVAL; 558 559 rcu_read_lock(); 560 p = __ipv6_addr_label(net, addr, ipv6_addr_type(addr), ifal->ifal_index); 561 if (p && ip6addrlbl_hold(p)) 562 p = NULL; 563 lseq = ip6addrlbl_table.seq; 564 rcu_read_unlock(); 565 566 if (!p) { 567 err = -ESRCH; 568 goto out; 569 } 570 571 if (!(skb = nlmsg_new(ip6addrlbl_msgsize(), GFP_KERNEL))) { 572 ip6addrlbl_put(p); 573 return -ENOBUFS; 574 } 575 576 err = ip6addrlbl_fill(skb, p, lseq, 577 NETLINK_CB(in_skb).pid, nlh->nlmsg_seq, 578 RTM_NEWADDRLABEL, 0); 579 580 ip6addrlbl_put(p); 581 582 if (err < 0) { 583 WARN_ON(err == -EMSGSIZE); 584 kfree_skb(skb); 585 goto out; 586 } 587 588 err = rtnl_unicast(skb, net, NETLINK_CB(in_skb).pid); 589 out: 590 return err; 591 } 592 593 void __init ipv6_addr_label_rtnl_register(void) 594 { 595 __rtnl_register(PF_INET6, RTM_NEWADDRLABEL, ip6addrlbl_newdel, NULL); 596 __rtnl_register(PF_INET6, RTM_DELADDRLABEL, ip6addrlbl_newdel, NULL); 597 __rtnl_register(PF_INET6, RTM_GETADDRLABEL, ip6addrlbl_get, ip6addrlbl_dump); 598 } 599 600