1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Copyright (c) 2016, Amir Vadai <amir@vadai.me> 4 * Copyright (c) 2016, Mellanox Technologies. All rights reserved. 5 */ 6 7 #include <linux/module.h> 8 #include <linux/init.h> 9 #include <linux/kernel.h> 10 #include <linux/skbuff.h> 11 #include <linux/rtnetlink.h> 12 #include <net/geneve.h> 13 #include <net/vxlan.h> 14 #include <net/erspan.h> 15 #include <net/netlink.h> 16 #include <net/pkt_sched.h> 17 #include <net/dst.h> 18 #include <net/pkt_cls.h> 19 20 #include <linux/tc_act/tc_tunnel_key.h> 21 #include <net/tc_act/tc_tunnel_key.h> 22 23 static struct tc_action_ops act_tunnel_key_ops; 24 25 static int tunnel_key_act(struct sk_buff *skb, const struct tc_action *a, 26 struct tcf_result *res) 27 { 28 struct tcf_tunnel_key *t = to_tunnel_key(a); 29 struct tcf_tunnel_key_params *params; 30 int action; 31 32 params = rcu_dereference_bh(t->params); 33 34 tcf_lastuse_update(&t->tcf_tm); 35 tcf_action_update_bstats(&t->common, skb); 36 action = READ_ONCE(t->tcf_action); 37 38 switch (params->tcft_action) { 39 case TCA_TUNNEL_KEY_ACT_RELEASE: 40 skb_dst_drop(skb); 41 break; 42 case TCA_TUNNEL_KEY_ACT_SET: 43 skb_dst_drop(skb); 44 skb_dst_set(skb, dst_clone(¶ms->tcft_enc_metadata->dst)); 45 break; 46 default: 47 WARN_ONCE(1, "Bad tunnel_key action %d.\n", 48 params->tcft_action); 49 break; 50 } 51 52 return action; 53 } 54 55 static const struct nla_policy 56 enc_opts_policy[TCA_TUNNEL_KEY_ENC_OPTS_MAX + 1] = { 57 [TCA_TUNNEL_KEY_ENC_OPTS_UNSPEC] = { 58 .strict_start_type = TCA_TUNNEL_KEY_ENC_OPTS_VXLAN }, 59 [TCA_TUNNEL_KEY_ENC_OPTS_GENEVE] = { .type = NLA_NESTED }, 60 [TCA_TUNNEL_KEY_ENC_OPTS_VXLAN] = { .type = NLA_NESTED }, 61 [TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN] = { .type = NLA_NESTED }, 62 }; 63 64 static const struct nla_policy 65 geneve_opt_policy[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_MAX + 1] = { 66 [TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS] = { .type = NLA_U16 }, 67 [TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE] = { .type = NLA_U8 }, 68 [TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA] = { .type = NLA_BINARY, 69 .len = 128 }, 70 }; 71 72 static const struct nla_policy 73 vxlan_opt_policy[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_MAX + 1] = { 74 [TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP] = { .type = NLA_U32 }, 75 }; 76 77 static const struct nla_policy 78 erspan_opt_policy[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_MAX + 1] = { 79 [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER] = { .type = NLA_U8 }, 80 [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX] = { .type = NLA_U32 }, 81 [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR] = { .type = NLA_U8 }, 82 [TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID] = { .type = NLA_U8 }, 83 }; 84 85 static int 86 tunnel_key_copy_geneve_opt(const struct nlattr *nla, void *dst, int dst_len, 87 struct netlink_ext_ack *extack) 88 { 89 struct nlattr *tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_MAX + 1]; 90 int err, data_len, opt_len; 91 u8 *data; 92 93 err = nla_parse_nested_deprecated(tb, 94 TCA_TUNNEL_KEY_ENC_OPT_GENEVE_MAX, 95 nla, geneve_opt_policy, extack); 96 if (err < 0) 97 return err; 98 99 if (!tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS] || 100 !tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE] || 101 !tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA]) { 102 NL_SET_ERR_MSG(extack, "Missing tunnel key geneve option class, type or data"); 103 return -EINVAL; 104 } 105 106 data = nla_data(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA]); 107 data_len = nla_len(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA]); 108 if (data_len < 4) { 109 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is less than 4 bytes long"); 110 return -ERANGE; 111 } 112 if (data_len % 4) { 113 NL_SET_ERR_MSG(extack, "Tunnel key geneve option data is not a multiple of 4 bytes long"); 114 return -ERANGE; 115 } 116 117 opt_len = sizeof(struct geneve_opt) + data_len; 118 if (dst) { 119 struct geneve_opt *opt = dst; 120 121 WARN_ON(dst_len < opt_len); 122 123 opt->opt_class = 124 nla_get_be16(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS]); 125 opt->type = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE]); 126 opt->length = data_len / 4; /* length is in units of 4 bytes */ 127 opt->r1 = 0; 128 opt->r2 = 0; 129 opt->r3 = 0; 130 131 memcpy(opt + 1, data, data_len); 132 } 133 134 return opt_len; 135 } 136 137 static int 138 tunnel_key_copy_vxlan_opt(const struct nlattr *nla, void *dst, int dst_len, 139 struct netlink_ext_ack *extack) 140 { 141 struct nlattr *tb[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_MAX + 1]; 142 int err; 143 144 err = nla_parse_nested(tb, TCA_TUNNEL_KEY_ENC_OPT_VXLAN_MAX, nla, 145 vxlan_opt_policy, extack); 146 if (err < 0) 147 return err; 148 149 if (!tb[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP]) { 150 NL_SET_ERR_MSG(extack, "Missing tunnel key vxlan option gbp"); 151 return -EINVAL; 152 } 153 154 if (dst) { 155 struct vxlan_metadata *md = dst; 156 157 md->gbp = nla_get_u32(tb[TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP]); 158 md->gbp &= VXLAN_GBP_MASK; 159 } 160 161 return sizeof(struct vxlan_metadata); 162 } 163 164 static int 165 tunnel_key_copy_erspan_opt(const struct nlattr *nla, void *dst, int dst_len, 166 struct netlink_ext_ack *extack) 167 { 168 struct nlattr *tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_MAX + 1]; 169 int err; 170 u8 ver; 171 172 err = nla_parse_nested(tb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_MAX, nla, 173 erspan_opt_policy, extack); 174 if (err < 0) 175 return err; 176 177 if (!tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER]) { 178 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option ver"); 179 return -EINVAL; 180 } 181 182 ver = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER]); 183 if (ver == 1) { 184 if (!tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX]) { 185 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option index"); 186 return -EINVAL; 187 } 188 } else if (ver == 2) { 189 if (!tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR] || 190 !tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID]) { 191 NL_SET_ERR_MSG(extack, "Missing tunnel key erspan option dir or hwid"); 192 return -EINVAL; 193 } 194 } else { 195 NL_SET_ERR_MSG(extack, "Tunnel key erspan option ver is incorrect"); 196 return -EINVAL; 197 } 198 199 if (dst) { 200 struct erspan_metadata *md = dst; 201 202 md->version = ver; 203 if (ver == 1) { 204 nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX]; 205 md->u.index = nla_get_be32(nla); 206 } else { 207 nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR]; 208 md->u.md2.dir = nla_get_u8(nla); 209 nla = tb[TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID]; 210 set_hwid(&md->u.md2, nla_get_u8(nla)); 211 } 212 } 213 214 return sizeof(struct erspan_metadata); 215 } 216 217 static int tunnel_key_copy_opts(const struct nlattr *nla, u8 *dst, 218 int dst_len, struct netlink_ext_ack *extack) 219 { 220 int err, rem, opt_len, len = nla_len(nla), opts_len = 0, type = 0; 221 const struct nlattr *attr, *head = nla_data(nla); 222 223 err = nla_validate_deprecated(head, len, TCA_TUNNEL_KEY_ENC_OPTS_MAX, 224 enc_opts_policy, extack); 225 if (err) 226 return err; 227 228 nla_for_each_attr(attr, head, len, rem) { 229 switch (nla_type(attr)) { 230 case TCA_TUNNEL_KEY_ENC_OPTS_GENEVE: 231 if (type && type != TUNNEL_GENEVE_OPT) { 232 NL_SET_ERR_MSG(extack, "Duplicate type for geneve options"); 233 return -EINVAL; 234 } 235 opt_len = tunnel_key_copy_geneve_opt(attr, dst, 236 dst_len, extack); 237 if (opt_len < 0) 238 return opt_len; 239 opts_len += opt_len; 240 if (opts_len > IP_TUNNEL_OPTS_MAX) { 241 NL_SET_ERR_MSG(extack, "Tunnel options exceeds max size"); 242 return -EINVAL; 243 } 244 if (dst) { 245 dst_len -= opt_len; 246 dst += opt_len; 247 } 248 type = TUNNEL_GENEVE_OPT; 249 break; 250 case TCA_TUNNEL_KEY_ENC_OPTS_VXLAN: 251 if (type) { 252 NL_SET_ERR_MSG(extack, "Duplicate type for vxlan options"); 253 return -EINVAL; 254 } 255 opt_len = tunnel_key_copy_vxlan_opt(attr, dst, 256 dst_len, extack); 257 if (opt_len < 0) 258 return opt_len; 259 opts_len += opt_len; 260 type = TUNNEL_VXLAN_OPT; 261 break; 262 case TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN: 263 if (type) { 264 NL_SET_ERR_MSG(extack, "Duplicate type for erspan options"); 265 return -EINVAL; 266 } 267 opt_len = tunnel_key_copy_erspan_opt(attr, dst, 268 dst_len, extack); 269 if (opt_len < 0) 270 return opt_len; 271 opts_len += opt_len; 272 type = TUNNEL_ERSPAN_OPT; 273 break; 274 } 275 } 276 277 if (!opts_len) { 278 NL_SET_ERR_MSG(extack, "Empty list of tunnel options"); 279 return -EINVAL; 280 } 281 282 if (rem > 0) { 283 NL_SET_ERR_MSG(extack, "Trailing data after parsing tunnel key options attributes"); 284 return -EINVAL; 285 } 286 287 return opts_len; 288 } 289 290 static int tunnel_key_get_opts_len(struct nlattr *nla, 291 struct netlink_ext_ack *extack) 292 { 293 return tunnel_key_copy_opts(nla, NULL, 0, extack); 294 } 295 296 static int tunnel_key_opts_set(struct nlattr *nla, struct ip_tunnel_info *info, 297 int opts_len, struct netlink_ext_ack *extack) 298 { 299 info->options_len = opts_len; 300 switch (nla_type(nla_data(nla))) { 301 case TCA_TUNNEL_KEY_ENC_OPTS_GENEVE: 302 #if IS_ENABLED(CONFIG_INET) 303 info->key.tun_flags |= TUNNEL_GENEVE_OPT; 304 return tunnel_key_copy_opts(nla, ip_tunnel_info_opts(info), 305 opts_len, extack); 306 #else 307 return -EAFNOSUPPORT; 308 #endif 309 case TCA_TUNNEL_KEY_ENC_OPTS_VXLAN: 310 #if IS_ENABLED(CONFIG_INET) 311 info->key.tun_flags |= TUNNEL_VXLAN_OPT; 312 return tunnel_key_copy_opts(nla, ip_tunnel_info_opts(info), 313 opts_len, extack); 314 #else 315 return -EAFNOSUPPORT; 316 #endif 317 case TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN: 318 #if IS_ENABLED(CONFIG_INET) 319 info->key.tun_flags |= TUNNEL_ERSPAN_OPT; 320 return tunnel_key_copy_opts(nla, ip_tunnel_info_opts(info), 321 opts_len, extack); 322 #else 323 return -EAFNOSUPPORT; 324 #endif 325 default: 326 NL_SET_ERR_MSG(extack, "Cannot set tunnel options for unknown tunnel type"); 327 return -EINVAL; 328 } 329 } 330 331 static const struct nla_policy tunnel_key_policy[TCA_TUNNEL_KEY_MAX + 1] = { 332 [TCA_TUNNEL_KEY_PARMS] = { .len = sizeof(struct tc_tunnel_key) }, 333 [TCA_TUNNEL_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 }, 334 [TCA_TUNNEL_KEY_ENC_IPV4_DST] = { .type = NLA_U32 }, 335 [TCA_TUNNEL_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) }, 336 [TCA_TUNNEL_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) }, 337 [TCA_TUNNEL_KEY_ENC_KEY_ID] = { .type = NLA_U32 }, 338 [TCA_TUNNEL_KEY_ENC_DST_PORT] = {.type = NLA_U16}, 339 [TCA_TUNNEL_KEY_NO_CSUM] = { .type = NLA_U8 }, 340 [TCA_TUNNEL_KEY_ENC_OPTS] = { .type = NLA_NESTED }, 341 [TCA_TUNNEL_KEY_ENC_TOS] = { .type = NLA_U8 }, 342 [TCA_TUNNEL_KEY_ENC_TTL] = { .type = NLA_U8 }, 343 }; 344 345 static void tunnel_key_release_params(struct tcf_tunnel_key_params *p) 346 { 347 if (!p) 348 return; 349 if (p->tcft_action == TCA_TUNNEL_KEY_ACT_SET) 350 dst_release(&p->tcft_enc_metadata->dst); 351 352 kfree_rcu(p, rcu); 353 } 354 355 static int tunnel_key_init(struct net *net, struct nlattr *nla, 356 struct nlattr *est, struct tc_action **a, 357 struct tcf_proto *tp, u32 act_flags, 358 struct netlink_ext_ack *extack) 359 { 360 struct tc_action_net *tn = net_generic(net, act_tunnel_key_ops.net_id); 361 bool bind = act_flags & TCA_ACT_FLAGS_BIND; 362 struct nlattr *tb[TCA_TUNNEL_KEY_MAX + 1]; 363 struct tcf_tunnel_key_params *params_new; 364 struct metadata_dst *metadata = NULL; 365 struct tcf_chain *goto_ch = NULL; 366 struct tc_tunnel_key *parm; 367 struct tcf_tunnel_key *t; 368 bool exists = false; 369 __be16 dst_port = 0; 370 __be64 key_id = 0; 371 int opts_len = 0; 372 __be16 flags = 0; 373 u8 tos, ttl; 374 int ret = 0; 375 u32 index; 376 int err; 377 378 if (!nla) { 379 NL_SET_ERR_MSG(extack, "Tunnel requires attributes to be passed"); 380 return -EINVAL; 381 } 382 383 err = nla_parse_nested_deprecated(tb, TCA_TUNNEL_KEY_MAX, nla, 384 tunnel_key_policy, extack); 385 if (err < 0) { 386 NL_SET_ERR_MSG(extack, "Failed to parse nested tunnel key attributes"); 387 return err; 388 } 389 390 if (!tb[TCA_TUNNEL_KEY_PARMS]) { 391 NL_SET_ERR_MSG(extack, "Missing tunnel key parameters"); 392 return -EINVAL; 393 } 394 395 parm = nla_data(tb[TCA_TUNNEL_KEY_PARMS]); 396 index = parm->index; 397 err = tcf_idr_check_alloc(tn, &index, a, bind); 398 if (err < 0) 399 return err; 400 exists = err; 401 if (exists && bind) 402 return 0; 403 404 switch (parm->t_action) { 405 case TCA_TUNNEL_KEY_ACT_RELEASE: 406 break; 407 case TCA_TUNNEL_KEY_ACT_SET: 408 if (tb[TCA_TUNNEL_KEY_ENC_KEY_ID]) { 409 __be32 key32; 410 411 key32 = nla_get_be32(tb[TCA_TUNNEL_KEY_ENC_KEY_ID]); 412 key_id = key32_to_tunnel_id(key32); 413 flags = TUNNEL_KEY; 414 } 415 416 flags |= TUNNEL_CSUM; 417 if (tb[TCA_TUNNEL_KEY_NO_CSUM] && 418 nla_get_u8(tb[TCA_TUNNEL_KEY_NO_CSUM])) 419 flags &= ~TUNNEL_CSUM; 420 421 if (tb[TCA_TUNNEL_KEY_ENC_DST_PORT]) 422 dst_port = nla_get_be16(tb[TCA_TUNNEL_KEY_ENC_DST_PORT]); 423 424 if (tb[TCA_TUNNEL_KEY_ENC_OPTS]) { 425 opts_len = tunnel_key_get_opts_len(tb[TCA_TUNNEL_KEY_ENC_OPTS], 426 extack); 427 if (opts_len < 0) { 428 ret = opts_len; 429 goto err_out; 430 } 431 } 432 433 tos = 0; 434 if (tb[TCA_TUNNEL_KEY_ENC_TOS]) 435 tos = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_TOS]); 436 ttl = 0; 437 if (tb[TCA_TUNNEL_KEY_ENC_TTL]) 438 ttl = nla_get_u8(tb[TCA_TUNNEL_KEY_ENC_TTL]); 439 440 if (tb[TCA_TUNNEL_KEY_ENC_IPV4_SRC] && 441 tb[TCA_TUNNEL_KEY_ENC_IPV4_DST]) { 442 __be32 saddr; 443 __be32 daddr; 444 445 saddr = nla_get_in_addr(tb[TCA_TUNNEL_KEY_ENC_IPV4_SRC]); 446 daddr = nla_get_in_addr(tb[TCA_TUNNEL_KEY_ENC_IPV4_DST]); 447 448 metadata = __ip_tun_set_dst(saddr, daddr, tos, ttl, 449 dst_port, flags, 450 key_id, opts_len); 451 } else if (tb[TCA_TUNNEL_KEY_ENC_IPV6_SRC] && 452 tb[TCA_TUNNEL_KEY_ENC_IPV6_DST]) { 453 struct in6_addr saddr; 454 struct in6_addr daddr; 455 456 saddr = nla_get_in6_addr(tb[TCA_TUNNEL_KEY_ENC_IPV6_SRC]); 457 daddr = nla_get_in6_addr(tb[TCA_TUNNEL_KEY_ENC_IPV6_DST]); 458 459 metadata = __ipv6_tun_set_dst(&saddr, &daddr, tos, ttl, dst_port, 460 0, flags, 461 key_id, opts_len); 462 } else { 463 NL_SET_ERR_MSG(extack, "Missing either ipv4 or ipv6 src and dst"); 464 ret = -EINVAL; 465 goto err_out; 466 } 467 468 if (!metadata) { 469 NL_SET_ERR_MSG(extack, "Cannot allocate tunnel metadata dst"); 470 ret = -ENOMEM; 471 goto err_out; 472 } 473 474 #ifdef CONFIG_DST_CACHE 475 ret = dst_cache_init(&metadata->u.tun_info.dst_cache, GFP_KERNEL); 476 if (ret) 477 goto release_tun_meta; 478 #endif 479 480 if (opts_len) { 481 ret = tunnel_key_opts_set(tb[TCA_TUNNEL_KEY_ENC_OPTS], 482 &metadata->u.tun_info, 483 opts_len, extack); 484 if (ret < 0) 485 goto release_tun_meta; 486 } 487 488 metadata->u.tun_info.mode |= IP_TUNNEL_INFO_TX; 489 break; 490 default: 491 NL_SET_ERR_MSG(extack, "Unknown tunnel key action"); 492 ret = -EINVAL; 493 goto err_out; 494 } 495 496 if (!exists) { 497 ret = tcf_idr_create_from_flags(tn, index, est, a, 498 &act_tunnel_key_ops, bind, 499 act_flags); 500 if (ret) { 501 NL_SET_ERR_MSG(extack, "Cannot create TC IDR"); 502 goto release_tun_meta; 503 } 504 505 ret = ACT_P_CREATED; 506 } else if (!(act_flags & TCA_ACT_FLAGS_REPLACE)) { 507 NL_SET_ERR_MSG(extack, "TC IDR already exists"); 508 ret = -EEXIST; 509 goto release_tun_meta; 510 } 511 512 err = tcf_action_check_ctrlact(parm->action, tp, &goto_ch, extack); 513 if (err < 0) { 514 ret = err; 515 exists = true; 516 goto release_tun_meta; 517 } 518 t = to_tunnel_key(*a); 519 520 params_new = kzalloc(sizeof(*params_new), GFP_KERNEL); 521 if (unlikely(!params_new)) { 522 NL_SET_ERR_MSG(extack, "Cannot allocate tunnel key parameters"); 523 ret = -ENOMEM; 524 exists = true; 525 goto put_chain; 526 } 527 params_new->tcft_action = parm->t_action; 528 params_new->tcft_enc_metadata = metadata; 529 530 spin_lock_bh(&t->tcf_lock); 531 goto_ch = tcf_action_set_ctrlact(*a, parm->action, goto_ch); 532 params_new = rcu_replace_pointer(t->params, params_new, 533 lockdep_is_held(&t->tcf_lock)); 534 spin_unlock_bh(&t->tcf_lock); 535 tunnel_key_release_params(params_new); 536 if (goto_ch) 537 tcf_chain_put_by_act(goto_ch); 538 539 return ret; 540 541 put_chain: 542 if (goto_ch) 543 tcf_chain_put_by_act(goto_ch); 544 545 release_tun_meta: 546 if (metadata) 547 dst_release(&metadata->dst); 548 549 err_out: 550 if (exists) 551 tcf_idr_release(*a, bind); 552 else 553 tcf_idr_cleanup(tn, index); 554 return ret; 555 } 556 557 static void tunnel_key_release(struct tc_action *a) 558 { 559 struct tcf_tunnel_key *t = to_tunnel_key(a); 560 struct tcf_tunnel_key_params *params; 561 562 params = rcu_dereference_protected(t->params, 1); 563 tunnel_key_release_params(params); 564 } 565 566 static int tunnel_key_geneve_opts_dump(struct sk_buff *skb, 567 const struct ip_tunnel_info *info) 568 { 569 int len = info->options_len; 570 u8 *src = (u8 *)(info + 1); 571 struct nlattr *start; 572 573 start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS_GENEVE); 574 if (!start) 575 return -EMSGSIZE; 576 577 while (len > 0) { 578 struct geneve_opt *opt = (struct geneve_opt *)src; 579 580 if (nla_put_be16(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_CLASS, 581 opt->opt_class) || 582 nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_TYPE, 583 opt->type) || 584 nla_put(skb, TCA_TUNNEL_KEY_ENC_OPT_GENEVE_DATA, 585 opt->length * 4, opt + 1)) { 586 nla_nest_cancel(skb, start); 587 return -EMSGSIZE; 588 } 589 590 len -= sizeof(struct geneve_opt) + opt->length * 4; 591 src += sizeof(struct geneve_opt) + opt->length * 4; 592 } 593 594 nla_nest_end(skb, start); 595 return 0; 596 } 597 598 static int tunnel_key_vxlan_opts_dump(struct sk_buff *skb, 599 const struct ip_tunnel_info *info) 600 { 601 struct vxlan_metadata *md = (struct vxlan_metadata *)(info + 1); 602 struct nlattr *start; 603 604 start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS_VXLAN); 605 if (!start) 606 return -EMSGSIZE; 607 608 if (nla_put_u32(skb, TCA_TUNNEL_KEY_ENC_OPT_VXLAN_GBP, md->gbp)) { 609 nla_nest_cancel(skb, start); 610 return -EMSGSIZE; 611 } 612 613 nla_nest_end(skb, start); 614 return 0; 615 } 616 617 static int tunnel_key_erspan_opts_dump(struct sk_buff *skb, 618 const struct ip_tunnel_info *info) 619 { 620 struct erspan_metadata *md = (struct erspan_metadata *)(info + 1); 621 struct nlattr *start; 622 623 start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS_ERSPAN); 624 if (!start) 625 return -EMSGSIZE; 626 627 if (nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_VER, md->version)) 628 goto err; 629 630 if (md->version == 1 && 631 nla_put_be32(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_INDEX, md->u.index)) 632 goto err; 633 634 if (md->version == 2 && 635 (nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_DIR, 636 md->u.md2.dir) || 637 nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_OPT_ERSPAN_HWID, 638 get_hwid(&md->u.md2)))) 639 goto err; 640 641 nla_nest_end(skb, start); 642 return 0; 643 err: 644 nla_nest_cancel(skb, start); 645 return -EMSGSIZE; 646 } 647 648 static int tunnel_key_opts_dump(struct sk_buff *skb, 649 const struct ip_tunnel_info *info) 650 { 651 struct nlattr *start; 652 int err = -EINVAL; 653 654 if (!info->options_len) 655 return 0; 656 657 start = nla_nest_start_noflag(skb, TCA_TUNNEL_KEY_ENC_OPTS); 658 if (!start) 659 return -EMSGSIZE; 660 661 if (info->key.tun_flags & TUNNEL_GENEVE_OPT) { 662 err = tunnel_key_geneve_opts_dump(skb, info); 663 if (err) 664 goto err_out; 665 } else if (info->key.tun_flags & TUNNEL_VXLAN_OPT) { 666 err = tunnel_key_vxlan_opts_dump(skb, info); 667 if (err) 668 goto err_out; 669 } else if (info->key.tun_flags & TUNNEL_ERSPAN_OPT) { 670 err = tunnel_key_erspan_opts_dump(skb, info); 671 if (err) 672 goto err_out; 673 } else { 674 err_out: 675 nla_nest_cancel(skb, start); 676 return err; 677 } 678 679 nla_nest_end(skb, start); 680 return 0; 681 } 682 683 static int tunnel_key_dump_addresses(struct sk_buff *skb, 684 const struct ip_tunnel_info *info) 685 { 686 unsigned short family = ip_tunnel_info_af(info); 687 688 if (family == AF_INET) { 689 __be32 saddr = info->key.u.ipv4.src; 690 __be32 daddr = info->key.u.ipv4.dst; 691 692 if (!nla_put_in_addr(skb, TCA_TUNNEL_KEY_ENC_IPV4_SRC, saddr) && 693 !nla_put_in_addr(skb, TCA_TUNNEL_KEY_ENC_IPV4_DST, daddr)) 694 return 0; 695 } 696 697 if (family == AF_INET6) { 698 const struct in6_addr *saddr6 = &info->key.u.ipv6.src; 699 const struct in6_addr *daddr6 = &info->key.u.ipv6.dst; 700 701 if (!nla_put_in6_addr(skb, 702 TCA_TUNNEL_KEY_ENC_IPV6_SRC, saddr6) && 703 !nla_put_in6_addr(skb, 704 TCA_TUNNEL_KEY_ENC_IPV6_DST, daddr6)) 705 return 0; 706 } 707 708 return -EINVAL; 709 } 710 711 static int tunnel_key_dump(struct sk_buff *skb, struct tc_action *a, 712 int bind, int ref) 713 { 714 unsigned char *b = skb_tail_pointer(skb); 715 struct tcf_tunnel_key *t = to_tunnel_key(a); 716 struct tcf_tunnel_key_params *params; 717 struct tc_tunnel_key opt = { 718 .index = t->tcf_index, 719 .refcnt = refcount_read(&t->tcf_refcnt) - ref, 720 .bindcnt = atomic_read(&t->tcf_bindcnt) - bind, 721 }; 722 struct tcf_t tm; 723 724 spin_lock_bh(&t->tcf_lock); 725 params = rcu_dereference_protected(t->params, 726 lockdep_is_held(&t->tcf_lock)); 727 opt.action = t->tcf_action; 728 opt.t_action = params->tcft_action; 729 730 if (nla_put(skb, TCA_TUNNEL_KEY_PARMS, sizeof(opt), &opt)) 731 goto nla_put_failure; 732 733 if (params->tcft_action == TCA_TUNNEL_KEY_ACT_SET) { 734 struct ip_tunnel_info *info = 735 ¶ms->tcft_enc_metadata->u.tun_info; 736 struct ip_tunnel_key *key = &info->key; 737 __be32 key_id = tunnel_id_to_key32(key->tun_id); 738 739 if (((key->tun_flags & TUNNEL_KEY) && 740 nla_put_be32(skb, TCA_TUNNEL_KEY_ENC_KEY_ID, key_id)) || 741 tunnel_key_dump_addresses(skb, 742 ¶ms->tcft_enc_metadata->u.tun_info) || 743 (key->tp_dst && 744 nla_put_be16(skb, TCA_TUNNEL_KEY_ENC_DST_PORT, 745 key->tp_dst)) || 746 nla_put_u8(skb, TCA_TUNNEL_KEY_NO_CSUM, 747 !(key->tun_flags & TUNNEL_CSUM)) || 748 tunnel_key_opts_dump(skb, info)) 749 goto nla_put_failure; 750 751 if (key->tos && nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_TOS, key->tos)) 752 goto nla_put_failure; 753 754 if (key->ttl && nla_put_u8(skb, TCA_TUNNEL_KEY_ENC_TTL, key->ttl)) 755 goto nla_put_failure; 756 } 757 758 tcf_tm_dump(&tm, &t->tcf_tm); 759 if (nla_put_64bit(skb, TCA_TUNNEL_KEY_TM, sizeof(tm), 760 &tm, TCA_TUNNEL_KEY_PAD)) 761 goto nla_put_failure; 762 spin_unlock_bh(&t->tcf_lock); 763 764 return skb->len; 765 766 nla_put_failure: 767 spin_unlock_bh(&t->tcf_lock); 768 nlmsg_trim(skb, b); 769 return -1; 770 } 771 772 static void tcf_tunnel_encap_put_tunnel(void *priv) 773 { 774 struct ip_tunnel_info *tunnel = priv; 775 776 kfree(tunnel); 777 } 778 779 static int tcf_tunnel_encap_get_tunnel(struct flow_action_entry *entry, 780 const struct tc_action *act) 781 { 782 entry->tunnel = tcf_tunnel_info_copy(act); 783 if (!entry->tunnel) 784 return -ENOMEM; 785 entry->destructor = tcf_tunnel_encap_put_tunnel; 786 entry->destructor_priv = entry->tunnel; 787 return 0; 788 } 789 790 static int tcf_tunnel_key_offload_act_setup(struct tc_action *act, 791 void *entry_data, 792 u32 *index_inc, 793 bool bind, 794 struct netlink_ext_ack *extack) 795 { 796 int err; 797 798 if (bind) { 799 struct flow_action_entry *entry = entry_data; 800 801 if (is_tcf_tunnel_set(act)) { 802 entry->id = FLOW_ACTION_TUNNEL_ENCAP; 803 err = tcf_tunnel_encap_get_tunnel(entry, act); 804 if (err) 805 return err; 806 } else if (is_tcf_tunnel_release(act)) { 807 entry->id = FLOW_ACTION_TUNNEL_DECAP; 808 } else { 809 NL_SET_ERR_MSG_MOD(extack, "Unsupported tunnel key mode offload"); 810 return -EOPNOTSUPP; 811 } 812 *index_inc = 1; 813 } else { 814 struct flow_offload_action *fl_action = entry_data; 815 816 if (is_tcf_tunnel_set(act)) 817 fl_action->id = FLOW_ACTION_TUNNEL_ENCAP; 818 else if (is_tcf_tunnel_release(act)) 819 fl_action->id = FLOW_ACTION_TUNNEL_DECAP; 820 else 821 return -EOPNOTSUPP; 822 } 823 824 return 0; 825 } 826 827 static struct tc_action_ops act_tunnel_key_ops = { 828 .kind = "tunnel_key", 829 .id = TCA_ID_TUNNEL_KEY, 830 .owner = THIS_MODULE, 831 .act = tunnel_key_act, 832 .dump = tunnel_key_dump, 833 .init = tunnel_key_init, 834 .cleanup = tunnel_key_release, 835 .offload_act_setup = tcf_tunnel_key_offload_act_setup, 836 .size = sizeof(struct tcf_tunnel_key), 837 }; 838 839 static __net_init int tunnel_key_init_net(struct net *net) 840 { 841 struct tc_action_net *tn = net_generic(net, act_tunnel_key_ops.net_id); 842 843 return tc_action_net_init(net, tn, &act_tunnel_key_ops); 844 } 845 846 static void __net_exit tunnel_key_exit_net(struct list_head *net_list) 847 { 848 tc_action_net_exit(net_list, act_tunnel_key_ops.net_id); 849 } 850 851 static struct pernet_operations tunnel_key_net_ops = { 852 .init = tunnel_key_init_net, 853 .exit_batch = tunnel_key_exit_net, 854 .id = &act_tunnel_key_ops.net_id, 855 .size = sizeof(struct tc_action_net), 856 }; 857 858 static int __init tunnel_key_init_module(void) 859 { 860 return tcf_register_action(&act_tunnel_key_ops, &tunnel_key_net_ops); 861 } 862 863 static void __exit tunnel_key_cleanup_module(void) 864 { 865 tcf_unregister_action(&act_tunnel_key_ops, &tunnel_key_net_ops); 866 } 867 868 module_init(tunnel_key_init_module); 869 module_exit(tunnel_key_cleanup_module); 870 871 MODULE_AUTHOR("Amir Vadai <amir@vadai.me>"); 872 MODULE_DESCRIPTION("ip tunnel manipulation actions"); 873 MODULE_LICENSE("GPL v2"); 874