2014-02-21 08:41:08 +01:00
/* xfrm4_protocol.c - Generic xfrm protocol multiplexer.
*
* Copyright ( C ) 2013 secunet Security Networks AG
*
* Author :
* Steffen Klassert < steffen . klassert @ secunet . com >
*
* Based on :
* net / ipv4 / tunnel4 . c
*
* This program is free software ; you can redistribute it and / or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation ; either version
* 2 of the License , or ( at your option ) any later version .
*/
# include <linux/init.h>
# include <linux/mutex.h>
# include <linux/skbuff.h>
# include <net/icmp.h>
# include <net/ip.h>
# include <net/protocol.h>
# include <net/xfrm.h>
static struct xfrm4_protocol __rcu * esp4_handlers __read_mostly ;
static struct xfrm4_protocol __rcu * ah4_handlers __read_mostly ;
static struct xfrm4_protocol __rcu * ipcomp4_handlers __read_mostly ;
static DEFINE_MUTEX ( xfrm4_protocol_mutex ) ;
static inline struct xfrm4_protocol __rcu * * proto_handlers ( u8 protocol )
{
switch ( protocol ) {
case IPPROTO_ESP :
return & esp4_handlers ;
case IPPROTO_AH :
return & ah4_handlers ;
case IPPROTO_COMP :
return & ipcomp4_handlers ;
}
return NULL ;
}
# define for_each_protocol_rcu(head, handler) \
for ( handler = rcu_dereference ( head ) ; \
handler ! = NULL ; \
handler = rcu_dereference ( handler - > next ) ) \
int xfrm4_rcv_cb ( struct sk_buff * skb , u8 protocol , int err )
{
int ret ;
struct xfrm4_protocol * handler ;
2014-04-29 07:50:44 +02:00
struct xfrm4_protocol __rcu * * head = proto_handlers ( protocol ) ;
2014-02-21 08:41:08 +01:00
2014-04-29 07:50:44 +02:00
if ( ! head )
return 0 ;
for_each_protocol_rcu ( * head , handler )
2014-02-21 08:41:08 +01:00
if ( ( ret = handler - > cb_handler ( skb , err ) ) < = 0 )
return ret ;
return 0 ;
}
EXPORT_SYMBOL ( xfrm4_rcv_cb ) ;
int xfrm4_rcv_encap ( struct sk_buff * skb , int nexthdr , __be32 spi ,
int encap_type )
{
int ret ;
struct xfrm4_protocol * handler ;
2014-04-29 07:50:44 +02:00
struct xfrm4_protocol __rcu * * head = proto_handlers ( nexthdr ) ;
2014-02-21 08:41:08 +01:00
2014-02-21 08:41:09 +01:00
XFRM_TUNNEL_SKB_CB ( skb ) - > tunnel . ip4 = NULL ;
2014-02-21 08:41:08 +01:00
XFRM_SPI_SKB_CB ( skb ) - > family = AF_INET ;
XFRM_SPI_SKB_CB ( skb ) - > daddroff = offsetof ( struct iphdr , daddr ) ;
2014-04-29 07:50:44 +02:00
if ( ! head )
goto out ;
for_each_protocol_rcu ( * head , handler )
2014-02-21 08:41:08 +01:00
if ( ( ret = handler - > input_handler ( skb , nexthdr , spi , encap_type ) ) ! = - EINVAL )
return ret ;
2014-04-29 07:50:44 +02:00
out :
2014-02-21 08:41:08 +01:00
icmp_send ( skb , ICMP_DEST_UNREACH , ICMP_PORT_UNREACH , 0 ) ;
kfree_skb ( skb ) ;
return 0 ;
}
EXPORT_SYMBOL ( xfrm4_rcv_encap ) ;
static int xfrm4_esp_rcv ( struct sk_buff * skb )
{
int ret ;
struct xfrm4_protocol * handler ;
2014-02-21 08:41:09 +01:00
XFRM_TUNNEL_SKB_CB ( skb ) - > tunnel . ip4 = NULL ;
2014-02-21 08:41:08 +01:00
for_each_protocol_rcu ( esp4_handlers , handler )
if ( ( ret = handler - > handler ( skb ) ) ! = - EINVAL )
return ret ;
icmp_send ( skb , ICMP_DEST_UNREACH , ICMP_PORT_UNREACH , 0 ) ;
kfree_skb ( skb ) ;
return 0 ;
}
static void xfrm4_esp_err ( struct sk_buff * skb , u32 info )
{
struct xfrm4_protocol * handler ;
for_each_protocol_rcu ( esp4_handlers , handler )
if ( ! handler - > err_handler ( skb , info ) )
break ;
}
static int xfrm4_ah_rcv ( struct sk_buff * skb )
{
int ret ;
struct xfrm4_protocol * handler ;
2014-02-21 08:41:09 +01:00
XFRM_TUNNEL_SKB_CB ( skb ) - > tunnel . ip4 = NULL ;
2014-02-21 08:41:08 +01:00
for_each_protocol_rcu ( ah4_handlers , handler )
if ( ( ret = handler - > handler ( skb ) ) ! = - EINVAL )
return ret ; ;
icmp_send ( skb , ICMP_DEST_UNREACH , ICMP_PORT_UNREACH , 0 ) ;
kfree_skb ( skb ) ;
return 0 ;
}
static void xfrm4_ah_err ( struct sk_buff * skb , u32 info )
{
struct xfrm4_protocol * handler ;
for_each_protocol_rcu ( ah4_handlers , handler )
if ( ! handler - > err_handler ( skb , info ) )
break ;
}
static int xfrm4_ipcomp_rcv ( struct sk_buff * skb )
{
int ret ;
struct xfrm4_protocol * handler ;
2014-02-21 08:41:09 +01:00
XFRM_TUNNEL_SKB_CB ( skb ) - > tunnel . ip4 = NULL ;
2014-02-21 08:41:08 +01:00
for_each_protocol_rcu ( ipcomp4_handlers , handler )
if ( ( ret = handler - > handler ( skb ) ) ! = - EINVAL )
return ret ;
icmp_send ( skb , ICMP_DEST_UNREACH , ICMP_PORT_UNREACH , 0 ) ;
kfree_skb ( skb ) ;
return 0 ;
}
static void xfrm4_ipcomp_err ( struct sk_buff * skb , u32 info )
{
struct xfrm4_protocol * handler ;
for_each_protocol_rcu ( ipcomp4_handlers , handler )
if ( ! handler - > err_handler ( skb , info ) )
break ;
}
static const struct net_protocol esp4_protocol = {
. handler = xfrm4_esp_rcv ,
. err_handler = xfrm4_esp_err ,
. no_policy = 1 ,
. netns_ok = 1 ,
} ;
static const struct net_protocol ah4_protocol = {
. handler = xfrm4_ah_rcv ,
. err_handler = xfrm4_ah_err ,
. no_policy = 1 ,
. netns_ok = 1 ,
} ;
static const struct net_protocol ipcomp4_protocol = {
. handler = xfrm4_ipcomp_rcv ,
. err_handler = xfrm4_ipcomp_err ,
. no_policy = 1 ,
. netns_ok = 1 ,
} ;
2014-03-14 07:28:07 +01:00
static struct xfrm_input_afinfo xfrm4_input_afinfo = {
. family = AF_INET ,
. owner = THIS_MODULE ,
. callback = xfrm4_rcv_cb ,
} ;
2014-02-21 08:41:08 +01:00
static inline const struct net_protocol * netproto ( unsigned char protocol )
{
switch ( protocol ) {
case IPPROTO_ESP :
return & esp4_protocol ;
case IPPROTO_AH :
return & ah4_protocol ;
case IPPROTO_COMP :
return & ipcomp4_protocol ;
}
return NULL ;
}
int xfrm4_protocol_register ( struct xfrm4_protocol * handler ,
unsigned char protocol )
{
struct xfrm4_protocol __rcu * * pprev ;
struct xfrm4_protocol * t ;
bool add_netproto = false ;
int ret = - EEXIST ;
int priority = handler - > priority ;
2014-04-29 07:50:44 +02:00
if ( ! proto_handlers ( protocol ) | | ! netproto ( protocol ) )
return - EINVAL ;
2014-02-21 08:41:08 +01:00
mutex_lock ( & xfrm4_protocol_mutex ) ;
if ( ! rcu_dereference_protected ( * proto_handlers ( protocol ) ,
lockdep_is_held ( & xfrm4_protocol_mutex ) ) )
add_netproto = true ;
for ( pprev = proto_handlers ( protocol ) ;
( t = rcu_dereference_protected ( * pprev ,
lockdep_is_held ( & xfrm4_protocol_mutex ) ) ) ! = NULL ;
pprev = & t - > next ) {
if ( t - > priority < priority )
break ;
if ( t - > priority = = priority )
goto err ;
}
handler - > next = * pprev ;
rcu_assign_pointer ( * pprev , handler ) ;
ret = 0 ;
err :
mutex_unlock ( & xfrm4_protocol_mutex ) ;
if ( add_netproto ) {
if ( inet_add_protocol ( netproto ( protocol ) , protocol ) ) {
pr_err ( " %s: can't add protocol \n " , __func__ ) ;
ret = - EAGAIN ;
}
}
return ret ;
}
EXPORT_SYMBOL ( xfrm4_protocol_register ) ;
int xfrm4_protocol_deregister ( struct xfrm4_protocol * handler ,
unsigned char protocol )
{
struct xfrm4_protocol __rcu * * pprev ;
struct xfrm4_protocol * t ;
int ret = - ENOENT ;
2014-04-29 07:50:44 +02:00
if ( ! proto_handlers ( protocol ) | | ! netproto ( protocol ) )
return - EINVAL ;
2014-02-21 08:41:08 +01:00
mutex_lock ( & xfrm4_protocol_mutex ) ;
for ( pprev = proto_handlers ( protocol ) ;
( t = rcu_dereference_protected ( * pprev ,
lockdep_is_held ( & xfrm4_protocol_mutex ) ) ) ! = NULL ;
pprev = & t - > next ) {
if ( t = = handler ) {
* pprev = handler - > next ;
ret = 0 ;
break ;
}
}
if ( ! rcu_dereference_protected ( * proto_handlers ( protocol ) ,
lockdep_is_held ( & xfrm4_protocol_mutex ) ) ) {
if ( inet_del_protocol ( netproto ( protocol ) , protocol ) < 0 ) {
pr_err ( " %s: can't remove protocol \n " , __func__ ) ;
ret = - EAGAIN ;
}
}
mutex_unlock ( & xfrm4_protocol_mutex ) ;
synchronize_net ( ) ;
return ret ;
}
EXPORT_SYMBOL ( xfrm4_protocol_deregister ) ;
2014-03-14 07:28:07 +01:00
void __init xfrm4_protocol_init ( void )
{
xfrm_input_register_afinfo ( & xfrm4_input_afinfo ) ;
}
EXPORT_SYMBOL ( xfrm4_protocol_init ) ;