1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * SR-IPv6 implementation
6 * David Lebrun <david.lebrun@uclouvain.be>
9 #include <linux/errno.h>
10 #include <linux/types.h>
11 #include <linux/socket.h>
12 #include <linux/net.h>
13 #include <linux/in6.h>
14 #include <linux/slab.h>
15 #include <linux/rhashtable.h>
18 #include <net/protocol.h>
21 #include <net/genetlink.h>
22 #include <linux/seg6.h>
23 #include <linux/seg6_genl.h>
24 #ifdef CONFIG_IPV6_SEG6_HMAC
25 #include <net/seg6_hmac.h>
28 bool seg6_validate_srh(struct ipv6_sr_hdr *srh, int len, bool reduced)
30 unsigned int tlv_offset;
34 if (srh->type != IPV6_SRCRT_TYPE_4)
37 if (((srh->hdrlen + 1) << 3) != len)
40 if (!reduced && srh->segments_left > srh->first_segment) {
43 max_last_entry = (srh->hdrlen / 2) - 1;
45 if (srh->first_segment > max_last_entry)
48 if (srh->segments_left > srh->first_segment + 1)
52 tlv_offset = sizeof(*srh) + ((srh->first_segment + 1) << 4);
54 trailing = len - tlv_offset;
62 if (trailing < sizeof(*tlv))
65 tlv = (struct sr6_tlv *)((unsigned char *)srh + tlv_offset);
66 tlv_len = sizeof(*tlv) + tlv->len;
72 tlv_offset += tlv_len;
78 struct ipv6_sr_hdr *seg6_get_srh(struct sk_buff *skb, int flags)
80 struct ipv6_sr_hdr *srh;
83 if (ipv6_find_hdr(skb, &srhoff, IPPROTO_ROUTING, NULL, &flags) < 0)
86 if (!pskb_may_pull(skb, srhoff + sizeof(*srh)))
89 srh = (struct ipv6_sr_hdr *)(skb->data + srhoff);
91 len = (srh->hdrlen + 1) << 3;
93 if (!pskb_may_pull(skb, srhoff + len))
96 /* note that pskb_may_pull may change pointers in header;
97 * for this reason it is necessary to reload them when needed.
99 srh = (struct ipv6_sr_hdr *)(skb->data + srhoff);
101 if (!seg6_validate_srh(srh, len, true))
107 static struct genl_family seg6_genl_family;
109 static const struct nla_policy seg6_genl_policy[SEG6_ATTR_MAX + 1] = {
110 [SEG6_ATTR_DST] = { .type = NLA_BINARY,
111 .len = sizeof(struct in6_addr) },
112 [SEG6_ATTR_DSTLEN] = { .type = NLA_S32, },
113 [SEG6_ATTR_HMACKEYID] = { .type = NLA_U32, },
114 [SEG6_ATTR_SECRET] = { .type = NLA_BINARY, },
115 [SEG6_ATTR_SECRETLEN] = { .type = NLA_U8, },
116 [SEG6_ATTR_ALGID] = { .type = NLA_U8, },
117 [SEG6_ATTR_HMACINFO] = { .type = NLA_NESTED, },
120 #ifdef CONFIG_IPV6_SEG6_HMAC
122 static int seg6_genl_sethmac(struct sk_buff *skb, struct genl_info *info)
124 struct net *net = genl_info_net(info);
125 struct seg6_pernet_data *sdata;
126 struct seg6_hmac_info *hinfo;
133 sdata = seg6_pernet(net);
135 if (!info->attrs[SEG6_ATTR_HMACKEYID] ||
136 !info->attrs[SEG6_ATTR_SECRETLEN] ||
137 !info->attrs[SEG6_ATTR_ALGID])
140 hmackeyid = nla_get_u32(info->attrs[SEG6_ATTR_HMACKEYID]);
141 slen = nla_get_u8(info->attrs[SEG6_ATTR_SECRETLEN]);
142 algid = nla_get_u8(info->attrs[SEG6_ATTR_ALGID]);
147 if (slen > SEG6_HMAC_SECRET_LEN)
150 mutex_lock(&sdata->lock);
151 hinfo = seg6_hmac_info_lookup(net, hmackeyid);
154 err = seg6_hmac_info_del(net, hmackeyid);
159 if (!info->attrs[SEG6_ATTR_SECRET]) {
165 err = seg6_hmac_info_del(net, hmackeyid);
170 secret = (char *)nla_data(info->attrs[SEG6_ATTR_SECRET]);
172 hinfo = kzalloc(sizeof(*hinfo), GFP_KERNEL);
178 memcpy(hinfo->secret, secret, slen);
180 hinfo->alg_id = algid;
181 hinfo->hmackeyid = hmackeyid;
183 err = seg6_hmac_info_add(net, hmackeyid, hinfo);
188 mutex_unlock(&sdata->lock);
194 static int seg6_genl_sethmac(struct sk_buff *skb, struct genl_info *info)
201 static int seg6_genl_set_tunsrc(struct sk_buff *skb, struct genl_info *info)
203 struct net *net = genl_info_net(info);
204 struct in6_addr *val, *t_old, *t_new;
205 struct seg6_pernet_data *sdata;
207 sdata = seg6_pernet(net);
209 if (!info->attrs[SEG6_ATTR_DST])
212 val = nla_data(info->attrs[SEG6_ATTR_DST]);
213 t_new = kmemdup(val, sizeof(*val), GFP_KERNEL);
217 mutex_lock(&sdata->lock);
219 t_old = sdata->tun_src;
220 rcu_assign_pointer(sdata->tun_src, t_new);
222 mutex_unlock(&sdata->lock);
230 static int seg6_genl_get_tunsrc(struct sk_buff *skb, struct genl_info *info)
232 struct net *net = genl_info_net(info);
233 struct in6_addr *tun_src;
237 msg = genlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
241 hdr = genlmsg_put(msg, info->snd_portid, info->snd_seq,
242 &seg6_genl_family, 0, SEG6_CMD_GET_TUNSRC);
247 tun_src = rcu_dereference(seg6_pernet(net)->tun_src);
249 if (nla_put(msg, SEG6_ATTR_DST, sizeof(struct in6_addr), tun_src))
250 goto nla_put_failure;
254 genlmsg_end(msg, hdr);
255 return genlmsg_reply(msg, info);
264 #ifdef CONFIG_IPV6_SEG6_HMAC
266 static int __seg6_hmac_fill_info(struct seg6_hmac_info *hinfo,
269 if (nla_put_u32(msg, SEG6_ATTR_HMACKEYID, hinfo->hmackeyid) ||
270 nla_put_u8(msg, SEG6_ATTR_SECRETLEN, hinfo->slen) ||
271 nla_put(msg, SEG6_ATTR_SECRET, hinfo->slen, hinfo->secret) ||
272 nla_put_u8(msg, SEG6_ATTR_ALGID, hinfo->alg_id))
278 static int __seg6_genl_dumphmac_element(struct seg6_hmac_info *hinfo,
279 u32 portid, u32 seq, u32 flags,
280 struct sk_buff *skb, u8 cmd)
284 hdr = genlmsg_put(skb, portid, seq, &seg6_genl_family, flags, cmd);
288 if (__seg6_hmac_fill_info(hinfo, skb) < 0)
289 goto nla_put_failure;
291 genlmsg_end(skb, hdr);
295 genlmsg_cancel(skb, hdr);
299 static int seg6_genl_dumphmac_start(struct netlink_callback *cb)
301 struct net *net = sock_net(cb->skb->sk);
302 struct seg6_pernet_data *sdata;
303 struct rhashtable_iter *iter;
305 sdata = seg6_pernet(net);
306 iter = (struct rhashtable_iter *)cb->args[0];
309 iter = kmalloc(sizeof(*iter), GFP_KERNEL);
313 cb->args[0] = (long)iter;
316 rhashtable_walk_enter(&sdata->hmac_infos, iter);
321 static int seg6_genl_dumphmac_done(struct netlink_callback *cb)
323 struct rhashtable_iter *iter = (struct rhashtable_iter *)cb->args[0];
325 rhashtable_walk_exit(iter);
332 static int seg6_genl_dumphmac(struct sk_buff *skb, struct netlink_callback *cb)
334 struct rhashtable_iter *iter = (struct rhashtable_iter *)cb->args[0];
335 struct seg6_hmac_info *hinfo;
338 rhashtable_walk_start(iter);
341 hinfo = rhashtable_walk_next(iter);
344 if (PTR_ERR(hinfo) == -EAGAIN)
346 ret = PTR_ERR(hinfo);
352 ret = __seg6_genl_dumphmac_element(hinfo,
353 NETLINK_CB(cb->skb).portid,
356 skb, SEG6_CMD_DUMPHMAC);
364 rhashtable_walk_stop(iter);
370 static int seg6_genl_dumphmac_start(struct netlink_callback *cb)
375 static int seg6_genl_dumphmac_done(struct netlink_callback *cb)
380 static int seg6_genl_dumphmac(struct sk_buff *skb, struct netlink_callback *cb)
387 static int __net_init seg6_net_init(struct net *net)
389 struct seg6_pernet_data *sdata;
391 sdata = kzalloc(sizeof(*sdata), GFP_KERNEL);
395 mutex_init(&sdata->lock);
397 sdata->tun_src = kzalloc(sizeof(*sdata->tun_src), GFP_KERNEL);
398 if (!sdata->tun_src) {
403 net->ipv6.seg6_data = sdata;
405 #ifdef CONFIG_IPV6_SEG6_HMAC
406 seg6_hmac_net_init(net);
412 static void __net_exit seg6_net_exit(struct net *net)
414 struct seg6_pernet_data *sdata = seg6_pernet(net);
416 #ifdef CONFIG_IPV6_SEG6_HMAC
417 seg6_hmac_net_exit(net);
420 kfree(sdata->tun_src);
424 static struct pernet_operations ip6_segments_ops = {
425 .init = seg6_net_init,
426 .exit = seg6_net_exit,
429 static const struct genl_ops seg6_genl_ops[] = {
431 .cmd = SEG6_CMD_SETHMAC,
432 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
433 .doit = seg6_genl_sethmac,
434 .flags = GENL_ADMIN_PERM,
437 .cmd = SEG6_CMD_DUMPHMAC,
438 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
439 .start = seg6_genl_dumphmac_start,
440 .dumpit = seg6_genl_dumphmac,
441 .done = seg6_genl_dumphmac_done,
442 .flags = GENL_ADMIN_PERM,
445 .cmd = SEG6_CMD_SET_TUNSRC,
446 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
447 .doit = seg6_genl_set_tunsrc,
448 .flags = GENL_ADMIN_PERM,
451 .cmd = SEG6_CMD_GET_TUNSRC,
452 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
453 .doit = seg6_genl_get_tunsrc,
454 .flags = GENL_ADMIN_PERM,
458 static struct genl_family seg6_genl_family __ro_after_init = {
460 .name = SEG6_GENL_NAME,
461 .version = SEG6_GENL_VERSION,
462 .maxattr = SEG6_ATTR_MAX,
463 .policy = seg6_genl_policy,
465 .parallel_ops = true,
466 .ops = seg6_genl_ops,
467 .n_ops = ARRAY_SIZE(seg6_genl_ops),
468 .module = THIS_MODULE,
471 int __init seg6_init(void)
475 err = genl_register_family(&seg6_genl_family);
479 err = register_pernet_subsys(&ip6_segments_ops);
481 goto out_unregister_genl;
483 #ifdef CONFIG_IPV6_SEG6_LWTUNNEL
484 err = seg6_iptunnel_init();
486 goto out_unregister_pernet;
488 err = seg6_local_init();
490 goto out_unregister_pernet;
493 #ifdef CONFIG_IPV6_SEG6_HMAC
494 err = seg6_hmac_init();
496 goto out_unregister_iptun;
499 pr_info("Segment Routing with IPv6\n");
503 #ifdef CONFIG_IPV6_SEG6_HMAC
504 out_unregister_iptun:
505 #ifdef CONFIG_IPV6_SEG6_LWTUNNEL
507 seg6_iptunnel_exit();
510 #ifdef CONFIG_IPV6_SEG6_LWTUNNEL
511 out_unregister_pernet:
512 unregister_pernet_subsys(&ip6_segments_ops);
515 genl_unregister_family(&seg6_genl_family);
521 #ifdef CONFIG_IPV6_SEG6_HMAC
524 #ifdef CONFIG_IPV6_SEG6_LWTUNNEL
525 seg6_iptunnel_exit();
527 unregister_pernet_subsys(&ip6_segments_ops);
528 genl_unregister_family(&seg6_genl_family);