net/ipv4/fou.c

   1 #include <linux/module.h>
   2 #include <linux/errno.h>
   3 #include <linux/socket.h>
   4 #include <linux/skbuff.h>
   5 #include <linux/ip.h>
   6 #include <linux/udp.h>
   7 #include <linux/types.h>
   8 #include <linux/kernel.h>
   9 #include <net/genetlink.h>
  10 #include <net/ip.h>
  11 #include <net/protocol.h>
  12 #include <net/udp.h>
  13 #include <net/udp_tunnel.h>
  14 #include <net/xfrm.h>
  15 #include <uapi/linux/fou.h>
  16 #include <uapi/linux/genetlink.h>
  17
  18 static DEFINE_SPINLOCK(fou_lock);
  19 static LIST_HEAD(fou_list);
  20
  21 struct fou {
  22         struct socket *sock;
  23         u8 protocol;
  24         u16 port;
  25         struct udp_offload udp_offloads;
  26         struct list_head list;
  27 };
  28
  29 struct fou_cfg {
  30         u8 protocol;
  31         struct udp_port_cfg udp_config;
  32 };
  33
  34 static inline struct fou *fou_from_sock(struct sock *sk)
  35 {
  36         return sk->sk_user_data;
  37 }
  38
  39 static int fou_udp_encap_recv_deliver(struct sk_buff *skb,
  40                                       u8 protocol, size_t len)
  41 {
  42         struct iphdr *iph = ip_hdr(skb);
  43
  44         /* Remove 'len' bytes from the packet (UDP header and
  45          * FOU header if present), modify the protocol to the one
  46          * we found, and then call rcv_encap.
  47          */
  48         iph->tot_len = htons(ntohs(iph->tot_len) - len);
  49         __skb_pull(skb, len);
  50         skb_postpull_rcsum(skb, udp_hdr(skb), len);
  51         skb_reset_transport_header(skb);
  52
  53         return -protocol;
  54 }
  55
  56 static int fou_udp_recv(struct sock *sk, struct sk_buff *skb)
  57 {
  58         struct fou *fou = fou_from_sock(sk);
  59
  60         if (!fou)
  61                 return 1;
  62
  63         return fou_udp_encap_recv_deliver(skb, fou->protocol,
  64                                           sizeof(struct udphdr));
  65 }
  66
  67 static struct sk_buff **fou_gro_receive(struct sk_buff **head,
  68                                         struct sk_buff *skb,
  69                                         const struct net_offload **offloads)
  70 {
  71         const struct net_offload *ops;
  72         struct sk_buff **pp = NULL;
  73         u8 proto = NAPI_GRO_CB(skb)->proto;
  74
  75         rcu_read_lock();
  76         ops = rcu_dereference(offloads[proto]);
  77         if (!ops || !ops->callbacks.gro_receive)
  78                 goto out_unlock;
  79
  80         pp = ops->callbacks.gro_receive(head, skb);
  81
  82 out_unlock:
  83         rcu_read_unlock();
  84
  85         return pp;
  86 }
  87
  88 static int fou_gro_complete(struct sk_buff *skb, int nhoff,
  89                             const struct net_offload **offloads)
  90 {
  91         const struct net_offload *ops;
  92         u8 proto = NAPI_GRO_CB(skb)->proto;
  93         int err = -ENOSYS;
  94
  95         rcu_read_lock();
  96         ops = rcu_dereference(offloads[proto]);
  97         if (WARN_ON(!ops || !ops->callbacks.gro_complete))
  98                 goto out_unlock;
  99
 100         err = ops->callbacks.gro_complete(skb, nhoff);
 101
 102 out_unlock:
 103         rcu_read_unlock();
 104
 105         return err;
 106 }
 107
 108 static struct sk_buff **fou4_gro_receive(struct sk_buff **head,
 109                                          struct sk_buff *skb)
 110 {
 111         return fou_gro_receive(head, skb, inet_offloads);
 112 }
 113
 114 static int fou4_gro_complete(struct sk_buff *skb, int nhoff)
 115 {
 116         return fou_gro_complete(skb, nhoff, inet_offloads);
 117 }
 118
 119 static struct sk_buff **fou6_gro_receive(struct sk_buff **head,
 120                                          struct sk_buff *skb)
 121 {
 122         return fou_gro_receive(head, skb, inet6_offloads);
 123 }
 124
 125 static int fou6_gro_complete(struct sk_buff *skb, int nhoff)
 126 {
 127         return fou_gro_complete(skb, nhoff, inet6_offloads);
 128 }
 129
 130 static int fou_add_to_port_list(struct fou *fou)
 131 {
 132         struct fou *fout;
 133
 134         spin_lock(&fou_lock);
 135         list_for_each_entry(fout, &fou_list, list) {
 136                 if (fou->port == fout->port) {
 137                         spin_unlock(&fou_lock);
 138                         return -EALREADY;
 139                 }
 140         }
 141
 142         list_add(&fou->list, &fou_list);
 143         spin_unlock(&fou_lock);
 144
 145         return 0;
 146 }
 147
 148 static void fou_release(struct fou *fou)
 149 {
 150         struct socket *sock = fou->sock;
 151         struct sock *sk = sock->sk;
 152
 153         udp_del_offload(&fou->udp_offloads);
 154
 155         list_del(&fou->list);
 156
 157         /* Remove hooks into tunnel socket */
 158         sk->sk_user_data = NULL;
 159
 160         sock_release(sock);
 161
 162         kfree(fou);
 163 }
 164
 165 static int fou_create(struct net *net, struct fou_cfg *cfg,
 166                       struct socket **sockp)
 167 {
 168         struct fou *fou = NULL;
 169         int err;
 170         struct socket *sock = NULL;
 171         struct sock *sk;
 172
 173         /* Open UDP socket */
 174         err = udp_sock_create(net, &cfg->udp_config, &sock);
 175         if (err < 0)
 176                 goto error;
 177
 178         /* Allocate FOU port structure */
 179         fou = kzalloc(sizeof(*fou), GFP_KERNEL);
 180         if (!fou) {
 181                 err = -ENOMEM;
 182                 goto error;
 183         }
 184
 185         sk = sock->sk;
 186
 187         /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
 188         fou->protocol = cfg->protocol;
 189         fou->port =  cfg->udp_config.local_udp_port;
 190         udp_sk(sk)->encap_rcv = fou_udp_recv;
 191
 192         udp_sk(sk)->encap_type = 1;
 193         udp_encap_enable();
 194
 195         sk->sk_user_data = fou;
 196         fou->sock = sock;
 197
 198         udp_set_convert_csum(sk, true);
 199
 200         sk->sk_allocation = GFP_ATOMIC;
 201
 202         switch (cfg->udp_config.family) {
 203         case AF_INET:
 204                 fou->udp_offloads.callbacks.gro_receive = fou4_gro_receive;
 205                 fou->udp_offloads.callbacks.gro_complete = fou4_gro_complete;
 206                 break;
 207         case AF_INET6:
 208                 fou->udp_offloads.callbacks.gro_receive = fou6_gro_receive;
 209                 fou->udp_offloads.callbacks.gro_complete = fou6_gro_complete;
 210                 break;
 211         default:
 212                 err = -EPFNOSUPPORT;
 213                 goto error;
 214         }
 215
 216         fou->udp_offloads.port = cfg->udp_config.local_udp_port;
 217         fou->udp_offloads.ipproto = cfg->protocol;
 218
 219         if (cfg->udp_config.family == AF_INET) {
 220                 err = udp_add_offload(&fou->udp_offloads);
 221                 if (err)
 222                         goto error;
 223         }
 224
 225         err = fou_add_to_port_list(fou);
 226         if (err)
 227                 goto error;
 228
 229         if (sockp)
 230                 *sockp = sock;
 231
 232         return 0;
 233
 234 error:
 235         kfree(fou);
 236         if (sock)
 237                 sock_release(sock);
 238
 239         return err;
 240 }
 241
 242 static int fou_destroy(struct net *net, struct fou_cfg *cfg)
 243 {
 244         struct fou *fou;
 245         u16 port = cfg->udp_config.local_udp_port;
 246         int err = -EINVAL;
 247
 248         spin_lock(&fou_lock);
 249         list_for_each_entry(fou, &fou_list, list) {
 250                 if (fou->port == port) {
 251                         udp_del_offload(&fou->udp_offloads);
 252                         fou_release(fou);
 253                         err = 0;
 254                         break;
 255                 }
 256         }
 257         spin_unlock(&fou_lock);
 258
 259         return err;
 260 }
 261
 262 static struct genl_family fou_nl_family = {
 263         .id             = GENL_ID_GENERATE,
 264         .hdrsize        = 0,
 265         .name           = FOU_GENL_NAME,
 266         .version        = FOU_GENL_VERSION,
 267         .maxattr        = FOU_ATTR_MAX,
 268         .netnsok        = true,
 269 };
 270
 271 static struct nla_policy fou_nl_policy[FOU_ATTR_MAX + 1] = {
 272         [FOU_ATTR_PORT] = { .type = NLA_U16, },
 273         [FOU_ATTR_AF] = { .type = NLA_U8, },
 274         [FOU_ATTR_IPPROTO] = { .type = NLA_U8, },
 275 };
 276
 277 static int parse_nl_config(struct genl_info *info,
 278                            struct fou_cfg *cfg)
 279 {
 280         memset(cfg, 0, sizeof(*cfg));
 281
 282         cfg->udp_config.family = AF_INET;
 283
 284         if (info->attrs[FOU_ATTR_AF]) {
 285                 u8 family = nla_get_u8(info->attrs[FOU_ATTR_AF]);
 286
 287                 if (family != AF_INET && family != AF_INET6)
 288                         return -EINVAL;
 289
 290                 cfg->udp_config.family = family;
 291         }
 292
 293         if (info->attrs[FOU_ATTR_PORT]) {
 294                 u16 port = nla_get_u16(info->attrs[FOU_ATTR_PORT]);
 295
 296                 cfg->udp_config.local_udp_port = port;
 297         }
 298
 299         if (info->attrs[FOU_ATTR_IPPROTO])
 300                 cfg->protocol = nla_get_u8(info->attrs[FOU_ATTR_IPPROTO]);
 301
 302         return 0;
 303 }
 304
 305 static int fou_nl_cmd_add_port(struct sk_buff *skb, struct genl_info *info)
 306 {
 307         struct fou_cfg cfg;
 308         int err;
 309
 310         err = parse_nl_config(info, &cfg);
 311         if (err)
 312                 return err;
 313
 314         return fou_create(&init_net, &cfg, NULL);
 315 }
 316
 317 static int fou_nl_cmd_rm_port(struct sk_buff *skb, struct genl_info *info)
 318 {
 319         struct fou_cfg cfg;
 320
 321         parse_nl_config(info, &cfg);
 322
 323         return fou_destroy(&init_net, &cfg);
 324 }
 325
 326 static const struct genl_ops fou_nl_ops[] = {
 327         {
 328                 .cmd = FOU_CMD_ADD,
 329                 .doit = fou_nl_cmd_add_port,
 330                 .policy = fou_nl_policy,
 331                 .flags = GENL_ADMIN_PERM,
 332         },
 333         {
 334                 .cmd = FOU_CMD_DEL,
 335                 .doit = fou_nl_cmd_rm_port,
 336                 .policy = fou_nl_policy,
 337                 .flags = GENL_ADMIN_PERM,
 338         },
 339 };
 340
 341 static int __init fou_init(void)
 342 {
 343         int ret;
 344
 345         ret = genl_register_family_with_ops(&fou_nl_family,
 346                                             fou_nl_ops);
 347
 348         return ret;
 349 }
 350
 351 static void __exit fou_fini(void)
 352 {
 353         struct fou *fou, *next;
 354
 355         genl_unregister_family(&fou_nl_family);
 356
 357         /* Close all the FOU sockets */
 358
 359         spin_lock(&fou_lock);
 360         list_for_each_entry_safe(fou, next, &fou_list, list)
 361                 fou_release(fou);
 362         spin_unlock(&fou_lock);
 363 }
 364
 365 module_init(fou_init);
 366 module_exit(fou_fini);
 367 MODULE_AUTHOR("Tom Herbert <therbert@google.com>");
 368 MODULE_LICENSE("GPL");