1/* Copyright (c) 2014 Mahesh Bandewar <maheshb@google.com>
  2 *
  3 * This program is free software; you can redistribute it and/or
  4 * modify it under the terms of the GNU General Public License as
  5 * published by the Free Software Foundation; either version 2 of
  6 * the License, or (at your option) any later version.
  7 *
  8 */
  9
 10#include "ipvlan.h"
 11
 12static u32 ipvlan_jhash_secret __read_mostly;
 13
 14void ipvlan_init_secret(void)
 15{
 16	net_get_random_once(&ipvlan_jhash_secret, sizeof(ipvlan_jhash_secret));
 17}
 18
 19static void ipvlan_count_rx(const struct ipvl_dev *ipvlan,
 20			    unsigned int len, bool success, bool mcast)
 21{
 22	if (!ipvlan)
 23		return;
 24
 25	if (likely(success)) {
 26		struct ipvl_pcpu_stats *pcptr;
 27
 28		pcptr = this_cpu_ptr(ipvlan->pcpu_stats);
 29		u64_stats_update_begin(&pcptr->syncp);
 30		pcptr->rx_pkts++;
 31		pcptr->rx_bytes += len;
 32		if (mcast)
 33			pcptr->rx_mcast++;
 34		u64_stats_update_end(&pcptr->syncp);
 35	} else {
 36		this_cpu_inc(ipvlan->pcpu_stats->rx_errs);
 37	}
 38}
 39
 40static u8 ipvlan_get_v6_hash(const void *iaddr)
 41{
 42	const struct in6_addr *ip6_addr = iaddr;
 43
 44	return __ipv6_addr_jhash(ip6_addr, ipvlan_jhash_secret) &
 45	       IPVLAN_HASH_MASK;
 46}
 47
 48static u8 ipvlan_get_v4_hash(const void *iaddr)
 49{
 50	const struct in_addr *ip4_addr = iaddr;
 51
 52	return jhash_1word(ip4_addr->s_addr, ipvlan_jhash_secret) &
 53	       IPVLAN_HASH_MASK;
 54}
 55
 56static struct ipvl_addr *ipvlan_ht_addr_lookup(const struct ipvl_port *port,
 57					       const void *iaddr, bool is_v6)
 58{
 59	struct ipvl_addr *addr;
 60	u8 hash;
 61
 62	hash = is_v6 ? ipvlan_get_v6_hash(iaddr) :
 63	       ipvlan_get_v4_hash(iaddr);
 64	hlist_for_each_entry_rcu(addr, &port->hlhead[hash], hlnode) {
 65		if (is_v6 && addr->atype == IPVL_IPV6 &&
 66		    ipv6_addr_equal(&addr->ip6addr, iaddr))
 67			return addr;
 68		else if (!is_v6 && addr->atype == IPVL_IPV4 &&
 69			 addr->ip4addr.s_addr ==
 70				((struct in_addr *)iaddr)->s_addr)
 71			return addr;
 72	}
 73	return NULL;
 74}
 75
 76void ipvlan_ht_addr_add(struct ipvl_dev *ipvlan, struct ipvl_addr *addr)
 77{
 78	struct ipvl_port *port = ipvlan->port;
 79	u8 hash;
 80
 81	hash = (addr->atype == IPVL_IPV6) ?
 82	       ipvlan_get_v6_hash(&addr->ip6addr) :
 83	       ipvlan_get_v4_hash(&addr->ip4addr);
 84	if (hlist_unhashed(&addr->hlnode))
 85		hlist_add_head_rcu(&addr->hlnode, &port->hlhead[hash]);
 86}
 87
 88void ipvlan_ht_addr_del(struct ipvl_addr *addr)
 89{
 90	hlist_del_init_rcu(&addr->hlnode);
 91}
 92
 93struct ipvl_addr *ipvlan_find_addr(const struct ipvl_dev *ipvlan,
 94				   const void *iaddr, bool is_v6)
 95{
 96	struct ipvl_addr *addr;
 97
 98	list_for_each_entry(addr, &ipvlan->addrs, anode) {
 99		if ((is_v6 && addr->atype == IPVL_IPV6 &&
100		    ipv6_addr_equal(&addr->ip6addr, iaddr)) ||
101		    (!is_v6 && addr->atype == IPVL_IPV4 &&
102		    addr->ip4addr.s_addr == ((struct in_addr *)iaddr)->s_addr))
103			return addr;
104	}
105	return NULL;
106}
107
108bool ipvlan_addr_busy(struct ipvl_port *port, void *iaddr, bool is_v6)
109{
110	struct ipvl_dev *ipvlan;
111
112	ASSERT_RTNL();
113
114	list_for_each_entry(ipvlan, &port->ipvlans, pnode) {
115		if (ipvlan_find_addr(ipvlan, iaddr, is_v6))
116			return true;
117	}
118	return false;
119}
120
121static void *ipvlan_get_L3_hdr(struct sk_buff *skb, int *type)
122{
123	void *lyr3h = NULL;
124
125	switch (skb->protocol) {
126	case htons(ETH_P_ARP): {
127		struct arphdr *arph;
128
129		if (unlikely(!pskb_may_pull(skb, sizeof(*arph))))
130			return NULL;
131
132		arph = arp_hdr(skb);
133		*type = IPVL_ARP;
134		lyr3h = arph;
135		break;
136	}
137	case htons(ETH_P_IP): {
138		u32 pktlen;
139		struct iphdr *ip4h;
140
141		if (unlikely(!pskb_may_pull(skb, sizeof(*ip4h))))
142			return NULL;
143
144		ip4h = ip_hdr(skb);
145		pktlen = ntohs(ip4h->tot_len);
146		if (ip4h->ihl < 5 || ip4h->version != 4)
147			return NULL;
148		if (skb->len < pktlen || pktlen < (ip4h->ihl * 4))
149			return NULL;
150
151		*type = IPVL_IPV4;
152		lyr3h = ip4h;
153		break;
154	}
155	case htons(ETH_P_IPV6): {
156		struct ipv6hdr *ip6h;
157
158		if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h))))
159			return NULL;
160
161		ip6h = ipv6_hdr(skb);
162		if (ip6h->version != 6)
163			return NULL;
164
165		*type = IPVL_IPV6;
166		lyr3h = ip6h;
167		/* Only Neighbour Solicitation pkts need different treatment */
168		if (ipv6_addr_any(&ip6h->saddr) &&
169		    ip6h->nexthdr == NEXTHDR_ICMP) {
170			*type = IPVL_ICMPV6;
171			lyr3h = ip6h + 1;
172		}
173		break;
174	}
175	default:
176		return NULL;
177	}
178
179	return lyr3h;
180}
181
182unsigned int ipvlan_mac_hash(const unsigned char *addr)
183{
184	u32 hash = jhash_1word(__get_unaligned_cpu32(addr+2),
185			       ipvlan_jhash_secret);
186
187	return hash & IPVLAN_MAC_FILTER_MASK;
188}
189
190void ipvlan_process_multicast(struct work_struct *work)
191{
192	struct ipvl_port *port = container_of(work, struct ipvl_port, wq);
193	struct ethhdr *ethh;
194	struct ipvl_dev *ipvlan;
195	struct sk_buff *skb, *nskb;
196	struct sk_buff_head list;
197	unsigned int len;
198	unsigned int mac_hash;
199	int ret;
200	u8 pkt_type;
201	bool hlocal, dlocal;
202
203	__skb_queue_head_init(&list);
204
205	spin_lock_bh(&port->backlog.lock);
206	skb_queue_splice_tail_init(&port->backlog, &list);
207	spin_unlock_bh(&port->backlog.lock);
208
209	while ((skb = __skb_dequeue(&list)) != NULL) {
210		ethh = eth_hdr(skb);
211		hlocal = ether_addr_equal(ethh->h_source, port->dev->dev_addr);
212		mac_hash = ipvlan_mac_hash(ethh->h_dest);
213
214		if (ether_addr_equal(ethh->h_dest, port->dev->broadcast))
215			pkt_type = PACKET_BROADCAST;
216		else
217			pkt_type = PACKET_MULTICAST;
218
219		dlocal = false;
220		rcu_read_lock();
221		list_for_each_entry_rcu(ipvlan, &port->ipvlans, pnode) {
222			if (hlocal && (ipvlan->dev == skb->dev)) {
223				dlocal = true;
224				continue;
225			}
226			if (!test_bit(mac_hash, ipvlan->mac_filters))
227				continue;
228
229			ret = NET_RX_DROP;
230			len = skb->len + ETH_HLEN;
231			nskb = skb_clone(skb, GFP_ATOMIC);
232			if (!nskb)
233				goto acct;
234
235			nskb->pkt_type = pkt_type;
236			nskb->dev = ipvlan->dev;
237			if (hlocal)
238				ret = dev_forward_skb(ipvlan->dev, nskb);
239			else
240				ret = netif_rx(nskb);
241acct:
242			ipvlan_count_rx(ipvlan, len, ret == NET_RX_SUCCESS, true);
243		}
244		rcu_read_unlock();
245
246		if (dlocal) {
247			/* If the packet originated here, send it out. */
248			skb->dev = port->dev;
249			skb->pkt_type = pkt_type;
250			dev_queue_xmit(skb);
251		} else {
252			kfree_skb(skb);
253		}
254	}
255}
256
257static int ipvlan_rcv_frame(struct ipvl_addr *addr, struct sk_buff **pskb,
258			    bool local)
259{
260	struct ipvl_dev *ipvlan = addr->master;
261	struct net_device *dev = ipvlan->dev;
262	unsigned int len;
263	rx_handler_result_t ret = RX_HANDLER_CONSUMED;
264	bool success = false;
265	struct sk_buff *skb = *pskb;
266
267	len = skb->len + ETH_HLEN;
268	/* Only packets exchanged between two local slaves need to have
269	 * device-up check as well as skb-share check.
270	 */
271	if (local) {
272		if (unlikely(!(dev->flags & IFF_UP))) {
273			kfree_skb(skb);
274			goto out;
275		}
276
277		skb = skb_share_check(skb, GFP_ATOMIC);
278		if (!skb)
279			goto out;
280
281		*pskb = skb;
282	}
283	skb->dev = dev;
284
285	if (local) {
286		skb->pkt_type = PACKET_HOST;
287		if (dev_forward_skb(ipvlan->dev, skb) == NET_RX_SUCCESS)
288			success = true;
289	} else {
290		ret = RX_HANDLER_ANOTHER;
291		success = true;
292	}
293
294out:
295	ipvlan_count_rx(ipvlan, len, success, false);
296	return ret;
297}
298
299static struct ipvl_addr *ipvlan_addr_lookup(struct ipvl_port *port,
300					    void *lyr3h, int addr_type,
301					    bool use_dest)
302{
303	struct ipvl_addr *addr = NULL;
304
305	if (addr_type == IPVL_IPV6) {
306		struct ipv6hdr *ip6h;
307		struct in6_addr *i6addr;
308
309		ip6h = (struct ipv6hdr *)lyr3h;
310		i6addr = use_dest ? &ip6h->daddr : &ip6h->saddr;
311		addr = ipvlan_ht_addr_lookup(port, i6addr, true);
312	} else if (addr_type == IPVL_ICMPV6) {
313		struct nd_msg *ndmh;
314		struct in6_addr *i6addr;
315
316		/* Make sure that the NeighborSolicitation ICMPv6 packets
317		 * are handled to avoid DAD issue.
318		 */
319		ndmh = (struct nd_msg *)lyr3h;
320		if (ndmh->icmph.icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) {
321			i6addr = &ndmh->target;
322			addr = ipvlan_ht_addr_lookup(port, i6addr, true);
323		}
324	} else if (addr_type == IPVL_IPV4) {
325		struct iphdr *ip4h;
326		__be32 *i4addr;
327
328		ip4h = (struct iphdr *)lyr3h;
329		i4addr = use_dest ? &ip4h->daddr : &ip4h->saddr;
330		addr = ipvlan_ht_addr_lookup(port, i4addr, false);
331	} else if (addr_type == IPVL_ARP) {
332		struct arphdr *arph;
333		unsigned char *arp_ptr;
334		__be32 dip;
335
336		arph = (struct arphdr *)lyr3h;
337		arp_ptr = (unsigned char *)(arph + 1);
338		if (use_dest)
339			arp_ptr += (2 * port->dev->addr_len) + 4;
340		else
341			arp_ptr += port->dev->addr_len;
342
343		memcpy(&dip, arp_ptr, 4);
344		addr = ipvlan_ht_addr_lookup(port, &dip, false);
345	}
346
347	return addr;
348}
349
350static int ipvlan_process_v4_outbound(struct sk_buff *skb, bool xnet)
351{
352	const struct iphdr *ip4h = ip_hdr(skb);
353	struct net_device *dev = skb->dev;
354	struct net *net = dev_net(dev);
355	struct rtable *rt;
356	int err, ret = NET_XMIT_DROP;
357	struct flowi4 fl4 = {
358		.flowi4_oif = dev->ifindex,
359		.flowi4_tos = RT_TOS(ip4h->tos),
360		.flowi4_flags = FLOWI_FLAG_ANYSRC,
361		.daddr = ip4h->daddr,
362		.saddr = ip4h->saddr,
363	};
364
365	rt = ip_route_output_flow(net, &fl4, NULL);
366	if (IS_ERR(rt))
367		goto err;
368
369	if (rt->rt_type != RTN_UNICAST && rt->rt_type != RTN_LOCAL) {
370		ip_rt_put(rt);
371		goto err;
372	}
373	skb_scrub_packet(skb, xnet);
374	skb_dst_set(skb, &rt->dst);
375	err = ip_local_out(net, skb->sk, skb);
376	if (unlikely(net_xmit_eval(err)))
377		dev->stats.tx_errors++;
378	else
379		ret = NET_XMIT_SUCCESS;
380	goto out;
381err:
382	dev->stats.tx_errors++;
383	kfree_skb(skb);
384out:
385	return ret;
386}
387
388static int ipvlan_process_v6_outbound(struct sk_buff *skb, bool xnet)
389{
390	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
391	struct net_device *dev = skb->dev;
392	struct net *net = dev_net(dev);
393	struct dst_entry *dst;
394	int err, ret = NET_XMIT_DROP;
395	struct flowi6 fl6 = {
396		.flowi6_iif = dev->ifindex,
397		.daddr = ip6h->daddr,
398		.saddr = ip6h->saddr,
399		.flowi6_flags = FLOWI_FLAG_ANYSRC,
400		.flowlabel = ip6_flowinfo(ip6h),
401		.flowi6_mark = skb->mark,
402		.flowi6_proto = ip6h->nexthdr,
403	};
404
405	dst = ip6_route_output(net, NULL, &fl6);
406	if (dst->error) {
407		ret = dst->error;
408		dst_release(dst);
409		goto err;
410	}
411	skb_scrub_packet(skb, xnet);
412	skb_dst_set(skb, dst);
413	err = ip6_local_out(net, skb->sk, skb);
414	if (unlikely(net_xmit_eval(err)))
415		dev->stats.tx_errors++;
416	else
417		ret = NET_XMIT_SUCCESS;
418	goto out;
419err:
420	dev->stats.tx_errors++;
421	kfree_skb(skb);
422out:
423	return ret;
424}
425
426static int ipvlan_process_outbound(struct sk_buff *skb, bool xnet)
427{
428	struct ethhdr *ethh = eth_hdr(skb);
429	int ret = NET_XMIT_DROP;
430
431	/* In this mode we dont care about multicast and broadcast traffic */
432	if (is_multicast_ether_addr(ethh->h_dest)) {
433		pr_warn_ratelimited("Dropped {multi|broad}cast of type= [%x]\n",
434				    ntohs(skb->protocol));
435		kfree_skb(skb);
436		goto out;
437	}
438
439	/* The ipvlan is a pseudo-L2 device, so the packets that we receive
440	 * will have L2; which need to discarded and processed further
441	 * in the net-ns of the main-device.
442	 */
443	if (skb_mac_header_was_set(skb)) {
444		skb_pull(skb, sizeof(*ethh));
445		skb->mac_header = (typeof(skb->mac_header))~0U;
446		skb_reset_network_header(skb);
447	}
448
449	if (skb->protocol == htons(ETH_P_IPV6))
450		ret = ipvlan_process_v6_outbound(skb, xnet);
451	else if (skb->protocol == htons(ETH_P_IP))
452		ret = ipvlan_process_v4_outbound(skb, xnet);
453	else {
454		pr_warn_ratelimited("Dropped outbound packet type=%x\n",
455				    ntohs(skb->protocol));
456		kfree_skb(skb);
457	}
458out:
459	return ret;
460}
461
462static void ipvlan_multicast_enqueue(struct ipvl_port *port,
463				     struct sk_buff *skb)
464{
465	if (skb->protocol == htons(ETH_P_PAUSE)) {
466		kfree_skb(skb);
467		return;
468	}
469
470	spin_lock(&port->backlog.lock);
471	if (skb_queue_len(&port->backlog) < IPVLAN_QBACKLOG_LIMIT) {
472		__skb_queue_tail(&port->backlog, skb);
473		spin_unlock(&port->backlog.lock);
474		schedule_work(&port->wq);
475	} else {
476		spin_unlock(&port->backlog.lock);
477		atomic_long_inc(&skb->dev->rx_dropped);
478		kfree_skb(skb);
479	}
480}
481
482static int ipvlan_xmit_mode_l3(struct sk_buff *skb, struct net_device *dev)
483{
484	const struct ipvl_dev *ipvlan = netdev_priv(dev);
485	void *lyr3h;
486	struct ipvl_addr *addr;
487	int addr_type;
488	bool xnet;
489
490	lyr3h = ipvlan_get_L3_hdr(skb, &addr_type);
491	if (!lyr3h)
492		goto out;
493
494	addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true);
495	if (addr)
496		return ipvlan_rcv_frame(addr, &skb, true);
497
498out:
499	xnet = !net_eq(dev_net(skb->dev), dev_net(ipvlan->phy_dev));
500	skb->dev = ipvlan->phy_dev;
501	return ipvlan_process_outbound(skb, xnet);
502}
503
504static int ipvlan_xmit_mode_l2(struct sk_buff *skb, struct net_device *dev)
505{
506	const struct ipvl_dev *ipvlan = netdev_priv(dev);
507	struct ethhdr *eth = eth_hdr(skb);
508	struct ipvl_addr *addr;
509	void *lyr3h;
510	int addr_type;
511
512	if (ether_addr_equal(eth->h_dest, eth->h_source)) {
513		lyr3h = ipvlan_get_L3_hdr(skb, &addr_type);
514		if (lyr3h) {
515			addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true);
516			if (addr)
517				return ipvlan_rcv_frame(addr, &skb, true);
518		}
519		skb = skb_share_check(skb, GFP_ATOMIC);
520		if (!skb)
521			return NET_XMIT_DROP;
522
523		/* Packet definitely does not belong to any of the
524		 * virtual devices, but the dest is local. So forward
525		 * the skb for the main-dev. At the RX side we just return
526		 * RX_PASS for it to be processed further on the stack.
527		 */
528		return dev_forward_skb(ipvlan->phy_dev, skb);
529
530	} else if (is_multicast_ether_addr(eth->h_dest)) {
531		ipvlan_multicast_enqueue(ipvlan->port, skb);
532		return NET_XMIT_SUCCESS;
533	}
534
535	skb->dev = ipvlan->phy_dev;
536	return dev_queue_xmit(skb);
537}
538
539int ipvlan_queue_xmit(struct sk_buff *skb, struct net_device *dev)
540{
541	struct ipvl_dev *ipvlan = netdev_priv(dev);
542	struct ipvl_port *port = ipvlan_port_get_rcu_bh(ipvlan->phy_dev);
543
544	if (!port)
545		goto out;
546
547	if (unlikely(!pskb_may_pull(skb, sizeof(struct ethhdr))))
548		goto out;
549
550	switch(port->mode) {
551	case IPVLAN_MODE_L2:
552		return ipvlan_xmit_mode_l2(skb, dev);
553	case IPVLAN_MODE_L3:
554		return ipvlan_xmit_mode_l3(skb, dev);
555	}
556
557	/* Should not reach here */
558	WARN_ONCE(true, "ipvlan_queue_xmit() called for mode = [%hx]\n",
559			  port->mode);
560out:
561	kfree_skb(skb);
562	return NET_XMIT_DROP;
563}
564
565static bool ipvlan_external_frame(struct sk_buff *skb, struct ipvl_port *port)
566{
567	struct ethhdr *eth = eth_hdr(skb);
568	struct ipvl_addr *addr;
569	void *lyr3h;
570	int addr_type;
571
572	if (ether_addr_equal(eth->h_source, skb->dev->dev_addr)) {
573		lyr3h = ipvlan_get_L3_hdr(skb, &addr_type);
574		if (!lyr3h)
575			return true;
576
577		addr = ipvlan_addr_lookup(port, lyr3h, addr_type, false);
578		if (addr)
579			return false;
580	}
581
582	return true;
583}
584
585static rx_handler_result_t ipvlan_handle_mode_l3(struct sk_buff **pskb,
586						 struct ipvl_port *port)
587{
588	void *lyr3h;
589	int addr_type;
590	struct ipvl_addr *addr;
591	struct sk_buff *skb = *pskb;
592	rx_handler_result_t ret = RX_HANDLER_PASS;
593
594	lyr3h = ipvlan_get_L3_hdr(skb, &addr_type);
595	if (!lyr3h)
596		goto out;
597
598	addr = ipvlan_addr_lookup(port, lyr3h, addr_type, true);
599	if (addr)
600		ret = ipvlan_rcv_frame(addr, pskb, false);
601
602out:
603	return ret;
604}
605
606static rx_handler_result_t ipvlan_handle_mode_l2(struct sk_buff **pskb,
607						 struct ipvl_port *port)
608{
609	struct sk_buff *skb = *pskb;
610	struct ethhdr *eth = eth_hdr(skb);
611	rx_handler_result_t ret = RX_HANDLER_PASS;
612	void *lyr3h;
613	int addr_type;
614
615	if (is_multicast_ether_addr(eth->h_dest)) {
616		if (ipvlan_external_frame(skb, port)) {
617			struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC);
618
619			/* External frames are queued for device local
620			 * distribution, but a copy is given to master
621			 * straight away to avoid sending duplicates later
622			 * when work-queue processes this frame. This is
623			 * achieved by returning RX_HANDLER_PASS.
624			 */
625			if (nskb)
626				ipvlan_multicast_enqueue(port, nskb);
627		}
628	} else {
629		struct ipvl_addr *addr;
630
631		lyr3h = ipvlan_get_L3_hdr(skb, &addr_type);
632		if (!lyr3h)
633			return ret;
634
635		addr = ipvlan_addr_lookup(port, lyr3h, addr_type, true);
636		if (addr)
637			ret = ipvlan_rcv_frame(addr, pskb, false);
638	}
639
640	return ret;
641}
642
643rx_handler_result_t ipvlan_handle_frame(struct sk_buff **pskb)
644{
645	struct sk_buff *skb = *pskb;
646	struct ipvl_port *port = ipvlan_port_get_rcu(skb->dev);
647
648	if (!port)
649		return RX_HANDLER_PASS;
650
651	switch (port->mode) {
652	case IPVLAN_MODE_L2:
653		return ipvlan_handle_mode_l2(pskb, port);
654	case IPVLAN_MODE_L3:
655		return ipvlan_handle_mode_l3(pskb, port);
656	}
657
658	/* Should not reach here */
659	WARN_ONCE(true, "ipvlan_handle_frame() called for mode = [%hx]\n",
660			  port->mode);
661	kfree_skb(skb);
662	return RX_HANDLER_CONSUMED;
663}