1 /* Copyright (c) 2014 Mahesh Bandewar <maheshb@google.com>
3 * This program is free software; you can redistribute it and/or
4 * modify it under the terms of the GNU General Public License as
5 * published by the Free Software Foundation; either version 2 of
6 * the License, or (at your option) any later version.
12 static u32 ipvlan_jhash_secret __read_mostly;
14 void ipvlan_init_secret(void)
16 net_get_random_once(&ipvlan_jhash_secret, sizeof(ipvlan_jhash_secret));
19 void ipvlan_count_rx(const struct ipvl_dev *ipvlan,
20 unsigned int len, bool success, bool mcast)
22 if (likely(success)) {
23 struct ipvl_pcpu_stats *pcptr;
25 pcptr = this_cpu_ptr(ipvlan->pcpu_stats);
26 u64_stats_update_begin(&pcptr->syncp);
28 pcptr->rx_bytes += len;
31 u64_stats_update_end(&pcptr->syncp);
33 this_cpu_inc(ipvlan->pcpu_stats->rx_errs);
36 EXPORT_SYMBOL_GPL(ipvlan_count_rx);
38 #if IS_ENABLED(CONFIG_IPV6)
39 static u8 ipvlan_get_v6_hash(const void *iaddr)
41 const struct in6_addr *ip6_addr = iaddr;
43 return __ipv6_addr_jhash(ip6_addr, ipvlan_jhash_secret) &
47 static u8 ipvlan_get_v6_hash(const void *iaddr)
53 static u8 ipvlan_get_v4_hash(const void *iaddr)
55 const struct in_addr *ip4_addr = iaddr;
57 return jhash_1word(ip4_addr->s_addr, ipvlan_jhash_secret) &
61 static bool addr_equal(bool is_v6, struct ipvl_addr *addr, const void *iaddr)
63 if (!is_v6 && addr->atype == IPVL_IPV4) {
64 struct in_addr *i4addr = (struct in_addr *)iaddr;
66 return addr->ip4addr.s_addr == i4addr->s_addr;
67 #if IS_ENABLED(CONFIG_IPV6)
68 } else if (is_v6 && addr->atype == IPVL_IPV6) {
69 struct in6_addr *i6addr = (struct in6_addr *)iaddr;
71 return ipv6_addr_equal(&addr->ip6addr, i6addr);
78 static struct ipvl_addr *ipvlan_ht_addr_lookup(const struct ipvl_port *port,
79 const void *iaddr, bool is_v6)
81 struct ipvl_addr *addr;
84 hash = is_v6 ? ipvlan_get_v6_hash(iaddr) :
85 ipvlan_get_v4_hash(iaddr);
86 hlist_for_each_entry_rcu(addr, &port->hlhead[hash], hlnode)
87 if (addr_equal(is_v6, addr, iaddr))
92 void ipvlan_ht_addr_add(struct ipvl_dev *ipvlan, struct ipvl_addr *addr)
94 struct ipvl_port *port = ipvlan->port;
97 hash = (addr->atype == IPVL_IPV6) ?
98 ipvlan_get_v6_hash(&addr->ip6addr) :
99 ipvlan_get_v4_hash(&addr->ip4addr);
100 if (hlist_unhashed(&addr->hlnode))
101 hlist_add_head_rcu(&addr->hlnode, &port->hlhead[hash]);
104 void ipvlan_ht_addr_del(struct ipvl_addr *addr)
106 hlist_del_init_rcu(&addr->hlnode);
109 struct ipvl_addr *ipvlan_find_addr(const struct ipvl_dev *ipvlan,
110 const void *iaddr, bool is_v6)
112 struct ipvl_addr *addr, *ret = NULL;
115 list_for_each_entry_rcu(addr, &ipvlan->addrs, anode) {
116 if (addr_equal(is_v6, addr, iaddr)) {
125 bool ipvlan_addr_busy(struct ipvl_port *port, void *iaddr, bool is_v6)
127 struct ipvl_dev *ipvlan;
131 list_for_each_entry_rcu(ipvlan, &port->ipvlans, pnode) {
132 if (ipvlan_find_addr(ipvlan, iaddr, is_v6)) {
141 static void *ipvlan_get_L3_hdr(struct ipvl_port *port, struct sk_buff *skb, int *type)
145 switch (skb->protocol) {
146 case htons(ETH_P_ARP): {
149 if (unlikely(!pskb_may_pull(skb, arp_hdr_len(port->dev))))
157 case htons(ETH_P_IP): {
161 if (unlikely(!pskb_may_pull(skb, sizeof(*ip4h))))
165 pktlen = ntohs(ip4h->tot_len);
166 if (ip4h->ihl < 5 || ip4h->version != 4)
168 if (skb->len < pktlen || pktlen < (ip4h->ihl * 4))
175 #if IS_ENABLED(CONFIG_IPV6)
176 case htons(ETH_P_IPV6): {
177 struct ipv6hdr *ip6h;
179 if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h))))
182 ip6h = ipv6_hdr(skb);
183 if (ip6h->version != 6)
188 /* Only Neighbour Solicitation pkts need different treatment */
189 if (ipv6_addr_any(&ip6h->saddr) &&
190 ip6h->nexthdr == NEXTHDR_ICMP) {
191 struct icmp6hdr *icmph;
193 if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h) + sizeof(*icmph))))
196 ip6h = ipv6_hdr(skb);
197 icmph = (struct icmp6hdr *)(ip6h + 1);
199 if (icmph->icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) {
200 /* Need to access the ipv6 address in body */
201 if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h) + sizeof(*icmph)
202 + sizeof(struct in6_addr))))
205 ip6h = ipv6_hdr(skb);
206 icmph = (struct icmp6hdr *)(ip6h + 1);
222 unsigned int ipvlan_mac_hash(const unsigned char *addr)
224 u32 hash = jhash_1word(__get_unaligned_cpu32(addr+2),
225 ipvlan_jhash_secret);
227 return hash & IPVLAN_MAC_FILTER_MASK;
230 void ipvlan_process_multicast(struct work_struct *work)
232 struct ipvl_port *port = container_of(work, struct ipvl_port, wq);
234 struct ipvl_dev *ipvlan;
235 struct sk_buff *skb, *nskb;
236 struct sk_buff_head list;
238 unsigned int mac_hash;
243 __skb_queue_head_init(&list);
245 spin_lock_bh(&port->backlog.lock);
246 skb_queue_splice_tail_init(&port->backlog, &list);
247 spin_unlock_bh(&port->backlog.lock);
249 while ((skb = __skb_dequeue(&list)) != NULL) {
250 struct net_device *dev = skb->dev;
251 bool consumed = false;
254 tx_pkt = IPVL_SKB_CB(skb)->tx_pkt;
255 mac_hash = ipvlan_mac_hash(ethh->h_dest);
257 if (ether_addr_equal(ethh->h_dest, port->dev->broadcast))
258 pkt_type = PACKET_BROADCAST;
260 pkt_type = PACKET_MULTICAST;
263 list_for_each_entry_rcu(ipvlan, &port->ipvlans, pnode) {
264 if (tx_pkt && (ipvlan->dev == skb->dev))
266 if (!test_bit(mac_hash, ipvlan->mac_filters))
268 if (!(ipvlan->dev->flags & IFF_UP))
271 len = skb->len + ETH_HLEN;
272 nskb = skb_clone(skb, GFP_ATOMIC);
276 nskb->pkt_type = pkt_type;
277 nskb->dev = ipvlan->dev;
279 ret = dev_forward_skb(ipvlan->dev, nskb);
281 ret = netif_rx(nskb);
283 ipvlan_count_rx(ipvlan, len, ret == NET_RX_SUCCESS, true);
289 /* If the packet originated here, send it out. */
290 skb->dev = port->dev;
291 skb->pkt_type = pkt_type;
305 static void ipvlan_skb_crossing_ns(struct sk_buff *skb, struct net_device *dev)
310 xnet = !net_eq(dev_net(skb->dev), dev_net(dev));
312 skb_scrub_packet(skb, xnet);
317 static int ipvlan_rcv_frame(struct ipvl_addr *addr, struct sk_buff **pskb,
320 struct ipvl_dev *ipvlan = addr->master;
321 struct net_device *dev = ipvlan->dev;
323 rx_handler_result_t ret = RX_HANDLER_CONSUMED;
324 bool success = false;
325 struct sk_buff *skb = *pskb;
327 len = skb->len + ETH_HLEN;
328 /* Only packets exchanged between two local slaves need to have
329 * device-up check as well as skb-share check.
332 if (unlikely(!(dev->flags & IFF_UP))) {
337 skb = skb_share_check(skb, GFP_ATOMIC);
345 skb->pkt_type = PACKET_HOST;
346 if (dev_forward_skb(ipvlan->dev, skb) == NET_RX_SUCCESS)
350 ret = RX_HANDLER_ANOTHER;
355 ipvlan_count_rx(ipvlan, len, success, false);
359 static struct ipvl_addr *ipvlan_addr_lookup(struct ipvl_port *port,
360 void *lyr3h, int addr_type,
363 struct ipvl_addr *addr = NULL;
366 #if IS_ENABLED(CONFIG_IPV6)
368 struct ipv6hdr *ip6h;
369 struct in6_addr *i6addr;
371 ip6h = (struct ipv6hdr *)lyr3h;
372 i6addr = use_dest ? &ip6h->daddr : &ip6h->saddr;
373 addr = ipvlan_ht_addr_lookup(port, i6addr, true);
378 struct in6_addr *i6addr;
380 /* Make sure that the NeighborSolicitation ICMPv6 packets
381 * are handled to avoid DAD issue.
383 ndmh = (struct nd_msg *)lyr3h;
384 if (ndmh->icmph.icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) {
385 i6addr = &ndmh->target;
386 addr = ipvlan_ht_addr_lookup(port, i6addr, true);
395 ip4h = (struct iphdr *)lyr3h;
396 i4addr = use_dest ? &ip4h->daddr : &ip4h->saddr;
397 addr = ipvlan_ht_addr_lookup(port, i4addr, false);
402 unsigned char *arp_ptr;
405 arph = (struct arphdr *)lyr3h;
406 arp_ptr = (unsigned char *)(arph + 1);
408 arp_ptr += (2 * port->dev->addr_len) + 4;
410 arp_ptr += port->dev->addr_len;
412 memcpy(&dip, arp_ptr, 4);
413 addr = ipvlan_ht_addr_lookup(port, &dip, false);
421 static int ipvlan_process_v4_outbound(struct sk_buff *skb)
423 const struct iphdr *ip4h = ip_hdr(skb);
424 struct net_device *dev = skb->dev;
425 struct net *net = dev_net(dev);
427 int err, ret = NET_XMIT_DROP;
428 struct flowi4 fl4 = {
429 .flowi4_oif = dev->ifindex,
430 .flowi4_tos = RT_TOS(ip4h->tos),
431 .flowi4_flags = FLOWI_FLAG_ANYSRC,
432 .flowi4_mark = skb->mark,
433 .daddr = ip4h->daddr,
434 .saddr = ip4h->saddr,
437 rt = ip_route_output_flow(net, &fl4, NULL);
441 if (rt->rt_type != RTN_UNICAST && rt->rt_type != RTN_LOCAL) {
445 skb_dst_set(skb, &rt->dst);
446 err = ip_local_out(net, skb->sk, skb);
447 if (unlikely(net_xmit_eval(err)))
448 dev->stats.tx_errors++;
450 ret = NET_XMIT_SUCCESS;
453 dev->stats.tx_errors++;
459 #if IS_ENABLED(CONFIG_IPV6)
460 static int ipvlan_process_v6_outbound(struct sk_buff *skb)
462 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
463 struct net_device *dev = skb->dev;
464 struct net *net = dev_net(dev);
465 struct dst_entry *dst;
466 int err, ret = NET_XMIT_DROP;
467 struct flowi6 fl6 = {
468 .flowi6_oif = dev->ifindex,
469 .daddr = ip6h->daddr,
470 .saddr = ip6h->saddr,
471 .flowi6_flags = FLOWI_FLAG_ANYSRC,
472 .flowlabel = ip6_flowinfo(ip6h),
473 .flowi6_mark = skb->mark,
474 .flowi6_proto = ip6h->nexthdr,
477 dst = ip6_route_output(net, NULL, &fl6);
483 skb_dst_set(skb, dst);
484 err = ip6_local_out(net, skb->sk, skb);
485 if (unlikely(net_xmit_eval(err)))
486 dev->stats.tx_errors++;
488 ret = NET_XMIT_SUCCESS;
491 dev->stats.tx_errors++;
497 static int ipvlan_process_v6_outbound(struct sk_buff *skb)
499 return NET_XMIT_DROP;
503 static int ipvlan_process_outbound(struct sk_buff *skb)
505 int ret = NET_XMIT_DROP;
507 /* The ipvlan is a pseudo-L2 device, so the packets that we receive
508 * will have L2; which need to discarded and processed further
509 * in the net-ns of the main-device.
511 if (skb_mac_header_was_set(skb)) {
512 /* In this mode we dont care about
513 * multicast and broadcast traffic */
514 struct ethhdr *ethh = eth_hdr(skb);
516 if (is_multicast_ether_addr(ethh->h_dest)) {
517 pr_debug_ratelimited(
518 "Dropped {multi|broad}cast of type=[%x]\n",
519 ntohs(skb->protocol));
524 skb_pull(skb, sizeof(*ethh));
525 skb->mac_header = (typeof(skb->mac_header))~0U;
526 skb_reset_network_header(skb);
529 if (skb->protocol == htons(ETH_P_IPV6))
530 ret = ipvlan_process_v6_outbound(skb);
531 else if (skb->protocol == htons(ETH_P_IP))
532 ret = ipvlan_process_v4_outbound(skb);
534 pr_warn_ratelimited("Dropped outbound packet type=%x\n",
535 ntohs(skb->protocol));
542 static void ipvlan_multicast_enqueue(struct ipvl_port *port,
543 struct sk_buff *skb, bool tx_pkt)
545 if (skb->protocol == htons(ETH_P_PAUSE)) {
550 /* Record that the deferred packet is from TX or RX path. By
551 * looking at mac-addresses on packet will lead to erronus decisions.
552 * (This would be true for a loopback-mode on master device or a
553 * hair-pin mode of the switch.)
555 IPVL_SKB_CB(skb)->tx_pkt = tx_pkt;
557 spin_lock(&port->backlog.lock);
558 if (skb_queue_len(&port->backlog) < IPVLAN_QBACKLOG_LIMIT) {
561 __skb_queue_tail(&port->backlog, skb);
562 spin_unlock(&port->backlog.lock);
563 schedule_work(&port->wq);
565 spin_unlock(&port->backlog.lock);
566 atomic_long_inc(&skb->dev->rx_dropped);
571 static int ipvlan_xmit_mode_l3(struct sk_buff *skb, struct net_device *dev)
573 const struct ipvl_dev *ipvlan = netdev_priv(dev);
575 struct ipvl_addr *addr;
578 lyr3h = ipvlan_get_L3_hdr(ipvlan->port, skb, &addr_type);
582 if (!ipvlan_is_vepa(ipvlan->port)) {
583 addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true);
585 if (ipvlan_is_private(ipvlan->port)) {
587 return NET_XMIT_DROP;
589 return ipvlan_rcv_frame(addr, &skb, true);
593 ipvlan_skb_crossing_ns(skb, ipvlan->phy_dev);
594 return ipvlan_process_outbound(skb);
597 static int ipvlan_xmit_mode_l2(struct sk_buff *skb, struct net_device *dev)
599 const struct ipvl_dev *ipvlan = netdev_priv(dev);
600 struct ethhdr *eth = skb_eth_hdr(skb);
601 struct ipvl_addr *addr;
605 if (!ipvlan_is_vepa(ipvlan->port) &&
606 ether_addr_equal(eth->h_dest, eth->h_source)) {
607 lyr3h = ipvlan_get_L3_hdr(ipvlan->port, skb, &addr_type);
609 addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true);
611 if (ipvlan_is_private(ipvlan->port)) {
613 return NET_XMIT_DROP;
615 return ipvlan_rcv_frame(addr, &skb, true);
618 skb = skb_share_check(skb, GFP_ATOMIC);
620 return NET_XMIT_DROP;
622 /* Packet definitely does not belong to any of the
623 * virtual devices, but the dest is local. So forward
624 * the skb for the main-dev. At the RX side we just return
625 * RX_PASS for it to be processed further on the stack.
627 return dev_forward_skb(ipvlan->phy_dev, skb);
629 } else if (is_multicast_ether_addr(eth->h_dest)) {
630 skb_reset_mac_header(skb);
631 ipvlan_skb_crossing_ns(skb, NULL);
632 ipvlan_multicast_enqueue(ipvlan->port, skb, true);
633 return NET_XMIT_SUCCESS;
636 skb->dev = ipvlan->phy_dev;
637 return dev_queue_xmit(skb);
640 int ipvlan_queue_xmit(struct sk_buff *skb, struct net_device *dev)
642 struct ipvl_dev *ipvlan = netdev_priv(dev);
643 struct ipvl_port *port = ipvlan_port_get_rcu_bh(ipvlan->phy_dev);
648 if (unlikely(!pskb_may_pull(skb, sizeof(struct ethhdr))))
653 return ipvlan_xmit_mode_l2(skb, dev);
655 case IPVLAN_MODE_L3S:
656 return ipvlan_xmit_mode_l3(skb, dev);
659 /* Should not reach here */
660 WARN_ONCE(true, "ipvlan_queue_xmit() called for mode = [%hx]\n",
664 return NET_XMIT_DROP;
667 static bool ipvlan_external_frame(struct sk_buff *skb, struct ipvl_port *port)
669 struct ethhdr *eth = eth_hdr(skb);
670 struct ipvl_addr *addr;
674 if (ether_addr_equal(eth->h_source, skb->dev->dev_addr)) {
675 lyr3h = ipvlan_get_L3_hdr(port, skb, &addr_type);
679 addr = ipvlan_addr_lookup(port, lyr3h, addr_type, false);
687 static rx_handler_result_t ipvlan_handle_mode_l3(struct sk_buff **pskb,
688 struct ipvl_port *port)
692 struct ipvl_addr *addr;
693 struct sk_buff *skb = *pskb;
694 rx_handler_result_t ret = RX_HANDLER_PASS;
696 lyr3h = ipvlan_get_L3_hdr(port, skb, &addr_type);
700 addr = ipvlan_addr_lookup(port, lyr3h, addr_type, true);
702 ret = ipvlan_rcv_frame(addr, pskb, false);
708 static rx_handler_result_t ipvlan_handle_mode_l2(struct sk_buff **pskb,
709 struct ipvl_port *port)
711 struct sk_buff *skb = *pskb;
712 struct ethhdr *eth = eth_hdr(skb);
713 rx_handler_result_t ret = RX_HANDLER_PASS;
715 if (is_multicast_ether_addr(eth->h_dest)) {
716 if (ipvlan_external_frame(skb, port)) {
717 struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC);
719 /* External frames are queued for device local
720 * distribution, but a copy is given to master
721 * straight away to avoid sending duplicates later
722 * when work-queue processes this frame. This is
723 * achieved by returning RX_HANDLER_PASS.
726 ipvlan_skb_crossing_ns(nskb, NULL);
727 ipvlan_multicast_enqueue(port, nskb, false);
731 /* Perform like l3 mode for non-multicast packet */
732 ret = ipvlan_handle_mode_l3(pskb, port);
738 rx_handler_result_t ipvlan_handle_frame(struct sk_buff **pskb)
740 struct sk_buff *skb = *pskb;
741 struct ipvl_port *port = ipvlan_port_get_rcu(skb->dev);
744 return RX_HANDLER_PASS;
746 switch (port->mode) {
748 return ipvlan_handle_mode_l2(pskb, port);
750 return ipvlan_handle_mode_l3(pskb, port);
751 case IPVLAN_MODE_L3S:
752 return RX_HANDLER_PASS;
755 /* Should not reach here */
756 WARN_ONCE(true, "ipvlan_handle_frame() called for mode = [%hx]\n",
759 return RX_HANDLER_CONSUMED;
762 static struct ipvl_addr *ipvlan_skb_to_addr(struct sk_buff *skb,
763 struct net_device *dev)
765 struct ipvl_addr *addr = NULL;
766 struct ipvl_port *port;
770 if (!dev || !netif_is_ipvlan_port(dev))
773 port = ipvlan_port_get_rcu(dev);
774 if (!port || port->mode != IPVLAN_MODE_L3S)
777 lyr3h = ipvlan_get_L3_hdr(port, skb, &addr_type);
781 addr = ipvlan_addr_lookup(port, lyr3h, addr_type, true);
786 struct sk_buff *ipvlan_l3_rcv(struct net_device *dev, struct sk_buff *skb,
789 struct ipvl_addr *addr;
790 struct net_device *sdev;
792 addr = ipvlan_skb_to_addr(skb, dev);
796 sdev = addr->master->dev;
801 struct iphdr *ip4h = ip_hdr(skb);
803 err = ip_route_input_noref(skb, ip4h->daddr, ip4h->saddr,
809 #if IS_ENABLED(CONFIG_IPV6)
812 struct dst_entry *dst;
813 struct ipv6hdr *ip6h = ipv6_hdr(skb);
814 int flags = RT6_LOOKUP_F_HAS_SADDR;
815 struct flowi6 fl6 = {
816 .flowi6_iif = sdev->ifindex,
817 .daddr = ip6h->daddr,
818 .saddr = ip6h->saddr,
819 .flowlabel = ip6_flowinfo(ip6h),
820 .flowi6_mark = skb->mark,
821 .flowi6_proto = ip6h->nexthdr,
825 dst = ip6_route_input_lookup(dev_net(sdev), sdev, &fl6,
827 skb_dst_set(skb, dst);
839 unsigned int ipvlan_nf_input(void *priv, struct sk_buff *skb,
840 const struct nf_hook_state *state)
842 struct ipvl_addr *addr;
845 addr = ipvlan_skb_to_addr(skb, skb->dev);
849 skb->dev = addr->master->dev;
850 len = skb->len + ETH_HLEN;
851 ipvlan_count_rx(addr->master, len, true, false);
projects / releases.git / blob