1 /* Copyright (c) 2014 Mahesh Bandewar <maheshb@google.com>
3 * This program is free software; you can redistribute it and/or
4 * modify it under the terms of the GNU General Public License as
5 * published by the Free Software Foundation; either version 2 of
6 * the License, or (at your option) any later version.
12 static u32 ipvlan_jhash_secret __read_mostly;
14 void ipvlan_init_secret(void)
16 net_get_random_once(&ipvlan_jhash_secret, sizeof(ipvlan_jhash_secret));
19 void ipvlan_count_rx(const struct ipvl_dev *ipvlan,
20 unsigned int len, bool success, bool mcast)
22 if (likely(success)) {
23 struct ipvl_pcpu_stats *pcptr;
25 pcptr = this_cpu_ptr(ipvlan->pcpu_stats);
26 u64_stats_update_begin(&pcptr->syncp);
28 pcptr->rx_bytes += len;
31 u64_stats_update_end(&pcptr->syncp);
33 this_cpu_inc(ipvlan->pcpu_stats->rx_errs);
36 EXPORT_SYMBOL_GPL(ipvlan_count_rx);
38 #if IS_ENABLED(CONFIG_IPV6)
39 static u8 ipvlan_get_v6_hash(const void *iaddr)
41 const struct in6_addr *ip6_addr = iaddr;
43 return __ipv6_addr_jhash(ip6_addr, ipvlan_jhash_secret) &
47 static u8 ipvlan_get_v6_hash(const void *iaddr)
53 static u8 ipvlan_get_v4_hash(const void *iaddr)
55 const struct in_addr *ip4_addr = iaddr;
57 return jhash_1word(ip4_addr->s_addr, ipvlan_jhash_secret) &
61 static bool addr_equal(bool is_v6, struct ipvl_addr *addr, const void *iaddr)
63 if (!is_v6 && addr->atype == IPVL_IPV4) {
64 struct in_addr *i4addr = (struct in_addr *)iaddr;
66 return addr->ip4addr.s_addr == i4addr->s_addr;
67 #if IS_ENABLED(CONFIG_IPV6)
68 } else if (is_v6 && addr->atype == IPVL_IPV6) {
69 struct in6_addr *i6addr = (struct in6_addr *)iaddr;
71 return ipv6_addr_equal(&addr->ip6addr, i6addr);
78 static struct ipvl_addr *ipvlan_ht_addr_lookup(const struct ipvl_port *port,
79 const void *iaddr, bool is_v6)
81 struct ipvl_addr *addr;
84 hash = is_v6 ? ipvlan_get_v6_hash(iaddr) :
85 ipvlan_get_v4_hash(iaddr);
86 hlist_for_each_entry_rcu(addr, &port->hlhead[hash], hlnode)
87 if (addr_equal(is_v6, addr, iaddr))
92 void ipvlan_ht_addr_add(struct ipvl_dev *ipvlan, struct ipvl_addr *addr)
94 struct ipvl_port *port = ipvlan->port;
97 hash = (addr->atype == IPVL_IPV6) ?
98 ipvlan_get_v6_hash(&addr->ip6addr) :
99 ipvlan_get_v4_hash(&addr->ip4addr);
100 if (hlist_unhashed(&addr->hlnode))
101 hlist_add_head_rcu(&addr->hlnode, &port->hlhead[hash]);
104 void ipvlan_ht_addr_del(struct ipvl_addr *addr)
106 hlist_del_init_rcu(&addr->hlnode);
109 struct ipvl_addr *ipvlan_find_addr(const struct ipvl_dev *ipvlan,
110 const void *iaddr, bool is_v6)
112 struct ipvl_addr *addr, *ret = NULL;
115 list_for_each_entry_rcu(addr, &ipvlan->addrs, anode) {
116 if (addr_equal(is_v6, addr, iaddr)) {
125 bool ipvlan_addr_busy(struct ipvl_port *port, void *iaddr, bool is_v6)
127 struct ipvl_dev *ipvlan;
131 list_for_each_entry_rcu(ipvlan, &port->ipvlans, pnode) {
132 if (ipvlan_find_addr(ipvlan, iaddr, is_v6)) {
141 static void *ipvlan_get_L3_hdr(struct ipvl_port *port, struct sk_buff *skb, int *type)
145 switch (skb->protocol) {
146 case htons(ETH_P_ARP): {
149 if (unlikely(!pskb_may_pull(skb, arp_hdr_len(port->dev))))
157 case htons(ETH_P_IP): {
161 if (unlikely(!pskb_may_pull(skb, sizeof(*ip4h))))
165 pktlen = ntohs(ip4h->tot_len);
166 if (ip4h->ihl < 5 || ip4h->version != 4)
168 if (skb->len < pktlen || pktlen < (ip4h->ihl * 4))
175 #if IS_ENABLED(CONFIG_IPV6)
176 case htons(ETH_P_IPV6): {
177 struct ipv6hdr *ip6h;
179 if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h))))
182 ip6h = ipv6_hdr(skb);
183 if (ip6h->version != 6)
188 /* Only Neighbour Solicitation pkts need different treatment */
189 if (ipv6_addr_any(&ip6h->saddr) &&
190 ip6h->nexthdr == NEXTHDR_ICMP) {
191 struct icmp6hdr *icmph;
193 if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h) + sizeof(*icmph))))
196 ip6h = ipv6_hdr(skb);
197 icmph = (struct icmp6hdr *)(ip6h + 1);
199 if (icmph->icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) {
200 /* Need to access the ipv6 address in body */
201 if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h) + sizeof(*icmph)
202 + sizeof(struct in6_addr))))
205 ip6h = ipv6_hdr(skb);
206 icmph = (struct icmp6hdr *)(ip6h + 1);
222 unsigned int ipvlan_mac_hash(const unsigned char *addr)
224 u32 hash = jhash_1word(__get_unaligned_cpu32(addr+2),
225 ipvlan_jhash_secret);
227 return hash & IPVLAN_MAC_FILTER_MASK;
230 void ipvlan_process_multicast(struct work_struct *work)
232 struct ipvl_port *port = container_of(work, struct ipvl_port, wq);
234 struct ipvl_dev *ipvlan;
235 struct sk_buff *skb, *nskb;
236 struct sk_buff_head list;
238 unsigned int mac_hash;
243 __skb_queue_head_init(&list);
245 spin_lock_bh(&port->backlog.lock);
246 skb_queue_splice_tail_init(&port->backlog, &list);
247 spin_unlock_bh(&port->backlog.lock);
249 while ((skb = __skb_dequeue(&list)) != NULL) {
250 struct net_device *dev = skb->dev;
251 bool consumed = false;
254 tx_pkt = IPVL_SKB_CB(skb)->tx_pkt;
255 mac_hash = ipvlan_mac_hash(ethh->h_dest);
257 if (ether_addr_equal(ethh->h_dest, port->dev->broadcast))
258 pkt_type = PACKET_BROADCAST;
260 pkt_type = PACKET_MULTICAST;
263 list_for_each_entry_rcu(ipvlan, &port->ipvlans, pnode) {
264 if (tx_pkt && (ipvlan->dev == skb->dev))
266 if (!test_bit(mac_hash, ipvlan->mac_filters))
268 if (!(ipvlan->dev->flags & IFF_UP))
271 len = skb->len + ETH_HLEN;
272 nskb = skb_clone(skb, GFP_ATOMIC);
276 nskb->pkt_type = pkt_type;
277 nskb->dev = ipvlan->dev;
279 ret = dev_forward_skb(ipvlan->dev, nskb);
281 ret = netif_rx(nskb);
283 ipvlan_count_rx(ipvlan, len, ret == NET_RX_SUCCESS, true);
289 /* If the packet originated here, send it out. */
290 skb->dev = port->dev;
291 skb->pkt_type = pkt_type;
305 static void ipvlan_skb_crossing_ns(struct sk_buff *skb, struct net_device *dev)
310 xnet = !net_eq(dev_net(skb->dev), dev_net(dev));
312 skb_scrub_packet(skb, xnet);
317 static int ipvlan_rcv_frame(struct ipvl_addr *addr, struct sk_buff **pskb,
320 struct ipvl_dev *ipvlan = addr->master;
321 struct net_device *dev = ipvlan->dev;
323 rx_handler_result_t ret = RX_HANDLER_CONSUMED;
324 bool success = false;
325 struct sk_buff *skb = *pskb;
327 len = skb->len + ETH_HLEN;
328 /* Only packets exchanged between two local slaves need to have
329 * device-up check as well as skb-share check.
332 if (unlikely(!(dev->flags & IFF_UP))) {
337 skb = skb_share_check(skb, GFP_ATOMIC);
345 skb->pkt_type = PACKET_HOST;
346 if (dev_forward_skb(ipvlan->dev, skb) == NET_RX_SUCCESS)
350 ret = RX_HANDLER_ANOTHER;
355 ipvlan_count_rx(ipvlan, len, success, false);
359 static struct ipvl_addr *ipvlan_addr_lookup(struct ipvl_port *port,
360 void *lyr3h, int addr_type,
363 struct ipvl_addr *addr = NULL;
366 #if IS_ENABLED(CONFIG_IPV6)
368 struct ipv6hdr *ip6h;
369 struct in6_addr *i6addr;
371 ip6h = (struct ipv6hdr *)lyr3h;
372 i6addr = use_dest ? &ip6h->daddr : &ip6h->saddr;
373 addr = ipvlan_ht_addr_lookup(port, i6addr, true);
378 struct in6_addr *i6addr;
380 /* Make sure that the NeighborSolicitation ICMPv6 packets
381 * are handled to avoid DAD issue.
383 ndmh = (struct nd_msg *)lyr3h;
384 if (ndmh->icmph.icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) {
385 i6addr = &ndmh->target;
386 addr = ipvlan_ht_addr_lookup(port, i6addr, true);
395 ip4h = (struct iphdr *)lyr3h;
396 i4addr = use_dest ? &ip4h->daddr : &ip4h->saddr;
397 addr = ipvlan_ht_addr_lookup(port, i4addr, false);
402 unsigned char *arp_ptr;
405 arph = (struct arphdr *)lyr3h;
406 arp_ptr = (unsigned char *)(arph + 1);
408 arp_ptr += (2 * port->dev->addr_len) + 4;
410 arp_ptr += port->dev->addr_len;
412 memcpy(&dip, arp_ptr, 4);
413 addr = ipvlan_ht_addr_lookup(port, &dip, false);
421 static int ipvlan_process_v4_outbound(struct sk_buff *skb)
423 const struct iphdr *ip4h = ip_hdr(skb);
424 struct net_device *dev = skb->dev;
425 struct net *net = dev_net(dev);
427 int err, ret = NET_XMIT_DROP;
428 struct flowi4 fl4 = {
429 .flowi4_oif = dev->ifindex,
430 .flowi4_tos = RT_TOS(ip4h->tos),
431 .flowi4_flags = FLOWI_FLAG_ANYSRC,
432 .flowi4_mark = skb->mark,
433 .daddr = ip4h->daddr,
434 .saddr = ip4h->saddr,
437 rt = ip_route_output_flow(net, &fl4, NULL);
441 if (rt->rt_type != RTN_UNICAST && rt->rt_type != RTN_LOCAL) {
445 skb_dst_set(skb, &rt->dst);
446 err = ip_local_out(net, skb->sk, skb);
447 if (unlikely(net_xmit_eval(err)))
448 dev->stats.tx_errors++;
450 ret = NET_XMIT_SUCCESS;
453 dev->stats.tx_errors++;
459 #if IS_ENABLED(CONFIG_IPV6)
460 static int ipvlan_process_v6_outbound(struct sk_buff *skb)
462 const struct ipv6hdr *ip6h = ipv6_hdr(skb);
463 struct net_device *dev = skb->dev;
464 struct net *net = dev_net(dev);
465 struct dst_entry *dst;
466 int err, ret = NET_XMIT_DROP;
467 struct flowi6 fl6 = {
468 .flowi6_oif = dev->ifindex,
469 .daddr = ip6h->daddr,
470 .saddr = ip6h->saddr,
471 .flowi6_flags = FLOWI_FLAG_ANYSRC,
472 .flowlabel = ip6_flowinfo(ip6h),
473 .flowi6_mark = skb->mark,
474 .flowi6_proto = ip6h->nexthdr,
477 dst = ip6_route_output(net, NULL, &fl6);
483 skb_dst_set(skb, dst);
484 err = ip6_local_out(net, skb->sk, skb);
485 if (unlikely(net_xmit_eval(err)))
486 dev->stats.tx_errors++;
488 ret = NET_XMIT_SUCCESS;
491 dev->stats.tx_errors++;
497 static int ipvlan_process_v6_outbound(struct sk_buff *skb)
499 return NET_XMIT_DROP;
503 static int ipvlan_process_outbound(struct sk_buff *skb)
505 struct ethhdr *ethh = eth_hdr(skb);
506 int ret = NET_XMIT_DROP;
508 /* The ipvlan is a pseudo-L2 device, so the packets that we receive
509 * will have L2; which need to discarded and processed further
510 * in the net-ns of the main-device.
512 if (skb_mac_header_was_set(skb)) {
513 /* In this mode we dont care about
514 * multicast and broadcast traffic */
515 if (is_multicast_ether_addr(ethh->h_dest)) {
516 pr_debug_ratelimited(
517 "Dropped {multi|broad}cast of type=[%x]\n",
518 ntohs(skb->protocol));
523 skb_pull(skb, sizeof(*ethh));
524 skb->mac_header = (typeof(skb->mac_header))~0U;
525 skb_reset_network_header(skb);
528 if (skb->protocol == htons(ETH_P_IPV6))
529 ret = ipvlan_process_v6_outbound(skb);
530 else if (skb->protocol == htons(ETH_P_IP))
531 ret = ipvlan_process_v4_outbound(skb);
533 pr_warn_ratelimited("Dropped outbound packet type=%x\n",
534 ntohs(skb->protocol));
541 static void ipvlan_multicast_enqueue(struct ipvl_port *port,
542 struct sk_buff *skb, bool tx_pkt)
544 if (skb->protocol == htons(ETH_P_PAUSE)) {
549 /* Record that the deferred packet is from TX or RX path. By
550 * looking at mac-addresses on packet will lead to erronus decisions.
551 * (This would be true for a loopback-mode on master device or a
552 * hair-pin mode of the switch.)
554 IPVL_SKB_CB(skb)->tx_pkt = tx_pkt;
556 spin_lock(&port->backlog.lock);
557 if (skb_queue_len(&port->backlog) < IPVLAN_QBACKLOG_LIMIT) {
560 __skb_queue_tail(&port->backlog, skb);
561 spin_unlock(&port->backlog.lock);
562 schedule_work(&port->wq);
564 spin_unlock(&port->backlog.lock);
565 atomic_long_inc(&skb->dev->rx_dropped);
570 static int ipvlan_xmit_mode_l3(struct sk_buff *skb, struct net_device *dev)
572 const struct ipvl_dev *ipvlan = netdev_priv(dev);
574 struct ipvl_addr *addr;
577 lyr3h = ipvlan_get_L3_hdr(ipvlan->port, skb, &addr_type);
581 if (!ipvlan_is_vepa(ipvlan->port)) {
582 addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true);
584 if (ipvlan_is_private(ipvlan->port)) {
586 return NET_XMIT_DROP;
588 return ipvlan_rcv_frame(addr, &skb, true);
592 ipvlan_skb_crossing_ns(skb, ipvlan->phy_dev);
593 return ipvlan_process_outbound(skb);
596 static int ipvlan_xmit_mode_l2(struct sk_buff *skb, struct net_device *dev)
598 const struct ipvl_dev *ipvlan = netdev_priv(dev);
599 struct ethhdr *eth = eth_hdr(skb);
600 struct ipvl_addr *addr;
604 if (!ipvlan_is_vepa(ipvlan->port) &&
605 ether_addr_equal(eth->h_dest, eth->h_source)) {
606 lyr3h = ipvlan_get_L3_hdr(ipvlan->port, skb, &addr_type);
608 addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true);
610 if (ipvlan_is_private(ipvlan->port)) {
612 return NET_XMIT_DROP;
614 return ipvlan_rcv_frame(addr, &skb, true);
617 skb = skb_share_check(skb, GFP_ATOMIC);
619 return NET_XMIT_DROP;
621 /* Packet definitely does not belong to any of the
622 * virtual devices, but the dest is local. So forward
623 * the skb for the main-dev. At the RX side we just return
624 * RX_PASS for it to be processed further on the stack.
626 return dev_forward_skb(ipvlan->phy_dev, skb);
628 } else if (is_multicast_ether_addr(eth->h_dest)) {
629 ipvlan_skb_crossing_ns(skb, NULL);
630 ipvlan_multicast_enqueue(ipvlan->port, skb, true);
631 return NET_XMIT_SUCCESS;
634 skb->dev = ipvlan->phy_dev;
635 return dev_queue_xmit(skb);
638 int ipvlan_queue_xmit(struct sk_buff *skb, struct net_device *dev)
640 struct ipvl_dev *ipvlan = netdev_priv(dev);
641 struct ipvl_port *port = ipvlan_port_get_rcu_bh(ipvlan->phy_dev);
646 if (unlikely(!pskb_may_pull(skb, sizeof(struct ethhdr))))
651 return ipvlan_xmit_mode_l2(skb, dev);
653 case IPVLAN_MODE_L3S:
654 return ipvlan_xmit_mode_l3(skb, dev);
657 /* Should not reach here */
658 WARN_ONCE(true, "ipvlan_queue_xmit() called for mode = [%hx]\n",
662 return NET_XMIT_DROP;
665 static bool ipvlan_external_frame(struct sk_buff *skb, struct ipvl_port *port)
667 struct ethhdr *eth = eth_hdr(skb);
668 struct ipvl_addr *addr;
672 if (ether_addr_equal(eth->h_source, skb->dev->dev_addr)) {
673 lyr3h = ipvlan_get_L3_hdr(port, skb, &addr_type);
677 addr = ipvlan_addr_lookup(port, lyr3h, addr_type, false);
685 static rx_handler_result_t ipvlan_handle_mode_l3(struct sk_buff **pskb,
686 struct ipvl_port *port)
690 struct ipvl_addr *addr;
691 struct sk_buff *skb = *pskb;
692 rx_handler_result_t ret = RX_HANDLER_PASS;
694 lyr3h = ipvlan_get_L3_hdr(port, skb, &addr_type);
698 addr = ipvlan_addr_lookup(port, lyr3h, addr_type, true);
700 ret = ipvlan_rcv_frame(addr, pskb, false);
706 static rx_handler_result_t ipvlan_handle_mode_l2(struct sk_buff **pskb,
707 struct ipvl_port *port)
709 struct sk_buff *skb = *pskb;
710 struct ethhdr *eth = eth_hdr(skb);
711 rx_handler_result_t ret = RX_HANDLER_PASS;
713 if (is_multicast_ether_addr(eth->h_dest)) {
714 if (ipvlan_external_frame(skb, port)) {
715 struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC);
717 /* External frames are queued for device local
718 * distribution, but a copy is given to master
719 * straight away to avoid sending duplicates later
720 * when work-queue processes this frame. This is
721 * achieved by returning RX_HANDLER_PASS.
724 ipvlan_skb_crossing_ns(nskb, NULL);
725 ipvlan_multicast_enqueue(port, nskb, false);
729 /* Perform like l3 mode for non-multicast packet */
730 ret = ipvlan_handle_mode_l3(pskb, port);
736 rx_handler_result_t ipvlan_handle_frame(struct sk_buff **pskb)
738 struct sk_buff *skb = *pskb;
739 struct ipvl_port *port = ipvlan_port_get_rcu(skb->dev);
742 return RX_HANDLER_PASS;
744 switch (port->mode) {
746 return ipvlan_handle_mode_l2(pskb, port);
748 return ipvlan_handle_mode_l3(pskb, port);
749 case IPVLAN_MODE_L3S:
750 return RX_HANDLER_PASS;
753 /* Should not reach here */
754 WARN_ONCE(true, "ipvlan_handle_frame() called for mode = [%hx]\n",
757 return RX_HANDLER_CONSUMED;
760 static struct ipvl_addr *ipvlan_skb_to_addr(struct sk_buff *skb,
761 struct net_device *dev)
763 struct ipvl_addr *addr = NULL;
764 struct ipvl_port *port;
768 if (!dev || !netif_is_ipvlan_port(dev))
771 port = ipvlan_port_get_rcu(dev);
772 if (!port || port->mode != IPVLAN_MODE_L3S)
775 lyr3h = ipvlan_get_L3_hdr(port, skb, &addr_type);
779 addr = ipvlan_addr_lookup(port, lyr3h, addr_type, true);
784 struct sk_buff *ipvlan_l3_rcv(struct net_device *dev, struct sk_buff *skb,
787 struct ipvl_addr *addr;
788 struct net_device *sdev;
790 addr = ipvlan_skb_to_addr(skb, dev);
794 sdev = addr->master->dev;
799 struct iphdr *ip4h = ip_hdr(skb);
801 err = ip_route_input_noref(skb, ip4h->daddr, ip4h->saddr,
807 #if IS_ENABLED(CONFIG_IPV6)
810 struct dst_entry *dst;
811 struct ipv6hdr *ip6h = ipv6_hdr(skb);
812 int flags = RT6_LOOKUP_F_HAS_SADDR;
813 struct flowi6 fl6 = {
814 .flowi6_iif = sdev->ifindex,
815 .daddr = ip6h->daddr,
816 .saddr = ip6h->saddr,
817 .flowlabel = ip6_flowinfo(ip6h),
818 .flowi6_mark = skb->mark,
819 .flowi6_proto = ip6h->nexthdr,
823 dst = ip6_route_input_lookup(dev_net(sdev), sdev, &fl6,
825 skb_dst_set(skb, dst);
837 unsigned int ipvlan_nf_input(void *priv, struct sk_buff *skb,
838 const struct nf_hook_state *state)
840 struct ipvl_addr *addr;
843 addr = ipvlan_skb_to_addr(skb, skb->dev);
847 skb->dev = addr->master->dev;
848 len = skb->len + ETH_HLEN;
849 ipvlan_count_rx(addr->master, len, true, false);
projects / releases.git / blob