1 // SPDX-License-Identifier: GPL-2.0-only
3 * Vxlan vni filter for collect metadata mode
5 * Authors: Roopa Prabhu <roopa@nvidia.com>
9 #include <linux/kernel.h>
10 #include <linux/slab.h>
11 #include <linux/etherdevice.h>
12 #include <linux/rhashtable.h>
13 #include <net/rtnetlink.h>
14 #include <net/net_namespace.h>
16 #include <net/vxlan.h>
18 #include "vxlan_private.h"
20 static inline int vxlan_vni_cmp(struct rhashtable_compare_arg *arg,
23 const struct vxlan_vni_node *vnode = ptr;
24 __be32 vni = *(__be32 *)arg->key;
26 return vnode->vni != vni;
29 const struct rhashtable_params vxlan_vni_rht_params = {
30 .head_offset = offsetof(struct vxlan_vni_node, vnode),
31 .key_offset = offsetof(struct vxlan_vni_node, vni),
32 .key_len = sizeof(__be32),
34 .max_size = VXLAN_N_VID,
35 .obj_cmpfn = vxlan_vni_cmp,
36 .automatic_shrinking = true,
39 static void vxlan_vs_add_del_vninode(struct vxlan_dev *vxlan,
40 struct vxlan_vni_node *v,
43 struct vxlan_net *vn = net_generic(vxlan->net, vxlan_net_id);
44 struct vxlan_dev_node *node;
45 struct vxlan_sock *vs;
47 spin_lock(&vn->sock_lock);
49 if (!hlist_unhashed(&v->hlist4.hlist))
50 hlist_del_init_rcu(&v->hlist4.hlist);
51 #if IS_ENABLED(CONFIG_IPV6)
52 if (!hlist_unhashed(&v->hlist6.hlist))
53 hlist_del_init_rcu(&v->hlist6.hlist);
58 #if IS_ENABLED(CONFIG_IPV6)
59 vs = rtnl_dereference(vxlan->vn6_sock);
62 hlist_add_head_rcu(&node->hlist, vni_head(vs, v->vni));
65 vs = rtnl_dereference(vxlan->vn4_sock);
68 hlist_add_head_rcu(&node->hlist, vni_head(vs, v->vni));
71 spin_unlock(&vn->sock_lock);
74 void vxlan_vs_add_vnigrp(struct vxlan_dev *vxlan,
75 struct vxlan_sock *vs,
78 struct vxlan_net *vn = net_generic(vxlan->net, vxlan_net_id);
79 struct vxlan_vni_group *vg = rtnl_dereference(vxlan->vnigrp);
80 struct vxlan_vni_node *v, *tmp;
81 struct vxlan_dev_node *node;
86 spin_lock(&vn->sock_lock);
87 list_for_each_entry_safe(v, tmp, &vg->vni_list, vlist) {
88 #if IS_ENABLED(CONFIG_IPV6)
95 hlist_add_head_rcu(&node->hlist, vni_head(vs, v->vni));
97 spin_unlock(&vn->sock_lock);
100 void vxlan_vs_del_vnigrp(struct vxlan_dev *vxlan)
102 struct vxlan_vni_group *vg = rtnl_dereference(vxlan->vnigrp);
103 struct vxlan_net *vn = net_generic(vxlan->net, vxlan_net_id);
104 struct vxlan_vni_node *v, *tmp;
109 spin_lock(&vn->sock_lock);
110 list_for_each_entry_safe(v, tmp, &vg->vni_list, vlist) {
111 hlist_del_init_rcu(&v->hlist4.hlist);
112 #if IS_ENABLED(CONFIG_IPV6)
113 hlist_del_init_rcu(&v->hlist6.hlist);
116 spin_unlock(&vn->sock_lock);
119 static void vxlan_vnifilter_stats_get(const struct vxlan_vni_node *vninode,
120 struct vxlan_vni_stats *dest)
124 memset(dest, 0, sizeof(*dest));
125 for_each_possible_cpu(i) {
126 struct vxlan_vni_stats_pcpu *pstats;
127 struct vxlan_vni_stats temp;
130 pstats = per_cpu_ptr(vninode->stats, i);
132 start = u64_stats_fetch_begin(&pstats->syncp);
133 memcpy(&temp, &pstats->stats, sizeof(temp));
134 } while (u64_stats_fetch_retry(&pstats->syncp, start));
136 dest->rx_packets += temp.rx_packets;
137 dest->rx_bytes += temp.rx_bytes;
138 dest->rx_drops += temp.rx_drops;
139 dest->rx_errors += temp.rx_errors;
140 dest->tx_packets += temp.tx_packets;
141 dest->tx_bytes += temp.tx_bytes;
142 dest->tx_drops += temp.tx_drops;
143 dest->tx_errors += temp.tx_errors;
147 static void vxlan_vnifilter_stats_add(struct vxlan_vni_node *vninode,
148 int type, unsigned int len)
150 struct vxlan_vni_stats_pcpu *pstats = this_cpu_ptr(vninode->stats);
152 u64_stats_update_begin(&pstats->syncp);
154 case VXLAN_VNI_STATS_RX:
155 pstats->stats.rx_bytes += len;
156 pstats->stats.rx_packets++;
158 case VXLAN_VNI_STATS_RX_DROPS:
159 pstats->stats.rx_drops++;
161 case VXLAN_VNI_STATS_RX_ERRORS:
162 pstats->stats.rx_errors++;
164 case VXLAN_VNI_STATS_TX:
165 pstats->stats.tx_bytes += len;
166 pstats->stats.tx_packets++;
168 case VXLAN_VNI_STATS_TX_DROPS:
169 pstats->stats.tx_drops++;
171 case VXLAN_VNI_STATS_TX_ERRORS:
172 pstats->stats.tx_errors++;
175 u64_stats_update_end(&pstats->syncp);
178 void vxlan_vnifilter_count(struct vxlan_dev *vxlan, __be32 vni,
179 struct vxlan_vni_node *vninode,
180 int type, unsigned int len)
182 struct vxlan_vni_node *vnode;
184 if (!(vxlan->cfg.flags & VXLAN_F_VNIFILTER))
190 vnode = vxlan_vnifilter_lookup(vxlan, vni);
195 vxlan_vnifilter_stats_add(vnode, type, len);
198 static u32 vnirange(struct vxlan_vni_node *vbegin,
199 struct vxlan_vni_node *vend)
201 return (be32_to_cpu(vend->vni) - be32_to_cpu(vbegin->vni));
204 static size_t vxlan_vnifilter_entry_nlmsg_size(void)
206 return NLMSG_ALIGN(sizeof(struct tunnel_msg))
207 + nla_total_size(0) /* VXLAN_VNIFILTER_ENTRY */
208 + nla_total_size(sizeof(u32)) /* VXLAN_VNIFILTER_ENTRY_START */
209 + nla_total_size(sizeof(u32)) /* VXLAN_VNIFILTER_ENTRY_END */
210 + nla_total_size(sizeof(struct in6_addr));/* VXLAN_VNIFILTER_ENTRY_GROUP{6} */
213 static int __vnifilter_entry_fill_stats(struct sk_buff *skb,
214 const struct vxlan_vni_node *vbegin)
216 struct vxlan_vni_stats vstats;
217 struct nlattr *vstats_attr;
219 vstats_attr = nla_nest_start(skb, VXLAN_VNIFILTER_ENTRY_STATS);
223 vxlan_vnifilter_stats_get(vbegin, &vstats);
224 if (nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_RX_BYTES,
225 vstats.rx_bytes, VNIFILTER_ENTRY_STATS_PAD) ||
226 nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_RX_PKTS,
227 vstats.rx_packets, VNIFILTER_ENTRY_STATS_PAD) ||
228 nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_RX_DROPS,
229 vstats.rx_drops, VNIFILTER_ENTRY_STATS_PAD) ||
230 nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_RX_ERRORS,
231 vstats.rx_errors, VNIFILTER_ENTRY_STATS_PAD) ||
232 nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_TX_BYTES,
233 vstats.tx_bytes, VNIFILTER_ENTRY_STATS_PAD) ||
234 nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_TX_PKTS,
235 vstats.tx_packets, VNIFILTER_ENTRY_STATS_PAD) ||
236 nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_TX_DROPS,
237 vstats.tx_drops, VNIFILTER_ENTRY_STATS_PAD) ||
238 nla_put_u64_64bit(skb, VNIFILTER_ENTRY_STATS_TX_ERRORS,
239 vstats.tx_errors, VNIFILTER_ENTRY_STATS_PAD))
242 nla_nest_end(skb, vstats_attr);
247 nla_nest_cancel(skb, vstats_attr);
251 static bool vxlan_fill_vni_filter_entry(struct sk_buff *skb,
252 struct vxlan_vni_node *vbegin,
253 struct vxlan_vni_node *vend,
256 struct nlattr *ventry;
257 u32 vs = be32_to_cpu(vbegin->vni);
261 ve = be32_to_cpu(vend->vni);
263 ventry = nla_nest_start(skb, VXLAN_VNIFILTER_ENTRY);
267 if (nla_put_u32(skb, VXLAN_VNIFILTER_ENTRY_START, vs))
270 if (ve && nla_put_u32(skb, VXLAN_VNIFILTER_ENTRY_END, ve))
273 if (!vxlan_addr_any(&vbegin->remote_ip)) {
274 if (vbegin->remote_ip.sa.sa_family == AF_INET) {
275 if (nla_put_in_addr(skb, VXLAN_VNIFILTER_ENTRY_GROUP,
276 vbegin->remote_ip.sin.sin_addr.s_addr))
278 #if IS_ENABLED(CONFIG_IPV6)
280 if (nla_put_in6_addr(skb, VXLAN_VNIFILTER_ENTRY_GROUP6,
281 &vbegin->remote_ip.sin6.sin6_addr))
287 if (fill_stats && __vnifilter_entry_fill_stats(skb, vbegin))
290 nla_nest_end(skb, ventry);
295 nla_nest_cancel(skb, ventry);
300 static void vxlan_vnifilter_notify(const struct vxlan_dev *vxlan,
301 struct vxlan_vni_node *vninode, int cmd)
303 struct tunnel_msg *tmsg;
305 struct nlmsghdr *nlh;
306 struct net *net = dev_net(vxlan->dev);
309 skb = nlmsg_new(vxlan_vnifilter_entry_nlmsg_size(), GFP_KERNEL);
314 nlh = nlmsg_put(skb, 0, 0, cmd, sizeof(*tmsg), 0);
317 tmsg = nlmsg_data(nlh);
318 memset(tmsg, 0, sizeof(*tmsg));
319 tmsg->family = AF_BRIDGE;
320 tmsg->ifindex = vxlan->dev->ifindex;
322 if (!vxlan_fill_vni_filter_entry(skb, vninode, vninode, false))
326 rtnl_notify(skb, net, 0, RTNLGRP_TUNNEL, NULL, GFP_KERNEL);
331 rtnl_set_sk_err(net, RTNLGRP_TUNNEL, err);
336 static int vxlan_vnifilter_dump_dev(const struct net_device *dev,
338 struct netlink_callback *cb)
340 struct vxlan_vni_node *tmp, *v, *vbegin = NULL, *vend = NULL;
341 struct vxlan_dev *vxlan = netdev_priv(dev);
342 struct tunnel_msg *new_tmsg, *tmsg;
343 int idx = 0, s_idx = cb->args[1];
344 struct vxlan_vni_group *vg;
345 struct nlmsghdr *nlh;
349 if (!(vxlan->cfg.flags & VXLAN_F_VNIFILTER))
352 /* RCU needed because of the vni locking rules (rcu || rtnl) */
353 vg = rcu_dereference(vxlan->vnigrp);
354 if (!vg || !vg->num_vnis)
357 tmsg = nlmsg_data(cb->nlh);
358 dump_stats = !!(tmsg->flags & TUNNEL_MSG_FLAG_STATS);
360 nlh = nlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq,
361 RTM_NEWTUNNEL, sizeof(*new_tmsg), NLM_F_MULTI);
364 new_tmsg = nlmsg_data(nlh);
365 memset(new_tmsg, 0, sizeof(*new_tmsg));
366 new_tmsg->family = PF_BRIDGE;
367 new_tmsg->ifindex = dev->ifindex;
369 list_for_each_entry_safe(v, tmp, &vg->vni_list, vlist) {
379 if (!dump_stats && vnirange(vend, v) == 1 &&
380 vxlan_addr_equal(&v->remote_ip, &vend->remote_ip)) {
383 if (!vxlan_fill_vni_filter_entry(skb, vbegin, vend,
388 idx += vnirange(vbegin, vend) + 1;
395 if (!err && vbegin) {
396 if (!vxlan_fill_vni_filter_entry(skb, vbegin, vend, dump_stats))
400 cb->args[1] = err ? idx : 0;
407 static int vxlan_vnifilter_dump(struct sk_buff *skb, struct netlink_callback *cb)
409 int idx = 0, err = 0, s_idx = cb->args[0];
410 struct net *net = sock_net(skb->sk);
411 struct tunnel_msg *tmsg;
412 struct net_device *dev;
414 tmsg = nlmsg_data(cb->nlh);
416 if (tmsg->flags & ~TUNNEL_MSG_VALID_USER_FLAGS) {
417 NL_SET_ERR_MSG(cb->extack, "Invalid tunnelmsg flags in ancillary header");
423 dev = dev_get_by_index_rcu(net, tmsg->ifindex);
428 if (!netif_is_vxlan(dev)) {
429 NL_SET_ERR_MSG(cb->extack,
430 "The device is not a vxlan device");
434 err = vxlan_vnifilter_dump_dev(dev, skb, cb);
435 /* if the dump completed without an error we return 0 here */
436 if (err != -EMSGSIZE)
439 for_each_netdev_rcu(net, dev) {
440 if (!netif_is_vxlan(dev))
444 err = vxlan_vnifilter_dump_dev(dev, skb, cb);
445 if (err == -EMSGSIZE)
462 static const struct nla_policy vni_filter_entry_policy[VXLAN_VNIFILTER_ENTRY_MAX + 1] = {
463 [VXLAN_VNIFILTER_ENTRY_START] = { .type = NLA_U32 },
464 [VXLAN_VNIFILTER_ENTRY_END] = { .type = NLA_U32 },
465 [VXLAN_VNIFILTER_ENTRY_GROUP] = { .type = NLA_BINARY,
466 .len = sizeof_field(struct iphdr, daddr) },
467 [VXLAN_VNIFILTER_ENTRY_GROUP6] = { .type = NLA_BINARY,
468 .len = sizeof(struct in6_addr) },
471 static const struct nla_policy vni_filter_policy[VXLAN_VNIFILTER_MAX + 1] = {
472 [VXLAN_VNIFILTER_ENTRY] = { .type = NLA_NESTED },
475 static int vxlan_update_default_fdb_entry(struct vxlan_dev *vxlan, __be32 vni,
476 union vxlan_addr *old_remote_ip,
477 union vxlan_addr *remote_ip,
478 struct netlink_ext_ack *extack)
480 struct vxlan_rdst *dst = &vxlan->default_dst;
484 hash_index = fdb_head_index(vxlan, all_zeros_mac, vni);
485 spin_lock_bh(&vxlan->hash_lock[hash_index]);
486 if (remote_ip && !vxlan_addr_any(remote_ip)) {
487 err = vxlan_fdb_update(vxlan, all_zeros_mac,
489 NUD_REACHABLE | NUD_PERMANENT,
490 NLM_F_APPEND | NLM_F_CREATE,
495 NTF_SELF, 0, true, extack);
497 spin_unlock_bh(&vxlan->hash_lock[hash_index]);
502 if (old_remote_ip && !vxlan_addr_any(old_remote_ip)) {
503 __vxlan_fdb_delete(vxlan, all_zeros_mac,
510 spin_unlock_bh(&vxlan->hash_lock[hash_index]);
515 static int vxlan_vni_update_group(struct vxlan_dev *vxlan,
516 struct vxlan_vni_node *vninode,
517 union vxlan_addr *group,
518 bool create, bool *changed,
519 struct netlink_ext_ack *extack)
521 struct vxlan_net *vn = net_generic(vxlan->net, vxlan_net_id);
522 struct vxlan_rdst *dst = &vxlan->default_dst;
523 union vxlan_addr *newrip = NULL, *oldrip = NULL;
524 union vxlan_addr old_remote_ip;
527 memcpy(&old_remote_ip, &vninode->remote_ip, sizeof(old_remote_ip));
529 /* if per vni remote ip is not present use vxlan dev
530 * default dst remote ip for fdb entry
532 if (group && !vxlan_addr_any(group)) {
535 if (!vxlan_addr_any(&dst->remote_ip))
536 newrip = &dst->remote_ip;
539 /* if old rip exists, and no newrip,
540 * explicitly delete old rip
542 if (!newrip && !vxlan_addr_any(&old_remote_ip))
543 oldrip = &old_remote_ip;
545 if (!newrip && !oldrip)
548 if (!create && oldrip && newrip && vxlan_addr_equal(oldrip, newrip))
551 ret = vxlan_update_default_fdb_entry(vxlan, vninode->vni,
558 memcpy(&vninode->remote_ip, group, sizeof(vninode->remote_ip));
560 if (vxlan->dev->flags & IFF_UP) {
561 if (vxlan_addr_multicast(&old_remote_ip) &&
562 !vxlan_group_used(vn, vxlan, vninode->vni,
564 vxlan->default_dst.remote_ifindex)) {
565 ret = vxlan_igmp_leave(vxlan, &old_remote_ip,
571 if (vxlan_addr_multicast(&vninode->remote_ip)) {
572 ret = vxlan_igmp_join(vxlan, &vninode->remote_ip, 0);
573 if (ret == -EADDRINUSE)
587 int vxlan_vnilist_update_group(struct vxlan_dev *vxlan,
588 union vxlan_addr *old_remote_ip,
589 union vxlan_addr *new_remote_ip,
590 struct netlink_ext_ack *extack)
592 struct list_head *headp, *hpos;
593 struct vxlan_vni_group *vg;
594 struct vxlan_vni_node *vent;
597 vg = rtnl_dereference(vxlan->vnigrp);
599 headp = &vg->vni_list;
600 list_for_each_prev(hpos, headp) {
601 vent = list_entry(hpos, struct vxlan_vni_node, vlist);
602 if (vxlan_addr_any(&vent->remote_ip)) {
603 ret = vxlan_update_default_fdb_entry(vxlan, vent->vni,
615 static void vxlan_vni_delete_group(struct vxlan_dev *vxlan,
616 struct vxlan_vni_node *vninode)
618 struct vxlan_net *vn = net_generic(vxlan->net, vxlan_net_id);
619 struct vxlan_rdst *dst = &vxlan->default_dst;
621 /* if per vni remote_ip not present, delete the
622 * default dst remote_ip previously added for this vni
624 if (!vxlan_addr_any(&vninode->remote_ip) ||
625 !vxlan_addr_any(&dst->remote_ip))
626 __vxlan_fdb_delete(vxlan, all_zeros_mac,
627 (vxlan_addr_any(&vninode->remote_ip) ?
628 dst->remote_ip : vninode->remote_ip),
630 vninode->vni, vninode->vni,
634 if (vxlan->dev->flags & IFF_UP) {
635 if (vxlan_addr_multicast(&vninode->remote_ip) &&
636 !vxlan_group_used(vn, vxlan, vninode->vni,
638 dst->remote_ifindex)) {
639 vxlan_igmp_leave(vxlan, &vninode->remote_ip, 0);
644 static int vxlan_vni_update(struct vxlan_dev *vxlan,
645 struct vxlan_vni_group *vg,
646 __be32 vni, union vxlan_addr *group,
648 struct netlink_ext_ack *extack)
650 struct vxlan_vni_node *vninode;
653 vninode = rhashtable_lookup_fast(&vg->vni_hash, &vni,
654 vxlan_vni_rht_params);
658 ret = vxlan_vni_update_group(vxlan, vninode, group, false, changed,
664 vxlan_vnifilter_notify(vxlan, vninode, RTM_NEWTUNNEL);
669 static void __vxlan_vni_add_list(struct vxlan_vni_group *vg,
670 struct vxlan_vni_node *v)
672 struct list_head *headp, *hpos;
673 struct vxlan_vni_node *vent;
675 headp = &vg->vni_list;
676 list_for_each_prev(hpos, headp) {
677 vent = list_entry(hpos, struct vxlan_vni_node, vlist);
678 if (be32_to_cpu(v->vni) < be32_to_cpu(vent->vni))
683 list_add_rcu(&v->vlist, hpos);
687 static void __vxlan_vni_del_list(struct vxlan_vni_group *vg,
688 struct vxlan_vni_node *v)
690 list_del_rcu(&v->vlist);
694 static struct vxlan_vni_node *vxlan_vni_alloc(struct vxlan_dev *vxlan,
697 struct vxlan_vni_node *vninode;
699 vninode = kzalloc(sizeof(*vninode), GFP_KERNEL);
702 vninode->stats = netdev_alloc_pcpu_stats(struct vxlan_vni_stats_pcpu);
703 if (!vninode->stats) {
708 vninode->hlist4.vxlan = vxlan;
709 #if IS_ENABLED(CONFIG_IPV6)
710 vninode->hlist6.vxlan = vxlan;
716 static void vxlan_vni_free(struct vxlan_vni_node *vninode)
718 free_percpu(vninode->stats);
722 static int vxlan_vni_add(struct vxlan_dev *vxlan,
723 struct vxlan_vni_group *vg,
724 u32 vni, union vxlan_addr *group,
725 struct netlink_ext_ack *extack)
727 struct vxlan_vni_node *vninode;
728 __be32 v = cpu_to_be32(vni);
729 bool changed = false;
732 if (vxlan_vnifilter_lookup(vxlan, v))
733 return vxlan_vni_update(vxlan, vg, v, group, &changed, extack);
735 err = vxlan_vni_in_use(vxlan->net, vxlan, &vxlan->cfg, v);
737 NL_SET_ERR_MSG(extack, "VNI in use");
741 vninode = vxlan_vni_alloc(vxlan, v);
745 err = rhashtable_lookup_insert_fast(&vg->vni_hash,
747 vxlan_vni_rht_params);
749 vxlan_vni_free(vninode);
753 __vxlan_vni_add_list(vg, vninode);
755 if (vxlan->dev->flags & IFF_UP)
756 vxlan_vs_add_del_vninode(vxlan, vninode, false);
758 err = vxlan_vni_update_group(vxlan, vninode, group, true, &changed,
762 vxlan_vnifilter_notify(vxlan, vninode, RTM_NEWTUNNEL);
767 static void vxlan_vni_node_rcu_free(struct rcu_head *rcu)
769 struct vxlan_vni_node *v;
771 v = container_of(rcu, struct vxlan_vni_node, rcu);
775 static int vxlan_vni_del(struct vxlan_dev *vxlan,
776 struct vxlan_vni_group *vg,
777 u32 vni, struct netlink_ext_ack *extack)
779 struct vxlan_vni_node *vninode;
780 __be32 v = cpu_to_be32(vni);
783 vg = rtnl_dereference(vxlan->vnigrp);
785 vninode = rhashtable_lookup_fast(&vg->vni_hash, &v,
786 vxlan_vni_rht_params);
792 vxlan_vni_delete_group(vxlan, vninode);
794 err = rhashtable_remove_fast(&vg->vni_hash,
796 vxlan_vni_rht_params);
800 __vxlan_vni_del_list(vg, vninode);
802 vxlan_vnifilter_notify(vxlan, vninode, RTM_DELTUNNEL);
804 if (vxlan->dev->flags & IFF_UP)
805 vxlan_vs_add_del_vninode(vxlan, vninode, true);
807 call_rcu(&vninode->rcu, vxlan_vni_node_rcu_free);
814 static int vxlan_vni_add_del(struct vxlan_dev *vxlan, __u32 start_vni,
815 __u32 end_vni, union vxlan_addr *group,
816 int cmd, struct netlink_ext_ack *extack)
818 struct vxlan_vni_group *vg;
821 vg = rtnl_dereference(vxlan->vnigrp);
823 for (v = start_vni; v <= end_vni; v++) {
826 err = vxlan_vni_add(vxlan, vg, v, group, extack);
829 err = vxlan_vni_del(vxlan, vg, v, extack);
844 static int vxlan_process_vni_filter(struct vxlan_dev *vxlan,
845 struct nlattr *nlvnifilter,
846 int cmd, struct netlink_ext_ack *extack)
848 struct nlattr *vattrs[VXLAN_VNIFILTER_ENTRY_MAX + 1];
849 u32 vni_start = 0, vni_end = 0;
850 union vxlan_addr group;
853 err = nla_parse_nested(vattrs,
854 VXLAN_VNIFILTER_ENTRY_MAX,
855 nlvnifilter, vni_filter_entry_policy,
860 if (vattrs[VXLAN_VNIFILTER_ENTRY_START]) {
861 vni_start = nla_get_u32(vattrs[VXLAN_VNIFILTER_ENTRY_START]);
865 if (vattrs[VXLAN_VNIFILTER_ENTRY_END])
866 vni_end = nla_get_u32(vattrs[VXLAN_VNIFILTER_ENTRY_END]);
868 if (!vni_start && !vni_end) {
869 NL_SET_ERR_MSG_ATTR(extack, nlvnifilter,
870 "vni start nor end found in vni entry");
874 if (vattrs[VXLAN_VNIFILTER_ENTRY_GROUP]) {
875 group.sin.sin_addr.s_addr =
876 nla_get_in_addr(vattrs[VXLAN_VNIFILTER_ENTRY_GROUP]);
877 group.sa.sa_family = AF_INET;
878 } else if (vattrs[VXLAN_VNIFILTER_ENTRY_GROUP6]) {
879 group.sin6.sin6_addr =
880 nla_get_in6_addr(vattrs[VXLAN_VNIFILTER_ENTRY_GROUP6]);
881 group.sa.sa_family = AF_INET6;
883 memset(&group, 0, sizeof(group));
886 if (vxlan_addr_multicast(&group) && !vxlan->default_dst.remote_ifindex) {
887 NL_SET_ERR_MSG(extack,
888 "Local interface required for multicast remote group");
893 err = vxlan_vni_add_del(vxlan, vni_start, vni_end, &group, cmd,
901 void vxlan_vnigroup_uninit(struct vxlan_dev *vxlan)
903 struct vxlan_vni_node *v, *tmp;
904 struct vxlan_vni_group *vg;
906 vg = rtnl_dereference(vxlan->vnigrp);
907 list_for_each_entry_safe(v, tmp, &vg->vni_list, vlist) {
908 rhashtable_remove_fast(&vg->vni_hash, &v->vnode,
909 vxlan_vni_rht_params);
910 hlist_del_init_rcu(&v->hlist4.hlist);
911 #if IS_ENABLED(CONFIG_IPV6)
912 hlist_del_init_rcu(&v->hlist6.hlist);
914 __vxlan_vni_del_list(vg, v);
915 vxlan_vnifilter_notify(vxlan, v, RTM_DELTUNNEL);
916 call_rcu(&v->rcu, vxlan_vni_node_rcu_free);
918 rhashtable_destroy(&vg->vni_hash);
922 int vxlan_vnigroup_init(struct vxlan_dev *vxlan)
924 struct vxlan_vni_group *vg;
927 vg = kzalloc(sizeof(*vg), GFP_KERNEL);
930 ret = rhashtable_init(&vg->vni_hash, &vxlan_vni_rht_params);
935 INIT_LIST_HEAD(&vg->vni_list);
936 rcu_assign_pointer(vxlan->vnigrp, vg);
941 static int vxlan_vnifilter_process(struct sk_buff *skb, struct nlmsghdr *nlh,
942 struct netlink_ext_ack *extack)
944 struct net *net = sock_net(skb->sk);
945 struct tunnel_msg *tmsg;
946 struct vxlan_dev *vxlan;
947 struct net_device *dev;
952 /* this should validate the header and check for remaining bytes */
953 err = nlmsg_parse(nlh, sizeof(*tmsg), NULL, VXLAN_VNIFILTER_MAX,
954 vni_filter_policy, extack);
958 tmsg = nlmsg_data(nlh);
959 dev = __dev_get_by_index(net, tmsg->ifindex);
963 if (!netif_is_vxlan(dev)) {
964 NL_SET_ERR_MSG_MOD(extack, "The device is not a vxlan device");
968 vxlan = netdev_priv(dev);
970 if (!(vxlan->cfg.flags & VXLAN_F_VNIFILTER))
973 nlmsg_for_each_attr(attr, nlh, sizeof(*tmsg), rem) {
974 switch (nla_type(attr)) {
975 case VXLAN_VNIFILTER_ENTRY:
976 err = vxlan_process_vni_filter(vxlan, attr,
977 nlh->nlmsg_type, extack);
988 NL_SET_ERR_MSG_MOD(extack, "No vnis found to process");
995 void vxlan_vnifilter_init(void)
997 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_GETTUNNEL, NULL,
998 vxlan_vnifilter_dump, 0);
999 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_NEWTUNNEL,
1000 vxlan_vnifilter_process, NULL, 0);
1001 rtnl_register_module(THIS_MODULE, PF_BRIDGE, RTM_DELTUNNEL,
1002 vxlan_vnifilter_process, NULL, 0);
1005 void vxlan_vnifilter_uninit(void)
1007 rtnl_unregister(PF_BRIDGE, RTM_GETTUNNEL);
1008 rtnl_unregister(PF_BRIDGE, RTM_NEWTUNNEL);
1009 rtnl_unregister(PF_BRIDGE, RTM_DELTUNNEL);
projects / releases.git / blob