1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * SR-IPv6 implementation
6 * David Lebrun <david.lebrun@uclouvain.be>
7 * eBPF support: Mathieu Xhonneux <m.xhonneux@gmail.com>
10 #include <linux/filter.h>
11 #include <linux/types.h>
12 #include <linux/skbuff.h>
13 #include <linux/net.h>
14 #include <linux/module.h>
16 #include <net/lwtunnel.h>
17 #include <net/netevent.h>
18 #include <net/netns/generic.h>
19 #include <net/ip6_fib.h>
20 #include <net/route.h>
22 #include <linux/seg6.h>
23 #include <linux/seg6_local.h>
24 #include <net/addrconf.h>
25 #include <net/ip6_route.h>
26 #include <net/dst_cache.h>
27 #include <net/ip_tunnels.h>
28 #ifdef CONFIG_IPV6_SEG6_HMAC
29 #include <net/seg6_hmac.h>
31 #include <net/seg6_local.h>
32 #include <linux/etherdevice.h>
33 #include <linux/bpf.h>
34 #include <linux/netfilter.h>
36 #define SEG6_F_ATTR(i) BIT(i)
38 struct seg6_local_lwt;
40 /* callbacks used for customizing the creation and destruction of a behavior */
41 struct seg6_local_lwtunnel_ops {
42 int (*build_state)(struct seg6_local_lwt *slwt, const void *cfg,
43 struct netlink_ext_ack *extack);
44 void (*destroy_state)(struct seg6_local_lwt *slwt);
47 struct seg6_action_desc {
51 /* The optattrs field is used for specifying all the optional
52 * attributes supported by a specific behavior.
53 * It means that if one of these attributes is not provided in the
54 * netlink message during the behavior creation, no errors will be
55 * returned to the userspace.
57 * Each attribute can be only of two types (mutually exclusive):
58 * 1) required or 2) optional.
59 * Every user MUST obey to this rule! If you set an attribute as
60 * required the same attribute CANNOT be set as optional and vice
63 unsigned long optattrs;
65 int (*input)(struct sk_buff *skb, struct seg6_local_lwt *slwt);
68 struct seg6_local_lwtunnel_ops slwt_ops;
72 struct bpf_prog *prog;
76 /* default length values (expressed in bits) for both Locator-Block and
77 * Locator-Node Function.
79 * Both SEG6_LOCAL_LCBLOCK_DBITS and SEG6_LOCAL_LCNODE_FN_DBITS *must* be:
81 * ii) evenly divisible by 8. In other terms, the lengths of the
82 * Locator-Block and Locator-Node Function must be byte-aligned (we can
83 * relax this constraint in the future if really needed).
85 * Moreover, a third condition must hold:
86 * iii) SEG6_LOCAL_LCBLOCK_DBITS + SEG6_LOCAL_LCNODE_FN_DBITS <= 128.
88 * The correctness of SEG6_LOCAL_LCBLOCK_DBITS and SEG6_LOCAL_LCNODE_FN_DBITS
89 * values are checked during the kernel compilation. If the compilation stops,
90 * check the value of these parameters to see if they meet conditions (i), (ii)
93 #define SEG6_LOCAL_LCBLOCK_DBITS 32
94 #define SEG6_LOCAL_LCNODE_FN_DBITS 16
96 /* The following next_csid_chk_{cntr,lcblock,lcblock_fn}_bits macros can be
97 * used directly to check whether the lengths (in bits) of Locator-Block and
98 * Locator-Node Function are valid according to (i), (ii), (iii).
100 #define next_csid_chk_cntr_bits(blen, flen) \
101 ((blen) + (flen) > 128)
103 #define next_csid_chk_lcblock_bits(blen) \
105 typeof(blen) __tmp = blen; \
106 (!__tmp || __tmp > 120 || (__tmp & 0x07)); \
109 #define next_csid_chk_lcnode_fn_bits(flen) \
110 next_csid_chk_lcblock_bits(flen)
112 /* flag indicating that flavors are set up for a given End* behavior */
113 #define SEG6_F_LOCAL_FLAVORS SEG6_F_ATTR(SEG6_LOCAL_FLAVORS)
115 #define SEG6_F_LOCAL_FLV_OP(flvname) BIT(SEG6_LOCAL_FLV_OP_##flvname)
116 #define SEG6_F_LOCAL_FLV_NEXT_CSID SEG6_F_LOCAL_FLV_OP(NEXT_CSID)
117 #define SEG6_F_LOCAL_FLV_PSP SEG6_F_LOCAL_FLV_OP(PSP)
119 /* Supported RFC8986 Flavor operations are reported in this bitmask */
120 #define SEG6_LOCAL_FLV8986_SUPP_OPS SEG6_F_LOCAL_FLV_PSP
122 #define SEG6_LOCAL_END_FLV_SUPP_OPS (SEG6_F_LOCAL_FLV_NEXT_CSID | \
123 SEG6_LOCAL_FLV8986_SUPP_OPS)
124 #define SEG6_LOCAL_END_X_FLV_SUPP_OPS SEG6_F_LOCAL_FLV_NEXT_CSID
126 struct seg6_flavors_info {
127 /* Flavor operations */
130 /* Locator-Block length, expressed in bits */
132 /* Locator-Node Function length, expressed in bits*/
133 __u8 lcnode_func_bits;
136 enum seg6_end_dt_mode {
137 DT_INVALID_MODE = -EINVAL,
142 struct seg6_end_dt_info {
143 enum seg6_end_dt_mode mode;
146 /* VRF device associated to the routing table used by the SRv6
147 * End.DT4/DT6 behavior for routing IPv4/IPv6 packets.
152 /* tunneled packet family (IPv4 or IPv6).
153 * Protocol and header length are inferred from family.
158 struct pcpu_seg6_local_counters {
163 struct u64_stats_sync syncp;
166 /* This struct groups all the SRv6 Behavior counters supported so far.
168 * put_nla_counters() makes use of this data structure to collect all counter
169 * values after the per-CPU counter evaluation has been performed.
170 * Finally, each counter value (in seg6_local_counters) is stored in the
171 * corresponding netlink attribute and sent to user space.
173 * NB: we don't want to expose this structure to user space!
175 struct seg6_local_counters {
181 #define seg6_local_alloc_pcpu_counters(__gfp) \
182 __netdev_alloc_pcpu_stats(struct pcpu_seg6_local_counters, \
183 ((__gfp) | __GFP_ZERO))
185 #define SEG6_F_LOCAL_COUNTERS SEG6_F_ATTR(SEG6_LOCAL_COUNTERS)
187 struct seg6_local_lwt {
189 struct ipv6_sr_hdr *srh;
195 struct bpf_lwt_prog bpf;
196 #ifdef CONFIG_NET_L3_MASTER_DEV
197 struct seg6_end_dt_info dt_info;
199 struct seg6_flavors_info flv_info;
201 struct pcpu_seg6_local_counters __percpu *pcpu_counters;
204 struct seg6_action_desc *desc;
205 /* unlike the required attrs, we have to track the optional attributes
206 * that have been effectively parsed.
208 unsigned long parsed_optattrs;
211 static struct seg6_local_lwt *seg6_local_lwtunnel(struct lwtunnel_state *lwt)
213 return (struct seg6_local_lwt *)lwt->data;
216 static struct ipv6_sr_hdr *get_and_validate_srh(struct sk_buff *skb)
218 struct ipv6_sr_hdr *srh;
220 srh = seg6_get_srh(skb, IP6_FH_F_SKIP_RH);
224 #ifdef CONFIG_IPV6_SEG6_HMAC
225 if (!seg6_hmac_validate_skb(skb))
232 static bool decap_and_validate(struct sk_buff *skb, int proto)
234 struct ipv6_sr_hdr *srh;
235 unsigned int off = 0;
237 srh = seg6_get_srh(skb, 0);
238 if (srh && srh->segments_left > 0)
241 #ifdef CONFIG_IPV6_SEG6_HMAC
242 if (srh && !seg6_hmac_validate_skb(skb))
246 if (ipv6_find_hdr(skb, &off, proto, NULL, NULL) < 0)
249 if (!pskb_pull(skb, off))
252 skb_postpull_rcsum(skb, skb_network_header(skb), off);
254 skb_reset_network_header(skb);
255 skb_reset_transport_header(skb);
256 if (iptunnel_pull_offloads(skb))
262 static void advance_nextseg(struct ipv6_sr_hdr *srh, struct in6_addr *daddr)
264 struct in6_addr *addr;
266 srh->segments_left--;
267 addr = srh->segments + srh->segments_left;
272 seg6_lookup_any_nexthop(struct sk_buff *skb, struct in6_addr *nhaddr,
273 u32 tbl_id, bool local_delivery)
275 struct net *net = dev_net(skb->dev);
276 struct ipv6hdr *hdr = ipv6_hdr(skb);
277 int flags = RT6_LOOKUP_F_HAS_SADDR;
278 struct dst_entry *dst = NULL;
283 memset(&fl6, 0, sizeof(fl6));
284 fl6.flowi6_iif = skb->dev->ifindex;
285 fl6.daddr = nhaddr ? *nhaddr : hdr->daddr;
286 fl6.saddr = hdr->saddr;
287 fl6.flowlabel = ip6_flowinfo(hdr);
288 fl6.flowi6_mark = skb->mark;
289 fl6.flowi6_proto = hdr->nexthdr;
292 fl6.flowi6_flags = FLOWI_FLAG_KNOWN_NH;
295 dst = ip6_route_input_lookup(net, skb->dev, &fl6, skb, flags);
297 struct fib6_table *table;
299 table = fib6_get_table(net, tbl_id);
303 rt = ip6_pol_route(net, table, 0, &fl6, skb, flags);
307 /* we want to discard traffic destined for local packet processing,
308 * if @local_delivery is set to false.
311 dev_flags |= IFF_LOOPBACK;
313 if (dst && (dst->dev->flags & dev_flags) && !dst->error) {
320 rt = net->ipv6.ip6_blk_hole_entry;
326 skb_dst_set(skb, dst);
330 int seg6_lookup_nexthop(struct sk_buff *skb,
331 struct in6_addr *nhaddr, u32 tbl_id)
333 return seg6_lookup_any_nexthop(skb, nhaddr, tbl_id, false);
336 static __u8 seg6_flv_lcblock_octects(const struct seg6_flavors_info *finfo)
338 return finfo->lcblock_bits >> 3;
341 static __u8 seg6_flv_lcnode_func_octects(const struct seg6_flavors_info *finfo)
343 return finfo->lcnode_func_bits >> 3;
346 static bool seg6_next_csid_is_arg_zero(const struct in6_addr *addr,
347 const struct seg6_flavors_info *finfo)
349 __u8 fnc_octects = seg6_flv_lcnode_func_octects(finfo);
350 __u8 blk_octects = seg6_flv_lcblock_octects(finfo);
354 arg_octects = 16 - blk_octects - fnc_octects;
355 for (i = 0; i < arg_octects; ++i) {
356 if (addr->s6_addr[blk_octects + fnc_octects + i] != 0x00)
363 /* assume that DA.Argument length > 0 */
364 static void seg6_next_csid_advance_arg(struct in6_addr *addr,
365 const struct seg6_flavors_info *finfo)
367 __u8 fnc_octects = seg6_flv_lcnode_func_octects(finfo);
368 __u8 blk_octects = seg6_flv_lcblock_octects(finfo);
370 /* advance DA.Argument */
371 memmove(&addr->s6_addr[blk_octects],
372 &addr->s6_addr[blk_octects + fnc_octects],
373 16 - blk_octects - fnc_octects);
375 memset(&addr->s6_addr[16 - fnc_octects], 0x00, fnc_octects);
378 static int input_action_end_finish(struct sk_buff *skb,
379 struct seg6_local_lwt *slwt)
381 seg6_lookup_nexthop(skb, NULL, 0);
383 return dst_input(skb);
386 static int input_action_end_core(struct sk_buff *skb,
387 struct seg6_local_lwt *slwt)
389 struct ipv6_sr_hdr *srh;
391 srh = get_and_validate_srh(skb);
395 advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
397 return input_action_end_finish(skb, slwt);
404 static int end_next_csid_core(struct sk_buff *skb, struct seg6_local_lwt *slwt)
406 const struct seg6_flavors_info *finfo = &slwt->flv_info;
407 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
409 if (seg6_next_csid_is_arg_zero(daddr, finfo))
410 return input_action_end_core(skb, slwt);
413 seg6_next_csid_advance_arg(daddr, finfo);
415 return input_action_end_finish(skb, slwt);
418 static int input_action_end_x_finish(struct sk_buff *skb,
419 struct seg6_local_lwt *slwt)
421 seg6_lookup_nexthop(skb, &slwt->nh6, 0);
423 return dst_input(skb);
426 static int input_action_end_x_core(struct sk_buff *skb,
427 struct seg6_local_lwt *slwt)
429 struct ipv6_sr_hdr *srh;
431 srh = get_and_validate_srh(skb);
435 advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
437 return input_action_end_x_finish(skb, slwt);
444 static int end_x_next_csid_core(struct sk_buff *skb,
445 struct seg6_local_lwt *slwt)
447 const struct seg6_flavors_info *finfo = &slwt->flv_info;
448 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
450 if (seg6_next_csid_is_arg_zero(daddr, finfo))
451 return input_action_end_x_core(skb, slwt);
454 seg6_next_csid_advance_arg(daddr, finfo);
456 return input_action_end_x_finish(skb, slwt);
459 static bool seg6_next_csid_enabled(__u32 fops)
461 return fops & SEG6_F_LOCAL_FLV_NEXT_CSID;
464 /* Processing of SRv6 End, End.X, and End.T behaviors can be extended through
465 * the flavors framework. These behaviors must report the subset of (flavor)
466 * operations they currently implement. In this way, if a user specifies a
467 * flavor combination that is not supported by a given End* behavior, the
468 * kernel refuses to instantiate the tunnel reporting the error.
470 static int seg6_flv_supp_ops_by_action(int action, __u32 *fops)
473 case SEG6_LOCAL_ACTION_END:
474 *fops = SEG6_LOCAL_END_FLV_SUPP_OPS;
476 case SEG6_LOCAL_ACTION_END_X:
477 *fops = SEG6_LOCAL_END_X_FLV_SUPP_OPS;
486 /* We describe the packet state in relation to the absence/presence of the SRH
487 * and the Segment Left (SL) field.
488 * For our purposes, it is not necessary to record the exact value of the SL
489 * when the SID List consists of two or more segments.
491 enum seg6_local_pktinfo {
492 /* the order really matters! */
493 SEG6_LOCAL_PKTINFO_NOHDR = 0,
494 SEG6_LOCAL_PKTINFO_SL_ZERO,
495 SEG6_LOCAL_PKTINFO_SL_ONE,
496 SEG6_LOCAL_PKTINFO_SL_MORE,
497 __SEG6_LOCAL_PKTINFO_MAX,
500 #define SEG6_LOCAL_PKTINFO_MAX (__SEG6_LOCAL_PKTINFO_MAX - 1)
502 static enum seg6_local_pktinfo seg6_get_srh_pktinfo(struct ipv6_sr_hdr *srh)
507 return SEG6_LOCAL_PKTINFO_NOHDR;
509 sgl = srh->segments_left;
511 return SEG6_LOCAL_PKTINFO_SL_ZERO + sgl;
513 return SEG6_LOCAL_PKTINFO_SL_MORE;
516 enum seg6_local_flv_action {
517 SEG6_LOCAL_FLV_ACT_UNSPEC = 0,
518 SEG6_LOCAL_FLV_ACT_END,
519 SEG6_LOCAL_FLV_ACT_PSP,
520 SEG6_LOCAL_FLV_ACT_USP,
521 SEG6_LOCAL_FLV_ACT_USD,
522 __SEG6_LOCAL_FLV_ACT_MAX
525 #define SEG6_LOCAL_FLV_ACT_MAX (__SEG6_LOCAL_FLV_ACT_MAX - 1)
527 /* The action table for RFC8986 flavors (see the flv8986_act_tbl below)
528 * contains the actions (i.e. processing operations) to be applied on packets
529 * when flavors are configured for an End* behavior.
530 * By combining the pkinfo data and from the flavors mask, the macro
531 * computes the index used to access the elements (actions) stored in the
532 * action table. The index is structured as follows:
535 * _______________/\________________
537 * +----------------+----------------+
539 * +----------------+----------------+
540 * ph-1 ... p1 p0 fk-1 ... f1 f0
544 * - 'afm' (adjusted flavor mask) is the mask containing a combination of the
545 * RFC8986 flavors currently supported. 'afm' corresponds to the @fm
546 * argument of the macro whose value is righ-shifted by 1 bit. By doing so,
547 * we discard the SEG6_LOCAL_FLV_OP_UNSPEC flag (bit 0 in @fm) which is
549 * - 'pf' encodes the packet info (pktinfo) regarding the presence/absence of
550 * the SRH, SL = 0, etc. 'pf' is set with the value of @pf provided as
551 * argument to the macro.
553 #define flv8986_act_tbl_idx(pf, fm) \
554 ((((pf) << bits_per(SEG6_LOCAL_FLV8986_SUPP_OPS)) | \
555 ((fm) & SEG6_LOCAL_FLV8986_SUPP_OPS)) >> SEG6_LOCAL_FLV_OP_PSP)
557 /* We compute the size of the action table by considering the RFC8986 flavors
558 * actually supported by the kernel. In this way, the size is automatically
559 * adjusted when new flavors are supported.
561 #define FLV8986_ACT_TBL_SIZE \
562 roundup_pow_of_two(flv8986_act_tbl_idx(SEG6_LOCAL_PKTINFO_MAX, \
563 SEG6_LOCAL_FLV8986_SUPP_OPS))
565 /* tbl_cfg(act, pf, fm) macro is used to easily configure the action
566 * table; it accepts 3 arguments:
567 * i) @act, the suffix from SEG6_LOCAL_FLV_ACT_{act} representing
568 * the action that should be applied on the packet;
569 * ii) @pf, the suffix from SEG6_LOCAL_PKTINFO_{pf} reporting the packet
570 * info about the lack/presence of SRH, SRH with SL = 0, etc;
571 * iii) @fm, the mask of flavors.
573 #define tbl_cfg(act, pf, fm) \
574 [flv8986_act_tbl_idx(SEG6_LOCAL_PKTINFO_##pf, \
575 (fm))] = SEG6_LOCAL_FLV_ACT_##act
577 /* shorthand for improving readability */
578 #define F_PSP SEG6_F_LOCAL_FLV_PSP
580 /* The table contains, for each combination of the pktinfo data and
581 * flavors, the action that should be taken on a packet (e.g.
582 * "standard" Endpoint processing, Penultimate Segment Pop, etc).
584 * By default, table entries not explicitly configured are initialized with the
585 * SEG6_LOCAL_FLV_ACT_UNSPEC action, which generally has the effect of
586 * discarding the processed packet.
588 static const u8 flv8986_act_tbl[FLV8986_ACT_TBL_SIZE] = {
589 /* PSP variant for packet where SRH with SL = 1 */
590 tbl_cfg(PSP, SL_ONE, F_PSP),
591 /* End for packet where the SRH with SL > 1*/
592 tbl_cfg(END, SL_MORE, F_PSP),
598 /* For each flavor defined in RFC8986 (or a combination of them) an action is
599 * performed on the packet. The specific action depends on:
600 * - info extracted from the packet (i.e. pktinfo data) regarding the
601 * lack/presence of the SRH, and if the SRH is available, on the value of
602 * Segment Left field;
603 * - the mask of flavors configured for the specific SRv6 End* behavior.
605 * The function combines both the pkinfo and the flavors mask to evaluate the
606 * corresponding action to be taken on the packet.
608 static enum seg6_local_flv_action
609 seg6_local_flv8986_act_lookup(enum seg6_local_pktinfo pinfo, __u32 flvmask)
613 /* check if the provided mask of flavors is supported */
614 if (unlikely(flvmask & ~SEG6_LOCAL_FLV8986_SUPP_OPS))
615 return SEG6_LOCAL_FLV_ACT_UNSPEC;
617 index = flv8986_act_tbl_idx(pinfo, flvmask);
618 if (unlikely(index >= FLV8986_ACT_TBL_SIZE))
619 return SEG6_LOCAL_FLV_ACT_UNSPEC;
621 return flv8986_act_tbl[index];
624 /* skb->data must be aligned with skb->network_header */
625 static bool seg6_pop_srh(struct sk_buff *skb, int srhoff)
627 struct ipv6_sr_hdr *srh;
634 if (unlikely(srhoff < sizeof(*iph) ||
635 !pskb_may_pull(skb, srhoff + sizeof(*srh))))
638 srh = (struct ipv6_sr_hdr *)(skb->data + srhoff);
639 srhlen = ipv6_optlen(srh);
641 /* we are about to mangle the pkt, let's check if we can write on it */
642 if (unlikely(skb_ensure_writable(skb, srhoff + srhlen)))
645 /* skb_ensure_writable() may change skb pointers; evaluate srh again */
646 srh = (struct ipv6_sr_hdr *)(skb->data + srhoff);
647 srh_nexthdr = srh->nexthdr;
649 if (unlikely(!skb_transport_header_was_set(skb)))
652 nhlen = skb_network_header_len(skb);
653 /* we have to deal with the transport header: it could be set before
654 * the SRH, after the SRH, or within it (which is considered wrong,
657 if (likely(nhlen <= srhoff))
659 else if (nhlen >= srhoff + srhlen)
660 /* transport_header is set after the SRH */
661 thoff = nhlen - srhlen;
663 /* transport_header falls inside the SRH; hence, we can't
664 * restore the transport_header pointer properly after
665 * SRH removing operation.
669 /* we need to pop the SRH:
670 * 1) first of all, we pull out everything from IPv6 header up to SRH
671 * (included) evaluating also the rcsum;
672 * 2) we overwrite (and then remove) the SRH by properly moving the
673 * IPv6 along with any extension header that precedes the SRH;
674 * 3) At the end, we push back the pulled headers (except for SRH,
677 skb_pull_rcsum(skb, srhoff + srhlen);
678 memmove(skb_network_header(skb) + srhlen, skb_network_header(skb),
680 skb_push(skb, srhoff);
682 skb_reset_network_header(skb);
683 skb_mac_header_rebuild(skb);
684 if (likely(thoff >= 0))
685 skb_set_transport_header(skb, thoff);
688 if (iph->nexthdr == NEXTHDR_ROUTING) {
689 iph->nexthdr = srh_nexthdr;
691 /* we must look for the extension header (EXTH, for short) that
692 * immediately precedes the SRH we have just removed.
693 * Then, we update the value of the EXTH nexthdr with the one
694 * contained in the SRH nexthdr.
696 unsigned int off = sizeof(*iph);
697 struct ipv6_opt_hdr *hp, _hdr;
698 __u8 nexthdr = iph->nexthdr;
701 if (unlikely(!ipv6_ext_hdr(nexthdr) ||
702 nexthdr == NEXTHDR_NONE))
705 hp = skb_header_pointer(skb, off, sizeof(_hdr), &_hdr);
709 if (hp->nexthdr == NEXTHDR_ROUTING) {
710 hp->nexthdr = srh_nexthdr;
715 case NEXTHDR_FRAGMENT:
718 /* we expect SRH before FRAG and AUTH */
721 off += ipv6_optlen(hp);
725 nexthdr = hp->nexthdr;
729 iph->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
731 skb_postpush_rcsum(skb, iph, srhoff);
736 /* process the packet on the basis of the RFC8986 flavors set for the given
737 * SRv6 End behavior instance.
739 static int end_flv8986_core(struct sk_buff *skb, struct seg6_local_lwt *slwt)
741 const struct seg6_flavors_info *finfo = &slwt->flv_info;
742 enum seg6_local_flv_action action;
743 enum seg6_local_pktinfo pinfo;
744 struct ipv6_sr_hdr *srh;
748 srh = seg6_get_srh(skb, 0);
749 srhoff = srh ? ((unsigned char *)srh - skb->data) : 0;
750 pinfo = seg6_get_srh_pktinfo(srh);
751 #ifdef CONFIG_IPV6_SEG6_HMAC
752 if (srh && !seg6_hmac_validate_skb(skb))
755 flvmask = finfo->flv_ops;
756 if (unlikely(flvmask & ~SEG6_LOCAL_FLV8986_SUPP_OPS)) {
757 pr_warn_once("seg6local: invalid RFC8986 flavors\n");
761 /* retrieve the action triggered by the combination of pktinfo data and
764 action = seg6_local_flv8986_act_lookup(pinfo, flvmask);
766 case SEG6_LOCAL_FLV_ACT_END:
767 /* process the packet as the "standard" End behavior */
768 advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
770 case SEG6_LOCAL_FLV_ACT_PSP:
771 advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
773 if (unlikely(!seg6_pop_srh(skb, srhoff)))
776 case SEG6_LOCAL_FLV_ACT_UNSPEC:
779 /* by default, we drop the packet since we could not find a
785 return input_action_end_finish(skb, slwt);
792 /* regular endpoint function */
793 static int input_action_end(struct sk_buff *skb, struct seg6_local_lwt *slwt)
795 const struct seg6_flavors_info *finfo = &slwt->flv_info;
796 __u32 fops = finfo->flv_ops;
799 return input_action_end_core(skb, slwt);
801 /* check for the presence of NEXT-C-SID since it applies first */
802 if (seg6_next_csid_enabled(fops))
803 return end_next_csid_core(skb, slwt);
805 /* the specific processing function to be performed on the packet
806 * depends on the combination of flavors defined in RFC8986 and some
807 * information extracted from the packet, e.g. presence/absence of SRH,
808 * Segment Left = 0, etc.
810 return end_flv8986_core(skb, slwt);
813 /* regular endpoint, and forward to specified nexthop */
814 static int input_action_end_x(struct sk_buff *skb, struct seg6_local_lwt *slwt)
816 const struct seg6_flavors_info *finfo = &slwt->flv_info;
817 __u32 fops = finfo->flv_ops;
819 /* check for the presence of NEXT-C-SID since it applies first */
820 if (seg6_next_csid_enabled(fops))
821 return end_x_next_csid_core(skb, slwt);
823 return input_action_end_x_core(skb, slwt);
826 static int input_action_end_t(struct sk_buff *skb, struct seg6_local_lwt *slwt)
828 struct ipv6_sr_hdr *srh;
830 srh = get_and_validate_srh(skb);
834 advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
836 seg6_lookup_nexthop(skb, NULL, slwt->table);
838 return dst_input(skb);
845 /* decapsulate and forward inner L2 frame on specified interface */
846 static int input_action_end_dx2(struct sk_buff *skb,
847 struct seg6_local_lwt *slwt)
849 struct net *net = dev_net(skb->dev);
850 struct net_device *odev;
853 if (!decap_and_validate(skb, IPPROTO_ETHERNET))
856 if (!pskb_may_pull(skb, ETH_HLEN))
859 skb_reset_mac_header(skb);
860 eth = (struct ethhdr *)skb->data;
862 /* To determine the frame's protocol, we assume it is 802.3. This avoids
863 * a call to eth_type_trans(), which is not really relevant for our
866 if (!eth_proto_is_802_3(eth->h_proto))
869 odev = dev_get_by_index_rcu(net, slwt->oif);
873 /* As we accept Ethernet frames, make sure the egress device is of
876 if (odev->type != ARPHRD_ETHER)
879 if (!(odev->flags & IFF_UP) || !netif_carrier_ok(odev))
884 if (skb_warn_if_lro(skb))
887 skb_forward_csum(skb);
889 if (skb->len - ETH_HLEN > odev->mtu)
893 skb->protocol = eth->h_proto;
895 return dev_queue_xmit(skb);
902 static int input_action_end_dx6_finish(struct net *net, struct sock *sk,
905 struct dst_entry *orig_dst = skb_dst(skb);
906 struct in6_addr *nhaddr = NULL;
907 struct seg6_local_lwt *slwt;
909 slwt = seg6_local_lwtunnel(orig_dst->lwtstate);
911 /* The inner packet is not associated to any local interface,
912 * so we do not call netif_rx().
914 * If slwt->nh6 is set to ::, then lookup the nexthop for the
915 * inner packet's DA. Otherwise, use the specified nexthop.
917 if (!ipv6_addr_any(&slwt->nh6))
920 seg6_lookup_nexthop(skb, nhaddr, 0);
922 return dst_input(skb);
925 /* decapsulate and forward to specified nexthop */
926 static int input_action_end_dx6(struct sk_buff *skb,
927 struct seg6_local_lwt *slwt)
929 /* this function accepts IPv6 encapsulated packets, with either
930 * an SRH with SL=0, or no SRH.
933 if (!decap_and_validate(skb, IPPROTO_IPV6))
936 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
939 skb_set_transport_header(skb, sizeof(struct ipv6hdr));
942 if (static_branch_unlikely(&nf_hooks_lwtunnel_enabled))
943 return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING,
944 dev_net(skb->dev), NULL, skb, NULL,
945 skb_dst(skb)->dev, input_action_end_dx6_finish);
947 return input_action_end_dx6_finish(dev_net(skb->dev), NULL, skb);
953 static int input_action_end_dx4_finish(struct net *net, struct sock *sk,
956 struct dst_entry *orig_dst = skb_dst(skb);
957 struct seg6_local_lwt *slwt;
962 slwt = seg6_local_lwtunnel(orig_dst->lwtstate);
966 nhaddr = slwt->nh4.s_addr ?: iph->daddr;
970 err = ip_route_input(skb, nhaddr, iph->saddr, 0, skb->dev);
976 return dst_input(skb);
979 static int input_action_end_dx4(struct sk_buff *skb,
980 struct seg6_local_lwt *slwt)
982 if (!decap_and_validate(skb, IPPROTO_IPIP))
985 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
988 skb->protocol = htons(ETH_P_IP);
989 skb_set_transport_header(skb, sizeof(struct iphdr));
992 if (static_branch_unlikely(&nf_hooks_lwtunnel_enabled))
993 return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING,
994 dev_net(skb->dev), NULL, skb, NULL,
995 skb_dst(skb)->dev, input_action_end_dx4_finish);
997 return input_action_end_dx4_finish(dev_net(skb->dev), NULL, skb);
1003 #ifdef CONFIG_NET_L3_MASTER_DEV
1004 static struct net *fib6_config_get_net(const struct fib6_config *fib6_cfg)
1006 const struct nl_info *nli = &fib6_cfg->fc_nlinfo;
1011 static int __seg6_end_dt_vrf_build(struct seg6_local_lwt *slwt, const void *cfg,
1012 u16 family, struct netlink_ext_ack *extack)
1014 struct seg6_end_dt_info *info = &slwt->dt_info;
1018 net = fib6_config_get_net(cfg);
1020 /* note that vrf_table was already set by parse_nla_vrftable() */
1021 vrf_ifindex = l3mdev_ifindex_lookup_by_table_id(L3MDEV_TYPE_VRF, net,
1023 if (vrf_ifindex < 0) {
1024 if (vrf_ifindex == -EPERM) {
1025 NL_SET_ERR_MSG(extack,
1026 "Strict mode for VRF is disabled");
1027 } else if (vrf_ifindex == -ENODEV) {
1028 NL_SET_ERR_MSG(extack,
1029 "Table has no associated VRF device");
1031 pr_debug("seg6local: SRv6 End.DT* creation error=%d\n",
1039 info->vrf_ifindex = vrf_ifindex;
1041 info->family = family;
1042 info->mode = DT_VRF_MODE;
1047 /* The SRv6 End.DT4/DT6 behavior extracts the inner (IPv4/IPv6) packet and
1048 * routes the IPv4/IPv6 packet by looking at the configured routing table.
1050 * In the SRv6 End.DT4/DT6 use case, we can receive traffic (IPv6+Segment
1051 * Routing Header packets) from several interfaces and the outer IPv6
1052 * destination address (DA) is used for retrieving the specific instance of the
1053 * End.DT4/DT6 behavior that should process the packets.
1055 * However, the inner IPv4/IPv6 packet is not really bound to any receiving
1056 * interface and thus the End.DT4/DT6 sets the VRF (associated with the
1057 * corresponding routing table) as the *receiving* interface.
1058 * In other words, the End.DT4/DT6 processes a packet as if it has been received
1059 * directly by the VRF (and not by one of its slave devices, if any).
1060 * In this way, the VRF interface is used for routing the IPv4/IPv6 packet in
1061 * according to the routing table configured by the End.DT4/DT6 instance.
1063 * This design allows you to get some interesting features like:
1064 * 1) the statistics on rx packets;
1065 * 2) the possibility to install a packet sniffer on the receiving interface
1066 * (the VRF one) for looking at the incoming packets;
1067 * 3) the possibility to leverage the netfilter prerouting hook for the inner
1070 * This function returns:
1071 * - the sk_buff* when the VRF rcv handler has processed the packet correctly;
1072 * - NULL when the skb is consumed by the VRF rcv handler;
1073 * - a pointer which encodes a negative error number in case of error.
1074 * Note that in this case, the function takes care of freeing the skb.
1076 static struct sk_buff *end_dt_vrf_rcv(struct sk_buff *skb, u16 family,
1077 struct net_device *dev)
1079 /* based on l3mdev_ip_rcv; we are only interested in the master */
1080 if (unlikely(!netif_is_l3_master(dev) && !netif_has_l3_rx_handler(dev)))
1083 if (unlikely(!dev->l3mdev_ops->l3mdev_l3_rcv))
1086 /* the decap packet IPv4/IPv6 does not come with any mac header info.
1087 * We must unset the mac header to allow the VRF device to rebuild it,
1088 * just in case there is a sniffer attached on the device.
1090 skb_unset_mac_header(skb);
1092 skb = dev->l3mdev_ops->l3mdev_l3_rcv(dev, skb, family);
1094 /* the skb buffer was consumed by the handler */
1097 /* when a packet is received by a VRF or by one of its slaves, the
1098 * master device reference is set into the skb.
1100 if (unlikely(skb->dev != dev || skb->skb_iif != dev->ifindex))
1107 return ERR_PTR(-EINVAL);
1110 static struct net_device *end_dt_get_vrf_rcu(struct sk_buff *skb,
1111 struct seg6_end_dt_info *info)
1113 int vrf_ifindex = info->vrf_ifindex;
1114 struct net *net = info->net;
1116 if (unlikely(vrf_ifindex < 0))
1119 if (unlikely(!net_eq(dev_net(skb->dev), net)))
1122 return dev_get_by_index_rcu(net, vrf_ifindex);
1128 static struct sk_buff *end_dt_vrf_core(struct sk_buff *skb,
1129 struct seg6_local_lwt *slwt, u16 family)
1131 struct seg6_end_dt_info *info = &slwt->dt_info;
1132 struct net_device *vrf;
1136 vrf = end_dt_get_vrf_rcu(skb, info);
1142 protocol = htons(ETH_P_IP);
1143 hdrlen = sizeof(struct iphdr);
1146 protocol = htons(ETH_P_IPV6);
1147 hdrlen = sizeof(struct ipv6hdr);
1155 if (unlikely(info->family != AF_UNSPEC && info->family != family)) {
1156 pr_warn_once("seg6local: SRv6 End.DT* family mismatch");
1160 skb->protocol = protocol;
1164 skb_set_transport_header(skb, hdrlen);
1167 return end_dt_vrf_rcv(skb, family, vrf);
1171 return ERR_PTR(-EINVAL);
1174 static int input_action_end_dt4(struct sk_buff *skb,
1175 struct seg6_local_lwt *slwt)
1180 if (!decap_and_validate(skb, IPPROTO_IPIP))
1183 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
1186 skb = end_dt_vrf_core(skb, slwt, AF_INET);
1188 /* packet has been processed and consumed by the VRF */
1192 return PTR_ERR(skb);
1196 err = ip_route_input(skb, iph->daddr, iph->saddr, 0, skb->dev);
1200 return dst_input(skb);
1207 static int seg6_end_dt4_build(struct seg6_local_lwt *slwt, const void *cfg,
1208 struct netlink_ext_ack *extack)
1210 return __seg6_end_dt_vrf_build(slwt, cfg, AF_INET, extack);
1214 seg6_end_dt_mode seg6_end_dt6_parse_mode(struct seg6_local_lwt *slwt)
1216 unsigned long parsed_optattrs = slwt->parsed_optattrs;
1217 bool legacy, vrfmode;
1219 legacy = !!(parsed_optattrs & SEG6_F_ATTR(SEG6_LOCAL_TABLE));
1220 vrfmode = !!(parsed_optattrs & SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE));
1222 if (!(legacy ^ vrfmode))
1223 /* both are absent or present: invalid DT6 mode */
1224 return DT_INVALID_MODE;
1226 return legacy ? DT_LEGACY_MODE : DT_VRF_MODE;
1229 static enum seg6_end_dt_mode seg6_end_dt6_get_mode(struct seg6_local_lwt *slwt)
1231 struct seg6_end_dt_info *info = &slwt->dt_info;
1236 static int seg6_end_dt6_build(struct seg6_local_lwt *slwt, const void *cfg,
1237 struct netlink_ext_ack *extack)
1239 enum seg6_end_dt_mode mode = seg6_end_dt6_parse_mode(slwt);
1240 struct seg6_end_dt_info *info = &slwt->dt_info;
1243 case DT_LEGACY_MODE:
1244 info->mode = DT_LEGACY_MODE;
1247 return __seg6_end_dt_vrf_build(slwt, cfg, AF_INET6, extack);
1249 NL_SET_ERR_MSG(extack, "table or vrftable must be specified");
1255 static int input_action_end_dt6(struct sk_buff *skb,
1256 struct seg6_local_lwt *slwt)
1258 if (!decap_and_validate(skb, IPPROTO_IPV6))
1261 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
1264 #ifdef CONFIG_NET_L3_MASTER_DEV
1265 if (seg6_end_dt6_get_mode(slwt) == DT_LEGACY_MODE)
1269 skb = end_dt_vrf_core(skb, slwt, AF_INET6);
1271 /* packet has been processed and consumed by the VRF */
1275 return PTR_ERR(skb);
1277 /* note: this time we do not need to specify the table because the VRF
1278 * takes care of selecting the correct table.
1280 seg6_lookup_any_nexthop(skb, NULL, 0, true);
1282 return dst_input(skb);
1286 skb_set_transport_header(skb, sizeof(struct ipv6hdr));
1288 seg6_lookup_any_nexthop(skb, NULL, slwt->table, true);
1290 return dst_input(skb);
1297 #ifdef CONFIG_NET_L3_MASTER_DEV
1298 static int seg6_end_dt46_build(struct seg6_local_lwt *slwt, const void *cfg,
1299 struct netlink_ext_ack *extack)
1301 return __seg6_end_dt_vrf_build(slwt, cfg, AF_UNSPEC, extack);
1304 static int input_action_end_dt46(struct sk_buff *skb,
1305 struct seg6_local_lwt *slwt)
1307 unsigned int off = 0;
1310 nexthdr = ipv6_find_hdr(skb, &off, -1, NULL, NULL);
1311 if (unlikely(nexthdr < 0))
1316 return input_action_end_dt4(skb, slwt);
1318 return input_action_end_dt6(skb, slwt);
1327 /* push an SRH on top of the current one */
1328 static int input_action_end_b6(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1330 struct ipv6_sr_hdr *srh;
1333 srh = get_and_validate_srh(skb);
1337 err = seg6_do_srh_inline(skb, slwt->srh);
1341 skb_set_transport_header(skb, sizeof(struct ipv6hdr));
1343 seg6_lookup_nexthop(skb, NULL, 0);
1345 return dst_input(skb);
1352 /* encapsulate within an outer IPv6 header and a specified SRH */
1353 static int input_action_end_b6_encap(struct sk_buff *skb,
1354 struct seg6_local_lwt *slwt)
1356 struct ipv6_sr_hdr *srh;
1359 srh = get_and_validate_srh(skb);
1363 advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
1365 skb_reset_inner_headers(skb);
1366 skb->encapsulation = 1;
1368 err = seg6_do_srh_encap(skb, slwt->srh, IPPROTO_IPV6);
1372 skb_set_transport_header(skb, sizeof(struct ipv6hdr));
1374 seg6_lookup_nexthop(skb, NULL, 0);
1376 return dst_input(skb);
1383 DEFINE_PER_CPU(struct seg6_bpf_srh_state, seg6_bpf_srh_states);
1385 bool seg6_bpf_has_valid_srh(struct sk_buff *skb)
1387 struct seg6_bpf_srh_state *srh_state =
1388 this_cpu_ptr(&seg6_bpf_srh_states);
1389 struct ipv6_sr_hdr *srh = srh_state->srh;
1391 if (unlikely(srh == NULL))
1394 if (unlikely(!srh_state->valid)) {
1395 if ((srh_state->hdrlen & 7) != 0)
1398 srh->hdrlen = (u8)(srh_state->hdrlen >> 3);
1399 if (!seg6_validate_srh(srh, (srh->hdrlen + 1) << 3, true))
1402 srh_state->valid = true;
1408 static int input_action_end_bpf(struct sk_buff *skb,
1409 struct seg6_local_lwt *slwt)
1411 struct seg6_bpf_srh_state *srh_state =
1412 this_cpu_ptr(&seg6_bpf_srh_states);
1413 struct ipv6_sr_hdr *srh;
1416 srh = get_and_validate_srh(skb);
1421 advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
1423 /* preempt_disable is needed to protect the per-CPU buffer srh_state,
1424 * which is also accessed by the bpf_lwt_seg6_* helpers
1427 srh_state->srh = srh;
1428 srh_state->hdrlen = srh->hdrlen << 3;
1429 srh_state->valid = true;
1432 bpf_compute_data_pointers(skb);
1433 ret = bpf_prog_run_save_cb(slwt->bpf.prog, skb);
1443 pr_warn_once("bpf-seg6local: Illegal return value %u\n", ret);
1447 if (srh_state->srh && !seg6_bpf_has_valid_srh(skb))
1451 if (ret != BPF_REDIRECT)
1452 seg6_lookup_nexthop(skb, NULL, 0);
1454 return dst_input(skb);
1462 static struct seg6_action_desc seg6_action_table[] = {
1464 .action = SEG6_LOCAL_ACTION_END,
1466 .optattrs = SEG6_F_LOCAL_COUNTERS |
1467 SEG6_F_LOCAL_FLAVORS,
1468 .input = input_action_end,
1471 .action = SEG6_LOCAL_ACTION_END_X,
1472 .attrs = SEG6_F_ATTR(SEG6_LOCAL_NH6),
1473 .optattrs = SEG6_F_LOCAL_COUNTERS |
1474 SEG6_F_LOCAL_FLAVORS,
1475 .input = input_action_end_x,
1478 .action = SEG6_LOCAL_ACTION_END_T,
1479 .attrs = SEG6_F_ATTR(SEG6_LOCAL_TABLE),
1480 .optattrs = SEG6_F_LOCAL_COUNTERS,
1481 .input = input_action_end_t,
1484 .action = SEG6_LOCAL_ACTION_END_DX2,
1485 .attrs = SEG6_F_ATTR(SEG6_LOCAL_OIF),
1486 .optattrs = SEG6_F_LOCAL_COUNTERS,
1487 .input = input_action_end_dx2,
1490 .action = SEG6_LOCAL_ACTION_END_DX6,
1491 .attrs = SEG6_F_ATTR(SEG6_LOCAL_NH6),
1492 .optattrs = SEG6_F_LOCAL_COUNTERS,
1493 .input = input_action_end_dx6,
1496 .action = SEG6_LOCAL_ACTION_END_DX4,
1497 .attrs = SEG6_F_ATTR(SEG6_LOCAL_NH4),
1498 .optattrs = SEG6_F_LOCAL_COUNTERS,
1499 .input = input_action_end_dx4,
1502 .action = SEG6_LOCAL_ACTION_END_DT4,
1503 .attrs = SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE),
1504 .optattrs = SEG6_F_LOCAL_COUNTERS,
1505 #ifdef CONFIG_NET_L3_MASTER_DEV
1506 .input = input_action_end_dt4,
1508 .build_state = seg6_end_dt4_build,
1513 .action = SEG6_LOCAL_ACTION_END_DT6,
1514 #ifdef CONFIG_NET_L3_MASTER_DEV
1516 .optattrs = SEG6_F_LOCAL_COUNTERS |
1517 SEG6_F_ATTR(SEG6_LOCAL_TABLE) |
1518 SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE),
1520 .build_state = seg6_end_dt6_build,
1523 .attrs = SEG6_F_ATTR(SEG6_LOCAL_TABLE),
1524 .optattrs = SEG6_F_LOCAL_COUNTERS,
1526 .input = input_action_end_dt6,
1529 .action = SEG6_LOCAL_ACTION_END_DT46,
1530 .attrs = SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE),
1531 .optattrs = SEG6_F_LOCAL_COUNTERS,
1532 #ifdef CONFIG_NET_L3_MASTER_DEV
1533 .input = input_action_end_dt46,
1535 .build_state = seg6_end_dt46_build,
1540 .action = SEG6_LOCAL_ACTION_END_B6,
1541 .attrs = SEG6_F_ATTR(SEG6_LOCAL_SRH),
1542 .optattrs = SEG6_F_LOCAL_COUNTERS,
1543 .input = input_action_end_b6,
1546 .action = SEG6_LOCAL_ACTION_END_B6_ENCAP,
1547 .attrs = SEG6_F_ATTR(SEG6_LOCAL_SRH),
1548 .optattrs = SEG6_F_LOCAL_COUNTERS,
1549 .input = input_action_end_b6_encap,
1550 .static_headroom = sizeof(struct ipv6hdr),
1553 .action = SEG6_LOCAL_ACTION_END_BPF,
1554 .attrs = SEG6_F_ATTR(SEG6_LOCAL_BPF),
1555 .optattrs = SEG6_F_LOCAL_COUNTERS,
1556 .input = input_action_end_bpf,
1561 static struct seg6_action_desc *__get_action_desc(int action)
1563 struct seg6_action_desc *desc;
1566 count = ARRAY_SIZE(seg6_action_table);
1567 for (i = 0; i < count; i++) {
1568 desc = &seg6_action_table[i];
1569 if (desc->action == action)
1576 static bool seg6_lwtunnel_counters_enabled(struct seg6_local_lwt *slwt)
1578 return slwt->parsed_optattrs & SEG6_F_LOCAL_COUNTERS;
1581 static void seg6_local_update_counters(struct seg6_local_lwt *slwt,
1582 unsigned int len, int err)
1584 struct pcpu_seg6_local_counters *pcounters;
1586 pcounters = this_cpu_ptr(slwt->pcpu_counters);
1587 u64_stats_update_begin(&pcounters->syncp);
1590 u64_stats_inc(&pcounters->packets);
1591 u64_stats_add(&pcounters->bytes, len);
1593 u64_stats_inc(&pcounters->errors);
1596 u64_stats_update_end(&pcounters->syncp);
1599 static int seg6_local_input_core(struct net *net, struct sock *sk,
1600 struct sk_buff *skb)
1602 struct dst_entry *orig_dst = skb_dst(skb);
1603 struct seg6_action_desc *desc;
1604 struct seg6_local_lwt *slwt;
1605 unsigned int len = skb->len;
1608 slwt = seg6_local_lwtunnel(orig_dst->lwtstate);
1611 rc = desc->input(skb, slwt);
1613 if (!seg6_lwtunnel_counters_enabled(slwt))
1616 seg6_local_update_counters(slwt, len, rc);
1621 static int seg6_local_input(struct sk_buff *skb)
1623 if (skb->protocol != htons(ETH_P_IPV6)) {
1628 if (static_branch_unlikely(&nf_hooks_lwtunnel_enabled))
1629 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_IN,
1630 dev_net(skb->dev), NULL, skb, skb->dev, NULL,
1631 seg6_local_input_core);
1633 return seg6_local_input_core(dev_net(skb->dev), NULL, skb);
1636 static const struct nla_policy seg6_local_policy[SEG6_LOCAL_MAX + 1] = {
1637 [SEG6_LOCAL_ACTION] = { .type = NLA_U32 },
1638 [SEG6_LOCAL_SRH] = { .type = NLA_BINARY },
1639 [SEG6_LOCAL_TABLE] = { .type = NLA_U32 },
1640 [SEG6_LOCAL_VRFTABLE] = { .type = NLA_U32 },
1641 [SEG6_LOCAL_NH4] = { .type = NLA_BINARY,
1642 .len = sizeof(struct in_addr) },
1643 [SEG6_LOCAL_NH6] = { .type = NLA_BINARY,
1644 .len = sizeof(struct in6_addr) },
1645 [SEG6_LOCAL_IIF] = { .type = NLA_U32 },
1646 [SEG6_LOCAL_OIF] = { .type = NLA_U32 },
1647 [SEG6_LOCAL_BPF] = { .type = NLA_NESTED },
1648 [SEG6_LOCAL_COUNTERS] = { .type = NLA_NESTED },
1649 [SEG6_LOCAL_FLAVORS] = { .type = NLA_NESTED },
1652 static int parse_nla_srh(struct nlattr **attrs, struct seg6_local_lwt *slwt,
1653 struct netlink_ext_ack *extack)
1655 struct ipv6_sr_hdr *srh;
1658 srh = nla_data(attrs[SEG6_LOCAL_SRH]);
1659 len = nla_len(attrs[SEG6_LOCAL_SRH]);
1661 /* SRH must contain at least one segment */
1662 if (len < sizeof(*srh) + sizeof(struct in6_addr))
1665 if (!seg6_validate_srh(srh, len, false))
1668 slwt->srh = kmemdup(srh, len, GFP_KERNEL);
1672 slwt->headroom += len;
1677 static int put_nla_srh(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1679 struct ipv6_sr_hdr *srh;
1684 len = (srh->hdrlen + 1) << 3;
1686 nla = nla_reserve(skb, SEG6_LOCAL_SRH, len);
1690 memcpy(nla_data(nla), srh, len);
1695 static int cmp_nla_srh(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1697 int len = (a->srh->hdrlen + 1) << 3;
1699 if (len != ((b->srh->hdrlen + 1) << 3))
1702 return memcmp(a->srh, b->srh, len);
1705 static void destroy_attr_srh(struct seg6_local_lwt *slwt)
1710 static int parse_nla_table(struct nlattr **attrs, struct seg6_local_lwt *slwt,
1711 struct netlink_ext_ack *extack)
1713 slwt->table = nla_get_u32(attrs[SEG6_LOCAL_TABLE]);
1718 static int put_nla_table(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1720 if (nla_put_u32(skb, SEG6_LOCAL_TABLE, slwt->table))
1726 static int cmp_nla_table(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1728 if (a->table != b->table)
1735 seg6_end_dt_info *seg6_possible_end_dt_info(struct seg6_local_lwt *slwt)
1737 #ifdef CONFIG_NET_L3_MASTER_DEV
1738 return &slwt->dt_info;
1740 return ERR_PTR(-EOPNOTSUPP);
1744 static int parse_nla_vrftable(struct nlattr **attrs,
1745 struct seg6_local_lwt *slwt,
1746 struct netlink_ext_ack *extack)
1748 struct seg6_end_dt_info *info = seg6_possible_end_dt_info(slwt);
1751 return PTR_ERR(info);
1753 info->vrf_table = nla_get_u32(attrs[SEG6_LOCAL_VRFTABLE]);
1758 static int put_nla_vrftable(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1760 struct seg6_end_dt_info *info = seg6_possible_end_dt_info(slwt);
1763 return PTR_ERR(info);
1765 if (nla_put_u32(skb, SEG6_LOCAL_VRFTABLE, info->vrf_table))
1771 static int cmp_nla_vrftable(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1773 struct seg6_end_dt_info *info_a = seg6_possible_end_dt_info(a);
1774 struct seg6_end_dt_info *info_b = seg6_possible_end_dt_info(b);
1776 if (info_a->vrf_table != info_b->vrf_table)
1782 static int parse_nla_nh4(struct nlattr **attrs, struct seg6_local_lwt *slwt,
1783 struct netlink_ext_ack *extack)
1785 memcpy(&slwt->nh4, nla_data(attrs[SEG6_LOCAL_NH4]),
1786 sizeof(struct in_addr));
1791 static int put_nla_nh4(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1795 nla = nla_reserve(skb, SEG6_LOCAL_NH4, sizeof(struct in_addr));
1799 memcpy(nla_data(nla), &slwt->nh4, sizeof(struct in_addr));
1804 static int cmp_nla_nh4(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1806 return memcmp(&a->nh4, &b->nh4, sizeof(struct in_addr));
1809 static int parse_nla_nh6(struct nlattr **attrs, struct seg6_local_lwt *slwt,
1810 struct netlink_ext_ack *extack)
1812 memcpy(&slwt->nh6, nla_data(attrs[SEG6_LOCAL_NH6]),
1813 sizeof(struct in6_addr));
1818 static int put_nla_nh6(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1822 nla = nla_reserve(skb, SEG6_LOCAL_NH6, sizeof(struct in6_addr));
1826 memcpy(nla_data(nla), &slwt->nh6, sizeof(struct in6_addr));
1831 static int cmp_nla_nh6(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1833 return memcmp(&a->nh6, &b->nh6, sizeof(struct in6_addr));
1836 static int parse_nla_iif(struct nlattr **attrs, struct seg6_local_lwt *slwt,
1837 struct netlink_ext_ack *extack)
1839 slwt->iif = nla_get_u32(attrs[SEG6_LOCAL_IIF]);
1844 static int put_nla_iif(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1846 if (nla_put_u32(skb, SEG6_LOCAL_IIF, slwt->iif))
1852 static int cmp_nla_iif(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1854 if (a->iif != b->iif)
1860 static int parse_nla_oif(struct nlattr **attrs, struct seg6_local_lwt *slwt,
1861 struct netlink_ext_ack *extack)
1863 slwt->oif = nla_get_u32(attrs[SEG6_LOCAL_OIF]);
1868 static int put_nla_oif(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1870 if (nla_put_u32(skb, SEG6_LOCAL_OIF, slwt->oif))
1876 static int cmp_nla_oif(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1878 if (a->oif != b->oif)
1884 #define MAX_PROG_NAME 256
1885 static const struct nla_policy bpf_prog_policy[SEG6_LOCAL_BPF_PROG_MAX + 1] = {
1886 [SEG6_LOCAL_BPF_PROG] = { .type = NLA_U32, },
1887 [SEG6_LOCAL_BPF_PROG_NAME] = { .type = NLA_NUL_STRING,
1888 .len = MAX_PROG_NAME },
1891 static int parse_nla_bpf(struct nlattr **attrs, struct seg6_local_lwt *slwt,
1892 struct netlink_ext_ack *extack)
1894 struct nlattr *tb[SEG6_LOCAL_BPF_PROG_MAX + 1];
1899 ret = nla_parse_nested_deprecated(tb, SEG6_LOCAL_BPF_PROG_MAX,
1900 attrs[SEG6_LOCAL_BPF],
1901 bpf_prog_policy, NULL);
1905 if (!tb[SEG6_LOCAL_BPF_PROG] || !tb[SEG6_LOCAL_BPF_PROG_NAME])
1908 slwt->bpf.name = nla_memdup(tb[SEG6_LOCAL_BPF_PROG_NAME], GFP_KERNEL);
1909 if (!slwt->bpf.name)
1912 fd = nla_get_u32(tb[SEG6_LOCAL_BPF_PROG]);
1913 p = bpf_prog_get_type(fd, BPF_PROG_TYPE_LWT_SEG6LOCAL);
1915 kfree(slwt->bpf.name);
1923 static int put_nla_bpf(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1925 struct nlattr *nest;
1927 if (!slwt->bpf.prog)
1930 nest = nla_nest_start_noflag(skb, SEG6_LOCAL_BPF);
1934 if (nla_put_u32(skb, SEG6_LOCAL_BPF_PROG, slwt->bpf.prog->aux->id))
1937 if (slwt->bpf.name &&
1938 nla_put_string(skb, SEG6_LOCAL_BPF_PROG_NAME, slwt->bpf.name))
1941 return nla_nest_end(skb, nest);
1944 static int cmp_nla_bpf(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1946 if (!a->bpf.name && !b->bpf.name)
1949 if (!a->bpf.name || !b->bpf.name)
1952 return strcmp(a->bpf.name, b->bpf.name);
1955 static void destroy_attr_bpf(struct seg6_local_lwt *slwt)
1957 kfree(slwt->bpf.name);
1959 bpf_prog_put(slwt->bpf.prog);
1963 nla_policy seg6_local_counters_policy[SEG6_LOCAL_CNT_MAX + 1] = {
1964 [SEG6_LOCAL_CNT_PACKETS] = { .type = NLA_U64 },
1965 [SEG6_LOCAL_CNT_BYTES] = { .type = NLA_U64 },
1966 [SEG6_LOCAL_CNT_ERRORS] = { .type = NLA_U64 },
1969 static int parse_nla_counters(struct nlattr **attrs,
1970 struct seg6_local_lwt *slwt,
1971 struct netlink_ext_ack *extack)
1973 struct pcpu_seg6_local_counters __percpu *pcounters;
1974 struct nlattr *tb[SEG6_LOCAL_CNT_MAX + 1];
1977 ret = nla_parse_nested_deprecated(tb, SEG6_LOCAL_CNT_MAX,
1978 attrs[SEG6_LOCAL_COUNTERS],
1979 seg6_local_counters_policy, NULL);
1983 /* basic support for SRv6 Behavior counters requires at least:
1984 * packets, bytes and errors.
1986 if (!tb[SEG6_LOCAL_CNT_PACKETS] || !tb[SEG6_LOCAL_CNT_BYTES] ||
1987 !tb[SEG6_LOCAL_CNT_ERRORS])
1990 /* counters are always zero initialized */
1991 pcounters = seg6_local_alloc_pcpu_counters(GFP_KERNEL);
1995 slwt->pcpu_counters = pcounters;
2000 static int seg6_local_fill_nla_counters(struct sk_buff *skb,
2001 struct seg6_local_counters *counters)
2003 if (nla_put_u64_64bit(skb, SEG6_LOCAL_CNT_PACKETS, counters->packets,
2004 SEG6_LOCAL_CNT_PAD))
2007 if (nla_put_u64_64bit(skb, SEG6_LOCAL_CNT_BYTES, counters->bytes,
2008 SEG6_LOCAL_CNT_PAD))
2011 if (nla_put_u64_64bit(skb, SEG6_LOCAL_CNT_ERRORS, counters->errors,
2012 SEG6_LOCAL_CNT_PAD))
2018 static int put_nla_counters(struct sk_buff *skb, struct seg6_local_lwt *slwt)
2020 struct seg6_local_counters counters = { 0, 0, 0 };
2021 struct nlattr *nest;
2024 nest = nla_nest_start(skb, SEG6_LOCAL_COUNTERS);
2028 for_each_possible_cpu(i) {
2029 struct pcpu_seg6_local_counters *pcounters;
2030 u64 packets, bytes, errors;
2033 pcounters = per_cpu_ptr(slwt->pcpu_counters, i);
2035 start = u64_stats_fetch_begin(&pcounters->syncp);
2037 packets = u64_stats_read(&pcounters->packets);
2038 bytes = u64_stats_read(&pcounters->bytes);
2039 errors = u64_stats_read(&pcounters->errors);
2041 } while (u64_stats_fetch_retry(&pcounters->syncp, start));
2043 counters.packets += packets;
2044 counters.bytes += bytes;
2045 counters.errors += errors;
2048 rc = seg6_local_fill_nla_counters(skb, &counters);
2050 nla_nest_cancel(skb, nest);
2054 return nla_nest_end(skb, nest);
2057 static int cmp_nla_counters(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
2059 /* a and b are equal if both have pcpu_counters set or not */
2060 return (!!((unsigned long)a->pcpu_counters)) ^
2061 (!!((unsigned long)b->pcpu_counters));
2064 static void destroy_attr_counters(struct seg6_local_lwt *slwt)
2066 free_percpu(slwt->pcpu_counters);
2070 struct nla_policy seg6_local_flavors_policy[SEG6_LOCAL_FLV_MAX + 1] = {
2071 [SEG6_LOCAL_FLV_OPERATION] = { .type = NLA_U32 },
2072 [SEG6_LOCAL_FLV_LCBLOCK_BITS] = { .type = NLA_U8 },
2073 [SEG6_LOCAL_FLV_LCNODE_FN_BITS] = { .type = NLA_U8 },
2076 /* check whether the lengths of the Locator-Block and Locator-Node Function
2077 * are compatible with the dimension of a C-SID container.
2079 static int seg6_chk_next_csid_cfg(__u8 block_len, __u8 func_len)
2081 /* Locator-Block and Locator-Node Function cannot exceed 128 bits
2082 * (i.e. C-SID container lenghts).
2084 if (next_csid_chk_cntr_bits(block_len, func_len))
2087 /* Locator-Block length must be greater than zero and evenly divisible
2088 * by 8. There must be room for a Locator-Node Function, at least.
2090 if (next_csid_chk_lcblock_bits(block_len))
2093 /* Locator-Node Function length must be greater than zero and evenly
2094 * divisible by 8. There must be room for the Locator-Block.
2096 if (next_csid_chk_lcnode_fn_bits(func_len))
2102 static int seg6_parse_nla_next_csid_cfg(struct nlattr **tb,
2103 struct seg6_flavors_info *finfo,
2104 struct netlink_ext_ack *extack)
2106 __u8 func_len = SEG6_LOCAL_LCNODE_FN_DBITS;
2107 __u8 block_len = SEG6_LOCAL_LCBLOCK_DBITS;
2110 if (tb[SEG6_LOCAL_FLV_LCBLOCK_BITS])
2111 block_len = nla_get_u8(tb[SEG6_LOCAL_FLV_LCBLOCK_BITS]);
2113 if (tb[SEG6_LOCAL_FLV_LCNODE_FN_BITS])
2114 func_len = nla_get_u8(tb[SEG6_LOCAL_FLV_LCNODE_FN_BITS]);
2116 rc = seg6_chk_next_csid_cfg(block_len, func_len);
2118 NL_SET_ERR_MSG(extack,
2119 "Invalid Locator Block/Node Function lengths");
2123 finfo->lcblock_bits = block_len;
2124 finfo->lcnode_func_bits = func_len;
2129 static int parse_nla_flavors(struct nlattr **attrs, struct seg6_local_lwt *slwt,
2130 struct netlink_ext_ack *extack)
2132 struct seg6_flavors_info *finfo = &slwt->flv_info;
2133 struct nlattr *tb[SEG6_LOCAL_FLV_MAX + 1];
2134 int action = slwt->action;
2135 __u32 fops, supp_fops;
2138 rc = nla_parse_nested_deprecated(tb, SEG6_LOCAL_FLV_MAX,
2139 attrs[SEG6_LOCAL_FLAVORS],
2140 seg6_local_flavors_policy, NULL);
2144 /* this attribute MUST always be present since it represents the Flavor
2145 * operation(s) to be carried out.
2147 if (!tb[SEG6_LOCAL_FLV_OPERATION])
2150 fops = nla_get_u32(tb[SEG6_LOCAL_FLV_OPERATION]);
2151 rc = seg6_flv_supp_ops_by_action(action, &supp_fops);
2152 if (rc < 0 || (fops & ~supp_fops)) {
2153 NL_SET_ERR_MSG(extack, "Unsupported Flavor operation(s)");
2157 finfo->flv_ops = fops;
2159 if (seg6_next_csid_enabled(fops)) {
2160 /* Locator-Block and Locator-Node Function lengths can be
2161 * provided by the user space. Otherwise, default values are
2164 rc = seg6_parse_nla_next_csid_cfg(tb, finfo, extack);
2172 static int seg6_fill_nla_next_csid_cfg(struct sk_buff *skb,
2173 struct seg6_flavors_info *finfo)
2175 if (nla_put_u8(skb, SEG6_LOCAL_FLV_LCBLOCK_BITS, finfo->lcblock_bits))
2178 if (nla_put_u8(skb, SEG6_LOCAL_FLV_LCNODE_FN_BITS,
2179 finfo->lcnode_func_bits))
2185 static int put_nla_flavors(struct sk_buff *skb, struct seg6_local_lwt *slwt)
2187 struct seg6_flavors_info *finfo = &slwt->flv_info;
2188 __u32 fops = finfo->flv_ops;
2189 struct nlattr *nest;
2192 nest = nla_nest_start(skb, SEG6_LOCAL_FLAVORS);
2196 if (nla_put_u32(skb, SEG6_LOCAL_FLV_OPERATION, fops)) {
2201 if (seg6_next_csid_enabled(fops)) {
2202 rc = seg6_fill_nla_next_csid_cfg(skb, finfo);
2207 return nla_nest_end(skb, nest);
2210 nla_nest_cancel(skb, nest);
2214 static int seg6_cmp_nla_next_csid_cfg(struct seg6_flavors_info *finfo_a,
2215 struct seg6_flavors_info *finfo_b)
2217 if (finfo_a->lcblock_bits != finfo_b->lcblock_bits)
2220 if (finfo_a->lcnode_func_bits != finfo_b->lcnode_func_bits)
2226 static int cmp_nla_flavors(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
2228 struct seg6_flavors_info *finfo_a = &a->flv_info;
2229 struct seg6_flavors_info *finfo_b = &b->flv_info;
2231 if (finfo_a->flv_ops != finfo_b->flv_ops)
2234 if (seg6_next_csid_enabled(finfo_a->flv_ops)) {
2235 if (seg6_cmp_nla_next_csid_cfg(finfo_a, finfo_b))
2242 static int encap_size_flavors(struct seg6_local_lwt *slwt)
2244 struct seg6_flavors_info *finfo = &slwt->flv_info;
2247 nlsize = nla_total_size(0) + /* nest SEG6_LOCAL_FLAVORS */
2248 nla_total_size(4); /* SEG6_LOCAL_FLV_OPERATION */
2250 if (seg6_next_csid_enabled(finfo->flv_ops))
2251 nlsize += nla_total_size(1) + /* SEG6_LOCAL_FLV_LCBLOCK_BITS */
2252 nla_total_size(1); /* SEG6_LOCAL_FLV_LCNODE_FN_BITS */
2257 struct seg6_action_param {
2258 int (*parse)(struct nlattr **attrs, struct seg6_local_lwt *slwt,
2259 struct netlink_ext_ack *extack);
2260 int (*put)(struct sk_buff *skb, struct seg6_local_lwt *slwt);
2261 int (*cmp)(struct seg6_local_lwt *a, struct seg6_local_lwt *b);
2263 /* optional destroy() callback useful for releasing resources which
2264 * have been previously acquired in the corresponding parse()
2267 void (*destroy)(struct seg6_local_lwt *slwt);
2270 static struct seg6_action_param seg6_action_params[SEG6_LOCAL_MAX + 1] = {
2271 [SEG6_LOCAL_SRH] = { .parse = parse_nla_srh,
2274 .destroy = destroy_attr_srh },
2276 [SEG6_LOCAL_TABLE] = { .parse = parse_nla_table,
2277 .put = put_nla_table,
2278 .cmp = cmp_nla_table },
2280 [SEG6_LOCAL_NH4] = { .parse = parse_nla_nh4,
2282 .cmp = cmp_nla_nh4 },
2284 [SEG6_LOCAL_NH6] = { .parse = parse_nla_nh6,
2286 .cmp = cmp_nla_nh6 },
2288 [SEG6_LOCAL_IIF] = { .parse = parse_nla_iif,
2290 .cmp = cmp_nla_iif },
2292 [SEG6_LOCAL_OIF] = { .parse = parse_nla_oif,
2294 .cmp = cmp_nla_oif },
2296 [SEG6_LOCAL_BPF] = { .parse = parse_nla_bpf,
2299 .destroy = destroy_attr_bpf },
2301 [SEG6_LOCAL_VRFTABLE] = { .parse = parse_nla_vrftable,
2302 .put = put_nla_vrftable,
2303 .cmp = cmp_nla_vrftable },
2305 [SEG6_LOCAL_COUNTERS] = { .parse = parse_nla_counters,
2306 .put = put_nla_counters,
2307 .cmp = cmp_nla_counters,
2308 .destroy = destroy_attr_counters },
2310 [SEG6_LOCAL_FLAVORS] = { .parse = parse_nla_flavors,
2311 .put = put_nla_flavors,
2312 .cmp = cmp_nla_flavors },
2315 /* call the destroy() callback (if available) for each set attribute in
2316 * @parsed_attrs, starting from the first attribute up to the @max_parsed
2317 * (excluded) attribute.
2319 static void __destroy_attrs(unsigned long parsed_attrs, int max_parsed,
2320 struct seg6_local_lwt *slwt)
2322 struct seg6_action_param *param;
2325 /* Every required seg6local attribute is identified by an ID which is
2326 * encoded as a flag (i.e: 1 << ID) in the 'attrs' bitmask;
2328 * We scan the 'parsed_attrs' bitmask, starting from the first attribute
2329 * up to the @max_parsed (excluded) attribute.
2330 * For each set attribute, we retrieve the corresponding destroy()
2331 * callback. If the callback is not available, then we skip to the next
2332 * attribute; otherwise, we call the destroy() callback.
2334 for (i = SEG6_LOCAL_SRH; i < max_parsed; ++i) {
2335 if (!(parsed_attrs & SEG6_F_ATTR(i)))
2338 param = &seg6_action_params[i];
2341 param->destroy(slwt);
2345 /* release all the resources that may have been acquired during parsing
2348 static void destroy_attrs(struct seg6_local_lwt *slwt)
2350 unsigned long attrs = slwt->desc->attrs | slwt->parsed_optattrs;
2352 __destroy_attrs(attrs, SEG6_LOCAL_MAX + 1, slwt);
2355 static int parse_nla_optional_attrs(struct nlattr **attrs,
2356 struct seg6_local_lwt *slwt,
2357 struct netlink_ext_ack *extack)
2359 struct seg6_action_desc *desc = slwt->desc;
2360 unsigned long parsed_optattrs = 0;
2361 struct seg6_action_param *param;
2364 for (i = SEG6_LOCAL_SRH; i < SEG6_LOCAL_MAX + 1; ++i) {
2365 if (!(desc->optattrs & SEG6_F_ATTR(i)) || !attrs[i])
2368 /* once here, the i-th attribute is provided by the
2369 * userspace AND it is identified optional as well.
2371 param = &seg6_action_params[i];
2373 err = param->parse(attrs, slwt, extack);
2375 goto parse_optattrs_err;
2377 /* current attribute has been correctly parsed */
2378 parsed_optattrs |= SEG6_F_ATTR(i);
2381 /* store in the tunnel state all the optional attributed successfully
2384 slwt->parsed_optattrs = parsed_optattrs;
2389 __destroy_attrs(parsed_optattrs, i, slwt);
2394 /* call the custom constructor of the behavior during its initialization phase
2395 * and after that all its attributes have been parsed successfully.
2398 seg6_local_lwtunnel_build_state(struct seg6_local_lwt *slwt, const void *cfg,
2399 struct netlink_ext_ack *extack)
2401 struct seg6_action_desc *desc = slwt->desc;
2402 struct seg6_local_lwtunnel_ops *ops;
2404 ops = &desc->slwt_ops;
2405 if (!ops->build_state)
2408 return ops->build_state(slwt, cfg, extack);
2411 /* call the custom destructor of the behavior which is invoked before the
2412 * tunnel is going to be destroyed.
2414 static void seg6_local_lwtunnel_destroy_state(struct seg6_local_lwt *slwt)
2416 struct seg6_action_desc *desc = slwt->desc;
2417 struct seg6_local_lwtunnel_ops *ops;
2419 ops = &desc->slwt_ops;
2420 if (!ops->destroy_state)
2423 ops->destroy_state(slwt);
2426 static int parse_nla_action(struct nlattr **attrs, struct seg6_local_lwt *slwt,
2427 struct netlink_ext_ack *extack)
2429 struct seg6_action_param *param;
2430 struct seg6_action_desc *desc;
2431 unsigned long invalid_attrs;
2434 desc = __get_action_desc(slwt->action);
2442 slwt->headroom += desc->static_headroom;
2444 /* Forcing the desc->optattrs *set* and the desc->attrs *set* to be
2445 * disjoined, this allow us to release acquired resources by optional
2446 * attributes and by required attributes independently from each other
2447 * without any interference.
2448 * In other terms, we are sure that we do not release some the acquired
2451 * Note that if an attribute is configured both as required and as
2452 * optional, it means that the user has messed something up in the
2453 * seg6_action_table. Therefore, this check is required for SRv6
2454 * behaviors to work properly.
2456 invalid_attrs = desc->attrs & desc->optattrs;
2457 if (invalid_attrs) {
2459 "An attribute cannot be both required AND optional");
2463 /* parse the required attributes */
2464 for (i = SEG6_LOCAL_SRH; i < SEG6_LOCAL_MAX + 1; i++) {
2465 if (desc->attrs & SEG6_F_ATTR(i)) {
2469 param = &seg6_action_params[i];
2471 err = param->parse(attrs, slwt, extack);
2473 goto parse_attrs_err;
2477 /* parse the optional attributes, if any */
2478 err = parse_nla_optional_attrs(attrs, slwt, extack);
2480 goto parse_attrs_err;
2485 /* release any resource that may have been acquired during the i-1
2486 * parse() operations.
2488 __destroy_attrs(desc->attrs, i, slwt);
2493 static int seg6_local_build_state(struct net *net, struct nlattr *nla,
2494 unsigned int family, const void *cfg,
2495 struct lwtunnel_state **ts,
2496 struct netlink_ext_ack *extack)
2498 struct nlattr *tb[SEG6_LOCAL_MAX + 1];
2499 struct lwtunnel_state *newts;
2500 struct seg6_local_lwt *slwt;
2503 if (family != AF_INET6)
2506 err = nla_parse_nested_deprecated(tb, SEG6_LOCAL_MAX, nla,
2507 seg6_local_policy, extack);
2512 if (!tb[SEG6_LOCAL_ACTION])
2515 newts = lwtunnel_state_alloc(sizeof(*slwt));
2519 slwt = seg6_local_lwtunnel(newts);
2520 slwt->action = nla_get_u32(tb[SEG6_LOCAL_ACTION]);
2522 err = parse_nla_action(tb, slwt, extack);
2526 err = seg6_local_lwtunnel_build_state(slwt, cfg, extack);
2528 goto out_destroy_attrs;
2530 newts->type = LWTUNNEL_ENCAP_SEG6_LOCAL;
2531 newts->flags = LWTUNNEL_STATE_INPUT_REDIRECT;
2532 newts->headroom = slwt->headroom;
2539 destroy_attrs(slwt);
2545 static void seg6_local_destroy_state(struct lwtunnel_state *lwt)
2547 struct seg6_local_lwt *slwt = seg6_local_lwtunnel(lwt);
2549 seg6_local_lwtunnel_destroy_state(slwt);
2551 destroy_attrs(slwt);
2556 static int seg6_local_fill_encap(struct sk_buff *skb,
2557 struct lwtunnel_state *lwt)
2559 struct seg6_local_lwt *slwt = seg6_local_lwtunnel(lwt);
2560 struct seg6_action_param *param;
2561 unsigned long attrs;
2564 if (nla_put_u32(skb, SEG6_LOCAL_ACTION, slwt->action))
2567 attrs = slwt->desc->attrs | slwt->parsed_optattrs;
2569 for (i = SEG6_LOCAL_SRH; i < SEG6_LOCAL_MAX + 1; i++) {
2570 if (attrs & SEG6_F_ATTR(i)) {
2571 param = &seg6_action_params[i];
2572 err = param->put(skb, slwt);
2581 static int seg6_local_get_encap_size(struct lwtunnel_state *lwt)
2583 struct seg6_local_lwt *slwt = seg6_local_lwtunnel(lwt);
2584 unsigned long attrs;
2587 nlsize = nla_total_size(4); /* action */
2589 attrs = slwt->desc->attrs | slwt->parsed_optattrs;
2591 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_SRH))
2592 nlsize += nla_total_size((slwt->srh->hdrlen + 1) << 3);
2594 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_TABLE))
2595 nlsize += nla_total_size(4);
2597 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_NH4))
2598 nlsize += nla_total_size(4);
2600 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_NH6))
2601 nlsize += nla_total_size(16);
2603 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_IIF))
2604 nlsize += nla_total_size(4);
2606 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_OIF))
2607 nlsize += nla_total_size(4);
2609 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_BPF))
2610 nlsize += nla_total_size(sizeof(struct nlattr)) +
2611 nla_total_size(MAX_PROG_NAME) +
2614 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE))
2615 nlsize += nla_total_size(4);
2617 if (attrs & SEG6_F_LOCAL_COUNTERS)
2618 nlsize += nla_total_size(0) + /* nest SEG6_LOCAL_COUNTERS */
2619 /* SEG6_LOCAL_CNT_PACKETS */
2620 nla_total_size_64bit(sizeof(__u64)) +
2621 /* SEG6_LOCAL_CNT_BYTES */
2622 nla_total_size_64bit(sizeof(__u64)) +
2623 /* SEG6_LOCAL_CNT_ERRORS */
2624 nla_total_size_64bit(sizeof(__u64));
2626 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_FLAVORS))
2627 nlsize += encap_size_flavors(slwt);
2632 static int seg6_local_cmp_encap(struct lwtunnel_state *a,
2633 struct lwtunnel_state *b)
2635 struct seg6_local_lwt *slwt_a, *slwt_b;
2636 struct seg6_action_param *param;
2637 unsigned long attrs_a, attrs_b;
2640 slwt_a = seg6_local_lwtunnel(a);
2641 slwt_b = seg6_local_lwtunnel(b);
2643 if (slwt_a->action != slwt_b->action)
2646 attrs_a = slwt_a->desc->attrs | slwt_a->parsed_optattrs;
2647 attrs_b = slwt_b->desc->attrs | slwt_b->parsed_optattrs;
2649 if (attrs_a != attrs_b)
2652 for (i = SEG6_LOCAL_SRH; i < SEG6_LOCAL_MAX + 1; i++) {
2653 if (attrs_a & SEG6_F_ATTR(i)) {
2654 param = &seg6_action_params[i];
2655 if (param->cmp(slwt_a, slwt_b))
2663 static const struct lwtunnel_encap_ops seg6_local_ops = {
2664 .build_state = seg6_local_build_state,
2665 .destroy_state = seg6_local_destroy_state,
2666 .input = seg6_local_input,
2667 .fill_encap = seg6_local_fill_encap,
2668 .get_encap_size = seg6_local_get_encap_size,
2669 .cmp_encap = seg6_local_cmp_encap,
2670 .owner = THIS_MODULE,
2673 int __init seg6_local_init(void)
2675 /* If the max total number of defined attributes is reached, then your
2676 * kernel build stops here.
2678 * This check is required to avoid arithmetic overflows when processing
2679 * behavior attributes and the maximum number of defined attributes
2680 * exceeds the allowed value.
2682 BUILD_BUG_ON(SEG6_LOCAL_MAX + 1 > BITS_PER_TYPE(unsigned long));
2684 /* Check whether the number of defined flavors exceeds the maximum
2687 BUILD_BUG_ON(SEG6_LOCAL_FLV_OP_MAX + 1 > BITS_PER_TYPE(__u32));
2689 /* If the default NEXT-C-SID Locator-Block/Node Function lengths (in
2690 * bits) have been changed with invalid values, kernel build stops
2693 BUILD_BUG_ON(next_csid_chk_cntr_bits(SEG6_LOCAL_LCBLOCK_DBITS,
2694 SEG6_LOCAL_LCNODE_FN_DBITS));
2695 BUILD_BUG_ON(next_csid_chk_lcblock_bits(SEG6_LOCAL_LCBLOCK_DBITS));
2696 BUILD_BUG_ON(next_csid_chk_lcnode_fn_bits(SEG6_LOCAL_LCNODE_FN_DBITS));
2698 /* To be memory efficient, we use 'u8' to represent the different
2699 * actions related to RFC8986 flavors. If the kernel build stops here,
2700 * it means that it is not possible to correctly encode these actions
2701 * with the data type chosen for the action table.
2703 BUILD_BUG_ON(SEG6_LOCAL_FLV_ACT_MAX > (typeof(flv8986_act_tbl[0]))~0U);
2705 return lwtunnel_encap_add_ops(&seg6_local_ops,
2706 LWTUNNEL_ENCAP_SEG6_LOCAL);
2709 void seg6_local_exit(void)
2711 lwtunnel_encap_del_ops(&seg6_local_ops, LWTUNNEL_ENCAP_SEG6_LOCAL);
projects / releases.git / blob