1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * SR-IPv6 implementation
6 * David Lebrun <david.lebrun@uclouvain.be>
7 * eBPF support: Mathieu Xhonneux <m.xhonneux@gmail.com>
10 #include <linux/types.h>
11 #include <linux/skbuff.h>
12 #include <linux/net.h>
13 #include <linux/module.h>
15 #include <net/lwtunnel.h>
16 #include <net/netevent.h>
17 #include <net/netns/generic.h>
18 #include <net/ip6_fib.h>
19 #include <net/route.h>
21 #include <linux/seg6.h>
22 #include <linux/seg6_local.h>
23 #include <net/addrconf.h>
24 #include <net/ip6_route.h>
25 #include <net/dst_cache.h>
26 #include <net/ip_tunnels.h>
27 #ifdef CONFIG_IPV6_SEG6_HMAC
28 #include <net/seg6_hmac.h>
30 #include <net/seg6_local.h>
31 #include <linux/etherdevice.h>
32 #include <linux/bpf.h>
33 #include <linux/netfilter.h>
35 #define SEG6_F_ATTR(i) BIT(i)
37 struct seg6_local_lwt;
39 /* callbacks used for customizing the creation and destruction of a behavior */
40 struct seg6_local_lwtunnel_ops {
41 int (*build_state)(struct seg6_local_lwt *slwt, const void *cfg,
42 struct netlink_ext_ack *extack);
43 void (*destroy_state)(struct seg6_local_lwt *slwt);
46 struct seg6_action_desc {
50 /* The optattrs field is used for specifying all the optional
51 * attributes supported by a specific behavior.
52 * It means that if one of these attributes is not provided in the
53 * netlink message during the behavior creation, no errors will be
54 * returned to the userspace.
56 * Each attribute can be only of two types (mutually exclusive):
57 * 1) required or 2) optional.
58 * Every user MUST obey to this rule! If you set an attribute as
59 * required the same attribute CANNOT be set as optional and vice
62 unsigned long optattrs;
64 int (*input)(struct sk_buff *skb, struct seg6_local_lwt *slwt);
67 struct seg6_local_lwtunnel_ops slwt_ops;
71 struct bpf_prog *prog;
75 enum seg6_end_dt_mode {
76 DT_INVALID_MODE = -EINVAL,
81 struct seg6_end_dt_info {
82 enum seg6_end_dt_mode mode;
85 /* VRF device associated to the routing table used by the SRv6
86 * End.DT4/DT6 behavior for routing IPv4/IPv6 packets.
91 /* tunneled packet family (IPv4 or IPv6).
92 * Protocol and header length are inferred from family.
97 struct pcpu_seg6_local_counters {
102 struct u64_stats_sync syncp;
105 /* This struct groups all the SRv6 Behavior counters supported so far.
107 * put_nla_counters() makes use of this data structure to collect all counter
108 * values after the per-CPU counter evaluation has been performed.
109 * Finally, each counter value (in seg6_local_counters) is stored in the
110 * corresponding netlink attribute and sent to user space.
112 * NB: we don't want to expose this structure to user space!
114 struct seg6_local_counters {
120 #define seg6_local_alloc_pcpu_counters(__gfp) \
121 __netdev_alloc_pcpu_stats(struct pcpu_seg6_local_counters, \
122 ((__gfp) | __GFP_ZERO))
124 #define SEG6_F_LOCAL_COUNTERS SEG6_F_ATTR(SEG6_LOCAL_COUNTERS)
126 struct seg6_local_lwt {
128 struct ipv6_sr_hdr *srh;
134 struct bpf_lwt_prog bpf;
135 #ifdef CONFIG_NET_L3_MASTER_DEV
136 struct seg6_end_dt_info dt_info;
138 struct pcpu_seg6_local_counters __percpu *pcpu_counters;
141 struct seg6_action_desc *desc;
142 /* unlike the required attrs, we have to track the optional attributes
143 * that have been effectively parsed.
145 unsigned long parsed_optattrs;
148 static struct seg6_local_lwt *seg6_local_lwtunnel(struct lwtunnel_state *lwt)
150 return (struct seg6_local_lwt *)lwt->data;
153 static struct ipv6_sr_hdr *get_and_validate_srh(struct sk_buff *skb)
155 struct ipv6_sr_hdr *srh;
157 srh = seg6_get_srh(skb, IP6_FH_F_SKIP_RH);
161 #ifdef CONFIG_IPV6_SEG6_HMAC
162 if (!seg6_hmac_validate_skb(skb))
169 static bool decap_and_validate(struct sk_buff *skb, int proto)
171 struct ipv6_sr_hdr *srh;
172 unsigned int off = 0;
174 srh = seg6_get_srh(skb, 0);
175 if (srh && srh->segments_left > 0)
178 #ifdef CONFIG_IPV6_SEG6_HMAC
179 if (srh && !seg6_hmac_validate_skb(skb))
183 if (ipv6_find_hdr(skb, &off, proto, NULL, NULL) < 0)
186 if (!pskb_pull(skb, off))
189 skb_postpull_rcsum(skb, skb_network_header(skb), off);
191 skb_reset_network_header(skb);
192 skb_reset_transport_header(skb);
193 if (iptunnel_pull_offloads(skb))
199 static void advance_nextseg(struct ipv6_sr_hdr *srh, struct in6_addr *daddr)
201 struct in6_addr *addr;
203 srh->segments_left--;
204 addr = srh->segments + srh->segments_left;
209 seg6_lookup_any_nexthop(struct sk_buff *skb, struct in6_addr *nhaddr,
210 u32 tbl_id, bool local_delivery)
212 struct net *net = dev_net(skb->dev);
213 struct ipv6hdr *hdr = ipv6_hdr(skb);
214 int flags = RT6_LOOKUP_F_HAS_SADDR;
215 struct dst_entry *dst = NULL;
220 fl6.flowi6_iif = skb->dev->ifindex;
221 fl6.daddr = nhaddr ? *nhaddr : hdr->daddr;
222 fl6.saddr = hdr->saddr;
223 fl6.flowlabel = ip6_flowinfo(hdr);
224 fl6.flowi6_mark = skb->mark;
225 fl6.flowi6_proto = hdr->nexthdr;
228 fl6.flowi6_flags = FLOWI_FLAG_KNOWN_NH;
231 dst = ip6_route_input_lookup(net, skb->dev, &fl6, skb, flags);
233 struct fib6_table *table;
235 table = fib6_get_table(net, tbl_id);
239 rt = ip6_pol_route(net, table, 0, &fl6, skb, flags);
243 /* we want to discard traffic destined for local packet processing,
244 * if @local_delivery is set to false.
247 dev_flags |= IFF_LOOPBACK;
249 if (dst && (dst->dev->flags & dev_flags) && !dst->error) {
256 rt = net->ipv6.ip6_blk_hole_entry;
262 skb_dst_set(skb, dst);
266 int seg6_lookup_nexthop(struct sk_buff *skb,
267 struct in6_addr *nhaddr, u32 tbl_id)
269 return seg6_lookup_any_nexthop(skb, nhaddr, tbl_id, false);
272 /* regular endpoint function */
273 static int input_action_end(struct sk_buff *skb, struct seg6_local_lwt *slwt)
275 struct ipv6_sr_hdr *srh;
277 srh = get_and_validate_srh(skb);
281 advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
283 seg6_lookup_nexthop(skb, NULL, 0);
285 return dst_input(skb);
292 /* regular endpoint, and forward to specified nexthop */
293 static int input_action_end_x(struct sk_buff *skb, struct seg6_local_lwt *slwt)
295 struct ipv6_sr_hdr *srh;
297 srh = get_and_validate_srh(skb);
301 advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
303 seg6_lookup_nexthop(skb, &slwt->nh6, 0);
305 return dst_input(skb);
312 static int input_action_end_t(struct sk_buff *skb, struct seg6_local_lwt *slwt)
314 struct ipv6_sr_hdr *srh;
316 srh = get_and_validate_srh(skb);
320 advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
322 seg6_lookup_nexthop(skb, NULL, slwt->table);
324 return dst_input(skb);
331 /* decapsulate and forward inner L2 frame on specified interface */
332 static int input_action_end_dx2(struct sk_buff *skb,
333 struct seg6_local_lwt *slwt)
335 struct net *net = dev_net(skb->dev);
336 struct net_device *odev;
339 if (!decap_and_validate(skb, IPPROTO_ETHERNET))
342 if (!pskb_may_pull(skb, ETH_HLEN))
345 skb_reset_mac_header(skb);
346 eth = (struct ethhdr *)skb->data;
348 /* To determine the frame's protocol, we assume it is 802.3. This avoids
349 * a call to eth_type_trans(), which is not really relevant for our
352 if (!eth_proto_is_802_3(eth->h_proto))
355 odev = dev_get_by_index_rcu(net, slwt->oif);
359 /* As we accept Ethernet frames, make sure the egress device is of
362 if (odev->type != ARPHRD_ETHER)
365 if (!(odev->flags & IFF_UP) || !netif_carrier_ok(odev))
370 if (skb_warn_if_lro(skb))
373 skb_forward_csum(skb);
375 if (skb->len - ETH_HLEN > odev->mtu)
379 skb->protocol = eth->h_proto;
381 return dev_queue_xmit(skb);
388 static int input_action_end_dx6_finish(struct net *net, struct sock *sk,
391 struct dst_entry *orig_dst = skb_dst(skb);
392 struct in6_addr *nhaddr = NULL;
393 struct seg6_local_lwt *slwt;
395 slwt = seg6_local_lwtunnel(orig_dst->lwtstate);
397 /* The inner packet is not associated to any local interface,
398 * so we do not call netif_rx().
400 * If slwt->nh6 is set to ::, then lookup the nexthop for the
401 * inner packet's DA. Otherwise, use the specified nexthop.
403 if (!ipv6_addr_any(&slwt->nh6))
406 seg6_lookup_nexthop(skb, nhaddr, 0);
408 return dst_input(skb);
411 /* decapsulate and forward to specified nexthop */
412 static int input_action_end_dx6(struct sk_buff *skb,
413 struct seg6_local_lwt *slwt)
415 /* this function accepts IPv6 encapsulated packets, with either
416 * an SRH with SL=0, or no SRH.
419 if (!decap_and_validate(skb, IPPROTO_IPV6))
422 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
425 skb_set_transport_header(skb, sizeof(struct ipv6hdr));
428 if (static_branch_unlikely(&nf_hooks_lwtunnel_enabled))
429 return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING,
430 dev_net(skb->dev), NULL, skb, NULL,
431 skb_dst(skb)->dev, input_action_end_dx6_finish);
433 return input_action_end_dx6_finish(dev_net(skb->dev), NULL, skb);
439 static int input_action_end_dx4_finish(struct net *net, struct sock *sk,
442 struct dst_entry *orig_dst = skb_dst(skb);
443 struct seg6_local_lwt *slwt;
448 slwt = seg6_local_lwtunnel(orig_dst->lwtstate);
452 nhaddr = slwt->nh4.s_addr ?: iph->daddr;
456 err = ip_route_input(skb, nhaddr, iph->saddr, 0, skb->dev);
462 return dst_input(skb);
465 static int input_action_end_dx4(struct sk_buff *skb,
466 struct seg6_local_lwt *slwt)
468 if (!decap_and_validate(skb, IPPROTO_IPIP))
471 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
474 skb->protocol = htons(ETH_P_IP);
475 skb_set_transport_header(skb, sizeof(struct iphdr));
478 if (static_branch_unlikely(&nf_hooks_lwtunnel_enabled))
479 return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING,
480 dev_net(skb->dev), NULL, skb, NULL,
481 skb_dst(skb)->dev, input_action_end_dx4_finish);
483 return input_action_end_dx4_finish(dev_net(skb->dev), NULL, skb);
489 #ifdef CONFIG_NET_L3_MASTER_DEV
490 static struct net *fib6_config_get_net(const struct fib6_config *fib6_cfg)
492 const struct nl_info *nli = &fib6_cfg->fc_nlinfo;
497 static int __seg6_end_dt_vrf_build(struct seg6_local_lwt *slwt, const void *cfg,
498 u16 family, struct netlink_ext_ack *extack)
500 struct seg6_end_dt_info *info = &slwt->dt_info;
504 net = fib6_config_get_net(cfg);
506 /* note that vrf_table was already set by parse_nla_vrftable() */
507 vrf_ifindex = l3mdev_ifindex_lookup_by_table_id(L3MDEV_TYPE_VRF, net,
509 if (vrf_ifindex < 0) {
510 if (vrf_ifindex == -EPERM) {
511 NL_SET_ERR_MSG(extack,
512 "Strict mode for VRF is disabled");
513 } else if (vrf_ifindex == -ENODEV) {
514 NL_SET_ERR_MSG(extack,
515 "Table has no associated VRF device");
517 pr_debug("seg6local: SRv6 End.DT* creation error=%d\n",
525 info->vrf_ifindex = vrf_ifindex;
527 info->family = family;
528 info->mode = DT_VRF_MODE;
533 /* The SRv6 End.DT4/DT6 behavior extracts the inner (IPv4/IPv6) packet and
534 * routes the IPv4/IPv6 packet by looking at the configured routing table.
536 * In the SRv6 End.DT4/DT6 use case, we can receive traffic (IPv6+Segment
537 * Routing Header packets) from several interfaces and the outer IPv6
538 * destination address (DA) is used for retrieving the specific instance of the
539 * End.DT4/DT6 behavior that should process the packets.
541 * However, the inner IPv4/IPv6 packet is not really bound to any receiving
542 * interface and thus the End.DT4/DT6 sets the VRF (associated with the
543 * corresponding routing table) as the *receiving* interface.
544 * In other words, the End.DT4/DT6 processes a packet as if it has been received
545 * directly by the VRF (and not by one of its slave devices, if any).
546 * In this way, the VRF interface is used for routing the IPv4/IPv6 packet in
547 * according to the routing table configured by the End.DT4/DT6 instance.
549 * This design allows you to get some interesting features like:
550 * 1) the statistics on rx packets;
551 * 2) the possibility to install a packet sniffer on the receiving interface
552 * (the VRF one) for looking at the incoming packets;
553 * 3) the possibility to leverage the netfilter prerouting hook for the inner
556 * This function returns:
557 * - the sk_buff* when the VRF rcv handler has processed the packet correctly;
558 * - NULL when the skb is consumed by the VRF rcv handler;
559 * - a pointer which encodes a negative error number in case of error.
560 * Note that in this case, the function takes care of freeing the skb.
562 static struct sk_buff *end_dt_vrf_rcv(struct sk_buff *skb, u16 family,
563 struct net_device *dev)
565 /* based on l3mdev_ip_rcv; we are only interested in the master */
566 if (unlikely(!netif_is_l3_master(dev) && !netif_has_l3_rx_handler(dev)))
569 if (unlikely(!dev->l3mdev_ops->l3mdev_l3_rcv))
572 /* the decap packet IPv4/IPv6 does not come with any mac header info.
573 * We must unset the mac header to allow the VRF device to rebuild it,
574 * just in case there is a sniffer attached on the device.
576 skb_unset_mac_header(skb);
578 skb = dev->l3mdev_ops->l3mdev_l3_rcv(dev, skb, family);
580 /* the skb buffer was consumed by the handler */
583 /* when a packet is received by a VRF or by one of its slaves, the
584 * master device reference is set into the skb.
586 if (unlikely(skb->dev != dev || skb->skb_iif != dev->ifindex))
593 return ERR_PTR(-EINVAL);
596 static struct net_device *end_dt_get_vrf_rcu(struct sk_buff *skb,
597 struct seg6_end_dt_info *info)
599 int vrf_ifindex = info->vrf_ifindex;
600 struct net *net = info->net;
602 if (unlikely(vrf_ifindex < 0))
605 if (unlikely(!net_eq(dev_net(skb->dev), net)))
608 return dev_get_by_index_rcu(net, vrf_ifindex);
614 static struct sk_buff *end_dt_vrf_core(struct sk_buff *skb,
615 struct seg6_local_lwt *slwt, u16 family)
617 struct seg6_end_dt_info *info = &slwt->dt_info;
618 struct net_device *vrf;
622 vrf = end_dt_get_vrf_rcu(skb, info);
628 protocol = htons(ETH_P_IP);
629 hdrlen = sizeof(struct iphdr);
632 protocol = htons(ETH_P_IPV6);
633 hdrlen = sizeof(struct ipv6hdr);
641 if (unlikely(info->family != AF_UNSPEC && info->family != family)) {
642 pr_warn_once("seg6local: SRv6 End.DT* family mismatch");
646 skb->protocol = protocol;
650 skb_set_transport_header(skb, hdrlen);
653 return end_dt_vrf_rcv(skb, family, vrf);
657 return ERR_PTR(-EINVAL);
660 static int input_action_end_dt4(struct sk_buff *skb,
661 struct seg6_local_lwt *slwt)
666 if (!decap_and_validate(skb, IPPROTO_IPIP))
669 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
672 skb = end_dt_vrf_core(skb, slwt, AF_INET);
674 /* packet has been processed and consumed by the VRF */
682 err = ip_route_input(skb, iph->daddr, iph->saddr, 0, skb->dev);
686 return dst_input(skb);
693 static int seg6_end_dt4_build(struct seg6_local_lwt *slwt, const void *cfg,
694 struct netlink_ext_ack *extack)
696 return __seg6_end_dt_vrf_build(slwt, cfg, AF_INET, extack);
700 seg6_end_dt_mode seg6_end_dt6_parse_mode(struct seg6_local_lwt *slwt)
702 unsigned long parsed_optattrs = slwt->parsed_optattrs;
703 bool legacy, vrfmode;
705 legacy = !!(parsed_optattrs & SEG6_F_ATTR(SEG6_LOCAL_TABLE));
706 vrfmode = !!(parsed_optattrs & SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE));
708 if (!(legacy ^ vrfmode))
709 /* both are absent or present: invalid DT6 mode */
710 return DT_INVALID_MODE;
712 return legacy ? DT_LEGACY_MODE : DT_VRF_MODE;
715 static enum seg6_end_dt_mode seg6_end_dt6_get_mode(struct seg6_local_lwt *slwt)
717 struct seg6_end_dt_info *info = &slwt->dt_info;
722 static int seg6_end_dt6_build(struct seg6_local_lwt *slwt, const void *cfg,
723 struct netlink_ext_ack *extack)
725 enum seg6_end_dt_mode mode = seg6_end_dt6_parse_mode(slwt);
726 struct seg6_end_dt_info *info = &slwt->dt_info;
730 info->mode = DT_LEGACY_MODE;
733 return __seg6_end_dt_vrf_build(slwt, cfg, AF_INET6, extack);
735 NL_SET_ERR_MSG(extack, "table or vrftable must be specified");
741 static int input_action_end_dt6(struct sk_buff *skb,
742 struct seg6_local_lwt *slwt)
744 if (!decap_and_validate(skb, IPPROTO_IPV6))
747 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
750 #ifdef CONFIG_NET_L3_MASTER_DEV
751 if (seg6_end_dt6_get_mode(slwt) == DT_LEGACY_MODE)
755 skb = end_dt_vrf_core(skb, slwt, AF_INET6);
757 /* packet has been processed and consumed by the VRF */
763 /* note: this time we do not need to specify the table because the VRF
764 * takes care of selecting the correct table.
766 seg6_lookup_any_nexthop(skb, NULL, 0, true);
768 return dst_input(skb);
772 skb_set_transport_header(skb, sizeof(struct ipv6hdr));
774 seg6_lookup_any_nexthop(skb, NULL, slwt->table, true);
776 return dst_input(skb);
783 #ifdef CONFIG_NET_L3_MASTER_DEV
784 static int seg6_end_dt46_build(struct seg6_local_lwt *slwt, const void *cfg,
785 struct netlink_ext_ack *extack)
787 return __seg6_end_dt_vrf_build(slwt, cfg, AF_UNSPEC, extack);
790 static int input_action_end_dt46(struct sk_buff *skb,
791 struct seg6_local_lwt *slwt)
793 unsigned int off = 0;
796 nexthdr = ipv6_find_hdr(skb, &off, -1, NULL, NULL);
797 if (unlikely(nexthdr < 0))
802 return input_action_end_dt4(skb, slwt);
804 return input_action_end_dt6(skb, slwt);
813 /* push an SRH on top of the current one */
814 static int input_action_end_b6(struct sk_buff *skb, struct seg6_local_lwt *slwt)
816 struct ipv6_sr_hdr *srh;
819 srh = get_and_validate_srh(skb);
823 err = seg6_do_srh_inline(skb, slwt->srh);
827 skb_set_transport_header(skb, sizeof(struct ipv6hdr));
829 seg6_lookup_nexthop(skb, NULL, 0);
831 return dst_input(skb);
838 /* encapsulate within an outer IPv6 header and a specified SRH */
839 static int input_action_end_b6_encap(struct sk_buff *skb,
840 struct seg6_local_lwt *slwt)
842 struct ipv6_sr_hdr *srh;
845 srh = get_and_validate_srh(skb);
849 advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
851 skb_reset_inner_headers(skb);
852 skb->encapsulation = 1;
854 err = seg6_do_srh_encap(skb, slwt->srh, IPPROTO_IPV6);
858 skb_set_transport_header(skb, sizeof(struct ipv6hdr));
860 seg6_lookup_nexthop(skb, NULL, 0);
862 return dst_input(skb);
869 DEFINE_PER_CPU(struct seg6_bpf_srh_state, seg6_bpf_srh_states);
871 bool seg6_bpf_has_valid_srh(struct sk_buff *skb)
873 struct seg6_bpf_srh_state *srh_state =
874 this_cpu_ptr(&seg6_bpf_srh_states);
875 struct ipv6_sr_hdr *srh = srh_state->srh;
877 if (unlikely(srh == NULL))
880 if (unlikely(!srh_state->valid)) {
881 if ((srh_state->hdrlen & 7) != 0)
884 srh->hdrlen = (u8)(srh_state->hdrlen >> 3);
885 if (!seg6_validate_srh(srh, (srh->hdrlen + 1) << 3, true))
888 srh_state->valid = true;
894 static int input_action_end_bpf(struct sk_buff *skb,
895 struct seg6_local_lwt *slwt)
897 struct seg6_bpf_srh_state *srh_state =
898 this_cpu_ptr(&seg6_bpf_srh_states);
899 struct ipv6_sr_hdr *srh;
902 srh = get_and_validate_srh(skb);
907 advance_nextseg(srh, &ipv6_hdr(skb)->daddr);
909 /* preempt_disable is needed to protect the per-CPU buffer srh_state,
910 * which is also accessed by the bpf_lwt_seg6_* helpers
913 srh_state->srh = srh;
914 srh_state->hdrlen = srh->hdrlen << 3;
915 srh_state->valid = true;
918 bpf_compute_data_pointers(skb);
919 ret = bpf_prog_run_save_cb(slwt->bpf.prog, skb);
929 pr_warn_once("bpf-seg6local: Illegal return value %u\n", ret);
933 if (srh_state->srh && !seg6_bpf_has_valid_srh(skb))
937 if (ret != BPF_REDIRECT)
938 seg6_lookup_nexthop(skb, NULL, 0);
940 return dst_input(skb);
948 static struct seg6_action_desc seg6_action_table[] = {
950 .action = SEG6_LOCAL_ACTION_END,
952 .optattrs = SEG6_F_LOCAL_COUNTERS,
953 .input = input_action_end,
956 .action = SEG6_LOCAL_ACTION_END_X,
957 .attrs = SEG6_F_ATTR(SEG6_LOCAL_NH6),
958 .optattrs = SEG6_F_LOCAL_COUNTERS,
959 .input = input_action_end_x,
962 .action = SEG6_LOCAL_ACTION_END_T,
963 .attrs = SEG6_F_ATTR(SEG6_LOCAL_TABLE),
964 .optattrs = SEG6_F_LOCAL_COUNTERS,
965 .input = input_action_end_t,
968 .action = SEG6_LOCAL_ACTION_END_DX2,
969 .attrs = SEG6_F_ATTR(SEG6_LOCAL_OIF),
970 .optattrs = SEG6_F_LOCAL_COUNTERS,
971 .input = input_action_end_dx2,
974 .action = SEG6_LOCAL_ACTION_END_DX6,
975 .attrs = SEG6_F_ATTR(SEG6_LOCAL_NH6),
976 .optattrs = SEG6_F_LOCAL_COUNTERS,
977 .input = input_action_end_dx6,
980 .action = SEG6_LOCAL_ACTION_END_DX4,
981 .attrs = SEG6_F_ATTR(SEG6_LOCAL_NH4),
982 .optattrs = SEG6_F_LOCAL_COUNTERS,
983 .input = input_action_end_dx4,
986 .action = SEG6_LOCAL_ACTION_END_DT4,
987 .attrs = SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE),
988 .optattrs = SEG6_F_LOCAL_COUNTERS,
989 #ifdef CONFIG_NET_L3_MASTER_DEV
990 .input = input_action_end_dt4,
992 .build_state = seg6_end_dt4_build,
997 .action = SEG6_LOCAL_ACTION_END_DT6,
998 #ifdef CONFIG_NET_L3_MASTER_DEV
1000 .optattrs = SEG6_F_LOCAL_COUNTERS |
1001 SEG6_F_ATTR(SEG6_LOCAL_TABLE) |
1002 SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE),
1004 .build_state = seg6_end_dt6_build,
1007 .attrs = SEG6_F_ATTR(SEG6_LOCAL_TABLE),
1008 .optattrs = SEG6_F_LOCAL_COUNTERS,
1010 .input = input_action_end_dt6,
1013 .action = SEG6_LOCAL_ACTION_END_DT46,
1014 .attrs = SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE),
1015 .optattrs = SEG6_F_LOCAL_COUNTERS,
1016 #ifdef CONFIG_NET_L3_MASTER_DEV
1017 .input = input_action_end_dt46,
1019 .build_state = seg6_end_dt46_build,
1024 .action = SEG6_LOCAL_ACTION_END_B6,
1025 .attrs = SEG6_F_ATTR(SEG6_LOCAL_SRH),
1026 .optattrs = SEG6_F_LOCAL_COUNTERS,
1027 .input = input_action_end_b6,
1030 .action = SEG6_LOCAL_ACTION_END_B6_ENCAP,
1031 .attrs = SEG6_F_ATTR(SEG6_LOCAL_SRH),
1032 .optattrs = SEG6_F_LOCAL_COUNTERS,
1033 .input = input_action_end_b6_encap,
1034 .static_headroom = sizeof(struct ipv6hdr),
1037 .action = SEG6_LOCAL_ACTION_END_BPF,
1038 .attrs = SEG6_F_ATTR(SEG6_LOCAL_BPF),
1039 .optattrs = SEG6_F_LOCAL_COUNTERS,
1040 .input = input_action_end_bpf,
1045 static struct seg6_action_desc *__get_action_desc(int action)
1047 struct seg6_action_desc *desc;
1050 count = ARRAY_SIZE(seg6_action_table);
1051 for (i = 0; i < count; i++) {
1052 desc = &seg6_action_table[i];
1053 if (desc->action == action)
1060 static bool seg6_lwtunnel_counters_enabled(struct seg6_local_lwt *slwt)
1062 return slwt->parsed_optattrs & SEG6_F_LOCAL_COUNTERS;
1065 static void seg6_local_update_counters(struct seg6_local_lwt *slwt,
1066 unsigned int len, int err)
1068 struct pcpu_seg6_local_counters *pcounters;
1070 pcounters = this_cpu_ptr(slwt->pcpu_counters);
1071 u64_stats_update_begin(&pcounters->syncp);
1074 u64_stats_inc(&pcounters->packets);
1075 u64_stats_add(&pcounters->bytes, len);
1077 u64_stats_inc(&pcounters->errors);
1080 u64_stats_update_end(&pcounters->syncp);
1083 static int seg6_local_input_core(struct net *net, struct sock *sk,
1084 struct sk_buff *skb)
1086 struct dst_entry *orig_dst = skb_dst(skb);
1087 struct seg6_action_desc *desc;
1088 struct seg6_local_lwt *slwt;
1089 unsigned int len = skb->len;
1092 slwt = seg6_local_lwtunnel(orig_dst->lwtstate);
1095 rc = desc->input(skb, slwt);
1097 if (!seg6_lwtunnel_counters_enabled(slwt))
1100 seg6_local_update_counters(slwt, len, rc);
1105 static int seg6_local_input(struct sk_buff *skb)
1107 if (skb->protocol != htons(ETH_P_IPV6)) {
1112 if (static_branch_unlikely(&nf_hooks_lwtunnel_enabled))
1113 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_IN,
1114 dev_net(skb->dev), NULL, skb, skb->dev, NULL,
1115 seg6_local_input_core);
1117 return seg6_local_input_core(dev_net(skb->dev), NULL, skb);
1120 static const struct nla_policy seg6_local_policy[SEG6_LOCAL_MAX + 1] = {
1121 [SEG6_LOCAL_ACTION] = { .type = NLA_U32 },
1122 [SEG6_LOCAL_SRH] = { .type = NLA_BINARY },
1123 [SEG6_LOCAL_TABLE] = { .type = NLA_U32 },
1124 [SEG6_LOCAL_VRFTABLE] = { .type = NLA_U32 },
1125 [SEG6_LOCAL_NH4] = { .type = NLA_BINARY,
1126 .len = sizeof(struct in_addr) },
1127 [SEG6_LOCAL_NH6] = { .type = NLA_BINARY,
1128 .len = sizeof(struct in6_addr) },
1129 [SEG6_LOCAL_IIF] = { .type = NLA_U32 },
1130 [SEG6_LOCAL_OIF] = { .type = NLA_U32 },
1131 [SEG6_LOCAL_BPF] = { .type = NLA_NESTED },
1132 [SEG6_LOCAL_COUNTERS] = { .type = NLA_NESTED },
1135 static int parse_nla_srh(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1137 struct ipv6_sr_hdr *srh;
1140 srh = nla_data(attrs[SEG6_LOCAL_SRH]);
1141 len = nla_len(attrs[SEG6_LOCAL_SRH]);
1143 /* SRH must contain at least one segment */
1144 if (len < sizeof(*srh) + sizeof(struct in6_addr))
1147 if (!seg6_validate_srh(srh, len, false))
1150 slwt->srh = kmemdup(srh, len, GFP_KERNEL);
1154 slwt->headroom += len;
1159 static int put_nla_srh(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1161 struct ipv6_sr_hdr *srh;
1166 len = (srh->hdrlen + 1) << 3;
1168 nla = nla_reserve(skb, SEG6_LOCAL_SRH, len);
1172 memcpy(nla_data(nla), srh, len);
1177 static int cmp_nla_srh(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1179 int len = (a->srh->hdrlen + 1) << 3;
1181 if (len != ((b->srh->hdrlen + 1) << 3))
1184 return memcmp(a->srh, b->srh, len);
1187 static void destroy_attr_srh(struct seg6_local_lwt *slwt)
1192 static int parse_nla_table(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1194 slwt->table = nla_get_u32(attrs[SEG6_LOCAL_TABLE]);
1199 static int put_nla_table(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1201 if (nla_put_u32(skb, SEG6_LOCAL_TABLE, slwt->table))
1207 static int cmp_nla_table(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1209 if (a->table != b->table)
1216 seg6_end_dt_info *seg6_possible_end_dt_info(struct seg6_local_lwt *slwt)
1218 #ifdef CONFIG_NET_L3_MASTER_DEV
1219 return &slwt->dt_info;
1221 return ERR_PTR(-EOPNOTSUPP);
1225 static int parse_nla_vrftable(struct nlattr **attrs,
1226 struct seg6_local_lwt *slwt)
1228 struct seg6_end_dt_info *info = seg6_possible_end_dt_info(slwt);
1231 return PTR_ERR(info);
1233 info->vrf_table = nla_get_u32(attrs[SEG6_LOCAL_VRFTABLE]);
1238 static int put_nla_vrftable(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1240 struct seg6_end_dt_info *info = seg6_possible_end_dt_info(slwt);
1243 return PTR_ERR(info);
1245 if (nla_put_u32(skb, SEG6_LOCAL_VRFTABLE, info->vrf_table))
1251 static int cmp_nla_vrftable(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1253 struct seg6_end_dt_info *info_a = seg6_possible_end_dt_info(a);
1254 struct seg6_end_dt_info *info_b = seg6_possible_end_dt_info(b);
1256 if (info_a->vrf_table != info_b->vrf_table)
1262 static int parse_nla_nh4(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1264 memcpy(&slwt->nh4, nla_data(attrs[SEG6_LOCAL_NH4]),
1265 sizeof(struct in_addr));
1270 static int put_nla_nh4(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1274 nla = nla_reserve(skb, SEG6_LOCAL_NH4, sizeof(struct in_addr));
1278 memcpy(nla_data(nla), &slwt->nh4, sizeof(struct in_addr));
1283 static int cmp_nla_nh4(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1285 return memcmp(&a->nh4, &b->nh4, sizeof(struct in_addr));
1288 static int parse_nla_nh6(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1290 memcpy(&slwt->nh6, nla_data(attrs[SEG6_LOCAL_NH6]),
1291 sizeof(struct in6_addr));
1296 static int put_nla_nh6(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1300 nla = nla_reserve(skb, SEG6_LOCAL_NH6, sizeof(struct in6_addr));
1304 memcpy(nla_data(nla), &slwt->nh6, sizeof(struct in6_addr));
1309 static int cmp_nla_nh6(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1311 return memcmp(&a->nh6, &b->nh6, sizeof(struct in6_addr));
1314 static int parse_nla_iif(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1316 slwt->iif = nla_get_u32(attrs[SEG6_LOCAL_IIF]);
1321 static int put_nla_iif(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1323 if (nla_put_u32(skb, SEG6_LOCAL_IIF, slwt->iif))
1329 static int cmp_nla_iif(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1331 if (a->iif != b->iif)
1337 static int parse_nla_oif(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1339 slwt->oif = nla_get_u32(attrs[SEG6_LOCAL_OIF]);
1344 static int put_nla_oif(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1346 if (nla_put_u32(skb, SEG6_LOCAL_OIF, slwt->oif))
1352 static int cmp_nla_oif(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1354 if (a->oif != b->oif)
1360 #define MAX_PROG_NAME 256
1361 static const struct nla_policy bpf_prog_policy[SEG6_LOCAL_BPF_PROG_MAX + 1] = {
1362 [SEG6_LOCAL_BPF_PROG] = { .type = NLA_U32, },
1363 [SEG6_LOCAL_BPF_PROG_NAME] = { .type = NLA_NUL_STRING,
1364 .len = MAX_PROG_NAME },
1367 static int parse_nla_bpf(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1369 struct nlattr *tb[SEG6_LOCAL_BPF_PROG_MAX + 1];
1374 ret = nla_parse_nested_deprecated(tb, SEG6_LOCAL_BPF_PROG_MAX,
1375 attrs[SEG6_LOCAL_BPF],
1376 bpf_prog_policy, NULL);
1380 if (!tb[SEG6_LOCAL_BPF_PROG] || !tb[SEG6_LOCAL_BPF_PROG_NAME])
1383 slwt->bpf.name = nla_memdup(tb[SEG6_LOCAL_BPF_PROG_NAME], GFP_KERNEL);
1384 if (!slwt->bpf.name)
1387 fd = nla_get_u32(tb[SEG6_LOCAL_BPF_PROG]);
1388 p = bpf_prog_get_type(fd, BPF_PROG_TYPE_LWT_SEG6LOCAL);
1390 kfree(slwt->bpf.name);
1398 static int put_nla_bpf(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1400 struct nlattr *nest;
1402 if (!slwt->bpf.prog)
1405 nest = nla_nest_start_noflag(skb, SEG6_LOCAL_BPF);
1409 if (nla_put_u32(skb, SEG6_LOCAL_BPF_PROG, slwt->bpf.prog->aux->id))
1412 if (slwt->bpf.name &&
1413 nla_put_string(skb, SEG6_LOCAL_BPF_PROG_NAME, slwt->bpf.name))
1416 return nla_nest_end(skb, nest);
1419 static int cmp_nla_bpf(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1421 if (!a->bpf.name && !b->bpf.name)
1424 if (!a->bpf.name || !b->bpf.name)
1427 return strcmp(a->bpf.name, b->bpf.name);
1430 static void destroy_attr_bpf(struct seg6_local_lwt *slwt)
1432 kfree(slwt->bpf.name);
1434 bpf_prog_put(slwt->bpf.prog);
1438 nla_policy seg6_local_counters_policy[SEG6_LOCAL_CNT_MAX + 1] = {
1439 [SEG6_LOCAL_CNT_PACKETS] = { .type = NLA_U64 },
1440 [SEG6_LOCAL_CNT_BYTES] = { .type = NLA_U64 },
1441 [SEG6_LOCAL_CNT_ERRORS] = { .type = NLA_U64 },
1444 static int parse_nla_counters(struct nlattr **attrs,
1445 struct seg6_local_lwt *slwt)
1447 struct pcpu_seg6_local_counters __percpu *pcounters;
1448 struct nlattr *tb[SEG6_LOCAL_CNT_MAX + 1];
1451 ret = nla_parse_nested_deprecated(tb, SEG6_LOCAL_CNT_MAX,
1452 attrs[SEG6_LOCAL_COUNTERS],
1453 seg6_local_counters_policy, NULL);
1457 /* basic support for SRv6 Behavior counters requires at least:
1458 * packets, bytes and errors.
1460 if (!tb[SEG6_LOCAL_CNT_PACKETS] || !tb[SEG6_LOCAL_CNT_BYTES] ||
1461 !tb[SEG6_LOCAL_CNT_ERRORS])
1464 /* counters are always zero initialized */
1465 pcounters = seg6_local_alloc_pcpu_counters(GFP_KERNEL);
1469 slwt->pcpu_counters = pcounters;
1474 static int seg6_local_fill_nla_counters(struct sk_buff *skb,
1475 struct seg6_local_counters *counters)
1477 if (nla_put_u64_64bit(skb, SEG6_LOCAL_CNT_PACKETS, counters->packets,
1478 SEG6_LOCAL_CNT_PAD))
1481 if (nla_put_u64_64bit(skb, SEG6_LOCAL_CNT_BYTES, counters->bytes,
1482 SEG6_LOCAL_CNT_PAD))
1485 if (nla_put_u64_64bit(skb, SEG6_LOCAL_CNT_ERRORS, counters->errors,
1486 SEG6_LOCAL_CNT_PAD))
1492 static int put_nla_counters(struct sk_buff *skb, struct seg6_local_lwt *slwt)
1494 struct seg6_local_counters counters = { 0, 0, 0 };
1495 struct nlattr *nest;
1498 nest = nla_nest_start(skb, SEG6_LOCAL_COUNTERS);
1502 for_each_possible_cpu(i) {
1503 struct pcpu_seg6_local_counters *pcounters;
1504 u64 packets, bytes, errors;
1507 pcounters = per_cpu_ptr(slwt->pcpu_counters, i);
1509 start = u64_stats_fetch_begin_irq(&pcounters->syncp);
1511 packets = u64_stats_read(&pcounters->packets);
1512 bytes = u64_stats_read(&pcounters->bytes);
1513 errors = u64_stats_read(&pcounters->errors);
1515 } while (u64_stats_fetch_retry_irq(&pcounters->syncp, start));
1517 counters.packets += packets;
1518 counters.bytes += bytes;
1519 counters.errors += errors;
1522 rc = seg6_local_fill_nla_counters(skb, &counters);
1524 nla_nest_cancel(skb, nest);
1528 return nla_nest_end(skb, nest);
1531 static int cmp_nla_counters(struct seg6_local_lwt *a, struct seg6_local_lwt *b)
1533 /* a and b are equal if both have pcpu_counters set or not */
1534 return (!!((unsigned long)a->pcpu_counters)) ^
1535 (!!((unsigned long)b->pcpu_counters));
1538 static void destroy_attr_counters(struct seg6_local_lwt *slwt)
1540 free_percpu(slwt->pcpu_counters);
1543 struct seg6_action_param {
1544 int (*parse)(struct nlattr **attrs, struct seg6_local_lwt *slwt);
1545 int (*put)(struct sk_buff *skb, struct seg6_local_lwt *slwt);
1546 int (*cmp)(struct seg6_local_lwt *a, struct seg6_local_lwt *b);
1548 /* optional destroy() callback useful for releasing resources which
1549 * have been previously acquired in the corresponding parse()
1552 void (*destroy)(struct seg6_local_lwt *slwt);
1555 static struct seg6_action_param seg6_action_params[SEG6_LOCAL_MAX + 1] = {
1556 [SEG6_LOCAL_SRH] = { .parse = parse_nla_srh,
1559 .destroy = destroy_attr_srh },
1561 [SEG6_LOCAL_TABLE] = { .parse = parse_nla_table,
1562 .put = put_nla_table,
1563 .cmp = cmp_nla_table },
1565 [SEG6_LOCAL_NH4] = { .parse = parse_nla_nh4,
1567 .cmp = cmp_nla_nh4 },
1569 [SEG6_LOCAL_NH6] = { .parse = parse_nla_nh6,
1571 .cmp = cmp_nla_nh6 },
1573 [SEG6_LOCAL_IIF] = { .parse = parse_nla_iif,
1575 .cmp = cmp_nla_iif },
1577 [SEG6_LOCAL_OIF] = { .parse = parse_nla_oif,
1579 .cmp = cmp_nla_oif },
1581 [SEG6_LOCAL_BPF] = { .parse = parse_nla_bpf,
1584 .destroy = destroy_attr_bpf },
1586 [SEG6_LOCAL_VRFTABLE] = { .parse = parse_nla_vrftable,
1587 .put = put_nla_vrftable,
1588 .cmp = cmp_nla_vrftable },
1590 [SEG6_LOCAL_COUNTERS] = { .parse = parse_nla_counters,
1591 .put = put_nla_counters,
1592 .cmp = cmp_nla_counters,
1593 .destroy = destroy_attr_counters },
1596 /* call the destroy() callback (if available) for each set attribute in
1597 * @parsed_attrs, starting from the first attribute up to the @max_parsed
1598 * (excluded) attribute.
1600 static void __destroy_attrs(unsigned long parsed_attrs, int max_parsed,
1601 struct seg6_local_lwt *slwt)
1603 struct seg6_action_param *param;
1606 /* Every required seg6local attribute is identified by an ID which is
1607 * encoded as a flag (i.e: 1 << ID) in the 'attrs' bitmask;
1609 * We scan the 'parsed_attrs' bitmask, starting from the first attribute
1610 * up to the @max_parsed (excluded) attribute.
1611 * For each set attribute, we retrieve the corresponding destroy()
1612 * callback. If the callback is not available, then we skip to the next
1613 * attribute; otherwise, we call the destroy() callback.
1615 for (i = 0; i < max_parsed; ++i) {
1616 if (!(parsed_attrs & SEG6_F_ATTR(i)))
1619 param = &seg6_action_params[i];
1622 param->destroy(slwt);
1626 /* release all the resources that may have been acquired during parsing
1629 static void destroy_attrs(struct seg6_local_lwt *slwt)
1631 unsigned long attrs = slwt->desc->attrs | slwt->parsed_optattrs;
1633 __destroy_attrs(attrs, SEG6_LOCAL_MAX + 1, slwt);
1636 static int parse_nla_optional_attrs(struct nlattr **attrs,
1637 struct seg6_local_lwt *slwt)
1639 struct seg6_action_desc *desc = slwt->desc;
1640 unsigned long parsed_optattrs = 0;
1641 struct seg6_action_param *param;
1644 for (i = 0; i < SEG6_LOCAL_MAX + 1; ++i) {
1645 if (!(desc->optattrs & SEG6_F_ATTR(i)) || !attrs[i])
1648 /* once here, the i-th attribute is provided by the
1649 * userspace AND it is identified optional as well.
1651 param = &seg6_action_params[i];
1653 err = param->parse(attrs, slwt);
1655 goto parse_optattrs_err;
1657 /* current attribute has been correctly parsed */
1658 parsed_optattrs |= SEG6_F_ATTR(i);
1661 /* store in the tunnel state all the optional attributed successfully
1664 slwt->parsed_optattrs = parsed_optattrs;
1669 __destroy_attrs(parsed_optattrs, i, slwt);
1674 /* call the custom constructor of the behavior during its initialization phase
1675 * and after that all its attributes have been parsed successfully.
1678 seg6_local_lwtunnel_build_state(struct seg6_local_lwt *slwt, const void *cfg,
1679 struct netlink_ext_ack *extack)
1681 struct seg6_action_desc *desc = slwt->desc;
1682 struct seg6_local_lwtunnel_ops *ops;
1684 ops = &desc->slwt_ops;
1685 if (!ops->build_state)
1688 return ops->build_state(slwt, cfg, extack);
1691 /* call the custom destructor of the behavior which is invoked before the
1692 * tunnel is going to be destroyed.
1694 static void seg6_local_lwtunnel_destroy_state(struct seg6_local_lwt *slwt)
1696 struct seg6_action_desc *desc = slwt->desc;
1697 struct seg6_local_lwtunnel_ops *ops;
1699 ops = &desc->slwt_ops;
1700 if (!ops->destroy_state)
1703 ops->destroy_state(slwt);
1706 static int parse_nla_action(struct nlattr **attrs, struct seg6_local_lwt *slwt)
1708 struct seg6_action_param *param;
1709 struct seg6_action_desc *desc;
1710 unsigned long invalid_attrs;
1713 desc = __get_action_desc(slwt->action);
1721 slwt->headroom += desc->static_headroom;
1723 /* Forcing the desc->optattrs *set* and the desc->attrs *set* to be
1724 * disjoined, this allow us to release acquired resources by optional
1725 * attributes and by required attributes independently from each other
1726 * without any interference.
1727 * In other terms, we are sure that we do not release some the acquired
1730 * Note that if an attribute is configured both as required and as
1731 * optional, it means that the user has messed something up in the
1732 * seg6_action_table. Therefore, this check is required for SRv6
1733 * behaviors to work properly.
1735 invalid_attrs = desc->attrs & desc->optattrs;
1736 if (invalid_attrs) {
1738 "An attribute cannot be both required AND optional");
1742 /* parse the required attributes */
1743 for (i = 0; i < SEG6_LOCAL_MAX + 1; i++) {
1744 if (desc->attrs & SEG6_F_ATTR(i)) {
1748 param = &seg6_action_params[i];
1750 err = param->parse(attrs, slwt);
1752 goto parse_attrs_err;
1756 /* parse the optional attributes, if any */
1757 err = parse_nla_optional_attrs(attrs, slwt);
1759 goto parse_attrs_err;
1764 /* release any resource that may have been acquired during the i-1
1765 * parse() operations.
1767 __destroy_attrs(desc->attrs, i, slwt);
1772 static int seg6_local_build_state(struct net *net, struct nlattr *nla,
1773 unsigned int family, const void *cfg,
1774 struct lwtunnel_state **ts,
1775 struct netlink_ext_ack *extack)
1777 struct nlattr *tb[SEG6_LOCAL_MAX + 1];
1778 struct lwtunnel_state *newts;
1779 struct seg6_local_lwt *slwt;
1782 if (family != AF_INET6)
1785 err = nla_parse_nested_deprecated(tb, SEG6_LOCAL_MAX, nla,
1786 seg6_local_policy, extack);
1791 if (!tb[SEG6_LOCAL_ACTION])
1794 newts = lwtunnel_state_alloc(sizeof(*slwt));
1798 slwt = seg6_local_lwtunnel(newts);
1799 slwt->action = nla_get_u32(tb[SEG6_LOCAL_ACTION]);
1801 err = parse_nla_action(tb, slwt);
1805 err = seg6_local_lwtunnel_build_state(slwt, cfg, extack);
1807 goto out_destroy_attrs;
1809 newts->type = LWTUNNEL_ENCAP_SEG6_LOCAL;
1810 newts->flags = LWTUNNEL_STATE_INPUT_REDIRECT;
1811 newts->headroom = slwt->headroom;
1818 destroy_attrs(slwt);
1824 static void seg6_local_destroy_state(struct lwtunnel_state *lwt)
1826 struct seg6_local_lwt *slwt = seg6_local_lwtunnel(lwt);
1828 seg6_local_lwtunnel_destroy_state(slwt);
1830 destroy_attrs(slwt);
1835 static int seg6_local_fill_encap(struct sk_buff *skb,
1836 struct lwtunnel_state *lwt)
1838 struct seg6_local_lwt *slwt = seg6_local_lwtunnel(lwt);
1839 struct seg6_action_param *param;
1840 unsigned long attrs;
1843 if (nla_put_u32(skb, SEG6_LOCAL_ACTION, slwt->action))
1846 attrs = slwt->desc->attrs | slwt->parsed_optattrs;
1848 for (i = 0; i < SEG6_LOCAL_MAX + 1; i++) {
1849 if (attrs & SEG6_F_ATTR(i)) {
1850 param = &seg6_action_params[i];
1851 err = param->put(skb, slwt);
1860 static int seg6_local_get_encap_size(struct lwtunnel_state *lwt)
1862 struct seg6_local_lwt *slwt = seg6_local_lwtunnel(lwt);
1863 unsigned long attrs;
1866 nlsize = nla_total_size(4); /* action */
1868 attrs = slwt->desc->attrs | slwt->parsed_optattrs;
1870 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_SRH))
1871 nlsize += nla_total_size((slwt->srh->hdrlen + 1) << 3);
1873 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_TABLE))
1874 nlsize += nla_total_size(4);
1876 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_NH4))
1877 nlsize += nla_total_size(4);
1879 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_NH6))
1880 nlsize += nla_total_size(16);
1882 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_IIF))
1883 nlsize += nla_total_size(4);
1885 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_OIF))
1886 nlsize += nla_total_size(4);
1888 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_BPF))
1889 nlsize += nla_total_size(sizeof(struct nlattr)) +
1890 nla_total_size(MAX_PROG_NAME) +
1893 if (attrs & SEG6_F_ATTR(SEG6_LOCAL_VRFTABLE))
1894 nlsize += nla_total_size(4);
1896 if (attrs & SEG6_F_LOCAL_COUNTERS)
1897 nlsize += nla_total_size(0) + /* nest SEG6_LOCAL_COUNTERS */
1898 /* SEG6_LOCAL_CNT_PACKETS */
1899 nla_total_size_64bit(sizeof(__u64)) +
1900 /* SEG6_LOCAL_CNT_BYTES */
1901 nla_total_size_64bit(sizeof(__u64)) +
1902 /* SEG6_LOCAL_CNT_ERRORS */
1903 nla_total_size_64bit(sizeof(__u64));
1908 static int seg6_local_cmp_encap(struct lwtunnel_state *a,
1909 struct lwtunnel_state *b)
1911 struct seg6_local_lwt *slwt_a, *slwt_b;
1912 struct seg6_action_param *param;
1913 unsigned long attrs_a, attrs_b;
1916 slwt_a = seg6_local_lwtunnel(a);
1917 slwt_b = seg6_local_lwtunnel(b);
1919 if (slwt_a->action != slwt_b->action)
1922 attrs_a = slwt_a->desc->attrs | slwt_a->parsed_optattrs;
1923 attrs_b = slwt_b->desc->attrs | slwt_b->parsed_optattrs;
1925 if (attrs_a != attrs_b)
1928 for (i = 0; i < SEG6_LOCAL_MAX + 1; i++) {
1929 if (attrs_a & SEG6_F_ATTR(i)) {
1930 param = &seg6_action_params[i];
1931 if (param->cmp(slwt_a, slwt_b))
1939 static const struct lwtunnel_encap_ops seg6_local_ops = {
1940 .build_state = seg6_local_build_state,
1941 .destroy_state = seg6_local_destroy_state,
1942 .input = seg6_local_input,
1943 .fill_encap = seg6_local_fill_encap,
1944 .get_encap_size = seg6_local_get_encap_size,
1945 .cmp_encap = seg6_local_cmp_encap,
1946 .owner = THIS_MODULE,
1949 int __init seg6_local_init(void)
1951 /* If the max total number of defined attributes is reached, then your
1952 * kernel build stops here.
1954 * This check is required to avoid arithmetic overflows when processing
1955 * behavior attributes and the maximum number of defined attributes
1956 * exceeds the allowed value.
1958 BUILD_BUG_ON(SEG6_LOCAL_MAX + 1 > BITS_PER_TYPE(unsigned long));
1960 return lwtunnel_encap_add_ops(&seg6_local_ops,
1961 LWTUNNEL_ENCAP_SEG6_LOCAL);
1964 void seg6_local_exit(void)
1966 lwtunnel_encap_del_ops(&seg6_local_ops, LWTUNNEL_ENCAP_SEG6_LOCAL);
projects / releases.git / blob