1 From 775d6fe74d1eaec2ba387535b068dde2dc89de9e Mon Sep 17 00:00:00 2001
2 From: Steven Barth <steven@midlink.org>
3 Date: Thu, 22 May 2014 09:49:05 +0200
4 Subject: [PATCH] Add support for MAP-E FMRs (mesh mode)
6 MAP-E FMRs (draft-ietf-softwire-map-10) are rules for IPv4-communication
7 between MAP CEs (mesh mode) without the need to forward such data to a
8 border relay. This is similar to how 6rd works but for IPv4 over IPv6.
10 Signed-off-by: Steven Barth <cyrus@openwrt.org>
12 include/net/ip6_tunnel.h | 13 ++
13 include/uapi/linux/if_tunnel.h | 13 ++
14 net/ipv6/ip6_tunnel.c | 276 +++++++++++++++++++++++++++++++++++++++--
15 3 files changed, 291 insertions(+), 11 deletions(-)
17 --- a/include/net/ip6_tunnel.h
18 +++ b/include/net/ip6_tunnel.h
20 /* determine capability on a per-packet basis */
21 #define IP6_TNL_F_CAP_PER_PACKET 0x40000
23 +/* IPv6 tunnel FMR */
24 +struct __ip6_tnl_fmr {
25 + struct __ip6_tnl_fmr *next; /* next fmr in list */
26 + struct in6_addr ip6_prefix;
27 + struct in_addr ip4_prefix;
29 + __u8 ip6_prefix_len;
30 + __u8 ip4_prefix_len;
35 struct __ip6_tnl_parm {
36 char name[IFNAMSIZ]; /* name of tunnel device */
37 int link; /* ifindex of underlying L2 interface */
38 @@ -25,6 +37,7 @@ struct __ip6_tnl_parm {
39 __u32 flags; /* tunnel flags */
40 struct in6_addr laddr; /* local tunnel end-point address */
41 struct in6_addr raddr; /* remote tunnel end-point address */
42 + struct __ip6_tnl_fmr *fmrs; /* FMRs */
46 --- a/net/ipv6/ip6_tunnel.c
47 +++ b/net/ipv6/ip6_tunnel.c
49 * as published by the Free Software Foundation; either version
50 * 2 of the License, or (at your option) any later version.
53 + * Steven Barth <cyrus@openwrt.org>: MAP-E FMR support
56 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
57 @@ -77,11 +79,9 @@ static bool log_ecn_error = true;
58 module_param(log_ecn_error, bool, 0644);
59 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
61 -static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
62 +static u32 HASH(const struct in6_addr *addr)
64 - u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2);
66 - return hash_32(hash, HASH_SIZE_SHIFT);
67 + return hash_32(ipv6_addr_hash(addr), HASH_SIZE_SHIFT);
70 static int ip6_tnl_dev_init(struct net_device *dev);
71 @@ -180,15 +180,24 @@ EXPORT_SYMBOL_GPL(ip6_tnl_dst_store);
72 static struct ip6_tnl *
73 ip6_tnl_lookup(struct net *net, const struct in6_addr *remote, const struct in6_addr *local)
75 - unsigned int hash = HASH(remote, local);
76 + unsigned int hash = HASH(local);
78 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
79 + struct __ip6_tnl_fmr *fmr;
81 for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
82 - if (ipv6_addr_equal(local, &t->parms.laddr) &&
83 - ipv6_addr_equal(remote, &t->parms.raddr) &&
84 - (t->dev->flags & IFF_UP))
85 + if (!ipv6_addr_equal(local, &t->parms.laddr) ||
86 + !(t->dev->flags & IFF_UP))
89 + if (ipv6_addr_equal(remote, &t->parms.raddr))
92 + for (fmr = t->parms.fmrs; fmr; fmr = fmr->next) {
93 + if (ipv6_prefix_equal(remote, &fmr->ip6_prefix,
94 + fmr->ip6_prefix_len))
98 t = rcu_dereference(ip6n->tnls_wc[0]);
99 if (t && (t->dev->flags & IFF_UP))
100 @@ -218,7 +227,7 @@ ip6_tnl_bucket(struct ip6_tnl_net *ip6n,
102 if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) {
104 - h = HASH(remote, local);
107 return &ip6n->tnls[prio][h];
109 @@ -391,6 +400,12 @@ ip6_tnl_dev_uninit(struct net_device *de
110 struct net *net = t->net;
111 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
113 + while (t->parms.fmrs) {
114 + struct __ip6_tnl_fmr *next = t->parms.fmrs->next;
115 + kfree(t->parms.fmrs);
116 + t->parms.fmrs = next;
119 if (dev == ip6n->fb_tnl_dev)
120 RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL);
122 @@ -774,6 +789,108 @@ int ip6_tnl_rcv_ctl(struct ip6_tnl *t,
124 EXPORT_SYMBOL_GPL(ip6_tnl_rcv_ctl);
128 + * ip4ip6_fmr_calc - calculate target / source IPv6-address based on FMR
129 + * @dest: destination IPv6 address buffer
130 + * @skb: received socket buffer
132 + * @xmit: Calculate for xmit or rcv
134 +static void ip4ip6_fmr_calc(struct in6_addr *dest,
135 + const struct iphdr *iph, const uint8_t *end,
136 + const struct __ip6_tnl_fmr *fmr, bool xmit)
138 + int psidlen = fmr->ea_len - (32 - fmr->ip4_prefix_len);
140 + bool use_dest_addr;
141 + const struct iphdr *dsth = iph;
143 + if ((u8*)dsth >= end)
146 + /* find significant IP header */
147 + if (iph->protocol == IPPROTO_ICMP) {
148 + struct icmphdr *ih = (struct icmphdr*)(((u8*)dsth) + dsth->ihl * 4);
149 + if (ih && ((u8*)&ih[1]) <= end && (
150 + ih->type == ICMP_DEST_UNREACH ||
151 + ih->type == ICMP_SOURCE_QUENCH ||
152 + ih->type == ICMP_TIME_EXCEEDED ||
153 + ih->type == ICMP_PARAMETERPROB ||
154 + ih->type == ICMP_REDIRECT))
155 + dsth = (const struct iphdr*)&ih[1];
158 + /* in xmit-path use dest port by default and source port only if
159 + this is an ICMP reply to something else; vice versa in rcv-path */
160 + use_dest_addr = (xmit && dsth == iph) || (!xmit && dsth != iph);
163 + if (((u8*)&dsth[1]) <= end && (
164 + dsth->protocol == IPPROTO_UDP ||
165 + dsth->protocol == IPPROTO_TCP ||
166 + dsth->protocol == IPPROTO_SCTP ||
167 + dsth->protocol == IPPROTO_DCCP)) {
168 + /* for UDP, TCP, SCTP and DCCP source and dest port
169 + follow IPv4 header directly */
170 + portp = ((u8*)dsth) + dsth->ihl * 4;
173 + portp += sizeof(u16);
174 + } else if (iph->protocol == IPPROTO_ICMP) {
175 + struct icmphdr *ih = (struct icmphdr*)(((u8*)dsth) + dsth->ihl * 4);
177 + /* use icmp identifier as port */
178 + if (((u8*)&ih) <= end && (
179 + (use_dest_addr && (
180 + ih->type == ICMP_ECHOREPLY ||
181 + ih->type == ICMP_TIMESTAMPREPLY ||
182 + ih->type == ICMP_INFO_REPLY ||
183 + ih->type == ICMP_ADDRESSREPLY)) ||
184 + (!use_dest_addr && (
185 + ih->type == ICMP_ECHO ||
186 + ih->type == ICMP_TIMESTAMP ||
187 + ih->type == ICMP_INFO_REQUEST ||
188 + ih->type == ICMP_ADDRESS)
190 + portp = (u8*)&ih->un.echo.id;
193 + if ((portp && &portp[2] <= end) || psidlen == 0) {
194 + int frombyte = fmr->ip6_prefix_len / 8;
195 + int fromrem = fmr->ip6_prefix_len % 8;
196 + int bytes = sizeof(struct in6_addr) - frombyte;
197 + const u32 *addr = (use_dest_addr) ? &iph->daddr : &iph->saddr;
198 + u64 eabits = ((u64)ntohl(*addr)) << (32 + fmr->ip4_prefix_len);
201 + /* extract PSID from port and add it to eabits */
204 + psidbits = ((u16)portp[0]) << 8 | ((u16)portp[1]);
205 + psidbits >>= 16 - psidlen - fmr->offset;
206 + psidbits = (u16)(psidbits << (16 - psidlen));
207 + eabits |= ((u64)psidbits) << (48 - (fmr->ea_len - psidlen));
210 + /* rewrite destination address */
211 + *dest = fmr->ip6_prefix;
212 + memcpy(&dest->s6_addr[10], addr, sizeof(*addr));
213 + dest->s6_addr16[7] = htons(psidbits >> (16 - psidlen));
215 + if (bytes > sizeof(u64))
216 + bytes = sizeof(u64);
218 + /* insert eabits */
219 + memcpy(&t, &dest->s6_addr[frombyte], bytes);
220 + t = be64_to_cpu(t) & ~(((((u64)1) << fmr->ea_len) - 1)
221 + << (64 - fmr->ea_len - fromrem));
222 + t = cpu_to_be64(t | (eabits >> fromrem));
223 + memcpy(&dest->s6_addr[frombyte], &t, bytes);
229 * ip6_tnl_rcv - decapsulate IPv6 packet and retransmit it locally
230 * @skb: received socket buffer
231 @@ -818,6 +935,26 @@ static int ip6_tnl_rcv(struct sk_buff *s
232 skb_reset_network_header(skb);
233 skb->protocol = htons(protocol);
234 memset(skb->cb, 0, sizeof(struct inet6_skb_parm));
235 + if (protocol == ETH_P_IP &&
236 + !ipv6_addr_equal(&ipv6h->saddr, &t->parms.raddr)) {
237 + /* Packet didn't come from BR, so lookup FMR */
238 + struct __ip6_tnl_fmr *fmr;
239 + struct in6_addr expected = t->parms.raddr;
240 + for (fmr = t->parms.fmrs; fmr; fmr = fmr->next)
241 + if (ipv6_prefix_equal(&ipv6h->saddr,
242 + &fmr->ip6_prefix, fmr->ip6_prefix_len))
245 + /* Check that IPv6 matches IPv4 source to prevent spoofing */
247 + ip4ip6_fmr_calc(&expected, ip_hdr(skb),
248 + skb_tail_pointer(skb), fmr, false);
250 + if (!ipv6_addr_equal(&ipv6h->saddr, &expected)) {
256 __skb_tunnel_rx(skb, t->dev, t->net);
258 @@ -1079,6 +1216,7 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str
262 + struct __ip6_tnl_fmr *fmr;
264 if ((t->parms.proto != IPPROTO_IPIP && t->parms.proto != 0) ||
265 !ip6_tnl_xmit_ctl(t))
266 @@ -1098,6 +1236,18 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str
267 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
268 fl6.flowi6_mark = skb->mark;
270 + /* try to find matching FMR */
271 + for (fmr = t->parms.fmrs; fmr; fmr = fmr->next) {
272 + unsigned mshift = 32 - fmr->ip4_prefix_len;
273 + if (ntohl(fmr->ip4_prefix.s_addr) >> mshift ==
274 + ntohl(iph->daddr) >> mshift)
278 + /* change dstaddr according to FMR */
280 + ip4ip6_fmr_calc(&fl6.daddr, iph, skb_tail_pointer(skb), fmr, true);
282 err = ip6_tnl_xmit2(skb, dev, dsfield, &fl6, encap_limit, &mtu);
284 /* XXX: send ICMP error even if DF is not set. */
285 @@ -1266,6 +1416,14 @@ ip6_tnl_change(struct ip6_tnl *t, const
286 t->parms.flowinfo = p->flowinfo;
287 t->parms.link = p->link;
288 t->parms.proto = p->proto;
290 + while (t->parms.fmrs) {
291 + struct __ip6_tnl_fmr *next = t->parms.fmrs->next;
292 + kfree(t->parms.fmrs);
293 + t->parms.fmrs = next;
295 + t->parms.fmrs = p->fmrs;
297 ip6_tnl_dst_reset(t);
298 ip6_tnl_link_config(t);
300 @@ -1296,6 +1454,7 @@ ip6_tnl_parm_from_user(struct __ip6_tnl_
301 p->flowinfo = u->flowinfo;
305 memcpy(p->name, u->name, sizeof(u->name));
308 @@ -1576,6 +1735,15 @@ static int ip6_tnl_validate(struct nlatt
312 +static const struct nla_policy ip6_tnl_fmr_policy[IFLA_IPTUN_FMR_MAX + 1] = {
313 + [IFLA_IPTUN_FMR_IP6_PREFIX] = { .len = sizeof(struct in6_addr) },
314 + [IFLA_IPTUN_FMR_IP4_PREFIX] = { .len = sizeof(struct in_addr) },
315 + [IFLA_IPTUN_FMR_IP6_PREFIX_LEN] = { .type = NLA_U8 },
316 + [IFLA_IPTUN_FMR_IP4_PREFIX_LEN] = { .type = NLA_U8 },
317 + [IFLA_IPTUN_FMR_EA_LEN] = { .type = NLA_U8 },
318 + [IFLA_IPTUN_FMR_OFFSET] = { .type = NLA_U8 }
321 static void ip6_tnl_netlink_parms(struct nlattr *data[],
322 struct __ip6_tnl_parm *parms)
324 @@ -1609,6 +1777,46 @@ static void ip6_tnl_netlink_parms(struct
326 if (data[IFLA_IPTUN_PROTO])
327 parms->proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
329 + if (data[IFLA_IPTUN_FMRS]) {
331 + struct nlattr *fmr;
332 + nla_for_each_nested(fmr, data[IFLA_IPTUN_FMRS], rem) {
333 + struct nlattr *fmrd[IFLA_IPTUN_FMR_MAX + 1], *c;
334 + struct __ip6_tnl_fmr *nfmr;
336 + nla_parse_nested(fmrd, IFLA_IPTUN_FMR_MAX,
337 + fmr, ip6_tnl_fmr_policy);
339 + if (!(nfmr = kzalloc(sizeof(*nfmr), GFP_KERNEL)))
344 + if ((c = fmrd[IFLA_IPTUN_FMR_IP6_PREFIX]))
345 + nla_memcpy(&nfmr->ip6_prefix, fmrd[IFLA_IPTUN_FMR_IP6_PREFIX],
346 + sizeof(nfmr->ip6_prefix));
348 + if ((c = fmrd[IFLA_IPTUN_FMR_IP4_PREFIX]))
349 + nla_memcpy(&nfmr->ip4_prefix, fmrd[IFLA_IPTUN_FMR_IP4_PREFIX],
350 + sizeof(nfmr->ip4_prefix));
352 + if ((c = fmrd[IFLA_IPTUN_FMR_IP6_PREFIX_LEN]))
353 + nfmr->ip6_prefix_len = nla_get_u8(c);
355 + if ((c = fmrd[IFLA_IPTUN_FMR_IP4_PREFIX_LEN]))
356 + nfmr->ip4_prefix_len = nla_get_u8(c);
358 + if ((c = fmrd[IFLA_IPTUN_FMR_EA_LEN]))
359 + nfmr->ea_len = nla_get_u8(c);
361 + if ((c = fmrd[IFLA_IPTUN_FMR_OFFSET]))
362 + nfmr->offset = nla_get_u8(c);
364 + nfmr->next = parms->fmrs;
365 + parms->fmrs = nfmr;
370 static int ip6_tnl_newlink(struct net *src_net, struct net_device *dev,
371 @@ -1661,6 +1869,12 @@ static void ip6_tnl_dellink(struct net_d
373 static size_t ip6_tnl_get_size(const struct net_device *dev)
375 + const struct ip6_tnl *t = netdev_priv(dev);
376 + struct __ip6_tnl_fmr *c;
378 + for (c = t->parms.fmrs; c; c = c->next)
382 /* IFLA_IPTUN_LINK */
384 @@ -1678,6 +1892,24 @@ static size_t ip6_tnl_get_size(const str
386 /* IFLA_IPTUN_PROTO */
388 + /* IFLA_IPTUN_FMRS */
389 + nla_total_size(0) +
392 + nla_total_size(0) +
393 + /* IFLA_IPTUN_FMR_IP6_PREFIX */
394 + nla_total_size(sizeof(struct in6_addr)) +
395 + /* IFLA_IPTUN_FMR_IP4_PREFIX */
396 + nla_total_size(sizeof(struct in_addr)) +
397 + /* IFLA_IPTUN_FMR_EA_LEN */
398 + nla_total_size(1) +
399 + /* IFLA_IPTUN_FMR_IP6_PREFIX_LEN */
400 + nla_total_size(1) +
401 + /* IFLA_IPTUN_FMR_IP4_PREFIX_LEN */
402 + nla_total_size(1) +
403 + /* IFLA_IPTUN_FMR_OFFSET */
409 @@ -1685,6 +1917,9 @@ static int ip6_tnl_fill_info(struct sk_b
411 struct ip6_tnl *tunnel = netdev_priv(dev);
412 struct __ip6_tnl_parm *parm = &tunnel->parms;
413 + struct __ip6_tnl_fmr *c;
415 + struct nlattr *fmrs;
417 if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
418 nla_put(skb, IFLA_IPTUN_LOCAL, sizeof(struct in6_addr),
419 @@ -1695,8 +1930,27 @@ static int ip6_tnl_fill_info(struct sk_b
420 nla_put_u8(skb, IFLA_IPTUN_ENCAP_LIMIT, parm->encap_limit) ||
421 nla_put_be32(skb, IFLA_IPTUN_FLOWINFO, parm->flowinfo) ||
422 nla_put_u32(skb, IFLA_IPTUN_FLAGS, parm->flags) ||
423 - nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->proto))
424 + nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->proto) ||
425 + !(fmrs = nla_nest_start(skb, IFLA_IPTUN_FMRS)))
426 goto nla_put_failure;
428 + for (c = parm->fmrs; c; c = c->next) {
429 + struct nlattr *fmr = nla_nest_start(skb, ++fmrcnt);
431 + nla_put(skb, IFLA_IPTUN_FMR_IP6_PREFIX,
432 + sizeof(c->ip6_prefix), &c->ip6_prefix) ||
433 + nla_put(skb, IFLA_IPTUN_FMR_IP4_PREFIX,
434 + sizeof(c->ip4_prefix), &c->ip4_prefix) ||
435 + nla_put_u8(skb, IFLA_IPTUN_FMR_IP6_PREFIX_LEN, c->ip6_prefix_len) ||
436 + nla_put_u8(skb, IFLA_IPTUN_FMR_IP4_PREFIX_LEN, c->ip4_prefix_len) ||
437 + nla_put_u8(skb, IFLA_IPTUN_FMR_EA_LEN, c->ea_len) ||
438 + nla_put_u8(skb, IFLA_IPTUN_FMR_OFFSET, c->offset))
439 + goto nla_put_failure;
441 + nla_nest_end(skb, fmr);
443 + nla_nest_end(skb, fmrs);
448 @@ -1712,6 +1966,7 @@ static const struct nla_policy ip6_tnl_p
449 [IFLA_IPTUN_FLOWINFO] = { .type = NLA_U32 },
450 [IFLA_IPTUN_FLAGS] = { .type = NLA_U32 },
451 [IFLA_IPTUN_PROTO] = { .type = NLA_U8 },
452 + [IFLA_IPTUN_FMRS] = { .type = NLA_NESTED },
455 static struct rtnl_link_ops ip6_link_ops __read_mostly = {
projects / lede.git / blob