gtp.c 59 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /* GTP according to GSM TS 09.60 / 3GPP TS 29.060
  3. *
  4. * (C) 2012-2014 by sysmocom - s.f.m.c. GmbH
  5. * (C) 2016 by Pablo Neira Ayuso <pablo@netfilter.org>
  6. *
  7. * Author: Harald Welte <hwelte@sysmocom.de>
  8. * Pablo Neira Ayuso <pablo@netfilter.org>
  9. * Andreas Schultz <aschultz@travelping.com>
  10. */
  11. #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  12. #include <linux/module.h>
  13. #include <linux/skbuff.h>
  14. #include <linux/udp.h>
  15. #include <linux/rculist.h>
  16. #include <linux/jhash.h>
  17. #include <linux/if_tunnel.h>
  18. #include <linux/net.h>
  19. #include <linux/file.h>
  20. #include <linux/gtp.h>
  21. #include <net/flow.h>
  22. #include <net/inet_dscp.h>
  23. #include <net/net_namespace.h>
  24. #include <net/protocol.h>
  25. #include <net/inet_sock.h>
  26. #include <net/ip.h>
  27. #include <net/ipv6.h>
  28. #include <net/udp.h>
  29. #include <net/udp_tunnel.h>
  30. #include <net/icmp.h>
  31. #include <net/xfrm.h>
  32. #include <net/genetlink.h>
  33. #include <net/netns/generic.h>
  34. #include <net/gtp.h>
  35. /* An active session for the subscriber. */
  36. struct pdp_ctx {
  37. struct hlist_node hlist_tid;
  38. struct hlist_node hlist_addr;
  39. union {
  40. struct {
  41. u64 tid;
  42. u16 flow;
  43. } v0;
  44. struct {
  45. u32 i_tei;
  46. u32 o_tei;
  47. } v1;
  48. } u;
  49. u8 gtp_version;
  50. u16 af;
  51. union {
  52. struct in_addr addr;
  53. struct in6_addr addr6;
  54. } ms;
  55. union {
  56. struct in_addr addr;
  57. struct in6_addr addr6;
  58. } peer;
  59. struct sock *sk;
  60. struct net_device *dev;
  61. atomic_t tx_seq;
  62. struct rcu_head rcu_head;
  63. };
  64. /* One instance of the GTP device. */
  65. struct gtp_dev {
  66. struct list_head list;
  67. struct sock *sk0;
  68. struct sock *sk1u;
  69. u8 sk_created;
  70. struct net_device *dev;
  71. struct net *net;
  72. unsigned int role;
  73. unsigned int hash_size;
  74. struct hlist_head *tid_hash;
  75. struct hlist_head *addr_hash;
  76. u8 restart_count;
  77. };
  78. struct echo_info {
  79. u16 af;
  80. u8 gtp_version;
  81. union {
  82. struct in_addr addr;
  83. } ms;
  84. union {
  85. struct in_addr addr;
  86. } peer;
  87. };
  88. static unsigned int gtp_net_id __read_mostly;
  89. struct gtp_net {
  90. struct list_head gtp_dev_list;
  91. };
  92. static u32 gtp_h_initval;
  93. static struct genl_family gtp_genl_family;
  94. enum gtp_multicast_groups {
  95. GTP_GENL_MCGRP,
  96. };
  97. static const struct genl_multicast_group gtp_genl_mcgrps[] = {
  98. [GTP_GENL_MCGRP] = { .name = GTP_GENL_MCGRP_NAME },
  99. };
  100. static void pdp_context_delete(struct pdp_ctx *pctx);
  101. static inline u32 gtp0_hashfn(u64 tid)
  102. {
  103. u32 *tid32 = (u32 *) &tid;
  104. return jhash_2words(tid32[0], tid32[1], gtp_h_initval);
  105. }
  106. static inline u32 gtp1u_hashfn(u32 tid)
  107. {
  108. return jhash_1word(tid, gtp_h_initval);
  109. }
  110. static inline u32 ipv4_hashfn(__be32 ip)
  111. {
  112. return jhash_1word((__force u32)ip, gtp_h_initval);
  113. }
  114. static u32 ipv6_hashfn(const struct in6_addr *ip6)
  115. {
  116. return jhash_2words((__force u32)ip6->s6_addr32[0],
  117. (__force u32)ip6->s6_addr32[1], gtp_h_initval);
  118. }
  119. /* Resolve a PDP context structure based on the 64bit TID. */
  120. static struct pdp_ctx *gtp0_pdp_find(struct gtp_dev *gtp, u64 tid, u16 family)
  121. {
  122. struct hlist_head *head;
  123. struct pdp_ctx *pdp;
  124. head = &gtp->tid_hash[gtp0_hashfn(tid) % gtp->hash_size];
  125. hlist_for_each_entry_rcu(pdp, head, hlist_tid) {
  126. if (pdp->af == family &&
  127. pdp->gtp_version == GTP_V0 &&
  128. pdp->u.v0.tid == tid)
  129. return pdp;
  130. }
  131. return NULL;
  132. }
  133. /* Resolve a PDP context structure based on the 32bit TEI. */
  134. static struct pdp_ctx *gtp1_pdp_find(struct gtp_dev *gtp, u32 tid, u16 family)
  135. {
  136. struct hlist_head *head;
  137. struct pdp_ctx *pdp;
  138. head = &gtp->tid_hash[gtp1u_hashfn(tid) % gtp->hash_size];
  139. hlist_for_each_entry_rcu(pdp, head, hlist_tid) {
  140. if (pdp->af == family &&
  141. pdp->gtp_version == GTP_V1 &&
  142. pdp->u.v1.i_tei == tid)
  143. return pdp;
  144. }
  145. return NULL;
  146. }
  147. /* Resolve a PDP context based on IPv4 address of MS. */
  148. static struct pdp_ctx *ipv4_pdp_find(struct gtp_dev *gtp, __be32 ms_addr)
  149. {
  150. struct hlist_head *head;
  151. struct pdp_ctx *pdp;
  152. head = &gtp->addr_hash[ipv4_hashfn(ms_addr) % gtp->hash_size];
  153. hlist_for_each_entry_rcu(pdp, head, hlist_addr) {
  154. if (pdp->af == AF_INET &&
  155. pdp->ms.addr.s_addr == ms_addr)
  156. return pdp;
  157. }
  158. return NULL;
  159. }
  160. /* 3GPP TS 29.060: PDN Connection: the association between a MS represented by
  161. * [...] one IPv6 *prefix* and a PDN represented by an APN.
  162. *
  163. * Then, 3GPP TS 29.061, Section 11.2.1.3 says: The size of the prefix shall be
  164. * according to the maximum prefix length for a global IPv6 address as
  165. * specified in the IPv6 Addressing Architecture, see RFC 4291.
  166. *
  167. * Finally, RFC 4291 section 2.5.4 states: All Global Unicast addresses other
  168. * than those that start with binary 000 have a 64-bit interface ID field
  169. * (i.e., n + m = 64).
  170. */
  171. static bool ipv6_pdp_addr_equal(const struct in6_addr *a,
  172. const struct in6_addr *b)
  173. {
  174. return a->s6_addr32[0] == b->s6_addr32[0] &&
  175. a->s6_addr32[1] == b->s6_addr32[1];
  176. }
  177. static struct pdp_ctx *ipv6_pdp_find(struct gtp_dev *gtp,
  178. const struct in6_addr *ms_addr)
  179. {
  180. struct hlist_head *head;
  181. struct pdp_ctx *pdp;
  182. head = &gtp->addr_hash[ipv6_hashfn(ms_addr) % gtp->hash_size];
  183. hlist_for_each_entry_rcu(pdp, head, hlist_addr) {
  184. if (pdp->af == AF_INET6 &&
  185. ipv6_pdp_addr_equal(&pdp->ms.addr6, ms_addr))
  186. return pdp;
  187. }
  188. return NULL;
  189. }
  190. static bool gtp_check_ms_ipv4(struct sk_buff *skb, struct pdp_ctx *pctx,
  191. unsigned int hdrlen, unsigned int role)
  192. {
  193. struct iphdr *iph;
  194. if (!pskb_may_pull(skb, hdrlen + sizeof(struct iphdr)))
  195. return false;
  196. iph = (struct iphdr *)(skb->data + hdrlen);
  197. if (role == GTP_ROLE_SGSN)
  198. return iph->daddr == pctx->ms.addr.s_addr;
  199. else
  200. return iph->saddr == pctx->ms.addr.s_addr;
  201. }
  202. static bool gtp_check_ms_ipv6(struct sk_buff *skb, struct pdp_ctx *pctx,
  203. unsigned int hdrlen, unsigned int role)
  204. {
  205. struct ipv6hdr *ip6h;
  206. int ret;
  207. if (!pskb_may_pull(skb, hdrlen + sizeof(struct ipv6hdr)))
  208. return false;
  209. ip6h = (struct ipv6hdr *)(skb->data + hdrlen);
  210. if ((ipv6_addr_type(&ip6h->saddr) & IPV6_ADDR_LINKLOCAL) ||
  211. (ipv6_addr_type(&ip6h->daddr) & IPV6_ADDR_LINKLOCAL))
  212. return false;
  213. if (role == GTP_ROLE_SGSN) {
  214. ret = ipv6_pdp_addr_equal(&ip6h->daddr, &pctx->ms.addr6);
  215. } else {
  216. ret = ipv6_pdp_addr_equal(&ip6h->saddr, &pctx->ms.addr6);
  217. }
  218. return ret;
  219. }
  220. /* Check if the inner IP address in this packet is assigned to any
  221. * existing mobile subscriber.
  222. */
  223. static bool gtp_check_ms(struct sk_buff *skb, struct pdp_ctx *pctx,
  224. unsigned int hdrlen, unsigned int role,
  225. __u16 inner_proto)
  226. {
  227. switch (inner_proto) {
  228. case ETH_P_IP:
  229. return gtp_check_ms_ipv4(skb, pctx, hdrlen, role);
  230. case ETH_P_IPV6:
  231. return gtp_check_ms_ipv6(skb, pctx, hdrlen, role);
  232. }
  233. return false;
  234. }
  235. static int gtp_inner_proto(struct sk_buff *skb, unsigned int hdrlen,
  236. __u16 *inner_proto)
  237. {
  238. __u8 *ip_version, _ip_version;
  239. ip_version = skb_header_pointer(skb, hdrlen, sizeof(*ip_version),
  240. &_ip_version);
  241. if (!ip_version)
  242. return -1;
  243. switch (*ip_version & 0xf0) {
  244. case 0x40:
  245. *inner_proto = ETH_P_IP;
  246. break;
  247. case 0x60:
  248. *inner_proto = ETH_P_IPV6;
  249. break;
  250. default:
  251. return -1;
  252. }
  253. return 0;
  254. }
  255. static int gtp_rx(struct pdp_ctx *pctx, struct sk_buff *skb,
  256. unsigned int hdrlen, unsigned int role, __u16 inner_proto)
  257. {
  258. if (!gtp_check_ms(skb, pctx, hdrlen, role, inner_proto)) {
  259. netdev_dbg(pctx->dev, "No PDP ctx for this MS\n");
  260. return 1;
  261. }
  262. /* Get rid of the GTP + UDP headers. */
  263. if (iptunnel_pull_header(skb, hdrlen, htons(inner_proto),
  264. !net_eq(sock_net(pctx->sk), dev_net(pctx->dev)))) {
  265. pctx->dev->stats.rx_length_errors++;
  266. goto err;
  267. }
  268. netdev_dbg(pctx->dev, "forwarding packet from GGSN to uplink\n");
  269. /* Now that the UDP and the GTP header have been removed, set up the
  270. * new network header. This is required by the upper layer to
  271. * calculate the transport header.
  272. */
  273. skb_reset_network_header(skb);
  274. skb_reset_mac_header(skb);
  275. skb->dev = pctx->dev;
  276. dev_sw_netstats_rx_add(pctx->dev, skb->len);
  277. __netif_rx(skb);
  278. return 0;
  279. err:
  280. pctx->dev->stats.rx_dropped++;
  281. return -1;
  282. }
  283. static struct rtable *ip4_route_output_gtp(struct flowi4 *fl4,
  284. const struct sock *sk,
  285. __be32 daddr, __be32 saddr)
  286. {
  287. memset(fl4, 0, sizeof(*fl4));
  288. fl4->flowi4_oif = sk->sk_bound_dev_if;
  289. fl4->daddr = daddr;
  290. fl4->saddr = saddr;
  291. fl4->flowi4_dscp = inet_sk_dscp(inet_sk(sk));
  292. fl4->flowi4_scope = ip_sock_rt_scope(sk);
  293. fl4->flowi4_proto = sk->sk_protocol;
  294. return ip_route_output_key(sock_net(sk), fl4);
  295. }
  296. static struct rt6_info *ip6_route_output_gtp(struct net *net,
  297. struct flowi6 *fl6,
  298. const struct sock *sk,
  299. const struct in6_addr *daddr,
  300. struct in6_addr *saddr)
  301. {
  302. struct dst_entry *dst;
  303. memset(fl6, 0, sizeof(*fl6));
  304. fl6->flowi6_oif = sk->sk_bound_dev_if;
  305. fl6->daddr = *daddr;
  306. fl6->saddr = *saddr;
  307. fl6->flowi6_proto = sk->sk_protocol;
  308. dst = ipv6_stub->ipv6_dst_lookup_flow(net, sk, fl6, NULL);
  309. if (IS_ERR(dst))
  310. return ERR_PTR(-ENETUNREACH);
  311. return (struct rt6_info *)dst;
  312. }
  313. /* GSM TS 09.60. 7.3
  314. * In all Path Management messages:
  315. * - TID: is not used and shall be set to 0.
  316. * - Flow Label is not used and shall be set to 0
  317. * In signalling messages:
  318. * - number: this field is not yet used in signalling messages.
  319. * It shall be set to 255 by the sender and shall be ignored
  320. * by the receiver
  321. * Returns true if the echo req was correct, false otherwise.
  322. */
  323. static bool gtp0_validate_echo_hdr(struct gtp0_header *gtp0)
  324. {
  325. return !(gtp0->tid || (gtp0->flags ^ 0x1e) ||
  326. gtp0->number != 0xff || gtp0->flow);
  327. }
  328. /* msg_type has to be GTP_ECHO_REQ or GTP_ECHO_RSP */
  329. static void gtp0_build_echo_msg(struct gtp0_header *hdr, __u8 msg_type)
  330. {
  331. int len_pkt, len_hdr;
  332. hdr->flags = 0x1e; /* v0, GTP-non-prime. */
  333. hdr->type = msg_type;
  334. /* GSM TS 09.60. 7.3 In all Path Management Flow Label and TID
  335. * are not used and shall be set to 0.
  336. */
  337. hdr->flow = 0;
  338. hdr->tid = 0;
  339. hdr->number = 0xff;
  340. hdr->spare[0] = 0xff;
  341. hdr->spare[1] = 0xff;
  342. hdr->spare[2] = 0xff;
  343. len_pkt = sizeof(struct gtp0_packet);
  344. len_hdr = sizeof(struct gtp0_header);
  345. if (msg_type == GTP_ECHO_RSP)
  346. hdr->length = htons(len_pkt - len_hdr);
  347. else
  348. hdr->length = 0;
  349. }
  350. static int gtp0_send_echo_resp_ip(struct gtp_dev *gtp, struct sk_buff *skb)
  351. {
  352. struct iphdr *iph = ip_hdr(skb);
  353. struct flowi4 fl4;
  354. struct rtable *rt;
  355. /* find route to the sender,
  356. * src address becomes dst address and vice versa.
  357. */
  358. rt = ip4_route_output_gtp(&fl4, gtp->sk0, iph->saddr, iph->daddr);
  359. if (IS_ERR(rt)) {
  360. netdev_dbg(gtp->dev, "no route for echo response from %pI4\n",
  361. &iph->saddr);
  362. return -1;
  363. }
  364. udp_tunnel_xmit_skb(rt, gtp->sk0, skb,
  365. fl4.saddr, fl4.daddr,
  366. iph->tos,
  367. ip4_dst_hoplimit(&rt->dst),
  368. 0,
  369. htons(GTP0_PORT), htons(GTP0_PORT),
  370. !net_eq(sock_net(gtp->sk1u),
  371. dev_net(gtp->dev)),
  372. false,
  373. 0);
  374. return 0;
  375. }
  376. static int gtp0_send_echo_resp(struct gtp_dev *gtp, struct sk_buff *skb)
  377. {
  378. struct gtp0_packet *gtp_pkt;
  379. struct gtp0_header *gtp0;
  380. __be16 seq;
  381. gtp0 = (struct gtp0_header *)(skb->data + sizeof(struct udphdr));
  382. if (!gtp0_validate_echo_hdr(gtp0))
  383. return -1;
  384. seq = gtp0->seq;
  385. /* pull GTP and UDP headers */
  386. skb_pull_data(skb, sizeof(struct gtp0_header) + sizeof(struct udphdr));
  387. gtp_pkt = skb_push(skb, sizeof(struct gtp0_packet));
  388. memset(gtp_pkt, 0, sizeof(struct gtp0_packet));
  389. gtp0_build_echo_msg(&gtp_pkt->gtp0_h, GTP_ECHO_RSP);
  390. /* GSM TS 09.60. 7.3 The Sequence Number in a signalling response
  391. * message shall be copied from the signalling request message
  392. * that the GSN is replying to.
  393. */
  394. gtp_pkt->gtp0_h.seq = seq;
  395. gtp_pkt->ie.tag = GTPIE_RECOVERY;
  396. gtp_pkt->ie.val = gtp->restart_count;
  397. switch (gtp->sk0->sk_family) {
  398. case AF_INET:
  399. if (gtp0_send_echo_resp_ip(gtp, skb) < 0)
  400. return -1;
  401. break;
  402. case AF_INET6:
  403. return -1;
  404. }
  405. return 0;
  406. }
  407. static int gtp_genl_fill_echo(struct sk_buff *skb, u32 snd_portid, u32 snd_seq,
  408. int flags, u32 type, struct echo_info echo)
  409. {
  410. void *genlh;
  411. genlh = genlmsg_put(skb, snd_portid, snd_seq, &gtp_genl_family, flags,
  412. type);
  413. if (!genlh)
  414. goto failure;
  415. if (nla_put_u32(skb, GTPA_VERSION, echo.gtp_version) ||
  416. nla_put_be32(skb, GTPA_PEER_ADDRESS, echo.peer.addr.s_addr) ||
  417. nla_put_be32(skb, GTPA_MS_ADDRESS, echo.ms.addr.s_addr))
  418. goto failure;
  419. genlmsg_end(skb, genlh);
  420. return 0;
  421. failure:
  422. genlmsg_cancel(skb, genlh);
  423. return -EMSGSIZE;
  424. }
  425. static void gtp0_handle_echo_resp_ip(struct sk_buff *skb, struct echo_info *echo)
  426. {
  427. struct iphdr *iph = ip_hdr(skb);
  428. echo->ms.addr.s_addr = iph->daddr;
  429. echo->peer.addr.s_addr = iph->saddr;
  430. echo->gtp_version = GTP_V0;
  431. }
  432. static int gtp0_handle_echo_resp(struct gtp_dev *gtp, struct sk_buff *skb)
  433. {
  434. struct gtp0_header *gtp0;
  435. struct echo_info echo;
  436. struct sk_buff *msg;
  437. int ret;
  438. gtp0 = (struct gtp0_header *)(skb->data + sizeof(struct udphdr));
  439. if (!gtp0_validate_echo_hdr(gtp0))
  440. return -1;
  441. switch (gtp->sk0->sk_family) {
  442. case AF_INET:
  443. gtp0_handle_echo_resp_ip(skb, &echo);
  444. break;
  445. case AF_INET6:
  446. return -1;
  447. }
  448. msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
  449. if (!msg)
  450. return -ENOMEM;
  451. ret = gtp_genl_fill_echo(msg, 0, 0, 0, GTP_CMD_ECHOREQ, echo);
  452. if (ret < 0) {
  453. nlmsg_free(msg);
  454. return ret;
  455. }
  456. return genlmsg_multicast_netns(&gtp_genl_family, dev_net(gtp->dev),
  457. msg, 0, GTP_GENL_MCGRP, GFP_ATOMIC);
  458. }
  459. static int gtp_proto_to_family(__u16 proto)
  460. {
  461. switch (proto) {
  462. case ETH_P_IP:
  463. return AF_INET;
  464. case ETH_P_IPV6:
  465. return AF_INET6;
  466. default:
  467. WARN_ON_ONCE(1);
  468. break;
  469. }
  470. return AF_UNSPEC;
  471. }
  472. /* 1 means pass up to the stack, -1 means drop and 0 means decapsulated. */
  473. static int gtp0_udp_encap_recv(struct gtp_dev *gtp, struct sk_buff *skb)
  474. {
  475. unsigned int hdrlen = sizeof(struct udphdr) +
  476. sizeof(struct gtp0_header);
  477. struct gtp0_header *gtp0;
  478. struct pdp_ctx *pctx;
  479. __u16 inner_proto;
  480. if (!pskb_may_pull(skb, hdrlen))
  481. return -1;
  482. gtp0 = (struct gtp0_header *)(skb->data + sizeof(struct udphdr));
  483. if ((gtp0->flags >> 5) != GTP_V0)
  484. return 1;
  485. /* If the sockets were created in kernel, it means that
  486. * there is no daemon running in userspace which would
  487. * handle echo request.
  488. */
  489. if (gtp0->type == GTP_ECHO_REQ && gtp->sk_created)
  490. return gtp0_send_echo_resp(gtp, skb);
  491. if (gtp0->type == GTP_ECHO_RSP && gtp->sk_created)
  492. return gtp0_handle_echo_resp(gtp, skb);
  493. if (gtp0->type != GTP_TPDU)
  494. return 1;
  495. if (gtp_inner_proto(skb, hdrlen, &inner_proto) < 0) {
  496. netdev_dbg(gtp->dev, "GTP packet does not encapsulate an IP packet\n");
  497. return -1;
  498. }
  499. pctx = gtp0_pdp_find(gtp, be64_to_cpu(gtp0->tid),
  500. gtp_proto_to_family(inner_proto));
  501. if (!pctx) {
  502. netdev_dbg(gtp->dev, "No PDP ctx to decap skb=%p\n", skb);
  503. return 1;
  504. }
  505. return gtp_rx(pctx, skb, hdrlen, gtp->role, inner_proto);
  506. }
  507. /* msg_type has to be GTP_ECHO_REQ or GTP_ECHO_RSP */
  508. static void gtp1u_build_echo_msg(struct gtp1_header_long *hdr, __u8 msg_type)
  509. {
  510. int len_pkt, len_hdr;
  511. /* S flag must be set to 1 */
  512. hdr->flags = 0x32; /* v1, GTP-non-prime. */
  513. hdr->type = msg_type;
  514. /* 3GPP TS 29.281 5.1 - TEID has to be set to 0 */
  515. hdr->tid = 0;
  516. /* seq, npdu and next should be counted to the length of the GTP packet
  517. * that's why size of gtp1_header should be subtracted,
  518. * not size of gtp1_header_long.
  519. */
  520. len_hdr = sizeof(struct gtp1_header);
  521. if (msg_type == GTP_ECHO_RSP) {
  522. len_pkt = sizeof(struct gtp1u_packet);
  523. hdr->length = htons(len_pkt - len_hdr);
  524. } else {
  525. /* GTP_ECHO_REQ does not carry GTP Information Element,
  526. * the why gtp1_header_long is used here.
  527. */
  528. len_pkt = sizeof(struct gtp1_header_long);
  529. hdr->length = htons(len_pkt - len_hdr);
  530. }
  531. }
  532. static int gtp1u_send_echo_resp(struct gtp_dev *gtp, struct sk_buff *skb)
  533. {
  534. struct gtp1_header_long *gtp1u;
  535. struct gtp1u_packet *gtp_pkt;
  536. struct rtable *rt;
  537. struct flowi4 fl4;
  538. struct iphdr *iph;
  539. gtp1u = (struct gtp1_header_long *)(skb->data + sizeof(struct udphdr));
  540. /* 3GPP TS 29.281 5.1 - For the Echo Request, Echo Response,
  541. * Error Indication and Supported Extension Headers Notification
  542. * messages, the S flag shall be set to 1 and TEID shall be set to 0.
  543. */
  544. if (!(gtp1u->flags & GTP1_F_SEQ) || gtp1u->tid)
  545. return -1;
  546. /* pull GTP and UDP headers */
  547. skb_pull_data(skb,
  548. sizeof(struct gtp1_header_long) + sizeof(struct udphdr));
  549. gtp_pkt = skb_push(skb, sizeof(struct gtp1u_packet));
  550. memset(gtp_pkt, 0, sizeof(struct gtp1u_packet));
  551. gtp1u_build_echo_msg(&gtp_pkt->gtp1u_h, GTP_ECHO_RSP);
  552. /* 3GPP TS 29.281 7.7.2 - The Restart Counter value in the
  553. * Recovery information element shall not be used, i.e. it shall
  554. * be set to zero by the sender and shall be ignored by the receiver.
  555. * The Recovery information element is mandatory due to backwards
  556. * compatibility reasons.
  557. */
  558. gtp_pkt->ie.tag = GTPIE_RECOVERY;
  559. gtp_pkt->ie.val = 0;
  560. iph = ip_hdr(skb);
  561. /* find route to the sender,
  562. * src address becomes dst address and vice versa.
  563. */
  564. rt = ip4_route_output_gtp(&fl4, gtp->sk1u, iph->saddr, iph->daddr);
  565. if (IS_ERR(rt)) {
  566. netdev_dbg(gtp->dev, "no route for echo response from %pI4\n",
  567. &iph->saddr);
  568. return -1;
  569. }
  570. udp_tunnel_xmit_skb(rt, gtp->sk1u, skb,
  571. fl4.saddr, fl4.daddr,
  572. iph->tos,
  573. ip4_dst_hoplimit(&rt->dst),
  574. 0,
  575. htons(GTP1U_PORT), htons(GTP1U_PORT),
  576. !net_eq(sock_net(gtp->sk1u),
  577. dev_net(gtp->dev)),
  578. false,
  579. 0);
  580. return 0;
  581. }
  582. static int gtp1u_handle_echo_resp(struct gtp_dev *gtp, struct sk_buff *skb)
  583. {
  584. struct gtp1_header_long *gtp1u;
  585. struct echo_info echo;
  586. struct sk_buff *msg;
  587. struct iphdr *iph;
  588. int ret;
  589. gtp1u = (struct gtp1_header_long *)(skb->data + sizeof(struct udphdr));
  590. /* 3GPP TS 29.281 5.1 - For the Echo Request, Echo Response,
  591. * Error Indication and Supported Extension Headers Notification
  592. * messages, the S flag shall be set to 1 and TEID shall be set to 0.
  593. */
  594. if (!(gtp1u->flags & GTP1_F_SEQ) || gtp1u->tid)
  595. return -1;
  596. iph = ip_hdr(skb);
  597. echo.ms.addr.s_addr = iph->daddr;
  598. echo.peer.addr.s_addr = iph->saddr;
  599. echo.gtp_version = GTP_V1;
  600. msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
  601. if (!msg)
  602. return -ENOMEM;
  603. ret = gtp_genl_fill_echo(msg, 0, 0, 0, GTP_CMD_ECHOREQ, echo);
  604. if (ret < 0) {
  605. nlmsg_free(msg);
  606. return ret;
  607. }
  608. return genlmsg_multicast_netns(&gtp_genl_family, dev_net(gtp->dev),
  609. msg, 0, GTP_GENL_MCGRP, GFP_ATOMIC);
  610. }
  611. static int gtp_parse_exthdrs(struct sk_buff *skb, unsigned int *hdrlen)
  612. {
  613. struct gtp_ext_hdr *gtp_exthdr, _gtp_exthdr;
  614. unsigned int offset = *hdrlen;
  615. __u8 *next_type, _next_type;
  616. /* From 29.060: "The Extension Header Length field specifies the length
  617. * of the particular Extension header in 4 octets units."
  618. *
  619. * This length field includes length field size itself (1 byte),
  620. * payload (variable length) and next type (1 byte). The extension
  621. * header is aligned to to 4 bytes.
  622. */
  623. do {
  624. gtp_exthdr = skb_header_pointer(skb, offset, sizeof(*gtp_exthdr),
  625. &_gtp_exthdr);
  626. if (!gtp_exthdr || !gtp_exthdr->len)
  627. return -1;
  628. offset += gtp_exthdr->len * 4;
  629. /* From 29.060: "If no such Header follows, then the value of
  630. * the Next Extension Header Type shall be 0."
  631. */
  632. next_type = skb_header_pointer(skb, offset - 1,
  633. sizeof(_next_type), &_next_type);
  634. if (!next_type)
  635. return -1;
  636. } while (*next_type != 0);
  637. *hdrlen = offset;
  638. return 0;
  639. }
  640. static int gtp1u_udp_encap_recv(struct gtp_dev *gtp, struct sk_buff *skb)
  641. {
  642. unsigned int hdrlen = sizeof(struct udphdr) +
  643. sizeof(struct gtp1_header);
  644. struct gtp1_header *gtp1;
  645. struct pdp_ctx *pctx;
  646. __u16 inner_proto;
  647. if (!pskb_may_pull(skb, hdrlen))
  648. return -1;
  649. gtp1 = (struct gtp1_header *)(skb->data + sizeof(struct udphdr));
  650. if ((gtp1->flags >> 5) != GTP_V1)
  651. return 1;
  652. /* If the sockets were created in kernel, it means that
  653. * there is no daemon running in userspace which would
  654. * handle echo request.
  655. */
  656. if (gtp1->type == GTP_ECHO_REQ && gtp->sk_created)
  657. return gtp1u_send_echo_resp(gtp, skb);
  658. if (gtp1->type == GTP_ECHO_RSP && gtp->sk_created)
  659. return gtp1u_handle_echo_resp(gtp, skb);
  660. if (gtp1->type != GTP_TPDU)
  661. return 1;
  662. /* From 29.060: "This field shall be present if and only if any one or
  663. * more of the S, PN and E flags are set.".
  664. *
  665. * If any of the bit is set, then the remaining ones also have to be
  666. * set.
  667. */
  668. if (gtp1->flags & GTP1_F_MASK)
  669. hdrlen += 4;
  670. /* Make sure the header is larger enough, including extensions. */
  671. if (!pskb_may_pull(skb, hdrlen))
  672. return -1;
  673. if (gtp_inner_proto(skb, hdrlen, &inner_proto) < 0) {
  674. netdev_dbg(gtp->dev, "GTP packet does not encapsulate an IP packet\n");
  675. return -1;
  676. }
  677. gtp1 = (struct gtp1_header *)(skb->data + sizeof(struct udphdr));
  678. pctx = gtp1_pdp_find(gtp, ntohl(gtp1->tid),
  679. gtp_proto_to_family(inner_proto));
  680. if (!pctx) {
  681. netdev_dbg(gtp->dev, "No PDP ctx to decap skb=%p\n", skb);
  682. return 1;
  683. }
  684. if (gtp1->flags & GTP1_F_EXTHDR &&
  685. gtp_parse_exthdrs(skb, &hdrlen) < 0)
  686. return -1;
  687. return gtp_rx(pctx, skb, hdrlen, gtp->role, inner_proto);
  688. }
  689. static void __gtp_encap_destroy(struct sock *sk)
  690. {
  691. struct gtp_dev *gtp;
  692. lock_sock(sk);
  693. gtp = sk->sk_user_data;
  694. if (gtp) {
  695. if (gtp->sk0 == sk)
  696. gtp->sk0 = NULL;
  697. else
  698. gtp->sk1u = NULL;
  699. WRITE_ONCE(udp_sk(sk)->encap_type, 0);
  700. rcu_assign_sk_user_data(sk, NULL);
  701. release_sock(sk);
  702. sock_put(sk);
  703. return;
  704. }
  705. release_sock(sk);
  706. }
  707. static void gtp_encap_destroy(struct sock *sk)
  708. {
  709. rtnl_lock();
  710. __gtp_encap_destroy(sk);
  711. rtnl_unlock();
  712. }
  713. static void gtp_encap_disable_sock(struct sock *sk)
  714. {
  715. if (!sk)
  716. return;
  717. __gtp_encap_destroy(sk);
  718. }
  719. static void gtp_encap_disable(struct gtp_dev *gtp)
  720. {
  721. if (gtp->sk_created) {
  722. udp_tunnel_sock_release(gtp->sk0->sk_socket);
  723. udp_tunnel_sock_release(gtp->sk1u->sk_socket);
  724. gtp->sk_created = false;
  725. gtp->sk0 = NULL;
  726. gtp->sk1u = NULL;
  727. } else {
  728. gtp_encap_disable_sock(gtp->sk0);
  729. gtp_encap_disable_sock(gtp->sk1u);
  730. }
  731. }
  732. /* UDP encapsulation receive handler. See net/ipv4/udp.c.
  733. * Return codes: 0: success, <0: error, >0: pass up to userspace UDP socket.
  734. */
  735. static int gtp_encap_recv(struct sock *sk, struct sk_buff *skb)
  736. {
  737. struct gtp_dev *gtp;
  738. int ret = 0;
  739. gtp = rcu_dereference_sk_user_data(sk);
  740. if (!gtp)
  741. return 1;
  742. netdev_dbg(gtp->dev, "encap_recv sk=%p\n", sk);
  743. switch (READ_ONCE(udp_sk(sk)->encap_type)) {
  744. case UDP_ENCAP_GTP0:
  745. netdev_dbg(gtp->dev, "received GTP0 packet\n");
  746. ret = gtp0_udp_encap_recv(gtp, skb);
  747. break;
  748. case UDP_ENCAP_GTP1U:
  749. netdev_dbg(gtp->dev, "received GTP1U packet\n");
  750. ret = gtp1u_udp_encap_recv(gtp, skb);
  751. break;
  752. default:
  753. ret = -1; /* Shouldn't happen. */
  754. }
  755. switch (ret) {
  756. case 1:
  757. netdev_dbg(gtp->dev, "pass up to the process\n");
  758. break;
  759. case 0:
  760. break;
  761. case -1:
  762. netdev_dbg(gtp->dev, "GTP packet has been dropped\n");
  763. kfree_skb(skb);
  764. ret = 0;
  765. break;
  766. }
  767. return ret;
  768. }
  769. static void gtp_dev_uninit(struct net_device *dev)
  770. {
  771. struct gtp_dev *gtp = netdev_priv(dev);
  772. gtp_encap_disable(gtp);
  773. }
  774. static inline void gtp0_push_header(struct sk_buff *skb, struct pdp_ctx *pctx)
  775. {
  776. int payload_len = skb->len;
  777. struct gtp0_header *gtp0;
  778. gtp0 = skb_push(skb, sizeof(*gtp0));
  779. gtp0->flags = 0x1e; /* v0, GTP-non-prime. */
  780. gtp0->type = GTP_TPDU;
  781. gtp0->length = htons(payload_len);
  782. gtp0->seq = htons((atomic_inc_return(&pctx->tx_seq) - 1) % 0xffff);
  783. gtp0->flow = htons(pctx->u.v0.flow);
  784. gtp0->number = 0xff;
  785. gtp0->spare[0] = gtp0->spare[1] = gtp0->spare[2] = 0xff;
  786. gtp0->tid = cpu_to_be64(pctx->u.v0.tid);
  787. }
  788. static inline void gtp1_push_header(struct sk_buff *skb, struct pdp_ctx *pctx)
  789. {
  790. int payload_len = skb->len;
  791. struct gtp1_header *gtp1;
  792. gtp1 = skb_push(skb, sizeof(*gtp1));
  793. /* Bits 8 7 6 5 4 3 2 1
  794. * +--+--+--+--+--+--+--+--+
  795. * |version |PT| 0| E| S|PN|
  796. * +--+--+--+--+--+--+--+--+
  797. * 0 0 1 1 1 0 0 0
  798. */
  799. gtp1->flags = 0x30; /* v1, GTP-non-prime. */
  800. gtp1->type = GTP_TPDU;
  801. gtp1->length = htons(payload_len);
  802. gtp1->tid = htonl(pctx->u.v1.o_tei);
  803. /* TODO: Support for extension header, sequence number and N-PDU.
  804. * Update the length field if any of them is available.
  805. */
  806. }
  807. struct gtp_pktinfo {
  808. struct sock *sk;
  809. union {
  810. struct flowi4 fl4;
  811. struct flowi6 fl6;
  812. };
  813. union {
  814. struct rtable *rt;
  815. struct rt6_info *rt6;
  816. };
  817. struct pdp_ctx *pctx;
  818. struct net_device *dev;
  819. __u8 tos;
  820. __be16 gtph_port;
  821. };
  822. static void gtp_push_header(struct sk_buff *skb, struct gtp_pktinfo *pktinfo)
  823. {
  824. switch (pktinfo->pctx->gtp_version) {
  825. case GTP_V0:
  826. pktinfo->gtph_port = htons(GTP0_PORT);
  827. gtp0_push_header(skb, pktinfo->pctx);
  828. break;
  829. case GTP_V1:
  830. pktinfo->gtph_port = htons(GTP1U_PORT);
  831. gtp1_push_header(skb, pktinfo->pctx);
  832. break;
  833. }
  834. }
  835. static inline void gtp_set_pktinfo_ipv4(struct gtp_pktinfo *pktinfo,
  836. struct sock *sk, __u8 tos,
  837. struct pdp_ctx *pctx, struct rtable *rt,
  838. struct flowi4 *fl4,
  839. struct net_device *dev)
  840. {
  841. pktinfo->sk = sk;
  842. pktinfo->tos = tos;
  843. pktinfo->pctx = pctx;
  844. pktinfo->rt = rt;
  845. pktinfo->fl4 = *fl4;
  846. pktinfo->dev = dev;
  847. }
  848. static void gtp_set_pktinfo_ipv6(struct gtp_pktinfo *pktinfo,
  849. struct sock *sk, __u8 tos,
  850. struct pdp_ctx *pctx, struct rt6_info *rt6,
  851. struct flowi6 *fl6,
  852. struct net_device *dev)
  853. {
  854. pktinfo->sk = sk;
  855. pktinfo->tos = tos;
  856. pktinfo->pctx = pctx;
  857. pktinfo->rt6 = rt6;
  858. pktinfo->fl6 = *fl6;
  859. pktinfo->dev = dev;
  860. }
  861. static int gtp_build_skb_outer_ip4(struct sk_buff *skb, struct net_device *dev,
  862. struct gtp_pktinfo *pktinfo,
  863. struct pdp_ctx *pctx, __u8 tos,
  864. __be16 frag_off)
  865. {
  866. struct rtable *rt;
  867. struct flowi4 fl4;
  868. __be16 df;
  869. int mtu;
  870. rt = ip4_route_output_gtp(&fl4, pctx->sk, pctx->peer.addr.s_addr,
  871. inet_sk(pctx->sk)->inet_saddr);
  872. if (IS_ERR(rt)) {
  873. netdev_dbg(dev, "no route to SSGN %pI4\n",
  874. &pctx->peer.addr.s_addr);
  875. dev->stats.tx_carrier_errors++;
  876. goto err;
  877. }
  878. if (rt->dst.dev == dev) {
  879. netdev_dbg(dev, "circular route to SSGN %pI4\n",
  880. &pctx->peer.addr.s_addr);
  881. dev->stats.collisions++;
  882. goto err_rt;
  883. }
  884. /* This is similar to tnl_update_pmtu(). */
  885. df = frag_off;
  886. if (df) {
  887. mtu = dst_mtu(&rt->dst) - dev->hard_header_len -
  888. sizeof(struct iphdr) - sizeof(struct udphdr);
  889. switch (pctx->gtp_version) {
  890. case GTP_V0:
  891. mtu -= sizeof(struct gtp0_header);
  892. break;
  893. case GTP_V1:
  894. mtu -= sizeof(struct gtp1_header);
  895. break;
  896. }
  897. } else {
  898. mtu = dst_mtu(&rt->dst);
  899. }
  900. skb_dst_update_pmtu_no_confirm(skb, mtu);
  901. if (frag_off & htons(IP_DF) &&
  902. ((!skb_is_gso(skb) && skb->len > mtu) ||
  903. (skb_is_gso(skb) && !skb_gso_validate_network_len(skb, mtu)))) {
  904. netdev_dbg(dev, "packet too big, fragmentation needed\n");
  905. icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
  906. htonl(mtu));
  907. goto err_rt;
  908. }
  909. gtp_set_pktinfo_ipv4(pktinfo, pctx->sk, tos, pctx, rt, &fl4, dev);
  910. gtp_push_header(skb, pktinfo);
  911. return 0;
  912. err_rt:
  913. ip_rt_put(rt);
  914. err:
  915. return -EBADMSG;
  916. }
  917. static int gtp_build_skb_outer_ip6(struct net *net, struct sk_buff *skb,
  918. struct net_device *dev,
  919. struct gtp_pktinfo *pktinfo,
  920. struct pdp_ctx *pctx, __u8 tos)
  921. {
  922. struct dst_entry *dst;
  923. struct rt6_info *rt;
  924. struct flowi6 fl6;
  925. int mtu;
  926. rt = ip6_route_output_gtp(net, &fl6, pctx->sk, &pctx->peer.addr6,
  927. &inet6_sk(pctx->sk)->saddr);
  928. if (IS_ERR(rt)) {
  929. netdev_dbg(dev, "no route to SSGN %pI6\n",
  930. &pctx->peer.addr6);
  931. dev->stats.tx_carrier_errors++;
  932. goto err;
  933. }
  934. dst = &rt->dst;
  935. if (rt->dst.dev == dev) {
  936. netdev_dbg(dev, "circular route to SSGN %pI6\n",
  937. &pctx->peer.addr6);
  938. dev->stats.collisions++;
  939. goto err_rt;
  940. }
  941. mtu = dst_mtu(&rt->dst) - dev->hard_header_len -
  942. sizeof(struct ipv6hdr) - sizeof(struct udphdr);
  943. switch (pctx->gtp_version) {
  944. case GTP_V0:
  945. mtu -= sizeof(struct gtp0_header);
  946. break;
  947. case GTP_V1:
  948. mtu -= sizeof(struct gtp1_header);
  949. break;
  950. }
  951. skb_dst_update_pmtu_no_confirm(skb, mtu);
  952. if ((!skb_is_gso(skb) && skb->len > mtu) ||
  953. (skb_is_gso(skb) && !skb_gso_validate_network_len(skb, mtu))) {
  954. netdev_dbg(dev, "packet too big, fragmentation needed\n");
  955. icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
  956. goto err_rt;
  957. }
  958. gtp_set_pktinfo_ipv6(pktinfo, pctx->sk, tos, pctx, rt, &fl6, dev);
  959. gtp_push_header(skb, pktinfo);
  960. return 0;
  961. err_rt:
  962. dst_release(dst);
  963. err:
  964. return -EBADMSG;
  965. }
  966. static int gtp_build_skb_ip4(struct sk_buff *skb, struct net_device *dev,
  967. struct gtp_pktinfo *pktinfo)
  968. {
  969. struct gtp_dev *gtp = netdev_priv(dev);
  970. struct net *net = gtp->net;
  971. struct pdp_ctx *pctx;
  972. struct iphdr *iph;
  973. int ret;
  974. /* Read the IP destination address and resolve the PDP context.
  975. * Prepend PDP header with TEI/TID from PDP ctx.
  976. */
  977. iph = ip_hdr(skb);
  978. if (gtp->role == GTP_ROLE_SGSN)
  979. pctx = ipv4_pdp_find(gtp, iph->saddr);
  980. else
  981. pctx = ipv4_pdp_find(gtp, iph->daddr);
  982. if (!pctx) {
  983. netdev_dbg(dev, "no PDP ctx found for %pI4, skip\n",
  984. &iph->daddr);
  985. return -ENOENT;
  986. }
  987. netdev_dbg(dev, "found PDP context %p\n", pctx);
  988. switch (pctx->sk->sk_family) {
  989. case AF_INET:
  990. ret = gtp_build_skb_outer_ip4(skb, dev, pktinfo, pctx,
  991. iph->tos, iph->frag_off);
  992. break;
  993. case AF_INET6:
  994. ret = gtp_build_skb_outer_ip6(net, skb, dev, pktinfo, pctx,
  995. iph->tos);
  996. break;
  997. default:
  998. ret = -1;
  999. WARN_ON_ONCE(1);
  1000. break;
  1001. }
  1002. if (ret < 0)
  1003. return ret;
  1004. netdev_dbg(dev, "gtp -> IP src: %pI4 dst: %pI4\n",
  1005. &iph->saddr, &iph->daddr);
  1006. return 0;
  1007. }
  1008. static int gtp_build_skb_ip6(struct sk_buff *skb, struct net_device *dev,
  1009. struct gtp_pktinfo *pktinfo)
  1010. {
  1011. struct gtp_dev *gtp = netdev_priv(dev);
  1012. struct net *net = gtp->net;
  1013. struct pdp_ctx *pctx;
  1014. struct ipv6hdr *ip6h;
  1015. __u8 tos;
  1016. int ret;
  1017. /* Read the IP destination address and resolve the PDP context.
  1018. * Prepend PDP header with TEI/TID from PDP ctx.
  1019. */
  1020. ip6h = ipv6_hdr(skb);
  1021. if (gtp->role == GTP_ROLE_SGSN)
  1022. pctx = ipv6_pdp_find(gtp, &ip6h->saddr);
  1023. else
  1024. pctx = ipv6_pdp_find(gtp, &ip6h->daddr);
  1025. if (!pctx) {
  1026. netdev_dbg(dev, "no PDP ctx found for %pI6, skip\n",
  1027. &ip6h->daddr);
  1028. return -ENOENT;
  1029. }
  1030. netdev_dbg(dev, "found PDP context %p\n", pctx);
  1031. tos = ipv6_get_dsfield(ip6h);
  1032. switch (pctx->sk->sk_family) {
  1033. case AF_INET:
  1034. ret = gtp_build_skb_outer_ip4(skb, dev, pktinfo, pctx, tos, 0);
  1035. break;
  1036. case AF_INET6:
  1037. ret = gtp_build_skb_outer_ip6(net, skb, dev, pktinfo, pctx, tos);
  1038. break;
  1039. default:
  1040. ret = -1;
  1041. WARN_ON_ONCE(1);
  1042. break;
  1043. }
  1044. if (ret < 0)
  1045. return ret;
  1046. netdev_dbg(dev, "gtp -> IP src: %pI6 dst: %pI6\n",
  1047. &ip6h->saddr, &ip6h->daddr);
  1048. return 0;
  1049. }
  1050. static netdev_tx_t gtp_dev_xmit(struct sk_buff *skb, struct net_device *dev)
  1051. {
  1052. unsigned int proto = ntohs(skb->protocol);
  1053. struct gtp_pktinfo pktinfo;
  1054. int err;
  1055. /* Ensure there is sufficient headroom. */
  1056. if (skb_cow_head(skb, dev->needed_headroom))
  1057. goto tx_err;
  1058. if (!pskb_inet_may_pull(skb))
  1059. goto tx_err;
  1060. skb_reset_inner_headers(skb);
  1061. /* PDP context lookups in gtp_build_skb_*() need rcu read-side lock. */
  1062. rcu_read_lock();
  1063. switch (proto) {
  1064. case ETH_P_IP:
  1065. err = gtp_build_skb_ip4(skb, dev, &pktinfo);
  1066. break;
  1067. case ETH_P_IPV6:
  1068. err = gtp_build_skb_ip6(skb, dev, &pktinfo);
  1069. break;
  1070. default:
  1071. err = -EOPNOTSUPP;
  1072. break;
  1073. }
  1074. rcu_read_unlock();
  1075. if (err < 0)
  1076. goto tx_err;
  1077. switch (pktinfo.pctx->sk->sk_family) {
  1078. case AF_INET:
  1079. udp_tunnel_xmit_skb(pktinfo.rt, pktinfo.sk, skb,
  1080. pktinfo.fl4.saddr, pktinfo.fl4.daddr,
  1081. pktinfo.tos,
  1082. ip4_dst_hoplimit(&pktinfo.rt->dst),
  1083. 0,
  1084. pktinfo.gtph_port, pktinfo.gtph_port,
  1085. !net_eq(sock_net(pktinfo.pctx->sk),
  1086. dev_net(dev)),
  1087. false, 0);
  1088. break;
  1089. case AF_INET6:
  1090. #if IS_ENABLED(CONFIG_IPV6)
  1091. udp_tunnel6_xmit_skb(&pktinfo.rt6->dst, pktinfo.sk, skb, dev,
  1092. &pktinfo.fl6.saddr, &pktinfo.fl6.daddr,
  1093. pktinfo.tos,
  1094. ip6_dst_hoplimit(&pktinfo.rt->dst),
  1095. 0,
  1096. pktinfo.gtph_port, pktinfo.gtph_port,
  1097. false, 0);
  1098. #else
  1099. goto tx_err;
  1100. #endif
  1101. break;
  1102. }
  1103. return NETDEV_TX_OK;
  1104. tx_err:
  1105. dev->stats.tx_errors++;
  1106. dev_kfree_skb(skb);
  1107. return NETDEV_TX_OK;
  1108. }
  1109. static const struct net_device_ops gtp_netdev_ops = {
  1110. .ndo_uninit = gtp_dev_uninit,
  1111. .ndo_start_xmit = gtp_dev_xmit,
  1112. };
  1113. static const struct device_type gtp_type = {
  1114. .name = "gtp",
  1115. };
  1116. #define GTP_TH_MAXLEN (sizeof(struct udphdr) + sizeof(struct gtp0_header))
  1117. #define GTP_IPV4_MAXLEN (sizeof(struct iphdr) + GTP_TH_MAXLEN)
  1118. static void gtp_link_setup(struct net_device *dev)
  1119. {
  1120. struct gtp_dev *gtp = netdev_priv(dev);
  1121. dev->netdev_ops = &gtp_netdev_ops;
  1122. dev->needs_free_netdev = true;
  1123. SET_NETDEV_DEVTYPE(dev, &gtp_type);
  1124. dev->hard_header_len = 0;
  1125. dev->addr_len = 0;
  1126. dev->mtu = ETH_DATA_LEN - GTP_IPV4_MAXLEN;
  1127. /* Zero header length. */
  1128. dev->type = ARPHRD_NONE;
  1129. dev->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST;
  1130. dev->pcpu_stat_type = NETDEV_PCPU_STAT_TSTATS;
  1131. dev->priv_flags |= IFF_NO_QUEUE;
  1132. dev->lltx = true;
  1133. netif_keep_dst(dev);
  1134. dev->needed_headroom = LL_MAX_HEADER + GTP_IPV4_MAXLEN;
  1135. gtp->dev = dev;
  1136. }
  1137. static int gtp_hashtable_new(struct gtp_dev *gtp, int hsize);
  1138. static int gtp_encap_enable(struct gtp_dev *gtp, struct nlattr *data[]);
  1139. static void gtp_destructor(struct net_device *dev)
  1140. {
  1141. struct gtp_dev *gtp = netdev_priv(dev);
  1142. kfree(gtp->addr_hash);
  1143. kfree(gtp->tid_hash);
  1144. }
  1145. static int gtp_sock_udp_config(struct udp_port_cfg *udp_conf,
  1146. const struct nlattr *nla, int family)
  1147. {
  1148. udp_conf->family = family;
  1149. switch (udp_conf->family) {
  1150. case AF_INET:
  1151. udp_conf->local_ip.s_addr = nla_get_be32(nla);
  1152. break;
  1153. #if IS_ENABLED(CONFIG_IPV6)
  1154. case AF_INET6:
  1155. udp_conf->local_ip6 = nla_get_in6_addr(nla);
  1156. break;
  1157. #endif
  1158. default:
  1159. return -EOPNOTSUPP;
  1160. }
  1161. return 0;
  1162. }
  1163. static struct sock *gtp_create_sock(int type, struct gtp_dev *gtp,
  1164. const struct nlattr *nla, int family)
  1165. {
  1166. struct udp_tunnel_sock_cfg tuncfg = {};
  1167. struct udp_port_cfg udp_conf = {};
  1168. struct net *net = gtp->net;
  1169. struct socket *sock;
  1170. int err;
  1171. if (nla) {
  1172. err = gtp_sock_udp_config(&udp_conf, nla, family);
  1173. if (err < 0)
  1174. return ERR_PTR(err);
  1175. } else {
  1176. udp_conf.local_ip.s_addr = htonl(INADDR_ANY);
  1177. udp_conf.family = AF_INET;
  1178. }
  1179. if (type == UDP_ENCAP_GTP0)
  1180. udp_conf.local_udp_port = htons(GTP0_PORT);
  1181. else if (type == UDP_ENCAP_GTP1U)
  1182. udp_conf.local_udp_port = htons(GTP1U_PORT);
  1183. else
  1184. return ERR_PTR(-EINVAL);
  1185. err = udp_sock_create(net, &udp_conf, &sock);
  1186. if (err)
  1187. return ERR_PTR(err);
  1188. tuncfg.sk_user_data = gtp;
  1189. tuncfg.encap_type = type;
  1190. tuncfg.encap_rcv = gtp_encap_recv;
  1191. tuncfg.encap_destroy = NULL;
  1192. setup_udp_tunnel_sock(net, sock, &tuncfg);
  1193. return sock->sk;
  1194. }
  1195. static int gtp_create_sockets(struct gtp_dev *gtp, const struct nlattr *nla,
  1196. int family)
  1197. {
  1198. struct sock *sk1u;
  1199. struct sock *sk0;
  1200. sk0 = gtp_create_sock(UDP_ENCAP_GTP0, gtp, nla, family);
  1201. if (IS_ERR(sk0))
  1202. return PTR_ERR(sk0);
  1203. sk1u = gtp_create_sock(UDP_ENCAP_GTP1U, gtp, nla, family);
  1204. if (IS_ERR(sk1u)) {
  1205. udp_tunnel_sock_release(sk0->sk_socket);
  1206. return PTR_ERR(sk1u);
  1207. }
  1208. gtp->sk_created = true;
  1209. gtp->sk0 = sk0;
  1210. gtp->sk1u = sk1u;
  1211. return 0;
  1212. }
  1213. #define GTP_TH_MAXLEN (sizeof(struct udphdr) + sizeof(struct gtp0_header))
  1214. #define GTP_IPV6_MAXLEN (sizeof(struct ipv6hdr) + GTP_TH_MAXLEN)
  1215. static int gtp_newlink(struct net_device *dev,
  1216. struct rtnl_newlink_params *params,
  1217. struct netlink_ext_ack *extack)
  1218. {
  1219. struct net *link_net = rtnl_newlink_link_net(params);
  1220. struct nlattr **data = params->data;
  1221. unsigned int role = GTP_ROLE_GGSN;
  1222. struct gtp_dev *gtp;
  1223. struct gtp_net *gn;
  1224. int hashsize, err;
  1225. #if !IS_ENABLED(CONFIG_IPV6)
  1226. if (data[IFLA_GTP_LOCAL6])
  1227. return -EAFNOSUPPORT;
  1228. #endif
  1229. gtp = netdev_priv(dev);
  1230. if (!data[IFLA_GTP_PDP_HASHSIZE]) {
  1231. hashsize = 1024;
  1232. } else {
  1233. hashsize = nla_get_u32(data[IFLA_GTP_PDP_HASHSIZE]);
  1234. if (!hashsize)
  1235. hashsize = 1024;
  1236. }
  1237. if (data[IFLA_GTP_ROLE]) {
  1238. role = nla_get_u32(data[IFLA_GTP_ROLE]);
  1239. if (role > GTP_ROLE_SGSN)
  1240. return -EINVAL;
  1241. }
  1242. gtp->role = role;
  1243. gtp->restart_count = nla_get_u8_default(data[IFLA_GTP_RESTART_COUNT],
  1244. 0);
  1245. gtp->net = link_net;
  1246. err = gtp_hashtable_new(gtp, hashsize);
  1247. if (err < 0)
  1248. return err;
  1249. if (data[IFLA_GTP_CREATE_SOCKETS]) {
  1250. if (data[IFLA_GTP_LOCAL6])
  1251. err = gtp_create_sockets(gtp, data[IFLA_GTP_LOCAL6], AF_INET6);
  1252. else
  1253. err = gtp_create_sockets(gtp, data[IFLA_GTP_LOCAL], AF_INET);
  1254. } else {
  1255. err = gtp_encap_enable(gtp, data);
  1256. }
  1257. if (err < 0)
  1258. goto out_hashtable;
  1259. if ((gtp->sk0 && gtp->sk0->sk_family == AF_INET6) ||
  1260. (gtp->sk1u && gtp->sk1u->sk_family == AF_INET6)) {
  1261. dev->mtu = ETH_DATA_LEN - GTP_IPV6_MAXLEN;
  1262. dev->needed_headroom = LL_MAX_HEADER + GTP_IPV6_MAXLEN;
  1263. }
  1264. err = register_netdevice(dev);
  1265. if (err < 0) {
  1266. netdev_dbg(dev, "failed to register new netdev %d\n", err);
  1267. goto out_encap;
  1268. }
  1269. gn = net_generic(link_net, gtp_net_id);
  1270. list_add(&gtp->list, &gn->gtp_dev_list);
  1271. dev->priv_destructor = gtp_destructor;
  1272. netdev_dbg(dev, "registered new GTP interface\n");
  1273. return 0;
  1274. out_encap:
  1275. gtp_encap_disable(gtp);
  1276. out_hashtable:
  1277. kfree(gtp->addr_hash);
  1278. kfree(gtp->tid_hash);
  1279. return err;
  1280. }
  1281. static void gtp_dellink(struct net_device *dev, struct list_head *head)
  1282. {
  1283. struct gtp_dev *gtp = netdev_priv(dev);
  1284. struct hlist_node *next;
  1285. struct pdp_ctx *pctx;
  1286. int i;
  1287. for (i = 0; i < gtp->hash_size; i++)
  1288. hlist_for_each_entry_safe(pctx, next, &gtp->tid_hash[i], hlist_tid)
  1289. pdp_context_delete(pctx);
  1290. list_del(&gtp->list);
  1291. unregister_netdevice_queue(dev, head);
  1292. }
  1293. static const struct nla_policy gtp_policy[IFLA_GTP_MAX + 1] = {
  1294. [IFLA_GTP_FD0] = { .type = NLA_U32 },
  1295. [IFLA_GTP_FD1] = { .type = NLA_U32 },
  1296. [IFLA_GTP_PDP_HASHSIZE] = { .type = NLA_U32 },
  1297. [IFLA_GTP_ROLE] = { .type = NLA_U32 },
  1298. [IFLA_GTP_CREATE_SOCKETS] = { .type = NLA_U8 },
  1299. [IFLA_GTP_RESTART_COUNT] = { .type = NLA_U8 },
  1300. [IFLA_GTP_LOCAL] = { .type = NLA_U32 },
  1301. [IFLA_GTP_LOCAL6] = { .len = sizeof(struct in6_addr) },
  1302. };
  1303. static int gtp_validate(struct nlattr *tb[], struct nlattr *data[],
  1304. struct netlink_ext_ack *extack)
  1305. {
  1306. if (!data)
  1307. return -EINVAL;
  1308. return 0;
  1309. }
  1310. static size_t gtp_get_size(const struct net_device *dev)
  1311. {
  1312. return nla_total_size(sizeof(__u32)) + /* IFLA_GTP_PDP_HASHSIZE */
  1313. nla_total_size(sizeof(__u32)) + /* IFLA_GTP_ROLE */
  1314. nla_total_size(sizeof(__u8)); /* IFLA_GTP_RESTART_COUNT */
  1315. }
  1316. static int gtp_fill_info(struct sk_buff *skb, const struct net_device *dev)
  1317. {
  1318. struct gtp_dev *gtp = netdev_priv(dev);
  1319. if (nla_put_u32(skb, IFLA_GTP_PDP_HASHSIZE, gtp->hash_size))
  1320. goto nla_put_failure;
  1321. if (nla_put_u32(skb, IFLA_GTP_ROLE, gtp->role))
  1322. goto nla_put_failure;
  1323. if (nla_put_u8(skb, IFLA_GTP_RESTART_COUNT, gtp->restart_count))
  1324. goto nla_put_failure;
  1325. return 0;
  1326. nla_put_failure:
  1327. return -EMSGSIZE;
  1328. }
  1329. static struct rtnl_link_ops gtp_link_ops __read_mostly = {
  1330. .kind = "gtp",
  1331. .maxtype = IFLA_GTP_MAX,
  1332. .policy = gtp_policy,
  1333. .priv_size = sizeof(struct gtp_dev),
  1334. .setup = gtp_link_setup,
  1335. .validate = gtp_validate,
  1336. .newlink = gtp_newlink,
  1337. .dellink = gtp_dellink,
  1338. .get_size = gtp_get_size,
  1339. .fill_info = gtp_fill_info,
  1340. };
  1341. static int gtp_hashtable_new(struct gtp_dev *gtp, int hsize)
  1342. {
  1343. int i;
  1344. gtp->addr_hash = kmalloc_objs(struct hlist_head, hsize,
  1345. GFP_KERNEL | __GFP_NOWARN);
  1346. if (gtp->addr_hash == NULL)
  1347. return -ENOMEM;
  1348. gtp->tid_hash = kmalloc_objs(struct hlist_head, hsize,
  1349. GFP_KERNEL | __GFP_NOWARN);
  1350. if (gtp->tid_hash == NULL)
  1351. goto err1;
  1352. gtp->hash_size = hsize;
  1353. for (i = 0; i < hsize; i++) {
  1354. INIT_HLIST_HEAD(&gtp->addr_hash[i]);
  1355. INIT_HLIST_HEAD(&gtp->tid_hash[i]);
  1356. }
  1357. return 0;
  1358. err1:
  1359. kfree(gtp->addr_hash);
  1360. return -ENOMEM;
  1361. }
  1362. static struct sock *gtp_encap_enable_socket(int fd, int type,
  1363. struct gtp_dev *gtp)
  1364. {
  1365. struct udp_tunnel_sock_cfg tuncfg = {NULL};
  1366. struct socket *sock;
  1367. struct sock *sk;
  1368. int err;
  1369. pr_debug("enable gtp on %d, %d\n", fd, type);
  1370. sock = sockfd_lookup(fd, &err);
  1371. if (!sock) {
  1372. pr_debug("gtp socket fd=%d not found\n", fd);
  1373. return ERR_PTR(err);
  1374. }
  1375. sk = sock->sk;
  1376. if (sk->sk_protocol != IPPROTO_UDP ||
  1377. sk->sk_type != SOCK_DGRAM ||
  1378. (sk->sk_family != AF_INET && sk->sk_family != AF_INET6)) {
  1379. pr_debug("socket fd=%d not UDP\n", fd);
  1380. sk = ERR_PTR(-EINVAL);
  1381. goto out_sock;
  1382. }
  1383. if (sk->sk_family == AF_INET6 &&
  1384. !sk->sk_ipv6only) {
  1385. sk = ERR_PTR(-EADDRNOTAVAIL);
  1386. goto out_sock;
  1387. }
  1388. lock_sock(sk);
  1389. if (sk->sk_user_data) {
  1390. sk = ERR_PTR(-EBUSY);
  1391. goto out_rel_sock;
  1392. }
  1393. sock_hold(sk);
  1394. tuncfg.sk_user_data = gtp;
  1395. tuncfg.encap_type = type;
  1396. tuncfg.encap_rcv = gtp_encap_recv;
  1397. tuncfg.encap_destroy = gtp_encap_destroy;
  1398. setup_udp_tunnel_sock(sock_net(sock->sk), sock, &tuncfg);
  1399. out_rel_sock:
  1400. release_sock(sock->sk);
  1401. out_sock:
  1402. sockfd_put(sock);
  1403. return sk;
  1404. }
  1405. static int gtp_encap_enable(struct gtp_dev *gtp, struct nlattr *data[])
  1406. {
  1407. struct sock *sk1u = NULL;
  1408. struct sock *sk0 = NULL;
  1409. if (!data[IFLA_GTP_FD0] && !data[IFLA_GTP_FD1])
  1410. return -EINVAL;
  1411. if (data[IFLA_GTP_FD0]) {
  1412. int fd0 = nla_get_u32(data[IFLA_GTP_FD0]);
  1413. if (fd0 >= 0) {
  1414. sk0 = gtp_encap_enable_socket(fd0, UDP_ENCAP_GTP0, gtp);
  1415. if (IS_ERR(sk0))
  1416. return PTR_ERR(sk0);
  1417. }
  1418. }
  1419. if (data[IFLA_GTP_FD1]) {
  1420. int fd1 = nla_get_u32(data[IFLA_GTP_FD1]);
  1421. if (fd1 >= 0) {
  1422. sk1u = gtp_encap_enable_socket(fd1, UDP_ENCAP_GTP1U, gtp);
  1423. if (IS_ERR(sk1u)) {
  1424. gtp_encap_disable_sock(sk0);
  1425. return PTR_ERR(sk1u);
  1426. }
  1427. }
  1428. }
  1429. gtp->sk0 = sk0;
  1430. gtp->sk1u = sk1u;
  1431. if (sk0 && sk1u &&
  1432. sk0->sk_family != sk1u->sk_family) {
  1433. gtp_encap_disable_sock(sk0);
  1434. gtp_encap_disable_sock(sk1u);
  1435. return -EINVAL;
  1436. }
  1437. return 0;
  1438. }
  1439. static struct gtp_dev *gtp_find_dev(struct net *src_net, struct nlattr *nla[])
  1440. {
  1441. struct gtp_dev *gtp = NULL;
  1442. struct net_device *dev;
  1443. struct net *net;
  1444. /* Examine the link attributes and figure out which network namespace
  1445. * we are talking about.
  1446. */
  1447. if (nla[GTPA_NET_NS_FD])
  1448. net = get_net_ns_by_fd(nla_get_u32(nla[GTPA_NET_NS_FD]));
  1449. else
  1450. net = get_net(src_net);
  1451. if (IS_ERR(net))
  1452. return NULL;
  1453. /* Check if there's an existing gtpX device to configure */
  1454. dev = dev_get_by_index_rcu(net, nla_get_u32(nla[GTPA_LINK]));
  1455. if (dev && dev->netdev_ops == &gtp_netdev_ops)
  1456. gtp = netdev_priv(dev);
  1457. put_net(net);
  1458. return gtp;
  1459. }
  1460. static void gtp_pdp_fill(struct pdp_ctx *pctx, struct genl_info *info)
  1461. {
  1462. pctx->gtp_version = nla_get_u32(info->attrs[GTPA_VERSION]);
  1463. switch (pctx->gtp_version) {
  1464. case GTP_V0:
  1465. /* According to TS 09.60, sections 7.5.1 and 7.5.2, the flow
  1466. * label needs to be the same for uplink and downlink packets,
  1467. * so let's annotate this.
  1468. */
  1469. pctx->u.v0.tid = nla_get_u64(info->attrs[GTPA_TID]);
  1470. pctx->u.v0.flow = nla_get_u16(info->attrs[GTPA_FLOW]);
  1471. break;
  1472. case GTP_V1:
  1473. pctx->u.v1.i_tei = nla_get_u32(info->attrs[GTPA_I_TEI]);
  1474. pctx->u.v1.o_tei = nla_get_u32(info->attrs[GTPA_O_TEI]);
  1475. break;
  1476. default:
  1477. break;
  1478. }
  1479. }
  1480. static void ip_pdp_peer_fill(struct pdp_ctx *pctx, struct genl_info *info)
  1481. {
  1482. if (info->attrs[GTPA_PEER_ADDRESS]) {
  1483. pctx->peer.addr.s_addr =
  1484. nla_get_be32(info->attrs[GTPA_PEER_ADDRESS]);
  1485. } else if (info->attrs[GTPA_PEER_ADDR6]) {
  1486. pctx->peer.addr6 = nla_get_in6_addr(info->attrs[GTPA_PEER_ADDR6]);
  1487. }
  1488. }
  1489. static void ipv4_pdp_fill(struct pdp_ctx *pctx, struct genl_info *info)
  1490. {
  1491. ip_pdp_peer_fill(pctx, info);
  1492. pctx->ms.addr.s_addr =
  1493. nla_get_be32(info->attrs[GTPA_MS_ADDRESS]);
  1494. gtp_pdp_fill(pctx, info);
  1495. }
  1496. static bool ipv6_pdp_fill(struct pdp_ctx *pctx, struct genl_info *info)
  1497. {
  1498. ip_pdp_peer_fill(pctx, info);
  1499. pctx->ms.addr6 = nla_get_in6_addr(info->attrs[GTPA_MS_ADDR6]);
  1500. if (pctx->ms.addr6.s6_addr32[2] ||
  1501. pctx->ms.addr6.s6_addr32[3])
  1502. return false;
  1503. gtp_pdp_fill(pctx, info);
  1504. return true;
  1505. }
  1506. static struct pdp_ctx *gtp_pdp_add(struct gtp_dev *gtp, struct sock *sk,
  1507. struct genl_info *info)
  1508. {
  1509. struct pdp_ctx *pctx, *pctx_tid = NULL;
  1510. struct net_device *dev = gtp->dev;
  1511. u32 hash_ms, hash_tid = 0;
  1512. struct in6_addr ms_addr6;
  1513. unsigned int version;
  1514. bool found = false;
  1515. __be32 ms_addr;
  1516. int family;
  1517. version = nla_get_u32(info->attrs[GTPA_VERSION]);
  1518. family = nla_get_u8_default(info->attrs[GTPA_FAMILY], AF_INET);
  1519. #if !IS_ENABLED(CONFIG_IPV6)
  1520. if (family == AF_INET6)
  1521. return ERR_PTR(-EAFNOSUPPORT);
  1522. #endif
  1523. if (!info->attrs[GTPA_PEER_ADDRESS] &&
  1524. !info->attrs[GTPA_PEER_ADDR6])
  1525. return ERR_PTR(-EINVAL);
  1526. if ((info->attrs[GTPA_PEER_ADDRESS] &&
  1527. sk->sk_family == AF_INET6) ||
  1528. (info->attrs[GTPA_PEER_ADDR6] &&
  1529. sk->sk_family == AF_INET))
  1530. return ERR_PTR(-EAFNOSUPPORT);
  1531. switch (family) {
  1532. case AF_INET:
  1533. if (!info->attrs[GTPA_MS_ADDRESS] ||
  1534. info->attrs[GTPA_MS_ADDR6])
  1535. return ERR_PTR(-EINVAL);
  1536. ms_addr = nla_get_be32(info->attrs[GTPA_MS_ADDRESS]);
  1537. hash_ms = ipv4_hashfn(ms_addr) % gtp->hash_size;
  1538. pctx = ipv4_pdp_find(gtp, ms_addr);
  1539. break;
  1540. case AF_INET6:
  1541. if (!info->attrs[GTPA_MS_ADDR6] ||
  1542. info->attrs[GTPA_MS_ADDRESS])
  1543. return ERR_PTR(-EINVAL);
  1544. ms_addr6 = nla_get_in6_addr(info->attrs[GTPA_MS_ADDR6]);
  1545. hash_ms = ipv6_hashfn(&ms_addr6) % gtp->hash_size;
  1546. pctx = ipv6_pdp_find(gtp, &ms_addr6);
  1547. break;
  1548. default:
  1549. return ERR_PTR(-EAFNOSUPPORT);
  1550. }
  1551. if (pctx)
  1552. found = true;
  1553. if (version == GTP_V0)
  1554. pctx_tid = gtp0_pdp_find(gtp,
  1555. nla_get_u64(info->attrs[GTPA_TID]),
  1556. family);
  1557. else if (version == GTP_V1)
  1558. pctx_tid = gtp1_pdp_find(gtp,
  1559. nla_get_u32(info->attrs[GTPA_I_TEI]),
  1560. family);
  1561. if (pctx_tid)
  1562. found = true;
  1563. if (found) {
  1564. if (info->nlhdr->nlmsg_flags & NLM_F_EXCL)
  1565. return ERR_PTR(-EEXIST);
  1566. if (info->nlhdr->nlmsg_flags & NLM_F_REPLACE)
  1567. return ERR_PTR(-EOPNOTSUPP);
  1568. if (pctx && pctx_tid)
  1569. return ERR_PTR(-EEXIST);
  1570. if (!pctx)
  1571. pctx = pctx_tid;
  1572. switch (pctx->af) {
  1573. case AF_INET:
  1574. ipv4_pdp_fill(pctx, info);
  1575. break;
  1576. case AF_INET6:
  1577. if (!ipv6_pdp_fill(pctx, info))
  1578. return ERR_PTR(-EADDRNOTAVAIL);
  1579. break;
  1580. }
  1581. if (pctx->gtp_version == GTP_V0)
  1582. netdev_dbg(dev, "GTPv0-U: update tunnel id = %llx (pdp %p)\n",
  1583. pctx->u.v0.tid, pctx);
  1584. else if (pctx->gtp_version == GTP_V1)
  1585. netdev_dbg(dev, "GTPv1-U: update tunnel id = %x/%x (pdp %p)\n",
  1586. pctx->u.v1.i_tei, pctx->u.v1.o_tei, pctx);
  1587. return pctx;
  1588. }
  1589. pctx = kmalloc_obj(*pctx, GFP_ATOMIC);
  1590. if (pctx == NULL)
  1591. return ERR_PTR(-ENOMEM);
  1592. sock_hold(sk);
  1593. pctx->sk = sk;
  1594. pctx->dev = gtp->dev;
  1595. pctx->af = family;
  1596. switch (pctx->af) {
  1597. case AF_INET:
  1598. if (!info->attrs[GTPA_MS_ADDRESS]) {
  1599. sock_put(sk);
  1600. kfree(pctx);
  1601. return ERR_PTR(-EINVAL);
  1602. }
  1603. ipv4_pdp_fill(pctx, info);
  1604. break;
  1605. case AF_INET6:
  1606. if (!info->attrs[GTPA_MS_ADDR6]) {
  1607. sock_put(sk);
  1608. kfree(pctx);
  1609. return ERR_PTR(-EINVAL);
  1610. }
  1611. if (!ipv6_pdp_fill(pctx, info)) {
  1612. sock_put(sk);
  1613. kfree(pctx);
  1614. return ERR_PTR(-EADDRNOTAVAIL);
  1615. }
  1616. break;
  1617. }
  1618. atomic_set(&pctx->tx_seq, 0);
  1619. switch (pctx->gtp_version) {
  1620. case GTP_V0:
  1621. /* TS 09.60: "The flow label identifies unambiguously a GTP
  1622. * flow.". We use the tid for this instead, I cannot find a
  1623. * situation in which this doesn't unambiguosly identify the
  1624. * PDP context.
  1625. */
  1626. hash_tid = gtp0_hashfn(pctx->u.v0.tid) % gtp->hash_size;
  1627. break;
  1628. case GTP_V1:
  1629. hash_tid = gtp1u_hashfn(pctx->u.v1.i_tei) % gtp->hash_size;
  1630. break;
  1631. }
  1632. hlist_add_head_rcu(&pctx->hlist_addr, &gtp->addr_hash[hash_ms]);
  1633. hlist_add_head_rcu(&pctx->hlist_tid, &gtp->tid_hash[hash_tid]);
  1634. switch (pctx->gtp_version) {
  1635. case GTP_V0:
  1636. netdev_dbg(dev, "GTPv0-U: new PDP ctx id=%llx ssgn=%pI4 ms=%pI4 (pdp=%p)\n",
  1637. pctx->u.v0.tid, &pctx->peer.addr,
  1638. &pctx->ms.addr, pctx);
  1639. break;
  1640. case GTP_V1:
  1641. netdev_dbg(dev, "GTPv1-U: new PDP ctx id=%x/%x ssgn=%pI4 ms=%pI4 (pdp=%p)\n",
  1642. pctx->u.v1.i_tei, pctx->u.v1.o_tei,
  1643. &pctx->peer.addr, &pctx->ms.addr, pctx);
  1644. break;
  1645. }
  1646. return pctx;
  1647. }
  1648. static void pdp_context_free(struct rcu_head *head)
  1649. {
  1650. struct pdp_ctx *pctx = container_of(head, struct pdp_ctx, rcu_head);
  1651. sock_put(pctx->sk);
  1652. kfree(pctx);
  1653. }
  1654. static void pdp_context_delete(struct pdp_ctx *pctx)
  1655. {
  1656. hlist_del_rcu(&pctx->hlist_tid);
  1657. hlist_del_rcu(&pctx->hlist_addr);
  1658. call_rcu(&pctx->rcu_head, pdp_context_free);
  1659. }
  1660. static int gtp_tunnel_notify(struct pdp_ctx *pctx, u8 cmd, gfp_t allocation);
  1661. static int gtp_genl_new_pdp(struct sk_buff *skb, struct genl_info *info)
  1662. {
  1663. unsigned int version;
  1664. struct pdp_ctx *pctx;
  1665. struct gtp_dev *gtp;
  1666. struct sock *sk;
  1667. int err;
  1668. if (!info->attrs[GTPA_VERSION] ||
  1669. !info->attrs[GTPA_LINK])
  1670. return -EINVAL;
  1671. version = nla_get_u32(info->attrs[GTPA_VERSION]);
  1672. switch (version) {
  1673. case GTP_V0:
  1674. if (!info->attrs[GTPA_TID] ||
  1675. !info->attrs[GTPA_FLOW])
  1676. return -EINVAL;
  1677. break;
  1678. case GTP_V1:
  1679. if (!info->attrs[GTPA_I_TEI] ||
  1680. !info->attrs[GTPA_O_TEI])
  1681. return -EINVAL;
  1682. break;
  1683. default:
  1684. return -EINVAL;
  1685. }
  1686. rtnl_lock();
  1687. gtp = gtp_find_dev(sock_net(skb->sk), info->attrs);
  1688. if (!gtp) {
  1689. err = -ENODEV;
  1690. goto out_unlock;
  1691. }
  1692. if (version == GTP_V0)
  1693. sk = gtp->sk0;
  1694. else if (version == GTP_V1)
  1695. sk = gtp->sk1u;
  1696. else
  1697. sk = NULL;
  1698. if (!sk) {
  1699. err = -ENODEV;
  1700. goto out_unlock;
  1701. }
  1702. pctx = gtp_pdp_add(gtp, sk, info);
  1703. if (IS_ERR(pctx)) {
  1704. err = PTR_ERR(pctx);
  1705. } else {
  1706. gtp_tunnel_notify(pctx, GTP_CMD_NEWPDP, GFP_KERNEL);
  1707. err = 0;
  1708. }
  1709. out_unlock:
  1710. rtnl_unlock();
  1711. return err;
  1712. }
  1713. static struct pdp_ctx *gtp_find_pdp_by_link(struct net *net,
  1714. struct nlattr *nla[])
  1715. {
  1716. struct gtp_dev *gtp;
  1717. int family;
  1718. family = nla_get_u8_default(nla[GTPA_FAMILY], AF_INET);
  1719. gtp = gtp_find_dev(net, nla);
  1720. if (!gtp)
  1721. return ERR_PTR(-ENODEV);
  1722. if (nla[GTPA_MS_ADDRESS]) {
  1723. __be32 ip = nla_get_be32(nla[GTPA_MS_ADDRESS]);
  1724. if (family != AF_INET)
  1725. return ERR_PTR(-EINVAL);
  1726. return ipv4_pdp_find(gtp, ip);
  1727. } else if (nla[GTPA_MS_ADDR6]) {
  1728. struct in6_addr addr = nla_get_in6_addr(nla[GTPA_MS_ADDR6]);
  1729. if (family != AF_INET6)
  1730. return ERR_PTR(-EINVAL);
  1731. if (addr.s6_addr32[2] ||
  1732. addr.s6_addr32[3])
  1733. return ERR_PTR(-EADDRNOTAVAIL);
  1734. return ipv6_pdp_find(gtp, &addr);
  1735. } else if (nla[GTPA_VERSION]) {
  1736. u32 gtp_version = nla_get_u32(nla[GTPA_VERSION]);
  1737. if (gtp_version == GTP_V0 && nla[GTPA_TID]) {
  1738. return gtp0_pdp_find(gtp, nla_get_u64(nla[GTPA_TID]),
  1739. family);
  1740. } else if (gtp_version == GTP_V1 && nla[GTPA_I_TEI]) {
  1741. return gtp1_pdp_find(gtp, nla_get_u32(nla[GTPA_I_TEI]),
  1742. family);
  1743. }
  1744. }
  1745. return ERR_PTR(-EINVAL);
  1746. }
  1747. static struct pdp_ctx *gtp_find_pdp(struct net *net, struct nlattr *nla[])
  1748. {
  1749. struct pdp_ctx *pctx;
  1750. if (nla[GTPA_LINK])
  1751. pctx = gtp_find_pdp_by_link(net, nla);
  1752. else
  1753. pctx = ERR_PTR(-EINVAL);
  1754. if (!pctx)
  1755. pctx = ERR_PTR(-ENOENT);
  1756. return pctx;
  1757. }
  1758. static int gtp_genl_del_pdp(struct sk_buff *skb, struct genl_info *info)
  1759. {
  1760. struct pdp_ctx *pctx;
  1761. int err = 0;
  1762. if (!info->attrs[GTPA_VERSION])
  1763. return -EINVAL;
  1764. rcu_read_lock();
  1765. pctx = gtp_find_pdp(sock_net(skb->sk), info->attrs);
  1766. if (IS_ERR(pctx)) {
  1767. err = PTR_ERR(pctx);
  1768. goto out_unlock;
  1769. }
  1770. if (pctx->gtp_version == GTP_V0)
  1771. netdev_dbg(pctx->dev, "GTPv0-U: deleting tunnel id = %llx (pdp %p)\n",
  1772. pctx->u.v0.tid, pctx);
  1773. else if (pctx->gtp_version == GTP_V1)
  1774. netdev_dbg(pctx->dev, "GTPv1-U: deleting tunnel id = %x/%x (pdp %p)\n",
  1775. pctx->u.v1.i_tei, pctx->u.v1.o_tei, pctx);
  1776. gtp_tunnel_notify(pctx, GTP_CMD_DELPDP, GFP_ATOMIC);
  1777. pdp_context_delete(pctx);
  1778. out_unlock:
  1779. rcu_read_unlock();
  1780. return err;
  1781. }
  1782. static int gtp_genl_fill_info(struct sk_buff *skb, u32 snd_portid, u32 snd_seq,
  1783. int flags, u32 type, struct pdp_ctx *pctx)
  1784. {
  1785. void *genlh;
  1786. genlh = genlmsg_put(skb, snd_portid, snd_seq, &gtp_genl_family, flags,
  1787. type);
  1788. if (genlh == NULL)
  1789. goto nlmsg_failure;
  1790. if (nla_put_u32(skb, GTPA_VERSION, pctx->gtp_version) ||
  1791. nla_put_u32(skb, GTPA_LINK, pctx->dev->ifindex) ||
  1792. nla_put_u8(skb, GTPA_FAMILY, pctx->af))
  1793. goto nla_put_failure;
  1794. switch (pctx->af) {
  1795. case AF_INET:
  1796. if (nla_put_be32(skb, GTPA_MS_ADDRESS, pctx->ms.addr.s_addr))
  1797. goto nla_put_failure;
  1798. break;
  1799. case AF_INET6:
  1800. if (nla_put_in6_addr(skb, GTPA_MS_ADDR6, &pctx->ms.addr6))
  1801. goto nla_put_failure;
  1802. break;
  1803. }
  1804. switch (pctx->sk->sk_family) {
  1805. case AF_INET:
  1806. if (nla_put_be32(skb, GTPA_PEER_ADDRESS, pctx->peer.addr.s_addr))
  1807. goto nla_put_failure;
  1808. break;
  1809. case AF_INET6:
  1810. if (nla_put_in6_addr(skb, GTPA_PEER_ADDR6, &pctx->peer.addr6))
  1811. goto nla_put_failure;
  1812. break;
  1813. }
  1814. switch (pctx->gtp_version) {
  1815. case GTP_V0:
  1816. if (nla_put_u64_64bit(skb, GTPA_TID, pctx->u.v0.tid, GTPA_PAD) ||
  1817. nla_put_u16(skb, GTPA_FLOW, pctx->u.v0.flow))
  1818. goto nla_put_failure;
  1819. break;
  1820. case GTP_V1:
  1821. if (nla_put_u32(skb, GTPA_I_TEI, pctx->u.v1.i_tei) ||
  1822. nla_put_u32(skb, GTPA_O_TEI, pctx->u.v1.o_tei))
  1823. goto nla_put_failure;
  1824. break;
  1825. }
  1826. genlmsg_end(skb, genlh);
  1827. return 0;
  1828. nlmsg_failure:
  1829. nla_put_failure:
  1830. genlmsg_cancel(skb, genlh);
  1831. return -EMSGSIZE;
  1832. }
  1833. static int gtp_tunnel_notify(struct pdp_ctx *pctx, u8 cmd, gfp_t allocation)
  1834. {
  1835. struct sk_buff *msg;
  1836. int ret;
  1837. msg = nlmsg_new(NLMSG_DEFAULT_SIZE, allocation);
  1838. if (!msg)
  1839. return -ENOMEM;
  1840. ret = gtp_genl_fill_info(msg, 0, 0, 0, cmd, pctx);
  1841. if (ret < 0) {
  1842. nlmsg_free(msg);
  1843. return ret;
  1844. }
  1845. ret = genlmsg_multicast_netns(&gtp_genl_family, dev_net(pctx->dev), msg,
  1846. 0, GTP_GENL_MCGRP, GFP_ATOMIC);
  1847. return ret;
  1848. }
  1849. static int gtp_genl_get_pdp(struct sk_buff *skb, struct genl_info *info)
  1850. {
  1851. struct pdp_ctx *pctx = NULL;
  1852. struct sk_buff *skb2;
  1853. int err;
  1854. if (!info->attrs[GTPA_VERSION])
  1855. return -EINVAL;
  1856. rcu_read_lock();
  1857. pctx = gtp_find_pdp(sock_net(skb->sk), info->attrs);
  1858. if (IS_ERR(pctx)) {
  1859. err = PTR_ERR(pctx);
  1860. goto err_unlock;
  1861. }
  1862. skb2 = genlmsg_new(NLMSG_GOODSIZE, GFP_ATOMIC);
  1863. if (skb2 == NULL) {
  1864. err = -ENOMEM;
  1865. goto err_unlock;
  1866. }
  1867. err = gtp_genl_fill_info(skb2, NETLINK_CB(skb).portid, info->snd_seq,
  1868. 0, info->nlhdr->nlmsg_type, pctx);
  1869. if (err < 0)
  1870. goto err_unlock_free;
  1871. rcu_read_unlock();
  1872. return genlmsg_unicast(genl_info_net(info), skb2, info->snd_portid);
  1873. err_unlock_free:
  1874. kfree_skb(skb2);
  1875. err_unlock:
  1876. rcu_read_unlock();
  1877. return err;
  1878. }
  1879. static int gtp_genl_dump_pdp(struct sk_buff *skb,
  1880. struct netlink_callback *cb)
  1881. {
  1882. struct gtp_dev *last_gtp = (struct gtp_dev *)cb->args[2], *gtp;
  1883. int i, j, bucket = cb->args[0], skip = cb->args[1];
  1884. struct net *net = sock_net(skb->sk);
  1885. struct net_device *dev;
  1886. struct pdp_ctx *pctx;
  1887. if (cb->args[4])
  1888. return 0;
  1889. rcu_read_lock();
  1890. for_each_netdev_rcu(net, dev) {
  1891. if (dev->rtnl_link_ops != &gtp_link_ops)
  1892. continue;
  1893. gtp = netdev_priv(dev);
  1894. if (last_gtp && last_gtp != gtp)
  1895. continue;
  1896. else
  1897. last_gtp = NULL;
  1898. for (i = bucket; i < gtp->hash_size; i++) {
  1899. j = 0;
  1900. hlist_for_each_entry_rcu(pctx, &gtp->tid_hash[i],
  1901. hlist_tid) {
  1902. if (j >= skip &&
  1903. gtp_genl_fill_info(skb,
  1904. NETLINK_CB(cb->skb).portid,
  1905. cb->nlh->nlmsg_seq,
  1906. NLM_F_MULTI,
  1907. cb->nlh->nlmsg_type, pctx)) {
  1908. cb->args[0] = i;
  1909. cb->args[1] = j;
  1910. cb->args[2] = (unsigned long)gtp;
  1911. goto out;
  1912. }
  1913. j++;
  1914. }
  1915. skip = 0;
  1916. }
  1917. bucket = 0;
  1918. }
  1919. cb->args[4] = 1;
  1920. out:
  1921. rcu_read_unlock();
  1922. return skb->len;
  1923. }
  1924. static int gtp_genl_send_echo_req(struct sk_buff *skb, struct genl_info *info)
  1925. {
  1926. struct sk_buff *skb_to_send;
  1927. __be32 src_ip, dst_ip;
  1928. unsigned int version;
  1929. struct gtp_dev *gtp;
  1930. struct flowi4 fl4;
  1931. struct rtable *rt;
  1932. struct sock *sk;
  1933. __be16 port;
  1934. int len;
  1935. if (!info->attrs[GTPA_VERSION] ||
  1936. !info->attrs[GTPA_LINK] ||
  1937. !info->attrs[GTPA_PEER_ADDRESS] ||
  1938. !info->attrs[GTPA_MS_ADDRESS])
  1939. return -EINVAL;
  1940. version = nla_get_u32(info->attrs[GTPA_VERSION]);
  1941. dst_ip = nla_get_be32(info->attrs[GTPA_PEER_ADDRESS]);
  1942. src_ip = nla_get_be32(info->attrs[GTPA_MS_ADDRESS]);
  1943. gtp = gtp_find_dev(sock_net(skb->sk), info->attrs);
  1944. if (!gtp)
  1945. return -ENODEV;
  1946. if (!gtp->sk_created)
  1947. return -EOPNOTSUPP;
  1948. if (!(gtp->dev->flags & IFF_UP))
  1949. return -ENETDOWN;
  1950. if (version == GTP_V0) {
  1951. struct gtp0_header *gtp0_h;
  1952. len = LL_RESERVED_SPACE(gtp->dev) + sizeof(struct gtp0_header) +
  1953. sizeof(struct iphdr) + sizeof(struct udphdr);
  1954. skb_to_send = netdev_alloc_skb_ip_align(gtp->dev, len);
  1955. if (!skb_to_send)
  1956. return -ENOMEM;
  1957. sk = gtp->sk0;
  1958. port = htons(GTP0_PORT);
  1959. gtp0_h = skb_push(skb_to_send, sizeof(struct gtp0_header));
  1960. memset(gtp0_h, 0, sizeof(struct gtp0_header));
  1961. gtp0_build_echo_msg(gtp0_h, GTP_ECHO_REQ);
  1962. } else if (version == GTP_V1) {
  1963. struct gtp1_header_long *gtp1u_h;
  1964. len = LL_RESERVED_SPACE(gtp->dev) +
  1965. sizeof(struct gtp1_header_long) +
  1966. sizeof(struct iphdr) + sizeof(struct udphdr);
  1967. skb_to_send = netdev_alloc_skb_ip_align(gtp->dev, len);
  1968. if (!skb_to_send)
  1969. return -ENOMEM;
  1970. sk = gtp->sk1u;
  1971. port = htons(GTP1U_PORT);
  1972. gtp1u_h = skb_push(skb_to_send,
  1973. sizeof(struct gtp1_header_long));
  1974. memset(gtp1u_h, 0, sizeof(struct gtp1_header_long));
  1975. gtp1u_build_echo_msg(gtp1u_h, GTP_ECHO_REQ);
  1976. } else {
  1977. return -ENODEV;
  1978. }
  1979. rt = ip4_route_output_gtp(&fl4, sk, dst_ip, src_ip);
  1980. if (IS_ERR(rt)) {
  1981. netdev_dbg(gtp->dev, "no route for echo request to %pI4\n",
  1982. &dst_ip);
  1983. kfree_skb(skb_to_send);
  1984. return -ENODEV;
  1985. }
  1986. udp_tunnel_xmit_skb(rt, sk, skb_to_send,
  1987. fl4.saddr, fl4.daddr,
  1988. inet_dscp_to_dsfield(fl4.flowi4_dscp),
  1989. ip4_dst_hoplimit(&rt->dst),
  1990. 0,
  1991. port, port,
  1992. !net_eq(sock_net(sk),
  1993. dev_net(gtp->dev)),
  1994. false, 0);
  1995. return 0;
  1996. }
  1997. static const struct nla_policy gtp_genl_policy[GTPA_MAX + 1] = {
  1998. [GTPA_LINK] = { .type = NLA_U32, },
  1999. [GTPA_VERSION] = { .type = NLA_U32, },
  2000. [GTPA_TID] = { .type = NLA_U64, },
  2001. [GTPA_PEER_ADDRESS] = { .type = NLA_U32, },
  2002. [GTPA_MS_ADDRESS] = { .type = NLA_U32, },
  2003. [GTPA_FLOW] = { .type = NLA_U16, },
  2004. [GTPA_NET_NS_FD] = { .type = NLA_U32, },
  2005. [GTPA_I_TEI] = { .type = NLA_U32, },
  2006. [GTPA_O_TEI] = { .type = NLA_U32, },
  2007. [GTPA_PEER_ADDR6] = { .len = sizeof(struct in6_addr), },
  2008. [GTPA_MS_ADDR6] = { .len = sizeof(struct in6_addr), },
  2009. [GTPA_FAMILY] = { .type = NLA_U8, },
  2010. };
  2011. static const struct genl_small_ops gtp_genl_ops[] = {
  2012. {
  2013. .cmd = GTP_CMD_NEWPDP,
  2014. .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
  2015. .doit = gtp_genl_new_pdp,
  2016. .flags = GENL_ADMIN_PERM,
  2017. },
  2018. {
  2019. .cmd = GTP_CMD_DELPDP,
  2020. .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
  2021. .doit = gtp_genl_del_pdp,
  2022. .flags = GENL_ADMIN_PERM,
  2023. },
  2024. {
  2025. .cmd = GTP_CMD_GETPDP,
  2026. .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
  2027. .doit = gtp_genl_get_pdp,
  2028. .dumpit = gtp_genl_dump_pdp,
  2029. .flags = GENL_ADMIN_PERM,
  2030. },
  2031. {
  2032. .cmd = GTP_CMD_ECHOREQ,
  2033. .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
  2034. .doit = gtp_genl_send_echo_req,
  2035. .flags = GENL_ADMIN_PERM,
  2036. },
  2037. };
  2038. static struct genl_family gtp_genl_family __ro_after_init = {
  2039. .name = "gtp",
  2040. .version = 0,
  2041. .hdrsize = 0,
  2042. .maxattr = GTPA_MAX,
  2043. .policy = gtp_genl_policy,
  2044. .netnsok = true,
  2045. .module = THIS_MODULE,
  2046. .small_ops = gtp_genl_ops,
  2047. .n_small_ops = ARRAY_SIZE(gtp_genl_ops),
  2048. .resv_start_op = GTP_CMD_ECHOREQ + 1,
  2049. .mcgrps = gtp_genl_mcgrps,
  2050. .n_mcgrps = ARRAY_SIZE(gtp_genl_mcgrps),
  2051. };
  2052. static int __net_init gtp_net_init(struct net *net)
  2053. {
  2054. struct gtp_net *gn = net_generic(net, gtp_net_id);
  2055. INIT_LIST_HEAD(&gn->gtp_dev_list);
  2056. return 0;
  2057. }
  2058. static void __net_exit gtp_net_exit_rtnl(struct net *net,
  2059. struct list_head *dev_to_kill)
  2060. {
  2061. struct gtp_net *gn = net_generic(net, gtp_net_id);
  2062. struct gtp_dev *gtp, *gtp_next;
  2063. list_for_each_entry_safe(gtp, gtp_next, &gn->gtp_dev_list, list)
  2064. gtp_dellink(gtp->dev, dev_to_kill);
  2065. }
  2066. static struct pernet_operations gtp_net_ops = {
  2067. .init = gtp_net_init,
  2068. .exit_rtnl = gtp_net_exit_rtnl,
  2069. .id = &gtp_net_id,
  2070. .size = sizeof(struct gtp_net),
  2071. };
  2072. static int __init gtp_init(void)
  2073. {
  2074. int err;
  2075. get_random_bytes(&gtp_h_initval, sizeof(gtp_h_initval));
  2076. err = register_pernet_subsys(&gtp_net_ops);
  2077. if (err < 0)
  2078. goto error_out;
  2079. err = rtnl_link_register(&gtp_link_ops);
  2080. if (err < 0)
  2081. goto unreg_pernet_subsys;
  2082. err = genl_register_family(&gtp_genl_family);
  2083. if (err < 0)
  2084. goto unreg_rtnl_link;
  2085. pr_info("GTP module loaded (pdp ctx size %zd bytes)\n",
  2086. sizeof(struct pdp_ctx));
  2087. return 0;
  2088. unreg_rtnl_link:
  2089. rtnl_link_unregister(&gtp_link_ops);
  2090. unreg_pernet_subsys:
  2091. unregister_pernet_subsys(&gtp_net_ops);
  2092. error_out:
  2093. pr_err("error loading GTP module loaded\n");
  2094. return err;
  2095. }
  2096. late_initcall(gtp_init);
  2097. static void __exit gtp_fini(void)
  2098. {
  2099. genl_unregister_family(&gtp_genl_family);
  2100. rtnl_link_unregister(&gtp_link_ops);
  2101. unregister_pernet_subsys(&gtp_net_ops);
  2102. pr_info("GTP module unloaded\n");
  2103. }
  2104. module_exit(gtp_fini);
  2105. MODULE_LICENSE("GPL");
  2106. MODULE_AUTHOR("Harald Welte <hwelte@sysmocom.de>");
  2107. MODULE_DESCRIPTION("Interface driver for GTP encapsulated traffic");
  2108. MODULE_ALIAS_RTNL_LINK("gtp");
  2109. MODULE_ALIAS_GENL_FAMILY("gtp");