ipvlan_core.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /* Copyright (c) 2014 Mahesh Bandewar <maheshb@google.com>
  3. */
  4. #include <net/flow.h>
  5. #include <net/ip.h>
  6. #include "ipvlan.h"
  7. static u32 ipvlan_jhash_secret __read_mostly;
  8. void ipvlan_init_secret(void)
  9. {
  10. net_get_random_once(&ipvlan_jhash_secret, sizeof(ipvlan_jhash_secret));
  11. }
  12. void ipvlan_count_rx(const struct ipvl_dev *ipvlan,
  13. unsigned int len, bool success, bool mcast)
  14. {
  15. if (likely(success)) {
  16. struct ipvl_pcpu_stats *pcptr;
  17. pcptr = this_cpu_ptr(ipvlan->pcpu_stats);
  18. u64_stats_update_begin(&pcptr->syncp);
  19. u64_stats_inc(&pcptr->rx_pkts);
  20. u64_stats_add(&pcptr->rx_bytes, len);
  21. if (mcast)
  22. u64_stats_inc(&pcptr->rx_mcast);
  23. u64_stats_update_end(&pcptr->syncp);
  24. } else {
  25. this_cpu_inc(ipvlan->pcpu_stats->rx_errs);
  26. }
  27. }
  28. EXPORT_SYMBOL_GPL(ipvlan_count_rx);
  29. #if IS_ENABLED(CONFIG_IPV6)
  30. static u8 ipvlan_get_v6_hash(const void *iaddr)
  31. {
  32. const struct in6_addr *ip6_addr = iaddr;
  33. return __ipv6_addr_jhash(ip6_addr, ipvlan_jhash_secret) &
  34. IPVLAN_HASH_MASK;
  35. }
  36. #else
  37. static u8 ipvlan_get_v6_hash(const void *iaddr)
  38. {
  39. return 0;
  40. }
  41. #endif
  42. static u8 ipvlan_get_v4_hash(__be32 addr)
  43. {
  44. return jhash_1word((__force u32)addr, ipvlan_jhash_secret) &
  45. IPVLAN_HASH_MASK;
  46. }
  47. static bool addr_equal(bool is_v6, struct ipvl_addr *addr, const void *iaddr)
  48. {
  49. if (!is_v6 && addr->atype == IPVL_IPV4) {
  50. struct in_addr *i4addr = (struct in_addr *)iaddr;
  51. return addr->ip4addr.s_addr == i4addr->s_addr;
  52. #if IS_ENABLED(CONFIG_IPV6)
  53. } else if (is_v6 && addr->atype == IPVL_IPV6) {
  54. struct in6_addr *i6addr = (struct in6_addr *)iaddr;
  55. return ipv6_addr_equal(&addr->ip6addr, i6addr);
  56. #endif
  57. }
  58. return false;
  59. }
  60. #if IS_ENABLED(CONFIG_IPV6)
  61. static struct ipvl_addr *ipvlan_ht_addr_lookup6(const struct ipvl_port *port,
  62. const void *iaddr)
  63. {
  64. struct ipvl_addr *addr;
  65. u8 hash;
  66. hash = ipvlan_get_v6_hash(iaddr);
  67. hlist_for_each_entry_rcu(addr, &port->hlhead[hash], hlnode)
  68. if (addr_equal(true, addr, iaddr))
  69. return addr;
  70. return NULL;
  71. }
  72. #endif
  73. static struct ipvl_addr *ipvlan_ht_addr_lookup4(const struct ipvl_port *port,
  74. __be32 addr4)
  75. {
  76. struct ipvl_addr *addr;
  77. u8 hash;
  78. hash = ipvlan_get_v4_hash(addr4);
  79. hlist_for_each_entry_rcu(addr, &port->hlhead[hash], hlnode)
  80. if (addr->atype == IPVL_IPV4 && addr->ip4addr.s_addr == addr4)
  81. return addr;
  82. return NULL;
  83. }
  84. void ipvlan_ht_addr_add(struct ipvl_dev *ipvlan, struct ipvl_addr *addr)
  85. {
  86. struct ipvl_port *port = ipvlan->port;
  87. u8 hash;
  88. hash = (addr->atype == IPVL_IPV6) ?
  89. ipvlan_get_v6_hash(&addr->ip6addr) :
  90. ipvlan_get_v4_hash(addr->ip4addr.s_addr);
  91. if (hlist_unhashed(&addr->hlnode))
  92. hlist_add_head_rcu(&addr->hlnode, &port->hlhead[hash]);
  93. }
  94. void ipvlan_ht_addr_del(struct ipvl_addr *addr)
  95. {
  96. hlist_del_init_rcu(&addr->hlnode);
  97. }
  98. struct ipvl_addr *ipvlan_find_addr(const struct ipvl_dev *ipvlan,
  99. const void *iaddr, bool is_v6)
  100. {
  101. struct ipvl_addr *addr;
  102. assert_spin_locked(&ipvlan->port->addrs_lock);
  103. list_for_each_entry(addr, &ipvlan->addrs, anode) {
  104. if (addr_equal(is_v6, addr, iaddr))
  105. return addr;
  106. }
  107. return NULL;
  108. }
  109. bool ipvlan_addr_busy(struct ipvl_port *port, void *iaddr, bool is_v6)
  110. {
  111. struct ipvl_dev *ipvlan;
  112. bool ret = false;
  113. rcu_read_lock();
  114. list_for_each_entry_rcu(ipvlan, &port->ipvlans, pnode) {
  115. if (ipvlan_find_addr(ipvlan, iaddr, is_v6)) {
  116. ret = true;
  117. break;
  118. }
  119. }
  120. rcu_read_unlock();
  121. return ret;
  122. }
  123. void *ipvlan_get_L3_hdr(struct ipvl_port *port, struct sk_buff *skb, int *type)
  124. {
  125. void *lyr3h = NULL;
  126. switch (skb->protocol) {
  127. case htons(ETH_P_ARP): {
  128. struct arphdr *arph;
  129. if (unlikely(!pskb_may_pull(skb, arp_hdr_len(port->dev))))
  130. return NULL;
  131. arph = arp_hdr(skb);
  132. *type = IPVL_ARP;
  133. lyr3h = arph;
  134. break;
  135. }
  136. case htons(ETH_P_IP): {
  137. u32 pktlen;
  138. struct iphdr *ip4h;
  139. if (unlikely(!pskb_may_pull(skb, sizeof(*ip4h))))
  140. return NULL;
  141. ip4h = ip_hdr(skb);
  142. pktlen = skb_ip_totlen(skb);
  143. if (ip4h->ihl < 5 || ip4h->version != 4)
  144. return NULL;
  145. if (skb->len < pktlen || pktlen < (ip4h->ihl * 4))
  146. return NULL;
  147. *type = IPVL_IPV4;
  148. lyr3h = ip4h;
  149. break;
  150. }
  151. #if IS_ENABLED(CONFIG_IPV6)
  152. case htons(ETH_P_IPV6): {
  153. struct ipv6hdr *ip6h;
  154. if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h))))
  155. return NULL;
  156. ip6h = ipv6_hdr(skb);
  157. if (ip6h->version != 6)
  158. return NULL;
  159. *type = IPVL_IPV6;
  160. lyr3h = ip6h;
  161. /* Only Neighbour Solicitation pkts need different treatment */
  162. if (ipv6_addr_any(&ip6h->saddr) &&
  163. ip6h->nexthdr == NEXTHDR_ICMP) {
  164. struct icmp6hdr *icmph;
  165. if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h) + sizeof(*icmph))))
  166. return NULL;
  167. ip6h = ipv6_hdr(skb);
  168. icmph = (struct icmp6hdr *)(ip6h + 1);
  169. if (icmph->icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) {
  170. /* Need to access the ipv6 address in body */
  171. if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h) + sizeof(*icmph)
  172. + sizeof(struct in6_addr))))
  173. return NULL;
  174. ip6h = ipv6_hdr(skb);
  175. icmph = (struct icmp6hdr *)(ip6h + 1);
  176. }
  177. *type = IPVL_ICMPV6;
  178. lyr3h = icmph;
  179. }
  180. break;
  181. }
  182. #endif
  183. default:
  184. return NULL;
  185. }
  186. return lyr3h;
  187. }
  188. unsigned int ipvlan_mac_hash(const unsigned char *addr)
  189. {
  190. u32 hash = jhash_1word(get_unaligned((u32 *)(addr + 2)),
  191. ipvlan_jhash_secret);
  192. return hash & IPVLAN_MAC_FILTER_MASK;
  193. }
  194. void ipvlan_process_multicast(struct work_struct *work)
  195. {
  196. struct ipvl_port *port = container_of(work, struct ipvl_port, wq);
  197. struct ethhdr *ethh;
  198. struct ipvl_dev *ipvlan;
  199. struct sk_buff *skb, *nskb;
  200. struct sk_buff_head list;
  201. unsigned int len;
  202. unsigned int mac_hash;
  203. int ret;
  204. u8 pkt_type;
  205. bool tx_pkt;
  206. __skb_queue_head_init(&list);
  207. spin_lock_bh(&port->backlog.lock);
  208. skb_queue_splice_tail_init(&port->backlog, &list);
  209. spin_unlock_bh(&port->backlog.lock);
  210. while ((skb = __skb_dequeue(&list)) != NULL) {
  211. struct net_device *dev = skb->dev;
  212. bool consumed = false;
  213. ethh = eth_hdr(skb);
  214. tx_pkt = IPVL_SKB_CB(skb)->tx_pkt;
  215. mac_hash = ipvlan_mac_hash(ethh->h_dest);
  216. if (ether_addr_equal(ethh->h_dest, port->dev->broadcast))
  217. pkt_type = PACKET_BROADCAST;
  218. else
  219. pkt_type = PACKET_MULTICAST;
  220. rcu_read_lock();
  221. list_for_each_entry_rcu(ipvlan, &port->ipvlans, pnode) {
  222. if (tx_pkt && (ipvlan->dev == skb->dev))
  223. continue;
  224. if (!test_bit(mac_hash, ipvlan->mac_filters))
  225. continue;
  226. if (!(ipvlan->dev->flags & IFF_UP))
  227. continue;
  228. ret = NET_RX_DROP;
  229. len = skb->len + ETH_HLEN;
  230. nskb = skb_clone(skb, GFP_ATOMIC);
  231. local_bh_disable();
  232. if (nskb) {
  233. consumed = true;
  234. nskb->pkt_type = pkt_type;
  235. nskb->dev = ipvlan->dev;
  236. if (tx_pkt)
  237. ret = dev_forward_skb(ipvlan->dev, nskb);
  238. else
  239. ret = netif_rx(nskb);
  240. }
  241. ipvlan_count_rx(ipvlan, len, ret == NET_RX_SUCCESS, true);
  242. local_bh_enable();
  243. }
  244. rcu_read_unlock();
  245. if (tx_pkt) {
  246. /* If the packet originated here, send it out. */
  247. skb->dev = port->dev;
  248. skb->pkt_type = pkt_type;
  249. dev_queue_xmit(skb);
  250. } else {
  251. if (consumed)
  252. consume_skb(skb);
  253. else
  254. kfree_skb(skb);
  255. }
  256. dev_put(dev);
  257. cond_resched();
  258. }
  259. }
  260. static void ipvlan_skb_crossing_ns(struct sk_buff *skb, struct net_device *dev)
  261. {
  262. bool xnet = true;
  263. if (dev)
  264. xnet = !net_eq(dev_net(skb->dev), dev_net(dev));
  265. skb_scrub_packet(skb, xnet);
  266. if (dev)
  267. skb->dev = dev;
  268. }
  269. static int ipvlan_rcv_frame(struct ipvl_addr *addr, struct sk_buff **pskb,
  270. bool local)
  271. {
  272. struct ipvl_dev *ipvlan = addr->master;
  273. struct net_device *dev = ipvlan->dev;
  274. unsigned int len;
  275. rx_handler_result_t ret = RX_HANDLER_CONSUMED;
  276. bool success = false;
  277. struct sk_buff *skb = *pskb;
  278. len = skb->len + ETH_HLEN;
  279. /* Only packets exchanged between two local slaves need to have
  280. * device-up check as well as skb-share check.
  281. */
  282. if (local) {
  283. if (unlikely(!(dev->flags & IFF_UP))) {
  284. kfree_skb(skb);
  285. goto out;
  286. }
  287. skb = skb_share_check(skb, GFP_ATOMIC);
  288. if (!skb)
  289. goto out;
  290. *pskb = skb;
  291. }
  292. if (local) {
  293. skb->pkt_type = PACKET_HOST;
  294. if (dev_forward_skb(ipvlan->dev, skb) == NET_RX_SUCCESS)
  295. success = true;
  296. } else {
  297. skb->dev = dev;
  298. ret = RX_HANDLER_ANOTHER;
  299. success = true;
  300. }
  301. out:
  302. ipvlan_count_rx(ipvlan, len, success, false);
  303. return ret;
  304. }
  305. struct ipvl_addr *ipvlan_addr_lookup(struct ipvl_port *port, void *lyr3h,
  306. int addr_type, bool use_dest)
  307. {
  308. struct ipvl_addr *addr = NULL;
  309. #if IS_ENABLED(CONFIG_IPV6)
  310. struct in6_addr *i6addr;
  311. #endif
  312. __be32 addr4;
  313. switch (addr_type) {
  314. #if IS_ENABLED(CONFIG_IPV6)
  315. case IPVL_IPV6: {
  316. struct ipv6hdr *ip6h;
  317. ip6h = (struct ipv6hdr *)lyr3h;
  318. i6addr = use_dest ? &ip6h->daddr : &ip6h->saddr;
  319. lookup6:
  320. addr = ipvlan_ht_addr_lookup6(port, i6addr);
  321. break;
  322. }
  323. case IPVL_ICMPV6: {
  324. struct nd_msg *ndmh;
  325. /* Make sure that the NeighborSolicitation ICMPv6 packets
  326. * are handled to avoid DAD issue.
  327. */
  328. ndmh = (struct nd_msg *)lyr3h;
  329. if (ndmh->icmph.icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) {
  330. i6addr = &ndmh->target;
  331. goto lookup6;
  332. }
  333. break;
  334. }
  335. #endif
  336. case IPVL_IPV4: {
  337. struct iphdr *ip4h;
  338. ip4h = (struct iphdr *)lyr3h;
  339. addr4 = use_dest ? ip4h->daddr : ip4h->saddr;
  340. lookup4:
  341. addr = ipvlan_ht_addr_lookup4(port, addr4);
  342. break;
  343. }
  344. case IPVL_ARP: {
  345. struct arphdr *arph;
  346. unsigned char *arp_ptr;
  347. arph = (struct arphdr *)lyr3h;
  348. arp_ptr = (unsigned char *)(arph + 1);
  349. if (use_dest)
  350. arp_ptr += (2 * port->dev->addr_len) + 4;
  351. else
  352. arp_ptr += port->dev->addr_len;
  353. addr4 = get_unaligned((__be32 *)arp_ptr);
  354. goto lookup4;
  355. }
  356. }
  357. return addr;
  358. }
  359. static noinline_for_stack int ipvlan_process_v4_outbound(struct sk_buff *skb)
  360. {
  361. struct net_device *dev = skb->dev;
  362. struct net *net = dev_net(dev);
  363. int err, ret = NET_XMIT_DROP;
  364. const struct iphdr *ip4h;
  365. struct rtable *rt;
  366. struct flowi4 fl4 = {
  367. .flowi4_oif = dev->ifindex,
  368. .flowi4_flags = FLOWI_FLAG_ANYSRC,
  369. .flowi4_mark = skb->mark,
  370. };
  371. if (!pskb_network_may_pull(skb, sizeof(struct iphdr)))
  372. goto err;
  373. ip4h = ip_hdr(skb);
  374. fl4.daddr = ip4h->daddr;
  375. fl4.saddr = ip4h->saddr;
  376. fl4.flowi4_dscp = ip4h_dscp(ip4h);
  377. rt = ip_route_output_flow(net, &fl4, NULL);
  378. if (IS_ERR(rt))
  379. goto err;
  380. if (rt->rt_type != RTN_UNICAST && rt->rt_type != RTN_LOCAL) {
  381. ip_rt_put(rt);
  382. goto err;
  383. }
  384. skb_dst_set(skb, &rt->dst);
  385. memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
  386. err = ip_local_out(net, NULL, skb);
  387. if (unlikely(net_xmit_eval(err)))
  388. DEV_STATS_INC(dev, tx_errors);
  389. else
  390. ret = NET_XMIT_SUCCESS;
  391. goto out;
  392. err:
  393. DEV_STATS_INC(dev, tx_errors);
  394. kfree_skb(skb);
  395. out:
  396. return ret;
  397. }
  398. #if IS_ENABLED(CONFIG_IPV6)
  399. static noinline_for_stack int
  400. ipvlan_route_v6_outbound(struct net_device *dev, struct sk_buff *skb)
  401. {
  402. const struct ipv6hdr *ip6h = ipv6_hdr(skb);
  403. struct flowi6 fl6 = {
  404. .flowi6_oif = dev->ifindex,
  405. .daddr = ip6h->daddr,
  406. .saddr = ip6h->saddr,
  407. .flowi6_flags = FLOWI_FLAG_ANYSRC,
  408. .flowlabel = ip6_flowinfo(ip6h),
  409. .flowi6_mark = skb->mark,
  410. .flowi6_proto = ip6h->nexthdr,
  411. };
  412. struct dst_entry *dst;
  413. int err;
  414. dst = ip6_route_output(dev_net(dev), NULL, &fl6);
  415. err = dst->error;
  416. if (err) {
  417. dst_release(dst);
  418. return err;
  419. }
  420. skb_dst_set(skb, dst);
  421. return 0;
  422. }
  423. static int ipvlan_process_v6_outbound(struct sk_buff *skb)
  424. {
  425. struct net_device *dev = skb->dev;
  426. int err, ret = NET_XMIT_DROP;
  427. if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr))) {
  428. DEV_STATS_INC(dev, tx_errors);
  429. kfree_skb(skb);
  430. return ret;
  431. }
  432. err = ipvlan_route_v6_outbound(dev, skb);
  433. if (unlikely(err)) {
  434. DEV_STATS_INC(dev, tx_errors);
  435. kfree_skb(skb);
  436. return err;
  437. }
  438. memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
  439. err = ip6_local_out(dev_net(dev), NULL, skb);
  440. if (unlikely(net_xmit_eval(err)))
  441. DEV_STATS_INC(dev, tx_errors);
  442. else
  443. ret = NET_XMIT_SUCCESS;
  444. return ret;
  445. }
  446. #else
  447. static int ipvlan_process_v6_outbound(struct sk_buff *skb)
  448. {
  449. return NET_XMIT_DROP;
  450. }
  451. #endif
  452. static int ipvlan_process_outbound(struct sk_buff *skb)
  453. {
  454. int ret = NET_XMIT_DROP;
  455. /* The ipvlan is a pseudo-L2 device, so the packets that we receive
  456. * will have L2; which need to discarded and processed further
  457. * in the net-ns of the main-device.
  458. */
  459. if (skb_mac_header_was_set(skb)) {
  460. /* In this mode we dont care about
  461. * multicast and broadcast traffic */
  462. struct ethhdr *ethh = eth_hdr(skb);
  463. if (is_multicast_ether_addr(ethh->h_dest)) {
  464. pr_debug_ratelimited(
  465. "Dropped {multi|broad}cast of type=[%x]\n",
  466. ntohs(skb->protocol));
  467. kfree_skb(skb);
  468. goto out;
  469. }
  470. skb_pull(skb, sizeof(*ethh));
  471. skb->mac_header = (typeof(skb->mac_header))~0U;
  472. skb_reset_network_header(skb);
  473. }
  474. if (skb->protocol == htons(ETH_P_IPV6))
  475. ret = ipvlan_process_v6_outbound(skb);
  476. else if (skb->protocol == htons(ETH_P_IP))
  477. ret = ipvlan_process_v4_outbound(skb);
  478. else {
  479. pr_warn_ratelimited("Dropped outbound packet type=%x\n",
  480. ntohs(skb->protocol));
  481. kfree_skb(skb);
  482. }
  483. out:
  484. return ret;
  485. }
  486. static void ipvlan_multicast_enqueue(struct ipvl_port *port,
  487. struct sk_buff *skb, bool tx_pkt)
  488. {
  489. if (skb->protocol == htons(ETH_P_PAUSE)) {
  490. kfree_skb(skb);
  491. return;
  492. }
  493. /* Record that the deferred packet is from TX or RX path. By
  494. * looking at mac-addresses on packet will lead to erronus decisions.
  495. * (This would be true for a loopback-mode on master device or a
  496. * hair-pin mode of the switch.)
  497. */
  498. IPVL_SKB_CB(skb)->tx_pkt = tx_pkt;
  499. spin_lock(&port->backlog.lock);
  500. if (skb_queue_len(&port->backlog) < IPVLAN_QBACKLOG_LIMIT) {
  501. dev_hold(skb->dev);
  502. __skb_queue_tail(&port->backlog, skb);
  503. spin_unlock(&port->backlog.lock);
  504. schedule_work(&port->wq);
  505. } else {
  506. spin_unlock(&port->backlog.lock);
  507. dev_core_stats_rx_dropped_inc(skb->dev);
  508. kfree_skb(skb);
  509. }
  510. }
  511. static int ipvlan_xmit_mode_l3(struct sk_buff *skb, struct net_device *dev)
  512. {
  513. const struct ipvl_dev *ipvlan = netdev_priv(dev);
  514. void *lyr3h;
  515. struct ipvl_addr *addr;
  516. int addr_type;
  517. lyr3h = ipvlan_get_L3_hdr(ipvlan->port, skb, &addr_type);
  518. if (!lyr3h)
  519. goto out;
  520. if (!ipvlan_is_vepa(ipvlan->port)) {
  521. addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true);
  522. if (addr) {
  523. if (ipvlan_is_private(ipvlan->port)) {
  524. consume_skb(skb);
  525. return NET_XMIT_DROP;
  526. }
  527. ipvlan_rcv_frame(addr, &skb, true);
  528. return NET_XMIT_SUCCESS;
  529. }
  530. }
  531. out:
  532. ipvlan_skb_crossing_ns(skb, ipvlan->phy_dev);
  533. return ipvlan_process_outbound(skb);
  534. }
  535. static int ipvlan_xmit_mode_l2(struct sk_buff *skb, struct net_device *dev)
  536. {
  537. const struct ipvl_dev *ipvlan = netdev_priv(dev);
  538. struct ethhdr *eth = skb_eth_hdr(skb);
  539. struct ipvl_addr *addr;
  540. void *lyr3h;
  541. int addr_type;
  542. if (!ipvlan_is_vepa(ipvlan->port) &&
  543. ether_addr_equal(eth->h_dest, eth->h_source)) {
  544. lyr3h = ipvlan_get_L3_hdr(ipvlan->port, skb, &addr_type);
  545. if (lyr3h) {
  546. addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true);
  547. if (addr) {
  548. if (ipvlan_is_private(ipvlan->port)) {
  549. consume_skb(skb);
  550. return NET_XMIT_DROP;
  551. }
  552. ipvlan_rcv_frame(addr, &skb, true);
  553. return NET_XMIT_SUCCESS;
  554. }
  555. }
  556. skb = skb_share_check(skb, GFP_ATOMIC);
  557. if (!skb)
  558. return NET_XMIT_DROP;
  559. /* Packet definitely does not belong to any of the
  560. * virtual devices, but the dest is local. So forward
  561. * the skb for the main-dev. At the RX side we just return
  562. * RX_PASS for it to be processed further on the stack.
  563. */
  564. dev_forward_skb(ipvlan->phy_dev, skb);
  565. return NET_XMIT_SUCCESS;
  566. } else if (is_multicast_ether_addr(eth->h_dest)) {
  567. skb_reset_mac_header(skb);
  568. ipvlan_skb_crossing_ns(skb, NULL);
  569. ipvlan_multicast_enqueue(ipvlan->port, skb, true);
  570. return NET_XMIT_SUCCESS;
  571. }
  572. skb->dev = ipvlan->phy_dev;
  573. return dev_queue_xmit(skb);
  574. }
  575. int ipvlan_queue_xmit(struct sk_buff *skb, struct net_device *dev)
  576. {
  577. struct ipvl_dev *ipvlan = netdev_priv(dev);
  578. struct ipvl_port *port = ipvlan_port_get_rcu_bh(ipvlan->phy_dev);
  579. if (!port)
  580. goto out;
  581. if (unlikely(!pskb_may_pull(skb, sizeof(struct ethhdr))))
  582. goto out;
  583. switch(port->mode) {
  584. case IPVLAN_MODE_L2:
  585. return ipvlan_xmit_mode_l2(skb, dev);
  586. case IPVLAN_MODE_L3:
  587. #ifdef CONFIG_IPVLAN_L3S
  588. case IPVLAN_MODE_L3S:
  589. #endif
  590. return ipvlan_xmit_mode_l3(skb, dev);
  591. }
  592. /* Should not reach here */
  593. WARN_ONCE(true, "%s called for mode = [%x]\n", __func__, port->mode);
  594. out:
  595. kfree_skb(skb);
  596. return NET_XMIT_DROP;
  597. }
  598. static bool ipvlan_external_frame(struct sk_buff *skb, struct ipvl_port *port)
  599. {
  600. struct ethhdr *eth = eth_hdr(skb);
  601. struct ipvl_addr *addr;
  602. void *lyr3h;
  603. int addr_type;
  604. if (ether_addr_equal(eth->h_source, skb->dev->dev_addr)) {
  605. lyr3h = ipvlan_get_L3_hdr(port, skb, &addr_type);
  606. if (!lyr3h)
  607. return true;
  608. addr = ipvlan_addr_lookup(port, lyr3h, addr_type, false);
  609. if (addr)
  610. return false;
  611. }
  612. return true;
  613. }
  614. static rx_handler_result_t ipvlan_handle_mode_l3(struct sk_buff **pskb,
  615. struct ipvl_port *port)
  616. {
  617. void *lyr3h;
  618. int addr_type;
  619. struct ipvl_addr *addr;
  620. struct sk_buff *skb = *pskb;
  621. rx_handler_result_t ret = RX_HANDLER_PASS;
  622. lyr3h = ipvlan_get_L3_hdr(port, skb, &addr_type);
  623. if (!lyr3h)
  624. goto out;
  625. addr = ipvlan_addr_lookup(port, lyr3h, addr_type, true);
  626. if (addr)
  627. ret = ipvlan_rcv_frame(addr, pskb, false);
  628. out:
  629. return ret;
  630. }
  631. static rx_handler_result_t ipvlan_handle_mode_l2(struct sk_buff **pskb,
  632. struct ipvl_port *port)
  633. {
  634. struct sk_buff *skb = *pskb;
  635. struct ethhdr *eth = eth_hdr(skb);
  636. rx_handler_result_t ret = RX_HANDLER_PASS;
  637. if (unlikely(skb->pkt_type == PACKET_LOOPBACK))
  638. return RX_HANDLER_PASS;
  639. if (is_multicast_ether_addr(eth->h_dest)) {
  640. if (ipvlan_external_frame(skb, port)) {
  641. struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC);
  642. /* External frames are queued for device local
  643. * distribution, but a copy is given to master
  644. * straight away to avoid sending duplicates later
  645. * when work-queue processes this frame. This is
  646. * achieved by returning RX_HANDLER_PASS.
  647. */
  648. if (nskb) {
  649. ipvlan_skb_crossing_ns(nskb, NULL);
  650. ipvlan_multicast_enqueue(port, nskb, false);
  651. }
  652. }
  653. } else {
  654. /* Perform like l3 mode for non-multicast packet */
  655. ret = ipvlan_handle_mode_l3(pskb, port);
  656. }
  657. return ret;
  658. }
  659. rx_handler_result_t ipvlan_handle_frame(struct sk_buff **pskb)
  660. {
  661. struct sk_buff *skb = *pskb;
  662. struct ipvl_port *port = ipvlan_port_get_rcu(skb->dev);
  663. if (!port)
  664. return RX_HANDLER_PASS;
  665. switch (port->mode) {
  666. case IPVLAN_MODE_L2:
  667. return ipvlan_handle_mode_l2(pskb, port);
  668. case IPVLAN_MODE_L3:
  669. return ipvlan_handle_mode_l3(pskb, port);
  670. #ifdef CONFIG_IPVLAN_L3S
  671. case IPVLAN_MODE_L3S:
  672. return RX_HANDLER_PASS;
  673. #endif
  674. }
  675. /* Should not reach here */
  676. WARN_ONCE(true, "%s called for mode = [%x]\n", __func__, port->mode);
  677. kfree_skb(skb);
  678. return RX_HANDLER_CONSUMED;
  679. }