xfrm_interface_core.c 28 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * XFRM virtual interface
  4. *
  5. * Copyright (C) 2018 secunet Security Networks AG
  6. *
  7. * Author:
  8. * Steffen Klassert <steffen.klassert@secunet.com>
  9. */
  10. #include <linux/module.h>
  11. #include <linux/capability.h>
  12. #include <linux/errno.h>
  13. #include <linux/types.h>
  14. #include <linux/sockios.h>
  15. #include <linux/icmp.h>
  16. #include <linux/if.h>
  17. #include <linux/in.h>
  18. #include <linux/ip.h>
  19. #include <linux/net.h>
  20. #include <linux/in6.h>
  21. #include <linux/netdevice.h>
  22. #include <linux/if_link.h>
  23. #include <linux/if_arp.h>
  24. #include <linux/icmpv6.h>
  25. #include <linux/init.h>
  26. #include <linux/route.h>
  27. #include <linux/rtnetlink.h>
  28. #include <linux/netfilter_ipv6.h>
  29. #include <linux/slab.h>
  30. #include <linux/hash.h>
  31. #include <linux/uaccess.h>
  32. #include <linux/atomic.h>
  33. #include <net/gso.h>
  34. #include <net/icmp.h>
  35. #include <net/ip.h>
  36. #include <net/ipv6.h>
  37. #include <net/ip6_route.h>
  38. #include <net/ip_tunnels.h>
  39. #include <net/addrconf.h>
  40. #include <net/xfrm.h>
  41. #include <net/net_namespace.h>
  42. #include <net/dst_metadata.h>
  43. #include <net/netns/generic.h>
  44. #include <linux/etherdevice.h>
  45. static int xfrmi_dev_init(struct net_device *dev);
  46. static void xfrmi_dev_setup(struct net_device *dev);
  47. static struct rtnl_link_ops xfrmi_link_ops __read_mostly;
  48. static unsigned int xfrmi_net_id __read_mostly;
  49. static const struct net_device_ops xfrmi_netdev_ops;
  50. #define XFRMI_HASH_BITS 8
  51. #define XFRMI_HASH_SIZE BIT(XFRMI_HASH_BITS)
  52. struct xfrmi_net {
  53. /* lists for storing interfaces in use */
  54. struct xfrm_if __rcu *xfrmi[XFRMI_HASH_SIZE];
  55. struct xfrm_if __rcu *collect_md_xfrmi;
  56. };
  57. static const struct nla_policy xfrm_lwt_policy[LWT_XFRM_MAX + 1] = {
  58. [LWT_XFRM_IF_ID] = NLA_POLICY_MIN(NLA_U32, 1),
  59. [LWT_XFRM_LINK] = NLA_POLICY_MIN(NLA_U32, 1),
  60. };
  61. static void xfrmi_destroy_state(struct lwtunnel_state *lwt)
  62. {
  63. }
  64. static int xfrmi_build_state(struct net *net, struct nlattr *nla,
  65. unsigned int family, const void *cfg,
  66. struct lwtunnel_state **ts,
  67. struct netlink_ext_ack *extack)
  68. {
  69. struct nlattr *tb[LWT_XFRM_MAX + 1];
  70. struct lwtunnel_state *new_state;
  71. struct xfrm_md_info *info;
  72. int ret;
  73. ret = nla_parse_nested(tb, LWT_XFRM_MAX, nla, xfrm_lwt_policy, extack);
  74. if (ret < 0)
  75. return ret;
  76. if (!tb[LWT_XFRM_IF_ID]) {
  77. NL_SET_ERR_MSG(extack, "if_id must be set");
  78. return -EINVAL;
  79. }
  80. new_state = lwtunnel_state_alloc(sizeof(*info));
  81. if (!new_state) {
  82. NL_SET_ERR_MSG(extack, "failed to create encap info");
  83. return -ENOMEM;
  84. }
  85. new_state->type = LWTUNNEL_ENCAP_XFRM;
  86. info = lwt_xfrm_info(new_state);
  87. info->if_id = nla_get_u32(tb[LWT_XFRM_IF_ID]);
  88. if (tb[LWT_XFRM_LINK])
  89. info->link = nla_get_u32(tb[LWT_XFRM_LINK]);
  90. *ts = new_state;
  91. return 0;
  92. }
  93. static int xfrmi_fill_encap_info(struct sk_buff *skb,
  94. struct lwtunnel_state *lwt)
  95. {
  96. struct xfrm_md_info *info = lwt_xfrm_info(lwt);
  97. if (nla_put_u32(skb, LWT_XFRM_IF_ID, info->if_id) ||
  98. (info->link && nla_put_u32(skb, LWT_XFRM_LINK, info->link)))
  99. return -EMSGSIZE;
  100. return 0;
  101. }
  102. static int xfrmi_encap_nlsize(struct lwtunnel_state *lwtstate)
  103. {
  104. return nla_total_size(sizeof(u32)) + /* LWT_XFRM_IF_ID */
  105. nla_total_size(sizeof(u32)); /* LWT_XFRM_LINK */
  106. }
  107. static int xfrmi_encap_cmp(struct lwtunnel_state *a, struct lwtunnel_state *b)
  108. {
  109. struct xfrm_md_info *a_info = lwt_xfrm_info(a);
  110. struct xfrm_md_info *b_info = lwt_xfrm_info(b);
  111. return memcmp(a_info, b_info, sizeof(*a_info));
  112. }
  113. static const struct lwtunnel_encap_ops xfrmi_encap_ops = {
  114. .build_state = xfrmi_build_state,
  115. .destroy_state = xfrmi_destroy_state,
  116. .fill_encap = xfrmi_fill_encap_info,
  117. .get_encap_size = xfrmi_encap_nlsize,
  118. .cmp_encap = xfrmi_encap_cmp,
  119. .owner = THIS_MODULE,
  120. };
  121. #define for_each_xfrmi_rcu(start, xi) \
  122. for (xi = rcu_dereference(start); xi; xi = rcu_dereference(xi->next))
  123. static u32 xfrmi_hash(u32 if_id)
  124. {
  125. return hash_32(if_id, XFRMI_HASH_BITS);
  126. }
  127. static struct xfrm_if *xfrmi_lookup(struct net *net, struct xfrm_state *x)
  128. {
  129. struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
  130. struct xfrm_if *xi;
  131. for_each_xfrmi_rcu(xfrmn->xfrmi[xfrmi_hash(x->if_id)], xi) {
  132. if (x->if_id == xi->p.if_id &&
  133. (xi->dev->flags & IFF_UP))
  134. return xi;
  135. }
  136. xi = rcu_dereference(xfrmn->collect_md_xfrmi);
  137. if (xi && (xi->dev->flags & IFF_UP))
  138. return xi;
  139. return NULL;
  140. }
  141. static bool xfrmi_decode_session(struct sk_buff *skb,
  142. unsigned short family,
  143. struct xfrm_if_decode_session_result *res)
  144. {
  145. struct net_device *dev;
  146. struct xfrm_if *xi;
  147. int ifindex = 0;
  148. if (!secpath_exists(skb) || !skb->dev)
  149. return false;
  150. switch (family) {
  151. case AF_INET6:
  152. ifindex = inet6_sdif(skb);
  153. break;
  154. case AF_INET:
  155. ifindex = inet_sdif(skb);
  156. break;
  157. }
  158. if (ifindex) {
  159. struct net *net = xs_net(xfrm_input_state(skb));
  160. dev = dev_get_by_index_rcu(net, ifindex);
  161. } else {
  162. dev = skb->dev;
  163. }
  164. if (!dev || !(dev->flags & IFF_UP))
  165. return false;
  166. if (dev->netdev_ops != &xfrmi_netdev_ops)
  167. return false;
  168. xi = netdev_priv(dev);
  169. res->net = xi->net;
  170. if (xi->p.collect_md)
  171. res->if_id = xfrm_input_state(skb)->if_id;
  172. else
  173. res->if_id = xi->p.if_id;
  174. return true;
  175. }
  176. static void xfrmi_link(struct xfrmi_net *xfrmn, struct xfrm_if *xi)
  177. {
  178. struct xfrm_if __rcu **xip = &xfrmn->xfrmi[xfrmi_hash(xi->p.if_id)];
  179. rcu_assign_pointer(xi->next , rtnl_dereference(*xip));
  180. rcu_assign_pointer(*xip, xi);
  181. }
  182. static void xfrmi_unlink(struct xfrmi_net *xfrmn, struct xfrm_if *xi)
  183. {
  184. struct xfrm_if __rcu **xip;
  185. struct xfrm_if *iter;
  186. for (xip = &xfrmn->xfrmi[xfrmi_hash(xi->p.if_id)];
  187. (iter = rtnl_dereference(*xip)) != NULL;
  188. xip = &iter->next) {
  189. if (xi == iter) {
  190. rcu_assign_pointer(*xip, xi->next);
  191. break;
  192. }
  193. }
  194. }
  195. static void xfrmi_dev_free(struct net_device *dev)
  196. {
  197. struct xfrm_if *xi = netdev_priv(dev);
  198. gro_cells_destroy(&xi->gro_cells);
  199. }
  200. static int xfrmi_create(struct net *net, struct net_device *dev)
  201. {
  202. struct xfrm_if *xi = netdev_priv(dev);
  203. struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
  204. int err;
  205. dev->rtnl_link_ops = &xfrmi_link_ops;
  206. err = register_netdevice(dev);
  207. if (err < 0)
  208. goto out;
  209. if (xi->p.collect_md)
  210. rcu_assign_pointer(xfrmn->collect_md_xfrmi, xi);
  211. else
  212. xfrmi_link(xfrmn, xi);
  213. return 0;
  214. out:
  215. return err;
  216. }
  217. static struct xfrm_if *xfrmi_locate(struct net *net, struct xfrm_if_parms *p)
  218. {
  219. struct xfrm_if __rcu **xip;
  220. struct xfrm_if *xi;
  221. struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
  222. for (xip = &xfrmn->xfrmi[xfrmi_hash(p->if_id)];
  223. (xi = rtnl_dereference(*xip)) != NULL;
  224. xip = &xi->next)
  225. if (xi->p.if_id == p->if_id)
  226. return xi;
  227. return NULL;
  228. }
  229. static void xfrmi_dev_uninit(struct net_device *dev)
  230. {
  231. struct xfrm_if *xi = netdev_priv(dev);
  232. struct xfrmi_net *xfrmn = net_generic(xi->net, xfrmi_net_id);
  233. if (xi->p.collect_md)
  234. RCU_INIT_POINTER(xfrmn->collect_md_xfrmi, NULL);
  235. else
  236. xfrmi_unlink(xfrmn, xi);
  237. }
  238. static void xfrmi_scrub_packet(struct sk_buff *skb, bool xnet)
  239. {
  240. skb_clear_tstamp(skb);
  241. skb->pkt_type = PACKET_HOST;
  242. skb->skb_iif = 0;
  243. skb->ignore_df = 0;
  244. skb_dst_drop(skb);
  245. nf_reset_ct(skb);
  246. nf_reset_trace(skb);
  247. if (!xnet)
  248. return;
  249. ipvs_reset(skb);
  250. secpath_reset(skb);
  251. skb_orphan(skb);
  252. skb->mark = 0;
  253. }
  254. static int xfrmi_input(struct sk_buff *skb, int nexthdr, __be32 spi,
  255. int encap_type, unsigned short family)
  256. {
  257. struct sec_path *sp;
  258. sp = skb_sec_path(skb);
  259. if (sp && (sp->len || sp->olen) &&
  260. !xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family))
  261. goto discard;
  262. XFRM_SPI_SKB_CB(skb)->family = family;
  263. if (family == AF_INET) {
  264. XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
  265. XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = NULL;
  266. } else {
  267. XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct ipv6hdr, daddr);
  268. XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6 = NULL;
  269. }
  270. return xfrm_input(skb, nexthdr, spi, encap_type);
  271. discard:
  272. kfree_skb(skb);
  273. return 0;
  274. }
  275. static int xfrmi4_rcv(struct sk_buff *skb)
  276. {
  277. return xfrmi_input(skb, ip_hdr(skb)->protocol, 0, 0, AF_INET);
  278. }
  279. static int xfrmi6_rcv(struct sk_buff *skb)
  280. {
  281. return xfrmi_input(skb, skb_network_header(skb)[IP6CB(skb)->nhoff],
  282. 0, 0, AF_INET6);
  283. }
  284. static int xfrmi4_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
  285. {
  286. return xfrmi_input(skb, nexthdr, spi, encap_type, AF_INET);
  287. }
  288. static int xfrmi6_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
  289. {
  290. return xfrmi_input(skb, nexthdr, spi, encap_type, AF_INET6);
  291. }
  292. static int xfrmi_rcv_cb(struct sk_buff *skb, int err)
  293. {
  294. const struct xfrm_mode *inner_mode;
  295. struct net_device *dev;
  296. struct xfrm_state *x;
  297. struct xfrm_if *xi;
  298. bool xnet;
  299. int link;
  300. if (err && !secpath_exists(skb))
  301. return 0;
  302. x = xfrm_input_state(skb);
  303. xi = xfrmi_lookup(xs_net(x), x);
  304. if (!xi)
  305. return 1;
  306. link = skb->dev->ifindex;
  307. dev = xi->dev;
  308. skb->dev = dev;
  309. if (err) {
  310. DEV_STATS_INC(dev, rx_errors);
  311. DEV_STATS_INC(dev, rx_dropped);
  312. return 0;
  313. }
  314. xnet = !net_eq(xi->net, dev_net(skb->dev));
  315. if (xnet) {
  316. inner_mode = &x->inner_mode;
  317. if (x->sel.family == AF_UNSPEC) {
  318. inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
  319. if (inner_mode == NULL) {
  320. XFRM_INC_STATS(dev_net(skb->dev),
  321. LINUX_MIB_XFRMINSTATEMODEERROR);
  322. return -EINVAL;
  323. }
  324. }
  325. if (!xfrm_policy_check(NULL, XFRM_POLICY_IN, skb,
  326. inner_mode->family))
  327. return -EPERM;
  328. }
  329. xfrmi_scrub_packet(skb, xnet);
  330. if (xi->p.collect_md) {
  331. struct metadata_dst *md_dst;
  332. md_dst = metadata_dst_alloc(0, METADATA_XFRM, GFP_ATOMIC);
  333. if (!md_dst)
  334. return -ENOMEM;
  335. md_dst->u.xfrm_info.if_id = x->if_id;
  336. md_dst->u.xfrm_info.link = link;
  337. skb_dst_set(skb, (struct dst_entry *)md_dst);
  338. }
  339. dev_sw_netstats_rx_add(dev, skb->len);
  340. return 0;
  341. }
  342. static int
  343. xfrmi_xmit2(struct sk_buff *skb, struct net_device *dev, struct flowi *fl)
  344. {
  345. struct xfrm_if *xi = netdev_priv(dev);
  346. struct dst_entry *dst = skb_dst(skb);
  347. unsigned int length = skb->len;
  348. struct net_device *tdev;
  349. struct xfrm_state *x;
  350. int err = -1;
  351. u32 if_id;
  352. int mtu;
  353. if (xi->p.collect_md) {
  354. struct xfrm_md_info *md_info = skb_xfrm_md_info(skb);
  355. if (unlikely(!md_info))
  356. return -EINVAL;
  357. if_id = md_info->if_id;
  358. fl->flowi_oif = md_info->link;
  359. if (md_info->dst_orig) {
  360. struct dst_entry *tmp_dst = dst;
  361. dst = md_info->dst_orig;
  362. skb_dst_set(skb, dst);
  363. md_info->dst_orig = NULL;
  364. dst_release(tmp_dst);
  365. }
  366. } else {
  367. if_id = xi->p.if_id;
  368. }
  369. dst_hold(dst);
  370. dst = xfrm_lookup_with_ifid(xi->net, dst, fl, NULL, 0, if_id);
  371. if (IS_ERR(dst)) {
  372. err = PTR_ERR(dst);
  373. dst = NULL;
  374. goto tx_err_link_failure;
  375. }
  376. x = dst->xfrm;
  377. if (!x)
  378. goto tx_err_link_failure;
  379. if (x->if_id != if_id)
  380. goto tx_err_link_failure;
  381. tdev = dst->dev;
  382. if (tdev == dev) {
  383. DEV_STATS_INC(dev, collisions);
  384. net_warn_ratelimited("%s: Local routing loop detected!\n",
  385. dev->name);
  386. goto tx_err_dst_release;
  387. }
  388. mtu = dst_mtu(dst);
  389. if ((!skb_is_gso(skb) && skb->len > mtu) ||
  390. (skb_is_gso(skb) && !skb_gso_validate_network_len(skb, mtu))) {
  391. skb_dst_update_pmtu_no_confirm(skb, mtu);
  392. if (skb->protocol == htons(ETH_P_IPV6)) {
  393. if (mtu < IPV6_MIN_MTU)
  394. mtu = IPV6_MIN_MTU;
  395. if (skb->len > 1280)
  396. icmpv6_ndo_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
  397. else
  398. goto xmit;
  399. } else {
  400. if (!(ip_hdr(skb)->frag_off & htons(IP_DF)))
  401. goto xmit;
  402. icmp_ndo_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
  403. htonl(mtu));
  404. }
  405. dst_release(dst);
  406. return -EMSGSIZE;
  407. }
  408. xmit:
  409. xfrmi_scrub_packet(skb, !net_eq(xi->net, dev_net(dev)));
  410. skb_dst_set(skb, dst);
  411. skb->dev = tdev;
  412. err = dst_output(xi->net, skb_to_full_sk(skb), skb);
  413. if (net_xmit_eval(err) == 0) {
  414. dev_sw_netstats_tx_add(dev, 1, length);
  415. } else {
  416. DEV_STATS_INC(dev, tx_errors);
  417. DEV_STATS_INC(dev, tx_aborted_errors);
  418. }
  419. return 0;
  420. tx_err_link_failure:
  421. DEV_STATS_INC(dev, tx_carrier_errors);
  422. dst_link_failure(skb);
  423. tx_err_dst_release:
  424. dst_release(dst);
  425. return err;
  426. }
  427. static netdev_tx_t xfrmi_xmit(struct sk_buff *skb, struct net_device *dev)
  428. {
  429. struct xfrm_if *xi = netdev_priv(dev);
  430. struct dst_entry *dst = skb_dst(skb);
  431. struct flowi fl;
  432. int ret;
  433. memset(&fl, 0, sizeof(fl));
  434. switch (skb->protocol) {
  435. case htons(ETH_P_IPV6):
  436. memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
  437. xfrm_decode_session(dev_net(dev), skb, &fl, AF_INET6);
  438. if (!dst) {
  439. fl.u.ip6.flowi6_oif = dev->ifindex;
  440. fl.u.ip6.flowi6_flags |= FLOWI_FLAG_ANYSRC;
  441. dst = ip6_route_output(dev_net(dev), NULL, &fl.u.ip6);
  442. if (dst->error) {
  443. dst_release(dst);
  444. DEV_STATS_INC(dev, tx_carrier_errors);
  445. goto tx_err;
  446. }
  447. skb_dst_set(skb, dst);
  448. }
  449. break;
  450. case htons(ETH_P_IP):
  451. memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
  452. xfrm_decode_session(dev_net(dev), skb, &fl, AF_INET);
  453. if (!dst) {
  454. struct rtable *rt;
  455. fl.u.ip4.flowi4_oif = dev->ifindex;
  456. fl.u.ip4.flowi4_flags |= FLOWI_FLAG_ANYSRC;
  457. rt = __ip_route_output_key(dev_net(dev), &fl.u.ip4);
  458. if (IS_ERR(rt)) {
  459. DEV_STATS_INC(dev, tx_carrier_errors);
  460. goto tx_err;
  461. }
  462. skb_dst_set(skb, &rt->dst);
  463. }
  464. break;
  465. default:
  466. goto tx_err;
  467. }
  468. fl.flowi_oif = xi->p.link;
  469. ret = xfrmi_xmit2(skb, dev, &fl);
  470. if (ret < 0)
  471. goto tx_err;
  472. return NETDEV_TX_OK;
  473. tx_err:
  474. DEV_STATS_INC(dev, tx_errors);
  475. DEV_STATS_INC(dev, tx_dropped);
  476. kfree_skb(skb);
  477. return NETDEV_TX_OK;
  478. }
  479. static int xfrmi4_err(struct sk_buff *skb, u32 info)
  480. {
  481. const struct iphdr *iph = (const struct iphdr *)skb->data;
  482. struct net *net = dev_net(skb->dev);
  483. int protocol = iph->protocol;
  484. struct ip_comp_hdr *ipch;
  485. struct ip_esp_hdr *esph;
  486. struct ip_auth_hdr *ah ;
  487. struct xfrm_state *x;
  488. struct xfrm_if *xi;
  489. __be32 spi;
  490. switch (protocol) {
  491. case IPPROTO_ESP:
  492. esph = (struct ip_esp_hdr *)(skb->data+(iph->ihl<<2));
  493. spi = esph->spi;
  494. break;
  495. case IPPROTO_AH:
  496. ah = (struct ip_auth_hdr *)(skb->data+(iph->ihl<<2));
  497. spi = ah->spi;
  498. break;
  499. case IPPROTO_COMP:
  500. ipch = (struct ip_comp_hdr *)(skb->data+(iph->ihl<<2));
  501. spi = htonl(ntohs(ipch->cpi));
  502. break;
  503. default:
  504. return 0;
  505. }
  506. switch (icmp_hdr(skb)->type) {
  507. case ICMP_DEST_UNREACH:
  508. if (icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
  509. return 0;
  510. break;
  511. case ICMP_REDIRECT:
  512. break;
  513. default:
  514. return 0;
  515. }
  516. x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
  517. spi, protocol, AF_INET);
  518. if (!x)
  519. return 0;
  520. xi = xfrmi_lookup(net, x);
  521. if (!xi) {
  522. xfrm_state_put(x);
  523. return -1;
  524. }
  525. if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH)
  526. ipv4_update_pmtu(skb, net, info, 0, protocol);
  527. else
  528. ipv4_redirect(skb, net, 0, protocol);
  529. xfrm_state_put(x);
  530. return 0;
  531. }
  532. static int xfrmi6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
  533. u8 type, u8 code, int offset, __be32 info)
  534. {
  535. const struct ipv6hdr *iph = (const struct ipv6hdr *)skb->data;
  536. struct net *net = dev_net(skb->dev);
  537. int protocol = iph->nexthdr;
  538. struct ip_comp_hdr *ipch;
  539. struct ip_esp_hdr *esph;
  540. struct ip_auth_hdr *ah;
  541. struct xfrm_state *x;
  542. struct xfrm_if *xi;
  543. __be32 spi;
  544. switch (protocol) {
  545. case IPPROTO_ESP:
  546. esph = (struct ip_esp_hdr *)(skb->data + offset);
  547. spi = esph->spi;
  548. break;
  549. case IPPROTO_AH:
  550. ah = (struct ip_auth_hdr *)(skb->data + offset);
  551. spi = ah->spi;
  552. break;
  553. case IPPROTO_COMP:
  554. ipch = (struct ip_comp_hdr *)(skb->data + offset);
  555. spi = htonl(ntohs(ipch->cpi));
  556. break;
  557. default:
  558. return 0;
  559. }
  560. if (type != ICMPV6_PKT_TOOBIG &&
  561. type != NDISC_REDIRECT)
  562. return 0;
  563. x = xfrm_state_lookup(net, skb->mark, (const xfrm_address_t *)&iph->daddr,
  564. spi, protocol, AF_INET6);
  565. if (!x)
  566. return 0;
  567. xi = xfrmi_lookup(net, x);
  568. if (!xi) {
  569. xfrm_state_put(x);
  570. return -1;
  571. }
  572. if (type == NDISC_REDIRECT)
  573. ip6_redirect(skb, net, skb->dev->ifindex, 0,
  574. sock_net_uid(net, NULL));
  575. else
  576. ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
  577. xfrm_state_put(x);
  578. return 0;
  579. }
  580. static int xfrmi_change(struct xfrm_if *xi, const struct xfrm_if_parms *p)
  581. {
  582. if (xi->p.link != p->link)
  583. return -EINVAL;
  584. xi->p.if_id = p->if_id;
  585. return 0;
  586. }
  587. static int xfrmi_update(struct xfrm_if *xi, struct xfrm_if_parms *p)
  588. {
  589. struct net *net = xi->net;
  590. struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
  591. int err;
  592. xfrmi_unlink(xfrmn, xi);
  593. synchronize_net();
  594. err = xfrmi_change(xi, p);
  595. xfrmi_link(xfrmn, xi);
  596. netdev_state_change(xi->dev);
  597. return err;
  598. }
  599. static int xfrmi_get_iflink(const struct net_device *dev)
  600. {
  601. struct xfrm_if *xi = netdev_priv(dev);
  602. return READ_ONCE(xi->p.link);
  603. }
  604. static const struct net_device_ops xfrmi_netdev_ops = {
  605. .ndo_init = xfrmi_dev_init,
  606. .ndo_uninit = xfrmi_dev_uninit,
  607. .ndo_start_xmit = xfrmi_xmit,
  608. .ndo_get_stats64 = dev_get_tstats64,
  609. .ndo_get_iflink = xfrmi_get_iflink,
  610. };
  611. static void xfrmi_dev_setup(struct net_device *dev)
  612. {
  613. dev->netdev_ops = &xfrmi_netdev_ops;
  614. dev->header_ops = &ip_tunnel_header_ops;
  615. dev->type = ARPHRD_NONE;
  616. dev->mtu = ETH_DATA_LEN;
  617. dev->min_mtu = ETH_MIN_MTU;
  618. dev->max_mtu = IP_MAX_MTU;
  619. dev->flags = IFF_NOARP;
  620. dev->needs_free_netdev = true;
  621. dev->priv_destructor = xfrmi_dev_free;
  622. dev->pcpu_stat_type = NETDEV_PCPU_STAT_TSTATS;
  623. netif_keep_dst(dev);
  624. eth_broadcast_addr(dev->broadcast);
  625. }
  626. #define XFRMI_FEATURES (NETIF_F_SG | \
  627. NETIF_F_FRAGLIST | \
  628. NETIF_F_GSO_SOFTWARE | \
  629. NETIF_F_HW_CSUM)
  630. static int xfrmi_dev_init(struct net_device *dev)
  631. {
  632. struct xfrm_if *xi = netdev_priv(dev);
  633. struct net_device *phydev = __dev_get_by_index(xi->net, xi->p.link);
  634. int err;
  635. err = gro_cells_init(&xi->gro_cells, dev);
  636. if (err)
  637. return err;
  638. dev->lltx = true;
  639. dev->features |= XFRMI_FEATURES;
  640. dev->hw_features |= XFRMI_FEATURES;
  641. if (phydev) {
  642. dev->needed_headroom = phydev->needed_headroom;
  643. dev->needed_tailroom = phydev->needed_tailroom;
  644. if (is_zero_ether_addr(dev->dev_addr))
  645. eth_hw_addr_inherit(dev, phydev);
  646. if (is_zero_ether_addr(dev->broadcast))
  647. memcpy(dev->broadcast, phydev->broadcast,
  648. dev->addr_len);
  649. } else {
  650. eth_hw_addr_random(dev);
  651. eth_broadcast_addr(dev->broadcast);
  652. }
  653. return 0;
  654. }
  655. static int xfrmi_validate(struct nlattr *tb[], struct nlattr *data[],
  656. struct netlink_ext_ack *extack)
  657. {
  658. return 0;
  659. }
  660. static void xfrmi_netlink_parms(struct nlattr *data[],
  661. struct xfrm_if_parms *parms)
  662. {
  663. memset(parms, 0, sizeof(*parms));
  664. if (!data)
  665. return;
  666. if (data[IFLA_XFRM_LINK])
  667. parms->link = nla_get_u32(data[IFLA_XFRM_LINK]);
  668. if (data[IFLA_XFRM_IF_ID])
  669. parms->if_id = nla_get_u32(data[IFLA_XFRM_IF_ID]);
  670. if (data[IFLA_XFRM_COLLECT_METADATA])
  671. parms->collect_md = true;
  672. }
  673. static int xfrmi_newlink(struct net_device *dev,
  674. struct rtnl_newlink_params *params,
  675. struct netlink_ext_ack *extack)
  676. {
  677. struct nlattr **data = params->data;
  678. struct xfrm_if_parms p = {};
  679. struct xfrm_if *xi;
  680. struct net *net;
  681. int err;
  682. net = params->link_net ? : dev_net(dev);
  683. xfrmi_netlink_parms(data, &p);
  684. if (p.collect_md) {
  685. struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
  686. if (p.link || p.if_id) {
  687. NL_SET_ERR_MSG(extack, "link and if_id must be zero");
  688. return -EINVAL;
  689. }
  690. if (rtnl_dereference(xfrmn->collect_md_xfrmi))
  691. return -EEXIST;
  692. } else {
  693. if (!p.if_id) {
  694. NL_SET_ERR_MSG(extack, "if_id must be non zero");
  695. return -EINVAL;
  696. }
  697. xi = xfrmi_locate(net, &p);
  698. if (xi)
  699. return -EEXIST;
  700. }
  701. xi = netdev_priv(dev);
  702. xi->p = p;
  703. xi->net = net;
  704. xi->dev = dev;
  705. err = xfrmi_create(net, dev);
  706. return err;
  707. }
  708. static void xfrmi_dellink(struct net_device *dev, struct list_head *head)
  709. {
  710. unregister_netdevice_queue(dev, head);
  711. }
  712. static int xfrmi_changelink(struct net_device *dev, struct nlattr *tb[],
  713. struct nlattr *data[],
  714. struct netlink_ext_ack *extack)
  715. {
  716. struct xfrm_if *xi = netdev_priv(dev);
  717. struct net *net = xi->net;
  718. struct xfrm_if_parms p = {};
  719. xfrmi_netlink_parms(data, &p);
  720. if (!p.if_id) {
  721. NL_SET_ERR_MSG(extack, "if_id must be non zero");
  722. return -EINVAL;
  723. }
  724. if (p.collect_md || xi->p.collect_md) {
  725. NL_SET_ERR_MSG(extack, "collect_md can't be changed");
  726. return -EINVAL;
  727. }
  728. xi = xfrmi_locate(net, &p);
  729. if (!xi) {
  730. xi = netdev_priv(dev);
  731. } else {
  732. if (xi->dev != dev)
  733. return -EEXIST;
  734. }
  735. return xfrmi_update(xi, &p);
  736. }
  737. static size_t xfrmi_get_size(const struct net_device *dev)
  738. {
  739. return
  740. /* IFLA_XFRM_LINK */
  741. nla_total_size(4) +
  742. /* IFLA_XFRM_IF_ID */
  743. nla_total_size(4) +
  744. /* IFLA_XFRM_COLLECT_METADATA */
  745. nla_total_size(0) +
  746. 0;
  747. }
  748. static int xfrmi_fill_info(struct sk_buff *skb, const struct net_device *dev)
  749. {
  750. struct xfrm_if *xi = netdev_priv(dev);
  751. struct xfrm_if_parms *parm = &xi->p;
  752. if (nla_put_u32(skb, IFLA_XFRM_LINK, parm->link) ||
  753. nla_put_u32(skb, IFLA_XFRM_IF_ID, parm->if_id) ||
  754. (xi->p.collect_md && nla_put_flag(skb, IFLA_XFRM_COLLECT_METADATA)))
  755. goto nla_put_failure;
  756. return 0;
  757. nla_put_failure:
  758. return -EMSGSIZE;
  759. }
  760. static struct net *xfrmi_get_link_net(const struct net_device *dev)
  761. {
  762. struct xfrm_if *xi = netdev_priv(dev);
  763. return READ_ONCE(xi->net);
  764. }
  765. static const struct nla_policy xfrmi_policy[IFLA_XFRM_MAX + 1] = {
  766. [IFLA_XFRM_UNSPEC] = { .strict_start_type = IFLA_XFRM_COLLECT_METADATA },
  767. [IFLA_XFRM_LINK] = { .type = NLA_U32 },
  768. [IFLA_XFRM_IF_ID] = { .type = NLA_U32 },
  769. [IFLA_XFRM_COLLECT_METADATA] = { .type = NLA_FLAG },
  770. };
  771. static struct rtnl_link_ops xfrmi_link_ops __read_mostly = {
  772. .kind = "xfrm",
  773. .maxtype = IFLA_XFRM_MAX,
  774. .policy = xfrmi_policy,
  775. .priv_size = sizeof(struct xfrm_if),
  776. .setup = xfrmi_dev_setup,
  777. .validate = xfrmi_validate,
  778. .newlink = xfrmi_newlink,
  779. .dellink = xfrmi_dellink,
  780. .changelink = xfrmi_changelink,
  781. .get_size = xfrmi_get_size,
  782. .fill_info = xfrmi_fill_info,
  783. .get_link_net = xfrmi_get_link_net,
  784. };
  785. static void __net_exit xfrmi_exit_rtnl(struct net *net,
  786. struct list_head *dev_to_kill)
  787. {
  788. struct xfrmi_net *xfrmn = net_generic(net, xfrmi_net_id);
  789. struct xfrm_if __rcu **xip;
  790. struct xfrm_if *xi;
  791. int i;
  792. for (i = 0; i < XFRMI_HASH_SIZE; i++) {
  793. for (xip = &xfrmn->xfrmi[i];
  794. (xi = rtnl_net_dereference(net, *xip)) != NULL;
  795. xip = &xi->next)
  796. unregister_netdevice_queue(xi->dev, dev_to_kill);
  797. }
  798. xi = rtnl_net_dereference(net, xfrmn->collect_md_xfrmi);
  799. if (xi)
  800. unregister_netdevice_queue(xi->dev, dev_to_kill);
  801. }
  802. static struct pernet_operations xfrmi_net_ops = {
  803. .exit_rtnl = xfrmi_exit_rtnl,
  804. .id = &xfrmi_net_id,
  805. .size = sizeof(struct xfrmi_net),
  806. };
  807. static struct xfrm6_protocol xfrmi_esp6_protocol __read_mostly = {
  808. .handler = xfrmi6_rcv,
  809. .input_handler = xfrmi6_input,
  810. .cb_handler = xfrmi_rcv_cb,
  811. .err_handler = xfrmi6_err,
  812. .priority = 10,
  813. };
  814. static struct xfrm6_protocol xfrmi_ah6_protocol __read_mostly = {
  815. .handler = xfrm6_rcv,
  816. .input_handler = xfrm_input,
  817. .cb_handler = xfrmi_rcv_cb,
  818. .err_handler = xfrmi6_err,
  819. .priority = 10,
  820. };
  821. static struct xfrm6_protocol xfrmi_ipcomp6_protocol __read_mostly = {
  822. .handler = xfrm6_rcv,
  823. .input_handler = xfrm_input,
  824. .cb_handler = xfrmi_rcv_cb,
  825. .err_handler = xfrmi6_err,
  826. .priority = 10,
  827. };
  828. #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
  829. static int xfrmi6_rcv_tunnel(struct sk_buff *skb)
  830. {
  831. const xfrm_address_t *saddr;
  832. __be32 spi;
  833. saddr = (const xfrm_address_t *)&ipv6_hdr(skb)->saddr;
  834. spi = xfrm6_tunnel_spi_lookup(dev_net(skb->dev), saddr);
  835. return xfrm6_rcv_spi(skb, IPPROTO_IPV6, spi, NULL);
  836. }
  837. static struct xfrm6_tunnel xfrmi_ipv6_handler __read_mostly = {
  838. .handler = xfrmi6_rcv_tunnel,
  839. .cb_handler = xfrmi_rcv_cb,
  840. .err_handler = xfrmi6_err,
  841. .priority = 2,
  842. };
  843. static struct xfrm6_tunnel xfrmi_ip6ip_handler __read_mostly = {
  844. .handler = xfrmi6_rcv_tunnel,
  845. .cb_handler = xfrmi_rcv_cb,
  846. .err_handler = xfrmi6_err,
  847. .priority = 2,
  848. };
  849. #endif
  850. static struct xfrm4_protocol xfrmi_esp4_protocol __read_mostly = {
  851. .handler = xfrmi4_rcv,
  852. .input_handler = xfrmi4_input,
  853. .cb_handler = xfrmi_rcv_cb,
  854. .err_handler = xfrmi4_err,
  855. .priority = 10,
  856. };
  857. static struct xfrm4_protocol xfrmi_ah4_protocol __read_mostly = {
  858. .handler = xfrm4_rcv,
  859. .input_handler = xfrm_input,
  860. .cb_handler = xfrmi_rcv_cb,
  861. .err_handler = xfrmi4_err,
  862. .priority = 10,
  863. };
  864. static struct xfrm4_protocol xfrmi_ipcomp4_protocol __read_mostly = {
  865. .handler = xfrm4_rcv,
  866. .input_handler = xfrm_input,
  867. .cb_handler = xfrmi_rcv_cb,
  868. .err_handler = xfrmi4_err,
  869. .priority = 10,
  870. };
  871. #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
  872. static int xfrmi4_rcv_tunnel(struct sk_buff *skb)
  873. {
  874. return xfrm4_rcv_spi(skb, IPPROTO_IPIP, ip_hdr(skb)->saddr);
  875. }
  876. static struct xfrm_tunnel xfrmi_ipip_handler __read_mostly = {
  877. .handler = xfrmi4_rcv_tunnel,
  878. .cb_handler = xfrmi_rcv_cb,
  879. .err_handler = xfrmi4_err,
  880. .priority = 3,
  881. };
  882. static struct xfrm_tunnel xfrmi_ipip6_handler __read_mostly = {
  883. .handler = xfrmi4_rcv_tunnel,
  884. .cb_handler = xfrmi_rcv_cb,
  885. .err_handler = xfrmi4_err,
  886. .priority = 2,
  887. };
  888. #endif
  889. static int __init xfrmi4_init(void)
  890. {
  891. int err;
  892. err = xfrm4_protocol_register(&xfrmi_esp4_protocol, IPPROTO_ESP);
  893. if (err < 0)
  894. goto xfrm_proto_esp_failed;
  895. err = xfrm4_protocol_register(&xfrmi_ah4_protocol, IPPROTO_AH);
  896. if (err < 0)
  897. goto xfrm_proto_ah_failed;
  898. err = xfrm4_protocol_register(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
  899. if (err < 0)
  900. goto xfrm_proto_comp_failed;
  901. #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
  902. err = xfrm4_tunnel_register(&xfrmi_ipip_handler, AF_INET);
  903. if (err < 0)
  904. goto xfrm_tunnel_ipip_failed;
  905. err = xfrm4_tunnel_register(&xfrmi_ipip6_handler, AF_INET6);
  906. if (err < 0)
  907. goto xfrm_tunnel_ipip6_failed;
  908. #endif
  909. return 0;
  910. #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
  911. xfrm_tunnel_ipip6_failed:
  912. xfrm4_tunnel_deregister(&xfrmi_ipip_handler, AF_INET);
  913. xfrm_tunnel_ipip_failed:
  914. xfrm4_protocol_deregister(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
  915. #endif
  916. xfrm_proto_comp_failed:
  917. xfrm4_protocol_deregister(&xfrmi_ah4_protocol, IPPROTO_AH);
  918. xfrm_proto_ah_failed:
  919. xfrm4_protocol_deregister(&xfrmi_esp4_protocol, IPPROTO_ESP);
  920. xfrm_proto_esp_failed:
  921. return err;
  922. }
  923. static void xfrmi4_fini(void)
  924. {
  925. #if IS_REACHABLE(CONFIG_INET_XFRM_TUNNEL)
  926. xfrm4_tunnel_deregister(&xfrmi_ipip6_handler, AF_INET6);
  927. xfrm4_tunnel_deregister(&xfrmi_ipip_handler, AF_INET);
  928. #endif
  929. xfrm4_protocol_deregister(&xfrmi_ipcomp4_protocol, IPPROTO_COMP);
  930. xfrm4_protocol_deregister(&xfrmi_ah4_protocol, IPPROTO_AH);
  931. xfrm4_protocol_deregister(&xfrmi_esp4_protocol, IPPROTO_ESP);
  932. }
  933. static int __init xfrmi6_init(void)
  934. {
  935. int err;
  936. err = xfrm6_protocol_register(&xfrmi_esp6_protocol, IPPROTO_ESP);
  937. if (err < 0)
  938. goto xfrm_proto_esp_failed;
  939. err = xfrm6_protocol_register(&xfrmi_ah6_protocol, IPPROTO_AH);
  940. if (err < 0)
  941. goto xfrm_proto_ah_failed;
  942. err = xfrm6_protocol_register(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
  943. if (err < 0)
  944. goto xfrm_proto_comp_failed;
  945. #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
  946. err = xfrm6_tunnel_register(&xfrmi_ipv6_handler, AF_INET6);
  947. if (err < 0)
  948. goto xfrm_tunnel_ipv6_failed;
  949. err = xfrm6_tunnel_register(&xfrmi_ip6ip_handler, AF_INET);
  950. if (err < 0)
  951. goto xfrm_tunnel_ip6ip_failed;
  952. #endif
  953. return 0;
  954. #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
  955. xfrm_tunnel_ip6ip_failed:
  956. xfrm6_tunnel_deregister(&xfrmi_ipv6_handler, AF_INET6);
  957. xfrm_tunnel_ipv6_failed:
  958. xfrm6_protocol_deregister(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
  959. #endif
  960. xfrm_proto_comp_failed:
  961. xfrm6_protocol_deregister(&xfrmi_ah6_protocol, IPPROTO_AH);
  962. xfrm_proto_ah_failed:
  963. xfrm6_protocol_deregister(&xfrmi_esp6_protocol, IPPROTO_ESP);
  964. xfrm_proto_esp_failed:
  965. return err;
  966. }
  967. static void xfrmi6_fini(void)
  968. {
  969. #if IS_REACHABLE(CONFIG_INET6_XFRM_TUNNEL)
  970. xfrm6_tunnel_deregister(&xfrmi_ip6ip_handler, AF_INET);
  971. xfrm6_tunnel_deregister(&xfrmi_ipv6_handler, AF_INET6);
  972. #endif
  973. xfrm6_protocol_deregister(&xfrmi_ipcomp6_protocol, IPPROTO_COMP);
  974. xfrm6_protocol_deregister(&xfrmi_ah6_protocol, IPPROTO_AH);
  975. xfrm6_protocol_deregister(&xfrmi_esp6_protocol, IPPROTO_ESP);
  976. }
  977. static const struct xfrm_if_cb xfrm_if_cb = {
  978. .decode_session = xfrmi_decode_session,
  979. };
  980. static int __init xfrmi_init(void)
  981. {
  982. const char *msg;
  983. int err;
  984. pr_info("IPsec XFRM device driver\n");
  985. msg = "tunnel device";
  986. err = register_pernet_device(&xfrmi_net_ops);
  987. if (err < 0)
  988. goto pernet_dev_failed;
  989. msg = "xfrm4 protocols";
  990. err = xfrmi4_init();
  991. if (err < 0)
  992. goto xfrmi4_failed;
  993. msg = "xfrm6 protocols";
  994. err = xfrmi6_init();
  995. if (err < 0)
  996. goto xfrmi6_failed;
  997. msg = "netlink interface";
  998. err = rtnl_link_register(&xfrmi_link_ops);
  999. if (err < 0)
  1000. goto rtnl_link_failed;
  1001. err = register_xfrm_interface_bpf();
  1002. if (err < 0)
  1003. goto kfunc_failed;
  1004. lwtunnel_encap_add_ops(&xfrmi_encap_ops, LWTUNNEL_ENCAP_XFRM);
  1005. xfrm_if_register_cb(&xfrm_if_cb);
  1006. return err;
  1007. kfunc_failed:
  1008. rtnl_link_unregister(&xfrmi_link_ops);
  1009. rtnl_link_failed:
  1010. xfrmi6_fini();
  1011. xfrmi6_failed:
  1012. xfrmi4_fini();
  1013. xfrmi4_failed:
  1014. unregister_pernet_device(&xfrmi_net_ops);
  1015. pernet_dev_failed:
  1016. pr_err("xfrmi init: failed to register %s\n", msg);
  1017. return err;
  1018. }
  1019. static void __exit xfrmi_fini(void)
  1020. {
  1021. xfrm_if_unregister_cb();
  1022. lwtunnel_encap_del_ops(&xfrmi_encap_ops, LWTUNNEL_ENCAP_XFRM);
  1023. rtnl_link_unregister(&xfrmi_link_ops);
  1024. xfrmi4_fini();
  1025. xfrmi6_fini();
  1026. unregister_pernet_device(&xfrmi_net_ops);
  1027. }
  1028. module_init(xfrmi_init);
  1029. module_exit(xfrmi_fini);
  1030. MODULE_LICENSE("GPL");
  1031. MODULE_ALIAS_RTNL_LINK("xfrm");
  1032. MODULE_ALIAS_NETDEV("xfrm0");
  1033. MODULE_AUTHOR("Steffen Klassert");
  1034. MODULE_DESCRIPTION("XFRM virtual interface");