92f7e629e3eb4b333d3e97e034e14ca2233572c5
[openwrt/openwrt.git] / target / linux / generic / patches-4.0 / 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch
1 From 775d6fe74d1eaec2ba387535b068dde2dc89de9e Mon Sep 17 00:00:00 2001
2 From: Steven Barth <steven@midlink.org>
3 Date: Thu, 22 May 2014 09:49:05 +0200
4 Subject: [PATCH] Add support for MAP-E FMRs (mesh mode)
5
6 MAP-E FMRs (draft-ietf-softwire-map-10) are rules for IPv4-communication
7 between MAP CEs (mesh mode) without the need to forward such data to a
8 border relay. This is similar to how 6rd works but for IPv4 over IPv6.
9
10 Signed-off-by: Steven Barth <cyrus@openwrt.org>
11 ---
12 include/net/ip6_tunnel.h | 13 ++
13 include/uapi/linux/if_tunnel.h | 13 ++
14 net/ipv6/ip6_tunnel.c | 276 +++++++++++++++++++++++++++++++++++++++--
15 3 files changed, 291 insertions(+), 11 deletions(-)
16
17 --- a/include/net/ip6_tunnel.h
18 +++ b/include/net/ip6_tunnel.h
19 @@ -15,6 +15,18 @@
20 /* determine capability on a per-packet basis */
21 #define IP6_TNL_F_CAP_PER_PACKET 0x40000
22
23 +/* IPv6 tunnel FMR */
24 +struct __ip6_tnl_fmr {
25 + struct __ip6_tnl_fmr *next; /* next fmr in list */
26 + struct in6_addr ip6_prefix;
27 + struct in_addr ip4_prefix;
28 +
29 + __u8 ip6_prefix_len;
30 + __u8 ip4_prefix_len;
31 + __u8 ea_len;
32 + __u8 offset;
33 +};
34 +
35 struct __ip6_tnl_parm {
36 char name[IFNAMSIZ]; /* name of tunnel device */
37 int link; /* ifindex of underlying L2 interface */
38 @@ -25,6 +37,7 @@ struct __ip6_tnl_parm {
39 __u32 flags; /* tunnel flags */
40 struct in6_addr laddr; /* local tunnel end-point address */
41 struct in6_addr raddr; /* remote tunnel end-point address */
42 + struct __ip6_tnl_fmr *fmrs; /* FMRs */
43
44 __be16 i_flags;
45 __be16 o_flags;
46 --- a/include/uapi/linux/if_tunnel.h
47 +++ b/include/uapi/linux/if_tunnel.h
48 @@ -57,10 +57,23 @@ enum {
49 IFLA_IPTUN_ENCAP_FLAGS,
50 IFLA_IPTUN_ENCAP_SPORT,
51 IFLA_IPTUN_ENCAP_DPORT,
52 + IFLA_IPTUN_FMRS,
53 __IFLA_IPTUN_MAX,
54 };
55 #define IFLA_IPTUN_MAX (__IFLA_IPTUN_MAX - 1)
56
57 +enum {
58 + IFLA_IPTUN_FMR_UNSPEC,
59 + IFLA_IPTUN_FMR_IP6_PREFIX,
60 + IFLA_IPTUN_FMR_IP4_PREFIX,
61 + IFLA_IPTUN_FMR_IP6_PREFIX_LEN,
62 + IFLA_IPTUN_FMR_IP4_PREFIX_LEN,
63 + IFLA_IPTUN_FMR_EA_LEN,
64 + IFLA_IPTUN_FMR_OFFSET,
65 + __IFLA_IPTUN_FMR_MAX,
66 +};
67 +#define IFLA_IPTUN_FMR_MAX (__IFLA_IPTUN_FMR_MAX - 1)
68 +
69 enum tunnel_encap_types {
70 TUNNEL_ENCAP_NONE,
71 TUNNEL_ENCAP_FOU,
72 --- a/net/ipv6/ip6_tunnel.c
73 +++ b/net/ipv6/ip6_tunnel.c
74 @@ -16,6 +16,8 @@
75 * as published by the Free Software Foundation; either version
76 * 2 of the License, or (at your option) any later version.
77 *
78 + * Changes:
79 + * Steven Barth <cyrus@openwrt.org>: MAP-E FMR support
80 */
81
82 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
83 @@ -77,11 +79,9 @@ static bool log_ecn_error = true;
84 module_param(log_ecn_error, bool, 0644);
85 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
86
87 -static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
88 +static u32 HASH(const struct in6_addr *addr)
89 {
90 - u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2);
91 -
92 - return hash_32(hash, HASH_SIZE_SHIFT);
93 + return hash_32(ipv6_addr_hash(addr), HASH_SIZE_SHIFT);
94 }
95
96 static int ip6_tnl_dev_init(struct net_device *dev);
97 @@ -180,16 +180,24 @@ EXPORT_SYMBOL_GPL(ip6_tnl_dst_store);
98 static struct ip6_tnl *
99 ip6_tnl_lookup(struct net *net, const struct in6_addr *remote, const struct in6_addr *local)
100 {
101 - unsigned int hash = HASH(remote, local);
102 + unsigned int hash = HASH(local);
103 struct ip6_tnl *t;
104 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
105 - struct in6_addr any;
106 + struct __ip6_tnl_fmr *fmr;
107
108 for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) {
109 - if (ipv6_addr_equal(local, &t->parms.laddr) &&
110 - ipv6_addr_equal(remote, &t->parms.raddr) &&
111 - (t->dev->flags & IFF_UP))
112 + if (!ipv6_addr_equal(local, &t->parms.laddr) ||
113 + !(t->dev->flags & IFF_UP))
114 + continue;
115 +
116 + if (ipv6_addr_equal(remote, &t->parms.raddr))
117 return t;
118 +
119 + for (fmr = t->parms.fmrs; fmr; fmr = fmr->next) {
120 + if (ipv6_prefix_equal(remote, &fmr->ip6_prefix,
121 + fmr->ip6_prefix_len))
122 + return t;
123 + }
124 }
125
126 memset(&any, 0, sizeof(any));
127 @@ -235,7 +243,7 @@ ip6_tnl_bucket(struct ip6_tnl_net *ip6n,
128
129 if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) {
130 prio = 1;
131 - h = HASH(remote, local);
132 + h = HASH(local);
133 }
134 return &ip6n->tnls[prio][h];
135 }
136 @@ -405,6 +413,12 @@ ip6_tnl_dev_uninit(struct net_device *de
137 struct net *net = t->net;
138 struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
139
140 + while (t->parms.fmrs) {
141 + struct __ip6_tnl_fmr *next = t->parms.fmrs->next;
142 + kfree(t->parms.fmrs);
143 + t->parms.fmrs = next;
144 + }
145 +
146 if (dev == ip6n->fb_tnl_dev)
147 RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL);
148 else
149 @@ -791,6 +805,108 @@ int ip6_tnl_rcv_ctl(struct ip6_tnl *t,
150 }
151 EXPORT_SYMBOL_GPL(ip6_tnl_rcv_ctl);
152
153 +
154 +/**
155 + * ip4ip6_fmr_calc - calculate target / source IPv6-address based on FMR
156 + * @dest: destination IPv6 address buffer
157 + * @skb: received socket buffer
158 + * @fmr: MAP FMR
159 + * @xmit: Calculate for xmit or rcv
160 + **/
161 +static void ip4ip6_fmr_calc(struct in6_addr *dest,
162 + const struct iphdr *iph, const uint8_t *end,
163 + const struct __ip6_tnl_fmr *fmr, bool xmit)
164 +{
165 + int psidlen = fmr->ea_len - (32 - fmr->ip4_prefix_len);
166 + u8 *portp = NULL;
167 + bool use_dest_addr;
168 + const struct iphdr *dsth = iph;
169 +
170 + if ((u8*)dsth >= end)
171 + return;
172 +
173 + /* find significant IP header */
174 + if (iph->protocol == IPPROTO_ICMP) {
175 + struct icmphdr *ih = (struct icmphdr*)(((u8*)dsth) + dsth->ihl * 4);
176 + if (ih && ((u8*)&ih[1]) <= end && (
177 + ih->type == ICMP_DEST_UNREACH ||
178 + ih->type == ICMP_SOURCE_QUENCH ||
179 + ih->type == ICMP_TIME_EXCEEDED ||
180 + ih->type == ICMP_PARAMETERPROB ||
181 + ih->type == ICMP_REDIRECT))
182 + dsth = (const struct iphdr*)&ih[1];
183 + }
184 +
185 + /* in xmit-path use dest port by default and source port only if
186 + this is an ICMP reply to something else; vice versa in rcv-path */
187 + use_dest_addr = (xmit && dsth == iph) || (!xmit && dsth != iph);
188 +
189 + /* get dst port */
190 + if (((u8*)&dsth[1]) <= end && (
191 + dsth->protocol == IPPROTO_UDP ||
192 + dsth->protocol == IPPROTO_TCP ||
193 + dsth->protocol == IPPROTO_SCTP ||
194 + dsth->protocol == IPPROTO_DCCP)) {
195 + /* for UDP, TCP, SCTP and DCCP source and dest port
196 + follow IPv4 header directly */
197 + portp = ((u8*)dsth) + dsth->ihl * 4;
198 +
199 + if (use_dest_addr)
200 + portp += sizeof(u16);
201 + } else if (iph->protocol == IPPROTO_ICMP) {
202 + struct icmphdr *ih = (struct icmphdr*)(((u8*)dsth) + dsth->ihl * 4);
203 +
204 + /* use icmp identifier as port */
205 + if (((u8*)&ih) <= end && (
206 + (use_dest_addr && (
207 + ih->type == ICMP_ECHOREPLY ||
208 + ih->type == ICMP_TIMESTAMPREPLY ||
209 + ih->type == ICMP_INFO_REPLY ||
210 + ih->type == ICMP_ADDRESSREPLY)) ||
211 + (!use_dest_addr && (
212 + ih->type == ICMP_ECHO ||
213 + ih->type == ICMP_TIMESTAMP ||
214 + ih->type == ICMP_INFO_REQUEST ||
215 + ih->type == ICMP_ADDRESS)
216 + )))
217 + portp = (u8*)&ih->un.echo.id;
218 + }
219 +
220 + if ((portp && &portp[2] <= end) || psidlen == 0) {
221 + int frombyte = fmr->ip6_prefix_len / 8;
222 + int fromrem = fmr->ip6_prefix_len % 8;
223 + int bytes = sizeof(struct in6_addr) - frombyte;
224 + const u32 *addr = (use_dest_addr) ? &iph->daddr : &iph->saddr;
225 + u64 eabits = ((u64)ntohl(*addr)) << (32 + fmr->ip4_prefix_len);
226 + u64 t = 0;
227 +
228 + /* extract PSID from port and add it to eabits */
229 + u16 psidbits = 0;
230 + if (psidlen > 0) {
231 + psidbits = ((u16)portp[0]) << 8 | ((u16)portp[1]);
232 + psidbits >>= 16 - psidlen - fmr->offset;
233 + psidbits = (u16)(psidbits << (16 - psidlen));
234 + eabits |= ((u64)psidbits) << (48 - (fmr->ea_len - psidlen));
235 + }
236 +
237 + /* rewrite destination address */
238 + *dest = fmr->ip6_prefix;
239 + memcpy(&dest->s6_addr[10], addr, sizeof(*addr));
240 + dest->s6_addr16[7] = htons(psidbits >> (16 - psidlen));
241 +
242 + if (bytes > sizeof(u64))
243 + bytes = sizeof(u64);
244 +
245 + /* insert eabits */
246 + memcpy(&t, &dest->s6_addr[frombyte], bytes);
247 + t = be64_to_cpu(t) & ~(((((u64)1) << fmr->ea_len) - 1)
248 + << (64 - fmr->ea_len - fromrem));
249 + t = cpu_to_be64(t | (eabits >> fromrem));
250 + memcpy(&dest->s6_addr[frombyte], &t, bytes);
251 + }
252 +}
253 +
254 +
255 /**
256 * ip6_tnl_rcv - decapsulate IPv6 packet and retransmit it locally
257 * @skb: received socket buffer
258 @@ -836,6 +952,26 @@ static int ip6_tnl_rcv(struct sk_buff *s
259 skb_reset_network_header(skb);
260 skb->protocol = htons(protocol);
261 memset(skb->cb, 0, sizeof(struct inet6_skb_parm));
262 + if (protocol == ETH_P_IP &&
263 + !ipv6_addr_equal(&ipv6h->saddr, &t->parms.raddr)) {
264 + /* Packet didn't come from BR, so lookup FMR */
265 + struct __ip6_tnl_fmr *fmr;
266 + struct in6_addr expected = t->parms.raddr;
267 + for (fmr = t->parms.fmrs; fmr; fmr = fmr->next)
268 + if (ipv6_prefix_equal(&ipv6h->saddr,
269 + &fmr->ip6_prefix, fmr->ip6_prefix_len))
270 + break;
271 +
272 + /* Check that IPv6 matches IPv4 source to prevent spoofing */
273 + if (fmr)
274 + ip4ip6_fmr_calc(&expected, ip_hdr(skb),
275 + skb_tail_pointer(skb), fmr, false);
276 +
277 + if (!ipv6_addr_equal(&ipv6h->saddr, &expected)) {
278 + rcu_read_unlock();
279 + goto discard;
280 + }
281 + }
282
283 __skb_tunnel_rx(skb, t->dev, t->net);
284
285 @@ -1129,6 +1265,7 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str
286 __u32 mtu;
287 u8 tproto;
288 int err;
289 + struct __ip6_tnl_fmr *fmr;
290
291 tproto = ACCESS_ONCE(t->parms.proto);
292 if (tproto != IPPROTO_IPIP && tproto != 0)
293 @@ -1148,6 +1285,18 @@ ip4ip6_tnl_xmit(struct sk_buff *skb, str
294 if (t->parms.flags & IP6_TNL_F_USE_ORIG_FWMARK)
295 fl6.flowi6_mark = skb->mark;
296
297 + /* try to find matching FMR */
298 + for (fmr = t->parms.fmrs; fmr; fmr = fmr->next) {
299 + unsigned mshift = 32 - fmr->ip4_prefix_len;
300 + if (ntohl(fmr->ip4_prefix.s_addr) >> mshift ==
301 + ntohl(iph->daddr) >> mshift)
302 + break;
303 + }
304 +
305 + /* change dstaddr according to FMR */
306 + if (fmr)
307 + ip4ip6_fmr_calc(&fl6.daddr, iph, skb_tail_pointer(skb), fmr, true);
308 +
309 err = ip6_tnl_xmit2(skb, dev, dsfield, &fl6, encap_limit, &mtu);
310 if (err != 0) {
311 /* XXX: send ICMP error even if DF is not set. */
312 @@ -1318,6 +1467,14 @@ ip6_tnl_change(struct ip6_tnl *t, const
313 t->parms.flowinfo = p->flowinfo;
314 t->parms.link = p->link;
315 t->parms.proto = p->proto;
316 +
317 + while (t->parms.fmrs) {
318 + struct __ip6_tnl_fmr *next = t->parms.fmrs->next;
319 + kfree(t->parms.fmrs);
320 + t->parms.fmrs = next;
321 + }
322 + t->parms.fmrs = p->fmrs;
323 +
324 ip6_tnl_dst_reset(t);
325 ip6_tnl_link_config(t);
326 return 0;
327 @@ -1356,6 +1513,7 @@ ip6_tnl_parm_from_user(struct __ip6_tnl_
328 p->flowinfo = u->flowinfo;
329 p->link = u->link;
330 p->proto = u->proto;
331 + p->fmrs = NULL;
332 memcpy(p->name, u->name, sizeof(u->name));
333 }
334
335 @@ -1634,6 +1792,15 @@ static int ip6_tnl_validate(struct nlatt
336 return 0;
337 }
338
339 +static const struct nla_policy ip6_tnl_fmr_policy[IFLA_IPTUN_FMR_MAX + 1] = {
340 + [IFLA_IPTUN_FMR_IP6_PREFIX] = { .len = sizeof(struct in6_addr) },
341 + [IFLA_IPTUN_FMR_IP4_PREFIX] = { .len = sizeof(struct in_addr) },
342 + [IFLA_IPTUN_FMR_IP6_PREFIX_LEN] = { .type = NLA_U8 },
343 + [IFLA_IPTUN_FMR_IP4_PREFIX_LEN] = { .type = NLA_U8 },
344 + [IFLA_IPTUN_FMR_EA_LEN] = { .type = NLA_U8 },
345 + [IFLA_IPTUN_FMR_OFFSET] = { .type = NLA_U8 }
346 +};
347 +
348 static void ip6_tnl_netlink_parms(struct nlattr *data[],
349 struct __ip6_tnl_parm *parms)
350 {
351 @@ -1667,6 +1834,46 @@ static void ip6_tnl_netlink_parms(struct
352
353 if (data[IFLA_IPTUN_PROTO])
354 parms->proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);
355 +
356 + if (data[IFLA_IPTUN_FMRS]) {
357 + unsigned rem;
358 + struct nlattr *fmr;
359 + nla_for_each_nested(fmr, data[IFLA_IPTUN_FMRS], rem) {
360 + struct nlattr *fmrd[IFLA_IPTUN_FMR_MAX + 1], *c;
361 + struct __ip6_tnl_fmr *nfmr;
362 +
363 + nla_parse_nested(fmrd, IFLA_IPTUN_FMR_MAX,
364 + fmr, ip6_tnl_fmr_policy);
365 +
366 + if (!(nfmr = kzalloc(sizeof(*nfmr), GFP_KERNEL)))
367 + continue;
368 +
369 + nfmr->offset = 6;
370 +
371 + if ((c = fmrd[IFLA_IPTUN_FMR_IP6_PREFIX]))
372 + nla_memcpy(&nfmr->ip6_prefix, fmrd[IFLA_IPTUN_FMR_IP6_PREFIX],
373 + sizeof(nfmr->ip6_prefix));
374 +
375 + if ((c = fmrd[IFLA_IPTUN_FMR_IP4_PREFIX]))
376 + nla_memcpy(&nfmr->ip4_prefix, fmrd[IFLA_IPTUN_FMR_IP4_PREFIX],
377 + sizeof(nfmr->ip4_prefix));
378 +
379 + if ((c = fmrd[IFLA_IPTUN_FMR_IP6_PREFIX_LEN]))
380 + nfmr->ip6_prefix_len = nla_get_u8(c);
381 +
382 + if ((c = fmrd[IFLA_IPTUN_FMR_IP4_PREFIX_LEN]))
383 + nfmr->ip4_prefix_len = nla_get_u8(c);
384 +
385 + if ((c = fmrd[IFLA_IPTUN_FMR_EA_LEN]))
386 + nfmr->ea_len = nla_get_u8(c);
387 +
388 + if ((c = fmrd[IFLA_IPTUN_FMR_OFFSET]))
389 + nfmr->offset = nla_get_u8(c);
390 +
391 + nfmr->next = parms->fmrs;
392 + parms->fmrs = nfmr;
393 + }
394 + }
395 }
396
397 static int ip6_tnl_newlink(struct net *src_net, struct net_device *dev,
398 @@ -1719,6 +1926,12 @@ static void ip6_tnl_dellink(struct net_d
399
400 static size_t ip6_tnl_get_size(const struct net_device *dev)
401 {
402 + const struct ip6_tnl *t = netdev_priv(dev);
403 + struct __ip6_tnl_fmr *c;
404 + int fmrs = 0;
405 + for (c = t->parms.fmrs; c; c = c->next)
406 + ++fmrs;
407 +
408 return
409 /* IFLA_IPTUN_LINK */
410 nla_total_size(4) +
411 @@ -1736,6 +1949,24 @@ static size_t ip6_tnl_get_size(const str
412 nla_total_size(4) +
413 /* IFLA_IPTUN_PROTO */
414 nla_total_size(1) +
415 + /* IFLA_IPTUN_FMRS */
416 + nla_total_size(0) +
417 + (
418 + /* nest */
419 + nla_total_size(0) +
420 + /* IFLA_IPTUN_FMR_IP6_PREFIX */
421 + nla_total_size(sizeof(struct in6_addr)) +
422 + /* IFLA_IPTUN_FMR_IP4_PREFIX */
423 + nla_total_size(sizeof(struct in_addr)) +
424 + /* IFLA_IPTUN_FMR_EA_LEN */
425 + nla_total_size(1) +
426 + /* IFLA_IPTUN_FMR_IP6_PREFIX_LEN */
427 + nla_total_size(1) +
428 + /* IFLA_IPTUN_FMR_IP4_PREFIX_LEN */
429 + nla_total_size(1) +
430 + /* IFLA_IPTUN_FMR_OFFSET */
431 + nla_total_size(1)
432 + ) * fmrs +
433 0;
434 }
435
436 @@ -1743,6 +1974,9 @@ static int ip6_tnl_fill_info(struct sk_b
437 {
438 struct ip6_tnl *tunnel = netdev_priv(dev);
439 struct __ip6_tnl_parm *parm = &tunnel->parms;
440 + struct __ip6_tnl_fmr *c;
441 + int fmrcnt = 0;
442 + struct nlattr *fmrs;
443
444 if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) ||
445 nla_put(skb, IFLA_IPTUN_LOCAL, sizeof(struct in6_addr),
446 @@ -1753,8 +1987,27 @@ static int ip6_tnl_fill_info(struct sk_b
447 nla_put_u8(skb, IFLA_IPTUN_ENCAP_LIMIT, parm->encap_limit) ||
448 nla_put_be32(skb, IFLA_IPTUN_FLOWINFO, parm->flowinfo) ||
449 nla_put_u32(skb, IFLA_IPTUN_FLAGS, parm->flags) ||
450 - nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->proto))
451 + nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->proto) ||
452 + !(fmrs = nla_nest_start(skb, IFLA_IPTUN_FMRS)))
453 goto nla_put_failure;
454 +
455 + for (c = parm->fmrs; c; c = c->next) {
456 + struct nlattr *fmr = nla_nest_start(skb, ++fmrcnt);
457 + if (!fmr ||
458 + nla_put(skb, IFLA_IPTUN_FMR_IP6_PREFIX,
459 + sizeof(c->ip6_prefix), &c->ip6_prefix) ||
460 + nla_put(skb, IFLA_IPTUN_FMR_IP4_PREFIX,
461 + sizeof(c->ip4_prefix), &c->ip4_prefix) ||
462 + nla_put_u8(skb, IFLA_IPTUN_FMR_IP6_PREFIX_LEN, c->ip6_prefix_len) ||
463 + nla_put_u8(skb, IFLA_IPTUN_FMR_IP4_PREFIX_LEN, c->ip4_prefix_len) ||
464 + nla_put_u8(skb, IFLA_IPTUN_FMR_EA_LEN, c->ea_len) ||
465 + nla_put_u8(skb, IFLA_IPTUN_FMR_OFFSET, c->offset))
466 + goto nla_put_failure;
467 +
468 + nla_nest_end(skb, fmr);
469 + }
470 + nla_nest_end(skb, fmrs);
471 +
472 return 0;
473
474 nla_put_failure:
475 @@ -1778,6 +2031,7 @@ static const struct nla_policy ip6_tnl_p
476 [IFLA_IPTUN_FLOWINFO] = { .type = NLA_U32 },
477 [IFLA_IPTUN_FLAGS] = { .type = NLA_U32 },
478 [IFLA_IPTUN_PROTO] = { .type = NLA_U8 },
479 + [IFLA_IPTUN_FMRS] = { .type = NLA_NESTED },
480 };
481
482 static struct rtnl_link_ops ip6_link_ops __read_mostly = {