diff options
-rw-r--r-- | include/uapi/linux/fou.h | 32 | ||||
-rw-r--r-- | net/ipv4/Kconfig | 10 | ||||
-rw-r--r-- | net/ipv4/Makefile | 1 | ||||
-rw-r--r-- | net/ipv4/fou.c | 279 |
4 files changed, 322 insertions, 0 deletions
diff --git a/include/uapi/linux/fou.h b/include/uapi/linux/fou.h new file mode 100644 index 000000000000..e03376de453d --- /dev/null +++ b/include/uapi/linux/fou.h | |||
@@ -0,0 +1,32 @@ | |||
1 | /* fou.h - FOU Interface */ | ||
2 | |||
3 | #ifndef _UAPI_LINUX_FOU_H | ||
4 | #define _UAPI_LINUX_FOU_H | ||
5 | |||
6 | /* NETLINK_GENERIC related info | ||
7 | */ | ||
8 | #define FOU_GENL_NAME "fou" | ||
9 | #define FOU_GENL_VERSION 0x1 | ||
10 | |||
11 | enum { | ||
12 | FOU_ATTR_UNSPEC, | ||
13 | FOU_ATTR_PORT, /* u16 */ | ||
14 | FOU_ATTR_AF, /* u8 */ | ||
15 | FOU_ATTR_IPPROTO, /* u8 */ | ||
16 | |||
17 | __FOU_ATTR_MAX, | ||
18 | }; | ||
19 | |||
20 | #define FOU_ATTR_MAX (__FOU_ATTR_MAX - 1) | ||
21 | |||
22 | enum { | ||
23 | FOU_CMD_UNSPEC, | ||
24 | FOU_CMD_ADD, | ||
25 | FOU_CMD_DEL, | ||
26 | |||
27 | __FOU_CMD_MAX, | ||
28 | }; | ||
29 | |||
30 | #define FOU_CMD_MAX (__FOU_CMD_MAX - 1) | ||
31 | |||
32 | #endif /* _UAPI_LINUX_FOU_H */ | ||
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig index dbc10d84161f..84f710b7472a 100644 --- a/net/ipv4/Kconfig +++ b/net/ipv4/Kconfig | |||
@@ -311,6 +311,16 @@ config NET_UDP_TUNNEL | |||
311 | tristate | 311 | tristate |
312 | default n | 312 | default n |
313 | 313 | ||
314 | config NET_FOU | ||
315 | tristate "IP: Foo (IP protocols) over UDP" | ||
316 | select XFRM | ||
317 | select NET_UDP_TUNNEL | ||
318 | ---help--- | ||
319 | Foo over UDP allows any IP protocol to be directly encapsulated | ||
320 | over UDP include tunnels (IPIP, GRE, SIT). By encapsulating in UDP | ||
321 | network mechanisms and optimizations for UDP (such as ECMP | ||
322 | and RSS) can be leveraged to provide better service. | ||
323 | |||
314 | config INET_AH | 324 | config INET_AH |
315 | tristate "IP: AH transformation" | 325 | tristate "IP: AH transformation" |
316 | select XFRM_ALGO | 326 | select XFRM_ALGO |
diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile index 8ee1cd4053ee..d78d404c596f 100644 --- a/net/ipv4/Makefile +++ b/net/ipv4/Makefile | |||
@@ -20,6 +20,7 @@ obj-$(CONFIG_IP_MULTIPLE_TABLES) += fib_rules.o | |||
20 | obj-$(CONFIG_IP_MROUTE) += ipmr.o | 20 | obj-$(CONFIG_IP_MROUTE) += ipmr.o |
21 | obj-$(CONFIG_NET_IPIP) += ipip.o | 21 | obj-$(CONFIG_NET_IPIP) += ipip.o |
22 | gre-y := gre_demux.o | 22 | gre-y := gre_demux.o |
23 | obj-$(CONFIG_NET_FOU) += fou.o | ||
23 | obj-$(CONFIG_NET_IPGRE_DEMUX) += gre.o | 24 | obj-$(CONFIG_NET_IPGRE_DEMUX) += gre.o |
24 | obj-$(CONFIG_NET_IPGRE) += ip_gre.o | 25 | obj-$(CONFIG_NET_IPGRE) += ip_gre.o |
25 | obj-$(CONFIG_NET_UDP_TUNNEL) += udp_tunnel.o | 26 | obj-$(CONFIG_NET_UDP_TUNNEL) += udp_tunnel.o |
diff --git a/net/ipv4/fou.c b/net/ipv4/fou.c new file mode 100644 index 000000000000..d44f97b79418 --- /dev/null +++ b/net/ipv4/fou.c | |||
@@ -0,0 +1,279 @@ | |||
1 | #include <linux/module.h> | ||
2 | #include <linux/errno.h> | ||
3 | #include <linux/socket.h> | ||
4 | #include <linux/skbuff.h> | ||
5 | #include <linux/ip.h> | ||
6 | #include <linux/udp.h> | ||
7 | #include <linux/types.h> | ||
8 | #include <linux/kernel.h> | ||
9 | #include <net/genetlink.h> | ||
10 | #include <net/ip.h> | ||
11 | #include <net/udp.h> | ||
12 | #include <net/udp_tunnel.h> | ||
13 | #include <net/xfrm.h> | ||
14 | #include <uapi/linux/fou.h> | ||
15 | #include <uapi/linux/genetlink.h> | ||
16 | |||
17 | static DEFINE_SPINLOCK(fou_lock); | ||
18 | static LIST_HEAD(fou_list); | ||
19 | |||
20 | struct fou { | ||
21 | struct socket *sock; | ||
22 | u8 protocol; | ||
23 | u16 port; | ||
24 | struct list_head list; | ||
25 | }; | ||
26 | |||
27 | struct fou_cfg { | ||
28 | u8 protocol; | ||
29 | struct udp_port_cfg udp_config; | ||
30 | }; | ||
31 | |||
32 | static inline struct fou *fou_from_sock(struct sock *sk) | ||
33 | { | ||
34 | return sk->sk_user_data; | ||
35 | } | ||
36 | |||
37 | static int fou_udp_encap_recv_deliver(struct sk_buff *skb, | ||
38 | u8 protocol, size_t len) | ||
39 | { | ||
40 | struct iphdr *iph = ip_hdr(skb); | ||
41 | |||
42 | /* Remove 'len' bytes from the packet (UDP header and | ||
43 | * FOU header if present), modify the protocol to the one | ||
44 | * we found, and then call rcv_encap. | ||
45 | */ | ||
46 | iph->tot_len = htons(ntohs(iph->tot_len) - len); | ||
47 | __skb_pull(skb, len); | ||
48 | skb_postpull_rcsum(skb, udp_hdr(skb), len); | ||
49 | skb_reset_transport_header(skb); | ||
50 | |||
51 | return -protocol; | ||
52 | } | ||
53 | |||
54 | static int fou_udp_recv(struct sock *sk, struct sk_buff *skb) | ||
55 | { | ||
56 | struct fou *fou = fou_from_sock(sk); | ||
57 | |||
58 | if (!fou) | ||
59 | return 1; | ||
60 | |||
61 | return fou_udp_encap_recv_deliver(skb, fou->protocol, | ||
62 | sizeof(struct udphdr)); | ||
63 | } | ||
64 | |||
65 | static int fou_add_to_port_list(struct fou *fou) | ||
66 | { | ||
67 | struct fou *fout; | ||
68 | |||
69 | spin_lock(&fou_lock); | ||
70 | list_for_each_entry(fout, &fou_list, list) { | ||
71 | if (fou->port == fout->port) { | ||
72 | spin_unlock(&fou_lock); | ||
73 | return -EALREADY; | ||
74 | } | ||
75 | } | ||
76 | |||
77 | list_add(&fou->list, &fou_list); | ||
78 | spin_unlock(&fou_lock); | ||
79 | |||
80 | return 0; | ||
81 | } | ||
82 | |||
83 | static void fou_release(struct fou *fou) | ||
84 | { | ||
85 | struct socket *sock = fou->sock; | ||
86 | struct sock *sk = sock->sk; | ||
87 | |||
88 | udp_del_offload(&fou->udp_offloads); | ||
89 | |||
90 | list_del(&fou->list); | ||
91 | |||
92 | /* Remove hooks into tunnel socket */ | ||
93 | sk->sk_user_data = NULL; | ||
94 | |||
95 | sock_release(sock); | ||
96 | |||
97 | kfree(fou); | ||
98 | } | ||
99 | |||
100 | static int fou_create(struct net *net, struct fou_cfg *cfg, | ||
101 | struct socket **sockp) | ||
102 | { | ||
103 | struct fou *fou = NULL; | ||
104 | int err; | ||
105 | struct socket *sock = NULL; | ||
106 | struct sock *sk; | ||
107 | |||
108 | /* Open UDP socket */ | ||
109 | err = udp_sock_create(net, &cfg->udp_config, &sock); | ||
110 | if (err < 0) | ||
111 | goto error; | ||
112 | |||
113 | /* Allocate FOU port structure */ | ||
114 | fou = kzalloc(sizeof(*fou), GFP_KERNEL); | ||
115 | if (!fou) { | ||
116 | err = -ENOMEM; | ||
117 | goto error; | ||
118 | } | ||
119 | |||
120 | sk = sock->sk; | ||
121 | |||
122 | /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */ | ||
123 | fou->protocol = cfg->protocol; | ||
124 | fou->port = cfg->udp_config.local_udp_port; | ||
125 | udp_sk(sk)->encap_rcv = fou_udp_recv; | ||
126 | |||
127 | udp_sk(sk)->encap_type = 1; | ||
128 | udp_encap_enable(); | ||
129 | |||
130 | sk->sk_user_data = fou; | ||
131 | fou->sock = sock; | ||
132 | |||
133 | udp_set_convert_csum(sk, true); | ||
134 | |||
135 | sk->sk_allocation = GFP_ATOMIC; | ||
136 | |||
137 | err = fou_add_to_port_list(fou); | ||
138 | if (err) | ||
139 | goto error; | ||
140 | |||
141 | if (sockp) | ||
142 | *sockp = sock; | ||
143 | |||
144 | return 0; | ||
145 | |||
146 | error: | ||
147 | kfree(fou); | ||
148 | if (sock) | ||
149 | sock_release(sock); | ||
150 | |||
151 | return err; | ||
152 | } | ||
153 | |||
154 | static int fou_destroy(struct net *net, struct fou_cfg *cfg) | ||
155 | { | ||
156 | struct fou *fou; | ||
157 | u16 port = cfg->udp_config.local_udp_port; | ||
158 | int err = -EINVAL; | ||
159 | |||
160 | spin_lock(&fou_lock); | ||
161 | list_for_each_entry(fou, &fou_list, list) { | ||
162 | if (fou->port == port) { | ||
163 | fou_release(fou); | ||
164 | err = 0; | ||
165 | break; | ||
166 | } | ||
167 | } | ||
168 | spin_unlock(&fou_lock); | ||
169 | |||
170 | return err; | ||
171 | } | ||
172 | |||
173 | static struct genl_family fou_nl_family = { | ||
174 | .id = GENL_ID_GENERATE, | ||
175 | .hdrsize = 0, | ||
176 | .name = FOU_GENL_NAME, | ||
177 | .version = FOU_GENL_VERSION, | ||
178 | .maxattr = FOU_ATTR_MAX, | ||
179 | .netnsok = true, | ||
180 | }; | ||
181 | |||
182 | static struct nla_policy fou_nl_policy[FOU_ATTR_MAX + 1] = { | ||
183 | [FOU_ATTR_PORT] = { .type = NLA_U16, }, | ||
184 | [FOU_ATTR_AF] = { .type = NLA_U8, }, | ||
185 | [FOU_ATTR_IPPROTO] = { .type = NLA_U8, }, | ||
186 | }; | ||
187 | |||
188 | static int parse_nl_config(struct genl_info *info, | ||
189 | struct fou_cfg *cfg) | ||
190 | { | ||
191 | memset(cfg, 0, sizeof(*cfg)); | ||
192 | |||
193 | cfg->udp_config.family = AF_INET; | ||
194 | |||
195 | if (info->attrs[FOU_ATTR_AF]) { | ||
196 | u8 family = nla_get_u8(info->attrs[FOU_ATTR_AF]); | ||
197 | |||
198 | if (family != AF_INET && family != AF_INET6) | ||
199 | return -EINVAL; | ||
200 | |||
201 | cfg->udp_config.family = family; | ||
202 | } | ||
203 | |||
204 | if (info->attrs[FOU_ATTR_PORT]) { | ||
205 | u16 port = nla_get_u16(info->attrs[FOU_ATTR_PORT]); | ||
206 | |||
207 | cfg->udp_config.local_udp_port = port; | ||
208 | } | ||
209 | |||
210 | if (info->attrs[FOU_ATTR_IPPROTO]) | ||
211 | cfg->protocol = nla_get_u8(info->attrs[FOU_ATTR_IPPROTO]); | ||
212 | |||
213 | return 0; | ||
214 | } | ||
215 | |||
216 | static int fou_nl_cmd_add_port(struct sk_buff *skb, struct genl_info *info) | ||
217 | { | ||
218 | struct fou_cfg cfg; | ||
219 | int err; | ||
220 | |||
221 | err = parse_nl_config(info, &cfg); | ||
222 | if (err) | ||
223 | return err; | ||
224 | |||
225 | return fou_create(&init_net, &cfg, NULL); | ||
226 | } | ||
227 | |||
228 | static int fou_nl_cmd_rm_port(struct sk_buff *skb, struct genl_info *info) | ||
229 | { | ||
230 | struct fou_cfg cfg; | ||
231 | |||
232 | parse_nl_config(info, &cfg); | ||
233 | |||
234 | return fou_destroy(&init_net, &cfg); | ||
235 | } | ||
236 | |||
237 | static const struct genl_ops fou_nl_ops[] = { | ||
238 | { | ||
239 | .cmd = FOU_CMD_ADD, | ||
240 | .doit = fou_nl_cmd_add_port, | ||
241 | .policy = fou_nl_policy, | ||
242 | .flags = GENL_ADMIN_PERM, | ||
243 | }, | ||
244 | { | ||
245 | .cmd = FOU_CMD_DEL, | ||
246 | .doit = fou_nl_cmd_rm_port, | ||
247 | .policy = fou_nl_policy, | ||
248 | .flags = GENL_ADMIN_PERM, | ||
249 | }, | ||
250 | }; | ||
251 | |||
252 | static int __init fou_init(void) | ||
253 | { | ||
254 | int ret; | ||
255 | |||
256 | ret = genl_register_family_with_ops(&fou_nl_family, | ||
257 | fou_nl_ops); | ||
258 | |||
259 | return ret; | ||
260 | } | ||
261 | |||
262 | static void __exit fou_fini(void) | ||
263 | { | ||
264 | struct fou *fou, *next; | ||
265 | |||
266 | genl_unregister_family(&fou_nl_family); | ||
267 | |||
268 | /* Close all the FOU sockets */ | ||
269 | |||
270 | spin_lock(&fou_lock); | ||
271 | list_for_each_entry_safe(fou, next, &fou_list, list) | ||
272 | fou_release(fou); | ||
273 | spin_unlock(&fou_lock); | ||
274 | } | ||
275 | |||
276 | module_init(fou_init); | ||
277 | module_exit(fou_fini); | ||
278 | MODULE_AUTHOR("Tom Herbert <therbert@google.com>"); | ||
279 | MODULE_LICENSE("GPL"); | ||