Version:  2.6.34 2.6.35 2.6.36 2.6.37 2.6.38 2.6.39 3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14

Linux/drivers/net/vxlan.c

  1 /*
  2  * VXLAN: Virtual eXtensible Local Area Network
  3  *
  4  * Copyright (c) 2012-2013 Vyatta Inc.
  5  *
  6  * This program is free software; you can redistribute it and/or modify
  7  * it under the terms of the GNU General Public License version 2 as
  8  * published by the Free Software Foundation.
  9  */
 10 
 11 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 12 
 13 #include <linux/kernel.h>
 14 #include <linux/types.h>
 15 #include <linux/module.h>
 16 #include <linux/errno.h>
 17 #include <linux/slab.h>
 18 #include <linux/skbuff.h>
 19 #include <linux/rculist.h>
 20 #include <linux/netdevice.h>
 21 #include <linux/in.h>
 22 #include <linux/ip.h>
 23 #include <linux/udp.h>
 24 #include <linux/igmp.h>
 25 #include <linux/etherdevice.h>
 26 #include <linux/if_ether.h>
 27 #include <linux/if_vlan.h>
 28 #include <linux/hash.h>
 29 #include <linux/ethtool.h>
 30 #include <net/arp.h>
 31 #include <net/ndisc.h>
 32 #include <net/ip.h>
 33 #include <net/ip_tunnels.h>
 34 #include <net/icmp.h>
 35 #include <net/udp.h>
 36 #include <net/rtnetlink.h>
 37 #include <net/route.h>
 38 #include <net/dsfield.h>
 39 #include <net/inet_ecn.h>
 40 #include <net/net_namespace.h>
 41 #include <net/netns/generic.h>
 42 #include <net/vxlan.h>
 43 #include <net/protocol.h>
 44 #if IS_ENABLED(CONFIG_IPV6)
 45 #include <net/ipv6.h>
 46 #include <net/addrconf.h>
 47 #include <net/ip6_tunnel.h>
 48 #include <net/ip6_checksum.h>
 49 #endif
 50 
 51 #define VXLAN_VERSION   "0.1"
 52 
 53 #define PORT_HASH_BITS  8
 54 #define PORT_HASH_SIZE  (1<<PORT_HASH_BITS)
 55 #define VNI_HASH_BITS   10
 56 #define VNI_HASH_SIZE   (1<<VNI_HASH_BITS)
 57 #define FDB_HASH_BITS   8
 58 #define FDB_HASH_SIZE   (1<<FDB_HASH_BITS)
 59 #define FDB_AGE_DEFAULT 300 /* 5 min */
 60 #define FDB_AGE_INTERVAL (10 * HZ)      /* rescan interval */
 61 
 62 #define VXLAN_N_VID     (1u << 24)
 63 #define VXLAN_VID_MASK  (VXLAN_N_VID - 1)
 64 #define VXLAN_HLEN (sizeof(struct udphdr) + sizeof(struct vxlanhdr))
 65 
 66 #define VXLAN_FLAGS 0x08000000  /* struct vxlanhdr.vx_flags required value. */
 67 
 68 /* VXLAN protocol header */
 69 struct vxlanhdr {
 70         __be32 vx_flags;
 71         __be32 vx_vni;
 72 };
 73 
 74 /* UDP port for VXLAN traffic.
 75  * The IANA assigned port is 4789, but the Linux default is 8472
 76  * for compatibility with early adopters.
 77  */
 78 static unsigned short vxlan_port __read_mostly = 8472;
 79 module_param_named(udp_port, vxlan_port, ushort, 0444);
 80 MODULE_PARM_DESC(udp_port, "Destination UDP port");
 81 
 82 static bool log_ecn_error = true;
 83 module_param(log_ecn_error, bool, 0644);
 84 MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
 85 
 86 static int vxlan_net_id;
 87 
 88 static const u8 all_zeros_mac[ETH_ALEN];
 89 
 90 /* per-network namespace private data for this module */
 91 struct vxlan_net {
 92         struct list_head  vxlan_list;
 93         struct hlist_head sock_list[PORT_HASH_SIZE];
 94         spinlock_t        sock_lock;
 95 };
 96 
 97 union vxlan_addr {
 98         struct sockaddr_in sin;
 99         struct sockaddr_in6 sin6;
100         struct sockaddr sa;
101 };
102 
103 struct vxlan_rdst {
104         union vxlan_addr         remote_ip;
105         __be16                   remote_port;
106         u32                      remote_vni;
107         u32                      remote_ifindex;
108         struct list_head         list;
109         struct rcu_head          rcu;
110 };
111 
112 /* Forwarding table entry */
113 struct vxlan_fdb {
114         struct hlist_node hlist;        /* linked list of entries */
115         struct rcu_head   rcu;
116         unsigned long     updated;      /* jiffies */
117         unsigned long     used;
118         struct list_head  remotes;
119         u16               state;        /* see ndm_state */
120         u8                flags;        /* see ndm_flags */
121         u8                eth_addr[ETH_ALEN];
122 };
123 
124 /* Pseudo network device */
125 struct vxlan_dev {
126         struct hlist_node hlist;        /* vni hash table */
127         struct list_head  next;         /* vxlan's per namespace list */
128         struct vxlan_sock *vn_sock;     /* listening socket */
129         struct net_device *dev;
130         struct vxlan_rdst default_dst;  /* default destination */
131         union vxlan_addr  saddr;        /* source address */
132         __be16            dst_port;
133         __u16             port_min;     /* source port range */
134         __u16             port_max;
135         __u8              tos;          /* TOS override */
136         __u8              ttl;
137         u32               flags;        /* VXLAN_F_* below */
138 
139         struct work_struct sock_work;
140         struct work_struct igmp_join;
141         struct work_struct igmp_leave;
142 
143         unsigned long     age_interval;
144         struct timer_list age_timer;
145         spinlock_t        hash_lock;
146         unsigned int      addrcnt;
147         unsigned int      addrmax;
148 
149         struct hlist_head fdb_head[FDB_HASH_SIZE];
150 };
151 
152 #define VXLAN_F_LEARN   0x01
153 #define VXLAN_F_PROXY   0x02
154 #define VXLAN_F_RSC     0x04
155 #define VXLAN_F_L2MISS  0x08
156 #define VXLAN_F_L3MISS  0x10
157 #define VXLAN_F_IPV6    0x20 /* internal flag */
158 
159 /* salt for hash table */
160 static u32 vxlan_salt __read_mostly;
161 static struct workqueue_struct *vxlan_wq;
162 
163 static void vxlan_sock_work(struct work_struct *work);
164 
165 #if IS_ENABLED(CONFIG_IPV6)
166 static inline
167 bool vxlan_addr_equal(const union vxlan_addr *a, const union vxlan_addr *b)
168 {
169        if (a->sa.sa_family != b->sa.sa_family)
170                return false;
171        if (a->sa.sa_family == AF_INET6)
172                return ipv6_addr_equal(&a->sin6.sin6_addr, &b->sin6.sin6_addr);
173        else
174                return a->sin.sin_addr.s_addr == b->sin.sin_addr.s_addr;
175 }
176 
177 static inline bool vxlan_addr_any(const union vxlan_addr *ipa)
178 {
179        if (ipa->sa.sa_family == AF_INET6)
180                return ipv6_addr_any(&ipa->sin6.sin6_addr);
181        else
182                return ipa->sin.sin_addr.s_addr == htonl(INADDR_ANY);
183 }
184 
185 static inline bool vxlan_addr_multicast(const union vxlan_addr *ipa)
186 {
187        if (ipa->sa.sa_family == AF_INET6)
188                return ipv6_addr_is_multicast(&ipa->sin6.sin6_addr);
189        else
190                return IN_MULTICAST(ntohl(ipa->sin.sin_addr.s_addr));
191 }
192 
193 static int vxlan_nla_get_addr(union vxlan_addr *ip, struct nlattr *nla)
194 {
195        if (nla_len(nla) >= sizeof(struct in6_addr)) {
196                nla_memcpy(&ip->sin6.sin6_addr, nla, sizeof(struct in6_addr));
197                ip->sa.sa_family = AF_INET6;
198                return 0;
199        } else if (nla_len(nla) >= sizeof(__be32)) {
200                ip->sin.sin_addr.s_addr = nla_get_be32(nla);
201                ip->sa.sa_family = AF_INET;
202                return 0;
203        } else {
204                return -EAFNOSUPPORT;
205        }
206 }
207 
208 static int vxlan_nla_put_addr(struct sk_buff *skb, int attr,
209                              const union vxlan_addr *ip)
210 {
211        if (ip->sa.sa_family == AF_INET6)
212                return nla_put(skb, attr, sizeof(struct in6_addr), &ip->sin6.sin6_addr);
213        else
214                return nla_put_be32(skb, attr, ip->sin.sin_addr.s_addr);
215 }
216 
217 #else /* !CONFIG_IPV6 */
218 
219 static inline
220 bool vxlan_addr_equal(const union vxlan_addr *a, const union vxlan_addr *b)
221 {
222        return a->sin.sin_addr.s_addr == b->sin.sin_addr.s_addr;
223 }
224 
225 static inline bool vxlan_addr_any(const union vxlan_addr *ipa)
226 {
227        return ipa->sin.sin_addr.s_addr == htonl(INADDR_ANY);
228 }
229 
230 static inline bool vxlan_addr_multicast(const union vxlan_addr *ipa)
231 {
232        return IN_MULTICAST(ntohl(ipa->sin.sin_addr.s_addr));
233 }
234 
235 static int vxlan_nla_get_addr(union vxlan_addr *ip, struct nlattr *nla)
236 {
237        if (nla_len(nla) >= sizeof(struct in6_addr)) {
238                return -EAFNOSUPPORT;
239        } else if (nla_len(nla) >= sizeof(__be32)) {
240                ip->sin.sin_addr.s_addr = nla_get_be32(nla);
241                ip->sa.sa_family = AF_INET;
242                return 0;
243        } else {
244                return -EAFNOSUPPORT;
245        }
246 }
247 
248 static int vxlan_nla_put_addr(struct sk_buff *skb, int attr,
249                              const union vxlan_addr *ip)
250 {
251        return nla_put_be32(skb, attr, ip->sin.sin_addr.s_addr);
252 }
253 #endif
254 
255 /* Virtual Network hash table head */
256 static inline struct hlist_head *vni_head(struct vxlan_sock *vs, u32 id)
257 {
258         return &vs->vni_list[hash_32(id, VNI_HASH_BITS)];
259 }
260 
261 /* Socket hash table head */
262 static inline struct hlist_head *vs_head(struct net *net, __be16 port)
263 {
264         struct vxlan_net *vn = net_generic(net, vxlan_net_id);
265 
266         return &vn->sock_list[hash_32(ntohs(port), PORT_HASH_BITS)];
267 }
268 
269 /* First remote destination for a forwarding entry.
270  * Guaranteed to be non-NULL because remotes are never deleted.
271  */
272 static inline struct vxlan_rdst *first_remote_rcu(struct vxlan_fdb *fdb)
273 {
274         return list_entry_rcu(fdb->remotes.next, struct vxlan_rdst, list);
275 }
276 
277 static inline struct vxlan_rdst *first_remote_rtnl(struct vxlan_fdb *fdb)
278 {
279         return list_first_entry(&fdb->remotes, struct vxlan_rdst, list);
280 }
281 
282 /* Find VXLAN socket based on network namespace and UDP port */
283 static struct vxlan_sock *vxlan_find_sock(struct net *net, __be16 port)
284 {
285         struct vxlan_sock *vs;
286 
287         hlist_for_each_entry_rcu(vs, vs_head(net, port), hlist) {
288                 if (inet_sk(vs->sock->sk)->inet_sport == port)
289                         return vs;
290         }
291         return NULL;
292 }
293 
294 static struct vxlan_dev *vxlan_vs_find_vni(struct vxlan_sock *vs, u32 id)
295 {
296         struct vxlan_dev *vxlan;
297 
298         hlist_for_each_entry_rcu(vxlan, vni_head(vs, id), hlist) {
299                 if (vxlan->default_dst.remote_vni == id)
300                         return vxlan;
301         }
302 
303         return NULL;
304 }
305 
306 /* Look up VNI in a per net namespace table */
307 static struct vxlan_dev *vxlan_find_vni(struct net *net, u32 id, __be16 port)
308 {
309         struct vxlan_sock *vs;
310 
311         vs = vxlan_find_sock(net, port);
312         if (!vs)
313                 return NULL;
314 
315         return vxlan_vs_find_vni(vs, id);
316 }
317 
318 /* Fill in neighbour message in skbuff. */
319 static int vxlan_fdb_info(struct sk_buff *skb, struct vxlan_dev *vxlan,
320                           const struct vxlan_fdb *fdb,
321                           u32 portid, u32 seq, int type, unsigned int flags,
322                           const struct vxlan_rdst *rdst)
323 {
324         unsigned long now = jiffies;
325         struct nda_cacheinfo ci;
326         struct nlmsghdr *nlh;
327         struct ndmsg *ndm;
328         bool send_ip, send_eth;
329 
330         nlh = nlmsg_put(skb, portid, seq, type, sizeof(*ndm), flags);
331         if (nlh == NULL)
332                 return -EMSGSIZE;
333 
334         ndm = nlmsg_data(nlh);
335         memset(ndm, 0, sizeof(*ndm));
336 
337         send_eth = send_ip = true;
338 
339         if (type == RTM_GETNEIGH) {
340                 ndm->ndm_family = AF_INET;
341                 send_ip = !vxlan_addr_any(&rdst->remote_ip);
342                 send_eth = !is_zero_ether_addr(fdb->eth_addr);
343         } else
344                 ndm->ndm_family = AF_BRIDGE;
345         ndm->ndm_state = fdb->state;
346         ndm->ndm_ifindex = vxlan->dev->ifindex;
347         ndm->ndm_flags = fdb->flags;
348         ndm->ndm_type = NDA_DST;
349 
350         if (send_eth && nla_put(skb, NDA_LLADDR, ETH_ALEN, &fdb->eth_addr))
351                 goto nla_put_failure;
352 
353         if (send_ip && vxlan_nla_put_addr(skb, NDA_DST, &rdst->remote_ip))
354                 goto nla_put_failure;
355 
356         if (rdst->remote_port && rdst->remote_port != vxlan->dst_port &&
357             nla_put_be16(skb, NDA_PORT, rdst->remote_port))
358                 goto nla_put_failure;
359         if (rdst->remote_vni != vxlan->default_dst.remote_vni &&
360             nla_put_u32(skb, NDA_VNI, rdst->remote_vni))
361                 goto nla_put_failure;
362         if (rdst->remote_ifindex &&
363             nla_put_u32(skb, NDA_IFINDEX, rdst->remote_ifindex))
364                 goto nla_put_failure;
365 
366         ci.ndm_used      = jiffies_to_clock_t(now - fdb->used);
367         ci.ndm_confirmed = 0;
368         ci.ndm_updated   = jiffies_to_clock_t(now - fdb->updated);
369         ci.ndm_refcnt    = 0;
370 
371         if (nla_put(skb, NDA_CACHEINFO, sizeof(ci), &ci))
372                 goto nla_put_failure;
373 
374         return nlmsg_end(skb, nlh);
375 
376 nla_put_failure:
377         nlmsg_cancel(skb, nlh);
378         return -EMSGSIZE;
379 }
380 
381 static inline size_t vxlan_nlmsg_size(void)
382 {
383         return NLMSG_ALIGN(sizeof(struct ndmsg))
384                 + nla_total_size(ETH_ALEN) /* NDA_LLADDR */
385                 + nla_total_size(sizeof(struct in6_addr)) /* NDA_DST */
386                 + nla_total_size(sizeof(__be16)) /* NDA_PORT */
387                 + nla_total_size(sizeof(__be32)) /* NDA_VNI */
388                 + nla_total_size(sizeof(__u32)) /* NDA_IFINDEX */
389                 + nla_total_size(sizeof(struct nda_cacheinfo));
390 }
391 
392 static void vxlan_fdb_notify(struct vxlan_dev *vxlan,
393                              struct vxlan_fdb *fdb, int type)
394 {
395         struct net *net = dev_net(vxlan->dev);
396         struct sk_buff *skb;
397         int err = -ENOBUFS;
398 
399         skb = nlmsg_new(vxlan_nlmsg_size(), GFP_ATOMIC);
400         if (skb == NULL)
401                 goto errout;
402 
403         err = vxlan_fdb_info(skb, vxlan, fdb, 0, 0, type, 0,
404                              first_remote_rtnl(fdb));
405         if (err < 0) {
406                 /* -EMSGSIZE implies BUG in vxlan_nlmsg_size() */
407                 WARN_ON(err == -EMSGSIZE);
408                 kfree_skb(skb);
409                 goto errout;
410         }
411 
412         rtnl_notify(skb, net, 0, RTNLGRP_NEIGH, NULL, GFP_ATOMIC);
413         return;
414 errout:
415         if (err < 0)
416                 rtnl_set_sk_err(net, RTNLGRP_NEIGH, err);
417 }
418 
419 static void vxlan_ip_miss(struct net_device *dev, union vxlan_addr *ipa)
420 {
421         struct vxlan_dev *vxlan = netdev_priv(dev);
422         struct vxlan_fdb f = {
423                 .state = NUD_STALE,
424         };
425         struct vxlan_rdst remote = {
426                 .remote_ip = *ipa, /* goes to NDA_DST */
427                 .remote_vni = VXLAN_N_VID,
428         };
429 
430         INIT_LIST_HEAD(&f.remotes);
431         list_add_rcu(&remote.list, &f.remotes);
432 
433         vxlan_fdb_notify(vxlan, &f, RTM_GETNEIGH);
434 }
435 
436 static void vxlan_fdb_miss(struct vxlan_dev *vxlan, const u8 eth_addr[ETH_ALEN])
437 {
438         struct vxlan_fdb f = {
439                 .state = NUD_STALE,
440         };
441 
442         INIT_LIST_HEAD(&f.remotes);
443         memcpy(f.eth_addr, eth_addr, ETH_ALEN);
444 
445         vxlan_fdb_notify(vxlan, &f, RTM_GETNEIGH);
446 }
447 
448 /* Hash Ethernet address */
449 static u32 eth_hash(const unsigned char *addr)
450 {
451         u64 value = get_unaligned((u64 *)addr);
452 
453         /* only want 6 bytes */
454 #ifdef __BIG_ENDIAN
455         value >>= 16;
456 #else
457         value <<= 16;
458 #endif
459         return hash_64(value, FDB_HASH_BITS);
460 }
461 
462 /* Hash chain to use given mac address */
463 static inline struct hlist_head *vxlan_fdb_head(struct vxlan_dev *vxlan,
464                                                 const u8 *mac)
465 {
466         return &vxlan->fdb_head[eth_hash(mac)];
467 }
468 
469 /* Look up Ethernet address in forwarding table */
470 static struct vxlan_fdb *__vxlan_find_mac(struct vxlan_dev *vxlan,
471                                         const u8 *mac)
472 {
473         struct hlist_head *head = vxlan_fdb_head(vxlan, mac);
474         struct vxlan_fdb *f;
475 
476         hlist_for_each_entry_rcu(f, head, hlist) {
477                 if (ether_addr_equal(mac, f->eth_addr))
478                         return f;
479         }
480 
481         return NULL;
482 }
483 
484 static struct vxlan_fdb *vxlan_find_mac(struct vxlan_dev *vxlan,
485                                         const u8 *mac)
486 {
487         struct vxlan_fdb *f;
488 
489         f = __vxlan_find_mac(vxlan, mac);
490         if (f)
491                 f->used = jiffies;
492 
493         return f;
494 }
495 
496 /* caller should hold vxlan->hash_lock */
497 static struct vxlan_rdst *vxlan_fdb_find_rdst(struct vxlan_fdb *f,
498                                               union vxlan_addr *ip, __be16 port,
499                                               __u32 vni, __u32 ifindex)
500 {
501         struct vxlan_rdst *rd;
502 
503         list_for_each_entry(rd, &f->remotes, list) {
504                 if (vxlan_addr_equal(&rd->remote_ip, ip) &&
505                     rd->remote_port == port &&
506                     rd->remote_vni == vni &&
507                     rd->remote_ifindex == ifindex)
508                         return rd;
509         }
510 
511         return NULL;
512 }
513 
514 /* Replace destination of unicast mac */
515 static int vxlan_fdb_replace(struct vxlan_fdb *f,
516                              union vxlan_addr *ip, __be16 port, __u32 vni, __u32 ifindex)
517 {
518         struct vxlan_rdst *rd;
519 
520         rd = vxlan_fdb_find_rdst(f, ip, port, vni, ifindex);
521         if (rd)
522                 return 0;
523 
524         rd = list_first_entry_or_null(&f->remotes, struct vxlan_rdst, list);
525         if (!rd)
526                 return 0;
527         rd->remote_ip = *ip;
528         rd->remote_port = port;
529         rd->remote_vni = vni;
530         rd->remote_ifindex = ifindex;
531         return 1;
532 }
533 
534 /* Add/update destinations for multicast */
535 static int vxlan_fdb_append(struct vxlan_fdb *f,
536                             union vxlan_addr *ip, __be16 port, __u32 vni, __u32 ifindex)
537 {
538         struct vxlan_rdst *rd;
539 
540         rd = vxlan_fdb_find_rdst(f, ip, port, vni, ifindex);
541         if (rd)
542                 return 0;
543 
544         rd = kmalloc(sizeof(*rd), GFP_ATOMIC);
545         if (rd == NULL)
546                 return -ENOBUFS;
547         rd->remote_ip = *ip;
548         rd->remote_port = port;
549         rd->remote_vni = vni;
550         rd->remote_ifindex = ifindex;
551 
552         list_add_tail_rcu(&rd->list, &f->remotes);
553 
554         return 1;
555 }
556 
557 static struct sk_buff **vxlan_gro_receive(struct sk_buff **head, struct sk_buff *skb)
558 {
559         struct sk_buff *p, **pp = NULL;
560         struct vxlanhdr *vh, *vh2;
561         struct ethhdr *eh, *eh2;
562         unsigned int hlen, off_vx, off_eth;
563         const struct packet_offload *ptype;
564         __be16 type;
565         int flush = 1;
566 
567         off_vx = skb_gro_offset(skb);
568         hlen = off_vx + sizeof(*vh);
569         vh   = skb_gro_header_fast(skb, off_vx);
570         if (skb_gro_header_hard(skb, hlen)) {
571                 vh = skb_gro_header_slow(skb, hlen, off_vx);
572                 if (unlikely(!vh))
573                         goto out;
574         }
575         skb_gro_pull(skb, sizeof(struct vxlanhdr)); /* pull vxlan header */
576 
577         off_eth = skb_gro_offset(skb);
578         hlen = off_eth + sizeof(*eh);
579         eh   = skb_gro_header_fast(skb, off_eth);
580         if (skb_gro_header_hard(skb, hlen)) {
581                 eh = skb_gro_header_slow(skb, hlen, off_eth);
582                 if (unlikely(!eh))
583                         goto out;
584         }
585 
586         flush = 0;
587 
588         for (p = *head; p; p = p->next) {
589                 if (!NAPI_GRO_CB(p)->same_flow)
590                         continue;
591 
592                 vh2 = (struct vxlanhdr *)(p->data + off_vx);
593                 eh2 = (struct ethhdr   *)(p->data + off_eth);
594                 if (vh->vx_vni != vh2->vx_vni || compare_ether_header(eh, eh2)) {
595                         NAPI_GRO_CB(p)->same_flow = 0;
596                         continue;
597                 }
598         }
599 
600         type = eh->h_proto;
601 
602         rcu_read_lock();
603         ptype = gro_find_receive_by_type(type);
604         if (ptype == NULL) {
605                 flush = 1;
606                 goto out_unlock;
607         }
608 
609         skb_gro_pull(skb, sizeof(*eh)); /* pull inner eth header */
610         pp = ptype->callbacks.gro_receive(head, skb);
611 
612 out_unlock:
613         rcu_read_unlock();
614 out:
615         NAPI_GRO_CB(skb)->flush |= flush;
616 
617         return pp;
618 }
619 
620 static int vxlan_gro_complete(struct sk_buff *skb, int nhoff)
621 {
622         struct ethhdr *eh;
623         struct packet_offload *ptype;
624         __be16 type;
625         int vxlan_len  = sizeof(struct vxlanhdr) + sizeof(struct ethhdr);
626         int err = -ENOSYS;
627 
628         eh = (struct ethhdr *)(skb->data + nhoff + sizeof(struct vxlanhdr));
629         type = eh->h_proto;
630 
631         rcu_read_lock();
632         ptype = gro_find_complete_by_type(type);
633         if (ptype != NULL)
634                 err = ptype->callbacks.gro_complete(skb, nhoff + vxlan_len);
635 
636         rcu_read_unlock();
637         return err;
638 }
639 
640 /* Notify netdevs that UDP port started listening */
641 static void vxlan_notify_add_rx_port(struct vxlan_sock *vs)
642 {
643         struct net_device *dev;
644         struct sock *sk = vs->sock->sk;
645         struct net *net = sock_net(sk);
646         sa_family_t sa_family = sk->sk_family;
647         __be16 port = inet_sk(sk)->inet_sport;
648         int err;
649 
650         if (sa_family == AF_INET) {
651                 err = udp_add_offload(&vs->udp_offloads);
652                 if (err)
653                         pr_warn("vxlan: udp_add_offload failed with status %d\n", err);
654         }
655 
656         rcu_read_lock();
657         for_each_netdev_rcu(net, dev) {
658                 if (dev->netdev_ops->ndo_add_vxlan_port)
659                         dev->netdev_ops->ndo_add_vxlan_port(dev, sa_family,
660                                                             port);
661         }
662         rcu_read_unlock();
663 }
664 
665 /* Notify netdevs that UDP port is no more listening */
666 static void vxlan_notify_del_rx_port(struct vxlan_sock *vs)
667 {
668         struct net_device *dev;
669         struct sock *sk = vs->sock->sk;
670         struct net *net = sock_net(sk);
671         sa_family_t sa_family = sk->sk_family;
672         __be16 port = inet_sk(sk)->inet_sport;
673 
674         rcu_read_lock();
675         for_each_netdev_rcu(net, dev) {
676                 if (dev->netdev_ops->ndo_del_vxlan_port)
677                         dev->netdev_ops->ndo_del_vxlan_port(dev, sa_family,
678                                                             port);
679         }
680         rcu_read_unlock();
681 
682         if (sa_family == AF_INET)
683                 udp_del_offload(&vs->udp_offloads);
684 }
685 
686 /* Add new entry to forwarding table -- assumes lock held */
687 static int vxlan_fdb_create(struct vxlan_dev *vxlan,
688                             const u8 *mac, union vxlan_addr *ip,
689                             __u16 state, __u16 flags,
690                             __be16 port, __u32 vni, __u32 ifindex,
691                             __u8 ndm_flags)
692 {
693         struct vxlan_fdb *f;
694         int notify = 0;
695 
696         f = __vxlan_find_mac(vxlan, mac);
697         if (f) {
698                 if (flags & NLM_F_EXCL) {
699                         netdev_dbg(vxlan->dev,
700                                    "lost race to create %pM\n", mac);
701                         return -EEXIST;
702                 }
703                 if (f->state != state) {
704                         f->state = state;
705                         f->updated = jiffies;
706                         notify = 1;
707                 }
708                 if (f->flags != ndm_flags) {
709                         f->flags = ndm_flags;
710                         f->updated = jiffies;
711                         notify = 1;
712                 }
713                 if ((flags & NLM_F_REPLACE)) {
714                         /* Only change unicasts */
715                         if (!(is_multicast_ether_addr(f->eth_addr) ||
716                              is_zero_ether_addr(f->eth_addr))) {
717                                 int rc = vxlan_fdb_replace(f, ip, port, vni,
718                                                            ifindex);
719 
720                                 if (rc < 0)
721                                         return rc;
722                                 notify |= rc;
723                         } else
724                                 return -EOPNOTSUPP;
725                 }
726                 if ((flags & NLM_F_APPEND) &&
727                     (is_multicast_ether_addr(f->eth_addr) ||
728                      is_zero_ether_addr(f->eth_addr))) {
729                         int rc = vxlan_fdb_append(f, ip, port, vni, ifindex);
730 
731                         if (rc < 0)
732                                 return rc;
733                         notify |= rc;
734                 }
735         } else {
736                 if (!(flags & NLM_F_CREATE))
737                         return -ENOENT;
738 
739                 if (vxlan->addrmax && vxlan->addrcnt >= vxlan->addrmax)
740                         return -ENOSPC;
741 
742                 /* Disallow replace to add a multicast entry */
743                 if ((flags & NLM_F_REPLACE) &&
744                     (is_multicast_ether_addr(mac) || is_zero_ether_addr(mac)))
745                         return -EOPNOTSUPP;
746 
747                 netdev_dbg(vxlan->dev, "add %pM -> %pIS\n", mac, ip);
748                 f = kmalloc(sizeof(*f), GFP_ATOMIC);
749                 if (!f)
750                         return -ENOMEM;
751 
752                 notify = 1;
753                 f->state = state;
754                 f->flags = ndm_flags;
755                 f->updated = f->used = jiffies;
756                 INIT_LIST_HEAD(&f->remotes);
757                 memcpy(f->eth_addr, mac, ETH_ALEN);
758 
759                 vxlan_fdb_append(f, ip, port, vni, ifindex);
760 
761                 ++vxlan->addrcnt;
762                 hlist_add_head_rcu(&f->hlist,
763                                    vxlan_fdb_head(vxlan, mac));
764         }
765 
766         if (notify)
767                 vxlan_fdb_notify(vxlan, f, RTM_NEWNEIGH);
768 
769         return 0;
770 }
771 
772 static void vxlan_fdb_free(struct rcu_head *head)
773 {
774         struct vxlan_fdb *f = container_of(head, struct vxlan_fdb, rcu);
775         struct vxlan_rdst *rd, *nd;
776 
777         list_for_each_entry_safe(rd, nd, &f->remotes, list)
778                 kfree(rd);
779         kfree(f);
780 }
781 
782 static void vxlan_fdb_destroy(struct vxlan_dev *vxlan, struct vxlan_fdb *f)
783 {
784         netdev_dbg(vxlan->dev,
785                     "delete %pM\n", f->eth_addr);
786 
787         --vxlan->addrcnt;
788         vxlan_fdb_notify(vxlan, f, RTM_DELNEIGH);
789 
790         hlist_del_rcu(&f->hlist);
791         call_rcu(&f->rcu, vxlan_fdb_free);
792 }
793 
794 static int vxlan_fdb_parse(struct nlattr *tb[], struct vxlan_dev *vxlan,
795                            union vxlan_addr *ip, __be16 *port, u32 *vni, u32 *ifindex)
796 {
797         struct net *net = dev_net(vxlan->dev);
798         int err;
799 
800         if (tb[NDA_DST]) {
801                 err = vxlan_nla_get_addr(ip, tb[NDA_DST]);
802                 if (err)
803                         return err;
804         } else {
805                 union vxlan_addr *remote = &vxlan->default_dst.remote_ip;
806                 if (remote->sa.sa_family == AF_INET) {
807                         ip->sin.sin_addr.s_addr = htonl(INADDR_ANY);
808                         ip->sa.sa_family = AF_INET;
809 #if IS_ENABLED(CONFIG_IPV6)
810                 } else {
811                         ip->sin6.sin6_addr = in6addr_any;
812                         ip->sa.sa_family = AF_INET6;
813 #endif
814                 }
815         }
816 
817         if (tb[NDA_PORT]) {
818                 if (nla_len(tb[NDA_PORT]) != sizeof(__be16))
819                         return -EINVAL;
820                 *port = nla_get_be16(tb[NDA_PORT]);
821         } else {
822                 *port = vxlan->dst_port;
823         }
824 
825         if (tb[NDA_VNI]) {
826                 if (nla_len(tb[NDA_VNI]) != sizeof(u32))
827                         return -EINVAL;
828                 *vni = nla_get_u32(tb[NDA_VNI]);
829         } else {
830                 *vni = vxlan->default_dst.remote_vni;
831         }
832 
833         if (tb[NDA_IFINDEX]) {
834                 struct net_device *tdev;
835 
836                 if (nla_len(tb[NDA_IFINDEX]) != sizeof(u32))
837                         return -EINVAL;
838                 *ifindex = nla_get_u32(tb[NDA_IFINDEX]);
839                 tdev = __dev_get_by_index(net, *ifindex);
840                 if (!tdev)
841                         return -EADDRNOTAVAIL;
842         } else {
843                 *ifindex = 0;
844         }
845 
846         return 0;
847 }
848 
849 /* Add static entry (via netlink) */
850 static int vxlan_fdb_add(struct ndmsg *ndm, struct nlattr *tb[],
851                          struct net_device *dev,
852                          const unsigned char *addr, u16 flags)
853 {
854         struct vxlan_dev *vxlan = netdev_priv(dev);
855         /* struct net *net = dev_net(vxlan->dev); */
856         union vxlan_addr ip;
857         __be16 port;
858         u32 vni, ifindex;
859         int err;
860 
861         if (!(ndm->ndm_state & (NUD_PERMANENT|NUD_REACHABLE))) {
862                 pr_info("RTM_NEWNEIGH with invalid state %#x\n",
863                         ndm->ndm_state);
864                 return -EINVAL;
865         }
866 
867         if (tb[NDA_DST] == NULL)
868                 return -EINVAL;
869 
870         err = vxlan_fdb_parse(tb, vxlan, &ip, &port, &vni, &ifindex);
871         if (err)
872                 return err;
873 
874         spin_lock_bh(&vxlan->hash_lock);
875         err = vxlan_fdb_create(vxlan, addr, &ip, ndm->ndm_state, flags,
876                                port, vni, ifindex, ndm->ndm_flags);
877         spin_unlock_bh(&vxlan->hash_lock);
878 
879         return err;
880 }
881 
882 /* Delete entry (via netlink) */
883 static int vxlan_fdb_delete(struct ndmsg *ndm, struct nlattr *tb[],
884                             struct net_device *dev,
885                             const unsigned char *addr)
886 {
887         struct vxlan_dev *vxlan = netdev_priv(dev);
888         struct vxlan_fdb *f;
889         struct vxlan_rdst *rd = NULL;
890         union vxlan_addr ip;
891         __be16 port;
892         u32 vni, ifindex;
893         int err;
894 
895         err = vxlan_fdb_parse(tb, vxlan, &ip, &port, &vni, &ifindex);
896         if (err)
897                 return err;
898 
899         err = -ENOENT;
900 
901         spin_lock_bh(&vxlan->hash_lock);
902         f = vxlan_find_mac(vxlan, addr);
903         if (!f)
904                 goto out;
905 
906         if (!vxlan_addr_any(&ip)) {
907                 rd = vxlan_fdb_find_rdst(f, &ip, port, vni, ifindex);
908                 if (!rd)
909                         goto out;
910         }
911 
912         err = 0;
913 
914         /* remove a destination if it's not the only one on the list,
915          * otherwise destroy the fdb entry
916          */
917         if (rd && !list_is_singular(&f->remotes)) {
918                 list_del_rcu(&rd->list);
919                 kfree_rcu(rd, rcu);
920                 goto out;
921         }
922 
923         vxlan_fdb_destroy(vxlan, f);
924 
925 out:
926         spin_unlock_bh(&vxlan->hash_lock);
927 
928         return err;
929 }
930 
931 /* Dump forwarding table */
932 static int vxlan_fdb_dump(struct sk_buff *skb, struct netlink_callback *cb,
933                           struct net_device *dev, int idx)
934 {
935         struct vxlan_dev *vxlan = netdev_priv(dev);
936         unsigned int h;
937 
938         for (h = 0; h < FDB_HASH_SIZE; ++h) {
939                 struct vxlan_fdb *f;
940                 int err;
941 
942                 hlist_for_each_entry_rcu(f, &vxlan->fdb_head[h], hlist) {
943                         struct vxlan_rdst *rd;
944 
945                         if (idx < cb->args[0])
946                                 goto skip;
947 
948                         list_for_each_entry_rcu(rd, &f->remotes, list) {
949                                 err = vxlan_fdb_info(skb, vxlan, f,
950                                                      NETLINK_CB(cb->skb).portid,
951                                                      cb->nlh->nlmsg_seq,
952                                                      RTM_NEWNEIGH,
953                                                      NLM_F_MULTI, rd);
954                                 if (err < 0)
955                                         goto out;
956                         }
957 skip:
958                         ++idx;
959                 }
960         }
961 out:
962         return idx;
963 }
964 
965 /* Watch incoming packets to learn mapping between Ethernet address
966  * and Tunnel endpoint.
967  * Return true if packet is bogus and should be droppped.
968  */
969 static bool vxlan_snoop(struct net_device *dev,
970                         union vxlan_addr *src_ip, const u8 *src_mac)
971 {
972         struct vxlan_dev *vxlan = netdev_priv(dev);
973         struct vxlan_fdb *f;
974 
975         f = vxlan_find_mac(vxlan, src_mac);
976         if (likely(f)) {
977                 struct vxlan_rdst *rdst = first_remote_rcu(f);
978 
979                 if (likely(vxlan_addr_equal(&rdst->remote_ip, src_ip)))
980                         return false;
981 
982                 /* Don't migrate static entries, drop packets */
983                 if (f->state & NUD_NOARP)
984                         return true;
985 
986                 if (net_ratelimit())
987                         netdev_info(dev,
988                                     "%pM migrated from %pIS to %pIS\n",
989                                     src_mac, &rdst->remote_ip, &src_ip);
990 
991                 rdst->remote_ip = *src_ip;
992                 f->updated = jiffies;
993                 vxlan_fdb_notify(vxlan, f, RTM_NEWNEIGH);
994         } else {
995                 /* learned new entry */
996                 spin_lock(&vxlan->hash_lock);
997 
998                 /* close off race between vxlan_flush and incoming packets */
999                 if (netif_running(dev))
1000                         vxlan_fdb_create(vxlan, src_mac, src_ip,
1001                                          NUD_REACHABLE,
1002                                          NLM_F_EXCL|NLM_F_CREATE,
1003                                          vxlan->dst_port,
1004                                          vxlan->default_dst.remote_vni,
1005                                          0, NTF_SELF);
1006                 spin_unlock(&vxlan->hash_lock);
1007         }
1008 
1009         return false;
1010 }
1011 
1012 /* See if multicast group is already in use by other ID */
1013 static bool vxlan_group_used(struct vxlan_net *vn, struct vxlan_dev *dev)
1014 {
1015         struct vxlan_dev *vxlan;
1016 
1017         /* The vxlan_sock is only used by dev, leaving group has
1018          * no effect on other vxlan devices.
1019          */
1020         if (atomic_read(&dev->vn_sock->refcnt) == 1)
1021                 return false;
1022 
1023         list_for_each_entry(vxlan, &vn->vxlan_list, next) {
1024                 if (!netif_running(vxlan->dev) || vxlan == dev)
1025                         continue;
1026 
1027                 if (vxlan->vn_sock != dev->vn_sock)
1028                         continue;
1029 
1030                 if (!vxlan_addr_equal(&vxlan->default_dst.remote_ip,
1031                                       &dev->default_dst.remote_ip))
1032                         continue;
1033 
1034                 if (vxlan->default_dst.remote_ifindex !=
1035                     dev->default_dst.remote_ifindex)
1036                         continue;
1037 
1038                 return true;
1039         }
1040 
1041         return false;
1042 }
1043 
1044 static void vxlan_sock_hold(struct vxlan_sock *vs)
1045 {
1046         atomic_inc(&vs->refcnt);
1047 }
1048 
1049 void vxlan_sock_release(struct vxlan_sock *vs)
1050 {
1051         struct sock *sk = vs->sock->sk;
1052         struct net *net = sock_net(sk);
1053         struct vxlan_net *vn = net_generic(net, vxlan_net_id);
1054 
1055         if (!atomic_dec_and_test(&vs->refcnt))
1056                 return;
1057 
1058         spin_lock(&vn->sock_lock);
1059         hlist_del_rcu(&vs->hlist);
1060         rcu_assign_sk_user_data(vs->sock->sk, NULL);
1061         vxlan_notify_del_rx_port(vs);
1062         spin_unlock(&vn->sock_lock);
1063 
1064         queue_work(vxlan_wq, &vs->del_work);
1065 }
1066 EXPORT_SYMBOL_GPL(vxlan_sock_release);
1067 
1068 /* Callback to update multicast group membership when first VNI on
1069  * multicast asddress is brought up
1070  * Done as workqueue because ip_mc_join_group acquires RTNL.
1071  */
1072 static void vxlan_igmp_join(struct work_struct *work)
1073 {
1074         struct vxlan_dev *vxlan = container_of(work, struct vxlan_dev, igmp_join);
1075         struct vxlan_sock *vs = vxlan->vn_sock;
1076         struct sock *sk = vs->sock->sk;
1077         union vxlan_addr *ip = &vxlan->default_dst.remote_ip;
1078         int ifindex = vxlan->default_dst.remote_ifindex;
1079 
1080         lock_sock(sk);
1081         if (ip->sa.sa_family == AF_INET) {
1082                 struct ip_mreqn mreq = {
1083                         .imr_multiaddr.s_addr   = ip->sin.sin_addr.s_addr,
1084                         .imr_ifindex            = ifindex,
1085                 };
1086 
1087                 ip_mc_join_group(sk, &mreq);
1088 #if IS_ENABLED(CONFIG_IPV6)
1089         } else {
1090                 ipv6_stub->ipv6_sock_mc_join(sk, ifindex,
1091                                              &ip->sin6.sin6_addr);
1092 #endif
1093         }
1094         release_sock(sk);
1095 
1096         vxlan_sock_release(vs);
1097         dev_put(vxlan->dev);
1098 }
1099 
1100 /* Inverse of vxlan_igmp_join when last VNI is brought down */
1101 static void vxlan_igmp_leave(struct work_struct *work)
1102 {
1103         struct vxlan_dev *vxlan = container_of(work, struct vxlan_dev, igmp_leave);
1104         struct vxlan_sock *vs = vxlan->vn_sock;
1105         struct sock *sk = vs->sock->sk;
1106         union vxlan_addr *ip = &vxlan->default_dst.remote_ip;
1107         int ifindex = vxlan->default_dst.remote_ifindex;
1108 
1109         lock_sock(sk);
1110         if (ip->sa.sa_family == AF_INET) {
1111                 struct ip_mreqn mreq = {
1112                         .imr_multiaddr.s_addr   = ip->sin.sin_addr.s_addr,
1113                         .imr_ifindex            = ifindex,
1114                 };
1115 
1116                 ip_mc_leave_group(sk, &mreq);
1117 #if IS_ENABLED(CONFIG_IPV6)
1118         } else {
1119                 ipv6_stub->ipv6_sock_mc_drop(sk, ifindex,
1120                                              &ip->sin6.sin6_addr);
1121 #endif
1122         }
1123 
1124         release_sock(sk);
1125 
1126         vxlan_sock_release(vs);
1127         dev_put(vxlan->dev);
1128 }
1129 
1130 /* Callback from net/ipv4/udp.c to receive packets */
1131 static int vxlan_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
1132 {
1133         struct vxlan_sock *vs;
1134         struct vxlanhdr *vxh;
1135         __be16 port;
1136 
1137         /* Need Vxlan and inner Ethernet header to be present */
1138         if (!pskb_may_pull(skb, VXLAN_HLEN))
1139                 goto error;
1140 
1141         /* Return packets with reserved bits set */
1142         vxh = (struct vxlanhdr *)(udp_hdr(skb) + 1);
1143         if (vxh->vx_flags != htonl(VXLAN_FLAGS) ||
1144             (vxh->vx_vni & htonl(0xff))) {
1145                 netdev_dbg(skb->dev, "invalid vxlan flags=%#x vni=%#x\n",
1146                            ntohl(vxh->vx_flags), ntohl(vxh->vx_vni));
1147                 goto error;
1148         }
1149 
1150         if (iptunnel_pull_header(skb, VXLAN_HLEN, htons(ETH_P_TEB)))
1151                 goto drop;
1152 
1153         port = inet_sk(sk)->inet_sport;
1154 
1155         vs = rcu_dereference_sk_user_data(sk);
1156         if (!vs)
1157                 goto drop;
1158 
1159         /* If the NIC driver gave us an encapsulated packet
1160          * with the encapsulation mark, the device checksummed it
1161          * for us. Otherwise force the upper layers to verify it.
1162          */
1163         if ((skb->ip_summed != CHECKSUM_UNNECESSARY && skb->ip_summed != CHECKSUM_PARTIAL) ||
1164             !skb->encapsulation)
1165                 skb->ip_summed = CHECKSUM_NONE;
1166 
1167         skb->encapsulation = 0;
1168 
1169         vs->rcv(vs, skb, vxh->vx_vni);
1170         return 0;
1171 
1172 drop:
1173         /* Consume bad packet */
1174         kfree_skb(skb);
1175         return 0;
1176 
1177 error:
1178         /* Return non vxlan pkt */
1179         return 1;
1180 }
1181 
1182 static void vxlan_rcv(struct vxlan_sock *vs,
1183                       struct sk_buff *skb, __be32 vx_vni)
1184 {
1185         struct iphdr *oip = NULL;
1186         struct ipv6hdr *oip6 = NULL;
1187         struct vxlan_dev *vxlan;
1188         struct pcpu_sw_netstats *stats;
1189         union vxlan_addr saddr;
1190         __u32 vni;
1191         int err = 0;
1192         union vxlan_addr *remote_ip;
1193 
1194         vni = ntohl(vx_vni) >> 8;
1195         /* Is this VNI defined? */
1196         vxlan = vxlan_vs_find_vni(vs, vni);
1197         if (!vxlan)
1198                 goto drop;
1199 
1200         remote_ip = &vxlan->default_dst.remote_ip;
1201         skb_reset_mac_header(skb);
1202         skb->protocol = eth_type_trans(skb, vxlan->dev);
1203 
1204         /* Ignore packet loops (and multicast echo) */
1205         if (ether_addr_equal(eth_hdr(skb)->h_source, vxlan->dev->dev_addr))
1206                 goto drop;
1207 
1208         /* Re-examine inner Ethernet packet */
1209         if (remote_ip->sa.sa_family == AF_INET) {
1210                 oip = ip_hdr(skb);
1211                 saddr.sin.sin_addr.s_addr = oip->saddr;
1212                 saddr.sa.sa_family = AF_INET;
1213 #if IS_ENABLED(CONFIG_IPV6)
1214         } else {
1215                 oip6 = ipv6_hdr(skb);
1216                 saddr.sin6.sin6_addr = oip6->saddr;
1217                 saddr.sa.sa_family = AF_INET6;
1218 #endif
1219         }
1220 
1221         if ((vxlan->flags & VXLAN_F_LEARN) &&
1222             vxlan_snoop(skb->dev, &saddr, eth_hdr(skb)->h_source))
1223                 goto drop;
1224 
1225         skb_reset_network_header(skb);
1226 
1227         if (oip6)
1228                 err = IP6_ECN_decapsulate(oip6, skb);
1229         if (oip)
1230                 err = IP_ECN_decapsulate(oip, skb);
1231 
1232         if (unlikely(err)) {
1233                 if (log_ecn_error) {
1234                         if (oip6)
1235                                 net_info_ratelimited("non-ECT from %pI6\n",
1236                                                      &oip6->saddr);
1237                         if (oip)
1238                                 net_info_ratelimited("non-ECT from %pI4 with TOS=%#x\n",
1239                                                      &oip->saddr, oip->tos);
1240                 }
1241                 if (err > 1) {
1242                         ++vxlan->dev->stats.rx_frame_errors;
1243                         ++vxlan->dev->stats.rx_errors;
1244                         goto drop;
1245                 }
1246         }
1247 
1248         stats = this_cpu_ptr(vxlan->dev->tstats);
1249         u64_stats_update_begin(&stats->syncp);
1250         stats->rx_packets++;
1251         stats->rx_bytes += skb->len;
1252         u64_stats_update_end(&stats->syncp);
1253 
1254         netif_rx(skb);
1255 
1256         return;
1257 drop:
1258         /* Consume bad packet */
1259         kfree_skb(skb);
1260 }
1261 
1262 static int arp_reduce(struct net_device *dev, struct sk_buff *skb)
1263 {
1264         struct vxlan_dev *vxlan = netdev_priv(dev);
1265         struct arphdr *parp;
1266         u8 *arpptr, *sha;
1267         __be32 sip, tip;
1268         struct neighbour *n;
1269 
1270         if (dev->flags & IFF_NOARP)
1271                 goto out;
1272 
1273         if (!pskb_may_pull(skb, arp_hdr_len(dev))) {
1274                 dev->stats.tx_dropped++;
1275                 goto out;
1276         }
1277         parp = arp_hdr(skb);
1278 
1279         if ((parp->ar_hrd != htons(ARPHRD_ETHER) &&
1280              parp->ar_hrd != htons(ARPHRD_IEEE802)) ||
1281             parp->ar_pro != htons(ETH_P_IP) ||
1282             parp->ar_op != htons(ARPOP_REQUEST) ||
1283             parp->ar_hln != dev->addr_len ||
1284             parp->ar_pln != 4)
1285                 goto out;
1286         arpptr = (u8 *)parp + sizeof(struct arphdr);
1287         sha = arpptr;
1288         arpptr += dev->addr_len;        /* sha */
1289         memcpy(&sip, arpptr, sizeof(sip));
1290         arpptr += sizeof(sip);
1291         arpptr += dev->addr_len;        /* tha */
1292         memcpy(&tip, arpptr, sizeof(tip));
1293 
1294         if (ipv4_is_loopback(tip) ||
1295             ipv4_is_multicast(tip))
1296                 goto out;
1297 
1298         n = neigh_lookup(&arp_tbl, &tip, dev);
1299 
1300         if (n) {
1301                 struct vxlan_fdb *f;
1302                 struct sk_buff  *reply;
1303 
1304                 if (!(n->nud_state & NUD_CONNECTED)) {
1305                         neigh_release(n);
1306                         goto out;
1307                 }
1308 
1309                 f = vxlan_find_mac(vxlan, n->ha);
1310                 if (f && vxlan_addr_any(&(first_remote_rcu(f)->remote_ip))) {
1311                         /* bridge-local neighbor */
1312                         neigh_release(n);
1313                         goto out;
1314                 }
1315 
1316                 reply = arp_create(ARPOP_REPLY, ETH_P_ARP, sip, dev, tip, sha,
1317                                 n->ha, sha);
1318 
1319                 neigh_release(n);
1320 
1321                 if (reply == NULL)
1322                         goto out;
1323 
1324                 skb_reset_mac_header(reply);
1325                 __skb_pull(reply, skb_network_offset(reply));
1326                 reply->ip_summed = CHECKSUM_UNNECESSARY;
1327                 reply->pkt_type = PACKET_HOST;
1328 
1329                 if (netif_rx_ni(reply) == NET_RX_DROP)
1330                         dev->stats.rx_dropped++;
1331         } else if (vxlan->flags & VXLAN_F_L3MISS) {
1332                 union vxlan_addr ipa = {
1333                         .sin.sin_addr.s_addr = tip,
1334                         .sa.sa_family = AF_INET,
1335                 };
1336 
1337                 vxlan_ip_miss(dev, &ipa);
1338         }
1339 out:
1340         consume_skb(skb);
1341         return NETDEV_TX_OK;
1342 }
1343 
1344 #if IS_ENABLED(CONFIG_IPV6)
1345 
1346 static struct sk_buff *vxlan_na_create(struct sk_buff *request,
1347         struct neighbour *n, bool isrouter)
1348 {
1349         struct net_device *dev = request->dev;
1350         struct sk_buff *reply;
1351         struct nd_msg *ns, *na;
1352         struct ipv6hdr *pip6;
1353         u8 *daddr;
1354         int na_olen = 8; /* opt hdr + ETH_ALEN for target */
1355         int ns_olen;
1356         int i, len;
1357 
1358         if (dev == NULL)
1359                 return NULL;
1360 
1361         len = LL_RESERVED_SPACE(dev) + sizeof(struct ipv6hdr) +
1362                 sizeof(*na) + na_olen + dev->needed_tailroom;
1363         reply = alloc_skb(len, GFP_ATOMIC);
1364         if (reply == NULL)
1365                 return NULL;
1366 
1367         reply->protocol = htons(ETH_P_IPV6);
1368         reply->dev = dev;
1369         skb_reserve(reply, LL_RESERVED_SPACE(request->dev));
1370         skb_push(reply, sizeof(struct ethhdr));
1371         skb_set_mac_header(reply, 0);
1372 
1373         ns = (struct nd_msg *)skb_transport_header(request);
1374 
1375         daddr = eth_hdr(request)->h_source;
1376         ns_olen = request->len - skb_transport_offset(request) - sizeof(*ns);
1377         for (i = 0; i < ns_olen-1; i += (ns->opt[i+1]<<3)) {
1378                 if (ns->opt[i] == ND_OPT_SOURCE_LL_ADDR) {
1379                         daddr = ns->opt + i + sizeof(struct nd_opt_hdr);
1380                         break;
1381                 }
1382         }
1383 
1384         /* Ethernet header */
1385         ether_addr_copy(eth_hdr(reply)->h_dest, daddr);
1386         ether_addr_copy(eth_hdr(reply)->h_source, n->ha);
1387         eth_hdr(reply)->h_proto = htons(ETH_P_IPV6);
1388         reply->protocol = htons(ETH_P_IPV6);
1389 
1390         skb_pull(reply, sizeof(struct ethhdr));
1391         skb_set_network_header(reply, 0);
1392         skb_put(reply, sizeof(struct ipv6hdr));
1393 
1394         /* IPv6 header */
1395 
1396         pip6 = ipv6_hdr(reply);
1397         memset(pip6, 0, sizeof(struct ipv6hdr));
1398         pip6->version = 6;
1399         pip6->priority = ipv6_hdr(request)->priority;
1400         pip6->nexthdr = IPPROTO_ICMPV6;
1401         pip6->hop_limit = 255;
1402         pip6->daddr = ipv6_hdr(request)->saddr;
1403         pip6->saddr = *(struct in6_addr *)n->primary_key;
1404 
1405         skb_pull(reply, sizeof(struct ipv6hdr));
1406         skb_set_transport_header(reply, 0);
1407 
1408         na = (struct nd_msg *)skb_put(reply, sizeof(*na) + na_olen);
1409 
1410         /* Neighbor Advertisement */
1411         memset(na, 0, sizeof(*na)+na_olen);
1412         na->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT;
1413         na->icmph.icmp6_router = isrouter;
1414         na->icmph.icmp6_override = 1;
1415         na->icmph.icmp6_solicited = 1;
1416         na->target = ns->target;
1417         ether_addr_copy(&na->opt[2], n->ha);
1418         na->opt[0] = ND_OPT_TARGET_LL_ADDR;
1419         na->opt[1] = na_olen >> 3;
1420 
1421         na->icmph.icmp6_cksum = csum_ipv6_magic(&pip6->saddr,
1422                 &pip6->daddr, sizeof(*na)+na_olen, IPPROTO_ICMPV6,
1423                 csum_partial(na, sizeof(*na)+na_olen, 0));
1424 
1425         pip6->payload_len = htons(sizeof(*na)+na_olen);
1426 
1427         skb_push(reply, sizeof(struct ipv6hdr));
1428 
1429         reply->ip_summed = CHECKSUM_UNNECESSARY;
1430 
1431         return reply;
1432 }
1433 
1434 static int neigh_reduce(struct net_device *dev, struct sk_buff *skb)
1435 {
1436         struct vxlan_dev *vxlan = netdev_priv(dev);
1437         struct nd_msg *msg;
1438         const struct ipv6hdr *iphdr;
1439         const struct in6_addr *saddr, *daddr;
1440         struct neighbour *n;
1441         struct inet6_dev *in6_dev;
1442 
1443         in6_dev = __in6_dev_get(dev);
1444         if (!in6_dev)
1445                 goto out;
1446 
1447         if (!pskb_may_pull(skb, skb->len))
1448                 goto out;
1449 
1450         iphdr = ipv6_hdr(skb);
1451         saddr = &iphdr->saddr;
1452         daddr = &iphdr->daddr;
1453 
1454         msg = (struct nd_msg *)skb_transport_header(skb);
1455         if (msg->icmph.icmp6_code != 0 ||
1456             msg->icmph.icmp6_type != NDISC_NEIGHBOUR_SOLICITATION)
1457                 goto out;
1458 
1459         if (ipv6_addr_loopback(daddr) ||
1460             ipv6_addr_is_multicast(&msg->target))
1461                 goto out;
1462 
1463         n = neigh_lookup(ipv6_stub->nd_tbl, &msg->target, dev);
1464 
1465         if (n) {
1466                 struct vxlan_fdb *f;
1467                 struct sk_buff *reply;
1468 
1469                 if (!(n->nud_state & NUD_CONNECTED)) {
1470                         neigh_release(n);
1471                         goto out;
1472                 }
1473 
1474                 f = vxlan_find_mac(vxlan, n->ha);
1475                 if (f && vxlan_addr_any(&(first_remote_rcu(f)->remote_ip))) {
1476                         /* bridge-local neighbor */
1477                         neigh_release(n);
1478                         goto out;
1479                 }
1480 
1481                 reply = vxlan_na_create(skb, n,
1482                                         !!(f ? f->flags & NTF_ROUTER : 0));
1483 
1484                 neigh_release(n);
1485 
1486                 if (reply == NULL)
1487                         goto out;
1488 
1489                 if (netif_rx_ni(reply) == NET_RX_DROP)
1490                         dev->stats.rx_dropped++;
1491 
1492         } else if (vxlan->flags & VXLAN_F_L3MISS) {
1493                 union vxlan_addr ipa = {
1494                         .sin6.sin6_addr = msg->target,
1495                         .sa.sa_family = AF_INET6,
1496                 };
1497 
1498                 vxlan_ip_miss(dev, &ipa);
1499         }
1500 
1501 out:
1502         consume_skb(skb);
1503         return NETDEV_TX_OK;
1504 }
1505 #endif
1506 
1507 static bool route_shortcircuit(struct net_device *dev, struct sk_buff *skb)
1508 {
1509         struct vxlan_dev *vxlan = netdev_priv(dev);
1510         struct neighbour *n;
1511 
1512         if (is_multicast_ether_addr(eth_hdr(skb)->h_dest))
1513                 return false;
1514 
1515         n = NULL;
1516         switch (ntohs(eth_hdr(skb)->h_proto)) {
1517         case ETH_P_IP:
1518         {
1519                 struct iphdr *pip;
1520 
1521                 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
1522                         return false;
1523                 pip = ip_hdr(skb);
1524                 n = neigh_lookup(&arp_tbl, &pip->daddr, dev);
1525                 if (!n && (vxlan->flags & VXLAN_F_L3MISS)) {
1526                         union vxlan_addr ipa = {
1527                                 .sin.sin_addr.s_addr = pip->daddr,
1528                                 .sa.sa_family = AF_INET,
1529                         };
1530 
1531                         vxlan_ip_miss(dev, &ipa);
1532                         return false;
1533                 }
1534 
1535                 break;
1536         }
1537 #if IS_ENABLED(CONFIG_IPV6)
1538         case ETH_P_IPV6:
1539         {
1540                 struct ipv6hdr *pip6;
1541 
1542                 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
1543                         return false;
1544                 pip6 = ipv6_hdr(skb);
1545                 n = neigh_lookup(ipv6_stub->nd_tbl, &pip6->daddr, dev);
1546                 if (!n && (vxlan->flags & VXLAN_F_L3MISS)) {
1547                         union vxlan_addr ipa = {
1548                                 .sin6.sin6_addr = pip6->daddr,
1549                                 .sa.sa_family = AF_INET6,
1550                         };
1551 
1552                         vxlan_ip_miss(dev, &ipa);
1553                         return false;
1554                 }
1555 
1556                 break;
1557         }
1558 #endif
1559         default:
1560                 return false;
1561         }
1562 
1563         if (n) {
1564                 bool diff;
1565 
1566                 diff = !ether_addr_equal(eth_hdr(skb)->h_dest, n->ha);
1567                 if (diff) {
1568                         memcpy(eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
1569                                 dev->addr_len);
1570                         memcpy(eth_hdr(skb)->h_dest, n->ha, dev->addr_len);
1571                 }
1572                 neigh_release(n);
1573                 return diff;
1574         }
1575 
1576         return false;
1577 }
1578 
1579 /* Compute source port for outgoing packet
1580  *   first choice to use L4 flow hash since it will spread
1581  *     better and maybe available from hardware
1582  *   secondary choice is to use jhash on the Ethernet header
1583  */
1584 __be16 vxlan_src_port(__u16 port_min, __u16 port_max, struct sk_buff *skb)
1585 {
1586         unsigned int range = (port_max - port_min) + 1;
1587         u32 hash;
1588 
1589         hash = skb_get_hash(skb);
1590         if (!hash)
1591                 hash = jhash(skb->data, 2 * ETH_ALEN,
1592                              (__force u32) skb->protocol);
1593 
1594         return htons((((u64) hash * range) >> 32) + port_min);
1595 }
1596 EXPORT_SYMBOL_GPL(vxlan_src_port);
1597 
1598 static int handle_offloads(struct sk_buff *skb)
1599 {
1600         if (skb_is_gso(skb)) {
1601                 int err = skb_unclone(skb, GFP_ATOMIC);
1602                 if (unlikely(err))
1603                         return err;
1604 
1605                 skb_shinfo(skb)->gso_type |= SKB_GSO_UDP_TUNNEL;
1606         } else if (skb->ip_summed != CHECKSUM_PARTIAL)
1607                 skb->ip_summed = CHECKSUM_NONE;
1608 
1609         return 0;
1610 }
1611 
1612 #if IS_ENABLED(CONFIG_IPV6)
1613 static int vxlan6_xmit_skb(struct vxlan_sock *vs,
1614                            struct dst_entry *dst, struct sk_buff *skb,
1615                            struct net_device *dev, struct in6_addr *saddr,
1616                            struct in6_addr *daddr, __u8 prio, __u8 ttl,
1617                            __be16 src_port, __be16 dst_port, __be32 vni)
1618 {
1619         struct ipv6hdr *ip6h;
1620         struct vxlanhdr *vxh;
1621         struct udphdr *uh;
1622         int min_headroom;
1623         int err;
1624 
1625         if (!skb->encapsulation) {
1626                 skb_reset_inner_headers(skb);
1627                 skb->encapsulation = 1;
1628         }
1629 
1630         skb_scrub_packet(skb, false);
1631 
1632         min_headroom = LL_RESERVED_SPACE(dst->dev) + dst->header_len
1633                         + VXLAN_HLEN + sizeof(struct ipv6hdr)
1634                         + (vlan_tx_tag_present(skb) ? VLAN_HLEN : 0);
1635 
1636         /* Need space for new headers (invalidates iph ptr) */
1637         err = skb_cow_head(skb, min_headroom);
1638         if (unlikely(err))
1639                 return err;
1640 
1641         if (vlan_tx_tag_present(skb)) {
1642                 if (WARN_ON(!__vlan_put_tag(skb,
1643                                             skb->vlan_proto,
1644                                             vlan_tx_tag_get(skb))))
1645                         return -ENOMEM;
1646 
1647                 skb->vlan_tci = 0;
1648         }
1649 
1650         vxh = (struct vxlanhdr *) __skb_push(skb, sizeof(*vxh));
1651         vxh->vx_flags = htonl(VXLAN_FLAGS);
1652         vxh->vx_vni = vni;
1653 
1654         __skb_push(skb, sizeof(*uh));
1655         skb_reset_transport_header(skb);
1656         uh = udp_hdr(skb);
1657 
1658         uh->dest = dst_port;
1659         uh->source = src_port;
1660 
1661         uh->len = htons(skb->len);
1662         uh->check = 0;
1663 
1664         memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
1665         IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
1666                               IPSKB_REROUTED);
1667         skb_dst_set(skb, dst);
1668 
1669         if (!skb_is_gso(skb) && !(dst->dev->features & NETIF_F_IPV6_CSUM)) {
1670                 __wsum csum = skb_checksum(skb, 0, skb->len, 0);
1671                 skb->ip_summed = CHECKSUM_UNNECESSARY;
1672                 uh->check = csum_ipv6_magic(saddr, daddr, skb->len,
1673                                             IPPROTO_UDP, csum);
1674                 if (uh->check == 0)
1675                         uh->check = CSUM_MANGLED_0;
1676         } else {
1677                 skb->ip_summed = CHECKSUM_PARTIAL;
1678                 skb->csum_start = skb_transport_header(skb) - skb->head;
1679                 skb->csum_offset = offsetof(struct udphdr, check);
1680                 uh->check = ~csum_ipv6_magic(saddr, daddr,
1681                                              skb->len, IPPROTO_UDP, 0);
1682         }
1683 
1684         __skb_push(skb, sizeof(*ip6h));
1685         skb_reset_network_header(skb);
1686         ip6h              = ipv6_hdr(skb);
1687         ip6h->version     = 6;
1688         ip6h->priority    = prio;
1689         ip6h->flow_lbl[0] = 0;
1690         ip6h->flow_lbl[1] = 0;
1691         ip6h->flow_lbl[2] = 0;
1692         ip6h->payload_len = htons(skb->len);
1693         ip6h->nexthdr     = IPPROTO_UDP;
1694         ip6h->hop_limit   = ttl;
1695         ip6h->daddr       = *daddr;
1696         ip6h->saddr       = *saddr;
1697 
1698         err = handle_offloads(skb);
1699         if (err)
1700                 return err;
1701 
1702         ip6tunnel_xmit(skb, dev);
1703         return 0;
1704 }
1705 #endif
1706 
1707 int vxlan_xmit_skb(struct vxlan_sock *vs,
1708                    struct rtable *rt, struct sk_buff *skb,
1709                    __be32 src, __be32 dst, __u8 tos, __u8 ttl, __be16 df,
1710                    __be16 src_port, __be16 dst_port, __be32 vni)
1711 {
1712         struct vxlanhdr *vxh;
1713         struct udphdr *uh;
1714         int min_headroom;
1715         int err;
1716 
1717         if (!skb->encapsulation) {
1718                 skb_reset_inner_headers(skb);
1719                 skb->encapsulation = 1;
1720         }
1721 
1722         min_headroom = LL_RESERVED_SPACE(rt->dst.dev) + rt->dst.header_len
1723                         + VXLAN_HLEN + sizeof(struct iphdr)
1724                         + (vlan_tx_tag_present(skb) ? VLAN_HLEN : 0);
1725 
1726         /* Need space for new headers (invalidates iph ptr) */
1727         err = skb_cow_head(skb, min_headroom);
1728         if (unlikely(err))
1729                 return err;
1730 
1731         if (vlan_tx_tag_present(skb)) {
1732                 if (WARN_ON(!__vlan_put_tag(skb,
1733                                             skb->vlan_proto,
1734                                             vlan_tx_tag_get(skb))))
1735                         return -ENOMEM;
1736 
1737                 skb->vlan_tci = 0;
1738         }
1739 
1740         vxh = (struct vxlanhdr *) __skb_push(skb, sizeof(*vxh));
1741         vxh->vx_flags = htonl(VXLAN_FLAGS);
1742         vxh->vx_vni = vni;
1743 
1744         __skb_push(skb, sizeof(*uh));
1745         skb_reset_transport_header(skb);
1746         uh = udp_hdr(skb);
1747 
1748         uh->dest = dst_port;
1749         uh->source = src_port;
1750 
1751         uh->len = htons(skb->len);
1752         uh->check = 0;
1753 
1754         err = handle_offloads(skb);
1755         if (err)
1756                 return err;
1757 
1758         return iptunnel_xmit(rt, skb, src, dst, IPPROTO_UDP, tos, ttl, df,
1759                              false);
1760 }
1761 EXPORT_SYMBOL_GPL(vxlan_xmit_skb);
1762 
1763 /* Bypass encapsulation if the destination is local */
1764 static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan,
1765                                struct vxlan_dev *dst_vxlan)
1766 {
1767         struct pcpu_sw_netstats *tx_stats, *rx_stats;
1768         union vxlan_addr loopback;
1769         union vxlan_addr *remote_ip = &dst_vxlan->default_dst.remote_ip;
1770 
1771         tx_stats = this_cpu_ptr(src_vxlan->dev->tstats);
1772         rx_stats = this_cpu_ptr(dst_vxlan->dev->tstats);
1773         skb->pkt_type = PACKET_HOST;
1774         skb->encapsulation = 0;
1775         skb->dev = dst_vxlan->dev;
1776         __skb_pull(skb, skb_network_offset(skb));
1777 
1778         if (remote_ip->sa.sa_family == AF_INET) {
1779                 loopback.sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
1780                 loopback.sa.sa_family =  AF_INET;
1781 #if IS_ENABLED(CONFIG_IPV6)
1782         } else {
1783                 loopback.sin6.sin6_addr = in6addr_loopback;
1784                 loopback.sa.sa_family =  AF_INET6;
1785 #endif
1786         }
1787 
1788         if (dst_vxlan->flags & VXLAN_F_LEARN)
1789                 vxlan_snoop(skb->dev, &loopback, eth_hdr(skb)->h_source);
1790 
1791         u64_stats_update_begin(&tx_stats->syncp);
1792         tx_stats->tx_packets++;
1793         tx_stats->tx_bytes += skb->len;
1794         u64_stats_update_end(&tx_stats->syncp);
1795 
1796         if (netif_rx(skb) == NET_RX_SUCCESS) {
1797                 u64_stats_update_begin(&rx_stats->syncp);
1798                 rx_stats->rx_packets++;
1799                 rx_stats->rx_bytes += skb->len;
1800                 u64_stats_update_end(&rx_stats->syncp);
1801         } else {
1802                 skb->dev->stats.rx_dropped++;
1803         }
1804 }
1805 
1806 static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
1807                            struct vxlan_rdst *rdst, bool did_rsc)
1808 {
1809         struct vxlan_dev *vxlan = netdev_priv(dev);
1810         struct rtable *rt = NULL;
1811         const struct iphdr *old_iph;
1812         struct flowi4 fl4;
1813         union vxlan_addr *dst;
1814         __be16 src_port = 0, dst_port;
1815         u32 vni;
1816         __be16 df = 0;
1817         __u8 tos, ttl;
1818         int err;
1819 
1820         dst_port = rdst->remote_port ? rdst->remote_port : vxlan->dst_port;
1821         vni = rdst->remote_vni;
1822         dst = &rdst->remote_ip;
1823 
1824         if (vxlan_addr_any(dst)) {
1825                 if (did_rsc) {
1826                         /* short-circuited back to local bridge */
1827                         vxlan_encap_bypass(skb, vxlan, vxlan);
1828                         return;
1829                 }
1830                 goto drop;
1831         }
1832 
1833         old_iph = ip_hdr(skb);
1834 
1835         ttl = vxlan->ttl;
1836         if (!ttl && vxlan_addr_multicast(dst))
1837                 ttl = 1;
1838 
1839         tos = vxlan->tos;
1840         if (tos == 1)
1841                 tos = ip_tunnel_get_dsfield(old_iph, skb);
1842 
1843         src_port = vxlan_src_port(vxlan->port_min, vxlan->port_max, skb);
1844 
1845         if (dst->sa.sa_family == AF_INET) {
1846                 memset(&fl4, 0, sizeof(fl4));
1847                 fl4.flowi4_oif = rdst->remote_ifindex;
1848                 fl4.flowi4_tos = RT_TOS(tos);
1849                 fl4.daddr = dst->sin.sin_addr.s_addr;
1850                 fl4.saddr = vxlan->saddr.sin.sin_addr.s_addr;
1851 
1852                 rt = ip_route_output_key(dev_net(dev), &fl4);
1853                 if (IS_ERR(rt)) {
1854                         netdev_dbg(dev, "no route to %pI4\n",
1855                                    &dst->sin.sin_addr.s_addr);
1856                         dev->stats.tx_carrier_errors++;
1857                         goto tx_error;
1858                 }
1859 
1860                 if (rt->dst.dev == dev) {
1861                         netdev_dbg(dev, "circular route to %pI4\n",
1862                                    &dst->sin.sin_addr.s_addr);
1863                         dev->stats.collisions++;
1864                         goto rt_tx_error;
1865                 }
1866 
1867                 /* Bypass encapsulation if the destination is local */
1868                 if (rt->rt_flags & RTCF_LOCAL &&
1869                     !(rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))) {
1870                         struct vxlan_dev *dst_vxlan;
1871 
1872                         ip_rt_put(rt);
1873                         dst_vxlan = vxlan_find_vni(dev_net(dev), vni, dst_port);
1874                         if (!dst_vxlan)
1875                                 goto tx_error;
1876                         vxlan_encap_bypass(skb, vxlan, dst_vxlan);
1877                         return;
1878                 }
1879 
1880                 tos = ip_tunnel_ecn_encap(tos, old_iph, skb);
1881                 ttl = ttl ? : ip4_dst_hoplimit(&rt->dst);
1882 
1883                 err = vxlan_xmit_skb(vxlan->vn_sock, rt, skb,
1884                                      fl4.saddr, dst->sin.sin_addr.s_addr,
1885                                      tos, ttl, df, src_port, dst_port,
1886                                      htonl(vni << 8));
1887 
1888                 if (err < 0)
1889                         goto rt_tx_error;
1890                 iptunnel_xmit_stats(err, &dev->stats, dev->tstats);
1891 #if IS_ENABLED(CONFIG_IPV6)
1892         } else {
1893                 struct sock *sk = vxlan->vn_sock->sock->sk;
1894                 struct dst_entry *ndst;
1895                 struct flowi6 fl6;
1896                 u32 flags;
1897 
1898                 memset(&fl6, 0, sizeof(fl6));
1899                 fl6.flowi6_oif = rdst->remote_ifindex;
1900                 fl6.daddr = dst->sin6.sin6_addr;
1901                 fl6.saddr = vxlan->saddr.sin6.sin6_addr;
1902                 fl6.flowi6_proto = IPPROTO_UDP;
1903 
1904                 if (ipv6_stub->ipv6_dst_lookup(sk, &ndst, &fl6)) {
1905                         netdev_dbg(dev, "no route to %pI6\n",
1906                                    &dst->sin6.sin6_addr);
1907                         dev->stats.tx_carrier_errors++;
1908                         goto tx_error;
1909                 }
1910 
1911                 if (ndst->dev == dev) {
1912                         netdev_dbg(dev, "circular route to %pI6\n",
1913                                    &dst->sin6.sin6_addr);
1914                         dst_release(ndst);
1915                         dev->stats.collisions++;
1916                         goto tx_error;
1917                 }
1918 
1919                 /* Bypass encapsulation if the destination is local */
1920                 flags = ((struct rt6_info *)ndst)->rt6i_flags;
1921                 if (flags & RTF_LOCAL &&
1922                     !(flags & (RTCF_BROADCAST | RTCF_MULTICAST))) {
1923                         struct vxlan_dev *dst_vxlan;
1924 
1925                         dst_release(ndst);
1926                         dst_vxlan = vxlan_find_vni(dev_net(dev), vni, dst_port);
1927                         if (!dst_vxlan)
1928                                 goto tx_error;
1929                         vxlan_encap_bypass(skb, vxlan, dst_vxlan);
1930                         return;
1931                 }
1932 
1933                 ttl = ttl ? : ip6_dst_hoplimit(ndst);
1934 
1935                 err = vxlan6_xmit_skb(vxlan->vn_sock, ndst, skb,
1936                                       dev, &fl6.saddr, &fl6.daddr, 0, ttl,
1937                                       src_port, dst_port, htonl(vni << 8));
1938 #endif
1939         }
1940 
1941         return;
1942 
1943 drop:
1944         dev->stats.tx_dropped++;
1945         goto tx_free;
1946 
1947 rt_tx_error:
1948         ip_rt_put(rt);
1949 tx_error:
1950         dev->stats.tx_errors++;
1951 tx_free:
1952         dev_kfree_skb(skb);
1953 }
1954 
1955 /* Transmit local packets over Vxlan
1956  *
1957  * Outer IP header inherits ECN and DF from inner header.
1958  * Outer UDP destination is the VXLAN assigned port.
1959  *           source port is based on hash of flow
1960  */
1961 static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev)
1962 {
1963         struct vxlan_dev *vxlan = netdev_priv(dev);
1964         struct ethhdr *eth;
1965         bool did_rsc = false;
1966         struct vxlan_rdst *rdst, *fdst = NULL;
1967         struct vxlan_fdb *f;
1968 
1969         skb_reset_mac_header(skb);
1970         eth = eth_hdr(skb);
1971 
1972         if ((vxlan->flags & VXLAN_F_PROXY)) {
1973                 if (ntohs(eth->h_proto) == ETH_P_ARP)
1974                         return arp_reduce(dev, skb);
1975 #if IS_ENABLED(CONFIG_IPV6)
1976                 else if (ntohs(eth->h_proto) == ETH_P_IPV6 &&
1977                          skb->len >= sizeof(struct ipv6hdr) + sizeof(struct nd_msg) &&
1978                          ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) {
1979                                 struct nd_msg *msg;
1980 
1981                                 msg = (struct nd_msg *)skb_transport_header(skb);
1982                                 if (msg->icmph.icmp6_code == 0 &&
1983                                     msg->icmph.icmp6_type == NDISC_NEIGHBOUR_SOLICITATION)
1984                                         return neigh_reduce(dev, skb);
1985                 }
1986 #endif
1987         }
1988 
1989         f = vxlan_find_mac(vxlan, eth->h_dest);
1990         did_rsc = false;
1991 
1992         if (f && (f->flags & NTF_ROUTER) && (vxlan->flags & VXLAN_F_RSC) &&
1993             (ntohs(eth->h_proto) == ETH_P_IP ||
1994              ntohs(eth->h_proto) == ETH_P_IPV6)) {
1995                 did_rsc = route_shortcircuit(dev, skb);
1996                 if (did_rsc)
1997                         f = vxlan_find_mac(vxlan, eth->h_dest);
1998         }
1999 
2000         if (f == NULL) {
2001                 f = vxlan_find_mac(vxlan, all_zeros_mac);
2002                 if (f == NULL) {
2003                         if ((vxlan->flags & VXLAN_F_L2MISS) &&
2004                             !is_multicast_ether_addr(eth->h_dest))
2005                                 vxlan_fdb_miss(vxlan, eth->h_dest);
2006 
2007                         dev->stats.tx_dropped++;
2008                         kfree_skb(skb);
2009                         return NETDEV_TX_OK;
2010                 }
2011         }
2012 
2013         list_for_each_entry_rcu(rdst, &f->remotes, list) {
2014                 struct sk_buff *skb1;
2015 
2016                 if (!fdst) {
2017                         fdst = rdst;
2018                         continue;
2019                 }
2020                 skb1 = skb_clone(skb, GFP_ATOMIC);
2021                 if (skb1)
2022                         vxlan_xmit_one(skb1, dev, rdst, did_rsc);
2023         }
2024 
2025         if (fdst)
2026                 vxlan_xmit_one(skb, dev, fdst, did_rsc);
2027         else
2028                 kfree_skb(skb);
2029         return NETDEV_TX_OK;
2030 }
2031 
2032 /* Walk the forwarding table and purge stale entries */
2033 static void vxlan_cleanup(unsigned long arg)
2034 {
2035         struct vxlan_dev *vxlan = (struct vxlan_dev *) arg;
2036         unsigned long next_timer = jiffies + FDB_AGE_INTERVAL;
2037         unsigned int h;
2038 
2039         if (!netif_running(vxlan->dev))
2040                 return;
2041 
2042         spin_lock_bh(&vxlan->hash_lock);
2043         for (h = 0; h < FDB_HASH_SIZE; ++h) {
2044                 struct hlist_node *p, *n;
2045                 hlist_for_each_safe(p, n, &vxlan->fdb_head[h]) {
2046                         struct vxlan_fdb *f
2047                                 = container_of(p, struct vxlan_fdb, hlist);
2048                         unsigned long timeout;
2049 
2050                         if (f->state & NUD_PERMANENT)
2051                                 continue;
2052 
2053                         timeout = f->used + vxlan->age_interval * HZ;
2054                         if (time_before_eq(timeout, jiffies)) {
2055                                 netdev_dbg(vxlan->dev,
2056                                            "garbage collect %pM\n",
2057                                            f->eth_addr);
2058                                 f->state = NUD_STALE;
2059                                 vxlan_fdb_destroy(vxlan, f);
2060                         } else if (time_before(timeout, next_timer))
2061                                 next_timer = timeout;
2062                 }
2063         }
2064         spin_unlock_bh(&vxlan->hash_lock);
2065 
2066         mod_timer(&vxlan->age_timer, next_timer);
2067 }
2068 
2069 static void vxlan_vs_add_dev(struct vxlan_sock *vs, struct vxlan_dev *vxlan)
2070 {
2071         __u32 vni = vxlan->default_dst.remote_vni;
2072 
2073         vxlan->vn_sock = vs;
2074         hlist_add_head_rcu(&vxlan->hlist, vni_head(vs, vni));
2075 }
2076 
2077 /* Setup stats when device is created */
2078 static int vxlan_init(struct net_device *dev)
2079 {
2080         struct vxlan_dev *vxlan = netdev_priv(dev);
2081         struct vxlan_net *vn = net_generic(dev_net(dev), vxlan_net_id);
2082         struct vxlan_sock *vs;
2083         int i;
2084 
2085         dev->tstats = alloc_percpu(struct pcpu_sw_netstats);
2086         if (!dev->tstats)
2087                 return -ENOMEM;
2088 
2089         for_each_possible_cpu(i) {
2090                 struct pcpu_sw_netstats *vxlan_stats;
2091                 vxlan_stats = per_cpu_ptr(dev->tstats, i);
2092                 u64_stats_init(&vxlan_stats->syncp);
2093         }
2094 
2095 
2096         spin_lock(&vn->sock_lock);
2097         vs = vxlan_find_sock(dev_net(dev), vxlan->dst_port);
2098         if (vs) {
2099                 /* If we have a socket with same port already, reuse it */
2100                 atomic_inc(&vs->refcnt);
2101                 vxlan_vs_add_dev(vs, vxlan);
2102         } else {
2103                 /* otherwise make new socket outside of RTNL */
2104                 dev_hold(dev);
2105                 queue_work(vxlan_wq, &vxlan->sock_work);
2106         }
2107         spin_unlock(&vn->sock_lock);
2108 
2109         return 0;
2110 }
2111 
2112 static void vxlan_fdb_delete_default(struct vxlan_dev *vxlan)
2113 {
2114         struct vxlan_fdb *f;
2115 
2116         spin_lock_bh(&vxlan->hash_lock);
2117         f = __vxlan_find_mac(vxlan, all_zeros_mac);
2118         if (f)
2119                 vxlan_fdb_destroy(vxlan, f);
2120         spin_unlock_bh(&vxlan->hash_lock);
2121 }
2122 
2123 static void vxlan_uninit(struct net_device *dev)
2124 {
2125         struct vxlan_dev *vxlan = netdev_priv(dev);
2126         struct vxlan_sock *vs = vxlan->vn_sock;
2127 
2128         vxlan_fdb_delete_default(vxlan);
2129 
2130         if (vs)
2131                 vxlan_sock_release(vs);
2132         free_percpu(dev->tstats);
2133 }
2134 
2135 /* Start ageing timer and join group when device is brought up */
2136 static int vxlan_open(struct net_device *dev)
2137 {
2138         struct vxlan_dev *vxlan = netdev_priv(dev);
2139         struct vxlan_sock *vs = vxlan->vn_sock;
2140 
2141         /* socket hasn't been created */
2142         if (!vs)
2143                 return -ENOTCONN;
2144 
2145         if (vxlan_addr_multicast(&vxlan->default_dst.remote_ip)) {
2146                 vxlan_sock_hold(vs);
2147                 dev_hold(dev);
2148                 queue_work(vxlan_wq, &vxlan->igmp_join);
2149         }
2150 
2151         if (vxlan->age_interval)
2152                 mod_timer(&vxlan->age_timer, jiffies + FDB_AGE_INTERVAL);
2153 
2154         return 0;
2155 }
2156 
2157 /* Purge the forwarding table */
2158 static void vxlan_flush(struct vxlan_dev *vxlan)
2159 {
2160         unsigned int h;
2161 
2162         spin_lock_bh(&vxlan->hash_lock);
2163         for (h = 0; h < FDB_HASH_SIZE; ++h) {
2164                 struct hlist_node *p, *n;
2165                 hlist_for_each_safe(p, n, &vxlan->fdb_head[h]) {
2166                         struct vxlan_fdb *f
2167                                 = container_of(p, struct vxlan_fdb, hlist);
2168                         /* the all_zeros_mac entry is deleted at vxlan_uninit */
2169                         if (!is_zero_ether_addr(f->eth_addr))
2170                                 vxlan_fdb_destroy(vxlan, f);
2171                 }
2172         }
2173         spin_unlock_bh(&vxlan->hash_lock);
2174 }
2175 
2176 /* Cleanup timer and forwarding table on shutdown */
2177 static int vxlan_stop(struct net_device *dev)
2178 {
2179         struct vxlan_net *vn = net_generic(dev_net(dev), vxlan_net_id);
2180         struct vxlan_dev *vxlan = netdev_priv(dev);
2181         struct vxlan_sock *vs = vxlan->vn_sock;
2182 
2183         if (vs && vxlan_addr_multicast(&vxlan->default_dst.remote_ip) &&
2184             !vxlan_group_used(vn, vxlan)) {
2185                 vxlan_sock_hold(vs);
2186                 dev_hold(dev);
2187                 queue_work(vxlan_wq, &vxlan->igmp_leave);
2188         }
2189 
2190         del_timer_sync(&vxlan->age_timer);
2191 
2192         vxlan_flush(vxlan);
2193 
2194         return 0;
2195 }
2196 
2197 /* Stub, nothing needs to be done. */
2198 static void vxlan_set_multicast_list(struct net_device *dev)
2199 {
2200 }
2201 
2202 static int vxlan_change_mtu(struct net_device *dev, int new_mtu)
2203 {
2204         struct vxlan_dev *vxlan = netdev_priv(dev);
2205         struct vxlan_rdst *dst = &vxlan->default_dst;
2206         struct net_device *lowerdev;
2207         int max_mtu;
2208 
2209         lowerdev = __dev_get_by_index(dev_net(dev), dst->remote_ifindex);
2210         if (lowerdev == NULL)
2211                 return eth_change_mtu(dev, new_mtu);
2212 
2213         if (dst->remote_ip.sa.sa_family == AF_INET6)
2214                 max_mtu = lowerdev->mtu - VXLAN6_HEADROOM;
2215         else
2216                 max_mtu = lowerdev->mtu - VXLAN_HEADROOM;
2217 
2218         if (new_mtu < 68 || new_mtu > max_mtu)
2219                 return -EINVAL;
2220 
2221         dev->mtu = new_mtu;
2222         return 0;
2223 }
2224 
2225 static const struct net_device_ops vxlan_netdev_ops = {
2226         .ndo_init               = vxlan_init,
2227         .ndo_uninit             = vxlan_uninit,
2228         .ndo_open               = vxlan_open,
2229         .ndo_stop               = vxlan_stop,
2230         .ndo_start_xmit         = vxlan_xmit,
2231         .ndo_get_stats64        = ip_tunnel_get_stats64,
2232         .ndo_set_rx_mode        = vxlan_set_multicast_list,
2233         .ndo_change_mtu         = vxlan_change_mtu,
2234         .ndo_validate_addr      = eth_validate_addr,
2235         .ndo_set_mac_address    = eth_mac_addr,
2236         .ndo_fdb_add            = vxlan_fdb_add,
2237         .ndo_fdb_del            = vxlan_fdb_delete,
2238         .ndo_fdb_dump           = vxlan_fdb_dump,
2239 };
2240 
2241 /* Info for udev, that this is a virtual tunnel endpoint */
2242 static struct device_type vxlan_type = {
2243         .name = "vxlan",
2244 };
2245 
2246 /* Calls the ndo_add_vxlan_port of the caller in order to
2247  * supply the listening VXLAN udp ports. Callers are expected
2248  * to implement the ndo_add_vxlan_port.
2249  */
2250 void vxlan_get_rx_port(struct net_device *dev)
2251 {
2252         struct vxlan_sock *vs;
2253         struct net *net = dev_net(dev);
2254         struct vxlan_net *vn = net_generic(net, vxlan_net_id);
2255         sa_family_t sa_family;
2256         __be16 port;
2257         unsigned int i;
2258 
2259         spin_lock(&vn->sock_lock);
2260         for (i = 0; i < PORT_HASH_SIZE; ++i) {
2261                 hlist_for_each_entry_rcu(vs, &vn->sock_list[i], hlist) {
2262                         port = inet_sk(vs->sock->sk)->inet_sport;
2263                         sa_family = vs->sock->sk->sk_family;
2264                         dev->netdev_ops->ndo_add_vxlan_port(dev, sa_family,
2265                                                             port);
2266                 }
2267         }
2268         spin_unlock(&vn->sock_lock);
2269 }
2270 EXPORT_SYMBOL_GPL(vxlan_get_rx_port);
2271 
2272 /* Initialize the device structure. */
2273 static void vxlan_setup(struct net_device *dev)
2274 {
2275         struct vxlan_dev *vxlan = netdev_priv(dev);
2276         unsigned int h;
2277         int low, high;
2278 
2279         eth_hw_addr_random(dev);
2280         ether_setup(dev);
2281         if (vxlan->default_dst.remote_ip.sa.sa_family == AF_INET6)
2282                 dev->hard_header_len = ETH_HLEN + VXLAN6_HEADROOM;
2283         else
2284                 dev->hard_header_len = ETH_HLEN + VXLAN_HEADROOM;
2285 
2286         dev->netdev_ops = &vxlan_netdev_ops;
2287         dev->destructor = free_netdev;
2288         SET_NETDEV_DEVTYPE(dev, &vxlan_type);
2289 
2290         dev->tx_queue_len = 0;
2291         dev->features   |= NETIF_F_LLTX;
2292         dev->features   |= NETIF_F_NETNS_LOCAL;
2293         dev->features   |= NETIF_F_SG | NETIF_F_HW_CSUM;
2294         dev->features   |= NETIF_F_RXCSUM;
2295         dev->features   |= NETIF_F_GSO_SOFTWARE;
2296 
2297         dev->vlan_features = dev->features;
2298         dev->features |= NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_STAG_TX;
2299         dev->hw_features |= NETIF_F_SG | NETIF_F_HW_CSUM | NETIF_F_RXCSUM;
2300         dev->hw_features |= NETIF_F_GSO_SOFTWARE;
2301         dev->hw_features |= NETIF_F_HW_VLAN_CTAG_TX | NETIF_F_HW_VLAN_STAG_TX;
2302         dev->priv_flags &= ~IFF_XMIT_DST_RELEASE;
2303         dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
2304 
2305         INIT_LIST_HEAD(&vxlan->next);
2306         spin_lock_init(&vxlan->hash_lock);
2307         INIT_WORK(&vxlan->igmp_join, vxlan_igmp_join);
2308         INIT_WORK(&vxlan->igmp_leave, vxlan_igmp_leave);
2309         INIT_WORK(&vxlan->sock_work, vxlan_sock_work);
2310 
2311         init_timer_deferrable(&vxlan->age_timer);
2312         vxlan->age_timer.function = vxlan_cleanup;
2313         vxlan->age_timer.data = (unsigned long) vxlan;
2314 
2315         inet_get_local_port_range(dev_net(dev), &low, &high);
2316         vxlan->port_min = low;
2317         vxlan->port_max = high;
2318         vxlan->dst_port = htons(vxlan_port);
2319 
2320         vxlan->dev = dev;
2321 
2322         for (h = 0; h < FDB_HASH_SIZE; ++h)
2323                 INIT_HLIST_HEAD(&vxlan->fdb_head[h]);
2324 }
2325 
2326 static const struct nla_policy vxlan_policy[IFLA_VXLAN_MAX + 1] = {
2327         [IFLA_VXLAN_ID]         = { .type = NLA_U32 },
2328         [IFLA_VXLAN_GROUP]      = { .len = FIELD_SIZEOF(struct iphdr, daddr) },
2329         [IFLA_VXLAN_GROUP6]     = { .len = sizeof(struct in6_addr) },
2330         [IFLA_VXLAN_LINK]       = { .type = NLA_U32 },
2331         [IFLA_VXLAN_LOCAL]      = { .len = FIELD_SIZEOF(struct iphdr, saddr) },
2332         [IFLA_VXLAN_LOCAL6]     = { .len = sizeof(struct in6_addr) },
2333         [IFLA_VXLAN_TOS]        = { .type = NLA_U8 },
2334         [IFLA_VXLAN_TTL]        = { .type = NLA_U8 },
2335         [IFLA_VXLAN_LEARNING]   = { .type = NLA_U8 },
2336         [IFLA_VXLAN_AGEING]     = { .type = NLA_U32 },
2337         [IFLA_VXLAN_LIMIT]      = { .type = NLA_U32 },
2338         [IFLA_VXLAN_PORT_RANGE] = { .len  = sizeof(struct ifla_vxlan_port_range) },
2339         [IFLA_VXLAN_PROXY]      = { .type = NLA_U8 },
2340         [IFLA_VXLAN_RSC]        = { .type = NLA_U8 },
2341         [IFLA_VXLAN_L2MISS]     = { .type = NLA_U8 },
2342         [IFLA_VXLAN_L3MISS]     = { .type = NLA_U8 },
2343         [IFLA_VXLAN_PORT]       = { .type = NLA_U16 },
2344 };
2345 
2346 static int vxlan_validate(struct nlattr *tb[], struct nlattr *data[])
2347 {
2348         if (tb[IFLA_ADDRESS]) {
2349                 if (nla_len(tb[IFLA_ADDRESS]) != ETH_ALEN) {
2350                         pr_debug("invalid link address (not ethernet)\n");
2351                         return -EINVAL;
2352                 }
2353 
2354                 if (!is_valid_ether_addr(nla_data(tb[IFLA_ADDRESS]))) {
2355                         pr_debug("invalid all zero ethernet address\n");
2356                         return -EADDRNOTAVAIL;
2357                 }
2358         }
2359 
2360         if (!data)
2361                 return -EINVAL;
2362 
2363         if (data[IFLA_VXLAN_ID]) {
2364                 __u32 id = nla_get_u32(data[IFLA_VXLAN_ID]);
2365                 if (id >= VXLAN_VID_MASK)
2366                         return -ERANGE;
2367         }
2368 
2369         if (data[IFLA_VXLAN_PORT_RANGE]) {
2370                 const struct ifla_vxlan_port_range *p
2371                         = nla_data(data[IFLA_VXLAN_PORT_RANGE]);
2372 
2373                 if (ntohs(p->high) < ntohs(p->low)) {
2374                         pr_debug("port range %u .. %u not valid\n",
2375                                  ntohs(p->low), ntohs(p->high));
2376                         return -EINVAL;
2377                 }
2378         }
2379 
2380         return 0;
2381 }
2382 
2383 static void vxlan_get_drvinfo(struct net_device *netdev,
2384                               struct ethtool_drvinfo *drvinfo)
2385 {
2386         strlcpy(drvinfo->version, VXLAN_VERSION, sizeof(drvinfo->version));
2387         strlcpy(drvinfo->driver, "vxlan", sizeof(drvinfo->driver));
2388 }
2389 
2390 static const struct ethtool_ops vxlan_ethtool_ops = {
2391         .get_drvinfo    = vxlan_get_drvinfo,
2392         .get_link       = ethtool_op_get_link,
2393 };
2394 
2395 static void vxlan_del_work(struct work_struct *work)
2396 {
2397         struct vxlan_sock *vs = container_of(work, struct vxlan_sock, del_work);
2398 
2399         sk_release_kernel(vs->sock->sk);
2400         kfree_rcu(vs, rcu);
2401 }
2402 
2403 #if IS_ENABLED(CONFIG_IPV6)
2404 /* Create UDP socket for encapsulation receive. AF_INET6 socket
2405  * could be used for both IPv4 and IPv6 communications, but
2406  * users may set bindv6only=1.
2407  */
2408 static struct socket *create_v6_sock(struct net *net, __be16 port)
2409 {
2410         struct sock *sk;
2411         struct socket *sock;
2412         struct sockaddr_in6 vxlan_addr = {
2413                 .sin6_family = AF_INET6,
2414                 .sin6_port = port,
2415         };
2416         int rc, val = 1;
2417 
2418         rc = sock_create_kern(AF_INET6, SOCK_DGRAM, IPPROTO_UDP, &sock);
2419         if (rc < 0) {
2420                 pr_debug("UDPv6 socket create failed\n");
2421                 return ERR_PTR(rc);
2422         }
2423 
2424         /* Put in proper namespace */
2425         sk = sock->sk;
2426         sk_change_net(sk, net);
2427 
2428         kernel_setsockopt(sock, SOL_IPV6, IPV6_V6ONLY,
2429                           (char *)&val, sizeof(val));
2430         rc = kernel_bind(sock, (struct sockaddr *)&vxlan_addr,
2431                          sizeof(struct sockaddr_in6));
2432         if (rc < 0) {
2433                 pr_debug("bind for UDPv6 socket %pI6:%u (%d)\n",
2434                          &vxlan_addr.sin6_addr, ntohs(vxlan_addr.sin6_port), rc);
2435                 sk_release_kernel(sk);
2436                 return ERR_PTR(rc);
2437         }
2438         /* At this point, IPv6 module should have been loaded in
2439          * sock_create_kern().
2440          */
2441         BUG_ON(!ipv6_stub);
2442 
2443         /* Disable multicast loopback */
2444         inet_sk(sk)->mc_loop = 0;
2445         return sock;
2446 }
2447 
2448 #else
2449 
2450 static struct socket *create_v6_sock(struct net *net, __be16 port)
2451 {
2452                 return ERR_PTR(-EPFNOSUPPORT);
2453 }
2454 #endif
2455 
2456 static struct socket *create_v4_sock(struct net *net, __be16 port)
2457 {
2458         struct sock *sk;
2459         struct socket *sock;
2460         struct sockaddr_in vxlan_addr = {
2461                 .sin_family = AF_INET,
2462                 .sin_addr.s_addr = htonl(INADDR_ANY),
2463                 .sin_port = port,
2464         };
2465         int rc;
2466 
2467         /* Create UDP socket for encapsulation receive. */
2468         rc = sock_create_kern(AF_INET, SOCK_DGRAM, IPPROTO_UDP, &sock);
2469         if (rc < 0) {
2470                 pr_debug("UDP socket create failed\n");
2471                 return ERR_PTR(rc);
2472         }
2473 
2474         /* Put in proper namespace */
2475         sk = sock->sk;
2476         sk_change_net(sk, net);
2477 
2478         rc = kernel_bind(sock, (struct sockaddr *) &vxlan_addr,
2479                          sizeof(vxlan_addr));
2480         if (rc < 0) {
2481                 pr_debug("bind for UDP socket %pI4:%u (%d)\n",
2482                          &vxlan_addr.sin_addr, ntohs(vxlan_addr.sin_port), rc);
2483                 sk_release_kernel(sk);
2484                 return ERR_PTR(rc);
2485         }
2486 
2487         /* Disable multicast loopback */
2488         inet_sk(sk)->mc_loop = 0;
2489         return sock;
2490 }
2491 
2492 /* Create new listen socket if needed */
2493 static struct vxlan_sock *vxlan_socket_create(struct net *net, __be16 port,
2494                                               vxlan_rcv_t *rcv, void *data, bool ipv6)
2495 {
2496         struct vxlan_net *vn = net_generic(net, vxlan_net_id);
2497         struct vxlan_sock *vs;
2498         struct socket *sock;
2499         struct sock *sk;
2500         unsigned int h;
2501 
2502         vs = kzalloc(sizeof(*vs), GFP_KERNEL);
2503         if (!vs)
2504                 return ERR_PTR(-ENOMEM);
2505 
2506         for (h = 0; h < VNI_HASH_SIZE; ++h)
2507                 INIT_HLIST_HEAD(&vs->vni_list[h]);
2508 
2509         INIT_WORK(&vs->del_work, vxlan_del_work);
2510 
2511         if (ipv6)
2512                 sock = create_v6_sock(net, port);
2513         else
2514                 sock = create_v4_sock(net, port);
2515         if (IS_ERR(sock)) {
2516                 kfree(vs);
2517                 return ERR_CAST(sock);
2518         }
2519 
2520         vs->sock = sock;
2521         sk = sock->sk;
2522         atomic_set(&vs->refcnt, 1);
2523         vs->rcv = rcv;
2524         vs->data = data;
2525         rcu_assign_sk_user_data(vs->sock->sk, vs);
2526 
2527         /* Initialize the vxlan udp offloads structure */
2528         vs->udp_offloads.port = port;
2529         vs->udp_offloads.callbacks.gro_receive  = vxlan_gro_receive;
2530         vs->udp_offloads.callbacks.gro_complete = vxlan_gro_complete;
2531 
2532         spin_lock(&vn->sock_lock);
2533         hlist_add_head_rcu(&vs->hlist, vs_head(net, port));
2534         vxlan_notify_add_rx_port(vs);
2535         spin_unlock(&vn->sock_lock);
2536 
2537         /* Mark socket as an encapsulation socket. */
2538         udp_sk(sk)->encap_type = 1;
2539         udp_sk(sk)->encap_rcv = vxlan_udp_encap_recv;
2540 #if IS_ENABLED(CONFIG_IPV6)
2541         if (ipv6)
2542                 ipv6_stub->udpv6_encap_enable();
2543         else
2544 #endif
2545                 udp_encap_enable();
2546 
2547         return vs;
2548 }
2549 
2550 struct vxlan_sock *vxlan_sock_add(struct net *net, __be16 port,
2551                                   vxlan_rcv_t *rcv, void *data,
2552                                   bool no_share, bool ipv6)
2553 {
2554         struct vxlan_net *vn = net_generic(net, vxlan_net_id);
2555         struct vxlan_sock *vs;
2556 
2557         vs = vxlan_socket_create(net, port, rcv, data, ipv6);
2558         if (!IS_ERR(vs))
2559                 return vs;
2560 
2561         if (no_share)   /* Return error if sharing is not allowed. */
2562                 return vs;
2563 
2564         spin_lock(&vn->sock_lock);
2565         vs = vxlan_find_sock(net, port);
2566         if (vs) {
2567                 if (vs->rcv == rcv)
2568                         atomic_inc(&vs->refcnt);
2569                 else
2570                         vs = ERR_PTR(-EBUSY);
2571         }
2572         spin_unlock(&vn->sock_lock);
2573 
2574         if (!vs)
2575                 vs = ERR_PTR(-EINVAL);
2576 
2577         return vs;
2578 }
2579 EXPORT_SYMBOL_GPL(vxlan_sock_add);
2580 
2581 /* Scheduled at device creation to bind to a socket */
2582 static void vxlan_sock_work(struct work_struct *work)
2583 {
2584         struct vxlan_dev *vxlan = container_of(work, struct vxlan_dev, sock_work);
2585         struct net *net = dev_net(vxlan->dev);
2586         struct vxlan_net *vn = net_generic(net, vxlan_net_id);
2587         __be16 port = vxlan->dst_port;
2588         struct vxlan_sock *nvs;
2589 
2590         nvs = vxlan_sock_add(net, port, vxlan_rcv, NULL, false, vxlan->flags & VXLAN_F_IPV6);
2591         spin_lock(&vn->sock_lock);
2592         if (!IS_ERR(nvs))
2593                 vxlan_vs_add_dev(nvs, vxlan);
2594         spin_unlock(&vn->sock_lock);
2595 
2596         dev_put(vxlan->dev);
2597 }
2598 
2599 static int vxlan_newlink(struct net *net, struct net_device *dev,
2600                          struct nlattr *tb[], struct nlattr *data[])
2601 {
2602         struct vxlan_net *vn = net_generic(net, vxlan_net_id);
2603         struct vxlan_dev *vxlan = netdev_priv(dev);
2604         struct vxlan_rdst *dst = &vxlan->default_dst;
2605         __u32 vni;
2606         int err;
2607         bool use_ipv6 = false;
2608 
2609         if (!data[IFLA_VXLAN_ID])
2610                 return -EINVAL;
2611 
2612         vni = nla_get_u32(data[IFLA_VXLAN_ID]);
2613         dst->remote_vni = vni;
2614 
2615         if (data[IFLA_VXLAN_GROUP]) {
2616                 dst->remote_ip.sin.sin_addr.s_addr = nla_get_be32(data[IFLA_VXLAN_GROUP]);
2617                 dst->remote_ip.sa.sa_family = AF_INET;
2618         } else if (data[IFLA_VXLAN_GROUP6]) {
2619                 if (!IS_ENABLED(CONFIG_IPV6))
2620                         return -EPFNOSUPPORT;
2621 
2622                 nla_memcpy(&dst->remote_ip.sin6.sin6_addr, data[IFLA_VXLAN_GROUP6],
2623                            sizeof(struct in6_addr));
2624                 dst->remote_ip.sa.sa_family = AF_INET6;
2625                 use_ipv6 = true;
2626         }
2627 
2628         if (data[IFLA_VXLAN_LOCAL]) {
2629                 vxlan->saddr.sin.sin_addr.s_addr = nla_get_be32(data[IFLA_VXLAN_LOCAL]);
2630                 vxlan->saddr.sa.sa_family = AF_INET;
2631         } else if (data[IFLA_VXLAN_LOCAL6]) {
2632                 if (!IS_ENABLED(CONFIG_IPV6))
2633                         return -EPFNOSUPPORT;
2634 
2635                 /* TODO: respect scope id */
2636                 nla_memcpy(&vxlan->saddr.sin6.sin6_addr, data[IFLA_VXLAN_LOCAL6],
2637                            sizeof(struct in6_addr));
2638                 vxlan->saddr.sa.sa_family = AF_INET6;
2639                 use_ipv6 = true;
2640         }
2641 
2642         if (data[IFLA_VXLAN_LINK] &&
2643             (dst->remote_ifindex = nla_get_u32(data[IFLA_VXLAN_LINK]))) {
2644                 struct net_device *lowerdev
2645                          = __dev_get_by_index(net, dst->remote_ifindex);
2646 
2647                 if (!lowerdev) {
2648                         pr_info("ifindex %d does not exist\n", dst->remote_ifindex);
2649                         return -ENODEV;
2650                 }
2651 
2652 #if IS_ENABLED(CONFIG_IPV6)
2653                 if (use_ipv6) {
2654                         struct inet6_dev *idev = __in6_dev_get(lowerdev);
2655                         if (idev && idev->cnf.disable_ipv6) {
2656                                 pr_info("IPv6 is disabled via sysctl\n");
2657                                 return -EPERM;
2658                         }
2659                         vxlan->flags |= VXLAN_F_IPV6;
2660                 }
2661 #endif
2662 
2663                 if (!tb[IFLA_MTU])
2664                         dev->mtu = lowerdev->mtu - (use_ipv6 ? VXLAN6_HEADROOM : VXLAN_HEADROOM);
2665 
2666                 /* update header length based on lower device */
2667                 dev->hard_header_len = lowerdev->hard_header_len +
2668                                        (use_ipv6 ? VXLAN6_HEADROOM : VXLAN_HEADROOM);
2669         } else if (use_ipv6)
2670                 vxlan->flags |= VXLAN_F_IPV6;
2671 
2672         if (data[IFLA_VXLAN_TOS])
2673                 vxlan->tos  = nla_get_u8(data[IFLA_VXLAN_TOS]);
2674 
2675         if (data[IFLA_VXLAN_TTL])
2676                 vxlan->ttl = nla_get_u8(data[IFLA_VXLAN_TTL]);
2677 
2678         if (!data[IFLA_VXLAN_LEARNING] || nla_get_u8(data[IFLA_VXLAN_LEARNING]))
2679                 vxlan->flags |= VXLAN_F_LEARN;
2680 
2681         if (data[IFLA_VXLAN_AGEING])
2682                 vxlan->age_interval = nla_get_u32(data[IFLA_VXLAN_AGEING]);
2683         else
2684                 vxlan->age_interval = FDB_AGE_DEFAULT;
2685 
2686         if (data[IFLA_VXLAN_PROXY] && nla_get_u8(data[IFLA_VXLAN_PROXY]))
2687                 vxlan->flags |= VXLAN_F_PROXY;
2688 
2689         if (data[IFLA_VXLAN_RSC] && nla_get_u8(data[IFLA_VXLAN_RSC]))
2690                 vxlan->flags |= VXLAN_F_RSC;
2691 
2692         if (data[IFLA_VXLAN_L2MISS] && nla_get_u8(data[IFLA_VXLAN_L2MISS]))
2693                 vxlan->flags |= VXLAN_F_L2MISS;
2694 
2695         if (data[IFLA_VXLAN_L3MISS] && nla_get_u8(data[IFLA_VXLAN_L3MISS]))
2696                 vxlan->flags |= VXLAN_F_L3MISS;
2697 
2698         if (data[IFLA_VXLAN_LIMIT])
2699                 vxlan->addrmax = nla_get_u32(data[IFLA_VXLAN_LIMIT]);
2700 
2701         if (data[IFLA_VXLAN_PORT_RANGE]) {
2702                 const struct ifla_vxlan_port_range *p
2703                         = nla_data(data[IFLA_VXLAN_PORT_RANGE]);
2704                 vxlan->port_min = ntohs(p->low);
2705                 vxlan->port_max = ntohs(p->high);
2706         }
2707 
2708         if (data[IFLA_VXLAN_PORT])
2709                 vxlan->dst_port = nla_get_be16(data[IFLA_VXLAN_PORT]);
2710 
2711         if (vxlan_find_vni(net, vni, vxlan->dst_port)) {
2712                 pr_info("duplicate VNI %u\n", vni);
2713                 return -EEXIST;
2714         }
2715 
2716         SET_ETHTOOL_OPS(dev, &vxlan_ethtool_ops);
2717 
2718         /* create an fdb entry for a valid default destination */
2719         if (!vxlan_addr_any(&vxlan->default_dst.remote_ip)) {
2720                 err = vxlan_fdb_create(vxlan, all_zeros_mac,
2721                                        &vxlan->default_dst.remote_ip,
2722                                        NUD_REACHABLE|NUD_PERMANENT,
2723                                        NLM_F_EXCL|NLM_F_CREATE,
2724                                        vxlan->dst_port,
2725                                        vxlan->default_dst.remote_vni,
2726                                        vxlan->default_dst.remote_ifindex,
2727                                        NTF_SELF);
2728                 if (err)
2729                         return err;
2730         }
2731 
2732         err = register_netdevice(dev);
2733         if (err) {
2734                 vxlan_fdb_delete_default(vxlan);
2735                 return err;
2736         }
2737 
2738         list_add(&vxlan->next, &vn->vxlan_list);
2739 
2740         return 0;
2741 }
2742 
2743 static void vxlan_dellink(struct net_device *dev, struct list_head *head)
2744 {
2745         struct vxlan_net *vn = net_generic(dev_net(dev), vxlan_net_id);
2746         struct vxlan_dev *vxlan = netdev_priv(dev);
2747 
2748         spin_lock(&vn->sock_lock);
2749         if (!hlist_unhashed(&vxlan->hlist))
2750                 hlist_del_rcu(&vxlan->hlist);
2751         spin_unlock(&vn->sock_lock);
2752 
2753         list_del(&vxlan->next);
2754         unregister_netdevice_queue(dev, head);
2755 }
2756 
2757 static size_t vxlan_get_size(const struct net_device *dev)
2758 {
2759 
2760         return nla_total_size(sizeof(__u32)) +  /* IFLA_VXLAN_ID */
2761                 nla_total_size(sizeof(struct in6_addr)) + /* IFLA_VXLAN_GROUP{6} */
2762                 nla_total_size(sizeof(__u32)) + /* IFLA_VXLAN_LINK */
2763                 nla_total_size(sizeof(struct in6_addr)) + /* IFLA_VXLAN_LOCAL{6} */
2764                 nla_total_size(sizeof(__u8)) +  /* IFLA_VXLAN_TTL */
2765                 nla_total_size(sizeof(__u8)) +  /* IFLA_VXLAN_TOS */
2766                 nla_total_size(sizeof(__u8)) +  /* IFLA_VXLAN_LEARNING */
2767                 nla_total_size(sizeof(__u8)) +  /* IFLA_VXLAN_PROXY */
2768                 nla_total_size(sizeof(__u8)) +  /* IFLA_VXLAN_RSC */
2769                 nla_total_size(sizeof(__u8)) +  /* IFLA_VXLAN_L2MISS */
2770                 nla_total_size(sizeof(__u8)) +  /* IFLA_VXLAN_L3MISS */
2771                 nla_total_size(sizeof(__u32)) + /* IFLA_VXLAN_AGEING */
2772                 nla_total_size(sizeof(__u32)) + /* IFLA_VXLAN_LIMIT */
2773                 nla_total_size(sizeof(struct ifla_vxlan_port_range)) +
2774                 nla_total_size(sizeof(__be16))+ /* IFLA_VXLAN_PORT */
2775                 0;
2776 }
2777 
2778 static int vxlan_fill_info(struct sk_buff *skb, const struct net_device *dev)
2779 {
2780         const struct vxlan_dev *vxlan = netdev_priv(dev);
2781         const struct vxlan_rdst *dst = &vxlan->default_dst;
2782         struct ifla_vxlan_port_range ports = {
2783                 .low =  htons(vxlan->port_min),
2784                 .high = htons(vxlan->port_max),
2785         };
2786 
2787         if (nla_put_u32(skb, IFLA_VXLAN_ID, dst->remote_vni))
2788                 goto nla_put_failure;
2789 
2790         if (!vxlan_addr_any(&dst->remote_ip)) {
2791                 if (dst->remote_ip.sa.sa_family == AF_INET) {
2792                         if (nla_put_be32(skb, IFLA_VXLAN_GROUP,
2793                                          dst->remote_ip.sin.sin_addr.s_addr))
2794                                 goto nla_put_failure;
2795 #if IS_ENABLED(CONFIG_IPV6)
2796                 } else {
2797                         if (nla_put(skb, IFLA_VXLAN_GROUP6, sizeof(struct in6_addr),
2798                                     &dst->remote_ip.sin6.sin6_addr))
2799                                 goto nla_put_failure;
2800 #endif
2801                 }
2802         }
2803 
2804         if (dst->remote_ifindex && nla_put_u32(skb, IFLA_VXLAN_LINK, dst->remote_ifindex))
2805                 goto nla_put_failure;
2806 
2807         if (!vxlan_addr_any(&vxlan->saddr)) {
2808                 if (vxlan->saddr.sa.sa_family == AF_INET) {
2809                         if (nla_put_be32(skb, IFLA_VXLAN_LOCAL,
2810                                          vxlan->saddr.sin.sin_addr.s_addr))
2811                                 goto nla_put_failure;
2812 #if IS_ENABLED(CONFIG_IPV6)
2813                 } else {
2814                         if (nla_put(skb, IFLA_VXLAN_LOCAL6, sizeof(struct in6_addr),
2815                                     &vxlan->saddr.sin6.sin6_addr))
2816                                 goto nla_put_failure;
2817 #endif
2818                 }
2819         }
2820 
2821         if (nla_put_u8(skb, IFLA_VXLAN_TTL, vxlan->ttl) ||
2822             nla_put_u8(skb, IFLA_VXLAN_TOS, vxlan->tos) ||
2823             nla_put_u8(skb, IFLA_VXLAN_LEARNING,
2824                         !!(vxlan->flags & VXLAN_F_LEARN)) ||
2825             nla_put_u8(skb, IFLA_VXLAN_PROXY,
2826                         !!(vxlan->flags & VXLAN_F_PROXY)) ||
2827             nla_put_u8(skb, IFLA_VXLAN_RSC, !!(vxlan->flags & VXLAN_F_RSC)) ||
2828             nla_put_u8(skb, IFLA_VXLAN_L2MISS,
2829                         !!(vxlan->flags & VXLAN_F_L2MISS)) ||
2830             nla_put_u8(skb, IFLA_VXLAN_L3MISS,
2831                         !!(vxlan->flags & VXLAN_F_L3MISS)) ||
2832             nla_put_u32(skb, IFLA_VXLAN_AGEING, vxlan->age_interval) ||
2833             nla_put_u32(skb, IFLA_VXLAN_LIMIT, vxlan->addrmax) ||
2834             nla_put_be16(skb, IFLA_VXLAN_PORT, vxlan->dst_port))
2835                 goto nla_put_failure;
2836 
2837         if (nla_put(skb, IFLA_VXLAN_PORT_RANGE, sizeof(ports), &ports))
2838                 goto nla_put_failure;
2839 
2840         return 0;
2841 
2842 nla_put_failure:
2843         return -EMSGSIZE;
2844 }
2845 
2846 static struct rtnl_link_ops vxlan_link_ops __read_mostly = {
2847         .kind           = "vxlan",
2848         .maxtype        = IFLA_VXLAN_MAX,
2849         .policy         = vxlan_policy,
2850         .priv_size      = sizeof(struct vxlan_dev),
2851         .setup          = vxlan_setup,
2852         .validate       = vxlan_validate,
2853         .newlink        = vxlan_newlink,
2854         .dellink        = vxlan_dellink,
2855         .get_size       = vxlan_get_size,
2856         .fill_info      = vxlan_fill_info,
2857 };
2858 
2859 static void vxlan_handle_lowerdev_unregister(struct vxlan_net *vn,
2860                                              struct net_device *dev)
2861 {
2862         struct vxlan_dev *vxlan, *next;
2863         LIST_HEAD(list_kill);
2864 
2865         list_for_each_entry_safe(vxlan, next, &vn->vxlan_list, next) {
2866                 struct vxlan_rdst *dst = &vxlan->default_dst;
2867 
2868                 /* In case we created vxlan device with carrier
2869                  * and we loose the carrier due to module unload
2870                  * we also need to remove vxlan device. In other
2871                  * cases, it's not necessary and remote_ifindex
2872                  * is 0 here, so no matches.
2873                  */
2874                 if (dst->remote_ifindex == dev->ifindex)
2875                         vxlan_dellink(vxlan->dev, &list_kill);
2876         }
2877 
2878         unregister_netdevice_many(&list_kill);
2879 }
2880 
2881 static int vxlan_lowerdev_event(struct notifier_block *unused,
2882                                 unsigned long event, void *ptr)
2883 {
2884         struct net_device *dev = netdev_notifier_info_to_dev(ptr);
2885         struct vxlan_net *vn = net_generic(dev_net(dev), vxlan_net_id);
2886 
2887         if (event == NETDEV_UNREGISTER)
2888                 vxlan_handle_lowerdev_unregister(vn, dev);
2889 
2890         return NOTIFY_DONE;
2891 }
2892 
2893 static struct notifier_block vxlan_notifier_block __read_mostly = {
2894         .notifier_call = vxlan_lowerdev_event,
2895 };
2896 
2897 static __net_init int vxlan_init_net(struct net *net)
2898 {
2899         struct vxlan_net *vn = net_generic(net, vxlan_net_id);
2900         unsigned int h;
2901 
2902         INIT_LIST_HEAD(&vn->vxlan_list);
2903         spin_lock_init(&vn->sock_lock);
2904 
2905         for (h = 0; h < PORT_HASH_SIZE; ++h)
2906                 INIT_HLIST_HEAD(&vn->sock_list[h]);
2907 
2908         return 0;
2909 }
2910 
2911 static struct pernet_operations vxlan_net_ops = {
2912         .init = vxlan_init_net,
2913         .id   = &vxlan_net_id,
2914         .size = sizeof(struct vxlan_net),
2915 };
2916 
2917 static int __init vxlan_init_module(void)
2918 {
2919         int rc;
2920 
2921         vxlan_wq = alloc_workqueue("vxlan", 0, 0);
2922         if (!vxlan_wq)
2923                 return -ENOMEM;
2924 
2925         get_random_bytes(&vxlan_salt, sizeof(vxlan_salt));
2926 
2927         rc = register_pernet_subsys(&vxlan_net_ops);
2928         if (rc)
2929                 goto out1;
2930 
2931         rc = register_netdevice_notifier(&vxlan_notifier_block);
2932         if (rc)
2933                 goto out2;
2934 
2935         rc = rtnl_link_register(&vxlan_link_ops);
2936         if (rc)
2937                 goto out3;
2938 
2939         return 0;
2940 out3:
2941         unregister_netdevice_notifier(&vxlan_notifier_block);
2942 out2:
2943         unregister_pernet_subsys(&vxlan_net_ops);
2944 out1:
2945         destroy_workqueue(vxlan_wq);
2946         return rc;
2947 }
2948 late_initcall(vxlan_init_module);
2949 
2950 static void __exit vxlan_cleanup_module(void)
2951 {
2952         rtnl_link_unregister(&vxlan_link_ops);
2953         unregister_netdevice_notifier(&vxlan_notifier_block);
2954         destroy_workqueue(vxlan_wq);
2955         unregister_pernet_subsys(&vxlan_net_ops);
2956         /* rcu_barrier() is called by netns */
2957 }
2958 module_exit(vxlan_cleanup_module);
2959 
2960 MODULE_LICENSE("GPL");
2961 MODULE_VERSION(VXLAN_VERSION);
2962 MODULE_AUTHOR("Stephen Hemminger <stephen@networkplumber.org>");
2963 MODULE_DESCRIPTION("Driver for VXLAN encapsulated traffic");
2964 MODULE_ALIAS_RTNL_LINK("vxlan");
2965 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us