/* * fastd.c - driver for the "Fast and Secure Tunneling Daemon" * * Copyright (c) 2012-2013, Matthias Schiffer * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Alternatively, provided that this notice is retained in full, this * software may be distributed under the terms of the GNU General * Public License ("GPL") version 2, in which case the provisions of the * GPL apply INSTEAD OF those given above. * * The provided data structures and external interfaces from this code * are not restricted to be used by modules with a GPL compatible license. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. */ #define DRV_NAME "fastd" #define DRV_VERSION "0.1" #define DRV_DESCRIPTION "fastd tunnel driver" #define DRV_COPYRIGHT \ "(C) 2013 Matthias Schiffer " #include #include #include #include #include #include #include #include #include #include #include #include #include #include "fastd.h" #define FASTD_HDRLEN \ (ETH_HLEN + sizeof(struct ipv6hdr) + sizeof(struct udphdr) + 24) #define FASTD_DEFAULT_MTU 1500 #define FASTD_MIN_MTU 68 #define FASTD_MAX_MTU 65535 static LIST_HEAD(fastd_list); static struct workqueue_struct *fastd_workqueue; struct fastd_struct { struct list_head list; /* protects changes of sockets (and setting owner to 0) */ spinlock_t lock; struct net_device *dev; struct net *net; u32 owner; u16 mode; unsigned long flags; struct list_head sockets; struct work_struct destroy_work; struct rcu_head rcu; }; struct fastd_socket { struct list_head list; struct socket *sock; }; /* must be called under rcu lock or rtnl */ static inline struct fastd_struct *fastd_find(struct net *net, u32 portid) { struct fastd_struct *entry; list_for_each_entry_rcu(entry, &fastd_list, list) { if (net_eq(entry->net, net) && entry->owner == portid) return entry; } return NULL; } static struct genl_family fastd_nl_family = { .id = GENL_ID_GENERATE, .hdrsize = 0, .name = DRV_NAME, .version = 1, .maxattr = FASTD_A_MAX, .netnsok = true, .parallel_ops = true, }; static int fastd_nl_event(struct notifier_block *nb, unsigned long event, void *ptr) { struct netlink_notify *n = ptr; struct fastd_struct *fastd; if (event != NETLINK_URELEASE || n->protocol != NETLINK_GENERIC) return NOTIFY_DONE; rcu_read_lock(); fastd = fastd_find(n->net, n->portid); if (fastd) { spin_lock_bh(&fastd->lock); fastd->owner = 0; spin_unlock_bh(&fastd->lock); queue_work(fastd_workqueue, &fastd->destroy_work); } rcu_read_unlock(); return NOTIFY_DONE; } static struct notifier_block nl_notifier = { .notifier_call = fastd_nl_event, }; static int fastd_ndo_change_mtu(struct net_device *dev, int mtu) { if (mtu < FASTD_MIN_MTU || mtu > (FASTD_MAX_MTU-dev->hard_header_len)) return -EINVAL; dev->mtu = mtu; return 0; } static const struct net_device_ops fastd_netdev_ops_eth = { .ndo_change_mtu = fastd_ndo_change_mtu, }; static const struct net_device_ops fastd_netdev_ops_ip = { .ndo_change_mtu = fastd_ndo_change_mtu, }; static void fastd_ethtool_get_drvinfo(struct net_device *dev, struct ethtool_drvinfo *info) { struct fastd_struct *fastd = netdev_priv(dev); strcpy(info->driver, DRV_NAME); strcpy(info->version, DRV_VERSION); strcpy(info->fw_version, "N/A"); switch (fastd->mode) { case FASTD_MODE_ETH: strcpy(info->bus_info, "ethernet"); break; case FASTD_MODE_IP: strcpy(info->bus_info, "ip"); } } static u32 fastd_ethtool_get_link(struct net_device *dev) { return 1; } static const struct ethtool_ops fastd_ethtool_ops = { .get_drvinfo = fastd_ethtool_get_drvinfo, .get_link = fastd_ethtool_get_link, }; static void fastd_netdev_setup(struct net_device *dev) { dev->ethtool_ops = &fastd_ethtool_ops; } static inline u16 fastd_header_len(u16 mode) { switch (mode) { case FASTD_MODE_ETH: return FASTD_HDRLEN + ETH_HLEN; default: return FASTD_HDRLEN; } } static void fastd_netdev_init(struct net_device *dev) { struct fastd_struct *fastd = netdev_priv(dev); switch (fastd->mode) { case FASTD_MODE_ETH: dev->netdev_ops = &fastd_netdev_ops_eth; eth_hw_addr_random(dev); ether_setup(dev); break; case FASTD_MODE_IP: dev->netdev_ops = &fastd_netdev_ops_ip; dev->addr_len = 0; dev->type = ARPHRD_NONE; dev->flags = IFF_POINTOPOINT | IFF_NOARP | IFF_MULTICAST; } dev->hard_header_len = fastd_header_len(fastd->mode); } static void fastd_netdev_free(struct rcu_head *rcu) { struct fastd_struct *fastd = container_of(rcu, struct fastd_struct, rcu); struct fastd_socket *socket, *next; list_for_each_entry_safe(socket, next, &fastd->sockets, list) { list_del(&socket->list); sk_release_kernel(socket->sock->sk); kfree(socket); } put_net(fastd->net); free_netdev(fastd->dev); module_put(THIS_MODULE); } static void fastd_destroy_work(struct work_struct *work) { struct fastd_struct *fastd = container_of(work, struct fastd_struct, destroy_work); rtnl_lock(); list_del_rcu(&fastd->list); unregister_netdevice(fastd->dev); rtnl_unlock(); call_rcu(&fastd->rcu, fastd_netdev_free); } static int fastd_cmd_create(struct sk_buff *skb, struct genl_info *info) { struct net *net = genl_info_net(info); struct net_device *dev; struct fastd_struct *fastd; u16 mode; u16 mtu = FASTD_DEFAULT_MTU; const char *name = "fastd%d"; int err; struct sk_buff *ret; void *skb_head; if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) return -EPERM; if (!info->attrs[FASTD_A_MODE]) return -EINVAL; mode = nla_get_u16(info->attrs[FASTD_A_MODE]); if (mode != FASTD_MODE_ETH && mode != FASTD_MODE_IP) return -EINVAL; if (info->attrs[FASTD_A_MTU]) mtu = nla_get_u16(info->attrs[FASTD_A_MTU]); if (mtu < FASTD_MIN_MTU || mtu > (FASTD_MAX_MTU-fastd_header_len(mode))) return -EINVAL; if (info->attrs[FASTD_A_IFNAME]) name = nla_data(info->attrs[FASTD_A_IFNAME]); if (!try_module_get(THIS_MODULE)) return -ENOENT; dev = alloc_netdev(sizeof(struct fastd_struct), name, fastd_netdev_setup); if (!dev) { err = -ENOMEM; goto err_module_put; } dev_net_set(dev, net); fastd = netdev_priv(dev); spin_lock_init(&fastd->lock); fastd->dev = dev; fastd->net = get_net(net); fastd->owner = info->snd_portid; fastd->mode = mode; INIT_LIST_HEAD(&fastd->sockets); INIT_WORK(&fastd->destroy_work, fastd_destroy_work); fastd_netdev_init(dev); dev->mtu = mtu; ret = genlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); if (!ret) { err = -ENOMEM; goto err_free_dev; } skb_head = genlmsg_put(ret, 0, info->snd_seq, &fastd_nl_family, 0, FASTD_CMD_CREATE); if (!skb_head) { err = -ENOMEM; goto err_free_skb; } rtnl_lock(); err = register_netdevice(dev); if (err) { rtnl_unlock(); goto err_free_dev; } list_add_rcu(&fastd->list, &fastd_list); nla_put_string(ret, FASTD_A_IFNAME, dev->name); rtnl_unlock(); genlmsg_end(ret, skb_head); err = genlmsg_reply(ret, info); if (err) return err; return 0; err_free_skb: kfree_skb(ret); err_free_dev: free_netdev(dev); err_module_put: module_put(THIS_MODULE); return err; } static int fastd_cmd_bind(struct sk_buff *skb, struct genl_info *info) { struct net *net = genl_info_net(info); int err; sa_family_t af; struct fastd_socket *socket; struct fastd_struct *fastd; struct sk_buff *ret; void *skb_head; unsigned char addrbuf[sizeof(struct sockaddr_in6)]; int addrlen = sizeof(addrbuf); if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) return -EPERM; if (!info->attrs[FASTD_A_LOCALADDR] || nla_len(info->attrs[FASTD_A_LOCALADDR]) < sizeof(sa_family_t)) return -EINVAL; af = *(sa_family_t *)nla_data(info->attrs[FASTD_A_LOCALADDR]); if (af != AF_INET && af != AF_INET6) return -EAFNOSUPPORT; socket = kmalloc(sizeof(*socket), GFP_KERNEL); if (!socket) return -ENOMEM; ret = genlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); if (!ret) { err = -ENOMEM; goto err_free_socket; } skb_head = genlmsg_put(ret, 0, info->snd_seq, &fastd_nl_family, 0, FASTD_CMD_BIND); if (!skb_head) { err = -ENOMEM; goto err_free_skb; } err = sock_create_kern(af, SOCK_DGRAM, IPPROTO_UDP, &socket->sock); if (err) goto err_free_skb; sk_change_net(socket->sock->sk, net); err = kernel_bind(socket->sock, nla_data(info->attrs[FASTD_A_LOCALADDR]), nla_len(info->attrs[FASTD_A_LOCALADDR])); if (err) goto err_release_sock; err = kernel_getsockname(socket->sock, (struct sockaddr*)addrbuf, &addrlen); if (err < 0) goto err_release_sock; nla_put(ret, FASTD_A_LOCALADDR, addrlen, addrbuf); rcu_read_lock(); fastd = fastd_find(net, info->snd_portid); if (!fastd) { rcu_read_unlock(); err = -EINVAL; goto err_release_sock; } spin_lock_bh(&fastd->lock); if (!fastd->owner) { spin_unlock_bh(&fastd->lock); rcu_read_unlock(); err = -EINVAL; goto err_release_sock; } socket->sock->sk->sk_user_data = fastd; list_add_tail_rcu(&socket->list, &fastd->sockets); spin_unlock_bh(&fastd->lock); rcu_read_unlock(); genlmsg_end(ret, skb_head); err = genlmsg_reply(ret, info); if (err) return err; return 0; err_release_sock: sk_release_kernel(socket->sock->sk); err_free_skb: kfree_skb(ret); err_free_socket: kfree(socket); return err; } static struct nla_policy fastd_nl_policy[__FASTD_A_MAX] = { [FASTD_A_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, [FASTD_A_MODE] = { .type = NLA_U16 }, [FASTD_A_MTU] = { .type = NLA_U16 }, [FASTD_A_LOCALADDR] = { .type = NLA_UNSPEC }, [FASTD_A_REMOTEADDR] = { .type = NLA_UNSPEC }, }; static struct genl_ops fastd_nl_ops[] = { { .cmd = FASTD_CMD_CREATE, .doit = fastd_cmd_create, .policy = fastd_nl_policy, }, { .cmd = FASTD_CMD_BIND, .doit = fastd_cmd_bind, .policy = fastd_nl_policy, }, }; static int __init fastd_init(void) { int ret = 0; fastd_workqueue = alloc_workqueue("fastd", 0, 0); if (!fastd_workqueue) return -ENOMEM; netlink_register_notifier(&nl_notifier); ret = genl_register_family_with_ops(&fastd_nl_family, fastd_nl_ops, ARRAY_SIZE(fastd_nl_ops)); if (ret) goto unregister_notifier; pr_info("%s %s\n", DRV_DESCRIPTION, DRV_VERSION); return 0; unregister_notifier: netlink_unregister_notifier(&nl_notifier); destroy_workqueue(fastd_workqueue); return ret; } static void fastd_cleanup(void) { genl_unregister_family(&fastd_nl_family); netlink_unregister_notifier(&nl_notifier); destroy_workqueue(fastd_workqueue); } module_init(fastd_init); module_exit(fastd_cleanup); MODULE_DESCRIPTION(DRV_DESCRIPTION); MODULE_AUTHOR(DRV_COPYRIGHT); MODULE_LICENSE("Dual BSD/GPL"); MODULE_ALIAS_GENL_FAMILY(DRV_NAME);