From patchwork Sat Nov 21 14:03:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 1404404 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.openwrt.org (client-ip=2001:8b0:10b:1231::1; helo=merlin.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=merlin.20170209 header.b=xEi/QPxA; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=hauke-m.de header.i=@hauke-m.de header.a=rsa-sha256 header.s=MBO0001 header.b=AWGhX420; dkim-atps=neutral Received: from merlin.infradead.org (merlin.infradead.org [IPv6:2001:8b0:10b:1231::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4CdqWN0mlpz9sRK for ; Sun, 22 Nov 2020 10:34:24 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=yiZlQPrL6T/4R+7r1U2WjqGzQ25EFM3Fvp5FgeVw0vY=; b=xEi/QPxA6uF95iZHf1q5TNvk0 F6HgpgLPXSKj7lTrUZXg94eJx3R7wkxJdGsYABv5Tr2Jdua8jnH/wwigh7OuLYoDTKEr5OLhU7TAF Sv75/TQJQpXn1ZzYxvNomCGy5JNXuR4m1cOPKL6mhqvJNOqdvyJXT5en8teOB3ZRAW3UKtbvarKYo WYQbke5AbkRsWcRfgR+0R5QnNJwAbn1HBlRhu9hkkq+kVNisjlmsVHLM3Jh9w5pXQCX9Ul8vKKc4t Gl10Tqg/Qt7pwEdK13gIS1PIqwvTK2xBmNIK8io6K8mkIxM9keDqV6R+vVItUNhYAc5s79z6L5heu owCSiqWkA==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kgcNE-0004Qf-Rc; Sat, 21 Nov 2020 23:32:56 +0000 Received: from mout-p-201.mailbox.org ([2001:67c:2050::465:201]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kgcNB-0004PC-Ab for openwrt-devel@lists.openwrt.org; Sat, 21 Nov 2020 23:32:54 +0000 Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:105:465:1:1:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4CdZrR5GNrzQj2L; Sat, 21 Nov 2020 15:03:19 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hauke-m.de; s=MBO0001; t=1605967397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=I/iCL6vzhVPpHykCmZK+0NKEzSg0oUiqfvvJoRcrmt4=; b=AWGhX420gBPfi1WT1UTuqI3KqBac6bnfUVdGTbbZ7/3oqahsq0j9iF7KsJsOS2k07jEojl Ih02eIq6+tvwd+2GMAvRbFYHdFN/2bIgxHne0bBozvqpTP5zkecSgsJ3hS1NZ8nDxbD3/z 4IaurJsPVxWnnh71VZfYvBNTpp5UMcntxmts3VdYtgwCfZhGzf+yvvXMZA/WyNliLAaB0/ Q6Djj3Pp8RcWRC2VkcJOuQ/jkt1G5WbTj7CMUZB6Ob7oGR7F/MVB36WqVaUmudZJ++PgeK HtwE4S7OnOSswdivzca9ptRsB0ocQiX98fTfrS4caPWnDwFT6argYqSsRhwRhQ== Received: from smtp1.mailbox.org ([80.241.60.240]) by spamfilter03.heinlein-hosting.de (spamfilter03.heinlein-hosting.de [80.241.56.117]) (amavisd-new, port 10030) with ESMTP id GK75Z1E5AzIz; Sat, 21 Nov 2020 15:03:15 +0100 (CET) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Subject: [PATCH 1/2] kernel: Remove support for MAP-E FMRs RFC 7597 Date: Sat, 21 Nov 2020 15:03:10 +0100 Message-Id: <20201121140311.22070-2-hauke@hauke-m.de> In-Reply-To: <20201121140311.22070-1-hauke@hauke-m.de> References: <20201121140311.22070-1-hauke@hauke-m.de> MIME-Version: 1.0 X-MBO-SPAM-Probability: * X-Rspamd-Score: 0.61 / 15.00 / 15.00 X-Rspamd-Queue-Id: ABADF146 X-Rspamd-UID: ad73b4 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201121_183253_600786_E149472E X-CRM114-Status: GOOD ( 25.67 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.4 on merlin.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2001:67c:2050:0:0:0:465:201 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens , Steven Barth , steven.barth@outlook.com, jonas.gorski@gmail.com Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org I am not aware that any user space code uses this feature in OpenWrt and maintaining this patch costs some effort especially when we add a new kernel major version. This patch was originally introduced in commit 32246436147f ("Add kernel support for MAP-E FMRs") in May 2014 and implements (parts?) or MAP-E FMRs (draft-ietf-softwire-map-10) which is now RFC 7597 If you still need this feature also try to get this into mainline Linux. Signed-off-by: Hauke Mehrtens --- ...Add-support-for-MAP-E-FMRs-mesh-mode.patch | 501 ------------------ 1 file changed, 501 deletions(-) delete mode 100644 target/linux/generic/pending-5.4/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch diff --git a/target/linux/generic/pending-5.4/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch b/target/linux/generic/pending-5.4/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch deleted file mode 100644 index 8bcca1c4d159..000000000000 --- a/target/linux/generic/pending-5.4/666-Add-support-for-MAP-E-FMRs-mesh-mode.patch +++ /dev/null @@ -1,501 +0,0 @@ -From: Steven Barth -Subject: Add support for MAP-E FMRs (mesh mode) - -MAP-E FMRs (draft-ietf-softwire-map-10) are rules for IPv4-communication -between MAP CEs (mesh mode) without the need to forward such data to a -border relay. This is similar to how 6rd works but for IPv4 over IPv6. - -Signed-off-by: Steven Barth ---- - include/net/ip6_tunnel.h | 13 ++ - include/uapi/linux/if_tunnel.h | 13 ++ - net/ipv6/ip6_tunnel.c | 276 +++++++++++++++++++++++++++++++++++++++-- - 3 files changed, 291 insertions(+), 11 deletions(-) - ---- a/include/net/ip6_tunnel.h -+++ b/include/net/ip6_tunnel.h -@@ -18,6 +18,18 @@ - /* determine capability on a per-packet basis */ - #define IP6_TNL_F_CAP_PER_PACKET 0x40000 - -+/* IPv6 tunnel FMR */ -+struct __ip6_tnl_fmr { -+ struct __ip6_tnl_fmr *next; /* next fmr in list */ -+ struct in6_addr ip6_prefix; -+ struct in_addr ip4_prefix; -+ -+ __u8 ip6_prefix_len; -+ __u8 ip4_prefix_len; -+ __u8 ea_len; -+ __u8 offset; -+}; -+ - struct __ip6_tnl_parm { - char name[IFNAMSIZ]; /* name of tunnel device */ - int link; /* ifindex of underlying L2 interface */ -@@ -29,6 +41,7 @@ struct __ip6_tnl_parm { - __u32 flags; /* tunnel flags */ - struct in6_addr laddr; /* local tunnel end-point address */ - struct in6_addr raddr; /* remote tunnel end-point address */ -+ struct __ip6_tnl_fmr *fmrs; /* FMRs */ - - __be16 i_flags; - __be16 o_flags; ---- a/include/uapi/linux/if_tunnel.h -+++ b/include/uapi/linux/if_tunnel.h -@@ -77,10 +77,23 @@ enum { - IFLA_IPTUN_ENCAP_DPORT, - IFLA_IPTUN_COLLECT_METADATA, - IFLA_IPTUN_FWMARK, -+ IFLA_IPTUN_FMRS, - __IFLA_IPTUN_MAX, - }; - #define IFLA_IPTUN_MAX (__IFLA_IPTUN_MAX - 1) - -+enum { -+ IFLA_IPTUN_FMR_UNSPEC, -+ IFLA_IPTUN_FMR_IP6_PREFIX, -+ IFLA_IPTUN_FMR_IP4_PREFIX, -+ IFLA_IPTUN_FMR_IP6_PREFIX_LEN, -+ IFLA_IPTUN_FMR_IP4_PREFIX_LEN, -+ IFLA_IPTUN_FMR_EA_LEN, -+ IFLA_IPTUN_FMR_OFFSET, -+ __IFLA_IPTUN_FMR_MAX, -+}; -+#define IFLA_IPTUN_FMR_MAX (__IFLA_IPTUN_FMR_MAX - 1) -+ - enum tunnel_encap_types { - TUNNEL_ENCAP_NONE, - TUNNEL_ENCAP_FOU, ---- a/net/ipv6/ip6_tunnel.c -+++ b/net/ipv6/ip6_tunnel.c -@@ -11,6 +11,9 @@ - * linux/net/ipv6/sit.c and linux/net/ipv4/ipip.c - * - * RFC 2473 -+ * -+ * Changes: -+ * Steven Barth : MAP-E FMR support - */ - - #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt -@@ -67,9 +70,9 @@ static bool log_ecn_error = true; - module_param(log_ecn_error, bool, 0644); - MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN"); - --static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) -+static u32 HASH(const struct in6_addr *addr) - { -- u32 hash = ipv6_addr_hash(addr1) ^ ipv6_addr_hash(addr2); -+ u32 hash = ipv6_addr_hash(addr); - - return hash_32(hash, IP6_TUNNEL_HASH_SIZE_SHIFT); - } -@@ -136,20 +139,29 @@ static struct net_device_stats *ip6_get_ - static struct ip6_tnl * - ip6_tnl_lookup(struct net *net, const struct in6_addr *remote, const struct in6_addr *local) - { -- unsigned int hash = HASH(remote, local); -+ unsigned int hash = HASH(local); - struct ip6_tnl *t; - struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); - struct in6_addr any; -+ struct __ip6_tnl_fmr *fmr; - - for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) { -- if (ipv6_addr_equal(local, &t->parms.laddr) && -- ipv6_addr_equal(remote, &t->parms.raddr) && -- (t->dev->flags & IFF_UP)) -+ if (!ipv6_addr_equal(local, &t->parms.laddr) || -+ !(t->dev->flags & IFF_UP)) -+ continue; -+ -+ if (ipv6_addr_equal(remote, &t->parms.raddr)) - return t; -+ -+ for (fmr = t->parms.fmrs; fmr; fmr = fmr->next) { -+ if (ipv6_prefix_equal(remote, &fmr->ip6_prefix, -+ fmr->ip6_prefix_len)) -+ return t; -+ } - } - - memset(&any, 0, sizeof(any)); -- hash = HASH(&any, local); -+ hash = HASH(local); - for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) { - if (ipv6_addr_equal(local, &t->parms.laddr) && - ipv6_addr_any(&t->parms.raddr) && -@@ -157,7 +169,7 @@ ip6_tnl_lookup(struct net *net, const st - return t; - } - -- hash = HASH(remote, &any); -+ hash = HASH(&any); - for_each_ip6_tunnel_rcu(ip6n->tnls_r_l[hash]) { - if (ipv6_addr_equal(remote, &t->parms.raddr) && - ipv6_addr_any(&t->parms.laddr) && -@@ -197,7 +209,7 @@ ip6_tnl_bucket(struct ip6_tnl_net *ip6n, - - if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) { - prio = 1; -- h = HASH(remote, local); -+ h = HASH(local); - } - return &ip6n->tnls[prio][h]; - } -@@ -378,6 +390,12 @@ ip6_tnl_dev_uninit(struct net_device *de - struct net *net = t->net; - struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id); - -+ while (t->parms.fmrs) { -+ struct __ip6_tnl_fmr *next = t->parms.fmrs->next; -+ kfree(t->parms.fmrs); -+ t->parms.fmrs = next; -+ } -+ - if (dev == ip6n->fb_tnl_dev) - RCU_INIT_POINTER(ip6n->tnls_wc[0], NULL); - else -@@ -767,6 +785,107 @@ int ip6_tnl_rcv_ctl(struct ip6_tnl *t, - } - EXPORT_SYMBOL_GPL(ip6_tnl_rcv_ctl); - -+/** -+ * ip4ip6_fmr_calc - calculate target / source IPv6-address based on FMR -+ * @dest: destination IPv6 address buffer -+ * @skb: received socket buffer -+ * @fmr: MAP FMR -+ * @xmit: Calculate for xmit or rcv -+ **/ -+static void ip4ip6_fmr_calc(struct in6_addr *dest, -+ const struct iphdr *iph, const uint8_t *end, -+ const struct __ip6_tnl_fmr *fmr, bool xmit) -+{ -+ int psidlen = fmr->ea_len - (32 - fmr->ip4_prefix_len); -+ u8 *portp = NULL; -+ bool use_dest_addr; -+ const struct iphdr *dsth = iph; -+ -+ if ((u8*)dsth >= end) -+ return; -+ -+ /* find significant IP header */ -+ if (iph->protocol == IPPROTO_ICMP) { -+ struct icmphdr *ih = (struct icmphdr*)(((u8*)dsth) + dsth->ihl * 4); -+ if (ih && ((u8*)&ih[1]) <= end && ( -+ ih->type == ICMP_DEST_UNREACH || -+ ih->type == ICMP_SOURCE_QUENCH || -+ ih->type == ICMP_TIME_EXCEEDED || -+ ih->type == ICMP_PARAMETERPROB || -+ ih->type == ICMP_REDIRECT)) -+ dsth = (const struct iphdr*)&ih[1]; -+ } -+ -+ /* in xmit-path use dest port by default and source port only if -+ this is an ICMP reply to something else; vice versa in rcv-path */ -+ use_dest_addr = (xmit && dsth == iph) || (!xmit && dsth != iph); -+ -+ /* get dst port */ -+ if (((u8*)&dsth[1]) <= end && ( -+ dsth->protocol == IPPROTO_UDP || -+ dsth->protocol == IPPROTO_TCP || -+ dsth->protocol == IPPROTO_SCTP || -+ dsth->protocol == IPPROTO_DCCP)) { -+ /* for UDP, TCP, SCTP and DCCP source and dest port -+ follow IPv4 header directly */ -+ portp = ((u8*)dsth) + dsth->ihl * 4; -+ -+ if (use_dest_addr) -+ portp += sizeof(u16); -+ } else if (iph->protocol == IPPROTO_ICMP) { -+ struct icmphdr *ih = (struct icmphdr*)(((u8*)dsth) + dsth->ihl * 4); -+ -+ /* use icmp identifier as port */ -+ if (((u8*)&ih) <= end && ( -+ (use_dest_addr && ( -+ ih->type == ICMP_ECHOREPLY || -+ ih->type == ICMP_TIMESTAMPREPLY || -+ ih->type == ICMP_INFO_REPLY || -+ ih->type == ICMP_ADDRESSREPLY)) || -+ (!use_dest_addr && ( -+ ih->type == ICMP_ECHO || -+ ih->type == ICMP_TIMESTAMP || -+ ih->type == ICMP_INFO_REQUEST || -+ ih->type == ICMP_ADDRESS) -+ ))) -+ portp = (u8*)&ih->un.echo.id; -+ } -+ -+ if ((portp && &portp[2] <= end) || psidlen == 0) { -+ int frombyte = fmr->ip6_prefix_len / 8; -+ int fromrem = fmr->ip6_prefix_len % 8; -+ int bytes = sizeof(struct in6_addr) - frombyte; -+ const u32 *addr = (use_dest_addr) ? &iph->daddr : &iph->saddr; -+ u64 eabits = ((u64)ntohl(*addr)) << (32 + fmr->ip4_prefix_len); -+ u64 t = 0; -+ -+ /* extract PSID from port and add it to eabits */ -+ u16 psidbits = 0; -+ if (psidlen > 0) { -+ psidbits = ((u16)portp[0]) << 8 | ((u16)portp[1]); -+ psidbits >>= 16 - psidlen - fmr->offset; -+ psidbits = (u16)(psidbits << (16 - psidlen)); -+ eabits |= ((u64)psidbits) << (48 - (fmr->ea_len - psidlen)); -+ } -+ -+ /* rewrite destination address */ -+ *dest = fmr->ip6_prefix; -+ memcpy(&dest->s6_addr[10], addr, sizeof(*addr)); -+ dest->s6_addr16[7] = htons(psidbits >> (16 - psidlen)); -+ -+ if (bytes > sizeof(u64)) -+ bytes = sizeof(u64); -+ -+ /* insert eabits */ -+ memcpy(&t, &dest->s6_addr[frombyte], bytes); -+ t = be64_to_cpu(t) & ~(((((u64)1) << fmr->ea_len) - 1) -+ << (64 - fmr->ea_len - fromrem)); -+ t = cpu_to_be64(t | (eabits >> fromrem)); -+ memcpy(&dest->s6_addr[frombyte], &t, bytes); -+ } -+} -+ -+ - static int __ip6_tnl_rcv(struct ip6_tnl *tunnel, struct sk_buff *skb, - const struct tnl_ptk_info *tpi, - struct metadata_dst *tun_dst, -@@ -819,6 +938,27 @@ static int __ip6_tnl_rcv(struct ip6_tnl - skb_reset_network_header(skb); - memset(skb->cb, 0, sizeof(struct inet6_skb_parm)); - -+ if (tpi->proto == htons(ETH_P_IP) && tunnel->parms.fmrs && -+ !ipv6_addr_equal(&ipv6h->saddr, &tunnel->parms.raddr)) { -+ /* Packet didn't come from BR, so lookup FMR */ -+ struct __ip6_tnl_fmr *fmr; -+ struct in6_addr expected = tunnel->parms.raddr; -+ for (fmr = tunnel->parms.fmrs; fmr; fmr = fmr->next) -+ if (ipv6_prefix_equal(&ipv6h->saddr, -+ &fmr->ip6_prefix, fmr->ip6_prefix_len)) -+ break; -+ -+ /* Check that IPv6 matches IPv4 source to prevent spoofing */ -+ if (fmr) -+ ip4ip6_fmr_calc(&expected, ip_hdr(skb), -+ skb_tail_pointer(skb), fmr, false); -+ -+ if (!ipv6_addr_equal(&ipv6h->saddr, &expected)) { -+ rcu_read_unlock(); -+ goto drop; -+ } -+ } -+ - __skb_tunnel_rx(skb, tunnel->dev, tunnel->net); - - err = dscp_ecn_decapsulate(tunnel, ipv6h, skb); -@@ -959,6 +1099,7 @@ static void init_tel_txopt(struct ipv6_t - opt->ops.opt_nflen = 8; - } - -+ - /** - * ip6_tnl_addr_conflict - compare packet addresses to tunnel's own - * @t: the outgoing tunnel device -@@ -1311,6 +1452,7 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str - { - struct ip6_tnl *t = netdev_priv(dev); - struct ipv6hdr *ipv6h; -+ struct __ip6_tnl_fmr *fmr; - int encap_limit = -1; - __u16 offset; - struct flowi6 fl6; -@@ -1376,6 +1518,18 @@ ip6ip6_tnl_xmit(struct sk_buff *skb, str - fl6.flowi6_uid = sock_net_uid(dev_net(dev), NULL); - dsfield = INET_ECN_encapsulate(dsfield, ipv6_get_dsfield(ipv6h)); - -+ /* try to find matching FMR */ -+ for (fmr = t->parms.fmrs; fmr; fmr = fmr->next) { -+ unsigned mshift = 32 - fmr->ip4_prefix_len; -+ if (ntohl(fmr->ip4_prefix.s_addr) >> mshift == -+ ntohl(ip_hdr(skb)->daddr) >> mshift) -+ break; -+ } -+ -+ /* change dstaddr according to FMR */ -+ if (fmr) -+ ip4ip6_fmr_calc(&fl6.daddr, ip_hdr(skb), skb_tail_pointer(skb), fmr, true); -+ - if (iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6)) - return -1; - -@@ -1505,6 +1659,14 @@ ip6_tnl_change(struct ip6_tnl *t, const - t->parms.link = p->link; - t->parms.proto = p->proto; - t->parms.fwmark = p->fwmark; -+ -+ while (t->parms.fmrs) { -+ struct __ip6_tnl_fmr *next = t->parms.fmrs->next; -+ kfree(t->parms.fmrs); -+ t->parms.fmrs = next; -+ } -+ t->parms.fmrs = p->fmrs; -+ - dst_cache_reset(&t->dst_cache); - ip6_tnl_link_config(t); - return 0; -@@ -1543,6 +1705,7 @@ ip6_tnl_parm_from_user(struct __ip6_tnl_ - p->flowinfo = u->flowinfo; - p->link = u->link; - p->proto = u->proto; -+ p->fmrs = NULL; - memcpy(p->name, u->name, sizeof(u->name)); - } - -@@ -1927,6 +2090,15 @@ static int ip6_tnl_validate(struct nlatt - return 0; - } - -+static const struct nla_policy ip6_tnl_fmr_policy[IFLA_IPTUN_FMR_MAX + 1] = { -+ [IFLA_IPTUN_FMR_IP6_PREFIX] = { .len = sizeof(struct in6_addr) }, -+ [IFLA_IPTUN_FMR_IP4_PREFIX] = { .len = sizeof(struct in_addr) }, -+ [IFLA_IPTUN_FMR_IP6_PREFIX_LEN] = { .type = NLA_U8 }, -+ [IFLA_IPTUN_FMR_IP4_PREFIX_LEN] = { .type = NLA_U8 }, -+ [IFLA_IPTUN_FMR_EA_LEN] = { .type = NLA_U8 }, -+ [IFLA_IPTUN_FMR_OFFSET] = { .type = NLA_U8 } -+}; -+ - static void ip6_tnl_netlink_parms(struct nlattr *data[], - struct __ip6_tnl_parm *parms) - { -@@ -1964,6 +2136,46 @@ static void ip6_tnl_netlink_parms(struct - - if (data[IFLA_IPTUN_FWMARK]) - parms->fwmark = nla_get_u32(data[IFLA_IPTUN_FWMARK]); -+ -+ if (data[IFLA_IPTUN_FMRS]) { -+ unsigned rem; -+ struct nlattr *fmr; -+ nla_for_each_nested(fmr, data[IFLA_IPTUN_FMRS], rem) { -+ struct nlattr *fmrd[IFLA_IPTUN_FMR_MAX + 1], *c; -+ struct __ip6_tnl_fmr *nfmr; -+ -+ nla_parse_nested(fmrd, IFLA_IPTUN_FMR_MAX, -+ fmr, ip6_tnl_fmr_policy, NULL); -+ -+ if (!(nfmr = kzalloc(sizeof(*nfmr), GFP_KERNEL))) -+ continue; -+ -+ nfmr->offset = 6; -+ -+ if ((c = fmrd[IFLA_IPTUN_FMR_IP6_PREFIX])) -+ nla_memcpy(&nfmr->ip6_prefix, fmrd[IFLA_IPTUN_FMR_IP6_PREFIX], -+ sizeof(nfmr->ip6_prefix)); -+ -+ if ((c = fmrd[IFLA_IPTUN_FMR_IP4_PREFIX])) -+ nla_memcpy(&nfmr->ip4_prefix, fmrd[IFLA_IPTUN_FMR_IP4_PREFIX], -+ sizeof(nfmr->ip4_prefix)); -+ -+ if ((c = fmrd[IFLA_IPTUN_FMR_IP6_PREFIX_LEN])) -+ nfmr->ip6_prefix_len = nla_get_u8(c); -+ -+ if ((c = fmrd[IFLA_IPTUN_FMR_IP4_PREFIX_LEN])) -+ nfmr->ip4_prefix_len = nla_get_u8(c); -+ -+ if ((c = fmrd[IFLA_IPTUN_FMR_EA_LEN])) -+ nfmr->ea_len = nla_get_u8(c); -+ -+ if ((c = fmrd[IFLA_IPTUN_FMR_OFFSET])) -+ nfmr->offset = nla_get_u8(c); -+ -+ nfmr->next = parms->fmrs; -+ parms->fmrs = nfmr; -+ } -+ } - } - - static bool ip6_tnl_netlink_encap_parms(struct nlattr *data[], -@@ -2079,6 +2291,12 @@ static void ip6_tnl_dellink(struct net_d - - static size_t ip6_tnl_get_size(const struct net_device *dev) - { -+ const struct ip6_tnl *t = netdev_priv(dev); -+ struct __ip6_tnl_fmr *c; -+ int fmrs = 0; -+ for (c = t->parms.fmrs; c; c = c->next) -+ ++fmrs; -+ - return - /* IFLA_IPTUN_LINK */ - nla_total_size(4) + -@@ -2108,6 +2326,24 @@ static size_t ip6_tnl_get_size(const str - nla_total_size(0) + - /* IFLA_IPTUN_FWMARK */ - nla_total_size(4) + -+ /* IFLA_IPTUN_FMRS */ -+ nla_total_size(0) + -+ ( -+ /* nest */ -+ nla_total_size(0) + -+ /* IFLA_IPTUN_FMR_IP6_PREFIX */ -+ nla_total_size(sizeof(struct in6_addr)) + -+ /* IFLA_IPTUN_FMR_IP4_PREFIX */ -+ nla_total_size(sizeof(struct in_addr)) + -+ /* IFLA_IPTUN_FMR_EA_LEN */ -+ nla_total_size(1) + -+ /* IFLA_IPTUN_FMR_IP6_PREFIX_LEN */ -+ nla_total_size(1) + -+ /* IFLA_IPTUN_FMR_IP4_PREFIX_LEN */ -+ nla_total_size(1) + -+ /* IFLA_IPTUN_FMR_OFFSET */ -+ nla_total_size(1) -+ ) * fmrs + - 0; - } - -@@ -2115,6 +2351,9 @@ static int ip6_tnl_fill_info(struct sk_b - { - struct ip6_tnl *tunnel = netdev_priv(dev); - struct __ip6_tnl_parm *parm = &tunnel->parms; -+ struct __ip6_tnl_fmr *c; -+ int fmrcnt = 0; -+ struct nlattr *fmrs; - - if (nla_put_u32(skb, IFLA_IPTUN_LINK, parm->link) || - nla_put_in6_addr(skb, IFLA_IPTUN_LOCAL, &parm->laddr) || -@@ -2124,9 +2363,27 @@ static int ip6_tnl_fill_info(struct sk_b - nla_put_be32(skb, IFLA_IPTUN_FLOWINFO, parm->flowinfo) || - nla_put_u32(skb, IFLA_IPTUN_FLAGS, parm->flags) || - nla_put_u8(skb, IFLA_IPTUN_PROTO, parm->proto) || -- nla_put_u32(skb, IFLA_IPTUN_FWMARK, parm->fwmark)) -+ nla_put_u32(skb, IFLA_IPTUN_FWMARK, parm->fwmark) || -+ !(fmrs = nla_nest_start(skb, IFLA_IPTUN_FMRS))) - goto nla_put_failure; - -+ for (c = parm->fmrs; c; c = c->next) { -+ struct nlattr *fmr = nla_nest_start(skb, ++fmrcnt); -+ if (!fmr || -+ nla_put(skb, IFLA_IPTUN_FMR_IP6_PREFIX, -+ sizeof(c->ip6_prefix), &c->ip6_prefix) || -+ nla_put(skb, IFLA_IPTUN_FMR_IP4_PREFIX, -+ sizeof(c->ip4_prefix), &c->ip4_prefix) || -+ nla_put_u8(skb, IFLA_IPTUN_FMR_IP6_PREFIX_LEN, c->ip6_prefix_len) || -+ nla_put_u8(skb, IFLA_IPTUN_FMR_IP4_PREFIX_LEN, c->ip4_prefix_len) || -+ nla_put_u8(skb, IFLA_IPTUN_FMR_EA_LEN, c->ea_len) || -+ nla_put_u8(skb, IFLA_IPTUN_FMR_OFFSET, c->offset)) -+ goto nla_put_failure; -+ -+ nla_nest_end(skb, fmr); -+ } -+ nla_nest_end(skb, fmrs); -+ - if (nla_put_u16(skb, IFLA_IPTUN_ENCAP_TYPE, tunnel->encap.type) || - nla_put_be16(skb, IFLA_IPTUN_ENCAP_SPORT, tunnel->encap.sport) || - nla_put_be16(skb, IFLA_IPTUN_ENCAP_DPORT, tunnel->encap.dport) || -@@ -2166,6 +2423,7 @@ static const struct nla_policy ip6_tnl_p - [IFLA_IPTUN_ENCAP_DPORT] = { .type = NLA_U16 }, - [IFLA_IPTUN_COLLECT_METADATA] = { .type = NLA_FLAG }, - [IFLA_IPTUN_FWMARK] = { .type = NLA_U32 }, -+ [IFLA_IPTUN_FMRS] = { .type = NLA_NESTED }, - }; - - static struct rtnl_link_ops ip6_link_ops __read_mostly = {