osmo-gtp-kernel/gtp.c

1413 lines
32 KiB
C
Raw Normal View History

/* GTP according to GSM TS 09.60 / 3GPP TS 29.060 */
/* (C) 2012-2014 by sysmocom - s.f.m.c. GmbH
* Author: Harald Welte <hwelte@sysmocom.de>
* Pablo Neira Ayuso <pablo@gnumonks.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#include <linux/module.h>
#include <linux/version.h>
#include <linux/skbuff.h>
#include <linux/udp.h>
#include <linux/rculist.h>
#include <linux/jhash.h>
#include <linux/if_tunnel.h>
#include <linux/net.h>
#include <linux/file.h>
#include <net/net_namespace.h>
#include <net/protocol.h>
#include <net/ip.h>
#include <net/udp.h>
#include <net/icmp.h>
#include <net/xfrm.h>
#include <net/genetlink.h>
#include <net/netns/generic.h>
#include "gtp.h"
#include "gtp_nl.h"
static u32 gtp_h_initval;
struct pdp_ctx {
struct hlist_node hlist_tid;
struct hlist_node hlist_addr;
u64 tid;
u8 gtp_version;
u16 af;
union {
struct in6_addr ip6;
struct in_addr ip4;
} ms_addr;
union {
struct in6_addr ip6;
struct in_addr ip4;
} sgsn_addr;
u16 flow;
atomic_t tx_seq;
struct rcu_head rcu_head;
};
/* One local instance of the GTP code base */
struct gtp_instance {
struct list_head list;
/* the socket */
struct socket *sock0;
struct socket *sock1u;
struct net_device *dev;
struct net_device *real_dev;
unsigned int hash_size;
struct hlist_head *tid_hash;
struct hlist_head *addr_hash;
};
static int gtp_net_id __read_mostly;
struct gtp_net {
struct list_head gtp_instance_list;
};
static inline u32 gtp0_hashfn(u64 tid)
{
u32 *tid32 = (u32 *) &tid;
return jhash_2words(tid32[0], tid32[1], gtp_h_initval);
}
static inline u32 gtp1u_hashfn(u32 tid)
{
return jhash_1word(tid, gtp_h_initval);
}
static inline u32 ipv4_hashfn(u32 ip)
{
return jhash_1word(ip, gtp_h_initval);
}
static inline u32 ipv6_hashfn(struct in6_addr *ip6)
{
return jhash2((const u32 *) &ip6->s6_addr32, sizeof(*ip6)/sizeof(u32),
gtp_h_initval);
}
/* resolve a PDP context structure based on the 64bit TID */
static struct pdp_ctx *gtp0_pdp_find(struct gtp_instance *gti, u64 tid)
{
struct hlist_head *head;
struct pdp_ctx *pdp;
head = &gti->tid_hash[gtp0_hashfn(tid) % gti->hash_size];
hlist_for_each_entry_rcu(pdp, head, hlist_tid) {
2014-02-13 15:29:05 +00:00
if (pdp->gtp_version == GTP_V0 && pdp->tid == tid)
return pdp;
}
return NULL;
}
/* resolve a PDP context structure based on the 32bit TEI */
static struct pdp_ctx *gtp1_pdp_find(struct gtp_instance *gti, u32 tid)
{
struct hlist_head *head;
struct pdp_ctx *pdp;
head = &gti->tid_hash[gtp1u_hashfn(tid) % gti->hash_size];
hlist_for_each_entry_rcu(pdp, head, hlist_tid) {
2014-02-13 15:29:05 +00:00
if (pdp->gtp_version == GTP_V1 && pdp->tid == tid)
return pdp;
}
return NULL;
}
/* resolve a PDP context based on IPv4 address of MS */
static struct pdp_ctx *ipv4_pdp_find(struct gtp_instance *gti,
u32 ms_addr)
{
struct hlist_head *head;
struct pdp_ctx *pdp;
head = &gti->addr_hash[ipv4_hashfn(ms_addr) % gti->hash_size];
hlist_for_each_entry_rcu(pdp, head, hlist_addr) {
if (pdp->af == AF_INET && pdp->ms_addr.ip4.s_addr == ms_addr)
return pdp;
}
return NULL;
}
/* resolve a PDP context based on IPv6 address of MS */
static struct pdp_ctx *ipv6_pdp_find(struct gtp_instance *gti,
struct in6_addr *ms_addr)
{
struct hlist_head *head;
struct pdp_ctx *pdp;
head = &gti->addr_hash[ipv6_hashfn(ms_addr) % gti->hash_size];
hlist_for_each_entry_rcu(pdp, head, hlist_addr) {
if (pdp->af == AF_INET6 &&
!memcmp(&pdp->ms_addr.ip6, ms_addr, sizeof(*ms_addr)))
return pdp;
}
return NULL;
}
/* resolve the GTP instance for a given sock */
static inline struct gtp_instance *sk_to_gti(struct sock *sk)
{
struct gtp_instance *gti;
if (!sk)
return NULL;
sock_hold(sk);
gti = (struct gtp_instance *) sk->sk_user_data;
if (!gti) {
sock_put(sk);
return NULL;
}
return gti;
}
/* Check if the inner IP header has the source address assigned to the
* current MS.
*/
static bool gtp_check_src_ms(struct sk_buff *skb, struct pdp_ctx *pctx,
unsigned int hdrlen)
{
bool ret = false;
if (skb->protocol == ntohs(ETH_P_IP)) {
struct iphdr *iph;
if (!pskb_may_pull(skb, hdrlen + sizeof(struct iphdr)))
return false;
iph = (struct iphdr *)
(skb->data + hdrlen + sizeof(struct iphdr));
ret = (iph->saddr != pctx->ms_addr.ip4.s_addr);
} else if (skb->protocol == ntohs(ETH_P_IPV6)) {
struct ipv6hdr *ip6h;
if (!pskb_may_pull(skb, hdrlen + sizeof(struct ipv6hdr)))
return false;
ip6h = (struct ipv6hdr *)
(skb->data + hdrlen + sizeof(struct ipv6hdr));
ret = memcmp(&ip6h->saddr, &pctx->ms_addr.ip6,
sizeof(struct in6_addr)) == 0;
}
return ret;
}
/* 1 means pass up to the stack, -1 means drop and 0 means decapsulated */
static int gtp0_udp_encap_recv(struct gtp_instance *gti, struct sk_buff *skb)
{
struct gtp0_header *gtp0;
struct pdp_ctx *pctx;
unsigned int hdrlen = sizeof(struct udphdr) + sizeof(*gtp0);
int ret = 0;
/* check for sufficient header size */
if (!pskb_may_pull(skb, hdrlen))
return -1;
gtp0 = (struct gtp0_header *)(skb->data + sizeof(struct udphdr));
/* check for GTP Version 0 */
if ((gtp0->flags >> 5) != GTP_V0)
return 1;
/* check if it is T-PDU. if not -> userspace */
if (gtp0->type != GTP_TPDU)
return 1;
rcu_read_lock();
/* look-up the PDP context for the Tunnel ID */
pctx = gtp0_pdp_find(gti, be64_to_cpu(gtp0->tid));
if (!pctx) {
ret = -1;
goto out_rcu;
}
if (!gtp_check_src_ms(skb, pctx, hdrlen)) {
ret = -1;
goto out_rcu;
}
/* get rid of the GTP + UDP headers */
__skb_pull(skb, hdrlen);
out_rcu:
rcu_read_unlock();
return ret;
}
static int gtp1u_udp_encap_recv(struct gtp_instance *gti, struct sk_buff *skb)
{
struct gtp1_header *gtp1;
struct pdp_ctx *pctx;
unsigned int hdrlen = sizeof(struct udphdr) + sizeof(*gtp1);
int ret = 0;
/* check for sufficient header size */
if (!pskb_may_pull(skb, hdrlen))
return -1;
gtp1 = (struct gtp1_header *)(skb->data + sizeof(struct udphdr));
/* check for GTP Version 1 */
if ((gtp1->flags >> 5) != GTP_V1)
return 1;
/* check if it is T-PDU. */
if (gtp1->type != GTP_TPDU)
return 1;
/* From 29.060: "This field shall be present if and only if any one or
* more of the S, PN and E flags are set.".
*
* If any of the bit is set, then the remaining ones also have to be
* set.
*/
if (gtp1->flags & GTP1_F_MASK)
hdrlen += 4;
/* check for sufficient header size for extension */
if (!pskb_may_pull(skb, hdrlen))
return -1;
/* look-up the PDP context for the Tunnel ID */
rcu_read_lock();
pctx = gtp1_pdp_find(gti, ntohl(gtp1->tid));
if (!pctx) {
ret = -1;
goto out_rcu;
}
if (!gtp_check_src_ms(skb, pctx, hdrlen)) {
ret = -1;
goto out_rcu;
}
/* get rid of the UDP + GTP header + extensions */
__skb_pull(skb, hdrlen);
out_rcu:
rcu_read_unlock();
return ret;
}
/* UDP encapsulation receive handler. See net/ipv4/udp.c.
* Return codes: 0: success, <0: error, >0: passed up to userspace UDP.
*/
static int gtp_udp_encap_recv(struct sock *sk, struct sk_buff *skb)
{
struct gtp_instance *gti;
int ret;
/* resolve the GTP instance to which the socket belongs */
gti = sk_to_gti(sk);
if (!gti)
goto user;
netdev_dbg(gti->dev, "encap_recv %p\n", sk);
switch (udp_sk(sk)->encap_type) {
case UDP_ENCAP_GTP0:
netdev_dbg(gti->dev, "received GTP0 packet\n");
ret = gtp0_udp_encap_recv(gti, skb);
break;
case UDP_ENCAP_GTP1U:
netdev_dbg(gti->dev, "received GTP1U packet\n");
ret = gtp1u_udp_encap_recv(gti, skb);
break;
default:
ret = -1; /* shouldn't happen */
}
switch (ret) {
case 1:
netdev_dbg(gti->dev, "pass up to the process\n");
goto user_put;
case 0:
netdev_dbg(gti->dev, "forwarding packet from GGSN to uplink\n");
break;
case -1:
netdev_dbg(gti->dev, "GTP packet has been dropped\n");
goto drop;
}
/* Now that the UDP and the GTP header have been removed, set up the
* new network header. This is required by the upper later to
* calculate the transport header.
*/
skb_reset_network_header(skb);
/* re-submit via virtual tunnel device into regular network stack */
secpath_reset(skb);
skb_dst_drop(skb);
nf_reset(skb);
skb->dev = gti->dev;
/* Force the upper layers to verify it. */
skb->ip_summed = CHECKSUM_NONE;
netif_rx(skb);
sock_put(sk);
return 0;
drop:
kfree_skb(skb);
return 0;
user_put:
sock_put(sk);
user:
return 1;
}
static int gtp_dev_init(struct net_device *dev)
{
struct gtp_instance *gti = netdev_priv(dev);
dev->flags = IFF_NOARP;
gti->dev = dev;
dev->tstats = alloc_percpu(struct pcpu_sw_netstats);
if (!dev->tstats)
return -ENOMEM;
return 0;
}
static void gtp_encap_disable(struct gtp_instance *gti);
static void gtp_dev_uninit(struct net_device *dev)
{
struct gtp_instance *gti = netdev_priv(dev);
gtp_encap_disable(gti);
free_percpu(dev->tstats);
}
#define IP_UDP_LEN (sizeof(struct iphdr) + sizeof(struct udphdr))
static struct rtable *
ip4_route_output_gtp(struct net *net, struct flowi4 *fl4,
__be32 daddr, __be32 saddr, __u8 tos, int oif)
{
memset(fl4, 0, sizeof(*fl4));
fl4->flowi4_oif = oif;
fl4->daddr = daddr;
fl4->saddr = saddr;
fl4->flowi4_tos = tos;
fl4->flowi4_proto = IPPROTO_UDP;
return ip_route_output_key(net, fl4);
}
static inline void
gtp0_push_header(struct sk_buff *skb, struct pdp_ctx *pctx, int payload_len)
{
struct gtp0_header *gtp0;
/* ensure there is sufficient headroom */
skb_cow(skb, sizeof(*gtp0) + IP_UDP_LEN);
gtp0 = (struct gtp0_header *) skb_push(skb, sizeof(*gtp0));
gtp0->flags = 0x1e; /* V0, GTP-non-prime */
gtp0->type = GTP_TPDU;
gtp0->length = htons(payload_len);
gtp0->seq = htons((atomic_inc_return(&pctx->tx_seq)-1) % 0xffff);
gtp0->flow = htons(pctx->flow);
gtp0->number = 0xFF;
gtp0->spare[0] = gtp0->spare[1] = gtp0->spare[2] = 0xFF;
gtp0->tid = cpu_to_be64(pctx->tid);
}
static inline void
gtp1_push_header(struct sk_buff *skb, struct pdp_ctx *pctx, int payload_len)
{
struct gtp1_header *gtp1;
/* ensure there is sufficient headroom */
skb_cow(skb, sizeof(*gtp1) + IP_UDP_LEN);
gtp1 = (struct gtp1_header *) skb_push(skb, sizeof(*gtp1));
/* Bits 8 7 6 5 4 3 2 1
* +--+--+--+--+--+--+--+--+
* |version |PT| 1| E| S|PN|
* +--+--+--+--+--+--+--+--+
* 0 0 1 1 1 0 0 0
*/
gtp1->flags = 0x38; /* V1, GTP-non-prime */
gtp1->type = GTP_TPDU;
gtp1->length = htons(payload_len);
gtp1->tid = htonl((u32)pctx->tid);
/* TODO: Suppport for extension header, sequence number and N-PDU.
* Update the length field if any of them is available.
*/
}
/* From Linux kernel 3.13: iptunnel_xmit_stats() */
static inline void
gtp_iptunnel_xmit_stats(int err, struct net_device_stats *err_stats,
struct pcpu_sw_netstats __percpu *stats)
{
if (err > 0) {
struct pcpu_sw_netstats *tstats = this_cpu_ptr(stats);
u64_stats_update_begin(&tstats->syncp);
tstats->tx_bytes += err;
tstats->tx_packets++;
u64_stats_update_end(&tstats->syncp);
} else if (err < 0) {
err_stats->tx_errors++;
err_stats->tx_aborted_errors++;
} else {
err_stats->tx_dropped++;
}
}
struct gtp_pktinfo {
union {
struct iphdr *iph;
struct ipv6hdr *ip6h;
};
union {
struct flowi4 fl4;
};
struct rtable *rt;
struct pdp_ctx *pctx;
struct net_device *dev;
};
static inline void
gtp_set_pktinfo_ipv4(struct gtp_pktinfo *pktinfo, struct iphdr *iph,
struct pdp_ctx *pctx, struct rtable *rt,
struct flowi4 *fl4, struct net_device *dev)
{
pktinfo->iph = iph;
pktinfo->pctx = pctx;
pktinfo->rt = rt;
pktinfo->fl4 = *fl4;
pktinfo->dev = dev;
}
static int gtp_ip4_prepare_xmit(struct sk_buff *skb, struct net_device *dev,
struct gtp_pktinfo *pktinfo)
{
struct gtp_instance *gti = netdev_priv(dev);
struct inet_sock *inet = inet_sk(gti->sock0->sk);
struct iphdr *iph;
struct pdp_ctx *pctx;
struct rtable *rt;
struct flowi4 fl4;
int df, mtu;
/* Read the IP destination address and resolve the PDP context.
* Prepend PDP header with TEI/TID from PDP ctx.
*/
iph = ip_hdr(skb);
pctx = ipv4_pdp_find(gti, iph->daddr);
if (!pctx) {
netdev_dbg(dev, "no PDP ctx found for this packet, skip\n");
return -ENOENT;
}
netdev_dbg(dev, "found PDP context %p\n", pctx);
/* Obtain route for the new encapsulated GTP packet */
rt = ip4_route_output_gtp(dev_net(dev), &fl4,
pctx->sgsn_addr.ip4.s_addr,
inet->inet_saddr, 0,
gti->real_dev->ifindex);
if (IS_ERR(rt)) {
netdev_dbg(dev, "no route to SSGN %pI4 from ifidx=%d\n",
&pctx->sgsn_addr.ip4.s_addr,
gti->real_dev->ifindex);
dev->stats.tx_carrier_errors++;
goto err;
}
/* There is a routing loop */
if (rt->dst.dev == dev) {
netdev_dbg(dev, "circular route to SSGN %pI4\n",
&pctx->sgsn_addr.ip4.s_addr);
dev->stats.collisions++;
goto err_rt;
}
skb_dst_drop(skb);
skb_dst_set(skb, &rt->dst);
/* This is similar to tnl_update_pmtu() */
df = iph->frag_off;
if (df) {
mtu = dst_mtu(&rt->dst) - gti->real_dev->hard_header_len -
sizeof(struct iphdr) - sizeof(struct udphdr);
switch (pctx->gtp_version) {
case GTP_V0:
mtu -= sizeof(struct gtp0_header);
break;
case GTP_V1:
mtu -= sizeof(struct gtp1_header);
break;
}
} else
mtu = skb_dst(skb) ? dst_mtu(skb_dst(skb)) : dev->mtu;
if (skb_dst(skb))
skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu);
if (!skb_is_gso(skb) && (iph->frag_off & htons(IP_DF)) &&
mtu < ntohs(iph->tot_len)) {
netdev_dbg(dev, "packet too big, fragmentation needed\n");
memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
htonl(mtu));
goto err_rt;
}
gtp_set_pktinfo_ipv4(pktinfo, iph, pctx, rt, &fl4, dev);
return 0;
err_rt:
ip_rt_put(rt);
err:
return -EBADMSG;
}
static int gtp_ip6_prepare_xmit(struct sk_buff *skb, struct net_device *dev,
struct gtp_pktinfo *pktinfo)
{
/* TODO IPV6 support */
return 0;
}
static inline void
gtp_push_ip4hdr(struct sk_buff *skb, struct gtp_pktinfo *pktinfo)
{
struct iphdr *iph;
/* Push down and install the IP header. Similar to iptunnel_xmit() */
skb_push(skb, sizeof(struct iphdr));
skb_reset_network_header(skb);
iph = ip_hdr(skb);
iph->version = 4;
iph->ihl = sizeof(struct iphdr) >> 2;
iph->frag_off = htons(IP_DF);
iph->protocol = IPPROTO_UDP;
iph->tos = pktinfo->iph->tos;
iph->daddr = pktinfo->fl4.daddr;
iph->saddr = pktinfo->fl4.saddr;
iph->ttl = ip4_dst_hoplimit(&pktinfo->rt->dst);
__ip_select_ident(dev_net(pktinfo->rt->dst.dev), iph,
(skb_shinfo(skb)->gso_segs ?: 1) - 1);
netdev_dbg(pktinfo->dev, "gtp -> IP src: %pI4 dst: %pI4\n",
&iph->saddr, &iph->daddr);
}
static inline void
gtp_push_ip6hdr(struct sk_buff *skb, struct gtp_pktinfo *pktinfo)
{
/* TODO IPV6 support */
}
static netdev_tx_t gtp_dev_xmit(struct sk_buff *skb, struct net_device *dev)
{
struct udphdr *uh;
unsigned int payload_len;
struct gtp_pktinfo pktinfo;
unsigned int proto = ntohs(skb->protocol);
int gtph_len, err;
rcu_read_lock();
switch (proto) {
case ETH_P_IP:
err = gtp_ip4_prepare_xmit(skb, dev, &pktinfo);
break;
case ETH_P_IPV6:
err = gtp_ip6_prepare_xmit(skb, dev, &pktinfo);
break;
}
if (err < 0)
goto tx_error;
/* Annotate length of the encapsulated packet */
payload_len = skb->len;
/* Push down GTP header */