|  | /* SPDX-License-Identifier: GPL-2.0 */ | 
|  | #ifndef _INET_ECN_H_ | 
|  | #define _INET_ECN_H_ | 
|  |  | 
|  | #include <linux/ip.h> | 
|  | #include <linux/skbuff.h> | 
|  | #include <linux/if_vlan.h> | 
|  |  | 
|  | #include <net/inet_sock.h> | 
|  | #include <net/dsfield.h> | 
|  | #include <net/checksum.h> | 
|  |  | 
|  | enum { | 
|  | INET_ECN_NOT_ECT = 0, | 
|  | INET_ECN_ECT_1 = 1, | 
|  | INET_ECN_ECT_0 = 2, | 
|  | INET_ECN_CE = 3, | 
|  | INET_ECN_MASK = 3, | 
|  | }; | 
|  |  | 
|  | extern int sysctl_tunnel_ecn_log; | 
|  |  | 
|  | static inline int INET_ECN_is_ce(__u8 dsfield) | 
|  | { | 
|  | return (dsfield & INET_ECN_MASK) == INET_ECN_CE; | 
|  | } | 
|  |  | 
|  | static inline int INET_ECN_is_not_ect(__u8 dsfield) | 
|  | { | 
|  | return (dsfield & INET_ECN_MASK) == INET_ECN_NOT_ECT; | 
|  | } | 
|  |  | 
|  | static inline int INET_ECN_is_capable(__u8 dsfield) | 
|  | { | 
|  | return dsfield & INET_ECN_ECT_0; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * RFC 3168 9.1.1 | 
|  | *  The full-functionality option for ECN encapsulation is to copy the | 
|  | *  ECN codepoint of the inside header to the outside header on | 
|  | *  encapsulation if the inside header is not-ECT or ECT, and to set the | 
|  | *  ECN codepoint of the outside header to ECT(0) if the ECN codepoint of | 
|  | *  the inside header is CE. | 
|  | */ | 
|  | static inline __u8 INET_ECN_encapsulate(__u8 outer, __u8 inner) | 
|  | { | 
|  | outer &= ~INET_ECN_MASK; | 
|  | outer |= !INET_ECN_is_ce(inner) ? (inner & INET_ECN_MASK) : | 
|  | INET_ECN_ECT_0; | 
|  | return outer; | 
|  | } | 
|  |  | 
|  | static inline void INET_ECN_xmit(struct sock *sk) | 
|  | { | 
|  | inet_sk(sk)->tos |= INET_ECN_ECT_0; | 
|  | if (inet6_sk(sk) != NULL) | 
|  | inet6_sk(sk)->tclass |= INET_ECN_ECT_0; | 
|  | } | 
|  |  | 
|  | static inline void INET_ECN_dontxmit(struct sock *sk) | 
|  | { | 
|  | inet_sk(sk)->tos &= ~INET_ECN_MASK; | 
|  | if (inet6_sk(sk) != NULL) | 
|  | inet6_sk(sk)->tclass &= ~INET_ECN_MASK; | 
|  | } | 
|  |  | 
|  | #define IP6_ECN_flow_init(label) do {		\ | 
|  | (label) &= ~htonl(INET_ECN_MASK << 20);	\ | 
|  | } while (0) | 
|  |  | 
|  | #define	IP6_ECN_flow_xmit(sk, label) do {				\ | 
|  | if (INET_ECN_is_capable(inet6_sk(sk)->tclass))			\ | 
|  | (label) |= htonl(INET_ECN_ECT_0 << 20);			\ | 
|  | } while (0) | 
|  |  | 
|  | static inline int IP_ECN_set_ce(struct iphdr *iph) | 
|  | { | 
|  | u32 ecn = (iph->tos + 1) & INET_ECN_MASK; | 
|  | __be16 check_add; | 
|  |  | 
|  | /* | 
|  | * After the last operation we have (in binary): | 
|  | * INET_ECN_NOT_ECT => 01 | 
|  | * INET_ECN_ECT_1   => 10 | 
|  | * INET_ECN_ECT_0   => 11 | 
|  | * INET_ECN_CE      => 00 | 
|  | */ | 
|  | if (!(ecn & 2)) | 
|  | return !ecn; | 
|  |  | 
|  | /* | 
|  | * The following gives us: | 
|  | * INET_ECN_ECT_1 => check += htons(0xFFFD) | 
|  | * INET_ECN_ECT_0 => check += htons(0xFFFE) | 
|  | */ | 
|  | check_add = (__force __be16)((__force u16)htons(0xFFFB) + | 
|  | (__force u16)htons(ecn)); | 
|  |  | 
|  | iph->check = csum16_add(iph->check, check_add); | 
|  | iph->tos |= INET_ECN_CE; | 
|  | return 1; | 
|  | } | 
|  |  | 
|  | static inline int IP_ECN_set_ect1(struct iphdr *iph) | 
|  | { | 
|  | if ((iph->tos & INET_ECN_MASK) != INET_ECN_ECT_0) | 
|  | return 0; | 
|  |  | 
|  | iph->check = csum16_add(iph->check, htons(0x1)); | 
|  | iph->tos ^= INET_ECN_MASK; | 
|  | return 1; | 
|  | } | 
|  |  | 
|  | static inline void IP_ECN_clear(struct iphdr *iph) | 
|  | { | 
|  | iph->tos &= ~INET_ECN_MASK; | 
|  | } | 
|  |  | 
|  | static inline void ipv4_copy_dscp(unsigned int dscp, struct iphdr *inner) | 
|  | { | 
|  | dscp &= ~INET_ECN_MASK; | 
|  | ipv4_change_dsfield(inner, INET_ECN_MASK, dscp); | 
|  | } | 
|  |  | 
|  | struct ipv6hdr; | 
|  |  | 
|  | /* Note: | 
|  | * IP_ECN_set_ce() has to tweak IPV4 checksum when setting CE, | 
|  | * meaning both changes have no effect on skb->csum if/when CHECKSUM_COMPLETE | 
|  | * In IPv6 case, no checksum compensates the change in IPv6 header, | 
|  | * so we have to update skb->csum. | 
|  | */ | 
|  | static inline int IP6_ECN_set_ce(struct sk_buff *skb, struct ipv6hdr *iph) | 
|  | { | 
|  | __be32 from, to; | 
|  |  | 
|  | if (INET_ECN_is_not_ect(ipv6_get_dsfield(iph))) | 
|  | return 0; | 
|  |  | 
|  | from = *(__be32 *)iph; | 
|  | to = from | htonl(INET_ECN_CE << 20); | 
|  | *(__be32 *)iph = to; | 
|  | if (skb->ip_summed == CHECKSUM_COMPLETE) | 
|  | skb->csum = csum_add(csum_sub(skb->csum, (__force __wsum)from), | 
|  | (__force __wsum)to); | 
|  | return 1; | 
|  | } | 
|  |  | 
|  | static inline int IP6_ECN_set_ect1(struct sk_buff *skb, struct ipv6hdr *iph) | 
|  | { | 
|  | __be32 from, to; | 
|  |  | 
|  | if ((ipv6_get_dsfield(iph) & INET_ECN_MASK) != INET_ECN_ECT_0) | 
|  | return 0; | 
|  |  | 
|  | from = *(__be32 *)iph; | 
|  | to = from ^ htonl(INET_ECN_MASK << 20); | 
|  | *(__be32 *)iph = to; | 
|  | if (skb->ip_summed == CHECKSUM_COMPLETE) | 
|  | skb->csum = csum_add(csum_sub(skb->csum, (__force __wsum)from), | 
|  | (__force __wsum)to); | 
|  | return 1; | 
|  | } | 
|  |  | 
|  | static inline void ipv6_copy_dscp(unsigned int dscp, struct ipv6hdr *inner) | 
|  | { | 
|  | dscp &= ~INET_ECN_MASK; | 
|  | ipv6_change_dsfield(inner, INET_ECN_MASK, dscp); | 
|  | } | 
|  |  | 
|  | static inline int INET_ECN_set_ce(struct sk_buff *skb) | 
|  | { | 
|  | switch (skb_protocol(skb, true)) { | 
|  | case cpu_to_be16(ETH_P_IP): | 
|  | if (skb_network_header(skb) + sizeof(struct iphdr) <= | 
|  | skb_tail_pointer(skb)) | 
|  | return IP_ECN_set_ce(ip_hdr(skb)); | 
|  | break; | 
|  |  | 
|  | case cpu_to_be16(ETH_P_IPV6): | 
|  | if (skb_network_header(skb) + sizeof(struct ipv6hdr) <= | 
|  | skb_tail_pointer(skb)) | 
|  | return IP6_ECN_set_ce(skb, ipv6_hdr(skb)); | 
|  | break; | 
|  | } | 
|  |  | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | static inline int skb_get_dsfield(struct sk_buff *skb) | 
|  | { | 
|  | switch (skb_protocol(skb, true)) { | 
|  | case cpu_to_be16(ETH_P_IP): | 
|  | if (!pskb_network_may_pull(skb, sizeof(struct iphdr))) | 
|  | break; | 
|  | return ipv4_get_dsfield(ip_hdr(skb)); | 
|  |  | 
|  | case cpu_to_be16(ETH_P_IPV6): | 
|  | if (!pskb_network_may_pull(skb, sizeof(struct ipv6hdr))) | 
|  | break; | 
|  | return ipv6_get_dsfield(ipv6_hdr(skb)); | 
|  | } | 
|  |  | 
|  | return -1; | 
|  | } | 
|  |  | 
|  | static inline int INET_ECN_set_ect1(struct sk_buff *skb) | 
|  | { | 
|  | switch (skb_protocol(skb, true)) { | 
|  | case cpu_to_be16(ETH_P_IP): | 
|  | if (skb_network_header(skb) + sizeof(struct iphdr) <= | 
|  | skb_tail_pointer(skb)) | 
|  | return IP_ECN_set_ect1(ip_hdr(skb)); | 
|  | break; | 
|  |  | 
|  | case cpu_to_be16(ETH_P_IPV6): | 
|  | if (skb_network_header(skb) + sizeof(struct ipv6hdr) <= | 
|  | skb_tail_pointer(skb)) | 
|  | return IP6_ECN_set_ect1(skb, ipv6_hdr(skb)); | 
|  | break; | 
|  | } | 
|  |  | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | /* | 
|  | * RFC 6040 4.2 | 
|  | *  To decapsulate the inner header at the tunnel egress, a compliant | 
|  | *  tunnel egress MUST set the outgoing ECN field to the codepoint at the | 
|  | *  intersection of the appropriate arriving inner header (row) and outer | 
|  | *  header (column) in Figure 4 | 
|  | * | 
|  | *      +---------+------------------------------------------------+ | 
|  | *      |Arriving |            Arriving Outer Header               | | 
|  | *      |   Inner +---------+------------+------------+------------+ | 
|  | *      |  Header | Not-ECT | ECT(0)     | ECT(1)     |     CE     | | 
|  | *      +---------+---------+------------+------------+------------+ | 
|  | *      | Not-ECT | Not-ECT |Not-ECT(!!!)|Not-ECT(!!!)| <drop>(!!!)| | 
|  | *      |  ECT(0) |  ECT(0) | ECT(0)     | ECT(1)     |     CE     | | 
|  | *      |  ECT(1) |  ECT(1) | ECT(1) (!) | ECT(1)     |     CE     | | 
|  | *      |    CE   |      CE |     CE     |     CE(!!!)|     CE     | | 
|  | *      +---------+---------+------------+------------+------------+ | 
|  | * | 
|  | *             Figure 4: New IP in IP Decapsulation Behaviour | 
|  | * | 
|  | *  returns 0 on success | 
|  | *          1 if something is broken and should be logged (!!! above) | 
|  | *          2 if packet should be dropped | 
|  | */ | 
|  | static inline int __INET_ECN_decapsulate(__u8 outer, __u8 inner, bool *set_ce) | 
|  | { | 
|  | if (INET_ECN_is_not_ect(inner)) { | 
|  | switch (outer & INET_ECN_MASK) { | 
|  | case INET_ECN_NOT_ECT: | 
|  | return 0; | 
|  | case INET_ECN_ECT_0: | 
|  | case INET_ECN_ECT_1: | 
|  | return 1; | 
|  | case INET_ECN_CE: | 
|  | return 2; | 
|  | } | 
|  | } | 
|  |  | 
|  | *set_ce = INET_ECN_is_ce(outer); | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | static inline int INET_ECN_decapsulate(struct sk_buff *skb, | 
|  | __u8 outer, __u8 inner) | 
|  | { | 
|  | bool set_ce = false; | 
|  | int rc; | 
|  |  | 
|  | rc = __INET_ECN_decapsulate(outer, inner, &set_ce); | 
|  | if (!rc) { | 
|  | if (set_ce) | 
|  | INET_ECN_set_ce(skb); | 
|  | else if ((outer & INET_ECN_MASK) == INET_ECN_ECT_1) | 
|  | INET_ECN_set_ect1(skb); | 
|  | } | 
|  |  | 
|  | return rc; | 
|  | } | 
|  |  | 
|  | static inline int IP_ECN_decapsulate(const struct iphdr *oiph, | 
|  | struct sk_buff *skb) | 
|  | { | 
|  | __u8 inner; | 
|  |  | 
|  | switch (skb_protocol(skb, true)) { | 
|  | case htons(ETH_P_IP): | 
|  | inner = ip_hdr(skb)->tos; | 
|  | break; | 
|  | case htons(ETH_P_IPV6): | 
|  | inner = ipv6_get_dsfield(ipv6_hdr(skb)); | 
|  | break; | 
|  | default: | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | return INET_ECN_decapsulate(skb, oiph->tos, inner); | 
|  | } | 
|  |  | 
|  | static inline int IP6_ECN_decapsulate(const struct ipv6hdr *oipv6h, | 
|  | struct sk_buff *skb) | 
|  | { | 
|  | __u8 inner; | 
|  |  | 
|  | switch (skb_protocol(skb, true)) { | 
|  | case htons(ETH_P_IP): | 
|  | inner = ip_hdr(skb)->tos; | 
|  | break; | 
|  | case htons(ETH_P_IPV6): | 
|  | inner = ipv6_get_dsfield(ipv6_hdr(skb)); | 
|  | break; | 
|  | default: | 
|  | return 0; | 
|  | } | 
|  |  | 
|  | return INET_ECN_decapsulate(skb, ipv6_get_dsfield(oipv6h), inner); | 
|  | } | 
|  | #endif |