diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-11-10 15:21:54 +0900 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2017-11-10 16:20:09 +0900 |
| commit | 74e08c0f671ebddda400ede1a5f00d23d33b6179 (patch) | |
| tree | 3be884bf655a0498d81944d2257ac5dc936dd07c /src | |
| parent | f283e17e12ce2199ce75b92d3a778ac8830cc2f9 (diff) | |
allowedips: rename from routingtable
Makes it more clear that this _not_ a routing table replacement.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/Kbuild | 2 | ||||
| -rw-r--r-- | src/allowedips.c (renamed from src/routingtable.c) | 60 | ||||
| -rw-r--r-- | src/allowedips.h | 41 | ||||
| -rw-r--r-- | src/device.c | 6 | ||||
| -rw-r--r-- | src/device.h | 4 | ||||
| -rw-r--r-- | src/main.c | 2 | ||||
| -rw-r--r-- | src/netlink.c | 16 | ||||
| -rw-r--r-- | src/peer.c | 2 | ||||
| -rw-r--r-- | src/receive.c | 2 | ||||
| -rw-r--r-- | src/routingtable.h | 41 | ||||
| -rw-r--r-- | src/selftest/allowedips.h (renamed from src/selftest/routingtable.h) | 122 |
11 files changed, 149 insertions, 149 deletions
@@ -2,7 +2,7 @@ ccflags-y := -O3 -fvisibility=hidden ccflags-$(CONFIG_WIREGUARD_DEBUG) += -DDEBUG -g ccflags-y += -Wframe-larger-than=8192 ccflags-y += -D'pr_fmt(fmt)=KBUILD_MODNAME ": " fmt' -wireguard-y := main.o noise.o device.o peer.o timers.o queueing.o send.o receive.o socket.o hashtables.o routingtable.o ratelimiter.o cookie.o netlink.o +wireguard-y := main.o noise.o device.o peer.o timers.o queueing.o send.o receive.o socket.o hashtables.o allowedips.o ratelimiter.o cookie.o netlink.o wireguard-y += crypto/curve25519.o crypto/chacha20poly1305.o crypto/blake2s.o ifeq ($(CONFIG_X86_64),y) diff --git a/src/routingtable.c b/src/allowedips.c index 6cbea3d..279bdd4 100644 --- a/src/routingtable.c +++ b/src/allowedips.c @@ -1,17 +1,17 @@ /* Copyright (C) 2015-2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. */ -#include "routingtable.h" +#include "allowedips.h" #include "peer.h" -struct routing_table_node { - struct routing_table_node __rcu *bit[2]; +struct allowedips_node { + struct allowedips_node __rcu *bit[2]; struct rcu_head rcu; struct wireguard_peer *peer; u8 cidr, bit_at_a, bit_at_b; u8 bits[] __aligned(__alignof__(u64)); }; -static inline void copy_and_assign_cidr(struct routing_table_node *node, const u8 *src, u8 cidr) +static inline void copy_and_assign_cidr(struct allowedips_node *node, const u8 *src, u8 cidr) { memcpy(node->bits, src, (cidr + 7) / 8); node->bits[(cidr + 7) / 8 - 1] &= 0xffU << ((8 - (cidr % 8)) % 8); @@ -23,7 +23,7 @@ static inline void copy_and_assign_cidr(struct routing_table_node *node, const u static void node_free_rcu(struct rcu_head *rcu) { - kfree(container_of(rcu, struct routing_table_node, rcu)); + kfree(container_of(rcu, struct allowedips_node, rcu)); } #define push(stack, p, len) ({ \ @@ -33,18 +33,18 @@ static void node_free_rcu(struct rcu_head *rcu) } \ true; \ }) -static void free_root_node(struct routing_table_node __rcu *top, struct mutex *lock) +static void free_root_node(struct allowedips_node __rcu *top, struct mutex *lock) { - struct routing_table_node *stack[128], *node; + struct allowedips_node *stack[128], *node; unsigned int len; for (len = 0, push(stack, top, len); len > 0 && (node = stack[--len]) && push(stack, node->bit[0], len) && push(stack, node->bit[1], len);) call_rcu_bh(&node->rcu, node_free_rcu); } -static int walk_by_peer(struct routing_table_node __rcu *top, int family, struct routing_table_cursor *cursor, struct wireguard_peer *peer, int (*func)(void *ctx, const u8 *ip, u8 cidr, int family), void *ctx, struct mutex *lock) +static int walk_by_peer(struct allowedips_node __rcu *top, int family, struct allowedips_cursor *cursor, struct wireguard_peer *peer, int (*func)(void *ctx, const u8 *ip, u8 cidr, int family), void *ctx, struct mutex *lock) { - struct routing_table_node *node; + struct allowedips_node *node; int ret; if (!rcu_access_pointer(top)) @@ -67,10 +67,10 @@ static int walk_by_peer(struct routing_table_node __rcu *top, int family, struct #define ref(p) rcu_access_pointer(p) #define deref(p) rcu_dereference_protected(*p, lockdep_is_held(lock)) #define push(p) ({ BUG_ON(len >= 128); stack[len++] = p; }) -static void walk_remove_by_peer(struct routing_table_node __rcu **top, struct wireguard_peer *peer, struct mutex *lock) +static void walk_remove_by_peer(struct allowedips_node __rcu **top, struct wireguard_peer *peer, struct mutex *lock) { - struct routing_table_node __rcu **stack[128], **nptr; - struct routing_table_node *node, *prev; + struct allowedips_node __rcu **stack[128], **nptr; + struct allowedips_node *node, *prev; unsigned int len; if (unlikely(!peer || !ref(*top))) @@ -113,7 +113,7 @@ static __always_inline unsigned int fls128(u64 a, u64 b) return a ? fls64(a) + 64 : fls64(b); } -static __always_inline u8 common_bits(const struct routing_table_node *node, const u8 *key, u8 bits) +static __always_inline u8 common_bits(const struct allowedips_node *node, const u8 *key, u8 bits) { if (bits == 32) return 32 - fls(be32_to_cpu(*(const __be32 *)node->bits ^ *(const __be32 *)key)); @@ -122,9 +122,9 @@ static __always_inline u8 common_bits(const struct routing_table_node *node, con return 0; } -static inline struct routing_table_node *find_node(struct routing_table_node *trie, u8 bits, const u8 *key) +static inline struct allowedips_node *find_node(struct allowedips_node *trie, u8 bits, const u8 *key) { - struct routing_table_node *node = trie, *found = NULL; + struct allowedips_node *node = trie, *found = NULL; while (node && common_bits(node, key, bits) >= node->cidr) { if (node->peer) @@ -137,10 +137,10 @@ static inline struct routing_table_node *find_node(struct routing_table_node *tr } /* Returns a strong reference to a peer */ -static inline struct wireguard_peer *lookup(struct routing_table_node __rcu *root, u8 bits, const void *ip) +static inline struct wireguard_peer *lookup(struct allowedips_node __rcu *root, u8 bits, const void *ip) { struct wireguard_peer *peer = NULL; - struct routing_table_node *node; + struct allowedips_node *node; rcu_read_lock_bh(); node = find_node(rcu_dereference_bh(root), bits, ip); @@ -150,10 +150,10 @@ static inline struct wireguard_peer *lookup(struct routing_table_node __rcu *roo return peer; } -static inline bool node_placement(struct routing_table_node __rcu *trie, const u8 *key, u8 cidr, u8 bits, struct routing_table_node **rnode, struct mutex *lock) +static inline bool node_placement(struct allowedips_node __rcu *trie, const u8 *key, u8 cidr, u8 bits, struct allowedips_node **rnode, struct mutex *lock) { bool exact = false; - struct routing_table_node *parent = NULL, *node = rcu_dereference_protected(trie, lockdep_is_held(lock)); + struct allowedips_node *parent = NULL, *node = rcu_dereference_protected(trie, lockdep_is_held(lock)); while (node && node->cidr <= cidr && common_bits(node, key, bits) >= node->cidr) { parent = node; @@ -167,9 +167,9 @@ static inline bool node_placement(struct routing_table_node __rcu *trie, const u return exact; } -static int add(struct routing_table_node __rcu **trie, u8 bits, const u8 *key, u8 cidr, struct wireguard_peer *peer, struct mutex *lock) +static int add(struct allowedips_node __rcu **trie, u8 bits, const u8 *key, u8 cidr, struct wireguard_peer *peer, struct mutex *lock) { - struct routing_table_node *node, *parent, *down, *newnode; + struct allowedips_node *node, *parent, *down, *newnode; if (unlikely(cidr > bits || !peer)) return -EINVAL; @@ -230,13 +230,13 @@ static int add(struct routing_table_node __rcu **trie, u8 bits, const u8 *key, u return 0; } -void routing_table_init(struct routing_table *table) +void allowedips_init(struct allowedips *table) { table->root4 = table->root6 = NULL; table->seq = 1; } -void routing_table_free(struct routing_table *table, struct mutex *lock) +void allowedips_free(struct allowedips *table, struct mutex *lock) { ++table->seq; free_root_node(table->root4, lock); @@ -245,26 +245,26 @@ void routing_table_free(struct routing_table *table, struct mutex *lock) rcu_assign_pointer(table->root6, NULL); } -int routing_table_insert_v4(struct routing_table *table, const struct in_addr *ip, u8 cidr, struct wireguard_peer *peer, struct mutex *lock) +int allowedips_insert_v4(struct allowedips *table, const struct in_addr *ip, u8 cidr, struct wireguard_peer *peer, struct mutex *lock) { ++table->seq; return add(&table->root4, 32, (const u8 *)ip, cidr, peer, lock); } -int routing_table_insert_v6(struct routing_table *table, const struct in6_addr *ip, u8 cidr, struct wireguard_peer *peer, struct mutex *lock) +int allowedips_insert_v6(struct allowedips *table, const struct in6_addr *ip, u8 cidr, struct wireguard_peer *peer, struct mutex *lock) { ++table->seq; return add(&table->root6, 128, (const u8 *)ip, cidr, peer, lock); } -void routing_table_remove_by_peer(struct routing_table *table, struct wireguard_peer *peer, struct mutex *lock) +void allowedips_remove_by_peer(struct allowedips *table, struct wireguard_peer *peer, struct mutex *lock) { ++table->seq; walk_remove_by_peer(&table->root4, peer, lock); walk_remove_by_peer(&table->root6, peer, lock); } -int routing_table_walk_by_peer(struct routing_table *table, struct routing_table_cursor *cursor, struct wireguard_peer *peer, int (*func)(void *ctx, const u8 *ip, u8 cidr, int family), void *ctx, struct mutex *lock) +int allowedips_walk_by_peer(struct allowedips *table, struct allowedips_cursor *cursor, struct wireguard_peer *peer, int (*func)(void *ctx, const u8 *ip, u8 cidr, int family), void *ctx, struct mutex *lock) { int ret; @@ -284,7 +284,7 @@ int routing_table_walk_by_peer(struct routing_table *table, struct routing_table } /* Returns a strong reference to a peer */ -struct wireguard_peer *routing_table_lookup_dst(struct routing_table *table, struct sk_buff *skb) +struct wireguard_peer *allowedips_lookup_dst(struct allowedips *table, struct sk_buff *skb) { if (skb->protocol == htons(ETH_P_IP)) return lookup(table->root4, 32, &ip_hdr(skb)->daddr); @@ -294,7 +294,7 @@ struct wireguard_peer *routing_table_lookup_dst(struct routing_table *table, str } /* Returns a strong reference to a peer */ -struct wireguard_peer *routing_table_lookup_src(struct routing_table *table, struct sk_buff *skb) +struct wireguard_peer *allowedips_lookup_src(struct allowedips *table, struct sk_buff *skb) { if (skb->protocol == htons(ETH_P_IP)) return lookup(table->root4, 32, &ip_hdr(skb)->saddr); @@ -303,4 +303,4 @@ struct wireguard_peer *routing_table_lookup_src(struct routing_table *table, str return NULL; } -#include "selftest/routingtable.h" +#include "selftest/allowedips.h" diff --git a/src/allowedips.h b/src/allowedips.h new file mode 100644 index 0000000..53e674b --- /dev/null +++ b/src/allowedips.h @@ -0,0 +1,41 @@ +/* Copyright (C) 2015-2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. */ + +#ifndef _WG_ALLOWEDIPS_H +#define _WG_ALLOWEDIPS_H + +#include <linux/mutex.h> +#include <linux/ip.h> +#include <linux/ipv6.h> + +struct wireguard_peer; +struct allowedips_node; + +struct allowedips { + struct allowedips_node __rcu *root4; + struct allowedips_node __rcu *root6; + u64 seq; +}; + +struct allowedips_cursor { + u64 seq; + struct allowedips_node *stack[128]; + unsigned int len; + bool second_half; +}; + +void allowedips_init(struct allowedips *table); +void allowedips_free(struct allowedips *table, struct mutex *mutex); +int allowedips_insert_v4(struct allowedips *table, const struct in_addr *ip, u8 cidr, struct wireguard_peer *peer, struct mutex *lock); +int allowedips_insert_v6(struct allowedips *table, const struct in6_addr *ip, u8 cidr, struct wireguard_peer *peer, struct mutex *lock); +void allowedips_remove_by_peer(struct allowedips *table, struct wireguard_peer *peer, struct mutex *lock); +int allowedips_walk_by_peer(struct allowedips *table, struct allowedips_cursor *cursor, struct wireguard_peer *peer, int (*func)(void *ctx, const u8 *ip, u8 cidr, int family), void *ctx, struct mutex *lock); + +/* These return a strong reference to a peer: */ +struct wireguard_peer *allowedips_lookup_dst(struct allowedips *table, struct sk_buff *skb); +struct wireguard_peer *allowedips_lookup_src(struct allowedips *table, struct sk_buff *skb); + +#ifdef DEBUG +bool allowedips_selftest(void); +#endif + +#endif /* _WG_ALLOWEDIPS_H */ diff --git a/src/device.c b/src/device.c index 633ae9c..ffc36b4 100644 --- a/src/device.c +++ b/src/device.c @@ -124,7 +124,7 @@ static netdev_tx_t xmit(struct sk_buff *skb, struct net_device *dev) goto err; } - peer = routing_table_lookup_dst(&wg->peer_routing_table, skb); + peer = allowedips_lookup_dst(&wg->peer_allowedips, skb); if (unlikely(!peer)) { ret = -ENOKEY; net_dbg_skb_ratelimited("%s: No peer is configured for %pISc\n", dev->name, skb); @@ -216,7 +216,7 @@ static void destruct(struct net_device *dev) packet_queue_free(&wg->encrypt_queue, true); destroy_workqueue(wg->packet_crypt_wq); rcu_barrier_bh(); /* Wait for all the peers to be actually freed. */ - routing_table_free(&wg->peer_routing_table, &wg->device_update_lock); + allowedips_free(&wg->peer_allowedips, &wg->device_update_lock); ratelimiter_uninit(); memzero_explicit(&wg->static_identity, sizeof(struct noise_static_identity)); skb_queue_purge(&wg->incoming_handshakes); @@ -273,7 +273,7 @@ static int newlink(struct net *src_net, struct net_device *dev, struct nlattr *t skb_queue_head_init(&wg->incoming_handshakes); pubkey_hashtable_init(&wg->peer_hashtable); index_hashtable_init(&wg->index_hashtable); - routing_table_init(&wg->peer_routing_table); + allowedips_init(&wg->peer_allowedips); cookie_checker_init(&wg->cookie_checker, wg); INIT_LIST_HEAD(&wg->peer_list); wg->device_update_gen = 1; diff --git a/src/device.h b/src/device.h index 6ec3cb2..7b305a3 100644 --- a/src/device.h +++ b/src/device.h @@ -4,7 +4,7 @@ #define _WG_DEVICE_H #include "noise.h" -#include "routingtable.h" +#include "allowedips.h" #include "hashtables.h" #include "cookie.h" @@ -46,7 +46,7 @@ struct wireguard_device { struct cookie_checker cookie_checker; struct pubkey_hashtable peer_hashtable; struct index_hashtable index_hashtable; - struct routing_table peer_routing_table; + struct allowedips peer_allowedips; struct mutex device_update_lock, socket_update_lock; struct list_head device_list, peer_list; unsigned int num_peers, device_update_gen; @@ -25,7 +25,7 @@ static int __init mod_init(void) blake2s_fpu_init(); curve25519_fpu_init(); #ifdef DEBUG - if (!routing_table_selftest() || !packet_counter_selftest() || !curve25519_selftest() || !chacha20poly1305_selftest() || !blake2s_selftest() || !ratelimiter_selftest()) + if (!allowedips_selftest() || !packet_counter_selftest() || !curve25519_selftest() || !chacha20poly1305_selftest() || !blake2s_selftest() || !ratelimiter_selftest()) return -ENOTRECOVERABLE; #endif noise_init(); diff --git a/src/netlink.c b/src/netlink.c index 0c37a6c..ba9e41b 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -85,7 +85,7 @@ static int get_allowedips(void *ctx, const u8 *ip, u8 cidr, int family) return 0; } -static int get_peer(struct wireguard_peer *peer, unsigned int index, struct routing_table_cursor *rt_cursor, struct sk_buff *skb) +static int get_peer(struct wireguard_peer *peer, unsigned int index, struct allowedips_cursor *rt_cursor, struct sk_buff *skb) { struct allowedips_ctx ctx = { .skb = skb }; struct nlattr *allowedips_nest, *peer_nest = nla_nest_start(skb, index); @@ -124,7 +124,7 @@ static int get_peer(struct wireguard_peer *peer, unsigned int index, struct rout allowedips_nest = nla_nest_start(skb, WGPEER_A_ALLOWEDIPS); if (!allowedips_nest) goto err; - if (routing_table_walk_by_peer(&peer->device->peer_routing_table, rt_cursor, peer, get_allowedips, &ctx, &peer->device->device_update_lock)) { + if (allowedips_walk_by_peer(&peer->device->peer_allowedips, rt_cursor, peer, get_allowedips, &ctx, &peer->device->device_update_lock)) { nla_nest_end(skb, allowedips_nest); nla_nest_end(skb, peer_nest); return -EMSGSIZE; @@ -146,7 +146,7 @@ static int get_device_start(struct netlink_callback *cb) if (ret < 0) return ret; - cb->args[2] = (long)kzalloc(sizeof(struct routing_table_cursor), GFP_KERNEL); + cb->args[2] = (long)kzalloc(sizeof(struct allowedips_cursor), GFP_KERNEL); if (!cb->args[2]) return -ENOMEM; wg = lookup_interface(attrs, cb->skb); @@ -163,7 +163,7 @@ static int get_device_dump(struct sk_buff *skb, struct netlink_callback *cb) { struct wireguard_device *wg = (struct wireguard_device *)cb->args[0]; struct wireguard_peer *peer, *next_peer_cursor = NULL, *last_peer_cursor = (struct wireguard_peer *)cb->args[1]; - struct routing_table_cursor *rt_cursor = (struct routing_table_cursor *)cb->args[2]; + struct allowedips_cursor *rt_cursor = (struct allowedips_cursor *)cb->args[2]; unsigned int peer_idx = 0; struct nlattr *peers_nest; bool done = true; @@ -245,7 +245,7 @@ static int get_device_done(struct netlink_callback *cb) { struct wireguard_device *wg = (struct wireguard_device *)cb->args[0]; struct wireguard_peer *peer = (struct wireguard_peer *)cb->args[1]; - struct routing_table_cursor *rt_cursor = (struct routing_table_cursor *)cb->args[2]; + struct allowedips_cursor *rt_cursor = (struct allowedips_cursor *)cb->args[2]; if (wg) dev_put(wg->dev); @@ -281,9 +281,9 @@ static int set_allowedip(struct wireguard_peer *peer, struct nlattr **attrs) cidr = nla_get_u8(attrs[WGALLOWEDIP_A_CIDR_MASK]); if (family == AF_INET && cidr <= 32 && nla_len(attrs[WGALLOWEDIP_A_IPADDR]) == sizeof(struct in_addr)) - ret = routing_table_insert_v4(&peer->device->peer_routing_table, nla_data(attrs[WGALLOWEDIP_A_IPADDR]), cidr, peer, &peer->device->device_update_lock); + ret = allowedips_insert_v4(&peer->device->peer_allowedips, nla_data(attrs[WGALLOWEDIP_A_IPADDR]), cidr, peer, &peer->device->device_update_lock); else if (family == AF_INET6 && cidr <= 128 && nla_len(attrs[WGALLOWEDIP_A_IPADDR]) == sizeof(struct in6_addr)) - ret = routing_table_insert_v6(&peer->device->peer_routing_table, nla_data(attrs[WGALLOWEDIP_A_IPADDR]), cidr, peer, &peer->device->device_update_lock); + ret = allowedips_insert_v6(&peer->device->peer_allowedips, nla_data(attrs[WGALLOWEDIP_A_IPADDR]), cidr, peer, &peer->device->device_update_lock); return ret; } @@ -353,7 +353,7 @@ static int set_peer(struct wireguard_device *wg, struct nlattr **attrs) } if (flags & WGPEER_F_REPLACE_ALLOWEDIPS) - routing_table_remove_by_peer(&wg->peer_routing_table, peer, &wg->device_update_lock); + allowedips_remove_by_peer(&wg->peer_allowedips, peer, &wg->device_update_lock); if (attrs[WGPEER_A_ALLOWEDIPS]) { int rem; @@ -81,7 +81,7 @@ void peer_remove(struct wireguard_peer *peer) if (unlikely(!peer)) return; lockdep_assert_held(&peer->device->device_update_lock); - routing_table_remove_by_peer(&peer->device->peer_routing_table, peer, &peer->device->device_update_lock); + allowedips_remove_by_peer(&peer->device->peer_allowedips, peer, &peer->device->device_update_lock); pubkey_hashtable_remove(&peer->device->peer_hashtable, peer); skb_queue_purge(&peer->staged_packet_queue); noise_handshake_clear(&peer->handshake); diff --git a/src/receive.c b/src/receive.c index 7f9d1d7..080f6ba 100644 --- a/src/receive.c +++ b/src/receive.c @@ -329,7 +329,7 @@ static void packet_consume_data_done(struct sk_buff *skb, struct endpoint *endpo timers_data_received(peer); - routed_peer = routing_table_lookup_src(&peer->device->peer_routing_table, skb); + routed_peer = allowedips_lookup_src(&peer->device->peer_allowedips, skb); peer_put(routed_peer); /* We don't need the extra reference. */ if (unlikely(routed_peer != peer)) diff --git a/src/routingtable.h b/src/routingtable.h deleted file mode 100644 index d8666f8..0000000 --- a/src/routingtable.h +++ /dev/null @@ -1,41 +0,0 @@ -/* Copyright (C) 2015-2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. */ - -#ifndef _WG_ROUTINGTABLE_H -#define _WG_ROUTINGTABLE_H - -#include <linux/mutex.h> -#include <linux/ip.h> -#include <linux/ipv6.h> - -struct wireguard_peer; -struct routing_table_node; - -struct routing_table { - struct routing_table_node __rcu *root4; - struct routing_table_node __rcu *root6; - u64 seq; -}; - -struct routing_table_cursor { - u64 seq; - struct routing_table_node *stack[128]; - unsigned int len; - bool second_half; -}; - -void routing_table_init(struct routing_table *table); -void routing_table_free(struct routing_table *table, struct mutex *mutex); -int routing_table_insert_v4(struct routing_table *table, const struct in_addr *ip, u8 cidr, struct wireguard_peer *peer, struct mutex *lock); -int routing_table_insert_v6(struct routing_table *table, const struct in6_addr *ip, u8 cidr, struct wireguard_peer *peer, struct mutex *lock); -void routing_table_remove_by_peer(struct routing_table *table, struct wireguard_peer *peer, struct mutex *lock); -int routing_table_walk_by_peer(struct routing_table *table, struct routing_table_cursor *cursor, struct wireguard_peer *peer, int (*func)(void *ctx, const u8 *ip, u8 cidr, int family), void *ctx, struct mutex *lock); - -/* These return a strong reference to a peer: */ -struct wireguard_peer *routing_table_lookup_dst(struct routing_table *table, struct sk_buff *skb); -struct wireguard_peer *routing_table_lookup_src(struct routing_table *table, struct sk_buff *skb); - -#ifdef DEBUG -bool routing_table_selftest(void); -#endif - -#endif /* _WG_ROUTINGTABLE_H */ diff --git a/src/selftest/routingtable.h b/src/selftest/allowedips.h index 434c6fc..78b019d 100644 --- a/src/selftest/routingtable.h +++ b/src/selftest/allowedips.h @@ -4,7 +4,7 @@ #ifdef DEBUG_PRINT_TRIE_GRAPHVIZ #include <linux/siphash.h> -static __init void print_node(struct routing_table_node *node, u8 bits) +static __init void print_node(struct allowedips_node *node, u8 bits) { u32 color = 0; char *style = "dotted"; @@ -33,7 +33,7 @@ static __init void print_node(struct routing_table_node *node, u8 bits) print_node(node->bit[1], bits); } } -static __init void print_tree(struct routing_table_node *top, u8 bits) +static __init void print_tree(struct allowedips_node *top, u8 bits) { printk(KERN_DEBUG "digraph trie {\n"); print_node(top, bits); @@ -47,24 +47,24 @@ static __init void print_tree(struct routing_table_node *top, u8 bits) #define NUM_MUTATED_ROUTES 100 #define NUM_QUERIES (NUM_RAND_ROUTES * NUM_MUTATED_ROUTES * 30) #include <linux/random.h> -struct horrible_routing_table { +struct horrible_allowedips { struct hlist_head head; }; -struct horrible_routing_table_node { +struct horrible_allowedips_node { struct hlist_node table; union nf_inet_addr ip; union nf_inet_addr mask; uint8_t ip_version; void *value; }; -static __init void horrible_routing_table_init(struct horrible_routing_table *table) +static __init void horrible_allowedips_init(struct horrible_allowedips *table) { INIT_HLIST_HEAD(&table->head); } -static __init void horrible_routing_table_free(struct horrible_routing_table *table) +static __init void horrible_allowedips_free(struct horrible_allowedips *table) { struct hlist_node *h; - struct horrible_routing_table_node *node; + struct horrible_allowedips_node *node; hlist_for_each_entry_safe(node, h, &table->head, table) { hlist_del(&node->table); kfree(node); @@ -86,7 +86,7 @@ static __init inline uint8_t horrible_mask_to_cidr(union nf_inet_addr subnet) + hweight32(subnet.all[2]) + hweight32(subnet.all[3]); } -static __init inline void horrible_mask_self(struct horrible_routing_table_node *node) +static __init inline void horrible_mask_self(struct horrible_allowedips_node *node) { if (node->ip_version == 4) node->ip.ip &= node->mask.ip; @@ -97,20 +97,20 @@ static __init inline void horrible_mask_self(struct horrible_routing_table_node node->ip.ip6[3] &= node->mask.ip6[3]; } } -static __init inline bool horrible_match_v4(const struct horrible_routing_table_node *node, struct in_addr *ip) +static __init inline bool horrible_match_v4(const struct horrible_allowedips_node *node, struct in_addr *ip) { return (ip->s_addr & node->mask.ip) == node->ip.ip; } -static __init inline bool horrible_match_v6(const struct horrible_routing_table_node *node, struct in6_addr *ip) +static __init inline bool horrible_match_v6(const struct horrible_allowedips_node *node, struct in6_addr *ip) { return (ip->in6_u.u6_addr32[0] & node->mask.ip6[0]) == node->ip.ip6[0] && (ip->in6_u.u6_addr32[1] & node->mask.ip6[1]) == node->ip.ip6[1] && (ip->in6_u.u6_addr32[2] & node->mask.ip6[2]) == node->ip.ip6[2] && (ip->in6_u.u6_addr32[3] & node->mask.ip6[3]) == node->ip.ip6[3]; } -static __init void horrible_insert_ordered(struct horrible_routing_table *table, struct horrible_routing_table_node *node) +static __init void horrible_insert_ordered(struct horrible_allowedips *table, struct horrible_allowedips_node *node) { - struct horrible_routing_table_node *other = NULL, *where = NULL; + struct horrible_allowedips_node *other = NULL, *where = NULL; uint8_t my_cidr = horrible_mask_to_cidr(node->mask); hlist_for_each_entry(other, &table->head, table) { if (!memcmp(&other->mask, &node->mask, sizeof(union nf_inet_addr)) && @@ -131,9 +131,9 @@ static __init void horrible_insert_ordered(struct horrible_routing_table *table, else hlist_add_before(&node->table, &where->table); } -static __init int horrible_routing_table_insert_v4(struct horrible_routing_table *table, struct in_addr *ip, uint8_t cidr, void *value) +static __init int horrible_allowedips_insert_v4(struct horrible_allowedips *table, struct in_addr *ip, uint8_t cidr, void *value) { - struct horrible_routing_table_node *node = kzalloc(sizeof(struct horrible_routing_table_node), GFP_KERNEL); + struct horrible_allowedips_node *node = kzalloc(sizeof(struct horrible_allowedips_node), GFP_KERNEL); if (!node) return -ENOMEM; node->ip.in = *ip; @@ -144,9 +144,9 @@ static __init int horrible_routing_table_insert_v4(struct horrible_routing_table horrible_insert_ordered(table, node); return 0; } -static __init int horrible_routing_table_insert_v6(struct horrible_routing_table *table, struct in6_addr *ip, uint8_t cidr, void *value) +static __init int horrible_allowedips_insert_v6(struct horrible_allowedips *table, struct in6_addr *ip, uint8_t cidr, void *value) { - struct horrible_routing_table_node *node = kzalloc(sizeof(struct horrible_routing_table_node), GFP_KERNEL); + struct horrible_allowedips_node *node = kzalloc(sizeof(struct horrible_allowedips_node), GFP_KERNEL); if (!node) return -ENOMEM; node->ip.in6 = *ip; @@ -157,9 +157,9 @@ static __init int horrible_routing_table_insert_v6(struct horrible_routing_table horrible_insert_ordered(table, node); return 0; } -static __init void *horrible_routing_table_lookup_v4(struct horrible_routing_table *table, struct in_addr *ip) +static __init void *horrible_allowedips_lookup_v4(struct horrible_allowedips *table, struct in_addr *ip) { - struct horrible_routing_table_node *node; + struct horrible_allowedips_node *node; void *ret = NULL; hlist_for_each_entry(node, &table->head, table) { if (node->ip_version != 4) @@ -171,9 +171,9 @@ static __init void *horrible_routing_table_lookup_v4(struct horrible_routing_tab } return ret; } -static __init void *horrible_routing_table_lookup_v6(struct horrible_routing_table *table, struct in6_addr *ip) +static __init void *horrible_allowedips_lookup_v6(struct horrible_allowedips *table, struct in6_addr *ip) { - struct horrible_routing_table_node *node; + struct horrible_allowedips_node *node; void *ret = NULL; hlist_for_each_entry(node, &table->head, table) { if (node->ip_version != 6) @@ -191,22 +191,22 @@ static __init bool randomized_test(void) bool ret = false; unsigned int i, j, k, mutate_amount, cidr; struct wireguard_peer **peers, *peer; - struct routing_table t; - struct horrible_routing_table h; + struct allowedips t; + struct horrible_allowedips h; u8 ip[16], mutate_mask[16], mutated[16]; - routing_table_init(&t); - horrible_routing_table_init(&h); + allowedips_init(&t); + horrible_allowedips_init(&h); peers = kcalloc(NUM_PEERS, sizeof(struct wireguard_peer *), GFP_KERNEL); if (!peers) { - pr_info("routing table random self-test: out of memory\n"); + pr_info("allowedips random self-test: out of memory\n"); goto free; } for (i = 0; i < NUM_PEERS; ++i) { peers[i] = kzalloc(sizeof(struct wireguard_peer), GFP_KERNEL); if (!peers[i]) { - pr_info("routing table random self-test: out of memory\n"); + pr_info("allowedips random self-test: out of memory\n"); goto free; } kref_init(&peers[i]->refcount); @@ -216,12 +216,12 @@ static __init bool randomized_test(void) prandom_bytes(ip, 4); cidr = prandom_u32_max(32) + 1; peer = peers[prandom_u32_max(NUM_PEERS)]; - if (routing_table_insert_v4(&t, (struct in_addr *)ip, cidr, peer) < 0) { - pr_info("routing table random self-test: out of memory\n"); + if (allowedips_insert_v4(&t, (struct in_addr *)ip, cidr, peer) < 0) { + pr_info("allowedips random self-test: out of memory\n"); goto free; } - if (horrible_routing_table_insert_v4(&h, (struct in_addr *)ip, cidr, peer) < 0) { - pr_info("routing table random self-test: out of memory\n"); + if (horrible_allowedips_insert_v4(&h, (struct in_addr *)ip, cidr, peer) < 0) { + pr_info("allowedips random self-test: out of memory\n"); goto free; } for (j = 0; j < NUM_MUTATED_ROUTES; ++j) { @@ -237,12 +237,12 @@ static __init bool randomized_test(void) mutated[k] = (mutated[k] & mutate_mask[k]) | (~mutate_mask[k] & prandom_u32_max(256)); cidr = prandom_u32_max(32) + 1; peer = peers[prandom_u32_max(NUM_PEERS)]; - if (routing_table_insert_v4(&t, (struct in_addr *)mutated, cidr, peer) < 0) { - pr_info("routing table random self-test: out of memory\n"); + if (allowedips_insert_v4(&t, (struct in_addr *)mutated, cidr, peer) < 0) { + pr_info("allowedips random self-test: out of memory\n"); goto free; } - if (horrible_routing_table_insert_v4(&h, (struct in_addr *)mutated, cidr, peer)) { - pr_info("routing table random self-test: out of memory\n"); + if (horrible_allowedips_insert_v4(&h, (struct in_addr *)mutated, cidr, peer)) { + pr_info("allowedips random self-test: out of memory\n"); goto free; } } @@ -252,12 +252,12 @@ static __init bool randomized_test(void) prandom_bytes(ip, 16); cidr = prandom_u32_max(128) + 1; peer = peers[prandom_u32_max(NUM_PEERS)]; - if (routing_table_insert_v6(&t, (struct in6_addr *)ip, cidr, peer) < 0) { - pr_info("routing table random self-test: out of memory\n"); + if (allowedips_insert_v6(&t, (struct in6_addr *)ip, cidr, peer) < 0) { + pr_info("allowedips random self-test: out of memory\n"); goto free; } - if (horrible_routing_table_insert_v6(&h, (struct in6_addr *)ip, cidr, peer) < 0) { - pr_info("routing table random self-test: out of memory\n"); + if (horrible_allowedips_insert_v6(&h, (struct in6_addr *)ip, cidr, peer) < 0) { + pr_info("allowedips random self-test: out of memory\n"); goto free; } for (j = 0; j < NUM_MUTATED_ROUTES; ++j) { @@ -273,12 +273,12 @@ static __init bool randomized_test(void) mutated[k] = (mutated[k] & mutate_mask[k]) | (~mutate_mask[k] & prandom_u32_max(256)); cidr = prandom_u32_max(128) + 1; peer = peers[prandom_u32_max(NUM_PEERS)]; - if (routing_table_insert_v6(&t, (struct in6_addr *)mutated, cidr, peer) < 0) { - pr_info("routing table random self-test: out of memory\n"); + if (allowedips_insert_v6(&t, (struct in6_addr *)mutated, cidr, peer) < 0) { + pr_info("allowedips random self-test: out of memory\n"); goto free; } - if (horrible_routing_table_insert_v6(&h, (struct in6_addr *)mutated, cidr, peer)) { - pr_info("routing table random self-test: out of memory\n"); + if (horrible_allowedips_insert_v6(&h, (struct in6_addr *)mutated, cidr, peer)) { + pr_info("allowedips random self-test: out of memory\n"); goto free; } } @@ -291,24 +291,24 @@ static __init bool randomized_test(void) for (i = 0; i < NUM_QUERIES; ++i) { prandom_bytes(ip, 4); - if (lookup(t.root4, 32, ip) != horrible_routing_table_lookup_v4(&h, (struct in_addr *)ip)) { - pr_info("routing table random self-test: FAIL\n"); + if (lookup(t.root4, 32, ip) != horrible_allowedips_lookup_v4(&h, (struct in_addr *)ip)) { + pr_info("allowedips random self-test: FAIL\n"); goto free; } } for (i = 0; i < NUM_QUERIES; ++i) { prandom_bytes(ip, 16); - if (lookup(t.root6, 128, ip) != horrible_routing_table_lookup_v6(&h, (struct in6_addr *)ip)) { - pr_info("routing table random self-test: FAIL\n"); + if (lookup(t.root6, 128, ip) != horrible_allowedips_lookup_v6(&h, (struct in6_addr *)ip)) { + pr_info("allowedips random self-test: FAIL\n"); goto free; } } ret = true; free: - routing_table_free(&t); - horrible_routing_table_free(&h); + allowedips_free(&t); + horrible_allowedips_free(&h); if (peers) { for (i = 0; i < NUM_PEERS; ++i) kfree(peers[i]); @@ -342,19 +342,19 @@ static __init inline struct in6_addr *ip6(u32 a, u32 b, u32 c, u32 d) #define init_peer(name) do { \ name = kzalloc(sizeof(struct wireguard_peer), GFP_KERNEL); \ if (!name) { \ - pr_info("routing table self-test: out of memory\n"); \ + pr_info("allowedips self-test: out of memory\n"); \ goto free; \ } \ kref_init(&name->refcount); \ } while (0) #define insert(version, mem, ipa, ipb, ipc, ipd, cidr) \ - routing_table_insert_v##version(&t, ip##version(ipa, ipb, ipc, ipd), cidr, mem, &mutex) + allowedips_insert_v##version(&t, ip##version(ipa, ipb, ipc, ipd), cidr, mem, &mutex) #define maybe_fail \ ++i; \ if (!_s) { \ - pr_info("routing table self-test %zu: FAIL\n", i); \ + pr_info("allowedips self-test %zu: FAIL\n", i); \ success = false; \ } @@ -368,10 +368,10 @@ static __init inline struct in6_addr *ip6(u32 a, u32 b, u32 c, u32 d) maybe_fail \ } while (0) -bool __init routing_table_selftest(void) +bool __init allowedips_selftest(void) { DEFINE_MUTEX(mutex); - struct routing_table t; + struct allowedips t; struct wireguard_peer *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL, *f = NULL, *g = NULL, *h = NULL; size_t i = 0; bool success = false; @@ -382,7 +382,7 @@ bool __init routing_table_selftest(void) mutex_lock(&mutex); - routing_table_init(&t); + allowedips_init(&t); init_peer(a); init_peer(b); init_peer(c); @@ -457,18 +457,18 @@ bool __init routing_table_selftest(void) insert(4, a, 128, 0, 0, 0, 32); insert(4, a, 192, 0, 0, 0, 32); insert(4, a, 255, 0, 0, 0, 32); - routing_table_remove_by_peer(&t, a, &mutex); + allowedips_remove_by_peer(&t, a, &mutex); test_negative(4, a, 1, 0, 0, 0); test_negative(4, a, 64, 0, 0, 0); test_negative(4, a, 128, 0, 0, 0); test_negative(4, a, 192, 0, 0, 0); test_negative(4, a, 255, 0, 0, 0); - routing_table_free(&t, &mutex); - routing_table_init(&t); + allowedips_free(&t, &mutex); + allowedips_init(&t); insert(4, a, 192, 168, 0, 0, 16); insert(4, a, 192, 168, 0, 0, 24); - routing_table_remove_by_peer(&t, a, &mutex); + allowedips_remove_by_peer(&t, a, &mutex); test_negative(4, a, 192, 168, 0, 1); /* These will hit the BUG_ON(len >= 128) in free_node if something goes wrong. */ @@ -476,7 +476,7 @@ bool __init routing_table_selftest(void) part = cpu_to_be64(~(1LLU << (i % 64))); memset(&ip, 0xff, 16); memcpy((u8 *)&ip + (i < 64) * 8, &part, 8); - routing_table_insert_v6(&t, &ip, 128, a, &mutex); + allowedips_insert_v6(&t, &ip, 128, a, &mutex); } #ifdef DEBUG_RANDOM_TRIE @@ -485,10 +485,10 @@ bool __init routing_table_selftest(void) #endif if (success) - pr_info("routing table self-tests: pass\n"); + pr_info("allowedips self-tests: pass\n"); free: - routing_table_free(&t, &mutex); + allowedips_free(&t, &mutex); kfree(a); kfree(b); kfree(c); |