1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0 */ 2*4882a593Smuzhiyun /* 3*4882a593Smuzhiyun * Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. 4*4882a593Smuzhiyun */ 5*4882a593Smuzhiyun 6*4882a593Smuzhiyun #ifndef _WG_ALLOWEDIPS_H 7*4882a593Smuzhiyun #define _WG_ALLOWEDIPS_H 8*4882a593Smuzhiyun 9*4882a593Smuzhiyun #include <linux/mutex.h> 10*4882a593Smuzhiyun #include <linux/ip.h> 11*4882a593Smuzhiyun #include <linux/ipv6.h> 12*4882a593Smuzhiyun 13*4882a593Smuzhiyun struct wg_peer; 14*4882a593Smuzhiyun 15*4882a593Smuzhiyun struct allowedips_node { 16*4882a593Smuzhiyun struct wg_peer __rcu *peer; 17*4882a593Smuzhiyun struct allowedips_node __rcu *bit[2]; 18*4882a593Smuzhiyun u8 cidr, bit_at_a, bit_at_b, bitlen; 19*4882a593Smuzhiyun u8 bits[16] __aligned(__alignof(u64)); 20*4882a593Smuzhiyun 21*4882a593Smuzhiyun /* Keep rarely used members at bottom to be beyond cache line. */ 22*4882a593Smuzhiyun unsigned long parent_bit_packed; 23*4882a593Smuzhiyun union { 24*4882a593Smuzhiyun struct list_head peer_list; 25*4882a593Smuzhiyun struct rcu_head rcu; 26*4882a593Smuzhiyun }; 27*4882a593Smuzhiyun }; 28*4882a593Smuzhiyun 29*4882a593Smuzhiyun struct allowedips { 30*4882a593Smuzhiyun struct allowedips_node __rcu *root4; 31*4882a593Smuzhiyun struct allowedips_node __rcu *root6; 32*4882a593Smuzhiyun u64 seq; 33*4882a593Smuzhiyun } __aligned(4); /* We pack the lower 2 bits of &root, but m68k only gives 16-bit alignment. */ 34*4882a593Smuzhiyun 35*4882a593Smuzhiyun void wg_allowedips_init(struct allowedips *table); 36*4882a593Smuzhiyun void wg_allowedips_free(struct allowedips *table, struct mutex *mutex); 37*4882a593Smuzhiyun int wg_allowedips_insert_v4(struct allowedips *table, const struct in_addr *ip, 38*4882a593Smuzhiyun u8 cidr, struct wg_peer *peer, struct mutex *lock); 39*4882a593Smuzhiyun int wg_allowedips_insert_v6(struct allowedips *table, const struct in6_addr *ip, 40*4882a593Smuzhiyun u8 cidr, struct wg_peer *peer, struct mutex *lock); 41*4882a593Smuzhiyun void wg_allowedips_remove_by_peer(struct allowedips *table, 42*4882a593Smuzhiyun struct wg_peer *peer, struct mutex *lock); 43*4882a593Smuzhiyun /* The ip input pointer should be __aligned(__alignof(u64))) */ 44*4882a593Smuzhiyun int wg_allowedips_read_node(struct allowedips_node *node, u8 ip[16], u8 *cidr); 45*4882a593Smuzhiyun 46*4882a593Smuzhiyun /* These return a strong reference to a peer: */ 47*4882a593Smuzhiyun struct wg_peer *wg_allowedips_lookup_dst(struct allowedips *table, 48*4882a593Smuzhiyun struct sk_buff *skb); 49*4882a593Smuzhiyun struct wg_peer *wg_allowedips_lookup_src(struct allowedips *table, 50*4882a593Smuzhiyun struct sk_buff *skb); 51*4882a593Smuzhiyun 52*4882a593Smuzhiyun #ifdef DEBUG 53*4882a593Smuzhiyun bool wg_allowedips_selftest(void); 54*4882a593Smuzhiyun #endif 55*4882a593Smuzhiyun 56*4882a593Smuzhiyun int wg_allowedips_slab_init(void); 57*4882a593Smuzhiyun void wg_allowedips_slab_uninit(void); 58*4882a593Smuzhiyun 59*4882a593Smuzhiyun #endif /* _WG_ALLOWEDIPS_H */ 60