1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef __NET_PKT_CLS_H 3 #define __NET_PKT_CLS_H 4 5 #include <linux/pkt_cls.h> 6 #include <linux/workqueue.h> 7 #include <net/sch_generic.h> 8 #include <net/act_api.h> 9 10 /* Basic packet classifier frontend definitions. */ 11 12 struct tcf_walker { 13 int stop; 14 int skip; 15 int count; 16 int (*fn)(struct tcf_proto *, void *node, struct tcf_walker *); 17 }; 18 19 int register_tcf_proto_ops(struct tcf_proto_ops *ops); 20 int unregister_tcf_proto_ops(struct tcf_proto_ops *ops); 21 22 enum tcf_block_binder_type { 23 TCF_BLOCK_BINDER_TYPE_UNSPEC, 24 TCF_BLOCK_BINDER_TYPE_CLSACT_INGRESS, 25 TCF_BLOCK_BINDER_TYPE_CLSACT_EGRESS, 26 }; 27 28 struct tcf_block_ext_info { 29 enum tcf_block_binder_type binder_type; 30 tcf_chain_head_change_t *chain_head_change; 31 void *chain_head_change_priv; 32 }; 33 34 struct tcf_block_cb; 35 bool tcf_queue_work(struct work_struct *work); 36 37 #ifdef CONFIG_NET_CLS 38 struct tcf_chain *tcf_chain_get(struct tcf_block *block, u32 chain_index, 39 bool create); 40 void tcf_chain_put(struct tcf_chain *chain); 41 int tcf_block_get(struct tcf_block **p_block, 42 struct tcf_proto __rcu **p_filter_chain, struct Qdisc *q); 43 int tcf_block_get_ext(struct tcf_block **p_block, struct Qdisc *q, 44 struct tcf_block_ext_info *ei); 45 void tcf_block_put(struct tcf_block *block); 46 void tcf_block_put_ext(struct tcf_block *block, struct Qdisc *q, 47 struct tcf_block_ext_info *ei); 48 49 static inline struct Qdisc *tcf_block_q(struct tcf_block *block) 50 { 51 return block->q; 52 } 53 54 static inline struct net_device *tcf_block_dev(struct tcf_block *block) 55 { 56 return tcf_block_q(block)->dev_queue->dev; 57 } 58 59 void *tcf_block_cb_priv(struct tcf_block_cb *block_cb); 60 struct tcf_block_cb *tcf_block_cb_lookup(struct tcf_block *block, 61 tc_setup_cb_t *cb, void *cb_ident); 62 void tcf_block_cb_incref(struct tcf_block_cb *block_cb); 63 unsigned int tcf_block_cb_decref(struct tcf_block_cb *block_cb); 64 struct tcf_block_cb *__tcf_block_cb_register(struct tcf_block *block, 65 tc_setup_cb_t *cb, void *cb_ident, 66 void *cb_priv); 67 int tcf_block_cb_register(struct tcf_block *block, 68 tc_setup_cb_t *cb, void *cb_ident, 69 void *cb_priv); 70 void __tcf_block_cb_unregister(struct tcf_block_cb *block_cb); 71 void tcf_block_cb_unregister(struct tcf_block *block, 72 tc_setup_cb_t *cb, void *cb_ident); 73 74 int tcf_classify(struct sk_buff *skb, const struct tcf_proto *tp, 75 struct tcf_result *res, bool compat_mode); 76 77 #else 78 static inline 79 int tcf_block_get(struct tcf_block **p_block, 80 struct tcf_proto __rcu **p_filter_chain, struct Qdisc *q) 81 { 82 return 0; 83 } 84 85 static inline 86 int tcf_block_get_ext(struct tcf_block **p_block, struct Qdisc *q, 87 struct tcf_block_ext_info *ei) 88 { 89 return 0; 90 } 91 92 static inline void tcf_block_put(struct tcf_block *block) 93 { 94 } 95 96 static inline 97 void tcf_block_put_ext(struct tcf_block *block, struct Qdisc *q, 98 struct tcf_block_ext_info *ei) 99 { 100 } 101 102 static inline struct Qdisc *tcf_block_q(struct tcf_block *block) 103 { 104 return NULL; 105 } 106 107 static inline struct net_device *tcf_block_dev(struct tcf_block *block) 108 { 109 return NULL; 110 } 111 112 static inline 113 int tc_setup_cb_block_register(struct tcf_block *block, tc_setup_cb_t *cb, 114 void *cb_priv) 115 { 116 return 0; 117 } 118 119 static inline 120 void tc_setup_cb_block_unregister(struct tcf_block *block, tc_setup_cb_t *cb, 121 void *cb_priv) 122 { 123 } 124 125 static inline 126 void *tcf_block_cb_priv(struct tcf_block_cb *block_cb) 127 { 128 return NULL; 129 } 130 131 static inline 132 struct tcf_block_cb *tcf_block_cb_lookup(struct tcf_block *block, 133 tc_setup_cb_t *cb, void *cb_ident) 134 { 135 return NULL; 136 } 137 138 static inline 139 void tcf_block_cb_incref(struct tcf_block_cb *block_cb) 140 { 141 } 142 143 static inline 144 unsigned int tcf_block_cb_decref(struct tcf_block_cb *block_cb) 145 { 146 return 0; 147 } 148 149 static inline 150 struct tcf_block_cb *__tcf_block_cb_register(struct tcf_block *block, 151 tc_setup_cb_t *cb, void *cb_ident, 152 void *cb_priv) 153 { 154 return NULL; 155 } 156 157 static inline 158 int tcf_block_cb_register(struct tcf_block *block, 159 tc_setup_cb_t *cb, void *cb_ident, 160 void *cb_priv) 161 { 162 return 0; 163 } 164 165 static inline 166 void __tcf_block_cb_unregister(struct tcf_block_cb *block_cb) 167 { 168 } 169 170 static inline 171 void tcf_block_cb_unregister(struct tcf_block *block, 172 tc_setup_cb_t *cb, void *cb_ident) 173 { 174 } 175 176 static inline int tcf_classify(struct sk_buff *skb, const struct tcf_proto *tp, 177 struct tcf_result *res, bool compat_mode) 178 { 179 return TC_ACT_UNSPEC; 180 } 181 #endif 182 183 static inline unsigned long 184 __cls_set_class(unsigned long *clp, unsigned long cl) 185 { 186 return xchg(clp, cl); 187 } 188 189 static inline unsigned long 190 cls_set_class(struct Qdisc *q, unsigned long *clp, unsigned long cl) 191 { 192 unsigned long old_cl; 193 194 sch_tree_lock(q); 195 old_cl = __cls_set_class(clp, cl); 196 sch_tree_unlock(q); 197 return old_cl; 198 } 199 200 static inline void 201 tcf_bind_filter(struct tcf_proto *tp, struct tcf_result *r, unsigned long base) 202 { 203 struct Qdisc *q = tp->chain->block->q; 204 unsigned long cl; 205 206 /* Check q as it is not set for shared blocks. In that case, 207 * setting class is not supported. 208 */ 209 if (!q) 210 return; 211 cl = q->ops->cl_ops->bind_tcf(q, base, r->classid); 212 cl = cls_set_class(q, &r->class, cl); 213 if (cl) 214 q->ops->cl_ops->unbind_tcf(q, cl); 215 } 216 217 static inline void 218 tcf_unbind_filter(struct tcf_proto *tp, struct tcf_result *r) 219 { 220 struct Qdisc *q = tp->chain->block->q; 221 unsigned long cl; 222 223 if (!q) 224 return; 225 if ((cl = __cls_set_class(&r->class, 0)) != 0) 226 q->ops->cl_ops->unbind_tcf(q, cl); 227 } 228 229 struct tcf_exts { 230 #ifdef CONFIG_NET_CLS_ACT 231 __u32 type; /* for backward compat(TCA_OLD_COMPAT) */ 232 int nr_actions; 233 struct tc_action **actions; 234 #endif 235 /* Map to export classifier specific extension TLV types to the 236 * generic extensions API. Unsupported extensions must be set to 0. 237 */ 238 int action; 239 int police; 240 }; 241 242 static inline int tcf_exts_init(struct tcf_exts *exts, int action, int police) 243 { 244 #ifdef CONFIG_NET_CLS_ACT 245 exts->type = 0; 246 exts->nr_actions = 0; 247 exts->actions = kcalloc(TCA_ACT_MAX_PRIO, sizeof(struct tc_action *), 248 GFP_KERNEL); 249 if (!exts->actions) 250 return -ENOMEM; 251 #endif 252 exts->action = action; 253 exts->police = police; 254 return 0; 255 } 256 257 static inline void tcf_exts_to_list(const struct tcf_exts *exts, 258 struct list_head *actions) 259 { 260 #ifdef CONFIG_NET_CLS_ACT 261 int i; 262 263 for (i = 0; i < exts->nr_actions; i++) { 264 struct tc_action *a = exts->actions[i]; 265 266 list_add_tail(&a->list, actions); 267 } 268 #endif 269 } 270 271 static inline void 272 tcf_exts_stats_update(const struct tcf_exts *exts, 273 u64 bytes, u64 packets, u64 lastuse) 274 { 275 #ifdef CONFIG_NET_CLS_ACT 276 int i; 277 278 preempt_disable(); 279 280 for (i = 0; i < exts->nr_actions; i++) { 281 struct tc_action *a = exts->actions[i]; 282 283 tcf_action_stats_update(a, bytes, packets, lastuse); 284 } 285 286 preempt_enable(); 287 #endif 288 } 289 290 /** 291 * tcf_exts_has_actions - check if at least one action is present 292 * @exts: tc filter extensions handle 293 * 294 * Returns true if at least one action is present. 295 */ 296 static inline bool tcf_exts_has_actions(struct tcf_exts *exts) 297 { 298 #ifdef CONFIG_NET_CLS_ACT 299 return exts->nr_actions; 300 #else 301 return false; 302 #endif 303 } 304 305 /** 306 * tcf_exts_has_one_action - check if exactly one action is present 307 * @exts: tc filter extensions handle 308 * 309 * Returns true if exactly one action is present. 310 */ 311 static inline bool tcf_exts_has_one_action(struct tcf_exts *exts) 312 { 313 #ifdef CONFIG_NET_CLS_ACT 314 return exts->nr_actions == 1; 315 #else 316 return false; 317 #endif 318 } 319 320 /** 321 * tcf_exts_exec - execute tc filter extensions 322 * @skb: socket buffer 323 * @exts: tc filter extensions handle 324 * @res: desired result 325 * 326 * Executes all configured extensions. Returns TC_ACT_OK on a normal execution, 327 * a negative number if the filter must be considered unmatched or 328 * a positive action code (TC_ACT_*) which must be returned to the 329 * underlying layer. 330 */ 331 static inline int 332 tcf_exts_exec(struct sk_buff *skb, struct tcf_exts *exts, 333 struct tcf_result *res) 334 { 335 #ifdef CONFIG_NET_CLS_ACT 336 return tcf_action_exec(skb, exts->actions, exts->nr_actions, res); 337 #endif 338 return TC_ACT_OK; 339 } 340 341 int tcf_exts_validate(struct net *net, struct tcf_proto *tp, 342 struct nlattr **tb, struct nlattr *rate_tlv, 343 struct tcf_exts *exts, bool ovr); 344 void tcf_exts_destroy(struct tcf_exts *exts); 345 void tcf_exts_change(struct tcf_exts *dst, struct tcf_exts *src); 346 int tcf_exts_dump(struct sk_buff *skb, struct tcf_exts *exts); 347 int tcf_exts_dump_stats(struct sk_buff *skb, struct tcf_exts *exts); 348 349 /** 350 * struct tcf_pkt_info - packet information 351 */ 352 struct tcf_pkt_info { 353 unsigned char * ptr; 354 int nexthdr; 355 }; 356 357 #ifdef CONFIG_NET_EMATCH 358 359 struct tcf_ematch_ops; 360 361 /** 362 * struct tcf_ematch - extended match (ematch) 363 * 364 * @matchid: identifier to allow userspace to reidentify a match 365 * @flags: flags specifying attributes and the relation to other matches 366 * @ops: the operations lookup table of the corresponding ematch module 367 * @datalen: length of the ematch specific configuration data 368 * @data: ematch specific data 369 */ 370 struct tcf_ematch { 371 struct tcf_ematch_ops * ops; 372 unsigned long data; 373 unsigned int datalen; 374 u16 matchid; 375 u16 flags; 376 struct net *net; 377 }; 378 379 static inline int tcf_em_is_container(struct tcf_ematch *em) 380 { 381 return !em->ops; 382 } 383 384 static inline int tcf_em_is_simple(struct tcf_ematch *em) 385 { 386 return em->flags & TCF_EM_SIMPLE; 387 } 388 389 static inline int tcf_em_is_inverted(struct tcf_ematch *em) 390 { 391 return em->flags & TCF_EM_INVERT; 392 } 393 394 static inline int tcf_em_last_match(struct tcf_ematch *em) 395 { 396 return (em->flags & TCF_EM_REL_MASK) == TCF_EM_REL_END; 397 } 398 399 static inline int tcf_em_early_end(struct tcf_ematch *em, int result) 400 { 401 if (tcf_em_last_match(em)) 402 return 1; 403 404 if (result == 0 && em->flags & TCF_EM_REL_AND) 405 return 1; 406 407 if (result != 0 && em->flags & TCF_EM_REL_OR) 408 return 1; 409 410 return 0; 411 } 412 413 /** 414 * struct tcf_ematch_tree - ematch tree handle 415 * 416 * @hdr: ematch tree header supplied by userspace 417 * @matches: array of ematches 418 */ 419 struct tcf_ematch_tree { 420 struct tcf_ematch_tree_hdr hdr; 421 struct tcf_ematch * matches; 422 423 }; 424 425 /** 426 * struct tcf_ematch_ops - ematch module operations 427 * 428 * @kind: identifier (kind) of this ematch module 429 * @datalen: length of expected configuration data (optional) 430 * @change: called during validation (optional) 431 * @match: called during ematch tree evaluation, must return 1/0 432 * @destroy: called during destroyage (optional) 433 * @dump: called during dumping process (optional) 434 * @owner: owner, must be set to THIS_MODULE 435 * @link: link to previous/next ematch module (internal use) 436 */ 437 struct tcf_ematch_ops { 438 int kind; 439 int datalen; 440 int (*change)(struct net *net, void *, 441 int, struct tcf_ematch *); 442 int (*match)(struct sk_buff *, struct tcf_ematch *, 443 struct tcf_pkt_info *); 444 void (*destroy)(struct tcf_ematch *); 445 int (*dump)(struct sk_buff *, struct tcf_ematch *); 446 struct module *owner; 447 struct list_head link; 448 }; 449 450 int tcf_em_register(struct tcf_ematch_ops *); 451 void tcf_em_unregister(struct tcf_ematch_ops *); 452 int tcf_em_tree_validate(struct tcf_proto *, struct nlattr *, 453 struct tcf_ematch_tree *); 454 void tcf_em_tree_destroy(struct tcf_ematch_tree *); 455 int tcf_em_tree_dump(struct sk_buff *, struct tcf_ematch_tree *, int); 456 int __tcf_em_tree_match(struct sk_buff *, struct tcf_ematch_tree *, 457 struct tcf_pkt_info *); 458 459 /** 460 * tcf_em_tree_match - evaulate an ematch tree 461 * 462 * @skb: socket buffer of the packet in question 463 * @tree: ematch tree to be used for evaluation 464 * @info: packet information examined by classifier 465 * 466 * This function matches @skb against the ematch tree in @tree by going 467 * through all ematches respecting their logic relations returning 468 * as soon as the result is obvious. 469 * 470 * Returns 1 if the ematch tree as-one matches, no ematches are configured 471 * or ematch is not enabled in the kernel, otherwise 0 is returned. 472 */ 473 static inline int tcf_em_tree_match(struct sk_buff *skb, 474 struct tcf_ematch_tree *tree, 475 struct tcf_pkt_info *info) 476 { 477 if (tree->hdr.nmatches) 478 return __tcf_em_tree_match(skb, tree, info); 479 else 480 return 1; 481 } 482 483 #define MODULE_ALIAS_TCF_EMATCH(kind) MODULE_ALIAS("ematch-kind-" __stringify(kind)) 484 485 #else /* CONFIG_NET_EMATCH */ 486 487 struct tcf_ematch_tree { 488 }; 489 490 #define tcf_em_tree_validate(tp, tb, t) ((void)(t), 0) 491 #define tcf_em_tree_destroy(t) do { (void)(t); } while(0) 492 #define tcf_em_tree_dump(skb, t, tlv) (0) 493 #define tcf_em_tree_match(skb, t, info) ((void)(info), 1) 494 495 #endif /* CONFIG_NET_EMATCH */ 496 497 static inline unsigned char * tcf_get_base_ptr(struct sk_buff *skb, int layer) 498 { 499 switch (layer) { 500 case TCF_LAYER_LINK: 501 return skb->data; 502 case TCF_LAYER_NETWORK: 503 return skb_network_header(skb); 504 case TCF_LAYER_TRANSPORT: 505 return skb_transport_header(skb); 506 } 507 508 return NULL; 509 } 510 511 static inline int tcf_valid_offset(const struct sk_buff *skb, 512 const unsigned char *ptr, const int len) 513 { 514 return likely((ptr + len) <= skb_tail_pointer(skb) && 515 ptr >= skb->head && 516 (ptr <= (ptr + len))); 517 } 518 519 #ifdef CONFIG_NET_CLS_IND 520 #include <net/net_namespace.h> 521 522 static inline int 523 tcf_change_indev(struct net *net, struct nlattr *indev_tlv) 524 { 525 char indev[IFNAMSIZ]; 526 struct net_device *dev; 527 528 if (nla_strlcpy(indev, indev_tlv, IFNAMSIZ) >= IFNAMSIZ) 529 return -EINVAL; 530 dev = __dev_get_by_name(net, indev); 531 if (!dev) 532 return -ENODEV; 533 return dev->ifindex; 534 } 535 536 static inline bool 537 tcf_match_indev(struct sk_buff *skb, int ifindex) 538 { 539 if (!ifindex) 540 return true; 541 if (!skb->skb_iif) 542 return false; 543 return ifindex == skb->skb_iif; 544 } 545 #endif /* CONFIG_NET_CLS_IND */ 546 547 int tc_setup_cb_call(struct tcf_block *block, struct tcf_exts *exts, 548 enum tc_setup_type type, void *type_data, bool err_stop); 549 550 enum tc_block_command { 551 TC_BLOCK_BIND, 552 TC_BLOCK_UNBIND, 553 }; 554 555 struct tc_block_offload { 556 enum tc_block_command command; 557 enum tcf_block_binder_type binder_type; 558 struct tcf_block *block; 559 }; 560 561 struct tc_cls_common_offload { 562 u32 chain_index; 563 __be16 protocol; 564 u32 prio; 565 }; 566 567 static inline void 568 tc_cls_common_offload_init(struct tc_cls_common_offload *cls_common, 569 const struct tcf_proto *tp) 570 { 571 cls_common->chain_index = tp->chain->index; 572 cls_common->protocol = tp->protocol; 573 cls_common->prio = tp->prio; 574 } 575 576 struct tc_cls_u32_knode { 577 struct tcf_exts *exts; 578 struct tc_u32_sel *sel; 579 u32 handle; 580 u32 val; 581 u32 mask; 582 u32 link_handle; 583 u8 fshift; 584 }; 585 586 struct tc_cls_u32_hnode { 587 u32 handle; 588 u32 prio; 589 unsigned int divisor; 590 }; 591 592 enum tc_clsu32_command { 593 TC_CLSU32_NEW_KNODE, 594 TC_CLSU32_REPLACE_KNODE, 595 TC_CLSU32_DELETE_KNODE, 596 TC_CLSU32_NEW_HNODE, 597 TC_CLSU32_REPLACE_HNODE, 598 TC_CLSU32_DELETE_HNODE, 599 }; 600 601 struct tc_cls_u32_offload { 602 struct tc_cls_common_offload common; 603 /* knode values */ 604 enum tc_clsu32_command command; 605 union { 606 struct tc_cls_u32_knode knode; 607 struct tc_cls_u32_hnode hnode; 608 }; 609 }; 610 611 static inline bool tc_can_offload(const struct net_device *dev) 612 { 613 return dev->features & NETIF_F_HW_TC; 614 } 615 616 static inline bool tc_skip_hw(u32 flags) 617 { 618 return (flags & TCA_CLS_FLAGS_SKIP_HW) ? true : false; 619 } 620 621 static inline bool tc_skip_sw(u32 flags) 622 { 623 return (flags & TCA_CLS_FLAGS_SKIP_SW) ? true : false; 624 } 625 626 /* SKIP_HW and SKIP_SW are mutually exclusive flags. */ 627 static inline bool tc_flags_valid(u32 flags) 628 { 629 if (flags & ~(TCA_CLS_FLAGS_SKIP_HW | TCA_CLS_FLAGS_SKIP_SW)) 630 return false; 631 632 if (!(flags ^ (TCA_CLS_FLAGS_SKIP_HW | TCA_CLS_FLAGS_SKIP_SW))) 633 return false; 634 635 return true; 636 } 637 638 static inline bool tc_in_hw(u32 flags) 639 { 640 return (flags & TCA_CLS_FLAGS_IN_HW) ? true : false; 641 } 642 643 enum tc_fl_command { 644 TC_CLSFLOWER_REPLACE, 645 TC_CLSFLOWER_DESTROY, 646 TC_CLSFLOWER_STATS, 647 }; 648 649 struct tc_cls_flower_offload { 650 struct tc_cls_common_offload common; 651 enum tc_fl_command command; 652 unsigned long cookie; 653 struct flow_dissector *dissector; 654 struct fl_flow_key *mask; 655 struct fl_flow_key *key; 656 struct tcf_exts *exts; 657 u32 classid; 658 }; 659 660 enum tc_matchall_command { 661 TC_CLSMATCHALL_REPLACE, 662 TC_CLSMATCHALL_DESTROY, 663 }; 664 665 struct tc_cls_matchall_offload { 666 struct tc_cls_common_offload common; 667 enum tc_matchall_command command; 668 struct tcf_exts *exts; 669 unsigned long cookie; 670 }; 671 672 enum tc_clsbpf_command { 673 TC_CLSBPF_ADD, 674 TC_CLSBPF_REPLACE, 675 TC_CLSBPF_DESTROY, 676 TC_CLSBPF_STATS, 677 }; 678 679 struct tc_cls_bpf_offload { 680 struct tc_cls_common_offload common; 681 enum tc_clsbpf_command command; 682 struct tcf_exts *exts; 683 struct bpf_prog *prog; 684 const char *name; 685 bool exts_integrated; 686 u32 gen_flags; 687 }; 688 689 struct tc_mqprio_qopt_offload { 690 /* struct tc_mqprio_qopt must always be the first element */ 691 struct tc_mqprio_qopt qopt; 692 u16 mode; 693 u16 shaper; 694 u32 flags; 695 u64 min_rate[TC_QOPT_MAX_QUEUE]; 696 u64 max_rate[TC_QOPT_MAX_QUEUE]; 697 }; 698 699 /* This structure holds cookie structure that is passed from user 700 * to the kernel for actions and classifiers 701 */ 702 struct tc_cookie { 703 u8 *data; 704 u32 len; 705 }; 706 707 enum tc_red_command { 708 TC_RED_REPLACE, 709 TC_RED_DESTROY, 710 TC_RED_STATS, 711 TC_RED_XSTATS, 712 }; 713 714 struct tc_red_qopt_offload_params { 715 u32 min; 716 u32 max; 717 u32 probability; 718 bool is_ecn; 719 }; 720 struct tc_red_qopt_offload_stats { 721 struct gnet_stats_basic_packed *bstats; 722 struct gnet_stats_queue *qstats; 723 }; 724 725 struct tc_red_qopt_offload { 726 enum tc_red_command command; 727 u32 handle; 728 u32 parent; 729 union { 730 struct tc_red_qopt_offload_params set; 731 struct tc_red_qopt_offload_stats stats; 732 struct red_stats *xstats; 733 }; 734 }; 735 736 #endif 737