1 /* 2 * Copyright (c) 2017 Nicira, Inc. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of version 2 of the GNU General Public 6 * License as published by the Free Software Foundation. 7 */ 8 9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 10 11 #include <linux/if.h> 12 #include <linux/skbuff.h> 13 #include <linux/ip.h> 14 #include <linux/kernel.h> 15 #include <linux/openvswitch.h> 16 #include <linux/netlink.h> 17 #include <linux/rculist.h> 18 19 #include <net/netlink.h> 20 #include <net/genetlink.h> 21 22 #include "datapath.h" 23 #include "meter.h" 24 25 #define METER_HASH_BUCKETS 1024 26 27 static const struct nla_policy meter_policy[OVS_METER_ATTR_MAX + 1] = { 28 [OVS_METER_ATTR_ID] = { .type = NLA_U32, }, 29 [OVS_METER_ATTR_KBPS] = { .type = NLA_FLAG }, 30 [OVS_METER_ATTR_STATS] = { .len = sizeof(struct ovs_flow_stats) }, 31 [OVS_METER_ATTR_BANDS] = { .type = NLA_NESTED }, 32 [OVS_METER_ATTR_USED] = { .type = NLA_U64 }, 33 [OVS_METER_ATTR_CLEAR] = { .type = NLA_FLAG }, 34 [OVS_METER_ATTR_MAX_METERS] = { .type = NLA_U32 }, 35 [OVS_METER_ATTR_MAX_BANDS] = { .type = NLA_U32 }, 36 }; 37 38 static const struct nla_policy band_policy[OVS_BAND_ATTR_MAX + 1] = { 39 [OVS_BAND_ATTR_TYPE] = { .type = NLA_U32, }, 40 [OVS_BAND_ATTR_RATE] = { .type = NLA_U32, }, 41 [OVS_BAND_ATTR_BURST] = { .type = NLA_U32, }, 42 [OVS_BAND_ATTR_STATS] = { .len = sizeof(struct ovs_flow_stats) }, 43 }; 44 45 static void ovs_meter_free(struct dp_meter *meter) 46 { 47 if (!meter) 48 return; 49 50 kfree_rcu(meter, rcu); 51 } 52 53 static struct hlist_head *meter_hash_bucket(const struct datapath *dp, 54 u32 meter_id) 55 { 56 return &dp->meters[meter_id & (METER_HASH_BUCKETS - 1)]; 57 } 58 59 /* Call with ovs_mutex or RCU read lock. */ 60 static struct dp_meter *lookup_meter(const struct datapath *dp, 61 u32 meter_id) 62 { 63 struct dp_meter *meter; 64 struct hlist_head *head; 65 66 head = meter_hash_bucket(dp, meter_id); 67 hlist_for_each_entry_rcu(meter, head, dp_hash_node) { 68 if (meter->id == meter_id) 69 return meter; 70 } 71 return NULL; 72 } 73 74 static void attach_meter(struct datapath *dp, struct dp_meter *meter) 75 { 76 struct hlist_head *head = meter_hash_bucket(dp, meter->id); 77 78 hlist_add_head_rcu(&meter->dp_hash_node, head); 79 } 80 81 static void detach_meter(struct dp_meter *meter) 82 { 83 ASSERT_OVSL(); 84 if (meter) 85 hlist_del_rcu(&meter->dp_hash_node); 86 } 87 88 static struct sk_buff * 89 ovs_meter_cmd_reply_start(struct genl_info *info, u8 cmd, 90 struct ovs_header **ovs_reply_header) 91 { 92 struct sk_buff *skb; 93 struct ovs_header *ovs_header = info->userhdr; 94 95 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 96 if (!skb) 97 return ERR_PTR(-ENOMEM); 98 99 *ovs_reply_header = genlmsg_put(skb, info->snd_portid, 100 info->snd_seq, 101 &dp_meter_genl_family, 0, cmd); 102 if (!*ovs_reply_header) { 103 nlmsg_free(skb); 104 return ERR_PTR(-EMSGSIZE); 105 } 106 (*ovs_reply_header)->dp_ifindex = ovs_header->dp_ifindex; 107 108 return skb; 109 } 110 111 static int ovs_meter_cmd_reply_stats(struct sk_buff *reply, u32 meter_id, 112 struct dp_meter *meter) 113 { 114 struct nlattr *nla; 115 struct dp_meter_band *band; 116 u16 i; 117 118 if (nla_put_u32(reply, OVS_METER_ATTR_ID, meter_id)) 119 goto error; 120 121 if (!meter) 122 return 0; 123 124 if (nla_put(reply, OVS_METER_ATTR_STATS, 125 sizeof(struct ovs_flow_stats), &meter->stats) || 126 nla_put_u64_64bit(reply, OVS_METER_ATTR_USED, meter->used, 127 OVS_METER_ATTR_PAD)) 128 goto error; 129 130 nla = nla_nest_start(reply, OVS_METER_ATTR_BANDS); 131 if (!nla) 132 goto error; 133 134 band = meter->bands; 135 136 for (i = 0; i < meter->n_bands; ++i, ++band) { 137 struct nlattr *band_nla; 138 139 band_nla = nla_nest_start(reply, OVS_BAND_ATTR_UNSPEC); 140 if (!band_nla || nla_put(reply, OVS_BAND_ATTR_STATS, 141 sizeof(struct ovs_flow_stats), 142 &band->stats)) 143 goto error; 144 nla_nest_end(reply, band_nla); 145 } 146 nla_nest_end(reply, nla); 147 148 return 0; 149 error: 150 return -EMSGSIZE; 151 } 152 153 static int ovs_meter_cmd_features(struct sk_buff *skb, struct genl_info *info) 154 { 155 struct sk_buff *reply; 156 struct ovs_header *ovs_reply_header; 157 struct nlattr *nla, *band_nla; 158 int err; 159 160 reply = ovs_meter_cmd_reply_start(info, OVS_METER_CMD_FEATURES, 161 &ovs_reply_header); 162 if (IS_ERR(reply)) 163 return PTR_ERR(reply); 164 165 if (nla_put_u32(reply, OVS_METER_ATTR_MAX_METERS, U32_MAX) || 166 nla_put_u32(reply, OVS_METER_ATTR_MAX_BANDS, DP_MAX_BANDS)) 167 goto nla_put_failure; 168 169 nla = nla_nest_start(reply, OVS_METER_ATTR_BANDS); 170 if (!nla) 171 goto nla_put_failure; 172 173 band_nla = nla_nest_start(reply, OVS_BAND_ATTR_UNSPEC); 174 if (!band_nla) 175 goto nla_put_failure; 176 /* Currently only DROP band type is supported. */ 177 if (nla_put_u32(reply, OVS_BAND_ATTR_TYPE, OVS_METER_BAND_TYPE_DROP)) 178 goto nla_put_failure; 179 nla_nest_end(reply, band_nla); 180 nla_nest_end(reply, nla); 181 182 genlmsg_end(reply, ovs_reply_header); 183 return genlmsg_reply(reply, info); 184 185 nla_put_failure: 186 nlmsg_free(reply); 187 err = -EMSGSIZE; 188 return err; 189 } 190 191 static struct dp_meter *dp_meter_create(struct nlattr **a) 192 { 193 struct nlattr *nla; 194 int rem; 195 u16 n_bands = 0; 196 struct dp_meter *meter; 197 struct dp_meter_band *band; 198 int err; 199 200 /* Validate attributes, count the bands. */ 201 if (!a[OVS_METER_ATTR_BANDS]) 202 return ERR_PTR(-EINVAL); 203 204 nla_for_each_nested(nla, a[OVS_METER_ATTR_BANDS], rem) 205 if (++n_bands > DP_MAX_BANDS) 206 return ERR_PTR(-EINVAL); 207 208 /* Allocate and set up the meter before locking anything. */ 209 meter = kzalloc(n_bands * sizeof(struct dp_meter_band) + 210 sizeof(*meter), GFP_KERNEL); 211 if (!meter) 212 return ERR_PTR(-ENOMEM); 213 214 meter->used = div_u64(ktime_get_ns(), 1000 * 1000); 215 meter->kbps = a[OVS_METER_ATTR_KBPS] ? 1 : 0; 216 meter->keep_stats = !a[OVS_METER_ATTR_CLEAR]; 217 spin_lock_init(&meter->lock); 218 if (meter->keep_stats && a[OVS_METER_ATTR_STATS]) { 219 meter->stats = *(struct ovs_flow_stats *) 220 nla_data(a[OVS_METER_ATTR_STATS]); 221 } 222 meter->n_bands = n_bands; 223 224 /* Set up meter bands. */ 225 band = meter->bands; 226 nla_for_each_nested(nla, a[OVS_METER_ATTR_BANDS], rem) { 227 struct nlattr *attr[OVS_BAND_ATTR_MAX + 1]; 228 u32 band_max_delta_t; 229 230 err = nla_parse((struct nlattr **)&attr, OVS_BAND_ATTR_MAX, 231 nla_data(nla), nla_len(nla), band_policy, 232 NULL); 233 if (err) 234 goto exit_free_meter; 235 236 if (!attr[OVS_BAND_ATTR_TYPE] || 237 !attr[OVS_BAND_ATTR_RATE] || 238 !attr[OVS_BAND_ATTR_BURST]) { 239 err = -EINVAL; 240 goto exit_free_meter; 241 } 242 243 band->type = nla_get_u32(attr[OVS_BAND_ATTR_TYPE]); 244 band->rate = nla_get_u32(attr[OVS_BAND_ATTR_RATE]); 245 band->burst_size = nla_get_u32(attr[OVS_BAND_ATTR_BURST]); 246 /* Figure out max delta_t that is enough to fill any bucket. 247 * Keep max_delta_t size to the bucket units: 248 * pkts => 1/1000 packets, kilobits => bits. 249 */ 250 band_max_delta_t = (band->burst_size + band->rate) * 1000; 251 /* Start with a full bucket. */ 252 band->bucket = band_max_delta_t; 253 if (band_max_delta_t > meter->max_delta_t) 254 meter->max_delta_t = band_max_delta_t; 255 band++; 256 } 257 258 return meter; 259 260 exit_free_meter: 261 kfree(meter); 262 return ERR_PTR(err); 263 } 264 265 static int ovs_meter_cmd_set(struct sk_buff *skb, struct genl_info *info) 266 { 267 struct nlattr **a = info->attrs; 268 struct dp_meter *meter, *old_meter; 269 struct sk_buff *reply; 270 struct ovs_header *ovs_reply_header; 271 struct ovs_header *ovs_header = info->userhdr; 272 struct datapath *dp; 273 int err; 274 u32 meter_id; 275 bool failed; 276 277 meter = dp_meter_create(a); 278 if (IS_ERR_OR_NULL(meter)) 279 return PTR_ERR(meter); 280 281 reply = ovs_meter_cmd_reply_start(info, OVS_METER_CMD_SET, 282 &ovs_reply_header); 283 if (IS_ERR(reply)) { 284 err = PTR_ERR(reply); 285 goto exit_free_meter; 286 } 287 288 ovs_lock(); 289 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex); 290 if (!dp) { 291 err = -ENODEV; 292 goto exit_unlock; 293 } 294 295 if (!a[OVS_METER_ATTR_ID]) { 296 err = -ENODEV; 297 goto exit_unlock; 298 } 299 300 meter_id = nla_get_u32(a[OVS_METER_ATTR_ID]); 301 302 /* Cannot fail after this. */ 303 old_meter = lookup_meter(dp, meter_id); 304 detach_meter(old_meter); 305 attach_meter(dp, meter); 306 ovs_unlock(); 307 308 /* Build response with the meter_id and stats from 309 * the old meter, if any. 310 */ 311 failed = nla_put_u32(reply, OVS_METER_ATTR_ID, meter_id); 312 WARN_ON(failed); 313 if (old_meter) { 314 spin_lock_bh(&old_meter->lock); 315 if (old_meter->keep_stats) { 316 err = ovs_meter_cmd_reply_stats(reply, meter_id, 317 old_meter); 318 WARN_ON(err); 319 } 320 spin_unlock_bh(&old_meter->lock); 321 ovs_meter_free(old_meter); 322 } 323 324 genlmsg_end(reply, ovs_reply_header); 325 return genlmsg_reply(reply, info); 326 327 exit_unlock: 328 ovs_unlock(); 329 nlmsg_free(reply); 330 exit_free_meter: 331 kfree(meter); 332 return err; 333 } 334 335 static int ovs_meter_cmd_get(struct sk_buff *skb, struct genl_info *info) 336 { 337 struct nlattr **a = info->attrs; 338 u32 meter_id; 339 struct ovs_header *ovs_header = info->userhdr; 340 struct ovs_header *ovs_reply_header; 341 struct datapath *dp; 342 int err; 343 struct sk_buff *reply; 344 struct dp_meter *meter; 345 346 if (!a[OVS_METER_ATTR_ID]) 347 return -EINVAL; 348 349 meter_id = nla_get_u32(a[OVS_METER_ATTR_ID]); 350 351 reply = ovs_meter_cmd_reply_start(info, OVS_METER_CMD_GET, 352 &ovs_reply_header); 353 if (IS_ERR(reply)) 354 return PTR_ERR(reply); 355 356 ovs_lock(); 357 358 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex); 359 if (!dp) { 360 err = -ENODEV; 361 goto exit_unlock; 362 } 363 364 /* Locate meter, copy stats. */ 365 meter = lookup_meter(dp, meter_id); 366 if (!meter) { 367 err = -ENOENT; 368 goto exit_unlock; 369 } 370 371 spin_lock_bh(&meter->lock); 372 err = ovs_meter_cmd_reply_stats(reply, meter_id, meter); 373 spin_unlock_bh(&meter->lock); 374 if (err) 375 goto exit_unlock; 376 377 ovs_unlock(); 378 379 genlmsg_end(reply, ovs_reply_header); 380 return genlmsg_reply(reply, info); 381 382 exit_unlock: 383 ovs_unlock(); 384 nlmsg_free(reply); 385 return err; 386 } 387 388 static int ovs_meter_cmd_del(struct sk_buff *skb, struct genl_info *info) 389 { 390 struct nlattr **a = info->attrs; 391 u32 meter_id; 392 struct ovs_header *ovs_header = info->userhdr; 393 struct ovs_header *ovs_reply_header; 394 struct datapath *dp; 395 int err; 396 struct sk_buff *reply; 397 struct dp_meter *old_meter; 398 399 if (!a[OVS_METER_ATTR_ID]) 400 return -EINVAL; 401 meter_id = nla_get_u32(a[OVS_METER_ATTR_ID]); 402 403 reply = ovs_meter_cmd_reply_start(info, OVS_METER_CMD_DEL, 404 &ovs_reply_header); 405 if (IS_ERR(reply)) 406 return PTR_ERR(reply); 407 408 ovs_lock(); 409 410 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex); 411 if (!dp) { 412 err = -ENODEV; 413 goto exit_unlock; 414 } 415 416 old_meter = lookup_meter(dp, meter_id); 417 if (old_meter) { 418 spin_lock_bh(&old_meter->lock); 419 err = ovs_meter_cmd_reply_stats(reply, meter_id, old_meter); 420 WARN_ON(err); 421 spin_unlock_bh(&old_meter->lock); 422 detach_meter(old_meter); 423 } 424 ovs_unlock(); 425 ovs_meter_free(old_meter); 426 genlmsg_end(reply, ovs_reply_header); 427 return genlmsg_reply(reply, info); 428 429 exit_unlock: 430 ovs_unlock(); 431 nlmsg_free(reply); 432 return err; 433 } 434 435 /* Meter action execution. 436 * 437 * Return true 'meter_id' drop band is triggered. The 'skb' should be 438 * dropped by the caller'. 439 */ 440 bool ovs_meter_execute(struct datapath *dp, struct sk_buff *skb, 441 struct sw_flow_key *key, u32 meter_id) 442 { 443 struct dp_meter *meter; 444 struct dp_meter_band *band; 445 long long int now_ms = div_u64(ktime_get_ns(), 1000 * 1000); 446 long long int long_delta_ms; 447 u32 delta_ms; 448 u32 cost; 449 int i, band_exceeded_max = -1; 450 u32 band_exceeded_rate = 0; 451 452 meter = lookup_meter(dp, meter_id); 453 /* Do not drop the packet when there is no meter. */ 454 if (!meter) 455 return false; 456 457 /* Lock the meter while using it. */ 458 spin_lock(&meter->lock); 459 460 long_delta_ms = (now_ms - meter->used); /* ms */ 461 462 /* Make sure delta_ms will not be too large, so that bucket will not 463 * wrap around below. 464 */ 465 delta_ms = (long_delta_ms > (long long int)meter->max_delta_t) 466 ? meter->max_delta_t : (u32)long_delta_ms; 467 468 /* Update meter statistics. 469 */ 470 meter->used = now_ms; 471 meter->stats.n_packets += 1; 472 meter->stats.n_bytes += skb->len; 473 474 /* Bucket rate is either in kilobits per second, or in packets per 475 * second. We maintain the bucket in the units of either bits or 476 * 1/1000th of a packet, correspondingly. 477 * Then, when rate is multiplied with milliseconds, we get the 478 * bucket units: 479 * msec * kbps = bits, and 480 * msec * packets/sec = 1/1000 packets. 481 * 482 * 'cost' is the number of bucket units in this packet. 483 */ 484 cost = (meter->kbps) ? skb->len * 8 : 1000; 485 486 /* Update all bands and find the one hit with the highest rate. */ 487 for (i = 0; i < meter->n_bands; ++i) { 488 long long int max_bucket_size; 489 490 band = &meter->bands[i]; 491 max_bucket_size = (band->burst_size + band->rate) * 1000LL; 492 493 band->bucket += delta_ms * band->rate; 494 if (band->bucket > max_bucket_size) 495 band->bucket = max_bucket_size; 496 497 if (band->bucket >= cost) { 498 band->bucket -= cost; 499 } else if (band->rate > band_exceeded_rate) { 500 band_exceeded_rate = band->rate; 501 band_exceeded_max = i; 502 } 503 } 504 505 if (band_exceeded_max >= 0) { 506 /* Update band statistics. */ 507 band = &meter->bands[band_exceeded_max]; 508 band->stats.n_packets += 1; 509 band->stats.n_bytes += skb->len; 510 511 /* Drop band triggered, let the caller drop the 'skb'. */ 512 if (band->type == OVS_METER_BAND_TYPE_DROP) { 513 spin_unlock(&meter->lock); 514 return true; 515 } 516 } 517 518 spin_unlock(&meter->lock); 519 return false; 520 } 521 522 static struct genl_ops dp_meter_genl_ops[] = { 523 { .cmd = OVS_METER_CMD_FEATURES, 524 .flags = 0, /* OK for unprivileged users. */ 525 .policy = meter_policy, 526 .doit = ovs_meter_cmd_features 527 }, 528 { .cmd = OVS_METER_CMD_SET, 529 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN 530 * privilege. 531 */ 532 .policy = meter_policy, 533 .doit = ovs_meter_cmd_set, 534 }, 535 { .cmd = OVS_METER_CMD_GET, 536 .flags = 0, /* OK for unprivileged users. */ 537 .policy = meter_policy, 538 .doit = ovs_meter_cmd_get, 539 }, 540 { .cmd = OVS_METER_CMD_DEL, 541 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN 542 * privilege. 543 */ 544 .policy = meter_policy, 545 .doit = ovs_meter_cmd_del 546 }, 547 }; 548 549 static const struct genl_multicast_group ovs_meter_multicast_group = { 550 .name = OVS_METER_MCGROUP, 551 }; 552 553 struct genl_family dp_meter_genl_family __ro_after_init = { 554 .hdrsize = sizeof(struct ovs_header), 555 .name = OVS_METER_FAMILY, 556 .version = OVS_METER_VERSION, 557 .maxattr = OVS_METER_ATTR_MAX, 558 .netnsok = true, 559 .parallel_ops = true, 560 .ops = dp_meter_genl_ops, 561 .n_ops = ARRAY_SIZE(dp_meter_genl_ops), 562 .mcgrps = &ovs_meter_multicast_group, 563 .n_mcgrps = 1, 564 .module = THIS_MODULE, 565 }; 566 567 int ovs_meters_init(struct datapath *dp) 568 { 569 int i; 570 571 dp->meters = kmalloc_array(METER_HASH_BUCKETS, 572 sizeof(struct hlist_head), GFP_KERNEL); 573 574 if (!dp->meters) 575 return -ENOMEM; 576 577 for (i = 0; i < METER_HASH_BUCKETS; i++) 578 INIT_HLIST_HEAD(&dp->meters[i]); 579 580 return 0; 581 } 582 583 void ovs_meters_exit(struct datapath *dp) 584 { 585 int i; 586 587 for (i = 0; i < METER_HASH_BUCKETS; i++) { 588 struct hlist_head *head = &dp->meters[i]; 589 struct dp_meter *meter; 590 struct hlist_node *n; 591 592 hlist_for_each_entry_safe(meter, n, head, dp_hash_node) 593 kfree(meter); 594 } 595 596 kfree(dp->meters); 597 } 598