1 /* 2 * Copyright (c) 2017 Nicira, Inc. 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of version 2 of the GNU General Public 6 * License as published by the Free Software Foundation. 7 */ 8 9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 10 11 #include <linux/if.h> 12 #include <linux/skbuff.h> 13 #include <linux/ip.h> 14 #include <linux/kernel.h> 15 #include <linux/openvswitch.h> 16 #include <linux/netlink.h> 17 #include <linux/rculist.h> 18 19 #include <net/netlink.h> 20 #include <net/genetlink.h> 21 22 #include "datapath.h" 23 #include "meter.h" 24 25 #define METER_HASH_BUCKETS 1024 26 27 static const struct nla_policy meter_policy[OVS_METER_ATTR_MAX + 1] = { 28 [OVS_METER_ATTR_ID] = { .type = NLA_U32, }, 29 [OVS_METER_ATTR_KBPS] = { .type = NLA_FLAG }, 30 [OVS_METER_ATTR_STATS] = { .len = sizeof(struct ovs_flow_stats) }, 31 [OVS_METER_ATTR_BANDS] = { .type = NLA_NESTED }, 32 [OVS_METER_ATTR_USED] = { .type = NLA_U64 }, 33 [OVS_METER_ATTR_CLEAR] = { .type = NLA_FLAG }, 34 [OVS_METER_ATTR_MAX_METERS] = { .type = NLA_U32 }, 35 [OVS_METER_ATTR_MAX_BANDS] = { .type = NLA_U32 }, 36 }; 37 38 static const struct nla_policy band_policy[OVS_BAND_ATTR_MAX + 1] = { 39 [OVS_BAND_ATTR_TYPE] = { .type = NLA_U32, }, 40 [OVS_BAND_ATTR_RATE] = { .type = NLA_U32, }, 41 [OVS_BAND_ATTR_BURST] = { .type = NLA_U32, }, 42 [OVS_BAND_ATTR_STATS] = { .len = sizeof(struct ovs_flow_stats) }, 43 }; 44 45 static void ovs_meter_free(struct dp_meter *meter) 46 { 47 if (!meter) 48 return; 49 50 kfree_rcu(meter, rcu); 51 } 52 53 static struct hlist_head *meter_hash_bucket(const struct datapath *dp, 54 u32 meter_id) 55 { 56 return &dp->meters[meter_id & (METER_HASH_BUCKETS - 1)]; 57 } 58 59 /* Call with ovs_mutex or RCU read lock. */ 60 static struct dp_meter *lookup_meter(const struct datapath *dp, 61 u32 meter_id) 62 { 63 struct dp_meter *meter; 64 struct hlist_head *head; 65 66 head = meter_hash_bucket(dp, meter_id); 67 hlist_for_each_entry_rcu(meter, head, dp_hash_node) { 68 if (meter->id == meter_id) 69 return meter; 70 } 71 return NULL; 72 } 73 74 static void attach_meter(struct datapath *dp, struct dp_meter *meter) 75 { 76 struct hlist_head *head = meter_hash_bucket(dp, meter->id); 77 78 hlist_add_head_rcu(&meter->dp_hash_node, head); 79 } 80 81 static void detach_meter(struct dp_meter *meter) 82 { 83 ASSERT_OVSL(); 84 if (meter) 85 hlist_del_rcu(&meter->dp_hash_node); 86 } 87 88 static struct sk_buff * 89 ovs_meter_cmd_reply_start(struct genl_info *info, u8 cmd, 90 struct ovs_header **ovs_reply_header) 91 { 92 struct sk_buff *skb; 93 struct ovs_header *ovs_header = info->userhdr; 94 95 skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 96 if (!skb) 97 return ERR_PTR(-ENOMEM); 98 99 *ovs_reply_header = genlmsg_put(skb, info->snd_portid, 100 info->snd_seq, 101 &dp_meter_genl_family, 0, cmd); 102 if (!*ovs_reply_header) { 103 nlmsg_free(skb); 104 return ERR_PTR(-EMSGSIZE); 105 } 106 (*ovs_reply_header)->dp_ifindex = ovs_header->dp_ifindex; 107 108 return skb; 109 } 110 111 static int ovs_meter_cmd_reply_stats(struct sk_buff *reply, u32 meter_id, 112 struct dp_meter *meter) 113 { 114 struct nlattr *nla; 115 struct dp_meter_band *band; 116 u16 i; 117 118 if (nla_put_u32(reply, OVS_METER_ATTR_ID, meter_id)) 119 goto error; 120 121 if (!meter) 122 return 0; 123 124 if (nla_put(reply, OVS_METER_ATTR_STATS, 125 sizeof(struct ovs_flow_stats), &meter->stats) || 126 nla_put_u64_64bit(reply, OVS_METER_ATTR_USED, meter->used, 127 OVS_METER_ATTR_PAD)) 128 goto error; 129 130 nla = nla_nest_start_noflag(reply, OVS_METER_ATTR_BANDS); 131 if (!nla) 132 goto error; 133 134 band = meter->bands; 135 136 for (i = 0; i < meter->n_bands; ++i, ++band) { 137 struct nlattr *band_nla; 138 139 band_nla = nla_nest_start_noflag(reply, OVS_BAND_ATTR_UNSPEC); 140 if (!band_nla || nla_put(reply, OVS_BAND_ATTR_STATS, 141 sizeof(struct ovs_flow_stats), 142 &band->stats)) 143 goto error; 144 nla_nest_end(reply, band_nla); 145 } 146 nla_nest_end(reply, nla); 147 148 return 0; 149 error: 150 return -EMSGSIZE; 151 } 152 153 static int ovs_meter_cmd_features(struct sk_buff *skb, struct genl_info *info) 154 { 155 struct sk_buff *reply; 156 struct ovs_header *ovs_reply_header; 157 struct nlattr *nla, *band_nla; 158 int err; 159 160 reply = ovs_meter_cmd_reply_start(info, OVS_METER_CMD_FEATURES, 161 &ovs_reply_header); 162 if (IS_ERR(reply)) 163 return PTR_ERR(reply); 164 165 if (nla_put_u32(reply, OVS_METER_ATTR_MAX_METERS, U32_MAX) || 166 nla_put_u32(reply, OVS_METER_ATTR_MAX_BANDS, DP_MAX_BANDS)) 167 goto nla_put_failure; 168 169 nla = nla_nest_start_noflag(reply, OVS_METER_ATTR_BANDS); 170 if (!nla) 171 goto nla_put_failure; 172 173 band_nla = nla_nest_start_noflag(reply, OVS_BAND_ATTR_UNSPEC); 174 if (!band_nla) 175 goto nla_put_failure; 176 /* Currently only DROP band type is supported. */ 177 if (nla_put_u32(reply, OVS_BAND_ATTR_TYPE, OVS_METER_BAND_TYPE_DROP)) 178 goto nla_put_failure; 179 nla_nest_end(reply, band_nla); 180 nla_nest_end(reply, nla); 181 182 genlmsg_end(reply, ovs_reply_header); 183 return genlmsg_reply(reply, info); 184 185 nla_put_failure: 186 nlmsg_free(reply); 187 err = -EMSGSIZE; 188 return err; 189 } 190 191 static struct dp_meter *dp_meter_create(struct nlattr **a) 192 { 193 struct nlattr *nla; 194 int rem; 195 u16 n_bands = 0; 196 struct dp_meter *meter; 197 struct dp_meter_band *band; 198 int err; 199 200 /* Validate attributes, count the bands. */ 201 if (!a[OVS_METER_ATTR_BANDS]) 202 return ERR_PTR(-EINVAL); 203 204 nla_for_each_nested(nla, a[OVS_METER_ATTR_BANDS], rem) 205 if (++n_bands > DP_MAX_BANDS) 206 return ERR_PTR(-EINVAL); 207 208 /* Allocate and set up the meter before locking anything. */ 209 meter = kzalloc(struct_size(meter, bands, n_bands), GFP_KERNEL); 210 if (!meter) 211 return ERR_PTR(-ENOMEM); 212 213 meter->id = nla_get_u32(a[OVS_METER_ATTR_ID]); 214 meter->used = div_u64(ktime_get_ns(), 1000 * 1000); 215 meter->kbps = a[OVS_METER_ATTR_KBPS] ? 1 : 0; 216 meter->keep_stats = !a[OVS_METER_ATTR_CLEAR]; 217 spin_lock_init(&meter->lock); 218 if (meter->keep_stats && a[OVS_METER_ATTR_STATS]) { 219 meter->stats = *(struct ovs_flow_stats *) 220 nla_data(a[OVS_METER_ATTR_STATS]); 221 } 222 meter->n_bands = n_bands; 223 224 /* Set up meter bands. */ 225 band = meter->bands; 226 nla_for_each_nested(nla, a[OVS_METER_ATTR_BANDS], rem) { 227 struct nlattr *attr[OVS_BAND_ATTR_MAX + 1]; 228 u32 band_max_delta_t; 229 230 err = nla_parse_deprecated((struct nlattr **)&attr, 231 OVS_BAND_ATTR_MAX, nla_data(nla), 232 nla_len(nla), band_policy, NULL); 233 if (err) 234 goto exit_free_meter; 235 236 if (!attr[OVS_BAND_ATTR_TYPE] || 237 !attr[OVS_BAND_ATTR_RATE] || 238 !attr[OVS_BAND_ATTR_BURST]) { 239 err = -EINVAL; 240 goto exit_free_meter; 241 } 242 243 band->type = nla_get_u32(attr[OVS_BAND_ATTR_TYPE]); 244 band->rate = nla_get_u32(attr[OVS_BAND_ATTR_RATE]); 245 if (band->rate == 0) { 246 err = -EINVAL; 247 goto exit_free_meter; 248 } 249 250 band->burst_size = nla_get_u32(attr[OVS_BAND_ATTR_BURST]); 251 /* Figure out max delta_t that is enough to fill any bucket. 252 * Keep max_delta_t size to the bucket units: 253 * pkts => 1/1000 packets, kilobits => bits. 254 * 255 * Start with a full bucket. 256 */ 257 band->bucket = (band->burst_size + band->rate) * 1000; 258 band_max_delta_t = band->bucket / band->rate; 259 if (band_max_delta_t > meter->max_delta_t) 260 meter->max_delta_t = band_max_delta_t; 261 band++; 262 } 263 264 return meter; 265 266 exit_free_meter: 267 kfree(meter); 268 return ERR_PTR(err); 269 } 270 271 static int ovs_meter_cmd_set(struct sk_buff *skb, struct genl_info *info) 272 { 273 struct nlattr **a = info->attrs; 274 struct dp_meter *meter, *old_meter; 275 struct sk_buff *reply; 276 struct ovs_header *ovs_reply_header; 277 struct ovs_header *ovs_header = info->userhdr; 278 struct datapath *dp; 279 int err; 280 u32 meter_id; 281 bool failed; 282 283 if (!a[OVS_METER_ATTR_ID]) { 284 return -ENODEV; 285 } 286 287 meter = dp_meter_create(a); 288 if (IS_ERR_OR_NULL(meter)) 289 return PTR_ERR(meter); 290 291 reply = ovs_meter_cmd_reply_start(info, OVS_METER_CMD_SET, 292 &ovs_reply_header); 293 if (IS_ERR(reply)) { 294 err = PTR_ERR(reply); 295 goto exit_free_meter; 296 } 297 298 ovs_lock(); 299 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex); 300 if (!dp) { 301 err = -ENODEV; 302 goto exit_unlock; 303 } 304 305 meter_id = nla_get_u32(a[OVS_METER_ATTR_ID]); 306 307 /* Cannot fail after this. */ 308 old_meter = lookup_meter(dp, meter_id); 309 detach_meter(old_meter); 310 attach_meter(dp, meter); 311 ovs_unlock(); 312 313 /* Build response with the meter_id and stats from 314 * the old meter, if any. 315 */ 316 failed = nla_put_u32(reply, OVS_METER_ATTR_ID, meter_id); 317 WARN_ON(failed); 318 if (old_meter) { 319 spin_lock_bh(&old_meter->lock); 320 if (old_meter->keep_stats) { 321 err = ovs_meter_cmd_reply_stats(reply, meter_id, 322 old_meter); 323 WARN_ON(err); 324 } 325 spin_unlock_bh(&old_meter->lock); 326 ovs_meter_free(old_meter); 327 } 328 329 genlmsg_end(reply, ovs_reply_header); 330 return genlmsg_reply(reply, info); 331 332 exit_unlock: 333 ovs_unlock(); 334 nlmsg_free(reply); 335 exit_free_meter: 336 kfree(meter); 337 return err; 338 } 339 340 static int ovs_meter_cmd_get(struct sk_buff *skb, struct genl_info *info) 341 { 342 struct nlattr **a = info->attrs; 343 u32 meter_id; 344 struct ovs_header *ovs_header = info->userhdr; 345 struct ovs_header *ovs_reply_header; 346 struct datapath *dp; 347 int err; 348 struct sk_buff *reply; 349 struct dp_meter *meter; 350 351 if (!a[OVS_METER_ATTR_ID]) 352 return -EINVAL; 353 354 meter_id = nla_get_u32(a[OVS_METER_ATTR_ID]); 355 356 reply = ovs_meter_cmd_reply_start(info, OVS_METER_CMD_GET, 357 &ovs_reply_header); 358 if (IS_ERR(reply)) 359 return PTR_ERR(reply); 360 361 ovs_lock(); 362 363 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex); 364 if (!dp) { 365 err = -ENODEV; 366 goto exit_unlock; 367 } 368 369 /* Locate meter, copy stats. */ 370 meter = lookup_meter(dp, meter_id); 371 if (!meter) { 372 err = -ENOENT; 373 goto exit_unlock; 374 } 375 376 spin_lock_bh(&meter->lock); 377 err = ovs_meter_cmd_reply_stats(reply, meter_id, meter); 378 spin_unlock_bh(&meter->lock); 379 if (err) 380 goto exit_unlock; 381 382 ovs_unlock(); 383 384 genlmsg_end(reply, ovs_reply_header); 385 return genlmsg_reply(reply, info); 386 387 exit_unlock: 388 ovs_unlock(); 389 nlmsg_free(reply); 390 return err; 391 } 392 393 static int ovs_meter_cmd_del(struct sk_buff *skb, struct genl_info *info) 394 { 395 struct nlattr **a = info->attrs; 396 u32 meter_id; 397 struct ovs_header *ovs_header = info->userhdr; 398 struct ovs_header *ovs_reply_header; 399 struct datapath *dp; 400 int err; 401 struct sk_buff *reply; 402 struct dp_meter *old_meter; 403 404 if (!a[OVS_METER_ATTR_ID]) 405 return -EINVAL; 406 meter_id = nla_get_u32(a[OVS_METER_ATTR_ID]); 407 408 reply = ovs_meter_cmd_reply_start(info, OVS_METER_CMD_DEL, 409 &ovs_reply_header); 410 if (IS_ERR(reply)) 411 return PTR_ERR(reply); 412 413 ovs_lock(); 414 415 dp = get_dp(sock_net(skb->sk), ovs_header->dp_ifindex); 416 if (!dp) { 417 err = -ENODEV; 418 goto exit_unlock; 419 } 420 421 old_meter = lookup_meter(dp, meter_id); 422 if (old_meter) { 423 spin_lock_bh(&old_meter->lock); 424 err = ovs_meter_cmd_reply_stats(reply, meter_id, old_meter); 425 WARN_ON(err); 426 spin_unlock_bh(&old_meter->lock); 427 detach_meter(old_meter); 428 } 429 ovs_unlock(); 430 ovs_meter_free(old_meter); 431 genlmsg_end(reply, ovs_reply_header); 432 return genlmsg_reply(reply, info); 433 434 exit_unlock: 435 ovs_unlock(); 436 nlmsg_free(reply); 437 return err; 438 } 439 440 /* Meter action execution. 441 * 442 * Return true 'meter_id' drop band is triggered. The 'skb' should be 443 * dropped by the caller'. 444 */ 445 bool ovs_meter_execute(struct datapath *dp, struct sk_buff *skb, 446 struct sw_flow_key *key, u32 meter_id) 447 { 448 struct dp_meter *meter; 449 struct dp_meter_band *band; 450 long long int now_ms = div_u64(ktime_get_ns(), 1000 * 1000); 451 long long int long_delta_ms; 452 u32 delta_ms; 453 u32 cost; 454 int i, band_exceeded_max = -1; 455 u32 band_exceeded_rate = 0; 456 457 meter = lookup_meter(dp, meter_id); 458 /* Do not drop the packet when there is no meter. */ 459 if (!meter) 460 return false; 461 462 /* Lock the meter while using it. */ 463 spin_lock(&meter->lock); 464 465 long_delta_ms = (now_ms - meter->used); /* ms */ 466 467 /* Make sure delta_ms will not be too large, so that bucket will not 468 * wrap around below. 469 */ 470 delta_ms = (long_delta_ms > (long long int)meter->max_delta_t) 471 ? meter->max_delta_t : (u32)long_delta_ms; 472 473 /* Update meter statistics. 474 */ 475 meter->used = now_ms; 476 meter->stats.n_packets += 1; 477 meter->stats.n_bytes += skb->len; 478 479 /* Bucket rate is either in kilobits per second, or in packets per 480 * second. We maintain the bucket in the units of either bits or 481 * 1/1000th of a packet, correspondingly. 482 * Then, when rate is multiplied with milliseconds, we get the 483 * bucket units: 484 * msec * kbps = bits, and 485 * msec * packets/sec = 1/1000 packets. 486 * 487 * 'cost' is the number of bucket units in this packet. 488 */ 489 cost = (meter->kbps) ? skb->len * 8 : 1000; 490 491 /* Update all bands and find the one hit with the highest rate. */ 492 for (i = 0; i < meter->n_bands; ++i) { 493 long long int max_bucket_size; 494 495 band = &meter->bands[i]; 496 max_bucket_size = (band->burst_size + band->rate) * 1000LL; 497 498 band->bucket += delta_ms * band->rate; 499 if (band->bucket > max_bucket_size) 500 band->bucket = max_bucket_size; 501 502 if (band->bucket >= cost) { 503 band->bucket -= cost; 504 } else if (band->rate > band_exceeded_rate) { 505 band_exceeded_rate = band->rate; 506 band_exceeded_max = i; 507 } 508 } 509 510 if (band_exceeded_max >= 0) { 511 /* Update band statistics. */ 512 band = &meter->bands[band_exceeded_max]; 513 band->stats.n_packets += 1; 514 band->stats.n_bytes += skb->len; 515 516 /* Drop band triggered, let the caller drop the 'skb'. */ 517 if (band->type == OVS_METER_BAND_TYPE_DROP) { 518 spin_unlock(&meter->lock); 519 return true; 520 } 521 } 522 523 spin_unlock(&meter->lock); 524 return false; 525 } 526 527 static struct genl_ops dp_meter_genl_ops[] = { 528 { .cmd = OVS_METER_CMD_FEATURES, 529 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 530 .flags = 0, /* OK for unprivileged users. */ 531 .doit = ovs_meter_cmd_features 532 }, 533 { .cmd = OVS_METER_CMD_SET, 534 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 535 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN 536 * privilege. 537 */ 538 .doit = ovs_meter_cmd_set, 539 }, 540 { .cmd = OVS_METER_CMD_GET, 541 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 542 .flags = 0, /* OK for unprivileged users. */ 543 .doit = ovs_meter_cmd_get, 544 }, 545 { .cmd = OVS_METER_CMD_DEL, 546 .validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP, 547 .flags = GENL_ADMIN_PERM, /* Requires CAP_NET_ADMIN 548 * privilege. 549 */ 550 .doit = ovs_meter_cmd_del 551 }, 552 }; 553 554 static const struct genl_multicast_group ovs_meter_multicast_group = { 555 .name = OVS_METER_MCGROUP, 556 }; 557 558 struct genl_family dp_meter_genl_family __ro_after_init = { 559 .hdrsize = sizeof(struct ovs_header), 560 .name = OVS_METER_FAMILY, 561 .version = OVS_METER_VERSION, 562 .maxattr = OVS_METER_ATTR_MAX, 563 .policy = meter_policy, 564 .netnsok = true, 565 .parallel_ops = true, 566 .ops = dp_meter_genl_ops, 567 .n_ops = ARRAY_SIZE(dp_meter_genl_ops), 568 .mcgrps = &ovs_meter_multicast_group, 569 .n_mcgrps = 1, 570 .module = THIS_MODULE, 571 }; 572 573 int ovs_meters_init(struct datapath *dp) 574 { 575 int i; 576 577 dp->meters = kmalloc_array(METER_HASH_BUCKETS, 578 sizeof(struct hlist_head), GFP_KERNEL); 579 580 if (!dp->meters) 581 return -ENOMEM; 582 583 for (i = 0; i < METER_HASH_BUCKETS; i++) 584 INIT_HLIST_HEAD(&dp->meters[i]); 585 586 return 0; 587 } 588 589 void ovs_meters_exit(struct datapath *dp) 590 { 591 int i; 592 593 for (i = 0; i < METER_HASH_BUCKETS; i++) { 594 struct hlist_head *head = &dp->meters[i]; 595 struct dp_meter *meter; 596 struct hlist_node *n; 597 598 hlist_for_each_entry_safe(meter, n, head, dp_hash_node) 599 kfree(meter); 600 } 601 602 kfree(dp->meters); 603 } 604