1 /* 2 * net/sched/cls_flower.c Flower classifier 3 * 4 * Copyright (c) 2015 Jiri Pirko <jiri@resnulli.us> 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 */ 11 12 #include <linux/kernel.h> 13 #include <linux/init.h> 14 #include <linux/module.h> 15 #include <linux/rhashtable.h> 16 #include <linux/workqueue.h> 17 18 #include <linux/if_ether.h> 19 #include <linux/in6.h> 20 #include <linux/ip.h> 21 #include <linux/mpls.h> 22 23 #include <net/sch_generic.h> 24 #include <net/pkt_cls.h> 25 #include <net/ip.h> 26 #include <net/flow_dissector.h> 27 28 #include <net/dst.h> 29 #include <net/dst_metadata.h> 30 31 struct fl_flow_key { 32 int indev_ifindex; 33 struct flow_dissector_key_control control; 34 struct flow_dissector_key_control enc_control; 35 struct flow_dissector_key_basic basic; 36 struct flow_dissector_key_eth_addrs eth; 37 struct flow_dissector_key_vlan vlan; 38 union { 39 struct flow_dissector_key_ipv4_addrs ipv4; 40 struct flow_dissector_key_ipv6_addrs ipv6; 41 }; 42 struct flow_dissector_key_ports tp; 43 struct flow_dissector_key_icmp icmp; 44 struct flow_dissector_key_arp arp; 45 struct flow_dissector_key_keyid enc_key_id; 46 union { 47 struct flow_dissector_key_ipv4_addrs enc_ipv4; 48 struct flow_dissector_key_ipv6_addrs enc_ipv6; 49 }; 50 struct flow_dissector_key_ports enc_tp; 51 struct flow_dissector_key_mpls mpls; 52 struct flow_dissector_key_tcp tcp; 53 struct flow_dissector_key_ip ip; 54 } __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */ 55 56 struct fl_flow_mask_range { 57 unsigned short int start; 58 unsigned short int end; 59 }; 60 61 struct fl_flow_mask { 62 struct fl_flow_key key; 63 struct fl_flow_mask_range range; 64 struct rcu_head rcu; 65 }; 66 67 struct cls_fl_head { 68 struct rhashtable ht; 69 struct fl_flow_mask mask; 70 struct flow_dissector dissector; 71 bool mask_assigned; 72 struct list_head filters; 73 struct rhashtable_params ht_params; 74 union { 75 struct work_struct work; 76 struct rcu_head rcu; 77 }; 78 struct idr handle_idr; 79 }; 80 81 struct cls_fl_filter { 82 struct rhash_head ht_node; 83 struct fl_flow_key mkey; 84 struct tcf_exts exts; 85 struct tcf_result res; 86 struct fl_flow_key key; 87 struct list_head list; 88 u32 handle; 89 u32 flags; 90 union { 91 struct work_struct work; 92 struct rcu_head rcu; 93 }; 94 struct net_device *hw_dev; 95 }; 96 97 static unsigned short int fl_mask_range(const struct fl_flow_mask *mask) 98 { 99 return mask->range.end - mask->range.start; 100 } 101 102 static void fl_mask_update_range(struct fl_flow_mask *mask) 103 { 104 const u8 *bytes = (const u8 *) &mask->key; 105 size_t size = sizeof(mask->key); 106 size_t i, first = 0, last = size - 1; 107 108 for (i = 0; i < sizeof(mask->key); i++) { 109 if (bytes[i]) { 110 if (!first && i) 111 first = i; 112 last = i; 113 } 114 } 115 mask->range.start = rounddown(first, sizeof(long)); 116 mask->range.end = roundup(last + 1, sizeof(long)); 117 } 118 119 static void *fl_key_get_start(struct fl_flow_key *key, 120 const struct fl_flow_mask *mask) 121 { 122 return (u8 *) key + mask->range.start; 123 } 124 125 static void fl_set_masked_key(struct fl_flow_key *mkey, struct fl_flow_key *key, 126 struct fl_flow_mask *mask) 127 { 128 const long *lkey = fl_key_get_start(key, mask); 129 const long *lmask = fl_key_get_start(&mask->key, mask); 130 long *lmkey = fl_key_get_start(mkey, mask); 131 int i; 132 133 for (i = 0; i < fl_mask_range(mask); i += sizeof(long)) 134 *lmkey++ = *lkey++ & *lmask++; 135 } 136 137 static void fl_clear_masked_range(struct fl_flow_key *key, 138 struct fl_flow_mask *mask) 139 { 140 memset(fl_key_get_start(key, mask), 0, fl_mask_range(mask)); 141 } 142 143 static struct cls_fl_filter *fl_lookup(struct cls_fl_head *head, 144 struct fl_flow_key *mkey) 145 { 146 return rhashtable_lookup_fast(&head->ht, 147 fl_key_get_start(mkey, &head->mask), 148 head->ht_params); 149 } 150 151 static int fl_classify(struct sk_buff *skb, const struct tcf_proto *tp, 152 struct tcf_result *res) 153 { 154 struct cls_fl_head *head = rcu_dereference_bh(tp->root); 155 struct cls_fl_filter *f; 156 struct fl_flow_key skb_key; 157 struct fl_flow_key skb_mkey; 158 159 if (!atomic_read(&head->ht.nelems)) 160 return -1; 161 162 fl_clear_masked_range(&skb_key, &head->mask); 163 164 skb_key.indev_ifindex = skb->skb_iif; 165 /* skb_flow_dissect() does not set n_proto in case an unknown protocol, 166 * so do it rather here. 167 */ 168 skb_key.basic.n_proto = skb->protocol; 169 skb_flow_dissect(skb, &head->dissector, &skb_key, 0); 170 171 fl_set_masked_key(&skb_mkey, &skb_key, &head->mask); 172 173 f = fl_lookup(head, &skb_mkey); 174 if (f && !tc_skip_sw(f->flags)) { 175 *res = f->res; 176 return tcf_exts_exec(skb, &f->exts, res); 177 } 178 return -1; 179 } 180 181 static int fl_init(struct tcf_proto *tp) 182 { 183 struct cls_fl_head *head; 184 185 head = kzalloc(sizeof(*head), GFP_KERNEL); 186 if (!head) 187 return -ENOBUFS; 188 189 INIT_LIST_HEAD_RCU(&head->filters); 190 rcu_assign_pointer(tp->root, head); 191 idr_init(&head->handle_idr); 192 193 return 0; 194 } 195 196 static void fl_destroy_filter_work(struct work_struct *work) 197 { 198 struct cls_fl_filter *f = container_of(work, struct cls_fl_filter, work); 199 200 rtnl_lock(); 201 tcf_exts_destroy(&f->exts); 202 kfree(f); 203 rtnl_unlock(); 204 } 205 206 static void fl_destroy_filter(struct rcu_head *head) 207 { 208 struct cls_fl_filter *f = container_of(head, struct cls_fl_filter, rcu); 209 210 INIT_WORK(&f->work, fl_destroy_filter_work); 211 tcf_queue_work(&f->work); 212 } 213 214 static void fl_hw_destroy_filter(struct tcf_proto *tp, struct cls_fl_filter *f) 215 { 216 struct tc_cls_flower_offload cls_flower = {}; 217 struct tcf_block *block = tp->chain->block; 218 219 tc_cls_common_offload_init(&cls_flower.common, tp); 220 cls_flower.command = TC_CLSFLOWER_DESTROY; 221 cls_flower.cookie = (unsigned long) f; 222 223 tc_setup_cb_call(block, &f->exts, TC_SETUP_CLSFLOWER, 224 &cls_flower, false); 225 } 226 227 static int fl_hw_replace_filter(struct tcf_proto *tp, 228 struct flow_dissector *dissector, 229 struct fl_flow_key *mask, 230 struct cls_fl_filter *f) 231 { 232 struct tc_cls_flower_offload cls_flower = {}; 233 struct tcf_block *block = tp->chain->block; 234 bool skip_sw = tc_skip_sw(f->flags); 235 int err; 236 237 tc_cls_common_offload_init(&cls_flower.common, tp); 238 cls_flower.command = TC_CLSFLOWER_REPLACE; 239 cls_flower.cookie = (unsigned long) f; 240 cls_flower.dissector = dissector; 241 cls_flower.mask = mask; 242 cls_flower.key = &f->mkey; 243 cls_flower.exts = &f->exts; 244 cls_flower.classid = f->res.classid; 245 246 err = tc_setup_cb_call(block, &f->exts, TC_SETUP_CLSFLOWER, 247 &cls_flower, skip_sw); 248 if (err < 0) { 249 fl_hw_destroy_filter(tp, f); 250 return err; 251 } else if (err > 0) { 252 f->flags |= TCA_CLS_FLAGS_IN_HW; 253 } 254 255 if (skip_sw && !(f->flags & TCA_CLS_FLAGS_IN_HW)) 256 return -EINVAL; 257 258 return 0; 259 } 260 261 static void fl_hw_update_stats(struct tcf_proto *tp, struct cls_fl_filter *f) 262 { 263 struct tc_cls_flower_offload cls_flower = {}; 264 struct tcf_block *block = tp->chain->block; 265 266 tc_cls_common_offload_init(&cls_flower.common, tp); 267 cls_flower.command = TC_CLSFLOWER_STATS; 268 cls_flower.cookie = (unsigned long) f; 269 cls_flower.exts = &f->exts; 270 cls_flower.classid = f->res.classid; 271 272 tc_setup_cb_call(block, &f->exts, TC_SETUP_CLSFLOWER, 273 &cls_flower, false); 274 } 275 276 static void __fl_delete(struct tcf_proto *tp, struct cls_fl_filter *f) 277 { 278 struct cls_fl_head *head = rtnl_dereference(tp->root); 279 280 idr_remove_ext(&head->handle_idr, f->handle); 281 list_del_rcu(&f->list); 282 if (!tc_skip_hw(f->flags)) 283 fl_hw_destroy_filter(tp, f); 284 tcf_unbind_filter(tp, &f->res); 285 call_rcu(&f->rcu, fl_destroy_filter); 286 } 287 288 static void fl_destroy_sleepable(struct work_struct *work) 289 { 290 struct cls_fl_head *head = container_of(work, struct cls_fl_head, 291 work); 292 if (head->mask_assigned) 293 rhashtable_destroy(&head->ht); 294 kfree(head); 295 module_put(THIS_MODULE); 296 } 297 298 static void fl_destroy_rcu(struct rcu_head *rcu) 299 { 300 struct cls_fl_head *head = container_of(rcu, struct cls_fl_head, rcu); 301 302 INIT_WORK(&head->work, fl_destroy_sleepable); 303 schedule_work(&head->work); 304 } 305 306 static void fl_destroy(struct tcf_proto *tp) 307 { 308 struct cls_fl_head *head = rtnl_dereference(tp->root); 309 struct cls_fl_filter *f, *next; 310 311 list_for_each_entry_safe(f, next, &head->filters, list) 312 __fl_delete(tp, f); 313 idr_destroy(&head->handle_idr); 314 315 __module_get(THIS_MODULE); 316 call_rcu(&head->rcu, fl_destroy_rcu); 317 } 318 319 static void *fl_get(struct tcf_proto *tp, u32 handle) 320 { 321 struct cls_fl_head *head = rtnl_dereference(tp->root); 322 323 return idr_find_ext(&head->handle_idr, handle); 324 } 325 326 static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = { 327 [TCA_FLOWER_UNSPEC] = { .type = NLA_UNSPEC }, 328 [TCA_FLOWER_CLASSID] = { .type = NLA_U32 }, 329 [TCA_FLOWER_INDEV] = { .type = NLA_STRING, 330 .len = IFNAMSIZ }, 331 [TCA_FLOWER_KEY_ETH_DST] = { .len = ETH_ALEN }, 332 [TCA_FLOWER_KEY_ETH_DST_MASK] = { .len = ETH_ALEN }, 333 [TCA_FLOWER_KEY_ETH_SRC] = { .len = ETH_ALEN }, 334 [TCA_FLOWER_KEY_ETH_SRC_MASK] = { .len = ETH_ALEN }, 335 [TCA_FLOWER_KEY_ETH_TYPE] = { .type = NLA_U16 }, 336 [TCA_FLOWER_KEY_IP_PROTO] = { .type = NLA_U8 }, 337 [TCA_FLOWER_KEY_IPV4_SRC] = { .type = NLA_U32 }, 338 [TCA_FLOWER_KEY_IPV4_SRC_MASK] = { .type = NLA_U32 }, 339 [TCA_FLOWER_KEY_IPV4_DST] = { .type = NLA_U32 }, 340 [TCA_FLOWER_KEY_IPV4_DST_MASK] = { .type = NLA_U32 }, 341 [TCA_FLOWER_KEY_IPV6_SRC] = { .len = sizeof(struct in6_addr) }, 342 [TCA_FLOWER_KEY_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) }, 343 [TCA_FLOWER_KEY_IPV6_DST] = { .len = sizeof(struct in6_addr) }, 344 [TCA_FLOWER_KEY_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) }, 345 [TCA_FLOWER_KEY_TCP_SRC] = { .type = NLA_U16 }, 346 [TCA_FLOWER_KEY_TCP_DST] = { .type = NLA_U16 }, 347 [TCA_FLOWER_KEY_UDP_SRC] = { .type = NLA_U16 }, 348 [TCA_FLOWER_KEY_UDP_DST] = { .type = NLA_U16 }, 349 [TCA_FLOWER_KEY_VLAN_ID] = { .type = NLA_U16 }, 350 [TCA_FLOWER_KEY_VLAN_PRIO] = { .type = NLA_U8 }, 351 [TCA_FLOWER_KEY_VLAN_ETH_TYPE] = { .type = NLA_U16 }, 352 [TCA_FLOWER_KEY_ENC_KEY_ID] = { .type = NLA_U32 }, 353 [TCA_FLOWER_KEY_ENC_IPV4_SRC] = { .type = NLA_U32 }, 354 [TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] = { .type = NLA_U32 }, 355 [TCA_FLOWER_KEY_ENC_IPV4_DST] = { .type = NLA_U32 }, 356 [TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] = { .type = NLA_U32 }, 357 [TCA_FLOWER_KEY_ENC_IPV6_SRC] = { .len = sizeof(struct in6_addr) }, 358 [TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK] = { .len = sizeof(struct in6_addr) }, 359 [TCA_FLOWER_KEY_ENC_IPV6_DST] = { .len = sizeof(struct in6_addr) }, 360 [TCA_FLOWER_KEY_ENC_IPV6_DST_MASK] = { .len = sizeof(struct in6_addr) }, 361 [TCA_FLOWER_KEY_TCP_SRC_MASK] = { .type = NLA_U16 }, 362 [TCA_FLOWER_KEY_TCP_DST_MASK] = { .type = NLA_U16 }, 363 [TCA_FLOWER_KEY_UDP_SRC_MASK] = { .type = NLA_U16 }, 364 [TCA_FLOWER_KEY_UDP_DST_MASK] = { .type = NLA_U16 }, 365 [TCA_FLOWER_KEY_SCTP_SRC_MASK] = { .type = NLA_U16 }, 366 [TCA_FLOWER_KEY_SCTP_DST_MASK] = { .type = NLA_U16 }, 367 [TCA_FLOWER_KEY_SCTP_SRC] = { .type = NLA_U16 }, 368 [TCA_FLOWER_KEY_SCTP_DST] = { .type = NLA_U16 }, 369 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT] = { .type = NLA_U16 }, 370 [TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK] = { .type = NLA_U16 }, 371 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT] = { .type = NLA_U16 }, 372 [TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK] = { .type = NLA_U16 }, 373 [TCA_FLOWER_KEY_FLAGS] = { .type = NLA_U32 }, 374 [TCA_FLOWER_KEY_FLAGS_MASK] = { .type = NLA_U32 }, 375 [TCA_FLOWER_KEY_ICMPV4_TYPE] = { .type = NLA_U8 }, 376 [TCA_FLOWER_KEY_ICMPV4_TYPE_MASK] = { .type = NLA_U8 }, 377 [TCA_FLOWER_KEY_ICMPV4_CODE] = { .type = NLA_U8 }, 378 [TCA_FLOWER_KEY_ICMPV4_CODE_MASK] = { .type = NLA_U8 }, 379 [TCA_FLOWER_KEY_ICMPV6_TYPE] = { .type = NLA_U8 }, 380 [TCA_FLOWER_KEY_ICMPV6_TYPE_MASK] = { .type = NLA_U8 }, 381 [TCA_FLOWER_KEY_ICMPV6_CODE] = { .type = NLA_U8 }, 382 [TCA_FLOWER_KEY_ICMPV6_CODE_MASK] = { .type = NLA_U8 }, 383 [TCA_FLOWER_KEY_ARP_SIP] = { .type = NLA_U32 }, 384 [TCA_FLOWER_KEY_ARP_SIP_MASK] = { .type = NLA_U32 }, 385 [TCA_FLOWER_KEY_ARP_TIP] = { .type = NLA_U32 }, 386 [TCA_FLOWER_KEY_ARP_TIP_MASK] = { .type = NLA_U32 }, 387 [TCA_FLOWER_KEY_ARP_OP] = { .type = NLA_U8 }, 388 [TCA_FLOWER_KEY_ARP_OP_MASK] = { .type = NLA_U8 }, 389 [TCA_FLOWER_KEY_ARP_SHA] = { .len = ETH_ALEN }, 390 [TCA_FLOWER_KEY_ARP_SHA_MASK] = { .len = ETH_ALEN }, 391 [TCA_FLOWER_KEY_ARP_THA] = { .len = ETH_ALEN }, 392 [TCA_FLOWER_KEY_ARP_THA_MASK] = { .len = ETH_ALEN }, 393 [TCA_FLOWER_KEY_MPLS_TTL] = { .type = NLA_U8 }, 394 [TCA_FLOWER_KEY_MPLS_BOS] = { .type = NLA_U8 }, 395 [TCA_FLOWER_KEY_MPLS_TC] = { .type = NLA_U8 }, 396 [TCA_FLOWER_KEY_MPLS_LABEL] = { .type = NLA_U32 }, 397 [TCA_FLOWER_KEY_TCP_FLAGS] = { .type = NLA_U16 }, 398 [TCA_FLOWER_KEY_TCP_FLAGS_MASK] = { .type = NLA_U16 }, 399 [TCA_FLOWER_KEY_IP_TOS] = { .type = NLA_U8 }, 400 [TCA_FLOWER_KEY_IP_TOS_MASK] = { .type = NLA_U8 }, 401 [TCA_FLOWER_KEY_IP_TTL] = { .type = NLA_U8 }, 402 [TCA_FLOWER_KEY_IP_TTL_MASK] = { .type = NLA_U8 }, 403 }; 404 405 static void fl_set_key_val(struct nlattr **tb, 406 void *val, int val_type, 407 void *mask, int mask_type, int len) 408 { 409 if (!tb[val_type]) 410 return; 411 memcpy(val, nla_data(tb[val_type]), len); 412 if (mask_type == TCA_FLOWER_UNSPEC || !tb[mask_type]) 413 memset(mask, 0xff, len); 414 else 415 memcpy(mask, nla_data(tb[mask_type]), len); 416 } 417 418 static int fl_set_key_mpls(struct nlattr **tb, 419 struct flow_dissector_key_mpls *key_val, 420 struct flow_dissector_key_mpls *key_mask) 421 { 422 if (tb[TCA_FLOWER_KEY_MPLS_TTL]) { 423 key_val->mpls_ttl = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TTL]); 424 key_mask->mpls_ttl = MPLS_TTL_MASK; 425 } 426 if (tb[TCA_FLOWER_KEY_MPLS_BOS]) { 427 u8 bos = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_BOS]); 428 429 if (bos & ~MPLS_BOS_MASK) 430 return -EINVAL; 431 key_val->mpls_bos = bos; 432 key_mask->mpls_bos = MPLS_BOS_MASK; 433 } 434 if (tb[TCA_FLOWER_KEY_MPLS_TC]) { 435 u8 tc = nla_get_u8(tb[TCA_FLOWER_KEY_MPLS_TC]); 436 437 if (tc & ~MPLS_TC_MASK) 438 return -EINVAL; 439 key_val->mpls_tc = tc; 440 key_mask->mpls_tc = MPLS_TC_MASK; 441 } 442 if (tb[TCA_FLOWER_KEY_MPLS_LABEL]) { 443 u32 label = nla_get_u32(tb[TCA_FLOWER_KEY_MPLS_LABEL]); 444 445 if (label & ~MPLS_LABEL_MASK) 446 return -EINVAL; 447 key_val->mpls_label = label; 448 key_mask->mpls_label = MPLS_LABEL_MASK; 449 } 450 return 0; 451 } 452 453 static void fl_set_key_vlan(struct nlattr **tb, 454 struct flow_dissector_key_vlan *key_val, 455 struct flow_dissector_key_vlan *key_mask) 456 { 457 #define VLAN_PRIORITY_MASK 0x7 458 459 if (tb[TCA_FLOWER_KEY_VLAN_ID]) { 460 key_val->vlan_id = 461 nla_get_u16(tb[TCA_FLOWER_KEY_VLAN_ID]) & VLAN_VID_MASK; 462 key_mask->vlan_id = VLAN_VID_MASK; 463 } 464 if (tb[TCA_FLOWER_KEY_VLAN_PRIO]) { 465 key_val->vlan_priority = 466 nla_get_u8(tb[TCA_FLOWER_KEY_VLAN_PRIO]) & 467 VLAN_PRIORITY_MASK; 468 key_mask->vlan_priority = VLAN_PRIORITY_MASK; 469 } 470 } 471 472 static void fl_set_key_flag(u32 flower_key, u32 flower_mask, 473 u32 *dissector_key, u32 *dissector_mask, 474 u32 flower_flag_bit, u32 dissector_flag_bit) 475 { 476 if (flower_mask & flower_flag_bit) { 477 *dissector_mask |= dissector_flag_bit; 478 if (flower_key & flower_flag_bit) 479 *dissector_key |= dissector_flag_bit; 480 } 481 } 482 483 static int fl_set_key_flags(struct nlattr **tb, 484 u32 *flags_key, u32 *flags_mask) 485 { 486 u32 key, mask; 487 488 /* mask is mandatory for flags */ 489 if (!tb[TCA_FLOWER_KEY_FLAGS_MASK]) 490 return -EINVAL; 491 492 key = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS])); 493 mask = be32_to_cpu(nla_get_u32(tb[TCA_FLOWER_KEY_FLAGS_MASK])); 494 495 *flags_key = 0; 496 *flags_mask = 0; 497 498 fl_set_key_flag(key, mask, flags_key, flags_mask, 499 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT); 500 501 return 0; 502 } 503 504 static void fl_set_key_ip(struct nlattr **tb, 505 struct flow_dissector_key_ip *key, 506 struct flow_dissector_key_ip *mask) 507 { 508 fl_set_key_val(tb, &key->tos, TCA_FLOWER_KEY_IP_TOS, 509 &mask->tos, TCA_FLOWER_KEY_IP_TOS_MASK, 510 sizeof(key->tos)); 511 512 fl_set_key_val(tb, &key->ttl, TCA_FLOWER_KEY_IP_TTL, 513 &mask->ttl, TCA_FLOWER_KEY_IP_TTL_MASK, 514 sizeof(key->ttl)); 515 } 516 517 static int fl_set_key(struct net *net, struct nlattr **tb, 518 struct fl_flow_key *key, struct fl_flow_key *mask) 519 { 520 __be16 ethertype; 521 int ret = 0; 522 #ifdef CONFIG_NET_CLS_IND 523 if (tb[TCA_FLOWER_INDEV]) { 524 int err = tcf_change_indev(net, tb[TCA_FLOWER_INDEV]); 525 if (err < 0) 526 return err; 527 key->indev_ifindex = err; 528 mask->indev_ifindex = 0xffffffff; 529 } 530 #endif 531 532 fl_set_key_val(tb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST, 533 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK, 534 sizeof(key->eth.dst)); 535 fl_set_key_val(tb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC, 536 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK, 537 sizeof(key->eth.src)); 538 539 if (tb[TCA_FLOWER_KEY_ETH_TYPE]) { 540 ethertype = nla_get_be16(tb[TCA_FLOWER_KEY_ETH_TYPE]); 541 542 if (ethertype == htons(ETH_P_8021Q)) { 543 fl_set_key_vlan(tb, &key->vlan, &mask->vlan); 544 fl_set_key_val(tb, &key->basic.n_proto, 545 TCA_FLOWER_KEY_VLAN_ETH_TYPE, 546 &mask->basic.n_proto, TCA_FLOWER_UNSPEC, 547 sizeof(key->basic.n_proto)); 548 } else { 549 key->basic.n_proto = ethertype; 550 mask->basic.n_proto = cpu_to_be16(~0); 551 } 552 } 553 554 if (key->basic.n_proto == htons(ETH_P_IP) || 555 key->basic.n_proto == htons(ETH_P_IPV6)) { 556 fl_set_key_val(tb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO, 557 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC, 558 sizeof(key->basic.ip_proto)); 559 fl_set_key_ip(tb, &key->ip, &mask->ip); 560 } 561 562 if (tb[TCA_FLOWER_KEY_IPV4_SRC] || tb[TCA_FLOWER_KEY_IPV4_DST]) { 563 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; 564 mask->control.addr_type = ~0; 565 fl_set_key_val(tb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC, 566 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK, 567 sizeof(key->ipv4.src)); 568 fl_set_key_val(tb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST, 569 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK, 570 sizeof(key->ipv4.dst)); 571 } else if (tb[TCA_FLOWER_KEY_IPV6_SRC] || tb[TCA_FLOWER_KEY_IPV6_DST]) { 572 key->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; 573 mask->control.addr_type = ~0; 574 fl_set_key_val(tb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC, 575 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK, 576 sizeof(key->ipv6.src)); 577 fl_set_key_val(tb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST, 578 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK, 579 sizeof(key->ipv6.dst)); 580 } 581 582 if (key->basic.ip_proto == IPPROTO_TCP) { 583 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC, 584 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK, 585 sizeof(key->tp.src)); 586 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST, 587 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK, 588 sizeof(key->tp.dst)); 589 fl_set_key_val(tb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS, 590 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK, 591 sizeof(key->tcp.flags)); 592 } else if (key->basic.ip_proto == IPPROTO_UDP) { 593 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC, 594 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK, 595 sizeof(key->tp.src)); 596 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST, 597 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK, 598 sizeof(key->tp.dst)); 599 } else if (key->basic.ip_proto == IPPROTO_SCTP) { 600 fl_set_key_val(tb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC, 601 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK, 602 sizeof(key->tp.src)); 603 fl_set_key_val(tb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST, 604 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK, 605 sizeof(key->tp.dst)); 606 } else if (key->basic.n_proto == htons(ETH_P_IP) && 607 key->basic.ip_proto == IPPROTO_ICMP) { 608 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV4_TYPE, 609 &mask->icmp.type, 610 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK, 611 sizeof(key->icmp.type)); 612 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV4_CODE, 613 &mask->icmp.code, 614 TCA_FLOWER_KEY_ICMPV4_CODE_MASK, 615 sizeof(key->icmp.code)); 616 } else if (key->basic.n_proto == htons(ETH_P_IPV6) && 617 key->basic.ip_proto == IPPROTO_ICMPV6) { 618 fl_set_key_val(tb, &key->icmp.type, TCA_FLOWER_KEY_ICMPV6_TYPE, 619 &mask->icmp.type, 620 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK, 621 sizeof(key->icmp.type)); 622 fl_set_key_val(tb, &key->icmp.code, TCA_FLOWER_KEY_ICMPV6_CODE, 623 &mask->icmp.code, 624 TCA_FLOWER_KEY_ICMPV6_CODE_MASK, 625 sizeof(key->icmp.code)); 626 } else if (key->basic.n_proto == htons(ETH_P_MPLS_UC) || 627 key->basic.n_proto == htons(ETH_P_MPLS_MC)) { 628 ret = fl_set_key_mpls(tb, &key->mpls, &mask->mpls); 629 if (ret) 630 return ret; 631 } else if (key->basic.n_proto == htons(ETH_P_ARP) || 632 key->basic.n_proto == htons(ETH_P_RARP)) { 633 fl_set_key_val(tb, &key->arp.sip, TCA_FLOWER_KEY_ARP_SIP, 634 &mask->arp.sip, TCA_FLOWER_KEY_ARP_SIP_MASK, 635 sizeof(key->arp.sip)); 636 fl_set_key_val(tb, &key->arp.tip, TCA_FLOWER_KEY_ARP_TIP, 637 &mask->arp.tip, TCA_FLOWER_KEY_ARP_TIP_MASK, 638 sizeof(key->arp.tip)); 639 fl_set_key_val(tb, &key->arp.op, TCA_FLOWER_KEY_ARP_OP, 640 &mask->arp.op, TCA_FLOWER_KEY_ARP_OP_MASK, 641 sizeof(key->arp.op)); 642 fl_set_key_val(tb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA, 643 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK, 644 sizeof(key->arp.sha)); 645 fl_set_key_val(tb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA, 646 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK, 647 sizeof(key->arp.tha)); 648 } 649 650 if (tb[TCA_FLOWER_KEY_ENC_IPV4_SRC] || 651 tb[TCA_FLOWER_KEY_ENC_IPV4_DST]) { 652 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV4_ADDRS; 653 mask->enc_control.addr_type = ~0; 654 fl_set_key_val(tb, &key->enc_ipv4.src, 655 TCA_FLOWER_KEY_ENC_IPV4_SRC, 656 &mask->enc_ipv4.src, 657 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK, 658 sizeof(key->enc_ipv4.src)); 659 fl_set_key_val(tb, &key->enc_ipv4.dst, 660 TCA_FLOWER_KEY_ENC_IPV4_DST, 661 &mask->enc_ipv4.dst, 662 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK, 663 sizeof(key->enc_ipv4.dst)); 664 } 665 666 if (tb[TCA_FLOWER_KEY_ENC_IPV6_SRC] || 667 tb[TCA_FLOWER_KEY_ENC_IPV6_DST]) { 668 key->enc_control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS; 669 mask->enc_control.addr_type = ~0; 670 fl_set_key_val(tb, &key->enc_ipv6.src, 671 TCA_FLOWER_KEY_ENC_IPV6_SRC, 672 &mask->enc_ipv6.src, 673 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK, 674 sizeof(key->enc_ipv6.src)); 675 fl_set_key_val(tb, &key->enc_ipv6.dst, 676 TCA_FLOWER_KEY_ENC_IPV6_DST, 677 &mask->enc_ipv6.dst, 678 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK, 679 sizeof(key->enc_ipv6.dst)); 680 } 681 682 fl_set_key_val(tb, &key->enc_key_id.keyid, TCA_FLOWER_KEY_ENC_KEY_ID, 683 &mask->enc_key_id.keyid, TCA_FLOWER_UNSPEC, 684 sizeof(key->enc_key_id.keyid)); 685 686 fl_set_key_val(tb, &key->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT, 687 &mask->enc_tp.src, TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK, 688 sizeof(key->enc_tp.src)); 689 690 fl_set_key_val(tb, &key->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT, 691 &mask->enc_tp.dst, TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK, 692 sizeof(key->enc_tp.dst)); 693 694 if (tb[TCA_FLOWER_KEY_FLAGS]) 695 ret = fl_set_key_flags(tb, &key->control.flags, &mask->control.flags); 696 697 return ret; 698 } 699 700 static bool fl_mask_eq(struct fl_flow_mask *mask1, 701 struct fl_flow_mask *mask2) 702 { 703 const long *lmask1 = fl_key_get_start(&mask1->key, mask1); 704 const long *lmask2 = fl_key_get_start(&mask2->key, mask2); 705 706 return !memcmp(&mask1->range, &mask2->range, sizeof(mask1->range)) && 707 !memcmp(lmask1, lmask2, fl_mask_range(mask1)); 708 } 709 710 static const struct rhashtable_params fl_ht_params = { 711 .key_offset = offsetof(struct cls_fl_filter, mkey), /* base offset */ 712 .head_offset = offsetof(struct cls_fl_filter, ht_node), 713 .automatic_shrinking = true, 714 }; 715 716 static int fl_init_hashtable(struct cls_fl_head *head, 717 struct fl_flow_mask *mask) 718 { 719 head->ht_params = fl_ht_params; 720 head->ht_params.key_len = fl_mask_range(mask); 721 head->ht_params.key_offset += mask->range.start; 722 723 return rhashtable_init(&head->ht, &head->ht_params); 724 } 725 726 #define FL_KEY_MEMBER_OFFSET(member) offsetof(struct fl_flow_key, member) 727 #define FL_KEY_MEMBER_SIZE(member) (sizeof(((struct fl_flow_key *) 0)->member)) 728 729 #define FL_KEY_IS_MASKED(mask, member) \ 730 memchr_inv(((char *)mask) + FL_KEY_MEMBER_OFFSET(member), \ 731 0, FL_KEY_MEMBER_SIZE(member)) \ 732 733 #define FL_KEY_SET(keys, cnt, id, member) \ 734 do { \ 735 keys[cnt].key_id = id; \ 736 keys[cnt].offset = FL_KEY_MEMBER_OFFSET(member); \ 737 cnt++; \ 738 } while(0); 739 740 #define FL_KEY_SET_IF_MASKED(mask, keys, cnt, id, member) \ 741 do { \ 742 if (FL_KEY_IS_MASKED(mask, member)) \ 743 FL_KEY_SET(keys, cnt, id, member); \ 744 } while(0); 745 746 static void fl_init_dissector(struct cls_fl_head *head, 747 struct fl_flow_mask *mask) 748 { 749 struct flow_dissector_key keys[FLOW_DISSECTOR_KEY_MAX]; 750 size_t cnt = 0; 751 752 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_CONTROL, control); 753 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_BASIC, basic); 754 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 755 FLOW_DISSECTOR_KEY_ETH_ADDRS, eth); 756 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 757 FLOW_DISSECTOR_KEY_IPV4_ADDRS, ipv4); 758 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 759 FLOW_DISSECTOR_KEY_IPV6_ADDRS, ipv6); 760 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 761 FLOW_DISSECTOR_KEY_PORTS, tp); 762 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 763 FLOW_DISSECTOR_KEY_IP, ip); 764 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 765 FLOW_DISSECTOR_KEY_TCP, tcp); 766 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 767 FLOW_DISSECTOR_KEY_ICMP, icmp); 768 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 769 FLOW_DISSECTOR_KEY_ARP, arp); 770 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 771 FLOW_DISSECTOR_KEY_MPLS, mpls); 772 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 773 FLOW_DISSECTOR_KEY_VLAN, vlan); 774 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 775 FLOW_DISSECTOR_KEY_ENC_KEYID, enc_key_id); 776 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 777 FLOW_DISSECTOR_KEY_ENC_IPV4_ADDRS, enc_ipv4); 778 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 779 FLOW_DISSECTOR_KEY_ENC_IPV6_ADDRS, enc_ipv6); 780 if (FL_KEY_IS_MASKED(&mask->key, enc_ipv4) || 781 FL_KEY_IS_MASKED(&mask->key, enc_ipv6)) 782 FL_KEY_SET(keys, cnt, FLOW_DISSECTOR_KEY_ENC_CONTROL, 783 enc_control); 784 FL_KEY_SET_IF_MASKED(&mask->key, keys, cnt, 785 FLOW_DISSECTOR_KEY_ENC_PORTS, enc_tp); 786 787 skb_flow_dissector_init(&head->dissector, keys, cnt); 788 } 789 790 static int fl_check_assign_mask(struct cls_fl_head *head, 791 struct fl_flow_mask *mask) 792 { 793 int err; 794 795 if (head->mask_assigned) { 796 if (!fl_mask_eq(&head->mask, mask)) 797 return -EINVAL; 798 else 799 return 0; 800 } 801 802 /* Mask is not assigned yet. So assign it and init hashtable 803 * according to that. 804 */ 805 err = fl_init_hashtable(head, mask); 806 if (err) 807 return err; 808 memcpy(&head->mask, mask, sizeof(head->mask)); 809 head->mask_assigned = true; 810 811 fl_init_dissector(head, mask); 812 813 return 0; 814 } 815 816 static int fl_set_parms(struct net *net, struct tcf_proto *tp, 817 struct cls_fl_filter *f, struct fl_flow_mask *mask, 818 unsigned long base, struct nlattr **tb, 819 struct nlattr *est, bool ovr) 820 { 821 int err; 822 823 err = tcf_exts_validate(net, tp, tb, est, &f->exts, ovr); 824 if (err < 0) 825 return err; 826 827 if (tb[TCA_FLOWER_CLASSID]) { 828 f->res.classid = nla_get_u32(tb[TCA_FLOWER_CLASSID]); 829 tcf_bind_filter(tp, &f->res, base); 830 } 831 832 err = fl_set_key(net, tb, &f->key, &mask->key); 833 if (err) 834 return err; 835 836 fl_mask_update_range(mask); 837 fl_set_masked_key(&f->mkey, &f->key, mask); 838 839 return 0; 840 } 841 842 static int fl_change(struct net *net, struct sk_buff *in_skb, 843 struct tcf_proto *tp, unsigned long base, 844 u32 handle, struct nlattr **tca, 845 void **arg, bool ovr) 846 { 847 struct cls_fl_head *head = rtnl_dereference(tp->root); 848 struct cls_fl_filter *fold = *arg; 849 struct cls_fl_filter *fnew; 850 struct nlattr **tb; 851 struct fl_flow_mask mask = {}; 852 unsigned long idr_index; 853 int err; 854 855 if (!tca[TCA_OPTIONS]) 856 return -EINVAL; 857 858 tb = kcalloc(TCA_FLOWER_MAX + 1, sizeof(struct nlattr *), GFP_KERNEL); 859 if (!tb) 860 return -ENOBUFS; 861 862 err = nla_parse_nested(tb, TCA_FLOWER_MAX, tca[TCA_OPTIONS], 863 fl_policy, NULL); 864 if (err < 0) 865 goto errout_tb; 866 867 if (fold && handle && fold->handle != handle) { 868 err = -EINVAL; 869 goto errout_tb; 870 } 871 872 fnew = kzalloc(sizeof(*fnew), GFP_KERNEL); 873 if (!fnew) { 874 err = -ENOBUFS; 875 goto errout_tb; 876 } 877 878 err = tcf_exts_init(&fnew->exts, TCA_FLOWER_ACT, 0); 879 if (err < 0) 880 goto errout; 881 882 if (!handle) { 883 err = idr_alloc_ext(&head->handle_idr, fnew, &idr_index, 884 1, 0x80000000, GFP_KERNEL); 885 if (err) 886 goto errout; 887 fnew->handle = idr_index; 888 } 889 890 /* user specifies a handle and it doesn't exist */ 891 if (handle && !fold) { 892 err = idr_alloc_ext(&head->handle_idr, fnew, &idr_index, 893 handle, handle + 1, GFP_KERNEL); 894 if (err) 895 goto errout; 896 fnew->handle = idr_index; 897 } 898 899 if (tb[TCA_FLOWER_FLAGS]) { 900 fnew->flags = nla_get_u32(tb[TCA_FLOWER_FLAGS]); 901 902 if (!tc_flags_valid(fnew->flags)) { 903 err = -EINVAL; 904 goto errout_idr; 905 } 906 } 907 908 err = fl_set_parms(net, tp, fnew, &mask, base, tb, tca[TCA_RATE], ovr); 909 if (err) 910 goto errout_idr; 911 912 err = fl_check_assign_mask(head, &mask); 913 if (err) 914 goto errout_idr; 915 916 if (!tc_skip_sw(fnew->flags)) { 917 if (!fold && fl_lookup(head, &fnew->mkey)) { 918 err = -EEXIST; 919 goto errout_idr; 920 } 921 922 err = rhashtable_insert_fast(&head->ht, &fnew->ht_node, 923 head->ht_params); 924 if (err) 925 goto errout_idr; 926 } 927 928 if (!tc_skip_hw(fnew->flags)) { 929 err = fl_hw_replace_filter(tp, 930 &head->dissector, 931 &mask.key, 932 fnew); 933 if (err) 934 goto errout_idr; 935 } 936 937 if (!tc_in_hw(fnew->flags)) 938 fnew->flags |= TCA_CLS_FLAGS_NOT_IN_HW; 939 940 if (fold) { 941 if (!tc_skip_sw(fold->flags)) 942 rhashtable_remove_fast(&head->ht, &fold->ht_node, 943 head->ht_params); 944 if (!tc_skip_hw(fold->flags)) 945 fl_hw_destroy_filter(tp, fold); 946 } 947 948 *arg = fnew; 949 950 if (fold) { 951 fnew->handle = handle; 952 idr_replace_ext(&head->handle_idr, fnew, fnew->handle); 953 list_replace_rcu(&fold->list, &fnew->list); 954 tcf_unbind_filter(tp, &fold->res); 955 call_rcu(&fold->rcu, fl_destroy_filter); 956 } else { 957 list_add_tail_rcu(&fnew->list, &head->filters); 958 } 959 960 kfree(tb); 961 return 0; 962 963 errout_idr: 964 if (fnew->handle) 965 idr_remove_ext(&head->handle_idr, fnew->handle); 966 errout: 967 tcf_exts_destroy(&fnew->exts); 968 kfree(fnew); 969 errout_tb: 970 kfree(tb); 971 return err; 972 } 973 974 static int fl_delete(struct tcf_proto *tp, void *arg, bool *last) 975 { 976 struct cls_fl_head *head = rtnl_dereference(tp->root); 977 struct cls_fl_filter *f = arg; 978 979 if (!tc_skip_sw(f->flags)) 980 rhashtable_remove_fast(&head->ht, &f->ht_node, 981 head->ht_params); 982 __fl_delete(tp, f); 983 *last = list_empty(&head->filters); 984 return 0; 985 } 986 987 static void fl_walk(struct tcf_proto *tp, struct tcf_walker *arg) 988 { 989 struct cls_fl_head *head = rtnl_dereference(tp->root); 990 struct cls_fl_filter *f; 991 992 list_for_each_entry_rcu(f, &head->filters, list) { 993 if (arg->count < arg->skip) 994 goto skip; 995 if (arg->fn(tp, f, arg) < 0) { 996 arg->stop = 1; 997 break; 998 } 999 skip: 1000 arg->count++; 1001 } 1002 } 1003 1004 static int fl_dump_key_val(struct sk_buff *skb, 1005 void *val, int val_type, 1006 void *mask, int mask_type, int len) 1007 { 1008 int err; 1009 1010 if (!memchr_inv(mask, 0, len)) 1011 return 0; 1012 err = nla_put(skb, val_type, len, val); 1013 if (err) 1014 return err; 1015 if (mask_type != TCA_FLOWER_UNSPEC) { 1016 err = nla_put(skb, mask_type, len, mask); 1017 if (err) 1018 return err; 1019 } 1020 return 0; 1021 } 1022 1023 static int fl_dump_key_mpls(struct sk_buff *skb, 1024 struct flow_dissector_key_mpls *mpls_key, 1025 struct flow_dissector_key_mpls *mpls_mask) 1026 { 1027 int err; 1028 1029 if (!memchr_inv(mpls_mask, 0, sizeof(*mpls_mask))) 1030 return 0; 1031 if (mpls_mask->mpls_ttl) { 1032 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TTL, 1033 mpls_key->mpls_ttl); 1034 if (err) 1035 return err; 1036 } 1037 if (mpls_mask->mpls_tc) { 1038 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_TC, 1039 mpls_key->mpls_tc); 1040 if (err) 1041 return err; 1042 } 1043 if (mpls_mask->mpls_label) { 1044 err = nla_put_u32(skb, TCA_FLOWER_KEY_MPLS_LABEL, 1045 mpls_key->mpls_label); 1046 if (err) 1047 return err; 1048 } 1049 if (mpls_mask->mpls_bos) { 1050 err = nla_put_u8(skb, TCA_FLOWER_KEY_MPLS_BOS, 1051 mpls_key->mpls_bos); 1052 if (err) 1053 return err; 1054 } 1055 return 0; 1056 } 1057 1058 static int fl_dump_key_ip(struct sk_buff *skb, 1059 struct flow_dissector_key_ip *key, 1060 struct flow_dissector_key_ip *mask) 1061 { 1062 if (fl_dump_key_val(skb, &key->tos, TCA_FLOWER_KEY_IP_TOS, &mask->tos, 1063 TCA_FLOWER_KEY_IP_TOS_MASK, sizeof(key->tos)) || 1064 fl_dump_key_val(skb, &key->ttl, TCA_FLOWER_KEY_IP_TTL, &mask->ttl, 1065 TCA_FLOWER_KEY_IP_TTL_MASK, sizeof(key->ttl))) 1066 return -1; 1067 1068 return 0; 1069 } 1070 1071 static int fl_dump_key_vlan(struct sk_buff *skb, 1072 struct flow_dissector_key_vlan *vlan_key, 1073 struct flow_dissector_key_vlan *vlan_mask) 1074 { 1075 int err; 1076 1077 if (!memchr_inv(vlan_mask, 0, sizeof(*vlan_mask))) 1078 return 0; 1079 if (vlan_mask->vlan_id) { 1080 err = nla_put_u16(skb, TCA_FLOWER_KEY_VLAN_ID, 1081 vlan_key->vlan_id); 1082 if (err) 1083 return err; 1084 } 1085 if (vlan_mask->vlan_priority) { 1086 err = nla_put_u8(skb, TCA_FLOWER_KEY_VLAN_PRIO, 1087 vlan_key->vlan_priority); 1088 if (err) 1089 return err; 1090 } 1091 return 0; 1092 } 1093 1094 static void fl_get_key_flag(u32 dissector_key, u32 dissector_mask, 1095 u32 *flower_key, u32 *flower_mask, 1096 u32 flower_flag_bit, u32 dissector_flag_bit) 1097 { 1098 if (dissector_mask & dissector_flag_bit) { 1099 *flower_mask |= flower_flag_bit; 1100 if (dissector_key & dissector_flag_bit) 1101 *flower_key |= flower_flag_bit; 1102 } 1103 } 1104 1105 static int fl_dump_key_flags(struct sk_buff *skb, u32 flags_key, u32 flags_mask) 1106 { 1107 u32 key, mask; 1108 __be32 _key, _mask; 1109 int err; 1110 1111 if (!memchr_inv(&flags_mask, 0, sizeof(flags_mask))) 1112 return 0; 1113 1114 key = 0; 1115 mask = 0; 1116 1117 fl_get_key_flag(flags_key, flags_mask, &key, &mask, 1118 TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOW_DIS_IS_FRAGMENT); 1119 1120 _key = cpu_to_be32(key); 1121 _mask = cpu_to_be32(mask); 1122 1123 err = nla_put(skb, TCA_FLOWER_KEY_FLAGS, 4, &_key); 1124 if (err) 1125 return err; 1126 1127 return nla_put(skb, TCA_FLOWER_KEY_FLAGS_MASK, 4, &_mask); 1128 } 1129 1130 static int fl_dump(struct net *net, struct tcf_proto *tp, void *fh, 1131 struct sk_buff *skb, struct tcmsg *t) 1132 { 1133 struct cls_fl_head *head = rtnl_dereference(tp->root); 1134 struct cls_fl_filter *f = fh; 1135 struct nlattr *nest; 1136 struct fl_flow_key *key, *mask; 1137 1138 if (!f) 1139 return skb->len; 1140 1141 t->tcm_handle = f->handle; 1142 1143 nest = nla_nest_start(skb, TCA_OPTIONS); 1144 if (!nest) 1145 goto nla_put_failure; 1146 1147 if (f->res.classid && 1148 nla_put_u32(skb, TCA_FLOWER_CLASSID, f->res.classid)) 1149 goto nla_put_failure; 1150 1151 key = &f->key; 1152 mask = &head->mask.key; 1153 1154 if (mask->indev_ifindex) { 1155 struct net_device *dev; 1156 1157 dev = __dev_get_by_index(net, key->indev_ifindex); 1158 if (dev && nla_put_string(skb, TCA_FLOWER_INDEV, dev->name)) 1159 goto nla_put_failure; 1160 } 1161 1162 if (!tc_skip_hw(f->flags)) 1163 fl_hw_update_stats(tp, f); 1164 1165 if (fl_dump_key_val(skb, key->eth.dst, TCA_FLOWER_KEY_ETH_DST, 1166 mask->eth.dst, TCA_FLOWER_KEY_ETH_DST_MASK, 1167 sizeof(key->eth.dst)) || 1168 fl_dump_key_val(skb, key->eth.src, TCA_FLOWER_KEY_ETH_SRC, 1169 mask->eth.src, TCA_FLOWER_KEY_ETH_SRC_MASK, 1170 sizeof(key->eth.src)) || 1171 fl_dump_key_val(skb, &key->basic.n_proto, TCA_FLOWER_KEY_ETH_TYPE, 1172 &mask->basic.n_proto, TCA_FLOWER_UNSPEC, 1173 sizeof(key->basic.n_proto))) 1174 goto nla_put_failure; 1175 1176 if (fl_dump_key_mpls(skb, &key->mpls, &mask->mpls)) 1177 goto nla_put_failure; 1178 1179 if (fl_dump_key_vlan(skb, &key->vlan, &mask->vlan)) 1180 goto nla_put_failure; 1181 1182 if ((key->basic.n_proto == htons(ETH_P_IP) || 1183 key->basic.n_proto == htons(ETH_P_IPV6)) && 1184 (fl_dump_key_val(skb, &key->basic.ip_proto, TCA_FLOWER_KEY_IP_PROTO, 1185 &mask->basic.ip_proto, TCA_FLOWER_UNSPEC, 1186 sizeof(key->basic.ip_proto)) || 1187 fl_dump_key_ip(skb, &key->ip, &mask->ip))) 1188 goto nla_put_failure; 1189 1190 if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS && 1191 (fl_dump_key_val(skb, &key->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC, 1192 &mask->ipv4.src, TCA_FLOWER_KEY_IPV4_SRC_MASK, 1193 sizeof(key->ipv4.src)) || 1194 fl_dump_key_val(skb, &key->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST, 1195 &mask->ipv4.dst, TCA_FLOWER_KEY_IPV4_DST_MASK, 1196 sizeof(key->ipv4.dst)))) 1197 goto nla_put_failure; 1198 else if (key->control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS && 1199 (fl_dump_key_val(skb, &key->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC, 1200 &mask->ipv6.src, TCA_FLOWER_KEY_IPV6_SRC_MASK, 1201 sizeof(key->ipv6.src)) || 1202 fl_dump_key_val(skb, &key->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST, 1203 &mask->ipv6.dst, TCA_FLOWER_KEY_IPV6_DST_MASK, 1204 sizeof(key->ipv6.dst)))) 1205 goto nla_put_failure; 1206 1207 if (key->basic.ip_proto == IPPROTO_TCP && 1208 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_TCP_SRC, 1209 &mask->tp.src, TCA_FLOWER_KEY_TCP_SRC_MASK, 1210 sizeof(key->tp.src)) || 1211 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_TCP_DST, 1212 &mask->tp.dst, TCA_FLOWER_KEY_TCP_DST_MASK, 1213 sizeof(key->tp.dst)) || 1214 fl_dump_key_val(skb, &key->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS, 1215 &mask->tcp.flags, TCA_FLOWER_KEY_TCP_FLAGS_MASK, 1216 sizeof(key->tcp.flags)))) 1217 goto nla_put_failure; 1218 else if (key->basic.ip_proto == IPPROTO_UDP && 1219 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_UDP_SRC, 1220 &mask->tp.src, TCA_FLOWER_KEY_UDP_SRC_MASK, 1221 sizeof(key->tp.src)) || 1222 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_UDP_DST, 1223 &mask->tp.dst, TCA_FLOWER_KEY_UDP_DST_MASK, 1224 sizeof(key->tp.dst)))) 1225 goto nla_put_failure; 1226 else if (key->basic.ip_proto == IPPROTO_SCTP && 1227 (fl_dump_key_val(skb, &key->tp.src, TCA_FLOWER_KEY_SCTP_SRC, 1228 &mask->tp.src, TCA_FLOWER_KEY_SCTP_SRC_MASK, 1229 sizeof(key->tp.src)) || 1230 fl_dump_key_val(skb, &key->tp.dst, TCA_FLOWER_KEY_SCTP_DST, 1231 &mask->tp.dst, TCA_FLOWER_KEY_SCTP_DST_MASK, 1232 sizeof(key->tp.dst)))) 1233 goto nla_put_failure; 1234 else if (key->basic.n_proto == htons(ETH_P_IP) && 1235 key->basic.ip_proto == IPPROTO_ICMP && 1236 (fl_dump_key_val(skb, &key->icmp.type, 1237 TCA_FLOWER_KEY_ICMPV4_TYPE, &mask->icmp.type, 1238 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK, 1239 sizeof(key->icmp.type)) || 1240 fl_dump_key_val(skb, &key->icmp.code, 1241 TCA_FLOWER_KEY_ICMPV4_CODE, &mask->icmp.code, 1242 TCA_FLOWER_KEY_ICMPV4_CODE_MASK, 1243 sizeof(key->icmp.code)))) 1244 goto nla_put_failure; 1245 else if (key->basic.n_proto == htons(ETH_P_IPV6) && 1246 key->basic.ip_proto == IPPROTO_ICMPV6 && 1247 (fl_dump_key_val(skb, &key->icmp.type, 1248 TCA_FLOWER_KEY_ICMPV6_TYPE, &mask->icmp.type, 1249 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK, 1250 sizeof(key->icmp.type)) || 1251 fl_dump_key_val(skb, &key->icmp.code, 1252 TCA_FLOWER_KEY_ICMPV6_CODE, &mask->icmp.code, 1253 TCA_FLOWER_KEY_ICMPV6_CODE_MASK, 1254 sizeof(key->icmp.code)))) 1255 goto nla_put_failure; 1256 else if ((key->basic.n_proto == htons(ETH_P_ARP) || 1257 key->basic.n_proto == htons(ETH_P_RARP)) && 1258 (fl_dump_key_val(skb, &key->arp.sip, 1259 TCA_FLOWER_KEY_ARP_SIP, &mask->arp.sip, 1260 TCA_FLOWER_KEY_ARP_SIP_MASK, 1261 sizeof(key->arp.sip)) || 1262 fl_dump_key_val(skb, &key->arp.tip, 1263 TCA_FLOWER_KEY_ARP_TIP, &mask->arp.tip, 1264 TCA_FLOWER_KEY_ARP_TIP_MASK, 1265 sizeof(key->arp.tip)) || 1266 fl_dump_key_val(skb, &key->arp.op, 1267 TCA_FLOWER_KEY_ARP_OP, &mask->arp.op, 1268 TCA_FLOWER_KEY_ARP_OP_MASK, 1269 sizeof(key->arp.op)) || 1270 fl_dump_key_val(skb, key->arp.sha, TCA_FLOWER_KEY_ARP_SHA, 1271 mask->arp.sha, TCA_FLOWER_KEY_ARP_SHA_MASK, 1272 sizeof(key->arp.sha)) || 1273 fl_dump_key_val(skb, key->arp.tha, TCA_FLOWER_KEY_ARP_THA, 1274 mask->arp.tha, TCA_FLOWER_KEY_ARP_THA_MASK, 1275 sizeof(key->arp.tha)))) 1276 goto nla_put_failure; 1277 1278 if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV4_ADDRS && 1279 (fl_dump_key_val(skb, &key->enc_ipv4.src, 1280 TCA_FLOWER_KEY_ENC_IPV4_SRC, &mask->enc_ipv4.src, 1281 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK, 1282 sizeof(key->enc_ipv4.src)) || 1283 fl_dump_key_val(skb, &key->enc_ipv4.dst, 1284 TCA_FLOWER_KEY_ENC_IPV4_DST, &mask->enc_ipv4.dst, 1285 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK, 1286 sizeof(key->enc_ipv4.dst)))) 1287 goto nla_put_failure; 1288 else if (key->enc_control.addr_type == FLOW_DISSECTOR_KEY_IPV6_ADDRS && 1289 (fl_dump_key_val(skb, &key->enc_ipv6.src, 1290 TCA_FLOWER_KEY_ENC_IPV6_SRC, &mask->enc_ipv6.src, 1291 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK, 1292 sizeof(key->enc_ipv6.src)) || 1293 fl_dump_key_val(skb, &key->enc_ipv6.dst, 1294 TCA_FLOWER_KEY_ENC_IPV6_DST, 1295 &mask->enc_ipv6.dst, 1296 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK, 1297 sizeof(key->enc_ipv6.dst)))) 1298 goto nla_put_failure; 1299 1300 if (fl_dump_key_val(skb, &key->enc_key_id, TCA_FLOWER_KEY_ENC_KEY_ID, 1301 &mask->enc_key_id, TCA_FLOWER_UNSPEC, 1302 sizeof(key->enc_key_id)) || 1303 fl_dump_key_val(skb, &key->enc_tp.src, 1304 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT, 1305 &mask->enc_tp.src, 1306 TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK, 1307 sizeof(key->enc_tp.src)) || 1308 fl_dump_key_val(skb, &key->enc_tp.dst, 1309 TCA_FLOWER_KEY_ENC_UDP_DST_PORT, 1310 &mask->enc_tp.dst, 1311 TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK, 1312 sizeof(key->enc_tp.dst))) 1313 goto nla_put_failure; 1314 1315 if (fl_dump_key_flags(skb, key->control.flags, mask->control.flags)) 1316 goto nla_put_failure; 1317 1318 if (f->flags && nla_put_u32(skb, TCA_FLOWER_FLAGS, f->flags)) 1319 goto nla_put_failure; 1320 1321 if (tcf_exts_dump(skb, &f->exts)) 1322 goto nla_put_failure; 1323 1324 nla_nest_end(skb, nest); 1325 1326 if (tcf_exts_dump_stats(skb, &f->exts) < 0) 1327 goto nla_put_failure; 1328 1329 return skb->len; 1330 1331 nla_put_failure: 1332 nla_nest_cancel(skb, nest); 1333 return -1; 1334 } 1335 1336 static void fl_bind_class(void *fh, u32 classid, unsigned long cl) 1337 { 1338 struct cls_fl_filter *f = fh; 1339 1340 if (f && f->res.classid == classid) 1341 f->res.class = cl; 1342 } 1343 1344 static struct tcf_proto_ops cls_fl_ops __read_mostly = { 1345 .kind = "flower", 1346 .classify = fl_classify, 1347 .init = fl_init, 1348 .destroy = fl_destroy, 1349 .get = fl_get, 1350 .change = fl_change, 1351 .delete = fl_delete, 1352 .walk = fl_walk, 1353 .dump = fl_dump, 1354 .bind_class = fl_bind_class, 1355 .owner = THIS_MODULE, 1356 }; 1357 1358 static int __init cls_fl_init(void) 1359 { 1360 return register_tcf_proto_ops(&cls_fl_ops); 1361 } 1362 1363 static void __exit cls_fl_exit(void) 1364 { 1365 unregister_tcf_proto_ops(&cls_fl_ops); 1366 } 1367 1368 module_init(cls_fl_init); 1369 module_exit(cls_fl_exit); 1370 1371 MODULE_AUTHOR("Jiri Pirko <jiri@resnulli.us>"); 1372 MODULE_DESCRIPTION("Flower classifier"); 1373 MODULE_LICENSE("GPL v2"); 1374